How to use list_access_rules method in tempest

Best Python code snippet using tempest_python

test_access_rule.py

Source:test_access_rule.py Github

copy

Full Screen

...94 another domain (if applicable)95 """96 pass97 @abc.abstractmethod98 def test_identity_list_access_rules(self):99 """Test identity:list_access_rules policy100 This test must check:101 * whether the persona can list their own access rules102 * whether the persona can list the access rules for another user103 * whether the persona can list the access rules for a user in their104 own domain105 * whether the persona can list the access rules for a user in another106 domain107 """108 pass109 @abc.abstractmethod110 def test_identity_delete_access_rule(self):111 """Test identity:delete_access_rule policy.112 This test must check113 * whether the persona can delete an access rule they own114 * whether the persona can delete an access rule for an arbitrary user115 * whether the persona can delete an access rule that does not exist116 * whether the persona can delete an access rule for a user in another117 domain (if applicable)118 * whether the persona can delete an access rule for a user in their119 own domain (if applicable)120 * whether the persona can delete an access rule that does not exist121 """122 pass123class SystemAdminTests(IdentityV3RbacAccessRuleTest, base.BaseIdentityTest):124 credentials = ['system_admin']125 @classmethod126 def setup_clients(cls):127 super(SystemAdminTests, cls).setup_clients()128 cls.test_user_client, cls.test_user_id = cls.setup_user_client()129 def setUp(self):130 # create app cred for other user131 super(SystemAdminTests, self).setUp()132 app_cred_client = self.test_user_client.application_credentials_client133 app_cred = app_cred_client.create_application_credential(134 user_id=self.test_user_id, **self.app_cred()135 )['application_credential']136 self.app_cred_id = app_cred['id']137 self.access_rule_id = app_cred['access_rules'][0]['id']138 def try_delete_app_cred(id):139 app_cred_client = self.admin_client.application_credentials_client140 try:141 app_cred_client.delete_application_credential(142 user_id=self.test_user_id,143 application_credential_id=id)144 except exceptions.NotFound:145 pass146 def try_delete_access_rule(id):147 try:148 self.admin_client.access_rules_client.delete_access_rule(149 user_id=self.test_user_id,150 access_rule_id=id)151 except exceptions.NotFound:152 pass153 self.addCleanup(try_delete_access_rule, self.access_rule_id)154 self.addCleanup(try_delete_app_cred, self.app_cred_id)155 def test_identity_get_access_rule(self):156 # system admin cannot create app creds and therefore cannot create157 # access rules, so skip retrieval of own access rule158 # retrieve other user's access rules159 self.do_request(160 'show_access_rule',161 user_id=self.test_user_id, access_rule_id=self.access_rule_id)162 # retrieving a non-existent access rule should return a 404163 self.do_request(164 'show_access_rule', expected_status=exceptions.NotFound,165 user_id=self.test_user_id,166 access_rule_id=data_utils.rand_uuid_hex())167 def test_identity_list_access_rules(self):168 # system admin cannot create app creds and therefore cannot create169 # access rules, so skip listing of own access rule170 # list other user's access rules171 self.do_request('list_access_rules', user_id=self.test_user_id)172 def test_identity_delete_access_rule(self):173 # system admin cannot create app creds and therefore cannot create174 # access rules, so skip deletion of own access rule175 # delete other user's access rules176 app_cred_client = self.admin_client.application_credentials_client177 app_cred_client.delete_application_credential(178 user_id=self.test_user_id,179 application_credential_id=self.app_cred_id)180 self.do_request(181 'delete_access_rule', expected_status=204,182 user_id=self.test_user_id, access_rule_id=self.access_rule_id)183 # deleting a non-existent access rule should return a 404184 self.do_request(185 'delete_access_rule', expected_status=exceptions.NotFound,186 user_id=self.test_user_id,187 access_rule_id=data_utils.rand_uuid_hex())188class SystemMemberTests(SystemAdminTests):189 credentials = ['system_member', 'system_admin']190 def