cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8562) User Definable Roles
Date Fri, 22 Apr 2016 14:14:13 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15254008#comment-15254008
] 

ASF GitHub Bot commented on CLOUDSTACK-8562:
--------------------------------------------

Github user jburwell commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1489#discussion_r60744764
  
    --- Diff: test/integration/smoke/test_dynamicroles.py ---
    @@ -0,0 +1,474 @@
    +# Licensed to the Apache Software Foundation (ASF) under one
    +# or more contributor license agreements.  See the NOTICE file
    +# distributed with this work for additional information
    +# regarding copyright ownership.  The ASF licenses this file
    +# to you under the Apache License, Version 2.0 (the
    +# "License"); you may not use this file except in compliance
    +# with the License.  You may obtain a copy of the License at
    +#
    +#   http://www.apache.org/licenses/LICENSE-2.0
    +#
    +# Unless required by applicable law or agreed to in writing,
    +# software distributed under the License is distributed on an
    +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    +# KIND, either express or implied.  See the License for the
    +# specific language governing permissions and limitations
    +# under the License.
    +
    +from marvin.cloudstackAPI import *
    +from marvin.cloudstackTestCase import cloudstackTestCase
    +from marvin.cloudstackException import CloudstackAPIException
    +from marvin.lib.base import Account, Role, RolePermission
    +from marvin.lib.utils import cleanup_resources
    +from nose.plugins.attrib import attr
    +
    +import random
    +import re
    +
    +
    +class TestData(object):
    +    """Test data object that is required to create resources
    +    """
    +    def __init__(self):
    +        self.testdata = {
    +            "account": {
    +                "email": "mtu@test.cloud",
    +                "firstname": "Marvin",
    +                "lastname": "TestUser",
    +                "username": "roletest",
    +                "password": "password",
    +            },
    +            "role": {
    +                "name": "MarvinFake Role ",
    +                "type": "User",
    +                "description": "Fake Role created by Marvin test"
    +            },
    +            "roleadmin": {
    +                "name": "MarvinFake Admin Role ",
    +                "type": "Admin",
    +                "description": "Fake Admin Role created by Marvin test"
    +            },
    +            "roledomainadmin": {
    +                "name": "MarvinFake DomainAdmin Role ",
    +                "type": "DomainAdmin",
    +                "description": "Fake Domain-Admin Role created by Marvin test"
    +            },
    +            "rolepermission": {
    +                "roleid": 1,
    +                "rule": "listVirtualMachines",
    +                "permission": "allow",
    +                "description": "Fake role permission created by Marvin test"
    +            },
    +            "apiConfig": {
    +                "listApis": "allow",
    +                "listAccounts": "allow",
    +                "listClusters": "deny",
    +                "*VM*": "allow",
    +                "*Host*": "deny"
    +            }
    +        }
    +
    +
    +class TestDynamicRoles(cloudstackTestCase):
    +    """Tests dynamic role and role permission management in CloudStack
    +    """
    +
    +    def setUp(self):
    +        self.apiclient = self.testClient.getApiClient()
    +        self.dbclient = self.testClient.getDbConnection()
    +        self.testdata = TestData().testdata
    +
    +        feature_enabled = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
    +        if not feature_enabled:
    +            self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")
    +
    +        self.testdata["role"]["name"] += self.getRandomString()
    +        self.role = Role.create(
    +            self.apiclient,
    +            self.testdata["role"]
    +        )
    +
    +        self.testdata["rolepermission"]["roleid"] = self.role.id
    +        self.rolepermission = RolePermission.create(
    +            self.apiclient,
    +            self.testdata["rolepermission"]
    +        )
    +
    +        self.account = Account.create(
    +            self.apiclient,
    +            self.testdata["account"],
    +            roleid=self.role.id
    +        )
    +        self.cleanup = [
    +            self.account,
    +            self.rolepermission,
    +            self.role
    +        ]
    +
    +
    +    def tearDown(self):
    +        try:
    +           cleanup_resources(self.apiclient, self.cleanup)
    +        except Exception as e:
    +            self.debug("Warning! Exception in tearDown: %s" % e)
    +
    +
    +    def translateRoleToAccountType(self, role_type):
    +        if role_type == "User":
    +            return 0
    +        elif role_type == "Admin":
    +            return 1
    +        elif role_type == "DomainAdmin":
    +            return 2
    +        elif role_type == "ResourceAdmin":
    +            return 3
    +        return -1
    +
    +
    +    def getUserApiClient(self, username, domain='ROOT', role_type='User'):
    +        self.user_apiclient = self.testClient.getUserApiClient(UserName=username, DomainName='ROOT',
type=self.translateRoleToAccountType(role_type))
    +        return self.user_apiclient
    +
    +
    +    def getRandomString(self):
    +        return "".join(random.choice("abcdefghijklmnopqrstuvwxyz0123456789") for _ in
range(10))
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_role_lifecycle_list(self):
    +        """
    +            Tests that default four roles exist
    +        """
    +        roleTypes = {1: "Admin", 2: "ResourceAdmin", 3: "DomainAdmin", 4: "User"}
    +        for idx in range(1,5):
    +            list_roles = Role.list(self.apiclient, id=idx)
    +            self.assertEqual(
    +                isinstance(list_roles, list),
    +                True,
    +                "List Roles response was not a valid list"
    +            )
    +            self.assertEqual(
    +                len(list_roles),
