TrueCloudLab/s3-tests
7
0
Fork 1
mirror of https://github.com/ceph/s3-tests.git synced 2024-11-21 11:51:06 +00:00
Code Issues 1 Projects Releases Packages Wiki Activity

Merge pull request #528 from pritha-srivastava/wip-rgw-oidc-tests

Browse source 
rgw: adding tests for add_client_id_to_oidc_provider
This commit is contained in:
Casey Bodley 2024-08-29 10:50:47 -04:00 committed by GitHub
commit e8db6c2c16
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 119 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

119
s3tests_boto3/functional/test_iam.py
View file

@ -2445,6 +2445,124 @@ def test_account_oidc_provider(iam_root):
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn) iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
@pytest.mark.iam_account
def test_verify_add_new_client_id_to_oidc(iam_root):
url_host = get_iam_path_prefix()[1:] + 'example.com'
url = 'http://' + url_host
response = iam_root.create_open_id_connect_provider(
Url=url,
ClientIDList=[
'app-jee-jsp',
],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
]
)
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ClientIDList']) == 1
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert url == get_response['Url']
add_response = iam_root.add_client_id_to_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
ClientID='app-profile-jsp'
)
assert add_response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert len(get_response['ClientIDList']) == 2
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
del_response = iam_root.delete_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
def test_verify_add_existing_client_id_to_oidc(iam_root):
url_host = get_iam_path_prefix()[1:] + 'example.com'
url = 'http://' + url_host
response = iam_root.create_open_id_connect_provider(
Url=url,
ClientIDList=[
'app-jee-jsp',
'app-profile-jsp'
],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
]
)
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ClientIDList']) == 2
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
add_response = iam_root.add_client_id_to_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
ClientID='app-profile-jsp'
)
assert add_response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert len(get_response['ClientIDList']) == 2
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
del_response = iam_root.delete_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
def test_verify_update_thumbprintlist_of_oidc(iam_root):
url_host = get_iam_path_prefix()[1:] + 'example.com'
url = 'http://' + url_host
response = iam_root.create_open_id_connect_provider(
Url=url,
ClientIDList=[
'app-jee-jsp',
'app-profile-jsp'
],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
]
)
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ThumbprintList']) == 1
assert get_response['ThumbprintList'][0] == '3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
update_response = iam_root.update_open_id_connect_provider_thumbprint(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efSAMPLE1'
]
)
assert update_response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ThumbprintList']) == 1
assert get_response['ThumbprintList'][0] == '3768084dfb3d2b68b7897bf5f565da8efSAMPLE1'
del_response = iam_root.delete_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
# test cross-account access, adding user policy before the bucket policy # test cross-account access, adding user policy before the bucket policy
def _test_cross_account_user_bucket_policy(roots3, alt_root, alt_name, alt_arn): def _test_cross_account_user_bucket_policy(roots3, alt_root, alt_name, alt_arn):
# add a user policy that allows s3 actions # add a user policy that allows s3 actions
@ -2801,3 +2919,4 @@ def test_cross_account_root_bucket_acl_grant_account_email(iam_root, iam_alt_roo
alts3 = get_iam_alt_root_client(service_name='s3') alts3 = get_iam_alt_root_client(service_name='s3')
grantee = 'emailAddress=' + get_iam_alt_root_email() grantee = 'emailAddress=' + get_iam_alt_root_email()
_test_cross_account_root_bucket_acl(roots3, alts3, grantee) _test_cross_account_root_bucket_acl(roots3, alts3, grantee)