def test_update(self):
        ref = unit.new_policy_ref()
        self.policy_api.create_policy(ref['id'], ref)
        orig = ref

        ref = unit.new_policy_ref()

        # (cannot change policy ID)
        self.assertRaises(exception.ValidationError,
                          self.policy_api.update_policy, orig['id'], ref)

        ref['id'] = orig['id']
        res = self.policy_api.update_policy(orig['id'], ref)
        self.assertDictEqual(ref, res)
Exemple #2
0
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     self.policy = unit.new_policy_ref()
     self.policy_id = self.policy['id']
     PROVIDERS.policy_api.create_policy(
         self.policy_id,
         self.policy.copy())
    def setUp(self):
        """Setup for Identity Limit Test Cases."""
        super(IdentityTestListLimitCase, self).setUp()

        # Create 10 entries for each of the entities we are going to test
        self.ENTITY_TYPES = ['user', 'group', 'project']
        self.entity_lists = {}
        for entity in self.ENTITY_TYPES:
            self.entity_lists[entity] = self._create_test_data(entity, 10)
            # Make sure we clean up when finished
            self.addCleanup(self.clean_up_entity, entity)

        self.service_list = []
        self.addCleanup(self.clean_up_service)
        for _ in range(10):
            new_entity = unit.new_service_ref()
            service = self.catalog_api.create_service(new_entity['id'],
                                                      new_entity)
            self.service_list.append(service)

        self.policy_list = []
        self.addCleanup(self.clean_up_policy)
        for _ in range(10):
            new_entity = unit.new_policy_ref()
            policy = self.policy_api.create_policy(new_entity['id'],
                                                   new_entity)
            self.policy_list.append(policy)
    def test_update(self):
        ref = unit.new_policy_ref()
        self.policy_api.create_policy(ref['id'], ref)
        orig = ref

        ref = unit.new_policy_ref()

        # (cannot change policy ID)
        self.assertRaises(exception.ValidationError,
                          self.policy_api.update_policy,
                          orig['id'],
                          ref)

        ref['id'] = orig['id']
        res = self.policy_api.update_policy(orig['id'], ref)
        self.assertDictEqual(ref, res)
 def setUp(self):
     super(PolicyTestCase, self).setUp()
     self.policy = unit.new_policy_ref()
     self.policy_id = self.policy['id']
     self.policy_api.create_policy(
         self.policy_id,
         self.policy.copy())
Exemple #6
0
    def setUp(self):
        """Setup for Identity Limit Test Cases."""
        super(IdentityTestListLimitCase, self).setUp()

        # Create 10 entries for each of the entities we are going to test
        self.ENTITY_TYPES = ['user', 'group', 'project']
        self.entity_lists = {}
        for entity in self.ENTITY_TYPES:
            self.entity_lists[entity] = self._create_test_data(entity, 10)
            # Make sure we clean up when finished
            self.addCleanup(self.clean_up_entity, entity)

        self.service_list = []
        self.addCleanup(self.clean_up_service)
        for _ in range(10):
            new_entity = unit.new_service_ref()
            service = self.catalog_api.create_service(new_entity['id'],
                                                      new_entity)
            self.service_list.append(service)

        self.policy_list = []
        self.addCleanup(self.clean_up_policy)
        for _ in range(10):
            new_entity = unit.new_policy_ref()
            policy = self.policy_api.create_policy(new_entity['id'],
                                                   new_entity)
            self.policy_list.append(policy)
    def test_list(self):
        ref = unit.new_policy_ref()
        self.policy_api.create_policy(ref['id'], ref)

        res = self.policy_api.list_policies()
        res = [x for x in res if x['id'] == ref['id']][0]
        self.assertDictEqual(ref, res)
    def test_list(self):
        ref = unit.new_policy_ref()
        self.policy_api.create_policy(ref['id'], ref)

        res = self.policy_api.list_policies()
        res = [x for x in res if x['id'] == ref['id']][0]
        self.assertDictEqual(ref, res)
Exemple #9
0
    def test_user_cannot_list_policies(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)

        with self.test_client() as c:
            c.get('/v3/policies',
                  headers=self.headers,
                  expected_status_code=http_client.FORBIDDEN)
Exemple #10
0
 def test_user_can_create_policy_association_for_service(self):
     policy = unit.new_policy_ref()
     policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
     service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
                                                    unit.new_service_ref())
     with self.test_client() as c:
         c.put('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' %
               (policy['id'], service['id']),
               headers=self.headers,
               expected_status_code=http_client.NO_CONTENT)
 def test_policy_duplicate_conflict_gives_name(self):
     policy_ref = unit.new_policy_ref()
     self.policy_api.create_policy(policy_ref['id'], policy_ref)
     try:
         self.policy_api.create_policy(policy_ref['id'], policy_ref)
     except exception.Conflict as e:
         self.assertIn("Duplicate entry found with name %s"
                       % policy_ref['name'], repr(e))
     else:
         self.fail("Create duplicate policy did not raise a conflict")
Exemple #12
0
    def test_user_can_update_policy(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)

        update = {'policy': {'name': uuid.uuid4().hex}}

        with self.test_client() as c:
            c.patch('/v3/policies/%s' % policy['id'],
                    json=update,
                    headers=self.headers)
Exemple #13
0
    def test_user_cannot_update_policy(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)

        update = {'policy': {'name': uuid.uuid4().hex}}

        with self.test_client() as c:
            c.patch('/v3/policies/%s' % policy['id'],
                    json=update,
                    headers=self.headers,
                    expected_status_code=http.client.FORBIDDEN)
    def test_delete(self):
        ref = unit.new_policy_ref()
        self.policy_api.create_policy(ref['id'], ref)

        self.policy_api.delete_policy(ref['id'])
        self.assertRaises(exception.PolicyNotFound,
                          self.policy_api.delete_policy, ref['id'])
        self.assertRaises(exception.PolicyNotFound, self.policy_api.get_policy,
                          ref['id'])
        res = self.policy_api.list_policies()
        self.assertFalse(len([x for x in res if x['id'] == ref['id']]))
Exemple #15
0
    def test_user_can_list_policies(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)

        with self.test_client() as c:
            r = c.get('/v3/policies', headers=self.headers)
            policies = []
            for policy in r.json['policies']:
                policies.append(policy['id'])

            self.assertIn(policy['id'], policies)
Exemple #16
0
 def test_policy_duplicate_conflict_gives_name(self):
     policy_ref = unit.new_policy_ref()
     PROVIDERS.policy_api.create_policy(policy_ref['id'], policy_ref)
     try:
         PROVIDERS.policy_api.create_policy(policy_ref['id'], policy_ref)
     except exception.Conflict as e:
         self.assertIn(
             "Duplicate entry found with name %s" % policy_ref['name'],
             repr(e))
     else:
         self.fail("Create duplicate policy did not raise a conflict")
 def setUp(self):
     super(EndpointPolicyTestCase, self).setUp()
     self.policy = unit.new_policy_ref()
     self.policy_api.create_policy(self.policy['id'], self.policy)
     self.service = unit.new_service_ref()
     self.catalog_api.create_service(self.service['id'], self.service)
     self.endpoint = unit.new_endpoint_ref(self.service['id'], enabled=True,
                                           interface='public',
                                           region_id=self.region_id)
     self.catalog_api.create_endpoint(self.endpoint['id'], self.endpoint)
     self.region = unit.new_region_ref()
     self.catalog_api.create_region(self.region)
 def setUp(self):
     super(EndpointPolicyTestCase, self).setUp()
     self.policy = unit.new_policy_ref()
     self.policy_api.create_policy(self.policy['id'], self.policy)
     self.service = unit.new_service_ref()
     self.catalog_api.create_service(self.service['id'], self.service)
     self.endpoint = unit.new_endpoint_ref(self.service['id'], enabled=True,
                                           interface='public',
                                           region_id=self.region_id)
     self.catalog_api.create_endpoint(self.endpoint['id'], self.endpoint)
     self.region = unit.new_region_ref()
     self.catalog_api.create_region(self.region)
Exemple #19
0
    def test_user_cannot_delete_policy_assoc_for_region_and_service(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
        service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
                                                       unit.new_service_ref())
        region = PROVIDERS.catalog_api.create_region(unit.new_region_ref())

        with self.test_client() as c:
            c.delete(
                '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' %
                (policy['id'], service['id'], region['id']),
                headers=self.headers,
                expected_status_code=http_client.FORBIDDEN)
    def test_delete(self):
        ref = unit.new_policy_ref()
        self.policy_api.create_policy(ref['id'], ref)

        self.policy_api.delete_policy(ref['id'])
        self.assertRaises(exception.PolicyNotFound,
                          self.policy_api.delete_policy,
                          ref['id'])
        self.assertRaises(exception.PolicyNotFound,
                          self.policy_api.get_policy,
                          ref['id'])
        res = self.policy_api.list_policies()
        self.assertFalse(len([x for x in res if x['id'] == ref['id']]))
    def load_sample_data(self):
        """Create sample data to test policy associations.

        The following data is created:

        - 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top)
        - 3 services
        - 6 endpoints, 2 in each region, with a mixture of services:
          0 - region 0, Service 0
          1 - region 0, Service 1
          2 - region 1, Service 1
          3 - region 1, Service 2
          4 - region 2, Service 2
          5 - region 2, Service 0

        """
        def new_endpoint(region_id, service_id):
            endpoint = unit.new_endpoint_ref(interface='test',
                                             region_id=region_id,
                                             service_id=service_id,
                                             url='/url')
            self.endpoint.append(PROVIDERS.catalog_api.create_endpoint(
                endpoint['id'], endpoint))

        self.policy = []
        self.endpoint = []
        self.service = []
        self.region = []

        parent_region_id = None
        for i in range(3):
            policy = unit.new_policy_ref()
            self.policy.append(
                PROVIDERS.policy_api.create_policy(policy['id'], policy)
            )

            service = unit.new_service_ref()
            self.service.append(
                PROVIDERS.catalog_api.create_service(service['id'], service)
            )
            region = unit.new_region_ref(parent_region_id=parent_region_id)
            # Link the regions together as a hierarchy, [0] at the top
            parent_region_id = region['id']
            self.region.append(PROVIDERS.catalog_api.create_region(region))

        new_endpoint(self.region[0]['id'], self.service[0]['id'])
        new_endpoint(self.region[0]['id'], self.service[1]['id'])
        new_endpoint(self.region[1]['id'], self.service[1]['id'])
        new_endpoint(self.region[1]['id'], self.service[2]['id'])
        new_endpoint(self.region[2]['id'], self.service[2]['id'])
        new_endpoint(self.region[2]['id'], self.service[0]['id'])
Exemple #22
0
 def test_user_can_get_policy_for_endpoint(self):
     policy = unit.new_policy_ref()
     policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
     service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
                                                    unit.new_service_ref())
     endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
     endpoint = PROVIDERS.catalog_api.create_endpoint(
         endpoint['id'], endpoint)
     PROVIDERS.endpoint_policy_api.create_policy_association(
         policy['id'], endpoint['id'])
     with self.test_client() as c:
         c.get('/v3/endpoints/%s/OS-ENDPOINT-POLICY/policy' %
               (endpoint['id']),
               headers=self.headers)
Exemple #23
0
    def load_sample_data(self):
        """Create sample data to test policy associations.

        The following data is created:

        - 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top)
        - 3 services
        - 6 endpoints, 2 in each region, with a mixture of services:
          0 - region 0, Service 0
          1 - region 0, Service 1
          2 - region 1, Service 1
          3 - region 1, Service 2
          4 - region 2, Service 2
          5 - region 2, Service 0

        """
        def new_endpoint(region_id, service_id):
            endpoint = unit.new_endpoint_ref(interface='test',
                                             region_id=region_id,
                                             service_id=service_id,
                                             url='/url')
            self.endpoint.append(
                PROVIDERS.catalog_api.create_endpoint(endpoint['id'],
                                                      endpoint))

        self.policy = []
        self.endpoint = []
        self.service = []
        self.region = []

        parent_region_id = None
        for i in range(3):
            policy = unit.new_policy_ref()
            self.policy.append(
                PROVIDERS.policy_api.create_policy(policy['id'], policy))

            service = unit.new_service_ref()
            self.service.append(
                PROVIDERS.catalog_api.create_service(service['id'], service))
            region = unit.new_region_ref(parent_region_id=parent_region_id)
            # Link the regions together as a hierarchy, [0] at the top
            parent_region_id = region['id']
            self.region.append(PROVIDERS.catalog_api.create_region(region))

        new_endpoint(self.region[0]['id'], self.service[0]['id'])
        new_endpoint(self.region[0]['id'], self.service[1]['id'])
        new_endpoint(self.region[1]['id'], self.service[1]['id'])
        new_endpoint(self.region[1]['id'], self.service[2]['id'])
        new_endpoint(self.region[2]['id'], self.service[2]['id'])
        new_endpoint(self.region[2]['id'], self.service[0]['id'])
Exemple #24
0
    def test_user_can_delete_policy_association_for_endpoint(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
        service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
                                                       unit.new_service_ref())
        endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
        endpoint = PROVIDERS.catalog_api.create_endpoint(
            endpoint['id'], endpoint)

        with self.test_client() as c:
            c.delete('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' %
                     (policy['id'], endpoint['id']),
                     headers=self.headers,
                     expected_status_code=http_client.NO_CONTENT)
Exemple #25
0
 def test_user_list_endpoints_for_policy(self):
     policy = unit.new_policy_ref()
     policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
     service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
                                                    unit.new_service_ref())
     endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
     endpoint = PROVIDERS.catalog_api.create_endpoint(
         endpoint['id'], endpoint)
     PROVIDERS.endpoint_policy_api.create_policy_association(
         policy['id'], endpoint['id'])
     with self.test_client() as c:
         r = c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints' %
                   (policy['id']),
                   headers=self.headers)
         for endpoint_itr in r.json['endpoints']:
             self.assertIn(endpoint['id'], endpoint_itr['id'])
Exemple #26
0
    def test_user_cannot_check_policy_association_for_service(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)

        service = PROVIDERS.catalog_api.create_service(
            uuid.uuid4().hex, unit.new_service_ref()
        )

        PROVIDERS.endpoint_policy_api.create_policy_association(
            policy['id'], service_id=service['id'])

        with self.test_client() as c:
            c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s'
                  % (policy['id'], service['id']),
                  headers=self.headers,
                  expected_status_code=http.client.FORBIDDEN)
Exemple #27
0
 def test_create(self):
     ref = unit.new_policy_ref()
     res = PROVIDERS.policy_api.create_policy(ref['id'], ref)
     self.assertDictEqual(ref, res)
 def test_update_policy_returns_not_found(self):
     ref = unit.new_policy_ref()
     self.assertRaises(exception.PolicyNotFound,
                       self.policy_api.update_policy,
                       ref['id'],
                       ref)
 def test_delete_policy(self):
     policy_ref = unit.new_policy_ref()
     self.policy_api.create_policy(policy_ref["id"], policy_ref)
     self.policy_api.delete_policy(policy_ref["id"])
     self._assert_notify_sent(policy_ref["id"], DELETED_OPERATION, "policy")
     self._assert_last_audit(policy_ref["id"], DELETED_OPERATION, "policy", cadftaxonomy.SECURITY_POLICY)
 def test_update_policy_returns_not_found(self):
     ref = unit.new_policy_ref()
     self.assertRaises(exception.PolicyNotFound,
                       self.policy_api.update_policy, ref['id'], ref)
 def test_create(self):
     ref = unit.new_policy_ref()
     res = PROVIDERS.policy_api.create_policy(ref['id'], ref)
     self.assertDictEqual(ref, res)
    def test_get(self):
        ref = unit.new_policy_ref()
        res = self.policy_api.create_policy(ref['id'], ref)

        res = self.policy_api.get_policy(ref['id'])
        self.assertDictEqual(ref, res)
Exemple #33
0
    def test_user_can_get_policy(self):
        policy = unit.new_policy_ref()
        policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)

        with self.test_client() as c:
            c.get('/v3/policies/%s' % policy['id'], headers=self.headers)
Exemple #34
0
 def test_create_policy(self):
     """Call ``POST /policies``."""
     ref = unit.new_policy_ref()
     r = self.post('/policies', body={'policy': ref})
     return self.assertValidPolicyResponse(r, ref)
 def test_create_policy(self):
     """Call ``POST /policies``."""
     ref = unit.new_policy_ref()
     r = self.post('/policies', body={'policy': ref})
     return self.assertValidPolicyResponse(r, ref)
Exemple #36
0
 def new_policy_ref(self):
     return tests.new_policy_ref()
    def test_get(self):
        ref = unit.new_policy_ref()
        res = self.policy_api.create_policy(ref['id'], ref)

        res = self.policy_api.get_policy(ref['id'])
        self.assertDictEqual(ref, res)