Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / af6d14d0ac3a06387ecce51563e694727a5a3421 / . / tempest / api / identity / admin / test_roles_negative.py
blob: 6f8f9b5e4d904ec30cdbcf5a36de84d714a900b0 [file] [log] [blame]
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]1# Copyright 2013 Huawei Technologies Co.,LTD.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import uuid
17
18from tempest.api.identity import base
19from tempest.common.utils import data_utils
20from tempest import exceptions
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]21from tempest import test
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]22
23
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]24class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]25 _interface = 'json'
26
27 def _get_role_params(self):
28 self.data.setup_test_user()
29 self.data.setup_test_role()
30 user = self.get_user_by_name(self.data.test_user)
31 tenant = self.get_tenant_by_name(self.data.test_tenant)
32 role = self.get_role_by_name(self.data.test_role)
33 return (user, tenant, role)
34
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]35 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]36 def test_list_roles_by_unauthorized_user(self):
37 # Non-administrator user should not be able to list roles
38 self.assertRaises(exceptions.Unauthorized,
39 self.non_admin_client.list_roles)
40
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]41 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]42 def test_list_roles_request_without_token(self):
43 # Request to list roles without a valid token should fail
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]44 token = self.client.auth_provider.get_token()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]45 self.client.delete_token(token)
46 self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]47 self.client.auth_provider.clear_auth()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]48
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]49 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]50 def test_role_create_blank_name(self):
51 # Should not be able to create a role with a blank name
52 self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
53
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]54 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]55 def test_create_role_by_unauthorized_user(self):
56 # Non-administrator user should not be able to create role
57 role_name = data_utils.rand_name(name='role-')
58 self.assertRaises(exceptions.Unauthorized,
59 self.non_admin_client.create_role, role_name)
60
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]61 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]62 def test_create_role_request_without_token(self):
63 # Request to create role without a valid token should fail
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]64 token = self.client.auth_provider.get_token()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]65 self.client.delete_token(token)
66 role_name = data_utils.rand_name(name='role-')
67 self.assertRaises(exceptions.Unauthorized,
68 self.client.create_role, role_name)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]69 self.client.auth_provider.clear_auth()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]70
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]71 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]72 def test_role_create_duplicate(self):
73 # Role names should be unique
74 role_name = data_utils.rand_name(name='role-dup-')
75 resp, body = self.client.create_role(role_name)
76 role1_id = body.get('id')
Ken'ichi Ohmichiaa8974e2014-03-18 17:19:07 +0900[diff] [blame]77 self.assertEqual(200, resp.status)
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]78 self.addCleanup(self.client.delete_role, role1_id)
79 self.assertRaises(exceptions.Conflict, self.client.create_role,
80 role_name)
81
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]82 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]83 def test_delete_role_by_unauthorized_user(self):
84 # Non-administrator user should not be able to delete role
85 role_name = data_utils.rand_name(name='role-')
86 resp, body = self.client.create_role(role_name)
87 self.assertEqual(200, resp.status)
88 self.data.roles.append(body)
89 role_id = body.get('id')
90 self.assertRaises(exceptions.Unauthorized,
91 self.non_admin_client.delete_role, role_id)
92
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]93 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]94 def test_delete_role_request_without_token(self):
95 # Request to delete role without a valid token should fail
96 role_name = data_utils.rand_name(name='role-')
97 resp, body = self.client.create_role(role_name)
98 self.assertEqual(200, resp.status)
99 self.data.roles.append(body)
100 role_id = body.get('id')
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]101 token = self.client.auth_provider.get_token()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]102 self.client.delete_token(token)
103 self.assertRaises(exceptions.Unauthorized,
104 self.client.delete_role,
105 role_id)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]106 self.client.auth_provider.clear_auth()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]107
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]108 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]109 def test_delete_role_non_existent(self):
110 # Attempt to delete a non existent role should fail
111 non_existent_role = str(uuid.uuid4().hex)
112 self.assertRaises(exceptions.NotFound, self.client.delete_role,
113 non_existent_role)
114
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]115 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]116 def test_assign_user_role_by_unauthorized_user(self):
117 # Non-administrator user should not be authorized to
118 # assign a role to user
119 (user, tenant, role) = self._get_role_params()
120 self.assertRaises(exceptions.Unauthorized,
121 self.non_admin_client.assign_user_role,
122 tenant['id'], user['id'], role['id'])
123
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]124 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]125 def test_assign_user_role_request_without_token(self):
126 # Request to assign a role to a user without a valid token
127 (user, tenant, role) = self._get_role_params()
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]128 token = self.client.auth_provider.get_token()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]129 self.client.delete_token(token)
130 self.assertRaises(exceptions.Unauthorized,
131 self.client.assign_user_role, tenant['id'],
132 user['id'], role['id'])
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]133 self.client.auth_provider.clear_auth()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]134
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]135 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]136 def test_assign_user_role_for_non_existent_role(self):
137 # Attempt to assign a non existent role to user should fail
138 (user, tenant, role) = self._get_role_params()
139 non_existent_role = str(uuid.uuid4().hex)
140 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
141 tenant['id'], user['id'], non_existent_role)
142
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]143 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]144 def test_assign_user_role_for_non_existent_tenant(self):
145 # Attempt to assign a role on a non existent tenant should fail
146 (user, tenant, role) = self._get_role_params()
147 non_existent_tenant = str(uuid.uuid4().hex)
148 self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
149 non_existent_tenant, user['id'], role['id'])
150
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]151 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]152 def test_assign_duplicate_user_role(self):
153 # Duplicate user role should not get assigned
154 (user, tenant, role) = self._get_role_params()
155 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
156 self.assertRaises(exceptions.Conflict, self.client.assign_user_role,
157 tenant['id'], user['id'], role['id'])
158
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]159 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]160 def test_remove_user_role_by_unauthorized_user(self):
161 # Non-administrator user should not be authorized to
162 # remove a user's role
163 (user, tenant, role) = self._get_role_params()
164 resp, user_role = self.client.assign_user_role(tenant['id'],
165 user['id'],
166 role['id'])
167 self.assertRaises(exceptions.Unauthorized,
168 self.non_admin_client.remove_user_role,
169 tenant['id'], user['id'], role['id'])
170
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]171 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]172 def test_remove_user_role_request_without_token(self):
173 # Request to remove a user's role without a valid token
174 (user, tenant, role) = self._get_role_params()
175 resp, user_role = self.client.assign_user_role(tenant['id'],
176 user['id'],
177 role['id'])
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]178 token = self.client.auth_provider.get_token()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]179 self.client.delete_token(token)
180 self.assertRaises(exceptions.Unauthorized,
181 self.client.remove_user_role, tenant['id'],
182 user['id'], role['id'])
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]183 self.client.auth_provider.clear_auth()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]184
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]185 @test.attr(type=['negative', 'gate'])
nayna-patel179077c2014-01-15 12:27:16 +0000[diff] [blame]186 def test_remove_user_role_non_existent_role(self):
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]187 # Attempt to delete a non existent role from a user should fail
188 (user, tenant, role) = self._get_role_params()
189 resp, user_role = self.client.assign_user_role(tenant['id'],
190 user['id'],
191 role['id'])
nayna-patel179077c2014-01-15 12:27:16 +0000[diff] [blame]192 non_existent_role = str(uuid.uuid4().hex)
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]193 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
nayna-patel179077c2014-01-15 12:27:16 +0000[diff] [blame]194 tenant['id'], user['id'], non_existent_role)
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]195
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]196 @test.attr(type=['negative', 'gate'])
nayna-patel179077c2014-01-15 12:27:16 +0000[diff] [blame]197 def test_remove_user_role_non_existent_tenant(self):
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]198 # Attempt to remove a role from a non existent tenant should fail
199 (user, tenant, role) = self._get_role_params()
200 resp, user_role = self.client.assign_user_role(tenant['id'],
201 user['id'],
202 role['id'])
nayna-patel179077c2014-01-15 12:27:16 +0000[diff] [blame]203 non_existent_tenant = str(uuid.uuid4().hex)
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]204 self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
nayna-patel179077c2014-01-15 12:27:16 +0000[diff] [blame]205 non_existent_tenant, user['id'], role['id'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]206
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]207 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]208 def test_list_user_roles_by_unauthorized_user(self):
209 # Non-administrator user should not be authorized to list
210 # a user's roles
211 (user, tenant, role) = self._get_role_params()
212 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
213 self.assertRaises(exceptions.Unauthorized,
214 self.non_admin_client.list_user_roles, tenant['id'],
215 user['id'])
216
Matthew Treinish5c660ab2014-05-18 21:14:36 -0400[diff] [blame]217 @test.attr(type=['negative', 'gate'])
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]218 def test_list_user_roles_request_without_token(self):
219 # Request to list user's roles without a valid token should fail
220 (user, tenant, role) = self._get_role_params()
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]221 token = self.client.auth_provider.get_token()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]222 self.client.delete_token(token)
223 try:
224 self.assertRaises(exceptions.Unauthorized,
225 self.client.list_user_roles, tenant['id'],
226 user['id'])
227 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]228 self.client.auth_provider.clear_auth()
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]229
huangtianhua35f11872013-10-11 11:34:43 +0800[diff] [blame]230
231class RolesTestXML(RolesNegativeTestJSON):
232 _interface = 'xml'