| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 1 | # Copyright 2013 Huawei Technologies Co.,LTD. |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 16 | from tempest.api.identity import base |
| 17 | from tempest.common.utils import data_utils |
| Matthew Treinish | 5c660ab | 2014-05-18 21:14:36 -0400 | [diff] [blame] | 18 | from tempest import test |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 19 | |
| 20 | |
| Matthew Treinish | db2c597 | 2014-01-31 22:18:59 +0000 | [diff] [blame] | 21 | class TokensTestJSON(base.BaseIdentityV2AdminTest): |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 22 | _interface = 'json' |
| 23 | |
| Matthew Treinish | 5c660ab | 2014-05-18 21:14:36 -0400 | [diff] [blame] | 24 | @test.attr(type='gate') |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 25 | def test_create_get_delete_token(self): |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 26 | # get a token by username and password |
| 27 | user_name = data_utils.rand_name(name='user-') |
| 28 | user_password = data_utils.rand_name(name='pass-') |
| 29 | # first:create a tenant |
| 30 | tenant_name = data_utils.rand_name(name='tenant-') |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 31 | _, tenant = self.client.create_tenant(tenant_name) |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 32 | self.data.tenants.append(tenant) |
| 33 | # second:create a user |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 34 | _, user = self.client.create_user(user_name, user_password, |
| 35 | tenant['id'], '') |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 36 | self.data.users.append(user) |
| 37 | # then get a token for the user |
| David Kranz | fb3efa7 | 2014-08-28 16:58:25 -0400 | [diff] [blame] | 38 | _, body = self.token_client.auth(user_name, |
| 39 | user_password, |
| 40 | tenant['name']) |
| Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 41 | self.assertEqual(body['token']['tenant']['name'], |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 42 | tenant['name']) |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 43 | # Perform GET Token |
| Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 44 | token_id = body['token']['id'] |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 45 | _, token_details = self.client.get_token(token_id) |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 46 | self.assertEqual(token_id, token_details['token']['id']) |
| 47 | self.assertEqual(user['id'], token_details['user']['id']) |
| 48 | self.assertEqual(user_name, token_details['user']['name']) |
| 49 | self.assertEqual(tenant['name'], |
| 50 | token_details['token']['tenant']['name']) |
| 51 | # then delete the token |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 52 | self.client.delete_token(token_id) |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 53 | |
| Matthew Treinish | 5c660ab | 2014-05-18 21:14:36 -0400 | [diff] [blame] | 54 | @test.attr(type='gate') |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 55 | def test_rescope_token(self): |
| 56 | """An unscoped token can be requested, that token can be used to |
| 57 | request a scoped token. |
| 58 | """ |
| 59 | |
| 60 | # Create a user. |
| 61 | user_name = data_utils.rand_name(name='user-') |
| 62 | user_password = data_utils.rand_name(name='pass-') |
| 63 | tenant_id = None # No default tenant so will get unscoped token. |
| 64 | email = '' |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 65 | _, user = self.client.create_user(user_name, user_password, |
| 66 | tenant_id, email) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 67 | self.data.users.append(user) |
| 68 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 69 | # Create a couple tenants. |
| 70 | tenant1_name = data_utils.rand_name(name='tenant-') |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 71 | _, tenant1 = self.client.create_tenant(tenant1_name) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 72 | self.data.tenants.append(tenant1) |
| 73 | |
| 74 | tenant2_name = data_utils.rand_name(name='tenant-') |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 75 | _, tenant2 = self.client.create_tenant(tenant2_name) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 76 | self.data.tenants.append(tenant2) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 77 | |
| 78 | # Create a role |
| 79 | role_name = data_utils.rand_name(name='role-') |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 80 | _, role = self.client.create_role(role_name) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 81 | self.data.roles.append(role) |
| 82 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 83 | # Grant the user the role on the tenants. |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 84 | self.client.assign_user_role(tenant1['id'], user['id'], |
| 85 | role['id']) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 86 | |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 87 | self.client.assign_user_role(tenant2['id'], user['id'], |
| 88 | role['id']) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 89 | |
| 90 | # Get an unscoped token. |
| David Kranz | fb3efa7 | 2014-08-28 16:58:25 -0400 | [diff] [blame] | 91 | _, body = self.token_client.auth(user_name, user_password) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 92 | |
| 93 | token_id = body['token']['id'] |
| 94 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 95 | # Use the unscoped token to get a token scoped to tenant1 |
| David Kranz | fb3efa7 | 2014-08-28 16:58:25 -0400 | [diff] [blame] | 96 | _, body = self.token_client.auth_token(token_id, |
| 97 | tenant=tenant1_name) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 98 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 99 | scoped_token_id = body['token']['id'] |
| 100 | |
| 101 | # Revoke the scoped token |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 102 | self.client.delete_token(scoped_token_id) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 103 | |
| 104 | # Use the unscoped token to get a token scoped to tenant2 |
| David Kranz | fb3efa7 | 2014-08-28 16:58:25 -0400 | [diff] [blame] | 105 | _, body = self.token_client.auth_token(token_id, |
| 106 | tenant=tenant2_name) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 107 | |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 108 | |
| 109 | class TokensTestXML(TokensTestJSON): |
| 110 | _interface = 'xml' |