Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / bfe340dfde7ac4c268094399f064ea23b2c09ccb / . / tempest / tests / lib / common / test_preprov_creds.py
blob: 25df2a7c4fff64399b9c6cadd94c699bcf949987 [file] [log] [blame]
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]1# Copyright 2014 Hewlett-Packard Development Company, L.P.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import hashlib
16import os
Masayuki Igawa134d9f72017-02-10 18:05:26 +0900[diff] [blame]17import shutil
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]18
19import mock
Masayuki Igawa134d9f72017-02-10 18:05:26 +0900[diff] [blame]20import six
21import testtools
22
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]23import fixtures
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]24from oslo_concurrency.fixture import lockutils as lockutils_fixtures
25from oslo_config import cfg
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]26
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]27from tempest import config
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]28from tempest.lib import auth
Matthew Treinish00ab6be2016-10-07 16:29:18 -0400[diff] [blame]29from tempest.lib.common import cred_provider
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]30from tempest.lib.common import preprov_creds
Andrea Frittoli (andreaf)db9672e2016-02-23 14:07:24 -0500[diff] [blame]31from tempest.lib import exceptions as lib_exc
Matthew Treinishffad78a2016-04-16 14:39:52 -0400[diff] [blame]32from tempest.tests import base
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]33from tempest.tests import fake_config
Jordan Pittier00f25962016-03-18 17:10:07 +0100[diff] [blame]34from tempest.tests.lib import fake_identity
Andrea Frittoli9806f2d2017-09-01 14:50:07 +0100[diff] [blame]35from tempest.tests.lib.services import registry_fixture
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]36
37
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]38class TestPreProvisionedCredentials(base.TestCase):
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]39
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]40 fixed_params = {'name': 'test class',
Andrea Frittoli (andreaf)29491a72015-10-13 11:24:17 +0100[diff] [blame]41 'identity_version': 'v2',
Andrea Frittolidcd91002017-07-18 11:34:13 +0100[diff] [blame]42 'identity_uri': 'fake_uri',
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]43 'test_accounts_file': 'fake_accounts_file',
44 'accounts_lock_dir': 'fake_locks_dir',
45 'admin_role': 'admin',
46 'object_storage_operator_role': 'operator',
47 'object_storage_reseller_admin_role': 'reseller'}
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]48
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]49 identity_response = fake_identity._fake_v2_response
50 token_client = ('tempest.lib.services.identity.v2.token_client'
51 '.TokenClient.raw_request')
52
53 @classmethod
54 def _fake_accounts(cls, admin_role):
55 return [
56 {'username': 'test_user1', 'tenant_name': 'test_tenant1',
57 'password': 'p'},
58 {'username': 'test_user2', 'project_name': 'test_tenant2',
59 'password': 'p'},
60 {'username': 'test_user3', 'tenant_name': 'test_tenant3',
61 'password': 'p'},
62 {'username': 'test_user4', 'project_name': 'test_tenant4',
63 'password': 'p'},
64 {'username': 'test_user5', 'tenant_name': 'test_tenant5',
65 'password': 'p'},
66 {'username': 'test_user6', 'project_name': 'test_tenant6',
67 'password': 'p', 'roles': ['role1', 'role2']},
68 {'username': 'test_user7', 'tenant_name': 'test_tenant7',
69 'password': 'p', 'roles': ['role2', 'role3']},
70 {'username': 'test_user8', 'project_name': 'test_tenant8',
71 'password': 'p', 'roles': ['role4', 'role1']},
72 {'username': 'test_user9', 'tenant_name': 'test_tenant9',
73 'password': 'p', 'roles': ['role1', 'role2', 'role3', 'role4']},
74 {'username': 'test_user10', 'project_name': 'test_tenant10',
75 'password': 'p', 'roles': ['role1', 'role2', 'role3', 'role4']},
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]76 {'username': 'test_admin1', 'tenant_name': 'test_tenant11',
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]77 'password': 'p', 'roles': [admin_role]},
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]78 {'username': 'test_admin2', 'project_name': 'test_tenant12',
79 'password': 'p', 'roles': [admin_role]},
80 {'username': 'test_admin3', 'project_name': 'test_tenant13',
81 'password': 'p', 'types': ['admin']}]
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]82
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]83 def setUp(self):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]84 super(TestPreProvisionedCredentials, self).setUp()
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]85 self.useFixture(fake_config.ConfigFixture())
Jordan Pittier0021c292016-03-29 21:33:34 +0200[diff] [blame]86 self.patchobject(config, 'TempestConfigPrivate',
87 fake_config.FakePrivate)
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]88 self.patch(self.token_client, side_effect=self.identity_response)
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]89 self.useFixture(lockutils_fixtures.ExternalLockFixture())
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]90 self.test_accounts = self._fake_accounts(cfg.CONF.identity.admin_role)
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]91 self.accounts_mock = self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]92 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]93 return_value=self.test_accounts))
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]94 self.useFixture(fixtures.MockPatch(
