blob: e7111b080ad20891eb62eee7198ffcfb05b0e1eb [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +08001# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -04002# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -050015
Matthew Treinishb0c65f22015-04-23 09:09:41 -040016import six
Adam Gandelman85f5bed2014-06-19 16:48:17 -070017
Doug Hellmann583ce2c2015-03-11 14:55:46 +000018from oslo_log import log as logging
Masayuki Igawabfa07602015-01-20 18:47:17 +090019from tempest_lib import exceptions as lib_exc
20
Sean Dague1937d092013-05-17 16:36:38 -040021from tempest.api.compute import base
Fei Long Wangd39431f2015-05-14 11:30:48 +120022from tempest.common.utils import data_utils
Matthew Treinishb0a78fc2014-01-29 16:49:12 +000023from tempest import config
Yuiko Takadae9999d62014-03-06 09:22:54 +000024from tempest import test
Daryl Walleckced8eb82012-03-19 13:52:37 -050025
Matthew Treinishb0a78fc2014-01-29 16:49:12 +000026CONF = config.CONF
27
Giulio Fidente92f77192013-08-26 17:13:28 +020028LOG = logging.getLogger(__name__)
29
Daryl Walleckced8eb82012-03-19 13:52:37 -050030
ivan-zhuf2b00502013-10-18 10:06:52 +080031class AuthorizationTestJSON(base.BaseV2ComputeTest):
Emily Hugenbruche7991d92014-12-12 16:53:36 +000032
Andrea Frittolib21de6c2015-02-06 20:12:38 +000033 credentials = ['primary', 'alt']
34
Daryl Walleckced8eb82012-03-19 13:52:37 -050035 @classmethod
Emily Hugenbruche7991d92014-12-12 16:53:36 +000036 def skip_checks(cls):
37 super(AuthorizationTestJSON, cls).skip_checks()
Adam Gandelman85f5bed2014-06-19 16:48:17 -070038 if not CONF.service_available.glance:
39 raise cls.skipException('Glance is not available.')
Emily Hugenbruche7991d92014-12-12 16:53:36 +000040
41 @classmethod
42 def setup_credentials(cls):
Salvatore Orlando5a337242014-01-15 22:49:22 +000043 # No network resources required for this test
44 cls.set_network_resources()
Emily Hugenbruche7991d92014-12-12 16:53:36 +000045 super(AuthorizationTestJSON, cls).setup_credentials()
Emily Hugenbruche7991d92014-12-12 16:53:36 +000046
47 @classmethod
48 def setup_clients(cls):
49 super(AuthorizationTestJSON, cls).setup_clients()
Daryl Walleckced8eb82012-03-19 13:52:37 -050050 cls.client = cls.os.servers_client
51 cls.images_client = cls.os.images_client
Adam Gandelman85f5bed2014-06-19 16:48:17 -070052 cls.glance_client = cls.os.image_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +053053 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +053054 cls.security_client = cls.os.security_groups_client
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +000055 cls.rule_client = cls.os.security_group_rules_client
Daryl Walleckced8eb82012-03-19 13:52:37 -050056
Jay Pipesf38eaac2012-06-21 13:37:35 -040057 cls.alt_client = cls.alt_manager.servers_client
58 cls.alt_images_client = cls.alt_manager.images_client
59 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
60 cls.alt_security_client = cls.alt_manager.security_groups_client
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +000061 cls.alt_rule_client = cls.alt_manager.security_group_rules_client
Daryl Walleckced8eb82012-03-19 13:52:37 -050062
Emily Hugenbruche7991d92014-12-12 16:53:36 +000063 @classmethod
64 def resource_setup(cls):
65 super(AuthorizationTestJSON, cls).resource_setup()
David Kranz0fb14292015-02-11 15:55:20 -050066 server = cls.create_test_server(wait_until='ACTIVE')
Ken'ichi Ohmichi76800242015-07-03 05:12:31 +000067 cls.server = cls.client.show_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -040068
Masayuki Igawa259c1132013-10-31 17:48:44 +090069 name = data_utils.rand_name('image')
David Kranz34f18782015-01-06 13:43:55 -050070 body = cls.glance_client.create_image(name=name,
71 container_format='bare',
72 disk_format='raw',
73 is_public=False)
Adam Gandelman85f5bed2014-06-19 16:48:17 -070074 image_id = body['id']
Matthew Treinishb0c65f22015-04-23 09:09:41 -040075 image_file = six.StringIO(('*' * 1024))
David Kranz34f18782015-01-06 13:43:55 -050076 body = cls.glance_client.update_image(image_id, data=image_file)
Adam Gandelman85f5bed2014-06-19 16:48:17 -070077 cls.glance_client.wait_for_image_status(image_id, 'active')
Ken'ichi Ohmichi5d410762015-05-22 01:10:03 +000078 cls.image = cls.images_client.show_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -050079
Masayuki Igawa259c1132013-10-31 17:48:44 +090080 cls.keypairname = data_utils.rand_name('keypair')
Ken'ichi Ohmichie364bce2015-07-17 10:27:59 +000081 cls.keypairs_client.create_keypair(name=cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -050082
Masayuki Igawa259c1132013-10-31 17:48:44 +090083 name = data_utils.rand_name('security')
84 description = data_utils.rand_name('description')
David Kranz9964b4e2015-02-06 15:45:29 -050085 cls.security_group = cls.security_client.create_security_group(
Ken'ichi Ohmichi34563cc2015-07-21 00:53:17 +000086 name=name, description=description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +053087
Jay Pipesf38eaac2012-06-21 13:37:35 -040088 parent_group_id = cls.security_group['id']
89 ip_protocol = 'tcp'
90 from_port = 22
91 to_port = 22
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +000092 cls.rule = cls.rule_client.create_security_group_rule(
Ken'ichi Ohmichieb7eeec2015-07-21 01:00:06 +000093 parent_group_id=parent_group_id, ip_protocol=ip_protocol,
