Add assignment list to v2 identity and deprecate alternate listing

The current identity role list command (both v2 and v3) is overloaded with listing roles as well as assignments (if you provide user, group, project or domain options). This is in addition to the v3 assignment list command designed for this purpose. This overloading complicates the fact that roles can now be domain specific (i.e. have a domain attribute), so the command 'role list --domain <domain-name' will soon become ambigious (this is in a follow on patch). This patch: - Adds a v2 assignments list, with support for pulling the user and project from the auth credentials - For comapability, adds the same auth support to the existing v3 assignments list - Deprecates the use of role list and user role list to list assignments Change-Id: I65bafdef4f8c89e863dab101369d0d629fa818b8 Partial-Bug: 1605774
author: Henry Nash <henryn@linux.vnet.ibm.com> 2016-04-29 23:59:27 +0100
committer: Dean Troyer <dtroyer@gmail.com> 2016-07-22 21:46:29 +0000
commit: 713d92df4e53f74698a1ff2dfcb7514ff22f023b (patch)
tree: dbf6825abaa32d4779d07ea28c7d637411959efd /openstackclient/tests/identity
parent: 719c5d79ced34687944eb0bf458f36070817a7b9 (diff)
download: python-openstackclient-713d92df4e53f74698a1ff2dfcb7514ff22f023b.tar.gz
3 files changed, 335 insertions, 0 deletions
diff --git a/openstackclient/tests/identity/v2_0/fakes.py b/openstackclient/tests/identity/v2_0/fakes.py
index 662d56b6..a715427c 100644
--- a/openstackclient/tests/identity/v2_0/fakes.py
+++ b/openstackclient/tests/identity/v2_0/fakes.py
@@ -50,6 +50,11 @@ ROLE = {
     'name': role_name,
 }
 
+ROLE_2 = {
+    'id': '2',
+    'name': 'bigboss',
+}
+
 service_id = '1925-10-11'
 service_name = 'elmore'
 service_description = 'Leonard, Elmore, rip'
diff --git a/openstackclient/tests/identity/v2_0/test_role_assignment.py b/openstackclient/tests/identity/v2_0/test_role_assignment.py
new file mode 100644
index 00000000..ab48c2f4
--- /dev/null
+++ b/openstackclient/tests/identity/v2_0/test_role_assignment.py
@@ -0,0 +1,270 @@
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+import copy
+import mock
+
+from openstackclient.common import exceptions
+from openstackclient.identity.v2_0 import role_assignment
+from openstackclient.tests import fakes
+from openstackclient.tests.identity.v2_0 import fakes as identity_fakes
+
+
+class TestRoleAssignment(identity_fakes.TestIdentityv2):
+
+    def setUp(self):
+        super(TestRoleAssignment, self).setUp()
+
+
+class TestRoleAssignmentList(TestRoleAssignment):
+
+    columns = (
+        'Role',
+        'User',
+        'Project',
+    )
+
+    def setUp(self):
+        super(TestRoleAssignment, self).setUp()
+
+        # Get a shortcut to the UserManager Mock
+        self.users_mock = self.app.client_manager.identity.users
+        self.users_mock.reset_mock()
+
+        # Get a shortcut to the ProjectManager Mock
+        self.projects_mock = self.app.client_manager.identity.projects
+        self.projects_mock.reset_mock()
+
+        # Get a shortcut to the RoleManager Mock
+        self.roles_mock = self.app.client_manager.identity.roles
+        self.roles_mock.reset_mock()
+
+        self.projects_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.PROJECT),
+            loaded=True,
+        )
+
+        self.users_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.USER),
+            loaded=True,
+        )
+
+        self.roles_mock.roles_for_user.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(identity_fakes.ROLE),
+                loaded=True,
+            ),
+        ]
+
+        # Get the command object to test
+        self.cmd = role_assignment.ListRoleAssignment(self.app, None)
+
+    def test_role_assignment_list_no_filters(self):
+
+        arglist = []
+        verifylist = []
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # This argument combination should raise a CommandError
+        self.assertRaises(
+            exceptions.CommandError,
+            self.cmd.take_action,
+            parsed_args,
+        )
+
+    def test_role_assignment_list_only_project_filter(self):
+
+        arglist = [
+            '--project', identity_fakes.project_name,
+        ]
+        verifylist = [
+            ('project', identity_fakes.project_name),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # This argument combination should raise a CommandError
+        self.assertRaises(
+            exceptions.CommandError,
+            self.cmd.take_action,
+            parsed_args,
+        )
+
+    def test_role_assignment_list_only_user_filter(self):
+
+        arglist = [
+            '--user', identity_fakes.user_name,
+        ]
+        verifylist = [
+            ('user', identity_fakes.user_name),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # This argument combination should raise a CommandError
+        self.assertRaises(
+            exceptions.CommandError,
+            self.cmd.take_action,
+            parsed_args,
+        )
+
+    def test_role_assignment_list_project_and_user(self):
+
+        self.roles_mock.roles_for_user.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ROLE),
+                loaded=True,
+            ),
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ROLE_2),
+                loaded=True,
+            ),
+        ]
+
+        arglist = [
+            '--project', identity_fakes.project_name,
+            '--user', identity_fakes.user_name,
+        ]
+        verifylist = [
+            ('user', identity_fakes.user_name),
+            ('project', identity_fakes.project_name),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class Lister in cliff, abstract method take_action()
+        # returns a tuple containing the column names and an iterable
+        # containing the data to be listed.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.roles_mock.roles_for_user.assert_called_with(
+            identity_fakes.user_id,
+            identity_fakes.project_id,
+        )
+
+        self.assertEqual(self.columns, columns)
+        datalist = ((
+            identity_fakes.role_id,
+            identity_fakes.user_id,
+            identity_fakes.project_id,
+        ), (identity_fakes.ROLE_2['id'],
+            identity_fakes.user_id,
+            identity_fakes.project_id,
+            ),)
+        self.assertEqual(datalist, tuple(data))
+
+    def test_role_assignment_list_def_creds(self):
+
+        auth_ref = self.app.client_manager.auth_ref = mock.MagicMock()
+        auth_ref.project_id.return_value = identity_fakes.project_id
+        auth_ref.user_id.return_value = identity_fakes.user_id
+
+        self.roles_mock.roles_for_user.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ROLE),
+                loaded=True,
+            ),
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ROLE_2),
+                loaded=True,
+            ),
+        ]
+
+        arglist = [
+            '--auth-user',
+            '--auth-project',
+        ]
+        verifylist = [
+            ('authuser', True),
+            ('authproject', True),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class Lister in cliff, abstract method take_action()
+        # returns a tuple containing the column names and an iterable
+        # containing the data to be listed.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.roles_mock.roles_for_user.assert_called_with(
+            identity_fakes.user_id,
+            identity_fakes.project_id,
+        )
+
+        self.assertEqual(self.columns, columns)
+        datalist = ((
+            identity_fakes.role_id,
+            identity_fakes.user_id,
+            identity_fakes.project_id,
+        ), (identity_fakes.ROLE_2['id'],
+            identity_fakes.user_id,
+            identity_fakes.project_id,
+            ),)
+        self.assertEqual(datalist, tuple(data))
+
+    def test_role_assignment_list_by_name_project_and_user(self):
+
+        self.roles_mock.roles_for_user.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ROLE),
+                loaded=True,
+            ),
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ROLE_2),
+                loaded=True,
+            ),
+        ]
+
+        arglist = [
+            '--project', identity_fakes.project_name,
+            '--user', identity_fakes.user_name,
+            '--names'
+        ]
+        verifylist = [
+            ('user', identity_fakes.user_name),
+            ('project', identity_fakes.project_name),
+            ('names', True),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class Lister in cliff, abstract method take_action()
+        # returns a tuple containing the column names and an iterable
+        # containing the data to be listed.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.roles_mock.roles_for_user.assert_called_with(
+            identity_fakes.user_id,
+            identity_fakes.project_id,
+        )
+
+        self.assertEqual(self.columns, columns)
+        datalist = ((
+            identity_fakes.role_name,
+            identity_fakes.user_name,
+            identity_fakes.project_name,
+        ), (identity_fakes.ROLE_2['name'],
+            identity_fakes.user_name,
+            identity_fakes.project_name,
+            ),)
+        self.assertEqual(datalist, tuple(data))
diff --git a/openstackclient/tests/identity/v3/test_role_assignment.py b/openstackclient/tests/identity/v3/test_role_assignment.py
index 8956b74f..0ae67c72 100644
--- a/openstackclient/tests/identity/v3/test_role_assignment.py
+++ b/openstackclient/tests/identity/v3/test_role_assignment.py
@@ -12,6 +12,7 @@
 #
 
