From: Crístian Viana <vianac(a)linux.vnet.ibm.com>
---
tests/test_authorization.py | 20 ++++++++++++++++++--
tests/test_rest.py | 9 ++++++---
2 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/tests/test_authorization.py b/tests/test_authorization.py
index 3d0b357..2fca62e 100644
--- a/tests/test_authorization.py
+++ b/tests/test_authorization.py
@@ -111,14 +111,24 @@ def test_nonroot_access(self):
resp = self.request('/templates/test', '{}', 'DELETE')
self.assertEquals(403, resp.status)
- # Non-root users can only get vms
+
+ # Non-root users can only get vms authorized to them
+ model.templates_create({'name': u'test', 'cdrom':
'/nonexistent.iso'})
+
+ model.vms_create({'name': u'test-me', 'template':
'/templates/test'})
+ model.vm_update(u'test-me', {'users': [
kimchi.mockmodel.fake_user.keys()[0] ], 'groups': []})
+
+ model.vms_create({'name': u'test-usera', 'template':
'/templates/test'})
+ model.vm_update(u'test-usera', {'users': [ 'userA' ],
'groups': []})
+
resp = self.request('/vms', '{}', 'GET')
self.assertEquals(200, resp.status)
+ vms_data = json.loads(resp.read())
+ self.assertEquals([ u'test-me' ], [ v['name'] for v in vms_data
])
resp = self.request('/vms', req, 'POST')
self.assertEquals(403, resp.status)
# Create a vm using mockmodel directly to test Resource access
- model.templates_create({'name': 'test', 'cdrom':
'/nonexistent.iso'})
model.vms_create({'name': 'test', 'template':
'/templates/test'})
resp = self.request('/vms/test', '{}', 'PUT')
@@ -126,5 +136,11 @@ def test_nonroot_access(self):
resp = self.request('/vms/test', '{}', 'DELETE')
self.assertEquals(403, resp.status)
+ # Non-root users can only update VMs authorized by them
+ resp = self.request('/vms/test-me/start', '{}', 'POST')
+ self.assertEquals(200, resp.status)
+ resp = self.request('/vms/test-usera/start', '{}',
'POST')
+ self.assertEquals(403, resp.status)
+
model.template_delete('test')
model.vm_delete('test')
diff --git a/tests/test_rest.py b/tests/test_rest.py
index 935ed81..06d9f9e 100644
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -175,10 +175,13 @@ def test_get_vms(self):
resp = self.request('/templates', req, 'POST')
self.assertEquals(201, resp.status)
+ test_users = [ 'user1', 'user2', 'root']
+ test_groups = [ 'group1', 'group2', 'admin' ]
# Now add a couple of VMs to the mock model
for i in xrange(10):
name = 'vm-%i' % i
- req = json.dumps({'name': name, 'template':
'/templates/test'})
+ req = json.dumps({'name': name, 'template':
'/templates/test',
+ 'users': test_users, 'groups':
test_groups})
resp = self.request('/vms', req, 'POST')
self.assertEquals(201, resp.status)
@@ -188,8 +191,8 @@ def test_get_vms(self):
vm = json.loads(self.request('/vms/vm-1').read())
self.assertEquals('vm-1', vm['name'])
self.assertEquals('shutoff', vm['state'])
- self.assertEquals(['user1', 'user2', 'root'],
vm['users'])
- self.assertEquals(['group1', 'group2', 'admin'],
vm['groups'])
+ self.assertEquals(test_users, vm['users'])
+ self.assertEquals(test_groups, vm['groups'])
def test_edit_vm(self):
req = json.dumps({'name': 'test', 'cdrom':
'/nonexistent.iso'})
--
1.9.3