1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# -*- coding: utf-8 -*-
from __future__ import absolute_import
from .helper import DashboardTestCase
class RoleTest(DashboardTestCase):
@classmethod
def _create_role(cls, name=None, description=None, scopes_permissions=None):
data = {}
if name:
data['name'] = name
if description:
data['description'] = description
if scopes_permissions:
data['scopes_permissions'] = scopes_permissions
cls._post('/api/role', data)
def test_crud_role(self):
self._create_role(name='role1',
description='Description 1',
scopes_permissions={'osd': ['read']})
self.assertStatus(201)
self.assertJsonBody({
'name': 'role1',
'description': 'Description 1',
'scopes_permissions': {'osd': ['read']},
'system': False
})
self._get('/api/role/role1')
self.assertStatus(200)
self.assertJsonBody({
'name': 'role1',
'description': 'Description 1',
'scopes_permissions': {'osd': ['read']},
'system': False
})
self._put('/api/role/role1', {
'description': 'Description 2',
'scopes_permissions': {'osd': ['read', 'update']},
})
self.assertStatus(200)
self.assertJsonBody({
'name': 'role1',
'description': 'Description 2',
'scopes_permissions': {'osd': ['read', 'update']},
'system': False
})
self._delete('/api/role/role1')
self.assertStatus(204)
def test_list_roles(self):
roles = self._get('/api/role')
self.assertStatus(200)
self.assertGreaterEqual(len(roles), 1)
for role in roles:
self.assertIn('name', role)
self.assertIn('description', role)
self.assertIn('scopes_permissions', role)
self.assertIn('system', role)
def test_get_role_does_not_exist(self):
self._get('/api/role/role2')
self.assertStatus(404)
def test_create_role_already_exists(self):
self._create_role(name='read-only',
description='Description 1',
scopes_permissions={'osd': ['read']})
self.assertStatus(400)
self.assertError(code='role_already_exists',
component='role')
def test_create_role_no_name(self):
self._create_role(description='Description 1',
scopes_permissions={'osd': ['read']})
self.assertStatus(400)
self.assertError(code='name_required',
component='role')
def test_create_role_invalid_scope(self):
self._create_role(name='role1',
description='Description 1',
scopes_permissions={'invalid-scope': ['read']})
self.assertStatus(400)
self.assertError(code='invalid_scope',
component='role')
def test_create_role_invalid_permission(self):
self._create_role(name='role1',
description='Description 1',
scopes_permissions={'osd': ['invalid-permission']})
self.assertStatus(400)
self.assertError(code='invalid_permission',
component='role')
def test_delete_role_does_not_exist(self):
self._delete('/api/role/role2')
self.assertStatus(404)
def test_delete_system_role(self):
self._delete('/api/role/read-only')
self.assertStatus(400)
self.assertError(code='cannot_delete_system_role',
component='role')
def test_delete_role_associated_with_user(self):
self.create_user("user", "user", ['read-only'])
self._create_role(name='role1',
description='Description 1',
scopes_permissions={'user': ['create', 'read', 'update', 'delete']})
self.assertStatus(201)
self._put('/api/user/user', {'roles': ['role1']})
self.assertStatus(200)
self._delete('/api/role/role1')
self.assertStatus(400)
self.assertError(code='role_is_associated_with_user',
component='role')
self._put('/api/user/user', {'roles': ['administrator']})
self.assertStatus(200)
self._delete('/api/role/role1')
self.assertStatus(204)
self.delete_user("user")
def test_update_role_does_not_exist(self):
self._put('/api/role/role2', {})
self.assertStatus(404)
def test_update_system_role(self):
self._put('/api/role/read-only', {})
self.assertStatus(400)
self.assertError(code='cannot_update_system_role',
component='role')
def test_clone_role(self):
self._post('/api/role/read-only/clone', {'new_name': 'foo'})
self.assertStatus(201)
self._delete('/api/role/foo')
|