rgw: adding tests for add_client_id_to_oidc_provider

and update_thumbprint_for oidc_provider.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit bc8c14ac12)
This commit is contained in:
Pritha Srivastava 2023-10-16 11:09:45 +05:30 committed by Casey Bodley
parent cf0103e3f3
commit 6953aadf06

View file

@ -2445,6 +2445,124 @@ def test_account_oidc_provider(iam_root):
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
@pytest.mark.iam_account
def test_verify_add_new_client_id_to_oidc(iam_root):
url_host = get_iam_path_prefix()[1:] + 'example.com'
url = 'http://' + url_host
response = iam_root.create_open_id_connect_provider(
Url=url,
ClientIDList=[
'app-jee-jsp',
],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
]
)
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ClientIDList']) == 1
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert url == get_response['Url']
add_response = iam_root.add_client_id_to_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
ClientID='app-profile-jsp'
)
assert add_response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert len(get_response['ClientIDList']) == 2
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
del_response = iam_root.delete_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
def test_verify_add_existing_client_id_to_oidc(iam_root):
url_host = get_iam_path_prefix()[1:] + 'example.com'
url = 'http://' + url_host
response = iam_root.create_open_id_connect_provider(
Url=url,
ClientIDList=[
'app-jee-jsp',
'app-profile-jsp'
],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
]
)
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ClientIDList']) == 2
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
add_response = iam_root.add_client_id_to_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
ClientID='app-profile-jsp'
)
assert add_response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert len(get_response['ClientIDList']) == 2
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
del_response = iam_root.delete_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
def test_verify_update_thumbprintlist_of_oidc(iam_root):
url_host = get_iam_path_prefix()[1:] + 'example.com'
url = 'http://' + url_host
response = iam_root.create_open_id_connect_provider(
Url=url,
ClientIDList=[
'app-jee-jsp',
'app-profile-jsp'
],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
]
)
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ThumbprintList']) == 1
assert get_response['ThumbprintList'][0] == '3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
update_response = iam_root.update_open_id_connect_provider_thumbprint(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
ThumbprintList=[
'3768084dfb3d2b68b7897bf5f565da8efSAMPLE1'
]
)
assert update_response['ResponseMetadata']['HTTPStatusCode'] == 200
get_response = iam_root.get_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
assert len(get_response['ThumbprintList']) == 1
assert get_response['ThumbprintList'][0] == '3768084dfb3d2b68b7897bf5f565da8efSAMPLE1'
del_response = iam_root.delete_open_id_connect_provider(
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
)
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
# test cross-account access, adding user policy before the bucket policy
def _test_cross_account_user_bucket_policy(roots3, alt_root, alt_name, alt_arn):
# add a user policy that allows s3 actions
@ -2801,3 +2919,4 @@ def test_cross_account_root_bucket_acl_grant_account_email(iam_root, iam_alt_roo
alts3 = get_iam_alt_root_client(service_name='s3')
grantee = 'emailAddress=' + get_iam_alt_root_email()
_test_cross_account_root_bucket_acl(roots3, alts3, grantee)