def test_admin_client_set_no_admin(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_name='test_default_tenant')\
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn(None)
self.mox.ReplayAll()
with self.app.test_request_context():
self.assertRaises(RuntimeError, auth.admin_client_set)
def test_admin_client_set_no_admin(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_name='test_default_tenant')\
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn(None)
self.mox.ReplayAll()
with self.app.test_request_context():
self.assertRaises(RuntimeError, auth.admin_client_set)
def test_api_cs_for_project(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndReturn('FAKE_CS')
auth.admin_role_id('FAKE_CS').AndReturn('ROLE')
self.mox.ReplayAll()
with self.app.test_request_context():
cs = auth.api_client_set('PID')
self.assertEquals(cs, 'FAKE_CS')
def test_admin_client_set_works(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_name='test_default_tenant')\
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID')
self.mox.ReplayAll()
with self.app.test_request_context():
cs = auth.admin_client_set()
self.assertEquals(cs, 'FAKE_CLIENT_SET')
self.assertEquals(g.admin_client_set, 'FAKE_CLIENT_SET')
def test_api_cs_for_project(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndReturn('FAKE_CS')
auth.admin_role_id('FAKE_CS').AndReturn('ROLE')
self.mox.ReplayAll()
with self.app.test_request_context():
cs = auth.api_client_set('PID')
self.assertEquals(cs, 'FAKE_CS')
def test_admin_client_set_works(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_name='test_default_tenant')\
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID')
self.mox.ReplayAll()
with self.app.test_request_context():
cs = auth.admin_client_set()
self.assertEquals(cs, 'FAKE_CLIENT_SET')
self.assertEquals(g.admin_client_set, 'FAKE_CLIENT_SET')
def test_user_endpoint_as_admin(self):
user, password = '******', 'p@ssw0rd'
auth._client_set(user, password, tenant_name='test_default_tenant') \
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID')
auth.current_user_id().AndReturn('FAKE_UID')
self.mox.ReplayAll()
rv = self.app.test_client().get(
'/hello', headers={'Authorization': _basic_auth(user, password)})
self.assertEquals(rv.status_code, 200, rv.data)
def test_admin_endpoint_no_admin(self):
admin, password = '******', 'p@ssw0rd'
auth._client_set(admin, password,
tenant_name='test_default_tenant') \
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn(None)
self.mox.ReplayAll()
rv = self.app.test_client().get(
'/hello', headers={'Authorization': _basic_auth(admin, password)})
self.assertEquals(rv.status_code, 403, rv.data)
def test_success(self):
user, password = '******', 'p@ssw0rd'
self.fake_client_set = self._fake_client_set_factory()
auth._client_set(user, password, tenant_name='systenant') \
.AndReturn(self.fake_client_set)
auth.admin_role_id(self.fake_client_set).AndReturn('AR_ID')
self.mox.ReplayAll()
rv = self.client.get(
self.url, headers={'Authorization': _basic_auth(user, password)})
self.check_and_parse_response(rv, status_code=404)
def test_api_cs_for_project_denied_at_last(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndRaise(Unauthorized('denied'))
auth.add_api_superuser_to_project('PID')
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndReturn('FAKE_CS')
auth.admin_role_id('FAKE_CS').AndReturn(None)
self.mox.ReplayAll()
with self.app.test_request_context():
self.assertRaises(RuntimeError, auth.api_client_set, 'PID')
def test_admin_endpoint_no_admin(self):
admin, password = '******', 'p@ssw0rd'
auth._client_set(admin, password,
tenant_name='test_default_tenant') \
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn(None)
self.mox.ReplayAll()
rv = self.app.test_client().get(
'/hello',
headers={'Authorization': _basic_auth(admin, password)}
)
self.assertEquals(rv.status_code, 403, rv.data)
def test_success(self):
user, password = '******', 'p@ssw0rd'
self.fake_client_set = self._fake_client_set_factory()
auth._client_set(user, password, tenant_name='systenant') \
.AndReturn(self.fake_client_set)
auth.admin_role_id(self.fake_client_set).AndReturn('AR_ID')
self.mox.ReplayAll()
rv = self.client.get(self.url, headers={
'Authorization': _basic_auth(user, password)
