File: test_access_rule.py

package info (click to toggle)
python-openstacksdk 4.4.0-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 13,352 kB
  • sloc: python: 122,960; sh: 153; makefile: 23
file content (81 lines) | stat: -rw-r--r-- 3,147 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from openstack import exceptions
from openstack.tests.functional import base


class TestAccessRule(base.BaseFunctionalTest):
    def setUp(self):
        super().setUp()
        self.user_id = self.operator_cloud.current_user_id

    def _create_application_credential_with_access_rule(self):
        """create application credential with access_rule."""

        app_cred = self.conn.identity.create_application_credential(
            user=self.user_id,
            name='app_cred',
            access_rules=[
                {
                    "path": "/v2.0/metrics",
                    "service": "monitoring",
                    "method": "GET",
                }
            ],
        )
        self.addCleanup(
            self.conn.identity.delete_application_credential,
            self.user_id,
            app_cred['id'],
        )
        return app_cred

    def test_get_access_rule(self):
        app_cred = self._create_application_credential_with_access_rule()
        access_rule_id = app_cred['access_rules'][0]['id']
        access_rule = self.conn.identity.get_access_rule(
            user=self.user_id, access_rule=access_rule_id
        )
        self.assertEqual(access_rule['id'], access_rule_id)
        self.assertEqual(access_rule['user_id'], self.user_id)

    def test_list_access_rules(self):
        app_cred = self._create_application_credential_with_access_rule()
        access_rule_id = app_cred['access_rules'][0]['id']
        access_rules = self.conn.identity.access_rules(user=self.user_id)
        self.assertEqual(1, len(list(access_rules)))
        for access_rule in access_rules:
            self.assertEqual(app_cred['user_id'], self.user_id)
            self.assertEqual(access_rule_id, access_rule['id'])

    def test_delete_access_rule(self):
        app_cred = self._create_application_credential_with_access_rule()
        access_rule_id = app_cred['access_rules'][0]['id']

        # This is expected to raise an exception since access_rule is still
        # in use for app_cred.
        self.assertRaises(
            exceptions.HttpException,
            self.conn.identity.delete_access_rule,
            user=self.user_id,
            access_rule=access_rule_id,
        )

        # delete application credential first to delete access rule
        self.conn.identity.delete_application_credential(
            user=self.user_id, application_credential=app_cred['id']
        )
        # delete orphaned access rules
        self.conn.identity.delete_access_rule(
            user=self.user_id, access_rule=access_rule_id
        )