Best Python code snippet using tempest_python
test_group.py
Source:test_group.py
1# Copyright 2020 SUSE LLC2#3# Licensed under the Apache License, Version 2.0 (the "License"); you may4# not use this file except in compliance with the License. You may obtain5# a copy of the License at6#7# http://www.apache.org/licenses/LICENSE-2.08#9# Unless required by applicable law or agreed to in writing, software10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the12# License for the specific language governing permissions and limitations13# under the License.14import abc15from tempest.api.identity import base16from tempest.lib.common.utils import data_utils17from tempest.lib import exceptions18from keystone_tempest_plugin.tests.rbac.v3 import base as rbac_base19class IdentityV3RbacGroupTest(rbac_base.IdentityV3RbacBaseTests,20 metaclass=abc.ABCMeta):21 @classmethod22 def setup_clients(cls):23 super(IdentityV3RbacGroupTest, cls).setup_clients()24 cls.persona = getattr(cls, 'os_%s' % cls.credentials[0])25 cls.client = cls.persona.groups_client26 cls.users_client = cls.persona.users_v3_client27 cls.admin_client = cls.os_system_admin28 cls.admin_groups_client = cls.admin_client.groups_client29 cls.admin_users_client = cls.admin_client.users_v3_client30 cls.admin_domains_client = cls.admin_client.domains_client31 def setUp(self):32 super(IdentityV3RbacGroupTest, self).setUp()33 self.own_domain = self.persona.credentials.domain_id34 self.other_domain = self.admin_domains_client.create_domain(35 name=data_utils.rand_name())['domain']['id']36 self.addCleanup(self.admin_domains_client.delete_domain,37 self.other_domain)38 self.addCleanup(self.admin_domains_client.update_domain,39 domain_id=self.other_domain, enabled=False)40 def group(self, domain_id=None):41 group = {}42 name = data_utils.rand_name('group')43 group['name'] = name44 if domain_id:45 group['domain_id'] = domain_id46 return group47 @abc.abstractmethod48 def test_identity_create_group(self):49 """Test identity:create_group policy.50 This test must check:51 * whether the persona can create an arbitrary group52 * whether the persona can create a group in another domain53 * whether the persona can create a group in their own domain54 """55 pass56 @abc.abstractmethod57 def test_identity_get_group(self):58 """Test identity:get_group policy.59 This test must check:60 * whether the persona can get an arbitrary group61 * whether the persona can get a group in another domain62 * whether the persona can get a group in their own domain63 * whether the persona can get a group that does not exist64 """65 pass66 @abc.abstractmethod67 def test_identity_list_groups(self):68 """Test identity:list_groups policy.69 This test must check:70 * whether the persona can list all groups71 * whether the result list is appropriately filtered to domain72 """73 pass74 @abc.abstractmethod75 def test_identity_list_groups_for_user(self):76 """Test identity:list_groups_for_user policy.77 This test must check:78 * whether the persona can list groups for an arbitrary user79 * whether the persona can see groups in their own domain for user in80 their own domain81 * whether the persona can see groups in another domain for user in82 their own domain83 * whether the persona can see groups in their own domain for user in84 another domain85 * whether the persona can see groups in another domain for user in86 another domain87 * whether the persona can list groups for a nonexistent user88 """89 pass90 @abc.abstractmethod91 def test_identity_update_group(self):92 """Test identity:update_groups policy.93 This test must check:94 * whether the persona can update an arbitrary group95 * whether the persona can update a group in another domain96 * whether the persona can update a group in their own domain97 * whether the persona can update a group that does not exist98 """99 pass100 @abc.abstractmethod101 def test_identity_delete_group(self):102 """Test identity:delete_group policy.103 This test must check104 * whether the persona can delete an arbitrary group105 * whether the persona can delete a group in another domain106 * whether the persona can delete a group in their own domain107 * whether the persona can delete a group that does not exist108 """109 pass110 @abc.abstractmethod111 def test_identity_list_users_in_group(self):112 """Test identity:list_users_in_group policy.113 This test must check114 * whether the persona can list users in an arbitrary group115 * whether the persona can see users in their own domain for group in116 their own domain117 * whether the persona can see users in another domain for group in118 their own domain119 * whether the persona can see users in their own domain for group in120 another domain121 * whether the persona can see users in another domain for group in122 another domain123 * whether the persona can list users for a nonexistent group124 """125 pass126 @abc.abstractmethod127 def test_identity_add_user_to_group(self):128 """Test identity:add_user_to_group policy.129 This test must check130 * whether the persona can add an arbitrary user to an arbitrary group131 * whether the persona can add a user in their own domain to a group132 in their own domain133 * whether the persona can add a user in another domain to a group in134 their own domain135 * whether the persona can add a user in their own domain to a group136 in another domain137 * whether the persona can add a user in another domain to a group in138 their own domain139 * whether the persona can add a nonexistent user to a group140 * whether the persona can add a user to a nonexistent group141 """142 pass143 @abc.abstractmethod144 def test_identity_remove_user_from_group(self):145 """Test identity:remove_user_from_group policy.146 This test must check147 * whether the persona can remove an arbitrary user from an arbitrary148 group149 * whether the persona can remove a user in their own domain from a150 group in their own domain151 * whether the persona can remove a user in another domain from a152 group in their own domain153 * whether the persona can remove a user in their own domain from a154 group in another domain155 * whether the persona can remove a user in another domain from a156 group in their own domain157 * whether the persona can remove a nonexistent user from a group158 * whether the persona can remove a user from a nonexistent group159 """160 pass161 @abc.abstractmethod162 def test_identity_check_user_in_group(self):163 """Test identity:check_user_in_group policy.164 This test must check165 * whether the persona can check if an arbitrary user is in an166 arbitrary group167 * whether the persona can check if a user in their own domain is in a168 group in their own domain169 * whether the persona can check if a user in another domain is in a170 group in their own domain171 * whether the persona can check if a user in their own domain is in a172 group in another domain173 * whether the persona can check if a user in another domain is in a174 group in another domain175 * whether the persona can check if a nonexistent user is in a group176 * whether the persona can check if a user is in a nonexistent group177 """178 pass179class SystemAdminTests(IdentityV3RbacGroupTest, base.BaseIdentityTest):180 credentials = ['system_admin']181 def test_identity_create_group(self):182 resp = self.do_request('create_group', expected_status=201,183 **self.group())184 self.addCleanup(self.admin_groups_client.delete_group,185 resp['group']['id'])186 def test_identity_get_group(self):187 group = self.admin_groups_client.create_group(**self.group())['group']188 self.addCleanup(self.admin_groups_client.delete_group, group['id'])189 # user can get an arbitrary group190 self.do_request('show_group', group_id=group['id'])191 # user gets a 404 for nonexistent group192 self.do_request('show_group', expected_status=exceptions.NotFound,193 group_id='fakegroup')194 def test_identity_list_groups(self):195 group = self.admin_groups_client.create_group(**self.group())['group']196 self.addCleanup(self.admin_groups_client.delete_group, group['id'])197 resp = self.do_request('list_groups')198 self.assertIn(group['id'], set(g['id'] for g in resp['groups']))199 def test_identity_list_groups_for_user(self):200 group = self.admin_groups_client.create_group(**self.group())['group']201 self.addCleanup(self.admin_groups_client.delete_group, group['id'])202 user = self.admin_client.users_v3_client.create_user(203 name=data_utils.rand_name('user'))['user']204 self.addCleanup(self.admin_client.users_v3_client.delete_user,205 user['id'])206 self.admin_groups_client.add_group_user(group['id'], user['id'])207 resp = self.do_request('list_user_groups', client=self.users_client,208 user_id=user['id'])209 self.assertIn(group['id'], set(g['id'] for g in resp['groups']))210 self.do_request('list_user_groups', client=self.users_client,211 expected_status=exceptions.NotFound,212 user_id='fakeuser')213 def test_identity_update_group(self):214 group = self.admin_groups_client.create_group(**self.group())['group']215 self.addCleanup(self.admin_groups_client.delete_group, group['id'])216 # user can update an arbitrary group217 group_update = {218 'group_id': group['id'],219 'description': data_utils.arbitrary_string220 }221 self.do_request('update_group', **group_update)222 # user gets a 404 for nonexistent group223 group_update = {224 'group_id': 'fakegroup',225 'description': data_utils.arbitrary_string226 }227 self.do_request('update_group', expected_status=exceptions.NotFound,228 **group_update)229 def test_identity_delete_group(self):230 group = self.admin_groups_client.create_group(**self.group())['group']231 # user can delete an arbitrary group232 self.do_request('delete_group', expected_status=204,233 group_id=group['id'])234 # user gets a 404 for nonexistent group235 self.do_request('delete_group', expected_status=exceptions.NotFound,236 group_id='fakegroup')237 def test_identity_list_users_in_group(self):238 group = self.admin_groups_client.create_group(**self.group())['group']239 self.addCleanup(self.admin_groups_client.delete_group, group['id'])240 user = self.admin_client.users_v3_client.create_user(241 name=data_utils.rand_name('user'))['user']242 self.addCleanup(self.admin_client.users_v3_client.delete_user,243 user['id'])244 self.admin_groups_client.add_group_user(group['id'], user['id'])245 resp = self.do_request('list_group_users', group_id=group['id'])246 user_ids = set(u['id'] for u in resp['users'])247 self.assertEqual(1, len(user_ids))248 self.assertIn(user['id'], user_ids)249 def test_identity_add_user_to_group(self):250 group = self.admin_groups_client.create_group(**self.group())['group']251 self.addCleanup(self.admin_groups_client.delete_group, group['id'])252 user = self.admin_client.users_v3_client.create_user(253 name=data_utils.rand_name('user'))['user']254 self.addCleanup(self.admin_client.users_v3_client.delete_user,255 user['id'])256 # user can add a user to a group257 self.do_request('add_group_user', expected_status=204,258 group_id=group['id'], user_id=user['id'])259 # user gets a 404 for nonexistent group260 self.do_request('add_group_user', expected_status=exceptions.NotFound,261 group_id='fakegroup', user_id=user['id'])262 # user gets a 404 for nonexistent user263 self.do_request('add_group_user', expected_status=exceptions.NotFound,264 group_id=group['id'], user_id='fakeuser')265 def test_identity_remove_user_from_group(self):266 group = self.admin_groups_client.create_group(**self.group())['group']267 self.addCleanup(self.admin_groups_client.delete_group, group['id'])268 user = self.admin_client.users_v3_client.create_user(269 name=data_utils.rand_name('user'))['user']270 self.addCleanup(self.admin_client.users_v3_client.delete_user,271 user['id'])272 self.admin_groups_client.add_group_user(group['id'], user['id'])273 # user can remove a user from a group274 self.do_request('delete_group_user', expected_status=204,275 group_id=group['id'], user_id=user['id'])276 # user gets a 404 for nonexistent group277 self.do_request('delete_group_user',278 expected_status=exceptions.NotFound,279 group_id='fakegroup', user_id=user['id'])280 # user gets a 404 for nonexistent user281 self.do_request('delete_group_user',282 expected_status=exceptions.NotFound,283 group_id=group['id'], user_id='fakeuser')284 def test_identity_check_user_in_group(self):285 group = self.admin_groups_client.create_group(**self.group())['group']286 self.addCleanup(self.admin_groups_client.delete_group, group['id'])287 user = self.admin_client.users_v3_client.create_user(288 name=data_utils.rand_name('user'))['user']289 self.addCleanup(self.admin_client.users_v3_client.delete_user,290 user['id'])291 self.admin_groups_client.add_group_user(group['id'], user['id'])292 # user can check if a user is in a group293 self.do_request('check_group_user_existence', expected_status=204,294 group_id=group['id'], user_id=user['id'])295 # user gets a 404 for nonexistent group296 self.do_request('check_group_user_existence',297 expected_status=exceptions.NotFound,298 group_id='fakegroup', user_id=user['id'])299 # user gets a 404 for nonexistent user300 self.do_request('check_group_user_existence',301 expected_status=exceptions.NotFound,302 group_id=group['id'], user_id='fakeuser')303class SystemMemberTests(SystemAdminTests):304 credentials = ['system_member', 'system_admin']305 def test_identity_create_group(self):306 self.do_request('create_group', expected_status=exceptions.Forbidden,307 **self.group())308 def test_identity_update_group(self):309 group = self.admin_groups_client.create_group(**self.group())['group']310 self.addCleanup(self.admin_groups_client.delete_group, group['id'])311 # user cannot update an arbitrary group312 group_update = {313 'group_id': group['id'],314 'description': data_utils.arbitrary_string315 }316 self.do_request('update_group', expected_status=exceptions.Forbidden,317 **group_update)318 # user gets a 403 for nonexistent group319 group_update = {320 'group_id': 'fakegroup',321 'description': data_utils.arbitrary_string322 }323 self.do_request('update_group', expected_status=exceptions.Forbidden,324 **group_update)325 def test_identity_delete_group(self):326 group = self.admin_groups_client.create_group(**self.group())['group']327 # user cannot delete an arbitrary group328 self.do_request('delete_group', expected_status=exceptions.Forbidden,329 group_id=group['id'])330 # user gets a 403 for nonexistent group331 self.do_request('delete_group', expected_status=exceptions.Forbidden,332 group_id=group['id'])333 def test_identity_add_user_to_group(self):334 group = self.admin_groups_client.create_group(**self.group())['group']335 self.addCleanup(self.admin_groups_client.delete_group, group['id'])336 user = self.admin_client.users_v3_client.create_user(337 name=data_utils.rand_name('user'))['user']338 self.addCleanup(self.admin_client.users_v3_client.delete_user,339 user['id'])340 # user cannot add a user to a group341 self.do_request('add_group_user', expected_status=exceptions.Forbidden,342 group_id=group['id'], user_id=user['id'])343 # user gets a 403 for nonexistent group344 self.do_request('add_group_user', expected_status=exceptions.Forbidden,345 group_id='fakegroup', user_id=user['id'])346 # user gets a 403 for nonexistent user347 self.do_request('add_group_user', expected_status=exceptions.Forbidden,348 group_id=group['id'], user_id='fakeuser')349 def test_identity_remove_user_from_group(self):350 group = self.admin_groups_client.create_group(**self.group())['group']351 self.addCleanup(self.admin_groups_client.delete_group, group['id'])352 user = self.admin_client.users_v3_client.create_user(353 name=data_utils.rand_name('user'))['user']354 self.addCleanup(self.admin_client.users_v3_client.delete_user,355 user['id'])356 self.admin_groups_client.add_group_user(group['id'], user['id'])357 # user cannot remove a user from a group358 self.do_request('delete_group_user',359 expected_status=exceptions.Forbidden,360 group_id=group['id'], user_id=user['id'])361 # user gets a 403 for nonexistent group362 self.do_request('delete_group_user',363 expected_status=exceptions.Forbidden,364 group_id='fakegroup', user_id=user['id'])365 # user gets a 403 for nonexistent user366 self.do_request('delete_group_user',367 expected_status=exceptions.Forbidden,368 group_id=group['id'], user_id='fakeuser')369class SystemReaderTests(SystemMemberTests):370 credentials = ['system_reader', 'system_admin']371class DomainAdminTests(IdentityV3RbacGroupTest, base.BaseIdentityTest):372 credentials = ['domain_admin', 'system_admin']373 def test_identity_create_group(self):374 # user can create group in own domain375 resp = self.do_request('create_group', expected_status=201,376 **self.group(domain_id=self.own_domain))377 self.addCleanup(self.admin_groups_client.delete_group,378 resp['group']['id'])379 # user cannot create group in another domain380 resp = self.do_request('create_group',381 expected_status=exceptions.Forbidden,382 **self.group(domain_id=self.other_domain))383 def test_identity_get_group(self):384 group = self.admin_groups_client.create_group(385 **self.group(domain_id=self.own_domain))['group']386 self.addCleanup(self.admin_groups_client.delete_group, group['id'])387 # user can get group in own domain388 self.do_request('show_group', group_id=group['id'])389 # user cannot get group in other domain390 group = self.admin_groups_client.create_group(391 **self.group(domain_id=self.other_domain))['group']392 self.addCleanup(self.admin_groups_client.delete_group, group['id'])393 self.do_request('show_group', expected_status=exceptions.Forbidden,394 group_id=group['id'])395 # user gets a 403 for nonexistent group396 self.do_request('show_group', expected_status=exceptions.Forbidden,397 group_id='fakegroup')398 def test_identity_list_groups(self):399 group1 = self.admin_groups_client.create_group(400 **self.group(domain_id=self.own_domain))['group']401 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])402 group2 = self.admin_groups_client.create_group(403 **self.group(domain_id=self.other_domain))['group']404 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])405 resp = self.do_request('list_groups')406 # user can get groups in own domain407 self.assertIn(group1['id'], set(g['id'] for g in resp['groups']))408 # user cannot get groups in other domain409 self.assertNotIn(group2['id'], set(g['id'] for g in resp['groups']))410 def test_identity_list_groups_for_user(self):411 group1 = self.admin_groups_client.create_group(412 **self.group(domain_id=self.own_domain))['group']413 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])414 user1 = self.admin_client.users_v3_client.create_user(415 name=data_utils.rand_name('user'),416 domain_id=self.own_domain)['user']417 self.addCleanup(self.admin_client.users_v3_client.delete_user,418 user1['id'])419 group2 = self.admin_groups_client.create_group(420 **self.group(domain_id=self.other_domain))['group']421 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])422 user2 = self.admin_client.users_v3_client.create_user(423 name=data_utils.rand_name('user'),424 domain_id=self.other_domain)['user']425 self.addCleanup(self.admin_client.users_v3_client.delete_user,426 user2['id'])427 self.admin_groups_client.add_group_user(group1['id'], user1['id'])428 self.admin_groups_client.add_group_user(group1['id'], user2['id'])429 self.admin_groups_client.add_group_user(group2['id'], user1['id'])430 self.admin_groups_client.add_group_user(group2['id'], user2['id'])431 resp = self.do_request('list_user_groups', client=self.users_client,432 user_id=user1['id'])433 # user can list groups in own domain for user in own domain434 self.assertIn(group1['id'], set(g['id'] for g in resp['groups']))435 # user cannot list groups in other domain for user in own domain436 self.assertNotIn(group2['id'], set(g['id'] for g in resp['groups']))437 # user cannot list groups for user in other domain438 resp = self.do_request('list_user_groups', client=self.users_client,439 expected_status=exceptions.Forbidden,440 user_id=user2['id'])441 # user gets a 403 for nonexistent user442 self.do_request('list_user_groups', client=self.users_client,443 expected_status=exceptions.Forbidden,444 user_id='fakeuser')445 def test_identity_update_group(self):446 group1 = self.admin_groups_client.create_group(447 **self.group(domain_id=self.own_domain))['group']448 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])449 group2 = self.admin_groups_client.create_group(450 **self.group(domain_id=self.other_domain))['group']451 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])452 # user can update a group in own domain453 group_update = {454 'group_id': group1['id'],455 'description': data_utils.arbitrary_string456 }457 self.do_request('update_group', **group_update)458 # user cannot update a group in other domain459 group_update = {460 'group_id': group2['id'],461 'description': data_utils.arbitrary_string462 }463 self.do_request('update_group', expected_status=exceptions.Forbidden,464 **group_update)465 # user gets a 403 for nonexistent group466 group_update = {467 'group_id': 'fakegroup',468 'description': data_utils.arbitrary_string469 }470 self.do_request('update_group', expected_status=exceptions.Forbidden,471 **group_update)472 def test_identity_delete_group(self):473 group1 = self.admin_groups_client.create_group(474 **self.group(domain_id=self.own_domain))['group']475 group2 = self.admin_groups_client.create_group(476 **self.group(domain_id=self.other_domain))['group']477 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])478 # user can delete a group in own domain479 self.do_request('delete_group', expected_status=204,480 group_id=group1['id'])481 # user cannot delete a group in other domain482 self.do_request('delete_group', expected_status=exceptions.Forbidden,483 group_id=group2['id'])484 # user gets a 404 for nonexistent group485 self.do_request('delete_group', expected_status=exceptions.NotFound,486 group_id='fakegroup')487 def test_identity_list_users_in_group(self):488 group1 = self.admin_groups_client.create_group(489 **self.group(domain_id=self.own_domain))['group']490 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])491 user1 = self.admin_client.users_v3_client.create_user(492 name=data_utils.rand_name('user'),493 domain_id=self.own_domain)['user']494 self.addCleanup(self.admin_client.users_v3_client.delete_user,495 user1['id'])496 group2 = self.admin_groups_client.create_group(497 **self.group(domain_id=self.other_domain))['group']498 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])499 user2 = self.admin_client.users_v3_client.create_user(500 name=data_utils.rand_name('user'),501 domain_id=self.other_domain)['user']502 self.addCleanup(self.admin_client.users_v3_client.delete_user,503 user2['id'])504 self.admin_groups_client.add_group_user(group1['id'], user1['id'])505 self.admin_groups_client.add_group_user(group1['id'], user2['id'])506 self.admin_groups_client.add_group_user(group2['id'], user1['id'])507 self.admin_groups_client.add_group_user(group2['id'], user2['id'])508 resp = self.do_request('list_group_users', group_id=group1['id'])509 # user can list users in own domain for group in own domain510 self.assertIn(user1['id'], set(u['id'] for u in resp['users']))511 # user cannot list users in another domain for group in own domain512 self.assertNotIn(user2['id'], set(u['id'] for u in resp['users']))513 # user cannot list users for group in another domain514 self.do_request('list_group_users',515 expected_status=exceptions.Forbidden,516 group_id=group2['id'])517 def test_identity_add_user_to_group(self):518 group1 = self.admin_groups_client.create_group(519 **self.group(self.own_domain))['group']520 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])521 group2 = self.admin_groups_client.create_group(522 **self.group(self.other_domain))['group']523 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])524 user1 = self.admin_client.users_v3_client.create_user(525 name=data_utils.rand_name('user'),526 domain_id=self.own_domain)['user']527 self.addCleanup(self.admin_client.users_v3_client.delete_user,528 user1['id'])529 user2 = self.admin_client.users_v3_client.create_user(530 name=data_utils.rand_name('user'),531 domain_id=self.own_domain)['user']532 self.addCleanup(self.admin_client.users_v3_client.delete_user,533 user2['id'])534 # user can add a user in own domain to a group in own domain535 self.do_request('add_group_user', expected_status=204,536 group_id=group1['id'], user_id=user1['id'])537 # user can add a user in another domain to a group in own domain538 self.do_request('add_group_user', expected_status=204,539 group_id=group1['id'], user_id=user2['id'])540 # user cannot add a user in own domain to a group in another domain541 self.do_request('add_group_user', expected_status=exceptions.Forbidden,542 group_id=group2['id'], user_id=user1['id'])543 # user cannot add a user in another domain to a group in another domain544 self.do_request('add_group_user', expected_status=exceptions.Forbidden,545 group_id=group2['id'], user_id=user2['id'])546 # user gets a 403 for nonexistent group547 self.do_request('add_group_user', expected_status=exceptions.Forbidden,548 group_id='fakegroup', user_id=user1['id'])549 # user gets a 403 for nonexistent user550 self.do_request('add_group_user', expected_status=exceptions.Forbidden,551 group_id=group1['id'], user_id='fakeuser')552 def test_identity_remove_user_from_group(self):553 group1 = self.admin_groups_client.create_group(554 **self.group(self.own_domain))['group']555 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])556 group2 = self.admin_groups_client.create_group(557 **self.group(self.other_domain))['group']558 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])559 user1 = self.admin_client.users_v3_client.create_user(560 name=data_utils.rand_name('user'),561 domain_id=self.own_domain)['user']562 self.addCleanup(self.admin_client.users_v3_client.delete_user,563 user1['id'])564 user2 = self.admin_client.users_v3_client.create_user(565 name=data_utils.rand_name('user'),566 domain_id=self.own_domain)['user']567 self.addCleanup(self.admin_client.users_v3_client.delete_user,568 user2['id'])569 self.admin_groups_client.add_group_user(group1['id'], user1['id'])570 self.admin_groups_client.add_group_user(group1['id'], user2['id'])571 self.admin_groups_client.add_group_user(group2['id'], user1['id'])572 self.admin_groups_client.add_group_user(group2['id'], user2['id'])573 # user can remove a user in own domain from a group in own domain574 self.do_request('delete_group_user', expected_status=204,575 group_id=group1['id'], user_id=user1['id'])576 # user can remove a user in another domain from a group in own577 # domain578 self.do_request('delete_group_user', expected_status=204,579 group_id=group1['id'], user_id=user2['id'])580 # user cannot remove a user in own domain from a group in another581 # domain582 self.do_request('delete_group_user',583 expected_status=exceptions.Forbidden,584 group_id=group2['id'], user_id=user1['id'])585 # user cannot remove a user in another domain from a group in another586 # domain587 self.do_request('delete_group_user',588 expected_status=exceptions.Forbidden,589 group_id=group2['id'], user_id=user2['id'])590 # user gets a 403 for nonexistent group591 self.do_request('delete_group_user',592 expected_status=exceptions.Forbidden,593 group_id='fakegroup', user_id=user1['id'])594 # user gets a 403 for nonexistent user595 self.do_request('delete_group_user',596 expected_status=exceptions.Forbidden,597 group_id=group1['id'], user_id='fakeuser')598 def test_identity_check_user_in_group(self):599 group1 = self.admin_groups_client.create_group(600 **self.group(self.own_domain))['group']601 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])602 group2 = self.admin_groups_client.create_group(603 **self.group(self.other_domain))['group']604 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])605 user1 = self.admin_client.users_v3_client.create_user(606 name=data_utils.rand_name('user'),607 domain_id=self.own_domain)['user']608 self.addCleanup(self.admin_client.users_v3_client.delete_user,609 user1['id'])610 user2 = self.admin_client.users_v3_client.create_user(611 name=data_utils.rand_name('user'),612 domain_id=self.own_domain)['user']613 self.addCleanup(self.admin_client.users_v3_client.delete_user,614 user2['id'])615 self.admin_groups_client.add_group_user(group1['id'], user1['id'])616 self.admin_groups_client.add_group_user(group1['id'], user2['id'])617 self.admin_groups_client.add_group_user(group2['id'], user1['id'])618 self.admin_groups_client.add_group_user(group2['id'], user2['id'])619 # user can check if a user in own domain is in a group in own domain620 self.do_request('check_group_user_existence', expected_status=204,621 group_id=group1['id'], user_id=user1['id'])622 # user can check if a user in another domain is in a group in own623 # domain624 self.do_request('check_group_user_existence',625 expected_status=204,626 group_id=group1['id'], user_id=user2['id'])627 # user cannot check if a user in own domain is in a group in another628 # domain629 self.do_request('check_group_user_existence',630 expected_status=exceptions.Forbidden,631 group_id=group2['id'], user_id=user1['id'])632 # user cannot check if a user in another domain is in a group in633 # another domain634 self.do_request('check_group_user_existence',635 expected_status=exceptions.Forbidden,636 group_id=group2['id'], user_id=user2['id'])637 # user gets a 403 for nonexistent group638 self.do_request('check_group_user_existence',639 expected_status=exceptions.Forbidden,640 group_id='fakegroup', user_id=user1['id'])641 # user gets a 403 for nonexistent user642 self.do_request('check_group_user_existence',643 expected_status=exceptions.Forbidden,644 group_id=group1['id'], user_id='fakeuser')645class DomainMemberTests(DomainAdminTests):646 credentials = ['domain_member', 'system_admin']647 def test_identity_create_group(self):648 # user cannot create group in own domain649 self.do_request('create_group',650 expected_status=exceptions.Forbidden,651 **self.group(domain_id=self.own_domain))652 # user cannot create group in another domain653 self.do_request('create_group',654 expected_status=exceptions.Forbidden,655 **self.group(domain_id=self.other_domain))656 def test_identity_update_group(self):657 group1 = self.admin_groups_client.create_group(658 **self.group(domain_id=self.own_domain))['group']659 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])660 group2 = self.admin_groups_client.create_group(661 **self.group(domain_id=self.other_domain))['group']662 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])663 # user cannot update a group in own domain664 group_update = {665 'group_id': group1['id'],666 'description': data_utils.arbitrary_string667 }668 self.do_request('update_group', expected_status=exceptions.Forbidden,669 **group_update)670 # user cannot update a group in other domain671 group_update = {672 'group_id': group2['id'],673 'description': data_utils.arbitrary_string674 }675 self.do_request('update_group', expected_status=exceptions.Forbidden,676 **group_update)677 # user gets a 403 for nonexistent group678 group_update = {679 'group_id': 'fakegroup',680 'description': data_utils.arbitrary_string681 }682 self.do_request('update_group', expected_status=exceptions.Forbidden,683 **group_update)684 def test_identity_delete_group(self):685 group1 = self.admin_groups_client.create_group(686 **self.group(domain_id=self.own_domain))['group']687 group2 = self.admin_groups_client.create_group(688 **self.group(domain_id=self.other_domain))['group']689 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])690 # user cannot delete a group in own domain691 self.do_request('delete_group', expected_status=exceptions.Forbidden,692 group_id=group1['id'])693 # user cannot delete a group in other domain694 self.do_request('delete_group', expected_status=exceptions.Forbidden,695 group_id=group2['id'])696 # user gets a 404 for nonexistent group697 self.do_request('delete_group', expected_status=exceptions.NotFound,698 group_id='fakegroup')699 def test_identity_add_user_to_group(self):700 group1 = self.admin_groups_client.create_group(701 **self.group(self.own_domain))['group']702 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])703 group2 = self.admin_groups_client.create_group(704 **self.group(self.other_domain))['group']705 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])706 user1 = self.admin_client.users_v3_client.create_user(707 name=data_utils.rand_name('user'),708 domain_id=self.own_domain)['user']709 self.addCleanup(self.admin_client.users_v3_client.delete_user,710 user1['id'])711 user2 = self.admin_client.users_v3_client.create_user(712 name=data_utils.rand_name('user'),713 domain_id=self.own_domain)['user']714 self.addCleanup(self.admin_client.users_v3_client.delete_user,715 user2['id'])716 # user cannot add a user in own domain to a group in own domain717 self.do_request('add_group_user', expected_status=exceptions.Forbidden,718 group_id=group1['id'], user_id=user1['id'])719 # user cannot add a user in another domain to a group in own domain720 self.do_request('add_group_user', expected_status=exceptions.Forbidden,721 group_id=group1['id'], user_id=user2['id'])722 # user cannot add a user in own domain to a group in another domain723 self.do_request('add_group_user', expected_status=exceptions.Forbidden,724 group_id=group2['id'], user_id=user1['id'])725 # user cannot add a user in another domain to a group in another domain726 self.do_request('add_group_user', expected_status=exceptions.Forbidden,727 group_id=group2['id'], user_id=user2['id'])728 # user gets a 403 for nonexistent group729 self.do_request('add_group_user', expected_status=exceptions.Forbidden,730 group_id='fakegroup', user_id=user1['id'])731 # user gets a 403 for nonexistent user732 self.do_request('add_group_user', expected_status=exceptions.Forbidden,733 group_id=group1['id'], user_id='fakeuser')734 def test_identity_remove_user_from_group(self):735 group1 = self.admin_groups_client.create_group(736 **self.group(self.own_domain))['group']737 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])738 group2 = self.admin_groups_client.create_group(739 **self.group(self.other_domain))['group']740 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])741 user1 = self.admin_client.users_v3_client.create_user(742 name=data_utils.rand_name('user'),743 domain_id=self.own_domain)['user']744 self.addCleanup(self.admin_client.users_v3_client.delete_user,745 user1['id'])746 user2 = self.admin_client.users_v3_client.create_user(747 name=data_utils.rand_name('user'),748 domain_id=self.own_domain)['user']749 self.addCleanup(self.admin_client.users_v3_client.delete_user,750 user2['id'])751 self.admin_groups_client.add_group_user(group1['id'], user1['id'])752 self.admin_groups_client.add_group_user(group1['id'], user2['id'])753 self.admin_groups_client.add_group_user(group2['id'], user1['id'])754 self.admin_groups_client.add_group_user(group2['id'], user2['id'])755 # user cannot remove a user in own domain from a group in own domain756 self.do_request('delete_group_user',757 expected_status=exceptions.Forbidden,758 group_id=group1['id'], user_id=user1['id'])759 # user cannot remove a user in another domain from a group in own760 # domain761 self.do_request('delete_group_user',762 expected_status=exceptions.Forbidden,763 group_id=group1['id'], user_id=user2['id'])764 # user cannot remove a user in own domain from a group in another765 # domain766 self.do_request('delete_group_user',767 expected_status=exceptions.Forbidden,768 group_id=group2['id'], user_id=user1['id'])769 # user cannot remove a user in another domain from a group in another770 # domain771 self.do_request('delete_group_user',772 expected_status=exceptions.Forbidden,773 group_id=group2['id'], user_id=user2['id'])774 # user gets a 403 for nonexistent group775 self.do_request('delete_group_user',776 expected_status=exceptions.Forbidden,777 group_id='fakegroup', user_id=user1['id'])778 # user gets a 403 for nonexistent user779 self.do_request('delete_group_user',780 expected_status=exceptions.Forbidden,781 group_id=group1['id'], user_id='fakeuser')782class DomainReaderTests(DomainMemberTests):783 credentials = ['domain_reader', 'system_admin']784class ProjectAdminTests(IdentityV3RbacGroupTest, base.BaseIdentityTest):785 credentials = ['project_admin', 'system_admin']786 def test_identity_create_group(self):787 # user cannot create group in own domain788 self.do_request('create_group', expected_status=exceptions.Forbidden,789 **self.group(domain_id=self.own_domain))790 # user cannot create group in another domain791 self.do_request('create_group',792 expected_status=exceptions.Forbidden,793 **self.group(domain_id=self.other_domain))794 def test_identity_get_group(self):795 group = self.admin_groups_client.create_group(796 **self.group(domain_id=self.own_domain))['group']797 self.addCleanup(self.admin_groups_client.delete_group, group['id'])798 # user cannot get group in own domain799 self.do_request('show_group', expected_status=exceptions.Forbidden,800 group_id=group['id'])801 # user cannot get group in other domain802 group = self.admin_groups_client.create_group(803 **self.group(domain_id=self.other_domain))['group']804 self.addCleanup(self.admin_groups_client.delete_group, group['id'])805 self.do_request('show_group', expected_status=exceptions.Forbidden,806 group_id=group['id'])807 # user gets a 403 for nonexistent group808 self.do_request('show_group', expected_status=exceptions.Forbidden,809 group_id='fakegroup')810 def test_identity_list_groups(self):811 group1 = self.admin_groups_client.create_group(812 **self.group(domain_id=self.own_domain))['group']813 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])814 group2 = self.admin_groups_client.create_group(815 **self.group(domain_id=self.other_domain))['group']816 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])817 self.do_request('list_groups', expected_status=exceptions.Forbidden)818 def test_identity_list_groups_for_user(self):819 group1 = self.admin_groups_client.create_group(820 **self.group(domain_id=self.own_domain))['group']821 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])822 user1 = self.admin_client.users_v3_client.create_user(823 name=data_utils.rand_name('user'),824 domain_id=self.own_domain)['user']825 self.addCleanup(self.admin_client.users_v3_client.delete_user,826 user1['id'])827 group2 = self.admin_groups_client.create_group(828 **self.group(domain_id=self.other_domain))['group']829 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])830 user2 = self.admin_client.users_v3_client.create_user(831 name=data_utils.rand_name('user'),832 domain_id=self.other_domain)['user']833 self.addCleanup(self.admin_client.users_v3_client.delete_user,834 user2['id'])835 self.admin_groups_client.add_group_user(group1['id'], user1['id'])836 self.admin_groups_client.add_group_user(group1['id'], user2['id'])837 self.admin_groups_client.add_group_user(group2['id'], user1['id'])838 self.admin_groups_client.add_group_user(group2['id'], user2['id'])839 # user cannot list groups for user in own domain840 self.do_request('list_user_groups', client=self.users_client,841 expected_status=exceptions.Forbidden,842 user_id=user1['id'])843 # user cannot list groups for user in other domain844 self.do_request('list_user_groups', client=self.users_client,845 expected_status=exceptions.Forbidden,846 user_id=user2['id'])847 # user gets a 403 for nonexistent user848 self.do_request('list_user_groups', client=self.users_client,849 expected_status=exceptions.Forbidden,850 user_id='fakeuser')851 def test_identity_update_group(self):852 group1 = self.admin_groups_client.create_group(853 **self.group(domain_id=self.own_domain))['group']854 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])855 group2 = self.admin_groups_client.create_group(856 **self.group(domain_id=self.other_domain))['group']857 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])858 # user cannot update a group in own domain859 group_update = {860 'group_id': group1['id'],861 'description': data_utils.arbitrary_string862 }863 self.do_request('update_group', expected_status=exceptions.Forbidden,864 **group_update)865 # user cannot update a group in other domain866 group_update = {867 'group_id': group2['id'],868 'description': data_utils.arbitrary_string869 }870 self.do_request('update_group', expected_status=exceptions.Forbidden,871 **group_update)872 # user gets a 403 for nonexistent group873 group_update = {874 'group_id': 'fakegroup',875 'description': data_utils.arbitrary_string876 }877 self.do_request('update_group', expected_status=exceptions.Forbidden,878 **group_update)879 def test_identity_delete_group(self):880 group1 = self.admin_groups_client.create_group(881 **self.group(domain_id=self.own_domain))['group']882 group2 = self.admin_groups_client.create_group(883 **self.group(domain_id=self.other_domain))['group']884 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])885 # user cannot delete a group in own domain886 self.do_request('delete_group', expected_status=exceptions.Forbidden,887 group_id=group1['id'])888 # user cannot delete a group in other domain889 self.do_request('delete_group', expected_status=exceptions.Forbidden,890 group_id=group2['id'])891 # user gets a 403 for nonexistent group892 self.do_request('delete_group', expected_status=exceptions.NotFound,893 group_id='fakegroup')894 def test_identity_list_users_in_group(self):895 group1 = self.admin_groups_client.create_group(896 **self.group(domain_id=self.own_domain))['group']897 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])898 user1 = self.admin_client.users_v3_client.create_user(899 name=data_utils.rand_name('user'),900 domain_id=self.own_domain)['user']901 self.addCleanup(self.admin_client.users_v3_client.delete_user,902 user1['id'])903 group2 = self.admin_groups_client.create_group(904 **self.group(domain_id=self.other_domain))['group']905 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])906 user2 = self.admin_client.users_v3_client.create_user(907 name=data_utils.rand_name('user'),908 domain_id=self.other_domain)['user']909 self.addCleanup(self.admin_client.users_v3_client.delete_user,910 user2['id'])911 self.admin_groups_client.add_group_user(group1['id'], user1['id'])912 self.admin_groups_client.add_group_user(group1['id'], user2['id'])913 self.admin_groups_client.add_group_user(group2['id'], user1['id'])914 self.admin_groups_client.add_group_user(group2['id'], user2['id'])915 # user cannot list users for group in own domain916 self.do_request('list_group_users',917 expected_status=exceptions.Forbidden,918 group_id=group1['id'])919 # user cannot list users for group in another domain920 self.do_request('list_group_users',921 expected_status=exceptions.Forbidden,922 group_id=group2['id'])923 def test_identity_add_user_to_group(self):924 group1 = self.admin_groups_client.create_group(925 **self.group(self.own_domain))['group']926 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])927 group2 = self.admin_groups_client.create_group(928 **self.group(self.other_domain))['group']929 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])930 user1 = self.admin_client.users_v3_client.create_user(931 name=data_utils.rand_name('user'),932 domain_id=self.own_domain)['user']933 self.addCleanup(self.admin_client.users_v3_client.delete_user,934 user1['id'])935 user2 = self.admin_client.users_v3_client.create_user(936 name=data_utils.rand_name('user'),937 domain_id=self.own_domain)['user']938 self.addCleanup(self.admin_client.users_v3_client.delete_user,939 user2['id'])940 # user cannot add a user in own domain to a group in own domain941 self.do_request('add_group_user', expected_status=exceptions.Forbidden,942 group_id=group1['id'], user_id=user1['id'])943 # user cannot add a user in another domain to a group in own domain944 self.do_request('add_group_user', expected_status=exceptions.Forbidden,945 group_id=group1['id'], user_id=user2['id'])946 # user cannot add a user in own domain to a group in another domain947 self.do_request('add_group_user', expected_status=exceptions.Forbidden,948 group_id=group2['id'], user_id=user1['id'])949 # user cannot add a user in another domain to a group in another domain950 self.do_request('add_group_user', expected_status=exceptions.Forbidden,951 group_id=group2['id'], user_id=user2['id'])952 # user gets a 403 for nonexistent group953 self.do_request('add_group_user', expected_status=exceptions.Forbidden,954 group_id='fakegroup', user_id=user1['id'])955 # user gets a 403 for nonexistent user956 self.do_request('add_group_user', expected_status=exceptions.Forbidden,957 group_id=group1['id'], user_id='fakeuser')958 def test_identity_remove_user_from_group(self):959 group1 = self.admin_groups_client.create_group(960 **self.group(self.own_domain))['group']961 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])962 group2 = self.admin_groups_client.create_group(963 **self.group(self.other_domain))['group']964 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])965 user1 = self.admin_client.users_v3_client.create_user(966 name=data_utils.rand_name('user'),967 domain_id=self.own_domain)['user']968 self.addCleanup(self.admin_client.users_v3_client.delete_user,969 user1['id'])970 user2 = self.admin_client.users_v3_client.create_user(971 name=data_utils.rand_name('user'),972 domain_id=self.own_domain)['user']973 self.addCleanup(self.admin_client.users_v3_client.delete_user,974 user2['id'])975 self.admin_groups_client.add_group_user(group1['id'], user1['id'])976 self.admin_groups_client.add_group_user(group1['id'], user2['id'])977 self.admin_groups_client.add_group_user(group2['id'], user1['id'])978 self.admin_groups_client.add_group_user(group2['id'], user2['id'])979 # user cannot remove a user in own domain from a group in own domain980 self.do_request('delete_group_user',981 expected_status=exceptions.Forbidden,982 group_id=group1['id'], user_id=user1['id'])983 # user cannot remove a user in another domain from a group in own984 # domain985 self.do_request('delete_group_user',986 expected_status=exceptions.Forbidden,987 group_id=group1['id'], user_id=user2['id'])988 # user cannot remove a user in own domain from a group in another989 # domain990 self.do_request('delete_group_user',991 expected_status=exceptions.Forbidden,992 group_id=group2['id'], user_id=user1['id'])993 # user cannot remove a user in another domain from a group in another994 # domain995 self.do_request('delete_group_user',996 expected_status=exceptions.Forbidden,997 group_id=group2['id'], user_id=user2['id'])998 # user gets a 403 for nonexistent group999 self.do_request('delete_group_user',1000 expected_status=exceptions.Forbidden,1001 group_id='fakegroup', user_id=user1['id'])1002 # user gets a 403 for nonexistent user1003 self.do_request('delete_group_user',1004 expected_status=exceptions.Forbidden,1005 group_id=group1['id'], user_id='fakeuser')1006 def test_identity_check_user_in_group(self):1007 group1 = self.admin_groups_client.create_group(1008 **self.group(self.own_domain))['group']1009 self.addCleanup(self.admin_groups_client.delete_group, group1['id'])1010 group2 = self.admin_groups_client.create_group(1011 **self.group(self.other_domain))['group']1012 self.addCleanup(self.admin_groups_client.delete_group, group2['id'])1013 user1 = self.admin_client.users_v3_client.create_user(1014 name=data_utils.rand_name('user'),1015 domain_id=self.own_domain)['user']1016 self.addCleanup(self.admin_client.users_v3_client.delete_user,1017 user1['id'])1018 user2 = self.admin_client.users_v3_client.create_user(1019 name=data_utils.rand_name('user'),1020 domain_id=self.own_domain)['user']1021 self.addCleanup(self.admin_client.users_v3_client.delete_user,1022 user2['id'])1023 self.admin_groups_client.add_group_user(group1['id'], user1['id'])1024 self.admin_groups_client.add_group_user(group1['id'], user2['id'])1025 self.admin_groups_client.add_group_user(group2['id'], user1['id'])1026 self.admin_groups_client.add_group_user(group2['id'], user2['id'])1027 # user cannot check if a user in own domain is in a group in own domain1028 self.do_request('check_group_user_existence',1029 expected_status=exceptions.Forbidden,1030 group_id=group1['id'], user_id=user1['id'])1031 # user cannot check if a user in another domain is in a group in own1032 # domain1033 self.do_request('check_group_user_existence',1034 expected_status=exceptions.Forbidden,1035 group_id=group1['id'], user_id=user2['id'])1036 # user cannot check if a user in own domain is in a group in another1037 # domain1038 self.do_request('check_group_user_existence',1039 expected_status=exceptions.Forbidden,1040 group_id=group2['id'], user_id=user1['id'])1041 # user cannot check if a user in another domain is in a group in1042 # another domain1043 self.do_request('check_group_user_existence',1044 expected_status=exceptions.Forbidden,1045 group_id=group2['id'], user_id=user2['id'])1046 # user gets a 403 for nonexistent group1047 self.do_request('check_group_user_existence',1048 expected_status=exceptions.Forbidden,1049 group_id='fakegroup', user_id=user1['id'])1050 # user gets a 403 for nonexistent user1051 self.do_request('check_group_user_existence',1052 expected_status=exceptions.Forbidden,1053 group_id=group1['id'], user_id='fakeuser')1054class ProjectMemberTests(ProjectAdminTests):1055 credentials = ['project_member', 'system_admin']1056class ProjectReaderTests(ProjectAdminTests):...
groups_client.py
Source:groups_client.py
...72 """Delete user in group."""73 resp, body = self.delete('groups/%s/users/%s' % (group_id, user_id))74 self.expected_success(204, resp.status)75 return rest_client.ResponseBody(resp, body)76 def check_group_user_existence(self, group_id, user_id):77 """Check user in group."""78 resp, body = self.head('groups/%s/users/%s' % (group_id, user_id))79 self.expected_success(204, resp.status)...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!