From: Crístian Viana <vianac@linux.vnet.ibm.com> --- tests/test_authorization.py | 20 ++++++++++++++++++-- tests/test_rest.py | 9 ++++++--- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/tests/test_authorization.py b/tests/test_authorization.py index 3d0b357..2fca62e 100644 --- a/tests/test_authorization.py +++ b/tests/test_authorization.py @@ -111,14 +111,24 @@ def test_nonroot_access(self): resp = self.request('/templates/test', '{}', 'DELETE') self.assertEquals(403, resp.status) - # Non-root users can only get vms + + # Non-root users can only get vms authorized to them + model.templates_create({'name': u'test', 'cdrom': '/nonexistent.iso'}) + + model.vms_create({'name': u'test-me', 'template': '/templates/test'}) + model.vm_update(u'test-me', {'users': [ kimchi.mockmodel.fake_user.keys()[0] ], 'groups': []}) + + model.vms_create({'name': u'test-usera', 'template': '/templates/test'}) + model.vm_update(u'test-usera', {'users': [ 'userA' ], 'groups': []}) + resp = self.request('/vms', '{}', 'GET') self.assertEquals(200, resp.status) + vms_data = json.loads(resp.read()) + self.assertEquals([ u'test-me' ], [ v['name'] for v in vms_data ]) resp = self.request('/vms', req, 'POST') self.assertEquals(403, resp.status) # Create a vm using mockmodel directly to test Resource access - model.templates_create({'name': 'test', 'cdrom': '/nonexistent.iso'}) model.vms_create({'name': 'test', 'template': '/templates/test'}) resp = self.request('/vms/test', '{}', 'PUT') @@ -126,5 +136,11 @@ def test_nonroot_access(self): resp = self.request('/vms/test', '{}', 'DELETE') self.assertEquals(403, resp.status) + # Non-root users can only update VMs authorized by them + resp = self.request('/vms/test-me/start', '{}', 'POST') + self.assertEquals(200, resp.status) + resp = self.request('/vms/test-usera/start', '{}', 'POST') + self.assertEquals(403, resp.status) + model.template_delete('test') model.vm_delete('test') diff --git a/tests/test_rest.py b/tests/test_rest.py index 935ed81..06d9f9e 100644 --- a/tests/test_rest.py +++ b/tests/test_rest.py @@ -175,10 +175,13 @@ def test_get_vms(self): resp = self.request('/templates', req, 'POST') self.assertEquals(201, resp.status) + test_users = [ 'user1', 'user2', 'root'] + test_groups = [ 'group1', 'group2', 'admin' ] # Now add a couple of VMs to the mock model for i in xrange(10): name = 'vm-%i' % i - req = json.dumps({'name': name, 'template': '/templates/test'}) + req = json.dumps({'name': name, 'template': '/templates/test', + 'users': test_users, 'groups': test_groups}) resp = self.request('/vms', req, 'POST') self.assertEquals(201, resp.status) @@ -188,8 +191,8 @@ def test_get_vms(self): vm = json.loads(self.request('/vms/vm-1').read()) self.assertEquals('vm-1', vm['name']) self.assertEquals('shutoff', vm['state']) - self.assertEquals(['user1', 'user2', 'root'], vm['users']) - self.assertEquals(['group1', 'group2', 'admin'], vm['groups']) + self.assertEquals(test_users, vm['users']) + self.assertEquals(test_groups, vm['groups']) def test_edit_vm(self): req = json.dumps({'name': 'test', 'cdrom': '/nonexistent.iso'}) -- 1.9.3