def test_rolepermission_lifecycle_create(self):
"""
Tests creation of role permission
"""
# Reuse self.rolepermission created in setUp()
try:
rolepermission = RolePermission.create(
self.apiclient, self.testdata["rolepermission"])
self.fail(
"An exception was expected when creating duplicate role permissions"
)
except CloudstackAPIException:
pass
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.assertEqual(isinstance(list_rolepermissions, list), True,
"List rolepermissions response was not a valid list")
self.assertNotEqual(len(list_rolepermissions), 0,
"List rolepermissions response was empty")
self.assertEqual(
list_rolepermissions[0].rule,
self.testdata["rolepermission"]["rule"],
msg="Role permission rule does not match the test data")
self.assertEqual(
list_rolepermissions[0].permission,
self.testdata["rolepermission"]["permission"],
msg="Role permission permission-type does not match the test data")
def test_rolepermission_lifecycle_concurrent_updates(self):
"""
Tests concurrent order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(self.apiclient, data)
self.cleanup.append(permission)
permissions.append(permission)
# The following rule is considered to be created by another mgmt server
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = "someRule*"
permission = RolePermission.create(self.apiclient, data)
self.cleanup.append(permission)
shuffle(permissions)
try:
permission.update(self.apiclient,
ruleorder=",".join(
map(lambda x: x.id, permissions)))
self.fail(
"Reordering should fail in case of concurrent updates by other user"
)
except CloudstackAPIException:
pass
def test_rolepermission_lifecycle_create(self):
"""
Tests creation of role permission
"""
# Reuse self.rolepermission created in setUp()
try:
rolepermission = RolePermission.create(
self.apiclient,
self.testdata["rolepermission"]
)
self.fail("An exception was expected when creating duplicate role permissions")
except CloudstackAPIException: pass
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
isinstance(list_rolepermissions, list),
True,
"List rolepermissions response was not a valid list"
)
self.assertNotEqual(
len(list_rolepermissions),
0,
"List rolepermissions response was empty"
)
self.assertEqual(
list_rolepermissions[0].rule,
self.testdata["rolepermission"]["rule"],
msg="Role permission rule does not match the test data"
)
self.assertEqual(
list_rolepermissions[0].permission,
self.testdata["rolepermission"]["permission"],
msg="Role permission permission-type does not match the test data"
)
def test_rolepermission_lifecycle_concurrent_updates(self):
"""
Tests concurrent order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
permissions.append(permission)
# The following rule is considered to be created by another mgmt server
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = "someRule*"
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
shuffle(permissions)
try:
permission.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
self.fail("Reordering should fail in case of concurrent updates by other user")
except CloudstackAPIException: pass
def test_rolepermission_lifecycle_update_permission(self):
"""
Tests update of Allow to Deny permission of a rule
"""
permissions = [self.rolepermission]
rule = permissions.pop(0)
rule.update(self.apiclient, ruleid=rule.id, permission='deny')
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.assertEqual(
list_rolepermissions[0].permission,
'deny',
msg=
"List of role permissions do not match created list of permissions"
)
rule.update(self.apiclient, ruleid=rule.id, permission='allow')
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.assertEqual(
list_rolepermissions[0].permission,
'allow',
msg=
"List of role permissions do not match created list of permissions"
)
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.testdata = TestData().testdata
feature_enabled = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
if not feature_enabled:
self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")
self.testdata["role"]["name"] += self.getRandomString()
self.role = Role.create(
self.apiclient,
self.testdata["role"]
)
self.testdata["rolepermission"]["roleid"] = self.role.id
self.rolepermission = RolePermission.create(
self.apiclient,
self.testdata["rolepermission"]
)
self.account = Account.create(
self.apiclient,
self.testdata["account"],
roleid=self.role.id
)
self.cleanup = [
self.account,
self.rolepermission,
self.role
]
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.testdata = TestData().testdata
feature_enabled = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
if not feature_enabled:
self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")