test_identity_delete_access_rule(self):191 app_cred_client = self.admin_client.application_credentials_client192 app_cred_client.delete_application_credential(193 user_id=self.test_user_id,194 application_credential_id=self.app_cred_id)195 self.do_request(196 'delete_access_rule', expected_status=exceptions.Forbidden,197 user_id=self.test_user_id, access_rule_id=self.access_rule_id)198 # retrieving a non-existent access rule should return a 404199 self.do_request(200 'show_access_rule', expected_status=exceptions.NotFound,201 user_id=self.test_user_id,202 access_rule_id=data_utils.rand_uuid_hex())203class SystemReaderTests(SystemMemberTests):204 credentials = ['system_reader', 'system_admin']205class DomainAdminTests(IdentityV3RbacAccessRuleTest, base.BaseIdentityTest):206 # Domain admins cannot create their own app creds (app creds can only be207 # scoped to projects) and domain admins have no special privileges over the208 # app creds own by users in their domains.209 credentials = ['domain_admin', 'system_admin']210 @classmethod211 def setup_clients(cls):212 super(DomainAdminTests, cls).setup_clients()213 own_domain_id = cls.persona.credentials.domain_id214 cls.test_client_1, cls.test_user_1 = cls.setup_user_client(215 domain_id=own_domain_id)216 def setUp(self):217 super(DomainAdminTests, self).setUp()218 self.other_domain_id = self.admin_client.domains_client.create_domain(219 name=data_utils.rand_name())['domain']['id']220 self.addCleanup(self.admin_client.domains_client.delete_domain,221 self.other_domain_id)222 self.addCleanup(self.admin_client.domains_client.update_domain,223 domain_id=self.other_domain_id, enabled=False)224 self.test_client_2, self.test_user_2 = self.setup_user_client(225 domain_id=self.other_domain_id)226 client = self.test_client_1.application_credentials_client227 app_cred_1 = client.create_application_credential(228 user_id=self.test_user_1, **self.app_cred()229 )['application_credential']230 self.access_rule_1 = app_cred_1['access_rules'][0]['id']231 self.addCleanup(232 self.test_client_1.access_rules_client.delete_access_rule,233 self.test_user_1,234 self.access_rule_1)235 self.addCleanup(236 client.delete_application_credential,237 self.test_user_1,238 app_cred_1['id'])239 client = self.test_client_2.application_credentials_client240 app_cred_2 = client.create_application_credential(241 user_id=self.test_user_2, **self.app_cred()242 )['application_credential']243 self.access_rule_2 = app_cred_2['access_rules'][0]['id']244 self.addCleanup(245 self.test_client_2.access_rules_client.delete_access_rule,246 self.test_user_2,247 self.access_rule_2)248 self.addCleanup(249 client.delete_application_credential,250 self.test_user_2,251 app_cred_2['id'])252 def test_identity_get_access_rule(self):253 # accessing access rules should be forbidden no matter whether the254 # owner is in the domain or outside of it255 # retrieve access rule from user in own domain256 self.do_request(257 'show_access_rule', expected_status=exceptions.Forbidden,258 user_id=self.test_user_1, access_rule_id=self.access_rule_1)259 # retrieve access rule from user in other domain260 self.do_request(261 'show_access_rule', expected_status=exceptions.Forbidden,262 user_id=self.test_user_2, access_rule_id=self.access_rule_2)263 # retrieving a non-existent access rule should return a 403264 self.do_request(265 'show_access_rule', expected_status=exceptions.Forbidden,266 user_id=self.test_user_1,267 access_rule_id=data_utils.rand_uuid_hex())268 self.do_request(269 'show_access_rule', expected_status=exceptions.Forbidden,270 user_id=self.test_user_2,271 access_rule_id=data_utils.rand_uuid_hex())272 def test_identity_list_access_rules(self):273 # listing access rules should be forbidden no matter whether the274 # owner is in the domain or outside of it275 self.do_request(276 'list_access_rules', expected_status=exceptions.Forbidden,277 user_id=self.test_user_1)278 self.do_request(279 'list_access_rules', expected_status=exceptions.Forbidden,280 user_id=self.test_user_2)281 def test_identity_delete_access_rule(self):282 # deleting access rules should be forbidden no matter whether the283 # owner is in the domain or outside of it284 # delete access rule from