]>
git.proxmox.com Git - ceph.git/blob - ceph/qa/tasks/mgr/dashboard/test_role.py
dbfaea9e4f2d4308ae3326ad1082193611d158e2
1 # -*- coding: utf-8 -*-
3 from __future__
import absolute_import
5 from .helper
import DashboardTestCase
8 class RoleTest(DashboardTestCase
):
10 def _create_role(cls
, name
=None, description
=None, scopes_permissions
=None):
15 data
['description'] = description
16 if scopes_permissions
:
17 data
['scopes_permissions'] = scopes_permissions
18 cls
._post
('/api/role', data
)
20 def test_crud_role(self
):
21 self
._create
_role
(name
='role1',
22 description
='Description 1',
23 scopes_permissions
={'osd': ['read']})
24 self
.assertStatus(201)
27 'description': 'Description 1',
28 'scopes_permissions': {'osd': ['read']},
32 self
._get
('/api/role/role1')
33 self
.assertStatus(200)
36 'description': 'Description 1',
37 'scopes_permissions': {'osd': ['read']},
41 self
._put
('/api/role/role1', {
42 'description': 'Description 2',
43 'scopes_permissions': {'osd': ['read', 'update']},
45 self
.assertStatus(200)
48 'description': 'Description 2',
49 'scopes_permissions': {'osd': ['read', 'update']},
53 self
._delete
('/api/role/role1')
54 self
.assertStatus(204)
56 def test_list_roles(self
):
57 roles
= self
._get
('/api/role')
58 self
.assertStatus(200)
60 self
.assertGreaterEqual(len(roles
), 1)
62 self
.assertIn('name', role
)
63 self
.assertIn('description', role
)
64 self
.assertIn('scopes_permissions', role
)
65 self
.assertIn('system', role
)
67 def test_get_role_does_not_exist(self
):
68 self
._get
('/api/role/role2')
69 self
.assertStatus(404)
71 def test_create_role_already_exists(self
):
72 self
._create
_role
(name
='read-only',
73 description
='Description 1',
74 scopes_permissions
={'osd': ['read']})
75 self
.assertStatus(400)
76 self
.assertError(code
='role_already_exists',
79 def test_create_role_no_name(self
):
80 self
._create
_role
(description
='Description 1',
81 scopes_permissions
={'osd': ['read']})
82 self
.assertStatus(400)
83 self
.assertError(code
='name_required',
86 def test_create_role_invalid_scope(self
):
87 self
._create
_role
(name
='role1',
88 description
='Description 1',
89 scopes_permissions
={'invalid-scope': ['read']})
90 self
.assertStatus(400)
91 self
.assertError(code
='invalid_scope',
94 def test_create_role_invalid_permission(self
):
95 self
._create
_role
(name
='role1',
96 description
='Description 1',
97 scopes_permissions
={'osd': ['invalid-permission']})
98 self
.assertStatus(400)
99 self
.assertError(code
='invalid_permission',
102 def test_delete_role_does_not_exist(self
):
103 self
._delete
('/api/role/role2')
104 self
.assertStatus(404)
106 def test_delete_system_role(self
):
107 self
._delete
('/api/role/read-only')
108 self
.assertStatus(400)
109 self
.assertError(code
='cannot_delete_system_role',
112 def test_delete_role_associated_with_user(self
):
113 self
.create_user("user", "user", ['read-only'])
114 self
._create
_role
(name
='role1',
115 description
='Description 1',
116 scopes_permissions
={'user': ['create', 'read', 'update', 'delete']})
117 self
.assertStatus(201)
118 self
._put
('/api/user/user', {'roles': ['role1']})
119 self
.assertStatus(200)
121 self
._delete
('/api/role/role1')
122 self
.assertStatus(400)
123 self
.assertError(code
='role_is_associated_with_user',
126 self
._put
('/api/user/user', {'roles': ['administrator']})
127 self
.assertStatus(200)
128 self
._delete
('/api/role/role1')
129 self
.assertStatus(204)
130 self
.delete_user("user")
132 def test_update_role_does_not_exist(self
):
133 self
._put
('/api/role/role2', {})
134 self
.assertStatus(404)
136 def test_update_system_role(self
):
137 self
._put
('/api/role/read-only', {})
138 self
.assertStatus(400)
139 self
.assertError(code
='cannot_update_system_role',
142 def test_clone_role(self
):
143 self
._post
('/api/role/read-only/clone', {'new_name': 'foo'})
144 self
.assertStatus(201)
145 self
._delete
('/api/role/foo')