self.testdata["role"]["name"] += self.getRandomString()
self.role = Role.create(
self.apiclient,
self.testdata["role"]
)
self.testdata["rolepermission"]["roleid"] = self.role.id
self.rolepermission = RolePermission.create(
self.apiclient,
self.testdata["rolepermission"]
)
self.account = Account.create(
self.apiclient,
self.testdata["account"],
roleid=self.role.id
)
self.cleanup = [
self.account,
self.rolepermission,
self.role
]
def test_role_lifecycle_clone(self):
"""
Tests create role from existing role
"""
# Use self.role created in setUp()
role_to_be_cloned = {
"name": "MarvinFake Clone Role ",
"roleid": self.role.id,
"description": "Fake Role cloned by Marvin test"
}
try:
role_cloned = Role.create(self.apiclient, role_to_be_cloned)
self.cleanup.append(role_cloned)
except CloudstackAPIException as e:
self.fail("Failed to create the role: %s" % e)
list_role_cloned = Role.list(self.apiclient, id=role_cloned.id)
self.assertEqual(isinstance(list_role_cloned, list), True,
"List Roles response was not a valid list")
self.assertEqual(len(list_role_cloned), 1,
"List Roles response size was not 1")
self.assertEqual(list_role_cloned[0].name,
role_to_be_cloned["name"],
msg="Role name does not match the test data")
self.assertEqual(list_role_cloned[0].type,
self.testdata["role"]["type"],
msg="Role type does not match the test data")
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.validate_permissions_list(list_rolepermissions, role_cloned.id)
def test_rolepermission_lifecycle_update(self):
"""
Tests order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
permissions.append(permission)
# Move last item to the top
rule = permissions.pop(len(permissions)-1)
permissions = [rule] + permissions
rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
self.validate_permissions_list(permissions, self.role.id)
# Move to the bottom
rule = permissions.pop(0)
permissions = permissions + [rule]
rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
self.validate_permissions_list(permissions, self.role.id)
# Random shuffles
for _ in range(3):
shuffle(permissions)
rule.update(self.apiclient, ruleorder=",".join([x.id for x in permissions]))
self.validate_permissions_list(permissions, self.role.id)
def test_rolepermission_lifecycle_update(self):
"""
Tests order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(self.apiclient, data)
self.cleanup.append(permission)
permissions.append(permission)
def validate_permissions_list(permissions):
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.assertEqual(
len(list_rolepermissions),
len(permissions),
msg=
"List of role permissions do not match created list of permissions"
)
for idx, rolepermission in enumerate(list_rolepermissions):
self.assertEqual(
rolepermission.rule,
permissions[idx].rule,
msg=
"Rule permission don't match with expected item at the index"
)
self.assertEqual(
rolepermission.permission,
permissions[idx].permission,
msg=
"Rule permission don't match with expected item at the index"
)
# Move last item to the top
rule = permissions.pop(len(permissions) - 1)
permissions = [rule] + permissions
rule.update(self.apiclient,
ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Move to the bottom
rule = permissions.pop(0)
permissions = permissions + [rule]
rule.update(self.apiclient,
ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Random shuffles
for _ in range(3):
shuffle(permissions)
rule.update(self.apiclient,
ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
def test_rolepermission_lifecycle_delete(self):
"""
Tests deletion of role permission
"""
permission = self.cleanup.pop(1)
permission.delete(self.apiclient)
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=self.role.id)
self.assertEqual(list_rolepermissions, None,
"List rolepermissions response should be empty")
def test_rolepermission_lifecycle_update(self):
"""
Tests order updation of role permission
"""
permissions = [self.rolepermission]
rules = ['list*', '*Vol*', 'listCapabilities']
for rule in rules:
data = copy.deepcopy(self.testdata["rolepermission"])
data['rule'] = rule
permission = RolePermission.create(
self.apiclient,
data
)
self.cleanup.append(permission)
permissions.append(permission)
def validate_permissions_list(permissions):
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
len(list_rolepermissions),
len(permissions),
msg="List of role permissions do not match created list of permissions"
)
for idx, rolepermission in enumerate(list_rolepermissions):
self.assertEqual(
rolepermission.rule,
permissions[idx].rule,
msg="Rule permission don't match with expected item at the index"
)
self.assertEqual(
rolepermission.permission,
permissions[idx].permission,