})
self.check_and_parse_response(rv, status_code=404)
def test_api_cs_for_project_denied_at_last(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndRaise(Unauthorized('denied'))
auth.add_api_superuser_to_project('PID')
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndReturn('FAKE_CS')
auth.admin_role_id('FAKE_CS').AndReturn(None)
self.mox.ReplayAll()
with self.app.test_request_context():
self.assertRaises(RuntimeError, auth.api_client_set, 'PID')
def test_user_endpoint_as_admin(self):
user, password = '******', 'p@ssw0rd'
auth._client_set(user, password, tenant_name='test_default_tenant') \
.AndReturn('FAKE_CLIENT_SET')
auth.admin_role_id('FAKE_CLIENT_SET').AndReturn('AR_ID')
auth.current_user_id().AndReturn('FAKE_UID')
self.mox.ReplayAll()
rv = self.app.test_client().get(
'/hello',
headers={'Authorization': _basic_auth(user, password)}
)
self.assertEquals(rv.status_code, 200, rv.data)
def test_api_cs_for_project_denied_at_first(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndRaise(Unauthorized('denied'))
auth.add_api_superuser_to_project('PID')
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndReturn('FAKE_CS')
auth.admin_role_id('FAKE_CS').AndReturn('ROLE')
self.mox.ReplayAll()
with self.app.test_request_context():
cs = auth.api_client_set('PID')
self.assertEquals(cs, 'FAKE_CS')
def test_api_cs_for_project_denied_at_first(self):
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndRaise(Unauthorized('denied'))
auth.add_api_superuser_to_project('PID')
auth._client_set('test_admin', 'test_p@ssw0rd',
tenant_id='PID') \
.AndReturn('FAKE_CS')
auth.admin_role_id('FAKE_CS').AndReturn('ROLE')
self.mox.ReplayAll()
with self.app.test_request_context():
cs = auth.api_client_set('PID')
self.assertEquals(cs, 'FAKE_CS')
def test_admin_role_id(self):
self.mox.ReplayAll()
with self.app.test_request_context():
self.install_fake_auth()
result = auth.admin_role_id()
# look at tests/mocked.py, near line 100
self.assertEquals(result, u'ADMIN_ROLE_ID')
def test_admin_role_id(self):
self.mox.ReplayAll()
with self.app.test_request_context():
self.install_fake_auth()
result = auth.admin_role_id()
# look at tests/mocked.py, near line 100
self.assertEquals(result, u'ADMIN_ROLE_ID')
def _grant_admin(user_id):
"""Grant admin permission.
Add admin role with in admin tenant (aka systenant).
"""
auth.assert_admin()
g.client_set.identity_admin.roles.add_user_role(
user_id, auth.admin_role_id(), auth.default_tenant_id())
def _grant_admin(user_id):
"""Grant admin permission.
Add admin role with in admin tenant (aka systenant).
"""
auth.assert_admin()
g.client_set.identity_admin.roles.add_user_role(user_id,
auth.admin_role_id(),
auth.default_tenant_id())
def test_admin_role_id_403(self):
# make roles empty
self.fake_client_set.http_client.access['user']['roles'] = []
self.mox.ReplayAll()
with self.app.test_request_context():
self.install_fake_auth()
g.is_admin = False
self.assertEquals(None, auth.admin_role_id())
self.assertAborts(403, auth.assert_admin)
def test_admin_role_id_403(self):
# make roles empty
self.fake_client_set.http_client.access['user']['roles'] = []
self.mox.ReplayAll()
with self.app.test_request_context():
self.install_fake_auth()
g.is_admin = False
self.assertEquals(None, auth.admin_role_id())
self.assertAborts(403, auth.assert_admin)
def _revoke_admin(user_id):
"""Revoke admin permission.
Remove admin role in admin tenant (aka systenant).
"""
auth.assert_admin()
try:
g.client_set.identity_admin.roles.remove_user_role(
user_id, auth.admin_role_id(), auth.default_tenant_id())
except osc_exc.NotFound:
pass # user was not admin
def _revoke_admin(user_id):
"""Revoke admin permission.
Remove admin role in admin tenant (aka systenant).
"""
auth.assert_admin()
try:
g.client_set.identity_admin.roles.remove_user_role(
user_id, auth.admin_role_id(), auth.default_tenant_id())
except osc_exc.NotFound:
pass # user was not admin
def test_with_my_client_set(self):
result = auth.admin_role_id(self.fake_client_set)
# look at tests/mocked.py, near line 100
self.assertEquals(result, u'ADMIN_ROLE_ID')
def test_with_my_client_set(self):
result = auth.admin_role_id(self.fake_client_set)
# look at tests/mocked.py, near line 100
self.assertEquals(result, u'ADMIN_ROLE_ID')
