Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 5eee9908e6c5d54d13b7b2f487ff4eee65c535bd / . / tempest / api / identity / admin / v3 / test_tokens.py
blob: 951bc78dd92d6a159100270c37174187b272b676 [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]1# Copyright 2012 OpenStack Foundation
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]16from tempest_lib import exceptions as lib_exc
17
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]18from tempest.api.identity import base
Fei Long Wangd39431f2015-05-14 11:30:48 +1200[diff] [blame]19from tempest.common.utils import data_utils
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]20from tempest import test
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]21
22
Masayuki Igawabe64ed32014-02-19 14:32:03 +0900[diff] [blame]23class TokensV3TestJSON(base.BaseIdentityV3AdminTest):
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]24
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]25 @test.idempotent_id('0f9f5a5f-d5cd-4a86-8a5b-c5ded151f212')
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]26 def test_tokens(self):
27 # Valid user's token is authenticated
28 # Create a User
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]29 u_name = data_utils.rand_name('user')
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]30 u_desc = '%s-description' % u_name
31 u_email = '%s@testmail.tm' % u_name
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]32 u_password = data_utils.rand_name('pass')
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]33 user = self.client.create_user(
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]34 u_name, description=u_desc, password=u_password,
35 email=u_email)
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]36 self.addCleanup(self.client.delete_user, user['id'])
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]37 # Perform Authentication
Jamie Lennox97504612015-02-26 16:47:06 +1100[diff] [blame]38 resp = self.token.auth(user_id=user['id'],
39 password=u_password).response
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]40 subject_token = resp['x-subject-token']
41 # Perform GET Token
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]42 token_details = self.client.get_token(subject_token)
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]43 self.assertEqual(resp['x-subject-token'], subject_token)
44 self.assertEqual(token_details['user']['id'], user['id'])
45 self.assertEqual(token_details['user']['name'], u_name)
46 # Perform Delete Token
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]47 self.client.delete_token(subject_token)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]48 self.assertRaises(lib_exc.NotFound, self.client.get_token,
nayna-patelb35f7232013-06-28 07:08:44 +0000[diff] [blame]49 subject_token)
50
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]51 @test.idempotent_id('565fa210-1da1-4563-999b-f7b5b67cf112')
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]52 def test_rescope_token(self):
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]53 """Rescope a token.
54
55 An unscoped token can be requested, that token can be used to request a
56 scoped token. The scoped token can be revoked, and the original token
57 used to get a token in a different project.
58
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]59 """
60
61 # Create a user.
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]62 user_name = data_utils.rand_name(name='user')
63 user_password = data_utils.rand_name(name='pass')
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]64 user = self.client.create_user(user_name, password=user_password)
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]65 self.addCleanup(self.client.delete_user, user['id'])
66
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]67 # Create a couple projects
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]68 project1_name = data_utils.rand_name(name='project')
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]69 project1 = self.client.create_project(project1_name)
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]70 self.addCleanup(self.client.delete_project, project1['id'])
71
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]72 project2_name = data_utils.rand_name(name='project')
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]73 project2 = self.client.create_project(project2_name)
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]74 self.addCleanup(self.client.delete_project, project2['id'])
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]75
76 # Create a role
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]77 role_name = data_utils.rand_name(name='role')
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]78 role = self.client.create_role(role_name)
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]79 self.addCleanup(self.client.delete_role, role['id'])
80
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]81 # Grant the user the role on both projects.
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]82 self.client.assign_user_role(project1['id'], user['id'],
83 role['id'])
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]84
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]85 self.client.assign_user_role(project2['id'], user['id'],
86 role['id'])
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]87
88 # Get an unscoped token.
Jamie Lennox97504612015-02-26 16:47:06 +1100[diff] [blame]89 token_auth = self.token.auth(user_id=user['id'],
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]90 password=user_password)
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]91
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]92 token_id = token_auth.response['x-subject-token']
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]93 orig_expires_at = token_auth['token']['expires_at']
94 orig_issued_at = token_auth['token']['issued_at']
95 orig_user = token_auth['token']['user']
96
97 self.assertIsInstance(token_auth['token']['expires_at'], unicode)
98 self.assertIsInstance(token_auth['token']['issued_at'], unicode)
99 self.assertEqual(['password'], token_auth['token']['methods'])
100 self.assertEqual(user['id'], token_auth['token']['user']['id'])
101 self.assertEqual(user['name'], token_auth['token']['user']['name'])
102 self.assertEqual('default',
103 token_auth['token']['user']['domain']['id'])
104 self.assertEqual('Default',
105 token_auth['token']['user']['domain']['name'])
106 self.assertNotIn('catalog', token_auth['token'])
107 self.assertNotIn('project', token_auth['token'])
108 self.assertNotIn('roles', token_auth['token'])
109
110 # Use the unscoped token to get a scoped token.
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]111 token_auth = self.token.auth(token=token_id,
Jamie Lennox97504612015-02-26 16:47:06 +1100[diff] [blame]112 project_name=project1_name,
113 project_domain_name='Default')
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]114 token1_id = token_auth.response['x-subject-token']
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]115
116 self.assertEqual(orig_expires_at, token_auth['token']['expires_at'],
117 'Expiration time should match original token')
118 self.assertIsInstance(token_auth['token']['issued_at'], unicode)
119 self.assertNotEqual(orig_issued_at, token_auth['token']['issued_at'])
120 self.assertEqual(set(['password', 'token']),
121 set(token_auth['token']['methods']))
122 self.assertEqual(orig_user, token_auth['token']['user'],
123 'User should match original token')
124 self.assertIsInstance(token_auth['token']['catalog'], list)
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]125 self.assertEqual(project1['id'],
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]126 token_auth['token']['project']['id'])
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]127 self.assertEqual(project1['name'],
Brant Knudsonc5553292014-03-15 11:06:05 -0500[diff] [blame]128 token_auth['token']['project']['name'])
129 self.assertEqual('default',
130 token_auth['token']['project']['domain']['id'])
131 self.assertEqual('Default',
132 token_auth['token']['project']['domain']['name'])
133 self.assertEqual(1, len(token_auth['token']['roles']))
134 self.assertEqual(role['id'], token_auth['token']['roles'][0]['id'])
135 self.assertEqual(role['name'], token_auth['token']['roles'][0]['name'])
136
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]137 # Revoke the unscoped token.
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]138 self.client.delete_token(token1_id)
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]139
140 # Now get another scoped token using the unscoped token.
David Kranzd8ccb792014-12-29 11:32:05 -0500[diff] [blame]141 token_auth = self.token.auth(token=token_id,
Jamie Lennox97504612015-02-26 16:47:06 +1100[diff] [blame]142 project_name=project2_name,
143 project_domain_name='Default')
Brant Knudson5ee44a42014-03-16 10:55:21 -0500[diff] [blame]144
145 self.assertEqual(project2['id'],
146 token_auth['token']['project']['id'])
147 self.assertEqual(project2['name'],
148 token_auth['token']['project']['name'])