Merge "Fix install_venv-get_distro failure on Fedora"
diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index 3cbe1b5..8429cd0 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@@ -7,18 +7,11 @@
# custom Keystone service catalog implementation, you probably want to leave
# this value as "identity"
catalog_type = identity
-# Set to True if your test environment's Keystone authentication service should
-# be accessed over HTTPS
-use_ssl = False
-# This is the main host address of the authentication service API
-host = 127.0.0.1
-# Port that the authentication service API is running on
-port = 5000
-# Version of the authentication service API (a string)
-api_version = v2.0
-# Path to the authentication service tokens resource (do not modify unless you
-# have a custom authentication API and are not using Keystone)
-path = tokens
+# Ignore SSL certificate validation failures? Use when in testing
+# environments that have self-signed SSL certs.
+disable_ssl_certificate_validation = False
+# URL for where to find the OpenStack Identity API endpoint (Keystone)
+uri = http://127.0.0.1:5000/v2.0/
# Should typically be left as keystone unless you have a non-Keystone
# authentication API service
strategy = keystone
diff --git a/stress/tools/nova_destroy_all.py b/stress/tools/nova_destroy_all.py
index 21cac11..0070e72 100755
--- a/stress/tools/nova_destroy_all.py
+++ b/stress/tools/nova_destroy_all.py
@@ -24,7 +24,7 @@
compute = tempest.config.TempestConfig().compute
nt = client.Client(compute.username, compute.password,
- compute.tenant_name, identity.auth_url)
+ compute.tenant_name, identity.uri)
flavor_list = nt.flavors.list()
server_list = nt.servers.list()
diff --git a/stress/tools/nova_status.py b/stress/tools/nova_status.py
index d413d7a..f9bc707 100755
--- a/stress/tools/nova_status.py
+++ b/stress/tools/nova_status.py
@@ -23,10 +23,10 @@
identity = tempest.config.TempestConfig().identity
compute = tempest.config.TempestConfig().compute
print compute.username, compute.password,\
- compute.tenant_name, identity.auth_url
+ compute.tenant_name, identity.uri
nt = client.Client(compute.username, compute.password,
- compute.tenant_name, identity.auth_url)
+ compute.tenant_name, identity.uri)
flavor_list = nt.flavors.list()
server_list = nt.servers.list()
diff --git a/tempest/clients.py b/tempest/clients.py
index 0bb1752..ac163b6 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -64,6 +64,8 @@
from tempest.services.volume.xml.volumes_client import VolumesClientXML
from tempest.services.object_storage.object_client import \
ObjectClientCustomizedHeader
+from tempest.services.object_storage.account_client import \
+ AccountClientCustomizedHeader
LOG = logging.getLogger(__name__)
@@ -164,7 +166,7 @@
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
- self.auth_url = self.config.identity.auth_url
+ self.auth_url = self.config.identity.uri
if self.config.identity.strategy == 'keystone':
client_args = (self.config, self.username, self.password,
@@ -202,6 +204,8 @@
self.ec2api_client = APIClientEC2(*client_args)
self.s3_client = ObjectClientS3(*client_args)
self.custom_object_client = ObjectClientCustomizedHeader(*client_args)
+ self.custom_account_client = \
+ AccountClientCustomizedHeader(*client_args)
class AltManager(Manager):
diff --git a/tempest/common/rest_client.py b/tempest/common/rest_client.py
index 287ef56..4213b10 100644
--- a/tempest/common/rest_client.py
+++ b/tempest/common/rest_client.py
@@ -103,7 +103,8 @@
params['headers'] = {'User-Agent': 'Test-Client', 'X-Auth-User': user,
'X-Auth-Key': password}
- self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
resp, body = self.http_obj.request(auth_url, 'GET', **params)
try:
return resp['x-auth-token'], resp['x-server-management-url']
@@ -115,6 +116,10 @@
Provides authentication via Keystone
"""
+ # Normalize URI to ensure /tokens is in it.
+ if 'tokens' not in auth_url:
+ auth_url = auth_url.rstrip('/') + '/tokens'
+
creds = {
'auth': {
'passwordCredentials': {
@@ -125,7 +130,8 @@
}
}
- self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
headers = {'Content-Type': 'application/json'}
body = json.dumps(creds)
resp, body = self.http_obj.request(auth_url, 'POST',
@@ -200,7 +206,8 @@
if (self.token is None) or (self.base_url is None):
self._set_auth()
- self.http_obj = httplib2.Http(disable_ssl_certificate_validation=True)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
headers['X-Auth-Token'] = self.token
diff --git a/tempest/config.py b/tempest/config.py
index 8233dd5..70b1c79 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -31,21 +31,28 @@
cfg.StrOpt('catalog_type',
default='identity',
help="Catalog type of the Identity service."),
+ cfg.BoolOpt('disable_ssl_certificate_validation',
+ default=False,
+ help="Set to True if using self-signed SSL certificates."),
+ cfg.StrOpt('uri',
+ default=None,
+ help="Full URI of the OpenStack Identity API (Keystone)"),
cfg.StrOpt('host',
default="127.0.0.1",
- help="Host IP for making Identity API requests."),
+ help="(DEPRECATED, use uri) Host IP for making Identity "
+ "API requests."),
cfg.IntOpt('port',
default=8773,
- help="Port for the Identity service."),
+ help="(DEPRECATED, use uri) Port for the Identity service."),
cfg.StrOpt('api_version',
default="v1.1",
- help="Version of the Identity API"),
+ help="(DEPRECATED, use uri) Version of the Identity API"),
cfg.StrOpt('path',
default='/',
- help="Path of API request"),
+ help="(IGNORED) Path of API request"),
cfg.BoolOpt('use_ssl',
default=False,
- help="Specifies if we are using https."),
+ help="(DEPRECATED, use uri) Specifies if we are using https."),
cfg.StrOpt('strategy',
default='keystone',
help="Which auth method does the environment use? "
@@ -61,16 +68,15 @@
for opt in IdentityGroup:
conf.register_opt(opt, group='identity')
+ # Fall back to piecemeal identity URI for legacy support
authurl = data_utils.build_url(conf.identity.host,
str(conf.identity.port),
conf.identity.api_version,
- conf.identity.path,
+ path='', # Ignore path...
use_ssl=conf.identity.use_ssl)
- auth_url = cfg.StrOpt('auth_url',
- default=authurl,
- help="The Identity URL (derived)")
- conf.register_opt(auth_url, group="identity")
+ if not conf.identity.uri:
+ conf.identity.uri = authurl
identity_admin_group = cfg.OptGroup(name='identity-admin',
diff --git a/tempest/manager.py b/tempest/manager.py
index 513e5d9..8e7cbd1 100644
--- a/tempest/manager.py
+++ b/tempest/manager.py
@@ -126,8 +126,8 @@
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
- # Novaclient adds a /tokens/ part to the auth URL automatically
- auth_url = self.config.identity.auth_url.rstrip('tokens')
+ auth_url = self.config.identity.uri
+ dscv = self.config.identity.disable_ssl_certificate_validation
client_args = (username, password, tenant_name, auth_url)
@@ -136,14 +136,17 @@
return novaclient.client.Client(self.NOVACLIENT_VERSION,
*client_args,
service_type=service_type,
- no_cache=True)
+ no_cache=True,
+ insecure=dscv)
def _get_image_client(self):
keystone = self._get_identity_client()
token = keystone.auth_token
endpoint = keystone.service_catalog.url_for(service_type='image',
endpoint_type='publicURL')
- return glanceclient.Client('1', endpoint=endpoint, token=token)
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ return glanceclient.Client('1', endpoint=endpoint, token=token,
+ insecure=dscv)
def _get_identity_client(self, username=None, password=None,
tenant_name=None):
@@ -162,12 +165,14 @@
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
- auth_url = self.config.identity.auth_url.rstrip('tokens')
+ auth_url = self.config.identity.uri
+ dscv = self.config.identity.disable_ssl_certificate_validation
return keystoneclient.v2_0.client.Client(username=username,
password=password,
tenant_name=tenant_name,
- auth_url=auth_url)
+ auth_url=auth_url,
+ insecure=dscv)
def _get_network_client(self):
# The intended configuration is for the network client to have
@@ -186,12 +191,14 @@
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
- auth_url = self.config.identity.auth_url.rstrip('tokens')
+ auth_url = self.config.identity.uri
+ dscv = self.config.identity.disable_ssl_certificate_validation
return quantumclient.v2_0.client.Client(username=username,
password=password,
tenant_name=tenant_name,
- auth_url=auth_url)
+ auth_url=auth_url,
+ insecure=dscv)
class ComputeFuzzClientManager(FuzzClientManager):
@@ -225,7 +232,11 @@
"tenant_name: %(tenant_name)s") % locals()
raise exceptions.InvalidConfiguration(msg)
- auth_url = self.config.identity.auth_url
+ auth_url = self.config.identity.uri
+
+ # Ensure /tokens is in the URL for Keystone...
