blob: 375ddf8fd04f61b4186d6084df9932011a39d19b [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +08001# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -04002# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -050015
Sean Dague1937d092013-05-17 16:36:38 -040016from tempest.api.compute import base
Matthew Treinish481466b2012-12-20 17:16:01 -050017from tempest import clients
Masayuki Igawa259c1132013-10-31 17:48:44 +090018from tempest.common.utils import data_utils
Matthew Treinishb0a78fc2014-01-29 16:49:12 +000019from tempest import config
Daryl Walleckdc9e0c42012-04-02 16:51:26 -050020from tempest import exceptions
Giulio Fidente92f77192013-08-26 17:13:28 +020021from tempest.openstack.common import log as logging
Yuiko Takadae9999d62014-03-06 09:22:54 +000022from tempest import test
Daryl Walleckced8eb82012-03-19 13:52:37 -050023
Matthew Treinishb0a78fc2014-01-29 16:49:12 +000024CONF = config.CONF
25
Giulio Fidente92f77192013-08-26 17:13:28 +020026LOG = logging.getLogger(__name__)
27
Daryl Walleckced8eb82012-03-19 13:52:37 -050028
ivan-zhuf2b00502013-10-18 10:06:52 +080029class AuthorizationTestJSON(base.BaseV2ComputeTest):
Daryl Walleckced8eb82012-03-19 13:52:37 -050030
31 @classmethod
32 def setUpClass(cls):
Salvatore Orlando5a337242014-01-15 22:49:22 +000033 # No network resources required for this test
34 cls.set_network_resources()
Matthew Treinishf7fca6a2013-12-09 16:27:23 +000035 super(AuthorizationTestJSON, cls).setUpClass()
36 if not cls.multi_user:
Jay Pipesf38eaac2012-06-21 13:37:35 -040037 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +080038 raise cls.skipException(msg)
Daryl Walleckced8eb82012-03-19 13:52:37 -050039 cls.client = cls.os.servers_client
40 cls.images_client = cls.os.images_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +053041 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +053042 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -050043
Matthew Treinishb0a78fc2014-01-29 16:49:12 +000044 if CONF.compute.allow_tenant_isolation:
Matthew Treinishb86cda92013-07-29 11:22:23 -040045 creds = cls.isolated_creds.get_alt_creds()
Andrea Frittoli422fbdf2014-03-20 10:05:18 +000046 cls.alt_manager = clients.Manager(credentials=creds)
Jay Pipesf38eaac2012-06-21 13:37:35 -040047 else:
48 # Use the alt_XXX credentials in the config file
Matthew Treinish481466b2012-12-20 17:16:01 -050049 cls.alt_manager = clients.AltManager()
Daryl Walleckced8eb82012-03-19 13:52:37 -050050
Jay Pipesf38eaac2012-06-21 13:37:35 -040051 cls.alt_client = cls.alt_manager.servers_client
52 cls.alt_images_client = cls.alt_manager.images_client
53 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
54 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -050055
Ken'ichi Ohmichicfc052e2013-10-23 11:50:04 +090056 resp, server = cls.create_test_server(wait_until='ACTIVE')
Jay Pipesf38eaac2012-06-21 13:37:35 -040057 resp, cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -040058
Masayuki Igawa259c1132013-10-31 17:48:44 +090059 name = data_utils.rand_name('image')
Ken'ichi Ohmichi0a277122014-03-28 11:54:44 +090060 resp, body = cls.images_client.create_image(server['id'], name)
Masayuki Igawa259c1132013-10-31 17:48:44 +090061 image_id = data_utils.parse_image_id(resp['location'])
Jay Pipesf38eaac2012-06-21 13:37:35 -040062 cls.images_client.wait_for_image_status(image_id, 'ACTIVE')
63 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -050064
Masayuki Igawa259c1132013-10-31 17:48:44 +090065 cls.keypairname = data_utils.rand_name('keypair')
Jay Pipesf38eaac2012-06-21 13:37:35 -040066 resp, keypair = \
67 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -050068
Masayuki Igawa259c1132013-10-31 17:48:44 +090069 name = data_utils.rand_name('security')
70 description = data_utils.rand_name('description')
nayna-pateleda1d122013-03-20 14:44:31 +000071 resp, cls.security_group = cls.security_client.create_security_group(
72 name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +053073
Jay Pipesf38eaac2012-06-21 13:37:35 -040074 parent_group_id = cls.security_group['id']
75 ip_protocol = 'tcp'
76 from_port = 22
77 to_port = 22
nayna-pateleda1d122013-03-20 14:44:31 +000078 resp, cls.rule = cls.security_client.create_security_group_rule(
79 parent_group_id, ip_protocol, from_port, to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +053080
Daryl Walleckced8eb82012-03-19 13:52:37 -050081 @classmethod
82 def tearDownClass(cls):
Matthew Treinishf7fca6a2013-12-09 16:27:23 +000083 if cls.multi_user:
Daryl Walleckced8eb82012-03-19 13:52:37 -050084 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +053085 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +053086 cls.security_client.delete_security_group(cls.security_group['id'])
nayna-pateleda1d122013-03-20 14:44:31 +000087 super(AuthorizationTestJSON, cls).tearDownClass()
Daryl Walleckced8eb82012-03-19 13:52:37 -050088
Yuiko Takadae9999d62014-03-06 09:22:54 +000089 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -040090 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -050091 # A GET request for a server on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +103092 self.assertRaises(exceptions.NotFound, self.alt_client.get_server,
93 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -050094
Yuiko Takadae9999d62014-03-06 09:22:54 +000095 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -040096 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -050097 # A DELETE request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +103098 self.assertRaises(exceptions.NotFound, self.alt_client.delete_server,
99 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500100
Yuiko Takadae9999d62014-03-06 09:22:54 +0000101 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400102 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500103 # An update server request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030104 self.assertRaises(exceptions.NotFound, self.alt_client.update_server,
105 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500106
Yuiko Takadae9999d62014-03-06 09:22:54 +0000107 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400108 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500109 # A list addresses request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030110 self.assertRaises(exceptions.NotFound, self.alt_client.list_addresses,
111 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500112
Yuiko Takadae9999d62014-03-06 09:22:54 +0000113 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400114 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500115 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500116 server_id = self.server['id']
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030117 self.assertRaises(exceptions.NotFound,
118 self.alt_client.list_addresses_by_network, server_id,
119 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500120
Yuiko Takadae9999d62014-03-06 09:22:54 +0000121 @test.attr(type='gate')
sapan-kona37939762012-06-28 20:22:43 +0530122 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500123 # A list on servers from one tenant should not
124 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200125 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530126 alt_server_ids = []
127 resp, body = self.alt_client.list_servers()
128 alt_server_ids = [s['id'] for s in body['servers']]
129 self.assertNotIn(self.server['id'], alt_server_ids)
130
Yuiko Takadae9999d62014-03-06 09:22:54 +0000131 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400132 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500133 # A change password request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030134 self.assertRaises(exceptions.NotFound, self.alt_client.change_password,
135 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500136
Yuiko Takadae9999d62014-03-06 09:22:54 +0000137 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400138 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500139 # A reboot request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030140 self.assertRaises(exceptions.NotFound, self.alt_client.reboot,
141 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500142
Yuiko Takadae9999d62014-03-06 09:22:54 +0000143 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400144 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500145 # A rebuild request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030146 self.assertRaises(exceptions.NotFound, self.alt_client.rebuild,
147 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500148
Yuiko Takadae9999d62014-03-06 09:22:54 +0000149 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400150 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500151 # A resize request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030152 self.assertRaises(exceptions.NotFound, self.alt_client.resize,
153 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500154
Yuiko Takadae9999d62014-03-06 09:22:54 +0000155 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400156 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500157 # A create image request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030158 self.assertRaises(exceptions.NotFound,
159 self.alt_images_client.create_image,
160 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500161
Yuiko Takadae9999d62014-03-06 09:22:54 +0000162 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500163 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500164 # Server creation with another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030165 self.assertRaises(exceptions.BadRequest, self.alt_client.create_server,
166 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500167
Yuiko Takadae9999d62014-03-06 09:22:54 +0000168 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500169 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500170 # A create server request should fail if the tenant id does not match
171 # the current user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000172 # Change the base URL to impersonate another user
173 self.alt_client.auth_provider.set_alt_auth_data(
174 request_part='url',
175 auth_data=self.client.auth_provider.auth_data
176 )
177 self.assertRaises(exceptions.BadRequest,
178 self.alt_client.create_server, 'test',
179 self.image['id'], self.flavor_ref)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530180
Yuiko Takadae9999d62014-03-06 09:22:54 +0000181 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400182 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500183 # A create keypair request should fail if the tenant id does not match
184 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200185 # POST keypair with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900186 k_name = data_utils.rand_name('keypair-')
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530187 try:
188 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000189 self.alt_keypairs_client.auth_provider.set_alt_auth_data(
190 request_part='url',
191 auth_data=self.keypairs_client.auth_provider.auth_data
192 )
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530193 resp = {}
194 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030195 self.assertRaises(exceptions.BadRequest,
196 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530197 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000198 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800199 if (resp['status'] is not None):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400200 resp, _ = self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200201 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800202 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530203
Yuiko Takadae9999d62014-03-06 09:22:54 +0000204 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400205 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500206 # A GET request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030207 self.assertRaises(exceptions.NotFound,
208 self.alt_keypairs_client.get_keypair,
209 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530210
Yuiko Takadae9999d62014-03-06 09:22:54 +0000211 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400212 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500213 # A DELETE request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030214 self.assertRaises(exceptions.NotFound,
215 self.alt_keypairs_client.delete_keypair,
216 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530217
Yuiko Takadae9999d62014-03-06 09:22:54 +0000218 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400219 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500220 # A GET request for an image on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030221 self.assertRaises(exceptions.NotFound,
222 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530223
Yuiko Takadae9999d62014-03-06 09:22:54 +0000224 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400225 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500226 # A DELETE request for another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030227 self.assertRaises(exceptions.NotFound,
228 self.alt_images_client.delete_image,
229 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530230
Yuiko Takadae9999d62014-03-06 09:22:54 +0000231 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400232 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500233 # A create security group request should fail if the tenant id does not
234 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200235 # POST security group with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900236 s_name = data_utils.rand_name('security-')
237 s_description = data_utils.rand_name('security')
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530238 try:
239 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000240 self.alt_security_client.auth_provider.set_alt_auth_data(
241 request_part='url',
242 auth_data=self.security_client.auth_provider.auth_data
243 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530244 resp = {}
245 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030246 self.assertRaises(exceptions.BadRequest,
247 self.alt_security_client.create_security_group,
