Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 35b4b58d01e0e92a3e5d3dcadba9c874482bcc20 / . / tempest / tests / lib / common / test_dynamic_creds.py
blob: d3d01c01af24aa20a4de55f8ed0024ac2204ae84 [file] [log] [blame]
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]1# Copyright 2014 IBM Corp.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Sean McGinniseed80742020-04-18 12:01:03 -0500[diff] [blame]15from unittest import mock
16
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]17import fixtures
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]18from oslo_config import cfg
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]19
Andrea Frittoli (andreaf)290b3e12015-10-08 10:25:02 +0100[diff] [blame]20from tempest.common import credentials_factory as credentials
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]21from tempest import config
Matthew Treinishc51b7122017-07-17 12:28:07 -0400[diff] [blame]22from tempest.lib.common import dynamic_creds
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]23from tempest.lib.common import rest_client
Adam Youngb226f8e2016-06-25 21:41:36 -0400[diff] [blame]24from tempest.lib import exceptions as lib_exc
Martin Kopec0cb35532016-09-02 08:32:41 +0000[diff] [blame]25from tempest.lib.services.identity.v2 import identity_client as v2_iden_client
ghanshyam17193062016-06-24 10:36:54 +0900[diff] [blame]26from tempest.lib.services.identity.v2 import roles_client as v2_roles_client
27from tempest.lib.services.identity.v2 import tenants_client as \
28 v2_tenants_client
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]29from tempest.lib.services.identity.v2 import token_client as v2_token_client
ghanshyam17193062016-06-24 10:36:54 +0900[diff] [blame]30from tempest.lib.services.identity.v2 import users_client as v2_users_client
Martin Kopec7dcd7972016-12-13 11:04:03 +0900[diff] [blame]31from tempest.lib.services.identity.v3 import domains_client
Martin Kopec8d2392b2016-09-02 13:41:45 +0000[diff] [blame]32from tempest.lib.services.identity.v3 import identity_client as v3_iden_client
Martin Kopecabdceda2016-09-01 15:27:18 +0000[diff] [blame]33from tempest.lib.services.identity.v3 import projects_client as \
34 v3_projects_client
ghanshyam53015672016-09-08 10:10:16 +0900[diff] [blame]35from tempest.lib.services.identity.v3 import roles_client as v3_roles_client
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]36from tempest.lib.services.identity.v3 import token_client as v3_token_client
Dustin Schoenbrun6c742292016-09-01 16:28:42 -0400[diff] [blame]37from tempest.lib.services.identity.v3 import users_client as \
38 v3_users_client
Ken'ichi Ohmichi131799e2016-06-06 12:06:41 -0700[diff] [blame]39from tempest.lib.services.network import routers_client
Matthew Treinishffad78a2016-04-16 14:39:52 -0400[diff] [blame]40from tempest.tests import base
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]41from tempest.tests import fake_config
Jordan Pittier00f25962016-03-18 17:10:07 +0100[diff] [blame]42from tempest.tests.lib import fake_http
43from tempest.tests.lib import fake_identity
Andrea Frittoli9806f2d2017-09-01 14:50:07 +0100[diff] [blame]44from tempest.tests.lib.services import registry_fixture
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]45
46
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]47class TestDynamicCredentialProvider(base.TestCase):
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]48
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]49 fixed_params = {'name': 'test class',
Andrea Frittoli (andreaf)29491a72015-10-13 11:24:17 +0100[diff] [blame]50 'identity_version': 'v2',
Andrea Frittolidcd91002017-07-18 11:34:13 +0100[diff] [blame]51 'admin_role': 'admin',
52 'identity_uri': 'fake_uri'}
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]53
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]54 token_client = v2_token_client
55 iden_client = v2_iden_client
56 roles_client = v2_roles_client
57 tenants_client = v2_tenants_client
58 users_client = v2_users_client
59 token_client_class = token_client.TokenClient
60 fake_response = fake_identity._fake_v2_response
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]61 tenants_client_class = tenants_client.TenantsClient
62 delete_tenant = 'delete_tenant'
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]63 create_tenant = 'create_tenant'
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]64
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]65 def setUp(self):
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]66 super(TestDynamicCredentialProvider, self).setUp()
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]67 self.useFixture(fake_config.ConfigFixture())
Andrea Frittoli9806f2d2017-09-01 14:50:07 +0100[diff] [blame]68 self.useFixture(registry_fixture.RegistryFixture())
Jordan Pittier0021c292016-03-29 21:33:34 +0200[diff] [blame]69 self.patchobject(config, 'TempestConfigPrivate',
70 fake_config.FakePrivate)
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]71 self.patchobject(self.token_client_class, 'raw_request',
72 self.fake_response)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]73 cfg.CONF.set_default('operator_role', 'FakeRole',
74 group='object-storage')
Andrea Frittoli32d74992015-03-06 17:01:07 +0000[diff] [blame]75 self._mock_list_ec2_credentials('fake_user_id', 'fake_tenant_id')
Andrea Frittoli (andreaf)290b3e12015-10-08 10:25:02 +0100[diff] [blame]76 self.fixed_params.update(
77 admin_creds=self._get_fake_admin_creds())
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]78
79 def test_tempest_client(self):
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]80 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
Shuquan Huang29e9cab2015-12-30 22:43:49 +0800[diff] [blame]81 self.assertIsInstance(creds.identity_admin_client,
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]82 self.iden_client.IdentityClient)
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]83
Andrea Frittoli (andreaf)290b3e12015-10-08 10:25:02 +0100[diff] [blame]84 def _get_fake_admin_creds(self):
85 return credentials.get_credentials(
86 fill_in=False,
87 identity_version=self.fixed_params['identity_version'],
88 username='fake_username', password='fake_password',
89 tenant_name='fake_tenant')
90
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]91 def _mock_user_create(self, id, name):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]92 user_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]93 self.users_client.UsersClient,
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]94 'create_user',
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]95 return_value=(rest_client.ResponseBody
Anusha Ramineni0cfb4612015-08-24 08:49:10 +0530[diff] [blame]96 (200, {'user': {'id': id, 'name': name}}))))
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]97 return user_fix
98
99 def _mock_tenant_create(self, id, name):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]100 tenant_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]101 self.tenants_client.TenantsClient,
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]102 'create_tenant',
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]103 return_value=(rest_client.ResponseBody
Anusha Ramineni0cfb4612015-08-24 08:49:10 +0530[diff] [blame]104 (200, {'tenant': {'id': id, 'name': name}}))))
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]105 return tenant_fix
106
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]107 def _mock_list_roles(self, id, name):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]108 roles_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]109 self.roles_client.RolesClient,
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]110 'list_roles',
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]111 return_value=(rest_client.ResponseBody
David Kranzb7afa922014-12-30 10:56:26 -0500[diff] [blame]112 (200,
Anusha Ramineni0cfb4612015-08-24 08:49:10 +0530[diff] [blame]113 {'roles': [{'id': id, 'name': name},
afazekas40fcb9b2019-03-08 11:25:11 +0100[diff] [blame]114 {'id': '1', 'name': 'FakeRole'},
Martin Kopec99d4dae2020-05-27 10:33:17 +0000[diff] [blame]115 {'id': '2', 'name': 'member'}]}))))
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]116 return roles_fix
117
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]118 def _mock_list_2_roles(self):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]119 roles_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]120 self.roles_client.RolesClient,
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]121 'list_roles',
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]122 return_value=(rest_client.ResponseBody
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]123 (200,
Anusha Ramineni0cfb4612015-08-24 08:49:10 +0530[diff] [blame]124 {'roles': [{'id': '1234', 'name': 'role1'},
afazekas40fcb9b2019-03-08 11:25:11 +0100[diff] [blame]125 {'id': '1', 'name': 'FakeRole'},
126 {'id': '12345', 'name': 'role2'}]}))))
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]127 return roles_fix
128
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]129 def _mock_assign_user_role(self):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]130 tenant_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]131 self.roles_client.RolesClient,
