aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py')
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py85
1 files changed, 64 insertions, 21 deletions
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 64a2d38f..4752632b 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -48,7 +48,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
return {
"moonlog_api": LogManager(),
"tenant_api": TenantManager(),
- "resource_api": resource.Manager(),
+ # "resource_api": resource.Manager(),
}
def config_overrides(self):
@@ -88,8 +88,9 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
def create_intra_extension(self, policy_model="policy_rbac_authz"):
IE["policymodel"] = policy_model
+ IE["name"] = uuid.uuid4().hex
ref = self.admin_manager.load_intra_extension(IE)
- self.assertIsInstance(self.ref, dict)
+ self.assertIsInstance(ref, dict)
return ref
def test_tenant_exceptions(self):
@@ -337,10 +338,13 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual(True, result)
def test_subjects(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
- subjects = self.manager.get_subject_dict(admin_user["id"], ref["id"])
+ subjects = self.manager.get_subject_dict(admin_user["id"], tenant["id"])
self.assertIsInstance(subjects, dict)
self.assertIn("subjects", subjects)
self.assertIn("id", subjects)
@@ -369,10 +373,13 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_subject["id"])
def test_objects(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
- objects = self.manager.get_object_dict(admin_user["id"], ref["id"])
+ objects = self.manager.get_object_dict(admin_user["id"], tenant["id"])
self.assertIsInstance(objects, dict)
self.assertIn("objects", objects)
self.assertIn("id", objects)
@@ -401,10 +408,13 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_object["name"])
def test_actions(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
- actions = self.manager.get_action_dict(admin_user["id"], ref["id"])
+ actions = self.manager.get_action_dict(admin_user["id"], tenant["id"])
self.assertIsInstance(actions, dict)
self.assertIn("actions", actions)
self.assertIn("id", actions)
@@ -433,8 +443,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_action["id"])
def test_subject_categories(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
subject_categories = self.manager.get_subject_category_dict(admin_user["id"], ref["id"])
self.assertIsInstance(subject_categories, dict)
@@ -465,8 +478,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_subject_category["name"])
def test_object_categories(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
object_categories = self.manager.get_object_category_dict(admin_user["id"], ref["id"])
self.assertIsInstance(object_categories, dict)
@@ -497,8 +513,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_object_category["name"])
def test_action_categories(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
action_categories = self.manager.get_action_category_dict(admin_user["id"], ref["id"])
self.assertIsInstance(action_categories, dict)
@@ -529,8 +548,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_action_category["name"])
def test_subject_category_scope(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
subject_categories = self.admin_manager.set_subject_category_dict(
admin_user["id"],
@@ -574,8 +596,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid])
def test_object_category_scope(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
object_categories = self.admin_manager.set_object_category_dict(
admin_user["id"],
@@ -619,8 +644,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid])
def test_action_category_scope(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
action_categories = self.admin_manager.set_action_category_dict(
admin_user["id"],
@@ -664,8 +692,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid])
def test_subject_category_assignment(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_subject = self.create_user()
new_subjects = dict()
@@ -761,8 +792,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_subject_category_scope_uuid)
def test_object_category_assignment(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
new_objects = dict()
@@ -858,8 +892,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_object_category_scope_uuid)
def test_action_category_assignment(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
new_actions = dict()
@@ -955,8 +992,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_action_category_scope_uuid)
def test_sub_meta_rules(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
aggregation_algorithms = self.manager.get_aggregation_algorithms(admin_user["id"], ref["id"])
self.assertIsInstance(aggregation_algorithms, dict)
@@ -1021,14 +1061,17 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual(ref["id"], subject_categories["intra_extension_uuid"])
self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
metarule[relation]["subject_categories"].append(new_subject_category["id"])
- self.MetaRuleAddNotAuthorized(
- AdminException,
+ self.assertRaises(
+ MetaRuleAddNotAuthorized,
self.manager.set_sub_meta_rule,
admin_user["id"], ref["id"], metarule)
def test_sub_rules(self):
- ref = self.create_intra_extension()
admin_user = self.create_user()
+ tenant = self.create_tenant()
+ ref = self.create_intra_extension("policy_rbac_authz")
+ ref_admin = self.create_intra_extension("policy_rbac_admin")
+ self.create_mapping(tenant, ref["id"], ref_admin["id"])
sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"])
self.assertIsInstance(sub_meta_rules, dict)