Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 9dea88ebad6df96d072f0b0a68218ae096f38dfe / . / tempest / api / identity / admin / v2 / test_tokens.py
blob: ee044201aa6eecf75964d259a5c3d4c5bf274ccb [file] [log] [blame]
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]1# Copyright 2013 Huawei Technologies Co.,LTD.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]16from tempest.api.identity import base
Fei Long Wangd39431f2015-05-14 11:30:48 +1200[diff] [blame]17from tempest.common.utils import data_utils
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]18from tempest import test
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]19
20
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]21class TokensTestJSON(base.BaseIdentityV2AdminTest):
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]22
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]23 @test.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586')
Zhi Kun Liu30caeae2014-02-26 15:30:24 +0800[diff] [blame]24 def test_create_get_delete_token(self):
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]25 # get a token by username and password
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]26 user_name = data_utils.rand_name(name='user')
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -0600[diff] [blame]27 user_password = data_utils.rand_password()
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]28 # first:create a tenant
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]29 tenant_name = data_utils.rand_name(name='tenant')
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]30 tenant = self.tenants_client.create_tenant(tenant_name)['tenant']
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]31 self.data.tenants.append(tenant)
32 # second:create a user
Daniel Mellado82c83a52015-12-09 15:16:49 +0000[diff] [blame]33 user = self.users_client.create_user(user_name, user_password,
34 tenant['id'], '')['user']
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]35 self.data.users.append(user)
36 # then get a token for the user
David Kranzb7afa922014-12-30 10:56:26 -0500[diff] [blame]37 body = self.token_client.auth(user_name,
38 user_password,
39 tenant['name'])
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]40 self.assertEqual(body['token']['tenant']['name'],
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]41 tenant['name'])
Zhi Kun Liu30caeae2014-02-26 15:30:24 +0800[diff] [blame]42 # Perform GET Token
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]43 token_id = body['token']['id']
Ken'ichi Ohmichi402b8752015-11-09 10:47:16 +0000[diff] [blame]44 token_details = self.client.show_token(token_id)['access']
Zhi Kun Liu30caeae2014-02-26 15:30:24 +0800[diff] [blame]45 self.assertEqual(token_id, token_details['token']['id'])
46 self.assertEqual(user['id'], token_details['user']['id'])
47 self.assertEqual(user_name, token_details['user']['name'])
48 self.assertEqual(tenant['name'],
49 token_details['token']['tenant']['name'])
50 # then delete the token
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]51 self.client.delete_token(token_id)
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]52
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]53 @test.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e')
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]54 def test_rescope_token(self):
Ken'ichi Ohmichi9e3dac02015-11-19 07:01:07 +0000[diff] [blame]55 """An unscoped token can be requested
56
57 That token can be used to request a scoped token.
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]58 """
59
60 # Create a user.
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]61 user_name = data_utils.rand_name(name='user')
Zack Feldsteind8c5f7a2015-12-14 10:44:07 -0600[diff] [blame]62 user_password = data_utils.rand_password()
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]63 tenant_id = None # No default tenant so will get unscoped token.
64 email = ''
Daniel Mellado82c83a52015-12-09 15:16:49 +0000[diff] [blame]65 user = self.users_client.create_user(user_name, user_password,
66 tenant_id, email)['user']
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]67 self.data.users.append(user)
68
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]69 # Create a couple tenants.
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]70 tenant1_name = data_utils.rand_name(name='tenant')
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]71 tenant1 = self.tenants_client.create_tenant(tenant1_name)['tenant']
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]72 self.data.tenants.append(tenant1)
73
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]74 tenant2_name = data_utils.rand_name(name='tenant')
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]75 tenant2 = self.tenants_client.create_tenant(tenant2_name)['tenant']
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]76 self.data.tenants.append(tenant2)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]77
78 # Create a role
Ken'ichi Ohmichi96508472015-03-23 01:43:42 +0000[diff] [blame]79 role_name = data_utils.rand_name(name='role')
piyush110786afaaf262015-12-11 18:54:05 +0530[diff] [blame]80 role = self.roles_client.create_role(name=role_name)['role']
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]81 self.data.roles.append(role)
82
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]83 # Grant the user the role on the tenants.
Daniel Mellado6b16b922015-12-07 12:43:08 +0000[diff] [blame]84 self.roles_client.assign_user_role(tenant1['id'], user['id'],
85 role['id'])
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]86
Daniel Mellado6b16b922015-12-07 12:43:08 +0000[diff] [blame]87 self.roles_client.assign_user_role(tenant2['id'], user['id'],
88 role['id'])
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]89
90 # Get an unscoped token.
David Kranzb7afa922014-12-30 10:56:26 -0500[diff] [blame]91 body = self.token_client.auth(user_name, user_password)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]92
93 token_id = body['token']['id']
94
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]95 # Use the unscoped token to get a token scoped to tenant1
David Kranzb7afa922014-12-30 10:56:26 -0500[diff] [blame]96 body = self.token_client.auth_token(token_id,
97 tenant=tenant1_name)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]98
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]99 scoped_token_id = body['token']['id']
100
101 # Revoke the scoped token
David Kranze9d2f422014-07-02 13:57:41 -0400[diff] [blame]102 self.client.delete_token(scoped_token_id)
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame]103
104 # Use the unscoped token to get a token scoped to tenant2
David Kranzb7afa922014-12-30 10:56:26 -0500[diff] [blame]105 body = self.token_client.auth_token(token_id,
106 tenant=tenant2_name)