user in own domain285 self.do_request(286 'delete_access_rule', expected_status=exceptions.Forbidden,287 user_id=self.test_user_1, access_rule_id=self.access_rule_1)288 # delete access rule from user in other domain289 self.do_request(290 'delete_access_rule', expected_status=exceptions.Forbidden,291 user_id=self.test_user_2, access_rule_id=self.access_rule_2)292 # deleting a non-existent access rule should return a 403293 self.do_request(294 'delete_access_rule', expected_status=exceptions.Forbidden,295 user_id=self.test_user_1,296 access_rule_id=data_utils.rand_uuid_hex())297 self.do_request(298 'delete_access_rule', expected_status=exceptions.Forbidden,299 user_id=self.test_user_2,300 access_rule_id=data_utils.rand_uuid_hex())301class DomainMemberTests(DomainAdminTests):302 credentials = ['domain_member', 'system_admin']303class DomainReaderTests(DomainAdminTests):304 credentials = ['domain_reader', 'system_admin']305class ProjectAdminTests(IdentityV3RbacAccessRuleTest, base.BaseIdentityTest):306 credentials = ['project_admin', 'system_admin']307 @classmethod308 def setup_clients(cls):309 super(ProjectAdminTests, cls).setup_clients()310 cls.test_user_client, cls.test_user_id = cls.setup_user_client()311 def setUp(self):312 super(ProjectAdminTests, self).setUp()313 app_cred_client = self.persona.application_credentials_client314 user_id = self.persona.credentials.user_id315 self.app_cred_1 = app_cred_client.create_application_credential(316 user_id, **self.app_cred())['application_credential']317 self.access_rule_1 = self.app_cred_1['access_rules'][0]['id']318 def try_delete_own_app_cred(id):319 app_cred_client = self.persona.application_credentials_client320 try:321 app_cred_client.delete_application_credential(322 self.persona.credentials.user_id, id)323 except exceptions.NotFound:324 pass325 def try_delete_own_access_rule(id):326 try:327 self.persona.access_rules_client.delete_access_rule(328 self.persona.credentials.user_id, id)329 except exceptions.NotFound:330 pass331 self.addCleanup(try_delete_own_access_rule, self.access_rule_1)332 self.addCleanup(try_delete_own_app_cred, self.app_cred_1['id'])333 app_cred_client = self.test_user_client.application_credentials_client334 self.app_cred_2 = app_cred_client.create_application_credential(335 self.test_user_id, **self.app_cred())['application_credential']336 self.access_rule_2 = self.app_cred_2['access_rules'][0]['id']337 self.addCleanup(338 self.test_user_client.access_rules_client.delete_access_rule,339 self.test_user_id, self.access_rule_2)340 self.addCleanup(341 app_cred_client.delete_application_credential,342 self.test_user_id, self.app_cred_2['id'])343 def test_identity_get_access_rule(self):344 # should be able to access own credential345 self.do_request(346 'show_access_rule',347 user_id=self.persona.credentials.user_id,348 access_rule_id=self.access_rule_1)349 # retrieving non-existent access rule for self should return 404350 self.do_request(351 'show_access_rule', expected_status=exceptions.NotFound,352 user_id=self.persona.credentials.user_id,353 access_rule_id=data_utils.rand_uuid_hex())354 # should not be able to access another user's credential355 self.do_request(356 'show_access_rule', expected_status=exceptions.Forbidden,357 user_id=self.test_user_id, access_rule_id=self.access_rule_2)358 # retrieving non-existent access rule for other user should return 403359 self.do_request(360 'show_access_rule', expected_status=exceptions.Forbidden,361 user_id=self.test_user_id,362 access_rule_id=data_utils.rand_uuid_hex())363 def test_identity_list_access_rules(self):364 # should be able to list own credentials365 self.do_request(366 'list_access_rules', user_id=self.persona.credentials.user_id)367 # should not be able to list another user's credentials368 self.do_request(369 'list_access_rules', expected_status=exceptions.Forbidden,370 user_id=self.test_user_id)371 def test_identity_delete_access_rule(self):372 # should be able to delete own credential373 app_cred_client = self.persona.application_credentials_client374 app_cred_client.delete_application_credential(375 user_id=self.persona.credentials.user_id,376 application_credential_id=self.app_cred_1['id'])377 self.do_request(...

