def setUp(self): super(IdentityV3RbacTokenTest, self).setUp() own_creds = auth.KeystoneV3Credentials(**self.own_keystone_creds) own_creds = clients.get_auth_provider(own_creds).fill_credentials() self.own_token = clients.Manager( credentials=own_creds).identity_v3_client.token project_creds = auth.KeystoneV3Credentials( user_id=self.user_id, password=self.user['password'], project_id=self.project_id) project_creds = clients.get_auth_provider( project_creds).fill_credentials() self.project_token = clients.Manager( credentials=project_creds).identity_v3_client.token domain_creds = auth.KeystoneV3Credentials( user_id=self.user_id, password=self.user['password'], domain_id=self.domain_id) domain_creds = clients.get_auth_provider( domain_creds).fill_credentials() self.domain_token = clients.Manager( credentials=domain_creds).identity_v3_client.token system_creds = auth.KeystoneV3Credentials( user_id=self.user_id, password=self.user['password'], system='all') system_creds = clients.get_auth_provider( system_creds).fill_credentials() self.system_token = clients.Manager( credentials=system_creds).identity_v3_client.token
def testProjectTenantNoCollision(self): creds = auth.KeystoneV3Credentials(tenant_id='tenant') self.assertEqual('tenant', creds.project_id) creds = auth.KeystoneV3Credentials(project_id='project') self.assertEqual('project', creds.tenant_id) creds = auth.KeystoneV3Credentials(tenant_name='tenant') self.assertEqual('tenant', creds.project_name) creds = auth.KeystoneV3Credentials(project_name='project') self.assertEqual('project', creds.tenant_name)
def testSetAttrProjectDomain(self): creds = auth.KeystoneV3Credentials() creds.project_domain_name = 'project_domain' creds.domain_name = 'domain' self.assertEqual('project_domain', creds.user_domain_name) creds = auth.KeystoneV3Credentials() creds.domain_name = 'domain' creds.project_domain_name = 'project_domain' self.assertEqual('project_domain', creds.project_domain_name)
def setup_user_client(self, project_id=None): """Set up project user with its own client. This is useful for testing protection of resources in separate projects. Returns a client object and the user's ID. """ user_dict = { 'name': data_utils.rand_name('user'), 'password': data_utils.rand_password(), } user_id = self.os_system_admin.users_v3_client.create_user( **user_dict)['user']['id'] self.addCleanup(self.os_system_admin.users_v3_client.delete_user, user_id) if not project_id: project_id = self.os_system_admin.projects_client.create_project( data_utils.rand_name())['project']['id'] self.addCleanup( self.os_system_admin.projects_client.delete_project, project_id) member_role_id = self.os_system_admin.roles_v3_client.list_roles( name='member')['roles'][0]['id'] self.os_system_admin.roles_v3_client.create_user_role_on_project( project_id, user_id, member_role_id) creds = auth.KeystoneV3Credentials(user_id=user_id, password=user_dict['password'], project_id=project_id) auth_provider = clients.get_auth_provider(creds) creds = auth_provider.fill_credentials() client = clients.Manager(credentials=creds) return client
def _setup_new_user_client(cls, project_id, role): """Create a new tempest.clients.Manager Creates a new user with the given roles on the given project, and returns an instance of tempest.clients.Manager set up for that user. Users are cleaned up during class teardown in cls.clear_credentials """ user = { 'name': data_utils.rand_name('user'), 'password': data_utils.rand_password() } user_id = cls.os_system_admin.users_v3_client.create_user( **user)['user']['id'] cls._created_users.append(user_id) role_id = cls.os_system_admin.roles_v3_client.list_roles( name=role)['roles'][0]['id'] cls.os_system_admin.roles_v3_client.create_user_role_on_project( project_id, user_id, role_id) creds = auth.KeystoneV3Credentials(user_id=user_id, password=user['password'], project_id=project_id) auth_provider = clients.get_auth_provider(creds) creds = auth_provider.fill_credentials() return clients.Manager(credentials=creds)
def test_default_project_id(self): # create a domain dom_name = data_utils.rand_name('dom') domain_body = self.domains_client.create_domain( name=dom_name)['domain'] dom_id = domain_body['id'] self.addCleanup(self._delete_domain, dom_id) # create a project in the domain proj_name = data_utils.rand_name('proj') proj_body = self.projects_client.create_project( proj_name, domain_id=dom_id)['project'] proj_id = proj_body['id'] self.addCleanup(self.projects_client.delete_project, proj_id) self.assertEqual( proj_body['domain_id'], dom_id, "project " + proj_name + "doesn't have domain id " + dom_id) # create a user in the domain, with the previous project as his # default project user_name = data_utils.rand_name('user') user_body = self.users_client.create_user( name=user_name, password=user_name, domain_id=dom_id, default_project_id=proj_id)['user'] user_id = user_body['id'] self.addCleanup(self.users_client.delete_user, user_id) self.assertEqual( user_body['domain_id'], dom_id, "user " + user_name + "doesn't have domain id " + dom_id) # get roles and find the admin role admin_role = self.get_role_by_name(CONF.identity.admin_role) admin_role_id = admin_role['id'] # grant the admin role to the user on his project self.roles_client.create_user_role_on_project(proj_id, user_id, admin_role_id) # create a new client with user's credentials (NOTE: unscoped token!) creds = auth.KeystoneV3Credentials(username=user_name, password=user_name, user_domain_name=dom_name) auth_provider = clients.get_auth_provider(creds) creds = auth_provider.fill_credentials() admin_client = clients.Manager(credentials=creds) # verify the user's token and see that it is scoped to the project token, auth_data = admin_client.auth_provider.get_auth() result = admin_client.identity_v3_client.show_token(token)['token'] self.assertEqual(result['project']['domain']['id'], dom_id) self.assertEqual(result['project']['id'], proj_id)
def resource_setup(cls): trustor_user = { 'name': data_utils.rand_name('user'), 'password': data_utils.rand_password(), } cls.trustor = cls.admin_client.users_v3_client.create_user( **trustor_user)['user']['id'] cls.addClassResourceCleanup( cls.admin_client.users_v3_client.delete_user, user_id=cls.trustor) cls.trustee = cls.admin_client.users_v3_client.create_user( name=data_utils.rand_name())['user']['id'] cls.addClassResourceCleanup( cls.admin_client.users_v3_client.delete_user, user_id=cls.trustee) cls.project = cls.admin_client.projects_client.create_project( name=data_utils.rand_name() )['project']['id'] cls.addClassResourceCleanup( cls.admin_client.projects_client.delete_project, project_id=cls.project) cls.roles = [ {'id': cls.admin_client.roles_v3_client.create_role( name=data_utils.rand_name())['role']['id']} ] cls.addClassResourceCleanup( cls.admin_client.roles_v3_client.delete_role, role_id=cls.roles[0]['id']) cls.admin_client.roles_v3_client.create_user_role_on_project( project_id=cls.project, user_id=cls.trustor, role_id=cls.roles[0]['id'] ) creds = auth.KeystoneV3Credentials( user_id=cls.trustor, password=trustor_user['password'], project_id=cls.project) auth_provider = clients.get_auth_provider(creds) creds = auth_provider.fill_credentials() user_client = clients.Manager(credentials=creds) cls.user_trust_client = user_client.trusts_client cls.admin_role_id = cls.admin_client.roles_v3_client.list_roles( name='admin')['roles'][0]['id'] cls.member_role_id = cls.admin_client.roles_v3_client.list_roles( name='member')['roles'][0]['id'] cls.reader_role_id = cls.admin_client.roles_v3_client.list_roles( name='reader')['roles'][0]['id']
def setup_user_client(cls, domain_id=None): """Set up project user with its own client. This is to enable the project user to create its own credential. Returns a client object and the user's ID. """ user_dict = { 'name': data_utils.rand_name('user'), 'password': data_utils.rand_password(), } if domain_id: user_dict['domain_id'] = domain_id user_id = cls.admin_client.users_v3_client.create_user( **user_dict)['user']['id'] def try_cleanup_user(): # if domain is cleaned up first, user will already be deleted try: cls.admin_client.users_v3_client.delete_user(user_id) except exceptions.NotFound: pass cls.addClassResourceCleanup(try_cleanup_user) project_id = cls.admin_client.projects_client.create_project( data_utils.rand_name())['project']['id'] cls.addClassResourceCleanup( cls.admin_client.projects_client.delete_project, project_id) member_role_id = cls.admin_client.roles_v3_client.list_roles( name='member')['roles'][0]['id'] cls.admin_client.roles_v3_client.create_user_role_on_project( project_id, user_id, member_role_id) creds = auth.KeystoneV3Credentials(user_id=user_id, password=user_dict['password'], project_id=project_id) auth_provider = clients.get_auth_provider(creds) creds = auth_provider.fill_credentials() client = clients.Manager(credentials=creds) return client, user_id, project_id