From a8aad9fec80bcb6c9917d2dd076373f06467849f Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Thu, 9 Jul 2020 16:50:01 -0500
Subject: [PATCH] Add system role assignment tests for users and groups
I was writing some additional functionality and noticed these tests were
missing. This commit adds tests for adding and removing system role
assignments for users and groups.
Change-Id: I30fdc6ec55e1eb1cfa55f4cbf92c3f001d89865f
---
.../tests/unit/identity/v3/test_role.py | 137 ++++++++++++++++++
1 file changed, 137 insertions(+)
diff --git a/openstackclient/tests/unit/identity/v3/test_role.py b/openstackclient/tests/unit/identity/v3/test_role.py
index 544da7c15d..c1e91f9a0f 100644
--- a/openstackclient/tests/unit/identity/v3/test_role.py
+++ b/openstackclient/tests/unit/identity/v3/test_role.py
@@ -102,6 +102,40 @@ class TestRoleAdd(TestRole):
# Get the command object to test
self.cmd = role.AddRole(self.app, None)
+ def test_role_add_user_system(self):
+ arglist = [
+ '--user', identity_fakes.user_name,
+ '--system', 'all',
+ identity_fakes.role_name,
+ ]
+ if self._is_inheritance_testcase():
+ arglist.append('--inherited')
+ verifylist = [
+ ('user', identity_fakes.user_name),
+ ('group', None),
+ ('system', 'all'),
+ ('domain', None),
+ ('project', None),
+ ('role', identity_fakes.role_name),
+ ('inherited', self._is_inheritance_testcase()),
+ ]
+ parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+ result = self.cmd.take_action(parsed_args)
+
+ # Set expected values
+ kwargs = {
+ 'user': identity_fakes.user_id,
+ 'system': 'all',
+ 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ }
+ # RoleManager.grant(role, user=, group=, domain=, project=)
+ self.roles_mock.grant.assert_called_with(
+ identity_fakes.role_id,
+ **kwargs
+ )
+ self.assertIsNone(result)
+
def test_role_add_user_domain(self):
arglist = [
'--user', identity_fakes.user_name,
@@ -168,6 +202,40 @@ class TestRoleAdd(TestRole):
)
self.assertIsNone(result)
+ def test_role_add_group_system(self):
+ arglist = [
+ '--group', identity_fakes.group_name,
+ '--system', 'all',
+ identity_fakes.role_name,
+ ]
+ if self._is_inheritance_testcase():
+ arglist.append('--inherited')
+ verifylist = [
+ ('user', None),
+ ('group', identity_fakes.group_name),
+ ('system', 'all'),
+ ('domain', None),
+ ('project', None),
+ ('role', identity_fakes.role_name),
+ ('inherited', self._is_inheritance_testcase()),
+ ]
+ parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+ result = self.cmd.take_action(parsed_args)
+
+ # Set expected values
+ kwargs = {
+ 'group': identity_fakes.group_id,
+ 'system': 'all',
+ 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ }
+ # RoleManager.grant(role, user=, group=, domain=, project=)
+ self.roles_mock.grant.assert_called_with(
+ identity_fakes.role_id,
+ **kwargs
+ )
+ self.assertIsNone(result)
+
def test_role_add_group_domain(self):
arglist = [
'--group', identity_fakes.group_name,
@@ -744,6 +812,40 @@ class TestRoleRemove(TestRole):
# Get the command object to test
self.cmd = role.RemoveRole(self.app, None)
+ def test_role_remove_user_system(self):
+ arglist = [
+ '--user', identity_fakes.user_name,
+ '--system', 'all',
+ identity_fakes.role_name
+ ]
+ if self._is_inheritance_testcase():
+ arglist.append('--inherited')
+ verifylist = [
+ ('user', identity_fakes.user_name),
+ ('group', None),
+ ('system', 'all'),
+ ('domain', None),
+ ('project', None),
+ ('role', identity_fakes.role_name),
+ ('inherited', self._is_inheritance_testcase()),
+ ]
+ parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+ result = self.cmd.take_action(parsed_args)
+
+ # Set expected values
+ kwargs = {
+ 'user': identity_fakes.user_id,
+ 'system': 'all',
+ 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ }
+ # RoleManager.revoke(role, user=, group=, domain=, project=)
+ self.roles_mock.revoke.assert_called_with(
+ identity_fakes.role_id,
+ **kwargs
+ )
+ self.assertIsNone(result)
+
def test_role_remove_user_domain(self):
arglist = [
'--user', identity_fakes.user_name,
@@ -810,6 +912,41 @@ class TestRoleRemove(TestRole):
)
self.assertIsNone(result)
+ def test_role_remove_group_system(self):
+ arglist = [
+ '--group', identity_fakes.group_name,
+ '--system', 'all',
+ identity_fakes.role_name,
+ ]
+ if self._is_inheritance_testcase():
+ arglist.append('--inherited')
+ verifylist = [
+ ('user', None),
+ ('group', identity_fakes.group_name),
+ ('system', 'all'),
+ ('domain', None),
+ ('project', None),
+ ('role', identity_fakes.role_name),
+ ('role', identity_fakes.role_name),
+ ('inherited', self._is_inheritance_testcase()),
+ ]
+ parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+ result = self.cmd.take_action(parsed_args)
+
+ # Set expected values
+ kwargs = {
+ 'group': identity_fakes.group_id,
+ 'system': 'all',
+ 'os_inherit_extension_inherited': self._is_inheritance_testcase(),
+ }
+ # RoleManager.revoke(role, user=, group=, domain=, project=)
+ self.roles_mock.revoke.assert_called_with(
+ identity_fakes.role_id,
+ **kwargs
+ )
+ self.assertIsNone(result)
+
def test_role_remove_group_domain(self):
arglist = [
'--group', identity_fakes.group_name,