Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 52abbd93a2ea9d4517538e3ec0d18f87c166602d / . / tempest / api / identity / admin / v3 / test_trusts.py
blob: d31514c8896e2e75a484191c8bb80e5162af8449 [file] [log] [blame]
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License"); you may
2# not use this file except in compliance with the License. You may obtain
3# a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10# License for the specific language governing permissions and limitations
11# under the License.
12
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]13import datetime
14import re
Matthew Treinish96e9e882014-06-09 18:37:19 -0400[diff] [blame]15
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]16from oslo_utils import timeutils
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]17
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]18from tempest.api.identity import base
19from tempest import clients
Andrea Frittoli (andreaf)290b3e12015-10-08 10:25:02 +0100[diff] [blame]20from tempest.common import credentials_factory as common_creds
Fei Long Wangd39431f2015-05-14 11:30:48 +1200[diff] [blame]21from tempest.common.utils import data_utils
Matthew Treinishd5021a72014-01-09 18:42:51 +0000[diff] [blame]22from tempest import config
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]23from tempest.lib import exceptions as lib_exc
Masayuki Igawaba7bcf62014-02-17 14:56:41 +0900[diff] [blame]24from tempest import test
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]25
Matthew Treinishd5021a72014-01-09 18:42:51 +0000[diff] [blame]26CONF = config.CONF
27
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]28
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]29class BaseTrustsV3Test(base.BaseIdentityV3AdminTest):
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]30
31 def setUp(self):
32 super(BaseTrustsV3Test, self).setUp()
33 # Use alt_username as the trustee
Matthew Treinishd5021a72014-01-09 18:42:51 +0000[diff] [blame]34 if not CONF.identity_feature_enabled.trust:
35 raise self.skipException("Trusts aren't enabled")
36
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]37 self.trust_id = None
Steven Hardy776f4572013-12-23 21:42:48 +0000[diff] [blame]38
39 def tearDown(self):
40 if self.trust_id:
41 # Do the delete in tearDown not addCleanup - we want the test to
42 # fail in the event there is a bug which causes undeletable trusts
43 self.delete_trust()
44 super(BaseTrustsV3Test, self).tearDown()
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]45
46 def create_trustor_and_roles(self):
Jamie Lennoxf8507b42015-02-23 06:17:57 +0000[diff] [blame]47 # create a project that trusts will be granted on
Ken'ichi Ohmichi80369a92015-04-06 23:41:14 +0000[diff] [blame]48 self.trustor_project_name = data_utils.rand_name(name='project')
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]49 project = self.projects_client.create_project(
50 self.trustor_project_name, domain_id='default')['project']
Jamie Lennoxf8507b42015-02-23 06:17:57 +0000[diff] [blame]51 self.trustor_project_id = project['id']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]52 self.assertIsNotNone(self.trustor_project_id)
53
54 # Create a trustor User
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]55 self.trustor_username = data_utils.rand_name('user')
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]56 u_desc = self.trustor_username + 'description'
Steven Hardy68f95282014-01-10 17:40:31 +0000[diff] [blame]57 u_email = self.trustor_username + '@testmail.xx'
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -0600[diff] [blame]58 self.trustor_password = data_utils.rand_password()
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]59 user = self.users_client.create_user(
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]60 self.trustor_username,
61 description=u_desc,
62 password=self.trustor_password,
63 email=u_email,
Jamie Lennoxf8507b42015-02-23 06:17:57 +0000[diff] [blame]64 project_id=self.trustor_project_id,
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]65 domain_id='default')['user']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]66 self.trustor_user_id = user['id']
67
68 # And two roles, one we'll delegate and one we won't
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]69 self.delegated_role = data_utils.rand_name('DelegatedRole')
70 self.not_delegated_role = data_utils.rand_name('NotDelegatedRole')
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]71
piyush110786afaaf262015-12-11 18:54:05 +0530[diff] [blame]72 role = self.client.create_role(name=self.delegated_role)['role']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]73 self.delegated_role_id = role['id']
74
piyush110786afaaf262015-12-11 18:54:05 +0530[diff] [blame]75 role = self.client.create_role(name=self.not_delegated_role)['role']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]76 self.not_delegated_role_id = role['id']
77
78 # Assign roles to trustor
Ghanshyamc0448672016-02-17 12:53:25 +0900[diff] [blame]79 self.client.assign_user_role_on_project(self.trustor_project_id,
80 self.trustor_user_id,
81 self.delegated_role_id)
82 self.client.assign_user_role_on_project(self.trustor_project_id,
83 self.trustor_user_id,
84 self.not_delegated_role_id)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]85
86 # Get trustee user ID, use the demo user
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]87 trustee_username = self.non_admin_client.user
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]88 self.trustee_user_id = self.get_user_by_name(trustee_username)['id']
89 self.assertIsNotNone(self.trustee_user_id)
90
91 # Initialize a new client with the trustor credentials