 import copy
+import mock
 
 from openstackclient.identity.v3 import role_assignment
 from openstackclient.tests import fakes
@@ -374,6 +375,65 @@ class TestRoleAssignmentList(TestRoleAssignment):
             ),)
         self.assertEqual(datalist, tuple(data))
 
+    def test_role_assignment_list_def_creds(self):
+
+        auth_ref = self.app.client_manager.auth_ref = mock.MagicMock()
+        auth_ref.project_id.return_value = identity_fakes.project_id
+        auth_ref.user_id.return_value = identity_fakes.user_id
+
+        self.role_assignments_mock.list.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID),
+                loaded=True,
+            ),
+        ]
+
+        arglist = [
+            '--auth-user',
+            '--auth-project',
+        ]
+        verifylist = [
+            ('user', None),
+            ('group', None),
+            ('domain', None),
+            ('project', None),
+            ('role', None),
+            ('effective', False),
+            ('inherited', False),
+            ('names', False),
+            ('authuser', True),
+            ('authproject', True),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class Lister in cliff, abstract method take_action()
+        # returns a tuple containing the column names and an iterable
+        # containing the data to be listed.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.role_assignments_mock.list.assert_called_with(
+            domain=None,
+            user=self.users_mock.get(),
+            group=None,
+            project=self.projects_mock.get(),
+            role=None,
+            effective=False,
+            os_inherit_extension_inherited_to=None,
+            include_names=False)
+
+        self.assertEqual(self.columns, columns)
+        datalist = ((
+            identity_fakes.role_id,
+            identity_fakes.user_id,
+            '',
+            identity_fakes.project_id,
+            '',
+            False
+        ),)
+        self.assertEqual(datalist, tuple(data))
+
     def test_role_assignment_list_effective(self):
 
         self.role_assignments_mock.list.return_value = [
author	Henry Nash <henryn@linux.vnet.ibm.com>	2016-04-29 23:59:27 +0100
committer	Dean Troyer <dtroyer@gmail.com>	2016-07-22 21:46:29 +0000
commit	713d92df4e53f74698a1ff2dfcb7514ff22f023b (patch)
tree	dbf6825abaa32d4779d07ea28c7d637411959efd /openstackclient/tests/identity
parent	719c5d79ced34687944eb0bf458f36070817a7b9 (diff)
download	python-openstackclient-713d92df4e53f74698a1ff2dfcb7514ff22f023b.tar.gz