Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / e3644e54e6fe7e4115ebddadd33b23527d5e1e60 / . / tempest / tests / identity / admin / test_users.py
blob: 7ad932b56e8b862e534229eec5dd57adacc63430 [file] [log] [blame]
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]1# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
3# Copyright 2012 OpenStack, LLC
4# All Rights Reserved.
5#
6# Licensed under the Apache License, Version 2.0 (the "License"); you may
7# not use this file except in compliance with the License. You may obtain
8# a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15# License for the specific language governing permissions and limitations
16# under the License.
17
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]18from nose.plugins.attrib import attr
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]19import unittest2 as unittest
20
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]21from tempest.common.utils.data_utils import rand_name
Matthew Treinisha83a16e2012-12-07 13:44:02 -0500[diff] [blame]22from tempest import exceptions
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]23from tempest.tests.identity import base
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]24
25
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]26class UsersTestBase(object):
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]27
28 alt_user = rand_name('test_user_')
29 alt_password = rand_name('pass_')
30 alt_email = alt_user + '@testmail.tm'
31 alt_tenant = rand_name('test_tenant_')
32 alt_description = rand_name('desc_')
33
34 @attr(type='smoke')
35 def test_create_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]36 # Create a user
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]37 self.data.setup_test_tenant()
38 resp, user = self.client.create_user(self.alt_user, self.alt_password,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]39 self.data.tenant['id'],
40 self.alt_email)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]41 self.data.users.append(user)
42 self.assertEqual('200', resp['status'])
43 self.assertEqual(self.alt_user, user['name'])
44
45 @attr(type='negative')
46 def test_create_user_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]47 # Non-admin should not be authorized to create a user
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]48 self.data.setup_test_tenant()
49 self.assertRaises(exceptions.Unauthorized,
50 self.non_admin_client.create_user, self.alt_user,
51 self.alt_password, self.data.tenant['id'],
52 self.alt_email)
53
54 @attr(type='negative')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]55 def test_create_user_with_empty_name(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]56 # User with an empty name should not be created
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]57 self.data.setup_test_tenant()
58 self.assertRaises(exceptions.BadRequest, self.client.create_user, '',
59 self.alt_password, self.data.tenant['id'],
60 self.alt_email)
61
62 @attr(type='negative')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]63 def test_create_user_with_name_length_over_64(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]64 # Length of user name filed should be restricted to 64 characters
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]65 self.data.setup_test_tenant()
66 self.assertRaises(exceptions.BadRequest, self.client.create_user,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]67 'a' * 65, self.alt_password,
68 self.data.tenant['id'], self.alt_email)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]69
70 @attr(type='negative')
71 def test_create_user_with_duplicate_name(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]72 # Duplicate user should not be created
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]73 self.data.setup_test_user()
74 self.assertRaises(exceptions.Duplicate, self.client.create_user,
75 self.data.test_user, self.data.test_password,
76 self.data.tenant['id'], self.data.test_email)
77
78 @attr(type='negative')
79 @unittest.skip("Until Bug 999084 is fixed")
80 def test_create_user_with_empty_password(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]81 # User with an empty password should not be created
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]82 self.data.setup_test_tenant()
83 self.assertRaises(exceptions.BadRequest, self.client.create_user,
84 self.alt_user, '', self.data.tenant['id'],
85 self.alt_email)
86
87 @attr(type='nagative')
88 @unittest.skip("Until Bug 999084 is fixed")
89 def test_create_user_with_long_password(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]90 # User having password exceeding max length should not be created
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]91 self.data.setup_test_tenant()
92 self.assertRaises(exceptions.BadRequest, self.client.create_user,
David Kranz28e35c52012-07-10 10:14:38 -0400[diff] [blame]93 self.alt_user, 'a' * 65, self.data.tenant['id'],
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]94 self.alt_email)
95
96 @attr(type='negative')
97 @unittest.skip("Until Bug 999084 is fixed")
98 def test_create_user_with_invalid_email_format(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]99 # Email format should be validated while creating a user
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]100 self.data.setup_test_tenant()
101 self.assertRaises(exceptions.BadRequest, self.client.create_user,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]102 self.alt_user, '', self.data.tenant['id'], '12345')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]103
104 @attr(type='negative')
105 def test_create_user_for_non_existant_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]106 # Attempt to create a user in a non-existent tenant should fail
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]107 self.assertRaises(exceptions.NotFound, self.client.create_user,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]108 self.alt_user, self.alt_password, '49ffgg99999',
109 self.alt_email)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]110
