def test_deleted_delegate():
# provider deletes delegate
global consumer_id
r = untrusted.delete_rule([{"id": delegate_id}])
assert r['success'] == True
assert r['status_code'] == 200
# deleted delegate cannot do anything
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ['complex']
r = alt_provider.provider_access([req], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 401
r = alt_provider.get_provider_access('*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 401
body = {"id": consumer_id}
r = alt_provider.delete_rule([body], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 401
def test_provider_delete_rule_set_by_delegate():
# provider can delete rules set by delegate
r = untrusted.delete_rule([{"id": ingester_id}])
assert r['success'] == True
assert r['status_code'] == 200
r = alt_provider.delete_rule([{"id": ingester_id}], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
def test_delegate_delete_rules_set_by_self():
# delete rules set by delegate
r = alt_provider.delete_rule([{
"id": onboarder_id
}, {
"id": consumer_id
}], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
def test_multiple_delegates():
# tests with 2 delegates
# make consumer a delegate
req = {"user_email": email, "user_role": 'delegate'}
r = untrusted.provider_access([req])
assert r['success'] == True
assert r['status_code'] == 200
resource_group = ''.join(
random.choice(string.ascii_lowercase) for _ in range(10))
resource_id = provider_id + '/rs.example.com/' + resource_group
req = {
"user_email": email,
"user_role": 'consumer',
"item_id": resource_id,
"item_type": "resourcegroup"
}
req["capabilities"] = ['complex']
r = consumer.provider_access([req], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
# cannot update rule set by other provider
req["capabilities"] = ['subscription']
r = alt_provider.provider_access([req], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
r = consumer.get_provider_access('*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
rules = r['response']
for r in rules:
if r['email'] == email and r[
'role'] == 'consumer' and resource_id == r['item']['cat_id']:
consumer_id = r['id']
# delegate can delete other delegate's rule
body = {"id": consumer_id}
r = alt_provider.delete_rule([body], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
# already deleted
body = {"id": consumer_id}
r = consumer.delete_rule([body], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
# delegate cannot delete delegate rule
r = consumer.delete_rule([{"id": delegate_id}], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
if r['email'] == delegate_email and r['role'] == 'delegate':
delegate_id = r['id']
assert r['item_type'] == 'delegate'
check_del = True
assert check_con == True
assert check_onb == True
assert check_dti == True
assert check_del == True
# deleting rules
# delete rules set by delegate
r = alt_provider.delete_rule([{
"id": onboarder_id
}, {
"id": consumer_id
}], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
# provider can delete rules set by delegate
r = untrusted.delete_rule([{"id": ingester_id}])
assert r['success'] == True
assert r['status_code'] == 200
r = alt_provider.delete_rule([{"id": ingester_id}], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
# delegate can delete rule set by provider
def test_delegate_delete_delegate_rule():
# cannot delete delegate rule
body = {"id": delegate_id}
r = alt_provider.delete_rule([body], '*****@*****.**')
assert r['success'] == False
assert r['status_code'] == 403
def test_delegate_delete_provider_rule():
# delegate can delete rule set by provider
body = {"id": provider_set_consumer_id}
r = alt_provider.delete_rule([body], '*****@*****.**')
assert r['success'] == True
assert r['status_code'] == 200
