Merge "Add CRUD support for application credentials"

2 files changed, 341 insertions, 0 deletions

diff --git a/openstackclient/tests/unit/identity/v3/fakes.py b/openstackclient/tests/unit/identity/v3/fakes.py
index 8ceca3ce..77928792 100644
--- a/openstackclient/tests/unit/identity/v3/fakes.py
+++ b/openstackclient/tests/unit/identity/v3/fakes.py
@@ -14,6 +14,7 @@
 #
 
 import copy
+import datetime
 import uuid
 
 from keystoneauth1 import access
@@ -457,6 +458,34 @@ OAUTH_VERIFIER = {
     'oauth_verifier': oauth_verifier_pin
 }
 
+app_cred_id = 'app-cred-id'
+app_cred_name = 'testing_app_cred'
+app_cred_role = {"id": role_id, "name": role_name, "domain": None},
+app_cred_description = 'app credential for testing'
+app_cred_expires = datetime.datetime(2022, 1, 1, 0, 0)
+app_cred_expires_str = app_cred_expires.strftime('%Y-%m-%dT%H:%M:%S%z')
+app_cred_secret = 'moresecuresecret'
+APP_CRED_BASIC = {
+    'id': app_cred_id,
+    'name': app_cred_name,
+    'project_id': project_id,
+    'roles': app_cred_role,
+    'description': None,
+    'expires_at': None,
+    'unrestricted': False,
+    'secret': app_cred_secret
+}
+APP_CRED_OPTIONS = {
+    'id': app_cred_id,
+    'name': app_cred_name,
+    'project_id': project_id,
+    'roles': app_cred_role,
+    'description': app_cred_description,
+    'expires_at': app_cred_expires_str,
+    'unrestricted': False,
+    'secret': app_cred_secret
+}
+
 
 def fake_auth_ref(fake_token, fake_service=None):
     """Create an auth_ref using keystoneauth's fixtures"""
@@ -544,6 +573,9 @@ class FakeIdentityv3Client(object):
         self.auth = FakeAuth()
         self.auth.client = mock.Mock()
         self.auth.client.resource_class = fakes.FakeResource(None, {})
+        self.application_credentials = mock.Mock()
+        self.application_credentials.resource_class = fakes.FakeResource(None,
+                                                                         {})
 
