Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / aa86a800b6b374ab74f66fa48b360d69b23629bd / . / tempest / api / identity / admin / v3 / test_trusts.py
blob: e1d28d7b537b2f5fcbb1e3e1f4370a1a69e0ad48 [file] [log] [blame]
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]1# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]15import datetime
16import re
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]17from tempest.api.identity import base
18from tempest import clients
19from tempest.common.utils.data_utils import rand_name
20from tempest import exceptions
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]21from tempest.openstack.common import timeutils
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]22from tempest.test import attr
23
24
25class BaseTrustsV3Test(base.BaseIdentityAdminTest):
26
27 def setUp(self):
28 super(BaseTrustsV3Test, self).setUp()
29 # Use alt_username as the trustee
30 self.trustee_username = self.config.identity.alt_username
31
32 self.trust_id = None
33 self.create_trustor_and_roles()
34 self.addCleanup(self.cleanup_trust_user_and_roles)
35
36 def create_trustor_and_roles(self):
37 # Get trustor project ID, use the admin project
38 self.trustor_project_name = self.v3_client.tenant_name
39 self.trustor_project_id = self.get_tenant_by_name(
40 self.trustor_project_name)['id']
41 self.assertIsNotNone(self.trustor_project_id)
42
43 # Create a trustor User
44 self.trustor_username = rand_name('user-')
45 u_desc = self.trustor_username + 'description'
46 u_email = self.trustor_username + '@testmail.tm'
47 self.trustor_password = rand_name('pass-')
48 resp, user = self.v3_client.create_user(
49 self.trustor_username,
50 description=u_desc,
51 password=self.trustor_password,
52 email=u_email,
53 project_id=self.trustor_project_id)
54 self.assertEqual(resp['status'], '201')
55 self.trustor_user_id = user['id']
56
57 # And two roles, one we'll delegate and one we won't
58 self.delegated_role = rand_name('DelegatedRole-')
59 self.not_delegated_role = rand_name('NotDelegatedRole-')
60
61 resp, role = self.v3_client.create_role(self.delegated_role)
62 self.assertEqual(resp['status'], '201')
63 self.delegated_role_id = role['id']
64
65 resp, role = self.v3_client.create_role(self.not_delegated_role)
66 self.assertEqual(resp['status'], '201')
67 self.not_delegated_role_id = role['id']
68
69 # Assign roles to trustor
70 self.v3_client.assign_user_role(self.trustor_project_id,
71 self.trustor_user_id,
72 self.delegated_role_id)
73 self.v3_client.assign_user_role(self.trustor_project_id,
74 self.trustor_user_id,
75 self.not_delegated_role_id)
76
77 # Get trustee user ID, use the demo user
78 trustee_username = self.v3_non_admin_client.user
79 self.trustee_user_id = self.get_user_by_name(trustee_username)['id']
80 self.assertIsNotNone(self.trustee_user_id)
81
82 # Initialize a new client with the trustor credentials
83 os = clients.Manager(username=self.trustor_username,
84 password=self.trustor_password,
85 tenant_name=self.trustor_project_name,
86 interface=self._interface)
87 self.trustor_v3_client = os.identity_v3_client
88
89 def cleanup_trust_user_and_roles(self):
90 if self.trust_id:
91 try:
92 self.trustor_v3_client.delete_trust(self.trust_id)
93 except exceptions.NotFound:
94 pass
95 self.trust_id = None
96
97 if self.trustor_user_id:
98 self.v3_client.delete_user(self.trustor_user_id)
99 if self.delegated_role_id:
100 self.v3_client.delete_role(self.delegated_role_id)
101 if self.not_delegated_role_id:
102 self.v3_client.delete_role(self.not_delegated_role_id)
103
104 def create_trust(self, impersonate=True, expires=None):
105
106 resp, trust_create = self.trustor_v3_client.create_trust(
107 trustor_user_id=self.trustor_user_id,
108 trustee_user_id=self.trustee_user_id,
109 project_id=self.trustor_project_id,
110 role_names=[self.delegated_role],
111 impersonation=impersonate,
112 expires_at=expires)
113 self.assertEqual('201', resp['status'])
114 self.trust_id = trust_create['id']
115 return trust_create
116
117 def validate_trust(self, trust, impersonate=True, expires=None,
118 summary=False):
119 self.assertIsNotNone(trust['id'])
120 self.assertEqual(impersonate, trust['impersonation'])
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]121 # FIXME(shardy): ref bug #1246383 we can't check the
122 # microsecond component of the expiry time, because mysql
123 # <5.6.4 doesn't support microseconds.
124 # expected format 2013-12-20T16:08:36.036987Z
125 if expires is not None:
126 expires_nousec = re.sub(r'\.([0-9]){6}Z', '', expires)
127 self.assertTrue(trust['expires_at'].startswith(expires_nousec))
128 else:
129 self.assertIsNone(trust['expires_at'])
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]130 self.assertEqual(self.trustor_user_id, trust['trustor_user_id'])
131 self.assertEqual(self.trustee_user_id, trust['trustee_user_id'])
132 self.assertIn('v3/OS-TRUST/trusts', trust['links']['self'])
133 self.assertEqual(self.trustor_project_id, trust['project_id'])
134 if not summary:
135 self.assertEqual(self.delegated_role, trust['roles'][0]['name'])
136 self.assertEqual(1, len(trust['roles']))
137
138 def get_trust(self):
139 resp, trust_get = self.trustor_v3_client.get_trust(self.trust_id)
140 self.assertEqual('200', resp['status'])
141 return trust_get
142
143 def validate_role(self, role):
144 self.assertEqual(self.delegated_role_id, role['id'])
145 self.assertEqual(self.delegated_role, role['name'])
146 self.assertIn('v3/roles/%s' % self.delegated_role_id,
147 role['links']['self'])
148 self.assertNotEqual(self.not_delegated_role_id, role['id'])
149 self.assertNotEqual(self.not_delegated_role, role['name'])
150 self.assertNotIn('v3/roles/%s' % self.not_delegated_role_id,
151 role['links']['self'])
152
153 def check_trust_roles(self):
154 # Check we find the delegated role
155 resp, roles_get = self.trustor_v3_client.get_trust_roles(
156 self.trust_id)
157 self.assertEqual('200', resp['status'])
158 self.assertEqual(1, len(roles_get))
159 self.validate_role(roles_get[0])
160
161 resp, role_get = self.trustor_v3_client.get_trust_role(
162 self.trust_id, self.delegated_role_id)
163 self.assertEqual('200', resp['status'])
164 self.validate_role(role_get)
165
166 resp, role_get = self.trustor_v3_client.check_trust_role(
167 self.trust_id, self.delegated_role_id)
168 self.assertEqual('204', resp['status'])
169
170 # And that we don't find not_delegated_role
171 self.assertRaises(exceptions.NotFound,
172 self.trustor_v3_client.get_trust_role,
173 self.trust_id,
174 self.not_delegated_role_id)
175
176 self.assertRaises(exceptions.NotFound,
177 self.trustor_v3_client.check_trust_role,
178 self.trust_id,
179 self.not_delegated_role_id)
180
181 def delete_trust(self):
182 resp, trust_delete = self.trustor_v3_client.delete_trust(self.trust_id)
183 self.assertEqual('204', resp['status'])
184 self.assertRaises(exceptions.NotFound,
185 self.trustor_v3_client.get_trust,
186 self.trust_id)
187 self.trust_id = None
188
189
190class TrustsV3TestJSON(BaseTrustsV3Test):
191 _interface = 'json'
192
193 def setUp(self):
194 super(TrustsV3TestJSON, self).setUp()
195 self.create_trustor_and_roles()
196
197 @attr(type='smoke')
198 def test_trust_impersonate(self):
199 # Test case to check we can create, get and delete a trust
200 # updates are not supported for trusts
201 trust = self.create_trust()
202 self.validate_trust(trust)
203
204 trust_get = self.get_trust()
205 self.validate_trust(trust_get)
206
207 self.check_trust_roles()
208
209 self.delete_trust()
210
211 @attr(type='smoke')
212 def test_trust_noimpersonate(self):
213 # Test case to check we can create, get and delete a trust
214 # with impersonation=False
215 trust = self.create_trust(impersonate=False)
216 self.validate_trust(trust, impersonate=False)
217
218 trust_get = self.get_trust()
219 self.validate_trust(trust_get, impersonate=False)
220
221 self.check_trust_roles()
222
223 self.delete_trust()
224
225 @attr(type='smoke')
Steven Hardyc234ada2013-12-10 17:00:41 +0000[diff] [blame]226 def test_trust_expire(self):
227 # Test case to check we can create, get and delete a trust
228 # with an expiry specified
229 expires_at = timeutils.utcnow() + datetime.timedelta(hours=1)
230 expires_str = timeutils.isotime(at=expires_at, subsecond=True)
231
232 trust = self.create_trust(expires=expires_str)
233 self.validate_trust(trust, expires=expires_str)
234
235 trust_get = self.get_trust()
236
237 self.validate_trust(trust_get, expires=expires_str)
238
239 self.check_trust_roles()
240
241 self.delete_trust()
242
243 @attr(type='smoke')
Steven Hardybf70c5c2013-10-30 21:55:16 +0000[diff] [blame]244 def test_trust_expire_invalid(self):
245 # Test case to check we can check an invlaid expiry time
246 # is rejected with the correct error
247 # with an expiry specified
248 expires_str = 'bad.123Z'
249 self.assertRaises(exceptions.BadRequest,
250 self.create_trust,
251 expires=expires_str)
Steven Hardyf31fd2d2013-12-10 17:02:36 +0000[diff] [blame]252
253 @attr(type='smoke')
254 def test_get_trusts_query(self):
255 self.create_trust()
256 resp, trusts_get = self.trustor_v3_client.get_trusts(
257 trustor_user_id=self.trustor_user_id)
258 self.assertEqual('200', resp['status'])
259 self.assertEqual(1, len(trusts_get))
260 self.validate_trust(trusts_get[0], summary=True)
261
262 @attr(type='smoke')
263 def test_get_trusts_all(self):
264 self.create_trust()
265 resp, trusts_get = self.v3_client.get_trusts()
266 self.assertEqual('200', resp['status'])
267 trusts = [t for t in trusts_get
268 if t['id'] == self.trust_id]
269 self.assertEqual(1, len(trusts))
270 self.validate_trust(trusts[0], summary=True)