diff options
| author | Jesse Andrews <anotherjesse@gmail.com> | 2012-01-26 00:26:30 -0600 |
|---|---|---|
| committer | Jesse Andrews <anotherjesse@gmail.com> | 2012-01-26 00:26:30 -0600 |
| commit | d5443e2ef0ac8d1c33ba3644ddb9053b68a6ed0d (patch) | |
| tree | 0294009cd41f9280326e5f09ecc7b1b894a28e75 | |
| parent | fa4cdc40356e25b6097306396b57c38e7b9ee363 (diff) | |
initial stab at requiring adminness
| -rw-r--r-- | tests/test_keystoneclient.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py index 477aa304..cb531704 100644 --- a/tests/test_keystoneclient.py +++ b/tests/test_keystoneclient.py @@ -369,3 +369,41 @@ class KcMasterTestCase(CompatTestCase): services = client.services.list() # TODO(devcamcar): This assert should be more specific. self.assertTrue(len(services) > 0) + + def test_admin_requires_adminness(self): + from keystoneclient import exceptions as client_exceptions + # FIXME(termie): this should be Unauthorized + exception = client_exceptions.ClientException + + two = self.get_client(self.user_two) # non-admin user + + # USER CRUD + self.assertRaises(exception, two.users.list) + self.assertRaises(exception, two.users.get, self.user_two['id']) + self.assertRaises(exception, two.users.create, name='oops', + password='password', email='oops@test.com') + self.assertRaises(exception, two.users.delete, self.user_foo['id']) + + # TENANT CRUD + # NOTE(ja): tenants.list is different since /tenants fulfills the + # two different tasks: return list of all tenants & return + # list of tenants the current user is a member of... + # which means if you are admin getting the list + # of tenants for admin user is annoying? + tenants = two.tenants.list() + self.assertTrue(len(tenants) == 1) + self.assertTrue(tenants[0].id == self.tenant_baz['id']) + self.assertRaises(exception, two.tenants.get, self.tenant_bar['id']) + self.assertRaises(exception, two.tenants.create, + tenant_name='oops', description="shouldn't work!", + enabled=True) + self.assertRaises(exception, two.tenants.delete, self.tenant_baz['id']) + + # ROLE CRUD + self.assertRaises(exception, two.roles.get, role='keystone_admin') + self.assertRaises(exception, two.roles.list) + self.assertRaises(exception, two.roles.create, name='oops') + self.assertRaises(exception, two.roles.delete, name='keystone_admin') + + # TODO(ja): MEMBERSHIP CRUD + # TODO(ja): determine what else todo |