def setUpClass(cls):
super(AccountQuotasNegativeTest, cls).setUpClass()
cls.container_name = data_utils.rand_name(name="TestContainer")
cls.container_client.create_container(cls.container_name)
cls.data.setup_test_user()
cls.os_reselleradmin = clients.Manager(cls.data.test_credentials)
# Retrieve the ResellerAdmin role id
reseller_role_id = None
try:
_, roles = cls.os_admin.identity_client.list_roles()
reseller_role_id = next(
r['id'] for r in roles
if r['name'] == CONF.object_storage.reseller_admin_role)
except StopIteration:
msg = "No ResellerAdmin role found"
raise exceptions.NotFound(msg)
# Retrieve the ResellerAdmin tenant id
reseller_user_id = cls.data.test_credentials.user_id
# Retrieve the ResellerAdmin tenant id
reseller_tenant_id = cls.data.test_credentials.tenant_id
# Assign the newly created user the appropriate ResellerAdmin role
cls.os_admin.identity_client.assign_user_role(reseller_tenant_id,
reseller_user_id,
reseller_role_id)
# Retrieve a ResellerAdmin auth data and use it to set a quota
# on the client's account
cls.reselleradmin_auth_data = \
cls.os_reselleradmin.auth_provider.auth_data
def request(self, method, url, extra_headers=False, headers=None,
body=None):
# TODO(oomichi): This translation is just for avoiding a single
# huge patch to migrate rest_client module to tempest-lib.
# Ideally(in the future), we need to remove this translation and
# replace each API tests with tempest-lib's exceptions.
try:
return super(ServiceClient, self).request(
method, url,
extra_headers=extra_headers,
headers=headers, body=body)
except lib_exceptions.Unauthorized as ex:
raise exceptions.Unauthorized(ex)
except lib_exceptions.NotFound as ex:
raise exceptions.NotFound(ex)
except lib_exceptions.BadRequest as ex:
raise exceptions.BadRequest(ex)
except lib_exceptions.Conflict as ex:
raise exceptions.Conflict(ex)
except lib_exceptions.OverLimit as ex:
raise exceptions.OverLimit(ex)
# TODO(oomichi): This is just a workaround for failing gate tests
# when separating Forbidden from Unauthorized in tempest-lib.
# We will need to remove this translation and replace negative tests
# with lib_exceptions.Forbidden in the future.
except lib_exceptions.Forbidden as ex:
raise exceptions.Unauthorized(ex)
def _keystone_aws_get_v3(self):
import keystoneclient.v3.client
keystone = keystoneclient.v3.client.Client(**self.ks_cred)
ec2_cred_list = keystone.credentials.list(
type="ec2",
user_id=keystone.auth_user_id,
project_id=keystone.auth_tenant_id)
ec2_cred = None
for cred in ec2_cred_list:
if (cred.project_id == keystone.auth_tenant_id
and cred.user_id == keystone.auth_user_id):
ec2_cred = cred
break
else:
blob = json.dumps({
"access": uuid.uuid4().get_hex(),
"secret": uuid.uuid4().get_hex()
})
ec2_cred = keystone.credentials.create(
keystone.user_id,
type="ec2",
project=keystone.project_id,
blob=blob)
cred = json.loads(ec2_cred.blob)
access, secret = cred["access"], cred["secret"]
if not all((access, secret)):
raise exceptions.NotFound("Unable to get access and secret keys")
return (access, secret)
def _get_role_id(self, role_name):
try:
roles = self.client.list_roles()
return next(r['id'] for r in roles if r['name'] == role_name)
except StopIteration:
msg = "Role name '%s' is not found" % role_name
raise exceptions.NotFound(msg)
def get_floating_ip_pool_id_for_neutron(cls):
for network in cls.networks_client.list_networks()[1]:
if network['label'] == CONF.data_processing.floating_ip_pool:
return network['id']
raise exceptions.NotFound(
'Floating IP pool \'%s\' not found in pool list.' %
CONF.data_processing.floating_ip_pool)
def test_list_no_containers(self):
