Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 326722ea8614dd289251c958ed398c0ae673d3c2 / . / tempest / tests / compute / test_authorization.py
blob: 7bd5c75a74c5aceaf966d407fe3578db357743cb [file] [log] [blame]
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]1# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
3# Copyright 2012 OpenStack, LLC
4# All Rights Reserved.
5#
6# Licensed under the Apache License, Version 2.0 (the "License"); you may
7# not use this file except in compliance with the License. You may obtain
8# a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15# License for the specific language governing permissions and limitations
16# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]17
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]18import testtools
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]19
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]20from tempest import clients
Matthew Treinisha83a16e2012-12-07 13:44:02 -0500[diff] [blame]21from tempest.common.utils.data_utils import parse_image_id
22from tempest.common.utils.data_utils import rand_name
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]23from tempest import exceptions
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]24from tempest.tests import compute
Attila Fazekas19044d52013-02-16 07:35:06 +0100[diff] [blame]25from tempest.tests.compute import base
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]26
27
Attila Fazekas19044d52013-02-16 07:35:06 +0100[diff] [blame]28class AuthorizationTest(base.BaseComputeTest):
29 _interface = 'json'
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]30
31 @classmethod
32 def setUpClass(cls):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]33 if not compute.MULTI_USER:
34 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]35 raise cls.skipException(msg)
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]36
37 super(AuthorizationTest, cls).setUpClass()
38
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]39 cls.client = cls.os.servers_client
40 cls.images_client = cls.os.images_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]41 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]42 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]43
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]44 if cls.config.compute.allow_tenant_isolation:
45 creds = cls._get_isolated_creds()
46 username, tenant_name, password = creds
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]47 cls.alt_manager = clients.Manager(username=username,
48 password=password,
49 tenant_name=tenant_name)
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]50 else:
51 # Use the alt_XXX credentials in the config file
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]52 cls.alt_manager = clients.AltManager()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]53
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]54 cls.alt_client = cls.alt_manager.servers_client
55 cls.alt_images_client = cls.alt_manager.images_client
56 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
57 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]58
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]59 cls.alt_security_client._set_auth()
60 name = rand_name('server')
61 resp, server = cls.client.create_server(name, cls.image_ref,
62 cls.flavor_ref)
63 cls.client.wait_for_server_status(server['id'], 'ACTIVE')
64 resp, cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]65
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]66 name = rand_name('image')
67 resp, body = cls.client.create_image(server['id'], name)
68 image_id = parse_image_id(resp['location'])
69 cls.images_client.wait_for_image_resp_code(image_id, 200)
70 cls.images_client.wait_for_image_status(image_id, 'ACTIVE')
71 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]72
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]73 cls.keypairname = rand_name('keypair')
74 resp, keypair = \
75 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]76
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]77 name = rand_name('security')
78 description = rand_name('description')
79 resp, cls.security_group = \
80 cls.security_client.create_security_group(name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]81
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]82 parent_group_id = cls.security_group['id']
83 ip_protocol = 'tcp'
84 from_port = 22
85 to_port = 22
86 resp, cls.rule =\
Zhongyue Luoe6321ef2012-09-17 16:45:50 +0800[diff] [blame]87 cls.security_client.create_security_group_rule(
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]88 parent_group_id,
89 ip_protocol, from_port,
90 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]91
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]92 @classmethod
93 def tearDownClass(cls):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]94 if compute.MULTI_USER:
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]95 cls.client.delete_server(cls.server['id'])
96 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]97 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]98 cls.security_client.delete_security_group(cls.security_group['id'])
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]99 super(AuthorizationTest, cls).tearDownClass()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]100
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]101 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]102 # A GET request for a server on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]103 self.assertRaises(exceptions.NotFound, self.alt_client.get_server,
104 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]105
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]106 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]107 # A DELETE request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]108 self.assertRaises(exceptions.NotFound, self.alt_client.delete_server,
109 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]110
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]111 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]112 # An update server request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]113 self.assertRaises(exceptions.NotFound, self.alt_client.update_server,
114 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]115
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]116 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]117 # A list addresses request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]118 self.assertRaises(exceptions.NotFound, self.alt_client.list_addresses,
119 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]120
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]121 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]122 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]123 server_id = self.server['id']
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]124 self.assertRaises(exceptions.NotFound,
125 self.alt_client.list_addresses_by_network, server_id,
126 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]127
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]128 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]129 # A list on servers from one tenant should not
130 # show on alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]131 #Listing servers from alternate tenant
132 alt_server_ids = []
133 resp, body = self.alt_client.list_servers()
134 alt_server_ids = [s['id'] for s in body['servers']]
135 self.assertNotIn(self.server['id'], alt_server_ids)
136
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]137 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]138 # A change password request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]139 self.assertRaises(exceptions.NotFound, self.alt_client.change_password,
140 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]141
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]142 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]143 # A reboot request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]144 self.assertRaises(exceptions.NotFound, self.alt_client.reboot,
145 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]146
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]147 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]148 # A rebuild request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]149 self.assertRaises(exceptions.NotFound, self.alt_client.rebuild,
150 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]151
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]152 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]153 # A resize request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]154 self.assertRaises(exceptions.NotFound, self.alt_client.resize,
155 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]156
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]157 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]158 # A create image request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]159 self.assertRaises(exceptions.NotFound,
160 self.alt_images_client.create_image,
161 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]162
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]163 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]164 # Server creation with another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]165 self.assertRaises(exceptions.BadRequest, self.alt_client.create_server,
166 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]167
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]168 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]169 # A create server request should fail if the tenant id does not match
170 # the current user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]171 saved_base_url = self.alt_client.base_url
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]172 try:
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]173 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]174 self.alt_client.base_url = self.client.base_url
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]175 self.assertRaises(exceptions.BadRequest,
176 self.alt_client.create_server, 'test',
177 self.image['id'], self.flavor_ref)
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]178 finally:
179 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]180 self.alt_client.base_url = saved_base_url
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]181
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]182 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]183 # A create keypair request should fail if the tenant id does not match
184 # the current user
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]185 #POST keypair with other user tenant
186 k_name = rand_name('keypair-')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]187 self.alt_keypairs_client._set_auth()
188 self.saved_base_url = self.alt_keypairs_client.base_url
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]189 try:
190 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]191 self.alt_keypairs_client.base_url = self.keypairs_client.base_url
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]192 resp = {}
193 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]194 self.assertRaises(exceptions.BadRequest,
195 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]196 finally:
197 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]198 self.alt_keypairs_client.base_url = self.saved_base_url
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]199 if (resp['status'] is not None):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]200 resp, _ = self.alt_keypairs_client.delete_keypair(k_name)
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]201 self.fail("Create keypair request should not happen "
202 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]203
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]204 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]205 # A GET request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]206 self.assertRaises(exceptions.NotFound,
207 self.alt_keypairs_client.get_keypair,
208 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]209
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]210 @testtools.skip("Skipped until the Bug #1086980 is resolved")
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]211 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]212 # A DELETE request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]213 self.assertRaises(exceptions.NotFound,
214 self.alt_keypairs_client.delete_keypair,
215 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]216
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]217 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]218 # A GET request for an image on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]219 self.assertRaises(exceptions.NotFound,
220 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]221
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]222 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]223 # A DELETE request for another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]224 self.assertRaises(exceptions.NotFound,
225 self.alt_images_client.delete_image,
226 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]227
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]228 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]229 # A create security group request should fail if the tenant id does not
230 # match the current user
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]231 #POST security group with other user tenant
232 s_name = rand_name('security-')
233 s_description = rand_name('security')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]234 self.saved_base_url = self.alt_security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]235 try:
236 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]237 self.alt_security_client.base_url = self.security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]238 resp = {}
239 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]240 self.assertRaises(exceptions.BadRequest,
241 self.alt_security_client.create_security_group,
242 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]243 finally:
244 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]245 self.alt_security_client.base_url = self.saved_base_url
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]246 if resp['status'] is not None:
Attila Fazekas19044d52013-02-16 07:35:06 +0100[diff] [blame]247 #TODO(afazekas): body not defined
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]248 self.alt_security_client.delete_security_group(body['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]249 self.fail("Create Security Group request should not happen if"
250 "the tenant id does not match the current user")
251
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]252 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]253 # A GET request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]254 self.assertRaises(exceptions.NotFound,
255 self.alt_security_client.get_security_group,
256 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]257
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]258 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]259 # A DELETE request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]260 self.assertRaises(exceptions.NotFound,
261 self.alt_security_client.delete_security_group,
262 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]263
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]264 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]265 # A create security group rule request should fail if the tenant id
266 # does not match the current user
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]267 #POST security group rule with other user tenant
268 parent_group_id = self.security_group['id']
269 ip_protocol = 'icmp'
270 from_port = -1
271 to_port = -1
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]272 self.saved_base_url = self.alt_security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]273 try:
274 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]275 self.alt_security_client.base_url = self.security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]276 resp = {}
277 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]278 self.assertRaises(exceptions.BadRequest,
279 self.alt_security_client.
280 create_security_group_rule,
281 parent_group_id, ip_protocol, from_port,
282 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]283 finally:
284 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]285 self.alt_security_client.base_url = self.saved_base_url
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]286 if resp['status'] is not None:
Zhongyue Luoe6321ef2012-09-17 16:45:50 +0800[diff] [blame]287 self.alt_security_client.delete_security_group_rule(
Attila Fazekas19044d52013-02-16 07:35:06 +0100[diff] [blame]288 body['id']) # BUG
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]289 self.fail("Create security group rule request should not "
290 "happen if the tenant id does not match the"
291 " current user")
292
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]293 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]294 # A DELETE request for another user's security group rule
295 # should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]296 self.assertRaises(exceptions.NotFound,
297 self.alt_security_client.delete_security_group_rule,
298 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]299
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]300 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]301 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]302 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]303 self.assertRaises(exceptions.NotFound,
304 self.alt_client.set_server_metadata,
305 self.server['id'],
306 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]307
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]308 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]309 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]310 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]311 self.assertRaises(exceptions.NotFound,
312 self.alt_images_client.set_image_metadata,
313 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]314
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]315 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]316 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]317 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]318 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]319 self.addCleanup(self.client.delete_server_metadata_item,
320 self.server['id'], 'meta1')
321 self.assertRaises(exceptions.NotFound,
322 self.alt_client.get_server_metadata_item,
323 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]324
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]325 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]326 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]327 req_metadata = {'meta1': 'value1'}
328 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]329 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]330 try:
331 resp, meta = \
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]332 self.alt_images_client.get_image_metadata_item(self.image['id'],
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]333 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]334 except exceptions.NotFound:
335 pass
336 finally:
Zhongyue Luoe6321ef2012-09-17 16:45:50 +0800[diff] [blame]337 resp, body = self.images_client.delete_image_metadata_item(
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]338 self.image['id'], 'meta1')
339
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]340 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]341 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]342 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]343 self.client.set_server_metadata(self.server['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]344 try:
345 resp, body = \
Zhongyue Luoe6321ef2012-09-17 16:45:50 +0800[diff] [blame]346 self.alt_client.delete_server_metadata_item(self.server['id'],
347 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]348 except exceptions.NotFound:
349 pass
350 finally:
351 resp, body = \
352 self.client.delete_server_metadata_item(self.server['id'], 'meta1')
353
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]354 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]355 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]356 req_metadata = {'meta1': 'data1'}
357 self.images_client.set_image_metadata(self.image['id'],
358 req_metadata)
359 try:
360 resp, body = \
Zhongyue Luoe6321ef2012-09-17 16:45:50 +0800[diff] [blame]361 self.alt_images_client.delete_image_metadata_item(self.image['id'],
362 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]363 except exceptions.NotFound:
364 pass
365 finally:
366 resp, body = \
367 self.images_client.delete_image_metadata_item(self.image['id'],
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]368 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530[diff] [blame]369
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]370 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]371 # A Get Console Output for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]372 self.assertRaises(exceptions.NotFound,
373 self.alt_client.get_console_output,
374 self.server['id'], 10)