ghanshyam2e6fb562016-09-06 11:14:31 +0900[diff] [blame]132 'create_user_role_on_project',
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]133 return_value=(rest_client.ResponseBody
David Kranzb7afa922014-12-30 10:56:26 -0500[diff] [blame]134 (200, {}))))
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]135 return tenant_fix
136
137 def _mock_list_role(self):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]138 roles_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]139 self.roles_client.RolesClient,
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]140 'list_roles',
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]141 return_value=(rest_client.ResponseBody
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]142 (200, {'roles': [
143 {'id': '1', 'name': 'FakeRole'},
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]144 {'id': '2', 'name': 'member'},
145 {'id': '3', 'name': 'reader'},
146 {'id': '4', 'name': 'admin'}]}))))
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]147 return roles_fix
148
Andrea Frittoli32d74992015-03-06 17:01:07 +0000[diff] [blame]149 def _mock_list_ec2_credentials(self, user_id, tenant_id):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]150 ec2_creds_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]151 self.users_client.UsersClient,
Andrea Frittoli32d74992015-03-06 17:01:07 +0000[diff] [blame]152 'list_user_ec2_credentials',
Ken'ichi Ohmichi54030522016-03-02 11:01:34 -0800[diff] [blame]153 return_value=(rest_client.ResponseBody
Anusha Ramineni0cfb4612015-08-24 08:49:10 +0530[diff] [blame]154 (200, {'credentials': [{
155 'access': 'fake_access',
156 'secret': 'fake_secret',
157 'tenant_id': tenant_id,
158 'user_id': user_id,
159 'trust_id': None}]}))))
Andrea Frittoli32d74992015-03-06 17:01:07 +0000[diff] [blame]160 return ec2_creds_fix
161
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]162 def _mock_network_create(self, iso_creds, id, name):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]163 net_fix = self.useFixture(fixtures.MockPatchObject(
John Warren94d8faf2015-09-15 12:22:24 -0400[diff] [blame]164 iso_creds.networks_admin_client,
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]165 'create_network',
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]166 return_value={'network': {'id': id, 'name': name}}))
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]167 return net_fix
168
169 def _mock_subnet_create(self, iso_creds, id, name):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]170 subnet_fix = self.useFixture(fixtures.MockPatchObject(
John Warren3961acd2015-10-02 14:38:53 -0400[diff] [blame]171 iso_creds.subnets_admin_client,
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]172 'create_subnet',
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]173 return_value={'subnet': {'id': id, 'name': name}}))
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]174 return subnet_fix
175
176 def _mock_router_create(self, id, name):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]177 router_fix = self.useFixture(fixtures.MockPatchObject(
Ken'ichi Ohmichie35f4722015-12-22 04:57:11 +0000[diff] [blame]178 routers_client.RoutersClient,
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]179 'create_router',
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]180 return_value={'router': {'id': id, 'name': name}}))
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]181 return router_fix
182
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]183 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]184 def test_primary_creds(self, MockRestClient):
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]185 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]186 self._mock_assign_user_role()
187 self._mock_list_role()
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]188 self._mock_tenant_create('1234', 'fake_prim_tenant')
189 self._mock_user_create('1234', 'fake_prim_user')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]190 primary_creds = creds.get_primary_creds()
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]191 self.assertEqual(primary_creds.username, 'fake_prim_user')
192 self.assertEqual(primary_creds.tenant_name, 'fake_prim_tenant')
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]193 # Verify IDs
194 self.assertEqual(primary_creds.tenant_id, '1234')
195 self.assertEqual(primary_creds.user_id, '1234')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]196
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]197 def _request_and_check_second_creds(
198 self, creds_obj, func, creds_to_compare,
199 show_mock, sm_count=1, sm_count_in_diff_project=0,
200 same_project_request=True, **func_kwargs):
201 self._mock_user_create('111', 'fake_user')
202 with mock.patch.object(creds_obj.creds_client,
203 'create_project') as create_mock:
204 create_mock.return_value = {'id': '22', 'name': 'fake_project'}
205 new_creds = func(**func_kwargs)
206 if same_project_request:
207 # Check that with second creds request, create_project is not
208 # called and show_project is called. Which means new project is
209 # not created for the second requested creds instead new user is
210 # created under existing project.
211 self.assertEqual(len(create_mock.mock_calls), 0)
212 self.assertEqual(len(show_mock.mock_calls), sm_count)
213 # Verify project name and id is same as creds_to_compare
214 self.assertEqual(creds_to_compare.tenant_name,
215 new_creds.tenant_name)
216 self.assertEqual(creds_to_compare.tenant_id,
217 new_creds.tenant_id)
218 else:
219 # Check that with different project creds request, create_project
220 # is called and show_project is not called. Which means new project
221 # is created for this new creds request.
222 self.assertEqual(len(create_mock.mock_calls), 1)
223 self.assertEqual(len(show_mock.mock_calls),
224 sm_count_in_diff_project)
225 # Verify project name and id is not same as creds_to_compare
226 self.assertNotEqual(creds_to_compare.tenant_name,
227 new_creds.tenant_name)
228 self.assertNotEqual(creds_to_compare.tenant_id,
229 new_creds.tenant_id)
230 self.assertEqual(new_creds.tenant_name, 'fake_project')
231 self.assertEqual(new_creds.tenant_id, '22')
232 # Verify new user name and id
233 self.assertEqual(new_creds.username, 'fake_user')
234 self.assertEqual(new_creds.user_id, '111')
235 return new_creds
236
237 @mock.patch('tempest.lib.common.rest_client.RestClient')
238 def _creds_within_same_project(self, MockRestClient, test_alt_creds=False):
239 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
240 if test_alt_creds:
241 admin_func = creds.get_project_alt_admin_creds
242 member_func = creds.get_project_alt_member_creds
243 reader_func = creds.get_project_alt_reader_creds
244 else:
245 admin_func = creds.get_project_admin_creds
246 member_func = creds.get_project_member_creds
247 reader_func = creds.get_project_reader_creds
248 self._mock_assign_user_role()
249 self._mock_list_role()
250 self._mock_user_create('11', 'fake_user1')
251 show_mock = self.patchobject(creds.creds_client, 'show_project')
252 show_mock.return_value = {'id': '21', 'name': 'fake_project1'}
253 with mock.patch.object(creds.creds_client,
254 'create_project') as create_mock:
255 create_mock.return_value = {'id': '21', 'name': 'fake_project1'}
256 member_creds = member_func()
257 # Check that with first creds request, create_project is called and
258 # show_project is not called. Which means new project is created for
259 # the requested creds.
260 self.assertEqual(len(create_mock.mock_calls), 1)
261 self.assertEqual(len(show_mock.mock_calls), 0)
262 # Verify project, user name and IDs
263 self.assertEqual(member_creds.username, 'fake_user1')
264 self.assertEqual(member_creds.tenant_name, 'fake_project1')
265 self.assertEqual(member_creds.tenant_id, '21')
266 self.assertEqual(member_creds.user_id, '11')
267
268 # Now request for the project reader creds which should not create new
269 # project instead should use the project_id of member_creds already
270 # created project.
271 self._request_and_check_second_creds(
272 creds, reader_func, member_creds, show_mock)
273
274 # Now request for the project admin creds which should not create new
275 # project instead should use the project_id of member_creds already
276 # created project.
277 self._request_and_check_second_creds(
278 creds, admin_func, member_creds, show_mock, sm_count=2)
279
280 def test_creds_within_same_project(self):
281 self._creds_within_same_project()
282
283 def test_alt_creds_within_same_project(self):
284 self._creds_within_same_project(test_alt_creds=True)
285
286 @mock.patch('tempest.lib.common.rest_client.RestClient')
287 def test_creds_in_different_project(self, MockRestClient):
288 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
289 self._mock_assign_user_role()
290 self._mock_list_role()
291 self._mock_user_create('11', 'fake_user1')
292 show_mock = self.patchobject(creds.creds_client, 'show_project')
293 show_mock.return_value = {'id': '21', 'name': 'fake_project1'}
294 with mock.patch.object(creds.creds_client,
295 'create_project') as create_mock:
296 create_mock.return_value = {'id': '21', 'name': 'fake_project1'}
297 member_creds = creds.get_project_member_creds()
298 # Check that with first creds request, create_project is called and
299 # show_project is not called. Which means new project is created for
300 # the requested creds.
301 self.assertEqual(len(create_mock.mock_calls), 1)
302 self.assertEqual(len(show_mock.mock_calls), 0)
303 # Verify project, user name and IDs
304 self.assertEqual(member_creds.username, 'fake_user1')
305 self.assertEqual(member_creds.tenant_name, 'fake_project1')
306 self.assertEqual(member_creds.tenant_id, '21')
307 self.assertEqual(member_creds.user_id, '11')
308
309 # Now request for the project alt reader creds which should create
310 # new project as this request is for alt creds.
311 alt_reader_creds = self._request_and_check_second_creds(
312 creds, creds.get_project_alt_reader_creds,
313 member_creds, show_mock, same_project_request=False)
314
315 # Check that with second creds request, create_project is not called
316 # and show_project is called. Which means new project is not created
317 # for the second requested creds instead new user is created under
318 # existing project.
319 self._request_and_check_second_creds(
320 creds, creds.get_project_reader_creds, member_creds, show_mock)
321
322 # Now request for the project alt member creds which should not create
323 # new project instead use the alt project already created for
324 # alt_reader creds.
325 show_mock.return_value = {
326 'id': alt_reader_creds.tenant_id,
327 'name': alt_reader_creds.tenant_name}
328 self._request_and_check_second_creds(
329 creds, creds.get_project_alt_member_creds,
330 alt_reader_creds, show_mock, sm_count=2,
331 same_project_request=True)
332
333 @mock.patch('tempest.lib.common.rest_client.RestClient')
334 def test_creds_by_role_in_different_project(self, MockRestClient):
335 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
336 self._mock_assign_user_role()
337 self._mock_list_role()
338 self._mock_user_create('11', 'fake_user1')
339 show_mock = self.patchobject(creds.creds_client, 'show_project')
340 show_mock.return_value = {'id': '21', 'name': 'fake_project1'}
341 with mock.patch.object(creds.creds_client,
342 'create_project') as create_mock:
343 create_mock.return_value = {'id': '21', 'name': 'fake_project1'}
344 member_creds = creds.get_project_member_creds()
345 # Check that with first creds request, create_project is called and
346 # show_project is not called. Which means new project is created for
347 # the requested creds.
348 self.assertEqual(len(create_mock.mock_calls), 1)
349 self.assertEqual(len(show_mock.mock_calls), 0)
350 # Verify project, user name and IDs
351 self.assertEqual(member_creds.username, 'fake_user1')
352 self.assertEqual(member_creds.tenant_name, 'fake_project1')
353 self.assertEqual(member_creds.tenant_id, '21')
354 self.assertEqual(member_creds.user_id, '11')
355 # Check that with second creds request, create_project is not called
356 # and show_project is called. Which means new project is not created
357 # for the second requested creds instead new user is created under
358 # existing project.
359 self._request_and_check_second_creds(
360 creds, creds.get_project_reader_creds, member_creds, show_mock)
361 # Now request the creds by role which should create new project.
362 self._request_and_check_second_creds(
363 creds, creds.get_creds_by_roles, member_creds, show_mock,
364 sm_count_in_diff_project=1, same_project_request=False,
365 roles=['member'], scope='project')
366
367 @mock.patch('tempest.lib.common.rest_client.RestClient')
368 def test_legacy_admin_creds_in_different_project(self, MockRestClient):
369 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
370 self._mock_assign_user_role()
371 self._mock_list_role()
372 self._mock_user_create('11', 'fake_user1')
373 show_mock = self.patchobject(creds.creds_client, 'show_project')
374 show_mock.return_value = {'id': '21', 'name': 'fake_project1'}
375 with mock.patch.object(creds.creds_client,
376 'create_project') as create_mock:
377 create_mock.return_value = {'id': '21', 'name': 'fake_project1'}
378 member_creds = creds.get_project_member_creds()
379 # Check that with first creds request, create_project is called and
380 # show_project is not called. Which means new project is created for
381 # the requested creds.
382 self.assertEqual(len(create_mock.mock_calls), 1)
383 self.assertEqual(len(show_mock.mock_calls), 0)
384 # Verify project, user name and IDs
385 self.assertEqual(member_creds.username, 'fake_user1')
386 self.assertEqual(member_creds.tenant_name, 'fake_project1')
387 self.assertEqual(member_creds.tenant_id, '21')
388 self.assertEqual(member_creds.user_id, '11')
389
390 # Now request for the legacy admin creds which should create
391 # new project instead of using project member creds project.
392 self._request_and_check_second_creds(
393 creds, creds.get_admin_creds,
394 member_creds, show_mock, same_project_request=False)
395
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]396 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]397 def test_admin_creds(self, MockRestClient):
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]398 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]399 self._mock_list_roles('1234', 'admin')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]400 self._mock_user_create('1234', 'fake_admin_user')
401 self._mock_tenant_create('1234', 'fake_admin_tenant')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]402
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]403 user_mock = mock.patch.object(self.roles_client.RolesClient,
ghanshyam2e6fb562016-09-06 11:14:31 +0900[diff] [blame]404 'create_user_role_on_project')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]405 user_mock.start()
406 self.addCleanup(user_mock.stop)
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]407 with mock.patch.object(self.roles_client.RolesClient,
ghanshyam2e6fb562016-09-06 11:14:31 +0900[diff] [blame]408 'create_user_role_on_project') as user_mock:
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]409 admin_creds = creds.get_admin_creds()
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]410 user_mock.assert_has_calls([
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]411 mock.call('1234', '1234', '1234')])
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]412 self.assertEqual(admin_creds.username, 'fake_admin_user')
413 self.assertEqual(admin_creds.tenant_name, 'fake_admin_tenant')
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]414 # Verify IDs
415 self.assertEqual(admin_creds.tenant_id, '1234')
416 self.assertEqual(admin_creds.user_id, '1234')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]417
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]418 @mock.patch('tempest.lib.common.rest_client.RestClient')
Ghanshyam Mann420586c2021-01-29 13:23:18 -0600[diff] [blame]419 def test_project_alt_admin_creds(self, MockRestClient):
420 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
421 self._mock_list_roles('1234', 'admin')
422 self._mock_user_create('1234', 'fake_alt_admin_user')
423 self._mock_tenant_create('1234', 'fake_alt_admin')
424
425 user_mock = mock.patch.object(self.roles_client.RolesClient,
426 'create_user_role_on_project')
427 user_mock.start()
428 self.addCleanup(user_mock.stop)
429 with mock.patch.object(self.roles_client.RolesClient,
430 'create_user_role_on_project') as user_mock:
431 alt_admin_creds = creds.get_project_alt_admin_creds()
432 user_mock.assert_has_calls([
433 mock.call('1234', '1234', '1234')])
434 self.assertEqual(alt_admin_creds.username, 'fake_alt_admin_user')
435 self.assertEqual(alt_admin_creds.project_name, 'fake_alt_admin')
436 # Verify IDs
437 self.assertEqual(alt_admin_creds.project_id, '1234')
438 self.assertEqual(alt_admin_creds.user_id, '1234')
439
440 @mock.patch('tempest.lib.common.rest_client.RestClient')
441 def test_project_alt_member_creds(self, MockRestClient):
442 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
443 self._mock_assign_user_role()
444 self._mock_list_role()
445 self._mock_tenant_create('1234', 'fake_alt_member')
446 self._mock_user_create('1234', 'fake_alt_user')
447 alt_member_creds = creds.get_project_alt_member_creds()
448 self.assertEqual(alt_member_creds.username, 'fake_alt_user')
449 self.assertEqual(alt_member_creds.project_name, 'fake_alt_member')
450 # Verify IDs
451 self.assertEqual(alt_member_creds.project_id, '1234')
452 self.assertEqual(alt_member_creds.user_id, '1234')
453
454 @mock.patch('tempest.lib.common.rest_client.RestClient')
455 def test_project_alt_reader_creds(self, MockRestClient):
456 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
457 self._mock_assign_user_role()
458 self._mock_list_roles('1234', 'reader')
459 self._mock_tenant_create('1234', 'fake_alt_reader')
460 self._mock_user_create('1234', 'fake_alt_user')
461 alt_reader_creds = creds.get_project_alt_reader_creds()
462 self.assertEqual(alt_reader_creds.username, 'fake_alt_user')
463 self.assertEqual(alt_reader_creds.project_name, 'fake_alt_reader')
464 # Verify IDs
465 self.assertEqual(alt_reader_creds.project_id, '1234')
466 self.assertEqual(alt_reader_creds.user_id, '1234')
467
468 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]469 def test_role_creds(self, MockRestClient):
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]470 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]471 self._mock_list_2_roles()
472 self._mock_user_create('1234', 'fake_role_user')
473 self._mock_tenant_create('1234', 'fake_role_tenant')
474
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]475 user_mock = mock.patch.object(self.roles_client.RolesClient,
ghanshyam2e6fb562016-09-06 11:14:31 +0900[diff] [blame]476 'create_user_role_on_project')
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]477 user_mock.start()
478 self.addCleanup(user_mock.stop)
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]479 with mock.patch.object(self.roles_client.RolesClient,
ghanshyam2e6fb562016-09-06 11:14:31 +0900[diff] [blame]480 'create_user_role_on_project') as user_mock:
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]481 role_creds = creds.get_creds_by_roles(
482 roles=['role1', 'role2'])
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]483 calls = user_mock.mock_calls
484 # Assert that the role creation is called with the 2 specified roles
Matthew Treinish8f268292015-02-24 20:01:36 -0500[diff] [blame]485 self.assertEqual(len(calls), 2)
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]486 args = map(lambda x: x[1], calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]487 args = list(args)
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]488 self.assertIn(('1234', '1234', '1234'), args)
489 self.assertIn(('1234', '1234', '12345'), args)
490 self.assertEqual(role_creds.username, 'fake_role_user')
491 self.assertEqual(role_creds.tenant_name, 'fake_role_tenant')
492 # Verify IDs
493 self.assertEqual(role_creds.tenant_id, '1234')
494 self.assertEqual(role_creds.user_id, '1234')
495
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]496 @mock.patch('tempest.lib.common.rest_client.RestClient')
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]497 def test_role_creds_with_project_scope(self, MockRestClient):
498 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
499 self._mock_list_2_roles()
500 self._mock_user_create('1234', 'fake_role_user')
501 self._mock_tenant_create('1234', 'fake_role_project')
502
503 user_mock = mock.patch.object(self.roles_client.RolesClient,
504 'create_user_role_on_project')
505 user_mock.start()
506 self.addCleanup(user_mock.stop)
507 with mock.patch.object(self.roles_client.RolesClient,
508 'create_user_role_on_project') as user_mock:
509 role_creds = creds.get_creds_by_roles(
510 roles=['role1', 'role2'], scope='project')
511 calls = user_mock.mock_calls
512 # Assert that the role creation is called with the 2 specified roles
513 self.assertEqual(len(calls), 2)
514 args = map(lambda x: x[1], calls)
515 args = list(args)
516 self.assertIn(('1234', '1234', '1234'), args)
517 self.assertIn(('1234', '1234', '12345'), args)
518 self.assertEqual(role_creds.username, 'fake_role_user')
519 self.assertEqual(role_creds.project_name, 'fake_role_project')
520 # Verify IDs
521 self.assertEqual(role_creds.project_id, '1234')
522 self.assertEqual(role_creds.user_id, '1234')
523
524 @mock.patch('tempest.lib.common.rest_client.RestClient')
525 def _test_get_same_role_creds_with_project_scope(self, MockRestClient,
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]526 scope=None,
527 force_new=False):
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]528 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
529 self._mock_list_2_roles()
530 self._mock_user_create('1234', 'fake_role_user')
531 self._mock_tenant_create('1234', 'fake_role_project')
532 with mock.patch.object(self.roles_client.RolesClient,
533 'create_user_role_on_project') as user_mock:
534 role_creds = creds.get_creds_by_roles(
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]535 roles=['role1', 'role2'], force_new=force_new, scope=scope)
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]536 calls = user_mock.mock_calls
537 # Assert that the role creation is called with the 2 specified roles
538 self.assertEqual(len(calls), 2)
539
540 # Fetch the same creds again
541 with mock.patch.object(self.roles_client.RolesClient,
542 'create_user_role_on_project') as user_mock1:
543 role_creds_new = creds.get_creds_by_roles(
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]544 roles=['role1', 'role2'], force_new=force_new, scope=scope)
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]545 calls = user_mock1.mock_calls
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]546 # With force_new, assert that new creds are created
547 if force_new:
548 self.assertEqual(len(calls), 2)
549 self.assertNotEqual(role_creds, role_creds_new)
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]550 # Assert that previously created creds are return and no call to
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]551 # role creation
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]552 # Check if previously created creds are returned.
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]553 else:
554 self.assertEqual(len(calls), 0)
555 self.assertEqual(role_creds, role_creds_new)
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]556
557 def test_get_same_role_creds_with_project_scope(self):
558 self._test_get_same_role_creds_with_project_scope(scope='project')
559
560 def test_get_same_role_creds_with_default_scope(self):
561 self._test_get_same_role_creds_with_project_scope()
562
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]563 def test_get_same_role_creds_with_project_scope_force_new(self):
564 self._test_get_same_role_creds_with_project_scope(
565 scope='project', force_new=True)
566
567 def test_get_same_role_creds_with_default_scope_force_new(self):
568 self._test_get_same_role_creds_with_project_scope(force_new=True)
569
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]570 @mock.patch('tempest.lib.common.rest_client.RestClient')
571 def _test_get_different_role_creds_with_project_scope(
572 self, MockRestClient, scope=None):
573 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
574 self._mock_list_2_roles()
575 self._mock_user_create('1234', 'fake_role_user')
576 self._mock_tenant_create('1234', 'fake_role_project')
577 with mock.patch.object(self.roles_client.RolesClient,
578 'create_user_role_on_project') as user_mock:
579 role_creds = creds.get_creds_by_roles(
580 roles=['role1', 'role2'], scope=scope)
581 calls = user_mock.mock_calls
582 # Assert that the role creation is called with the 2 specified roles
583 self.assertEqual(len(calls), 2)
584 # Fetch the creds with one role different
585 with mock.patch.object(self.roles_client.RolesClient,
586 'create_user_role_on_project') as user_mock1:
587 role_creds_new = creds.get_creds_by_roles(
588 roles=['role1'], scope=scope)
589 calls = user_mock1.mock_calls
590 # Because one role is different, assert that the role creation
591 # is called with the 1 specified roles
592 self.assertEqual(len(calls), 1)
593 # Check new creds is created for new roles.
594 self.assertNotEqual(role_creds, role_creds_new)
595
596 def test_get_different_role_creds_with_project_scope(self):
597 self._test_get_different_role_creds_with_project_scope(
598 scope='project')
599
600 def test_get_different_role_creds_with_default_scope(self):
601 self._test_get_different_role_creds_with_project_scope()
602
603 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]604 def test_all_cred_cleanup(self, MockRestClient):
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]605 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]606 self._mock_assign_user_role()
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]607 self._mock_list_role()
608 self._mock_tenant_create('1234', 'fake_prim_tenant')
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]609 show_mock = self.patchobject(creds.creds_client, 'show_project')
610 show_mock.return_value = {'id': '1234', 'name': 'fake_prim_tenant'}
611 self._mock_user_create('1234', 'fake_project1_user')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]612 creds.get_primary_creds()
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]613 self._mock_user_create('12341', 'fake_project1_user')
614 creds.get_project_admin_creds()
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]615 self._mock_tenant_create('12345', 'fake_alt_tenant')
616 self._mock_user_create('12345', 'fake_alt_user')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]617 creds.get_alt_creds()
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]618 self._mock_tenant_create('123456', 'fake_admin_tenant')
619 self._mock_user_create('123456', 'fake_admin_user')
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]620 self._mock_list_roles('123456', 'admin')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]621 creds.get_admin_creds()
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]622 user_mock = self.patchobject(self.users_client.UsersClient,
623 'delete_user')
624 tenant_mock = self.patchobject(self.tenants_client_class,
625 self.delete_tenant)
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]626 creds.clear_creds()
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]627 # Verify user delete calls
628 calls = user_mock.mock_calls
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]629 self.assertEqual(len(calls), 4)
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]630 args = map(lambda x: x[1][0], calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]631 args = list(args)
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]632 self.assertIn('1234', args)
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]633 self.assertIn('12341', args)
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]634 self.assertIn('12345', args)
635 self.assertIn('123456', args)
636 # Verify tenant delete calls
637 calls = tenant_mock.mock_calls
638 self.assertEqual(len(calls), 3)
639 args = map(lambda x: x[1][0], calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]640 args = list(args)
Matthew Treinishcb058062014-03-13 18:27:07 -0400[diff] [blame]641 self.assertIn('1234', args)
642 self.assertIn('12345', args)
643 self.assertIn('123456', args)
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]644
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]645 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]646 def test_alt_creds(self, MockRestClient):
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]647 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]648 self._mock_assign_user_role()
649 self._mock_list_role()
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]650 self._mock_user_create('1234', 'fake_alt_user')
651 self._mock_tenant_create('1234', 'fake_alt_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]652 alt_creds = creds.get_alt_creds()
Andrea Frittolifc315902014-03-20 09:21:44 +0000[diff] [blame]653 self.assertEqual(alt_creds.username, 'fake_alt_user')
654 self.assertEqual(alt_creds.tenant_name, 'fake_alt_tenant')
Andrea Frittoli9612e812014-03-13 10:57:26 +0000[diff] [blame]655 # Verify IDs
656 self.assertEqual(alt_creds.tenant_id, '1234')
657 self.assertEqual(alt_creds.user_id, '1234')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]658
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]659 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish2219d382015-04-24 10:33:04 -0400[diff] [blame]660 def test_no_network_creation_with_config_set(self, MockRestClient):
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]661 creds = dynamic_creds.DynamicCredentialProvider(
662 neutron_available=True, create_networks=False,
663 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
664 **self.fixed_params)
Matthew Treinish2219d382015-04-24 10:33:04 -0400[diff] [blame]665 self._mock_assign_user_role()
666 self._mock_list_role()
667 self._mock_user_create('1234', 'fake_prim_user')
668 self._mock_tenant_create('1234', 'fake_prim_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]669 net = mock.patch.object(creds.networks_admin_client,
Matthew Treinish2219d382015-04-24 10:33:04 -0400[diff] [blame]670 'delete_network')
671 net_mock = net.start()
John Warren3961acd2015-10-02 14:38:53 -0400[diff] [blame]672 subnet = mock.patch.object(creds.subnets_admin_client,
Matthew Treinish2219d382015-04-24 10:33:04 -0400[diff] [blame]673 'delete_subnet')
674 subnet_mock = subnet.start()
Ken'ichi Ohmichie35f4722015-12-22 04:57:11 +0000[diff] [blame]675 router = mock.patch.object(creds.routers_admin_client,
Matthew Treinish2219d382015-04-24 10:33:04 -0400[diff] [blame]676 'delete_router')
677 router_mock = router.start()
678
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]679 primary_creds = creds.get_primary_creds()
Matthew Treinish2219d382015-04-24 10:33:04 -0400[diff] [blame]680 self.assertEqual(net_mock.mock_calls, [])
681 self.assertEqual(subnet_mock.mock_calls, [])
682 self.assertEqual(router_mock.mock_calls, [])
683 network = primary_creds.network
684 subnet = primary_creds.subnet
685 router = primary_creds.router
686 self.assertIsNone(network)
687 self.assertIsNone(subnet)
688 self.assertIsNone(router)
689
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]690 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]691 def test_network_creation(self, MockRestClient):
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]692 creds = dynamic_creds.DynamicCredentialProvider(
693 neutron_available=True,
694 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
695 **self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]696 self._mock_assign_user_role()
697 self._mock_list_role()
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]698 self._mock_user_create('1234', 'fake_prim_user')
699 self._mock_tenant_create('1234', 'fake_prim_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]700 self._mock_network_create(creds, '1234', 'fake_net')
701 self._mock_subnet_create(creds, '1234', 'fake_subnet')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]702 self._mock_router_create('1234', 'fake_router')
703 router_interface_mock = self.patch(
Ken'ichi Ohmichi131799e2016-06-06 12:06:41 -0700[diff] [blame]704 'tempest.lib.services.network.routers_client.RoutersClient.'
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]705 'add_router_interface')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]706 primary_creds = creds.get_primary_creds()
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]707 router_interface_mock.assert_called_once_with('1234', subnet_id='1234')
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]708 network = primary_creds.network
709 subnet = primary_creds.subnet
710 router = primary_creds.router
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]711 self.assertEqual(network['id'], '1234')
712 self.assertEqual(network['name'], 'fake_net')
713 self.assertEqual(subnet['id'], '1234')
714 self.assertEqual(subnet['name'], 'fake_subnet')
715 self.assertEqual(router['id'], '1234')
716 self.assertEqual(router['name'], 'fake_router')
717
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]718 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]719 def test_network_cleanup(self, MockRestClient):
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]720 def side_effect(**args):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]721 return {"security_groups": [{"tenant_id": args['tenant_id'],
722 "name": args['name'],
723 "description": args['name'],
724 "security_group_rules": [],
725 "id": "sg-%s" % args['tenant_id']}]}
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]726 creds = dynamic_creds.DynamicCredentialProvider(
727 neutron_available=True,
728 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
729 **self.fixed_params)
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]730 # Create primary tenant and network
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]731 self._mock_assign_user_role()
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]732 self._mock_list_role()
733 self._mock_user_create('1234', 'fake_prim_user')
734 self._mock_tenant_create('1234', 'fake_prim_tenant')
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]735 show_mock = self.patchobject(creds.creds_client, 'show_project')
736 show_mock.return_value = {'id': '1234', 'name': 'fake_prim_tenant'}
737 self._mock_user_create('12341', 'fake_project1_user')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]738 self._mock_network_create(creds, '1234', 'fake_net')
739 self._mock_subnet_create(creds, '1234', 'fake_subnet')
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]740 self._mock_router_create('1234', 'fake_router')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]741 router_interface_mock = self.patch(
Ken'ichi Ohmichi131799e2016-06-06 12:06:41 -0700[diff] [blame]742 'tempest.lib.services.network.routers_client.RoutersClient.'
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]743 'add_router_interface')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]744 creds.get_primary_creds()
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]745 creds.get_project_admin_creds()
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]746 router_interface_mock.assert_called_once_with('1234', subnet_id='1234')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]747 router_interface_mock.reset_mock()
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]748 # Create alternate tenant and network
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]749 self._mock_user_create('12345', 'fake_alt_user')
750 self._mock_tenant_create('12345', 'fake_alt_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]751 self._mock_network_create(creds, '12345', 'fake_alt_net')
752 self._mock_subnet_create(creds, '12345', 'fake_alt_subnet')
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]753 self._mock_router_create('12345', 'fake_alt_router')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]754 creds.get_alt_creds()
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]755 router_interface_mock.assert_called_once_with('12345',
756 subnet_id='12345')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]757 router_interface_mock.reset_mock()
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]758 # Create admin tenant and networks
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]759 self._mock_user_create('123456', 'fake_admin_user')
760 self._mock_tenant_create('123456', 'fake_admin_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]761 self._mock_network_create(creds, '123456', 'fake_admin_net')
762 self._mock_subnet_create(creds, '123456', 'fake_admin_subnet')
Matthew Treinishbe15b872015-06-29 14:29:30 -0400[diff] [blame]763 self._mock_router_create('123456', 'fake_admin_router')
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]764 self._mock_list_roles('123456', 'admin')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]765 creds.get_admin_creds()
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]766 self.patchobject(self.users_client.UsersClient, 'delete_user')
767 self.patchobject(self.tenants_client_class, self.delete_tenant)
768 net = mock.patch.object(creds.networks_admin_client, 'delete_network')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]769 net_mock = net.start()
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]770 subnet = mock.patch.object(creds.subnets_admin_client, 'delete_subnet')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]771 subnet_mock = subnet.start()
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]772 router = mock.patch.object(creds.routers_admin_client, 'delete_router')
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]773 router_mock = router.start()
774 remove_router_interface_mock = self.patch(
Ken'ichi Ohmichi131799e2016-06-06 12:06:41 -0700[diff] [blame]775 'tempest.lib.services.network.routers_client.RoutersClient.'