95 'os.path.isfile', return_value=True))
Andrea Frittoli9806f2d2017-09-01 14:50:07 +0100[diff] [blame]96 # Make sure we leave the registry clean
97 self.useFixture(registry_fixture.RegistryFixture())
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]98
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]99 def tearDown(self):
100 super(TestPreProvisionedCredentials, self).tearDown()
101 shutil.rmtree(self.fixed_params['accounts_lock_dir'],
102 ignore_errors=True)
103
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]104 def _get_hash_list(self, accounts_list):
105 hash_list = []
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]106 hash_fields = (
107 preprov_creds.PreProvisionedCredentialProvider.HASH_CRED_FIELDS)
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]108 for account in accounts_list:
109 hash = hashlib.md5()
guo yunxian7bbbec12016-08-21 20:03:10 +0800[diff] [blame]110 account_for_hash = dict((k, v) for (k, v) in account.items()
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]111 if k in hash_fields)
112 hash.update(six.text_type(account_for_hash).encode('utf-8'))
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]113 temp_hash = hash.hexdigest()
114 hash_list.append(temp_hash)
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]115 return hash_list
116
117 def test_get_hash(self):
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]118 # Test with all accounts to make sure we try all combinations
119 # and hide no race conditions
120 hash_index = 0
121 for test_cred_dict in self.test_accounts:
122 test_account_class = (
123 preprov_creds.PreProvisionedCredentialProvider(
124 **self.fixed_params))
125 hash_list = self._get_hash_list(self.test_accounts)
126 test_creds = auth.get_credentials(
127 fake_identity.FAKE_AUTH_URL,
128 identity_version=self.fixed_params['identity_version'],
129 **test_cred_dict)
130 results = test_account_class.get_hash(test_creds)
131 self.assertEqual(hash_list[hash_index], results)
132 hash_index += 1
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]133
134 def test_get_hash_dict(self):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]135 test_account_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]136 **self.fixed_params)
Andrea Frittoli (andreaf)29491a72015-10-13 11:24:17 +0100[diff] [blame]137 hash_dict = test_account_class.get_hash_dict(
138 self.test_accounts, self.fixed_params['admin_role'])
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]139 hash_list = self._get_hash_list(self.test_accounts)
140 for hash in hash_list:
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]141 self.assertIn(hash, hash_dict['creds'].keys())
142 self.assertIn(hash_dict['creds'][hash], self.test_accounts)
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]143
144 def test_create_hash_file_previous_file(self):
145 # Emulate the lock existing on the filesystem
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]146 self.useFixture(fixtures.MockPatch(
147 'os.path.isfile', return_value=True))
Matthew Treinish53d0dc02015-04-24 15:57:27 -0400[diff] [blame]148 with mock.patch('six.moves.builtins.open', mock.mock_open(),
149 create=True):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]150 test_account_class = (
151 preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]152 **self.fixed_params))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]153 res = test_account_class._create_hash_file('12345')
154 self.assertFalse(res, "_create_hash_file should return False if the "
155 "pseudo-lock file already exists")
156
157 def test_create_hash_file_no_previous_file(self):
158 # Emulate the lock not existing on the filesystem
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]159 self.useFixture(fixtures.MockPatch(
160 'os.path.isfile', return_value=False))
Matthew Treinish53d0dc02015-04-24 15:57:27 -0400[diff] [blame]161 with mock.patch('six.moves.builtins.open', mock.mock_open(),
162 create=True):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]163 test_account_class = (
164 preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]165 **self.fixed_params))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]166 res = test_account_class._create_hash_file('12345')
167 self.assertTrue(res, "_create_hash_file should return True if the "
168 "pseudo-lock doesn't already exist")
169
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]170 @mock.patch('oslo_concurrency.lockutils.lock')
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]171 def test_get_free_hash_no_previous_accounts(self, lock_mock):
172 # Emulate no pre-existing lock
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]173 self.useFixture(fixtures.MockPatch(
174 'os.path.isdir', return_value=False))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]175 hash_list = self._get_hash_list(self.test_accounts)
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]176 mkdir_mock = self.useFixture(fixtures.MockPatch('os.mkdir'))
177 self.useFixture(fixtures.MockPatch(
178 'os.path.isfile', return_value=False))
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]179 test_account_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]180 **self.fixed_params)
Matthew Treinish53d0dc02015-04-24 15:57:27 -0400[diff] [blame]181 with mock.patch('six.moves.builtins.open', mock.mock_open(),
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]182 create=True) as open_mock:
183 test_account_class._get_free_hash(hash_list)
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]184 lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
185 hash_list[0])
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]186 open_mock.assert_called_once_with(lock_path, 'w')
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]187 mkdir_path = os.path.join(self.fixed_params['accounts_lock_dir'])
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]188 mkdir_mock.mock.assert_called_once_with(mkdir_path)
189
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]190 @mock.patch('oslo_concurrency.lockutils.lock')
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]191 def test_get_free_hash_no_free_accounts(self, lock_mock):
192 hash_list = self._get_hash_list(self.test_accounts)
193 # Emulate pre-existing lock dir
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]194 self.useFixture(fixtures.MockPatch('os.path.isdir', return_value=True))
195 # Emulate all locks in list are in use
196 self.useFixture(fixtures.MockPatch(
197 'os.path.isfile', return_value=True))
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]198 test_account_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]199 **self.fixed_params)
Matthew Treinish53d0dc02015-04-24 15:57:27 -0400[diff] [blame]200 with mock.patch('six.moves.builtins.open', mock.mock_open(),
201 create=True):
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]202 self.assertRaises(lib_exc.InvalidCredentials,
Matthew Treinish4041b262015-02-27 11:18:54 -0500[diff] [blame]203 test_account_class._get_free_hash, hash_list)
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]204
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]205 @mock.patch('oslo_concurrency.lockutils.lock')
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]206 def test_get_free_hash_some_in_use_accounts(self, lock_mock):
207 # Emulate no pre-existing lock
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]208 self.useFixture(fixtures.MockPatch('os.path.isdir', return_value=True))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]209 hash_list = self._get_hash_list(self.test_accounts)
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]210 test_account_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]211 **self.fixed_params)
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]212
213 def _fake_is_file(path):
214 # Fake isfile() to return that the path exists unless a specific
215 # hash is in the path
216 if hash_list[3] in path:
217 return False
218 return True
219
Jordan Pittier0021c292016-03-29 21:33:34 +0200[diff] [blame]220 self.patchobject(os.path, 'isfile', _fake_is_file)
Matthew Treinish53d0dc02015-04-24 15:57:27 -0400[diff] [blame]221 with mock.patch('six.moves.builtins.open', mock.mock_open(),
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]222 create=True) as open_mock:
223 test_account_class._get_free_hash(hash_list)
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]224 lock_path = os.path.join(self.fixed_params['accounts_lock_dir'],
225 hash_list[3])
Matthew Treinish4041b262015-02-27 11:18:54 -0500[diff] [blame]226 open_mock.assert_has_calls([mock.call(lock_path, 'w')])
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]227
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]228 @mock.patch('oslo_concurrency.lockutils.lock')
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]229 def test_remove_hash_last_account(self, lock_mock):
230 hash_list = self._get_hash_list(self.test_accounts)
231 # Pretend the pseudo-lock is there
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]232 self.useFixture(
233 fixtures.MockPatch('os.path.isfile', return_value=True))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]234 # Pretend the lock dir is empty
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]235 self.useFixture(fixtures.MockPatch('os.listdir', return_value=[]))
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]236 test_account_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]237 **self.fixed_params)
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]238 remove_mock = self.useFixture(fixtures.MockPatch('os.remove'))
239 rmdir_mock = self.useFixture(fixtures.MockPatch('os.rmdir'))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]240 test_account_class.remove_hash(hash_list[2])
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]241 hash_path = os.path.join(self.fixed_params['accounts_lock_dir'],
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]242 hash_list[2])
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]243 lock_path = self.fixed_params['accounts_lock_dir']
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]244 remove_mock.mock.assert_called_once_with(hash_path)
245 rmdir_mock.mock.assert_called_once_with(lock_path)
246
Doug Hellmann583ce2c2015-03-11 14:55:46 +0000[diff] [blame]247 @mock.patch('oslo_concurrency.lockutils.lock')
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]248 def test_remove_hash_not_last_account(self, lock_mock):
249 hash_list = self._get_hash_list(self.test_accounts)
250 # Pretend the pseudo-lock is there
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]251 self.useFixture(fixtures.MockPatch(
252 'os.path.isfile', return_value=True))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]253 # Pretend the lock dir is empty
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]254 self.useFixture(fixtures.MockPatch('os.listdir', return_value=[
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]255 hash_list[1], hash_list[4]]))
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]256 test_account_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]257 **self.fixed_params)
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]258 remove_mock = self.useFixture(fixtures.MockPatch('os.remove'))
259 rmdir_mock = self.useFixture(fixtures.MockPatch('os.rmdir'))
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]260 test_account_class.remove_hash(hash_list[2])
Andrea Frittoli (andreaf)848e3482015-10-12 14:17:21 +0100[diff] [blame]261 hash_path = os.path.join(self.fixed_params['accounts_lock_dir'],
Matthew Treinishc791ac42014-07-16 09:15:23 -0400[diff] [blame]262 hash_list[2])
263 remove_mock.mock.assert_called_once_with(hash_path)
264 rmdir_mock.mock.assert_not_called()
Matthew Treinish09f17832014-08-15 15:22:50 -0400[diff] [blame]265
266 def test_is_multi_user(self):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]267 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]268 **self.fixed_params)
Matthew Treinish09f17832014-08-15 15:22:50 -0400[diff] [blame]269 self.assertTrue(test_accounts_class.is_multi_user())
270
271 def test_is_not_multi_user(self):
272 self.test_accounts = [self.test_accounts[0]]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]273 self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]274 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Matthew Treinish09f17832014-08-15 15:22:50 -0400[diff] [blame]275 return_value=self.test_accounts))
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]276 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]277 **self.fixed_params)
Matthew Treinish09f17832014-08-15 15:22:50 -0400[diff] [blame]278 self.assertFalse(test_accounts_class.is_multi_user())
Andrea Frittolib1c23fc2014-09-03 13:40:08 +0100[diff] [blame]279
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]280 def test__get_creds_by_roles_one_role(self):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]281 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]282 **self.fixed_params)
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]283 hashes = test_accounts_class.hash_dict['roles']['role4']
284 temp_hash = hashes[0]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]285 get_free_hash_mock = self.useFixture(fixtures.MockPatchObject(
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]286 test_accounts_class, '_get_free_hash', return_value=temp_hash))
287 # Test a single role returns all matching roles
288 test_accounts_class._get_creds(roles=['role4'])
289 calls = get_free_hash_mock.mock.mock_calls
290 self.assertEqual(len(calls), 1)
291 args = calls[0][1][0]
292 for i in hashes:
293 self.assertIn(i, args)
294
295 def test__get_creds_by_roles_list_role(self):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]296 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]297 **self.fixed_params)
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]298 hashes = test_accounts_class.hash_dict['roles']['role4']
299 hashes2 = test_accounts_class.hash_dict['roles']['role2']
300 hashes = list(set(hashes) & set(hashes2))
301 temp_hash = hashes[0]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]302 get_free_hash_mock = self.useFixture(fixtures.MockPatchObject(
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]303 test_accounts_class, '_get_free_hash', return_value=temp_hash))
304 # Test an intersection of multiple roles
305 test_accounts_class._get_creds(roles=['role2', 'role4'])
306 calls = get_free_hash_mock.mock.mock_calls
307 self.assertEqual(len(calls), 1)
308 args = calls[0][1][0]
309 for i in hashes:
310 self.assertIn(i, args)
311
312 def test__get_creds_by_roles_no_admin(self):
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]313 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]314 **self.fixed_params)
Matthew Treinish1c517a22015-04-23 11:39:44 -0400[diff] [blame]315 hashes = list(test_accounts_class.hash_dict['creds'].keys())
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]316 admin_hashes = test_accounts_class.hash_dict['roles'][
317 cfg.CONF.identity.admin_role]
318 temp_hash = hashes[0]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]319 get_free_hash_mock = self.useFixture(fixtures.MockPatchObject(
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]320 test_accounts_class, '_get_free_hash', return_value=temp_hash))
321 # Test an intersection of multiple roles
322 test_accounts_class._get_creds()
323 calls = get_free_hash_mock.mock.mock_calls
324 self.assertEqual(len(calls), 1)
325 args = calls[0][1][0]
Matthew Treinisha59bd0c2015-04-20 12:02:48 -0400[diff] [blame]326 self.assertEqual(len(args), 10)
Matthew Treinish976e8df2014-12-19 14:21:54 -0500[diff] [blame]327 for i in admin_hashes:
328 self.assertNotIn(i, args)
329
Matthew Treinishf83f35c2015-04-10 11:59:11 -0400[diff] [blame]330 def test_networks_returned_with_creds(self):
Matthew Treinisha59bd0c2015-04-20 12:02:48 -0400[diff] [blame]331 test_accounts = [
332 {'username': 'test_user13', 'tenant_name': 'test_tenant13',
333 'password': 'p', 'resources': {'network': 'network-1'}},
334 {'username': 'test_user14', 'tenant_name': 'test_tenant14',
335 'password': 'p', 'roles': ['role-7', 'role-11'],
336 'resources': {'network': 'network-2'}}]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]337 self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]338 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Matthew Treinisha59bd0c2015-04-20 12:02:48 -0400[diff] [blame]339 return_value=test_accounts))
Andrea Frittoli (andreaf)f9e01262015-05-22 10:24:12 -0700[diff] [blame]340 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
Andrea Frittoli (andreaf)32d0de12015-10-09 14:43:53 +0100[diff] [blame]341 **self.fixed_params)
zhufl33289a22018-01-04 15:02:00 +0800[diff] [blame]342 with mock.patch('tempest.lib.services.network.networks_client.'
Ken'ichi Ohmichia6287072015-07-02 02:43:15 +0000[diff] [blame]343 'NetworksClient.list_networks',
ghanshyamf0f7cfc2015-08-24 16:21:18 +0900[diff] [blame]344 return_value={'networks': [{'name': 'network-2',
345 'id': 'fake-id',
346 'label': 'network-2'}]}):
Matthew Treinishf83f35c2015-04-10 11:59:11 -0400[diff] [blame]347 creds = test_accounts_class.get_creds_by_roles(['role-7'])
Shuquan Huang29e9cab2015-12-30 22:43:49 +0800[diff] [blame]348 self.assertIsInstance(creds, cred_provider.TestResources)
Matthew Treinishf83f35c2015-04-10 11:59:11 -0400[diff] [blame]349 network = creds.network
350 self.assertIsNotNone(network)
351 self.assertIn('name', network)
352 self.assertIn('id', network)
353 self.assertEqual('fake-id', network['id'])
354 self.assertEqual('network-2', network['name'])
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]355
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]356 def test_get_primary_creds(self):
357 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
358 **self.fixed_params)
359 primary_creds = test_accounts_class.get_primary_creds()
360 self.assertNotIn('test_admin', primary_creds.username)
361
362 def test_get_primary_creds_none_available(self):
363 admin_accounts = [x for x in self.test_accounts if 'test_admin'
364 in x['username']]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]365 self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]366 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]367 return_value=admin_accounts))
368 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
369 **self.fixed_params)
370 with testtools.ExpectedException(lib_exc.InvalidCredentials):
371 # Get one more
372 test_accounts_class.get_primary_creds()
373
374 def test_get_alt_creds(self):
375 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
376 **self.fixed_params)
377 alt_creds = test_accounts_class.get_alt_creds()
378 self.assertNotIn('test_admin', alt_creds.username)
379
380 def test_get_alt_creds_none_available(self):
381 admin_accounts = [x for x in self.test_accounts if 'test_admin'
382 in x['username']]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]383 self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]384 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]385 return_value=admin_accounts))
386 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
387 **self.fixed_params)
388 with testtools.ExpectedException(lib_exc.InvalidCredentials):
389 # Get one more
390 test_accounts_class.get_alt_creds()
391
392 def test_get_admin_creds(self):
393 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
394 **self.fixed_params)
395 admin_creds = test_accounts_class.get_admin_creds()
396 self.assertIn('test_admin', admin_creds.username)
397
398 def test_get_admin_creds_by_type(self):
399 test_accounts = [
400 {'username': 'test_user10', 'project_name': 'test_tenant10',
401 'password': 'p', 'roles': ['role1', 'role2', 'role3', 'role4']},
402 {'username': 'test_admin1', 'tenant_name': 'test_tenant11',
403 'password': 'p', 'types': ['admin']}]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]404 self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]405 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]406 return_value=test_accounts))
407 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
408 **self.fixed_params)
409 admin_creds = test_accounts_class.get_admin_creds()
410 self.assertIn('test_admin', admin_creds.username)
411
412 def test_get_admin_creds_by_role(self):
413 test_accounts = [
414 {'username': 'test_user10', 'project_name': 'test_tenant10',
415 'password': 'p', 'roles': ['role1', 'role2', 'role3', 'role4']},
416 {'username': 'test_admin1', 'tenant_name': 'test_tenant11',
