Lance Bragstad 8bfa180430 Add system role functionality
This commit adds the necessary bits to expose system role
assignments to openstackclient via python-keystoneclient.

bp system-scope

Depends-On: Iecbcbf020a15f2bec777334c648d4477f89f3b2c
Change-Id: I261e84700b51e8715eaebdc3f8f8bc46b68542c2
2018-06-04 20:09:14 +00:00

725 lines
22 KiB
Python

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
import copy
import mock
from openstackclient.identity.v3 import role_assignment
from openstackclient.tests.unit import fakes
from openstackclient.tests.unit.identity.v3 import fakes as identity_fakes
class TestRoleAssignment(identity_fakes.TestIdentityv3):
def setUp(self):
super(TestRoleAssignment, self).setUp()
class TestRoleAssignmentList(TestRoleAssignment):
columns = (
'Role',
'User',
'Group',
'Project',
'Domain',
'System',
'Inherited',
)
def setUp(self):
super(TestRoleAssignment, self).setUp()
# Get a shortcut to the UserManager Mock
self.users_mock = self.app.client_manager.identity.users
self.users_mock.reset_mock()
# Get a shortcut to the GroupManager Mock
self.groups_mock = self.app.client_manager.identity.groups
self.groups_mock.reset_mock()
# Get a shortcut to the DomainManager Mock
self.domains_mock = self.app.client_manager.identity.domains
self.domains_mock.reset_mock()
# Get a shortcut to the ProjectManager Mock
self.projects_mock = self.app.client_manager.identity.projects
self.projects_mock.reset_mock()
# Get a shortcut to the RoleManager Mock
self.roles_mock = self.app.client_manager.identity.roles
self.roles_mock.reset_mock()
self.role_assignments_mock = self.app.client_manager.identity.\
role_assignments
self.role_assignments_mock.reset_mock()
# Get the command object to test
self.cmd = role_assignment.ListRoleAssignment(self.app, None)
def test_role_assignment_list_no_filters(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_GROUP_ID),
loaded=True,
),
]
arglist = []
verifylist = []
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
group=None,
effective=False,
role=None,
user=None,
project=None,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
identity_fakes.project_id,
'',
'',
False
), (identity_fakes.role_id,
'',
identity_fakes.group_id,
identity_fakes.project_id,
'',
'',
False
),)
self.assertEqual(datalist, tuple(data))
def test_role_assignment_list_user(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID),
loaded=True,
),
]
arglist = [
'--user', identity_fakes.user_name
]
verifylist = [
('user', identity_fakes.user_name),
('group', None),
('system', None),
('domain', None),
('project', None),
('role', None),
('effective', False),
('inherited', False),
('names', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
user=self.users_mock.get(),
group=None,
project=None,
role=None,
effective=False,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
'',
identity_fakes.domain_id,
'',
False
), (identity_fakes.role_id,
identity_fakes.user_id,
'',
identity_fakes.project_id,
'',
'',
False
),)
self.assertEqual(datalist, tuple(data))
def test_role_assignment_list_group(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_DOMAIN_ID_AND_GROUP_ID),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_GROUP_ID),
loaded=True,
),
]
arglist = [
'--group', identity_fakes.group_name
]
verifylist = [
('user', None),
('group', identity_fakes.group_name),
('system', None),
('domain', None),
('project', None),
('role', None),
('effective', False),
('inherited', False),
('names', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
group=self.groups_mock.get(),
effective=False,
project=None,
role=None,
user=None,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
'',
identity_fakes.group_id,
'',
identity_fakes.domain_id,
'',
False
), (identity_fakes.role_id,
'',
identity_fakes.group_id,
identity_fakes.project_id,
'',
'',
False
),)
self.assertEqual(datalist, tuple(data))
def test_role_assignment_list_domain(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_DOMAIN_ID_AND_GROUP_ID),
loaded=True,
),
]
arglist = [
'--domain', identity_fakes.domain_name
]
verifylist = [
('user', None),
('group', None),
('system', None),
('domain', identity_fakes.domain_name),
('project', None),
('role', None),
('effective', False),
('inherited', False),
('names', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=self.domains_mock.get(),
system=None,
group=None,
effective=False,
project=None,
role=None,
user=None,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
'',
identity_fakes.domain_id,
'',
False
), (identity_fakes.role_id,
'',
identity_fakes.group_id,
'',
identity_fakes.domain_id,
'',
False
),)
self.assertEqual(datalist, tuple(data))
def test_role_assignment_list_project(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_GROUP_ID),
loaded=True,
),
]
arglist = [
'--project', identity_fakes.project_name
]
verifylist = [
('user', None),
('group', None),
('system', None),
('domain', None),
('project', identity_fakes.project_name),
('role', None),
('effective', False),
('inherited', False),
('names', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
group=None,
effective=False,
project=self.projects_mock.get(),
role=None,
user=None,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
identity_fakes.project_id,
'',
'',
False
), (identity_fakes.role_id,