Full Screen

Full Screen

test_access_rules.py

Source:test_access_rules.py Github

copy

Full Screen

...46 name=data_utils.rand_name('application_credential'),47 access_rules=access_rules48 )['application_credential']49 @decorators.idempotent_id('2354c498-5119-4ba5-9f0d-44f16f78fb0e')50 def test_list_access_rules(self):51 ar = self.non_admin_access_rules_client.list_access_rules(self.user_id)52 self.assertEqual(1, len(ar['access_rules']))53 @decorators.idempotent_id('795dd507-ca1e-40e9-ba90-ff0a08689ba4')54 def test_show_access_rule(self):55 access_rule_id = self.app_cred['access_rules'][0]['id']56 self.non_admin_access_rules_client.show_access_rule(57 self.user_id, access_rule_id)58 @decorators.idempotent_id('278757e9-e193-4bf8-adf2-0b0a229a17d0')59 def test_delete_access_rule(self):60 access_rule_id = self.app_cred['access_rules'][0]['id']61 app_cred_id = self.app_cred['id']62 self.assertRaises(63 lib_exc.Forbidden,64 self.non_admin_access_rules_client.delete_access_rule,65 self.user_id,66 access_rule_id)67 self.non_admin_app_creds_client.delete_application_credential(68 self.user_id, app_cred_id)69 ar = self.non_admin_access_rules_client.list_access_rules(self.user_id)70 self.assertEqual(1, len(ar['access_rules']))71 self.non_admin_access_rules_client.delete_access_rule(72 self.user_id, access_rule_id)73 ar = self.non_admin_access_rules_client.list_access_rules(self.user_id)...

Full Screen

Full Screen

access_rule.py

Source:access_rule.py Github

copy

Full Screen

1# Copyright 2019 SUSE LLC2#3# Licensed under the Apache License, Version 2.0 (the "License"); you may4# not use this file except in compliance with the License. You may obtain5# a copy of the License at6#7# http://www.apache.org/licenses/LICENSE-2.08#9# Unless required by applicable law or agreed to in writing, software10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the12# License for the specific language governing permissions and limitations13# under the License.14from oslo_policy import policy15from keystone.common.policies import base16collection_path = '/v3/users/{user_id}/access_rules'17resource_path = collection_path + '/{access_rule_id}'18SYSTEM_READER_OR_OWNER = (19 '(' + base.SYSTEM_READER + ') or '20 'user_id:%(target.user.id)s'21)22SYSTEM_ADMIN_OR_OWNER = (23 '(' + base.SYSTEM_ADMIN + ') or '24 'user_id:%(target.user.id)s'25)26access_rule_policies = [27 policy.DocumentedRuleDefault(28 name=base.IDENTITY % 'get_access_rule',29 check_str=SYSTEM_READER_OR_OWNER,30 scope_types=['system', 'project'],31 description='Show access rule details.',32 operations=[{'path': resource_path,33 'method': 'GET'},34 {'path': resource_path,35 'method': 'HEAD'}]),36 policy.DocumentedRuleDefault(37 name=base.IDENTITY % 'list_access_rules',38 check_str=SYSTEM_READER_OR_OWNER,39 scope_types=['system', 'project'],40 description='List access rules for a user.',41 operations=[{'path': collection_path,42 'method': 'GET'},43 {'path': collection_path,44 'method': 'HEAD'}]),45 policy.DocumentedRuleDefault(46 name=base.IDENTITY % 'delete_access_rule',47 check_str=SYSTEM_ADMIN_OR_OWNER,48 scope_types=['system', 'project'],49 description='Delete an access_rule.',50 operations=[{'path': resource_path,51 'method': 'DELETE'}])52]53def list_rules():...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run tempest automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful