How to use show_trust_role method in tempest

Best Python code snippet using tempest_python

test_trust.py

Source:test_trust.py Github

copy

Full Screen

1# Copyright 2020 SUSE LLC2#3# Licensed under the Apache License, Version 2.0 (the "License"); you may4# not use this file except in compliance with the License. You may obtain5# a copy of the License at6#7# http://www.apache.org/licenses/LICENSE-2.08#9# Unless required by applicable law or agreed to in writing, software10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the12# License for the specific language governing permissions and limitations13# under the License.14import abc15from tempest.api.identity import base16from tempest import clients17from tempest.lib import auth18from tempest.lib.common.utils import data_utils19from tempest.lib import exceptions20from keystone_tempest_plugin.tests.rbac.v3 import base as rbac_base21class IdentityV3RbacTrustTest(rbac_base.IdentityV3RbacBaseTests,22 metaclass=abc.ABCMeta):23 @classmethod24 def setup_clients(cls):25 super(IdentityV3RbacTrustTest, cls).setup_clients()26 cls.persona = getattr(cls, 'os_%s' % cls.credentials[0])27 cls.client = cls.persona.trusts_client28 cls.admin_client = cls.os_system_admin29 cls.admin_trusts_client = cls.admin_client.trusts_client30 @classmethod31 def resource_setup(cls):32 trustor_user = {33 'name': data_utils.rand_name('user'),34 'password': data_utils.rand_password(),35 }36 cls.trustor = cls.admin_client.users_v3_client.create_user(37 **trustor_user)['user']['id']38 cls.addClassResourceCleanup(39 cls.admin_client.users_v3_client.delete_user,40 user_id=cls.trustor)41 cls.trustee = cls.admin_client.users_v3_client.create_user(42 name=data_utils.rand_name())['user']['id']43 cls.addClassResourceCleanup(44 cls.admin_client.users_v3_client.delete_user,45 user_id=cls.trustee)46 cls.project = cls.admin_client.projects_client.create_project(47 name=data_utils.rand_name()48 )['project']['id']49 cls.addClassResourceCleanup(50 cls.admin_client.projects_client.delete_project,51 project_id=cls.project)52 cls.roles = [53 {'id': cls.admin_client.roles_v3_client.create_role(54 name=data_utils.rand_name())['role']['id']}55 ]56 cls.addClassResourceCleanup(57 cls.admin_client.roles_v3_client.delete_role,58 role_id=cls.roles[0]['id'])59 cls.admin_client.roles_v3_client.create_user_role_on_project(60 project_id=cls.project,61 user_id=cls.trustor,62 role_id=cls.roles[0]['id']63 )64 creds = auth.KeystoneV3Credentials(65 user_id=cls.trustor,66 password=trustor_user['password'],67 project_id=cls.project)68 auth_provider = clients.get_auth_provider(creds)69 creds = auth_provider.fill_credentials()70 user_client = clients.Manager(credentials=creds)71 cls.user_trust_client = user_client.trusts_client72 cls.admin_role_id = cls.admin_client.roles_v3_client.list_roles(73 name='admin')['roles'][0]['id']74 cls.member_role_id = cls.admin_client.roles_v3_client.list_roles(75 name='member')['roles'][0]['id']76 cls.reader_role_id = cls.admin_client.roles_v3_client.list_roles(77 name='reader')['roles'][0]['id']78 def trust(self, trustor=None, trustee=None, project_id=None, roles=None):79 trust = {}80 trust['trustor_user_id'] = trustor or self.trustor81 trust['trustee_user_id'] = trustee or self.trustee82 trust['project_id'] = project_id or self.project83 trust['roles'] = roles or self.roles84 trust['impersonation'] = False85 return trust86 @abc.abstractmethod87 def test_identity_create_trust(self):88 """Test identity:create_trust policy.89 This test must check:90 * whether the persona can create a trust for themself91 * whether the persona can create a trust for another user92 """93 pass94 @abc.abstractmethod95 def test_identity_get_trust(self):96 """Test identity:get_trust policy.97 This test must check:98 * whether the persona can get a trust for which they are the trustor99 * whether the persona can get a trust for which they are the trustee100 * whether the persona can get a trust with which they are101 unaffiliated102 """103 pass104 @abc.abstractmethod105 def test_identity_list_trusts(self):106 """Test identity:list_trusts policy.107 This test must check:108 * whether the persona can list all trusts109 """110 pass111 @abc.abstractmethod112 def test_identity_list_trusts_for_trustor(self):113 """Test identity:list_trusts_for_trustor policy.114 This test must check:115 * whether the persona can list trusts by trustor for which they are116 the trustor117 * whether the persona can list trusts by trustor for which another118 user is trustor119 """120 pass121 @abc.abstractmethod122 def test_identity_list_trusts_for_trustee(self):123 """Test identity:list_trusts_for_trustee policy.124 This test must check:125 * whether the persona can list trusts by trustee for which they are126 the trustee127 * whether the persona can list trusts by trustee for which another128 user is trustee129 """130 pass131 @abc.abstractmethod132 def test_identity_list_roles_for_trust(self):133 """Test identity:list_roles_for_trust policy.134 This test must check:135 * whether the persona can list the roles of a trust for which they136 are the trustee137 * whether the persona can list the roles of a trust for which they138 are the trustor139 * whether the persona can list the roles of a trust with which they140 are unaffiliated141 """142 pass143 @abc.abstractmethod144 def test_identity_get_role_for_trust(self):145 """Test identity:get_role_for_trust policy.146 This test must check:147 * whether the persona can get a role of a trust for which they are148 the trustee149 * whether the persona can get a role of a trust for which they are150 the trustor151 * whether the persona can get a role of a trust with which they are152 unaffiliated153 """154 pass155 @abc.abstractmethod156 def test_identity_delete_trust(self):157 """Test identity:delete_trust policy.158 This test must check159 * whether the persona can delete a trust for which they are the160 trustor161 * whether the persona can delete a trust for which they are the162 trustee163 * whether the persona can delete a trust which which they are164 unaffiliated165 """166 pass167class SystemAdminTests(IdentityV3RbacTrustTest, base.BaseIdentityTest):168 credentials = ['system_admin']169 def test_identity_create_trust(self):170 # user cannot create trust for themself171 self.do_request('create_trust',172 expected_status=exceptions.Forbidden,173 **self.trust(trustor=self.persona.credentials.user_id))174 # user cannot create trust for another user175 self.do_request('create_trust',176 expected_status=exceptions.Forbidden,177 **self.trust())178 def test_identity_get_trust(self):179 # user cannot have their own trust180 # user can get trust for other user181 trust_id = self.user_trust_client.create_trust(182 **self.trust())['trust']['id']183 self.addCleanup(self.admin_trusts_client.delete_trust,184 trust_id=trust_id)185 self.do_request('show_trust', trust_id=trust_id)186 def test_identity_list_trusts(self):187 trust_id = self.user_trust_client.create_trust(188 **self.trust())['trust']['id']189 self.addCleanup(self.admin_trusts_client.delete_trust,190 trust_id=trust_id)191 resp = self.do_request('list_trusts')192 self.assertIn(trust_id, [t['id'] for t in resp['trusts']])193 def test_identity_list_trusts_for_trustor(self):194 # user cannot have their own trust195 # user can list trusts for other user196 trust_id = self.user_trust_client.create_trust(197 **self.trust())['trust']['id']198 self.addCleanup(self.admin_trusts_client.delete_trust,199 trust_id=trust_id)200 self.do_request('list_trusts', trustor_user_id=self.trustor)201 def test_identity_list_trusts_for_trustee(self):202 # user cannot have their own trust203 # user can list trusts for other user204 trust_id = self.user_trust_client.create_trust(205 **self.trust())['trust']['id']206 self.addCleanup(self.admin_trusts_client.delete_trust,207 trust_id=trust_id)208 self.do_request('list_trusts', trustee_user_id=self.trustee)209 def test_identity_list_roles_for_trust(self):210 # user cannot have their own trust211 # user can list roles of trust for other user212 trust_id = self.user_trust_client.create_trust(213 **self.trust())['trust']['id']214 self.addCleanup(self.admin_trusts_client.delete_trust,215 trust_id=trust_id)216 resp = self.do_request('list_trust_roles', trust_id=trust_id)217 self.assertIn(self.roles[0]['id'], [r['id'] for r in resp['roles']])218 def test_identity_get_role_for_trust(self):219 # user cannot have their own trust220 # user can get role of trust for other user221 trust_id = self.user_trust_client.create_trust(222 **self.trust())['trust']['id']223 self.addCleanup(self.admin_trusts_client.delete_trust,224 trust_id=trust_id)225 self.do_request('show_trust_role',226 trust_id=trust_id, role_id=self.roles[0]['id'])227 def test_identity_delete_trust(self):228 # user cannot have their own trust229 # user can delete a user's trust230 trust_id = self.user_trust_client.create_trust(231 **self.trust())['trust']['id']232 self.do_request('delete_trust', expected_status=204, trust_id=trust_id)233class SystemMemberTests(SystemAdminTests):234 credentials = ['system_member', 'system_admin']235 def test_identity_delete_trust(self):236 # system user cannot have their own trust237 # user cannot delete another user's trust238 trust_id = self.user_trust_client.create_trust(239 **self.trust())['trust']['id']240 self.addCleanup(self.admin_trusts_client.delete_trust,241 trust_id=trust_id)242 self.do_request('delete_trust', expected_status=exceptions.Forbidden,243 trust_id=trust_id)244class SystemReaderTests(SystemMemberTests):245 credentials = ['system_reader', 'system_admin']246class DomainAdminTests(SystemReaderTests, base.BaseIdentityTest):247 # Domain admins cannot create their own trusts (trusts can only be248 # scoped to projects) and domain admins have no special privileges over the249 # trusts own by users in their domains.250 credentials = ['domain_admin', 'system_admin']251 def test_identity_get_trust(self):252 # user cannot have their own trust253 # user can get trust for other user254 trust_id = self.user_trust_client.create_trust(255 **self.trust())['trust']['id']256 self.addCleanup(self.admin_trusts_client.delete_trust,257 trust_id=trust_id)258 self.do_request('show_trust', expected_status=exceptions.Forbidden,259 trust_id=trust_id)260 def test_identity_list_trusts(self):261 trust_id = self.user_trust_client.create_trust(262 **self.trust())['trust']['id']263 self.addCleanup(self.admin_trusts_client.delete_trust,264 trust_id=trust_id)265 self.do_request('list_trusts',266 expected_status=exceptions.Forbidden)267 def test_identity_list_trusts_for_trustor(self):268 # user cannot have their own trust269 # user can list trusts for other user270 trust_id = self.user_trust_client.create_trust(271 **self.trust())['trust']['id']272 self.addCleanup(self.admin_trusts_client.delete_trust,273 trust_id=trust_id)274 self.do_request('list_trusts', expected_status=exceptions.Forbidden,275 trustor_user_id=self.trustor)276 def test_identity_list_trusts_for_trustee(self):277 # user cannot have their own trust278 # user can list trusts for other user279 trust_id = self.user_trust_client.create_trust(280 **self.trust())['trust']['id']281 self.addCleanup(self.admin_trusts_client.delete_trust,282 trust_id=trust_id)283 self.do_request('list_trusts', expected_status=exceptions.Forbidden,284 trustee_user_id=self.trustee)285 def test_identity_list_roles_for_trust(self):286 # user cannot have their own trust287 # user can list roles of trust for other user288 trust_id = self.user_trust_client.create_trust(289 **self.trust())['trust']['id']290 self.addCleanup(self.admin_trusts_client.delete_trust,291 trust_id=trust_id)292 self.do_request('list_trust_roles',293 expected_status=exceptions.Forbidden,294 trust_id=trust_id)295 def test_identity_get_role_for_trust(self):296 # user cannot have their own trust297 # user can get role of trust for other user298 trust_id = self.user_trust_client.create_trust(299 **self.trust())['trust']['id']300 self.addCleanup(self.admin_trusts_client.delete_trust,301 trust_id=trust_id)302 self.do_request('show_trust_role',303 expected_status=exceptions.Forbidden,304 trust_id=trust_id, role_id=self.roles[0]['id'])305class DomainMemberTests(DomainAdminTests):306 credentials = ['domain_member', 'system_admin']307class DomainReaderTests(DomainAdminTests):308 credentials = ['domain_reader', 'system_admin']309class ProjectAdminTests(IdentityV3RbacTrustTest, base.BaseIdentityTest):310 credentials = ['project_admin', 'system_admin']311 def setUp(self):312 super(ProjectAdminTests, self).setUp()313 self.role_id = self.admin_role_id314 def test_identity_create_trust(self):315 # user can create a trust for their own project316 trustor_user_id = self.persona.credentials.user_id317 project_id = self.persona.credentials.project_id318 resp = self.do_request(319 'create_trust',320 expected_status=201,321 **self.trust(322 trustor=trustor_user_id,323 project_id=project_id,324 roles=[{'id': self.role_id}])325 )['trust']326 self.addCleanup(self.client.delete_trust, resp['id'])327 # user cannot create trust with another user as trustor328 self.do_request(329 'create_trust',330 expected_status=exceptions.Forbidden,331 **self.trust())332 def test_identity_get_trust(self):333 # user can get a trust for which they are trustor334 trustor_user_id = self.persona.credentials.user_id335 project_id = self.persona.credentials.project_id336 trust_id = self.client.create_trust(337 **self.trust(trustor=trustor_user_id,338 project_id=project_id,339 roles=[{'id': self.role_id}]))['trust']['id']340 self.addCleanup(self.client.delete_trust, trust_id=trust_id)341 self.do_request('show_trust', trust_id=trust_id)342 # user can get a trust for which they are trustee343 trustee_user_id = self.persona.credentials.user_id344 trust_id = self.user_trust_client.create_trust(345 **self.trust(trustee=trustee_user_id))['trust']['id']346 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)347 self.do_request('show_trust', trust_id=trust_id)348 # user cannot get a trust with which they are unaffiliated349 trust_id = self.user_trust_client.create_trust(350 **self.trust())['trust']['id']351 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)352 self.do_request('show_trust', expected_status=exceptions.Forbidden,353 trust_id=trust_id)354 def test_identity_list_trusts(self):355 trust_id = self.user_trust_client.create_trust(356 **self.trust())['trust']['id']357 self.addCleanup(self.admin_trusts_client.delete_trust,358 trust_id=trust_id)359 self.do_request('list_trusts',360 expected_status=exceptions.Forbidden)361 def test_identity_list_trusts_for_trustor(self):362 # user can list their own trusts363 trustor_user_id = self.persona.credentials.user_id364 project_id = self.persona.credentials.project_id365 trust_id = self.client.create_trust(366 **self.trust(trustor=trustor_user_id,367 project_id=project_id,368 roles=[{'id': self.role_id}]))['trust']['id']369 self.addCleanup(self.client.delete_trust, trust_id=trust_id)370 self.do_request('list_trusts', trustor_user_id=trustor_user_id)371 # user cannot list another user's trusts372 trust_id = self.user_trust_client.create_trust(373 **self.trust())['trust']['id']374 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)375 self.do_request('list_trusts', expected_status=exceptions.Forbidden,376 trustor_user_id=self.trustor)377 def test_identity_list_trusts_for_trustee(self):378 # user can list their own trusts379 trustee_user_id = self.persona.credentials.user_id380 trust_id = self.user_trust_client.create_trust(381 **self.trust(trustee=trustee_user_id))['trust']['id']382 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)383 self.do_request('list_trusts', trustee_user_id=trustee_user_id)384 # user cannot list another user's trusts385 trust_id = self.user_trust_client.create_trust(386 **self.trust())['trust']['id']387 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)388 self.do_request('list_trusts', expected_status=exceptions.Forbidden,389 trustee_user_id=self.trustee)390 def test_identity_list_roles_for_trust(self):391 # user can list roles for trust for which they are trustor392 trustor_user_id = self.persona.credentials.user_id393 project_id = self.persona.credentials.project_id394 trust_id = self.client.create_trust(395 **self.trust(trustor=trustor_user_id,396 project_id=project_id,397 roles=[{'id': self.role_id}]))['trust']['id']398 self.addCleanup(self.client.delete_trust, trust_id=trust_id)399 self.do_request('list_trust_roles', trust_id=trust_id)400 # user can list roles for trust for which they are trustee401 trustee_user_id = self.persona.credentials.user_id402 trust_id = self.user_trust_client.create_trust(403 **self.trust(trustee=trustee_user_id))['trust']['id']404 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)405 self.do_request('list_trust_roles', trust_id=trust_id)406 # user cannot list roles for trust with which they are unaffiliated407 trust_id = self.user_trust_client.create_trust(408 **self.trust())['trust']['id']409 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)410 self.do_request('list_trust_roles',411 expected_status=exceptions.Forbidden,412 trust_id=trust_id)413 def test_identity_get_role_for_trust(self):414 # user can get roles for trust for which they are trustor415 trustor_user_id = self.persona.credentials.user_id416 project_id = self.persona.credentials.project_id417 trust_id = self.client.create_trust(418 **self.trust(trustor=trustor_user_id,419 project_id=project_id,420 roles=[{'id': self.role_id}]))['trust']['id']421 self.addCleanup(self.client.delete_trust, trust_id=trust_id)422 self.do_request('show_trust_role',423 trust_id=trust_id, role_id=self.role_id)424 # user can list roles for trust for which they are trustee425 trustee_user_id = self.persona.credentials.user_id426 trust_id = self.user_trust_client.create_trust(427 **self.trust(trustee=trustee_user_id))['trust']['id']428 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)429 self.do_request('show_trust_role',430 trust_id=trust_id, role_id=self.roles[0]['id'])431 # user cannot list roles for trust with which they are unaffiliated432 trust_id = self.user_trust_client.create_trust(433 **self.trust())['trust']['id']434 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)435 self.do_request('show_trust_role',436 expected_status=exceptions.Forbidden,437 trust_id=trust_id, role_id=self.role_id)438 def test_identity_delete_trust(self):439 # user can delete trust for which they are the trustor440 trustor_user_id = self.persona.credentials.user_id441 project_id = self.persona.credentials.project_id442 trust_id = self.client.create_trust(443 **self.trust(trustor=trustor_user_id,444 project_id=project_id,445 roles=[{'id': self.role_id}]))['trust']['id']446 self.do_request('delete_trust', expected_status=204, trust_id=trust_id)447 # user cannot delete trust for which they are the trustee448 trustee_user_id = self.persona.credentials.user_id449 trust_id = self.user_trust_client.create_trust(450 **self.trust(trustee=trustee_user_id))['trust']['id']451 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)452 self.do_request('delete_trust', expected_status=exceptions.Forbidden,453 trust_id=trust_id)454 # user cannot delete trust with which they are unaffiliated455 trust_id = self.user_trust_client.create_trust(456 **self.trust())['trust']['id']457 self.addCleanup(self.user_trust_client.delete_trust, trust_id=trust_id)458 self.do_request('delete_trust', expected_status=exceptions.Forbidden,459 trust_id=trust_id)460class ProjectMemberTests(ProjectAdminTests):461 credentials = ['project_member', 'system_admin']462 def setUp(self):463 super(ProjectMemberTests, self).setUp()464 self.role_id = self.member_role_id465class ProjectReaderTests(ProjectAdminTests):466 credentials = ['project_reader', 'system_admin']467 def setUp(self):468 super(ProjectReaderTests, self).setUp()...

Full Screen

Full Screen

trusts_client.py

Source:trusts_client.py Github

copy

Full Screen

...54 resp, body = self.get("OS-TRUST/trusts/%s/roles" % trust_id)55 self.expected_success(200, resp.status)56 body = json.loads(body)57 return rest_client.ResponseBody(resp, body)58 def show_trust_role(self, trust_id, role_id):59 """GET role delegated by a trust."""60 resp, body = self.get("OS-TRUST/trusts/%s/roles/%s"61 % (trust_id, role_id))62 self.expected_success(200, resp.status)63 body = json.loads(body)64 return rest_client.ResponseBody(resp, body)65 def check_trust_role(self, trust_id, role_id):66 """HEAD Check if role is delegated by a trust."""67 resp, body = self.head("OS-TRUST/trusts/%s/roles/%s"68 % (trust_id, role_id))69 self.expected_success(200, resp.status)...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run tempest automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

... View sample repo... View DocumentationSign up Free
_

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

...
Sign up with GoogleSign up with Email
Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful