+ u1 = engine.last_id
+ else:
+ # User is created sometimes even though an exception is raised
+ res = engine.test("Get user U1", "GET", "/admin/v1/users?username=U1", headers_json, {},
+ (200), {"Content-Type": "application/json"}, "json")
+ u1 = res.json()[0]["_id"] if res else None
+
+ data = {"username": "U2", "password": "pw2"}
+ data["project_role_mappings"] = [{"project": p1, "role": rpa}, {"project": padmin, "role": rsa}]
+ res = engine.test("Create user 2", "POST", "/admin/v1/users", headers_json,
+ data, 201, {"Location": "/admin/v1/users/", "Content-Type": "application/json"}, "json")
+ u2 = engine.last_id if res else None
+
+ if u1:
+ ftt = "project_role_mappings"
+ xpr = [{"project": p1, "role": rpa}, {"project": padmin, "role": rpu}]
+ data = {ftt: xpr}
+ engine.test("Edit user U1, delete P2 project", "PATCH", "/admin/v1/users/"+u1, headers_json,
+ data, 204, None, None)
+ res = engine.test("Check user U1, contains the right projects", "GET", "/admin/v1/users/"+u1,
+ headers_json, None, 200, None, json)
+ if res:
+ rj = res.json()
+ xpr[0]["project_name"] = "P1"
+ xpr[0]["role_name"] = "project_admin"
+ xpr[1]["project_name"] = "Padmin"
+ xpr[1]["role_name"] = "project_user"
+ ok = True
+ for pr in rj[ftt]:
+ if pr not in xpr:
+ ok = False
+ for pr in xpr:
+ if pr not in rj[ftt]:
+ ok = False
+ if not ok:
+ logger.error("User {} '{}' are different than expected '{}'. Edition was not done properly"
+ .format(ftt, rj[ftt], xpr))
+ engine.failed_tests += 1
+
+ p2 = None # To prevent deletion attempts
+
+ # Add a test of 'default project' for Keystone?
+
+ if u2:
+ engine.test("Edit user U2, change password", "PUT", "/admin/v1/users/"+u2, headers_json,
+ {"password": "pw2_new"}, 204, None, None)
+
+ if p1:
+ engine.test("Change to project P1 non existing", "POST", "/admin/v1/tokens/", headers_json,
+ {"project_id": p1}, 401, r_header_json, "json")
+
+ if u2 and p1:
+ res = engine.test("Change to user U2 project P1", "POST", "/admin/v1/tokens", headers_json,
+ {"username": "U2", "password": "pw2_new", "project_id": "P1"}, (200, 201),
+ r_header_json, "json")
+ if res:
+ rj = res.json()
+ engine.set_header({"Authorization": "Bearer {}".format(rj["id"])})
+
+ engine.test("Edit user projects non admin", "PUT", "/admin/v1/users/U1", headers_json,
+ {"remove_project_role_mappings": [{"project": "P1", "role": None}]},
+ 401, r_header_json, "json")
+
+ res = engine.test("Add new project non admin", "POST", "/admin/v1/projects", headers_json,
+ {"name": "P2"}, 401, r_header_json, "json")
+ if res is None or res.status_code == 201:
+ # The project has been created even though it shouldn't
+ res = engine.test("Get project P2", "GET", "/admin/v1/projects/P2", headers_json, None,
+ 200, r_header_json, "json")
+ p2 = res.json()["_id"] if res else None
+
+ if p1:
+ data = {"username": "U3", "password": "pw3"}
+ data["project_role_mappings"] = [{"project": p1, "role": rpu}]
+ res = engine.test("Add new user non admin", "POST", "/admin/v1/users", headers_json,
+ data, 401, r_header_json, "json")
+ if res is None or res.status_code == 201:
+ # The user has been created even though it shouldn't
+ res = engine.test("Get user U3", "GET", "/admin/v1/users/U3", headers_json, None,
+ 200, r_header_json, "json")
+ u3 = res.json()["_id"] if res else None
+ else:
+ u3 = None
+
+ if padmin:
+ res = engine.test("Change to user U2 project Padmin", "POST", "/admin/v1/tokens", headers_json,
+ {"project_id": "Padmin"}, # Caused a Keystone authentication error
+ # {"username": "U2", "password": "pw2_new", "project_id": "Padmin"},
+ (200, 201), r_header_json, "json")
+ if res:
+ rj = res.json()
+ engine.set_header({"Authorization": "Bearer {}".format(rj["id"])})
+
+ res = engine.test("Add new project admin", "POST", "/admin/v1/projects", headers_json,
+ {"name": "P3"}, (201, 204),
+ {"Location": "/admin/v1/projects/", "Content-Type": "application/json"},
+ "json")
+ p3 = engine.last_id if res else None
+
+ if p1:
+ data = {"username": "U4", "password": "pw4"}
+ data["project_role_mappings"] = [{"project": p1, "role": rpa}]
+ res = engine.test("Add new user admin", "POST", "/admin/v1/users", headers_json,
+ data, (201, 204),
+ {"Location": "/admin/v1/users/", "Content-Type": "application/json"},
+ "json")
+ u4 = engine.last_id if res else None
+ else:
+ u4 = None
+
+ if u4 and p3:
+ data = {"project_role_mappings": [{"project": p3, "role": rpa}]}
+ engine.test("Edit user projects admin", "PUT", "/admin/v1/users/U4", headers_json,
+ data, 204, None, None)
+ # Project is deleted even though it shouldn't - PROVISIONAL?
+ res = engine.test("Delete project P3 conflict", "DELETE", "/admin/v1/projects/"+p3,
+ headers_json, None, 409, None, None)
+ if res and res.status_code in (200, 204):
+ p3 = None
+ if p3:
+ res = engine.test("Delete project P3 forcing", "DELETE",
+ "/admin/v1/projects/"+p3+"?FORCE=True", headers_json, None, 204,
+ None, None)
+ if res and res.status_code in (200, 204):
+ p3 = None
+
+ if u2:
+ res = engine.test("Delete user U2. Conflict deleting own user", "DELETE",
+ "/admin/v1/users/"+u2, headers_json, None, 409, r_header_json, "json")
+ if res is None or res.status_code in (200, 204):
+ u2 = None
+ if u4:
+ res = engine.test("Delete user U4", "DELETE", "/admin/v1/users/"+u4, headers_json, None,
+ 204, None, None)
+ if res and res.status_code in (200, 204):
+ u4 = None
+ if p3:
+ res = engine.test("Delete project P3", "DELETE", "/admin/v1/projects/"+p3, headers_json,
+ None, 204, None, None)
+ if res and res.status_code in (200, 204):
+ p3 = None
+
+ if u3:
+ res = engine.test("Delete user U3", "DELETE", "/admin/v1/users/"+u3, headers_json, None,
+ 204, None, None)
+ if res:
+ u3 = None