forked from TrueCloudLab/s3-tests
rgw: adding tests for add_client_id_to_oidc_provider
and update_thumbprint_for oidc_provider.
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit bc8c14ac12
)
This commit is contained in:
parent
cf0103e3f3
commit
6953aadf06
1 changed files with 119 additions and 0 deletions
|
@ -2445,6 +2445,124 @@ def test_account_oidc_provider(iam_root):
|
||||||
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
iam_root.delete_open_id_connect_provider(OpenIDConnectProviderArn=arn)
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.iam_account
|
||||||
|
def test_verify_add_new_client_id_to_oidc(iam_root):
|
||||||
|
url_host = get_iam_path_prefix()[1:] + 'example.com'
|
||||||
|
url = 'http://' + url_host
|
||||||
|
|
||||||
|
response = iam_root.create_open_id_connect_provider(
|
||||||
|
Url=url,
|
||||||
|
ClientIDList=[
|
||||||
|
'app-jee-jsp',
|
||||||
|
],
|
||||||
|
ThumbprintList=[
|
||||||
|
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
|
||||||
|
]
|
||||||
|
)
|
||||||
|
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
get_response = iam_root.get_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
assert len(get_response['ClientIDList']) == 1
|
||||||
|
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
|
||||||
|
assert url == get_response['Url']
|
||||||
|
|
||||||
|
add_response = iam_root.add_client_id_to_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
|
||||||
|
ClientID='app-profile-jsp'
|
||||||
|
)
|
||||||
|
assert add_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
get_response = iam_root.get_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert len(get_response['ClientIDList']) == 2
|
||||||
|
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
|
||||||
|
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
|
||||||
|
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
del_response = iam_root.delete_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
|
||||||
|
def test_verify_add_existing_client_id_to_oidc(iam_root):
|
||||||
|
url_host = get_iam_path_prefix()[1:] + 'example.com'
|
||||||
|
url = 'http://' + url_host
|
||||||
|
|
||||||
|
response = iam_root.create_open_id_connect_provider(
|
||||||
|
Url=url,
|
||||||
|
ClientIDList=[
|
||||||
|
'app-jee-jsp',
|
||||||
|
'app-profile-jsp'
|
||||||
|
],
|
||||||
|
ThumbprintList=[
|
||||||
|
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
|
||||||
|
]
|
||||||
|
)
|
||||||
|
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
get_response = iam_root.get_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
assert len(get_response['ClientIDList']) == 2
|
||||||
|
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
|
||||||
|
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
|
||||||
|
add_response = iam_root.add_client_id_to_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
|
||||||
|
ClientID='app-profile-jsp'
|
||||||
|
)
|
||||||
|
assert add_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
get_response = iam_root.get_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert len(get_response['ClientIDList']) == 2
|
||||||
|
assert get_response['ClientIDList'][0] == 'app-jee-jsp'
|
||||||
|
assert get_response['ClientIDList'][1] == 'app-profile-jsp'
|
||||||
|
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
del_response = iam_root.delete_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
|
||||||
|
def test_verify_update_thumbprintlist_of_oidc(iam_root):
|
||||||
|
url_host = get_iam_path_prefix()[1:] + 'example.com'
|
||||||
|
url = 'http://' + url_host
|
||||||
|
|
||||||
|
response = iam_root.create_open_id_connect_provider(
|
||||||
|
Url=url,
|
||||||
|
ClientIDList=[
|
||||||
|
'app-jee-jsp',
|
||||||
|
'app-profile-jsp'
|
||||||
|
],
|
||||||
|
ThumbprintList=[
|
||||||
|
'3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
|
||||||
|
]
|
||||||
|
)
|
||||||
|
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
get_response = iam_root.get_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
assert len(get_response['ThumbprintList']) == 1
|
||||||
|
assert get_response['ThumbprintList'][0] == '3768084dfb3d2b68b7897bf5f565da8efEXAMPLE'
|
||||||
|
update_response = iam_root.update_open_id_connect_provider_thumbprint(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn'],
|
||||||
|
ThumbprintList=[
|
||||||
|
'3768084dfb3d2b68b7897bf5f565da8efSAMPLE1'
|
||||||
|
]
|
||||||
|
)
|
||||||
|
assert update_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
get_response = iam_root.get_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert get_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
assert len(get_response['ThumbprintList']) == 1
|
||||||
|
assert get_response['ThumbprintList'][0] == '3768084dfb3d2b68b7897bf5f565da8efSAMPLE1'
|
||||||
|
del_response = iam_root.delete_open_id_connect_provider(
|
||||||
|
OpenIDConnectProviderArn=response['OpenIDConnectProviderArn']
|
||||||
|
)
|
||||||
|
assert del_response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||||
|
|
||||||
# test cross-account access, adding user policy before the bucket policy
|
# test cross-account access, adding user policy before the bucket policy
|
||||||
def _test_cross_account_user_bucket_policy(roots3, alt_root, alt_name, alt_arn):
|
def _test_cross_account_user_bucket_policy(roots3, alt_root, alt_name, alt_arn):
|
||||||
# add a user policy that allows s3 actions
|
# add a user policy that allows s3 actions
|
||||||
|
@ -2801,3 +2919,4 @@ def test_cross_account_root_bucket_acl_grant_account_email(iam_root, iam_alt_roo
|
||||||
alts3 = get_iam_alt_root_client(service_name='s3')
|
alts3 = get_iam_alt_root_client(service_name='s3')
|
||||||
grantee = 'emailAddress=' + get_iam_alt_root_email()
|
grantee = 'emailAddress=' + get_iam_alt_root_email()
|
||||||
_test_cross_account_root_bucket_acl(roots3, alts3, grantee)
|
_test_cross_account_root_bucket_acl(roots3, alts3, grantee)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue