Add support for domain specific roles

A role entity can now be specified as domain specific. Closes-bug: #1606105 Change-Id: I564cf3da1d61f5bfcf85be591480d2f5c8d694a0
author: Henry Nash <henryn@linux.vnet.ibm.com> 2016-02-23 11:42:40 +0000
committer: Steve Martinelli <s.martinelli@gmail.com> 2016-08-10 20:32:55 +0000
commit: 5eb7e626b18b033f97f3cf10f2791529f9d75789 (patch)
tree: 1b371a8835abe4dfbf82dbc8003a08621138bb5b /openstackclient/tests
parent: 0b91368164acc596bf97fe4073083e26892f5b1a (diff)
download: python-openstackclient-5eb7e626b18b033f97f3cf10f2791529f9d75789.tar.gz
3 files changed, 336 insertions, 3 deletions
diff --git a/openstackclient/tests/identity/v3/fakes.py b/openstackclient/tests/identity/v3/fakes.py
index 8c138f7b..c4d24d46 100644
--- a/openstackclient/tests/identity/v3/fakes.py
+++ b/openstackclient/tests/identity/v3/fakes.py
@@ -173,9 +173,17 @@ role_name = 'roller'
 ROLE = {
     'id': role_id,
     'name': role_name,
+    'domain': None,
     'links': base_url + 'roles/' + role_id,
 }
 
+ROLE_2 = {
+    'id': 'r2',
+    'name': 'Rolls Royce',
+    'domain': domain_id,
+    'links': base_url + 'roles/' + 'r2',
+}
+
 service_id = 's-123'
 service_name = 'Texaco'
 service_type = 'gas'
@@ -358,6 +366,12 @@ ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID = {
     'role': {'id': role_id},
 }
 
+ASSIGNMENT_WITH_DOMAIN_ROLE = {
+    'scope': {'domain': {'id': domain_id}},
+    'user': {'id': user_id},
+    'role': {'id': ROLE_2['id']},
+}
+
 ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID_INCLUDE_NAMES = {
     'scope': {
         'domain': {'id': domain_id,
diff --git a/openstackclient/tests/identity/v3/test_role.py b/openstackclient/tests/identity/v3/test_role.py
index d2398e5d..b4e76d96 100644
--- a/openstackclient/tests/identity/v3/test_role.py
+++ b/openstackclient/tests/identity/v3/test_role.py
@@ -230,6 +230,45 @@ class TestRoleAdd(TestRole):
         )
         self.assertIsNone(result)
 
+    def test_role_add_domain_role_on_user_project(self):
+        self.roles_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE_2),
+            loaded=True,
+        )
+        arglist = [
+            '--user', identity_fakes.user_name,
+            '--project', identity_fakes.project_name,
+            '--role-domain', identity_fakes.domain_name,
+            identity_fakes.ROLE_2['name'],
+        ]
+        if self._is_inheritance_testcase():
+            arglist.append('--inherited')
+        verifylist = [
+            ('user', identity_fakes.user_name),
+            ('group', None),
+            ('domain', None),
+            ('project', identity_fakes.project_name),
+            ('role', identity_fakes.ROLE_2['name']),
+            ('inherited', self._is_inheritance_testcase()),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        result = self.cmd.take_action(parsed_args)
+
+        # Set expected values
+        kwargs = {
+            'user': identity_fakes.user_id,
+            'project': identity_fakes.project_id,
+            'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+        }
+        # RoleManager.grant(role, user=, group=, domain=, project=)
+        self.roles_mock.grant.assert_called_with(
+            identity_fakes.ROLE_2['id'],
+            **kwargs
+        )
+        self.assertIsNone(result)
+
 
 class TestRoleAddInherited(TestRoleAdd, TestRoleInherited):
     pass
@@ -240,6 +279,12 @@ class TestRoleCreate(TestRole):
     def setUp(self):
         super(TestRoleCreate, self).setUp()
 
+        self.domains_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.DOMAIN),
+            loaded=True,
+        )
+
         self.roles_mock.create.return_value = fakes.FakeResource(
             None,
             copy.deepcopy(identity_fakes.ROLE),
@@ -265,22 +310,67 @@ class TestRoleCreate(TestRole):
 
         # Set expected values
         kwargs = {
+            'domain': None,
             'name': identity_fakes.role_name,
         }
 
-        # RoleManager.create(name=)
+        # RoleManager.create(name=, domain=)
         self.roles_mock.create.assert_called_with(
             **kwargs
         )
 
-        collist = ('id', 'name')
+        collist = ('domain', 'id', 'name')
         self.assertEqual(collist, columns)
         datalist = (
+            None,
             identity_fakes.role_id,
             identity_fakes.role_name,
         )
         self.assertEqual(datalist, data)
 
+    def test_role_create_with_domain(self):
+
+        self.roles_mock.create.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE_2),
+            loaded=True,
+        )
+
+        arglist = [
+            '--domain', identity_fakes.domain_name,
+            identity_fakes.ROLE_2['name'],
+        ]
+        verifylist = [
+            ('domain', identity_fakes.domain_name),
+            ('name', identity_fakes.ROLE_2['name']),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class ShowOne in cliff, abstract method take_action()
+        # returns a two-part tuple with a tuple of column names and a tuple of
+        # data to be shown.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        # Set expected values
+        kwargs = {
+            'domain': identity_fakes.domain_id,
+            'name': identity_fakes.ROLE_2['name'],
+        }
+
+        # RoleManager.create(name=, domain=)
+        self.roles_mock.create.assert_called_with(
+            **kwargs
+        )
+
+        collist = ('domain', 'id', 'name')
+        self.assertEqual(collist, columns)
+        datalist = (
+            identity_fakes.domain_id,
+            identity_fakes.ROLE_2['id'],
+            identity_fakes.ROLE_2['name'],
+        )
+        self.assertEqual(datalist, data)
+
 
 class TestRoleDelete(TestRole):
 
@@ -313,6 +403,31 @@ class TestRoleDelete(TestRole):
         )
         self.assertIsNone(result)
 
+    def test_role_delete_with_domain(self):
+        self.roles_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE_2),
+            loaded=True,
+        )
+        self.roles_mock.delete.return_value = None
+
+        arglist = [
+            '--domain', identity_fakes.domain_name,
+            identity_fakes.ROLE_2['name'],
+        ]
+        verifylist = [
+            ('roles', [identity_fakes.ROLE_2['name']]),
+            ('domain', identity_fakes.domain_name),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        result = self.cmd.take_action(parsed_args)
+
+        self.roles_mock.delete.assert_called_with(
+            identity_fakes.ROLE_2['id'],
+        )
+        self.assertIsNone(result)
+
 
 class TestRoleList(TestRole):
 
@@ -583,6 +698,45 @@ class TestRoleList(TestRole):
         ), )
         self.assertEqual(datalist, tuple(data))
 
+    def test_role_list_domain_role(self):
+        self.roles_mock.list.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(identity_fakes.ROLE_2),
+                loaded=True,
+            ),
+        ]
+        arglist = [
+            '--domain', identity_fakes.domain_name,
+        ]
+        verifylist = [
+            ('domain', identity_fakes.domain_name),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class Lister in cliff, abstract method take_action()
+        # returns a tuple containing the column names and an iterable
+        # containing the data to be listed.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        # Set expected values
+        kwargs = {
+            'domain_id': identity_fakes.domain_id
+        }
+        # RoleManager.list(user=, group=, domain=, project=, **kwargs)
+        self.roles_mock.list.assert_called_with(
+            **kwargs
+        )
+
+        collist = ('ID', 'Name', 'Domain')
+        self.assertEqual(collist, columns)
+        datalist = ((
+            identity_fakes.ROLE_2['id'],
+            identity_fakes.ROLE_2['name'],
+            identity_fakes.domain_name,
+        ), )
+        self.assertEqual(datalist, tuple(data))
+
 
 class TestRoleRemove(TestRole):
 
@@ -756,6 +910,44 @@ class TestRoleRemove(TestRole):
         )
         self.assertIsNone(result)
 
+    def test_role_remove_domain_role_on_group_domain(self):
+        self.roles_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE_2),
+            loaded=True,
+        )
+        arglist = [
+            '--group', identity_fakes.group_name,
+            '--domain', identity_fakes.domain_name,
+            identity_fakes.ROLE_2['name'],
+        ]
+        if self._is_inheritance_testcase():
+            arglist.append('--inherited')
+        verifylist = [
+            ('user', None),
+            ('group', identity_fakes.group_name),
+            ('domain', identity_fakes.domain_name),
+            ('project', None),
+            ('role', identity_fakes.ROLE_2['name']),
+            ('inherited', self._is_inheritance_testcase()),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        result = self.cmd.take_action(parsed_args)
+
+        # Set expected values
+        kwargs = {
+            'group': identity_fakes.group_id,
+            'domain': identity_fakes.domain_id,
+            'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+        }
+        # RoleManager.revoke(role, user=, group=, domain=, project=)
+        self.roles_mock.revoke.assert_called_with(
+            identity_fakes.ROLE_2['id'],
+            **kwargs
+        )
+        self.assertIsNone(result)
+
 
 class TestRoleSet(TestRole):
 
@@ -796,6 +988,37 @@ class TestRoleSet(TestRole):
         )
         self.assertIsNone(result)
 
+    def test_role_set_domain_role(self):
+        self.roles_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE_2),
+            loaded=True,
+        )
+        arglist = [
+            '--name', 'over',
+            '--domain', identity_fakes.domain_name,
+            identity_fakes.ROLE_2['name'],
+        ]
+        verifylist = [
+            ('name', 'over'),
+            ('domain', identity_fakes.domain_name),
+            ('role', identity_fakes.ROLE_2['name']),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        result = self.cmd.take_action(parsed_args)
+
+        # Set expected values
+        kwargs = {
+            'name': 'over',
+        }
+        # RoleManager.update(role, name=)
+        self.roles_mock.update.assert_called_with(
+            identity_fakes.ROLE_2['id'],
+            **kwargs
+        )
+        self.assertIsNone(result)
+
 
 class TestRoleShow(TestRole):
 
@@ -830,10 +1053,53 @@ class TestRoleShow(TestRole):
             identity_fakes.role_name,
         )
 
-        collist = ('id', 'name')
+        collist = ('domain', 'id', 'name')
         self.assertEqual(collist, columns)
         datalist = (
+            None,
             identity_fakes.role_id,
             identity_fakes.role_name,
         )
         self.assertEqual(datalist, data)
+
+    def test_role_show_domain_role(self):
+        self.roles_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE_2),
+            loaded=True,
+        )
+        arglist = [
+            '--domain', identity_fakes.domain_name,
+            identity_fakes.ROLE_2['name'],
+        ]
+        verifylist = [
+            ('domain', identity_fakes.domain_name),
+            ('role', identity_fakes.ROLE_2['name']),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class ShowOne in cliff, abstract method take_action()
+        # returns a two-part tuple with a tuple of column names and a tuple of
+        # data to be shown.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        # RoleManager.get(role). This is called from utils.find_resource().
+        # In fact, the current implementation calls the get(role) first with
+        # just the name, then with the name+domain_id. So technically we should
+        # mock this out with a call list, with the first call returning None
+        # and the second returning the object. However, if we did that we are
+        # then just testing the current sequencing within the utils method, and
+        # would become brittle to changes within that method. Hence we just
+        # check for the first call which is always lookup by name.
+        self.roles_mock.get.assert_called_with(
+            identity_fakes.ROLE_2['name'],
+        )
+
+        collist = ('domain', 'id', 'name')
+        self.assertEqual(collist, columns)
+        datalist = (
+            identity_fakes.domain_id,
+            identity_fakes.ROLE_2['id'],
+            identity_fakes.ROLE_2['name'],
+        )
+        self.assertEqual(datalist, data)
diff --git a/openstackclient/tests/identity/v3/test_role_assignment.py b/openstackclient/tests/identity/v3/test_role_assignment.py
index 0ae67c72..113cc493 100644
--- a/openstackclient/tests/identity/v3/test_role_assignment.py
+++ b/openstackclient/tests/identity/v3/test_role_assignment.py
@@ -628,3 +628,56 @@ class TestRoleAssignmentList(TestRoleAssignment):
             False
             ),)
         self.assertEqual(tuple(data), datalist1)
+
+    def test_role_assignment_list_domain_role(self):
+
+        self.role_assignments_mock.list.return_value = [
+            fakes.FakeResource(
+                None,
+                copy.deepcopy(
+                    identity_fakes.ASSIGNMENT_WITH_DOMAIN_ROLE),
+                loaded=True,
+            ),
+        ]
+
+        arglist = [
+            '--role', identity_fakes.ROLE_2['name'],
+            '--role-domain', identity_fakes.domain_name
+        ]
+        verifylist = [
+            ('user', None),
+            ('group', None),
+            ('domain', None),
+            ('project', None),
+            ('role', identity_fakes.ROLE_2['name']),
+            ('effective', False),
+            ('inherited', False),
+            ('names', False),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        # In base command class Lister in cliff, abstract method take_action()
+        # returns a tuple containing the column names and an iterable
+        # containing the data to be listed.
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.role_assignments_mock.list.assert_called_with(
+            domain=None,
+            user=None,
+            group=None,
+            project=None,
+            role=self.roles_mock.get(),
+            effective=False,
+            os_inherit_extension_inherited_to=None,
+            include_names=False)
+
+        self.assertEqual(self.columns, columns)
+        datalist = ((
+            identity_fakes.ROLE_2['id'],
+            identity_fakes.user_id,
+            '',
+            '',
+            identity_fakes.domain_id,
+            False
+        ),)
+        self.assertEqual(datalist, tuple(data))
author	Henry Nash <henryn@linux.vnet.ibm.com>	2016-02-23 11:42:40 +0000
committer	Steve Martinelli <s.martinelli@gmail.com>	2016-08-10 20:32:55 +0000
commit	5eb7e626b18b033f97f3cf10f2791529f9d75789 (patch)
tree	1b371a8835abe4dfbf82dbc8003a08621138bb5b /openstackclient/tests
parent	0b91368164acc596bf97fe4073083e26892f5b1a (diff)
download	python-openstackclient-5eb7e626b18b033f97f3cf10f2791529f9d75789.tar.gz