+ if 'tokens' not in auth_url:
+ auth_url = auth_url.rstrip('/') + '/tokens'
if self.config.identity.strategy == 'keystone':
client_args = (self.config, username, password, auth_url,
diff --git a/tempest/services/boto/__init__.py b/tempest/services/boto/__init__.py
index 1365435..83bf1f9 100644
--- a/tempest/services/boto/__init__.py
+++ b/tempest/services/boto/__init__.py
@@ -38,10 +38,6 @@
self.connection_timeout = str(config.boto.http_socket_timeout)
self.num_retries = str(config.boto.num_retries)
self.build_timeout = config.boto.build_timeout
- # We do not need the "path": "/token" part
- if auth_url:
- auth_url = re.sub("(.*)" + re.escape(config.identity.path) + "$",
- "\\1", auth_url)
self.ks_cred = {"username": username,
"password": password,
"auth_url": auth_url,
diff --git a/tempest/services/identity/json/admin_client.py b/tempest/services/identity/json/admin_client.py
index c4e6c95..7b1cb4b 100644
--- a/tempest/services/identity/json/admin_client.py
+++ b/tempest/services/identity/json/admin_client.py
@@ -206,7 +206,15 @@
class TokenClientJSON(RestClient):
def __init__(self, config):
- self.auth_url = config.identity.auth_url
+ auth_url = config.identity.uri
+
+ # TODO(jaypipes) Why is this all repeated code in here?
+ # Normalize URI to ensure /tokens is in it.
+ if 'tokens' not in auth_url:
+ auth_url = auth_url.rstrip('/') + '/tokens'
+
+ self.auth_url = auth_url
+ self.config = config
def auth(self, user, password, tenant):
creds = {
@@ -225,7 +233,8 @@
def request(self, method, url, headers=None, body=None):
"""A simple HTTP request interface."""
- self.http_obj = httplib2.Http()
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
diff --git a/tempest/services/identity/xml/admin_client.py b/tempest/services/identity/xml/admin_client.py
index 60897e9..1c71d87 100644
--- a/tempest/services/identity/xml/admin_client.py
+++ b/tempest/services/identity/xml/admin_client.py
@@ -242,7 +242,15 @@
class TokenClientXML(RestClientXML):
def __init__(self, config):
- self.auth_url = config.identity.auth_url
+ auth_url = config.identity.uri
+
+ # TODO(jaypipes) Why is this all repeated code in here?
+ # Normalize URI to ensure /tokens is in it.
+ if 'tokens' not in auth_url:
+ auth_url = auth_url.rstrip('/') + '/tokens'
+
+ self.auth_url = auth_url
+ self.config = config
def auth(self, user, password, tenant):
passwordCreds = Element("passwordCredentials",
@@ -257,7 +265,8 @@
def request(self, method, url, headers=None, body=None):
"""A simple HTTP request interface."""
- self.http_obj = httplib2.Http()
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
diff --git a/tempest/services/image/service.py b/tempest/services/image/service.py
index 154b5b8..cf4ff4d 100644
--- a/tempest/services/image/service.py
+++ b/tempest/services/image/service.py
@@ -41,12 +41,14 @@
import glanceclient
import keystoneclient.v2_0.client
- auth_url = self.config.identity.auth_url.rstrip('tokens')
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ auth_url = self.config.identity.uri
keystone = keystoneclient.v2_0.client.Client(
username=config.images.username,
password=config.images.password,
tenant_name=config.images.tenant_name,
- auth_url=auth_url)
+ auth_url=auth_url,
+ insecure=dscv)
token = keystone.auth_token
endpoint = keystone.service_catalog.url_for(
service_type='image',
@@ -54,7 +56,8 @@
self._client = glanceclient.Client('1',
endpoint=endpoint,
- token=token)
+ token=token,
+ insecure=dscv)
else:
raise NotImplementedError
diff --git a/tempest/services/object_storage/account_client.py b/tempest/services/object_storage/account_client.py
index 26f8329..734307c 100644
--- a/tempest/services/object_storage/account_client.py
+++ b/tempest/services/object_storage/account_client.py
@@ -15,10 +15,12 @@
# License for the specific language governing permissions and limitations
# under the License.
+import httplib2
import json
import urllib
from tempest.common.rest_client import RestClient
+from tempest import exceptions
class AccountClient(RestClient):
@@ -89,3 +91,66 @@
resp, body = self.get(url)
body = json.loads(body)
return resp, body
+
+
+class AccountClientCustomizedHeader(RestClient):
+
+ def __init__(self, config, username, password, auth_url, tenant_name=None):
+ super(AccountClientCustomizedHeader, self).__init__(config, username,
+ password, auth_url,
+ tenant_name)
+ #Overwrites json-specific header encoding in RestClient
+ self.service = self.config.object_storage.catalog_type
+ self.format = 'json'
+
+ def request(self, method, url, headers=None, body=None, wait=None):
+ """A simple HTTP request interface."""
