def test_update_credential(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) new_user = fixtures.User(self.client, self.project_domain_id) self.useFixture(new_user) new_project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(new_project) credential = fixtures.Credential(self.client, user=user.id, type='cert') self.useFixture(credential) new_type = 'ec2' new_blob = ("{\"access\":\"" + uuid.uuid4().hex + "\",\"secret\":\"secretKey\"}") credential_ret = self.client.credentials.update(credential.id, user=new_user.id, type=new_type, blob=new_blob, project=new_project.id) credential.ref.update({ 'user': new_user.id, 'type': new_type, 'blob': new_blob, 'project': new_project.id }) self.check_credential(credential_ret, credential.ref)
def test_list_users(self): user_one = fixtures.User(self.client, self.project_domain_id) self.useFixture(user_one) user_two = fixtures.User(self.client, self.project_domain_id) self.useFixture(user_two) users = self.client.users.list() # All users are valid for user in users: self.check_user(user) self.assertIn(user_one.entity, users) self.assertIn(user_two.entity, users)
def test_create_credential_of_ec2_type(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) # project is mandatory attribute if the credential type is ec2 credential_ref = { 'user': user.id, 'type': 'ec2', 'blob': ("{\"access\":\"" + uuid.uuid4().hex + "\",\"secret\":\"secretKey\"}") } self.assertRaises(http.BadRequest, self.client.credentials.create, **credential_ref) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) credential_ref = { 'user': user.id, 'type': 'ec2', 'blob': ("{\"access\":\"" + uuid.uuid4().hex + "\",\"secret\":\"secretKey\"}"), 'project': project.id } credential = self.client.credentials.create(**credential_ref) self.addCleanup(self.client.credentials.delete, credential) self.check_credential(credential, credential_ref)
def test_list_credentials(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) cert_credential = fixtures.Credential(self.client, user=user.id, type='cert') self.useFixture(cert_credential) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) ec2_credential = fixtures.Credential(self.client, user=user.id, type='ec2', project=project.id) self.useFixture(ec2_credential) totp_credential = fixtures.Credential(self.client, user=user.id, type='totp') self.useFixture(totp_credential) credentials = self.client.credentials.list() # All credentials are valid for credential in credentials: self.check_credential(credential) self.assertIn(cert_credential.entity, credentials) self.assertIn(ec2_credential.entity, credentials) self.assertIn(totp_credential.entity, credentials)
def test_update_user(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) new_description = uuid.uuid4().hex user_ret = self.client.users.update(user.id, description=new_description) user.ref.update({'description': new_description}) self.check_user(user_ret, user.ref)
def test_delete_ec2(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) ec2 = self.client.ec2.create(user.id, project.id) self.client.ec2.delete(user.id, ec2.access) self.assertRaises(http.NotFound, self.client.ec2.get, user.id, ec2.access)
def test_get_ec2(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) ec2 = fixtures.EC2(self.client, user_id=user.id, project_id=project.id) self.useFixture(ec2) ec2_ret = self.client.ec2.get(user.id, ec2.access) self.check_ec2(ec2_ret, ec2.ref)
def test_create_ec2(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) ec2_ref = {'user_id': user.id, 'project_id': project.id} ec2 = self.client.ec2.create(**ec2_ref) self.addCleanup(self.client.ec2.delete, user.id, ec2.access) self.check_ec2(ec2, ec2_ref)
def test_create_credential_of_totp_type(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) credential_ref = { 'user': user.id, 'type': 'totp', 'blob': uuid.uuid4().hex } credential = self.client.credentials.create(**credential_ref) self.addCleanup(self.client.credentials.delete, credential) self.check_credential(credential, credential_ref)
def test_list_ec2(self): user_one = fixtures.User(self.client, self.project_domain_id) self.useFixture(user_one) ec2_one = fixtures.EC2(self.client, user_id=user_one.id, project_id=self.project_domain_id) self.useFixture(ec2_one) user_two = fixtures.User(self.client, self.project_domain_id) self.useFixture(user_two) ec2_two = fixtures.EC2(self.client, user_id=user_two.id, project_id=self.project_domain_id) self.useFixture(ec2_two) ec2_list = self.client.ec2.list(user_one.id) # All ec2 are valid for ec2 in ec2_list: self.check_ec2(ec2) self.assertIn(ec2_one.entity, ec2_list) self.assertNotIn(ec2_two.entity, ec2_list)
def test_get_credential(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) for credential_type in ['cert', 'ec2', 'totp']: credential = fixtures.Credential(self.client, user=user.id, type=credential_type, project=project.id) self.useFixture(credential) credential_ret = self.client.credentials.get(credential.id) self.check_credential(credential_ret, credential.ref)
def test_user_grouping(self): # keystoneclient.v3.users owns user grouping operations, this is why # this test case belongs to this class user = fixtures.User(self.client, self.project_domain_id) group = fixtures.Group(self.client, self.project_domain_id) self.useFixture(user) self.useFixture(group) self.assertRaises(http.NotFound, self.client.users.check_in_group, user.id, group.id) self.client.users.add_to_group(user.id, group.id) self.client.users.check_in_group(user.id, group.id) self.client.users.remove_from_group(user.id, group.id) self.assertRaises(http.NotFound, self.client.users.check_in_group, user.id, group.id)
def test_list_roles_invalid_params(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) # Only filter in role grants for a user on a resource. # Domain or project should be specified. self.assertRaises(exceptions.ValidationError, self.client.roles.list, user=user.id) # Only filter in role grants for a group on a resource. # Domain or project should be specified. group = fixtures.Group(self.client, self.project_domain_id) self.useFixture(group) self.assertRaises(exceptions.ValidationError, self.client.roles.list, group=group.id)
def test_user_domain_grant_and_revoke(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) domain = fixtures.Domain(self.client) self.useFixture(domain) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) self.client.roles.grant(role, user=user.id, domain=domain.id) roles_after_grant = self.client.roles.list(user=user.id, domain=domain.id) self.assertCountEqual(roles_after_grant, [role.entity]) self.client.roles.revoke(role, user=user.id, domain=domain.id) roles_after_revoke = self.client.roles.list(user=user.id, domain=domain.id) self.assertEqual(roles_after_revoke, [])
def test_user_project_grant_and_revoke(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) self.client.roles.grant(role, user=user.id, project=project.id) roles_after_grant = self.client.roles.list(user=user.id, project=project.id) self.assertItemsEqual(roles_after_grant, [role.entity]) self.client.roles.revoke(role, user=user.id, project=project.id) roles_after_revoke = self.client.roles.list(user=user.id, project=project.id) self.assertEqual(roles_after_revoke, [])
def test_delete_credential(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) project = fixtures.Project(self.client, self.project_domain_id) self.useFixture(project) for credential_type in ['cert', 'ec2', 'totp']: if credential_type == 'ec2': blob_value = ("{\"access\":\"" + uuid.uuid4().hex + "\",\"secret\":\"secretKey\"}") else: blob_value = uuid.uuid4().hex credential = self.client.credentials.create(user=user.id, type=credential_type, blob=blob_value, project=project.id) self.client.credentials.delete(credential.id) self.assertRaises(http.NotFound, self.client.credentials.get, credential.id)
def test_grant_role_invalid_params(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) role = fixtures.Role(self.client, domain=self.project_domain_id) self.useFixture(role) # Only grant role to a group on a resource. # Domain or project must be specified. self.assertRaises(exceptions.ValidationError, self.client.roles.grant, role.id, user=user.id) group = fixtures.Group(self.client, self.project_domain_id) self.useFixture(group) # Only grant role to a group on a resource. # Domain or project must be specified. self.assertRaises(exceptions.ValidationError, self.client.roles.grant, role.id, group=group.id)
def test_get_user(self): user = fixtures.User(self.client, self.project_domain_id) self.useFixture(user) user_ret = self.client.users.get(user.id) self.check_user(user_ret, user.ref)