Merge "Attempt to slim down protection test base class"

2021-01-21 11:33:13 +00:00 · 2021-01-21 11:33:13 +00:00 · d6661a2d4b
commit d6661a2d4b
parent ac70e24665 c7f24e8ceb
2 changed files with 15 additions and 63 deletions
--- a/ironic/tests/unit/api/test_acl.py
+++ b/ironic/tests/unit/api/test_acl.py
@ -18,39 +18,14 @@ are blocked or allowed to be processed.

 import abc
 from unittest import mock
-import uuid

 import ddt
-from keystoneauth1.fixture import v3 as v3_token
 from keystonemiddleware import auth_token
 from oslo_config import cfg
-from oslo_context import context as oslo_context

 from ironic.tests.unit.api import base
 from ironic.tests.unit.db import utils as db_utils

-cfg.CONF.import_opt('cache', 'keystonemiddleware.auth_token',
-                    group='keystone_authtoken')
-
-
-ADMIN_TOKEN = uuid.uuid4().hex
-MEMBER_TOKEN = uuid.uuid4().hex
-
-admin_context = oslo_context.RequestContext(
-    user_id=ADMIN_TOKEN,
-    roles=['admin', 'member', 'reader'],
-)
-
-member_context = oslo_context.RequestContext(
-    user_id=MEMBER_TOKEN,
-    roles=['member', 'reader'],
-)
-
-USERS = {
-    ADMIN_TOKEN: admin_context.to_dict(),
-    MEMBER_TOKEN: member_context.to_dict(),
-}
-

 class TestACLBase(base.BaseApiTest):

@ -83,31 +58,13 @@ class TestACLBase(base.BaseApiTest):
        if kwargs.get('skip'):
            self.skipTest(kwargs.get('skip_reason', 'Not implemented'))

-    def _fake_process_request(self, request, meow):
-        if self.fake_token:
-            request.user_token_valid = True
-            request.user_token = True
-            # is this right?!?
-            request.token_info = self.fake_token
-            request.auth_token = v3_token.Token(
-                user_id=self.fake_token['user'])
-        else:
-            # Because of this, the user will always get a 403 in testing, even
-            # if the API would normally return a 401 if a token is valid
-            request.user_token_valid = False
+    def _fake_process_request(self, request, auth_token_request):
+        pass

    def _test_request(self, path, params=None, headers=None, method='get',
                      assert_status=None, assert_dict_contains=None):
        path = path.format(**self.format_data)
        self.mock_auth.side_effect = self._fake_process_request
-        if headers:
-            auth_token = headers.get('X-Auth-Token')
-            if auth_token:
-                auth_token = self.format_data[auth_token]
-                headers['X-Auth-Token'] = auth_token
-                self.fake_token = USERS[auth_token]
-                headers['X_ROLES'] = ','.join(USERS[auth_token]['roles'])
-                self.mock_auth.side_effect = self._fake_process_request

        if method == 'get':
            response = self.get_json(
@ -141,8 +98,6 @@ class TestRBACBasic(TestACLBase):
    def _create_test_data(self):
        fake_db_node = db_utils.create_test_node(chassis_id=None)
        self.format_data['node_uuid'] = fake_db_node['uuid']
-        self.format_data['admin_token'] = ADMIN_TOKEN
-        self.format_data['member_token'] = MEMBER_TOKEN

    @ddt.file_data('test_acl_basic.yaml')
    @ddt.unpack
--- a/ironic/tests/unit/api/test_acl_basic.yaml
+++ b/ironic/tests/unit/api/test_acl_basic.yaml
@ -1,31 +1,28 @@
 values:
  skip_reason: For value storage
-  admin_headers: &admin_headers
-    X-Auth-Token: 'admin_token'
-  member_headers: &member_headers
-    X-Auth-Token: 'member_token'
+  project_admin_headers: &project_admin_headers
+    X-Auth-Token: project-admin-token
+    X-Roles: admin,member,reader
+    X-Project-Id: 66140b35c7524c6da836ca834e3fd3f9
+  project_member_headers: &project_member_headers
+    X-Auth-Token: project-member-token
+    X-Roles: member,reader
+    X-Project-Id: 66140b35c7524c6da836ca834e3fd3f9

-non_authenticated:
+unauthenticated_user_cannot_get_node:
  path: &node_path '/v1/nodes/{node_uuid}'
  assert_status: 403

-authenticated:
+project_admin_can_get_node:
  path: *node_path
-  headers: *admin_headers
+  headers: *project_admin_headers
  assert_dict_contains:
    uuid: '{node_uuid}'
    driver: 'fake-hardware'

-non_admin:
+project_member_cannot_get_node:
  path: *node_path
-  headers: *member_headers
-  assert_status: 403
-
-non_admin_with_admin_header:
-  path: *node_path
-  headers:
-    X-Auth-Token: 'member_token'
-    X-Roles: admin
+  headers: *project_member_headers
  assert_status: 403

 public_api: