summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/tests
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/tests')
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py54
-rw-r--r--keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py78
2 files changed, 83 insertions, 49 deletions
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
index 684b9695..f527ee9e 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_admin.py
@@ -60,7 +60,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
group='moon',
policy_directory=self.policy_directory)
- def create_intra_extension(self, policy_model="policy_rbac_admin"):
+ def create_intra_extension(self, policy_model="policy_admin"):
# Create the admin user because IntraExtension needs it
#self.admin = self.identity_api.create_user(USER)
IE["policymodel"] = policy_model
@@ -99,6 +99,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.manager.delete_intra_extension(self.ref["id"])
def test_subjects(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -147,6 +148,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_subject["id"], subjects["subjects"])
def test_objects(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -196,6 +198,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_object["id"], objects["objects"])
def test_actions(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -245,6 +248,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_action["id"], actions["actions"])
def test_subject_categories(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -299,6 +303,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
def test_object_categories(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -353,6 +358,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_object_category["id"], object_categories["object_categories"])
def test_action_categories(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -407,6 +413,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertIn(new_action_category["id"], action_categories["action_categories"])
def test_subject_category_scope(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -487,6 +494,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"])
def test_object_category_scope(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -567,6 +575,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"])
def test_action_category_scope(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -647,6 +656,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"])
def test_subject_category_assignment(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -795,6 +805,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
subject_category_assignments["subject_category_assignments"][new_subject["id"]])
def test_object_category_assignment(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -943,6 +954,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
object_category_assignments["object_category_assignments"][new_object["id"]])
def test_action_category_assignment(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -1091,6 +1103,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
action_category_assignments["action_category_assignments"][new_action["id"]])
def test_sub_meta_rules(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -1166,6 +1179,7 @@ class TestIntraExtensionAdminManagerOK(tests.TestCase):
)
def test_sub_rules(self):
+ self.create_user("demo")
self.create_user("admin")
self.create_intra_extension()
@@ -1292,7 +1306,7 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
_USER["name"] = username
return self.identity_api.create_user(_USER)
- def create_intra_extension(self, policy_model="policy_rbac_authz"):
+ def create_intra_extension(self, policy_model="policy_authz"):
IE["policymodel"] = policy_model
IE["name"] = uuid.uuid4().hex
@@ -1302,8 +1316,8 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
def test_subjects(self):
admin_user = self.create_user("admin")
- ref = self.create_intra_extension()
demo_user = self.create_user("demo")
+ ref = self.create_intra_extension()
self.assertRaises(
SubjectReadNotAuthorized,
@@ -1372,8 +1386,8 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
def test_objects(self):
admin_user = self.create_user("admin")
- ref = self.create_intra_extension()
demo_user = self.create_user("demo")
+ ref = self.create_intra_extension()
self.assertRaises(
ObjectReadNotAuthorized,
@@ -1443,8 +1457,8 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
def test_actions(self):
admin_user = self.create_user("admin")
- ref = self.create_intra_extension()
demo_user = self.create_user("demo")
+ ref = self.create_intra_extension()
self.assertRaises(
ActionReadNotAuthorized,
@@ -1513,9 +1527,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn(new_action["id"], actions["actions"])
def test_subject_categories(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
self.assertRaises(
SubjectCategoryReadNotAuthorized,
@@ -1589,9 +1603,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn(new_subject_category["id"], subject_categories["subject_categories"])
def test_object_categories(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
self.assertRaises(
ObjectCategoryReadNotAuthorized,
@@ -1665,9 +1679,15 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn(new_object_category["id"], object_categories["object_categories"])
def test_action_categories(self):
- admin_user = self.create_user("admin")
- ref = self.create_intra_extension()
+ admin_user = self.create_user()
demo_user = self.create_user("demo")
+ tenant = self.create_tenant()
+ ie_authz = self.create_intra_extension("policy_authz")
+ ie_admin = self.create_intra_extension("policy_admin")
+ mapping = self.create_mapping(tenant, ie_authz["id"], ie_admin["id"])
+ ref = ie_authz
+ # admin_user = self.create_user("admin")
+ # ref = self.create_intra_extension()
self.assertRaises(
ActionCategoryReadNotAuthorized,
@@ -1740,9 +1760,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertIn(new_action_category["id"], action_categories["action_categories"])
def test_subject_category_scope(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
subject_categories = self.manager.set_subject_category_dict(
admin_user["id"],
@@ -1843,9 +1863,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertNotIn(new_subject_category_scope_uuid, subject_category_scope["subject_category_scope"])
def test_object_category_scope(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
object_categories = self.manager.set_object_category_dict(
admin_user["id"],
@@ -1947,9 +1967,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertNotIn(new_object_category_scope_uuid, object_category_scope["object_category_scope"])
def test_action_category_scope(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
action_categories = self.manager.set_action_category_dict(
admin_user["id"],
@@ -2053,9 +2073,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
self.assertNotIn(new_action_category_scope_uuid, action_category_scope["action_category_scope"])
def test_subject_category_assignment(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
new_subject = self.create_user()
new_subjects = dict()
@@ -2232,9 +2252,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
subject_category_assignments["subject_category_assignments"][new_subject["id"]])
def test_object_category_assignment(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
new_objects = dict()
@@ -2412,9 +2432,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
object_category_assignments["object_category_assignments"][new_object["id"]])
def test_action_category_assignment(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
new_actions = dict()
@@ -2592,9 +2612,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
action_category_assignments["action_category_assignments"][new_action["id"]])
def test_sub_meta_rules(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
aggregation_algorithms = self.manager.get_aggregation_algorithms(admin_user["id"], ref["id"])
self.assertIsInstance(aggregation_algorithms, dict)
@@ -2694,9 +2714,9 @@ class TestIntraExtensionAdminManagerKO(tests.TestCase):
)
def test_sub_rules(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user("admin")
ref = self.create_intra_extension()
- demo_user = self.create_user("demo")
sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"])
self.assertIsInstance(sub_meta_rules, dict)
diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index 4752632b..e2e151ed 100644
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -27,7 +27,7 @@ USER = {
IE = {
"name": "test IE",
- "policymodel": "policy_rbac_authz",
+ "policymodel": "policy_authz",
"description": "a simple description."