 
 class FakeFederationManager(object):
diff --git a/openstackclient/tests/unit/identity/v3/test_application_credential.py b/openstackclient/tests/unit/identity/v3/test_application_credential.py
new file mode 100644
index 00000000..e7c8ede8
--- /dev/null
+++ b/openstackclient/tests/unit/identity/v3/test_application_credential.py
@@ -0,0 +1,309 @@
+#   Copyright 2018 SUSE Linux GmbH
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+import copy
+
+import mock
+from osc_lib import exceptions
+from osc_lib import utils
+
+from openstackclient.identity.v3 import application_credential
+from openstackclient.tests.unit import fakes
+from openstackclient.tests.unit.identity.v3 import fakes as identity_fakes
+
+
+class TestApplicationCredential(identity_fakes.TestIdentityv3):
+
+    def setUp(self):
+        super(TestApplicationCredential, self).setUp()
+
+        identity_manager = self.app.client_manager.identity
+        self.app_creds_mock = identity_manager.application_credentials
+        self.app_creds_mock.reset_mock()
+        self.roles_mock = identity_manager.roles
+        self.roles_mock.reset_mock()
+
+
+class TestApplicationCredentialCreate(TestApplicationCredential):
+
+    def setUp(self):
+        super(TestApplicationCredentialCreate, self).setUp()
+
+        self.roles_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE),
+            loaded=True,
+        )
+
+        # Get the command object to test
+        self.cmd = application_credential.CreateApplicationCredential(
+            self.app, None)
+
+    def test_application_credential_create_basic(self):
+        self.app_creds_mock.create.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.APP_CRED_BASIC),
+            loaded=True,
+        )
+
+        name = identity_fakes.app_cred_name
+        arglist = [
+            name
+        ]
+        verifylist = [
+            ('name', identity_fakes.app_cred_name)
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class ShowOne in cliff, abstract method take_action()
+        # returns a two-part tuple with a tuple of column names and a tuple of
+        # data to be shown.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        # Set expected values
+        kwargs = {
+            'secret': None,
+            'roles': [],
+            'expires_at': None,
+            'description': None,
+            'unrestricted': False,
+        }
+        self.app_creds_mock.create.assert_called_with(
+            name,
+            **kwargs
+        )
+
+        collist = ('description', 'expires_at', 'id', 'name', 'project_id',
+                   'roles', 'secret', 'unrestricted')
+        self.assertEqual(collist, columns)
+        datalist = (
+            None,
+            None,
+            identity_fakes.app_cred_id,
+            identity_fakes.app_cred_name,
+            identity_fakes.project_id,
+            identity_fakes.role_name,
+            identity_fakes.app_cred_secret,
+            False,
+        )
+        self.assertEqual(datalist, data)
+
+    def test_application_credential_create_with_options(self):
+        name = identity_fakes.app_cred_name
+        self.app_creds_mock.create.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.APP_CRED_OPTIONS),
+            loaded=True,
+        )
+
+        arglist = [
+            name,
+            '--secret', 'moresecuresecret',
+            '--role', identity_fakes.role_id,
+            '--expiration', identity_fakes.app_cred_expires_str,
+            '--description', 'credential for testing'
+        ]
+        verifylist = [
+            ('name', identity_fakes.app_cred_name),
+            ('secret', 'moresecuresecret'),
+            ('role', [identity_fakes.role_id]),
+            ('expiration', identity_fakes.app_cred_expires_str),
+            ('description', 'credential for testing')
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class ShowOne in cliff, abstract method take_action()
+        # returns a two-part tuple with a tuple of column names and a tuple of
+        # data to be shown.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        # Set expected values
+        kwargs = {
+            'secret': 'moresecuresecret',
+            'roles': [identity_fakes.role_id],
+            'expires_at': identity_fakes.app_cred_expires,
+            'description': 'credential for testing',
+            'unrestricted': False
+        }
+        self.app_creds_mock.create.assert_called_with(
+            name,
+            **kwargs
+        )
+
+        collist = ('description', 'expires_at', 'id', 'name', 'project_id',
+                   'roles', 'secret', 'unrestricted')
+        self.assertEqual(collist, columns)
+        datalist = (
+            identity_fakes.app_cred_description,
+            identity_fakes.app_cred_expires_str,
+            identity_fakes.app_cred_id,
+            identity_fakes.app_cred_name,
+            identity_fakes.project_id,
+            identity_fakes.role_name,
+            identity_fakes.app_cred_secret,
+            False,
+        )
+        self.assertEqual(datalist, data)
+
+
+class TestApplicationCredentialDelete(TestApplicationCredential):
+
+    def setUp(self):
+        super(TestApplicationCredentialDelete, self).setUp()
+
+        # This is the return value for utils.find_resource()
+        self.app_creds_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.APP_CRED_BASIC),
+            loaded=True,
+        )
+        self.app_creds_mock.delete.return_value = None
+
+        # Get the command object to test
+        self.cmd = application_credential.DeleteApplicationCredential(
+            self.app, None)
+
+    def test_application_credential_delete(self):
+        arglist = [
+            identity_fakes.app_cred_id,
+        ]
+        verifylist = [
+            ('application_credential', [identity_fakes.app_cred_id])
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        result = self.cmd.take_action(parsed_args)
+
+        self.app_creds_mock.delete.assert_called_with(
+            identity_fakes.app_cred_id,
+        )
+        self.assertIsNone(result)
+
+    @mock.patch.object(utils, 'find_resource')
+    def test_delete_multi_app_creds_with_exception(self, find_mock):
+        find_mock.side_effect = [self.app_creds_mock.get.return_value,
+                                 exceptions.CommandError]
+        arglist = [
+            identity_fakes.app_cred_id,
+            'nonexistent_app_cred',
+        ]
+        verifylist = [
+            ('application_credential', arglist),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        try:
+            self.cmd.take_action(parsed_args)
+            self.fail('CommandError should be raised.')
+        except exceptions.CommandError as e:
+            self.assertEqual('1 of 2 application credentials failed to'
+                             ' delete.', str(e))
+
+        find_mock.assert_any_call(self.app_creds_mock,
+                                  identity_fakes.app_cred_id)
+        find_mock.assert_any_call(self.app_creds_mock,
+                                  'nonexistent_app_cred')
+
+        self.assertEqual(2, find_mock.call_count)
+        self.app_creds_mock.delete.assert_called_once_with(
+            identity_fakes.app_cred_id)
+
+
+class TestApplicationCredentialList(TestApplicationCredential):
+
+    def setUp(self):
+        super(TestApplicationCredentialList, self).setUp()
+
+        self.app_creds_mock.list.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(identity_fakes.APP_CRED_BASIC),
+                loaded=True,
+            ),
+        ]
+
+        # Get the command object to test
+        self.cmd = application_credential.ListApplicationCredential(self.app,
+                                                                    None)
+
+    def test_application_credential_list(self):
+        arglist = []
+        verifylist = []
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class Lister in cliff, abstract method take_action()
+        # returns a tuple containing the column names and an iterable
+        # containing the data to be listed.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.app_creds_mock.list.assert_called_with(user=None)
+
+        collist = ('ID', 'Name', 'Project ID', 'Description', 'Expires At')
+        self.assertEqual(collist, columns)
+        datalist = ((
+            identity_fakes.app_cred_id,
+            identity_fakes.app_cred_name,
+            identity_fakes.project_id,
+            None,
+            None
+        ), )
+        self.assertEqual(datalist, tuple(data))
+
+
+class TestApplicationCredentialShow(TestApplicationCredential):
+
+    def setUp(self):
+        super(TestApplicationCredentialShow, self).setUp()
+
+        self.app_creds_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.APP_CRED_BASIC),
+            loaded=True,
+        )
+
+        # Get the command object to test
+        self.cmd = application_credential.ShowApplicationCredential(self.app,
+                                                                    None)
+
+    def test_application_credential_show(self):
+        arglist = [
+            identity_fakes.app_cred_id,
+        ]
+        verifylist = [
+            ('application_credential', identity_fakes.app_cred_id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class ShowOne in cliff, abstract method take_action()
+        # returns a two-part tuple with a tuple of column names and a tuple of
+        # data to be shown.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.app_creds_mock.get.assert_called_with(identity_fakes.app_cred_id)
+
+        collist = ('description', 'expires_at', 'id', 'name', 'project_id',
+                   'roles', 'secret', 'unrestricted')
+        self.assertEqual(collist, columns)
+        datalist = (
+            None,
+            None,
+            identity_fakes.app_cred_id,
+            identity_fakes.app_cred_name,
+            identity_fakes.project_id,
+            identity_fakes.role_name,
+            identity_fakes.app_cred_secret,
+            False,
+        )
+        self.assertEqual(datalist, data)