diff options
| author | henriquetruta <henrique@lsd.ufcg.edu.br> | 2015-03-25 11:24:38 -0300 |
|---|---|---|
| committer | Henrique Truta <henrique@lsd.ufcg.edu.br> | 2015-08-06 16:57:32 +0000 |
| commit | 6dae40e7c6c9a4c9c1963e21044269bbd9ec1221 (patch) | |
| tree | 1855d7b03d6a943d4a8cf9edef6b7a16b7a564c2 /keystoneclient/tests | |
| parent | eae8e83f5a7a170b98ef2d74a4ffd9eac7cc47ba (diff) | |
| download | python-keystoneclient-6dae40e7c6c9a4c9c1963e21044269bbd9ec1221.tar.gz | |
Inhrerit roles project calls on keystoneclient v3
This patch allows the user to perform the Inherited roles from projects API calls
through python-keystoneclient.
Assign role to user on projects in a subtree
PUT /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
List user's inherited project roles on project
GET /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/inherited_to_projects
Check if user has an inherited project role on project
HEAD /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revoke an inherited project role from user on project
DELETE /OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
These same operations regarding groups instead of users are also
available.
Change-Id: I8396d80f031726bbd23f2cc2bb302a7691f98cba
Closes-bug: 1446702
Diffstat (limited to 'keystoneclient/tests')
| -rw-r--r-- | keystoneclient/tests/unit/v3/test_roles.py | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/keystoneclient/tests/unit/v3/test_roles.py b/keystoneclient/tests/unit/v3/test_roles.py index 79ac07d..bb76e9b 100644 --- a/keystoneclient/tests/unit/v3/test_roles.py +++ b/keystoneclient/tests/unit/v3/test_roles.py @@ -59,6 +59,20 @@ class RoleTests(utils.TestCase, utils.CrudTests): self.manager.grant(role=ref['id'], domain=domain_id, user=user_id, os_inherit_extension_inherited=True) + def test_project_role_grant_inherited(self): + user_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref = self.new_ref() + + self.stub_url('PUT', + ['OS-INHERIT', 'projects', project_id, 'users', user_id, + self.collection_key, ref['id'], + 'inherited_to_projects'], + status_code=204) + + self.manager.grant(role=ref['id'], project=project_id, user=user_id, + os_inherit_extension_inherited=True) + def test_domain_group_role_grant(self): group_id = uuid.uuid4().hex domain_id = uuid.uuid4().hex @@ -85,6 +99,20 @@ class RoleTests(utils.TestCase, utils.CrudTests): self.manager.grant(role=ref['id'], domain=domain_id, group=group_id, os_inherit_extension_inherited=True) + def test_project_group_role_grant_inherited(self): + group_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref = self.new_ref() + + self.stub_url('PUT', + ['OS-INHERIT', 'projects', project_id, 'groups', + group_id, self.collection_key, ref['id'], + 'inherited_to_projects'], + status_code=204) + + self.manager.grant(role=ref['id'], project=project_id, group=group_id, + os_inherit_extension_inherited=True) + def test_domain_role_list(self): user_id = uuid.uuid4().hex domain_id = uuid.uuid4().hex @@ -113,6 +141,23 @@ class RoleTests(utils.TestCase, utils.CrudTests): self.assertThat(ref_list, matchers.HasLength(len(returned_list))) [self.assertIsInstance(r, self.model) for r in returned_list] + def test_project_user_role_list_inherited(self): + user_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref_list = [self.new_ref(), self.new_ref()] + + self.stub_entity('GET', + ['OS-INHERIT', + 'projects', project_id, 'users', user_id, + self.collection_key, 'inherited_to_projects'], + entity=ref_list) + + returned_list = self.manager.list(project=project_id, user=user_id, + os_inherit_extension_inherited=True) + + self.assertThat(ref_list, matchers.HasLength(len(returned_list))) + [self.assertIsInstance(r, self.model) for r in returned_list] + def test_domain_group_role_list(self): group_id = uuid.uuid4().hex domain_id = uuid.uuid4().hex @@ -141,6 +186,23 @@ class RoleTests(utils.TestCase, utils.CrudTests): self.assertThat(ref_list, matchers.HasLength(len(returned_list))) [self.assertIsInstance(r, self.model) for r in returned_list] + def test_project_group_role_list_inherited(self): + group_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref_list = [self.new_ref(), self.new_ref()] + + self.stub_entity('GET', + ['OS-INHERIT', + 'projects', project_id, 'groups', group_id, + self.collection_key, 'inherited_to_projects'], + entity=ref_list) + + returned_list = self.manager.list(project=project_id, group=group_id, + os_inherit_extension_inherited=True) + + self.assertThat(ref_list, matchers.HasLength(len(returned_list))) + [self.assertIsInstance(r, self.model) for r in returned_list] + def test_domain_role_check(self): user_id = uuid.uuid4().hex domain_id = uuid.uuid4().hex @@ -169,6 +231,21 @@ class RoleTests(utils.TestCase, utils.CrudTests): self.manager.check(role=ref['id'], domain=domain_id, user=user_id, os_inherit_extension_inherited=True) + def test_project_role_check_inherited(self): + user_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref = self.new_ref() + + self.stub_url('HEAD', + ['OS-INHERIT', + 'projects', project_id, 'users', user_id, + self.collection_key, ref['id'], + 'inherited_to_projects'], + status_code=204) + + self.manager.check(role=ref['id'], project=project_id, + user=user_id, os_inherit_extension_inherited=True) + def test_domain_group_role_check(self): return group_id = uuid.uuid4().hex @@ -197,6 +274,21 @@ class RoleTests(utils.TestCase, utils.CrudTests): self.manager.check(role=ref['id'], domain=domain_id, group=group_id, os_inherit_extension_inherited=True) + def test_project_group_role_check_inherited(self): + group_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref = self.new_ref() + + self.stub_url('HEAD', + ['OS-INHERIT', + 'projects', project_id, 'groups', group_id, + self.collection_key, ref['id'], + 'inherited_to_projects'], + status_code=204) + + self.manager.check(role=ref['id'], project=project_id, + group=group_id, os_inherit_extension_inherited=True) + def test_domain_role_revoke(self): user_id = uuid.uuid4().hex domain_id = uuid.uuid4().hex @@ -235,6 +327,20 @@ class RoleTests(utils.TestCase, utils.CrudTests): self.manager.revoke(role=ref['id'], domain=domain_id, user=user_id, os_inherit_extension_inherited=True) + def test_project_role_revoke_inherited(self): + user_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref = self.new_ref() + + self.stub_url('DELETE', + ['OS-INHERIT', 'projects', project_id, 'users', user_id, + self.collection_key, ref['id'], + 'inherited_to_projects'], + status_code=204) + + self.manager.revoke(role=ref['id'], project=project_id, + user=user_id, os_inherit_extension_inherited=True) + def test_domain_group_role_revoke_inherited(self): group_id = uuid.uuid4().hex domain_id = uuid.uuid4().hex @@ -250,6 +356,21 @@ class RoleTests(utils.TestCase, utils.CrudTests): group=group_id, os_inherit_extension_inherited=True) + def test_project_group_role_revoke_inherited(self): + group_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + ref = self.new_ref() + + self.stub_url('DELETE', + ['OS-INHERIT', 'projects', project_id, 'groups', + group_id, self.collection_key, ref['id'], + 'inherited_to_projects'], + status_code=204) + + self.manager.revoke(role=ref['id'], project=project_id, + group=group_id, + os_inherit_extension_inherited=True) + def test_project_role_grant(self): user_id = uuid.uuid4().hex project_id = uuid.uuid4().hex |