}
@@ -85,7 +85,7 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
_USER["name"] = username
return self.identity_api.create_user(_USER)
- def create_intra_extension(self, policy_model="policy_rbac_authz"):
+ def create_intra_extension(self, policy_model="policy_authz"):
IE["policymodel"] = policy_model
IE["name"] = uuid.uuid4().hex
@@ -149,8 +149,8 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user = self.create_user()
tenant = self.create_tenant()
- ie_authz = self.create_intra_extension("policy_rbac_authz")
- ie_admin = self.create_intra_extension("policy_rbac_admin")
+ ie_authz = self.create_intra_extension("policy_authz")
+ ie_admin = self.create_intra_extension("policy_admin")
mapping = self.create_mapping(tenant, ie_authz["id"], ie_admin["id"])
# Test when subject is unknown
@@ -338,10 +338,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
self.assertEqual(True, result)
def test_subjects(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
subjects = self.manager.get_subject_dict(admin_user["id"], tenant["id"])
@@ -373,10 +374,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_subject["id"])
def test_objects(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
objects = self.manager.get_object_dict(admin_user["id"], tenant["id"])
@@ -408,10 +410,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_object["name"])
def test_actions(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
actions = self.manager.get_action_dict(admin_user["id"], tenant["id"])
@@ -443,10 +446,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_action["id"])
def test_subject_categories(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
subject_categories = self.manager.get_subject_category_dict(admin_user["id"], ref["id"])
@@ -478,10 +482,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_subject_category["name"])
def test_object_categories(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
object_categories = self.manager.get_object_category_dict(admin_user["id"], ref["id"])
@@ -513,10 +518,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_object_category["name"])
def test_action_categories(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
action_categories = self.manager.get_action_category_dict(admin_user["id"], ref["id"])
@@ -548,10 +554,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], new_action_category["name"])
def test_subject_category_scope(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
subject_categories = self.admin_manager.set_subject_category_dict(
@@ -596,10 +603,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], subject_category, new_subject_category_scope[new_subject_category_scope_uuid])
def test_object_category_scope(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
object_categories = self.admin_manager.set_object_category_dict(
@@ -644,10 +652,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], object_category, new_object_category_scope[new_object_category_scope_uuid])
def test_action_category_scope(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
action_categories = self.admin_manager.set_action_category_dict(
@@ -692,10 +701,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], action_category, new_action_category_scope[new_action_category_scope_uuid])
def test_subject_category_assignment(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_subject = self.create_user()
@@ -792,10 +802,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_subject_category_scope_uuid)
def test_object_category_assignment(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_object = {"id": uuid.uuid4().hex, "name": "my_object"}
@@ -892,10 +903,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_object_category_scope_uuid)
def test_action_category_assignment(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
new_action = {"id": uuid.uuid4().hex, "name": "my_action"}
@@ -992,10 +1004,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
new_action_category_scope_uuid)
def test_sub_meta_rules(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
aggregation_algorithms = self.manager.get_aggregation_algorithms(admin_user["id"], ref["id"])
@@ -1067,10 +1080,11 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
admin_user["id"], ref["id"], metarule)
def test_sub_rules(self):
+ demo_user = self.create_user("demo")
admin_user = self.create_user()
tenant = self.create_tenant()
- ref = self.create_intra_extension("policy_rbac_authz")
- ref_admin = self.create_intra_extension("policy_rbac_admin")
+ ref = self.create_intra_extension("policy_authz")
+ ref_admin = self.create_intra_extension("policy_admin")
self.create_mapping(tenant, ref["id"], ref_admin["id"])
sub_meta_rules = self.manager.get_sub_meta_rule(admin_user["id"], ref["id"])