+ self.http_obj = httplib2.Http()
+ if headers is None:
+ headers = {}
+ if self.base_url is None:
+ self._set_auth()
+
+ req_url = "%s/%s" % (self.base_url, url)
+ resp, resp_body = self.http_obj.request(req_url, method,
+ headers=headers, body=body)
+
+ if resp.status == 401 or resp.status == 403:
+ self._log(req_url, body, resp, resp_body)
+ raise exceptions.Unauthorized()
+
+ return resp, resp_body
+
+ def list_account_containers(self, params=None, metadata=None):
+ """
+ GET on the (base) storage URL
+ Given the X-Storage-URL and a valid X-Auth-Token, returns
+ a list of all containers for the account.
+
+ Optional Arguments:
+ limit=[integer value N]
+ Limits the number of results to at most N values
+ DEFAULT: 10,000
+
+ marker=[string value X]
+ Given string value X, return object names greater in value
+ than the specified marker.
+ DEFAULT: No Marker
+
+ format=[string value, either 'json' or 'xml']
+ Specify either json or xml to return the respective serialized
+ response.
+ DEFAULT: Python-List returned in response body
+ """
+
+ url = '?format=%s' % self.format
+ if params:
+ url += '&%s' + urllib.urlencode(params)
+
+ headers = {}
+ if metadata:
+ for key in metadata:
+ headers[str(key)] = metadata[key]
+
+ resp, body = self.get(url, headers=headers)
+ return resp, body
diff --git a/tempest/services/object_storage/object_client.py b/tempest/services/object_storage/object_client.py
index c05c905..03cd209 100644
--- a/tempest/services/object_storage/object_client.py
+++ b/tempest/services/object_storage/object_client.py
@@ -133,7 +133,8 @@
def request(self, method, url, headers=None, body=None, wait=None):
"""A simple HTTP request interface."""
- self.http_obj = httplib2.Http()
+ dscv = self.config.identity.disable_ssl_certificate_validation
+ self.http_obj = httplib2.Http(disable_ssl_certificate_validation=dscv)
if headers is None:
headers = {}
if self.base_url is None:
@@ -172,9 +173,14 @@
resp, body = self.put(url, data, headers=headers)
return resp, body
- def delete_object(self, container, object_name):
+ def delete_object(self, container, object_name, metadata=None):
"""Delete storage object."""
+ headers = {}
+ if metadata:
+ for key in metadata:
+ headers[str(key)] = metadata[key]
+
url = "%s/%s" % (str(container), str(object_name))
- resp, body = self.delete(url)
+ resp, body = self.delete(url, headers=headers)
return resp, body
diff --git a/tempest/tests/compute/admin/test_quotas.py b/tempest/tests/compute/admin/test_quotas.py
index 452de80..eaf245a 100644
--- a/tempest/tests/compute/admin/test_quotas.py
+++ b/tempest/tests/compute/admin/test_quotas.py
@@ -30,7 +30,7 @@
adm_user = cls.config.compute_admin.username
adm_pass = cls.config.compute_admin.password
adm_tenant = cls.config.compute_admin.tenant_name
- auth_url = cls.config.identity.auth_url
+ auth_url = cls.config.identity.uri
cls.adm_client = adm_quotas.AdminQuotasClient(cls.config, adm_user,
adm_pass, auth_url,
diff --git a/tempest/tests/compute/base.py b/tempest/tests/compute/base.py
index 8044d01..c44a2f1 100644
--- a/tempest/tests/compute/base.py
+++ b/tempest/tests/compute/base.py
@@ -89,7 +89,7 @@
cls.config,
cls.config.identity_admin.username,
cls.config.identity_admin.password,
- cls.config.identity.auth_url
+ cls.config.identity.uri
)
@classmethod
diff --git a/tempest/tests/compute/images/test_images_oneserver.py b/tempest/tests/compute/images/test_images_oneserver.py
index 2841a21..f8b560b 100644
--- a/tempest/tests/compute/images/test_images_oneserver.py
+++ b/tempest/tests/compute/images/test_images_oneserver.py
@@ -82,6 +82,8 @@
self.fail("Should raise 413 Over Limit if meta data was too long")
@attr(type='negative')
+ @unittest.skipUnless(compute.MULTI_USER,
+ 'Need multiple users for this test.')
def test_delete_image_of_another_tenant(self):
# Return an error while trying to delete another tenant's image
self.servers_client.wait_for_server_status(self.server['id'], 'ACTIVE')
@@ -121,6 +123,8 @@
self.assertEqual(original_image['minDisk'], image['minDisk'])
@attr(type='negative')
+ @unittest.skipUnless(compute.MULTI_USER,
+ 'Need multiple users for this test.')
def test_create_image_for_server_in_another_tenant(self):
# Creating image of another tenant's server should be return error
diff --git a/tempest/tests/compute/servers/test_server_actions.py b/tempest/tests/compute/servers/test_server_actions.py
index 91f0674..2fe8464 100644
--- a/tempest/tests/compute/servers/test_server_actions.py
+++ b/tempest/tests/compute/servers/test_server_actions.py
@@ -34,18 +34,6 @@
resize_available = tempest.config.TempestConfig().compute.resize_available
run_ssh = tempest.config.TempestConfig().compute.run_ssh
- def setUp(self):
- self.name = rand_name('server')
- resp, server = self.create_server_with_extras(self.name,
- self.image_ref,
- self.flavor_ref)
- self.server_id = server['id']
- self.password = server['adminPass']
- self.client.wait_for_server_status(self.server_id, 'ACTIVE')
-
- def tearDown(self):
- self.clear_servers()
-
@attr(type='smoke')
@unittest.skipUnless(compute.CHANGE_PASSWORD_AVAILABLE,
'Change password not available.')