Andrea Frittoli (andreaf)290b3e12015-10-08 10:25:02 +0100[diff] [blame]92 creds = common_creds.get_credentials(
Jamie Lennoxf8507b42015-02-23 06:17:57 +0000[diff] [blame]93 identity_version='v3',
Andrea Frittoli422fbdf2014-03-20 10:05:18 +0000[diff] [blame]94 username=self.trustor_username,
95 password=self.trustor_password,
Jamie Lennoxf8507b42015-02-23 06:17:57 +0000[diff] [blame]96 user_domain_id='default',
97 tenant_name=self.trustor_project_name,
98 project_domain_id='default')
Andrea Frittolic0978352015-02-06 15:57:40 +0000[diff] [blame]99 os = clients.Manager(credentials=creds)
Daniel Mellado76405392016-02-11 12:47:12 +0000[diff] [blame]100 self.trustor_client = os.trusts_client
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]101
Steven Hardy776f4572013-12-23 21:42:48 +0000[diff] [blame]102 def cleanup_user_and_roles(self):
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]103 if self.trustor_user_id:
Daniel Mellado7aea5342016-02-09 09:10:12 +0000[diff] [blame]104 self.users_client.delete_user(self.trustor_user_id)
Jamie Lennoxf8507b42015-02-23 06:17:57 +0000[diff] [blame]105 if self.trustor_project_id:
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]106 self.projects_client.delete_project(self.trustor_project_id)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]107 if self.delegated_role_id:
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]108 self.client.delete_role(self.delegated_role_id)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]109 if self.not_delegated_role_id:
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]110 self.client.delete_role(self.not_delegated_role_id)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]111
112 def create_trust(self, impersonate=True, expires=None):
113
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]114 trust_create = self.trustor_client.create_trust(
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]115 trustor_user_id=self.trustor_user_id,
116 trustee_user_id=self.trustee_user_id,
117 project_id=self.trustor_project_id,
piyush1107864d7553a2015-12-10 10:57:40 +0530[diff] [blame]118 roles=[{'name': self.delegated_role}],
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]119 impersonation=impersonate,
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]120 expires_at=expires)['trust']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]121 self.trust_id = trust_create['id']
122 return trust_create
123
124 def validate_trust(self, trust, impersonate=True, expires=None,
125 summary=False):
126 self.assertIsNotNone(trust['id'])
127 self.assertEqual(impersonate, trust['impersonation'])
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]128 if expires is not None:
Yaroslav Lobankov8801baa2015-02-25 11:23:36 +0300[diff] [blame]129 # Omit microseconds component of the expiry time
Yaroslav Lobankov94340b52015-02-17 22:15:37 +0300[diff] [blame]130 trust_expires_at = re.sub(r'\.([0-9]){6}', '', trust['expires_at'])
131 self.assertEqual(expires, trust_expires_at)
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]132 else:
133 self.assertIsNone(trust['expires_at'])
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]134 self.assertEqual(self.trustor_user_id, trust['trustor_user_id'])
135 self.assertEqual(self.trustee_user_id, trust['trustee_user_id'])
136 self.assertIn('v3/OS-TRUST/trusts', trust['links']['self'])
137 self.assertEqual(self.trustor_project_id, trust['project_id'])
138 if not summary:
139 self.assertEqual(self.delegated_role, trust['roles'][0]['name'])
140 self.assertEqual(1, len(trust['roles']))
141
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]142 def show_trust(self):
143 trust_get = self.trustor_client.show_trust(self.trust_id)['trust']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]144 return trust_get
145
146 def validate_role(self, role):
147 self.assertEqual(self.delegated_role_id, role['id'])
148 self.assertEqual(self.delegated_role, role['name'])
149 self.assertIn('v3/roles/%s' % self.delegated_role_id,
150 role['links']['self'])
151 self.assertNotEqual(self.not_delegated_role_id, role['id'])
152 self.assertNotEqual(self.not_delegated_role, role['name'])
153 self.assertNotIn('v3/roles/%s' % self.not_delegated_role_id,
154 role['links']['self'])
155
156 def check_trust_roles(self):
157 # Check we find the delegated role
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]158 roles_get = self.trustor_client.list_trust_roles(
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]159 self.trust_id)['roles']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]160 self.assertEqual(1, len(roles_get))
161 self.validate_role(roles_get[0])
162
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]163 role_get = self.trustor_client.show_trust_role(
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]164 self.trust_id, self.delegated_role_id)['role']
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]165 self.validate_role(role_get)
166
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]167 role_get = self.trustor_client.check_trust_role(
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]168 self.trust_id, self.delegated_role_id)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]169
170 # And that we don't find not_delegated_role
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]171 self.assertRaises(lib_exc.NotFound,
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]172 self.trustor_client.show_trust_role,
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]173 self.trust_id,
174 self.not_delegated_role_id)
175
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]176 self.assertRaises(lib_exc.NotFound,
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]177 self.trustor_client.check_trust_role,
