def test_update_credential(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
new_user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(new_user)
new_project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(new_project)
credential = fixtures.Credential(self.client,
user=user.id,
type='cert')
self.useFixture(credential)
new_type = 'ec2'
new_blob = ("{\"access\":\"" + uuid.uuid4().hex +
"\",\"secret\":\"secretKey\"}")
credential_ret = self.client.credentials.update(credential.id,
user=new_user.id,
type=new_type,
blob=new_blob,
project=new_project.id)
credential.ref.update({
'user': new_user.id,
'type': new_type,
'blob': new_blob,
'project': new_project.id
})
self.check_credential(credential_ret, credential.ref)
def test_list_users(self):
user_one = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user_one)
user_two = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user_two)
users = self.client.users.list()
# All users are valid
for user in users:
self.check_user(user)
self.assertIn(user_one.entity, users)
self.assertIn(user_two.entity, users)
def test_create_credential_of_ec2_type(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
# project is mandatory attribute if the credential type is ec2
credential_ref = {
'user':
user.id,
'type':
'ec2',
'blob': ("{\"access\":\"" + uuid.uuid4().hex +
"\",\"secret\":\"secretKey\"}")
}
self.assertRaises(http.BadRequest, self.client.credentials.create,
**credential_ref)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
credential_ref = {
'user':
user.id,
'type':
'ec2',
'blob': ("{\"access\":\"" + uuid.uuid4().hex +
"\",\"secret\":\"secretKey\"}"),
'project':
project.id
}
credential = self.client.credentials.create(**credential_ref)
self.addCleanup(self.client.credentials.delete, credential)
self.check_credential(credential, credential_ref)
def test_list_credentials(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
cert_credential = fixtures.Credential(self.client,
user=user.id,
type='cert')
self.useFixture(cert_credential)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
ec2_credential = fixtures.Credential(self.client,
user=user.id,
type='ec2',
project=project.id)
self.useFixture(ec2_credential)
totp_credential = fixtures.Credential(self.client,
user=user.id,
type='totp')
self.useFixture(totp_credential)
credentials = self.client.credentials.list()
# All credentials are valid
for credential in credentials:
self.check_credential(credential)
self.assertIn(cert_credential.entity, credentials)
self.assertIn(ec2_credential.entity, credentials)
self.assertIn(totp_credential.entity, credentials)
def test_update_user(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
new_description = uuid.uuid4().hex
user_ret = self.client.users.update(user.id,
description=new_description)
user.ref.update({'description': new_description})
self.check_user(user_ret, user.ref)
def test_delete_ec2(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
ec2 = self.client.ec2.create(user.id, project.id)
self.client.ec2.delete(user.id, ec2.access)
self.assertRaises(http.NotFound, self.client.ec2.get, user.id,
ec2.access)
def test_get_ec2(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
ec2 = fixtures.EC2(self.client, user_id=user.id, project_id=project.id)
self.useFixture(ec2)
ec2_ret = self.client.ec2.get(user.id, ec2.access)
self.check_ec2(ec2_ret, ec2.ref)
def test_create_ec2(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
ec2_ref = {'user_id': user.id, 'project_id': project.id}
ec2 = self.client.ec2.create(**ec2_ref)
self.addCleanup(self.client.ec2.delete, user.id, ec2.access)
self.check_ec2(ec2, ec2_ref)
def test_create_credential_of_totp_type(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
credential_ref = {
'user': user.id,
'type': 'totp',
'blob': uuid.uuid4().hex
}
credential = self.client.credentials.create(**credential_ref)
self.addCleanup(self.client.credentials.delete, credential)
self.check_credential(credential, credential_ref)
def test_list_ec2(self):
user_one = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user_one)
ec2_one = fixtures.EC2(self.client,
user_id=user_one.id,
project_id=self.project_domain_id)
self.useFixture(ec2_one)
user_two = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user_two)
ec2_two = fixtures.EC2(self.client,
