Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 73ee247eebc92ed6ab5d16cacd373dd76722dd8e / . / tempest / api / compute / test_authorization.py
blob: 3fa4a89c4f68f5c9f58dbc8a58e0738338ba3e7d [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]1# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]15
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]16import StringIO
17
Sean Dague1937d092013-05-17 16:36:38 -0400[diff] [blame]18from tempest.api.compute import base
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]19from tempest import clients
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]20from tempest.common.utils import data_utils
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]21from tempest import config
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]22from tempest import exceptions
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]23from tempest.openstack.common import log as logging
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]24from tempest import test
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]25
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]26CONF = config.CONF
27
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]28LOG = logging.getLogger(__name__)
29
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]30
ivan-zhuf2b00502013-10-18 10:06:52 +0800[diff] [blame]31class AuthorizationTestJSON(base.BaseV2ComputeTest):
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]32 @classmethod
33 def setUpClass(cls):
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]34 if not CONF.service_available.glance:
35 raise cls.skipException('Glance is not available.')
Salvatore Orlando5a337242014-01-15 22:49:22 +0000[diff] [blame]36 # No network resources required for this test
37 cls.set_network_resources()
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]38 super(AuthorizationTestJSON, cls).setUpClass()
39 if not cls.multi_user:
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]40 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]41 raise cls.skipException(msg)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]42 cls.client = cls.os.servers_client
43 cls.images_client = cls.os.images_client
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]44 cls.glance_client = cls.os.image_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]45 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]46 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]47
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]48 if CONF.compute.allow_tenant_isolation:
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]49 creds = cls.isolated_creds.get_alt_creds()
Andrea Frittoli422fbdf2014-03-20 10:05:18 +0000[diff] [blame]50 cls.alt_manager = clients.Manager(credentials=creds)
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]51 else:
52 # Use the alt_XXX credentials in the config file
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]53 cls.alt_manager = clients.AltManager()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]54
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]55 cls.alt_client = cls.alt_manager.servers_client
56 cls.alt_images_client = cls.alt_manager.images_client
57 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
58 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]59
Ken'ichi Ohmichicfc052e2013-10-23 11:50:04 +0900[diff] [blame]60 resp, server = cls.create_test_server(wait_until='ACTIVE')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]61 resp, cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]62
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]63 name = data_utils.rand_name('image')
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]64 resp, body = cls.glance_client.create_image(name=name,
Matthew Treinish1d14c542014-06-17 20:25:40 -0400[diff] [blame]65 container_format='bare',
66 disk_format='raw',
67 is_public=False)
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]68 image_id = body['id']
69 image_file = StringIO.StringIO(('*' * 1024))
70 resp, body = cls.glance_client.update_image(image_id, data=image_file)
71 cls.glance_client.wait_for_image_status(image_id, 'active')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]72 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]73
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]74 cls.keypairname = data_utils.rand_name('keypair')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]75 resp, keypair = \
76 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]77
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]78 name = data_utils.rand_name('security')
79 description = data_utils.rand_name('description')
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]80 resp, cls.security_group = cls.security_client.create_security_group(
81 name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]82
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]83 parent_group_id = cls.security_group['id']
84 ip_protocol = 'tcp'
85 from_port = 22
86 to_port = 22
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]87 resp, cls.rule = cls.security_client.create_security_group_rule(
88 parent_group_id, ip_protocol, from_port, to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]89
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]90 @classmethod
91 def tearDownClass(cls):
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]92 if cls.multi_user:
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]93 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]94 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]95 cls.security_client.delete_security_group(cls.security_group['id'])
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]96 super(AuthorizationTestJSON, cls).tearDownClass()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]97
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]98 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]99 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]100 # A GET request for a server on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]101 self.assertRaises(exceptions.NotFound, self.alt_client.get_server,
102 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]103
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]104 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]105 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]106 # A DELETE request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]107 self.assertRaises(exceptions.NotFound, self.alt_client.delete_server,
108 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]109
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]110 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]111 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]112 # An update server request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]113 self.assertRaises(exceptions.NotFound, self.alt_client.update_server,
114 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]115
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]116 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]117 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]118 # A list addresses request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]119 self.assertRaises(exceptions.NotFound, self.alt_client.list_addresses,
120 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]121
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]122 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]123 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]124 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]125 server_id = self.server['id']
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]126 self.assertRaises(exceptions.NotFound,
127 self.alt_client.list_addresses_by_network, server_id,
128 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]129
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]130 @test.attr(type='gate')
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]131 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]132 # A list on servers from one tenant should not
133 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]134 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]135 alt_server_ids = []
136 resp, body = self.alt_client.list_servers()
137 alt_server_ids = [s['id'] for s in body['servers']]
138 self.assertNotIn(self.server['id'], alt_server_ids)
139
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]140 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]141 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]142 # A change password request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]143 self.assertRaises(exceptions.NotFound, self.alt_client.change_password,
144 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]145
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]146 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]147 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]148 # A reboot request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]149 self.assertRaises(exceptions.NotFound, self.alt_client.reboot,
150 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]151
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]152 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]153 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]154 # A rebuild request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]155 self.assertRaises(exceptions.NotFound, self.alt_client.rebuild,
156 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]157
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]158 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]159 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]160 # A resize request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]161 self.assertRaises(exceptions.NotFound, self.alt_client.resize,
162 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]163
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]164 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]165 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]166 # A create image request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]167 self.assertRaises(exceptions.NotFound,
168 self.alt_images_client.create_image,
169 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]170
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]171 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]172 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]173 # Server creation with another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]174 self.assertRaises(exceptions.BadRequest, self.alt_client.create_server,
175 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]176
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]177 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]178 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]179 # A create server request should fail if the tenant id does not match
180 # the current user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]181 # Change the base URL to impersonate another user
182 self.alt_client.auth_provider.set_alt_auth_data(
183 request_part='url',
184 auth_data=self.client.auth_provider.auth_data
185 )
186 self.assertRaises(exceptions.BadRequest,
187 self.alt_client.create_server, 'test',
188 self.image['id'], self.flavor_ref)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]189
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]190 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]191 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]192 # A create keypair request should fail if the tenant id does not match
193 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]194 # POST keypair with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]195 k_name = data_utils.rand_name('keypair-')
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]196 try:
197 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]198 self.alt_keypairs_client.auth_provider.set_alt_auth_data(
199 request_part='url',
200 auth_data=self.keypairs_client.auth_provider.auth_data
201 )
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]202 resp = {}
203 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]204 self.assertRaises(exceptions.BadRequest,
205 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]206 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]207 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]208 if (resp['status'] is not None):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]209 resp, _ = self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]210 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]211 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]212
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]213 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]214 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]215 # A GET request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]216 self.assertRaises(exceptions.NotFound,
217 self.alt_keypairs_client.get_keypair,
218 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]219
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]220 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]221 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]222 # A DELETE request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]223 self.assertRaises(exceptions.NotFound,
224 self.alt_keypairs_client.delete_keypair,
225 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]226
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]227 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]228 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]229 # A GET request for an image on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]230 self.assertRaises(exceptions.NotFound,
231 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]232
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]233 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]234 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]235 # A DELETE request for another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]236 self.assertRaises(exceptions.NotFound,
237 self.alt_images_client.delete_image,
238 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]239
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]240 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]241 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]242 # A create security group request should fail if the tenant id does not
243 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]244 # POST security group with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]245 s_name = data_utils.rand_name('security-')
246 s_description = data_utils.rand_name('security')
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]247 try:
248 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]249 self.alt_security_client.auth_provider.set_alt_auth_data(
250 request_part='url',
251 auth_data=self.security_client.auth_provider.auth_data
252 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]253 resp = {}
254 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]255 self.assertRaises(exceptions.BadRequest,
256 self.alt_security_client.create_security_group,
257 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]258 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]259 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]260 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]261 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]262 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]263 "the tenant id does not match the current user")
264
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]265 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]266 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]267 # A GET request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]268 self.assertRaises(exceptions.NotFound,
269 self.alt_security_client.get_security_group,
270 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]271
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]272 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]273 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]274 # A DELETE request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]275 self.assertRaises(exceptions.NotFound,
276 self.alt_security_client.delete_security_group,
277 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]278
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]279 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]280 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]281 # A create security group rule request should fail if the tenant id
282 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]283 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]284 parent_group_id = self.security_group['id']
285 ip_protocol = 'icmp'
286 from_port = -1
287 to_port = -1
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]288 try:
289 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]290 self.alt_security_client.auth_provider.set_alt_auth_data(
291 request_part='url',
292 auth_data=self.security_client.auth_provider.auth_data
293 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]294 resp = {}
295 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]296 self.assertRaises(exceptions.BadRequest,
297 self.alt_security_client.
298 create_security_group_rule,
299 parent_group_id, ip_protocol, from_port,
300 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]301 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]302 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]303 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]304 self.alt_security_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]305 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]306 "happen if the tenant id does not match the"
307 " current user")
308
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]309 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]310 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]311 # A DELETE request for another user's security group rule
312 # should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]313 self.assertRaises(exceptions.NotFound,
314 self.alt_security_client.delete_security_group_rule,
315 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]316
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]317 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]318 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]319 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]320 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]321 self.assertRaises(exceptions.NotFound,
322 self.alt_client.set_server_metadata,
323 self.server['id'],
324 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]325
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]326 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]327 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]328 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]329 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]330 self.assertRaises(exceptions.NotFound,
331 self.alt_images_client.set_image_metadata,
332 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]333
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]334 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]335 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]336 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]337 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]338 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]339 self.addCleanup(self.client.delete_server_metadata_item,
340 self.server['id'], 'meta1')
341 self.assertRaises(exceptions.NotFound,
342 self.alt_client.get_server_metadata_item,
343 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]344
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]345 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]346 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]347 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]348 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]349 self.addCleanup(self.images_client.delete_image_metadata_item,
350 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]351 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]352 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]353 self.assertRaises(exceptions.NotFound,
354 self.alt_images_client.get_image_metadata_item,
355 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]356
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]357 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]358 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]359 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]360 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]361 self.addCleanup(self.client.delete_server_metadata_item,
362 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]363 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]364 self.assertRaises(exceptions.NotFound,
365 self.alt_client.delete_server_metadata_item,
366 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]367
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]368 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]369 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]370 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]371 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]372 self.addCleanup(self.images_client.delete_image_metadata_item,
373 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]374 self.images_client.set_image_metadata(self.image['id'],
375 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]376 self.assertRaises(exceptions.NotFound,
377 self.alt_images_client.delete_image_metadata_item,
378 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530[diff] [blame]379
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]380 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]381 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]382 # A Get Console Output for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]383 self.assertRaises(exceptions.NotFound,
384 self.alt_client.get_console_output,
385 self.server['id'], 10)
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]386
387
388class AuthorizationTestXML(AuthorizationTestJSON):
389 _interface = 'xml'