How to use delete_access_rule method in tempest

Best Python code snippet using tempest_python

test_rules.py

Source:test_rules.py Github

copy

Full Screen

...42 self.shares_v2_client.wait_for_share_status(43 self.share["id"], "active", status_attr='access_rules_status',44 version=version)45 if utils.is_microversion_eq(version, '1.0'):46 self.shares_client.delete_access_rule(self.share["id"], rule["id"])47 self.shares_client.wait_for_resource_deletion(48 rule_id=rule["id"], share_id=self.share['id'])49 else:50 self.shares_v2_client.delete_access_rule(51 self.share["id"], rule["id"], version=version)52 self.shares_v2_client.wait_for_resource_deletion(53 rule_id=rule["id"], share_id=self.share['id'], version=version)54@ddt.ddt55class ShareIpRulesForNFSTest(base.BaseSharesTest):56 protocol = "nfs"57 @classmethod58 def resource_setup(cls):59 super(ShareIpRulesForNFSTest, cls).resource_setup()60 if (cls.protocol not in CONF.share.enable_protocols or61 cls.protocol not in CONF.share.enable_ip_rules_for_protocols):62 msg = "IP rule tests for %s protocol are disabled" % cls.protocol63 raise cls.skipException(msg)64 cls.share = cls.create_share(cls.protocol)65 cls.access_type = "ip"66 cls.access_to = "2.2.2.2"67 @test.attr(type=["gate", ])68 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)69 def test_create_delete_access_rules_with_one_ip(self, version):70 # test data71 access_to = "1.1.1.1"72 # create rule73 if utils.is_microversion_eq(version, '1.0'):74 rule = self.shares_client.create_access_rule(75 self.share["id"], self.access_type, access_to)76 else:77 rule = self.shares_v2_client.create_access_rule(78 self.share["id"], self.access_type, access_to,79 version=version)80 self.assertEqual('rw', rule['access_level'])81 for key in ('deleted', 'deleted_at', 'instance_mappings'):82 self.assertNotIn(key, rule.keys())83 if utils.is_microversion_eq(version, '1.0'):84 self.shares_client.wait_for_access_rule_status(85 self.share["id"], rule["id"], "active")86 elif utils.is_microversion_eq(version, '2.9'):87 self.shares_v2_client.wait_for_access_rule_status(88 self.share["id"], rule["id"], "active")89 else:90 self.shares_v2_client.wait_for_share_status(91 self.share["id"], "active", status_attr='access_rules_status',92 version=version)93 # delete rule and wait for deletion94 if utils.is_microversion_eq(version, '1.0'):95 self.shares_client.delete_access_rule(self.share["id"], rule["id"])96 self.shares_client.wait_for_resource_deletion(97 rule_id=rule["id"], share_id=self.share['id'])98 else:99 self.shares_v2_client.delete_access_rule(100 self.share["id"], rule["id"], version=version)101 self.shares_v2_client.wait_for_resource_deletion(102 rule_id=rule["id"], share_id=self.share['id'], version=version)103 @test.attr(type=["gate", ])104 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)105 def test_create_delete_access_rule_with_cidr(self, version):106 # test data107 access_to = "1.2.3.4/32"108 # create rule109 if utils.is_microversion_eq(version, '1.0'):110 rule = self.shares_client.create_access_rule(111 self.share["id"], self.access_type, access_to)112 else:113 rule = self.shares_v2_client.create_access_rule(114 self.share["id"], self.access_type, access_to,115 version=version)116 for key in ('deleted', 'deleted_at', 'instance_mappings'):117 self.assertNotIn(key, rule.keys())118 self.assertEqual('rw', rule['access_level'])119 if utils.is_microversion_eq(version, '1.0'):120 self.shares_client.wait_for_access_rule_status(121 self.share["id"], rule["id"], "active")122 elif utils.is_microversion_eq(version, '2.9'):123 self.shares_v2_client.wait_for_access_rule_status(124 self.share["id"], rule["id"], "active")125 else:126 self.shares_v2_client.wait_for_share_status(127 self.share["id"], "active", status_attr='access_rules_status',128 version=version)129 # delete rule and wait for deletion130 if utils.is_microversion_eq(version, '1.0'):131 self.shares_client.delete_access_rule(self.share["id"], rule["id"])132 self.shares_client.wait_for_resource_deletion(133 rule_id=rule["id"], share_id=self.share['id'])134 else:135 self.shares_v2_client.delete_access_rule(136 self.share["id"], rule["id"], version=version)137 self.shares_v2_client.wait_for_resource_deletion(138 rule_id=rule["id"], share_id=self.share['id'], version=version)139 @test.attr(type=["gate", ])140 @testtools.skipIf(141 "nfs" not in CONF.share.enable_ro_access_level_for_protocols,142 "RO access rule tests are disabled for NFS protocol.")143 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)144 def test_create_delete_ro_access_rule(self, client_name):145 _create_delete_ro_access_rule(self, client_name)146@ddt.ddt147class ShareIpRulesForCIFSTest(ShareIpRulesForNFSTest):148 protocol = "cifs"149 @test.attr(type=["gate", ])150 @testtools.skipIf(151 "cifs" not in CONF.share.enable_ro_access_level_for_protocols,152 "RO access rule tests are disabled for CIFS protocol.")153 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)154 def test_create_delete_ro_access_rule(self, version):155 _create_delete_ro_access_rule(self, version)156@ddt.ddt157class ShareUserRulesForNFSTest(base.BaseSharesTest):158 protocol = "nfs"159 @classmethod160 def resource_setup(cls):161 super(ShareUserRulesForNFSTest, cls).resource_setup()162 if (cls.protocol not in CONF.share.enable_protocols or163 cls.protocol not in164 CONF.share.enable_user_rules_for_protocols):165 msg = "USER rule tests for %s protocol are disabled" % cls.protocol166 raise cls.skipException(msg)167 cls.share = cls.create_share(cls.protocol)168 cls.access_type = "user"169 cls.access_to = CONF.share.username_for_user_rules170 @test.attr(type=["gate", ])171 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)172 def test_create_delete_user_rule(self, version):173 # create rule174 if utils.is_microversion_eq(version, '1.0'):175 rule = self.shares_client.create_access_rule(176 self.share["id"], self.access_type, self.access_to)177 else:178 rule = self.shares_v2_client.create_access_rule(179 self.share["id"], self.access_type, self.access_to,180 version=version)181 self.assertEqual('rw', rule['access_level'])182 for key in ('deleted', 'deleted_at', 'instance_mappings'):183 self.assertNotIn(key, rule.keys())184 if utils.is_microversion_eq(version, '1.0'):185 self.shares_client.wait_for_access_rule_status(186 self.share["id"], rule["id"], "active")187 elif utils.is_microversion_eq(version, '2.9'):188 self.shares_v2_client.wait_for_access_rule_status(189 self.share["id"], rule["id"], "active")190 else:191 self.shares_v2_client.wait_for_share_status(192 self.share["id"], "active", status_attr='access_rules_status',193 version=version)194 # delete rule and wait for deletion195 if utils.is_microversion_eq(version, '1.0'):196 self.shares_client.delete_access_rule(self.share["id"], rule["id"])197 self.shares_client.wait_for_resource_deletion(198 rule_id=rule["id"], share_id=self.share['id'])199 else:200 self.shares_v2_client.delete_access_rule(201 self.share["id"], rule["id"], version=version)202 self.shares_v2_client.wait_for_resource_deletion(203 rule_id=rule["id"], share_id=self.share['id'], version=version)204 @test.attr(type=["gate", ])205 @testtools.skipIf(206 "nfs" not in CONF.share.enable_ro_access_level_for_protocols,207 "RO access rule tests are disabled for NFS protocol.")208 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)209 def test_create_delete_ro_access_rule(self, version):210 _create_delete_ro_access_rule(self, version)211@ddt.ddt212class ShareUserRulesForCIFSTest(ShareUserRulesForNFSTest):213 protocol = "cifs"214 @test.attr(type=["gate", ])215 @testtools.skipIf(216 "cifs" not in CONF.share.enable_ro_access_level_for_protocols,217 "RO access