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]776 'remove_router_interface')
Matthew Treinish96e9e882014-06-09 18:37:19 -0400[diff] [blame]777 return_values = ({'status': 200}, {'ports': []})
John Warren49c0fe52015-10-22 12:35:54 -0400[diff] [blame]778 port_list_mock = mock.patch.object(creds.ports_admin_client,
Matthew Treinish96e9e882014-06-09 18:37:19 -0400[diff] [blame]779 'list_ports',
780 return_value=return_values)
781
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]782 port_list_mock.start()
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]783 secgroup_list_mock = mock.patch.object(
John Warrenf9606e92015-12-10 12:12:42 -0500[diff] [blame]784 creds.security_groups_admin_client,
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]785 'list_security_groups',
786 side_effect=side_effect)
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]787 secgroup_list_mock.start()
788
Jordan Pittier00f25962016-03-18 17:10:07 +0100[diff] [blame]789 return_values = fake_http.fake_http_response({}, status=204), ''
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]790 remove_secgroup_mock = self.patch(
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]791 'tempest.lib.services.network.security_groups_client.'
John Warrenf9606e92015-12-10 12:12:42 -0500[diff] [blame]792 'SecurityGroupsClient.delete', return_value=return_values)
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]793 creds.clear_creds()
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]794 # Verify default security group delete
795 calls = remove_secgroup_mock.mock_calls
796 self.assertEqual(len(calls), 3)
797 args = map(lambda x: x[1][0], calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]798 args = list(args)
Ala Rezmerita846eb7c2014-03-10 09:06:03 +0100[diff] [blame]799 self.assertIn('v2.0/security-groups/sg-1234', args)
800 self.assertIn('v2.0/security-groups/sg-12345', args)
801 self.assertIn('v2.0/security-groups/sg-123456', args)
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]802 # Verify remove router interface calls
803 calls = remove_router_interface_mock.mock_calls
804 self.assertEqual(len(calls), 3)
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]805 args = map(lambda x: (x[1][0], x[2]), calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]806 args = list(args)
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]807 self.assertIn(('1234', {'subnet_id': '1234'}), args)
808 self.assertIn(('12345', {'subnet_id': '12345'}), args)
809 self.assertIn(('123456', {'subnet_id': '123456'}), args)
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]810 # Verify network delete calls
811 calls = net_mock.mock_calls
812 self.assertEqual(len(calls), 3)
813 args = map(lambda x: x[1][0], calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]814 args = list(args)
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]815 self.assertIn('1234', args)
816 self.assertIn('12345', args)
817 self.assertIn('123456', args)
818 # Verify subnet delete calls
819 calls = subnet_mock.mock_calls
820 self.assertEqual(len(calls), 3)
821 args = map(lambda x: x[1][0], calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]822 args = list(args)
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]823 self.assertIn('1234', args)
824 self.assertIn('12345', args)
825 self.assertIn('123456', args)
826 # Verify router delete calls
827 calls = router_mock.mock_calls
828 self.assertEqual(len(calls), 3)
829 args = map(lambda x: x[1][0], calls)
Matthew Treinishdc060d02015-04-23 14:20:26 -0400[diff] [blame]830 args = list(args)
Matthew Treinishe6723262014-03-14 13:16:52 -0400[diff] [blame]831 self.assertIn('1234', args)
832 self.assertIn('12345', args)
833 self.assertIn('123456', args)
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]834
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]835 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]836 def test_network_alt_creation(self, MockRestClient):
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]837 creds = dynamic_creds.DynamicCredentialProvider(
838 neutron_available=True,
839 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
840 **self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]841 self._mock_assign_user_role()
842 self._mock_list_role()
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]843 self._mock_user_create('1234', 'fake_alt_user')
844 self._mock_tenant_create('1234', 'fake_alt_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]845 self._mock_network_create(creds, '1234', 'fake_alt_net')
846 self._mock_subnet_create(creds, '1234', 'fake_alt_subnet')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]847 self._mock_router_create('1234', 'fake_alt_router')
848 router_interface_mock = self.patch(
Ken'ichi Ohmichi131799e2016-06-06 12:06:41 -0700[diff] [blame]849 'tempest.lib.services.network.routers_client.RoutersClient.'
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]850 'add_router_interface')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]851 alt_creds = creds.get_alt_creds()
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]852 router_interface_mock.assert_called_once_with('1234', subnet_id='1234')
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]853 network = alt_creds.network
854 subnet = alt_creds.subnet
855 router = alt_creds.router
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]856 self.assertEqual(network['id'], '1234')
857 self.assertEqual(network['name'], 'fake_alt_net')
858 self.assertEqual(subnet['id'], '1234')
859 self.assertEqual(subnet['name'], 'fake_alt_subnet')
860 self.assertEqual(router['id'], '1234')
861 self.assertEqual(router['name'], 'fake_alt_router')
862
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]863 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]864 def test_network_admin_creation(self, MockRestClient):
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]865 creds = dynamic_creds.DynamicCredentialProvider(
866 neutron_available=True,
867 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
868 **self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]869 self._mock_assign_user_role()
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]870 self._mock_user_create('1234', 'fake_admin_user')
871 self._mock_tenant_create('1234', 'fake_admin_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]872 self._mock_network_create(creds, '1234', 'fake_admin_net')
873 self._mock_subnet_create(creds, '1234', 'fake_admin_subnet')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]874 self._mock_router_create('1234', 'fake_admin_router')
875 router_interface_mock = self.patch(
Ken'ichi Ohmichi131799e2016-06-06 12:06:41 -0700[diff] [blame]876 'tempest.lib.services.network.routers_client.RoutersClient.'
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]877 'add_router_interface')
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]878 self._mock_list_roles('123456', 'admin')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]879 admin_creds = creds.get_admin_creds()
piyush11078694aca952015-12-17 12:54:44 +0530[diff] [blame]880 router_interface_mock.assert_called_once_with('1234', subnet_id='1234')
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]881 network = admin_creds.network
882 subnet = admin_creds.subnet
883 router = admin_creds.router
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]884 self.assertEqual(network['id'], '1234')
885 self.assertEqual(network['name'], 'fake_admin_net')
886 self.assertEqual(subnet['id'], '1234')
887 self.assertEqual(subnet['name'], 'fake_admin_subnet')
888 self.assertEqual(router['id'], '1234')
889 self.assertEqual(router['name'], 'fake_admin_router')
890
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]891 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]892 def test_no_network_resources(self, MockRestClient):
893 net_dict = {
894 'network': False,
895 'router': False,
896 'subnet': False,
897 'dhcp': False,
898 }
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]899 creds = dynamic_creds.DynamicCredentialProvider(
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]900 neutron_available=True,
901 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]902 network_resources=net_dict,
903 **self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]904 self._mock_assign_user_role()
905 self._mock_list_role()
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]906 self._mock_user_create('1234', 'fake_prim_user')
907 self._mock_tenant_create('1234', 'fake_prim_tenant')
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]908 net = mock.patch.object(creds.networks_admin_client,
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]909 'delete_network')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]910 net_mock = net.start()
John Warren3961acd2015-10-02 14:38:53 -0400[diff] [blame]911 subnet = mock.patch.object(creds.subnets_admin_client,
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]912 'delete_subnet')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]913 subnet_mock = subnet.start()
Ken'ichi Ohmichie35f4722015-12-22 04:57:11 +0000[diff] [blame]914 router = mock.patch.object(creds.routers_admin_client,
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]915 'delete_router')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]916 router_mock = router.start()
917
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]918 primary_creds = creds.get_primary_creds()
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]919 self.assertEqual(net_mock.mock_calls, [])
