def test_get_catalog_always_returns_service_name(self): user_id = uuid.uuid4().hex # create a project since the project should exist if we want to # filter the catalog by the project or replace the url with a # valid project id. domain = unit.new_domain_ref() PROVIDERS.resource_api.create_domain(domain['id'], domain) project = unit.new_project_ref(domain_id=domain['id']) PROVIDERS.resource_api.create_project(project['id'], project) # create a service, with a name named_svc = unit.new_service_ref() PROVIDERS.catalog_api.create_service(named_svc['id'], named_svc) self.create_endpoint(service_id=named_svc['id']) # create a service, with no name unnamed_svc = unit.new_service_ref(name=None) del unnamed_svc['name'] PROVIDERS.catalog_api.create_service(unnamed_svc['id'], unnamed_svc) self.create_endpoint(service_id=unnamed_svc['id']) catalog = PROVIDERS.catalog_api.get_v3_catalog(user_id, project['id']) named_endpoint = [ep for ep in catalog if ep['type'] == named_svc['type']][0] self.assertEqual(named_svc['name'], named_endpoint['name']) unnamed_endpoint = [ep for ep in catalog if ep['type'] == unnamed_svc['type']][0] self.assertEqual('', unnamed_endpoint['name'])
def test_v3_catalog_domain_scoped_token(self): # test the case that tenant_id is None. srv_1 = unit.new_service_ref() PROVIDERS.catalog_api.create_service(srv_1['id'], srv_1) endpoint_1 = unit.new_endpoint_ref(service_id=srv_1['id'], region_id=None) PROVIDERS.catalog_api.create_endpoint(endpoint_1['id'], endpoint_1) srv_2 = unit.new_service_ref() PROVIDERS.catalog_api.create_service(srv_2['id'], srv_2) endpoint_2 = unit.new_endpoint_ref(service_id=srv_2['id'], region_id=None) PROVIDERS.catalog_api.create_endpoint(endpoint_2['id'], endpoint_2) self.config_fixture.config(group='endpoint_filter', return_all_endpoints_if_no_filter=True) catalog_ref = PROVIDERS.catalog_api.get_v3_catalog( uuid.uuid4().hex, None ) self.assertThat(catalog_ref, matchers.HasLength(2)) self.config_fixture.config(group='endpoint_filter', return_all_endpoints_if_no_filter=False) catalog_ref = PROVIDERS.catalog_api.get_v3_catalog( uuid.uuid4().hex, None ) self.assertThat(catalog_ref, matchers.HasLength(0))
def test_create_service_no_name(self): """Call ``POST /services``.""" ref = unit.new_service_ref() del ref["name"] r = self.post("/services", body={"service": ref}) ref["name"] = "" self.assertValidServiceResponse(r, ref)
def test_service_crud(self): # create new_service = unit.new_service_ref() service_id = new_service['id'] res = self.catalog_api.create_service(service_id, new_service) self.assertDictEqual(new_service, res) # list services = self.catalog_api.list_services() self.assertIn(service_id, [x['id'] for x in services]) # update service_name_update = {'name': uuid.uuid4().hex} res = self.catalog_api.update_service(service_id, service_name_update) expected_service = new_service.copy() expected_service['name'] = service_name_update['name'] self.assertDictEqual(expected_service, res) # delete self.catalog_api.delete_service(service_id) self.assertRaises(exception.ServiceNotFound, self.catalog_api.delete_service, service_id) self.assertRaises(exception.ServiceNotFound, self.catalog_api.get_service, service_id)
def test_user_can_get_a_service(self): service = unit.new_service_ref() service = PROVIDERS.catalog_api.create_service(service['id'], service) with self.test_client() as c: r = c.get('/v3/services/%s' % service['id'], headers=self.headers) self.assertEqual(r.json['service']['id'], service['id'])
def _create_endpoints(self): # Creates a service and 2 endpoints for the service in the same region. # The 'public' interface is enabled and the 'internal' interface is # disabled. def create_endpoint(service_id, region, **kwargs): ref = unit.new_endpoint_ref( service_id=service_id, region_id=region, url='http://localhost/%s' % uuid.uuid4().hex, **kwargs) self.catalog_api.create_endpoint(ref['id'], ref) return ref # Create a service for use with the endpoints. service_ref = unit.new_service_ref() service_id = service_ref['id'] self.catalog_api.create_service(service_id, service_ref) region = unit.new_region_ref() self.catalog_api.create_region(region) # Create endpoints enabled_endpoint_ref = create_endpoint(service_id, region['id']) disabled_endpoint_ref = create_endpoint( service_id, region['id'], enabled=False, interface='internal') return service_ref, enabled_endpoint_ref, disabled_endpoint_ref
def test_create_service(self): """Call ``POST /services``.""" ref = unit.new_service_ref() r = self.post( '/services', body={'service': ref}) self.assertValidServiceResponse(r, ref)
def _create_limit_and_dependencies(): """Create a limit and its dependencies to test with.""" service = PROVIDERS.catalog_api.create_service( uuid.uuid4().hex, unit.new_service_ref() ) registered_limit = unit.new_registered_limit_ref( service_id=service['id'], id=uuid.uuid4().hex ) registered_limits = ( PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit] ) ) registered_limit = registered_limits[0] project = PROVIDERS.resource_api.create_project( uuid.uuid4().hex, unit.new_project_ref(domain_id=CONF.identity.default_domain_id) ) limit = unit.new_limit_ref( project_id=project['id'], service_id=service['id'], resource_name=registered_limit['resource_name'], resource_limit=5, id=uuid.uuid4().hex ) limits = PROVIDERS.unified_limit_api.create_limits([limit]) return limits
def test_user_cannot_create_limits(self): service = PROVIDERS.catalog_api.create_service( uuid.uuid4().hex, unit.new_service_ref() ) registered_limit = unit.new_registered_limit_ref( service_id=service['id'], id=uuid.uuid4().hex ) registered_limits = ( PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit] ) ) registered_limit = registered_limits[0] project = PROVIDERS.resource_api.create_project( uuid.uuid4().hex, unit.new_project_ref(domain_id=CONF.identity.default_domain_id) ) create = { 'limits': [ unit.new_limit_ref( project_id=project['id'], service_id=service['id'], resource_name=registered_limit['resource_name'], resource_limit=5 ) ] } with self.test_client() as c: c.post( '/v3/limits', json=create, headers=self.headers, expected_status_code=http_client.FORBIDDEN )
def test_create_endpoint(self): service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) endpoint = unit.new_endpoint_ref(service_id=service['id'], region_id=None) self.catalog_api.create_endpoint(endpoint['id'], endpoint.copy())
def test_cache_layer_service_crud(self): new_service = unit.new_service_ref() service_id = new_service['id'] res = self.catalog_api.create_service(service_id, new_service) self.assertDictEqual(new_service, res) self.catalog_api.get_service(service_id) updated_service = copy.deepcopy(new_service) updated_service['description'] = uuid.uuid4().hex # update bypassing catalog api self.catalog_api.driver.update_service(service_id, updated_service) self.assertDictContainsSubset(new_service, self.catalog_api.get_service(service_id)) self.catalog_api.get_service.invalidate(self.catalog_api, service_id) self.assertDictContainsSubset(updated_service, self.catalog_api.get_service(service_id)) # delete bypassing catalog api self.catalog_api.driver.delete_service(service_id) self.assertDictContainsSubset(updated_service, self.catalog_api.get_service(service_id)) self.catalog_api.get_service.invalidate(self.catalog_api, service_id) self.assertRaises(exception.ServiceNotFound, self.catalog_api.delete_service, service_id) self.assertRaises(exception.ServiceNotFound, self.catalog_api.get_service, service_id)
def test_delete_region_with_endpoint(self): # create a region region = unit.new_region_ref() self.catalog_api.create_region(region) # create a child region child_region = unit.new_region_ref(parent_region_id=region['id']) self.catalog_api.create_region(child_region) # create a service service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) # create an endpoint attached to the service and child region child_endpoint = unit.new_endpoint_ref(region_id=child_region['id'], service_id=service['id']) self.catalog_api.create_endpoint(child_endpoint['id'], child_endpoint) self.assertRaises(exception.RegionDeletionError, self.catalog_api.delete_region, child_region['id']) # create an endpoint attached to the service and parent region endpoint = unit.new_endpoint_ref(region_id=region['id'], service_id=service['id']) self.catalog_api.create_endpoint(endpoint['id'], endpoint) self.assertRaises(exception.RegionDeletionError, self.catalog_api.delete_region, region['id'])
def setUp(self): """Setup for Identity Limit Test Cases.""" super(IdentityTestListLimitCase, self).setUp() # Create 10 entries for each of the entities we are going to test self.ENTITY_TYPES = ['user', 'group', 'project'] self.entity_lists = {} for entity in self.ENTITY_TYPES: self.entity_lists[entity] = self._create_test_data(entity, 10) # Make sure we clean up when finished self.addCleanup(self.clean_up_entity, entity) self.service_list = [] self.addCleanup(self.clean_up_service) for _ in range(10): new_entity = unit.new_service_ref() service = self.catalog_api.create_service(new_entity['id'], new_entity) self.service_list.append(service) self.policy_list = [] self.addCleanup(self.clean_up_policy) for _ in range(10): new_entity = unit.new_policy_ref() policy = self.policy_api.create_policy(new_entity['id'], new_entity) self.policy_list.append(policy)
def test_create_service_no_enabled(self): """Call ``POST /services``.""" ref = unit.new_service_ref() del ref["enabled"] r = self.post("/services", body={"service": ref}) ref["enabled"] = True self.assertValidServiceResponse(r, ref) self.assertIs(True, r.result["service"]["enabled"])
def test_endpoints_created_with_service_exists(self): # test assignment can be created if role already exists. bootstrap = cli.BootStrap() bootstrap.resource_manager.create_domain(self.default_domain['id'], self.default_domain) service = unit.new_service_ref(name=self.service_name) bootstrap.catalog_manager.create_service(service['id'], service) self._do_test_bootstrap(bootstrap)
def test_create_service_enabled_true(self): """Call ``POST /services``.""" ref = unit.new_service_ref(enabled=True) r = self.post( '/services', body={'service': ref}) self.assertValidServiceResponse(r, ref) self.assertIs(True, r.result['service']['enabled'])
def test_update_service(self): """Call ``PATCH /services/{service_id}``.""" service = unit.new_service_ref() del service['id'] r = self.patch('/services/%(service_id)s' % { 'service_id': self.service_id}, body={'service': service}) self.assertValidServiceResponse(r, service)
def test_create_service_no_name(self): """Call ``POST /services``.""" ref = unit.new_service_ref() del ref['name'] r = self.post( '/services', body={'service': ref}) ref['name'] = '' self.assertValidServiceResponse(r, ref)
def test_create_endpoint_nonexistent_region(self): service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) endpoint = unit.new_endpoint_ref(service_id=service['id']) self.assertRaises(exception.ValidationError, self.catalog_api.create_endpoint, endpoint['id'], endpoint)
def test_v3_catalog_endpoint_filter_disabled(self): # there is no endpoint-project association defined. self.config_fixture.config(group='endpoint_filter', return_all_endpoints_if_no_filter=True) srv_1 = unit.new_service_ref() self.catalog_api.create_service(srv_1['id'], srv_1) endpoint_1 = unit.new_endpoint_ref(service_id=srv_1['id'], region_id=None) self.catalog_api.create_endpoint(endpoint_1['id'], endpoint_1) srv_2 = unit.new_service_ref() self.catalog_api.create_service(srv_2['id'], srv_2) catalog_ref = self.catalog_api.get_v3_catalog(uuid.uuid4().hex, self.tenant_bar['id']) self.assertThat(catalog_ref, matchers.HasLength(2)) srv_id_list = [catalog_ref[0]['id'], catalog_ref[1]['id']] self.assertItemsEqual([srv_1['id'], srv_2['id']], srv_id_list)
def test_user_cannot_delete_services(self): service = unit.new_service_ref() service = PROVIDERS.catalog_api.create_service(service['id'], service) with self.test_client() as c: c.delete( '/v3/services/%s' % service['id'], headers=self.headers, expected_status_code=http_client.FORBIDDEN )
def setUp(self): super(TestCatalogAPISQL, self).setUp() self.useFixture(database.Database()) self.load_backends() service = unit.new_service_ref() self.service_id = service['id'] PROVIDERS.catalog_api.create_service(self.service_id, service) self.create_endpoint(service_id=self.service_id)
def setUp(self): super(TestCatalogAPISQL, self).setUp() self.useFixture(database.Database()) self.catalog_api = catalog.Manager() service = unit.new_service_ref() self.service_id = service['id'] self.catalog_api.create_service(self.service_id, service) self.create_endpoint(service_id=self.service_id)
def load_sample_data(self): self._populate_default_domain() self.domain = unit.new_domain_ref() self.domain_id = self.domain['id'] self.resource_api.create_domain(self.domain_id, self.domain) self.project = unit.new_project_ref(domain_id=self.domain_id) self.project_id = self.project['id'] self.resource_api.create_project(self.project_id, self.project) self.user = unit.create_user(self.identity_api, domain_id=self.domain_id) self.user_id = self.user['id'] self.default_domain_project_id = uuid.uuid4().hex self.default_domain_project = unit.new_project_ref( domain_id=DEFAULT_DOMAIN_ID) self.default_domain_project['id'] = self.default_domain_project_id self.resource_api.create_project(self.default_domain_project_id, self.default_domain_project) self.default_domain_user = unit.create_user( self.identity_api, domain_id=DEFAULT_DOMAIN_ID) self.default_domain_user_id = self.default_domain_user['id'] # create & grant policy.json's default role for admin_required self.role = unit.new_role_ref(name='admin') self.role_id = self.role['id'] self.role_api.create_role(self.role_id, self.role) self.assignment_api.add_role_to_user_and_project( self.user_id, self.project_id, self.role_id) self.assignment_api.add_role_to_user_and_project( self.default_domain_user_id, self.default_domain_project_id, self.role_id) self.assignment_api.add_role_to_user_and_project( self.default_domain_user_id, self.project_id, self.role_id) self.region = unit.new_region_ref() self.region_id = self.region['id'] self.catalog_api.create_region(self.region) self.service = unit.new_service_ref() self.service_id = self.service['id'] self.catalog_api.create_service(self.service_id, self.service.copy()) self.endpoint = unit.new_endpoint_ref(service_id=self.service_id, interface='public', region_id=self.region_id) self.endpoint_id = self.endpoint['id'] self.catalog_api.create_endpoint(self.endpoint_id, self.endpoint.copy()) # The server adds 'enabled' and defaults to True. self.endpoint['enabled'] = True
def test_create_endpoint_region_returns_not_found(self): service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) endpoint = unit.new_endpoint_ref(region_id=uuid.uuid4().hex, service_id=service['id']) self.assertRaises(exception.ValidationError, self.catalog_api.create_endpoint, endpoint['id'], endpoint.copy())
def test_user_can_get_an_endpoint(self): service = PROVIDERS.catalog_api.create_service( uuid.uuid4().hex, unit.new_service_ref() ) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint ) with self.test_client() as c: c.get('/v3/endpoints/%s' % endpoint['id'], headers=self.headers)
def test_user_can_update_services(self): service = unit.new_service_ref() service = PROVIDERS.catalog_api.create_service(service['id'], service) update = {'service': {'description': uuid.uuid4().hex}} with self.test_client() as c: c.patch( '/v3/services/%s' % service['id'], json=update, headers=self.headers )
def setUp(self): super(EndpointPolicyTestCase, self).setUp() self.policy = unit.new_policy_ref() self.policy_api.create_policy(self.policy['id'], self.policy) self.service = unit.new_service_ref() self.catalog_api.create_service(self.service['id'], self.service) self.endpoint = unit.new_endpoint_ref(self.service['id'], enabled=True, interface='public', region_id=self.region_id) self.catalog_api.create_endpoint(self.endpoint['id'], self.endpoint) self.region = unit.new_region_ref() self.catalog_api.create_region(self.region)
def test_v3_catalog_domain_scoped_token(self): # test the case that tenant_id is None. srv_1 = unit.new_service_ref() self.catalog_api.create_service(srv_1['id'], srv_1) endpoint_1 = unit.new_endpoint_ref(service_id=srv_1['id'], region_id=None) self.catalog_api.create_endpoint(endpoint_1['id'], endpoint_1) srv_2 = unit.new_service_ref() self.catalog_api.create_service(srv_2['id'], srv_2) endpoint_2 = unit.new_endpoint_ref(service_id=srv_2['id'], region_id=None) self.catalog_api.create_endpoint(endpoint_2['id'], endpoint_2) self.config_fixture.config(group='endpoint_filter', return_all_endpoints_if_no_filter=True) catalog_ref = self.catalog_api.get_v3_catalog(uuid.uuid4().hex, None) self.assertThat(catalog_ref, matchers.HasLength(2)) self.config_fixture.config(group='endpoint_filter', return_all_endpoints_if_no_filter=False) catalog_ref = self.catalog_api.get_v3_catalog(uuid.uuid4().hex, None) self.assertThat(catalog_ref, matchers.HasLength(0))
def test_list_endpoints(self): service = unit.new_service_ref() PROVIDERS.catalog_api.create_service(service['id'], service) expected_ids = set([uuid.uuid4().hex for _ in range(3)]) for endpoint_id in expected_ids: endpoint = unit.new_endpoint_ref(service_id=service['id'], id=endpoint_id, region_id=None) PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint) endpoints = PROVIDERS.catalog_api.list_endpoints() self.assertEqual(expected_ids, set(e['id'] for e in endpoints))
def test_catalog_ignored_malformed_urls(self): service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) malformed_url = "http://192.168.1.104:8774/v2/$(tenant)s" endpoint = unit.new_endpoint_ref(service_id=service['id'], url=malformed_url, region_id=None) self.catalog_api.create_endpoint(endpoint['id'], endpoint.copy()) # NOTE(dstanek): there are no valid URLs, so nothing is in the catalog catalog = self.catalog_api.get_catalog('fake-user', 'fake-tenant') self.assertEqual({}, catalog)
def test_user_can_delete_registered_limits(self): service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) registered_limit = unit.new_registered_limit_ref( service_id=service['id'], id=uuid.uuid4().hex) limits = PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit]) limit_id = limits[0]['id'] with self.test_client() as c: c.delete('/v3/registered_limits/%s' % limit_id, headers=self.headers)
def test_list_endpoints(self): service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) expected_ids = set([uuid.uuid4().hex for _ in range(3)]) for endpoint_id in expected_ids: endpoint = unit.new_endpoint_ref(service_id=service['id'], id=endpoint_id, region_id=None) self.catalog_api.create_endpoint(endpoint['id'], endpoint) endpoints = self.catalog_api.list_endpoints() self.assertEqual(expected_ids, set(e['id'] for e in endpoints))
def test_user_can_create_policy_association_for_service(self): policy = unit.new_policy_ref() policy = PROVIDERS.policy_api.create_policy(policy['id'], policy) service = PROVIDERS.catalog_api.create_service( uuid.uuid4().hex, unit.new_service_ref() ) with self.test_client() as c: c.put( '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, expected_status_code=http_client.NO_CONTENT )
def test_user_cannot_delete_policy_assoc_for_region_and_service(self): policy = unit.new_policy_ref() policy = PROVIDERS.policy_api.create_policy(policy['id'], policy) service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) region = PROVIDERS.catalog_api.create_region(unit.new_region_ref()) with self.test_client() as c: c.delete( '/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s/regions/%s' % (policy['id'], service['id'], region['id']), headers=self.headers, expected_status_code=http_client.FORBIDDEN)
def setUp(self): super(V2CatalogTestCase, self).setUp() self.useFixture(database.Database()) self.service = unit.new_service_ref() self.service_id = self.service['id'] self.catalog_api.create_service(self.service_id, self.service) # TODO(termie): add an admin user to the fixtures and use that user # override the fixtures, for now self.assignment_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_bar['id'], self.role_admin['id'])
def test_user_cannot_create_registered_limits(self): service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) create = { 'registered_limits': [unit.new_registered_limit_ref(service_id=service['id'])] } with self.test_client() as c: c.post('/v3/registered_limits', json=create, headers=self.headers, expected_status_code=http.client.FORBIDDEN)
def test_get_catalog_always_returns_service_name(self): user_id = uuid.uuid4().hex tenant_id = uuid.uuid4().hex # new_service_ref() returns a ref with a `name`. named_svc = unit.new_service_ref() self.catalog_api.create_service(named_svc['id'], named_svc) self.create_endpoint(service_id=named_svc['id']) # This time manually delete the generated `name`. unnamed_svc = unit.new_service_ref() del unnamed_svc['name'] self.catalog_api.create_service(unnamed_svc['id'], unnamed_svc) self.create_endpoint(service_id=unnamed_svc['id']) region = None catalog = self.catalog_api.get_catalog(user_id, tenant_id) self.assertEqual(named_svc['name'], catalog[region][named_svc['type']]['name']) # verify a name is not generated when the service is passed to the API self.assertEqual('', catalog[region][unnamed_svc['type']]['name'])
def test_user_can_delete_policy_association_for_endpoint(self): policy = unit.new_policy_ref() policy = PROVIDERS.policy_api.create_policy(policy['id'], policy) service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) with self.test_client() as c: c.delete('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints/%s' % (policy['id'], endpoint['id']), headers=self.headers, expected_status_code=http_client.NO_CONTENT)
def test_user_can_get_policy_for_endpoint(self): policy = unit.new_policy_ref() policy = PROVIDERS.policy_api.create_policy(policy['id'], policy) service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) PROVIDERS.endpoint_policy_api.create_policy_association( policy['id'], endpoint['id']) with self.test_client() as c: c.get('/v3/endpoints/%s/OS-ENDPOINT-POLICY/policy' % (endpoint['id']), headers=self.headers)
def test_user_can_list_registered_limits(self): service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) registered_limit = unit.new_registered_limit_ref( service_id=service['id'], id=uuid.uuid4().hex) limits = PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit]) limit_id = limits[0]['id'] with self.test_client() as c: r = c.get('/v3/registered_limits', headers=self.headers) self.assertTrue(len(r.json['registered_limits']) == 1) self.assertEqual(limit_id, r.json['registered_limits'][0]['id'])
def test_user_cannot_list_endpoints(self): # Domain and project users should access this information through the # token response they get when they authenticate for or validate a # token. service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) with self.test_client() as c: c.get('/v3/endpoints', headers=self.headers, expected_status_code=http.client.FORBIDDEN)
def load_sample_data(self): """Create sample data to test policy associations. The following data is created: - 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top) - 3 services - 6 endpoints, 2 in each region, with a mixture of services: 0 - region 0, Service 0 1 - region 0, Service 1 2 - region 1, Service 1 3 - region 1, Service 2 4 - region 2, Service 2 5 - region 2, Service 0 """ def new_endpoint(region_id, service_id): endpoint = unit.new_endpoint_ref(interface='test', region_id=region_id, service_id=service_id, url='/url') self.endpoint.append( PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint)) self.policy = [] self.endpoint = [] self.service = [] self.region = [] parent_region_id = None for i in range(3): policy = unit.new_policy_ref() self.policy.append( PROVIDERS.policy_api.create_policy(policy['id'], policy)) service = unit.new_service_ref() self.service.append( PROVIDERS.catalog_api.create_service(service['id'], service)) region = unit.new_region_ref(parent_region_id=parent_region_id) # Link the regions together as a hierarchy, [0] at the top parent_region_id = region['id'] self.region.append(PROVIDERS.catalog_api.create_region(region)) new_endpoint(self.region[0]['id'], self.service[0]['id']) new_endpoint(self.region[0]['id'], self.service[1]['id']) new_endpoint(self.region[1]['id'], self.service[1]['id']) new_endpoint(self.region[1]['id'], self.service[2]['id']) new_endpoint(self.region[2]['id'], self.service[2]['id']) new_endpoint(self.region[2]['id'], self.service[0]['id'])
def test_user_cannot_update_endpoints(self): service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) update = {'endpoint': {'interface': 'internal'}} with self.test_client() as c: c.patch('/v3/endpoints/%s' % endpoint['id'], json=update, headers=self.headers, expected_status_code=http_client.FORBIDDEN)
def test_cache_layer_delete_service_with_endpoint(self): service = unit.new_service_ref() PROVIDERS.catalog_api.create_service(service['id'], service) # create an endpoint attached to the service endpoint = unit.new_endpoint_ref(service_id=service['id'], region_id=None) PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint) # cache the result PROVIDERS.catalog_api.get_service(service['id']) PROVIDERS.catalog_api.get_endpoint(endpoint['id']) # delete the service bypassing catalog api PROVIDERS.catalog_api.driver.delete_service(service['id']) self.assertDictContainsSubset(endpoint, PROVIDERS.catalog_api. get_endpoint(endpoint['id'])) self.assertDictContainsSubset(service, PROVIDERS.catalog_api. get_service(service['id'])) PROVIDERS.catalog_api.get_endpoint.invalidate( PROVIDERS.catalog_api, endpoint['id'] ) self.assertRaises(exception.EndpointNotFound, PROVIDERS.catalog_api.get_endpoint, endpoint['id']) self.assertRaises(exception.EndpointNotFound, PROVIDERS.catalog_api.delete_endpoint, endpoint['id']) # multiple endpoints associated with a service second_endpoint = unit.new_endpoint_ref(service_id=service['id'], region_id=None) PROVIDERS.catalog_api.create_service(service['id'], service) PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint) PROVIDERS.catalog_api.create_endpoint( second_endpoint['id'], second_endpoint ) PROVIDERS.catalog_api.delete_service(service['id']) self.assertRaises(exception.EndpointNotFound, PROVIDERS.catalog_api.get_endpoint, endpoint['id']) self.assertRaises(exception.EndpointNotFound, PROVIDERS.catalog_api.delete_endpoint, endpoint['id']) self.assertRaises(exception.EndpointNotFound, PROVIDERS.catalog_api.get_endpoint, second_endpoint['id']) self.assertRaises(exception.EndpointNotFound, PROVIDERS.catalog_api.delete_endpoint, second_endpoint['id'])
def test_user_cannot_list_endpoints_associated_with_endpoint_groups(self): service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) endpoint_group = unit.new_endpoint_group_ref( filters={'interface': 'public'}) endpoint_group = PROVIDERS.catalog_api.create_endpoint_group( endpoint_group['id'], endpoint_group) with self.test_client() as c: c.get('/v3/OS-EP-FILTER/endpoint_groups/%s/endpoints' % endpoint_group['id'], headers=self.headers, expected_status_code=http_client.FORBIDDEN)
def test_get_catalog_always_returns_service_name(self): user_id = uuid.uuid4().hex tenant_id = uuid.uuid4().hex # create a service, with a name named_svc = unit.new_service_ref() self.catalog_api.create_service(named_svc['id'], named_svc) self.create_endpoint(service_id=named_svc['id']) # create a service, with no name unnamed_svc = unit.new_service_ref(name=None) del unnamed_svc['name'] self.catalog_api.create_service(unnamed_svc['id'], unnamed_svc) self.create_endpoint(service_id=unnamed_svc['id']) catalog = self.catalog_api.get_v3_catalog(user_id, tenant_id) named_endpoint = [ep for ep in catalog if ep['type'] == named_svc['type']][0] self.assertEqual(named_svc['name'], named_endpoint['name']) unnamed_endpoint = [ep for ep in catalog if ep['type'] == unnamed_svc['type']][0] self.assertEqual('', unnamed_endpoint['name'])
def test_get_catalog_with_empty_public_url(self): service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) endpoint = unit.new_endpoint_ref(url='', service_id=service['id'], region_id=None) self.catalog_api.create_endpoint(endpoint['id'], endpoint.copy()) catalog = self.catalog_api.get_catalog('user', 'tenant') catalog_endpoint = catalog[endpoint['region_id']][service['type']] self.assertEqual(service['name'], catalog_endpoint['name']) self.assertEqual(endpoint['id'], catalog_endpoint['id']) self.assertEqual('', catalog_endpoint['publicURL']) self.assertIsNone(catalog_endpoint.get('adminURL')) self.assertIsNone(catalog_endpoint.get('internalURL'))
def test_user_cannot_add_endpoint_to_project(self): project = PROVIDERS.resource_api.create_project( uuid.uuid4().hex, unit.new_project_ref(domain_id=CONF.identity.default_domain_id)) service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) with self.test_client() as c: c.put('/v3/OS-EP-FILTER/projects/%s/endpoints/%s' % (project['id'], endpoint['id']), headers=self.headers, expected_status_code=http_client.FORBIDDEN)
def test_user_can_list_endpoints(self): service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) with self.test_client() as c: r = c.get('/v3/endpoints', headers=self.headers) endpoints = [] for endpoint in r.json['endpoints']: endpoints.append(endpoint['id']) self.assertIn(endpoint['id'], endpoints)
def test_get_catalog_returns_proper_endpoints_with_no_region(self): service = unit.new_service_ref() service_id = service['id'] self.catalog_api.create_service(service_id, service) endpoint = unit.new_endpoint_ref(service_id=service_id, region_id=None) del endpoint['region_id'] self.catalog_api.create_endpoint(endpoint['id'], endpoint) user_id = uuid.uuid4().hex tenant_id = uuid.uuid4().hex catalog = self.catalog_api.get_v3_catalog(user_id, tenant_id) self.assertValidCatalogEndpoint(catalog[0]['endpoints'][0], ref=endpoint)
def test_invalidate_cache_when_updating_service(self): new_service = unit.new_service_ref() service_id = new_service['id'] self.catalog_api.create_service(service_id, new_service) # cache the service self.catalog_api.get_service(service_id) # update the service via catalog api new_type = {'type': uuid.uuid4().hex} self.catalog_api.update_service(service_id, new_type) # assert that we can get the new service current_service = self.catalog_api.get_service(service_id) self.assertEqual(new_type['type'], current_service['type'])
def test_user_list_endpoints_for_policy(self): policy = unit.new_policy_ref() policy = PROVIDERS.policy_api.create_policy(policy['id'], policy) service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) endpoint = unit.new_endpoint_ref(service['id'], region_id=None) endpoint = PROVIDERS.catalog_api.create_endpoint( endpoint['id'], endpoint) PROVIDERS.endpoint_policy_api.create_policy_association( policy['id'], endpoint['id']) with self.test_client() as c: r = c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/endpoints' % (policy['id']), headers=self.headers) for endpoint_itr in r.json['endpoints']: self.assertIn(endpoint['id'], endpoint_itr['id'])
def test_user_cannot_check_policy_association_for_service(self): policy = unit.new_policy_ref() policy = PROVIDERS.policy_api.create_policy(policy['id'], policy) service = PROVIDERS.catalog_api.create_service( uuid.uuid4().hex, unit.new_service_ref() ) PROVIDERS.endpoint_policy_api.create_policy_association( policy['id'], service_id=service['id']) with self.test_client() as c: c.get('/v3/policies/%s/OS-ENDPOINT-POLICY/services/%s' % (policy['id'], service['id']), headers=self.headers, expected_status_code=http.client.FORBIDDEN)
def test_user_can_update_registered_limits(self): service = PROVIDERS.catalog_api.create_service(uuid.uuid4().hex, unit.new_service_ref()) registered_limit = unit.new_registered_limit_ref( service_id=service['id'], id=uuid.uuid4().hex) limits = PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit]) limit_id = limits[0]['id'] with self.test_client() as c: update = {'registered_limit': {'default_limit': 5}} c.patch('/v3/registered_limits/%s' % limit_id, json=update, headers=self.headers)
def test_user_can_list_services(self): expected_service_ids = [] for _ in range(2): s = unit.new_service_ref() service = PROVIDERS.catalog_api.create_service(s['id'], s) expected_service_ids.append(service['id']) with self.test_client() as c: r = c.get('/v3/services', headers=self.headers) actual_service_ids = [] for service in r.json['services']: actual_service_ids.append(service['id']) for service_id in expected_service_ids: self.assertIn(service_id, actual_service_ids)
def test_delete_service_with_endpoint(self): # create a service service = unit.new_service_ref() self.catalog_api.create_service(service['id'], service) # create an endpoint attached to the service endpoint = unit.new_endpoint_ref(service_id=service['id'], region_id=None) self.catalog_api.create_endpoint(endpoint['id'], endpoint) # deleting the service should also delete the endpoint self.catalog_api.delete_service(service['id']) self.assertRaises(exception.EndpointNotFound, self.catalog_api.get_endpoint, endpoint['id']) self.assertRaises(exception.EndpointNotFound, self.catalog_api.delete_endpoint, endpoint['id'])
def setUp(self): super(AccessRulesConfigPermissiveTest, self).setUp() self.config_fixture.config(group='access_rules_config', permissive=True) self.useFixture(database.Database()) services = [ 'identity', 'image', 'block-storage', 'network', 'compute', 'object' ] for service in services: ref = unit.new_service_ref(type=service) PROVIDERS.catalog_api.create_service( uuid.uuid4().hex, ref)