Exemple #1
0
    def test_rolepermission_lifecycle_concurrent_updates(self):
        """
            Tests concurrent order updation of role permission
        """
        permissions = [self.rolepermission]
        rules = ['list*', '*Vol*', 'listCapabilities']
        for rule in rules:
            data = copy.deepcopy(self.testdata["rolepermission"])
            data['rule'] = rule
            permission = RolePermission.create(self.apiclient, data)
            self.cleanup.append(permission)
            permissions.append(permission)

        # The following rule is considered to be created by another mgmt server
        data = copy.deepcopy(self.testdata["rolepermission"])
        data['rule'] = "someRule*"
        permission = RolePermission.create(self.apiclient, data)
        self.cleanup.append(permission)

        shuffle(permissions)
        try:
            permission.update(self.apiclient,
                              ruleorder=",".join(
                                  map(lambda x: x.id, permissions)))
            self.fail(
                "Reordering should fail in case of concurrent updates by other user"
            )
        except CloudstackAPIException:
            pass
    def test_rolepermission_lifecycle_concurrent_updates(self):
        """
            Tests concurrent order updation of role permission
        """
        permissions = [self.rolepermission]
        rules = ['list*', '*Vol*', 'listCapabilities']
        for rule in rules:
            data = copy.deepcopy(self.testdata["rolepermission"])
            data['rule'] = rule
            permission = RolePermission.create(
                self.apiclient,
                data
            )
            self.cleanup.append(permission)
            permissions.append(permission)


        # The following rule is considered to be created by another mgmt server
        data = copy.deepcopy(self.testdata["rolepermission"])
        data['rule'] = "someRule*"
        permission = RolePermission.create(
            self.apiclient,
            data
        )
        self.cleanup.append(permission)

        shuffle(permissions)
        try:
            permission.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
            self.fail("Reordering should fail in case of concurrent updates by other user")
        except CloudstackAPIException: pass
    def setUp(self):
        self.apiclient = self.testClient.getApiClient()
        self.dbclient = self.testClient.getDbConnection()
        self.testdata = TestData().testdata

        feature_enabled = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
        if not feature_enabled:
            self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")

        self.testdata["role"]["name"] += self.getRandomString()
        self.role = Role.create(
            self.apiclient,
            self.testdata["role"]
        )

        self.testdata["rolepermission"]["roleid"] = self.role.id
        self.rolepermission = RolePermission.create(
            self.apiclient,
            self.testdata["rolepermission"]
        )

        self.account = Account.create(
            self.apiclient,
            self.testdata["account"],
            roleid=self.role.id
        )
        self.cleanup = [
            self.account,
            self.rolepermission,
            self.role
        ]
    def test_rolepermission_lifecycle_create(self):
        """
            Tests creation of role permission
        """
        # Reuse self.rolepermission created in setUp()
        try:
            rolepermission = RolePermission.create(
                self.apiclient,
                self.testdata["rolepermission"]
            )
            self.fail("An exception was expected when creating duplicate role permissions")
        except CloudstackAPIException: pass

        list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
        self.assertEqual(
            isinstance(list_rolepermissions, list),
            True,
            "List rolepermissions response was not a valid list"
        )
        self.assertNotEqual(
            len(list_rolepermissions),
            0,
            "List rolepermissions response was empty"
        )
        self.assertEqual(
            list_rolepermissions[0].rule,
            self.testdata["rolepermission"]["rule"],
            msg="Role permission rule does not match the test data"
        )
        self.assertEqual(
            list_rolepermissions[0].permission,
            self.testdata["rolepermission"]["permission"],
            msg="Role permission permission-type does not match the test data"
        )
Exemple #5
0
    def test_rolepermission_lifecycle_create(self):
        """
            Tests creation of role permission
        """
        # Reuse self.rolepermission created in setUp()
        try:
            rolepermission = RolePermission.create(
                self.apiclient, self.testdata["rolepermission"])
            self.fail(
                "An exception was expected when creating duplicate role permissions"
            )
        except CloudstackAPIException:
            pass

        list_rolepermissions = RolePermission.list(self.apiclient,
                                                   roleid=self.role.id)
        self.assertEqual(isinstance(list_rolepermissions, list), True,
                         "List rolepermissions response was not a valid list")
        self.assertNotEqual(len(list_rolepermissions), 0,
                            "List rolepermissions response was empty")
        self.assertEqual(
            list_rolepermissions[0].rule,
            self.testdata["rolepermission"]["rule"],
            msg="Role permission rule does not match the test data")
        self.assertEqual(
            list_rolepermissions[0].permission,
            self.testdata["rolepermission"]["permission"],
            msg="Role permission permission-type does not match the test data")
    def setUp(self):
        self.apiclient = self.testClient.getApiClient()
        self.dbclient = self.testClient.getDbConnection()
        self.testdata = TestData().testdata

        feature_enabled = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
        if not feature_enabled:
            self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")

        self.testdata["role"]["name"] += self.getRandomString()
        self.role = Role.create(
            self.apiclient,
            self.testdata["role"]
        )

        self.testdata["rolepermission"]["roleid"] = self.role.id
        self.rolepermission = RolePermission.create(
            self.apiclient,
            self.testdata["rolepermission"]
        )

        self.account = Account.create(
            self.apiclient,
            self.testdata["account"],
            roleid=self.role.id
        )
        self.cleanup = [
            self.account,
            self.rolepermission,
            self.role
        ]
Exemple #7
0
    def test_rolepermission_lifecycle_update(self):
        """
            Tests order updation of role permission
        """
        permissions = [self.rolepermission]
        rules = ['list*', '*Vol*', 'listCapabilities']
        for rule in rules:
            data = copy.deepcopy(self.testdata["rolepermission"])
            data['rule'] = rule
            permission = RolePermission.create(
                self.apiclient,
                data
            )
            self.cleanup.append(permission)
            permissions.append(permission)

