def test_get_catalog_always_returns_service_name(self):
user_id = uuid.uuid4().hex
# create a project since the project should exist if we want to
# filter the catalog by the project or replace the url with a
# valid project id.
domain = unit.new_domain_ref()
PROVIDERS.resource_api.create_domain(domain['id'], domain)
project = unit.new_project_ref(domain_id=domain['id'])
PROVIDERS.resource_api.create_project(project['id'], project)
# create a service, with a name
named_svc = unit.new_service_ref()
PROVIDERS.catalog_api.create_service(named_svc['id'], named_svc)
self.create_endpoint(service_id=named_svc['id'])
# create a service, with no name
unnamed_svc = unit.new_service_ref(name=None)
del unnamed_svc['name']
PROVIDERS.catalog_api.create_service(unnamed_svc['id'], unnamed_svc)
self.create_endpoint(service_id=unnamed_svc['id'])
catalog = PROVIDERS.catalog_api.get_v3_catalog(user_id, project['id'])
named_endpoint = [ep for ep in catalog
if ep['type'] == named_svc['type']][0]
self.assertEqual(named_svc['name'], named_endpoint['name'])
unnamed_endpoint = [ep for ep in catalog
if ep['type'] == unnamed_svc['type']][0]
self.assertEqual('', unnamed_endpoint['name'])
def test_v3_catalog_domain_scoped_token(self):
# test the case that tenant_id is None.
srv_1 = unit.new_service_ref()
PROVIDERS.catalog_api.create_service(srv_1['id'], srv_1)
endpoint_1 = unit.new_endpoint_ref(service_id=srv_1['id'],
region_id=None)
PROVIDERS.catalog_api.create_endpoint(endpoint_1['id'], endpoint_1)
srv_2 = unit.new_service_ref()
PROVIDERS.catalog_api.create_service(srv_2['id'], srv_2)
endpoint_2 = unit.new_endpoint_ref(service_id=srv_2['id'],
region_id=None)
PROVIDERS.catalog_api.create_endpoint(endpoint_2['id'], endpoint_2)
self.config_fixture.config(group='endpoint_filter',
return_all_endpoints_if_no_filter=True)
catalog_ref = PROVIDERS.catalog_api.get_v3_catalog(
uuid.uuid4().hex, None
)
self.assertThat(catalog_ref, matchers.HasLength(2))
self.config_fixture.config(group='endpoint_filter',
return_all_endpoints_if_no_filter=False)
catalog_ref = PROVIDERS.catalog_api.get_v3_catalog(
uuid.uuid4().hex, None
)
self.assertThat(catalog_ref, matchers.HasLength(0))
def test_create_service_no_name(self):
"""Call ``POST /services``."""
ref = unit.new_service_ref()
del ref["name"]
r = self.post("/services", body={"service": ref})
ref["name"] = ""
self.assertValidServiceResponse(r, ref)
def test_service_crud(self):
# create
new_service = unit.new_service_ref()
service_id = new_service['id']
res = self.catalog_api.create_service(service_id, new_service)
self.assertDictEqual(new_service, res)
# list
services = self.catalog_api.list_services()
self.assertIn(service_id, [x['id'] for x in services])
# update
service_name_update = {'name': uuid.uuid4().hex}
res = self.catalog_api.update_service(service_id, service_name_update)
expected_service = new_service.copy()
expected_service['name'] = service_name_update['name']
self.assertDictEqual(expected_service, res)
# delete
self.catalog_api.delete_service(service_id)
self.assertRaises(exception.ServiceNotFound,
self.catalog_api.delete_service,
service_id)
self.assertRaises(exception.ServiceNotFound,
self.catalog_api.get_service,
service_id)
def test_user_can_get_a_service(self):
service = unit.new_service_ref()
service = PROVIDERS.catalog_api.create_service(service['id'], service)
with self.test_client() as c:
r = c.get('/v3/services/%s' % service['id'], headers=self.headers)
self.assertEqual(r.json['service']['id'], service['id'])
def _create_endpoints(self):
# Creates a service and 2 endpoints for the service in the same region.
# The 'public' interface is enabled and the 'internal' interface is
# disabled.
def create_endpoint(service_id, region, **kwargs):
ref = unit.new_endpoint_ref(
service_id=service_id,
region_id=region,
url='http://localhost/%s' % uuid.uuid4().hex,
**kwargs)
self.catalog_api.create_endpoint(ref['id'], ref)
return ref
# Create a service for use with the endpoints.
service_ref = unit.new_service_ref()
service_id = service_ref['id']
self.catalog_api.create_service(service_id, service_ref)
region = unit.new_region_ref()
self.catalog_api.create_region(region)
# Create endpoints
enabled_endpoint_ref = create_endpoint(service_id, region['id'])
disabled_endpoint_ref = create_endpoint(
service_id, region['id'], enabled=False, interface='internal')
return service_ref, enabled_endpoint_ref, disabled_endpoint_ref
def test_create_service(self):
"""Call ``POST /services``."""
ref = unit.new_service_ref()
r = self.post(
'/services',
body={'service': ref})
self.assertValidServiceResponse(r, ref)
def _create_limit_and_dependencies():
"""Create a limit and its dependencies to test with."""
service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref()
)
registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex
)
registered_limits = (
PROVIDERS.unified_limit_api.create_registered_limits(
[registered_limit]
)
)
registered_limit = registered_limits[0]
project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
)
limit = unit.new_limit_ref(
project_id=project['id'], service_id=service['id'],
resource_name=registered_limit['resource_name'],
resource_limit=5, id=uuid.uuid4().hex
)
limits = PROVIDERS.unified_limit_api.create_limits([limit])
return limits
def test_user_cannot_create_limits(self):
service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref()
)
registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex
)
registered_limits = (
PROVIDERS.unified_limit_api.create_registered_limits(
[registered_limit]
)
)
registered_limit = registered_limits[0]
project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
)
create = {
'limits': [
unit.new_limit_ref(
project_id=project['id'], service_id=service['id'],
resource_name=registered_limit['resource_name'],
resource_limit=5
)
]
}
with self.test_client() as c:
c.post(
'/v3/limits', json=create, headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_create_endpoint(self):
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
endpoint = unit.new_endpoint_ref(service_id=service['id'],
region_id=None)
self.catalog_api.create_endpoint(endpoint['id'], endpoint.copy())
def test_cache_layer_service_crud(self):
new_service = unit.new_service_ref()
service_id = new_service['id']
res = self.catalog_api.create_service(service_id, new_service)
self.assertDictEqual(new_service, res)
self.catalog_api.get_service(service_id)
updated_service = copy.deepcopy(new_service)
updated_service['description'] = uuid.uuid4().hex
# update bypassing catalog api
self.catalog_api.driver.update_service(service_id, updated_service)
self.assertDictContainsSubset(new_service,
self.catalog_api.get_service(service_id))
self.catalog_api.get_service.invalidate(self.catalog_api, service_id)
self.assertDictContainsSubset(updated_service,
self.catalog_api.get_service(service_id))
# delete bypassing catalog api
self.catalog_api.driver.delete_service(service_id)
self.assertDictContainsSubset(updated_service,
self.catalog_api.get_service(service_id))
self.catalog_api.get_service.invalidate(self.catalog_api, service_id)
self.assertRaises(exception.ServiceNotFound,
self.catalog_api.delete_service,
service_id)
self.assertRaises(exception.ServiceNotFound,
self.catalog_api.get_service,
service_id)
def test_delete_region_with_endpoint(self):
# create a region
region = unit.new_region_ref()
self.catalog_api.create_region(region)
# create a child region
child_region = unit.new_region_ref(parent_region_id=region['id'])
self.catalog_api.create_region(child_region)
# create a service
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
# create an endpoint attached to the service and child region
child_endpoint = unit.new_endpoint_ref(region_id=child_region['id'],
service_id=service['id'])
self.catalog_api.create_endpoint(child_endpoint['id'], child_endpoint)
self.assertRaises(exception.RegionDeletionError,
self.catalog_api.delete_region,
child_region['id'])
# create an endpoint attached to the service and parent region
endpoint = unit.new_endpoint_ref(region_id=region['id'],
service_id=service['id'])
self.catalog_api.create_endpoint(endpoint['id'], endpoint)
self.assertRaises(exception.RegionDeletionError,
self.catalog_api.delete_region,
region['id'])
def setUp(self):
"""Setup for Identity Limit Test Cases."""