    +                1,
    +                "List Roles response size was not 1"
    +            )
    +            self.assertEqual(
    +                list_roles[0].type,
    +                roleTypes[idx],
    +                msg="Default role type differs from expectation"
    +            )
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_role_lifecycle_create(self):
    +        """
    +            Tests normal lifecycle operations for roles
    +        """
    +        # Reuse self.role created in setUp()
    +        try:
    +            role = Role.create(
    +                self.apiclient,
    +                self.testdata["role"]
    +            )
    +            self.fail("An exception was expected when creating duplicate roles")
    +        except CloudstackAPIException: pass
    +
    +        list_roles = Role.list(self.apiclient, id=self.role.id)
    +        self.assertEqual(
    +            isinstance(list_roles, list),
    +            True,
    +            "List Roles response was not a valid list"
    +        )
    +        self.assertEqual(
    +            len(list_roles),
    +            1,
    +            "List Roles response size was not 1"
    +        )
    +        self.assertEqual(
    +            list_roles[0].name,
    +            self.testdata["role"]["name"],
    +            msg="Role name does not match the test data"
    +        )
    +        self.assertEqual(
    +            list_roles[0].type,
    +            self.testdata["role"]["type"],
    +            msg="Role type does not match the test data"
    +        )
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_role_lifecycle_update(self):
    +        """
    +            Tests role update
    +        """
    +        self.account.delete(self.apiclient)
    +        new_role_name = "MarvinFakeRoleNewName-" + self.getRandomString()
    +        self.role.update(self.apiclient, name=new_role_name, type='Admin')
    +        update_role = Role.list(self.apiclient, id=self.role.id)[0]
    +        self.assertEqual(
    +            update_role.name,
    +            new_role_name,
    +            msg="Role name does not match updated role name"
    +        )
    +        self.assertEqual(
    +            update_role.type,
    +            'Admin',
    +            msg="Role type does not match updated role type"
    +        )
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_role_lifecycle_update_role_inuse(self):
    +        """
    +            Tests role update when role is in use by an account
    +        """
    +        new_role_name = "MarvinFakeRoleNewName-" + self.getRandomString()
    +        try:
    +            self.role.update(self.apiclient, name=new_role_name, type='Admin')
    +            self.fail("Updation of role type is not allowed when role is in use")
    +        except CloudstackAPIException: pass
    +
    +        self.role.update(self.apiclient, name=new_role_name)
    +        update_role = Role.list(self.apiclient, id=self.role.id)[0]
    +        self.assertEqual(
    +            update_role.name,
    +            new_role_name,
    +            msg="Role name does not match updated role name"
    +        )
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_role_lifecycle_delete(self):
    +        """
    +            Tests role update
    +        """
    +        self.account.delete(self.apiclient)
    +        self.role.delete(self.apiclient)
    +        list_roles = Role.list(self.apiclient, id=self.role.id)
    +        self.assertEqual(
    +            list_roles,
    +            None,
    +            "List Roles response should be empty"
    +        )
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_role_inuse_deletion(self):
    +        """
    +            Test to ensure role in use cannot be deleted
    +        """
    +        try:
    +            self.role.delete(self.apiclient)
    +            self.fail("Role with any account should not be allowed to be deleted")
    +        except CloudstackAPIException: pass
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_default_role_deletion(self):
    +        """
    +            Test to ensure 4 default roles cannot be deleted
    +        """
    +        for idx in range(1,5):
    +            cmd = deleteRole.deleteRoleCmd()
    +            cmd.id = idx
    +            try:
    +                self.apiclient.deleteRole(cmd)
    +                self.fail("Default role got deleted with id: " + idx)
    +            except CloudstackAPIException: pass
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_rolepermission_lifecycle_list(self):
    +        """
    +            Tests listing of default role's permission
    +        """
    +        for idx in range(1,5):
    +            list_rolepermissions = RolePermission.list(self.apiclient, roleid=idx)
    +            self.assertEqual(
    +                isinstance(list_rolepermissions, list),
    +                True,
    +                "List rolepermissions response was not a valid list"
    +            )
    +            self.assertTrue(
    +                len(list_rolepermissions) > 0,
    +                "List rolepermissions response was empty"
    +            )
    +
    +
    +    @attr(tags=['advanced', 'simulator', 'basic', 'sg'], required_hardware=False)
    +    def test_rolepermission_lifecycle_create(self):
    +        """
    +            Tests creation of role permission
    +        """
    +        # Reuse self.rolepermission created in setUp()
    +        try:
    +            rolepermission = RolePermission.create(
    +                self.apiclient,
    +                self.testdata["rolepermission"]
    +            )
    +            self.fail("An exception was expected when creating duplicate role permissions")
    +        except CloudstackAPIException: pass
    --- End diff --
    
    Is there any value asserting on the contents of the error message?


> User Definable Roles
> --------------------
>
>                 Key: CLOUDSTACK-8562
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8562
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
>
> Static command.properties moved to database and made user definable



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message