        # Move last item to the top
        rule = permissions.pop(len(permissions)-1)
        permissions = [rule] + permissions
        rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
        self.validate_permissions_list(permissions, self.role.id)

        # Move to the bottom
        rule = permissions.pop(0)
        permissions = permissions + [rule]
        rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
        self.validate_permissions_list(permissions, self.role.id)

        # Random shuffles
        for _ in range(3):
            shuffle(permissions)
            rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
            self.validate_permissions_list(permissions, self.role.id)
Exemple #8
0
    def test_rolepermission_lifecycle_update(self):
        """
            Tests order updation of role permission
        """
        permissions = [self.rolepermission]
        rules = ['list*', '*Vol*', 'listCapabilities']
        for rule in rules:
            data = copy.deepcopy(self.testdata["rolepermission"])
            data['rule'] = rule
            permission = RolePermission.create(self.apiclient, data)
            self.cleanup.append(permission)
            permissions.append(permission)

        def validate_permissions_list(permissions):
            list_rolepermissions = RolePermission.list(self.apiclient,
                                                       roleid=self.role.id)
            self.assertEqual(
                len(list_rolepermissions),
                len(permissions),
                msg=
                "List of role permissions do not match created list of permissions"
            )

            for idx, rolepermission in enumerate(list_rolepermissions):
                self.assertEqual(
                    rolepermission.rule,
                    permissions[idx].rule,
                    msg=
                    "Rule permission don't match with expected item at the index"
                )
                self.assertEqual(
                    rolepermission.permission,
                    permissions[idx].permission,
                    msg=
                    "Rule permission don't match with expected item at the index"
                )

        # Move last item to the top
        rule = permissions.pop(len(permissions) - 1)
        permissions = [rule] + permissions
        rule.update(self.apiclient,
                    ruleorder=",".join(map(lambda x: x.id, permissions)))
        validate_permissions_list(permissions)

        # Move to the bottom
        rule = permissions.pop(0)
        permissions = permissions + [rule]
        rule.update(self.apiclient,
                    ruleorder=",".join(map(lambda x: x.id, permissions)))
        validate_permissions_list(permissions)

        # Random shuffles
        for _ in range(3):
            shuffle(permissions)
            rule.update(self.apiclient,
                        ruleorder=",".join(map(lambda x: x.id, permissions)))
            validate_permissions_list(permissions)
    def test_rolepermission_lifecycle_update(self):
        """
            Tests order updation of role permission
        """
        permissions = [self.rolepermission]
        rules = ['list*', '*Vol*', 'listCapabilities']
        for rule in rules:
            data = copy.deepcopy(self.testdata["rolepermission"])
            data['rule'] = rule
            permission = RolePermission.create(
                self.apiclient,
                data
            )
            self.cleanup.append(permission)
            permissions.append(permission)


        def validate_permissions_list(permissions):
            list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
            self.assertEqual(
                len(list_rolepermissions),
                len(permissions),
                msg="List of role permissions do not match created list of permissions"
            )

            for idx, rolepermission in enumerate(list_rolepermissions):
                self.assertEqual(
                    rolepermission.rule,
                    permissions[idx].rule,
                    msg="Rule permission don't match with expected item at the index"
                )
                self.assertEqual(
                    rolepermission.permission,
                    permissions[idx].permission,
                    msg="Rule permission don't match with expected item at the index"
                )

        # Move last item to the top
        rule = permissions.pop(len(permissions)-1)
        permissions = [rule] + permissions
        rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
        validate_permissions_list(permissions)

        # Move to the bottom
        rule = permissions.pop(0)
        permissions = permissions + [rule]
        rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
        validate_permissions_list(permissions)

        # Random shuffles
        for _ in range(3):
            shuffle(permissions)
            rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
            validate_permissions_list(permissions)
Exemple #10
0
    def test_role_account_acls(self):
        """
            Test to check role, role permissions and account life cycles
        """
        apiConfig = self.testdata['apiConfig']
        for api, perm in apiConfig.items():
            testdata = self.testdata['rolepermission']
            testdata['roleid'] = self.role.id
            testdata['rule'] = api
            testdata['permission'] = perm.lower()

            RolePermission.create(self.apiclient, testdata)

        userApiClient = self.getUserApiClient(self.account.name,
                                              domain=self.account.domain,
                                              role_type=self.account.roletype)

        # Perform listApis check
        self.checkApiAvailability(apiConfig, userApiClient)

        # Perform actual API call for allow API
        self.checkApiCall(apiConfig, userApiClient)
    def test_role_account_acls(self):
        """
            Test to check role, role permissions and account life cycles
        """
        apiConfig = self.testdata['apiConfig']
        for api, perm in apiConfig.items():
            testdata = self.testdata['rolepermission']
            testdata['roleid'] = self.role.id
            testdata['rule'] = api
            testdata['permission'] = perm.lower()

            RolePermission.create(
                self.apiclient,
                testdata
            )

        userApiClient = self.getUserApiClient(self.account.name, domain=self.account.domain, role_type=self.account.roletype)

        # Perform listApis check
        self.checkApiAvailability(apiConfig, userApiClient)

        # Perform actual API call for allow API
        self.checkApiCall(apiConfig, userApiClient)