ceph/qa/tasks/mgr/dashboard/test_role.py

   1 # -*- coding: utf-8 -*-
   2
   3 from __future__ import absolute_import
   4
   5 from .helper import DashboardTestCase
   6
   7
   8 class RoleTest(DashboardTestCase):
   9     @classmethod
  10     def _create_role(cls, name=None, description=None, scopes_permissions=None):
  11         data = {}
  12         if name:
  13             data['name'] = name
  14         if description:
  15             data['description'] = description
  16         if scopes_permissions:
  17             data['scopes_permissions'] = scopes_permissions
  18         cls._post('/api/role', data)
  19
  20     def test_crud_role(self):
  21         self._create_role(name='role1',
  22                           description='Description 1',
  23                           scopes_permissions={'osd': ['read']})
  24         self.assertStatus(201)
  25         self.assertJsonBody({
  26             'name': 'role1',
  27             'description': 'Description 1',
  28             'scopes_permissions': {'osd': ['read']},
  29             'system': False
  30         })
  31
  32         self._get('/api/role/role1')
  33         self.assertStatus(200)
  34         self.assertJsonBody({
  35             'name': 'role1',
  36             'description': 'Description 1',
  37             'scopes_permissions': {'osd': ['read']},
  38             'system': False
  39         })
  40
  41         self._put('/api/role/role1', {
  42             'description': 'Description 2',
  43             'scopes_permissions': {'osd': ['read', 'update']},
  44         })
  45         self.assertStatus(200)
  46         self.assertJsonBody({
  47             'name': 'role1',
  48             'description': 'Description 2',
  49             'scopes_permissions': {'osd': ['read', 'update']},
  50             'system': False
  51         })
  52
  53         self._delete('/api/role/role1')
  54         self.assertStatus(204)
  55
  56     def test_list_roles(self):
  57         roles = self._get('/api/role')
  58         self.assertStatus(200)
  59
  60         self.assertGreaterEqual(len(roles), 1)
  61         for role in roles:
  62             self.assertIn('name', role)
  63             self.assertIn('description', role)
  64             self.assertIn('scopes_permissions', role)
  65             self.assertIn('system', role)
  66
  67     def test_get_role_does_not_exist(self):
  68         self._get('/api/role/role2')
  69         self.assertStatus(404)
  70
  71     def test_create_role_already_exists(self):
  72         self._create_role(name='read-only',
  73                           description='Description 1',
  74                           scopes_permissions={'osd': ['read']})
  75         self.assertStatus(400)
  76         self.assertError(code='role_already_exists',
  77                          component='role')
  78
  79     def test_create_role_no_name(self):
  80         self._create_role(description='Description 1',
  81                           scopes_permissions={'osd': ['read']})
  82         self.assertStatus(400)
  83         self.assertError(code='name_required',
  84                          component='role')
  85
  86     def test_create_role_invalid_scope(self):
  87         self._create_role(name='role1',
  88                           description='Description 1',
  89                           scopes_permissions={'invalid-scope': ['read']})
  90         self.assertStatus(400)
  91         self.assertError(code='invalid_scope',
  92                          component='role')
  93
  94     def test_create_role_invalid_permission(self):
  95         self._create_role(name='role1',
  96                           description='Description 1',
  97                           scopes_permissions={'osd': ['invalid-permission']})
  98         self.assertStatus(400)
  99         self.assertError(code='invalid_permission',
 100                          component='role')
 101
 102     def test_delete_role_does_not_exist(self):
 103         self._delete('/api/role/role2')
 104         self.assertStatus(404)
 105
 106     def test_delete_system_role(self):
 107         self._delete('/api/role/read-only')
 108         self.assertStatus(400)
 109         self.assertError(code='cannot_delete_system_role',
 110                          component='role')
 111
 112     def test_delete_role_associated_with_user(self):
 113         self.create_user("user", "user", ['read-only'])
 114         self._create_role(name='role1',
 115                           description='Description 1',
 116                           scopes_permissions={'user': ['create', 'read', 'update', 'delete']})
 117         self.assertStatus(201)
 118         self._put('/api/user/user', {'roles': ['role1']})
 119         self.assertStatus(200)
 120
 121         self._delete('/api/role/role1')
 122         self.assertStatus(400)
 123         self.assertError(code='role_is_associated_with_user',
 124                          component='role')
 125
 126         self._put('/api/user/user', {'roles': ['administrator']})
 127         self.assertStatus(200)
 128         self._delete('/api/role/role1')
 129         self.assertStatus(204)
 130         self.delete_user("user")
 131
 132     def test_update_role_does_not_exist(self):
 133         self._put('/api/role/role2', {})
 134         self.assertStatus(404)
 135
 136     def test_update_system_role(self):
 137         self._put('/api/role/read-only', {})
 138         self.assertStatus(400)
 139         self.assertError(code='cannot_update_system_role',
 140                          component='role')
 141
 142     def test_clone_role(self):
 143         self._post('/api/role/read-only/clone', {'new_name': 'foo'})
 144         self.assertStatus(201)
 145         self._delete('/api/role/foo')