def setUp(self): """Setup for v3 Cloud Policy Sample Test Cases. The following data is created: - Three domains: A, B and admin_domain, and one project - DomainA has users: domain_admin and just_a_user. domain_admin has role 'admin', just_a_user does not - admin_domain has user cloud_admin, with a plain role - domain_admin and just_a_user gave the same roles on the project We test various api protection rules from the cloud sample policy file to make sure the sample is valid and that we correctly enforce it. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestv3CloudPolicySample, self).setUp() # Finally, switch to the v3 sample policy file self.orig_policy_file = CONF.policy_file self.addCleanup(self.opt, policy_file=self.orig_policy_file) # TODO(blk-u): Resetting the conf setting is probably unnecessary since # TestCase does it. self.addCleanup(rules.reset) rules.reset() self.opt(policy_file=tests.dirs.etc('policy.v3cloudsample.json'))
def setUp(self): super(PolicyFileTestCase, self).setUp() self.orig_policy_file = CONF.policy_file rules.reset() _unused, self.tmpfilename = tempfile.mkstemp() self.opt(policy_file=self.tmpfilename) self.target = {}
def setUp(self): super(PolicyTestCase, self).setUp() rules.reset() self.addCleanup(rules.reset) # NOTE(vish): preload rules to circumvent reloading from file rules.init() self.rules = { "true": [], "example:allowed": [], "example:denied": [["false:false"]], "example:get_http": [["http:http://www.example.com"]], "example:my_file": [["role:compute_admin"], ["project_id:%(project_id)s"]], "example:early_and_fail": [["false:false", "rule:true"]], "example:early_or_success": [["rule:true"], ["false:false"]], "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]], "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]], } # NOTE(vish): then overload underlying policy engine self._set_rules() self.credentials = {} self.target = {} fixture = self.useFixture(moxstubout.MoxStubout()) self.stubs = fixture.stubs
def setUp(self): """Setup for Identity Protection Test Cases. As well as the usual housekeeping, create a set of domains, users, roles and projects for the subsequent tests: - Three domains: A,B & C. C is disabled. - DomainA has user1, DomainB has user2 and user3 - DomainA has group1 and group2, DomainB has group3 - User1 has two roles on DomainA - User2 has one role on DomainA Remember that there will also be a fourth domain in existence, the default domain. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestProtectedCase, self).setUp() # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies self.addCleanup(rules.reset) rules.reset() self.tempfile = self.useFixture(temporaryfile.SecureTempFile()) self.tmpfilename = self.tempfile.file_name self.config_fixture.config(policy_file=self.tmpfilename) # A default auth request we can use - un-scoped user token self.auth = self.build_authentication_request( user_id=self.user1['id'], password=self.user1['password'])
def setUp(self): """Setup for v3 Cloud Policy Sample Test Cases. The following data is created: - Three domains: domainA, domainB and admin_domain - One project, which name is 'project' - domainA has three users: domain_admin_user, project_admin_user and just_a_user: - domain_admin_user has role 'admin' on domainA, - project_admin_user has role 'admin' on the project, - just_a_user has a non-admin role on both domainA and the project. - admin_domain has user cloud_admin_user, with an 'admin' role on admin_domain. We test various api protection rules from the cloud sample policy file to make sure the sample is valid and that we correctly enforce it. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestv3CloudPolicySample, self).setUp() # Finally, switch to the v3 sample policy file self.addCleanup(rules.reset) rules.reset() self.config_fixture.config( policy_file=tests.dirs.etc('policy.v3cloudsample.json'))
def setUp(self): super(PolicyTestCase, self).setUp() rules.reset() # NOTE(vish): preload rules to circumvent reloading from file rules.init() self.rules = { "true": [], "example:allowed": [], "example:denied": [["false:false"]], "example:get_http": [["http:http://www.example.com"]], "example:my_file": [["role:compute_admin"], ["project_id:%(project_id)s"]], "example:early_and_fail": [["false:false", "rule:true"]], "example:early_or_success": [["rule:true"], ["false:false"]], "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]], "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]], } # NOTE(vish): then overload underlying policy engine self._set_rules() self.credentials = {} self.target = {} fixture = self.useFixture(moxstubout.MoxStubout()) self.stubs = fixture.stubs
def setUp(self): super(DefaultPolicyTestCase, self).setUp() rules.reset() rules.init() self.rules = {"default": [], "example:exist": [["false:false"]]} self._set_rules("default") self.credentials = {}
def setUp(self): super(DefaultPolicyTestCase, self).setUp() rules.reset() rules.init() self.rules = {"default": [], "example:exist": [["false:false"]]} self._set_rules('default') self.credentials = {}
def setUp(self): super(PolicyFileTestCase, self).setUp() rules.reset() self.addCleanup(rules.reset) _unused, self.tmpfilename = tempfile.mkstemp() self.opt(policy_file=self.tmpfilename) self.target = {}
def setUp(self): super(IdentityTestProtectedCase, self).setUp() # Start by creating a couple of domains self.domainA = self.new_domain_ref() domainA_ref = self.identity_api.create_domain(self.domainA['id'], self.domainA) self.domainB = self.new_domain_ref() domainB_ref = self.identity_api.create_domain(self.domainB['id'], self.domainB) # Now create some users, one in domainA and two of them in domainB self.user1 = self.new_user_ref( domain_id=self.domainA['id']) self.user1['password'] = uuid.uuid4().hex user_ref = self.identity_api.create_user(self.user1['id'], self.user1) self.user2 = self.new_user_ref( domain_id=self.domainB['id']) self.user2['password'] = uuid.uuid4().hex user_ref = self.identity_api.create_user(self.user2['id'], self.user2) self.user3 = self.new_user_ref( domain_id=self.domainB['id']) self.user3['password'] = uuid.uuid4().hex user_ref = self.identity_api.create_user(self.user3['id'], self.user3) self.project = self.new_project_ref( domain_id=self.domainA['id']) project_ref = self.identity_api.create_project(self.project['id'], self.project) self.role = self.new_role_ref() self.identity_api.create_role(self.role['id'], self.role) self.identity_api.add_role_to_user_and_project(self.user1['id'], self.project['id'], self.role['id']) self.identity_api.create_grant(self.role['id'], user_id=self.user1['id'], domain_id=self.domainA['id']) # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies self.orig_policy_file = CONF.policy_file rules.reset() _unused, self.tmpfilename = tempfile.mkstemp() self.opt(policy_file=self.tmpfilename) # A default auth request we can use - un-scoped user token self.auth = {} self.auth['identity'] = {'methods': []} self.auth['identity']['methods'].append('password') self.auth['identity']['password'] = {'user': {}} self.auth['identity']['password']['user']['id'] = ( self.user1['id']) self.auth['identity']['password']['user']['password'] = ( self.user1['password']) self.auth = {'auth': self.auth}
def tearDown(self): self.teardown_database() self.remove_generated_paste_config() # need to reset the plug-ins auth.controllers.AUTH_METHODS = {} #drop the policy rules CONF.reset() rules.reset() super(RestfulTestCase, self).tearDown()
def setUp(self): # self.tmpfilename should exist before setUp super is called # this is to ensure it is available for the config_fixture in # the config_overrides call. _unused, self.tmpfilename = tempfile.mkstemp() super(PolicyFileTestCase, self).setUp() rules.reset() self.addCleanup(rules.reset) self.target = {}
def setUp(self): # self.tmpfilename should exist before setUp super is called # this is to ensure it is available for the config_fixture in # the config_overrides call. self.tempfile = self.useFixture(temporaryfile.SecureTempFile()) self.tmpfilename = self.tempfile.file_name super(PolicyFileTestCase, self).setUp() rules.reset() self.addCleanup(rules.reset) self.target = {}
def tearDown(self): self.public_server.kill() self.admin_server.kill() self.public_server = None self.admin_server = None sql_util.teardown_test_database() # need to reset the plug-ins auth.controllers.AUTH_METHODS = {} #drop the policy rules CONF.reset() rules.reset()
def setUp(self): super(PolicyFileTestCase, self).setUp() self.orig_policy_file = CONF.policy_file # TODO(blk-u): Resetting the conf value here is probably unnecessary # since TestCase clears conf. self.addCleanup(self.opt, policy_file=self.orig_policy_file) rules.reset() self.addCleanup(rules.reset) _unused, self.tmpfilename = tempfile.mkstemp() self.opt(policy_file=self.tmpfilename) self.target = {}
def setUp(self): """Setup for Identity Filter Test Cases.""" super(IdentityTestFilteredCase, self).setUp() # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies self.orig_policy_file = CONF.policy_file rules.reset() _unused, self.tmpfilename = tempfile.mkstemp() self.opt(policy_file=self.tmpfilename) #drop the policy rules self.addCleanup(rules.reset)
def setUp(self): """Setup for Identity Filter Test Cases.""" super(IdentityTestFilteredCase, self).setUp() # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies self.orig_policy_file = CONF.policy_file rules.reset() self.tempfile = self.useFixture(temporaryfile.SecureTempFile()) self.tmpfilename = self.tempfile.file_name self.config_fixture.config(policy_file=self.tmpfilename) # drop the policy rules self.addCleanup(rules.reset)
def setUp(self): super(DefaultPolicyTestCase, self).setUp() rules.reset() rules.init() self.rules = {"default": [], "example:exist": [["false:false"]]} self._set_rules('default') self.credentials = {} # FIXME(gyee): latest Oslo policy Enforcer class reloads the rules in # its enforce() method even though rules has been initialized via # set_rules(). To make it easier to do our tests, we're going to # monkeypatch load_roles() so it does nothing. This seem like a bug in # Oslo policy as we shoudn't have to reload the rules if they have # already been set using set_rules(). self._old_load_rules = rules._ENFORCER.load_rules setattr(rules._ENFORCER, 'load_rules', lambda *args, **kwargs: None)
def setUp(self, app_conf='keystone'): """Setup for v3 Restful Test Cases.""" new_paste_file = self.generate_paste_config() self.addCleanup(self.remove_generated_paste_config) if new_paste_file: app_conf = 'config:%s' % (new_paste_file) super(RestfulTestCase, self).setUp(app_conf=app_conf) self.empty_context = {'environment': {}} # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies rules.reset() # drop the policy rules self.addCleanup(rules.reset)
def setUp(self): super(DefaultPolicyTestCase, self).setUp() rules.reset() self.addCleanup(rules.reset) rules.init() self.rules = {"default": [], "example:exist": [["false:false"]]} self._set_rules("default") self.credentials = {} # FIXME(gyee): latest Oslo policy Enforcer class reloads the rules in # its enforce() method even though rules has been initialized via # set_rules(). To make it easier to do our tests, we're going to # monkeypatch load_roles() so it does nothing. This seem like a bug in # Oslo policy as we shoudn't have to reload the rules if they have # already been set using set_rules(). self._old_load_rules = rules._ENFORCER.load_rules self.addCleanup(setattr, rules._ENFORCER, "load_rules", self._old_load_rules) setattr(rules._ENFORCER, "load_rules", lambda *args, **kwargs: None)
def setUp(self, app_conf='keystone'): """Setup for v3 Restful Test Cases. """ new_paste_file = self.generate_paste_config() self.addCleanup(self.remove_generated_paste_config) if new_paste_file: app_conf = 'config:%s' % (new_paste_file) super(RestfulTestCase, self).setUp(app_conf=app_conf) self.empty_context = {'environment': {}} # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies rules.reset() # drop the policy rules self.addCleanup(rules.reset)
def setUp(self, app_conf='keystone'): super(RestfulTestCase, self).setUp() # Will need to reset the plug-ins self.addCleanup(setattr, auth_controllers, 'AUTH_METHODS', {}) self.useFixture(database.Database(self.sql_driver_version_overrides)) self.load_backends() self.load_fixtures(default_fixtures) self.public_app = webtest.TestApp(self.loadapp(app_conf, name='main')) self.addCleanup(delattr, self, 'public_app') self.admin_app = webtest.TestApp(self.loadapp(app_conf, name='admin')) self.addCleanup(delattr, self, 'admin_app') # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies rules.reset() # drop the policy rules self.addCleanup(rules.reset)
def setUp(self): super(PolicyTestCase, self).setUp() rules.reset() # NOTE(vish): preload rules to circumvent reloading from file rules.init() brain = { "true": [], "example:allowed": [], "example:denied": [["false:false"]], "example:get_http": [["http:http://www.example.com"]], "example:my_file": [["role:compute_admin"], ["project_id:%(project_id)s"]], "example:early_and_fail": [["false:false", "rule:true"]], "example:early_or_success": [["rule:true"], ["false:false"]], "example:lowercase_admin": [["role:admin"], ["role:sysadmin"]], "example:uppercase_admin": [["role:ADMIN"], ["role:sysadmin"]], } # NOTE(vish): then overload underlying brain common_policy.set_brain(common_policy.HttpBrain(brain)) self.credentials = {} self.target = {}
def setUp(self): rules.reset() self.config([ test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_sql.conf'), test.testsdir('backend_sql_disk.conf')]) sql_util.setup_test_database() self.load_backends() self.domain_id = uuid.uuid4().hex self.domain = self.new_domain_ref() self.domain['id'] = self.domain_id self.identity_api.create_domain(self.domain_id, self.domain) self.project_id = uuid.uuid4().hex self.project = self.new_project_ref( domain_id=self.domain_id) self.project['id'] = self.project_id self.identity_api.create_project(self.project_id, self.project) self.user_id = uuid.uuid4().hex self.user = self.new_user_ref( domain_id=self.domain_id, project_id=self.project_id) self.user['id'] = self.user_id self.identity_api.create_user(self.user_id, self.user) # create & grant policy.json's default role for admin_required self.role_id = uuid.uuid4().hex self.role = self.new_role_ref() self.role['id'] = self.role_id self.role['name'] = 'admin' self.identity_api.create_role(self.role_id, self.role) self.identity_api.add_role_to_user_and_project( self.user_id, self.project_id, self.role_id) self.public_server = self.serveapp('keystone', name='main') self.admin_server = self.serveapp('keystone', name='admin')
def setUp(self, app_conf='keystone'): super(RestfulTestCase, self).setUp() # Will need to reset the plug-ins self.addCleanup(setattr, auth_controllers, 'AUTH_METHODS', {}) self.useFixture(database.Database(self.sql_driver_version_overrides)) self.load_backends() self.load_fixtures(default_fixtures) self.public_app = webtest.TestApp( self.loadapp(app_conf, name='main')) self.addCleanup(delattr, self, 'public_app') self.admin_app = webtest.TestApp( self.loadapp(app_conf, name='admin')) self.addCleanup(delattr, self, 'admin_app') # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies rules.reset() # drop the policy rules self.addCleanup(rules.reset)
def setUp(self): """Setup for v3 Cloud Policy Sample Test Cases. The following data is created: - Three domains: A, B and admin_domain, and one project - DomainA has users: domain_admin and just_a_user. domain_admin has role 'admin', just_a_user does not - admin_domain has user cloud_admin, with a plain role - domain_admin and just_a_user gave the same roles on the project We test various api protection rules from the cloud sample policy file to make sure the sample is valid and that we correctly enforce it. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestv3CloudPolicySample, self).setUp() # Finally, switch to the v3 sample policy file self.orig_policy_file = CONF.policy_file rules.reset() self.opt(policy_file=tests.dirs.etc('policy.v3cloudsample.json'))
def tearDown(self): super(IdentityTestv3CloudPolicySample, self).tearDown() rules.reset() self.opt(policy_file=self.orig_policy_file)
def tearDown(self): super(DefaultPolicyTestCase, self).setUp() rules.reset()
def setUp(self): """Setup for Identity Protection Test Cases. As well as the usual housekeeping, create a set of domains, users, roles and projects for the subsequent tests: - Three domains: A,B & C. C is disabled. - DomainA has user1, DomainB has user2 and user3 - DomainA has group1 and group2, DomainB has group3 - User1 has a role on DomainA Remember that there will also be a fourth domain in existence, the default domain. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestProtectedCase, self).setUp(load_sample_data=False) # Start by creating a couple of domains self.domainA = self.new_domain_ref() self.identity_api.create_domain(self.domainA['id'], self.domainA) self.domainB = self.new_domain_ref() self.identity_api.create_domain(self.domainB['id'], self.domainB) self.domainC = self.new_domain_ref() self.domainC['enabled'] = False self.identity_api.create_domain(self.domainC['id'], self.domainC) # Now create some users, one in domainA and two of them in domainB self.user1 = self.new_user_ref(domain_id=self.domainA['id']) self.user1['password'] = uuid.uuid4().hex self.identity_api.create_user(self.user1['id'], self.user1) self.user2 = self.new_user_ref(domain_id=self.domainB['id']) self.user2['password'] = uuid.uuid4().hex self.identity_api.create_user(self.user2['id'], self.user2) self.user3 = self.new_user_ref(domain_id=self.domainB['id']) self.user3['password'] = uuid.uuid4().hex self.identity_api.create_user(self.user3['id'], self.user3) self.group1 = self.new_group_ref(domain_id=self.domainA['id']) self.identity_api.create_group(self.group1['id'], self.group1) self.group2 = self.new_group_ref(domain_id=self.domainA['id']) self.identity_api.create_group(self.group2['id'], self.group2) self.group3 = self.new_group_ref(domain_id=self.domainB['id']) self.identity_api.create_group(self.group3['id'], self.group3) self.role = self.new_role_ref() self.identity_api.create_role(self.role['id'], self.role) self.identity_api.create_grant(self.role['id'], user_id=self.user1['id'], domain_id=self.domainA['id']) # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies self.orig_policy_file = CONF.policy_file rules.reset() _unused, self.tmpfilename = tempfile.mkstemp() self.opt(policy_file=self.tmpfilename) # A default auth request we can use - un-scoped user token self.auth = self.build_authentication_request( user_id=self.user1['id'], password=self.user1['password'])
def tearDown(self): super(IdentityTestProtectedCase, self).tearDown() rules.reset() self.opt(policy_file=self.orig_policy_file)
def tearDown(self): super(DefaultPolicyTestCase, self).tearDown() rules._ENFORCER.load_rules = self._old_load_rules rules.reset()
def tearDown(self): super(PolicyFileTestCase, self).tearDown() rules.reset() self.opt(policy_file=self.orig_policy_file)
def setUp(self): super(BasePolicyTestCase, self).setUp() rules.reset() self.addCleanup(rules.reset) self.addCleanup(self.clear_cache_safely)
def setUp(self): """Setup for v3 Cloud Policy Sample Test Cases. The following data is created: - Three domains: A, B and admin_domain, and one project - DomainA has users: domain_admin and just_a_user. domain_admin has role 'admin', just_a_user does not - admin_domain has user cloud_admin, with a plain role - domain_admin and just_a_user gave the same roles on the project We test various api protection rules from the cloud sample policy file to make sure the sample is valid and that we correctly enforce it. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestv3CloudPolicySample, self).setUp( load_sample_data=False) # Start by creating a couple of domains self.domainA = self.new_domain_ref() self.assignment_api.create_domain(self.domainA['id'], self.domainA) self.domainB = self.new_domain_ref() self.assignment_api.create_domain(self.domainB['id'], self.domainB) self.admin_domain = {'id': 'admin_domain_id', 'name': 'Admin_domain'} self.assignment_api.create_domain(self.admin_domain['id'], self.admin_domain) # And our users self.cloud_admin_user = self.new_user_ref( domain_id=self.admin_domain['id']) self.cloud_admin_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.cloud_admin_user['id'], self.cloud_admin_user) self.just_a_user = self.new_user_ref(domain_id=self.domainA['id']) self.just_a_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.just_a_user['id'], self.just_a_user) self.domain_admin_user = self.new_user_ref( domain_id=self.domainA['id']) self.domain_admin_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.domain_admin_user['id'], self.domain_admin_user) self.project_admin_user = self.new_user_ref( domain_id=self.domainA['id']) self.project_admin_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.project_admin_user['id'], self.project_admin_user) # The admin role and another plain role self.admin_role = {'id': uuid.uuid4().hex, 'name': 'admin'} self.assignment_api.create_role(self.admin_role['id'], self.admin_role) self.role = self.new_role_ref() self.assignment_api.create_role(self.role['id'], self.role) # The cloud admin just gets the admin role self.assignment_api.create_grant(self.admin_role['id'], user_id=self.cloud_admin_user['id'], domain_id=self.admin_domain['id']) # Assign roles to the domain self.assignment_api.create_grant(self.admin_role['id'], user_id=self.domain_admin_user['id'], domain_id=self.domainA['id']) self.assignment_api.create_grant(self.role['id'], user_id=self.just_a_user['id'], domain_id=self.domainA['id']) # Create a assign roles to the project self.project = self.new_project_ref(domain_id=self.domainA['id']) self.assignment_api.create_project(self.project['id'], self.project) self.assignment_api.create_grant(self.admin_role['id'], user_id=self.project_admin_user['id'], project_id=self.project['id']) self.assignment_api.create_grant(self.role['id'], user_id=self.just_a_user['id'], project_id=self.project['id']) # Finally, switch to the v3 sample policy file self.orig_policy_file = CONF.policy_file rules.reset() self.opt(policy_file=tests.etcdir('policy.v3cloudsample.json'))
def setUp(self): """Setup for Identity Protection Test Cases. As well as the usual housekeeping, create a set of domains, users, roles and projects for the subsequent tests: - Three domains: A,B & C. C is disabled. - DomainA has user1, DomainB has user2 and user3 - DomainA has group1 and group2, DomainB has group3 - User1 has a role on DomainA Remember that there will also be a fourth domain in existence, the default domain. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestProtectedCase, self).setUp(load_sample_data=False) # Start by creating a couple of domains self.domainA = self.new_domain_ref() domainA_ref = self.identity_api.create_domain(self.domainA['id'], self.domainA) self.domainB = self.new_domain_ref() domainB_ref = self.identity_api.create_domain(self.domainB['id'], self.domainB) self.domainC = self.new_domain_ref() self.domainC['enabled'] = False domainC_ref = self.identity_api.create_domain(self.domainC['id'], self.domainC) # Now create some users, one in domainA and two of them in domainB self.user1 = self.new_user_ref(domain_id=self.domainA['id']) self.user1['password'] = uuid.uuid4().hex user_ref = self.identity_api.create_user(self.user1['id'], self.user1) self.user2 = self.new_user_ref(domain_id=self.domainB['id']) self.user2['password'] = uuid.uuid4().hex user_ref = self.identity_api.create_user(self.user2['id'], self.user2) self.user3 = self.new_user_ref(domain_id=self.domainB['id']) self.user3['password'] = uuid.uuid4().hex user_ref = self.identity_api.create_user(self.user3['id'], self.user3) self.group1 = self.new_group_ref(domain_id=self.domainA['id']) user_ref = self.identity_api.create_group(self.group1['id'], self.group1) self.group2 = self.new_group_ref(domain_id=self.domainA['id']) user_ref = self.identity_api.create_group(self.group2['id'], self.group2) self.group3 = self.new_group_ref(domain_id=self.domainB['id']) user_ref = self.identity_api.create_group(self.group3['id'], self.group3) self.role = self.new_role_ref() self.identity_api.create_role(self.role['id'], self.role) self.identity_api.create_grant(self.role['id'], user_id=self.user1['id'], domain_id=self.domainA['id']) # Initialize the policy engine and allow us to write to a temp # file in each test to create the policies self.orig_policy_file = CONF.policy_file rules.reset() _unused, self.tmpfilename = tempfile.mkstemp() self.opt(policy_file=self.tmpfilename) # A default auth request we can use - un-scoped user token self.auth = self.build_authentication_request( user_id=self.user1['id'], password=self.user1['password'])
def tearDown(self): rules.reset() super(PolicyTestCase, self).tearDown()
def setUp(self): """Setup for v3 Cloud Policy Sample Test Cases. The following data is created: - Three domains: A, B and admin_domain, and one project - DomainA has users: domain_admin and just_a_user. domain_admin has role 'admin', just_a_user does not - admin_domain has user cloud_admin, with a plain role - domain_admin and just_a_user gave the same roles on the project We test various api protection rules from the cloud sample policy file to make sure the sample is valid and that we correctly enforce it. """ # Ensure that test_v3.RestfulTestCase doesn't load its own # sample data, which would make checking the results of our # tests harder super(IdentityTestv3CloudPolicySample, self).setUp(load_sample_data=False) # Start by creating a couple of domains self.domainA = self.new_domain_ref() self.assignment_api.create_domain(self.domainA['id'], self.domainA) self.domainB = self.new_domain_ref() self.assignment_api.create_domain(self.domainB['id'], self.domainB) self.admin_domain = {'id': 'admin_domain_id', 'name': 'Admin_domain'} self.assignment_api.create_domain(self.admin_domain['id'], self.admin_domain) # And our users self.cloud_admin_user = self.new_user_ref( domain_id=self.admin_domain['id']) self.cloud_admin_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.cloud_admin_user['id'], self.cloud_admin_user) self.just_a_user = self.new_user_ref(domain_id=self.domainA['id']) self.just_a_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.just_a_user['id'], self.just_a_user) self.domain_admin_user = self.new_user_ref( domain_id=self.domainA['id']) self.domain_admin_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.domain_admin_user['id'], self.domain_admin_user) self.project_admin_user = self.new_user_ref( domain_id=self.domainA['id']) self.project_admin_user['password'] = uuid.uuid4().hex self.identity_api.create_user(self.project_admin_user['id'], self.project_admin_user) # The admin role and another plain role self.admin_role = {'id': uuid.uuid4().hex, 'name': 'admin'} self.assignment_api.create_role(self.admin_role['id'], self.admin_role) self.role = self.new_role_ref() self.assignment_api.create_role(self.role['id'], self.role) # The cloud admin just gets the admin role self.assignment_api.create_grant(self.admin_role['id'], user_id=self.cloud_admin_user['id'], domain_id=self.admin_domain['id']) # Assign roles to the domain self.assignment_api.create_grant(self.admin_role['id'], user_id=self.domain_admin_user['id'], domain_id=self.domainA['id']) self.assignment_api.create_grant(self.role['id'], user_id=self.just_a_user['id'], domain_id=self.domainA['id']) # Create a assign roles to the project self.project = self.new_project_ref(domain_id=self.domainA['id']) self.assignment_api.create_project(self.project['id'], self.project) self.assignment_api.create_grant(self.admin_role['id'], user_id=self.project_admin_user['id'], project_id=self.project['id']) self.assignment_api.create_grant(self.role['id'], user_id=self.just_a_user['id'], project_id=self.project['id']) # Finally, switch to the v3 sample policy file self.orig_policy_file = CONF.policy_file rules.reset() self.opt(policy_file=tests.etcdir('policy.v3cloudsample.json'))
def tearDown(self): super(PolicyFileTestCase, self).tearDown() rules.reset()