Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / eed21d7a1c0b3e5620960de9878ac9df0d2907fa / . / tempest / api / identity / base.py
blob: 9edccbb45f5da86e1cf168b4324be531f42d7363 [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]1# Copyright 2012 OpenStack Foundation
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]16from tempest import config
Ken'ichi Ohmichi7bd25752017-03-10 10:45:39 -0800[diff] [blame]17from tempest.lib.common.utils import data_utils
Samantha Blancodf33c782017-03-06 14:29:52 -0500[diff] [blame]18from tempest.lib.common.utils import test_utils
Attila Fazekasdc216422013-01-29 15:12:14 +0100[diff] [blame]19import tempest.test
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]20
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]21CONF = config.CONF
22
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]23
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]24class BaseIdentityTest(tempest.test.BaseTestCase):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]25
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]26 @classmethod
Jordan Pittierf7da5e52016-09-06 18:00:52 +0200[diff] [blame]27 def setup_credentials(cls):
28 # Create no network resources for these test.
29 cls.set_network_resources()
30 super(BaseIdentityTest, cls).setup_credentials()
31
32 @classmethod
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]33 def disable_user(cls, user_name):
34 user = cls.get_user_by_name(user_name)
ghanshyam9c257a72016-06-21 10:15:10 +0900[diff] [blame]35 cls.users_client.update_user_enabled(user['id'], enabled=False)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]36
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]37 @classmethod
38 def disable_tenant(cls, tenant_name):
39 tenant = cls.get_tenant_by_name(tenant_name)
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]40 cls.tenants_client.update_tenant(tenant['id'], enabled=False)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]41
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]42 @classmethod
Tom Cocozzello5544c172016-02-23 17:50:28 -0600[diff] [blame]43 def get_user_by_name(cls, name, domain_id=None):
44 if domain_id:
45 params = {'domain_id': domain_id}
ghanshyam7f817db2016-08-01 18:37:13 +0900[diff] [blame]46 users = cls.users_client.list_users(**params)['users']
Tom Cocozzello5544c172016-02-23 17:50:28 -0600[diff] [blame]47 else:
48 users = cls.users_client.list_users()['users']
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]49 user = [u for u in users if u['name'] == name]
Masayuki Igawa0c0f0142017-04-10 17:22:02 +0900[diff] [blame]50 if user:
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]51 return user[0]
52
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]53 @classmethod
54 def get_tenant_by_name(cls, name):
55 try:
Daniel Melladob04da902015-11-20 17:43:12 +0100[diff] [blame]56 tenants = cls.tenants_client.list_tenants()['tenants']
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]57 except AttributeError:
Yaroslav Lobankov47a93ab2016-02-07 16:32:49 -0600[diff] [blame]58 tenants = cls.projects_client.list_projects()['projects']
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]59 tenant = [t for t in tenants if t['name'] == name]
Masayuki Igawa0c0f0142017-04-10 17:22:02 +0900[diff] [blame]60 if tenant:
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]61 return tenant[0]
62
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]63 @classmethod
64 def get_role_by_name(cls, name):
Daniel Mellado6b16b922015-12-07 12:43:08 +0000[diff] [blame]65 roles = cls.roles_client.list_roles()['roles']
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]66 role = [r for r in roles if r['name'] == name]
Masayuki Igawa0c0f0142017-04-10 17:22:02 +0900[diff] [blame]67 if role:
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]68 return role[0]
69
zhufl75d51a92017-04-11 16:02:39 +0800[diff] [blame]70 def create_test_user(self, **kwargs):
Nicolas Helgesondffb8672017-01-26 14:43:06 -0800[diff] [blame]71 if kwargs.get('password', None) is None:
zhufl75d51a92017-04-11 16:02:39 +0800[diff] [blame]72 kwargs['password'] = data_utils.rand_password()
73 if 'name' not in kwargs:
74 kwargs['name'] = data_utils.rand_name('test_user')
75 if 'email' not in kwargs:
76 kwargs['email'] = kwargs['name'] + '@testmail.tm'
77
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]78 user = self.users_client.create_user(**kwargs)['user']
79 # Delete the user at the end of the test
Samantha Blancodf33c782017-03-06 14:29:52 -0500[diff] [blame]80 self.addCleanup(
81 test_utils.call_and_ignore_notfound_exc,
82 self.users_client.delete_user, user['id'])
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]83 return user
84
zhufl66b616a2017-04-11 15:00:32 +0800[diff] [blame]85 def setup_test_role(self, name=None, domain_id=None):
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]86 """Set up a test role."""