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]178 self.trust_id,
179 self.not_delegated_role_id)
180
181 def delete_trust(self):
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]182 self.trustor_client.delete_trust(self.trust_id)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]183 self.assertRaises(lib_exc.NotFound,
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]184 self.trustor_client.show_trust,
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]185 self.trust_id)
186 self.trust_id = None
187
188
189class TrustsV3TestJSON(BaseTrustsV3Test):
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]190
191 def setUp(self):
192 super(TrustsV3TestJSON, self).setUp()
193 self.create_trustor_and_roles()
Steven Hardy68f95282014-01-10 17:40:31 +0000[diff] [blame]194 self.addCleanup(self.cleanup_user_and_roles)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]195
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]196 @test.idempotent_id('5a0a91a4-baef-4a14-baba-59bf4d7fcace')
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]197 def test_trust_impersonate(self):
198 # Test case to check we can create, get and delete a trust
199 # updates are not supported for trusts
200 trust = self.create_trust()
201 self.validate_trust(trust)
202
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]203 trust_get = self.show_trust()
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]204 self.validate_trust(trust_get)
205
206 self.check_trust_roles()
207
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]208 @test.idempotent_id('ed2a8779-a7ac-49dc-afd7-30f32f936ed2')
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]209 def test_trust_noimpersonate(self):
210 # Test case to check we can create, get and delete a trust
211 # with impersonation=False
212 trust = self.create_trust(impersonate=False)
213 self.validate_trust(trust, impersonate=False)
214
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]215 trust_get = self.show_trust()
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]216 self.validate_trust(trust_get, impersonate=False)
217
218 self.check_trust_roles()
219
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]220 @test.idempotent_id('0ed14b66-cefd-4b5c-a964-65759453e292')
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]221 def test_trust_expire(self):
222 # Test case to check we can create, get and delete a trust
223 # with an expiry specified
224 expires_at = timeutils.utcnow() + datetime.timedelta(hours=1)
Yaroslav Lobankov94340b52015-02-17 22:15:37 +0300[diff] [blame]225 # NOTE(ylobankov) In some cases the expiry time may be rounded up
Yaroslav Lobankov8801baa2015-02-25 11:23:36 +0300[diff] [blame]226 # because of microseconds. In fact, it depends on database and its
227 # version. At least MySQL 5.6.16 does this.
228 # For example, when creating a trust, we will set the expiry time of
229 # the trust to 2015-02-17T17:34:01.907051Z. However, if we make a GET
230 # request on the trust, the response will contain the time rounded up
231 # to 2015-02-17T17:34:02.000000Z. That is why we shouldn't set flag
232 # "subsecond" to True when we invoke timeutils.isotime(...) to avoid
233 # problems with rounding.
Yaroslav Lobankov94340b52015-02-17 22:15:37 +0300[diff] [blame]234 expires_str = timeutils.isotime(at=expires_at)
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]235
236 trust = self.create_trust(expires=expires_str)
237 self.validate_trust(trust, expires=expires_str)
238
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]239 trust_get = self.show_trust()
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]240
241 self.validate_trust(trust_get, expires=expires_str)
242
243 self.check_trust_roles()
244
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]245 @test.idempotent_id('3e48f95d-e660-4fa9-85e0-5a3d85594384')
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]246 def test_trust_expire_invalid(self):
nayna-patel1dfbedb2015-08-04 11:07:56 +0000[diff] [blame]247 # Test case to check we can check an invalid expiry time
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]248 # is rejected with the correct error
249 # with an expiry specified
250 expires_str = 'bad.123Z'
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900[diff] [blame]251 self.assertRaises(lib_exc.BadRequest,
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]252 self.create_trust,
253 expires=expires_str)
Steven Hardyf31fd2d2013-12-10 17:02:36 +0000[diff] [blame]254
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]255 @test.idempotent_id('6268b345-87ca-47c0-9ce3-37792b43403a')
Steven Hardyf31fd2d2013-12-10 17:02:36 +0000[diff] [blame]256 def test_get_trusts_query(self):
257 self.create_trust()
Ken'ichi Ohmichi2c4cb0c2016-02-03 07:16:21 +0000[diff] [blame]258 trusts_get = self.trustor_client.list_trusts(
John Warren56317e02015-08-12 20:48:32 +0000[diff] [blame]259 trustor_user_id=self.trustor_user_id)['trusts']
Steven Hardyf31fd2d2013-12-10 17:02:36 +0000[diff] [blame]260 self.assertEqual(1, len(trusts_get))
261 self.validate_trust(trusts_get[0], summary=True)
262
Masayuki Igawaba7bcf62014-02-17 14:56:41 +0900[diff] [blame]263 @test.attr(type='smoke')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]264 @test.idempotent_id('4773ebd5-ecbf-4255-b8d8-b63e6f72b65d')
Steven Hardyf31fd2d2013-12-10 17:02:36 +0000[diff] [blame]265 def test_get_trusts_all(self):
266 self.create_trust()
Daniel Mellado76405392016-02-11 12:47:12 +0000[diff] [blame]267 trusts_get = self.trusts_client.list_trusts()['trusts']
Steven Hardyf31fd2d2013-12-10 17:02:36 +0000[diff] [blame]268 trusts = [t for t in trusts_get
269 if t['id'] == self.trust_id]
270 self.assertEqual(1, len(trusts))
271 self.validate_trust(trusts[0], summary=True)