forked from TrueCloudLab/s3-tests
iam: add account test for OpenIDConnectProvider apis
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit d5791d8da6
)
This commit is contained in:
parent
8182d10048
commit
5613ec249f
1 changed files with 46 additions and 0 deletions
|
@ -967,6 +967,17 @@ def nuke_roles(client, **kwargs):
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
def nuke_oidc_providers(client, prefix):
|
||||||
|
result = client.list_open_id_connect_providers()
|
||||||
|
for provider in result['OpenIDConnectProviderList']:
|
||||||
|
arn = provider['Arn']
|
||||||
|
if f':oidc-provider{prefix}' in arn:
|
||||||
|
try:
|
||||||
|
client.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
# fixture for iam account root user
|
# fixture for iam account root user
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def iam_root(configfile):
|
def iam_root(configfile):
|
||||||
|
@ -981,6 +992,7 @@ def iam_root(configfile):
|
||||||
yield client
|
yield client
|
||||||
nuke_users(client, PathPrefix=get_iam_path_prefix())
|
nuke_users(client, PathPrefix=get_iam_path_prefix())
|
||||||
nuke_roles(client, PathPrefix=get_iam_path_prefix())
|
nuke_roles(client, PathPrefix=get_iam_path_prefix())
|
||||||
|
nuke_oidc_providers(client, get_iam_path_prefix())
|
||||||
|
|
||||||
|
|
||||||
# IAM User apis
|
# IAM User apis
|
||||||
|
@ -1915,6 +1927,40 @@ def test_account_role_policy_allow(iam_root):
|
||||||
retry_on('AccessDenied', 10, s3.list_buckets)
|
retry_on('AccessDenied', 10, s3.list_buckets)
|
||||||
|
|
||||||
|
|
||||||
|
# IAM OpenIDConnectProvider apis
|
||||||
|
@pytest.mark.iam_account
|
||||||
|
def test_account_oidc_provider(iam_root):
|
||||||
|
url_host = get_iam_path_prefix()[1:] + 'example.com'
|
||||||
|
url = 'http://' + url_host
|
||||||
|
|
||||||
|
response = iam_root.create_open_id_connect_provider(
|
||||||
|
ClientIDList=['my-application-id'],
|
||||||
|
ThumbprintList=['3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'],
|
||||||
|
Url=url)
|
||||||
|
arn = response['OpenIDConnectProviderArn']
|
||||||
|
assert arn.endswith(f':oidc-provider/{url_host}')
|
||||||
|
|
||||||
|
response = iam_root.list_open_id_connect_providers()
|
||||||
|
arns = [p['Arn'] for p in response['OpenIDConnectProviderList']]
|
||||||
|
assert arn in arns
|
||||||
|
|
||||||
|
response = iam_root.get_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||||
|
assert url == response['Url']
|
||||||
|
assert ['my-application-id'] == response['ClientIDList']
|
||||||
|
assert ['3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'] == response['ThumbprintList']
|
||||||
|
|
||||||
|
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||||
|
|
||||||
|
response = iam_root.list_open_id_connect_providers()
|
||||||
|
arns = [p['Arn'] for p in response['OpenIDConnectProviderList']]
|
||||||
|
assert arn not in arns
|
||||||
|
|
||||||
|
with pytest.raises(iam_root.exceptions.NoSuchEntityException):
|
||||||
|
iam_root.get_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||||
|
with pytest.raises(iam_root.exceptions.NoSuchEntityException):
|
||||||
|
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||||
|
|
||||||
|
|
||||||
# fixture for iam alt account root user
|
# fixture for iam alt account root user
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def iam_alt_root(configfile):
|
def iam_alt_root(configfile):
|
||||||
|
|
Loading…
Reference in a new issue