blob: d316ae1106174b5b660d665ff1e5187537be1dec [file] [log] [blame]
Steven Hardybf70c5c2013-10-30 21:55:16 +00001# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Steven Hardyc234ada2013-12-10 17:00:41 +000015import datetime
16import re
Steven Hardybf70c5c2013-10-30 21:55:16 +000017from tempest.api.identity import base
18from tempest import clients
19from tempest.common.utils.data_utils import rand_name
20from tempest import exceptions
Steven Hardyc234ada2013-12-10 17:00:41 +000021from tempest.openstack.common import timeutils
Steven Hardybf70c5c2013-10-30 21:55:16 +000022from tempest.test import attr
23
24
25class BaseTrustsV3Test(base.BaseIdentityAdminTest):
26
27 def setUp(self):
28 super(BaseTrustsV3Test, self).setUp()
29 # Use alt_username as the trustee
30 self.trustee_username = self.config.identity.alt_username
Steven Hardybf70c5c2013-10-30 21:55:16 +000031 self.trust_id = None
Steven Hardy776f4572013-12-23 21:42:48 +000032
33 def tearDown(self):
34 if self.trust_id:
35 # Do the delete in tearDown not addCleanup - we want the test to
36 # fail in the event there is a bug which causes undeletable trusts
37 self.delete_trust()
38 super(BaseTrustsV3Test, self).tearDown()
Steven Hardybf70c5c2013-10-30 21:55:16 +000039
40 def create_trustor_and_roles(self):
41 # Get trustor project ID, use the admin project
42 self.trustor_project_name = self.v3_client.tenant_name
43 self.trustor_project_id = self.get_tenant_by_name(
44 self.trustor_project_name)['id']
45 self.assertIsNotNone(self.trustor_project_id)
46
47 # Create a trustor User
48 self.trustor_username = rand_name('user-')
49 u_desc = self.trustor_username + 'description'
Steven Hardy68f95282014-01-10 17:40:31 +000050 u_email = self.trustor_username + '@testmail.xx'
Steven Hardybf70c5c2013-10-30 21:55:16 +000051 self.trustor_password = rand_name('pass-')
52 resp, user = self.v3_client.create_user(
53 self.trustor_username,
54 description=u_desc,
55 password=self.trustor_password,
56 email=u_email,
57 project_id=self.trustor_project_id)
58 self.assertEqual(resp['status'], '201')
59 self.trustor_user_id = user['id']
60
61 # And two roles, one we'll delegate and one we won't
62 self.delegated_role = rand_name('DelegatedRole-')
63 self.not_delegated_role = rand_name('NotDelegatedRole-')
64
65 resp, role = self.v3_client.create_role(self.delegated_role)
66 self.assertEqual(resp['status'], '201')
67 self.delegated_role_id = role['id']
68
69 resp, role = self.v3_client.create_role(self.not_delegated_role)
70 self.assertEqual(resp['status'], '201')
71 self.not_delegated_role_id = role['id']
72
73 # Assign roles to trustor
74 self.v3_client.assign_user_role(self.trustor_project_id,
75 self.trustor_user_id,
76 self.delegated_role_id)
77 self.v3_client.assign_user_role(self.trustor_project_id,
78 self.trustor_user_id,
79 self.not_delegated_role_id)
80
81 # Get trustee user ID, use the demo user
82 trustee_username = self.v3_non_admin_client.user
83 self.trustee_user_id = self.get_user_by_name(trustee_username)['id']
84 self.assertIsNotNone(self.trustee_user_id)
85
86 # Initialize a new client with the trustor credentials
87 os = clients.Manager(username=self.trustor_username,
88 password=self.trustor_password,
89 tenant_name=self.trustor_project_name,
90 interface=self._interface)
91 self.trustor_v3_client = os.identity_v3_client
92
Steven Hardy776f4572013-12-23 21:42:48 +000093 def cleanup_user_and_roles(self):
Steven Hardybf70c5c2013-10-30 21:55:16 +000094 if self.trustor_user_id:
95 self.v3_client.delete_user(self.trustor_user_id)
96 if self.delegated_role_id:
97 self.v3_client.delete_role(self.delegated_role_id)
98 if self.not_delegated_role_id:
99 self.v3_client.delete_role(self.not_delegated_role_id)
100
101 def create_trust(self, impersonate=True, expires=None):
102
103 resp, trust_create = self.trustor_v3_client.create_trust(
104 trustor_user_id=self.trustor_user_id,
105 trustee_user_id=self.trustee_user_id,
106 project_id=self.trustor_project_id,
107 role_names=[self.delegated_role],
108 impersonation=impersonate,
109 expires_at=expires)
110 self.assertEqual('201', resp['status'])
111 self.trust_id = trust_create['id']
112 return trust_create
113
114 def validate_trust(self, trust, impersonate=True, expires=None,
115 summary=False):
116 self.assertIsNotNone(trust['id'])
117 self.assertEqual(impersonate, trust['impersonation'])
Steven Hardyc234ada2013-12-10 17:00:41 +0000118 # FIXME(shardy): ref bug #1246383 we can't check the
119 # microsecond component of the expiry time, because mysql
120 # <5.6.4 doesn't support microseconds.
121 # expected format 2013-12-20T16:08:36.036987Z
122 if expires is not None:
123 expires_nousec = re.sub(r'\.([0-9]){6}Z', '', expires)
124 self.assertTrue(trust['expires_at'].startswith(expires_nousec))
125 else:
126 self.assertIsNone(trust['expires_at'])
Steven Hardybf70c5c2013-10-30 21:55:16 +0000127 self.assertEqual(self.trustor_user_id, trust['trustor_user_id'])
128 self.assertEqual(self.trustee_user_id, trust['trustee_user_id'])
129 self.assertIn('v3/OS-TRUST/trusts', trust['links']['self'])
130 self.assertEqual(self.trustor_project_id, trust['project_id'])
131 if not summary:
132 self.assertEqual(self.delegated_role, trust['roles'][0]['name'])
133 self.assertEqual(1, len(trust['roles']))
134
135 def get_trust(self):
136 resp, trust_get = self.trustor_v3_client.get_trust(self.trust_id)
137 self.assertEqual('200', resp['status'])
138 return trust_get
139
140 def validate_role(self, role):
141 self.assertEqual(self.delegated_role_id, role['id'])
142 self.assertEqual(self.delegated_role, role['name'])
143 self.assertIn('v3/roles/%s' % self.delegated_role_id,
144 role['links']['self'])
145 self.assertNotEqual(self.not_delegated_role_id, role['id'])
146 self.assertNotEqual(self.not_delegated_role, role['name'])
147 self.assertNotIn('v3/roles/%s' % self.not_delegated_role_id,
148 role['links']['self'])
149
150 def check_trust_roles(self):
151 # Check we find the delegated role
152 resp, roles_get = self.trustor_v3_client.get_trust_roles(
153 self.trust_id)
154 self.assertEqual('200', resp['status'])
155 self.assertEqual(1, len(roles_get))
156 self.validate_role(roles_get[0])
157
158 resp, role_get = self.trustor_v3_client.get_trust_role(
159 self.trust_id, self.delegated_role_id)
160 self.assertEqual('200', resp['status'])
161 self.validate_role(role_get)
162
163 resp, role_get = self.trustor_v3_client.check_trust_role(
164 self.trust_id, self.delegated_role_id)
165 self.assertEqual('204', resp['status'])
166
167 # And that we don't find not_delegated_role
168 self.assertRaises(exceptions.NotFound,
169 self.trustor_v3_client.get_trust_role,
170 self.trust_id,
171 self.not_delegated_role_id)
172
173 self.assertRaises(exceptions.NotFound,
174 self.trustor_v3_client.check_trust_role,
175 self.trust_id,
176 self.not_delegated_role_id)
177
178 def delete_trust(self):
179 resp, trust_delete = self.trustor_v3_client.delete_trust(self.trust_id)
180 self.assertEqual('204', resp['status'])
181 self.assertRaises(exceptions.NotFound,
182 self.trustor_v3_client.get_trust,
183 self.trust_id)
184 self.trust_id = None
185
186
187class TrustsV3TestJSON(BaseTrustsV3Test):
188 _interface = 'json'
189
190 def setUp(self):
191 super(TrustsV3TestJSON, self).setUp()
192 self.create_trustor_and_roles()
Steven Hardy68f95282014-01-10 17:40:31 +0000193 self.addCleanup(self.cleanup_user_and_roles)
Steven Hardybf70c5c2013-10-30 21:55:16 +0000194
195 @attr(type='smoke')
196 def test_trust_impersonate(self):
197 # Test case to check we can create, get and delete a trust
198 # updates are not supported for trusts
199 trust = self.create_trust()
200 self.validate_trust(trust)
201
202 trust_get = self.get_trust()
203 self.validate_trust(trust_get)
204
205 self.check_trust_roles()
206
Steven Hardybf70c5c2013-10-30 21:55:16 +0000207 @attr(type='smoke')
208 def test_trust_noimpersonate(self):
209 # Test case to check we can create, get and delete a trust
210 # with impersonation=False
211 trust = self.create_trust(impersonate=False)
212 self.validate_trust(trust, impersonate=False)
213
214 trust_get = self.get_trust()
215 self.validate_trust(trust_get, impersonate=False)
216
217 self.check_trust_roles()
218
Steven Hardybf70c5c2013-10-30 21:55:16 +0000219 @attr(type='smoke')
Steven Hardyc234ada2013-12-10 17:00:41 +0000220 def test_trust_expire(self):
221 # Test case to check we can create, get and delete a trust
222 # with an expiry specified
223 expires_at = timeutils.utcnow() + datetime.timedelta(hours=1)
224 expires_str = timeutils.isotime(at=expires_at, subsecond=True)
225
226 trust = self.create_trust(expires=expires_str)
227 self.validate_trust(trust, expires=expires_str)
228
229 trust_get = self.get_trust()
230
231 self.validate_trust(trust_get, expires=expires_str)
232
233 self.check_trust_roles()
234
Steven Hardyc234ada2013-12-10 17:00:41 +0000235 @attr(type='smoke')
Steven Hardybf70c5c2013-10-30 21:55:16 +0000236 def test_trust_expire_invalid(self):
237 # Test case to check we can check an invlaid expiry time
238 # is rejected with the correct error
239 # with an expiry specified
240 expires_str = 'bad.123Z'
241 self.assertRaises(exceptions.BadRequest,
242 self.create_trust,
243 expires=expires_str)
Steven Hardyf31fd2d2013-12-10 17:02:36 +0000244
245 @attr(type='smoke')
246 def test_get_trusts_query(self):
247 self.create_trust()
248 resp, trusts_get = self.trustor_v3_client.get_trusts(
249 trustor_user_id=self.trustor_user_id)
250 self.assertEqual('200', resp['status'])
251 self.assertEqual(1, len(trusts_get))
252 self.validate_trust(trusts_get[0], summary=True)
253
254 @attr(type='smoke')
255 def test_get_trusts_all(self):
256 self.create_trust()
257 resp, trusts_get = self.v3_client.get_trusts()
258 self.assertEqual('200', resp['status'])
259 trusts = [t for t in trusts_get
260 if t['id'] == self.trust_id]
261 self.assertEqual(1, len(trusts))
262 self.validate_trust(trusts[0], summary=True)