Source code for identity.v3.test_access_rules
# Copyright 2019 SUSE LLC
#
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.api.identity import base
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
CONF = config.CONF
[docs]
class AccessRulesV3Test(base.BaseIdentityV3Test):
@classmethod
def skip_checks(cls):
super(AccessRulesV3Test, cls).skip_checks()
if not CONF.identity_feature_enabled.access_rules:
raise cls.skipException("Application credential access rules are "
"not available in this environment")
@classmethod
def resource_setup(cls):
super(AccessRulesV3Test, cls).resource_setup()
cls.user_id = cls.os_primary.credentials.user_id
cls.project_id = cls.os_primary.credentials.project_id
access_rules = [
{
"path": "/v2.1/servers/*/ips",
"method": "GET",
"service": "compute"
}
]
cls.ac = cls.non_admin_app_creds_client
cls.app_cred = cls.ac.create_application_credential(
cls.user_id,
name=data_utils.rand_name(
name='application_credential',
prefix=CONF.resource_name_prefix),
access_rules=access_rules
)['application_credential']
cls.addClassResourceCleanup(
cls.ac.delete_application_credential,
cls.user_id, cls.app_cred['id'])
[docs]
@decorators.idempotent_id('2354c498-5119-4ba5-9f0d-44f16f78fb0e')
def test_list_access_rules(self):
ar = self.non_admin_access_rules_client.list_access_rules(self.user_id)
self.assertEqual(1, len(ar['access_rules']))
[docs]
@decorators.idempotent_id('795dd507-ca1e-40e9-ba90-ff0a08689ba4')
def test_show_access_rule(self):
access_rule_id = self.app_cred['access_rules'][0]['id']
self.non_admin_access_rules_client.show_access_rule(
self.user_id, access_rule_id)
[docs]
@decorators.idempotent_id('278757e9-e193-4bf8-adf2-0b0a229a17d0')
def test_delete_access_rule(self):
access_rules = [
{
"path": "/v2.1/servers/*/ips",
"method": "GET",
"service": "monitoring"
}
]
app_cred = self.ac.create_application_credential(
self.user_id,
name=data_utils.rand_name(
name='application_credential',
prefix=CONF.resource_name_prefix),
access_rules=access_rules
)['application_credential']
self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
self.ac.delete_application_credential,
self.user_id, app_cred['id'])
access_rule_id = app_cred['access_rules'][0]['id']
self.assertRaises(
lib_exc.Forbidden,
self.non_admin_access_rules_client.delete_access_rule,
self.user_id,
access_rule_id)
self.ac.delete_application_credential(
self.user_id, app_cred['id'])
ar = self.non_admin_access_rules_client.list_access_rules(self.user_id)
self.assertIn(access_rule_id, [x['id'] for x in ar['access_rules']])
self.non_admin_access_rules_client.delete_access_rule(
self.user_id, access_rule_id)
ar = self.non_admin_access_rules_client.list_access_rules(self.user_id)
self.assertNotIn(access_rule_id, [x['id'] for x in ar['access_rules']])
