def test_user_auth_against_nonexistent_tenant(self):
# Create an unscoped token
unscoped = self.post_token(as_json={
'auth': {
'passwordCredentials': {
'username': self.user['name'],
'password': self.user['password']}}}).json['access']
# Invalid tenant id
self.post_token(assert_status=401, as_json={
'auth': {
'token': {'id': unscoped['token']['id']},
'tenantId': common.unique_str()}})
# Invalid tenant name
self.post_token(assert_status=401, as_json={
'auth': {
'token': {'id': unscoped['token']['id']},
'tenantName': common.unique_str()}})
# Invalid tenant id
self.post_token(assert_status=401, as_json={
'auth': {
'passwordCredentials': {
'username': self.user['name'],
'password': self.user['password']},
'tenantId': common.unique_str()}})
# Invalid tenant name
self.post_token(assert_status=401, as_json={
'auth': {
'passwordCredentials': {
'username': self.user['name'],
'password': self.user['password']},
'tenantName': common.unique_str()}})
def test_service_create_xml_using_empty_type(self):
name = common.unique_str()
type = ''
description = common.unique_str()
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<service xmlns="%s" name="%s" type="%s" description="%s"/>') % (
self.xmlns_ksadm, name, type, description)
self.post_service(as_xml=data, assert_status=400)
def test_create_tenant(self):
name = common.unique_str()
description = common.unique_str()
response = self.create_tenant(tenant_name=name,
tenant_description=description, assert_status=201)
tenant = self.assertValidJsonTenantResponse(response)
self.assertEqual(name, tenant.get('name'))
self.assertEqual(description, tenant.get('description'))
def test_create_tenant_invalid_token_xml(self):
self.admin_token = common.unique_str()
data = '<?xml version="1.0" encoding="UTF-8"?> \
<tenant xmlns="http://docs.openstack.org/identity/api/v2.0" \
enabled="true" name="%s"> \
<description>A description...</description> \
</tenant>' % (common.unique_str())
self.post_tenant(as_xml=data, assert_status=404)
def test_update_tenant(self):
new_tenant_name = common.unique_str()
new_description = common.unique_str()
updated_tenant = self.update_tenant(self.tenant['id'],
tenant_name=new_tenant_name,
tenant_description=new_description, assert_status=200).\
json['tenant']
self.assertEqual(updated_tenant['name'], new_tenant_name)
self.assertEqual(updated_tenant['description'], new_description)
def test_update_tenant(self):
new_tenant_name = common.unique_str()
new_description = common.unique_str()
response = self.update_tenant(self.tenant['id'],
tenant_name=new_tenant_name, tenant_enabled=False,
tenant_description=new_description, assert_status=200)
updated_tenant = self.assertValidJsonTenantResponse(response)
self.assertEqual(updated_tenant['name'], new_tenant_name)
self.assertEqual(updated_tenant['description'], new_description)
self.assertEqual(updated_tenant['enabled'], False)
def test_get_tenant_data(self):
tenant = self.fixture_create_tenant(name=common.unique_str(),
description=common.unique_str(),
enabled=True)
response = self.fetch_tenant_by_name(tenant['name'], assert_status=200)
returned = self.assertValidJsonTenantResponse(response)
self.assertEquals(returned['id'], tenant['id'])
self.assertEquals(returned['name'], tenant['name'])
self.assertEquals(returned['description'], tenant['description'])
self.assertEquals(returned['enabled'], tenant['enabled'])
def test_endpoint_create_xml_using_invalid_token(self):
self.admin_token = common.unique_str()
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<endpointTemplate '
'xmlns="http://docs.openstack.org/identity/api/v2.0" '
'region="%s" serviceId="%s" publicURL="%s" adminURL="%s" '
'internalURL="%s" enabled="%s" global="%s"/>') % (
common.unique_str(), self.service['id'], common.unique_url(),
common.unique_url(), common.unique_url(), True, True)
self.post_endpoint_template(as_xml=data, assert_status=401, headers={
'Accept': 'application/xml'})
def test_create_role_mapped_to_a_service_xml(self):
service = self.create_service().json['OS-KSADM:service']
name = service['name'] + ':' + common.unique_str()
description = common.unique_str()
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<role xmlns="%s" name="%s" description="%s" serviceId="%s"/>') % (
self.xmlns, name, description, service['id'])
role_id = self.post_role(assert_status=201, as_xml=data).xml.get('id')
role = self.fetch_role(role_id, assert_status=200).json['role']
self.assertEqual(role['id'], role_id)