'',
identity_fakes.group_id,
identity_fakes.project_id,
'',
'',
False
),)
self.assertEqual(datalist, tuple(data))
def test_role_assignment_list_def_creds(self):
auth_ref = self.app.client_manager.auth_ref = mock.Mock()
auth_ref.project_id.return_value = identity_fakes.project_id
auth_ref.user_id.return_value = identity_fakes.user_id
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID),
loaded=True,
),
]
arglist = [
'--auth-user',
'--auth-project',
]
verifylist = [
('user', None),
('group', None),
('system', None),
('domain', None),
('project', None),
('role', None),
('effective', False),
('inherited', False),
('names', False),
('authuser', True),
('authproject', True),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
user=self.users_mock.get(),
group=None,
project=self.projects_mock.get(),
role=None,
effective=False,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
identity_fakes.project_id,
'',
'',
False
),)
self.assertEqual(datalist, tuple(data))
def test_role_assignment_list_effective(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID),
loaded=True,
),
]
arglist = ['--effective']
verifylist = [
('user', None),
('group', None),
('system', None),
('domain', None),
('project', None),
('role', None),
('effective', True),
('inherited', False),
('names', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
group=None,
effective=True,
project=None,
role=None,
user=None,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
identity_fakes.project_id,
'',
'',
False
), (identity_fakes.role_id,
identity_fakes.user_id,
'',
'',
identity_fakes.domain_id,
'',
False
),)
self.assertEqual(tuple(data), datalist)
def test_role_assignment_list_inherited(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
(identity_fakes.
ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID_INHERITED)),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
(identity_fakes.
ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID_INHERITED)),
loaded=True,
),
]
arglist = ['--inherited']
verifylist = [
('user', None),
('group', None),
('system', None),
('domain', None),
('project', None),
('role', None),
('effective', False),
('inherited', True),
('names', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
group=None,
effective=False,
project=None,
role=None,
user=None,
os_inherit_extension_inherited_to='projects',
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.role_id,
identity_fakes.user_id,
'',
identity_fakes.project_id,
'',
'',
True
), (identity_fakes.role_id,
identity_fakes.user_id,
'',
'',
identity_fakes.domain_id,
'',
True
),)
self.assertEqual(datalist, tuple(data))
def test_role_assignment_list_include_names(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes
.ASSIGNMENT_WITH_PROJECT_ID_AND_USER_ID_INCLUDE_NAMES),
loaded=True,
),
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes
.ASSIGNMENT_WITH_DOMAIN_ID_AND_USER_ID_INCLUDE_NAMES),
loaded=True,
),
]
arglist = ['--names']
verifylist = [
('user', None),
('group', None),
('system', None),
('domain', None),
('project', None),
('role', None),
('effective', False),
('inherited', False),
('names', True),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# DisplayCommandBase.take_action() returns two tuples
# This test will not run correctly until the patch in the python
# client is merged. Once that is done 'data' should return the
# correct information
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
group=None,
effective=False,
project=None,
role=None,
user=None,
os_inherit_extension_inherited_to=None,
include_names=True)
collist = (
'Role', 'User', 'Group', 'Project', 'Domain', 'System', 'Inherited'
)
self.assertEqual(columns, collist)
datalist1 = ((
identity_fakes.role_name,
'@'.join([identity_fakes.user_name, identity_fakes.domain_name]),
'',
'@'.join([identity_fakes.project_name,
identity_fakes.domain_name]),
'',
'',
False
), (identity_fakes.role_name,
'@'.join([identity_fakes.user_name, identity_fakes.domain_name]),
'',
'',
identity_fakes.domain_name,
'',
False
),)
self.assertEqual(tuple(data), datalist1)
def test_role_assignment_list_domain_role(self):
self.role_assignments_mock.list.return_value = [
fakes.FakeResource(
None,
copy.deepcopy(
identity_fakes.ASSIGNMENT_WITH_DOMAIN_ROLE),
loaded=True,
),
]
arglist = [
'--role', identity_fakes.ROLE_2['name'],
'--role-domain', identity_fakes.domain_name
]
verifylist = [
('user', None),
('group', None),
('system', None),
('domain', None),
('project', None),
('role', identity_fakes.ROLE_2['name']),
('effective', False),
('inherited', False),
('names', False),
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
# In base command class Lister in cliff, abstract method take_action()
# returns a tuple containing the column names and an iterable
# containing the data to be listed.
columns, data = self.cmd.take_action(parsed_args)
self.role_assignments_mock.list.assert_called_with(
domain=None,
system=None,
user=None,
group=None,
project=None,
role=self.roles_mock.get(),
effective=False,
os_inherit_extension_inherited_to=None,
include_names=False)
self.assertEqual(self.columns, columns)
datalist = ((
identity_fakes.ROLE_2['id'],
identity_fakes.user_id,
'',
'',
identity_fakes.domain_id,
'',
False
),)
self.assertEqual(datalist, tuple(data))