111 @attr(type='negative')
112 def test_create_user_request_without_a_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]113 # Request to create a user without a valid token should fail
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]114 self.data.setup_test_tenant()
115 # Get the token of the current client
116 token = self.client.get_auth()
117 # Delete the token from database
118 self.client.delete_token(token)
119 self.assertRaises(exceptions.Unauthorized, self.client.create_user,
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]120 self.alt_user, self.alt_password,
121 self.data.tenant['id'], self.alt_email)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]122
123 # Unset the token to allow further tests to generate a new token
124 self.client.clear_auth()
125
126 @attr(type='smoke')
127 def test_delete_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]128 # Delete a user
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]129 self.data.setup_test_tenant()
130 resp, user = self.client.create_user('user_1234', self.alt_password,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]131 self.data.tenant['id'],
132 self.alt_email)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]133 resp, body = self.client.delete_user(user['id'])
134 self.assertEquals('204', resp['status'])
135
136 @attr(type='negative')
137 def test_delete_users_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]138 # Non admin user should not be authorized to delete a user
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]139 self.data.setup_test_user()
140 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]141 self.non_admin_client.delete_user,
142 self.data.user['id'])
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]143
144 @attr(type='negative')
145 def test_delete_non_existant_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]146 # Attempt to delete a non-existent user should fail
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]147 self.assertRaises(exceptions.NotFound, self.client.delete_user,
148 'junk12345123')
149
150 @attr(type='smoke')
151 def test_user_authentication(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]152 # Valid user's token is authenticated
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]153 self.data.setup_test_user()
154 # Get a token
155 self.token_client.auth(self.data.test_user, self.data.test_password,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]156 self.data.test_tenant)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]157 # Re-auth
158 resp, body = self.token_client.auth(self.data.test_user,
159 self.data.test_password,
160 self.data.test_tenant)
161 self.assertEqual('200', resp['status'])
162
163 @attr(type='negative')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]164 def test_authentication_for_disabled_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]165 # Disabled user's token should not get authenticated
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]166 self.data.setup_test_user()
167 self.disable_user(self.data.test_user)
168 self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
169 self.data.test_user,
170 self.data.test_password,
171 self.data.test_tenant)
172
173 @attr(type='negative')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]174 def test_authentication_when_tenant_is_disabled(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]175 # User's token for a disabled tenant should not be authenticated
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]176 self.data.setup_test_user()
177 self.disable_tenant(self.data.test_tenant)
178 self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]179 self.data.test_user,
180 self.data.test_password,
181 self.data.test_tenant)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]182
183 @attr(type='negative')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]184 def test_authentication_with_invalid_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]185 # User's token for an invalid tenant should not be authenticated
Giampaolo Lauria2a9653e2013-01-15 14:11:45 -0500[diff] [blame]186 self.data.setup_test_user()
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]187 self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]188 self.data.test_user,
189 self.data.test_password,
190 'junktenant1234')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]191
192 @attr(type='negative')
193 def test_authentication_with_invalid_username(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]194 # Non-existent user's token should not get authenticated
ivan-zhufa2adf92013-01-13 00:18:25 +0800[diff] [blame]195 self.data.setup_test_user()
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]196 self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]197 'junkuser123', self.data.test_password,
198 self.data.test_tenant)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]199
200 @attr(type='negative')
201 def test_authentication_with_invalid_password(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]202 # User's token with invalid password should not be authenticated
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]203 self.data.setup_test_user()
204 self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
205 self.data.test_user, 'junkpass1234',
206 self.data.test_tenant)
207
208 @attr(type='positive')
209 def test_authentication_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]210 # Request for token authentication with a valid token in header
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]211 self.data.setup_test_user()
212 self.token_client.auth(self.data.test_user, self.data.test_password,
213 self.data.test_tenant)
214 # Get the token of the current client
215 token = self.client.get_auth()
216 # Delete the token from database
217 self.client.delete_token(token)
218 # Re-auth
219 resp, body = self.token_client.auth(self.data.test_user,
220 self.data.test_password,
221 self.data.test_tenant)
222 self.assertEqual('200', resp['status'])
223 self.client.clear_auth()
224
225 @attr(type='smoke')
226 def test_get_users(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]227 # Get a list of users and find the test user
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]228 self.data.setup_test_user()
229 resp, users = self.client.get_users()
230 self.assertIn(self.data.test_user, [u['name'] for u in users],
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]231 "Could not find %s" % self.data.test_user)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]232
233 @attr(type='negative')
234 def test_get_users_by_unauthorized_user(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]235 # Non admin user should not be authorized to get user list
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]236 self.data.setup_test_user()
237 self.assertRaises(exceptions.Unauthorized,
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]238 self.non_admin_client.get_users)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]239
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]240 @attr(type='negative')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]241 def test_get_users_request_without_token(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]242 # Request to get list of users without a valid token should fail
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]243 token = self.client.get_auth()
244 self.client.delete_token(token)
245 self.assertRaises(exceptions.Unauthorized, self.client.get_users)
246 self.client.clear_auth()
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]247
248 @attr(type='positive')
249 def test_list_users_for_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]250 # Return a list of all users for a tenant
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]251 self.data.setup_test_tenant()
252 user_ids = list()
253 fetched_user_ids = list()
254 resp, user1 = self.client.create_user('tenant_user1', 'password1',
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]255 self.data.tenant['id'],
256 'user1@123')
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]257 user_ids.append(user1['id'])
258 self.data.users.append(user1)
259 resp, user2 = self.client.create_user('tenant_user2', 'password2',
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]260 self.data.tenant['id'],
261 'user2@123')
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]262 user_ids.append(user2['id'])
263 self.data.users.append(user2)
264 #List of users for the respective tenant ID
265 resp, body = self.client.list_users_for_tenant(self.data.tenant['id'])
266 self.assertTrue(resp['status'].startswith('2'))
267 for i in body:
268 fetched_user_ids.append(i['id'])
269 #verifying the user Id in the list
270 missing_users =\
271 [user for user in user_ids if user not in fetched_user_ids]
272 self.assertEqual(0, len(missing_users),
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]273 "Failed to find user %s in fetched list" %
274 ', '.join(m_user for m_user in missing_users))
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]275
276 @attr(type='positive')
277 def test_list_users_with_roles_for_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]278 # Return list of users on tenant when roles are assigned to users
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]279 self.data.setup_test_user()
280 self.data.setup_test_role()
281 user = self.get_user_by_name(self.data.test_user)
282 tenant = self.get_tenant_by_name(self.data.test_tenant)
283 role = self.get_role_by_name(self.data.test_role)
284 #Assigning roles to two users
285 user_ids = list()
286 fetched_user_ids = list()
287 user_ids.append(user['id'])
288 self.client.assign_user_role(tenant['id'], user['id'], role['id'])
289 resp, second_user = self.client.create_user('second_user', 'password1',
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]290 self.data.tenant['id'],
291 'user1@123')
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]292 user_ids.append(second_user['id'])
293 self.data.users.append(second_user)
294 self.client.assign_user_role(tenant['id'], second_user['id'],
295 role['id'])
296 #List of users with roles for the respective tenant ID
297 resp, body = self.client.list_users_for_tenant(self.data.tenant['id'])
298 self.assertTrue(resp['status'].startswith('2'))
299 for i in body:
300 fetched_user_ids.append(i['id'])
301 #verifying the user Id in the list
302 missing_users =\
303 [user for user in user_ids if user not in fetched_user_ids]
304 self.assertEqual(0, len(missing_users),
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]305 "Failed to find user %s in fetched list" %
306 ', '.join(m_user for m_user in missing_users))
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]307
308 @attr(type='negative')
309 def test_list_users_with_invalid_tenant(self):
Sean Dague46c4a2b2013-01-03 17:54:17 -0500[diff] [blame]310 # Should not be able to return a list of all
311 # users for a nonexistant tenant
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]312 #Assign invalid tenant ids
313 invalid_id = list()
314 invalid_id.append(rand_name('999'))
315 invalid_id.append('alpha')
316 invalid_id.append(rand_name("dddd@#%%^$"))
317 invalid_id.append('!@#()$%^&*?<>{}[]')
318 #List the users with invalid tenant id
319 fail = list()
320 for invalid in invalid_id:
321 try:
322 resp, body = self.client.list_users_for_tenant(invalid)
323 except exceptions.NotFound:
324 pass
325 else:
326 fail.append(invalid)
327 if len(fail) != 0:
328 self.fail('Should raise Not Found when list users with invalid'
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]329 'tenant ids %s' % fail)
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]330
331
332class UsersTestJSON(base.BaseIdentityAdminTestJSON,
333 UsersTestBase):
334 @classmethod
335 def setUpClass(cls):
336 super(UsersTestJSON, cls).setUpClass()
337
338
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]339class UsersTestXML(base.BaseIdentityAdminTestXML, UsersTestBase):
Vincent Hou6b8a7b72012-08-25 01:24:33 +0800[diff] [blame]340 @classmethod
341 def setUpClass(cls):
342 super(UsersTestXML, cls).setUpClass()