920 self.assertEqual(subnet_mock.mock_calls, [])
921 self.assertEqual(router_mock.mock_calls, [])
Andrea Frittoli (andreaf)9540dfd2015-03-25 17:06:50 -0400[diff] [blame]922 network = primary_creds.network
923 subnet = primary_creds.subnet
924 router = primary_creds.router
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]925 self.assertIsNone(network)
926 self.assertIsNone(subnet)
927 self.assertIsNone(router)
928
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]929 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]930 def test_router_without_network(self, MockRestClient):
931 net_dict = {
932 'network': False,
933 'router': True,
934 'subnet': False,
935 'dhcp': False,
936 }
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]937 creds = dynamic_creds.DynamicCredentialProvider(
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]938 neutron_available=True,
939 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]940 network_resources=net_dict,
941 **self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]942 self._mock_assign_user_role()
943 self._mock_list_role()
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]944 self._mock_user_create('1234', 'fake_prim_user')
945 self._mock_tenant_create('1234', 'fake_prim_tenant')
Matthew Treinish4217a702016-10-07 17:27:11 -0400[diff] [blame]946 self.assertRaises(lib_exc.InvalidConfiguration,
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]947 creds.get_primary_creds)
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]948
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]949 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]950 def test_subnet_without_network(self, MockRestClient):
951 net_dict = {
952 'network': False,
953 'router': False,
954 'subnet': True,
955 'dhcp': False,
956 }
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]957 creds = dynamic_creds.DynamicCredentialProvider(
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]958 neutron_available=True,
959 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]960 network_resources=net_dict,
961 **self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]962 self._mock_assign_user_role()
963 self._mock_list_role()
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]964 self._mock_user_create('1234', 'fake_prim_user')
965 self._mock_tenant_create('1234', 'fake_prim_tenant')
Matthew Treinish4217a702016-10-07 17:27:11 -0400[diff] [blame]966 self.assertRaises(lib_exc.InvalidConfiguration,
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]967 creds.get_primary_creds)
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]968
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]969 @mock.patch('tempest.lib.common.rest_client.RestClient')
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]970 def test_dhcp_without_subnet(self, MockRestClient):
971 net_dict = {
972 'network': False,
973 'router': False,
974 'subnet': False,
975 'dhcp': True,
976 }
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]977 creds = dynamic_creds.DynamicCredentialProvider(
Matthew Treinish75abbcf2016-10-07 16:19:12 -0400[diff] [blame]978 neutron_available=True,
979 project_network_cidr='10.100.0.0/16', project_network_mask_bits=28,
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]980 network_resources=net_dict,
981 **self.fixed_params)
Andrey Pavlovaf1fb702014-05-29 17:08:10 +0400[diff] [blame]982 self._mock_assign_user_role()
983 self._mock_list_role()
Matthew Treinish23433a02014-03-17 16:43:50 -0400[diff] [blame]984 self._mock_user_create('1234', 'fake_prim_user')
985 self._mock_tenant_create('1234', 'fake_prim_tenant')
Matthew Treinish4217a702016-10-07 17:27:11 -0400[diff] [blame]986 self.assertRaises(lib_exc.InvalidConfiguration,
Andrea Frittoli (andreaf)17209bb2015-05-22 10:16:57 -0700[diff] [blame]987 creds.get_primary_creds)
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]988
989
990class TestDynamicCredentialProviderV3(TestDynamicCredentialProvider):
991
992 fixed_params = {'name': 'test class',
993 'identity_version': 'v3',
Andrea Frittolidcd91002017-07-18 11:34:13 +0100[diff] [blame]994 'admin_role': 'admin',
995 'identity_uri': 'fake_uri'}
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]996
997 token_client = v3_token_client
998 iden_client = v3_iden_client
999 roles_client = v3_roles_client
1000 tenants_client = v3_projects_client
1001 users_client = v3_users_client
1002 token_client_class = token_client.V3TokenClient
1003 fake_response = fake_identity._fake_v3_response
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]1004 tenants_client_class = tenants_client.ProjectsClient
1005 delete_tenant = 'delete_project'
Ghanshyam Mann35fc95d2023-01-18 23:22:29 -0600[diff] [blame]1006 create_tenant = 'create_project'
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]1007
1008 def setUp(self):
1009 super(TestDynamicCredentialProviderV3, self).setUp()
1010 self.useFixture(fake_config.ConfigFixture())
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]1011 self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]1012 domains_client.DomainsClient, 'list_domains',
1013 return_value=dict(domains=[dict(id='default',
1014 name='Default')])))
1015 self.patchobject(self.roles_client.RolesClient,
ghanshyam2e6fb562016-09-06 11:14:31 +0900[diff] [blame]1016 'create_user_role_on_domain')
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]1017
1018 def _mock_list_ec2_credentials(self, user_id, tenant_id):
1019 pass
1020
1021 def _mock_tenant_create(self, id, name):
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]1022 project_fix = self.useFixture(fixtures.MockPatchObject(
Andrea Frittoli (andreaf)4bee2e72015-09-22 13:06:18 +0100[diff] [blame]1023 self.tenants_client.ProjectsClient,
1024 'create_project',
1025 return_value=(rest_client.ResponseBody
1026 (200, {'project': {'id': id, 'name': name}}))))
1027 return project_fix
Adam Youngb226f8e2016-06-25 21:41:36 -0400[diff] [blame]1028
1029 @mock.patch('tempest.lib.common.rest_client.RestClient')
Ghanshyam Mann2d0da042021-03-05 09:09:30 -0600[diff] [blame]1030 def test_role_creds_with_system_scope(self, MockRestClient):
1031 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1032 self._mock_list_2_roles()
1033 self._mock_user_create('1234', 'fake_role_user')
1034
1035 with mock.patch.object(self.roles_client.RolesClient,
1036 'create_user_role_on_system') as user_mock:
1037 role_creds = creds.get_creds_by_roles(
1038 roles=['role1', 'role2'], scope='system')
1039 calls = user_mock.mock_calls
1040 # Assert that the role creation is called with the 2 specified roles
1041 self.assertEqual(len(calls), 2)
1042 args = map(lambda x: x[1], calls)
1043 args = list(args)
1044 self.assertIn(('1234', '1234'), args)
1045 self.assertIn(('1234', '12345'), args)
1046 self.assertEqual(role_creds.username, 'fake_role_user')
1047 self.assertEqual(role_creds.user_id, '1234')
1048 # Verify system scope
1049 self.assertEqual(role_creds.system, 'all')
1050 # Verify domain is default
1051 self.assertEqual(role_creds.domain_id, 'default')
1052 self.assertEqual(role_creds.domain_name, 'Default')
1053
1054 @mock.patch('tempest.lib.common.rest_client.RestClient')
1055 def test_get_same_role_creds_with_system_scope(self, MockRestClient):
1056 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1057 self._mock_list_2_roles()
1058 self._mock_user_create('1234', 'fake_role_user')
1059 with mock.patch.object(self.roles_client.RolesClient,
1060 'create_user_role_on_system') as user_mock:
1061 role_creds = creds.get_creds_by_roles(
1062 roles=['role1', 'role2'], scope='system')
1063 calls = user_mock.mock_calls
1064 # Assert that the role creation is called with the 2 specified roles
1065 self.assertEqual(len(calls), 2)
1066
1067 # Fetch the same creds again
1068 with mock.patch.object(self.roles_client.RolesClient,
1069 'create_user_role_on_system') as user_mock1:
1070 role_creds_new = creds.get_creds_by_roles(
1071 roles=['role1', 'role2'], scope='system')
1072 calls = user_mock1.mock_calls
1073 # Assert that previously created creds are return and no call to
1074 # role creation.
1075 self.assertEqual(len(calls), 0)
1076 # Verify system scope
1077 self.assertEqual(role_creds_new.system, 'all')
1078 # Check if previously created creds are returned.
1079 self.assertEqual(role_creds, role_creds_new)
1080
1081 @mock.patch('tempest.lib.common.rest_client.RestClient')
1082 def test_get_different_role_creds_with_system_scope(self, MockRestClient):
1083 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1084 self._mock_list_2_roles()
1085 self._mock_user_create('1234', 'fake_role_user')
1086
1087 with mock.patch.object(self.roles_client.RolesClient,
1088 'create_user_role_on_system') as user_mock:
1089 role_creds = creds.get_creds_by_roles(
1090 roles=['role1', 'role2'], scope='system')
1091 calls = user_mock.mock_calls
1092 # Assert that the role creation is called with the 2 specified roles
1093 self.assertEqual(len(calls), 2)
1094 # Verify system scope
1095 self.assertEqual(role_creds.system, 'all')
1096 # Fetch the creds with one role different
1097 with mock.patch.object(self.roles_client.RolesClient,
1098 'create_user_role_on_system') as user_mock1:
1099 role_creds_new = creds.get_creds_by_roles(
1100 roles=['role1'], scope='system')
1101 calls = user_mock1.mock_calls
1102 # Because one role is different, assert that the role creation
1103 # is called with the 1 specified roles
1104 self.assertEqual(len(calls), 1)
1105 # Verify Scope
1106 self.assertEqual(role_creds_new.system, 'all')
1107 # Check new creds is created for new roles.
1108 self.assertNotEqual(role_creds, role_creds_new)
1109
1110 @mock.patch('tempest.lib.common.rest_client.RestClient')
1111 def test_role_creds_with_domain_scope(self, MockRestClient):
1112 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1113 self._mock_list_2_roles()
1114 self._mock_user_create('1234', 'fake_role_user')
1115
1116 domain = {
1117 "id": '12',
1118 "enabled": True,
1119 "name": "TestDomain"
1120 }
1121
1122 self.useFixture(fixtures.MockPatch(
1123 'tempest.lib.common.cred_client.V3CredsClient.create_domain',
1124 return_value=domain))
1125
1126 with mock.patch.object(self.roles_client.RolesClient,
1127 'create_user_role_on_domain') as user_mock:
1128 role_creds = creds.get_creds_by_roles(
1129 roles=['role1', 'role2'], scope='domain')
1130 calls = user_mock.mock_calls
1131 # Assert that the role creation is called with the 2 specified roles
1132 self.assertEqual(len(calls), 2)
1133 args = map(lambda x: x[1], calls)
1134 args = list(args)
1135 self.assertIn((domain['id'], '1234', '1234'), args)
1136 self.assertIn((domain['id'], '1234', '12345'), args)
1137 self.assertEqual(role_creds.username, 'fake_role_user')
1138 self.assertEqual(role_creds.user_id, '1234')
1139 # Verify creds are under new created domain
1140 self.assertEqual(role_creds.domain_id, domain['id'])
1141 self.assertEqual(role_creds.domain_name, domain['name'])
1142 # Verify that Scope is None
1143 self.assertIsNone(role_creds.system)
1144
1145 @mock.patch('tempest.lib.common.rest_client.RestClient')
1146 def test_get_same_role_creds_with_domain_scope(self, MockRestClient):
1147 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1148 self._mock_list_2_roles()
1149 self._mock_user_create('1234', 'fake_role_user')
1150
1151 domain = {
1152 "id": '12',
1153 "enabled": True,
1154 "name": "TestDomain"
1155 }
1156
1157 self.useFixture(fixtures.MockPatch(
1158 'tempest.lib.common.cred_client.V3CredsClient.create_domain',
1159 return_value=domain))
1160
1161 with mock.patch.object(self.roles_client.RolesClient,
1162 'create_user_role_on_domain') as user_mock:
1163 role_creds = creds.get_creds_by_roles(
1164 roles=['role1', 'role2'], scope='domain')
1165 calls = user_mock.mock_calls
1166 # Assert that the role creation is called with the 2 specified roles
1167 self.assertEqual(len(calls), 2)
1168 self.assertEqual(role_creds.user_id, '1234')
1169 # Verify Scope
1170 self.assertIsNone(role_creds.system)
1171 # Fetch the same creds again
1172 with mock.patch.object(self.roles_client.RolesClient,
1173 'create_user_role_on_domain') as user_mock1:
1174 role_creds_new = creds.get_creds_by_roles(
1175 roles=['role1', 'role2'], scope='domain')
1176 calls = user_mock1.mock_calls
1177 # Assert that previously created creds are return and no call to
1178 # role creation.
1179 self.assertEqual(len(calls), 0)
1180 # Verify Scope
1181 self.assertIsNone(role_creds_new.system)
1182 # Check if previously created creds are returned.
1183 self.assertEqual(role_creds, role_creds_new)
1184
1185 @mock.patch('tempest.lib.common.rest_client.RestClient')
1186 def test_get_different_role_creds_with_domain_scope(self, MockRestClient):
1187 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1188 self._mock_list_2_roles()
1189 self._mock_user_create('1234', 'fake_role_user')
1190
1191 domain = {
1192 "id": '12',
1193 "enabled": True,
1194 "name": "TestDomain"
1195 }
1196
1197 self.useFixture(fixtures.MockPatch(
1198 'tempest.lib.common.cred_client.V3CredsClient.create_domain',
1199 return_value=domain))
1200
1201 with mock.patch.object(self.roles_client.RolesClient,
1202 'create_user_role_on_domain') as user_mock:
1203 role_creds = creds.get_creds_by_roles(
1204 roles=['role1', 'role2'], scope='domain')
1205 calls = user_mock.mock_calls
1206 # Assert that the role creation is called with the 2 specified roles
1207 self.assertEqual(len(calls), 2)
1208 self.assertEqual(role_creds.user_id, '1234')
1209 # Verify Scope
1210 self.assertIsNone(role_creds.system)
1211 # Fetch the same creds again
1212 with mock.patch.object(self.roles_client.RolesClient,
1213 'create_user_role_on_domain') as user_mock1:
1214 role_creds_new = creds.get_creds_by_roles(
1215 roles=['role1'], scope='domain')
1216 calls = user_mock1.mock_calls
1217 # Because one role is different, assert that the role creation
1218 # is called with the 1 specified roles
1219 self.assertEqual(len(calls), 1)
1220 # Verify Scope
1221 self.assertIsNone(role_creds_new.system)
1222 # Check new creds is created for new roles.
1223 self.assertNotEqual(role_creds, role_creds_new)
1224
1225 @mock.patch('tempest.lib.common.rest_client.RestClient')
1226 def test_get_role_creds_with_different_scope(self, MockRestClient):
1227 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1228 self._mock_list_2_roles()
1229 self._mock_user_create('1234', 'fake_role_user')
1230 self._mock_tenant_create('1234', 'fake_role_project')
1231 with mock.patch.object(self.roles_client.RolesClient,
1232 'create_user_role_on_system') as user_mock:
1233 role_creds = creds.get_creds_by_roles(
1234 roles=['role1', 'role2'], scope='system')
1235 calls = user_mock.mock_calls
1236 # Assert that the role creation is called with the 2 specified roles
1237 self.assertEqual(len(calls), 2)
1238 # Verify Scope
1239 self.assertEqual(role_creds.system, 'all')
1240
1241 # Fetch the same role creds but with different scope
1242 with mock.patch.object(self.roles_client.RolesClient,
1243 'create_user_role_on_project') as user_mock1:
1244 role_creds_new = creds.get_creds_by_roles(
1245 roles=['role1', 'role2'], scope='project')
1246 calls = user_mock1.mock_calls
1247 # Because scope is different, assert that the role creation
1248 # is called with the 2 specified roles
1249 self.assertEqual(len(calls), 2)
1250 # Verify Scope
1251 self.assertIsNone(role_creds_new.system)
1252 # Check that created creds are different
1253 self.assertNotEqual(role_creds, role_creds_new)
1254
1255 @mock.patch('tempest.lib.common.rest_client.RestClient')
Adam Youngb226f8e2016-06-25 21:41:36 -0400[diff] [blame]1256 def test_member_role_creation_with_duplicate(self, rest_client_mock):
1257 creds = dynamic_creds.DynamicCredentialProvider(**self.fixed_params)
1258 creds.creds_client = mock.MagicMock()
1259 creds.creds_client.create_user_role.side_effect = lib_exc.Conflict
Matthew Treinishc51b7122017-07-17 12:28:07 -0400[diff] [blame]1260 with mock.patch('tempest.lib.common.dynamic_creds.LOG') as log_mock:
Adam Youngb226f8e2016-06-25 21:41:36 -0400[diff] [blame]1261 creds._create_creds()
1262 log_mock.warning.assert_called_once_with(
Martin Kopec99d4dae2020-05-27 10:33:17 +0000[diff] [blame]1263 "member role already exists, ignoring conflict.")
Adam Youngb226f8e2016-06-25 21:41:36 -0400[diff] [blame]1264 creds.creds_client.assign_user_role.assert_called_once_with(
Martin Kopec99d4dae2020-05-27 10:33:17 +0000[diff] [blame]1265 mock.ANY, mock.ANY, 'member')