# List request to empty account
# To test listing no containers, create new user other than
# the base user of this instance.
self.data.setup_test_user()
os_test_user = clients.Manager(
self.data.test_user,
self.data.test_password,
self.data.test_tenant)
# Retrieve the id of an operator role of object storage
test_role_id = None
swift_role = CONF.object_storage.operator_role
try:
_, roles = self.os_admin.identity_client.list_roles()
test_role_id = next(r['id'] for r in roles if r['name']
== swift_role)
except StopIteration:
msg = "%s role found" % swift_role
raise exceptions.NotFound(msg)
# Retrieve the test_user id
_, users = self.os_admin.identity_client.get_users()
test_user_id = next(usr['id'] for usr in users if usr['name']
== self.data.test_user)
# Retrieve the test_tenant id
_, tenants = self.os_admin.identity_client.list_tenants()
test_tenant_id = next(tnt['id'] for tnt in tenants if tnt['name']
== self.data.test_tenant)
# Assign the newly created user the appropriate operator role
self.os_admin.identity_client.assign_user_role(
test_tenant_id,
test_user_id,
test_role_id)
resp, container_list = \
os_test_user.account_client.list_account_containers()
self.assertIn(int(resp['status']), test.HTTP_SUCCESS)
# When sending a request to an account which has not received a PUT
# container request, the response does not contain 'accept-ranges'
# header. This is a special case, therefore the existence of response
# headers is checked without custom matcher.
self.assertIn('content-length', resp)
self.assertIn('x-timestamp', resp)
self.assertIn('x-account-bytes-used', resp)
self.assertIn('x-account-container-count', resp)
self.assertIn('x-account-object-count', resp)
self.assertIn('content-type', resp)
self.assertIn('x-trans-id', resp)
self.assertIn('date', resp)
# Check only the format of common headers with custom matcher
self.assertThat(resp, custom_matchers.AreAllWellFormatted())
self.assertEqual(len(container_list), 0)
def _create_creds(self, suffix=None, admin=False):
rand_name_root = rand_name(self.name)
if suffix:
rand_name_root += suffix
tenant_name = rand_name_root + "-tenant"
tenant_desc = tenant_name + "-desc"
tenant = self._create_tenant(name=tenant_name, description=tenant_desc)
if suffix:
rand_name_root += suffix
username = rand_name_root + "-user"
email = rand_name_root + "@example.com"
user = self._create_user(username, self.password, tenant, email)
if admin:
role = None
try:
roles = self._list_roles()
admin_role = self.config.identity.admin_role
if self.tempest_client:
role = next(r for r in roles if r['name'] == admin_role)
else:
role = next(r for r in roles if r.name == admin_role)
except StopIteration:
msg = "No admin role found"
raise exceptions.NotFound(msg)
if self.tempest_client:
self._assign_user_role(tenant['id'], user['id'], role['id'])
else:
self._assign_user_role(tenant.id, user.id, role.id)
return user, tenant
def request(self, method, url, headers=None, body=None, depth=0):
"""A simple HTTP request interface."""
self.http_obj = httplib2.Http()
if headers == None:
headers = {}
if (self.token == None):
return None, None
headers['X-Auth-Token'] = self.token
req_url = url
resp, resp_body = self.http_obj.request(req_url,
method,
headers=headers,
body=body)
if resp.status == 401:
raise exceptions.Unauthorized()
if resp.status == 404:
raise exceptions.NotFound(resp_body)
if resp.status == 400:
resp_body = json.loads(resp_body)
raise exceptions.BadRequest(resp_body['badRequest']['message'])
if resp.status == 409:
resp_body = json.loads(resp_body)
raise exceptions.Duplicate(resp_body)
if resp.status == 413:
resp_body = json.loads(resp_body)
if 'overLimit' in resp_body:
raise exceptions.OverLimit(resp_body['overLimit']['message'])
elif depth < MAX_RECURSION_DEPTH:
delay = resp['Retry-After'] if 'Retry-After' in resp else 60
time.sleep(int(delay))
return self.request(method, url, headers, body, depth + 1)
else:
raise exceptions.RateLimitExceeded(
message=resp_body['overLimitFault']['message'],
details=resp_body['overLimitFault']['details'])
if resp.status in (500, 501):
resp_body = json.loads(resp_body)
#I'm seeing both computeFault and cloudServersFault come back.
