Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 7704f283488afe1db9f0ac61176f807962f8b7b2 / . / tempest / api / compute / test_authorization.py
blob: ed7206190b7c71dca1bda5d7310228bbe880a9c0 [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]1# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]15
Sean Dague1937d092013-05-17 16:36:38 -0400[diff] [blame]16from tempest.api.compute import base
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]17from tempest import clients
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]18from tempest.common.utils import data_utils
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]19from tempest import config
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]20from tempest import exceptions
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]21from tempest.openstack.common import log as logging
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]22from tempest.test import attr
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]23
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]24CONF = config.CONF
25
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]26LOG = logging.getLogger(__name__)
27
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]28
ivan-zhuf2b00502013-10-18 10:06:52 +0800[diff] [blame]29class AuthorizationTestJSON(base.BaseV2ComputeTest):
Attila Fazekas19044d52013-02-16 07:35:06 +0100[diff] [blame]30 _interface = 'json'
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]31
32 @classmethod
33 def setUpClass(cls):
Salvatore Orlando5a337242014-01-15 22:49:22 +0000[diff] [blame]34 # No network resources required for this test
35 cls.set_network_resources()
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]36 super(AuthorizationTestJSON, cls).setUpClass()
37 if not cls.multi_user:
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]38 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]39 raise cls.skipException(msg)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]40 cls.client = cls.os.servers_client
41 cls.images_client = cls.os.images_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]42 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]43 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]44
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]45 if CONF.compute.allow_tenant_isolation:
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]46 creds = cls.isolated_creds.get_alt_creds()
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]47 username, tenant_name, password = creds
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]48 cls.alt_manager = clients.Manager(username=username,
49 password=password,
50 tenant_name=tenant_name)
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]51 else:
52 # Use the alt_XXX credentials in the config file
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]53 cls.alt_manager = clients.AltManager()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]54
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]55 cls.alt_client = cls.alt_manager.servers_client
56 cls.alt_images_client = cls.alt_manager.images_client
57 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
58 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]59
Ken'ichi Ohmichicfc052e2013-10-23 11:50:04 +0900[diff] [blame]60 resp, server = cls.create_test_server(wait_until='ACTIVE')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]61 resp, cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]62
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]63 name = data_utils.rand_name('image')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]64 resp, body = cls.client.create_image(server['id'], name)
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]65 image_id = data_utils.parse_image_id(resp['location'])
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]66 cls.images_client.wait_for_image_status(image_id, 'ACTIVE')
67 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]68
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]69 cls.keypairname = data_utils.rand_name('keypair')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]70 resp, keypair = \
71 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]72
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]73 name = data_utils.rand_name('security')
74 description = data_utils.rand_name('description')
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]75 resp, cls.security_group = cls.security_client.create_security_group(
76 name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]77
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]78 parent_group_id = cls.security_group['id']
79 ip_protocol = 'tcp'
80 from_port = 22
81 to_port = 22
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]82 resp, cls.rule = cls.security_client.create_security_group_rule(
83 parent_group_id, ip_protocol, from_port, to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]84
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]85 @classmethod
86 def tearDownClass(cls):
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]87 if cls.multi_user:
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]88 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]89 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]90 cls.security_client.delete_security_group(cls.security_group['id'])
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]91 super(AuthorizationTestJSON, cls).tearDownClass()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]92
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]93 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]94 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]95 # A GET request for a server on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]96 self.assertRaises(exceptions.NotFound, self.alt_client.get_server,
97 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]98
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]99 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]100 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]101 # A DELETE request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]102 self.assertRaises(exceptions.NotFound, self.alt_client.delete_server,
103 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]104
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]105 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]106 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]107 # An update server request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]108 self.assertRaises(exceptions.NotFound, self.alt_client.update_server,
109 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]110
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]111 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]112 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]113 # A list addresses request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]114 self.assertRaises(exceptions.NotFound, self.alt_client.list_addresses,
115 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]116
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]117 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]118 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]119 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]120 server_id = self.server['id']
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]121 self.assertRaises(exceptions.NotFound,
122 self.alt_client.list_addresses_by_network, server_id,
123 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]124
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]125 @attr(type='gate')
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]126 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]127 # A list on servers from one tenant should not
128 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]129 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]130 alt_server_ids = []
131 resp, body = self.alt_client.list_servers()
132 alt_server_ids = [s['id'] for s in body['servers']]
133 self.assertNotIn(self.server['id'], alt_server_ids)
134
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]135 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]136 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]137 # A change password request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]138 self.assertRaises(exceptions.NotFound, self.alt_client.change_password,
139 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]140
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]141 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]142 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]143 # A reboot request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]144 self.assertRaises(exceptions.NotFound, self.alt_client.reboot,
145 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]146
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]147 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]148 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]149 # A rebuild request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]150 self.assertRaises(exceptions.NotFound, self.alt_client.rebuild,
151 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]152
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]153 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]154 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]155 # A resize request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]156 self.assertRaises(exceptions.NotFound, self.alt_client.resize,
157 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]158
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]159 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]160 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]161 # A create image request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]162 self.assertRaises(exceptions.NotFound,
163 self.alt_images_client.create_image,
164 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]165
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]166 @attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]167 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]168 # Server creation with another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]169 self.assertRaises(exceptions.BadRequest, self.alt_client.create_server,
170 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]171
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]172 @attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]173 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]174 # A create server request should fail if the tenant id does not match
175 # the current user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]176 # Change the base URL to impersonate another user
177 self.alt_client.auth_provider.set_alt_auth_data(
178 request_part='url',
179 auth_data=self.client.auth_provider.auth_data
180 )
181 self.assertRaises(exceptions.BadRequest,
182 self.alt_client.create_server, 'test',
183 self.image['id'], self.flavor_ref)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]184
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]185 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]186 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]187 # A create keypair request should fail if the tenant id does not match
188 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]189 # POST keypair with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]190 k_name = data_utils.rand_name('keypair-')
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]191 try:
192 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]193 self.alt_keypairs_client.auth_provider.set_alt_auth_data(
194 request_part='url',
195 auth_data=self.keypairs_client.auth_provider.auth_data
196 )
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]197 resp = {}
198 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]199 self.assertRaises(exceptions.BadRequest,
200 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]201 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]202 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]203 if (resp['status'] is not None):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]204 resp, _ = self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]205 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]206 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]207
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]208 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]209 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]210 # A GET request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]211 self.assertRaises(exceptions.NotFound,
212 self.alt_keypairs_client.get_keypair,
213 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]214
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]215 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]216 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]217 # A DELETE request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]218 self.assertRaises(exceptions.NotFound,
219 self.alt_keypairs_client.delete_keypair,
220 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]221
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]222 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]223 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]224 # A GET request for an image on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]225 self.assertRaises(exceptions.NotFound,
226 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]227
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]228 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]229 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]230 # A DELETE request for another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]231 self.assertRaises(exceptions.NotFound,
232 self.alt_images_client.delete_image,
233 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]234
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]235 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]236 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]237 # A create security group request should fail if the tenant id does not
238 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]239 # POST security group with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]240 s_name = data_utils.rand_name('security-')
241 s_description = data_utils.rand_name('security')
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]242 try:
243 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]244 self.alt_security_client.auth_provider.set_alt_auth_data(
245 request_part='url',
246 auth_data=self.security_client.auth_provider.auth_data
247 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]248 resp = {}
249 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]250 self.assertRaises(exceptions.BadRequest,
251 self.alt_security_client.create_security_group,
252 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]253 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]254 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]255 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]256 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]257 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]258 "the tenant id does not match the current user")
259
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]260 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]261 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]262 # A GET request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]263 self.assertRaises(exceptions.NotFound,
264 self.alt_security_client.get_security_group,
265 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]266
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]267 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]268 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]269 # A DELETE request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]270 self.assertRaises(exceptions.NotFound,
271 self.alt_security_client.delete_security_group,
272 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]273
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]274 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]275 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]276 # A create security group rule request should fail if the tenant id
277 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]278 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]279 parent_group_id = self.security_group['id']
280 ip_protocol = 'icmp'
281 from_port = -1
282 to_port = -1
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]283 try:
284 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]285 self.alt_security_client.auth_provider.set_alt_auth_data(
286 request_part='url',
287 auth_data=self.security_client.auth_provider.auth_data
288 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]289 resp = {}
290 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]291 self.assertRaises(exceptions.BadRequest,
292 self.alt_security_client.
293 create_security_group_rule,
294 parent_group_id, ip_protocol, from_port,
295 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]296 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]297 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]298 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]299 self.alt_security_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]300 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]301 "happen if the tenant id does not match the"
302 " current user")
303
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]304 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]305 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]306 # A DELETE request for another user's security group rule
307 # should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]308 self.assertRaises(exceptions.NotFound,
309 self.alt_security_client.delete_security_group_rule,
310 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]311
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]312 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]313 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]314 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]315 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]316 self.assertRaises(exceptions.NotFound,
317 self.alt_client.set_server_metadata,
318 self.server['id'],
319 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]320
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]321 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]322 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]323 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]324 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]325 self.assertRaises(exceptions.NotFound,
326 self.alt_images_client.set_image_metadata,
327 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]328
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]329 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]330 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]331 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]332 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]333 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]334 self.addCleanup(self.client.delete_server_metadata_item,
335 self.server['id'], 'meta1')
336 self.assertRaises(exceptions.NotFound,
337 self.alt_client.get_server_metadata_item,
338 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]339
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]340 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]341 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]342 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]343 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]344 self.addCleanup(self.images_client.delete_image_metadata_item,
345 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]346 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]347 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]348 self.assertRaises(exceptions.NotFound,
349 self.alt_images_client.get_image_metadata_item,
350 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]351
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]352 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]353 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]354 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]355 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]356 self.addCleanup(self.client.delete_server_metadata_item,
357 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]358 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]359 self.assertRaises(exceptions.NotFound,
360 self.alt_client.delete_server_metadata_item,
361 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]362
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]363 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]364 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]365 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]366 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]367 self.addCleanup(self.images_client.delete_image_metadata_item,
368 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]369 self.images_client.set_image_metadata(self.image['id'],
370 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]371 self.assertRaises(exceptions.NotFound,
372 self.alt_images_client.delete_image_metadata_item,
373 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530[diff] [blame]374
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]375 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]376 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]377 # A Get Console Output for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]378 self.assertRaises(exceptions.NotFound,
379 self.alt_client.get_console_output,
380 self.server['id'], 10)
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]381
382
383class AuthorizationTestXML(AuthorizationTestJSON):
384 _interface = 'xml'