Source code for keystone.tests.unit.trust.test_backends

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import datetime
import uuid

from oslo_utils import timeutils
from six.moves import range

from keystone.common import provider_api
from keystone import exception

PROVIDERS = provider_api.ProviderAPIs


[docs]class TrustTests(object):
[docs]    def create_sample_trust(self, new_id, remaining_uses=None):
        self.trustor = self.user_foo
        self.trustee = self.user_two
        expires_at = datetime.datetime.utcnow().replace(year=2032)
        trust_data = (PROVIDERS.trust_api.create_trust
                      (new_id,
                       {'trustor_user_id': self.trustor['id'],
                        'trustee_user_id': self.user_two['id'],
                        'project_id': self.tenant_bar['id'],
                        'expires_at': expires_at,
                        'impersonation': True,
                        'remaining_uses': remaining_uses},
                       roles=[{"id": "member"},
                              {"id": "other"},
                              {"id": "browser"}]))
        return trust_data

[docs]    def test_delete_trust(self):
        new_id = uuid.uuid4().hex
        trust_data = self.create_sample_trust(new_id)
        trust_id = trust_data['id']
        self.assertIsNotNone(trust_data)
        trust_data = PROVIDERS.trust_api.get_trust(trust_id)
        self.assertEqual(new_id, trust_data['id'])
        PROVIDERS.trust_api.delete_trust(trust_id)
        self.assertRaises(exception.TrustNotFound,
                          PROVIDERS.trust_api.get_trust,
                          trust_id)

[docs]    def test_delete_trust_not_found(self):
        trust_id = uuid.uuid4().hex
        self.assertRaises(exception.TrustNotFound,
                          PROVIDERS.trust_api.delete_trust,
                          trust_id)

[docs]    def test_get_trust(self):
        new_id = uuid.uuid4().hex
        trust_data = self.create_sample_trust(new_id)
        trust_id = trust_data['id']
        self.assertIsNotNone(trust_data)
        trust_data = PROVIDERS.trust_api.get_trust(trust_id)
        self.assertEqual(new_id, trust_data['id'])
        PROVIDERS.trust_api.delete_trust(trust_data['id'])

[docs]    def test_get_deleted_trust(self):
        new_id = uuid.uuid4().hex
        trust_data = self.create_sample_trust(new_id)
        self.assertIsNotNone(trust_data)
        self.assertIsNone(trust_data['deleted_at'])
        PROVIDERS.trust_api.delete_trust(new_id)
        self.assertRaises(exception.TrustNotFound,
                          PROVIDERS.trust_api.get_trust,
                          new_id)
        deleted_trust = PROVIDERS.trust_api.get_trust(
            trust_data['id'], deleted=True
        )
        self.assertEqual(trust_data['id'], deleted_trust['id'])
        self.assertIsNotNone(deleted_trust.get('deleted_at'))

[docs]    def test_create_trust(self):
        new_id = uuid.uuid4().hex
        trust_data = self.create_sample_trust(new_id)

        self.assertEqual(new_id, trust_data['id'])
        self.assertEqual(self.trustee['id'], trust_data['trustee_user_id'])
        self.assertEqual(self.trustor['id'], trust_data['trustor_user_id'])
        self.assertGreater(timeutils.normalize_time(trust_data['expires_at']),
                           timeutils.utcnow())

        self.assertEqual([{'id': 'member'},
                          {'id': 'other'},
                          {'id': 'browser'}], trust_data['roles'])

[docs]    def test_list_trust_by_trustee(self):
        for i in range(3):
            self.create_sample_trust(uuid.uuid4().hex)
        trusts = PROVIDERS.trust_api.list_trusts_for_trustee(
            self.trustee['id']
        )
        self.assertEqual(3, len(trusts))
        self.assertEqual(trusts[0]["trustee_user_id"], self.trustee['id'])
        trusts = PROVIDERS.trust_api.list_trusts_for_trustee(
            self.trustor['id']
        )
        self.assertEqual(0, len(trusts))

[docs]    def test_list_trust_by_trustor(self):
        for i in range(3):
            self.create_sample_trust(uuid.uuid4().hex)
        trusts = PROVIDERS.trust_api.list_trusts_for_trustor(
            self.trustor['id']
        )
        self.assertEqual(3, len(trusts))
        self.assertEqual(trusts[0]["trustor_user_id"], self.trustor['id'])
        trusts = PROVIDERS.trust_api.list_trusts_for_trustor(
            self.trustee['id']
        )
        self.assertEqual(0, len(trusts))

[docs]    def test_list_trusts(self):
        for i in range(3):
            self.create_sample_trust(uuid.uuid4().hex)
        trusts = PROVIDERS.trust_api.list_trusts()
        self.assertEqual(3, len(trusts))

[docs]    def test_trust_has_remaining_uses_positive(self):
        # create a trust with limited uses, check that we have uses left
        trust_data = self.create_sample_trust(uuid.uuid4().hex,
                                              remaining_uses=5)
        self.assertEqual(5, trust_data['remaining_uses'])
        # create a trust with unlimited uses, check that we have uses left
        trust_data = self.create_sample_trust(uuid.uuid4().hex)
        self.assertIsNone(trust_data['remaining_uses'])

[docs]    def test_trust_has_remaining_uses_negative(self):
        # try to create a trust with no remaining uses, check that it fails
        self.assertRaises(exception.ValidationError,
                          self.create_sample_trust,
                          uuid.uuid4().hex,
                          remaining_uses=0)
        # try to create a trust with negative remaining uses,
        # check that it fails
        self.assertRaises(exception.ValidationError,
                          self.create_sample_trust,
                          uuid.uuid4().hex,
                          remaining_uses=-12)

[docs]    def test_consume_use(self):
        # consume a trust repeatedly until it has no uses anymore
        trust_data = self.create_sample_trust(uuid.uuid4().hex,
                                              remaining_uses=2)
        PROVIDERS.trust_api.consume_use(trust_data['id'])
        t = PROVIDERS.trust_api.get_trust(trust_data['id'])
        self.assertEqual(1, t['remaining_uses'])
        PROVIDERS.trust_api.consume_use(trust_data['id'])
        # This was the last use, the trust isn't available anymore
        self.assertRaises(exception.TrustNotFound,
                          PROVIDERS.trust_api.get_trust,
                          trust_data['id'])

[docs]    def test_duplicate_trusts_not_allowed(self):
        self.trustor = self.user_foo
        self.trustee = self.user_two
        trust_data = {'trustor_user_id': self.trustor['id'],
                      'trustee_user_id': self.user_two['id'],
                      'project_id': self.tenant_bar['id'],
                      'expires_at': timeutils.parse_isotime(
                          '2032-02-18T18:10:00Z'),
                      'impersonation': True,
                      'remaining_uses': None}
        roles = [{"id": "member"},
                 {"id": "other"},
                 {"id": "browser"}]
        PROVIDERS.trust_api.create_trust(uuid.uuid4().hex, trust_data, roles)
        self.assertRaises(exception.Conflict,
                          PROVIDERS.trust_api.create_trust,
                          uuid.uuid4().hex,
                          trust_data,
                          roles)