Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / fe3a91cbee07873e0dc7977acb148cc2451356b1 / . / tempest / api / compute / test_authorization.py
blob: 375ddf8fd04f61b4186d6084df9932011a39d19b [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]1# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]15
Sean Dague1937d092013-05-17 16:36:38 -0400[diff] [blame]16from tempest.api.compute import base
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]17from tempest import clients
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]18from tempest.common.utils import data_utils
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]19from tempest import config
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]20from tempest import exceptions
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]21from tempest.openstack.common import log as logging
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]22from tempest import test
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]23
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]24CONF = config.CONF
25
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]26LOG = logging.getLogger(__name__)
27
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]28
ivan-zhuf2b00502013-10-18 10:06:52 +0800[diff] [blame]29class AuthorizationTestJSON(base.BaseV2ComputeTest):
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]30
31 @classmethod
32 def setUpClass(cls):
Salvatore Orlando5a337242014-01-15 22:49:22 +0000[diff] [blame]33 # No network resources required for this test
34 cls.set_network_resources()
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]35 super(AuthorizationTestJSON, cls).setUpClass()
36 if not cls.multi_user:
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]37 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]38 raise cls.skipException(msg)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]39 cls.client = cls.os.servers_client
40 cls.images_client = cls.os.images_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]41 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]42 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]43
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]44 if CONF.compute.allow_tenant_isolation:
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]45 creds = cls.isolated_creds.get_alt_creds()
Andrea Frittoli422fbdf2014-03-20 10:05:18 +0000[diff] [blame]46 cls.alt_manager = clients.Manager(credentials=creds)
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]47 else:
48 # Use the alt_XXX credentials in the config file
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]49 cls.alt_manager = clients.AltManager()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]50
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]51 cls.alt_client = cls.alt_manager.servers_client
52 cls.alt_images_client = cls.alt_manager.images_client
53 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
54 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]55
Ken'ichi Ohmichicfc052e2013-10-23 11:50:04 +0900[diff] [blame]56 resp, server = cls.create_test_server(wait_until='ACTIVE')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]57 resp, cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]58
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]59 name = data_utils.rand_name('image')
Ken'ichi Ohmichi0a277122014-03-28 11:54:44 +0900[diff] [blame]60 resp, body = cls.images_client.create_image(server['id'], name)
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]61 image_id = data_utils.parse_image_id(resp['location'])
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]62 cls.images_client.wait_for_image_status(image_id, 'ACTIVE')
63 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]64
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]65 cls.keypairname = data_utils.rand_name('keypair')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]66 resp, keypair = \
67 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]68
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]69 name = data_utils.rand_name('security')
70 description = data_utils.rand_name('description')
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]71 resp, cls.security_group = cls.security_client.create_security_group(
72 name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]73
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]74 parent_group_id = cls.security_group['id']
75 ip_protocol = 'tcp'
76 from_port = 22
77 to_port = 22
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]78 resp, cls.rule = cls.security_client.create_security_group_rule(
79 parent_group_id, ip_protocol, from_port, to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]80
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]81 @classmethod
82 def tearDownClass(cls):
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]83 if cls.multi_user:
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]84 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]85 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]86 cls.security_client.delete_security_group(cls.security_group['id'])
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]87 super(AuthorizationTestJSON, cls).tearDownClass()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]88
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]89 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]90 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]91 # A GET request for a server on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]92 self.assertRaises(exceptions.NotFound, self.alt_client.get_server,
93 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]94
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]95 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]96 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]97 # A DELETE request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]98 self.assertRaises(exceptions.NotFound, self.alt_client.delete_server,
99 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]100
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]101 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]102 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]103 # An update server request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]104 self.assertRaises(exceptions.NotFound, self.alt_client.update_server,
105 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]106
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]107 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]108 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]109 # A list addresses request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]110 self.assertRaises(exceptions.NotFound, self.alt_client.list_addresses,
111 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]112
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]113 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]114 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]115 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]116 server_id = self.server['id']
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]117 self.assertRaises(exceptions.NotFound,
118 self.alt_client.list_addresses_by_network, server_id,
119 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]120
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]121 @test.attr(type='gate')
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]122 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]123 # A list on servers from one tenant should not
124 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]125 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]126 alt_server_ids = []
127 resp, body = self.alt_client.list_servers()
128 alt_server_ids = [s['id'] for s in body['servers']]
129 self.assertNotIn(self.server['id'], alt_server_ids)
130
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]131 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]132 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]133 # A change password request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]134 self.assertRaises(exceptions.NotFound, self.alt_client.change_password,
135 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]136
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]137 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]138 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]139 # A reboot request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]140 self.assertRaises(exceptions.NotFound, self.alt_client.reboot,
141 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]142
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]143 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]144 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]145 # A rebuild request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]146 self.assertRaises(exceptions.NotFound, self.alt_client.rebuild,
147 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]148
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]149 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]150 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]151 # A resize request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]152 self.assertRaises(exceptions.NotFound, self.alt_client.resize,
153 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]154
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]155 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]156 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]157 # A create image request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]158 self.assertRaises(exceptions.NotFound,
159 self.alt_images_client.create_image,
160 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]161
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]162 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]163 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]164 # Server creation with another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]165 self.assertRaises(exceptions.BadRequest, self.alt_client.create_server,
166 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]167
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]168 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]169 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]170 # A create server request should fail if the tenant id does not match
171 # the current user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]172 # Change the base URL to impersonate another user
173 self.alt_client.auth_provider.set_alt_auth_data(
174 request_part='url',
175 auth_data=self.client.auth_provider.auth_data
176 )
177 self.assertRaises(exceptions.BadRequest,
178 self.alt_client.create_server, 'test',
179 self.image['id'], self.flavor_ref)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]180
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]181 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]182 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]183 # A create keypair request should fail if the tenant id does not match
184 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]185 # POST keypair with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]186 k_name = data_utils.rand_name('keypair-')
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]187 try:
188 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]189 self.alt_keypairs_client.auth_provider.set_alt_auth_data(
190 request_part='url',
191 auth_data=self.keypairs_client.auth_provider.auth_data
192 )
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]193 resp = {}
194 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]195 self.assertRaises(exceptions.BadRequest,
196 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]197 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]198 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]199 if (resp['status'] is not None):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]200 resp, _ = self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]201 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]202 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]203
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]204 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]205 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]206 # A GET request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]207 self.assertRaises(exceptions.NotFound,
208 self.alt_keypairs_client.get_keypair,
209 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]210
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]211 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]212 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]213 # A DELETE request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]214 self.assertRaises(exceptions.NotFound,
215 self.alt_keypairs_client.delete_keypair,
216 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]217
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]218 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]219 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]220 # A GET request for an image on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]221 self.assertRaises(exceptions.NotFound,
222 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]223
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]224 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]225 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]226 # A DELETE request for another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]227 self.assertRaises(exceptions.NotFound,
228 self.alt_images_client.delete_image,
229 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]230
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]231 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]232 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]233 # A create security group request should fail if the tenant id does not
234 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]235 # POST security group with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]236 s_name = data_utils.rand_name('security-')
237 s_description = data_utils.rand_name('security')
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]238 try:
239 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]240 self.alt_security_client.auth_provider.set_alt_auth_data(
241 request_part='url',
242 auth_data=self.security_client.auth_provider.auth_data
243 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]244 resp = {}
245 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]246 self.assertRaises(exceptions.BadRequest,
247 self.alt_security_client.create_security_group,
248 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]249 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]250 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]251 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]252 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]253 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]254 "the tenant id does not match the current user")
255
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]256 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]257 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]258 # A GET request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]259 self.assertRaises(exceptions.NotFound,
260 self.alt_security_client.get_security_group,
261 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]262
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]263 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]264 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]265 # A DELETE request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]266 self.assertRaises(exceptions.NotFound,
267 self.alt_security_client.delete_security_group,
268 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]269
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]270 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]271 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]272 # A create security group rule request should fail if the tenant id
273 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]274 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]275 parent_group_id = self.security_group['id']
276 ip_protocol = 'icmp'
277 from_port = -1
278 to_port = -1
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]279 try:
280 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]281 self.alt_security_client.auth_provider.set_alt_auth_data(
282 request_part='url',
283 auth_data=self.security_client.auth_provider.auth_data
284 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]285 resp = {}
286 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]287 self.assertRaises(exceptions.BadRequest,
288 self.alt_security_client.
289 create_security_group_rule,
290 parent_group_id, ip_protocol, from_port,
291 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]292 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]293 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]294 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]295 self.alt_security_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]296 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]297 "happen if the tenant id does not match the"
298 " current user")
299
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]300 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]301 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]302 # A DELETE request for another user's security group rule
303 # should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]304 self.assertRaises(exceptions.NotFound,
305 self.alt_security_client.delete_security_group_rule,
306 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]307
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]308 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]309 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]310 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]311 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]312 self.assertRaises(exceptions.NotFound,
313 self.alt_client.set_server_metadata,
314 self.server['id'],
315 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]316
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]317 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]318 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]319 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]320 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]321 self.assertRaises(exceptions.NotFound,
322 self.alt_images_client.set_image_metadata,
323 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]324
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]325 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]326 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]327 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]328 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]329 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]330 self.addCleanup(self.client.delete_server_metadata_item,
331 self.server['id'], 'meta1')
332 self.assertRaises(exceptions.NotFound,
333 self.alt_client.get_server_metadata_item,
334 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]335
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]336 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]337 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]338 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]339 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]340 self.addCleanup(self.images_client.delete_image_metadata_item,
341 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]342 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]343 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]344 self.assertRaises(exceptions.NotFound,
345 self.alt_images_client.get_image_metadata_item,
346 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]347
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]348 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]349 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]350 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]351 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]352 self.addCleanup(self.client.delete_server_metadata_item,
353 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]354 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]355 self.assertRaises(exceptions.NotFound,
356 self.alt_client.delete_server_metadata_item,
357 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]358
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]359 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]360 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]361 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]362 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]363 self.addCleanup(self.images_client.delete_image_metadata_item,
364 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]365 self.images_client.set_image_metadata(self.image['id'],
366 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]367 self.assertRaises(exceptions.NotFound,
368 self.alt_images_client.delete_image_metadata_item,
369 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530[diff] [blame]370
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]371 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]372 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]373 # A Get Console Output for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]374 self.assertRaises(exceptions.NotFound,
375 self.alt_client.get_console_output,
376 self.server['id'], 10)
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]377
378
379class AuthorizationTestXML(AuthorizationTestJSON):
380 _interface = 'xml'