diff options
| author | Harry Rybacki <hrybacki@redhat.com> | 2017-07-19 13:07:34 +0000 |
|---|---|---|
| committer | Harry Rybacki <hrybacki@redhat.com> | 2017-08-22 17:08:30 +0000 |
| commit | 8cd3e258c5029a8efedab40019d6cfd3eac379f5 (patch) | |
| tree | 0f79cbccc7d42a101ca6fff68161cf7b94c723b2 /openstackclient/tests/unit | |
| parent | 5cc4d5b5307c44b71f00d44985b98e54366f8397 (diff) | |
| download | python-openstackclient-8cd3e258c5029a8efedab40019d6cfd3eac379f5.tar.gz | |
Implied Roles
Allow the user to create an inference rule between
two roles. The first, called the prior role
is the role explicitly assigned to an individual.
The second, called the implied role, is one that
the user gets implicitly. For example:
Role B implies Role A.
User X is assigned Role B.
Therefore User X also assigned Role A.
The management and maintenance of the rules is
performed in the Keystone server.
Change-Id: If547c2f16e812bc7fffd742ec37e6a26011f3185
Diffstat (limited to 'openstackclient/tests/unit')
| -rw-r--r-- | openstackclient/tests/unit/identity/v3/fakes.py | 24 | ||||
| -rw-r--r-- | openstackclient/tests/unit/identity/v3/test_implied_role.py | 181 |
2 files changed, 205 insertions, 0 deletions
diff --git a/openstackclient/tests/unit/identity/v3/fakes.py b/openstackclient/tests/unit/identity/v3/fakes.py index 997bcf63..7de25152 100644 --- a/openstackclient/tests/unit/identity/v3/fakes.py +++ b/openstackclient/tests/unit/identity/v3/fakes.py @@ -184,6 +184,8 @@ ROLE_2 = { 'links': base_url + 'roles/' + 'r2', } +ROLES = [ROLE, ROLE_2] + service_id = 's-123' service_name = 'Texaco' service_type = 'gas' @@ -968,3 +970,25 @@ class FakeRoleAssignment(object): info=copy.deepcopy(role_assignment_info), loaded=True) return role_assignment + + +class FakeImpliedRoleResponse(object): + """Fake one or more role assignment.""" + def __init__(self, prior_role, implied_roles): + self.prior_role = prior_role + self.implies = [role for role in implied_roles] + + @staticmethod + def create_list(): + """Create a fake implied role list response. + + :return: + A list of FakeImpliedRoleResponse objects + """ + + # set default attributes. + implied_roles = [ + FakeImpliedRoleResponse(ROLES[0], [ROLES[1]]) + ] + + return implied_roles diff --git a/openstackclient/tests/unit/identity/v3/test_implied_role.py b/openstackclient/tests/unit/identity/v3/test_implied_role.py new file mode 100644 index 00000000..08273f73 --- /dev/null +++ b/openstackclient/tests/unit/identity/v3/test_implied_role.py @@ -0,0 +1,181 @@ +# Copyright 2013 Nebula Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import copy + +from openstackclient.identity.v3 import implied_role +from openstackclient.tests.unit import fakes +from openstackclient.tests.unit.identity.v3 import fakes as identity_fakes + + +class TestRole(identity_fakes.TestIdentityv3): + + def setUp(self): + super(TestRole, self).setUp() + + # Get a shortcut to the UserManager Mock + self.users_mock = self.app.client_manager.identity.users + self.users_mock.reset_mock() + + # Get a shortcut to the UserManager Mock + self.groups_mock = self.app.client_manager.identity.groups + self.groups_mock.reset_mock() + + # Get a shortcut to the DomainManager Mock + self.domains_mock = self.app.client_manager.identity.domains + self.domains_mock.reset_mock() + + # Get a shortcut to the ProjectManager Mock + self.projects_mock = self.app.client_manager.identity.projects + self.projects_mock.reset_mock() + + # Get a shortcut to the RoleManager Mock + self.roles_mock = self.app.client_manager.identity.roles + self.roles_mock.reset_mock() + + def _is_inheritance_testcase(self): + return False + + +class TestImpliedRoleCreate(TestRole): + + def setUp(self): + super(TestImpliedRoleCreate, self).setUp() + + self.roles_mock.list.return_value = [ + fakes.FakeResource( + None, + copy.deepcopy(identity_fakes.ROLES[0]), + loaded=True, + ), + fakes.FakeResource( + None, + copy.deepcopy(identity_fakes.ROLES[1]), + loaded=True, + ), + ] + + self.roles_mock.create_implied.return_value = fakes.FakeResource( + None, + {'prior_role': copy.deepcopy(identity_fakes.ROLES[0]), + 'implied': copy.deepcopy(identity_fakes.ROLES[1]), }, + loaded=True, + ) + + self.cmd = implied_role.CreateImpliedRole(self.app, None) + + def test_implied_role_create(self): + + arglist = [ + identity_fakes.ROLES[0]['id'], + '--implied-role', identity_fakes.ROLES[1]['id'], + ] + verifylist = [ + ('role', identity_fakes.ROLES[0]['id']), + ('implied_role', identity_fakes.ROLES[1]['id']), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + # In base command class ShowOne in cliff, abstract method take_action() + # returns a two-part tuple with a tuple of column names and a tuple of + # data to be shown. + columns, data = self.cmd.take_action(parsed_args) + + # RoleManager.create_implied(prior, implied) + self.roles_mock.create_implied.assert_called_with( + identity_fakes.ROLES[0]['id'], + identity_fakes.ROLES[1]['id'] + ) + + collist = ('implied', 'prior_role') + self.assertEqual(collist, columns) + datalist = ( + identity_fakes.ROLES[1]['id'], + identity_fakes.ROLES[0]['id'] + ) + self.assertEqual(datalist, data) + + +class TestImpliedRoleDelete(TestRole): + + def setUp(self): + super(TestImpliedRoleDelete, self).setUp() + + self.roles_mock.list.return_value = [ + fakes.FakeResource( + None, + copy.deepcopy(identity_fakes.ROLES[0]), + loaded=True, + ), + fakes.FakeResource( + None, + copy.deepcopy(identity_fakes.ROLES[1]), + loaded=True, + ), + ] + + self.roles_mock.delete_implied.return_value = fakes.FakeResource( + None, + {'prior-role': copy.deepcopy(identity_fakes.ROLES[0]), + 'implied': copy.deepcopy(identity_fakes.ROLES[1]), }, + loaded=True, + ) + + self.cmd = implied_role.DeleteImpliedRole(self.app, None) + + def test_implied_role_delete(self): + arglist = [ + identity_fakes.ROLES[0]['id'], + '--implied-role', identity_fakes.ROLES[1]['id'], + ] + verifylist = [ + ('role', identity_fakes.ROLES[0]['id']), + ('implied_role', identity_fakes.ROLES[1]['id']), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + self.cmd.take_action(parsed_args) + + self.roles_mock.delete_implied.assert_called_with( + identity_fakes.ROLES[0]['id'], + identity_fakes.ROLES[1]['id'] + ) + + +class TestImpliedRoleList(TestRole): + + def setUp(self): + super(TestImpliedRoleList, self).setUp() + + self.roles_mock.list_inference_roles.return_value = ( + identity_fakes.FakeImpliedRoleResponse.create_list()) + + self.cmd = implied_role.ListImpliedRole(self.app, None) + + def test_implied_role_list(self): + arglist = [] + verifylist = [] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + columns, data = self.cmd.take_action(parsed_args) + self.roles_mock.list_inference_roles.assert_called_with() + + collist = ['Prior Role ID', 'Prior Role Name', + 'Implied Role ID', 'Implied Role Name'] + self.assertEqual(collist, columns) + datalist = [ + (identity_fakes.ROLES[0]['id'], identity_fakes.ROLES[0]['name'], + identity_fakes.ROLES[1]['id'], identity_fakes.ROLES[1]['name']) + ] + x = [d for d in data] + self.assertEqual(datalist, x) |