super(IdentityTestListLimitCase, self).setUp()
# Create 10 entries for each of the entities we are going to test
self.ENTITY_TYPES = ['user', 'group', 'project']
self.entity_lists = {}
for entity in self.ENTITY_TYPES:
self.entity_lists[entity] = self._create_test_data(entity, 10)
# Make sure we clean up when finished
self.addCleanup(self.clean_up_entity, entity)
self.service_list = []
self.addCleanup(self.clean_up_service)
for _ in range(10):
new_entity = unit.new_service_ref()
service = self.catalog_api.create_service(new_entity['id'],
new_entity)
self.service_list.append(service)
self.policy_list = []
self.addCleanup(self.clean_up_policy)
for _ in range(10):
new_entity = unit.new_policy_ref()
policy = self.policy_api.create_policy(new_entity['id'],
new_entity)
self.policy_list.append(policy)
def test_create_service_no_enabled(self):
"""Call ``POST /services``."""
ref = unit.new_service_ref()
del ref["enabled"]
r = self.post("/services", body={"service": ref})
ref["enabled"] = True
self.assertValidServiceResponse(r, ref)
self.assertIs(True, r.result["service"]["enabled"])
def test_endpoints_created_with_service_exists(self):
# test assignment can be created if role already exists.
bootstrap = cli.BootStrap()
bootstrap.resource_manager.create_domain(self.default_domain['id'],
self.default_domain)
service = unit.new_service_ref(name=self.service_name)
bootstrap.catalog_manager.create_service(service['id'], service)
self._do_test_bootstrap(bootstrap)
def test_create_service_enabled_true(self):
"""Call ``POST /services``."""
ref = unit.new_service_ref(enabled=True)
r = self.post(
'/services',
body={'service': ref})
self.assertValidServiceResponse(r, ref)
self.assertIs(True, r.result['service']['enabled'])
def test_update_service(self):
"""Call ``PATCH /services/{service_id}``."""
service = unit.new_service_ref()
del service['id']
r = self.patch('/services/%(service_id)s' % {
'service_id': self.service_id},
body={'service': service})
self.assertValidServiceResponse(r, service)
def test_create_service_no_name(self):
"""Call ``POST /services``."""
ref = unit.new_service_ref()
del ref['name']
r = self.post(
'/services',
body={'service': ref})
ref['name'] = ''
self.assertValidServiceResponse(r, ref)
def test_create_endpoint_nonexistent_region(self):
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
endpoint = unit.new_endpoint_ref(service_id=service['id'])
self.assertRaises(exception.ValidationError,
self.catalog_api.create_endpoint,
endpoint['id'],
endpoint)
def test_v3_catalog_endpoint_filter_disabled(self):
# there is no endpoint-project association defined.
self.config_fixture.config(group='endpoint_filter',
return_all_endpoints_if_no_filter=True)
srv_1 = unit.new_service_ref()
self.catalog_api.create_service(srv_1['id'], srv_1)
endpoint_1 = unit.new_endpoint_ref(service_id=srv_1['id'],
region_id=None)
self.catalog_api.create_endpoint(endpoint_1['id'], endpoint_1)
srv_2 = unit.new_service_ref()
self.catalog_api.create_service(srv_2['id'], srv_2)
catalog_ref = self.catalog_api.get_v3_catalog(uuid.uuid4().hex,
self.tenant_bar['id'])
self.assertThat(catalog_ref, matchers.HasLength(2))
srv_id_list = [catalog_ref[0]['id'], catalog_ref[1]['id']]
self.assertItemsEqual([srv_1['id'], srv_2['id']], srv_id_list)
def test_user_cannot_delete_services(self):
service = unit.new_service_ref()
service = PROVIDERS.catalog_api.create_service(service['id'], service)
with self.test_client() as c:
c.delete(
'/v3/services/%s' % service['id'], headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def setUp(self):
super(TestCatalogAPISQL, self).setUp()
self.useFixture(database.Database())
self.load_backends()
service = unit.new_service_ref()
self.service_id = service['id']
PROVIDERS.catalog_api.create_service(self.service_id, service)
