def test_get_hierarchy_as_list(self): project = fixtures.Project(self.client, self.test_domain.id, parent=self.test_project.id) self.useFixture(project) child_project = fixtures.Project(self.client, self.test_domain.id, parent=project.id) self.useFixture(child_project) # Only parents and subprojects that the current user has role # assingments on are returned when asked for subtree_as_list and # parents_as_list. role = fixtures.Role(self.client) self.useFixture(role) self.client.roles.grant(role.id, user=self.user_id, project=self.test_project.id) self.client.roles.grant(role.id, user=self.user_id, project=project.id) self.client.roles.grant(role.id, user=self.user_id, project=child_project.id) project_ret = self.client.projects.get(project.id, subtree_as_list=True, parents_as_list=True) self.check_project(project_ret, project.ref) self.assertItemsEqual([{ 'project': self.test_project.entity.to_dict() }], project_ret.parents) self.assertItemsEqual([{ 'project': child_project.entity.to_dict() }], project_ret.subtree)
def test_update_role_name(self): role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) new_name = fixtures.RESOURCE_NAME_PREFIX + uuid.uuid4().hex role_ret = self.client.roles.update(role.id, name=new_name) role.ref.update({'name': new_name}) self.check_role(role_ret, role.ref)
def test_update_role_domain(self): role = fixtures.Role(self.client) self.useFixture(role) domain = fixtures.Domain(self.client) self.useFixture(domain) new_domain = domain.id role_ret = self.client.roles.update(role.id, domain=new_domain) role.ref.update({'domain': new_domain}) self.check_role(role_ret, role.ref)
def test_list_roles(self): global_role = fixtures.Role(self.client) self.useFixture(global_role) domain = fixtures.Domain(self.client) self.useFixture(domain) domain_role = fixtures.Role(self.client, domain=domain.id) self.useFixture(domain_role) global_roles = self.client.roles.list() domain_roles = self.client.roles.list(domain_id=domain.id) roles = global_roles + domain_roles # All roles are valid for role in roles: self.check_role(role) self.assertIn(global_role.entity, global_roles) self.assertIn(domain_role.entity, domain_roles)
def test_group_project_grant_and_revoke(self): group = fixtures.Group(self.client, self.project_domain_id) self.useFixture(group) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) self.client.roles.grant(role, group=group.id, project=project.id) roles_after_grant = self.client.roles.list(group=group.id, project=project.id) self.assertItemsEqual(roles_after_grant, [role.entity]) self.client.roles.revoke(role, group=group.id, project=project.id) roles_after_revoke = self.client.roles.list(group=group.id, project=project.id) self.assertEqual(roles_after_revoke, [])
def test_user_project_grant_and_revoke(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) self.client.roles.grant(role, user=user.id, project=project.id) roles_after_grant = self.client.roles.list(user=user.id, project=project.id) self.assertItemsEqual(roles_after_grant, [role.entity]) self.client.roles.revoke(role, user=user.id, project=project.id) roles_after_revoke = self.client.roles.list(user=user.id, project=project.id) self.assertEqual(roles_after_revoke, [])
def test_group_domain_grant_and_revoke(self): group = fixtures.Group(self.client, self.project_domain_id) self.useFixture(group) domain = fixtures.Domain(self.client) self.useFixture(domain) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) self.client.roles.grant(role, group=group.id, domain=domain.id) roles_after_grant = self.client.roles.list(group=group.id, domain=domain.id) self.assertCountEqual(roles_after_grant, [role.entity]) self.client.roles.revoke(role, group=group.id, domain=domain.id) roles_after_revoke = self.client.roles.list(group=group.id, domain=domain.id) self.assertEqual(roles_after_revoke, [])
def test_user_domain_grant_and_revoke(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) domain = fixtures.Domain(self.client) self.useFixture(domain) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) self.client.roles.grant(role, user=user.id, domain=domain.id) roles_after_grant = self.client.roles.list(user=user.id, domain=domain.id) self.assertCountEqual(roles_after_grant, [role.entity]) self.client.roles.revoke(role, user=user.id, domain=domain.id) roles_after_revoke = self.client.roles.list(user=user.id, domain=domain.id) self.assertEqual(roles_after_revoke, [])
def test_grant_role_invalid_params(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) # Only grant role to a group on a resource. # Domain or project must be specified. self.assertRaises(exceptions.ValidationError, self.client.roles.grant, role.id, user=user.id) group = fixtures.Group(self.client, self.project_domain_id) self.useFixture(group) # Only grant role to a group on a resource. # Domain or project must be specified. self.assertRaises(exceptions.ValidationError, self.client.roles.grant, role.id, group=group.id)
def create_roles(self): for role_def in role_defs: role = fixtures.Role(self.client, name=role_def) self.useFixture(role)
def test_get_role(self): role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) role_ret = self.client.roles.get(role.id) self.check_role(role_ret, role.ref)