DaanHoogland commented on code in PR #6960: URL: https://github.com/apache/cloudstack/pull/6960#discussion_r1158603970
########## test/integration/smoke/test_private_roles.py: ########## @@ -0,0 +1,288 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from marvin.cloudstackAPI import * +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.base import Account, Role, User +from marvin.lib.utils import cleanup_resources +from nose.plugins.attrib import attr + +import random + + +class TestData(object): + """Test data object that is required to create resources + """ + def __init__(self): + self.testdata = { + "accountadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestAdminAccount", + "username": "TestAdminAccount", + "password": "password" + }, + "accountdomainadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestDomainAdminAccount", + "username": "TestDomainAdminAccount", + "password": "password" + }, + "accountroleuser": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestUserAccount", + "username": "TestUserAccount", + "password": "password" + }, + "roleadmin": { + "name": "MarvinFake Admin Role ", + "type": "Admin", + "description": "Fake Admin Role created by Marvin test" + }, + "roleuser": { + "name": "MarvinFake User Role ", + "type": "User", + "description": "Fake User Role created by Marvin test", + "ispublic": False + }, + "publicrole": { + "name": "MarvinFake Public Role ", + "type": "User", + "description": "Fake Public Role created by Marvin test" + }, + "importrole": { + "name": "MarvinFake Import Role ", + "type": "User", + "description": "Fake Import User Role created by Marvin test", + "ispublic": True, + "rules": [{"rule":"list*", "permission":"allow","description":"Listing apis"}, + {"rule":"get*", "permission":"allow","description":"Get apis"}, + {"rule":"update*", "permission":"deny","description":"Update apis"}] + }, + "roledomainadmin": { + "name": "MarvinFake DomainAdmin Role ", + "type": "DomainAdmin", + "description": "Fake Domain-Admin Role created by Marvin test", + "ispublic": False + }, + "apiConfig": { + "listApis": "allow", + "listAccounts": "allow", + "listClusters": "deny", + "*VM*": "allow", + "*Host*": "deny" + } + } + + +class TestPrivateRoles(cloudstackTestCase): + """Tests Visibility of private and public roles + """ + + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.testdata = TestData().testdata + + self.testdata["roleadmin"]["name"] += self.getRandomString() + self.testdata["roledomainadmin"]["name"] += self.getRandomString() + self.testdata["roleuser"]["name"] += self.getRandomString() + self.role_admin = Role.create( + self.apiclient, + self.testdata["roleadmin"] + ) + + self.role_domain_admin = Role.create( + self.apiclient, + self.testdata["roledomainadmin"] + ) + + self.private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + + self.account_admin = Account.create( + self.apiclient, + self.testdata["accountadmin"], + roleid=self.role_admin.id + ) + + self.account_domain_admin = Account.create( + self.apiclient, + self.testdata["accountdomainadmin"], + roleid=self.role_domain_admin.id + ) + + self.admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_admin.name, + DomainName='ROOT', + type=1 + ) + + self.domain_admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_domain_admin.name, + DomainName='ROOT', + type=2 + ) + + self.cleanup = [ + self.testdata, + self.account_admin, + self.account_domain_admin, + self.role_admin, + self.role_domain_admin, + self.admin_apiclient, + self.private_role, + self.domain_admin_apiclient + ] + + + + def tearDown(self): + try: + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + self.debug("Warning! Exception in tearDown: %s" % e) Review Comment: ```suggestion self.cleanup = [] self.role_admin = Role.create( self.apiclient, self.testdata["roleadmin"] ) self.cleanup.append(self.role_admin) self.role_domain_admin = Role.create( self.apiclient, self.testdata["roledomainadmin"] ) self.cleanup.append(self.role_domain_admin) self.private_role = Role.create( self.apiclient, self.testdata["roleuser"] ) self.cleanup.append(self.private_role) self.account_admin = Account.create( self.apiclient, self.testdata["accountadmin"], roleid=self.role_admin.id ) self.cleanup.append(self.account_admin) self.account_domain_admin = Account.create( self.apiclient, self.testdata["accountdomainadmin"], roleid=self.role_domain_admin.id ) self.cleanup.append(self.account_domain_admin) self.admin_apiclient = self.testClient.getUserApiClient( UserName=self.account_admin.name, DomainName='ROOT', type=1 ) self.domain_admin_apiclient = self.testClient.getUserApiClient( UserName=self.account_domain_admin.name, DomainName='ROOT', type=2 ) def tearDown(self): super(, self).tearDown() ``` ########## test/integration/smoke/test_private_roles.py: ########## @@ -0,0 +1,288 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from marvin.cloudstackAPI import * +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.base import Account, Role, User +from marvin.lib.utils import cleanup_resources +from nose.plugins.attrib import attr + +import random + + +class TestData(object): + """Test data object that is required to create resources + """ + def __init__(self): + self.testdata = { + "accountadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestAdminAccount", + "username": "TestAdminAccount", + "password": "password" + }, + "accountdomainadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestDomainAdminAccount", + "username": "TestDomainAdminAccount", + "password": "password" + }, + "accountroleuser": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestUserAccount", + "username": "TestUserAccount", + "password": "password" + }, + "roleadmin": { + "name": "MarvinFake Admin Role ", + "type": "Admin", + "description": "Fake Admin Role created by Marvin test" + }, + "roleuser": { + "name": "MarvinFake User Role ", + "type": "User", + "description": "Fake User Role created by Marvin test", + "ispublic": False + }, + "publicrole": { + "name": "MarvinFake Public Role ", + "type": "User", + "description": "Fake Public Role created by Marvin test" + }, + "importrole": { + "name": "MarvinFake Import Role ", + "type": "User", + "description": "Fake Import User Role created by Marvin test", + "ispublic": True, + "rules": [{"rule":"list*", "permission":"allow","description":"Listing apis"}, + {"rule":"get*", "permission":"allow","description":"Get apis"}, + {"rule":"update*", "permission":"deny","description":"Update apis"}] + }, + "roledomainadmin": { + "name": "MarvinFake DomainAdmin Role ", + "type": "DomainAdmin", + "description": "Fake Domain-Admin Role created by Marvin test", + "ispublic": False + }, + "apiConfig": { + "listApis": "allow", + "listAccounts": "allow", + "listClusters": "deny", + "*VM*": "allow", + "*Host*": "deny" + } + } + + +class TestPrivateRoles(cloudstackTestCase): + """Tests Visibility of private and public roles + """ + + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.testdata = TestData().testdata + + self.testdata["roleadmin"]["name"] += self.getRandomString() + self.testdata["roledomainadmin"]["name"] += self.getRandomString() + self.testdata["roleuser"]["name"] += self.getRandomString() + self.role_admin = Role.create( + self.apiclient, + self.testdata["roleadmin"] + ) + + self.role_domain_admin = Role.create( + self.apiclient, + self.testdata["roledomainadmin"] + ) + + self.private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + + self.account_admin = Account.create( + self.apiclient, + self.testdata["accountadmin"], + roleid=self.role_admin.id + ) + + self.account_domain_admin = Account.create( + self.apiclient, + self.testdata["accountdomainadmin"], + roleid=self.role_domain_admin.id + ) + + self.admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_admin.name, + DomainName='ROOT', + type=1 + ) + + self.domain_admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_domain_admin.name, + DomainName='ROOT', + type=2 + ) + + self.cleanup = [ + self.testdata, + self.account_admin, + self.account_domain_admin, + self.role_admin, + self.role_domain_admin, + self.admin_apiclient, + self.private_role, + self.domain_admin_apiclient + ] + + + + def tearDown(self): + try: + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + self.debug("Warning! Exception in tearDown: %s" % e) + + def getRandomString(self): + return "".join(random.choice("abcdefghijklmnopqrstuvwxyz0123456789") for _ in range(10)) + + + def asserts_visibility_of_private_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertEqual( + list_roles_domain_admin, + None, + "Domain Admins should not be able to list private roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list private roles" + ) + + + def asserts_visibility_of_public_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_domain_admin, + None, + "Domain Admins should be able to list public roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list public roles" + ) + + + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_create_role(self): + """ + 1. Create a private role + 2. Create a public role + 3. Verify whether their visibility is as expected + """ + self.testdata["roleuser"]["name"] += self.getRandomString() + self.testdata["publicrole"]["name"] += self.getRandomString() + private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + public_role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) Review Comment: ```suggestion private_role = Role.create( self.apiclient, self.testdata["roleuser"] ) self.cleanup.append(self.private_role) public_role = Role.create( self.apiclient, self.testdata["publicrole"] ) self.cleanup.append(self.public_role) ``` ########## test/integration/smoke/test_private_roles.py: ########## @@ -0,0 +1,288 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from marvin.cloudstackAPI import * +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.base import Account, Role, User +from marvin.lib.utils import cleanup_resources +from nose.plugins.attrib import attr + +import random + + +class TestData(object): + """Test data object that is required to create resources + """ + def __init__(self): + self.testdata = { + "accountadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestAdminAccount", + "username": "TestAdminAccount", + "password": "password" + }, + "accountdomainadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestDomainAdminAccount", + "username": "TestDomainAdminAccount", + "password": "password" + }, + "accountroleuser": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestUserAccount", + "username": "TestUserAccount", + "password": "password" + }, + "roleadmin": { + "name": "MarvinFake Admin Role ", + "type": "Admin", + "description": "Fake Admin Role created by Marvin test" + }, + "roleuser": { + "name": "MarvinFake User Role ", + "type": "User", + "description": "Fake User Role created by Marvin test", + "ispublic": False + }, + "publicrole": { + "name": "MarvinFake Public Role ", + "type": "User", + "description": "Fake Public Role created by Marvin test" + }, + "importrole": { + "name": "MarvinFake Import Role ", + "type": "User", + "description": "Fake Import User Role created by Marvin test", + "ispublic": True, + "rules": [{"rule":"list*", "permission":"allow","description":"Listing apis"}, + {"rule":"get*", "permission":"allow","description":"Get apis"}, + {"rule":"update*", "permission":"deny","description":"Update apis"}] + }, + "roledomainadmin": { + "name": "MarvinFake DomainAdmin Role ", + "type": "DomainAdmin", + "description": "Fake Domain-Admin Role created by Marvin test", + "ispublic": False + }, + "apiConfig": { + "listApis": "allow", + "listAccounts": "allow", + "listClusters": "deny", + "*VM*": "allow", + "*Host*": "deny" + } + } + + +class TestPrivateRoles(cloudstackTestCase): + """Tests Visibility of private and public roles + """ + + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.testdata = TestData().testdata + + self.testdata["roleadmin"]["name"] += self.getRandomString() + self.testdata["roledomainadmin"]["name"] += self.getRandomString() + self.testdata["roleuser"]["name"] += self.getRandomString() + self.role_admin = Role.create( + self.apiclient, + self.testdata["roleadmin"] + ) + + self.role_domain_admin = Role.create( + self.apiclient, + self.testdata["roledomainadmin"] + ) + + self.private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + + self.account_admin = Account.create( + self.apiclient, + self.testdata["accountadmin"], + roleid=self.role_admin.id + ) + + self.account_domain_admin = Account.create( + self.apiclient, + self.testdata["accountdomainadmin"], + roleid=self.role_domain_admin.id + ) + + self.admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_admin.name, + DomainName='ROOT', + type=1 + ) + + self.domain_admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_domain_admin.name, + DomainName='ROOT', + type=2 + ) + + self.cleanup = [ + self.testdata, + self.account_admin, + self.account_domain_admin, + self.role_admin, + self.role_domain_admin, + self.admin_apiclient, + self.private_role, + self.domain_admin_apiclient + ] + + + + def tearDown(self): + try: + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + self.debug("Warning! Exception in tearDown: %s" % e) + + def getRandomString(self): + return "".join(random.choice("abcdefghijklmnopqrstuvwxyz0123456789") for _ in range(10)) + + + def asserts_visibility_of_private_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertEqual( + list_roles_domain_admin, + None, + "Domain Admins should not be able to list private roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list private roles" + ) + + + def asserts_visibility_of_public_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_domain_admin, + None, + "Domain Admins should be able to list public roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list public roles" + ) + + + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_create_role(self): + """ + 1. Create a private role + 2. Create a public role + 3. Verify whether their visibility is as expected + """ + self.testdata["roleuser"]["name"] += self.getRandomString() + self.testdata["publicrole"]["name"] += self.getRandomString() + private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + public_role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) + self.asserts_visibility_of_private_role(private_role.id) + self.asserts_visibility_of_public_role(public_role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_update_role(self): + """ + 1. Create a public role + 2. Check if its visibility is public + 3. Update it to make it private + 4. Verify if its visibility is private + """ + self.testdata["publicrole"]["name"] += self.getRandomString() + role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) + self.asserts_visibility_of_public_role(role.id) + role.update(self.apiclient, id=role.id, ispublic=False) + self.asserts_visibility_of_private_role(role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_import_role(self): + """ + 1. Import a public role + 2. Import a private role + 3. Verify their visibility + """ + self.testdata["importrole"]["name"] += self.getRandomString() + imported_public_role = Role.importRole( + self.apiclient, + self.testdata["importrole"] + ) + self.testdata["importrole"]["name"] += self.getRandomString() + self.testdata["importrole"]["ispublic"] = False + imported_private_role = Role.importRole( + self.apiclient, + self.testdata["importrole"] + ) Review Comment: ```suggestion imported_private_role = Role.importRole( self.apiclient, self.testdata["importrole"] ) self.cleanup.append(imported_private_role) ``` ########## test/integration/smoke/test_private_roles.py: ########## @@ -0,0 +1,288 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from marvin.cloudstackAPI import * +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.base import Account, Role, User +from marvin.lib.utils import cleanup_resources +from nose.plugins.attrib import attr + +import random + + +class TestData(object): + """Test data object that is required to create resources + """ + def __init__(self): + self.testdata = { + "accountadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestAdminAccount", + "username": "TestAdminAccount", + "password": "password" + }, + "accountdomainadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestDomainAdminAccount", + "username": "TestDomainAdminAccount", + "password": "password" + }, + "accountroleuser": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestUserAccount", + "username": "TestUserAccount", + "password": "password" + }, + "roleadmin": { + "name": "MarvinFake Admin Role ", + "type": "Admin", + "description": "Fake Admin Role created by Marvin test" + }, + "roleuser": { + "name": "MarvinFake User Role ", + "type": "User", + "description": "Fake User Role created by Marvin test", + "ispublic": False + }, + "publicrole": { + "name": "MarvinFake Public Role ", + "type": "User", + "description": "Fake Public Role created by Marvin test" + }, + "importrole": { + "name": "MarvinFake Import Role ", + "type": "User", + "description": "Fake Import User Role created by Marvin test", + "ispublic": True, + "rules": [{"rule":"list*", "permission":"allow","description":"Listing apis"}, + {"rule":"get*", "permission":"allow","description":"Get apis"}, + {"rule":"update*", "permission":"deny","description":"Update apis"}] + }, + "roledomainadmin": { + "name": "MarvinFake DomainAdmin Role ", + "type": "DomainAdmin", + "description": "Fake Domain-Admin Role created by Marvin test", + "ispublic": False + }, + "apiConfig": { + "listApis": "allow", + "listAccounts": "allow", + "listClusters": "deny", + "*VM*": "allow", + "*Host*": "deny" + } + } + + +class TestPrivateRoles(cloudstackTestCase): + """Tests Visibility of private and public roles + """ + + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.testdata = TestData().testdata + + self.testdata["roleadmin"]["name"] += self.getRandomString() + self.testdata["roledomainadmin"]["name"] += self.getRandomString() + self.testdata["roleuser"]["name"] += self.getRandomString() + self.role_admin = Role.create( + self.apiclient, + self.testdata["roleadmin"] + ) + + self.role_domain_admin = Role.create( + self.apiclient, + self.testdata["roledomainadmin"] + ) + + self.private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + + self.account_admin = Account.create( + self.apiclient, + self.testdata["accountadmin"], + roleid=self.role_admin.id + ) + + self.account_domain_admin = Account.create( + self.apiclient, + self.testdata["accountdomainadmin"], + roleid=self.role_domain_admin.id + ) + + self.admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_admin.name, + DomainName='ROOT', + type=1 + ) + + self.domain_admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_domain_admin.name, + DomainName='ROOT', + type=2 + ) + + self.cleanup = [ + self.testdata, + self.account_admin, + self.account_domain_admin, + self.role_admin, + self.role_domain_admin, + self.admin_apiclient, + self.private_role, + self.domain_admin_apiclient + ] + + + + def tearDown(self): + try: + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + self.debug("Warning! Exception in tearDown: %s" % e) + + def getRandomString(self): + return "".join(random.choice("abcdefghijklmnopqrstuvwxyz0123456789") for _ in range(10)) + + + def asserts_visibility_of_private_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertEqual( + list_roles_domain_admin, + None, + "Domain Admins should not be able to list private roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list private roles" + ) + + + def asserts_visibility_of_public_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_domain_admin, + None, + "Domain Admins should be able to list public roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list public roles" + ) + + + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_create_role(self): + """ + 1. Create a private role + 2. Create a public role + 3. Verify whether their visibility is as expected + """ + self.testdata["roleuser"]["name"] += self.getRandomString() + self.testdata["publicrole"]["name"] += self.getRandomString() + private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + public_role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) + self.asserts_visibility_of_private_role(private_role.id) + self.asserts_visibility_of_public_role(public_role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_update_role(self): + """ + 1. Create a public role + 2. Check if its visibility is public + 3. Update it to make it private + 4. Verify if its visibility is private + """ + self.testdata["publicrole"]["name"] += self.getRandomString() + role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) + self.asserts_visibility_of_public_role(role.id) + role.update(self.apiclient, id=role.id, ispublic=False) + self.asserts_visibility_of_private_role(role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_import_role(self): + """ + 1. Import a public role + 2. Import a private role + 3. Verify their visibility + """ + self.testdata["importrole"]["name"] += self.getRandomString() + imported_public_role = Role.importRole( + self.apiclient, + self.testdata["importrole"] + ) + self.testdata["importrole"]["name"] += self.getRandomString() + self.testdata["importrole"]["ispublic"] = False + imported_private_role = Role.importRole( + self.apiclient, + self.testdata["importrole"] + ) + + self.asserts_visibility_of_public_role(imported_public_role.id) + self.asserts_visibility_of_private_role(imported_private_role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_login_private_role(self): + """ + 1. Crate a User account with a private role + 2. Login with the created account + 3. Verify that the login was successful + """ + account_private_role = Account.create( + self.apiclient, + self.testdata["accountroleuser"], + roleid=self.private_role.id + ) Review Comment: ```suggestion account_private_role = Account.create( self.apiclient, self.testdata["accountroleuser"], roleid=self.private_role.id ) self.cleanup.append(account_private_role) ``` ########## test/integration/smoke/test_private_roles.py: ########## @@ -0,0 +1,288 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from marvin.cloudstackAPI import * +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.base import Account, Role, User +from marvin.lib.utils import cleanup_resources +from nose.plugins.attrib import attr + +import random + + +class TestData(object): + """Test data object that is required to create resources + """ + def __init__(self): + self.testdata = { + "accountadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestAdminAccount", + "username": "TestAdminAccount", + "password": "password" + }, + "accountdomainadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestDomainAdminAccount", + "username": "TestDomainAdminAccount", + "password": "password" + }, + "accountroleuser": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestUserAccount", + "username": "TestUserAccount", + "password": "password" + }, + "roleadmin": { + "name": "MarvinFake Admin Role ", + "type": "Admin", + "description": "Fake Admin Role created by Marvin test" + }, + "roleuser": { + "name": "MarvinFake User Role ", + "type": "User", + "description": "Fake User Role created by Marvin test", + "ispublic": False + }, + "publicrole": { + "name": "MarvinFake Public Role ", + "type": "User", + "description": "Fake Public Role created by Marvin test" + }, + "importrole": { + "name": "MarvinFake Import Role ", + "type": "User", + "description": "Fake Import User Role created by Marvin test", + "ispublic": True, + "rules": [{"rule":"list*", "permission":"allow","description":"Listing apis"}, + {"rule":"get*", "permission":"allow","description":"Get apis"}, + {"rule":"update*", "permission":"deny","description":"Update apis"}] + }, + "roledomainadmin": { + "name": "MarvinFake