zhufl66b616a2017-04-11 15:00:32 +0800[diff] [blame]87 params = {'name': name or data_utils.rand_name('test_role')}
Rodrigo Duarte34a65122017-01-27 11:28:26 -0300[diff] [blame]88 if domain_id:
89 params['domain_id'] = domain_id
90
91 role = self.roles_client.create_role(**params)['role']
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]92 # Delete the role at the end of the test
Samantha Blancodf33c782017-03-06 14:29:52 -0500[diff] [blame]93 self.addCleanup(
94 test_utils.call_and_ignore_notfound_exc,
95 self.roles_client.delete_role, role['id'])
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]96 return role
97
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]98
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]99class BaseIdentityV2Test(BaseIdentityTest):
100
Andrea Frittolib21de6c2015-02-06 20:12:38 +0000[diff] [blame]101 credentials = ['primary']
102
Andrea Frittoli (andreaf)41601412015-05-12 16:39:03 +0100[diff] [blame]103 # identity v2 tests should obtain tokens and create accounts via v2
104 # regardless of the configured CONF.identity.auth_version
105 identity_version = 'v2'
Rohan Kanadeb645e172015-02-05 17:38:59 +0530[diff] [blame]106
107 @classmethod
108 def setup_clients(cls):
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]109 super(BaseIdentityV2Test, cls).setup_clients()
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]110 cls.non_admin_client = cls.os_primary.identity_public_client
111 cls.non_admin_token_client = cls.os_primary.token_client
112 cls.non_admin_tenants_client = cls.os_primary.tenants_public_client
113 cls.non_admin_users_client = cls.os_primary.users_public_client
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]114
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]115
116class BaseIdentityV2AdminTest(BaseIdentityV2Test):
117
Andrea Frittoli (andreaf)41601412015-05-12 16:39:03 +0100[diff] [blame]118 credentials = ['primary', 'admin']
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]119
Andrea Frittoli00882b62016-12-19 23:22:44 +0000[diff] [blame]120 # NOTE(andreaf) Identity tests work with credentials, so it is safer
121 # for them to always use disposable credentials. Forcing dynamic creds
122 # on regular identity tests would be however to restrictive, since it
123 # would prevent any identity test from being executed against clouds where
124 # admin credentials are not available.
125 # Since All admin tests require admin credentials to be
126 # executed, so this will not impact the ability to execute tests.
127 force_tenant_isolation = True
128
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]129 @classmethod
Andrea Frittoli1413ba92017-04-21 14:33:23 +0100[diff] [blame]130 def skip_checks(cls):
131 super(BaseIdentityV2AdminTest, cls).skip_checks()
132 if not CONF.identity_feature_enabled.api_v2_admin:
133 raise cls.skipException('Identity v2 admin not available')
134
135 @classmethod
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]136 def setup_clients(cls):
Rohan Kanadeb645e172015-02-05 17:38:59 +0530[diff] [blame]137 super(BaseIdentityV2AdminTest, cls).setup_clients()
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]138 cls.client = cls.os_admin.identity_client
139 cls.non_admin_client = cls.os_primary.identity_client
140 cls.token_client = cls.os_admin.token_client
141 cls.tenants_client = cls.os_admin.tenants_client
142 cls.non_admin_tenants_client = cls.os_primary.tenants_client
143 cls.roles_client = cls.os_admin.roles_client
144 cls.non_admin_roles_client = cls.os_primary.roles_client
145 cls.users_client = cls.os_admin.users_client
146 cls.non_admin_users_client = cls.os_primary.users_client
147 cls.services_client = cls.os_admin.identity_services_client
148 cls.endpoints_client = cls.os_admin.endpoints_client
Rohan Kanadeb645e172015-02-05 17:38:59 +0530[diff] [blame]149
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]150 @classmethod
Rohan Kanadeb645e172015-02-05 17:38:59 +0530[diff] [blame]151 def resource_setup(cls):
152 super(BaseIdentityV2AdminTest, cls).resource_setup()
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]153 cls.projects_client = cls.tenants_client
Rohan Kanadeb645e172015-02-05 17:38:59 +0530[diff] [blame]154
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]155 def setup_test_user(self, password=None):
156 """Set up a test user."""
157 tenant = self.setup_test_tenant()
zhufl75d51a92017-04-11 16:02:39 +0800[diff] [blame]158 user = self.create_test_user(tenantId=tenant['id'], password=password)
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]159 return user
160
zhufl963d2c32017-04-20 15:44:58 +0800[diff] [blame]161 def setup_test_tenant(self, **kwargs):
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]162 """Set up a test tenant."""
zhufl963d2c32017-04-20 15:44:58 +0800[diff] [blame]163 if 'name' not in kwargs:
164 kwargs['name'] = data_utils.rand_name('test_tenant')
165 if 'description' not in kwargs:
166 kwargs['description'] = data_utils.rand_name('desc')
167 tenant = self.projects_client.create_tenant(**kwargs)['tenant']
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]168 # Delete the tenant at the end of the test
Samantha Blancodf33c782017-03-06 14:29:52 -0500[diff] [blame]169 self.addCleanup(
170 test_utils.call_and_ignore_notfound_exc,
171 self.tenants_client.delete_tenant, tenant['id'])
Castulo J. Martineze3adee42016-07-14 10:40:08 -0700[diff] [blame]172 return tenant
173
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]174
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]175class BaseIdentityV3Test(BaseIdentityTest):
176
Andrea Frittolib21de6c2015-02-06 20:12:38 +0000[diff] [blame]177 credentials = ['primary']
178
Andrea Frittoli (andreaf)41601412015-05-12 16:39:03 +0100[diff] [blame]179 # identity v3 tests should obtain tokens and create accounts via v3
180 # regardless of the configured CONF.identity.auth_version
181 identity_version = 'v3'
Rohan Kanadeb645e172015-02-05 17:38:59 +0530[diff] [blame]182
183 @classmethod
184 def setup_clients(cls):
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]185 super(BaseIdentityV3Test, cls).setup_clients()
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]186 cls.non_admin_client = cls.os_primary.identity_v3_client
187 cls.non_admin_users_client = cls.os_primary.users_v3_client
188 cls.non_admin_token = cls.os_primary.token_v3_client
189 cls.non_admin_projects_client = cls.os_primary.projects_client
Megan Guineyd0295162017-05-23 23:57:53 -0700[diff] [blame]190 cls.non_admin_catalog_client = cls.os_primary.catalog_client
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]191 cls.non_admin_versions_client =\
192 cls.os_primary.identity_versions_v3_client
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]193
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]194
195class BaseIdentityV3AdminTest(BaseIdentityV3Test):
196
Andrea Frittoli (andreaf)41601412015-05-12 16:39:03 +0100[diff] [blame]197 credentials = ['primary', 'admin']
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]198
Andrea Frittoli00882b62016-12-19 23:22:44 +0000[diff] [blame]199 # NOTE(andreaf) Identity tests work with credentials, so it is safer
200 # for them to always use disposable credentials. Forcing dynamic creds
201 # on regular identity tests would be however to restrictive, since it
202 # would prevent any identity test from being executed against clouds where
203 # admin credentials are not available.
204 # Since All admin tests require admin credentials to be
205 # executed, so this will not impact the ability to execute tests.
206 force_tenant_isolation = True
207
Chris Hoge4f6117a2015-03-20 12:39:33 -0500[diff] [blame]208 @classmethod
209 def setup_clients(cls):
Rohan Kanadeb645e172015-02-05 17:38:59 +0530[diff] [blame]210 super(BaseIdentityV3AdminTest, cls).setup_clients()
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]211 cls.client = cls.os_admin.identity_v3_client
212 cls.domains_client = cls.os_admin.domains_client
213 cls.users_client = cls.os_admin.users_v3_client
214 cls.trusts_client = cls.os_admin.trusts_client
215 cls.roles_client = cls.os_admin.roles_v3_client
216 cls.inherited_roles_client = cls.os_admin.inherited_roles_client
217 cls.token = cls.os_admin.token_v3_client
218 cls.endpoints_client = cls.os_admin.endpoints_v3_client
219 cls.regions_client = cls.os_admin.regions_client
220 cls.services_client = cls.os_admin.identity_services_v3_client
221 cls.policies_client = cls.os_admin.policies_client
222 cls.creds_client = cls.os_admin.credentials_client
223 cls.groups_client = cls.os_admin.groups_client
224 cls.projects_client = cls.os_admin.projects_client
Rodrigo Duarte12f8d4a2016-07-08 11:53:53 -0300[diff] [blame]225 cls.role_assignments = cls.os_admin.role_assignments_client
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]226 cls.oauth_consumers_client = cls.os_admin.oauth_consumers_client
Hemanth Nakkinad9594f52017-04-19 11:14:40 +0530[diff] [blame]227 cls.oauth_token_client = cls.os_admin.oauth_token_client
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]228 cls.domain_config_client = cls.os_admin.domain_config_client
229 cls.endpoint_filter_client = cls.os_admin.endpoint_filter_client
Chi Lod0ed8b02017-04-22 05:35:53 -0500[diff] [blame]230 cls.endpoint_groups_client = cls.os_admin.endpoint_groups_client
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]231
Andrea Frittoli (andreaf)100d18d2016-05-05 23:34:52 +0100[diff] [blame]232 if CONF.identity.admin_domain_scope:
233 # NOTE(andreaf) When keystone policy requires it, the identity
234 # admin clients for these tests shall use 'domain' scoped tokens.
235 # As the client manager is already created by the base class,
236 # we set the scope for the inner auth provider.
Jordan Pittier8160d312017-04-18 11:52:23 +0200[diff] [blame]237 cls.os_admin.auth_provider.scope = 'domain'
Yaroslav Lobankov997a1452015-11-19 17:11:37 +0300[diff] [blame]238
Yaroslav Lobankov2c2f0362016-01-13 18:07:22 +0300[diff] [blame]239 @classmethod
Tom Cocozzello5544c172016-02-23 17:50:28 -0600[diff] [blame]240 def disable_user(cls, user_name, domain_id=None):
241 user = cls.get_user_by_name(user_name, domain_id)
ghanshyam7f817db2016-08-01 18:37:13 +0900[diff] [blame]242 cls.users_client.update_user(user['id'], name=user_name, enabled=False)
BinBin Congc6e8ef52015-11-20 02:08:46 -0500[diff] [blame]243
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]244 @classmethod
zhufl2b33c1a2017-04-24 17:33:48 +0800[diff] [blame]245 def create_domain(cls, **kwargs):
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]246 """Create a domain."""
zhufl2b33c1a2017-04-24 17:33:48 +0800[diff] [blame]247 if 'name' not in kwargs:
248 kwargs['name'] = data_utils.rand_name('test_domain')
249 if 'description' not in kwargs:
250 kwargs['description'] = data_utils.rand_name('desc')
251 domain = cls.domains_client.create_domain(**kwargs)['domain']
zhufleed21d72017-11-07 13:03:31 +0800[diff] [blame^]252 cls.addClassResourceCleanup(test_utils.call_and_ignore_notfound_exc,
253 cls.delete_domain, domain['id'])
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]254 return domain
255
zhufleed21d72017-11-07 13:03:31 +0800[diff] [blame^]256 @classmethod
257 def delete_domain(cls, domain_id):
Martin Pavlasek4c3f2ab2014-04-15 17:15:15 +0200[diff] [blame]258 # NOTE(mpavlase) It is necessary to disable the domain before deleting
259 # otherwise it raises Forbidden exception
zhufleed21d72017-11-07 13:03:31 +0800[diff] [blame^]260 cls.domains_client.update_domain(domain_id, enabled=False)
261 cls.domains_client.delete_domain(domain_id)
Martin Pavlasek4c3f2ab2014-04-15 17:15:15 +0200[diff] [blame]262
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]263 def setup_test_user(self, password=None):
264 """Set up a test user."""
265 project = self.setup_test_project()
zhufl75d51a92017-04-11 16:02:39 +0800[diff] [blame]266 user = self.create_test_user(project_id=project['id'],
267 password=password)
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]268 return user
269
zhuflf2f47052017-04-20 15:08:02 +0800[diff] [blame]270 def setup_test_project(self, **kwargs):
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]271 """Set up a test project."""
zhuflf2f47052017-04-20 15:08:02 +0800[diff] [blame]272 if 'name' not in kwargs:
273 kwargs['name'] = data_utils.rand_name('test_project')
274 if 'description' not in kwargs:
275 kwargs['description'] = data_utils.rand_name('test_description')
276 project = self.projects_client.create_project(**kwargs)['project']
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]277 # Delete the project at the end of the test
Samantha Blancodf33c782017-03-06 14:29:52 -0500[diff] [blame]278 self.addCleanup(
279 test_utils.call_and_ignore_notfound_exc,
280 self.projects_client.delete_project, project['id'])
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]281 return project
282
283 def setup_test_domain(self):
284 """Set up a test domain."""
285 domain = self.create_domain()
286 # Delete the domain at the end of the test
Samantha Blancodf33c782017-03-06 14:29:52 -0500[diff] [blame]287 self.addCleanup(
288 test_utils.call_and_ignore_notfound_exc,
289 self.delete_domain, domain['id'])
Castulo J. Martinez19b81b22016-07-15 08:58:25 -0700[diff] [blame]290 return domain