Merge pull request #73 from EMCECS/bugfix-3200-security-admin-role

[OBSDEF-3200] Adding new param to support security admin role binding
EMCECS · Oct 7, 2020 · 19e7056 · 19e7056
2 parents cdd46a1 + e97fdc0
commit 19e7056
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 7 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.10
+1.1.11
diff --git a/ecsclient/common/user_management/management_user.py b/ecsclient/common/user_management/management_user.py
@@ -25,11 +25,13 @@ def list(self):
             u'mgmt_user_info': [
                 {
                     u'isSystemMonitor': False,
+                    u'isSecurityAdmin': False,
                     u'userId': u'someone@internal',
                     u'isSystemAdmin': True
                 },
                 {
                     u'isSystemMonitor': False,
+                    u'isSecurityAdmin': False,
                     u'userId': u'root',
                     u'isSystemAdmin': True
                 }
@@ -54,6 +56,7 @@ def get(self, user_id):
             u'isSystemMonitor': False,
             u'userId': u'admin',
             u'isSystemAdmin': True
+            u'isSecurityAdmin': True
         }
 
         :param user_id: User identifier for which local user information needs to
@@ -82,7 +85,7 @@ def delete(self, user_id):
         return self.conn.post(url='vdc/users/{}/deactivate'.format(user_id))
 
     def create(self, user_id, password, is_system_admin=False,
-               is_system_monitor=False):
+               is_system_monitor=False, is_security_admin=False):
         """
         Creates local users for the VDC. These users can be assigned to
         VDC-wide management roles and are not associated with a namespace.
@@ -99,19 +102,22 @@ def create(self, user_id, password, is_system_admin=False,
         the System Admin role. Default: False
         :param is_system_monitor: If set to True, assigns the management user
         to the System Monitor role. Default: False
+        :param is_security_admin: If set to True, assigns the management user
+        to the Security Admin role. Default: False
         """
         payload = {
             "userId": user_id,
             "password": password,
             "isSystemAdmin": is_system_admin,
-            "isSystemMonitor": is_system_monitor
+            "isSystemMonitor": is_system_monitor,
+            "isSecurityAdmin": is_security_admin
         }
 
         log.info("Creating local management user '{}'".format(user_id))
         return self.conn.post(url='vdc/users', json_payload=payload)
 
     def update(self, user_id, password, is_system_admin=False,
-               is_system_monitor=False):
+               is_system_monitor=False, is_security_admin=False):
         """
         Updates user details for the specified local management user.
 
@@ -130,11 +136,14 @@ def update(self, user_id, password, is_system_admin=False,
         the System Admin role. Default: False
         :param is_system_monitor: If set to True, assigns the management user
         to the System Monitor role. Default: False
+        :param is_security_admin: If set to True, assigns the management user
+        to the Security Admin role. Default: False
         """
         payload = {
             "password": password,
             "isSystemAdmin": is_system_admin,
-            "isSystemMonitor": is_system_monitor
+            "isSystemMonitor": is_system_monitor,
+            "isSecurityAdmin": is_security_admin
         }
 
         log.info("Updating local management user '{}'".format(user_id))

diff --git a/ecsclient/schemas.py b/ecsclient/schemas.py
@@ -744,6 +744,7 @@
     "properties": {
         "userId": {"type": "string"},
         "isSystemAdmin": {"type": "boolean"},
+        "isSecurityAdmin": {"type": "boolean"},
         "isSystemMonitor": {"type": "boolean"},
         "is_external_group": {"type": "boolean"}
     },

diff --git a/tests/functional/test_management_user.py b/tests/functional/test_management_user.py
@@ -38,11 +38,13 @@ def test_management_user_create(self):
         response = self.client.management_user.create(self.management_user_2,
                                                       password='fake-password-123',
                                                       is_system_admin=True,
-                                                      is_system_monitor=True)
+                                                      is_system_monitor=True,
+                                                      is_security_admin=True)
         self.assertValidSchema(response, schemas.MANAGEMENT_USER)
         self.assertEqual(response['userId'], self.management_user_2)
         self.assertTrue(response['isSystemAdmin'])
         self.assertTrue(response['isSystemMonitor'])
+        self.assertTrue(response['isSecurityAdmin'])
 
     def test_management_user_delete(self):
         self.client.management_user.delete(self.management_user_1)
@@ -53,12 +55,15 @@ def test_management_user_update(self):
         response = self.client.management_user.get(self.management_user_1)
         self.assertFalse(response['isSystemAdmin'])
         self.assertFalse(response['isSystemMonitor'])
+        self.assertFalse(response['isSecurityAdmin'])
 
         self.client.management_user.update(self.management_user_1,
                                            password='fake-password-123',
                                            is_system_admin=True,
-                                           is_system_monitor=True)
+                                           is_system_monitor=True,
+                                           is_security_admin=True)
 
         response = self.client.management_user.get(self.management_user_1)
         self.assertTrue(response['isSystemAdmin'])
         self.assertTrue(response['isSystemMonitor'])
+        self.assertTrue(response['isSecurityAdmin'])