| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 1 | # Copyright 2013 Huawei Technologies Co.,LTD. |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 16 | from tempest.api.identity import base |
| Fei Long Wang | d39431f | 2015-05-14 11:30:48 +1200 | [diff] [blame] | 17 | from tempest.common.utils import data_utils |
| Matthew Treinish | 5c660ab | 2014-05-18 21:14:36 -0400 | [diff] [blame] | 18 | from tempest import test |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 19 | |
| 20 | |
| Matthew Treinish | db2c597 | 2014-01-31 22:18:59 +0000 | [diff] [blame] | 21 | class TokensTestJSON(base.BaseIdentityV2AdminTest): |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 22 | |
| Chris Hoge | 7579c1a | 2015-02-26 14:12:15 -0800 | [diff] [blame] | 23 | @test.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586') |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 24 | def test_create_get_delete_token(self): |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 25 | # get a token by username and password |
| Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 26 | user_name = data_utils.rand_name(name='user') |
| 27 | user_password = data_utils.rand_name(name='pass') |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 28 | # first:create a tenant |
| Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 29 | tenant_name = data_utils.rand_name(name='tenant') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 30 | tenant = self.client.create_tenant(tenant_name) |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 31 | self.data.tenants.append(tenant) |
| 32 | # second:create a user |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 33 | user = self.client.create_user(user_name, user_password, |
| 34 | tenant['id'], '') |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 35 | self.data.users.append(user) |
| 36 | # then get a token for the user |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 37 | body = self.token_client.auth(user_name, |
| 38 | user_password, |
| 39 | tenant['name']) |
| Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 40 | self.assertEqual(body['token']['tenant']['name'], |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 41 | tenant['name']) |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 42 | # Perform GET Token |
| Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 43 | token_id = body['token']['id'] |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 44 | token_details = self.client.get_token(token_id) |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 45 | self.assertEqual(token_id, token_details['token']['id']) |
| 46 | self.assertEqual(user['id'], token_details['user']['id']) |
| 47 | self.assertEqual(user_name, token_details['user']['name']) |
| 48 | self.assertEqual(tenant['name'], |
| 49 | token_details['token']['tenant']['name']) |
| 50 | # then delete the token |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 51 | self.client.delete_token(token_id) |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 52 | |
| Chris Hoge | 7579c1a | 2015-02-26 14:12:15 -0800 | [diff] [blame] | 53 | @test.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e') |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 54 | def test_rescope_token(self): |
| 55 | """An unscoped token can be requested, that token can be used to |
| 56 | request a scoped token. |
| 57 | """ |
| 58 | |
| 59 | # Create a user. |
| Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 60 | user_name = data_utils.rand_name(name='user') |
| 61 | user_password = data_utils.rand_name(name='pass') |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 62 | tenant_id = None # No default tenant so will get unscoped token. |
| 63 | email = '' |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 64 | user = self.client.create_user(user_name, user_password, |
| 65 | tenant_id, email) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 66 | self.data.users.append(user) |
| 67 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 68 | # Create a couple tenants. |
| Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 69 | tenant1_name = data_utils.rand_name(name='tenant') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 70 | tenant1 = self.client.create_tenant(tenant1_name) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 71 | self.data.tenants.append(tenant1) |
| 72 | |
| Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 73 | tenant2_name = data_utils.rand_name(name='tenant') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 74 | tenant2 = self.client.create_tenant(tenant2_name) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 75 | self.data.tenants.append(tenant2) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 76 | |
| 77 | # Create a role |
| Ken'ichi Ohmichi | 9650847 | 2015-03-23 01:43:42 +0000 | [diff] [blame] | 78 | role_name = data_utils.rand_name(name='role') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 79 | role = self.client.create_role(role_name) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 80 | self.data.roles.append(role) |
| 81 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 82 | # Grant the user the role on the tenants. |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 83 | self.client.assign_user_role(tenant1['id'], user['id'], |
| 84 | role['id']) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 85 | |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 86 | self.client.assign_user_role(tenant2['id'], user['id'], |
| 87 | role['id']) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 88 | |
| 89 | # Get an unscoped token. |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 90 | body = self.token_client.auth(user_name, user_password) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 91 | |
| 92 | token_id = body['token']['id'] |
| 93 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 94 | # Use the unscoped token to get a token scoped to tenant1 |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 95 | body = self.token_client.auth_token(token_id, |
| 96 | tenant=tenant1_name) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 97 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 98 | scoped_token_id = body['token']['id'] |
| 99 | |
| 100 | # Revoke the scoped token |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 101 | self.client.delete_token(scoped_token_id) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 102 | |
| 103 | # Use the unscoped token to get a token scoped to tenant2 |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 104 | body = self.token_client.auth_token(token_id, |
| 105 | tenant=tenant2_name) |