blob: b288705518b9966112908072c7204f42c2b3fc4f [file] [log] [blame]
huangtianhua1b855bc2013-10-10 11:12:44 +08001# Copyright 2013 Huawei Technologies Co.,LTD.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
huangtianhua1b855bc2013-10-10 11:12:44 +080016from tempest.api.identity import base
Ken'ichi Ohmichi7bd25752017-03-10 10:45:39 -080017from tempest.lib.common.utils import data_utils
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -080018from tempest.lib import decorators
huangtianhua1b855bc2013-10-10 11:12:44 +080019
20
Matthew Treinishdb2c5972014-01-31 22:18:59 +000021class TokensTestJSON(base.BaseIdentityV2AdminTest):
huangtianhua1b855bc2013-10-10 11:12:44 +080022
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -080023 @decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586')
Zhi Kun Liu30caeae2014-02-26 15:30:24 +080024 def test_create_get_delete_token(self):
huangtianhua1b855bc2013-10-10 11:12:44 +080025 # get a token by username and password
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +000026 user_name = data_utils.rand_name(name='user')
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -060027 user_password = data_utils.rand_password()
huangtianhua1b855bc2013-10-10 11:12:44 +080028 # first:create a tenant
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +000029 tenant_name = data_utils.rand_name(name='tenant')
ghanshyam7668fad2016-06-15 18:17:39 +090030 tenant = self.tenants_client.create_tenant(name=tenant_name)['tenant']
Castulo J. Martineze3adee42016-07-14 10:40:08 -070031 # Delete the tenant at the end of the test
32 self.addCleanup(self.tenants_client.delete_tenant, tenant['id'])
huangtianhua1b855bc2013-10-10 11:12:44 +080033 # second:create a user
zhufl75d51a92017-04-11 16:02:39 +080034 user = self.create_test_user(name=user_name,
35 password=user_password,
36 tenantId=tenant['id'],
37 email='')
huangtianhua1b855bc2013-10-10 11:12:44 +080038 # then get a token for the user
David Kranzb7afa922014-12-30 10:56:26 -050039 body = self.token_client.auth(user_name,
40 user_password,
41 tenant['name'])
Andrea Frittoli8bbdb162014-01-06 11:06:13 +000042 self.assertEqual(body['token']['tenant']['name'],
huangtianhua1b855bc2013-10-10 11:12:44 +080043 tenant['name'])
Zhi Kun Liu30caeae2014-02-26 15:30:24 +080044 # Perform GET Token
Andrea Frittoli8bbdb162014-01-06 11:06:13 +000045 token_id = body['token']['id']
Ken'ichi Ohmichi402b8752015-11-09 10:47:16 +000046 token_details = self.client.show_token(token_id)['access']
Zhi Kun Liu30caeae2014-02-26 15:30:24 +080047 self.assertEqual(token_id, token_details['token']['id'])
48 self.assertEqual(user['id'], token_details['user']['id'])
49 self.assertEqual(user_name, token_details['user']['name'])
50 self.assertEqual(tenant['name'],
51 token_details['token']['tenant']['name'])
52 # then delete the token
David Kranze9d2f422014-07-02 13:57:41 -040053 self.client.delete_token(token_id)
huangtianhua1b855bc2013-10-10 11:12:44 +080054
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -080055 @decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e')
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050056 def test_rescope_token(self):
Ken'ichi Ohmichi9e3dac02015-11-19 07:01:07 +000057 """An unscoped token can be requested
58
59 That token can be used to request a scoped token.
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050060 """
61
62 # Create a user.
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +000063 user_name = data_utils.rand_name(name='user')
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -060064 user_password = data_utils.rand_password()
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050065 tenant_id = None # No default tenant so will get unscoped token.
zhufl75d51a92017-04-11 16:02:39 +080066 user = self.create_test_user(name=user_name,
67 password=user_password,
68 tenantId=tenant_id,
69 email='')
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050070
Brant Knudson840011b2014-03-16 11:14:14 -050071 # Create a couple tenants.
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +000072 tenant1_name = data_utils.rand_name(name='tenant')
ghanshyam7668fad2016-06-15 18:17:39 +090073 tenant1 = self.tenants_client.create_tenant(
74 name=tenant1_name)['tenant']
Castulo J. Martineze3adee42016-07-14 10:40:08 -070075 # Delete the tenant at the end of the test
76 self.addCleanup(self.tenants_client.delete_tenant, tenant1['id'])
Brant Knudson840011b2014-03-16 11:14:14 -050077
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +000078 tenant2_name = data_utils.rand_name(name='tenant')
ghanshyam7668fad2016-06-15 18:17:39 +090079 tenant2 = self.tenants_client.create_tenant(
80 name=tenant2_name)['tenant']
Castulo J. Martineze3adee42016-07-14 10:40:08 -070081 # Delete the tenant at the end of the test
82 self.addCleanup(self.tenants_client.delete_tenant, tenant2['id'])
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050083
84 # Create a role
zhufl66b616a2017-04-11 15:00:32 +080085 role = self.setup_test_role()
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050086
Brant Knudson840011b2014-03-16 11:14:14 -050087 # Grant the user the role on the tenants.
ghanshyam50894fc2016-06-17 13:20:25 +090088 self.roles_client.create_user_role_on_project(tenant1['id'],
89 user['id'],
90 role['id'])
Brant Knudson840011b2014-03-16 11:14:14 -050091
ghanshyam50894fc2016-06-17 13:20:25 +090092 self.roles_client.create_user_role_on_project(tenant2['id'],
93 user['id'],
94 role['id'])
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050095
96 # Get an unscoped token.
David Kranzb7afa922014-12-30 10:56:26 -050097 body = self.token_client.auth(user_name, user_password)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -050098
99 token_id = body['token']['id']
100
Brant Knudson840011b2014-03-16 11:14:14 -0500101 # Use the unscoped token to get a token scoped to tenant1
David Kranzb7afa922014-12-30 10:56:26 -0500102 body = self.token_client.auth_token(token_id,
103 tenant=tenant1_name)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500104
Brant Knudson840011b2014-03-16 11:14:14 -0500105 scoped_token_id = body['token']['id']
106
107 # Revoke the scoped token
David Kranze9d2f422014-07-02 13:57:41 -0400108 self.client.delete_token(scoped_token_id)
Brant Knudson840011b2014-03-16 11:14:14 -0500109
110 # Use the unscoped token to get a token scoped to tenant2
David Kranzb7afa922014-12-30 10:56:26 -0500111 body = self.token_client.auth_token(token_id,
112 tenant=tenant2_name)