248 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530249 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000250 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800251 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700252 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200253 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530254 "the tenant id does not match the current user")
255
Yuiko Takadae9999d62014-03-06 09:22:54 +0000256 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400257 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500258 # A GET request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030259 self.assertRaises(exceptions.NotFound,
260 self.alt_security_client.get_security_group,
261 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530262
Yuiko Takadae9999d62014-03-06 09:22:54 +0000263 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400264 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500265 # A DELETE request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030266 self.assertRaises(exceptions.NotFound,
267 self.alt_security_client.delete_security_group,
268 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530269
Yuiko Takadae9999d62014-03-06 09:22:54 +0000270 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400271 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500272 # A create security group rule request should fail if the tenant id
273 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200274 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530275 parent_group_id = self.security_group['id']
276 ip_protocol = 'icmp'
277 from_port = -1
278 to_port = -1
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530279 try:
280 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000281 self.alt_security_client.auth_provider.set_alt_auth_data(
282 request_part='url',
283 auth_data=self.security_client.auth_provider.auth_data
284 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530285 resp = {}
286 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030287 self.assertRaises(exceptions.BadRequest,
288 self.alt_security_client.
289 create_security_group_rule,
290 parent_group_id, ip_protocol, from_port,
291 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530292 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000293 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800294 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700295 self.alt_security_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200296 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530297 "happen if the tenant id does not match the"
298 " current user")
299
Yuiko Takadae9999d62014-03-06 09:22:54 +0000300 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400301 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500302 # A DELETE request for another user's security group rule
303 # should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030304 self.assertRaises(exceptions.NotFound,
305 self.alt_security_client.delete_security_group_rule,
306 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530307
Yuiko Takadae9999d62014-03-06 09:22:54 +0000308 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400309 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500310 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530311 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030312 self.assertRaises(exceptions.NotFound,
313 self.alt_client.set_server_metadata,
314 self.server['id'],
315 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530316
Yuiko Takadae9999d62014-03-06 09:22:54 +0000317 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400318 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500319 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530320 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030321 self.assertRaises(exceptions.NotFound,
322 self.alt_images_client.set_image_metadata,
323 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530324
Yuiko Takadae9999d62014-03-06 09:22:54 +0000325 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400326 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500327 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530328 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800329 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000330 self.addCleanup(self.client.delete_server_metadata_item,
331 self.server['id'], 'meta1')
332 self.assertRaises(exceptions.NotFound,
333 self.alt_client.get_server_metadata_item,
334 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530335
Yuiko Takadae9999d62014-03-06 09:22:54 +0000336 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400337 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500338 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530339 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000340 self.addCleanup(self.images_client.delete_image_metadata_item,
341 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530342 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800343 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000344 self.assertRaises(exceptions.NotFound,
345 self.alt_images_client.get_image_metadata_item,
346 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530347
Yuiko Takadae9999d62014-03-06 09:22:54 +0000348 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400349 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500350 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530351 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000352 self.addCleanup(self.client.delete_server_metadata_item,
353 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800354 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000355 self.assertRaises(exceptions.NotFound,
356 self.alt_client.delete_server_metadata_item,
357 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530358
Yuiko Takadae9999d62014-03-06 09:22:54 +0000359 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400360 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500361 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530362 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000363 self.addCleanup(self.images_client.delete_image_metadata_item,
364 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530365 self.images_client.set_image_metadata(self.image['id'],
366 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000367 self.assertRaises(exceptions.NotFound,
368 self.alt_images_client.delete_image_metadata_item,
369 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530370
Yuiko Takadae9999d62014-03-06 09:22:54 +0000371 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400372 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500373 # A Get Console Output for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030374 self.assertRaises(exceptions.NotFound,
375 self.alt_client.get_console_output,
376 self.server['id'], 10)
nayna-pateleda1d122013-03-20 14:44:31 +0000377
378
379class AuthorizationTestXML(AuthorizationTestJSON):
380 _interface = 'xml'