@@ -207,27 +195,69 @@
class ServerActionsTestXML(base.BaseComputeTestXML,
ServerActionsTestBase):
+ def setUp(self):
+ super(ServerActionsTestXML, self).setUp()
+ # Check if the server is in a clean state after test
+ try:
+ self.client.wait_for_server_status(self.server_id, 'ACTIVE')
+ except exceptions:
+ # Rebuild server if something happened to it during a test
+ self.clear_servers()
+ resp, server = self.create_server_with_extras(self.name,
+ self.image_ref,
+ self.flavor_ref)
+ self.server_id = server['id']
+ self.password = server['adminPass']
+ self.client.wait_for_server_status(self.server_id, 'ACTIVE')
+
@classmethod
def setUpClass(cls):
super(ServerActionsTestXML, cls).setUpClass()
cls.client = cls.servers_client
+ cls.name = rand_name('server')
+ resp, server = cls.create_server_with_extras(cls.name,
+ cls.image_ref,
+ cls.flavor_ref)
+ cls.server_id = server['id']
+ cls.password = server['adminPass']
+ cls.client.wait_for_server_status(cls.server_id, 'ACTIVE')
- def setUp(self):
- ServerActionsTestBase.setUp(self)
-
- def tearDown(self):
- ServerActionsTestBase.tearDown(self)
+ @classmethod
+ def tearDownClass(cls):
+ cls.clear_servers()
+ super(ServerActionsTestXML, cls).tearDownClass()
class ServerActionsTestJSON(base.BaseComputeTestJSON,
ServerActionsTestBase):
+ def setUp(self):
+ super(ServerActionsTestJSON, self).setUp()
+ # Check if the server is in a clean state after test
+ try:
+ self.client.wait_for_server_status(self.server_id, 'ACTIVE')
+ except exceptions:
+ # Rebuild server if something happened to it during a test
+ self.clear_servers()
+ resp, server = self.create_server_with_extras(self.name,
+ self.image_ref,
+ self.flavor_ref)
+ self.server_id = server['id']
+ self.password = server['adminPass']
+ self.client.wait_for_server_status(self.server_id, 'ACTIVE')
+
@classmethod
def setUpClass(cls):
super(ServerActionsTestJSON, cls).setUpClass()
cls.client = cls.servers_client
+ cls.name = rand_name('server')
+ resp, server = cls.create_server_with_extras(cls.name,
+ cls.image_ref,
+ cls.flavor_ref)
+ cls.server_id = server['id']
+ cls.password = server['adminPass']
+ cls.client.wait_for_server_status(cls.server_id, 'ACTIVE')
- def setUp(self):
- ServerActionsTestBase.setUp(self)
-
- def tearDown(self):
- ServerActionsTestBase.tearDown(self)
+ @classmethod
+ def tearDownClass(cls):
+ cls.clear_servers()
+ super(ServerActionsTestJSON, cls).tearDownClass()
diff --git a/tempest/tests/object_storage/base.py b/tempest/tests/object_storage/base.py
index 3992b13..10e2269 100644
--- a/tempest/tests/object_storage/base.py
+++ b/tempest/tests/object_storage/base.py
@@ -21,6 +21,7 @@
from tempest import clients
import tempest.config
from tempest import exceptions
+from tempest.tests.identity.base import DataGenerator
class BaseObjectTest(unittest.TestCase):
@@ -33,6 +34,16 @@
cls.account_client = cls.os.account_client
cls.config = cls.os.config
cls.custom_object_client = cls.os.custom_object_client
+ cls.os_admin = clients.IdentityManager()
+ cls.token_client = cls.os_admin.token_client
+ cls.admin_client = cls.os_admin.admin_client
+ cls.custom_account_client = cls.os.custom_account_client
+ cls.os_alt = clients.AltManager()
+ cls.object_client_alt = cls.os_alt.object_client
+ cls.container_client_alt = cls.os_alt.container_client
+ cls.admin_client_alt = cls.os_alt.admin_client
+
+ cls.data = DataGenerator(cls.admin_client)
try:
cls.account_client.list_account_containers()
diff --git a/tempest/tests/object_storage/test_account_services.py b/tempest/tests/object_storage/test_account_services.py
index cae2da1..e34e349 100644
--- a/tempest/tests/object_storage/test_account_services.py
+++ b/tempest/tests/object_storage/test_account_services.py
@@ -17,6 +17,7 @@
from nose.plugins.attrib import attr
from tempest.common.utils.data_utils import rand_name
+from tempest import exceptions
from tempest.tests.object_storage import base
@@ -80,3 +81,30 @@
