Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 |
| 2 | |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 4 | # not use this file except in compliance with the License. You may obtain |
| 5 | # a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 12 | # License for the specific language governing permissions and limitations |
| 13 | # under the License. |
| 14 | |
Steven Hardy | c234ada | 2013-12-10 17:00:41 +0000 | [diff] [blame] | 15 | import datetime |
| 16 | import re |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 17 | from tempest.api.identity import base |
| 18 | from tempest import clients |
| 19 | from tempest.common.utils.data_utils import rand_name |
| 20 | from tempest import exceptions |
Steven Hardy | c234ada | 2013-12-10 17:00:41 +0000 | [diff] [blame] | 21 | from tempest.openstack.common import timeutils |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 22 | from tempest.test import attr |
| 23 | |
| 24 | |
| 25 | class BaseTrustsV3Test(base.BaseIdentityAdminTest): |
| 26 | |
| 27 | def setUp(self): |
| 28 | super(BaseTrustsV3Test, self).setUp() |
| 29 | # Use alt_username as the trustee |
| 30 | self.trustee_username = self.config.identity.alt_username |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 31 | self.trust_id = None |
Steven Hardy | 776f457 | 2013-12-23 21:42:48 +0000 | [diff] [blame] | 32 | |
| 33 | def tearDown(self): |
| 34 | if self.trust_id: |
| 35 | # Do the delete in tearDown not addCleanup - we want the test to |
| 36 | # fail in the event there is a bug which causes undeletable trusts |
| 37 | self.delete_trust() |
| 38 | super(BaseTrustsV3Test, self).tearDown() |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 39 | |
| 40 | def create_trustor_and_roles(self): |
| 41 | # Get trustor project ID, use the admin project |
| 42 | self.trustor_project_name = self.v3_client.tenant_name |
| 43 | self.trustor_project_id = self.get_tenant_by_name( |
| 44 | self.trustor_project_name)['id'] |
| 45 | self.assertIsNotNone(self.trustor_project_id) |
| 46 | |
| 47 | # Create a trustor User |
| 48 | self.trustor_username = rand_name('user-') |
| 49 | u_desc = self.trustor_username + 'description' |
Steven Hardy | 68f9528 | 2014-01-10 17:40:31 +0000 | [diff] [blame] | 50 | u_email = self.trustor_username + '@testmail.xx' |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 51 | self.trustor_password = rand_name('pass-') |
| 52 | resp, user = self.v3_client.create_user( |
| 53 | self.trustor_username, |
| 54 | description=u_desc, |
| 55 | password=self.trustor_password, |
| 56 | email=u_email, |
| 57 | project_id=self.trustor_project_id) |
| 58 | self.assertEqual(resp['status'], '201') |
| 59 | self.trustor_user_id = user['id'] |
| 60 | |
| 61 | # And two roles, one we'll delegate and one we won't |
| 62 | self.delegated_role = rand_name('DelegatedRole-') |
| 63 | self.not_delegated_role = rand_name('NotDelegatedRole-') |
| 64 | |
| 65 | resp, role = self.v3_client.create_role(self.delegated_role) |
| 66 | self.assertEqual(resp['status'], '201') |
| 67 | self.delegated_role_id = role['id'] |
| 68 | |
| 69 | resp, role = self.v3_client.create_role(self.not_delegated_role) |
| 70 | self.assertEqual(resp['status'], '201') |
| 71 | self.not_delegated_role_id = role['id'] |
| 72 | |
| 73 | # Assign roles to trustor |
| 74 | self.v3_client.assign_user_role(self.trustor_project_id, |
| 75 | self.trustor_user_id, |
| 76 | self.delegated_role_id) |
| 77 | self.v3_client.assign_user_role(self.trustor_project_id, |
| 78 | self.trustor_user_id, |
| 79 | self.not_delegated_role_id) |
| 80 | |
| 81 | # Get trustee user ID, use the demo user |
| 82 | trustee_username = self.v3_non_admin_client.user |
| 83 | self.trustee_user_id = self.get_user_by_name(trustee_username)['id'] |
| 84 | self.assertIsNotNone(self.trustee_user_id) |
| 85 | |
| 86 | # Initialize a new client with the trustor credentials |
| 87 | os = clients.Manager(username=self.trustor_username, |
| 88 | password=self.trustor_password, |
| 89 | tenant_name=self.trustor_project_name, |
| 90 | interface=self._interface) |
| 91 | self.trustor_v3_client = os.identity_v3_client |
| 92 | |
Steven Hardy | 776f457 | 2013-12-23 21:42:48 +0000 | [diff] [blame] | 93 | def cleanup_user_and_roles(self): |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 94 | if self.trustor_user_id: |
| 95 | self.v3_client.delete_user(self.trustor_user_id) |
| 96 | if self.delegated_role_id: |
| 97 | self.v3_client.delete_role(self.delegated_role_id) |
| 98 | if self.not_delegated_role_id: |
| 99 | self.v3_client.delete_role(self.not_delegated_role_id) |
| 100 | |
| 101 | def create_trust(self, impersonate=True, expires=None): |
| 102 | |
| 103 | resp, trust_create = self.trustor_v3_client.create_trust( |
| 104 | trustor_user_id=self.trustor_user_id, |
| 105 | trustee_user_id=self.trustee_user_id, |
| 106 | project_id=self.trustor_project_id, |
| 107 | role_names=[self.delegated_role], |
| 108 | impersonation=impersonate, |
| 109 | expires_at=expires) |
| 110 | self.assertEqual('201', resp['status']) |
| 111 | self.trust_id = trust_create['id'] |
| 112 | return trust_create |
| 113 | |
| 114 | def validate_trust(self, trust, impersonate=True, expires=None, |
| 115 | summary=False): |
| 116 | self.assertIsNotNone(trust['id']) |
| 117 | self.assertEqual(impersonate, trust['impersonation']) |
Steven Hardy | c234ada | 2013-12-10 17:00:41 +0000 | [diff] [blame] | 118 | # FIXME(shardy): ref bug #1246383 we can't check the |
| 119 | # microsecond component of the expiry time, because mysql |
| 120 | # <5.6.4 doesn't support microseconds. |
| 121 | # expected format 2013-12-20T16:08:36.036987Z |
| 122 | if expires is not None: |
| 123 | expires_nousec = re.sub(r'\.([0-9]){6}Z', '', expires) |
| 124 | self.assertTrue(trust['expires_at'].startswith(expires_nousec)) |
| 125 | else: |
| 126 | self.assertIsNone(trust['expires_at']) |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 127 | self.assertEqual(self.trustor_user_id, trust['trustor_user_id']) |
| 128 | self.assertEqual(self.trustee_user_id, trust['trustee_user_id']) |
| 129 | self.assertIn('v3/OS-TRUST/trusts', trust['links']['self']) |
| 130 | self.assertEqual(self.trustor_project_id, trust['project_id']) |
| 131 | if not summary: |
| 132 | self.assertEqual(self.delegated_role, trust['roles'][0]['name']) |
| 133 | self.assertEqual(1, len(trust['roles'])) |
| 134 | |
| 135 | def get_trust(self): |
| 136 | resp, trust_get = self.trustor_v3_client.get_trust(self.trust_id) |
| 137 | self.assertEqual('200', resp['status']) |
| 138 | return trust_get |
| 139 | |
| 140 | def validate_role(self, role): |
| 141 | self.assertEqual(self.delegated_role_id, role['id']) |
| 142 | self.assertEqual(self.delegated_role, role['name']) |
| 143 | self.assertIn('v3/roles/%s' % self.delegated_role_id, |
| 144 | role['links']['self']) |
| 145 | self.assertNotEqual(self.not_delegated_role_id, role['id']) |
| 146 | self.assertNotEqual(self.not_delegated_role, role['name']) |
| 147 | self.assertNotIn('v3/roles/%s' % self.not_delegated_role_id, |
| 148 | role['links']['self']) |
| 149 | |
| 150 | def check_trust_roles(self): |
| 151 | # Check we find the delegated role |
| 152 | resp, roles_get = self.trustor_v3_client.get_trust_roles( |
| 153 | self.trust_id) |
| 154 | self.assertEqual('200', resp['status']) |
| 155 | self.assertEqual(1, len(roles_get)) |
| 156 | self.validate_role(roles_get[0]) |
| 157 | |
| 158 | resp, role_get = self.trustor_v3_client.get_trust_role( |
| 159 | self.trust_id, self.delegated_role_id) |
| 160 | self.assertEqual('200', resp['status']) |
| 161 | self.validate_role(role_get) |
| 162 | |
| 163 | resp, role_get = self.trustor_v3_client.check_trust_role( |
| 164 | self.trust_id, self.delegated_role_id) |
| 165 | self.assertEqual('204', resp['status']) |
| 166 | |
| 167 | # And that we don't find not_delegated_role |
| 168 | self.assertRaises(exceptions.NotFound, |
| 169 | self.trustor_v3_client.get_trust_role, |
| 170 | self.trust_id, |
| 171 | self.not_delegated_role_id) |
| 172 | |
| 173 | self.assertRaises(exceptions.NotFound, |
| 174 | self.trustor_v3_client.check_trust_role, |
| 175 | self.trust_id, |
| 176 | self.not_delegated_role_id) |
| 177 | |
| 178 | def delete_trust(self): |
| 179 | resp, trust_delete = self.trustor_v3_client.delete_trust(self.trust_id) |
| 180 | self.assertEqual('204', resp['status']) |
| 181 | self.assertRaises(exceptions.NotFound, |
| 182 | self.trustor_v3_client.get_trust, |
| 183 | self.trust_id) |
| 184 | self.trust_id = None |
| 185 | |
| 186 | |
| 187 | class TrustsV3TestJSON(BaseTrustsV3Test): |
| 188 | _interface = 'json' |
| 189 | |
| 190 | def setUp(self): |
| 191 | super(TrustsV3TestJSON, self).setUp() |
| 192 | self.create_trustor_and_roles() |
Steven Hardy | 68f9528 | 2014-01-10 17:40:31 +0000 | [diff] [blame] | 193 | self.addCleanup(self.cleanup_user_and_roles) |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 194 | |
| 195 | @attr(type='smoke') |
| 196 | def test_trust_impersonate(self): |
| 197 | # Test case to check we can create, get and delete a trust |
| 198 | # updates are not supported for trusts |
| 199 | trust = self.create_trust() |
| 200 | self.validate_trust(trust) |
| 201 | |
| 202 | trust_get = self.get_trust() |
| 203 | self.validate_trust(trust_get) |
| 204 | |
| 205 | self.check_trust_roles() |
| 206 | |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 207 | @attr(type='smoke') |
| 208 | def test_trust_noimpersonate(self): |
| 209 | # Test case to check we can create, get and delete a trust |
| 210 | # with impersonation=False |
| 211 | trust = self.create_trust(impersonate=False) |
| 212 | self.validate_trust(trust, impersonate=False) |
| 213 | |
| 214 | trust_get = self.get_trust() |
| 215 | self.validate_trust(trust_get, impersonate=False) |
| 216 | |
| 217 | self.check_trust_roles() |
| 218 | |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 219 | @attr(type='smoke') |
Steven Hardy | c234ada | 2013-12-10 17:00:41 +0000 | [diff] [blame] | 220 | def test_trust_expire(self): |
| 221 | # Test case to check we can create, get and delete a trust |
| 222 | # with an expiry specified |
| 223 | expires_at = timeutils.utcnow() + datetime.timedelta(hours=1) |
| 224 | expires_str = timeutils.isotime(at=expires_at, subsecond=True) |
| 225 | |
| 226 | trust = self.create_trust(expires=expires_str) |
| 227 | self.validate_trust(trust, expires=expires_str) |
| 228 | |
| 229 | trust_get = self.get_trust() |
| 230 | |
| 231 | self.validate_trust(trust_get, expires=expires_str) |
| 232 | |
| 233 | self.check_trust_roles() |
| 234 | |
Steven Hardy | c234ada | 2013-12-10 17:00:41 +0000 | [diff] [blame] | 235 | @attr(type='smoke') |
Steven Hardy | bf70c5c | 2013-10-30 21:55:16 +0000 | [diff] [blame] | 236 | def test_trust_expire_invalid(self): |
| 237 | # Test case to check we can check an invlaid expiry time |
| 238 | # is rejected with the correct error |
| 239 | # with an expiry specified |
| 240 | expires_str = 'bad.123Z' |
| 241 | self.assertRaises(exceptions.BadRequest, |
| 242 | self.create_trust, |
| 243 | expires=expires_str) |
Steven Hardy | f31fd2d | 2013-12-10 17:02:36 +0000 | [diff] [blame] | 244 | |
| 245 | @attr(type='smoke') |
| 246 | def test_get_trusts_query(self): |
| 247 | self.create_trust() |
| 248 | resp, trusts_get = self.trustor_v3_client.get_trusts( |
| 249 | trustor_user_id=self.trustor_user_id) |
| 250 | self.assertEqual('200', resp['status']) |
| 251 | self.assertEqual(1, len(trusts_get)) |
| 252 | self.validate_trust(trusts_get[0], summary=True) |
| 253 | |
| 254 | @attr(type='smoke') |
| 255 | def test_get_trusts_all(self): |
| 256 | self.create_trust() |
| 257 | resp, trusts_get = self.v3_client.get_trusts() |
| 258 | self.assertEqual('200', resp['status']) |
| 259 | trusts = [t for t in trusts_get |
| 260 | if t['id'] == self.trust_id] |
| 261 | self.assertEqual(1, len(trusts)) |
| 262 | self.validate_trust(trusts[0], summary=True) |