#Will file a bug to fix, but leave as is for now.
if 'cloudServersFault' in resp_body:
message = resp_body['cloudServersFault']['message']
else:
message = resp_body['computeFault']['message']
raise exceptions.ComputeFault(message)
if resp.status >= 400:
resp_body = json.loads(resp_body)
raise exceptions.TempestException(str(resp.status))
return resp, resp_body
def get_private_network_id(cls):
for network in cls.networks_client.list_networks()[1]:
if network['label'] == CONF.data_processing.private_network:
return network['id']
raise exceptions.NotFound(
'Private network \'%s\' not found in network list.' %
CONF.data_processing.private_network)
def get_floating_ip_details(self, floating_ip_id):
"""Get the details of a floating IP."""
url = "os-floating-ips/%s" % str(floating_ip_id)
resp, body = self.get(url, self.headers)
body = self._parse_floating_ip(etree.fromstring(body))
if resp.status == 404:
raise exceptions.NotFound(body)
return resp, body
def get_private_network_id(cls):
net_id = cls._find_network_by_name(
CONF.data_processing.private_network)
if not net_id:
raise exceptions.NotFound(
'Private network \'%s\' not found in network list.'
% CONF.data_processing.private_network)
return net_id
def get_floating_ip_pool_id_for_neutron(cls):
net_id = cls._find_network_by_name(
CONF.data_processing.floating_ip_pool)
if not net_id:
raise exceptions.NotFound(
'Floating IP pool \'%s\' not found in pool list.'
% CONF.data_processing.floating_ip_pool)
return net_id
def get_floating_ip_details(self, floating_ip_id):
"""Get the details of a floating IP."""
url = "os-floating-ips/%s" % str(floating_ip_id)
resp, body = self.get(url)
body = json.loads(body)
if resp.status == 404:
raise exceptions.NotFound(body)
return resp, body['floating_ip']
def get_private_network_id(cls):
net_id = cls._find_network_by_name(
TEMPEST_CONF.compute.fixed_network_name)
if not net_id:
raise exceptions.NotFound(
'Private network \'%s\' not found in network list.' %
TEMPEST_CONF.compute.fixed_network_name)
return net_id
def get_floating_ip_pool_id_for_neutron(cls):
net_id = cls._find_network_by_name(
TEMPEST_CONF.network.floating_network_name)
if not net_id:
raise exceptions.NotFound(
'Floating IP pool \'%s\' not found in pool list.' %
TEMPEST_CONF.network.floating_network_name)
return net_id
def list_security_group_rules(self, security_group_id):
"""List all rules for a security group."""
resp, body = self.get('os-security-groups')
body = json.loads(body)
for sg in body['security_groups']:
if sg['id'] == security_group_id:
return resp, sg['rules']
raise exceptions.NotFound('No such Security Group')
def list_security_group_rules(self, security_group_id):
"""List all rules for a security group."""
resp, body = self.get('os-security-groups')
body = json.loads(body)
self.validate_response(schema.list_security_groups, resp, body)
for sg in body['security_groups']:
if sg['id'] == security_group_id:
return service_client.ResponseBodyList(resp, sg['rules'])
raise exceptions.NotFound('No such Security Group')
def _assign_user_role(self, tenant, user, role_name):
role = None
try:
roles = self._list_roles()
role = next(r for r in roles if r['name'] == role_name)
except StopIteration:
msg = 'No "%s" role found' % role_name
raise exceptions.NotFound(msg)
self.identity_admin_client.assign_user_role(tenant['id'], user['id'],
role['id'])
def _get_tenant_by_name(self, name):
if self.tempest_client:
resp, tenant = self.admin_client.get_tenant_by_name(name)
else:
tenants = self.admin_client.tenants.list()
for ten in tenants:
if ten['name'] == name:
tenant = ten
raise exceptions.NotFound('No such tenant')
return tenant
def check_server_is_snapshoted(self):
image_name = LEASE_IMAGE_PREFIX + self.server_name
try:
images_list = self.image_client.list()
self.assertNotEmpty(
[image for image in images_list if image.name == image_name])
except Exception as e:
message = ("Unable to find image with name '%s'. "
"Exception: %s" % (image_name, str(e)))
raise exceptions.NotFound(message)
def check_server_is_snapshoted(self):
image_name = LEASE_IMAGE_PREFIX + self.get_resource('server').name
try:
images_list = self.compute_client.images.list()
self.assertNotEmpty(
filter(lambda image: image.name == image_name, images_list))
except Exception as e:
message = ("Unable to find image with name '%s'. "
"Exception: %s" % (image_name, e.message))
raise exceptions.NotFound(message)
def list_security_group_rules(self, security_group_id):
"""List all rules for a security group."""
url = "os-security-groups"
resp, body = self.get(url)
body = etree.fromstring(body)
secgroups = body.getchildren()
for secgroup in secgroups:
if secgroup.get('id') == security_group_id:
node = secgroup.find('{%s}rules' % xml_utils.XMLNS_11)
rules = [xml_utils.xml_to_json(x) for x in node.getchildren()]
return resp, rules
raise exceptions.NotFound('No such Security Group')
def _assign_member_role(cls):
primary_user = cls.isolated_creds.get_primary_user()
alt_user = cls.isolated_creds.get_alt_user()
swift_role = CONF.object_storage.operator_role
try:
resp, roles = cls.os_admin.identity_client.list_roles()
role = next(r for r in roles if r['name'] == swift_role)
except StopIteration:
msg = "No role named %s found" % swift_role
raise exceptions.NotFound(msg)
for user in [primary_user, alt_user]:
cls.os_admin.identity_client.assign_user_role(
user['tenantId'], user['id'], role['id'])
def get_lease_by_name(self, lease_name):
# the same as the climateclient does it: ask for the entire list
lease_list = self.reservation_client.list_lease()
named_lease = []
# and then search by lease_name
named_lease = (filter(lambda lease: lease['name'] == lease_name,
lease_list))
if named_lease:
return self.reservation_client.get_lease(named_lease[0]['id'])
else:
message = "Unable to find lease with name '%s'" % lease_name
raise exceptions.NotFound(message)
def _keystone_aws_get(self):
import keystoneclient.v2_0.client
keystone = keystoneclient.v2_0.client.Client(**self.ks_cred)
ec2_cred_list = keystone.ec2.list(keystone.auth_user_id)
ec2_cred = None
for cred in ec2_cred_list:
if cred.tenant_id == keystone.auth_tenant_id:
ec2_cred = cred
break
else:
ec2_cred = keystone.ec2.create(keystone.auth_user_id,
keystone.auth_tenant_id)
if not all((ec2_cred, ec2_cred.access, ec2_cred.secret)):
raise exceptions.NotFound("Unable to get access and secret keys")
return ec2_cred
def setUpClass(cls):
super(AccountQuotasTest, cls).setUpClass()
cls.container_name = rand_name(name="TestContainer")
cls.container_client.create_container(cls.container_name)
cls.data.setup_test_user()
cls.os_reselleradmin = clients.Manager(cls.data.test_user,
cls.data.test_password,
cls.data.test_tenant)
# Retrieve the ResellerAdmin role id
reseller_role_id = None
try:
_, roles = cls.os_admin.identity_client.list_roles()
reseller_role_id = next(r['id'] for r in roles
if r['name'] == 'ResellerAdmin')
except StopIteration:
msg = "No ResellerAdmin role found"
raise exceptions.NotFound(msg)
# Retrieve the ResellerAdmin tenant id
_, users = cls.os_admin.identity_client.get_users()
reseller_user_id = next(usr['id'] for usr in users
if usr['name'] == cls.data.test_user)
# Retrieve the ResellerAdmin tenant id
_, tenants = cls.os_admin.identity_client.list_tenants()
reseller_tenant_id = next(tnt['id'] for tnt in tenants
if tnt['name'] == cls.data.test_tenant)
# Assign the newly created user the appropriate ResellerAdmin role
cls.os_admin.identity_client.assign_user_role(reseller_tenant_id,
reseller_user_id,
reseller_role_id)
# Retrieve a ResellerAdmin auth token and use it to set a quota
# on the client's account
cls.reselleradmin_token = cls.token_client.get_token(
cls.data.test_user, cls.data.test_password, cls.data.test_tenant)
headers = {
"X-Auth-Token": cls.reselleradmin_token,
"X-Account-Meta-Quota-Bytes": "20"
}
cls.os.custom_account_client.request("POST", "", headers, "")
def _assign_user_role(self, tenant, user, role_name):
role = None
try:
roles = self._list_roles()
if self.tempest_client:
role = next(r for r in roles if r['name'] == role_name)
else:
role = next(r for r in roles if r.name == role_name)
except StopIteration:
msg = 'No "%s" role found' % role_name
raise exceptions.NotFound(msg)
if self.tempest_client:
self.identity_admin_client.assign_user_role(
tenant['id'], user['id'], role['id'])
else:
self.identity_admin_client.roles.add_user_role(
user.id, role.id, tenant.id)
def request(self,
method,
url,
extra_headers=False,
headers=None,
body=None):
# TODO(oomichi): This translation is just for avoiding a single
# huge patch to migrate rest_client module to tempest-lib.
# Ideally(in the future), we need to remove this translation and
# replace each API tests with tempest-lib's exceptions.
try:
return super(ServiceClient,
self).request(method,
url,
extra_headers=extra_headers,
headers=headers,
body=body)
except lib_exceptions.Unauthorized as ex:
raise exceptions.Unauthorized(ex)
except lib_exceptions.NotFound as ex:
raise exceptions.NotFound(ex)
except lib_exceptions.BadRequest as ex:
raise exceptions.BadRequest(ex)
except lib_exceptions.Conflict as ex:
raise exceptions.Conflict(ex)
except lib_exceptions.OverLimit as ex:
raise exceptions.OverLimit(ex)
except lib_exceptions.RateLimitExceeded as ex:
raise exceptions.RateLimitExceeded(ex)
except lib_exceptions.InvalidContentType as ex:
raise exceptions.InvalidContentType(ex)
except lib_exceptions.UnprocessableEntity as ex:
raise exceptions.UnprocessableEntity(ex)
except lib_exceptions.InvalidHTTPResponseBody as ex:
raise exceptions.InvalidHTTPResponseBody(ex)
except lib_exceptions.NotImplemented as ex:
raise exceptions.NotImplemented(ex)
except lib_exceptions.ServerFault as ex:
raise exceptions.ServerFault(ex)
except lib_exceptions.UnexpectedResponseCode as ex:
raise exceptions.UnexpectedResponseCode(ex)
def _create_creds(self, suffix="", admin=False):
"""Create random credentials under the following schema.
If the name contains a '.' is the full class path of something, and
we don't really care. If it isn't, it's probably a meaningful name,
so use it.
For logging purposes, -user and -tenant are long and redundant,
don't use them. The user# will be sufficient to figure it out.
"""
if '.' in self.name:
root = ""
else:
root = self.name
tenant_name = data_utils.rand_name(root) + suffix
tenant_desc = tenant_name + "-desc"
tenant = self._create_tenant(name=tenant_name,
description=tenant_desc)
username = data_utils.rand_name(root) + suffix
email = data_utils.rand_name(root) + suffix + "@example.com"
user = self._create_user(username, self.password,
tenant, email)
if admin:
role = None
try:
roles = self._list_roles()
admin_role = CONF.identity.admin_role
if self.tempest_client:
role = next(r for r in roles if r['name'] == admin_role)
else:
role = next(r for r in roles if r.name == admin_role)
except StopIteration:
msg = "No admin role found"
raise exceptions.NotFound(msg)
if self.tempest_client:
self._assign_user_role(tenant['id'], user['id'], role['id'])
else:
self._assign_user_role(tenant.id, user.id, role.id)
return user, tenant
def setUpClass(cls):
super(AccountQuotasTest, cls).setUpClass()
cls.container_name = data_utils.rand_name(name="TestContainer")
cls.container_client.create_container(cls.container_name)
cls.data.setup_test_user()
cls.os_reselleradmin = clients.Manager(cls.data.test_user,
cls.data.test_password,
cls.data.test_tenant)
# Retrieve the ResellerAdmin role id
reseller_role_id = None
try:
_, roles = cls.os_admin.identity_client.list_roles()
reseller_role_id = next(r['id'] for r in roles
if r['name'] == 'ResellerAdmin')
except StopIteration:
msg = "No ResellerAdmin role found"
raise exceptions.NotFound(msg)
# Retrieve the ResellerAdmin tenant id
_, users = cls.os_admin.identity_client.get_users()
reseller_user_id = next(usr['id'] for usr in users
if usr['name'] == cls.data.test_user)
# Retrieve the ResellerAdmin tenant id
_, tenants = cls.os_admin.identity_client.list_tenants()
reseller_tenant_id = next(tnt['id'] for tnt in tenants
if tnt['name'] == cls.data.test_tenant)
# Assign the newly created user the appropriate ResellerAdmin role
cls.os_admin.identity_client.assign_user_role(reseller_tenant_id,
reseller_user_id,
reseller_role_id)
# Retrieve a ResellerAdmin auth data and use it to set a quota
# on the client's account
cls.reselleradmin_auth_data = \
cls.os_reselleradmin.get_auth_provider().auth_data