DomainAdmin Role ", + "type": "DomainAdmin", + "description": "Fake Domain-Admin Role created by Marvin test", + "ispublic": False + }, + "apiConfig": { + "listApis": "allow", + "listAccounts": "allow", + "listClusters": "deny", + "*VM*": "allow", + "*Host*": "deny" + } + } + + +class TestPrivateRoles(cloudstackTestCase): + """Tests Visibility of private and public roles + """ + + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.testdata = TestData().testdata + + self.testdata["roleadmin"]["name"] += self.getRandomString() + self.testdata["roledomainadmin"]["name"] += self.getRandomString() + self.testdata["roleuser"]["name"] += self.getRandomString() + self.role_admin = Role.create( + self.apiclient, + self.testdata["roleadmin"] + ) + + self.role_domain_admin = Role.create( + self.apiclient, + self.testdata["roledomainadmin"] + ) + + self.private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + + self.account_admin = Account.create( + self.apiclient, + self.testdata["accountadmin"], + roleid=self.role_admin.id + ) + + self.account_domain_admin = Account.create( + self.apiclient, + self.testdata["accountdomainadmin"], + roleid=self.role_domain_admin.id + ) + + self.admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_admin.name, + DomainName='ROOT', + type=1 + ) + + self.domain_admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_domain_admin.name, + DomainName='ROOT', + type=2 + ) + + self.cleanup = [ + self.testdata, + self.account_admin, + self.account_domain_admin, + self.role_admin, + self.role_domain_admin, + self.admin_apiclient, + self.private_role, + self.domain_admin_apiclient + ] + + + + def tearDown(self): + try: + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + self.debug("Warning! Exception in tearDown: %s" % e) + + def getRandomString(self): + return "".join(random.choice("abcdefghijklmnopqrstuvwxyz0123456789") for _ in range(10)) + + + def asserts_visibility_of_private_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertEqual( + list_roles_domain_admin, + None, + "Domain Admins should not be able to list private roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list private roles" + ) + + + def asserts_visibility_of_public_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_domain_admin, + None, + "Domain Admins should be able to list public roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list public roles" + ) + + + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_create_role(self): + """ + 1. Create a private role + 2. Create a public role + 3. Verify whether their visibility is as expected + """ + self.testdata["roleuser"]["name"] += self.getRandomString() + self.testdata["publicrole"]["name"] += self.getRandomString() + private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + public_role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) + self.asserts_visibility_of_private_role(private_role.id) + self.asserts_visibility_of_public_role(public_role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_update_role(self): + """ + 1. Create a public role + 2. Check if its visibility is public + 3. Update it to make it private + 4. Verify if its visibility is private + """ + self.testdata["publicrole"]["name"] += self.getRandomString() + role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) + self.asserts_visibility_of_public_role(role.id) + role.update(self.apiclient, id=role.id, ispublic=False) + self.asserts_visibility_of_private_role(role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_import_role(self): + """ + 1. Import a public role + 2. Import a private role + 3. Verify their visibility + """ + self.testdata["importrole"]["name"] += self.getRandomString() + imported_public_role = Role.importRole( + self.apiclient, + self.testdata["importrole"] + ) Review Comment: ```suggestion imported_public_role = Role.importRole( self.apiclient, self.testdata["importrole"] ) self.cleanup.append(imported_public_role) ``` ########## test/integration/smoke/test_private_roles.py: ########## @@ -0,0 +1,288 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from marvin.cloudstackAPI import * +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.base import Account, Role, User +from marvin.lib.utils import cleanup_resources +from nose.plugins.attrib import attr + +import random + + +class TestData(object): + """Test data object that is required to create resources + """ + def __init__(self): + self.testdata = { + "accountadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestAdminAccount", + "username": "TestAdminAccount", + "password": "password" + }, + "accountdomainadmin": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestDomainAdminAccount", + "username": "TestDomainAdminAccount", + "password": "password" + }, + "accountroleuser": { + "email": "[email protected]", + "firstname": "Marvin", + "lastname": "TestUserAccount", + "username": "TestUserAccount", + "password": "password" + }, + "roleadmin": { + "name": "MarvinFake Admin Role ", + "type": "Admin", + "description": "Fake Admin Role created by Marvin test" + }, + "roleuser": { + "name": "MarvinFake User Role ", + "type": "User", + "description": "Fake User Role created by Marvin test", + "ispublic": False + }, + "publicrole": { + "name": "MarvinFake Public Role ", + "type": "User", + "description": "Fake Public Role created by Marvin test" + }, + "importrole": { + "name": "MarvinFake Import Role ", + "type": "User", + "description": "Fake Import User Role created by Marvin test", + "ispublic": True, + "rules": [{"rule":"list*", "permission":"allow","description":"Listing apis"}, + {"rule":"get*", "permission":"allow","description":"Get apis"}, + {"rule":"update*", "permission":"deny","description":"Update apis"}] + }, + "roledomainadmin": { + "name": "MarvinFake DomainAdmin Role ", + "type": "DomainAdmin", + "description": "Fake Domain-Admin Role created by Marvin test", + "ispublic": False + }, + "apiConfig": { + "listApis": "allow", + "listAccounts": "allow", + "listClusters": "deny", + "*VM*": "allow", + "*Host*": "deny" + } + } + + +class TestPrivateRoles(cloudstackTestCase): + """Tests Visibility of private and public roles + """ + + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.testdata = TestData().testdata + + self.testdata["roleadmin"]["name"] += self.getRandomString() + self.testdata["roledomainadmin"]["name"] += self.getRandomString() + self.testdata["roleuser"]["name"] += self.getRandomString() + self.role_admin = Role.create( + self.apiclient, + self.testdata["roleadmin"] + ) + + self.role_domain_admin = Role.create( + self.apiclient, + self.testdata["roledomainadmin"] + ) + + self.private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + + self.account_admin = Account.create( + self.apiclient, + self.testdata["accountadmin"], + roleid=self.role_admin.id + ) + + self.account_domain_admin = Account.create( + self.apiclient, + self.testdata["accountdomainadmin"], + roleid=self.role_domain_admin.id + ) + + self.admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_admin.name, + DomainName='ROOT', + type=1 + ) + + self.domain_admin_apiclient = self.testClient.getUserApiClient( + UserName=self.account_domain_admin.name, + DomainName='ROOT', + type=2 + ) + + self.cleanup = [ + self.testdata, + self.account_admin, + self.account_domain_admin, + self.role_admin, + self.role_domain_admin, + self.admin_apiclient, + self.private_role, + self.domain_admin_apiclient + ] + + + + def tearDown(self): + try: + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + self.debug("Warning! Exception in tearDown: %s" % e) + + def getRandomString(self): + return "".join(random.choice("abcdefghijklmnopqrstuvwxyz0123456789") for _ in range(10)) + + + def asserts_visibility_of_private_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertEqual( + list_roles_domain_admin, + None, + "Domain Admins should not be able to list private roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list private roles" + ) + + + def asserts_visibility_of_public_role(self, role_id): + list_roles_domain_admin = Role.list(self.domain_admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_domain_admin, + None, + "Domain Admins should be able to list public roles" + ) + + list_roles_admin = Role.list(self.admin_apiclient, id=role_id) + self.assertNotEqual( + list_roles_admin, + None, + "Admins should be able to list public roles" + ) + + + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_create_role(self): + """ + 1. Create a private role + 2. Create a public role + 3. Verify whether their visibility is as expected + """ + self.testdata["roleuser"]["name"] += self.getRandomString() + self.testdata["publicrole"]["name"] += self.getRandomString() + private_role = Role.create( + self.apiclient, + self.testdata["roleuser"] + ) + public_role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) + self.asserts_visibility_of_private_role(private_role.id) + self.asserts_visibility_of_public_role(public_role.id) + + @attr(tags=['simulator', 'basic'], required_hardware=False) + def test_update_role(self): + """ + 1. Create a public role + 2. Check if its visibility is public + 3. Update it to make it private + 4. Verify if its visibility is private + """ + self.testdata["publicrole"]["name"] += self.getRandomString() + role = Role.create( + self.apiclient, + self.testdata["publicrole"] + ) Review Comment: ```suggestion role = Role.create( self.apiclient, self.testdata["publicrole"] ) self.cleanup.append(role) ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