self.create_endpoint(service_id=self.service_id)
def setUp(self):
super(TestCatalogAPISQL, self).setUp()
self.useFixture(database.Database())
self.catalog_api = catalog.Manager()
service = unit.new_service_ref()
self.service_id = service['id']
self.catalog_api.create_service(self.service_id, service)
self.create_endpoint(service_id=self.service_id)
def load_sample_data(self):
self._populate_default_domain()
self.domain = unit.new_domain_ref()
self.domain_id = self.domain['id']
self.resource_api.create_domain(self.domain_id, self.domain)
self.project = unit.new_project_ref(domain_id=self.domain_id)
self.project_id = self.project['id']
self.resource_api.create_project(self.project_id, self.project)
self.user = unit.create_user(self.identity_api,
domain_id=self.domain_id)
self.user_id = self.user['id']
self.default_domain_project_id = uuid.uuid4().hex
self.default_domain_project = unit.new_project_ref(
domain_id=DEFAULT_DOMAIN_ID)
self.default_domain_project['id'] = self.default_domain_project_id
self.resource_api.create_project(self.default_domain_project_id,
self.default_domain_project)
self.default_domain_user = unit.create_user(
self.identity_api,
domain_id=DEFAULT_DOMAIN_ID)
self.default_domain_user_id = self.default_domain_user['id']
# create & grant policy.json's default role for admin_required
self.role = unit.new_role_ref(name='admin')
self.role_id = self.role['id']
self.role_api.create_role(self.role_id, self.role)
self.assignment_api.add_role_to_user_and_project(
self.user_id, self.project_id, self.role_id)
self.assignment_api.add_role_to_user_and_project(
self.default_domain_user_id, self.default_domain_project_id,
self.role_id)
self.assignment_api.add_role_to_user_and_project(
self.default_domain_user_id, self.project_id,
self.role_id)
self.region = unit.new_region_ref()
self.region_id = self.region['id']
self.catalog_api.create_region(self.region)
self.service = unit.new_service_ref()
self.service_id = self.service['id']
self.catalog_api.create_service(self.service_id, self.service.copy())
self.endpoint = unit.new_endpoint_ref(service_id=self.service_id,
interface='public',
region_id=self.region_id)
self.endpoint_id = self.endpoint['id']
self.catalog_api.create_endpoint(self.endpoint_id,
self.endpoint.copy())
# The server adds 'enabled' and defaults to True.
self.endpoint['enabled'] = True
def test_create_endpoint_region_returns_not_found(self):
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
endpoint = unit.new_endpoint_ref(region_id=uuid.uuid4().hex,
service_id=service['id'])
self.assertRaises(exception.ValidationError,
self.catalog_api.create_endpoint,
endpoint['id'],
endpoint.copy())
def test_user_can_get_an_endpoint(self):
service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref()
)
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint
)
with self.test_client() as c:
c.get('/v3/endpoints/%s' % endpoint['id'], headers=self.headers)
def test_user_can_update_services(self):
service = unit.new_service_ref()
service = PROVIDERS.catalog_api.create_service(service['id'], service)
update = {'service': {'description': uuid.uuid4().hex}}
with self.test_client() as c:
c.patch(
'/v3/services/%s' % service['id'], json=update,
headers=self.headers
)
def setUp(self):
super(EndpointPolicyTestCase, self).setUp()
self.policy = unit.new_policy_ref()
self.policy_api.create_policy(self.policy['id'], self.policy)
self.service = unit.new_service_ref()
self.catalog_api.create_service(self.service['id'], self.service)
self.endpoint = unit.new_endpoint_ref(self.service['id'], enabled=True,
interface='public',
region_id=self.region_id)
self.catalog_api.create_endpoint(self.endpoint['id'], self.endpoint)
self.region = unit.new_region_ref()
self.catalog_api.create_region(self.region)
def test_v3_catalog_domain_scoped_token(self):
# test the case that tenant_id is None.
srv_1 = unit.new_service_ref()
self.catalog_api.create_service(srv_1['id'], srv_1)
endpoint_1 = unit.new_endpoint_ref(service_id=srv_1['id'],
region_id=None)
self.catalog_api.create_endpoint(endpoint_1['id'], endpoint_1)
srv_2 = unit.new_service_ref()
self.catalog_api.create_service(srv_2['id'], srv_2)
endpoint_2 = unit.new_endpoint_ref(service_id=srv_2['id'],
region_id=None)
self.catalog_api.create_endpoint(endpoint_2['id'], endpoint_2)
self.config_fixture.config(group='endpoint_filter',
return_all_endpoints_if_no_filter=True)
catalog_ref = self.catalog_api.get_v3_catalog(uuid.uuid4().hex, None)
self.assertThat(catalog_ref, matchers.HasLength(2))
self.config_fixture.config(group='endpoint_filter',
return_all_endpoints_if_no_filter=False)
catalog_ref = self.catalog_api.get_v3_catalog(uuid.uuid4().hex, None)
self.assertThat(catalog_ref, matchers.HasLength(0))
def test_list_endpoints(self):
service = unit.new_service_ref()
PROVIDERS.catalog_api.create_service(service['id'], service)
expected_ids = set([uuid.uuid4().hex for _ in range(3)])
for endpoint_id in expected_ids:
endpoint = unit.new_endpoint_ref(service_id=service['id'],
id=endpoint_id,
region_id=None)
PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint)
endpoints = PROVIDERS.catalog_api.list_endpoints()
self.assertEqual(expected_ids, set(e['id'] for e in endpoints))
def test_catalog_ignored_malformed_urls(self):
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
malformed_url = "http://192.168.1.104:8774/v2/$(tenant)s"
endpoint = unit.new_endpoint_ref(service_id=service['id'],
url=malformed_url,
region_id=None)
self.catalog_api.create_endpoint(endpoint['id'], endpoint.copy())
# NOTE(dstanek): there are no valid URLs, so nothing is in the catalog
catalog = self.catalog_api.get_catalog('fake-user', 'fake-tenant')
self.assertEqual({}, catalog)
def test_user_can_delete_registered_limits(self):
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex)
limits = PROVIDERS.unified_limit_api.create_registered_limits(
[registered_limit])
limit_id = limits[0]['id']
with self.test_client() as c:
c.delete('/v3/registered_limits/%s' % limit_id,
headers=self.headers)
def test_catalog_ignored_malformed_urls(self):
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
malformed_url = "http://192.168.1.104:8774/v2/$(tenant)s"
endpoint = unit.new_endpoint_ref(service_id=service['id'],
url=malformed_url,
region_id=None)
self.catalog_api.create_endpoint(endpoint['id'], endpoint.copy())
# NOTE(dstanek): there are no valid URLs, so nothing is in the catalog
catalog = self.catalog_api.get_catalog('fake-user', 'fake-tenant')
self.assertEqual({}, catalog)
def test_list_endpoints(self):
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
expected_ids = set([uuid.uuid4().hex for _ in range(3)])
for endpoint_id in expected_ids:
endpoint = unit.new_endpoint_ref(service_id=service['id'],
id=endpoint_id,
region_id=None)
self.catalog_api.create_endpoint(endpoint['id'], endpoint)
endpoints = self.catalog_api.list_endpoints()
self.assertEqual(expected_ids, set(e['id'] for e in endpoints))
def setUp(self):
super(EndpointPolicyTestCase, self).setUp()
self.policy = unit.new_policy_ref()
self.policy_api.create_policy(self.policy['id'], self.policy)
self.service = unit.new_service_ref()
self.catalog_api.create_service(self.service['id'], self.service)
self.endpoint = unit.new_endpoint_ref(self.service['id'],
enabled=True,
interface='public',
region_id=self.region_id)
self.catalog_api.create_endpoint(self.endpoint['id'], self.endpoint)
self.region = unit.new_region_ref()
self.catalog_api.create_region(self.region)
def test_user_can_create_policy_association_for_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref()
)
with self.test_client() as c:
c.put(
'/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s'
% (policy['id'], service['id']),
headers=self.headers,
expected_status_code=http_client.NO_CONTENT
)
def test_user_cannot_delete_policy_assoc_for_region_and_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
region = PROVIDERS.catalog_api.create_region(unit.new_region_ref())
with self.test_client() as c:
c.delete(
'/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' %
(policy['id'], service['id'], region['id']),
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def setUp(self):
super(V2CatalogTestCase, self).setUp()
self.useFixture(database.Database())
self.service = unit.new_service_ref()
self.service_id = self.service['id']
self.catalog_api.create_service(self.service_id, self.service)
# TODO(termie): add an admin user to the fixtures and use that user
# override the fixtures, for now
self.assignment_api.add_role_to_user_and_project(
self.user_foo['id'],
self.tenant_bar['id'],
self.role_admin['id'])
def test_user_cannot_create_registered_limits(self):
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
create = {
'registered_limits':
[unit.new_registered_limit_ref(service_id=service['id'])]
}
with self.test_client() as c:
c.post('/v3/registered_limits',
json=create,
headers=self.headers,
expected_status_code=http.client.FORBIDDEN)
def test_get_catalog_always_returns_service_name(self):
user_id = uuid.uuid4().hex
tenant_id = uuid.uuid4().hex
# new_service_ref() returns a ref with a `name`.
named_svc = unit.new_service_ref()
self.catalog_api.create_service(named_svc['id'], named_svc)
self.create_endpoint(service_id=named_svc['id'])
# This time manually delete the generated `name`.
unnamed_svc = unit.new_service_ref()
del unnamed_svc['name']
self.catalog_api.create_service(unnamed_svc['id'], unnamed_svc)
self.create_endpoint(service_id=unnamed_svc['id'])
region = None
catalog = self.catalog_api.get_catalog(user_id, tenant_id)
self.assertEqual(named_svc['name'],
catalog[region][named_svc['type']]['name'])
# verify a name is not generated when the service is passed to the API
self.assertEqual('', catalog[region][unnamed_svc['type']]['name'])
def test_user_can_delete_policy_association_for_endpoint(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
with self.test_client() as c:
c.delete('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' %
(policy['id'], endpoint['id']),
headers=self.headers,
expected_status_code=http_client.NO_CONTENT)
def test_user_can_get_policy_for_endpoint(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
PROVIDERS.endpoint_policy_api.create_policy_association(
policy['id'], endpoint['id'])
with self.test_client() as c:
c.get('/v3/endpoints/%s/OS-ENDPOINT-POLICY/policy' %
(endpoint['id']),
headers=self.headers)
def test_user_can_list_registered_limits(self):
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex)
limits = PROVIDERS.unified_limit_api.create_registered_limits(
[registered_limit])
limit_id = limits[0]['id']
with self.test_client() as c:
r = c.get('/v3/registered_limits', headers=self.headers)
self.assertTrue(len(r.json['registered_limits']) == 1)
self.assertEqual(limit_id, r.json['registered_limits'][0]['id'])
def test_user_cannot_list_endpoints(self):
# Domain and project users should access this information through the
# token response they get when they authenticate for or validate a
# token.
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
with self.test_client() as c:
c.get('/v3/endpoints',
headers=self.headers,
expected_status_code=http.client.FORBIDDEN)
def load_sample_data(self):
"""Create sample data to test policy associations.
The following data is created:
- 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top)
- 3 services
- 6 endpoints, 2 in each region, with a mixture of services:
0 - region 0, Service 0
1 - region 0, Service 1
2 - region 1, Service 1
3 - region 1, Service 2
4 - region 2, Service 2
5 - region 2, Service 0
"""
def new_endpoint(region_id, service_id):
endpoint = unit.new_endpoint_ref(interface='test',
region_id=region_id,
service_id=service_id,
url='/url')
self.endpoint.append(
PROVIDERS.catalog_api.create_endpoint(endpoint['id'],
endpoint))
self.policy = []
self.endpoint = []
self.service = []
self.region = []
parent_region_id = None
for i in range(3):
policy = unit.new_policy_ref()
self.policy.append(
PROVIDERS.policy_api.create_policy(policy['id'], policy))
service = unit.new_service_ref()
self.service.append(
PROVIDERS.catalog_api.create_service(service['id'], service))
region = unit.new_region_ref(parent_region_id=parent_region_id)
# Link the regions together as a hierarchy, [0] at the top
parent_region_id = region['id']
self.region.append(PROVIDERS.catalog_api.create_region(region))
new_endpoint(self.region[0]['id'], self.service[0]['id'])
new_endpoint(self.region[0]['id'], self.service[1]['id'])
new_endpoint(self.region[1]['id'], self.service[1]['id'])
new_endpoint(self.region[1]['id'], self.service[2]['id'])
new_endpoint(self.region[2]['id'], self.service[2]['id'])
new_endpoint(self.region[2]['id'], self.service[0]['id'])
def test_user_cannot_update_endpoints(self):
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
update = {'endpoint': {'interface': 'internal'}}
with self.test_client() as c:
c.patch('/v3/endpoints/%s' % endpoint['id'],
json=update,
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_cache_layer_delete_service_with_endpoint(self):
service = unit.new_service_ref()
PROVIDERS.catalog_api.create_service(service['id'], service)
# create an endpoint attached to the service
endpoint = unit.new_endpoint_ref(service_id=service['id'],
region_id=None)
PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint)
# cache the result
PROVIDERS.catalog_api.get_service(service['id'])
PROVIDERS.catalog_api.get_endpoint(endpoint['id'])
# delete the service bypassing catalog api
PROVIDERS.catalog_api.driver.delete_service(service['id'])
self.assertDictContainsSubset(endpoint,
PROVIDERS.catalog_api.
get_endpoint(endpoint['id']))
self.assertDictContainsSubset(service,
PROVIDERS.catalog_api.
get_service(service['id']))
PROVIDERS.catalog_api.get_endpoint.invalidate(
PROVIDERS.catalog_api, endpoint['id']
)
self.assertRaises(exception.EndpointNotFound,
PROVIDERS.catalog_api.get_endpoint,
endpoint['id'])
self.assertRaises(exception.EndpointNotFound,
PROVIDERS.catalog_api.delete_endpoint,
endpoint['id'])
# multiple endpoints associated with a service
second_endpoint = unit.new_endpoint_ref(service_id=service['id'],
region_id=None)
PROVIDERS.catalog_api.create_service(service['id'], service)
PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint)
PROVIDERS.catalog_api.create_endpoint(
second_endpoint['id'], second_endpoint
)
PROVIDERS.catalog_api.delete_service(service['id'])
self.assertRaises(exception.EndpointNotFound,
PROVIDERS.catalog_api.get_endpoint,
endpoint['id'])
self.assertRaises(exception.EndpointNotFound,
PROVIDERS.catalog_api.delete_endpoint,
endpoint['id'])
self.assertRaises(exception.EndpointNotFound,
PROVIDERS.catalog_api.get_endpoint,
second_endpoint['id'])
self.assertRaises(exception.EndpointNotFound,
PROVIDERS.catalog_api.delete_endpoint,
second_endpoint['id'])
def test_user_cannot_list_endpoints_associated_with_endpoint_groups(self):
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
endpoint_group = unit.new_endpoint_group_ref(
filters={'interface': 'public'})
endpoint_group = PROVIDERS.catalog_api.create_endpoint_group(
endpoint_group['id'], endpoint_group)
with self.test_client() as c:
c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/endpoints' %
endpoint_group['id'],
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_get_catalog_always_returns_service_name(self):
user_id = uuid.uuid4().hex
tenant_id = uuid.uuid4().hex
# create a service, with a name
named_svc = unit.new_service_ref()
self.catalog_api.create_service(named_svc['id'], named_svc)
self.create_endpoint(service_id=named_svc['id'])
# create a service, with no name
unnamed_svc = unit.new_service_ref(name=None)
del unnamed_svc['name']
self.catalog_api.create_service(unnamed_svc['id'], unnamed_svc)
self.create_endpoint(service_id=unnamed_svc['id'])
catalog = self.catalog_api.get_v3_catalog(user_id, tenant_id)
named_endpoint = [ep for ep in catalog
if ep['type'] == named_svc['type']][0]
self.assertEqual(named_svc['name'], named_endpoint['name'])
unnamed_endpoint = [ep for ep in catalog
if ep['type'] == unnamed_svc['type']][0]
self.assertEqual('', unnamed_endpoint['name'])
def test_get_catalog_with_empty_public_url(self):
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
endpoint = unit.new_endpoint_ref(url='', service_id=service['id'],
region_id=None)
self.catalog_api.create_endpoint(endpoint['id'], endpoint.copy())
catalog = self.catalog_api.get_catalog('user', 'tenant')
catalog_endpoint = catalog[endpoint['region_id']][service['type']]
self.assertEqual(service['name'], catalog_endpoint['name'])
self.assertEqual(endpoint['id'], catalog_endpoint['id'])
self.assertEqual('', catalog_endpoint['publicURL'])
self.assertIsNone(catalog_endpoint.get('adminURL'))
self.assertIsNone(catalog_endpoint.get('internalURL'))
def test_user_cannot_add_endpoint_to_project(self):
project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id))
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
with self.test_client() as c:
c.put('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' %
(project['id'], endpoint['id']),
headers=self.headers,
expected_status_code=http_client.FORBIDDEN)
def test_user_can_list_endpoints(self):
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
with self.test_client() as c:
r = c.get('/v3/endpoints', headers=self.headers)
endpoints = []
for endpoint in r.json['endpoints']:
endpoints.append(endpoint['id'])
self.assertIn(endpoint['id'], endpoints)
def test_get_catalog_returns_proper_endpoints_with_no_region(self):
service = unit.new_service_ref()
service_id = service['id']
self.catalog_api.create_service(service_id, service)
endpoint = unit.new_endpoint_ref(service_id=service_id, region_id=None)
del endpoint['region_id']
self.catalog_api.create_endpoint(endpoint['id'], endpoint)
user_id = uuid.uuid4().hex
tenant_id = uuid.uuid4().hex
catalog = self.catalog_api.get_v3_catalog(user_id, tenant_id)
self.assertValidCatalogEndpoint(catalog[0]['endpoints'][0],
ref=endpoint)
def test_invalidate_cache_when_updating_service(self):
new_service = unit.new_service_ref()
service_id = new_service['id']
self.catalog_api.create_service(service_id, new_service)
# cache the service
self.catalog_api.get_service(service_id)
# update the service via catalog api
new_type = {'type': uuid.uuid4().hex}
self.catalog_api.update_service(service_id, new_type)
# assert that we can get the new service
current_service = self.catalog_api.get_service(service_id)
self.assertEqual(new_type['type'], current_service['type'])
def test_user_list_endpoints_for_policy(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
endpoint = unit.new_endpoint_ref(service['id'], region_id=None)
endpoint = PROVIDERS.catalog_api.create_endpoint(
endpoint['id'], endpoint)
PROVIDERS.endpoint_policy_api.create_policy_association(
policy['id'], endpoint['id'])
with self.test_client() as c:
r = c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints' %
(policy['id']),
headers=self.headers)
for endpoint_itr in r.json['endpoints']:
self.assertIn(endpoint['id'], endpoint_itr['id'])
def test_user_cannot_check_policy_association_for_service(self):
policy = unit.new_policy_ref()
policy = PROVIDERS.policy_api.create_policy(policy['id'], policy)
service = PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, unit.new_service_ref()
)
PROVIDERS.endpoint_policy_api.create_policy_association(
policy['id'], service_id=service['id'])
with self.test_client() as c:
c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s'
% (policy['id'], service['id']),
headers=self.headers,
expected_status_code=http.client.FORBIDDEN)
def test_user_can_update_registered_limits(self):
service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex,
unit.new_service_ref())
registered_limit = unit.new_registered_limit_ref(
service_id=service['id'], id=uuid.uuid4().hex)
limits = PROVIDERS.unified_limit_api.create_registered_limits(
[registered_limit])
limit_id = limits[0]['id']
with self.test_client() as c:
update = {'registered_limit': {'default_limit': 5}}
c.patch('/v3/registered_limits/%s' % limit_id,
json=update,
headers=self.headers)
def test_user_can_list_services(self):
expected_service_ids = []
for _ in range(2):
s = unit.new_service_ref()
service = PROVIDERS.catalog_api.create_service(s['id'], s)
expected_service_ids.append(service['id'])
with self.test_client() as c:
r = c.get('/v3/services', headers=self.headers)
actual_service_ids = []
for service in r.json['services']:
actual_service_ids.append(service['id'])
for service_id in expected_service_ids:
self.assertIn(service_id, actual_service_ids)
def test_delete_service_with_endpoint(self):
# create a service
service = unit.new_service_ref()
self.catalog_api.create_service(service['id'], service)
# create an endpoint attached to the service
endpoint = unit.new_endpoint_ref(service_id=service['id'],
region_id=None)
self.catalog_api.create_endpoint(endpoint['id'], endpoint)
# deleting the service should also delete the endpoint
self.catalog_api.delete_service(service['id'])
self.assertRaises(exception.EndpointNotFound,
self.catalog_api.get_endpoint, endpoint['id'])
self.assertRaises(exception.EndpointNotFound,
self.catalog_api.delete_endpoint, endpoint['id'])
def setUp(self):
super(AccessRulesConfigPermissiveTest, self).setUp()
self.config_fixture.config(group='access_rules_config',
permissive=True)
self.useFixture(database.Database())
services = [
'identity',
'image',
'block-storage',
'network',
'compute',
'object'
]
for service in services:
ref = unit.new_service_ref(type=service)
PROVIDERS.catalog_api.create_service(
uuid.uuid4().hex, ref)