resp, metadata = self.account_client.list_account_metadata()
self.assertNotIn('x-account-meta-test-account-meta', resp)
+
+ @attr(type='negative')
+ def test_list_containers_with_non_authorized_user(self):
+ #Listing containers with using non authorized user
+
+ # Randomly creating user
+ self.data.setup_test_user()
+
+ resp, body = \
+ self.token_client.auth(self.data.test_user,
+ self.data.test_password,
+ self.data.test_tenant)
+ new_token = \
+ self.token_client.get_token(self.data.test_user,
+ self.data.test_password,
+ self.data.test_tenant)
+
+ custom_headers = {'X-Auth-Token': new_token}
+
+ params = {'format': 'json'}
+ # Trying to list containers with non authorized user token
+ self.assertRaises(exceptions.Unauthorized,
+ self.custom_account_client.list_account_containers,
+ params=params, metadata=custom_headers)
+
+ #Attempt to the delete the user setup created
+ self.data.teardown_all()
diff --git a/tempest/tests/object_storage/test_object_services.py b/tempest/tests/object_storage/test_object_services.py
index 8b87ad6..d380da6 100644
--- a/tempest/tests/object_storage/test_object_services.py
+++ b/tempest/tests/object_storage/test_object_services.py
@@ -21,6 +21,7 @@
from tempest.common.utils.data_utils import rand_name
from tempest import exceptions
from tempest.tests.object_storage import base
+import unittest2 as unittest
class ObjectTest(base.BaseObjectTest):
@@ -33,6 +34,20 @@
cls.container_name = rand_name(name='TestContainer')
cls.container_client.create_container(cls.container_name)
+ # Randomly creating user
+ cls.data.setup_test_user()
+
+ resp, body = \
+ cls.token_client.auth(cls.data.test_user,
+ cls.data.test_password,
+ cls.data.test_tenant)
+ cls.new_token = \
+ cls.token_client.get_token(cls.data.test_user,
+ cls.data.test_password,
+ cls.data.test_tenant)
+
+ cls.custom_headers = {'X-Auth-Token': cls.new_token}
+
@classmethod
def tearDownClass(cls):
#Get list of all object in the container
@@ -47,6 +62,9 @@
#Attempt to delete the container
resp, _ = cls.container_client.delete_container(cls.container_name)
+ #Attempt to the delete the user setup created
+ cls.data.teardown_all()
+
@attr(type='smoke')
def test_create_object(self):
# Create storage object, test response
@@ -316,10 +334,184 @@
self.assertIn('x-container-read', resp)
self.assertEqual(resp['x-container-read'], 'x')
+ @unittest.skip('Until Bug 1091669 is resolved.')
+ @attr(type='smoke')
+ def test_access_public_object_with_another_user_creds(self):
+ #Make container public-readable, and access the object
+ #anonymously, e.g. using another user credentials
+
+ try:
+ resp_meta = None
+ cont_headers = {'X-Container-Read': '.r:*,.rlistings'}
+ resp_meta, body = \
+ self.container_client.update_container_metadata(
+ self.container_name, metadata=cont_headers,
+ metadata_prefix='')
+ self.assertEqual(resp_meta['status'], '204')
+ # Create Object
+ object_name = rand_name(name='Object')
+ data = arbitrary_string(size=len(object_name) * 1,
+ base_text=object_name)
+ resp, _ = self.object_client.create_object(self.container_name,
+ object_name, data)
+ self.assertEqual(resp['status'], '201')
+
+ # List container metadata
+ resp, _ = \
+ self.container_client.list_container_metadata(
+ self.container_name)
+ self.assertEqual(resp['status'], '204')
+ self.assertIn('x-container-read', resp)
+ self.assertEqual(resp['x-container-read'], '.r:*,.rlistings')
+
+ # Trying to GET Auth Token of Alternate user
+ token = self.admin_client_alt.get_auth()
+ headers = {'X-Auth-Token': token}
+
+ # Trying to create object with Alternate user creds
+ resp, body = \
+ self.custom_object_client.get_object(
+ self.container_name, object_name, metadata=headers)
+ self.assertEqual(body, data)
+
+ except Exception as e:
+ self.fail("Failed to get public readable object with another"
+ " user creds raised exception is %s" % e)
+
+ finally:
+ if resp_meta['status'] == '204':
+ # Delete updated container metadata, to revert back.
+ resp, body = \
+ self.container_client.delete_container_metadata(
+ self.container_name, metadata=cont_headers,
+ metadata_prefix='')
+
+ resp, _ = \
+ self.container_client.list_container_metadata(
+ self.container_name)
+ self.assertEqual(resp['status'], '204')
+ self.assertIn('x-container-read', resp)
+ self.assertEqual(resp['x-container-read'], 'x')
+
+ @unittest.skip('Until Bug #1020722 is resolved.')
+ @attr(type='smoke')
+ def test_write_public_object_without_using_creds(self):
+ #Make container public-writable, and create object
+ #anonymously, e.g. without using credentials
+ try:
+ resp_meta = None
+ # Update Container Metadata to make public readable
+ cont_headers = {'X-Container-Write': '-*'}
+ resp_meta, body = \
+ self.container_client.update_container_metadata(
+ self.container_name, metadata=cont_headers,
+ metadata_prefix='')
+ self.assertEqual(resp_meta['status'], '204')
+ # List container metadata
+ resp, _ = \
+ self.container_client.list_container_metadata(
+ self.container_name)
+
+ self.assertEqual(resp['status'], '204')
+ self.assertIn('x-container-write', resp)
+ self.assertEqual(resp['x-container-write'], '-*')
+
+ object_name = rand_name(name='Object')
+ data = arbitrary_string(size=len(object_name),
+ base_text=object_name)
+
+ headers = {'Content-Type': 'application/json',
+ 'Accept': 'application/json'}
+
+ #Trying to Create object without using creds
+ resp, body = \
+ self.custom_object_client.create_object(self.container_name,
+ object_name, data,
+ metadata=headers)
+ self.assertEqual(resp['status'], '201')
+
+ except Exception as e:
+ self.fail("Failed to create public writable object without using"
+ " creds raised exception is %s" % e)
+
+ finally:
+ if resp_meta['status'] == '204':
+ # Delete updated container metadata, to revert back.
+ resp, body = \
+ self.container_client.delete_container_metadata(
+ self.container_name, metadata=cont_headers,
+ metadata_prefix='')
+
+ resp, _ = \
+ self.container_client.list_container_metadata(
+ self.container_name)
+ self.assertEqual(resp['status'], '204')
+ self.assertIn('x-container-write', resp)
+ self.assertEqual(resp['x-container-write'], 'x')
+
+ @unittest.skip('Until Bug #1020722 is resolved.')
+ @attr(type='smoke')
+ def test_write_public_with_another_user_creds(self):
+ #Make container public-writable, and create object
+ #anonymously, e.g. with another user credentials
+
+ try:
+ resp_meta = None
+ # Update Container Metadata to make public readable
+ cont_headers = {'X-Container-Write': '-*'}
+ resp_meta, body = \
+ self.container_client.update_container_metadata(
+ self.container_name, metadata=cont_headers,
+ metadata_prefix='')
+ self.assertEqual(resp_meta['status'], '204')
+ # List container metadata
+ resp, _ = \
+ self.container_client.list_container_metadata(
+ self.container_name)
+
+ self.assertEqual(resp['status'], '204')
+ self.assertIn('x-container-write', resp)
+ self.assertEqual(resp['x-container-write'], '-*')
+
+ #Trying to GET auth token of Alternate user
+ token = self.admin_client_alt.get_auth()
+
+ headers = {'Content-Type': 'application/json',
+ 'Accept': 'application/json',
+ 'X-Auth-Token': token}
+
+ #Trying to Create an object with another user creds
+ object_name = rand_name(name='Object')
+ data = arbitrary_string(size=len(object_name),
+ base_text=object_name)
+ resp, body = \
+ self.custom_object_client.create_object(
+ self.container_name, object_name, data, metadata=headers)
+ self.assertEqual(resp['status'], '201')
+
+ except Exception as e:
+ self.fail("Failed to create public writable object with another"
+ " user creds raised exception is %s" % e)
+
+ finally:
+ if resp_meta['status'] == '204':
+ # Delete updated container metadata, to revert back.
+ resp, body = \
+ self.container_client.delete_container_metadata(
+ self.container_name, metadata=cont_headers,
+ metadata_prefix='')
+
+ resp, _ = \
+ self.container_client.list_container_metadata(
+ self.container_name)
+ self.assertEqual(resp['status'], '204')
+ self.assertIn('x-container-write', resp)
+ self.assertEqual(resp['x-container-write'], 'x')
+
@attr(type='negative')
def test_access_object_without_using_creds(self):
# Attempt to access the object anonymously, e.g.
- # not using any credentials
+ # not using any credentials
# Create Object
object_name = rand_name(name='Object')
@@ -354,7 +546,7 @@
@attr(type='negative')
def test_delete_object_without_using_creds(self):
# Attempt to delete the object anonymously,
- # e.g. not using any credentials
+ # e.g. not using any credentials
# Create Object
object_name = rand_name(name='Object')
@@ -367,3 +559,55 @@
self.assertRaises(exceptions.Unauthorized,
self.custom_object_client.delete_object,
self.container_name, object_name)
+
+ @attr(type='negative')
+ def test_write_object_with_non_authorized_user(self):
+ #Attempt to upload another file using non authorized user
+
+ object_name = rand_name(name='Object')
+ data = arbitrary_string(size=len(object_name) * 5,
+ base_text=object_name)
+
+ # Trying to Create Object with non authorized user token
+ self.assertRaises(exceptions.Unauthorized,
+ self.custom_object_client.create_object,
+ self.container_name, object_name, data,
+ metadata=self.custom_headers)
+
+ @attr(type='negative')
+ def test_read_object_with_non_authorized_user(self):
+ #Attempt to download the file using non authorized user
+
+ object_name = rand_name(name='Object')
+ data = arbitrary_string(size=len(object_name) * 5,
+ base_text=object_name)
+
+ resp, body = \
+ self.object_client.create_object(self.container_name,
+ object_name, data)
+ self.assertEqual(resp['status'], '201')
+
+ # Trying to Get Object with non authorized user token
+ self.assertRaises(exceptions.Unauthorized,
+ self.custom_object_client.get_object,
+ self.container_name, object_name,
+ metadata=self.custom_headers)
+
+ @attr(type='negative')
+ def test_delete_object_with_non_authorized_user(self):
+ #Attempt to delete container using non authorized user
+
+ object_name = rand_name(name='Object')
+ data = arbitrary_string(size=len(object_name) * 5,
+ base_text=object_name)
+
+ resp, body = \
+ self.object_client.create_object(self.container_name,
+ object_name, data)
+ self.assertEqual(resp['status'], '201')
+
+ # Trying to Delete Object with non authorized user token
+ self.assertRaises(exceptions.Unauthorized,
+ self.custom_object_client.delete_object,
+ self.container_name, object_name,
+ metadata=self.custom_headers)
diff --git a/tempest/tests/volume/admin/base.py b/tempest/tests/volume/admin/base.py
index 81c7c78..d35efbc 100644
--- a/tempest/tests/volume/admin/base.py
+++ b/tempest/tests/volume/admin/base.py
@@ -35,7 +35,7 @@
cls.adm_user = cls.config.compute_admin.username
cls.adm_pass = cls.config.compute_admin.password
cls.adm_tenant = cls.config.compute_admin.tenant_name
- cls.auth_url = cls.config.identity.auth_url
+ cls.auth_url = cls.config.identity.uri
if not cls.adm_user and cls.adm_pass and cls.adm_tenant:
msg = ("Missing Volume Admin API credentials "
diff --git a/tempest/tests/volume/admin/test_volume_types.py b/tempest/tests/volume/admin/test_volume_types.py
index 65c975a..a907a79 100644
--- a/tempest/tests/volume/admin/test_volume_types.py
+++ b/tempest/tests/volume/admin/test_volume_types.py
@@ -28,7 +28,7 @@
adm_user = cls.config.compute_admin.username
adm_pass = cls.config.compute_admin.password
adm_tenant = cls.config.compute_admin.tenant_name
- auth_url = cls.config.identity.auth_url
+ auth_url = cls.config.identity.uri
cls.client = volume_types_client.VolumeTypesClientJSON(cls.config,
adm_user,
diff --git a/tempest/tests/volume/admin/test_volume_types_extra_specs.py b/tempest/tests/volume/admin/test_volume_types_extra_specs.py
index 9734c42..c5a1fa9 100644
--- a/tempest/tests/volume/admin/test_volume_types_extra_specs.py
+++ b/tempest/tests/volume/admin/test_volume_types_extra_specs.py
@@ -29,7 +29,7 @@
adm_user = cls.config.compute_admin.username
adm_pass = cls.config.compute_admin.password
adm_tenant = cls.config.compute_admin.tenant_name
- auth_url = cls.config.identity.auth_url
+ auth_url = cls.config.identity.uri
cls.client = volume_types_client.VolumeTypesClientJSON(cls.config,
adm_user,
diff --git a/tools/tempest_coverage.py b/tools/tempest_coverage.py
index 73dcfbc..6e7ac04 100755
--- a/tools/tempest_coverage.py
+++ b/tools/tempest_coverage.py
@@ -139,7 +139,7 @@
def main(argv):
CLI = parse_opts(argv)
client_args = (CONF, CONF.compute_admin.username,
- CONF.compute_admin.password, CONF.identity.auth_url,
+ CONF.compute_admin.password, CONF.identity.uri,
CONF.compute_admin.tenant_name)
coverage_client = CoverageClientJSON(*client_args)