417 'password': 'p', 'roles': [cfg.CONF.identity.admin_role]}]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]418 self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]419 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]420 return_value=test_accounts))
421 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
422 **self.fixed_params)
423 admin_creds = test_accounts_class.get_admin_creds()
424 self.assertIn('test_admin', admin_creds.username)
425
426 def test_get_admin_creds_none_available(self):
427 non_admin_accounts = [x for x in self.test_accounts if 'test_admin'
428 not in x['username']]
Ngo Quoc Cuong33710b32017-05-11 14:17:17 +0700[diff] [blame]429 self.useFixture(fixtures.MockPatch(
Matthew Treinishb19c55d2017-07-17 12:38:35 -0400[diff] [blame]430 'tempest.lib.common.preprov_creds.read_accounts_yaml',
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]431 return_value=non_admin_accounts))
432 test_accounts_class = preprov_creds.PreProvisionedCredentialProvider(
433 **self.fixed_params)
434 with testtools.ExpectedException(lib_exc.InvalidCredentials):
435 # Get one more
436 test_accounts_class.get_admin_creds()
437
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]438
439class TestPreProvisionedCredentialsV3(TestPreProvisionedCredentials):
440
441 fixed_params = {'name': 'test class',
442 'identity_version': 'v3',
Andrea Frittolidcd91002017-07-18 11:34:13 +0100[diff] [blame]443 'identity_uri': 'fake_uri',
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]444 'test_accounts_file': 'fake_accounts_file',
Jordan Pittier04a888b2016-05-28 15:06:35 +0200[diff] [blame]445 'accounts_lock_dir': 'fake_locks_dir_v3',
Andrea Frittoli (andreaf)52deb8b2016-05-18 19:14:22 +0100[diff] [blame]446 'admin_role': 'admin',
447 'object_storage_operator_role': 'operator',
448 'object_storage_reseller_admin_role': 'reseller'}
449
450 identity_response = fake_identity._fake_v3_response
451 token_client = ('tempest.lib.services.identity.v3.token_client'
452 '.V3TokenClient.raw_request')
453
454 @classmethod
455 def _fake_accounts(cls, admin_role):
456 return [
457 {'username': 'test_user1', 'project_name': 'test_project1',
458 'domain_name': 'domain', 'password': 'p'},
459 {'username': 'test_user2', 'project_name': 'test_project2',
460 'domain_name': 'domain', 'password': 'p'},
461 {'username': 'test_user3', 'project_name': 'test_project3',
462 'domain_name': 'domain', 'password': 'p'},
463 {'username': 'test_user4', 'project_name': 'test_project4',
464 'domain_name': 'domain', 'password': 'p'},
465 {'username': 'test_user5', 'project_name': 'test_project5',
466 'domain_name': 'domain', 'password': 'p'},
467 {'username': 'test_user6', 'project_name': 'test_project6',
468 'domain_name': 'domain', 'password': 'p',
469 'roles': ['role1', 'role2']},
470 {'username': 'test_user7', 'project_name': 'test_project7',
471 'domain_name': 'domain', 'password': 'p',
472 'roles': ['role2', 'role3']},
473 {'username': 'test_user8', 'project_name': 'test_project8',
474 'domain_name': 'domain', 'password': 'p',
475 'roles': ['role4', 'role1']},
476 {'username': 'test_user9', 'project_name': 'test_project9',
477 'domain_name': 'domain', 'password': 'p',
478 'roles': ['role1', 'role2', 'role3', 'role4']},
479 {'username': 'test_user10', 'project_name': 'test_project10',
480 'domain_name': 'domain', 'password': 'p',
481 'roles': ['role1', 'role2', 'role3', 'role4']},
Andrea Frittoli (andreaf)16d4a9a2016-06-02 17:12:44 +0100[diff] [blame]482 {'username': 'test_admin1', 'project_name': 'test_project11',
483 'domain_name': 'domain', 'password': 'p', 'roles': [admin_role]},
484 {'username': 'test_admin2', 'project_name': 'test_project12',
485 'domain_name': 'domain', 'password': 'p', 'roles': [admin_role]},
486 {'username': 'test_admin3', 'project_name': 'test_tenant13',
487 'domain_name': 'domain', 'password': 'p', 'types': ['admin']}]