def test_17_deployvm_domaindmin_forcrossdomainuser(self): """ # Validate that Domain admin should not be able allowed to deploy vm for users not in his sub domain """ self.apiclient.connection.apiKey = self.user_d1_apikey self.apiclient.connection.securityKey = self.user_d1_secretkey vmData={"name":"d2a-d1","displayname":"d2a-d1"} try: vm = VirtualMachine.create( self.apiclient, vmData, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, networkids=self.network_d2a.id, accountid=self.account_d2a.name, domainid=self.account_d2a.domainid ) self.fail("Domain admin is allowed to deploy vm for users not in hos domain ") except Exception as e: self.debug ("When Domain admin tries to deploy vm for users in his sub domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): self.fail("Error message validation failed when Domain admin tries to deploy vm for users not in hos domain ")
def test_20_deployvm_user_foruserincrossdomain(self): """ # Validate that Regular user should NOT be able to deploy vm for users in his domain """ self.apiclient.connection.apiKey = self.user_d1a_apikey self.apiclient.connection.securityKey = self.user_d1a_secretkey vmData={"name":"d2a-d1a","displayname":"d2a-d1a"} try: vm = VirtualMachine.create( self.apiclient, vmData, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, networkids=self.network_d2a.id, accountid=self.account_d2a.name, domainid=self.account_d2a.domainid ) self.fail("Regular user is allowed to deploy vm for users not in his domain ") except Exception as e: self.debug ("When user tries to deploy vm for users n different domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): self.fail("Error message validation failed when Regular user tries to deploy vm for users not in his domain ")
def test_deleteNetwork_user_foruserinsamedomain(self): """ Validate that Regular user should NOT be able to delete network for users in their domain """ self.apiclient.connection.apiKey = self.user_d111a_apikey self.apiclient.connection.securityKey = self.user_d111a_secretkey try: response = self.network_d111b.delete(self.apiclient) self._cleanup.remove(self.network_d111b) self.fail("Regular user is allowed to delete network for users in their domain ") except Exception as e: self.debug ("When user tries to delete network for users in their domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): self.fail("Regular user is allowed to delete network for users in their domain ")
def test_deleteNetwork_domaindmin_forcrossdomainuser(self): """ Validate that Domain admin should be able to delete network for users in their sub domain """ self.apiclient.connection.apiKey = self.user_d1_apikey self.apiclient.connection.securityKey = self.user_d1_secretkey try: response = self.network_d2a.delete(self.apiclient) self._cleanup.remove(self.network_d2a) self.fail("Domain admin is allowed to delete network for users not in their domain ") except Exception as e: self.debug ("When Domain admin tries to delete network for user in a different domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): self.fail("Error message validation failed when Domain admin tries to delete network for users not in their domain ")
def test_29_restartNetwork_user_foruserinsamedomain(self): """ #Validate that Regular user should NOT be able to restart network for users in his domain """ self.apiclient.connection.apiKey = self.user_d1a_apikey self.apiclient.connection.securityKey = self.user_d1a_secretkey try: restartResponse = self.network_d1b.restart(self.apiclient) self.fail("Regular user is allowed to restart network for users in his domain ") except Exception as e: self.debug ("When user tries to restart network for users in his domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): self.fail("Error message validation failed when Regular user tries to restart network for users in his domain ")
def test_27_restartNetwork_domaindmin_forcrossdomainuser(self): """ # Validate that Domain admin should be able to restart network for users in his sub domain """ self.apiclient.connection.apiKey = self.user_d1_apikey self.apiclient.connection.securityKey = self.user_d1_secretkey try: restartResponse = self.network_d2a.restart(self.apiclient) self.fail("Domain admin is allowed to restart network for users not in his domain ") except Exception as e: self.debug ("When Domain admin tries to restart network for users in his sub domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): self.fail("Error message validation failed when Domain admin tries to restart network for users not in his domain ")
