Google Git
Sign in
apache / cloudstack / HEAD / . / test / integration / smoke / test_private_roles.py
blob: 32d488333488f68576a3b5c0f6fc038db6d63bf6 [file] [log] [blame]
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from marvin.cloudstackAPI import *
from marvin.cloudstackTestCase import cloudstackTestCase
from marvin.lib.base import Account, Role, User
from marvin.lib.utils import cleanup_resources
from nose.plugins.attrib import attr
import random
class TestData(object):
"""Test data object that is required to create resources
"""
def __init__(self):
self.testdata = {
"accountadmin": {
"email": "mtu@test.cloud",
"firstname": "Marvin",
"lastname": "TestAdminAccount",
"username": "TestAdminAccount",
"password": "password"
},
"accountdomainadmin": {
"email": "mtu@test.cloud",
"firstname": "Marvin",
"lastname": "TestDomainAdminAccount",
"username": "TestDomainAdminAccount",
"password": "password"
},
"accountroleuser": {
"email": "mtu@test.cloud",
"firstname": "Marvin",
"lastname": "TestUserAccount",
"username": "TestUserAccount",
"password": "password"
},
"roleadmin": {
"name": "MarvinFake Admin Role ",
"type": "Admin",
"description": "Fake Admin Role created by Marvin test"
},
"roleuser": {
"name": "MarvinFake User Role ",
"type": "User",
"description": "Fake User Role created by Marvin test",
"ispublic": False
},
"publicrole": {
"name": "MarvinFake Public Role ",
"type": "User",
"description": "Fake Public Role created by Marvin test"
},
"importrole": {
"name": "MarvinFake Import Role ",
"type": "User",
"description": "Fake Import User Role created by Marvin test",
"ispublic": True,
"rules": [{"rule":"list*", "permission":"allow","description":"Listing apis"},
{"rule":"get*", "permission":"allow","description":"Get apis"},
{"rule":"update*", "permission":"deny","description":"Update apis"}]
},
"roledomainadmin": {
"name": "MarvinFake DomainAdmin Role ",
"type": "DomainAdmin",
"description": "Fake Domain-Admin Role created by Marvin test",
"ispublic": False
},
"apiConfig": {
"listApis": "allow",
"listAccounts": "allow",
"listClusters": "deny",
"*VM*": "allow",
"*Host*": "deny"
}
}
class TestPrivateRoles(cloudstackTestCase):
"""Tests Visibility of private and public roles
"""
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.testdata = TestData().testdata
self.testdata["roleadmin"]["name"] += self.getRandomString()
self.testdata["roledomainadmin"]["name"] += self.getRandomString()
self.testdata["roleuser"]["name"] += self.getRandomString()
self.cleanup = []
self.role_admin = Role.create(
self.apiclient,
self.testdata["roleadmin"]
)
self.cleanup.append(self.role_admin)
self.role_domain_admin = Role.create(
self.apiclient,
self.testdata["roledomainadmin"]
)
self.cleanup.append(self.role_domain_admin)
self.private_role = Role.create(
self.apiclient,
self.testdata["roleuser"]
)
self.cleanup.append(self.private_role)
self.account_admin = Account.create(
self.apiclient,
self.testdata["accountadmin"],
roleid=self.role_admin.id
)
self.cleanup.append(self.account_admin)
self.account_domain_admin = Account.create(
self.apiclient,
self.testdata["accountdomainadmin"],
roleid=self.role_domain_admin.id
)
self.cleanup.append(self.account_domain_admin)
self.admin_apiclient = self.testClient.getUserApiClient(
UserName=self.account_admin.name,
DomainName='ROOT',
type=1
)
self.domain_admin_apiclient = self.testClient.getUserApiClient(
UserName=self.account_domain_admin.name,
DomainName='ROOT',
type=2
)
def tearDown(self):
super(TestPrivateRoles, self).tearDown()
def getRandomString(self):
return "".join(random.choice("abcdefghijklmnopqrstuvwxyz0123456789") for _ in range(10))
def asserts_visibility_of_private_role(self, role_id):
list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id)
self.assertEqual(
list_roles_domain_admin,
None,
"Domain Admins should not be able to list private roles"
)
list_roles_admin = Role.list(self.admin_apiclient, id=role_id)
self.assertNotEqual(
list_roles_admin,
None,
"Admins should be able to list private roles"
)
def asserts_visibility_of_public_role(self, role_id):
list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id)
self.assertNotEqual(
list_roles_domain_admin,
None,
"Domain Admins should be able to list public roles"
)
list_roles_admin = Role.list(self.admin_apiclient, id=role_id)
self.assertNotEqual(
list_roles_admin,
None,
"Admins should be able to list public roles"
)
@attr(tags=['simulator', 'basic'], required_hardware=False)
def test_create_role(self):
"""
1. Create a private role
2. Create a public role
3. Verify whether their visibility is as expected
"""
self.testdata["roleuser"]["name"] += self.getRandomString()
self.testdata["publicrole"]["name"] += self.getRandomString()
private_role = Role.create(
self.apiclient,
self.testdata["roleuser"]
)
self.cleanup.append(self.private_role)
public_role = Role.create(
self.apiclient,
self.testdata["publicrole"]
)
self.cleanup.append(self.public_role)
self.asserts_visibility_of_private_role(private_role.id)
self.asserts_visibility_of_public_role(public_role.id)
@attr(tags=['simulator', 'basic'], required_hardware=False)
def test_update_role(self):
"""
1. Create a public role
2. Check if its visibility is public
3. Update it to make it private
4. Verify if its visibility is private
"""
self.testdata["publicrole"]["name"] += self.getRandomString()
role = Role.create(
self.apiclient,
self.testdata["publicrole"]
)
self.cleanup.append(role)
self.asserts_visibility_of_public_role(role.id)
role.update(self.apiclient, id=role.id, ispublic=False)
self.asserts_visibility_of_private_role(role.id)
@attr(tags=['simulator', 'basic'], required_hardware=False)
def test_import_role(self):
"""
1. Import a public role
2. Import a private role
3. Verify their visibility
"""
self.testdata["importrole"]["name"] += self.getRandomString()
imported_public_role = Role.importRole(
self.apiclient,
self.testdata["importrole"]
)
self.cleanup.append(imported_public_role)
self.testdata["importrole"]["name"] += self.getRandomString()
self.testdata["importrole"]["ispublic"] = False
imported_private_role = Role.importRole(
self.apiclient,
self.testdata["importrole"]
)
self.cleanup.append(imported_private_role)
self.asserts_visibility_of_public_role(imported_public_role.id)
self.asserts_visibility_of_private_role(imported_private_role.id)
@attr(tags=['simulator', 'basic'], required_hardware=False)
def test_login_private_role(self):
"""
1. Crate a User account with a private role
2. Login with the created account
3. Verify that the login was successful
"""
account_private_role = Account.create(
self.apiclient,
self.testdata["accountroleuser"],
roleid=self.private_role.id
)
self.cleanup.append(account_private_role)
response = User.login(
self.apiclient,
username=account_private_role.name,
password=self.testdata["accountroleuser"]["password"]
)
self.assertNotEqual(
response.sessionkey,
None,
"Accounts using private roles should be able to login."
)