rule tests are disabled for CIFS protocol.")218 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)219 def test_create_delete_ro_access_rule(self, version):220 _create_delete_ro_access_rule(self, version)221@ddt.ddt222class ShareCertRulesForGLUSTERFSTest(base.BaseSharesTest):223 protocol = "glusterfs"224 @classmethod225 def resource_setup(cls):226 super(ShareCertRulesForGLUSTERFSTest, cls).resource_setup()227 if (cls.protocol not in CONF.share.enable_protocols or228 cls.protocol not in229 CONF.share.enable_cert_rules_for_protocols):230 msg = "Cert rule tests for %s protocol are disabled" % cls.protocol231 raise cls.skipException(msg)232 cls.share = cls.create_share(cls.protocol)233 cls.access_type = "cert"234 # Provide access to a client identified by a common name (CN) of the235 # certificate that it possesses.236 cls.access_to = "client1.com"237 @test.attr(type=["gate", ])238 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)239 def test_create_delete_cert_rule(self, version):240 # create rule241 if utils.is_microversion_eq(version, '1.0'):242 rule = self.shares_client.create_access_rule(243 self.share["id"], self.access_type, self.access_to)244 else:245 rule = self.shares_v2_client.create_access_rule(246 self.share["id"], self.access_type, self.access_to,247 version=version)248 self.assertEqual('rw', rule['access_level'])249 for key in ('deleted', 'deleted_at', 'instance_mappings'):250 self.assertNotIn(key, rule.keys())251 if utils.is_microversion_eq(version, '1.0'):252 self.shares_client.wait_for_access_rule_status(253 self.share["id"], rule["id"], "active")254 elif utils.is_microversion_eq(version, '2.9'):255 self.shares_v2_client.wait_for_access_rule_status(256 self.share["id"], rule["id"], "active")257 else:258 self.shares_v2_client.wait_for_share_status(259 self.share["id"], "active", status_attr='access_rules_status',260 version=version)261 # delete rule262 if utils.is_microversion_eq(version, '1.0'):263 self.shares_client.delete_access_rule(self.share["id"], rule["id"])264 self.shares_client.wait_for_resource_deletion(265 rule_id=rule["id"], share_id=self.share['id'])266 else:267 self.shares_v2_client.delete_access_rule(268 self.share["id"], rule["id"], version=version)269 self.shares_v2_client.wait_for_resource_deletion(270 rule_id=rule["id"], share_id=self.share['id'], version=version)271 @test.attr(type=["gate", ])272 @testtools.skipIf(273 "glusterfs" not in CONF.share.enable_ro_access_level_for_protocols,274 "RO access rule tests are disabled for GLUSTERFS protocol.")275 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)276 def test_create_delete_cert_ro_access_rule(self, version):277 if utils.is_microversion_eq(version, '1.0'):278 rule = self.shares_client.create_access_rule(279 self.share["id"], 'cert', 'client2.com', 'ro')280 else:281 rule = self.shares_v2_client.create_access_rule(282 self.share["id"], 'cert', 'client2.com', 'ro',283 version=version)284 self.assertEqual('ro', rule['access_level'])285 for key in ('deleted', 'deleted_at', 'instance_mappings'):286 self.assertNotIn(key, rule.keys())287 if utils.is_microversion_eq(version, '1.0'):288 self.shares_client.wait_for_access_rule_status(289 self.share["id"], rule["id"], "active")290 elif utils.is_microversion_eq(version, '2.9'):291 self.shares_v2_client.wait_for_access_rule_status(292 self.share["id"], rule["id"], "active")293 else:294 self.shares_v2_client.wait_for_share_status(295 self.share["id"], "active", status_attr='access_rules_status',296 version=version)297 if utils.is_microversion_eq(version, '1.0'):298 self.shares_client.delete_access_rule(self.share["id"], rule["id"])299 self.shares_client.wait_for_resource_deletion(300 rule_id=rule["id"], share_id=self.share['id'])301 else:302 self.shares_v2_client.delete_access_rule(303 self.share["id"], rule["id"], version=version)304 