def test_user_can_get_an_identity_provider(self):
idp = PROVIDERS.federation_api.create_idp(
uuid.uuid4().hex, unit.new_identity_provider_ref())
with self.test_client() as c:
c.get('/v3/OS-FEDERATION/identity_providers/%s' % idp['id'],
headers=self.headers)
def test_user_cannot_delete_identity_providers(self):
idp = PROVIDERS.federation_api.create_idp(
uuid.uuid4().hex, unit.new_identity_provider_ref())
with self.test_client() as c:
c.delete('/v3/OS-FEDERATION/identity_providers/%s' % idp['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_can_update_identity_providers(self):
idp = PROVIDERS.federation_api.create_idp(
uuid.uuid4().hex, unit.new_identity_provider_ref())
update = {'identity_provider': {'enabled': False}}
with self.test_client() as c:
c.patch('/v3/OS-FEDERATION/identity_providers/%s' % idp['id'],
json=update,
headers=self.headers)
def _create_protocol_and_deps(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref())
protocol = unit.new_protocol_ref(mapping_id=mapping['id'])
protocol = PROVIDERS.federation_api.create_protocol(
identity_provider['id'], protocol['id'], protocol)
return (protocol, mapping, identity_provider)
def test_user_can_list_identity_providers(self):
expected_idp_ids = []
idp = PROVIDERS.federation_api.create_idp(
uuid.uuid4().hex, unit.new_identity_provider_ref())
expected_idp_ids.append(idp['id'])
with self.test_client() as c:
r = c.get('/v3/OS-FEDERATION/identity_providers',
headers=self.headers)
for idp in r.json['identity_providers']:
self.assertIn(idp['id'], expected_idp_ids)
def _create_protocol_and_deps(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider
)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref()
)
protocol = unit.new_protocol_ref(mapping_id=mapping['id'])
protocol = PROVIDERS.federation_api.create_protocol(
identity_provider['id'], protocol['id'], protocol
)
return (protocol, mapping, identity_provider)
def test_user_cannot_create_protocols(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref())
protocol_id = 'saml2'
create = {'protocol': {'mapping_id': mapping['id']}}
with self.test_client() as c:
path = ('/v3/OS-FEDERATION/identity_providers/%s/protocols/%s' %
(identity_provider['id'], protocol_id))
c.put(path,
json=create,
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_cannot_create_protocols(self):
identity_provider = unit.new_identity_provider_ref()
identity_provider = PROVIDERS.federation_api.create_idp(
identity_provider['id'], identity_provider
)
mapping = PROVIDERS.federation_api.create_mapping(
uuid.uuid4().hex, unit.new_mapping_ref()
)
protocol_id = 'saml2'
create = {'protocol': {'mapping_id': mapping['id']}}
with self.test_client() as c:
path = (
'/v3/OS-FEDERATION/identity_providers/%s/protocols/%s' %
(identity_provider['id'], protocol_id)
)
c.put(
path, json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