user_id=user_two.id,
project_id=self.project_domain_id)
self.useFixture(ec2_two)
ec2_list = self.client.ec2.list(user_one.id)
# All ec2 are valid
for ec2 in ec2_list:
self.check_ec2(ec2)
self.assertIn(ec2_one.entity, ec2_list)
self.assertNotIn(ec2_two.entity, ec2_list)
def test_get_credential(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
for credential_type in ['cert', 'ec2', 'totp']:
credential = fixtures.Credential(self.client,
user=user.id,
type=credential_type,
project=project.id)
self.useFixture(credential)
credential_ret = self.client.credentials.get(credential.id)
self.check_credential(credential_ret, credential.ref)
def test_user_grouping(self):
# keystoneclient.v3.users owns user grouping operations, this is why
# this test case belongs to this class
user = fixtures.User(self.client, self.project_domain_id)
group = fixtures.Group(self.client, self.project_domain_id)
self.useFixture(user)
self.useFixture(group)
self.assertRaises(http.NotFound, self.client.users.check_in_group,
user.id, group.id)
self.client.users.add_to_group(user.id, group.id)
self.client.users.check_in_group(user.id, group.id)
self.client.users.remove_from_group(user.id, group.id)
self.assertRaises(http.NotFound, self.client.users.check_in_group,
user.id, group.id)
def test_list_roles_invalid_params(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
# Only filter in role grants for a user on a resource.
# Domain or project should be specified.
self.assertRaises(exceptions.ValidationError,
self.client.roles.list,
user=user.id)
# Only filter in role grants for a group on a resource.
# Domain or project should be specified.
group = fixtures.Group(self.client, self.project_domain_id)
self.useFixture(group)
self.assertRaises(exceptions.ValidationError,
self.client.roles.list,
group=group.id)
def test_user_domain_grant_and_revoke(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
domain = fixtures.Domain(self.client)
self.useFixture(domain)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
self.client.roles.grant(role, user=user.id, domain=domain.id)
roles_after_grant = self.client.roles.list(user=user.id,
domain=domain.id)
self.assertCountEqual(roles_after_grant, [role.entity])
self.client.roles.revoke(role, user=user.id, domain=domain.id)
roles_after_revoke = self.client.roles.list(user=user.id,
domain=domain.id)
self.assertEqual(roles_after_revoke, [])
def test_user_project_grant_and_revoke(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
self.client.roles.grant(role, user=user.id, project=project.id)
roles_after_grant = self.client.roles.list(user=user.id,
project=project.id)
self.assertItemsEqual(roles_after_grant, [role.entity])
self.client.roles.revoke(role, user=user.id, project=project.id)
roles_after_revoke = self.client.roles.list(user=user.id,
project=project.id)
self.assertEqual(roles_after_revoke, [])
def test_delete_credential(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
project = fixtures.Project(self.client, self.project_domain_id)
self.useFixture(project)
for credential_type in ['cert', 'ec2', 'totp']:
if credential_type == 'ec2':
blob_value = ("{\"access\":\"" + uuid.uuid4().hex +
"\",\"secret\":\"secretKey\"}")
else:
blob_value = uuid.uuid4().hex
credential = self.client.credentials.create(user=user.id,
type=credential_type,
blob=blob_value,
project=project.id)
self.client.credentials.delete(credential.id)
self.assertRaises(http.NotFound, self.client.credentials.get,
credential.id)
def test_grant_role_invalid_params(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
role = fixtures.Role(self.client, domain=self.project_domain_id)
self.useFixture(role)
# Only grant role to a group on a resource.
# Domain or project must be specified.
self.assertRaises(exceptions.ValidationError,
self.client.roles.grant,
role.id,
user=user.id)
group = fixtures.Group(self.client, self.project_domain_id)
self.useFixture(group)
# Only grant role to a group on a resource.
# Domain or project must be specified.
self.assertRaises(exceptions.ValidationError,
self.client.roles.grant,
role.id,
group=group.id)
def test_get_user(self):
user = fixtures.User(self.client, self.project_domain_id)
self.useFixture(user)
user_ret = self.client.users.get(user.id)
self.check_user(user_ret, user.ref)