self.shares_v2_client.wait_for_resource_deletion(305 rule_id=rule["id"], share_id=self.share['id'], version=version)306@ddt.ddt307class ShareRulesTest(base.BaseSharesTest):308 @classmethod309 def resource_setup(cls):310 super(ShareRulesTest, cls).resource_setup()311 if not (any(p in CONF.share.enable_ip_rules_for_protocols312 for p in cls.protocols) or313 any(p in CONF.share.enable_user_rules_for_protocols314 for p in cls.protocols) or315 any(p in CONF.share.enable_cert_rules_for_protocols316 for p in cls.protocols)):317 cls.message = "Rule tests are disabled"318 raise cls.skipException(cls.message)319 if CONF.share.enable_ip_rules_for_protocols:320 cls.protocol = CONF.share.enable_ip_rules_for_protocols[0]321 cls.access_type = "ip"322 cls.access_to = "8.8.8.8"323 elif CONF.share.enable_user_rules_for_protocols:324 cls.protocol = CONF.share.enable_user_rules_for_protocols[0]325 cls.access_type = "user"326 cls.access_to = CONF.share.username_for_user_rules327 elif CONF.share.enable_cert_rules_for_protocols:328 cls.protocol = CONF.share.enable_cert_rules_for_protocols[0]329 cls.access_type = "cert"330 cls.access_to = "client3.com"331 cls.shares_v2_client.share_protocol = cls.protocol332 cls.share = cls.create_share()333 @test.attr(type=["gate", ])334 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)335 def test_list_access_rules(self, version):336 # create rule337 if utils.is_microversion_eq(version, '1.0'):338 rule = self.shares_client.create_access_rule(339 self.share["id"], self.access_type, self.access_to)340 else:341 rule = self.shares_v2_client.create_access_rule(342 self.share["id"], self.access_type, self.access_to,343 version=version)344 if utils.is_microversion_eq(version, '1.0'):345 self.shares_client.wait_for_access_rule_status(346 self.share["id"], rule["id"], "active")347 elif utils.is_microversion_eq(version, '2.9'):348 self.shares_v2_client.wait_for_access_rule_status(349 self.share["id"], rule["id"], "active")350 else:351 self.shares_v2_client.wait_for_share_status(352 self.share["id"], "active", status_attr='access_rules_status',353 version=version)354 # list rules355 if utils.is_microversion_eq(version, '1.0'):356 rules = self.shares_client.list_access_rules(self.share["id"])357 else:358 rules = self.shares_v2_client.list_access_rules(self.share["id"],359 version=version)360 # verify keys361 for key in ("id", "access_type", "access_to", "access_level"):362 [self.assertIn(key, r.keys()) for r in rules]363 for key in ('deleted', 'deleted_at', 'instance_mappings'):364 [self.assertNotIn(key, r.keys()) for r in rules]365 # verify values366 self.assertEqual(self.access_type, rules[0]["access_type"])367 self.assertEqual(self.access_to, rules[0]["access_to"])368 self.assertEqual('rw', rules[0]["access_level"])369 # our share id in list and have no duplicates370 gen = [r["id"] for r in rules if r["id"] in rule["id"]]371 msg = "expected id lists %s times in rule list" % (len(gen))372 self.assertEqual(1, len(gen), msg)373 if utils.is_microversion_eq(version, '1.0'):374 self.shares_client.delete_access_rule(self.share["id"], rule["id"])375 self.shares_client.wait_for_resource_deletion(376 rule_id=rule["id"], share_id=self.share['id'])377 else:378 self.shares_v2_client.delete_access_rule(379 self.share["id"], rule["id"], version=version)380 self.shares_v2_client.wait_for_resource_deletion(381 rule_id=rule["id"], share_id=self.share['id'], version=version)382 @test.attr(type=["gate", ])383 @ddt.data('1.0', '2.9', LATEST_MICROVERSION)384 def test_access_rules_deleted_if_share_deleted(self, version):385 # create share386 share = self.create_share()387 # create rule388 if utils.is_microversion_eq(version, '1.0'):389 rule = self.shares_client.create_access_rule(390 share["id"], self.access_type, self.access_to)391 else:392 rule = self.shares_v2_client.create_access_rule(...

