aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/tests
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2015-07-08 11:01:09 +0200
committerasteroide <thomas.duval@orange.com>2015-07-08 11:01:09 +0200
commit778fa0bc8228c523560674e509aecc01ba49a38e (patch)
tree513e5595471b62e49c463b096749502cf0cd2e50 /keystone-moon/keystone/tests
parent35641a3050f91e149cc1388340fbb3fdfc43310f (diff)
Fix some bugs on the enforce function.
Change-Id: I2da7fef6bc448c9efa1e14080cd51cfc19d9632f
Diffstat (limited to 'keystone-moon/keystone/tests')
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py38
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py85
2 files changed, 89 insertions, 34 deletions
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 6426bf84..684b9695 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -62,8 +62,9 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
def create_intra_extension(self, policy_model="policy_rbac_admin"):
# Create the admin user because IntraExtension needs it
- self.admin = self.identity_api.create_user(USER)
+ #self.admin = self.identity_api.create_user(USER)
IE["policymodel"] = policy_model
+ IE["name"] = uuid.uuid4().hex
self.ref = self.manager.load_intra_extension(IE)
self.assertIsInstance(self.ref, dict)
self.create_tenant(self.ref["id"])
@@ -98,6 +99,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.manager.delete_intra_extension(self.ref["id"])
def test_subjects(self):
+ self.create_user("admin")
self.create_intra_extension()
subjects = self.manager.get_subject_dict("admin", self.ref["id"])
@@ -145,6 +147,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_subject["id"], subjects["subjects"])
def test_objects(self):
+ self.create_user("admin")
self.create_intra_extension()
objects = self.manager.get_object_dict("admin", self.ref["id"])
@@ -155,7 +158,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertEqual(self.ref["id"], objects["intra_extension_uuid"])
self.assertIsInstance(objects["objects"], dict)
- new_object = self.create_user()
+ new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
new_objects = dict()
new_objects[new_object["id"]] = new_object["name"]
objects = self.manager.set_object_dict("admin", self.ref["id"], new_objects)
@@ -193,6 +196,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_object["id"], objects["objects"])
def test_actions(self):
+ self.create_user("admin")
self.create_intra_extension()
actions = self.manager.get_action_dict("admin", self.ref["id"])
@@ -203,7 +207,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertEqual(self.ref["id"], actions["intra_extension_uuid"])
self.assertIsInstance(actions["actions"], dict)
- new_action = self.create_user()
+ new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
new_actions = dict()
new_actions[new_action["id"]] = new_action["name"]
actions = self.manager.set_action_dict("admin", self.ref["id"], new_actions)
@@ -241,6 +245,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_action["id"], actions["actions"])
def test_subject_categories(self):
+ self.create_user("admin")
self.create_intra_extension()
subject_categories = self.manager.get_subject_category_dict("admin", self.ref["id"])
@@ -294,6 +299,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
def test_object_categories(self):
+ self.create_user("admin")
self.create_intra_extension()
object_categories = self.manager.get_object_category_dict("admin", self.ref["id"])
@@ -347,6 +353,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_object_category["id"], object_categories["object_categories"])
def test_action_categories(self):
+ self.create_user("admin")
self.create_intra_extension()
action_categories = self.manager.get_action_category_dict("admin", self.ref["id"])
@@ -400,6 +407,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_action_category["id"], action_categories["action_categories"])
def test_subject_category_scope(self):
+ self.create_user("admin")
self.create_intra_extension()
subject_categories = self.manager.set_subject_category_dict(
@@ -479,6 +487,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"])
def test_object_category_scope(self):
+ self.create_user("admin")
self.create_intra_extension()
object_categories = self.manager.set_object_category_dict(
@@ -558,6 +567,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"])
def test_action_category_scope(self):
+ self.create_user("admin")
self.create_intra_extension()
action_categories = self.manager.set_action_category_dict(
@@ -637,6 +647,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"])
def test_subject_category_assignment(self):
+ self.create_user("admin")
self.create_intra_extension()
new_subject = self.create_user()
@@ -784,9 +795,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
subject_category_assignments["subject_category_assignments"][new_subject["id"]])
def test_object_category_assignment(self):
+ self.create_user("admin")
self.create_intra_extension()
- new_object = self.create_user()
+ new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
new_objects = dict()
new_objects[new_object["id"]] = new_object["name"]
objects = self.manager.set_object_dict("admin", self.ref["id"], new_objects)
@@ -931,9 +943,10 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
object_category_assignments["object_category_assignments"][new_object["id"]])
def test_action_category_assignment(self):
+ self.create_user("admin")
self.create_intra_extension()
- new_action = self.create_user()
+ new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
new_actions = dict()
new_actions[new_action["id"]] = new_action["name"]
actions = self.manager.set_action_dict("admin", self.ref["id"], new_actions)
@@ -1078,6 +1091,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
action_category_assignments["action_category_assignments"][new_action["id"]])
def test_sub_meta_rules(self):
+ self.create_user("admin")
self.create_intra_extension()
aggregation_algorithms = self.manager.get_aggregation_algorithms("admin", self.ref["id"])
@@ -1152,6 +1166,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
)
def test_sub_rules(self):
+ self.create_user("admin")
self.create_intra_extension()
sub_meta_rules = self.manager.get_sub_meta_rule("admin", self.ref["id"])
@@ -1166,7 +1181,6 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(relation, self.manager.get_sub_meta_rule_relations("admin", self.ref["id"])["sub_meta_rule_relations"])
rules[relation] = list()
for rule in sub_rules["rules"][relation]:
- print(rule)
for cat, cat_func, func_name in (
("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"),
("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"),
@@ -1179,7 +1193,6 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
cat_value
)
a_scope = rule.pop(0)
- print(a_scope)
if type(a_scope) is not bool:
self.assertIn(a_scope, scope[func_name][cat_value])
@@ -1242,7 +1255,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
return {
"moonlog_api": LogManager(),
"tenant_api": TenantManager(),
- "resource_api": resource.Manager(),
+ # "resource_api": resource.Manager(),
}
def config_overrides(self):
@@ -1282,8 +1295,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
def create_intra_extension(self, policy_model="policy_rbac_authz"):
IE["policymodel"] = policy_model
+ IE["name"] = uuid.uuid4().hex
ref = self.admin_manager.load_intra_extension(IE)
- self.assertIsInstance(self.ref, dict)
+ self.assertIsInstance(ref, dict)
return ref
def test_subjects(self):
@@ -2222,7 +2236,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
ref = self.create_intra_extension()
demo_user = self.create_user("demo")
- new_object = self.create_user()
+ new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
new_objects = dict()
new_objects[new_object["id"]] = new_object["name"]
objects = self.manager.set_object_dict(admin_user["id"], ref["id"], new_objects)
@@ -2402,7 +2416,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
ref = self.create_intra_extension()
demo_user = self.create_user("demo")
- new_action = self.create_user()
+ new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
new_actions = dict()
new_actions[new_action["id"]] = new_action["name"]
actions = self.manager.set_action_dict(admin_user["id"], ref["id"], new_actions)
@@ -2702,7 +2716,6 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn(relation, self.manager.get_sub_meta_rule_relations(admin_user["id"], ref["id"])["sub_meta_rule_relations"])
rules[relation] = list()
for rule in sub_rules["rules"][relation]:
- print(rule)
for cat, cat_func, func_name in (
("subject_categories", self.manager.get_subject_category_scope_dict, "subject_category_scope"),
("action_categories", self.manager.get_action_category_scope_dict, "action_category_scope"),
@@ -2715,7 +2728,6 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
cat_value
)
a_scope = rule.pop(0)
- print(a_scope)
if type(a_scope) is not bool:
self.assertIn(a_scope, scope[func_name][cat_value])
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 64a2d38f..4752632b 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -48,7 +48,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
return {
"moonlog_api": LogManager(),
"tenant_api": TenantManager(),
- "resource_api": resource.Manager(),
+ # "resource_api": resource.Manager(),
}
def config_overrides(self):
@@ -88,8 +88,9 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
def create_intra_extension(self, policy_model="policy_rbac_authz"):
IE["policymodel"] = policy_model
+ IE["name"] = uuid.uuid4().hex
ref = self.admin_manager.load_intra_extension(IE)
- self.assertIsInstance(self.ref, dict)
+ self.assertIsInstance(ref, dict)
return ref
def test_tenant_exceptions(self):
@@ -337,10 +338,13 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual(True, result)
def test_subjects(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
- subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"])
+ subjects = self.manager.get_subject_dict(admin_user["id"], tenant["id"])
self.assertIsInstance(subjects, dict)
self.assertIn("subjects", subjects)
self.assertIn("id", subjects)
@@ -369,10 +373,13 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_subject["id"])
def test_objects(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
- objects = self.manager.get_object_dict(admin_user["id"], ref["id"])
+ objects = self.manager.get_object_dict(admin_user["id"], tenant["id"])
self.assertIsInstance(objects, dict)
self.assertIn("objects", objects)
self.assertIn("id", objects)
@@ -401,10 +408,13 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_object["name"])
def test_actions(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
- actions = self.manager.get_action_dict(admin_user["id"], ref["id"])
+ actions = self.manager.get_action_dict(admin_user["id"], tenant["id"])
self.assertIsInstance(actions, dict)
self.assertIn("actions", actions)
self.assertIn("id", actions)
@@ -433,8 +443,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_action["id"])
def test_subject_categories(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
subject_categories = self.manager.get_subject_category_dict(admin_user["id"], ref["id"])
self.assertIsInstance(subject_categories, dict)
@@ -465,8 +478,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_subject_category["name"])
def test_object_categories(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
object_categories = self.manager.get_object_category_dict(admin_user["id"], ref["id"])
self.assertIsInstance(object_categories, dict)
@@ -497,8 +513,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_object_category["name"])
def test_action_categories(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
action_categories = self.manager.get_action_category_dict(admin_user["id"], ref["id"])
self.assertIsInstance(action_categories, dict)
@@ -529,8 +548,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_action_category["name"])
def test_subject_category_scope(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
subject_categories = self.admin_manager.set_subject_category_dict(
admin_user["id"],
@@ -574,8 +596,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid])
def test_object_category_scope(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
object_categories = self.admin_manager.set_object_category_dict(
admin_user["id"],
@@ -619,8 +644,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid])
def test_action_category_scope(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
action_categories = self.admin_manager.set_action_category_dict(
admin_user["id"],
@@ -664,8 +692,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid])
def test_subject_category_assignment(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_subject = self.create_user()
new_subjects = dict()
@@ -761,8 +792,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_subject_category_scope_uuid)
def test_object_category_assignment(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
new_objects = dict()
@@ -858,8 +892,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_object_category_scope_uuid)
def test_action_category_assignment(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
new_actions = dict()
@@ -955,8 +992,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_action_category_scope_uuid)
def test_sub_meta_rules(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
aggregation_algorithms = self.manager.get_aggregation_algorithms(admin_user["id"], ref["id"])
self.assertIsInstance(aggregation_algorithms, dict)
@@ -1021,14 +1061,17 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"])
self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
metarule[relation]["subject_categories"].append(new_subject_category["id"])
- self.MetaRuleAddNotAuthorized(
- AdminException,
+ self.assertRaises(
+ MetaRuleAddNotAuthorized,
self.manager.set_sub_meta_rule,
admin_user["id"], ref["id"], metarule)
def test_sub_rules(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"])
self.assertIsInstance(sub_meta_rules, dict)