Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 7579c1a40e68e58af2403181c67e2e687e8cf074 / . / tempest / api / compute / test_authorization.py
blob: 2dbe1234f1d01176867708c168aac18f2ae292ba [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]1# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]15
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]16import StringIO
17
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]18from tempest_lib import exceptions as lib_exc
19
Sean Dague1937d092013-05-17 16:36:38 -0400[diff] [blame]20from tempest.api.compute import base
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]21from tempest import clients
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]22from tempest.common.utils import data_utils
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]23from tempest import config
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]24from tempest.openstack.common import log as logging
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]25from tempest import test
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]26
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]27CONF = config.CONF
28
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]29LOG = logging.getLogger(__name__)
30
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]31
ivan-zhuf2b00502013-10-18 10:06:52 +0800[diff] [blame]32class AuthorizationTestJSON(base.BaseV2ComputeTest):
Emily Hugenbruche7991d92014-12-12 16:53:36 +0000[diff] [blame]33
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]34 @classmethod
Emily Hugenbruche7991d92014-12-12 16:53:36 +0000[diff] [blame]35 def skip_checks(cls):
36 super(AuthorizationTestJSON, cls).skip_checks()
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]37 if not CONF.service_available.glance:
38 raise cls.skipException('Glance is not available.')
Emily Hugenbruche7991d92014-12-12 16:53:36 +0000[diff] [blame]39
40 @classmethod
41 def setup_credentials(cls):
Salvatore Orlando5a337242014-01-15 22:49:22 +0000[diff] [blame]42 # No network resources required for this test
43 cls.set_network_resources()
Emily Hugenbruche7991d92014-12-12 16:53:36 +0000[diff] [blame]44 super(AuthorizationTestJSON, cls).setup_credentials()
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]45 if not cls.multi_user:
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]46 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]47 raise cls.skipException(msg)
Emily Hugenbruche7991d92014-12-12 16:53:36 +0000[diff] [blame]48
49 creds = cls.isolated_creds.get_alt_creds()
50 cls.alt_manager = clients.Manager(credentials=creds)
51
52 @classmethod
53 def setup_clients(cls):
54 super(AuthorizationTestJSON, cls).setup_clients()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]55 cls.client = cls.os.servers_client
56 cls.images_client = cls.os.images_client
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]57 cls.glance_client = cls.os.image_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]58 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]59 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]60
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]61 cls.alt_client = cls.alt_manager.servers_client
62 cls.alt_images_client = cls.alt_manager.images_client
63 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
64 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]65
Emily Hugenbruche7991d92014-12-12 16:53:36 +0000[diff] [blame]66 @classmethod
67 def resource_setup(cls):
68 super(AuthorizationTestJSON, cls).resource_setup()
David Kranz0fb14292015-02-11 15:55:20 -0500[diff] [blame]69 server = cls.create_test_server(wait_until='ACTIVE')
70 cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]71
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]72 name = data_utils.rand_name('image')
David Kranz34f18782015-01-06 13:43:55 -0500[diff] [blame]73 body = cls.glance_client.create_image(name=name,
74 container_format='bare',
75 disk_format='raw',
76 is_public=False)
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]77 image_id = body['id']
78 image_file = StringIO.StringIO(('*' * 1024))
David Kranz34f18782015-01-06 13:43:55 -0500[diff] [blame]79 body = cls.glance_client.update_image(image_id, data=image_file)
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]80 cls.glance_client.wait_for_image_status(image_id, 'active')
David Kranza5299eb2015-01-15 17:24:05 -0500[diff] [blame]81 cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]82
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]83 cls.keypairname = data_utils.rand_name('keypair')
David Kranz173f0e02015-02-06 13:47:57 -0500[diff] [blame]84 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]85
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]86 name = data_utils.rand_name('security')
87 description = data_utils.rand_name('description')
David Kranz9964b4e2015-02-06 15:45:29 -0500[diff] [blame]88 cls.security_group = cls.security_client.create_security_group(
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]89 name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]90
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]91 parent_group_id = cls.security_group['id']
92 ip_protocol = 'tcp'
93 from_port = 22
94 to_port = 22
David Kranz9964b4e2015-02-06 15:45:29 -0500[diff] [blame]95 cls.rule = cls.security_client.create_security_group_rule(
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]96 parent_group_id, ip_protocol, from_port, to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]97
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]98 @classmethod
Andrea Frittoli50bb80d2014-09-15 12:34:27 +0100[diff] [blame]99 def resource_cleanup(cls):
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]100 if cls.multi_user:
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]101 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]102 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]103 cls.security_client.delete_security_group(cls.security_group['id'])
Andrea Frittoli50bb80d2014-09-15 12:34:27 +0100[diff] [blame]104 super(AuthorizationTestJSON, cls).resource_cleanup()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]105
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]106 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]107 @test.idempotent_id('56816e4a-bd34-47b5-aee9-268c3efeb5d4')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]108 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]109 # A GET request for a server on another user's account should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]110 self.assertRaises(lib_exc.NotFound, self.alt_client.get_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]111 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]112
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]113 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]114 @test.idempotent_id('fb8a4870-6d9d-44ad-8375-95d52e98d9f6')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]115 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]116 # A DELETE request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]117 self.assertRaises(lib_exc.NotFound, self.alt_client.delete_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]118 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]119
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]120 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]121 @test.idempotent_id('d792f91f-1d49-4eb5-b1ff-b229c4b9dc64')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]122 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]123 # An update server request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]124 self.assertRaises(lib_exc.NotFound, self.alt_client.update_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]125 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]126
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]127 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]128 @test.idempotent_id('488f24df-d7f7-4207-949a-f17fcb8e8769')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]129 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]130 # A list addresses request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]131 self.assertRaises(lib_exc.NotFound, self.alt_client.list_addresses,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]132 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]133
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]134 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]135 @test.idempotent_id('00b442d0-2e72-40e7-9b1f-31772e36da01')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]136 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]137 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]138 server_id = self.server['id']
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]139 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]140 self.alt_client.list_addresses_by_network, server_id,
141 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]142
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]143 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]144 @test.idempotent_id('cc90b35a-19f0-45d2-b680-2aabf934aa22')
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]145 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]146 # A list on servers from one tenant should not
147 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]148 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]149 alt_server_ids = []
David Kranzae99b9a2015-02-16 13:37:01 -0500[diff] [blame]150 body = self.alt_client.list_servers()
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]151 alt_server_ids = [s['id'] for s in body['servers']]
152 self.assertNotIn(self.server['id'], alt_server_ids)
153
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]154 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]155 @test.idempotent_id('376dbc16-0779-4384-a723-752774799641')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]156 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]157 # A change password request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]158 self.assertRaises(lib_exc.NotFound, self.alt_client.change_password,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]159 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]160
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]161 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]162 @test.idempotent_id('14cb5ff5-f646-45ca-8f51-09081d6c0c24')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]163 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]164 # A reboot request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]165 self.assertRaises(lib_exc.NotFound, self.alt_client.reboot,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]166 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]167
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]168 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]169 @test.idempotent_id('8a0bce51-cd00-480b-88ba-dbc7d8408a37')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]170 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]171 # A rebuild request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]172 self.assertRaises(lib_exc.NotFound, self.alt_client.rebuild,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]173 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]174
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]175 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]176 @test.idempotent_id('e4da647e-f982-4e61-9dad-1d1abebfb933')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]177 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]178 # A resize request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]179 self.assertRaises(lib_exc.NotFound, self.alt_client.resize,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]180 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]181
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]182 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]183 @test.idempotent_id('a9fe8112-0ffa-4902-b061-f892bd5fe0d3')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]184 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]185 # A create image request for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]186 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]187 self.alt_images_client.create_image,
188 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]189
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]190 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]191 @test.idempotent_id('95d445f6-babc-4f2e-aea3-aa24ec5e7f0d')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]192 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]193 # Server creation with another user's image should fail
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900[diff] [blame]194 self.assertRaises(lib_exc.BadRequest, self.alt_client.create_server,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]195 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]196
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]197 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]198 @test.idempotent_id('acf8724b-142b-4044-82c3-78d31a533f24')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]199 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]200 # A create server request should fail if the tenant id does not match
201 # the current user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]202 # Change the base URL to impersonate another user
203 self.alt_client.auth_provider.set_alt_auth_data(
204 request_part='url',
205 auth_data=self.client.auth_provider.auth_data
206 )
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900[diff] [blame]207 self.assertRaises(lib_exc.BadRequest,
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]208 self.alt_client.create_server, 'test',
209 self.image['id'], self.flavor_ref)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]210
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]211 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]212 @test.idempotent_id('f03d1ded-7fd4-4d29-bc13-e2391f29c625')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]213 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]214 # A create keypair request should fail if the tenant id does not match
