From 3923fb4f3c9ea15b03d5d8ea811d93e712d82a5b Mon Sep 17 00:00:00 2001 From: Ansuman Bebarta Date: Thu, 9 Jan 2020 18:03:29 +0530 Subject: [PATCH] Add rbac tests for customer Change-Id: Ia5956f446833f3961fc487191ff7578677aeb07e --- ranger_tempest_plugin/tests/api/cms_base.py | 22 +++ .../tests/api/test_customers.py | 22 --- .../tests/rbac/test_customers.py | 167 +++++++++++++++++- 3 files changed, 187 insertions(+), 24 deletions(-) diff --git a/ranger_tempest_plugin/tests/api/cms_base.py b/ranger_tempest_plugin/tests/api/cms_base.py index faa2ffa..3d58f25 100755 --- a/ranger_tempest_plugin/tests/api/cms_base.py +++ b/ranger_tempest_plugin/tests/api/cms_base.py @@ -31,6 +31,28 @@ LOG = logging.getLogger(__name__) class CmsBaseOrmTest(base.BaseOrmTest): credentials = ['admin', 'primary', 'alt'] + @classmethod + def resource_setup(cls): + cls.setup_customer = cls._get_customer_params() + cls.setup_customer_id = \ + cls._create_cust_validate_creation_on_dcp_and_lcp( + **cls.setup_customer) + + cls.addClassResourceCleanup( + cls._del_cust_validate_deletion_on_dcp_and_lcp, + cls.setup_customer_id) + + cls.bare_customer = cls._get_bare_customer_params() + cls.bare_customer_id = \ + cls._create_cust_validate_creation_on_dcp_and_lcp( + **cls.bare_customer) + + cls.addClassResourceCleanup( + cls._del_cust_validate_deletion_on_dcp_and_lcp, + cls.bare_customer_id) + + super(CmsBaseOrmTest, cls).resource_setup() + @classmethod def setup_clients(cls): super(CmsBaseOrmTest, cls).setup_clients() diff --git a/ranger_tempest_plugin/tests/api/test_customers.py b/ranger_tempest_plugin/tests/api/test_customers.py index 5eb359b..019d4df 100755 --- a/ranger_tempest_plugin/tests/api/test_customers.py +++ b/ranger_tempest_plugin/tests/api/test_customers.py @@ -28,28 +28,6 @@ CONF = config.CONF class TestTempestCms(cms_base.CmsBaseOrmTest): - @classmethod - def resource_setup(cls): - cls.setup_customer = cls._get_customer_params() - cls.setup_customer_id = \ - cls._create_cust_validate_creation_on_dcp_and_lcp( - **cls.setup_customer) - - cls.addClassResourceCleanup( - cls._del_cust_validate_deletion_on_dcp_and_lcp, - cls.setup_customer_id) - - cls.bare_customer = cls._get_bare_customer_params() - cls.bare_customer_id = \ - cls._create_cust_validate_creation_on_dcp_and_lcp( - **cls.bare_customer) - - cls.addClassResourceCleanup( - cls._del_cust_validate_deletion_on_dcp_and_lcp, - cls.bare_customer_id) - - super(TestTempestCms, cls).resource_setup() - def _delete_customer(self, id_, region): """Try to delete customer from dcp only""" self.client.delete_region_from_customer(id_, region) diff --git a/ranger_tempest_plugin/tests/rbac/test_customers.py b/ranger_tempest_plugin/tests/rbac/test_customers.py index fd1796d..5f74af4 100644 --- a/ranger_tempest_plugin/tests/rbac/test_customers.py +++ b/ranger_tempest_plugin/tests/rbac/test_customers.py @@ -17,7 +17,7 @@ from patrole_tempest_plugin import rbac_rule_validation from patrole_tempest_plugin import rbac_utils -from ranger_tempest_plugin.tests.api import test_customers +from ranger_tempest_plugin.tests.api import cms_base from tempest import config from tempest.lib import decorators @@ -26,7 +26,7 @@ from tempest.lib import decorators CONF = config.CONF -class TestCustomer(rbac_utils.RbacUtilsMixin, test_customers.TestTempestCms): +class TestCustomer(rbac_utils.RbacUtilsMixin, cms_base.CmsBaseOrmTest): @classmethod def setup_clients(cls): @@ -66,3 +66,166 @@ class TestCustomer(rbac_utils.RbacUtilsMixin, test_customers.TestTempestCms): self.addCleanup(self._del_cust_validate_deletion_on_dcp_and_lcp, test_customer_id) self._wait_for_status(test_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:update'], + expected_error_codes=[403]) + @decorators.idempotent_id('b2b1d36a-9448-4646-839b-9698405ada6d') + def test_update_customer(self): + customer = self._get_bare_customer_params() + customer['name'] = self.setup_customer['name'] + customer['regions'] = [{'name': CONF.identity.region}] + with self.override_role(): + self.client.update_customer(self.setup_customer_id, customer) + self._wait_for_status(self.setup_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:delete'], + expected_error_codes=[403]) + @decorators.idempotent_id('58c7f2a6-3bfe-4ac4-ab10-1064efc10dbe') + def test_delete_customer(self): + customer = self._get_bare_customer_params() + customer_id = ( + self._create_cust_validate_creation_on_dcp_and_lcp( + **customer)) + with self.override_role(): + self.client.delete_customer(customer_id) + + @rbac_rule_validation.action(service='ranger', + rules=['customers:add_region_user'], + expected_error_codes=[403]) + @decorators.idempotent_id('4745cf25-aec5-4aaa-9664-eb3d20e45f31') + def test_add_region_user(self): + post_body = self._get_customer_params(region_users=False, + default_users=False) + test_customer_id = self._create_cust_validate_creation_on_dcp_and_lcp( + **post_body) + self.addCleanup(self._del_cust_validate_deletion_on_dcp_and_lcp, + test_customer_id) + _, body = self.client.get_customer(test_customer_id) + self.assertFalse(body["regions"][0]["users"]) + + post_region_user = self._get_user_params() + with self.override_role(): + self.client.add_region_user(test_customer_id, + CONF.identity.region, + *post_region_user) + self._wait_for_status(test_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:update_region_user'], + expected_error_codes=[403]) + @decorators.idempotent_id('6776a21a-2572-4b78-aa03-59a6cf4e163b') + def test_update_region_user(self): + put_region_user = self._get_user_params(alt=True) + with self.override_role(): + self.client.replace_region_user(self.setup_customer_id, + CONF.identity.region, + *put_region_user) + self._wait_for_status(self.setup_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:delete_region_user'], + expected_error_codes=[403]) + @decorators.idempotent_id('ceaf7bb2-fd6d-442d-90ba-1a41aacaed4f') + def test_delete_region_user(self): + post_body = self._get_customer_params(default_users=False) + region_user_id = post_body["regions"][0]["users"][0]["id"] + test_customer_id = self._create_cust_validate_creation_on_dcp_and_lcp( + **post_body) + self.addCleanup(self._del_cust_validate_deletion_on_dcp_and_lcp, + test_customer_id) + with self.override_role(): + self.client.delete_region_user(test_customer_id, + CONF.identity.region, + region_user_id) + self._wait_for_status(test_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:add_default_user'], + expected_error_codes=[403]) + @decorators.idempotent_id('975d87a6-4e14-42a6-98ce-71e7277b4768') + def test_add_default_user(self): + post_default_user = self._get_user_params() + with self.override_role(): + self.client.add_default_user( + self.bare_customer_id, *post_default_user) + self._wait_for_status(self.bare_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:update_default_user'], + expected_error_codes=[403]) + @decorators.idempotent_id('8220fd8a-7677-4071-ad6c-bd0b14860b39') + def test_update_default_user(self): + put_default_user = self._get_user_params(alt=True) + with self.override_role(): + self.client.replace_default_user( + self.bare_customer_id, *put_default_user) + self._wait_for_status(self.bare_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:delete_default_user'], + expected_error_codes=[403]) + @decorators.idempotent_id('3cb53862-701b-40cd-a436-8bbe88dc91fb') + def test_delete_default_user(self): + post_body = self._get_customer_params() + default_user_id = post_body['users'][0]['id'] + test_customer_id = self._create_cust_validate_creation_on_dcp_and_lcp( + **post_body) + self.addCleanup(self._del_cust_validate_deletion_on_dcp_and_lcp, + test_customer_id) + with self.override_role(): + self.client.delete_default_user( + test_customer_id, default_user_id) + self._wait_for_status(test_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:add_metadata'], + expected_error_codes=[403]) + @decorators.idempotent_id('bbb961fe-0770-492a-b4a2-1c5d6d05df2e') + def test_add_metadata(self): + metadata = {'metadata': {'add_key': 'add_value'}} + with self.override_role(): + self.client.add_metadata(self.setup_customer_id, + metadata) + self._wait_for_status(self.setup_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:update_metadata'], + expected_error_codes=[403]) + @decorators.idempotent_id('470193ab-37d0-44d8-ba4e-1ed975d631f2') + def test_update_metadata(self): + metadata = {'metadata': {'replace_key': 'replace_value'}} + with self.override_role(): + self.client.replace_metadata(self.setup_customer_id, metadata) + self._wait_for_status(self.setup_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:enable'], + expected_error_codes=[403]) + @decorators.idempotent_id('83ba3e54-e6e6-48ce-b67b-c2f389a63b9a') + def test_disable_customer(self): + with self.override_role(): + self.client.enable_customer(self.setup_customer_id, False) + self._wait_for_status(self.setup_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:add_region'], + expected_error_codes=[403]) + @decorators.idempotent_id('80d3d706-01ce-4de1-987a-8e61a70e494b') + def test_add_region(self): + region = self._get_region_params() + with self.override_role(): + self.client.add_regions(self.bare_customer_id, region) + self._wait_for_status(self.bare_customer_id, 'Success') + + @rbac_rule_validation.action(service='ranger', + rules=['customers:delete_region'], + expected_error_codes=[403]) + @decorators.idempotent_id('1cd601db-39d8-424b-a82f-87c7645a0c1c') + def test_delete_region(self): + region_name = self.setup_customer['regions'][0]['name'] + with self.override_role(): + self.client.delete_region_from_customer( + self.setup_customer_id, region_name) + self._wait_for_status(self.setup_customer_id, 'no regions')