Full Screen

Full Screen

test_access_rule.py

Source:test_access_rule.py Github

copy

Full Screen

...106 domain107 """108 pass109 @abc.abstractmethod110 def test_identity_delete_access_rule(self):111 """Test identity:delete_access_rule policy.112 This test must check113 * whether the persona can delete an access rule they own114 * whether the persona can delete an access rule for an arbitrary user115 * whether the persona can delete an access rule that does not exist116 * whether the persona can delete an access rule for a user in another117 domain (if applicable)118 * whether the persona can delete an access rule for a user in their119 own domain (if applicable)120 * whether the persona can delete an access rule that does not exist121 """122 pass123class SystemAdminTests(IdentityV3RbacAccessRuleTest, base.BaseIdentityTest):124 credentials = ['system_admin']125 @classmethod126 def setup_clients(cls):127 super(SystemAdminTests, cls).setup_clients()128 cls.test_user_client, cls.test_user_id = cls.setup_user_client()129 def setUp(self):130 # create app cred for other user131 super(SystemAdminTests, self).setUp()132 app_cred_client = self.test_user_client.application_credentials_client133 app_cred = app_cred_client.create_application_credential(134 user_id=self.test_user_id, **self.app_cred()135 )['application_credential']136 self.app_cred_id = app_cred['id']137 self.access_rule_id = app_cred['access_rules'][0]['id']138 def try_delete_app_cred(id):139 app_cred_client = self.admin_client.application_credentials_client140 try:141 app_cred_client.delete_application_credential(142 user_id=self.test_user_id,143 application_credential_id=id)144 except exceptions.NotFound:145 pass146 def try_delete_access_rule(id):147 try:148 self.admin_client.access_rules_client.delete_access_rule(149 user_id=self.test_user_id,150 access_rule_id=id)151 except exceptions.NotFound:152 pass153 self.addCleanup(try_delete_access_rule, self.access_rule_id)154 self.addCleanup(try_delete_app_cred, self.app_cred_id)155 def test_identity_get_access_rule(self):156 # system admin cannot create app creds and therefore cannot create157 # access rules, so skip retrieval of own access rule158 # retrieve other user's access rules159 self.do_request(160 'show_access_rule',161 user_id=self.test_user_id, access_rule_id=self.access_rule_id)162 # retrieving a non-existent access rule should return a 404163 self.do_request(164 'show_access_rule', expected_status=exceptions.NotFound,165 user_id=self.test_user_id,166 access_rule_id=data_utils.rand_uuid_hex())167 def test_identity_list_access_rules(self):168 # system admin cannot create app creds and therefore cannot create169 # access rules, so skip listing of own access rule170 # list other user's access rules171 self.do_request('list_access_rules', user_id=self.test_user_id)172 def test_identity_delete_access_rule(self):173 # system admin cannot create app creds and therefore cannot create174 # access rules, so skip deletion of own access rule175 # delete other user's access rules176 app_cred_client = self.admin_client.application_credentials_client177 app_cred_client.delete_application_credential(178 user_id=self.test_user_id,179 application_credential_id=self.app_cred_id)180 self.do_request(181 'delete_access_rule', expected_status=204,182 user_id=self.test_user_id, access_rule_id=self.access_rule_id)183 # deleting a non-existent access rule should return a 404184 self.do_request(185 'delete_access_rule', expected_status=exceptions.NotFound,186 user_id=self.test_user_id,187 access_rule_id=data_utils.rand_uuid_hex())188class SystemMemberTests(SystemAdminTests):189 credentials = ['system_member', 'system_admin']190 def test_identity_delete_access_rule(self):191 app_cred_client = self.admin_client.application_credentials_client192 app_cred_client.delete_application_credential(193 user_id=self.test_user_id,194 application_credential_id=self.app_cred_id)195 self.do_request(196 'delete_access_rule', expected_status=exceptions.Forbidden,197 user_id=self.test_user_id, access_rule_id=self.access_rule_id)198 # retrieving a non-existent access rule should return a 404199 self.do_request(200 'show_access_rule', expected_status=exceptions.NotFound,201 user_id=self.test_user_id,202 access_rule_id=data_utils.rand_uuid_hex())203class SystemReaderTests(SystemMemberTests):204 credentials = ['system_reader', 'system_admin']205class DomainAdminTests(IdentityV3RbacAccessRuleTest, base.BaseIdentityTest):206 # Domain admins cannot create their own app creds (app creds can only be207 # scoped to projects) and domain admins have no special privileges over the208 # app creds own by users in their domains.209 credentials = ['domain_admin', 'system_admin']210 @classmethod211 def setup_clients(cls):212 super(DomainAdminTests, cls).setup_clients()213 own_domain_id = cls.persona.credentials.domain_id214 cls.test_client_1, cls.test_user_1 = cls.setup_user_client(215 domain_id=own_domain_id)216 def setUp(self):217 super(DomainAdminTests, self).setUp()218 self.other_domain_id = self.admin_client.domains_client.create_domain(219 name=data_utils.rand_name())['domain']['id']220 self.addCleanup(self.admin_client.domains_client.delete_domain,221 self.other_domain_id)222 self.addCleanup(self.admin_client.domains_client.update_domain,223 domain_id=self.other_domain_id, enabled=False)224 self.test_client_2, self.test_user_2 = self.setup_user_client(225 domain_id=self.other_domain_id)226 client = self.test_client_1.application_credentials_client227 app_cred_1 = client.create_application_credential(228 user_id=self.test_user_1, **self.app_cred()229 )['application_credential']230 self.access_rule_1 = app_cred_1['access_rules'][0]['id']231 self.addCleanup(232 self.test_client_1.access_rules_client.delete_access_rule,233 self.test_user_1,234 self.access_rule_1)235 self.addCleanup(236 client.delete_application_credential,237 self.test_user_1,238 app_cred_1['id'])239 client = self.test_client_2.application_credentials_client240 app_cred_2 = client.create_application_credential(241 user_id=self.test_user_2, **self.app_cred()242 )['application_credential']243 self.access_rule_2 = app_cred_2['access_rules'][0]['id']244 self.addCleanup(245 self.test_client_2.access_rules_client.delete_access_rule,246 self.test_user_2,247 self.access_rule_2)248 self.addCleanup(249 client.delete_application_credential,250 self.test_user_2,251 app_cred_2['id'])252 def test_identity_get_access_rule(self):253 # accessing access rules should be forbidden no matter whether the254 # owner is in the domain or outside of it255 # retrieve access rule from user in own domain256 self.do_request(257 'show_access_rule', expected_status=exceptions.Forbidden,258 user_id=self.test_user_1, access_rule_id=self.access_rule_1)259 # retrieve access rule from user in other domain260 self.do_request(261 'show_access_rule', expected_status=exceptions.Forbidden,262 user_id=self.test_user_2, access_rule_id=self.access_rule_2)263 # retrieving a non-existent access rule should return a 403264 self.do_request(265 'show_access_rule', expected_status=exceptions.Forbidden,266 user_id=self.test_user_1,267 access_rule_id=data_utils.rand_uuid_hex())268 self.do_request(269 'show_access_rule', expected_status=exceptions.Forbidden,270 user_id=self.test_user_2,271 access_rule_id=data_utils.rand_uuid_hex())272 def test_identity_list_access_rules(self):273 # listing access rules should be forbidden no matter whether the274 # owner is in the domain or outside of it275 self.do_request(276 'list_access_rules', expected_status=exceptions.Forbidden,277 user_id=self.test_user_1)278 self.do_request(279 'list_access_rules', expected_status=exceptions.Forbidden,280 user_id=self.test_user_2)281 def test_identity_delete_access_rule(self):282 # deleting access rules should be forbidden no matter whether the283 # owner is in the domain or outside of it284 # delete access rule from user in own domain285 self.do_request(286 'delete_access_rule', expected_status=exceptions.Forbidden,287 user_id=self.test_user_1, access_rule_id=self.access_rule_1)288 # delete access rule from user in other domain289 self.do_request(290 'delete_access_rule', expected_status=exceptions.Forbidden,291 user_id=self.test_user_2, access_rule_id=self.access_rule_2)292 # deleting a non-existent access rule should return a 403293 self.do_request(294 'delete_access_rule', expected_status=exceptions.Forbidden,295 user_id=self.test_user_1,296 access_rule_id=data_utils.rand_uuid_hex())297 self.do_request(298 'delete_access_rule', expected_status=exceptions.Forbidden,299 user_id=self.test_user_2,300 access_rule_id=data_utils.rand_uuid_hex())301class DomainMemberTests(DomainAdminTests):302 credentials = ['domain_member', 'system_admin']303class DomainReaderTests(DomainAdminTests):304 credentials = ['domain_reader', 'system_admin']305class ProjectAdminTests(IdentityV3RbacAccessRuleTest, base.BaseIdentityTest):306 credentials = ['project_admin', 'system_admin']307 @classmethod308 def setup_clients(cls):309 super(ProjectAdminTests, cls).setup_clients()310 cls.test_user_client, cls.test_user_id = cls.setup_user_client()311 def setUp(self):312 super(ProjectAdminTests, self).setUp()313 app_cred_client = self.persona.application_credentials_client314 user_id = self.persona.credentials.user_id315 self.app_cred_1 = app_cred_client.create_application_credential(316 user_id, **self.app_cred())['application_credential']317 self.access_rule_1 = self.app_cred_1['access_rules'][0]['id']318 def try_delete_own_app_cred(id):319 app_cred_client = self.persona.application_credentials_client320 try:321 app_cred_client.delete_application_credential(322 self.persona.credentials.user_id, id)323 except exceptions.NotFound:324 pass325 def try_delete_own_access_rule(id):326 try:327 self.persona.access_rules_client.delete_access_rule(328 self.persona.credentials.user_id, id)329 except exceptions.NotFound:330 pass331 self.addCleanup(try_delete_own_access_rule, self.access_rule_1)332 self.addCleanup(try_delete_own_app_cred, self.app_cred_1['id'])333 app_cred_client = self.test_user_client.application_credentials_client334 self.app_cred_2 = app_cred_client.create_application_credential(335 self.test_user_id, **self.app_cred())['application_credential']336 self.access_rule_2 = self.app_cred_2['access_rules'][0]['id']337 self.addCleanup(338 self.test_user_client.access_rules_client.delete_access_rule,339 self.test_user_id, self.access_rule_2)340 self.addCleanup(341 app_cred_client.delete_application_credential,342 self.test_user_id, self.app_cred_2['id'])343 def test_identity_get_access_rule(self):344 # should be able to access own credential345 self.do_request(346 'show_access_rule',347 user_id=self.persona.credentials.user_id,348 access_rule_id=self.access_rule_1)349 # retrieving non-existent access rule for self should return 404350 self.do_request(351 'show_access_rule', expected_status=exceptions.NotFound,352 user_id=self.persona.credentials.user_id,353 access_rule_id=data_utils.rand_uuid_hex())354 # should not be able to access another user's credential355 self.do_request(356 'show_access_rule', expected_status=exceptions.Forbidden,357 user_id=self.test_user_id, access_rule_id=self.access_rule_2)358 # retrieving non-existent access rule for other user should return 403359 self.do_request(360 'show_access_rule', expected_status=exceptions.Forbidden,361 user_id=self.test_user_id,362 access_rule_id=data_utils.rand_uuid_hex())363 def test_identity_list_access_rules(self):364 # should be able to list own credentials365 self.do_request(366 'list_access_rules', user_id=self.persona.credentials.user_id)367 # should not be able to list another user's credentials368 self.do_request(369 'list_access_rules', expected_status=exceptions.Forbidden,370 user_id=self.test_user_id)371 def test_identity_delete_access_rule(self):372 # should be able to delete own credential373 app_cred_client = self.persona.application_credentials_client374 app_cred_client.delete_application_credential(375 user_id=self.persona.credentials.user_id,376 application_credential_id=self.app_cred_1['id'])377 self.do_request(378 'delete_access_rule', expected_status=204,379 user_id=self.persona.credentials.user_id,380 access_rule_id=self.access_rule_1)381 # deleting non-existent access rule for self should return 404382 self.do_request(383 'delete_access_rule', expected_status=exceptions.NotFound,384 user_id=self.persona.credentials.user_id,385 access_rule_id=data_utils.rand_uuid_hex())...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run tempest automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

... View sample repo... View DocumentationSign up Free
_

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

...
Sign up with GoogleSign up with Email
Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful