def test_rolepermission_lifecycle_concurrent_updates(self):
"""
Tests concurrent order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(self.apiclient, data)
self.cleanup.append(permission)
permissions.append(permission)
# The following rule is considered to be created by another mgmt server
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = "someRule*"
permission = RolePermission.create(self.apiclient, data)
self.cleanup.append(permission)
shuffle(permissions)
try:
permission.update(self.apiclient,
ruleorder=",".join(
map(lambda x: x.id, permissions)))
self.fail(
"Reordering should fail in case of concurrent updates by other user"
)
except CloudstackAPIException:
pass
def test_rolepermission_lifecycle_concurrent_updates(self):
"""
Tests concurrent order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
permissions.append(permission)
# The following rule is considered to be created by another mgmt server
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = "someRule*"
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
shuffle(permissions)
try:
permission.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
self.fail("Reordering should fail in case of concurrent updates by other user")
except CloudstackAPIException: pass
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.testdata = TestData().testdata
feature_enabled = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
if not feature_enabled:
self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")
self.testdata["role"]["name"] += self.getRandomString()
self.role = Role.create(
self.apiclient,
self.testdata["role"]
)
self.testdata["rolepermission"]["roleid"] = self.role.id
self.rolepermission = RolePermission.create(
self.apiclient,
self.testdata["rolepermission"]
)
self.account = Account.create(
self.apiclient,
self.testdata["account"],
roleid=self.role.id
)
self.cleanup = [
self.account,
self.rolepermission,
self.role
]
def test_rolepermission_lifecycle_create(self):
"""
Tests creation of role permission
"""
# Reuse self.rolepermission created in setUp()
try:
rolepermission = RolePermission.create(
self.apiclient,
self.testdata["rolepermission"]
)
self.fail("An exception was expected when creating duplicate role permissions")
except CloudstackAPIException: pass
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
isinstance(list_rolepermissions, list),
True,
"List rolepermissions response was not a valid list"
)
self.assertNotEqual(
len(list_rolepermissions),
0,
"List rolepermissions response was empty"
)
self.assertEqual(
list_rolepermissions[0].rule,
self.testdata["rolepermission"]["rule"],
msg="Role permission rule does not match the test data"
)
self.assertEqual(
list_rolepermissions[0].permission,
self.testdata["rolepermission"]["permission"],
msg="Role permission permission-type does not match the test data"
)
def test_rolepermission_lifecycle_create(self):
"""
Tests creation of role permission
"""
# Reuse self.rolepermission created in setUp()
try:
rolepermission = RolePermission.create(
self.apiclient, self.testdata["rolepermission"])
self.fail(
"An exception was expected when creating duplicate role permissions"
)
except CloudstackAPIException:
pass
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.assertEqual(isinstance(list_rolepermissions, list), True,
"List rolepermissions response was not a valid list")
self.assertNotEqual(len(list_rolepermissions), 0,
"List rolepermissions response was empty")
self.assertEqual(
list_rolepermissions[0].rule,
self.testdata["rolepermission"]["rule"],
msg="Role permission rule does not match the test data")
self.assertEqual(
list_rolepermissions[0].permission,
self.testdata["rolepermission"]["permission"],
msg="Role permission permission-type does not match the test data")
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.testdata = TestData().testdata
feature_enabled = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
if not feature_enabled:
self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")
self.testdata["role"]["name"] += self.getRandomString()
self.role = Role.create(
self.apiclient,
self.testdata["role"]
)
self.testdata["rolepermission"]["roleid"] = self.role.id
self.rolepermission = RolePermission.create(
self.apiclient,
self.testdata["rolepermission"]
)
self.account = Account.create(
self.apiclient,
self.testdata["account"],
roleid=self.role.id
)
self.cleanup = [
self.account,
self.rolepermission,
self.role
]
def test_rolepermission_lifecycle_update(self):
"""
Tests order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
permissions.append(permission)
# Move last item to the top
rule = permissions.pop(len(permissions)-1)
permissions = [rule] + permissions
rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
self.validate_permissions_list(permissions, self.role.id)
# Move to the bottom
rule = permissions.pop(0)
permissions = permissions + [rule]
rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
self.validate_permissions_list(permissions, self.role.id)
# Random shuffles
for _ in range(3):
shuffle(permissions)
rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
self.validate_permissions_list(permissions, self.role.id)
def test_rolepermission_lifecycle_update(self):
"""
Tests order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(self.apiclient, data)
self.cleanup.append(permission)
permissions.append(permission)
def validate_permissions_list(permissions):
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.assertEqual(
len(list_rolepermissions),
len(permissions),
msg=
"List of role permissions do not match created list of permissions"
)
for idx, rolepermission in enumerate(list_rolepermissions):
self.assertEqual(
rolepermission.rule,
permissions[idx].rule,
msg=
"Rule permission don't match with expected item at the index"
)
self.assertEqual(
rolepermission.permission,
permissions[idx].permission,
msg=
"Rule permission don't match with expected item at the index"
)
# Move last item to the top
rule = permissions.pop(len(permissions) - 1)
permissions = [rule] + permissions
rule.update(self.apiclient,
ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Move to the bottom
rule = permissions.pop(0)
permissions = permissions + [rule]
rule.update(self.apiclient,
ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Random shuffles
for _ in range(3):
shuffle(permissions)
rule.update(self.apiclient,
ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
def test_rolepermission_lifecycle_update(self):
"""
Tests order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
permissions.append(permission)
def validate_permissions_list(permissions):
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
len(list_rolepermissions),
len(permissions),
msg="List of role permissions do not match created list of permissions"
)
for idx, rolepermission in enumerate(list_rolepermissions):
self.assertEqual(
rolepermission.rule,
permissions[idx].rule,
msg="Rule permission don't match with expected item at the index"
)
self.assertEqual(
rolepermission.permission,
permissions[idx].permission,
msg="Rule permission don't match with expected item at the index"
)
# Move last item to the top
rule = permissions.pop(len(permissions)-1)
permissions = [rule] + permissions
rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Move to the bottom
rule = permissions.pop(0)
permissions = permissions + [rule]
rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Random shuffles
for _ in range(3):
shuffle(permissions)
rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
def test_role_account_acls(self):
"""
Test to check role, role permissions and account life cycles
"""
apiConfig = self.testdata['apiConfig']
for api, perm in apiConfig.items():
testdata = self.testdata['rolepermission']
testdata['roleid'] = self.role.id
testdata['rule'] = api
testdata['permission'] = perm.lower()
RolePermission.create(self.apiclient, testdata)
userApiClient = self.getUserApiClient(self.account.name,
domain=self.account.domain,
role_type=self.account.roletype)
# Perform listApis check
self.checkApiAvailability(apiConfig, userApiClient)
# Perform actual API call for allow API
self.checkApiCall(apiConfig, userApiClient)
def test_role_account_acls(self):
"""
Test to check role, role permissions and account life cycles
"""
apiConfig = self.testdata['apiConfig']
for api, perm in apiConfig.items():
testdata = self.testdata['rolepermission']
testdata['roleid'] = self.role.id
testdata['rule'] = api
testdata['permission'] = perm.lower()
RolePermission.create(
self.apiclient,
testdata
)
userApiClient = self.getUserApiClient(self.account.name, domain=self.account.domain, role_type=self.account.roletype)
# Perform listApis check
self.checkApiAvailability(apiConfig, userApiClient)
# Perform actual API call for allow API
self.checkApiCall(apiConfig, userApiClient)