215 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]216 # POST keypair with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]217 k_name = data_utils.rand_name('keypair-')
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]218 try:
219 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]220 self.alt_keypairs_client.auth_provider.set_alt_auth_data(
221 request_part='url',
222 auth_data=self.keypairs_client.auth_provider.auth_data
223 )
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]224 resp = {}
225 resp['status'] = None
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900[diff] [blame]226 self.assertRaises(lib_exc.BadRequest,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]227 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]228 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]229 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]230 if (resp['status'] is not None):
David Kranz173f0e02015-02-06 13:47:57 -0500[diff] [blame]231 self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]232 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]233 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]234
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]235 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]236 @test.idempotent_id('85bcdd8f-56b4-4868-ae56-63fbf6f7e405')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]237 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]238 # A GET request for another user's keypair should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]239 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]240 self.alt_keypairs_client.get_keypair,
241 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]242
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]243 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]244 @test.idempotent_id('6d841683-a8e0-43da-a1b8-b339f7692b61')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]245 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]246 # A DELETE request for another user's keypair should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]247 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]248 self.alt_keypairs_client.delete_keypair,
249 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]250
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]251 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]252 @test.idempotent_id('fcb2e144-36e3-4dfb-9f9f-e72fcdec5656')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]253 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]254 # A GET request for an image on another user's account should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]255 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]256 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]257
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]258 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]259 @test.idempotent_id('9facb962-f043-4a9d-b9ee-166a32dea098')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]260 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]261 # A DELETE request for another user's image should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]262 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]263 self.alt_images_client.delete_image,
264 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]265
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]266 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]267 @test.idempotent_id('752c917e-83be-499d-a422-3559127f7d3c')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]268 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]269 # A create security group request should fail if the tenant id does not
270 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]271 # POST security group with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]272 s_name = data_utils.rand_name('security-')
273 s_description = data_utils.rand_name('security')
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]274 try:
275 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]276 self.alt_security_client.auth_provider.set_alt_auth_data(
277 request_part='url',
278 auth_data=self.security_client.auth_provider.auth_data
279 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]280 resp = {}
281 resp['status'] = None
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900[diff] [blame]282 self.assertRaises(lib_exc.BadRequest,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]283 self.alt_security_client.create_security_group,
284 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]285 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]286 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]287 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]288 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]289 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]290 "the tenant id does not match the current user")
291
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]292 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]293 @test.idempotent_id('9db3590f-4d15-4e5f-985e-b28514919a6f')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]294 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]295 # A GET request for another user's security group should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]296 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]297 self.alt_security_client.get_security_group,
298 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]299
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]300 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]301 @test.idempotent_id('155387a5-2bbc-4acf-ab06-698dae537ea5')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]302 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]303 # A DELETE request for another user's security group should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]304 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]305 self.alt_security_client.delete_security_group,
306 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]307
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]308 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]309 @test.idempotent_id('b2b76de0-210a-4089-b921-591c9ec552f6')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]310 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]311 # A create security group rule request should fail if the tenant id
312 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]313 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]314 parent_group_id = self.security_group['id']
315 ip_protocol = 'icmp'
316 from_port = -1
317 to_port = -1
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]318 try:
319 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]320 self.alt_security_client.auth_provider.set_alt_auth_data(
321 request_part='url',
322 auth_data=self.security_client.auth_provider.auth_data
323 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]324 resp = {}
325 resp['status'] = None
Masayuki Igawa4b29e472015-02-16 10:41:54 +0900[diff] [blame]326 self.assertRaises(lib_exc.BadRequest,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]327 self.alt_security_client.
328 create_security_group_rule,
329 parent_group_id, ip_protocol, from_port,
330 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]331 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]332 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]333 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]334 self.alt_security_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]335 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]336 "happen if the tenant id does not match the"
337 " current user")
338
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]339 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]340 @test.idempotent_id('c6044177-37ef-4ce4-b12c-270ddf26d7da')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]341 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]342 # A DELETE request for another user's security group rule
343 # should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]344 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]345 self.alt_security_client.delete_security_group_rule,
346 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]347
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]348 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]349 @test.idempotent_id('c5f52351-53d9-4fc9-83e5-917f7f5e3d71')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]350 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]351 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]352 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]353 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]354 self.alt_client.set_server_metadata,
355 self.server['id'],
356 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]357
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]358 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]359 @test.idempotent_id('fb6f51e9-df15-4939-898d-1aca38c258f0')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]360 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]361 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]362 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]363 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]364 self.alt_images_client.set_image_metadata,
365 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]366
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]367 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]368 @test.idempotent_id('dea1936a-473d-49f2-92ad-97bb7aded22e')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]369 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]370 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]371 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]372 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]373 self.addCleanup(self.client.delete_server_metadata_item,
374 self.server['id'], 'meta1')
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]375 self.assertRaises(lib_exc.NotFound,
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]376 self.alt_client.get_server_metadata_item,
377 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]378
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]379 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]380 @test.idempotent_id('16b2d724-0d3b-4216-a9fa-97bd4d9cf670')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]381 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]382 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]383 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]384 self.addCleanup(self.images_client.delete_image_metadata_item,
385 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]386 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]387 req_metadata)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]388 self.assertRaises(lib_exc.NotFound,
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]389 self.alt_images_client.get_image_metadata_item,
390 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]391
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]392 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]393 @test.idempotent_id('79531e2e-e721-493c-8b30-a35db36fdaa6')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]394 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]395 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]396 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]397 self.addCleanup(self.client.delete_server_metadata_item,
398 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]399 self.client.set_server_metadata(self.server['id'], req_metadata)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]400 self.assertRaises(lib_exc.NotFound,
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]401 self.alt_client.delete_server_metadata_item,
402 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]403
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]404 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]405 @test.idempotent_id('a5175dcf-cef8-43d6-9b77-3cb707d62e94')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]406 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]407 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]408 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]409 self.addCleanup(self.images_client.delete_image_metadata_item,
410 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]411 self.images_client.set_image_metadata(self.image['id'],
412 req_metadata)
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]413 self.assertRaises(lib_exc.NotFound,
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]414 self.alt_images_client.delete_image_metadata_item,
415 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530[diff] [blame]416
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]417 @test.attr(type='gate')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame^]418 @test.idempotent_id('b0c1e7a0-8853-40fd-8384-01f93d116cae')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]419 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]420 # A Get Console Output for another user's server should fail
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]421 self.assertRaises(lib_exc.NotFound,
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]422 self.alt_client.get_console_output,
423 self.server['id'], 10)