From b6384886973c652c0161a9caeac6f31066edace1 Mon Sep 17 00:00:00 2001 From: Terry Howe Date: Fri, 30 May 2014 10:38:20 -0600 Subject: Domain administrator cannot do project operations Domain administrator cannot do project operations because the require access to the domain API (which they don't have). When attempting to find a domain for project operations, ignore errors because the API returns nothing without indicating there is a problem. The domain administrators will have to use a domain id, but they will still be able to do project operations. If the user does not have permission to read the domain table, they cannot use domain names. Change-Id: Ieed5d420022a407c8296a0bb3569d9469c89d752 Closes-Bug: #1317478 Closes-Bug: #1317485 --- openstackclient/tests/identity/v3/test_project.py | 64 +++++++++++++++++++++++ 1 file changed, 64 insertions(+) (limited to 'openstackclient/tests/identity') diff --git a/openstackclient/tests/identity/v3/test_project.py b/openstackclient/tests/identity/v3/test_project.py index e0420a1e..2e7bc54b 100644 --- a/openstackclient/tests/identity/v3/test_project.py +++ b/openstackclient/tests/identity/v3/test_project.py @@ -14,6 +14,7 @@ # import copy +import mock from openstackclient.identity.v3 import project from openstackclient.tests import fakes @@ -172,6 +173,45 @@ class TestProjectCreate(TestProject): ) self.assertEqual(data, datalist) + def test_project_create_domain_no_perms(self): + arglist = [ + '--domain', identity_fakes.domain_id, + identity_fakes.project_name, + ] + verifylist = [ + ('domain', identity_fakes.domain_id), + ('enable', False), + ('disable', False), + ('name', identity_fakes.project_name), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + mocker = mock.Mock() + mocker.return_value = None + + with mock.patch("openstackclient.common.utils.find_resource", mocker): + columns, data = self.cmd.take_action(parsed_args) + + # Set expected values + kwargs = { + 'name': identity_fakes.project_name, + 'domain': identity_fakes.domain_id, + 'description': None, + 'enabled': True, + } + self.projects_mock.create.assert_called_with( + **kwargs + ) + collist = ('description', 'domain_id', 'enabled', 'id', 'name') + self.assertEqual(columns, collist) + datalist = ( + identity_fakes.project_description, + identity_fakes.domain_id, + True, + identity_fakes.project_id, + identity_fakes.project_name, + ) + self.assertEqual(data, datalist) + def test_project_create_enable(self): arglist = [ '--enable', @@ -411,6 +451,30 @@ class TestProjectList(TestProject): ), ) self.assertEqual(tuple(data), datalist) + def test_project_list_domain_no_perms(self): + arglist = [ + '--domain', identity_fakes.domain_id, + ] + verifylist = [ + ('domain', identity_fakes.domain_id), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + mocker = mock.Mock() + mocker.return_value = None + + with mock.patch("openstackclient.common.utils.find_resource", mocker): + columns, data = self.cmd.take_action(parsed_args) + + self.projects_mock.list.assert_called_with( + domain=identity_fakes.domain_id) + collist = ('ID', 'Name') + self.assertEqual(columns, collist) + datalist = (( + identity_fakes.project_id, + identity_fakes.project_name, + ), ) + self.assertEqual(tuple(data), datalist) + class TestProjectSet(TestProject): -- cgit v1.2.1