def test_deleteNetwork_user_foruserinotherdomain(self): """ Validate that Domain admin should be NOT be able to delete network for users in other domains """ self.apiclient.connection.apiKey = self.user_d111a_apikey self.apiclient.connection.securityKey = self.user_d111a_secretkey try: response = self.network_d11b.delete(self.apiclient) self.fail("Regular user is allowed to delete network for users not in his domain ") except Exception as e: self.debug ("When user tries to delete network for users in other domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_ACCOUNT): self.fail("Error message validation failed when Regular user tries to delete network for users not in his domain ")
def test_20_1_deployvm_user_incrossnetwork(self): """ #Validate that User should not be able deploy VM in a network that does not belong to him """ self.apiclient.connection.apiKey = self.user_d11a_apikey self.apiclient.connection.securityKey = self.user_d11a_secretkey vmData={"name":"d11a-invalidnetwork","displayname":"d11a-invalidnetwork"} try: vm = VirtualMachine.create( self.apiclient, vmData, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, networkids=self.network_d11b.id, ) self.fail("User is allowed to deploy VM in a network that does not belong to him ") except Exception as e: self.debug ("When user tries to deploy vm in a network that does not belong to him %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): self.fail("Error message validation failed when User is allowed to deploy VM in a network that does not belong to him ")
def test_07_createNetwork_domaindmin_forcrossdomainuser(self): """ # Validate that Domain admin should not be able to create network for users in his sub domain """ self.apiclient.connection.apiKey = self.user_d1_apikey self.apiclient.connection.securityKey = self.user_d1_secretkey self.acldata["network"]["name"] = "d1_d2a" self.acldata["network"]["displayname"] = "d1_d2a" try: network = Network.create( self.apiclient, self.acldata["network"], networkofferingid=self.isolated_network_offering_id, zoneid=self.zone.id, accountid=self.account_d2a.name, domainid=self.account_d2a.domainid ) self.fail("Domain admin is allowed to create network for users not in his domain ") except Exception as e: self.debug ("When Domain admin tries to create network for users in his sub domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.NO_PERMISSION_TO_OPERATE_DOMAIN): self.fail("Error message validation failed when Domain admin tries to create network for users not in his domain ")
def test_17_1_deployvm_domainadmin_foruserinotherdomain_crossnetwork(self): """ # Validate that Domain admin should not be able deploy VM for a user in a network that does not belong to the user """ self.apiclient.connection.apiKey = self.user_d1_apikey self.apiclient.connection.securityKey = self.user_d1_secretkey vmData={"name":"d1-d11a-invalidnetwork","displayname":"d1-d11a-invalidnetwork"} try: vm = VirtualMachine.create( self.apiclient, vmData, zoneid=self.zone.id, serviceofferingid=self.service_offering.id, templateid=self.template.id, networkids=self.network_d11b.id, accountid=self.account_d11a.name, domainid=self.account_d11a.domainid ) self.fail("Domain admin is allowed to deploy vm for users in a network that does not belong to him ") except Exception as e: self.debug ("When domain admin tries to deploy vm for users in network that does not belong to the user %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_USE_NETWORK): self.fail("Error message validation failed when Domain admin tries to deploy vm for users in a network that does not belong to him ")
def test_10_createNetwork_user_foruserinotherdomain(self): """ # Validate that Domain admin should be NOT be able to create network for users in other domains """ self.apiclient.connection.apiKey = self.user_d1a_apikey self.apiclient.connection.securityKey = self.user_d1a_secretkey self.acldata["network"]["name"] = "d1a_d11a" self.acldata["network"]["displayname"] = "d1a_d11a" try: network = Network.create( self.apiclient, self.acldata["network"], networkofferingid=self.isolated_network_offering_id, zoneid=self.zone.id, accountid=self.account_d11a.name, domainid=self.account_d11a.domainid ) self.fail("User is allowed to create network for users not in his domain ") except Exception as e: self.debug ("When user tries to create network for users in other domain %s" %e) if not CloudstackAclException.verifyMsginException(e,CloudstackAclException.UNABLE_TO_LIST_NETWORK_ACCOUNT): self.fail("Error message validation failed when User tries to create network for users not in his domain ")