diff options
author | Samuel de Medeiros Queiroz <samuel@lsd.ufcg.edu.br> | 2015-02-22 23:05:20 -0300 |
---|---|---|
committer | Samuel de Medeiros Queiroz <samuel@lsd.ufcg.edu.br> | 2015-03-31 22:22:25 -0300 |
commit | 51317c80836ea63e4a6ca39c92c97927e8a9733e (patch) | |
tree | 6704af962a7e59a50bc09133a1c843339c4f3956 | |
parent | 102032597df80b95b3810778353cddde53bec250 (diff) | |
download | keystone-51317c80836ea63e4a6ca39c92c97927e8a9733e.tar.gz |
Exposes bug in Federation list projects endpoint
'/OS-FEDERATION/projects' and '/auth/projects'
API endpoints do not honor project inherited
group role assignments.
This patch exposes this bug and a follow-on patch
will fix it.
Related-Bug: #1424500
Change-Id: Idd6827bc5552192f04de19e8a78fb462bdde380f
-rw-r--r-- | keystone/tests/unit/test_v3_federation.py | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py index 1964ff8e3..d8fb8c054 100644 --- a/keystone/tests/unit/test_v3_federation.py +++ b/keystone/tests/unit/test_v3_federation.py @@ -41,6 +41,7 @@ from keystone.tests.unit import federation_fixtures from keystone.tests.unit import ksfixtures from keystone.tests.unit import mapping_fixtures from keystone.tests.unit import test_v3 +from keystone.tests.unit import utils from keystone.token.providers import common as token_common @@ -2290,6 +2291,45 @@ class FederatedTokenTests(FederationTests, FederatedSetupMixin): self.assertEqual(projects_ref, projects, 'match failed for url %s' % url) + # TODO(samueldmq): Create another test class for role inheritance tests. + # The advantage would be to reduce the complexity of this test class and + # have tests specific to this fuctionality grouped, easing readability and + # maintenability. + @utils.wip('waiting on bug #1424500') + def test_list_projects_for_inherited_project_assignment(self): + # Enable os_inherit extension + self.config_fixture.config(group='os_inherit', enabled=True) + + # Create a subproject + subproject_inherited = self.new_project_ref( + domain_id=self.domainD['id'], + parent_id=self.project_inherited['id']) + self.resource_api.create_project(subproject_inherited['id'], + subproject_inherited) + + # Create an inherited role assignment + self.assignment_api.create_grant( + role_id=self.role_employee['id'], + group_id=self.group_employees['id'], + project_id=self.project_inherited['id'], + inherited_to_projects=True) + + # Define expected projects from employee assertion, which contain + # the created subproject + expected_project_ids = [self.project_all['id'], + self.proj_employees['id'], + subproject_inherited['id']] + + # Assert expected projects for both available URLs + for url in ('/OS-FEDERATION/projects', '/auth/projects'): + r = self.get(url, token=self.tokens['EMPLOYEE_ASSERTION']) + project_ids = [project['id'] for project in r.result['projects']] + + self.assertEqual(len(expected_project_ids), len(project_ids)) + for expected_project_id in expected_project_ids: + self.assertIn(expected_project_id, project_ids, + 'Projects match failed for url %s' % url) + def test_list_domains(self): urls = ('/OS-FEDERATION/domains', '/auth/domains') |