mirror of
https://github.com/ceph/s3-tests.git
synced 2025-01-23 23:24:42 +00:00
iam: add account test for OpenIDConnectProvider apis
Signed-off-by: Casey Bodley <cbodley@redhat.com>
This commit is contained in:
parent
ba292fbf59
commit
d5791d8da6
1 changed files with 46 additions and 0 deletions
|
@ -967,6 +967,17 @@ def nuke_roles(client, **kwargs):
|
|||
except:
|
||||
pass
|
||||
|
||||
def nuke_oidc_providers(client, prefix):
|
||||
result = client.list_open_id_connect_providers()
|
||||
for provider in result['OpenIDConnectProviderList']:
|
||||
arn = provider['Arn']
|
||||
if f':oidc-provider{prefix}' in arn:
|
||||
try:
|
||||
client.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||
except:
|
||||
pass
|
||||
|
||||
|
||||
# fixture for iam account root user
|
||||
@pytest.fixture
|
||||
def iam_root(configfile):
|
||||
|
@ -981,6 +992,7 @@ def iam_root(configfile):
|
|||
yield client
|
||||
nuke_users(client, PathPrefix=get_iam_path_prefix())
|
||||
nuke_roles(client, PathPrefix=get_iam_path_prefix())
|
||||
nuke_oidc_providers(client, get_iam_path_prefix())
|
||||
|
||||
|
||||
# IAM User apis
|
||||
|
@ -1915,6 +1927,40 @@ def test_account_role_policy_allow(iam_root):
|
|||
retry_on('AccessDenied', 10, s3.list_buckets)
|
||||
|
||||
|
||||
# IAM OpenIDConnectProvider apis
|
||||
@pytest.mark.iam_account
|
||||
def test_account_oidc_provider(iam_root):
|
||||
url_host = get_iam_path_prefix()[1:] + 'example.com'
|
||||
url = 'http://' + url_host
|
||||
|
||||
response = iam_root.create_open_id_connect_provider(
|
||||
ClientIDList=['my-application-id'],
|
||||
ThumbprintList=['3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'],
|
||||
Url=url)
|
||||
arn = response['OpenIDConnectProviderArn']
|
||||
assert arn.endswith(f':oidc-provider/{url_host}')
|
||||
|
||||
response = iam_root.list_open_id_connect_providers()
|
||||
arns = [p['Arn'] for p in response['OpenIDConnectProviderList']]
|
||||
assert arn in arns
|
||||
|
||||
response = iam_root.get_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||
assert url == response['Url']
|
||||
assert ['my-application-id'] == response['ClientIDList']
|
||||
assert ['3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'] == response['ThumbprintList']
|
||||
|
||||
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||
|
||||
response = iam_root.list_open_id_connect_providers()
|
||||
arns = [p['Arn'] for p in response['OpenIDConnectProviderList']]
|
||||
assert arn not in arns
|
||||
|
||||
with pytest.raises(iam_root.exceptions.NoSuchEntityException):
|
||||
iam_root.get_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||
with pytest.raises(iam_root.exceptions.NoSuchEntityException):
|
||||
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||
|
||||
|
||||
# fixture for iam alt account root user
|
||||
@pytest.fixture
|
||||
def iam_alt_root(configfile):
|
||||
|
|
Loading…
Reference in a new issue