def test_17_deployvm_domaindmin_forcrossdomainuser(self):
"""
# Validate that Domain admin should not be able allowed to deploy vm for users not in his sub domain
"""
self.apiclient.connection.apiKey = self.user_d1_apikey
self.apiclient.connection.securityKey = self.user_d1_secretkey
vmData={"name":"d2a-d1","displayname":"d2a-d1"}
try:
vm = VirtualMachine.create(
self.apiclient,
vmData,
zoneid=self.zone.id,
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=self.network_d2a.id,
accountid=self.account_d2a.name,
domainid=self.account_d2a.domainid
)
self.fail("Domain admin is allowed to deploy vm for users not in hos domain ")
except Exception as e:
self.debug ("When Domain admin tries to deploy vm for users in his sub domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN):
self.fail("Error message validation failed when Domain admin tries to deploy vm for users not in hos domain ")
def test_20_deployvm_user_foruserincrossdomain(self):
"""
# Validate that Regular user should NOT be able to deploy vm for users in his domain
"""
self.apiclient.connection.apiKey = self.user_d1a_apikey
self.apiclient.connection.securityKey = self.user_d1a_secretkey
vmData={"name":"d2a-d1a","displayname":"d2a-d1a"}
try:
vm = VirtualMachine.create(
self.apiclient,
vmData,
zoneid=self.zone.id,
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=self.network_d2a.id,
accountid=self.account_d2a.name,
domainid=self.account_d2a.domainid
)
self.fail("Regular user is allowed to deploy vm for users not in his domain ")
except Exception as e:
self.debug ("When user tries to deploy vm for users n different domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT):
self.fail("Error message validation failed when Regular user tries to deploy vm for users not in his domain ")
def test_deleteNetwork_user_foruserinsamedomain(self):
"""
Validate that Regular user should NOT be able to delete network for users in their domain
"""
self.apiclient.connection.apiKey = self.user_d111a_apikey
self.apiclient.connection.securityKey = self.user_d111a_secretkey
try:
response = self.network_d111b.delete(self.apiclient)
self._cleanup.remove(self.network_d111b)
self.fail("Regular user is allowed to delete network for users in their domain ")
except Exception as e:
self.debug ("When user tries to delete network for users in their domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT):
self.fail("Regular user is allowed to delete network for users in their domain ")
def test_deleteNetwork_domaindmin_forcrossdomainuser(self):
"""
Validate that Domain admin should be able to delete network for users in their sub domain
"""
self.apiclient.connection.apiKey = self.user_d1_apikey
self.apiclient.connection.securityKey = self.user_d1_secretkey
try:
response = self.network_d2a.delete(self.apiclient)
self._cleanup.remove(self.network_d2a)
self.fail("Domain admin is allowed to delete network for users not in their domain ")
except Exception as e:
self.debug ("When Domain admin tries to delete network for user in a different domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN):
self.fail("Error message validation failed when Domain admin tries to delete network for users not in their domain ")
def test_29_restartNetwork_user_foruserinsamedomain(self):
"""
#Validate that Regular user should NOT be able to restart network for users in his domain
"""
self.apiclient.connection.apiKey = self.user_d1a_apikey
self.apiclient.connection.securityKey = self.user_d1a_secretkey
try:
restartResponse = self.network_d1b.restart(self.apiclient)
self.fail("Regular user is allowed to restart network for users in his domain ")
except Exception as e:
self.debug ("When user tries to restart network for users in his domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT):
self.fail("Error message validation failed when Regular user tries to restart network for users in his domain ")
def test_27_restartNetwork_domaindmin_forcrossdomainuser(self):
"""
# Validate that Domain admin should be able to restart network for users in his sub domain
"""
self.apiclient.connection.apiKey = self.user_d1_apikey
self.apiclient.connection.securityKey = self.user_d1_secretkey
try:
restartResponse = self.network_d2a.restart(self.apiclient)
self.fail("Domain admin is allowed to restart network for users not in his domain ")
except Exception as e:
self.debug ("When Domain admin tries to restart network for users in his sub domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN):
self.fail("Error message validation failed when Domain admin tries to restart network for users not in his domain ")
def test_deleteNetwork_user_foruserinotherdomain(self):
"""
Validate that Domain admin should be NOT be able to delete network for users in other domains
"""
self.apiclient.connection.apiKey = self.user_d111a_apikey
self.apiclient.connection.securityKey = self.user_d111a_secretkey
try:
