huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 1 | # Copyright 2013 Huawei Technologies Co.,LTD. |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 16 | from tempest.api.identity import base |
Ken'ichi Ohmichi | 7bd2575 | 2017-03-10 10:45:39 -0800 | [diff] [blame] | 17 | from tempest.lib.common.utils import data_utils |
Ken'ichi Ohmichi | eeabdd2 | 2017-01-27 17:46:00 -0800 | [diff] [blame] | 18 | from tempest.lib import decorators |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 19 | |
| 20 | |
Matthew Treinish | db2c597 | 2014-01-31 22:18:59 +0000 | [diff] [blame] | 21 | class TokensTestJSON(base.BaseIdentityV2AdminTest): |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 22 | |
Ken'ichi Ohmichi | eeabdd2 | 2017-01-27 17:46:00 -0800 | [diff] [blame] | 23 | @decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586') |
Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 24 | def test_create_get_delete_token(self): |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 25 | # get a token by username and password |
Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 26 | user_name = data_utils.rand_name(name='user') |
Zack Feldstein | d8c5f7a | 2015-12-14 10:44:07 -0600 | [diff] [blame] | 27 | user_password = data_utils.rand_password() |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 28 | # first:create a tenant |
Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 29 | tenant_name = data_utils.rand_name(name='tenant') |
ghanshyam | 7668fad | 2016-06-15 18:17:39 +0900 | [diff] [blame] | 30 | tenant = self.tenants_client.create_tenant(name=tenant_name)['tenant'] |
Castulo J. Martinez | e3adee4 | 2016-07-14 10:40:08 -0700 | [diff] [blame] | 31 | # Delete the tenant at the end of the test |
| 32 | self.addCleanup(self.tenants_client.delete_tenant, tenant['id']) |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 33 | # second:create a user |
zhufl | 75d51a9 | 2017-04-11 16:02:39 +0800 | [diff] [blame] | 34 | user = self.create_test_user(name=user_name, |
| 35 | password=user_password, |
| 36 | tenantId=tenant['id'], |
| 37 | email='') |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 38 | # then get a token for the user |
David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 39 | body = self.token_client.auth(user_name, |
| 40 | user_password, |
| 41 | tenant['name']) |
Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 42 | self.assertEqual(body['token']['tenant']['name'], |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 43 | tenant['name']) |
Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 44 | # Perform GET Token |
Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 45 | token_id = body['token']['id'] |
Ken'ichi Ohmichi | 402b875 | 2015-11-09 10:47:16 +0000 | [diff] [blame] | 46 | token_details = self.client.show_token(token_id)['access'] |
Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 47 | self.assertEqual(token_id, token_details['token']['id']) |
| 48 | self.assertEqual(user['id'], token_details['user']['id']) |
| 49 | self.assertEqual(user_name, token_details['user']['name']) |
| 50 | self.assertEqual(tenant['name'], |
| 51 | token_details['token']['tenant']['name']) |
| 52 | # then delete the token |
David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 53 | self.client.delete_token(token_id) |
huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 54 | |
Ken'ichi Ohmichi | eeabdd2 | 2017-01-27 17:46:00 -0800 | [diff] [blame] | 55 | @decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e') |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 56 | def test_rescope_token(self): |
Ken'ichi Ohmichi | 9e3dac0 | 2015-11-19 07:01:07 +0000 | [diff] [blame] | 57 | """An unscoped token can be requested |
| 58 | |
| 59 | That token can be used to request a scoped token. |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 60 | """ |
| 61 | |
| 62 | # Create a user. |
Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 63 | user_name = data_utils.rand_name(name='user') |
Zack Feldstein | d8c5f7a | 2015-12-14 10:44:07 -0600 | [diff] [blame] | 64 | user_password = data_utils.rand_password() |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 65 | tenant_id = None # No default tenant so will get unscoped token. |
zhufl | 75d51a9 | 2017-04-11 16:02:39 +0800 | [diff] [blame] | 66 | user = self.create_test_user(name=user_name, |
| 67 | password=user_password, |
| 68 | tenantId=tenant_id, |
| 69 | email='') |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 70 | |
Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 71 | # Create a couple tenants. |
Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 72 | tenant1_name = data_utils.rand_name(name='tenant') |
ghanshyam | 7668fad | 2016-06-15 18:17:39 +0900 | [diff] [blame] | 73 | tenant1 = self.tenants_client.create_tenant( |
| 74 | name=tenant1_name)['tenant'] |
Castulo J. Martinez | e3adee4 | 2016-07-14 10:40:08 -0700 | [diff] [blame] | 75 | # Delete the tenant at the end of the test |
| 76 | self.addCleanup(self.tenants_client.delete_tenant, tenant1['id']) |
Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 77 | |
Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 78 | tenant2_name = data_utils.rand_name(name='tenant') |
ghanshyam | 7668fad | 2016-06-15 18:17:39 +0900 | [diff] [blame] | 79 | tenant2 = self.tenants_client.create_tenant( |
| 80 | name=tenant2_name)['tenant'] |
Castulo J. Martinez | e3adee4 | 2016-07-14 10:40:08 -0700 | [diff] [blame] | 81 | # Delete the tenant at the end of the test |
| 82 | self.addCleanup(self.tenants_client.delete_tenant, tenant2['id']) |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 83 | |
| 84 | # Create a role |
zhufl | 66b616a | 2017-04-11 15:00:32 +0800 | [diff] [blame] | 85 | role = self.setup_test_role() |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 86 | |
Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 87 | # Grant the user the role on the tenants. |
ghanshyam | 50894fc | 2016-06-17 13:20:25 +0900 | [diff] [blame] | 88 | self.roles_client.create_user_role_on_project(tenant1['id'], |
| 89 | user['id'], |
| 90 | role['id']) |
Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 91 | |
ghanshyam | 50894fc | 2016-06-17 13:20:25 +0900 | [diff] [blame] | 92 | self.roles_client.create_user_role_on_project(tenant2['id'], |
| 93 | user['id'], |
| 94 | role['id']) |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 95 | |
| 96 | # Get an unscoped token. |
David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 97 | body = self.token_client.auth(user_name, user_password) |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 98 | |
| 99 | token_id = body['token']['id'] |
| 100 | |
Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 101 | # Use the unscoped token to get a token scoped to tenant1 |
David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 102 | body = self.token_client.auth_token(token_id, |
| 103 | tenant=tenant1_name) |
Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 104 | |
Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 105 | scoped_token_id = body['token']['id'] |
| 106 | |
| 107 | # Revoke the scoped token |
David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 108 | self.client.delete_token(scoped_token_id) |
Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 109 | |
| 110 | # Use the unscoped token to get a token scoped to tenant2 |
David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 111 | body = self.token_client.auth_token(token_id, |
| 112 | tenant=tenant2_name) |