msg="Rule permission don't match with expected item at the index"
)
# Move last item to the top
rule = permissions.pop(len(permissions)-1)
permissions = [rule] + permissions
rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Move to the bottom
rule = permissions.pop(0)
permissions = permissions + [rule]
rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
# Random shuffles
for _ in range(3):
shuffle(permissions)
rule.update(self.apiclient, ruleorder=",".join(map(lambda x: x.id, permissions)))
validate_permissions_list(permissions)
def test_rolepermission_lifecycle_delete(self):
"""
Tests deletion of role permission
"""
permission = self.cleanup.pop(1)
permission.delete(self.apiclient)
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
list_rolepermissions,
None,
"List rolepermissions response should be empty"
)
def test_role_account_acls(self):
"""
Test to check role, role permissions and account life cycles
"""
apiConfig = self.testdata['apiConfig']
for api, perm in apiConfig.items():
testdata = self.testdata['rolepermission']
testdata['roleid'] = self.role.id
testdata['rule'] = api
testdata['permission'] = perm.lower()
RolePermission.create(self.apiclient, testdata)
userApiClient = self.getUserApiClient(self.account.name,
domain=self.account.domain,
role_type=self.account.roletype)
# Perform listApis check
self.checkApiAvailability(apiConfig, userApiClient)
# Perform actual API call for allow API
self.checkApiCall(apiConfig, userApiClient)
def test_rolepermission_lifecycle_list(self):
"""
Tests listing of default role's permission
"""
for idx in range(1, 5):
list_rolepermissions = RolePermission.list(self.apiclient,
roleid=idx)
self.assertEqual(
isinstance(list_rolepermissions, list), True,
"List rolepermissions response was not a valid list")
self.assertTrue(
len(list_rolepermissions) > 0,
"List rolepermissions response was empty")
def test_role_account_acls(self):
"""
Test to check role, role permissions and account life cycles
"""
apiConfig = self.testdata['apiConfig']
for api, perm in apiConfig.items():
testdata = self.testdata['rolepermission']
testdata['roleid'] = self.role.id
testdata['rule'] = api
testdata['permission'] = perm.lower()
RolePermission.create(
self.apiclient,
testdata
)
userApiClient = self.getUserApiClient(self.account.name, domain=self.account.domain, role_type=self.account.roletype)
# Perform listApis check
self.checkApiAvailability(apiConfig, userApiClient)
# Perform actual API call for allow API
self.checkApiCall(apiConfig, userApiClient)
def test_rolepermission_lifecycle_update_permission(self):
"""
Tests update of Allow to Deny permission of a rule
"""
permissions = [self.rolepermission]
rule = permissions.pop(0)
rule.update(self.apiclient, ruleid=rule.id, permission='deny')
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
list_rolepermissions[0].permission,
'deny',
msg="List of role permissions do not match created list of permissions"
)
rule.update(self.apiclient, ruleid=rule.id, permission='allow')
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
list_rolepermissions[0].permission,
'allow',
msg="List of role permissions do not match created list of permissions"
)
def test_rolepermission_lifecycle_list(self):
"""
Tests listing of default role's permission
"""
for idx in range(1,5):
list_rolepermissions = RolePermission.list(self.apiclient, roleid=idx)
self.assertEqual(
isinstance(list_rolepermissions, list),
True,
"List rolepermissions response was not a valid list"
)
self.assertTrue(
len(list_rolepermissions) > 0,
"List rolepermissions response was empty"
)
def validate_permissions_list(permissions):
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
len(list_rolepermissions),
len(permissions),
msg="List of role permissions do not match created list of permissions"
)
for idx, rolepermission in enumerate(list_rolepermissions):
self.assertEqual(
rolepermission.rule,
permissions[idx].rule,
msg="Rule permission don't match with expected item at the index"
)
self.assertEqual(
rolepermission.permission,
permissions[idx].permission,
msg="Rule permission don't match with expected item at the index"
)
def validate_permissions_list(permissions):
list_rolepermissions = RolePermission.list(self.apiclient, roleid=self.role.id)
self.assertEqual(
len(list_rolepermissions),
len(permissions),
msg="List of role permissions do not match created list of permissions"
)
for idx, rolepermission in enumerate(list_rolepermissions):
self.assertEqual(
rolepermission.rule,
permissions[idx].rule,
msg="Rule permission don't match with expected item at the index"
)
self.assertEqual(
rolepermission.permission,
permissions[idx].permission,
msg="Rule permission don't match with expected item at the index"
)