self.assertEqual(role['serviceId'], service['id'])
def test_service_create_xml(self):
name = common.unique_str()
type = common.unique_str()
description = common.unique_str()
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<service xmlns="%s" name="%s" type="%s" description="%s"/>') % (
self.xmlns_ksadm, name, type, description)
r = self.post_service(as_xml=data, assert_status=201)
self.assertEqual(r.xml.tag, "{%s}service" % self.xmlns_ksadm)
self.assertIsNotNone(r.xml.get('id'))
self.assertEqual(name, r.xml.get('name'))
self.assertEqual(type, r.xml.get('type'))
self.assertEqual(description, r.xml.get('description'))
def test_service_create_json(self):
name = common.unique_str()
type = common.unique_str()
description = common.unique_str()
service = self.create_service(service_name=name, service_type=type,
service_description=description,
assert_status=201).json['OS-KSADM:service']
self.assertIsNotNone(service.get('id'))
self.assertEqual(name, service.get('name'))
self.assertEqual(type, service.get('type'))
self.assertEqual(description, service.get('description'))
def test_endpoint_create_xml_using_invalid_token(self):
self.admin_token = common.unique_str()
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<endpointTemplate '
'xmlns="%s" '
'region="%s" name="%s" type="%s" publicURL="%s" adminURL="%s" '
'internalURL="%s" enabled="%s" global="%s"/>') % (
self.xmlns_kscatalog, common.unique_str(),
self.service['name'],
self.service['type'], common.unique_url(),
common.unique_url(), common.unique_url(), True, True)
self.post_endpoint_template(as_xml=data, assert_status=401, headers={
'Accept': 'application/xml'})
def test_service_create_json(self):
name = common.unique_str()
type = common.unique_str()
description = common.unique_str()
service = self.create_service(
service_name=name, service_type=type, service_description=description, assert_status=201
).json["OS-KSADM:service"]
self.assertIsNotNone(service.get("id"))
self.assertEqual(name, service.get("name"))
self.assertEqual(type, service.get("type"))
self.assertEqual(description, service.get("description"))
def test_create_tenant_xml(self):
name = common.unique_str()
description = common.unique_str()
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<tenant xmlns="http://docs.openstack.org/identity/api/v2.0" '
'enabled="true" name="%s"> '
'<description>%s</description> '
'</tenant>') % (name, description)
response = self.post_tenant(as_xml=data, assert_status=201, headers={
'Accept': 'application/xml'})
tenant = self.assertValidXmlTenantResponse(response)
self.assertEqual(name, tenant.get('name'))
self.assertEqual(description,
tenant.find('{%s}description' % self.xmlns).text)
def test_update_user_name(self):
new_user_name = common.unique_str()
new_user_email = common.unique_email()
self.update_user(self.user['id'], user_name=new_user_name,
user_email=new_user_email)
r = self.fetch_user(self.user['id'])
self.assertTrue(r.json['user']['name'], new_user_name)
def test_service_create_xml(self):
service_id = common.unique_str()
data = '<?xml version="1.0" encoding="UTF-8"?>\
<service xmlns="http://docs.openstack.org/identity/api/v2.0" \
id="%s" description="A Description of the service"/>\
' % (service_id,)
self.post_service(as_xml=data, assert_status=201)
def test_create_endpoint_template_xml(self):
region = common.unique_str()
public_url = common.unique_url()
admin_url = common.unique_url()
internal_url = common.unique_url()
enabled = True
is_global = True
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<endpointTemplate xmlns="%s" region="%s" serviceId="%s" '
'publicURL="%s" adminURL="%s" internalURL="%s" enabled="%s" '
'global="%s"/>') % (self.xmlns, region, self.service['id'],
public_url, admin_url, internal_url, enabled, is_global)
r = self.post_endpoint_template(as_xml=data, assert_status=201)
self.assertEqual(r.xml.tag, '{%s}endpointTemplate' % self.xmlns)
self.assertIsNotNone(r.xml.get("id"))
self.assertEqual(r.xml.get("serviceId"), self.service['id'])
self.assertEqual(r.xml.get("region"), region)
self.assertEqual(r.xml.get("publicURL"), public_url)
self.assertEqual(r.xml.get("adminURL"), admin_url)
self.assertEqual(r.xml.get("internalURL"), internal_url)
self.assertEqual(r.xml.get("enabled"), str(enabled).lower())
self.assertEqual(r.xml.get("global"), str(is_global).lower())
def setUp(self):
super(TestHPIDMTokensExtension, self).setUp()
password = common.unique_str()
self.user = self.create_user(user_password=password).json['user']
self.user['password'] = password
self.tenant = self.create_tenant().json['tenant']
self.service = self.create_service().json['OS-KSADM:service']
r = self.create_role(service_name=self.service['name'])
self.role = r.json['role']
self.another_service = self.create_service().json['OS-KSADM:service']
self.service_with_no_users = self.create_service().\
json['OS-KSADM:service']
ar = self.create_role(service_name=self.another_service['name'])
self.another_role = ar.json['role']
rnu = self.create_role(service_name=self.service_with_no_users['name'])
self.role_with_no_users = rnu.json['role']
rns = self.create_role()
self.role_with_no_service = rns.json['role']
self.grant_role_to_user(self.user['id'],
self.role['id'], self.tenant['id'])
self.grant_role_to_user(self.user['id'],
self.role_with_no_service['id'],
self.tenant['id'])
self.grant_role_to_user(self.user['id'],
self.another_role['id'], self.tenant['id'])
self.global_role = self.create_role().json['role']
# crete a global role
self.put_user_role(self.user['id'], self.global_role['id'], None)
def test_endpoint_create_xml(self):
region = common.unique_str()
public_url = common.unique_url()
admin_url = common.unique_url()
internal_url = common.unique_url()
enabled = True
is_global = True
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<endpointTemplate '
'xmlns="http://docs.openstack.org/identity/api/v2.0" '
'region="%s" serviceId="%s" publicURL="%s" adminURL="%s" '
'internalURL="%s" enabled="%s" global="%s"/>') % (region,
self.service['id'], public_url, admin_url, internal_url,
enabled, is_global)
r = self.post_endpoint_template(as_xml=data, assert_status=201,
headers={'Accept': 'application/xml'})
self.assertEqual(r.xml.tag, '{%s}endpointTemplate' % self.xmlns)
self.assertIsNotNone(r.xml.get("id"))
self.assertEqual(r.xml.get("serviceId"), self.service['id'])
self.assertEqual(r.xml.get("region"), region)
self.assertEqual(r.xml.get("publicURL"), public_url)
self.assertEqual(r.xml.get("adminURL"), admin_url)
self.assertEqual(r.xml.get("internalURL"), internal_url)
self.assertEqual(r.xml.get("enabled"), str(enabled).lower())
self.assertEqual(r.xml.get("global"), str(is_global).lower())
def setUp(self, *args, **kwargs):
super(GetRolesByServiceTest, self).setUp(*args, **kwargs)
service = self.create_service().json['OS-KSADM:service']
role_name = service['name'] + ':' + common.unique_str()
role = self.create_role(role_name=role_name,
service_id=service['id']).json['role']
self.service_id = service['id']
def setUp(self):
super(TestServiceAuthentication, self).setUp()
# Create a user
password = common.unique_str()
self.user = self.create_user(user_password=password).json['user']
self.user['password'] = password
def test_disabling_tenant_disables_token(self):
"""Disabling a tenant should invalidate previously-issued tokens"""
# Create a user for a specific tenant
tenant = self.create_tenant().json['tenant']
password = common.unique_str()
user = self.create_user(user_password=password,
tenant_id=tenant['id']).json['user']
user['password'] = password
# Authenticate as user to get a token *for a specific tenant*
user_token = self.authenticate(user['name'], user['password'],
tenant['id']).json['access']['token']['id']
# Validate and check that token belongs to tenant
print self.get_token(user_token).body
tenant_id = self.get_token(user_token).\
json['access']['token']['tenant']['id']
self.assertEqual(tenant_id, tenant['id'])
# Disable tenant
r = self.admin_request(method='POST',
path='/tenants/%s' % tenant['id'],
as_json={
'tenant': {
'name': tenant['name'],
'description': 'description',
'enabled': False}})
self.assertEquals(r.json['tenant']['enabled'], False)
# Assert that token belonging to disabled tenant is invalid
r = self.admin_request(path='/tokens/%s?belongsTo=%s' %
(user_token, tenant['id']), assert_status=403)
self.assertTrue(r.json['tenantDisabled'], 'Tenant is disabled')
def test_update_endpoint_xml(self):
region = common.unique_str()
public_url = common.unique_url()
admin_url = common.unique_url()
internal_url = common.unique_url()
enabled = True
is_global = True
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<endpointTemplate '
'xmlns="%s" '
'region="%s" name="%s" type="%s"'
' publicURL="%s" adminURL="%s"'
' internalURL="%s" enabled="%s" global="%s"/>') % (
self.xmlns_kscatalog, region,
self.service['name'], self.service['type'],
public_url, admin_url, internal_url,
enabled, is_global)
r = self.put_endpoint_template(self.endpoint_template['id'],
as_xml=data, assert_status=201, headers={
'Accept': 'application/xml'})
self.assertEqual(r.xml.tag,
'{%s}endpointTemplate' % self.xmlns_kscatalog)
self.assertIsNotNone(r.xml.get("id"))
self.assertEqual(r.xml.get("name"), self.service['name'])
self.assertEqual(r.xml.get("type"), self.service['type'])
self.assertEqual(r.xml.get("region"), region)
self.assertEqual(r.xml.get("publicURL"), public_url)
self.assertEqual(r.xml.get("adminURL"), admin_url)
self.assertEqual(r.xml.get("internalURL"), internal_url)
self.assertEqual(r.xml.get("enabled"), str(enabled).lower())
self.assertEqual(r.xml.get("global"), str(is_global).lower())
def setUp(self):
super(TestCreatePasswordCredentials, self).setUp()
password = common.unique_str()
self.user = self.create_user(
user_password=password).json['user']
self.delete_user_credentials_by_type(
self.user['id'], 'passwordCredentials')
def test_create_endpoint_template_xml_using_empty_type(self):
region = common.unique_str()
public_url = common.unique_url()
admin_url = common.unique_url()
internal_url = common.unique_url()
enabled = True
is_global = True
data = (
'<?xml version="1.0" encoding="UTF-8"?> '
'<endpointTemplate xmlns="%s" region="%s" name="%s" '
'type="%s" publicURL="%s" adminURL="%s" '
'internalURL="%s" enabled="%s" global="%s"/>'
) % (
self.xmlns_kscatalog,
region,
self.service["name"],
"",
public_url,
admin_url,
internal_url,
enabled,
is_global,
)
self.post_endpoint_template(as_xml=data, assert_status=400)
def test_update_tenant_not_found_xml(self):
data = ('<?xml version="1.0" encoding="UTF-8"?>'
'<tenant xmlns="http://docs.openstack.org/identity/api/v2.0" '
'enabled="true"> '
'<description>A NEW description...</description> '
'</tenant>')
self.put_tenant(common.unique_str(), as_xml=data, assert_status=404)
def test_create_role_using_empty_name_xml(self):
name = ''
description = common.unique_str()
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<role xmlns="%s" name="%s" description="%s" />') % (
self.xmlns, name, description)
self.post_role(assert_status=400, as_xml=data)
def test_create_role_mapped_to_a_service(self):
service = self.create_service().json['OS-KSADM:service']
role_name = service['name'] + ':' + common.unique_str()
role = self.create_role(role_name=role_name,
service_id=service['id']).json['role']
self.assertEqual(role_name, role['name'])
self.assertEqual(service['id'], role['serviceId'])
def test_disabling_tenant_disables_token(self):
"""Disabling a tenant should invalidate previously-issued tokens"""
# Create a user for a specific tenant
tenant = self.create_tenant().json["tenant"]
password = common.unique_str()
user = self.create_user(user_password=password, tenant_id=tenant["id"]).json["user"]
user["password"] = password
# Authenticate as user to get a token *for a specific tenant*
user_token = self.authenticate(user["name"], user["password"], tenant["id"]).json["access"]["token"]["id"]
# Validate and check that token belongs to tenant
tenant_id = self.get_token(user_token).json["access"]["token"]["tenant"]["id"]
self.assertEqual(tenant_id, tenant["id"])
# Disable tenant
r = self.admin_request(
method="PUT",
path="/tenants/%s" % tenant["id"],
as_json={"tenant": {"name": tenant["name"], "description": "description", "enabled": False}},
)
self.assertFalse(r.json["tenant"]["enabled"])
# Assert that token belonging to disabled tenant is invalid
r = self.admin_request(path="/tokens/%s?belongsTo=%s" % (user_token, tenant["id"]), assert_status=403)
self.assertTrue(r.json["tenantDisabled"], "Tenant is disabled")
def test_create_tenant_xml(self):
data = ('<?xml version="1.0" encoding="UTF-8"?> '
'<tenant xmlns="http://docs.openstack.org/identity/api/v2.0" '
'enabled="true" name="%s"> '
'<description>A description...</description> '
'</tenant>') % (common.unique_str(),)
self.post_tenant(as_xml=data, assert_status=201, headers={
'Accept': 'application/xml'})
def test_get_role_using_invalid_token(self):
self.admin_token = common.unique_str()
self.fetch_role(self.role['id'], assert_status=404)
def test_service_create_json_using_invalid_token(self):
self.admin_token = common.unique_str()
self.create_service(assert_status=401)
def test_get_service_using_invalid_token(self):
self.admin_token = common.unique_str()
self.fetch_service(service_id=self.service['id'], assert_status=401)
def test_update_tenant(self):
new_description = common.unique_str()
updated_tenant = self.update_tenant(self.tenant['id'],
tenant_description=new_description, assert_status=200).\
json['tenant']
self.assertEqual(updated_tenant['description'], new_description)
def test_get_services_using_invalid_token(self):
self.admin_token = common.unique_str()
self.list_services(assert_status=401)
def test_get_endpoint_json_using_invalid_auth_token(self):
self.admin_token = common.unique_str()
self.get_tenant_endpoints(self.tenant['id'], assert_status=401)
def test_delete_tenant_not_found_xml(self):
self.delete_tenant(common.unique_str(), assert_status=404, headers={
'Accept': 'application/xml'})
def test_create_role_mapped_to_a_service_using_incorrect_role_name(self):
self.create_role(common.unique_str(),
service_id=common.unique_str(),
assert_status=400)
def test_create_role_mapped_to_a_service(self):
service = self.create_service().json['OS-KSADM:service']
role_name = service['name'] + ':' + common.unique_str()
role = self.create_role(role_name=role_name,
service_id=service['id']).json['role']
self.assertEqual(service['id'], role['serviceId'])
def test_delete_roleref_using_invalid_token(self):
self.admin_token = common.unique_str()
self.delete_user_role(self.user['id'],
self.roles[0]['id'],
assert_status=404)
def test_create_roles_using_invalid_token(self):
self.admin_token = common.unique_str()
self.create_role(assert_status=404)
def test_get_rolerefs_xml_using_invalid_token(self):
self.admin_token = common.unique_str()
self.get_user_roles(self.user['id'],
assert_status=404,
headers={'Accept': 'application/xml'})
def test_get_rolerefs_json_using_invalid_token(self):
self.admin_token = common.unique_str()
self.get_user_roles(self.user['id'], assert_status=404)
def test_grant_role_json_using_invalid_token(self):
self.admin_token = common.unique_str()
self.grant_role_to_user(self.user['id'],
self.role['id'],
self.tenant['id'],
assert_status=404)
def test_endpoint_create_json_using_invalid_token(self):
self.admin_token = common.unique_str()
self.create_endpoint_for_tenant(self.tenant['id'],
self.endpoint_template['id'],
assert_status=401)
def test_validate_token_invalid_xml(self):
self.get_token(common.unique_str(),
assert_status=404,
headers={'Accept': 'application/xml'})
def test_get_tenant_endpoint_xml_using_invalid_auth_token(self):
self.admin_token = common.unique_str()
self.get_tenant_endpoints(self.tenant['id'],
assert_status=401,
headers={"Accept": "application/xml"})
def test_validate_token_invalid(self):
self.get_token(common.unique_str(), assert_status=404)
def test_delete_endpoint_using_invalid_auth_token(self):
self.admin_token = common.unique_str()
self.delete_tenant_endpoint(self.tenant['id'],
self.endpoint_template['id'],
assert_status=401)
def test_endpoint_create_json_using_invalid_token(self):
self.admin_token = common.unique_str()
self.create_endpoint_template(service_id=self.service['id'],
assert_status=401)
def test_delete_tenant_not_found(self):
self.remove_tenant(common.unique_str(), assert_status=404)
def test_get_endpoint_templates_using_invalid_auth_token(self):
self.admin_token = common.unique_str()
self.list_endpoint_templates(service_id=self.service['id'],
assert_status=401)
def test_create_tenant_invalid_token(self):
self.admin_token = common.unique_str()
self.create_tenant(assert_status=401)
def test_get_endpoint_templates_xml_invalid_auth_token(self):
self.admin_token = common.unique_str()
self.get_endpoint_templates_by_service(
service_id=self.service['id'],
assert_status=401,
headers={'Accept': 'application/xml'})
def test_service_delete_json_using_invalid_token(self):
self.admin_token = common.unique_str()
self.remove_service(self.service['id'], assert_status=401)
def test_get_endpoint_using_invalid_auth_token(self):
self.admin_token = common.unique_str()
self.fetch_endpoint_template(self.endpoint_template['id'],
assert_status=401)
def test_service_create_duplicate_json(self):
service_name = common.unique_str()
self.create_service(service_name=service_name, assert_status=201)
self.create_service(service_name=service_name, assert_status=409)
def test_update_endpoint_template_with_invalid_token(self):
self.admin_token = common.unique_str()
self.update_endpoint_template(self.endpoint_template['id'],
assert_status=401)
def test_get_role_xml_bad(self):
self.get_role(common.unique_str(),
assert_status=404,
headers={'Accept': 'application/xml'})
def test_get_role_bad(self):
self.fetch_role(common.unique_str(), assert_status=404)