[Kimchi-devel] [PATCH 9/9] authorization: Update test cases based on last changes

alinefm at linux.vnet.ibm.com alinefm at linux.vnet.ibm.com
Wed Jul 23 20:39:20 UTC 2014 

From: Crístian Viana <vianac at linux.vnet.ibm.com>

---
 tests/test_authorization.py | 20 ++++++++++++++++++--
 tests/test_rest.py          |  9 ++++++---
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/tests/test_authorization.py b/tests/test_authorization.py
index 3d0b357..2fca62e 100644
--- a/tests/test_authorization.py
+++ b/tests/test_authorization.py
@@ -111,14 +111,24 @@ def test_nonroot_access(self):
         resp = self.request('/templates/test', '{}', 'DELETE')
         self.assertEquals(403, resp.status)
 
-        # Non-root users can only get vms
+
+        # Non-root users can only get vms authorized to them
+        model.templates_create({'name': u'test', 'cdrom': '/nonexistent.iso'})
+
+        model.vms_create({'name': u'test-me', 'template': '/templates/test'})
+        model.vm_update(u'test-me', {'users': [ kimchi.mockmodel.fake_user.keys()[0] ], 'groups': []})
+
+        model.vms_create({'name': u'test-usera', 'template': '/templates/test'})
+        model.vm_update(u'test-usera', {'users': [ 'userA' ], 'groups': []})
+
         resp = self.request('/vms', '{}', 'GET')
         self.assertEquals(200, resp.status)
+        vms_data = json.loads(resp.read())
+        self.assertEquals([ u'test-me' ], [ v['name'] for v in vms_data ])
         resp = self.request('/vms', req, 'POST')
         self.assertEquals(403, resp.status)
 
         # Create a vm using mockmodel directly to test Resource access
-        model.templates_create({'name': 'test', 'cdrom': '/nonexistent.iso'})
         model.vms_create({'name': 'test', 'template': '/templates/test'})
 
         resp = self.request('/vms/test', '{}', 'PUT')
@@ -126,5 +136,11 @@ def test_nonroot_access(self):
         resp = self.request('/vms/test', '{}', 'DELETE')
         self.assertEquals(403, resp.status)
 
+        # Non-root users can only update VMs authorized by them
+        resp = self.request('/vms/test-me/start', '{}', 'POST')
+        self.assertEquals(200, resp.status)
+        resp = self.request('/vms/test-usera/start', '{}', 'POST')
+        self.assertEquals(403, resp.status)
+
         model.template_delete('test')
         model.vm_delete('test')
diff --git a/tests/test_rest.py b/tests/test_rest.py
index 935ed81..06d9f9e 100644
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -175,10 +175,13 @@ def test_get_vms(self):
         resp = self.request('/templates', req, 'POST')
         self.assertEquals(201, resp.status)
 
+        test_users = [ 'user1', 'user2', 'root']
+        test_groups = [ 'group1', 'group2', 'admin' ]
         # Now add a couple of VMs to the mock model
         for i in xrange(10):
             name = 'vm-%i' % i
-            req = json.dumps({'name': name, 'template': '/templates/test'})
+            req = json.dumps({'name': name, 'template': '/templates/test',
+                             'users': test_users, 'groups': test_groups})
             resp = self.request('/vms', req, 'POST')
             self.assertEquals(201, resp.status)
 
@@ -188,8 +191,8 @@ def test_get_vms(self):
         vm = json.loads(self.request('/vms/vm-1').read())
         self.assertEquals('vm-1', vm['name'])
         self.assertEquals('shutoff', vm['state'])
-        self.assertEquals(['user1', 'user2', 'root'], vm['users'])
-        self.assertEquals(['group1', 'group2', 'admin'], vm['groups'])
+        self.assertEquals(test_users, vm['users'])
+        self.assertEquals(test_groups, vm['groups'])
 
     def test_edit_vm(self):
         req = json.dumps({'name': 'test', 'cdrom': '/nonexistent.iso'})
-- 
1.9.3

More information about the Kimchi-devel mailing list