94 from_port=from_port, to_port=to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +053095
Daryl Walleckced8eb82012-03-19 13:52:37 -050096 @classmethod
Andrea Frittoli50bb80d2014-09-15 12:34:27 +010097 def resource_cleanup(cls):
Andrea Frittoli (andreaf)1f342412015-05-12 16:37:19 +010098 if hasattr(cls, 'image'):
Daryl Walleckced8eb82012-03-19 13:52:37 -050099 cls.images_client.delete_image(cls.image['id'])
Andrea Frittoli (andreaf)1f342412015-05-12 16:37:19 +0100100 if hasattr(cls, 'keypairname'):
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530101 cls.keypairs_client.delete_keypair(cls.keypairname)
Andrea Frittoli (andreaf)1f342412015-05-12 16:37:19 +0100102 if hasattr(cls, 'security_group'):
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530103 cls.security_client.delete_security_group(cls.security_group['id'])
Andrea Frittoli50bb80d2014-09-15 12:34:27 +0100104 super(AuthorizationTestJSON, cls).resource_cleanup()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500105
Chris Hoge7579c1a2015-02-26 14:12:15 -0800106 @test.idempotent_id('56816e4a-bd34-47b5-aee9-268c3efeb5d4')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400107 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500108 # A GET request for a server on another user's account should fail
Ken'ichi Ohmichi76800242015-07-03 05:12:31 +0000109 self.assertRaises(lib_exc.NotFound, self.alt_client.show_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030110 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500111
Chris Hoge7579c1a2015-02-26 14:12:15 -0800112 @test.idempotent_id('fb8a4870-6d9d-44ad-8375-95d52e98d9f6')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400113 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500114 # A DELETE request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900115 self.assertRaises(lib_exc.NotFound, self.alt_client.delete_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030116 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500117
Chris Hoge7579c1a2015-02-26 14:12:15 -0800118 @test.idempotent_id('d792f91f-1d49-4eb5-b1ff-b229c4b9dc64')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400119 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500120 # An update server request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900121 self.assertRaises(lib_exc.NotFound, self.alt_client.update_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030122 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500123
Chris Hoge7579c1a2015-02-26 14:12:15 -0800124 @test.idempotent_id('488f24df-d7f7-4207-949a-f17fcb8e8769')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400125 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500126 # A list addresses request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900127 self.assertRaises(lib_exc.NotFound, self.alt_client.list_addresses,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030128 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500129
Chris Hoge7579c1a2015-02-26 14:12:15 -0800130 @test.idempotent_id('00b442d0-2e72-40e7-9b1f-31772e36da01')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400131 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500132 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500133 server_id = self.server['id']
Masayuki Igawabfa07602015-01-20 18:47:17 +0900134 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030135 self.alt_client.list_addresses_by_network, server_id,
136 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500137
Chris Hoge7579c1a2015-02-26 14:12:15 -0800138 @test.idempotent_id('cc90b35a-19f0-45d2-b680-2aabf934aa22')
sapan-kona37939762012-06-28 20:22:43 +0530139 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500140 # A list on servers from one tenant should not
141 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200142 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530143 alt_server_ids = []
David Kranzae99b9a2015-02-16 13:37:01 -0500144 body = self.alt_client.list_servers()
sapan-kona37939762012-06-28 20:22:43 +0530145 alt_server_ids = [s['id'] for s in body['servers']]
146 self.assertNotIn(self.server['id'], alt_server_ids)
147
Chris Hoge7579c1a2015-02-26 14:12:15 -0800148 @test.idempotent_id('376dbc16-0779-4384-a723-752774799641')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400149 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500150 # A change password request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900151 self.assertRaises(lib_exc.NotFound, self.alt_client.change_password,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030152 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500153
Chris Hoge7579c1a2015-02-26 14:12:15 -0800154 @test.idempotent_id('14cb5ff5-f646-45ca-8f51-09081d6c0c24')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400155 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500156 # A reboot request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900157 self.assertRaises(lib_exc.NotFound, self.alt_client.reboot,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030158 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500159
Chris Hoge7579c1a2015-02-26 14:12:15 -0800160 @test.idempotent_id('8a0bce51-cd00-480b-88ba-dbc7d8408a37')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400161 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500162 # A rebuild request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900163 self.assertRaises(lib_exc.NotFound, self.alt_client.rebuild,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030164 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500165
Chris Hoge7579c1a2015-02-26 14:12:15 -0800166 @test.idempotent_id('e4da647e-f982-4e61-9dad-1d1abebfb933')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400167 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500168 # A resize request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900169 self.assertRaises(lib_exc.NotFound, self.alt_client.resize,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030170 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500171
Chris Hoge7579c1a2015-02-26 14:12:15 -0800172 @test.idempotent_id('a9fe8112-0ffa-4902-b061-f892bd5fe0d3')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400173 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500174 # A create image request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900175 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030176 self.alt_images_client.create_image,
Ken'ichi Ohmichi28f18672015-07-17 10:00:38 +0000177 self.server['id'], name='testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500178
Chris Hoge7579c1a2015-02-26 14:12:15 -0800179 @test.idempotent_id('95d445f6-babc-4f2e-aea3-aa24ec5e7f0d')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500180 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500181 # Server creation with another user's image should fail
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900182 self.assertRaises(lib_exc.BadRequest, self.alt_client.create_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030183 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500184
Chris Hoge7579c1a2015-02-26 14:12:15 -0800185 @test.idempotent_id('acf8724b-142b-4044-82c3-78d31a533f24')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500186 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500187 # A create server request should fail if the tenant id does not match
188 # the current user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000189 # Change the base URL to impersonate another user
190 self.alt_client.auth_provider.set_alt_auth_data(
191 request_part='url',
192 auth_data=self.client.auth_provider.auth_data
193 )
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900194 self.assertRaises(lib_exc.BadRequest,
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000195 self.alt_client.create_server, 'test',
196 self.image['id'], self.flavor_ref)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530197
Chris Hoge7579c1a2015-02-26 14:12:15 -0800198 @test.idempotent_id('f03d1ded-7fd4-4d29-bc13-e2391f29c625')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400199 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500200 # A create keypair request should fail if the tenant id does not match
201 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200202 # POST keypair with other user tenant
Ken'ichi Ohmichi4937f562015-03-23 00:15:01 +0000203 k_name = data_utils.rand_name('keypair')
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530204 try:
205 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000206 self.alt_keypairs_client.auth_provider.set_alt_auth_data(
207 request_part='url',
208 auth_data=self.keypairs_client.auth_provider.auth_data
209 )
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530210 resp = {}
211 resp['status'] = None
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900212 self.assertRaises(lib_exc.BadRequest,
Ken'ichi Ohmichie364bce2015-07-17 10:27:59 +0000213 self.alt_keypairs_client.create_keypair,
214 name=k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530215 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000216 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800217 if (resp['status'] is not None):
David Kranz173f0e02015-02-06 13:47:57 -0500218 self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200219 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800220 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530221
Chris Hoge7579c1a2015-02-26 14:12:15 -0800222 @test.idempotent_id('85bcdd8f-56b4-4868-ae56-63fbf6f7e405')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400223 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500224 # A GET request for another user's keypair should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900225 self.assertRaises(lib_exc.NotFound,
Ken'ichi Ohmichi0943d9b2015-06-17 02:27:05 +0000226 self.alt_keypairs_client.show_keypair,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030227 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530228
Chris Hoge7579c1a2015-02-26 14:12:15 -0800229 @test.idempotent_id('6d841683-a8e0-43da-a1b8-b339f7692b61')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400230 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500231 # A DELETE request for another user's keypair should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900232 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030233 self.alt_keypairs_client.delete_keypair,
234 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530235
Chris Hoge7579c1a2015-02-26 14:12:15 -0800236 @test.idempotent_id('fcb2e144-36e3-4dfb-9f9f-e72fcdec5656')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400237 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500238 # A GET request for an image on another user's account should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900239 self.assertRaises(lib_exc.NotFound,
Ken'ichi Ohmichi5d410762015-05-22 01:10:03 +0000240 self.alt_images_client.show_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530241
Chris Hoge7579c1a2015-02-26 14:12:15 -0800242 @test.idempotent_id('9facb962-f043-4a9d-b9ee-166a32dea098')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400243 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500244 # A DELETE request for another user's image should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900245 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030246 self.alt_images_client.delete_image,
247 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530248
Chris Hoge7579c1a2015-02-26 14:12:15 -0800249 @test.idempotent_id('752c917e-83be-499d-a422-3559127f7d3c')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400250 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500251 # A create security group request should fail if the tenant id does not
252 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200253 # POST security group with other user tenant
Ken'ichi Ohmichi4937f562015-03-23 00:15:01 +0000254 s_name = data_utils.rand_name('security')
Masayuki Igawa259c1132013-10-31 17:48:44 +0900255 s_description = data_utils.rand_name('security')
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530256 try:
257 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000258 self.alt_security_client.auth_provider.set_alt_auth_data(
259 request_part='url',
260 auth_data=self.security_client.auth_provider.auth_data
261 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530262 resp = {}
263 resp['status'] = None
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900264 self.assertRaises(lib_exc.BadRequest,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030265 self.alt_security_client.create_security_group,
Ken'ichi Ohmichi34563cc2015-07-21 00:53:17 +0000266 name=s_name, description=s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530267 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000268 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800269 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700270 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200271 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530272 "the tenant id does not match the current user")
273
Chris Hoge7579c1a2015-02-26 14:12:15 -0800274 @test.idempotent_id('9db3590f-4d15-4e5f-985e-b28514919a6f')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400275 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500276 # A GET request for another user's security group should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900277 self.assertRaises(lib_exc.NotFound,
Ken'ichi Ohmichi217f2f32015-06-17 02:52:44 +0000278 self.alt_security_client.show_security_group,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030279 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530280
Chris Hoge7579c1a2015-02-26 14:12:15 -0800281 @test.idempotent_id('155387a5-2bbc-4acf-ab06-698dae537ea5')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400282 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500283 # A DELETE request for another user's security group should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900284 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030285 self.alt_security_client.delete_security_group,
286 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530287
Chris Hoge7579c1a2015-02-26 14:12:15 -0800288 @test.idempotent_id('b2b76de0-210a-4089-b921-591c9ec552f6')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400289 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500290 # A create security group rule request should fail if the tenant id
291 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200292 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530293 parent_group_id = self.security_group['id']
294 ip_protocol = 'icmp'
295 from_port = -1
296 to_port = -1
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530297 try:
298 # Change the base URL to impersonate another user
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +0000299 self.alt_rule_client.auth_provider.set_alt_auth_data(
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000300 request_part='url',
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +0000301 auth_data=self.rule_client.auth_provider.auth_data
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000302 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530303 resp = {}
304 resp['status'] = None
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900305 self.assertRaises(lib_exc.BadRequest,
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +0000306 self.alt_rule_client.
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030307 create_security_group_rule,
Ken'ichi Ohmichieb7eeec2015-07-21 01:00:06 +0000308 parent_group_id=parent_group_id,
309 ip_protocol=ip_protocol,
310 from_port=from_port, to_port=to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530311 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000312 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800313 if resp['status'] is not None:
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +0000314 self.alt_rule_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200315 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530316 "happen if the tenant id does not match the"
317 " current user")
318
Chris Hoge7579c1a2015-02-26 14:12:15 -0800319 @test.idempotent_id('c6044177-37ef-4ce4-b12c-270ddf26d7da')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400320 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500321 # A DELETE request for another user's security group rule
322 # should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900323 self.assertRaises(lib_exc.NotFound,
Ken'ichi Ohmichi685cd172015-07-13 01:29:57 +0000324 self.alt_rule_client.delete_security_group_rule,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030325 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530326
Chris Hoge7579c1a2015-02-26 14:12:15 -0800327 @test.idempotent_id('c5f52351-53d9-4fc9-83e5-917f7f5e3d71')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400328 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500329 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530330 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Masayuki Igawabfa07602015-01-20 18:47:17 +0900331 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030332 self.alt_client.set_server_metadata,
333 self.server['id'],
334 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530335
Chris Hoge7579c1a2015-02-26 14:12:15 -0800336 @test.idempotent_id('fb6f51e9-df15-4939-898d-1aca38c258f0')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400337 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500338 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530339 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Masayuki Igawabfa07602015-01-20 18:47:17 +0900340 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030341 self.alt_images_client.set_image_metadata,
342 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530343
Chris Hoge7579c1a2015-02-26 14:12:15 -0800344 @test.idempotent_id('dea1936a-473d-49f2-92ad-97bb7aded22e')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400345 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500346 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530347 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800348 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000349 self.addCleanup(self.client.delete_server_metadata_item,
350 self.server['id'], 'meta1')
Masayuki Igawabfa07602015-01-20 18:47:17 +0900351 self.assertRaises(lib_exc.NotFound,
hi2suresh31bb7cb2013-03-14 04:53:49 +0000352 self.alt_client.get_server_metadata_item,
353 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530354
Chris Hoge7579c1a2015-02-26 14:12:15 -0800355 @test.idempotent_id('16b2d724-0d3b-4216-a9fa-97bd4d9cf670')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400356 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500357 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530358 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000359 self.addCleanup(self.images_client.delete_image_metadata_item,
360 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530361 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800362 req_metadata)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900363 self.assertRaises(lib_exc.NotFound,
Ken'ichi Ohmichi0943d9b2015-06-17 02:27:05 +0000364 self.alt_images_client.show_image_metadata_item,
hi2sureshd0e24122013-03-15 03:06:53 +0000365 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530366
Chris Hoge7579c1a2015-02-26 14:12:15 -0800367 @test.idempotent_id('79531e2e-e721-493c-8b30-a35db36fdaa6')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400368 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500369 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530370 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000371 self.addCleanup(self.client.delete_server_metadata_item,
372 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800373 self.client.set_server_metadata(self.server['id'], req_metadata)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900374 self.assertRaises(lib_exc.NotFound,
hi2sureshd0e24122013-03-15 03:06:53 +0000375 self.alt_client.delete_server_metadata_item,
376 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530377
Chris Hoge7579c1a2015-02-26 14:12:15 -0800378 @test.idempotent_id('a5175dcf-cef8-43d6-9b77-3cb707d62e94')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400379 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500380 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530381 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000382 self.addCleanup(self.images_client.delete_image_metadata_item,
383 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530384 self.images_client.set_image_metadata(self.image['id'],
385 req_metadata)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900386 self.assertRaises(lib_exc.NotFound,
hi2sureshd0e24122013-03-15 03:06:53 +0000387 self.alt_images_client.delete_image_metadata_item,
388 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530389
Chris Hoge7579c1a2015-02-26 14:12:15 -0800390 @test.idempotent_id('b0c1e7a0-8853-40fd-8384-01f93d116cae')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400391 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500392 # A Get Console Output for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900393 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030394 self.alt_client.get_console_output,
395 self.server['id'], 10)