Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 1fa7a60e26ffc9ec83b7abe66cbbeb8048018cad / . / tempest / api / identity / admin / v3 / test_users.py
blob: 409d4f83764839c71b72e65eb9fcbe911fd38cfb [file] [log] [blame]
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]1# Copyright 2013 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
Lance Bragstadf6026442015-11-25 15:29:50 +0000[diff] [blame]16import time
17
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]18import testtools
19
Sean Dague1937d092013-05-17 16:36:38 -0400[diff] [blame]20from tempest.api.identity import base
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]21from tempest import config
Ken'ichi Ohmichi7bd25752017-03-10 10:45:39 -0800[diff] [blame]22from tempest.lib.common.utils import data_utils
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]23from tempest.lib import decorators
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]24
25
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]26CONF = config.CONF
27
28
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]29class UsersV3TestJSON(base.BaseIdentityV3AdminTest):
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]30
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]31 @decorators.idempotent_id('b537d090-afb9-4519-b95d-270b0708e87e')
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]32 def test_user_update(self):
33 # Test case to check if updating of user attributes is successful.
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]34 # Creating first user
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]35 u_name = data_utils.rand_name('user')
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]36 u_desc = u_name + 'description'
37 u_email = u_name + '@testmail.tm'
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -0600[diff] [blame]38 u_password = data_utils.rand_password()
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]39 user = self.users_client.create_user(
ghanshyam7f817db2016-08-01 18:37:13 +0900[diff] [blame]40 name=u_name, description=u_desc, password=u_password,
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]41 email=u_email, enabled=False)['user']
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]42 # Delete the User at the end of this method
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]43 self.addCleanup(self.users_client.delete_user, user['id'])
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]44 # Creating second project for updation
zhuflf2f47052017-04-20 15:08:02 +0800[diff] [blame]45 project = self.setup_test_project()
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]46 # Updating user details with new values
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]47 u_name2 = data_utils.rand_name('user2')
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]48 u_email2 = u_name2 + '@testmail.tm'
49 u_description2 = u_name2 + ' description'
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]50 update_user = self.users_client.update_user(
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]51 user['id'], name=u_name2, description=u_description2,
52 project_id=project['id'],
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]53 email=u_email2, enabled=False)['user']
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]54 self.assertEqual(u_name2, update_user['name'])
55 self.assertEqual(u_description2, update_user['description'])
56 self.assertEqual(project['id'],
57 update_user['project_id'])
58 self.assertEqual(u_email2, update_user['email'])
Ken'ichi Ohmichi73cb70b2015-04-17 02:31:12 +0000[diff] [blame]59 self.assertEqual(False, update_user['enabled'])
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]60 # GET by id after updation
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]61 new_user_get = self.users_client.show_user(user['id'])['user']
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]62 # Assert response body of GET after updation
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]63 self.assertEqual(u_name2, new_user_get['name'])
64 self.assertEqual(u_description2, new_user_get['description'])
65 self.assertEqual(project['id'],
66 new_user_get['project_id'])
67 self.assertEqual(u_email2, new_user_get['email'])
Ken'ichi Ohmichi73cb70b2015-04-17 02:31:12 +0000[diff] [blame]68 self.assertEqual(False, new_user_get['enabled'])
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]69
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]70 @decorators.idempotent_id('2d223a0e-e457-4a70-9fb1-febe027a0ff9')
ravikumar-venkatesand35d6442014-05-05 12:14:45 +0000[diff] [blame]71 def test_update_user_password(self):
72 # Creating User to check password updation
73 u_name = data_utils.rand_name('user')
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -0600[diff] [blame]74 original_password = data_utils.rand_password()
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]75 user = self.users_client.create_user(
ghanshyam7f817db2016-08-01 18:37:13 +0900[diff] [blame]76 name=u_name, password=original_password)['user']
ravikumar-venkatesand35d6442014-05-05 12:14:45 +0000[diff] [blame]77 # Delete the User at the end all test methods
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]78 self.addCleanup(self.users_client.delete_user, user['id'])
ravikumar-venkatesand35d6442014-05-05 12:14:45 +0000[diff] [blame]79 # Update user with new password
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -0600[diff] [blame]80 new_password = data_utils.rand_password()
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]81 self.users_client.update_user_password(
82 user['id'], password=new_password,
83 original_password=original_password)
Morgan Fainberg5b2c7452016-02-02 20:15:47 -0800[diff] [blame]84 # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
85 # Keystone should only be precise to the second. Sleep to ensure
Yaroslav Lobankovcbcb6112016-03-08 12:30:01 -0600[diff] [blame]86 # we are passing the second boundary.
Lance Bragstadf6026442015-11-25 15:29:50 +0000[diff] [blame]87 time.sleep(1)
Jamie Lennox97504612015-02-26 16:47:06 +1100[diff] [blame]88 resp = self.token.auth(user_id=user['id'],
89 password=new_password).response
ravikumar-venkatesand35d6442014-05-05 12:14:45 +0000[diff] [blame]90 subject_token = resp['x-subject-token']
91 # Perform GET Token to verify and confirm password is updated
Ken'ichi Ohmichi402b8752015-11-09 10:47:16 +0000[diff] [blame]92 token_details = self.client.show_token(subject_token)['token']
ravikumar-venkatesand35d6442014-05-05 12:14:45 +0000[diff] [blame]93 self.assertEqual(token_details['user']['id'], user['id'])
94 self.assertEqual(token_details['user']['name'], u_name)
95
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]96 @decorators.idempotent_id('a831e70c-e35b-430b-92ed-81ebbc5437b8')
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]97 def test_list_user_projects(self):
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]98 # List the projects that a user has access upon
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]99 assigned_project_ids = list()
100 fetched_project_ids = list()
zhuflf2f47052017-04-20 15:08:02 +0800[diff] [blame]101 u_project = self.setup_test_project()
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]102 # Create a user.
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]103 u_name = data_utils.rand_name('user')
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]104 u_desc = u_name + 'description'
105 u_email = u_name + '@testmail.tm'
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -0600[diff] [blame]106 u_password = data_utils.rand_password()
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]107 user_body = self.users_client.create_user(
ghanshyam7f817db2016-08-01 18:37:13 +0900[diff] [blame]108 name=u_name, description=u_desc, password=u_password,
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]109 email=u_email, enabled=False, project_id=u_project['id'])['user']
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]110 # Delete the User at the end of this method
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]111 self.addCleanup(self.users_client.delete_user, user_body['id'])
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]112 # Creating Role
zhufl66b616a2017-04-11 15:00:32 +0800[diff] [blame]113 role_body = self.setup_test_role()
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]114
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]115 user = self.users_client.show_user(user_body['id'])['user']
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]116 role = self.roles_client.show_role(role_body['id'])['role']
zhufl8e9a0732017-01-26 16:15:21 +0800[diff] [blame]117 for _ in range(2):
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]118 # Creating project so as to assign role
zhuflf2f47052017-04-20 15:08:02 +0800[diff] [blame]119 project_body = self.setup_test_project()
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]120 project = self.projects_client.show_project(
121 project_body['id'])['project']
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]122 # Assigning roles to user on project
ghanshyam2e6fb562016-09-06 11:14:31 +0900[diff] [blame]123 self.roles_client.create_user_role_on_project(project['id'],
Arx Cruz24bcb882016-02-10 15:20:16 +0100[diff] [blame]124 user['id'],
125 role['id'])
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]126 assigned_project_ids.append(project['id'])
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]127 body = self.users_client.list_user_projects(user['id'])['projects']
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]128 for i in body:
129 fetched_project_ids.append(i['id'])
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]130 # verifying the project ids in list
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]131 missing_projects =\
132 [p for p in assigned_project_ids
133 if p not in fetched_project_ids]
Masayuki Igawaf9009b42017-04-10 14:49:29 +0900[diff] [blame]134 self.assertEmpty(missing_projects,
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]135 "Failed to find project %s in fetched list" %
136 ', '.join(m_project for m_project
DennyZhangb432bac2013-09-17 16:24:12 +0000[diff] [blame]137 in missing_projects))
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]138
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]139 @decorators.idempotent_id('c10dcd90-461d-4b16-8e23-4eb836c00644')
wanglianminb1ddea72014-02-25 17:17:30 +0800[diff] [blame]140 def test_get_user(self):
141 # Get a user detail
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]142 user = self.setup_test_user()
143 fetched_user = self.users_client.show_user(user['id'])['user']
144 self.assertEqual(user['id'], fetched_user['id'])
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]145
146 @testtools.skipUnless(CONF.identity_feature_enabled.security_compliance,
147 'Security compliance not available.')
Ken'ichi Ohmichieeabdd22017-01-27 17:46:00 -0800[diff] [blame]148 @decorators.idempotent_id('568cd46c-ee6c-4ab4-a33a-d3791931979e')
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]149 def test_password_history_not_enforced_in_admin_reset(self):
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]150 old_password = self.os_primary.credentials.password
151 user_id = self.os_primary.credentials.user_id
Rodrigo Duarte Sousa2d78e8e2016-09-28 10:38:08 -0300[diff] [blame]152
153 new_password = data_utils.rand_password()
154 self.users_client.update_user(user_id, password=new_password)
155 # To be safe, we add this cleanup to restore the original password in
156 # case something goes wrong before it is restored later.
157 self.addCleanup(
158 self.users_client.update_user, user_id, password=old_password)
159
160 # Check authorization with new password
161 self.token.auth(user_id=user_id, password=new_password)
162
163 if CONF.identity.user_unique_last_password_count > 1:
164 # The password history is not enforced via the admin reset route.
165 # We can set the same password.
166 self.users_client.update_user(user_id, password=new_password)
167
168 # Restore original password
169 self.users_client.update_user(user_id, password=old_password)
170 # Check authorization with old password
171 self.token.auth(user_id=user_id, password=old_password)