response = self.network_d11b.delete(self.apiclient)
self.fail("Regular user is allowed to delete network for users not in his domain ")
except Exception as e:
self.debug ("When user tries to delete network for users in other domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT):
self.fail("Error message validation failed when Regular user tries to delete network for users not in his domain ")
def test_deleteNetwork_user_foruserinotherdomain(self):
"""
Validate that Domain admin should be NOT be able to delete network for users in other domains
"""
self.apiclient.connection.apiKey = self.user_d111a_apikey
self.apiclient.connection.securityKey = self.user_d111a_secretkey
try:
response = self.network_d11b.delete(self.apiclient)
self.fail("Regular user is allowed to delete network for users not in his domain ")
except Exception as e:
self.debug ("When user tries to delete network for users in other domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT):
self.fail("Error message validation failed when Regular user tries to delete network for users not in his domain ")
def test_20_1_deployvm_user_incrossnetwork(self):
"""
#Validate that User should not be able deploy VM in a network that does not belong to him
"""
self.apiclient.connection.apiKey = self.user_d11a_apikey
self.apiclient.connection.securityKey = self.user_d11a_secretkey
vmData={"name":"d11a-invalidnetwork","displayname":"d11a-invalidnetwork"}
try:
vm = VirtualMachine.create(
self.apiclient,
vmData,
zoneid=self.zone.id,
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=self.network_d11b.id,
)
self.fail("User is allowed to deploy VM in a network that does not belong to him ")
except Exception as e:
self.debug ("When user tries to deploy vm in a network that does not belong to him %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
self.fail("Error message validation failed when User is allowed to deploy VM in a network that does not belong to him ")
def test_07_createNetwork_domaindmin_forcrossdomainuser(self):
"""
# Validate that Domain admin should not be able to create network for users in his sub domain
"""
self.apiclient.connection.apiKey = self.user_d1_apikey
self.apiclient.connection.securityKey = self.user_d1_secretkey
self.acldata["network"]["name"] = "d1_d2a"
self.acldata["network"]["displayname"] = "d1_d2a"
try:
network = Network.create(
self.apiclient,
self.acldata["network"],
networkofferingid=self.isolated_network_offering_id,
zoneid=self.zone.id,
accountid=self.account_d2a.name,
domainid=self.account_d2a.domainid
)
self.fail("Domain admin is allowed to create network for users not in his domain ")
except Exception as e:
self.debug ("When Domain admin tries to create network for users in his sub domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN):
self.fail("Error message validation failed when Domain admin tries to create network for users not in his domain ")
def test_17_1_deployvm_domainadmin_foruserinotherdomain_crossnetwork(self):
"""
# Validate that Domain admin should not be able deploy VM for a user in a network that does not belong to the user
"""
self.apiclient.connection.apiKey = self.user_d1_apikey
self.apiclient.connection.securityKey = self.user_d1_secretkey
vmData={"name":"d1-d11a-invalidnetwork","displayname":"d1-d11a-invalidnetwork"}
try:
vm = VirtualMachine.create(
self.apiclient,
vmData,
zoneid=self.zone.id,
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=self.network_d11b.id,
accountid=self.account_d11a.name,
domainid=self.account_d11a.domainid
)
self.fail("Domain admin is allowed to deploy vm for users in a network that does not belong to him ")
except Exception as e:
self.debug ("When domain admin tries to deploy vm for users in network that does not belong to the user %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK):
self.fail("Error message validation failed when Domain admin tries to deploy vm for users in a network that does not belong to him ")
def test_10_createNetwork_user_foruserinotherdomain(self):
"""
# Validate that Domain admin should be NOT be able to create network for users in other domains
"""
self.apiclient.connection.apiKey = self.user_d1a_apikey
self.apiclient.connection.securityKey = self.user_d1a_secretkey
self.acldata["network"]["name"] = "d1a_d11a"
self.acldata["network"]["displayname"] = "d1a_d11a"
try:
network = Network.create(
self.apiclient,
self.acldata["network"],
networkofferingid=self.isolated_network_offering_id,
zoneid=self.zone.id,
accountid=self.account_d11a.name,
domainid=self.account_d11a.domainid
)
self.fail("User is allowed to create network for users not in his domain ")
except Exception as e:
self.debug ("When user tries to create network for users in other domain %s" %e)
if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_LIST_NETWORK_ACCOUNT):
self.fail("Error message validation failed when User tries to create network for users not in his domain ")
