Source code for object_storage.test_container_acl

# Copyright 2012 OpenStack Foundation
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from tempest.api.object_storage import base
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators

CONF = config.CONF


[docs] class ObjectTestACLs(base.BaseObjectTest): """Test object ACLs""" credentials = [['operator', CONF.object_storage.operator_role], ['operator_alt', CONF.object_storage.operator_role]] def setUp(self): super(ObjectTestACLs, self).setUp() self.container_name = self.create_container() @classmethod def resource_cleanup(cls): cls.delete_containers() super(ObjectTestACLs, cls).resource_cleanup()
[docs] @decorators.idempotent_id('a3270f3f-7640-4944-8448-c7ea783ea5b6') def test_read_object_with_rights(self): """Test reading object using authorized user""" # update X-Container-Read metadata ACL tenant_id = self.os_roles_operator_alt.credentials.tenant_id user_id = self.os_roles_operator_alt.credentials.user_id cont_headers = {'X-Container-Read': tenant_id + ':' + user_id} container_client = self.os_roles_operator.container_client resp_meta, _ = ( container_client.create_update_or_delete_container_metadata( self.container_name, create_update_metadata=cont_headers, create_update_metadata_prefix='')) self.assertHeaders(resp_meta, 'Container', 'POST') # create object object_name = data_utils.rand_name( prefix=CONF.resource_name_prefix, name='Object') resp, _ = self.os_roles_operator.object_client.create_object( self.container_name, object_name, 'data') self.assertHeaders(resp, 'Object', 'PUT') # set alternative authentication data; cannot simply use the # other object client. self.os_roles_operator.object_client.auth_provider.set_alt_auth_data( request_part='headers', auth_data=self.os_roles_operator_alt.object_client.auth_provider. auth_data) resp, _ = self.os_roles_operator.object_client.get_object( self.container_name, object_name) self.assertHeaders(resp, 'Object', 'GET')
[docs] @decorators.idempotent_id('aa58bfa5-40d9-4bc3-82b4-d07f4a9e392a') def test_write_object_with_rights(self): """Test writing object using authorized user""" # update X-Container-Write metadata ACL tenant_id = self.os_roles_operator_alt.credentials.tenant_id user_id = self.os_roles_operator_alt.credentials.user_id cont_headers = {'X-Container-Write': tenant_id + ':' + user_id} container_client = self.os_roles_operator.container_client resp_meta, _ = ( container_client.create_update_or_delete_container_metadata( self.container_name, create_update_metadata=cont_headers, create_update_metadata_prefix='')) self.assertHeaders(resp_meta, 'Container', 'POST') # set alternative authentication data; cannot simply use the # other object client. self.os_roles_operator.object_client.auth_provider.set_alt_auth_data( request_part='headers', auth_data=self.os_roles_operator_alt.object_client.auth_provider. auth_data) # Trying to write the object with rights object_name = data_utils.rand_name( prefix=CONF.resource_name_prefix, name='Object') resp, _ = self.os_roles_operator.object_client.create_object( self.container_name, object_name, 'data', headers={}) self.assertHeaders(resp, 'Object', 'PUT')