How to use _create_implied_role method in tempest

Best Python code snippet using tempest_python

test_roles.py

Source:test_roles.py Github

copy

Full Screen

...161 # Return a list of all roles162 body = self.roles_client.list_roles()['roles']163 found = [role for role in body if role in self.roles]164 self.assertEqual(len(found), len(self.roles))165 def _create_implied_role(self, prior_role_id, implies_role_id,166 ignore_not_found=False):167 self.roles_client.create_role_inference_rule(168 prior_role_id, implies_role_id)169 if ignore_not_found:170 self.addCleanup(171 test_utils.call_and_ignore_notfound_exc,172 self.roles_client.delete_role_inference_rule,173 prior_role_id,174 implies_role_id)175 else:176 self.addCleanup(177 self.roles_client.delete_role_inference_rule,178 prior_role_id,179 implies_role_id)180 @decorators.idempotent_id('c90c316c-d706-4728-bcba-eb1912081b69')181 def test_implied_roles_create_check_show_delete(self):182 prior_role_id = self.roles[0]['id']183 implies_role_id = self.roles[1]['id']184 # Create an inference rule from prior_role to implies_role185 self._create_implied_role(prior_role_id, implies_role_id,186 ignore_not_found=True)187 # Check if the inference rule exists188 self.roles_client.check_role_inference_rule(189 prior_role_id, implies_role_id)190 # Show the inference rule and check its elements191 resp_body = self.roles_client.show_role_inference_rule(192 prior_role_id, implies_role_id)193 self.assertIn('role_inference', resp_body)194 role_inference = resp_body['role_inference']195 for key1 in ['prior_role', 'implies']:196 self.assertIn(key1, role_inference)197 for key2 in ['id', 'links', 'name']:198 self.assertIn(key2, role_inference[key1])199 # Delete the inference rule200 self.roles_client.delete_role_inference_rule(201 prior_role_id, implies_role_id)202 # Check if the inference rule no longer exists203 self.assertRaises(204 lib_exc.NotFound,205 self.roles_client.show_role_inference_rule,206 prior_role_id,207 implies_role_id)208 @decorators.idempotent_id('dc6f5959-b74d-4e30-a9e5-a8255494ff00')209 def test_roles_hierarchy(self):210 # Create inference rule from "roles[0]" to "role[1]"211 self._create_implied_role(212 self.roles[0]['id'], self.roles[1]['id'])213 # Create inference rule from "roles[0]" to "role[2]"214 self._create_implied_role(215 self.roles[0]['id'], self.roles[2]['id'])216 # Create inference rule from "roles[2]" to "role"217 self._create_implied_role(218 self.roles[2]['id'], self.role['id'])219 # Listing inferences rules from "roles[2]" should only return "role"220 rules = self.roles_client.list_role_inferences_rules(221 self.roles[2]['id'])['role_inference']222 self.assertEqual(1, len(rules['implies']))223 self.assertEqual(self.role['id'], rules['implies'][0]['id'])224 # Listing inferences rules from "roles[0]" should return "roles[1]" and225 # "roles[2]" (only direct rules are listed)226 rules = self.roles_client.list_role_inferences_rules(227 self.roles[0]['id'])['role_inference']228 implies_ids = [role['id'] for role in rules['implies']]229 self.assertEqual(2, len(implies_ids))230 self.assertIn(self.roles[1]['id'], implies_ids)231 self.assertIn(self.roles[2]['id'], implies_ids)232 @decorators.idempotent_id('c8828027-df48-4021-95df-b65b92c7429e')233 def test_assignments_for_implied_roles_create_delete(self):234 # Create a grant using "roles[0]"235 self.roles_client.create_user_role_on_project(236 self.project['id'], self.user_body['id'], self.roles[0]['id'])237 self.addCleanup(238 self.roles_client.delete_role_from_user_on_project,239 self.project['id'], self.user_body['id'], self.roles[0]['id'])240 # Create an inference rule from "roles[0]" to "roles[1]"241 self._create_implied_role(self.roles[0]['id'], self.roles[1]['id'],242 ignore_not_found=True)243 # In the effective list of role assignments, both prior role and244 # implied role should be present. This means that a user can245 # authenticate using both roles (both roles will be present246 # in the token).247 params = {'scope.project.id': self.project['id'],248 'user.id': self.user_body['id']}249 role_assignments = self.role_assignments.list_role_assignments(250 effective=True, **params)['role_assignments']251 self.assertEqual(2, len(role_assignments))252 roles_ids = [assignment['role']['id']253 for assignment in role_assignments]254 self.assertIn(self.roles[0]['id'], roles_ids)255 self.assertIn(self.roles[1]['id'], roles_ids)256 # After deleting the implied role, only the assignment with "roles[0]"257 # should be present.258 self.roles_client.delete_role_inference_rule(259 self.roles[0]['id'], self.roles[1]['id'])260 role_assignments = self.role_assignments.list_role_assignments(261 effective=True, **params)['role_assignments']262 self.assertEqual(1, len(role_assignments))263 roles_ids = [assignment['role']['id']264 for assignment in role_assignments]265 self.assertIn(self.roles[0]['id'], roles_ids)266 @decorators.idempotent_id('d92a41d2-5501-497a-84bb-6e294330e8f8')267 def test_domain_roles_create_delete(self):268 domain_role = self.roles_client.create_role(269 name=data_utils.rand_name('domain_role'),270 domain_id=self.domain['id'])['role']271 self.addCleanup(272 test_utils.call_and_ignore_notfound_exc,273 self.roles_client.delete_role,274 domain_role['id'])275 domain_roles = self.roles_client.list_roles(276 domain_id=self.domain['id'])['roles']277 self.assertEqual(1, len(domain_roles))278 self.assertIn(domain_role, domain_roles)279 self.roles_client.delete_role(domain_role['id'])280 domain_roles = self.roles_client.list_roles(281 domain_id=self.domain['id'])['roles']282 self.assertEmpty(domain_roles)283 @decorators.idempotent_id('eb1e1c24-1bc4-4d47-9748-e127a1852c82')284 def test_implied_domain_roles(self):285 # Create two roles in the same domain286 domain_role1 = self.setup_test_role(domain_id=self.domain['id'])287 domain_role2 = self.setup_test_role(domain_id=self.domain['id'])288 # Check if we can create an inference rule from roles in the same289 # domain290 self._create_implied_role(domain_role1['id'], domain_role2['id'])291 # Create another role in a different domain292 domain2 = self.setup_test_domain()293 domain_role3 = self.setup_test_role(domain_id=domain2['id'])294 # Check if we can create cross domain implied roles295 self._create_implied_role(domain_role1['id'], domain_role3['id'])296 # Finally, we also should be able to create an implied from a297 # domain role to a global one298 self._create_implied_role(domain_role1['id'], self.role['id'])299 if CONF.identity_feature_enabled.forbid_global_implied_dsr:300 # The contrary is not true: we can't create an inference rule301 # from a global role to a domain role302 self.assertRaises(303 lib_exc.Forbidden,304 self.roles_client.create_role_inference_rule,305 self.role['id'],306 domain_role1['id'])307 @decorators.idempotent_id('3859df7e-5b78-4e4d-b10e-214c8953842a')308 def test_assignments_for_domain_roles(self):309 domain_role = self.setup_test_role(domain_id=self.domain['id'])310 # Create a grant using "domain_role"311 self.roles_client.create_user_role_on_project(312 self.project['id'], self.user_body['id'], domain_role['id'])313 self.addCleanup(314 self.roles_client.delete_role_from_user_on_project,315 self.project['id'], self.user_body['id'], domain_role['id'])316 # NOTE(rodrigods): Regular roles would appear in the effective317 # list of role assignments (meaning the role would be returned in318 # a token) as a result from the grant above. This is not the case319 # for domain roles, they should not appear in the effective role320 # assignments list.321 params = {'scope.project.id': self.project['id'],322 'user.id': self.user_body['id']}323 role_assignments = self.role_assignments.list_role_assignments(324 effective=True, **params)['role_assignments']325 self.assertEmpty(role_assignments)326 @decorators.idempotent_id('3748c316-c18f-4b08-997b-c60567bc6235')327 def test_list_all_implied_roles(self):328 # Create inference rule from "roles[0]" to "roles[1]"329 self._create_implied_role(330 self.roles[0]['id'], self.roles[1]['id'])331 # Create inference rule from "roles[0]" to "roles[2]"332 self._create_implied_role(333 self.roles[0]['id'], self.roles[2]['id'])334 # Create inference rule from "roles[2]" to "role"335 self._create_implied_role(336 self.roles[2]['id'], self.role['id'])337 rules = self.roles_client.list_all_role_inference_rules()[338 'role_inferences']339 # Sort the rules by the number of inferences, since there should be 1340 # inference between "roles[2]" and "role" and 2 inferences for341 # "roles[0]": between "roles[1]" and "roles[2]".342 sorted_rules = sorted(rules, key=lambda r: len(r['implies']))343 # Check that 2 sets of rules are returned.344 self.assertEqual(2, len(sorted_rules))345 # Check that only 1 inference rule exists between "roles[2]" and "role"346 self.assertEqual(1, len(sorted_rules[0]['implies']))347 # Check that 2 inference rules exist for "roles[0]": one between348 # "roles[1]" and one between "roles[2]".349 self.assertEqual(2, len(sorted_rules[1]['implies']))...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run tempest automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

... View sample repo... View DocumentationSign up Free
_

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

...
Sign up with GoogleSign up with Email
Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful