def setUpClass(cls): super(AccountQuotasNegativeTest, cls).setUpClass() cls.container_name = data_utils.rand_name(name="TestContainer") cls.container_client.create_container(cls.container_name) cls.data.setup_test_user() cls.os_reselleradmin = clients.Manager(cls.data.test_credentials) # Retrieve the ResellerAdmin role id reseller_role_id = None try: _, roles = cls.os_admin.identity_client.list_roles() reseller_role_id = next( r['id'] for r in roles if r['name'] == CONF.object_storage.reseller_admin_role) except StopIteration: msg = "No ResellerAdmin role found" raise exceptions.NotFound(msg) # Retrieve the ResellerAdmin tenant id reseller_user_id = cls.data.test_credentials.user_id # Retrieve the ResellerAdmin tenant id reseller_tenant_id = cls.data.test_credentials.tenant_id # Assign the newly created user the appropriate ResellerAdmin role cls.os_admin.identity_client.assign_user_role(reseller_tenant_id, reseller_user_id, reseller_role_id) # Retrieve a ResellerAdmin auth data and use it to set a quota # on the client's account cls.reselleradmin_auth_data = \ cls.os_reselleradmin.auth_provider.auth_data
def request(self, method, url, extra_headers=False, headers=None, body=None): # TODO(oomichi): This translation is just for avoiding a single # huge patch to migrate rest_client module to tempest-lib. # Ideally(in the future), we need to remove this translation and # replace each API tests with tempest-lib's exceptions. try: return super(ServiceClient, self).request( method, url, extra_headers=extra_headers, headers=headers, body=body) except lib_exceptions.Unauthorized as ex: raise exceptions.Unauthorized(ex) except lib_exceptions.NotFound as ex: raise exceptions.NotFound(ex) except lib_exceptions.BadRequest as ex: raise exceptions.BadRequest(ex) except lib_exceptions.Conflict as ex: raise exceptions.Conflict(ex) except lib_exceptions.OverLimit as ex: raise exceptions.OverLimit(ex) # TODO(oomichi): This is just a workaround for failing gate tests # when separating Forbidden from Unauthorized in tempest-lib. # We will need to remove this translation and replace negative tests # with lib_exceptions.Forbidden in the future. except lib_exceptions.Forbidden as ex: raise exceptions.Unauthorized(ex)
def _keystone_aws_get_v3(self): import keystoneclient.v3.client keystone = keystoneclient.v3.client.Client(**self.ks_cred) ec2_cred_list = keystone.credentials.list( type="ec2", user_id=keystone.auth_user_id, project_id=keystone.auth_tenant_id) ec2_cred = None for cred in ec2_cred_list: if (cred.project_id == keystone.auth_tenant_id and cred.user_id == keystone.auth_user_id): ec2_cred = cred break else: blob = json.dumps({ "access": uuid.uuid4().get_hex(), "secret": uuid.uuid4().get_hex() }) ec2_cred = keystone.credentials.create( keystone.user_id, type="ec2", project=keystone.project_id, blob=blob) cred = json.loads(ec2_cred.blob) access, secret = cred["access"], cred["secret"] if not all((access, secret)): raise exceptions.NotFound("Unable to get access and secret keys") return (access, secret)
def _get_role_id(self, role_name): try: roles = self.client.list_roles() return next(r['id'] for r in roles if r['name'] == role_name) except StopIteration: msg = "Role name '%s' is not found" % role_name raise exceptions.NotFound(msg)
def get_floating_ip_pool_id_for_neutron(cls): for network in cls.networks_client.list_networks()[1]: if network['label'] == CONF.data_processing.floating_ip_pool: return network['id'] raise exceptions.NotFound( 'Floating IP pool \'%s\' not found in pool list.' % CONF.data_processing.floating_ip_pool)
def test_list_no_containers(self): # List request to empty account # To test listing no containers, create new user other than # the base user of this instance. self.data.setup_test_user() os_test_user = clients.Manager( self.data.test_user, self.data.test_password, self.data.test_tenant) # Retrieve the id of an operator role of object storage test_role_id = None swift_role = CONF.object_storage.operator_role try: _, roles = self.os_admin.identity_client.list_roles() test_role_id = next(r['id'] for r in roles if r['name'] == swift_role) except StopIteration: msg = "%s role found" % swift_role raise exceptions.NotFound(msg) # Retrieve the test_user id _, users = self.os_admin.identity_client.get_users() test_user_id = next(usr['id'] for usr in users if usr['name'] == self.data.test_user) # Retrieve the test_tenant id _, tenants = self.os_admin.identity_client.list_tenants() test_tenant_id = next(tnt['id'] for tnt in tenants if tnt['name'] == self.data.test_tenant) # Assign the newly created user the appropriate operator role self.os_admin.identity_client.assign_user_role( test_tenant_id, test_user_id, test_role_id) resp, container_list = \ os_test_user.account_client.list_account_containers() self.assertIn(int(resp['status']), test.HTTP_SUCCESS) # When sending a request to an account which has not received a PUT # container request, the response does not contain 'accept-ranges' # header. This is a special case, therefore the existence of response # headers is checked without custom matcher. self.assertIn('content-length', resp) self.assertIn('x-timestamp', resp) self.assertIn('x-account-bytes-used', resp) self.assertIn('x-account-container-count', resp) self.assertIn('x-account-object-count', resp) self.assertIn('content-type', resp) self.assertIn('x-trans-id', resp) self.assertIn('date', resp) # Check only the format of common headers with custom matcher self.assertThat(resp, custom_matchers.AreAllWellFormatted()) self.assertEqual(len(container_list), 0)
def _create_creds(self, suffix=None, admin=False): rand_name_root = rand_name(self.name) if suffix: rand_name_root += suffix tenant_name = rand_name_root + "-tenant" tenant_desc = tenant_name + "-desc" tenant = self._create_tenant(name=tenant_name, description=tenant_desc) if suffix: rand_name_root += suffix username = rand_name_root + "-user" email = rand_name_root + "@example.com" user = self._create_user(username, self.password, tenant, email) if admin: role = None try: roles = self._list_roles() admin_role = self.config.identity.admin_role if self.tempest_client: role = next(r for r in roles if r['name'] == admin_role) else: role = next(r for r in roles if r.name == admin_role) except StopIteration: msg = "No admin role found" raise exceptions.NotFound(msg) if self.tempest_client: self._assign_user_role(tenant['id'], user['id'], role['id']) else: self._assign_user_role(tenant.id, user.id, role.id) return user, tenant
def request(self, method, url, headers=None, body=None, depth=0): """A simple HTTP request interface.""" self.http_obj = httplib2.Http() if headers == None: headers = {} if (self.token == None): return None, None headers['X-Auth-Token'] = self.token req_url = url resp, resp_body = self.http_obj.request(req_url, method, headers=headers, body=body) if resp.status == 401: raise exceptions.Unauthorized() if resp.status == 404: raise exceptions.NotFound(resp_body) if resp.status == 400: resp_body = json.loads(resp_body) raise exceptions.BadRequest(resp_body['badRequest']['message']) if resp.status == 409: resp_body = json.loads(resp_body) raise exceptions.Duplicate(resp_body) if resp.status == 413: resp_body = json.loads(resp_body) if 'overLimit' in resp_body: raise exceptions.OverLimit(resp_body['overLimit']['message']) elif depth < MAX_RECURSION_DEPTH: delay = resp['Retry-After'] if 'Retry-After' in resp else 60 time.sleep(int(delay)) return self.request(method, url, headers, body, depth + 1) else: raise exceptions.RateLimitExceeded( message=resp_body['overLimitFault']['message'], details=resp_body['overLimitFault']['details']) if resp.status in (500, 501): resp_body = json.loads(resp_body) #I'm seeing both computeFault and cloudServersFault come back. #Will file a bug to fix, but leave as is for now. if 'cloudServersFault' in resp_body: message = resp_body['cloudServersFault']['message'] else: message = resp_body['computeFault']['message'] raise exceptions.ComputeFault(message) if resp.status >= 400: resp_body = json.loads(resp_body) raise exceptions.TempestException(str(resp.status)) return resp, resp_body
def get_private_network_id(cls): for network in cls.networks_client.list_networks()[1]: if network['label'] == CONF.data_processing.private_network: return network['id'] raise exceptions.NotFound( 'Private network \'%s\' not found in network list.' % CONF.data_processing.private_network)
def get_floating_ip_details(self, floating_ip_id): """Get the details of a floating IP.""" url = "os-floating-ips/%s" % str(floating_ip_id) resp, body = self.get(url, self.headers) body = self._parse_floating_ip(etree.fromstring(body)) if resp.status == 404: raise exceptions.NotFound(body) return resp, body
def get_private_network_id(cls): net_id = cls._find_network_by_name( CONF.data_processing.private_network) if not net_id: raise exceptions.NotFound( 'Private network \'%s\' not found in network list.' % CONF.data_processing.private_network) return net_id
def get_floating_ip_pool_id_for_neutron(cls): net_id = cls._find_network_by_name( CONF.data_processing.floating_ip_pool) if not net_id: raise exceptions.NotFound( 'Floating IP pool \'%s\' not found in pool list.' % CONF.data_processing.floating_ip_pool) return net_id
def get_floating_ip_details(self, floating_ip_id): """Get the details of a floating IP.""" url = "os-floating-ips/%s" % str(floating_ip_id) resp, body = self.get(url) body = json.loads(body) if resp.status == 404: raise exceptions.NotFound(body) return resp, body['floating_ip']
def get_private_network_id(cls): net_id = cls._find_network_by_name( TEMPEST_CONF.compute.fixed_network_name) if not net_id: raise exceptions.NotFound( 'Private network \'%s\' not found in network list.' % TEMPEST_CONF.compute.fixed_network_name) return net_id
def get_floating_ip_pool_id_for_neutron(cls): net_id = cls._find_network_by_name( TEMPEST_CONF.network.floating_network_name) if not net_id: raise exceptions.NotFound( 'Floating IP pool \'%s\' not found in pool list.' % TEMPEST_CONF.network.floating_network_name) return net_id
def list_security_group_rules(self, security_group_id): """List all rules for a security group.""" resp, body = self.get('os-security-groups') body = json.loads(body) for sg in body['security_groups']: if sg['id'] == security_group_id: return resp, sg['rules'] raise exceptions.NotFound('No such Security Group')
def list_security_group_rules(self, security_group_id): """List all rules for a security group.""" resp, body = self.get('os-security-groups') body = json.loads(body) self.validate_response(schema.list_security_groups, resp, body) for sg in body['security_groups']: if sg['id'] == security_group_id: return service_client.ResponseBodyList(resp, sg['rules']) raise exceptions.NotFound('No such Security Group')
def _assign_user_role(self, tenant, user, role_name): role = None try: roles = self._list_roles() role = next(r for r in roles if r['name'] == role_name) except StopIteration: msg = 'No "%s" role found' % role_name raise exceptions.NotFound(msg) self.identity_admin_client.assign_user_role(tenant['id'], user['id'], role['id'])
def _get_tenant_by_name(self, name): if self.tempest_client: resp, tenant = self.admin_client.get_tenant_by_name(name) else: tenants = self.admin_client.tenants.list() for ten in tenants: if ten['name'] == name: tenant = ten raise exceptions.NotFound('No such tenant') return tenant
def check_server_is_snapshoted(self): image_name = LEASE_IMAGE_PREFIX + self.server_name try: images_list = self.image_client.list() self.assertNotEmpty( [image for image in images_list if image.name == image_name]) except Exception as e: message = ("Unable to find image with name '%s'. " "Exception: %s" % (image_name, str(e))) raise exceptions.NotFound(message)
def check_server_is_snapshoted(self): image_name = LEASE_IMAGE_PREFIX + self.get_resource('server').name try: images_list = self.compute_client.images.list() self.assertNotEmpty( filter(lambda image: image.name == image_name, images_list)) except Exception as e: message = ("Unable to find image with name '%s'. " "Exception: %s" % (image_name, e.message)) raise exceptions.NotFound(message)
def list_security_group_rules(self, security_group_id): """List all rules for a security group.""" url = "os-security-groups" resp, body = self.get(url) body = etree.fromstring(body) secgroups = body.getchildren() for secgroup in secgroups: if secgroup.get('id') == security_group_id: node = secgroup.find('{%s}rules' % xml_utils.XMLNS_11) rules = [xml_utils.xml_to_json(x) for x in node.getchildren()] return resp, rules raise exceptions.NotFound('No such Security Group')
def _assign_member_role(cls): primary_user = cls.isolated_creds.get_primary_user() alt_user = cls.isolated_creds.get_alt_user() swift_role = CONF.object_storage.operator_role try: resp, roles = cls.os_admin.identity_client.list_roles() role = next(r for r in roles if r['name'] == swift_role) except StopIteration: msg = "No role named %s found" % swift_role raise exceptions.NotFound(msg) for user in [primary_user, alt_user]: cls.os_admin.identity_client.assign_user_role( user['tenantId'], user['id'], role['id'])
def get_lease_by_name(self, lease_name): # the same as the climateclient does it: ask for the entire list lease_list = self.reservation_client.list_lease() named_lease = [] # and then search by lease_name named_lease = (filter(lambda lease: lease['name'] == lease_name, lease_list)) if named_lease: return self.reservation_client.get_lease(named_lease[0]['id']) else: message = "Unable to find lease with name '%s'" % lease_name raise exceptions.NotFound(message)
def _keystone_aws_get(self): import keystoneclient.v2_0.client keystone = keystoneclient.v2_0.client.Client(**self.ks_cred) ec2_cred_list = keystone.ec2.list(keystone.auth_user_id) ec2_cred = None for cred in ec2_cred_list: if cred.tenant_id == keystone.auth_tenant_id: ec2_cred = cred break else: ec2_cred = keystone.ec2.create(keystone.auth_user_id, keystone.auth_tenant_id) if not all((ec2_cred, ec2_cred.access, ec2_cred.secret)): raise exceptions.NotFound("Unable to get access and secret keys") return ec2_cred
def setUpClass(cls): super(AccountQuotasTest, cls).setUpClass() cls.container_name = rand_name(name="TestContainer") cls.container_client.create_container(cls.container_name) cls.data.setup_test_user() cls.os_reselleradmin = clients.Manager(cls.data.test_user, cls.data.test_password, cls.data.test_tenant) # Retrieve the ResellerAdmin role id reseller_role_id = None try: _, roles = cls.os_admin.identity_client.list_roles() reseller_role_id = next(r['id'] for r in roles if r['name'] == 'ResellerAdmin') except StopIteration: msg = "No ResellerAdmin role found" raise exceptions.NotFound(msg) # Retrieve the ResellerAdmin tenant id _, users = cls.os_admin.identity_client.get_users() reseller_user_id = next(usr['id'] for usr in users if usr['name'] == cls.data.test_user) # Retrieve the ResellerAdmin tenant id _, tenants = cls.os_admin.identity_client.list_tenants() reseller_tenant_id = next(tnt['id'] for tnt in tenants if tnt['name'] == cls.data.test_tenant) # Assign the newly created user the appropriate ResellerAdmin role cls.os_admin.identity_client.assign_user_role(reseller_tenant_id, reseller_user_id, reseller_role_id) # Retrieve a ResellerAdmin auth token and use it to set a quota # on the client's account cls.reselleradmin_token = cls.token_client.get_token( cls.data.test_user, cls.data.test_password, cls.data.test_tenant) headers = { "X-Auth-Token": cls.reselleradmin_token, "X-Account-Meta-Quota-Bytes": "20" } cls.os.custom_account_client.request("POST", "", headers, "")
def _assign_user_role(self, tenant, user, role_name): role = None try: roles = self._list_roles() if self.tempest_client: role = next(r for r in roles if r['name'] == role_name) else: role = next(r for r in roles if r.name == role_name) except StopIteration: msg = 'No "%s" role found' % role_name raise exceptions.NotFound(msg) if self.tempest_client: self.identity_admin_client.assign_user_role( tenant['id'], user['id'], role['id']) else: self.identity_admin_client.roles.add_user_role( user.id, role.id, tenant.id)
def request(self, method, url, extra_headers=False, headers=None, body=None): # TODO(oomichi): This translation is just for avoiding a single # huge patch to migrate rest_client module to tempest-lib. # Ideally(in the future), we need to remove this translation and # replace each API tests with tempest-lib's exceptions. try: return super(ServiceClient, self).request(method, url, extra_headers=extra_headers, headers=headers, body=body) except lib_exceptions.Unauthorized as ex: raise exceptions.Unauthorized(ex) except lib_exceptions.NotFound as ex: raise exceptions.NotFound(ex) except lib_exceptions.BadRequest as ex: raise exceptions.BadRequest(ex) except lib_exceptions.Conflict as ex: raise exceptions.Conflict(ex) except lib_exceptions.OverLimit as ex: raise exceptions.OverLimit(ex) except lib_exceptions.RateLimitExceeded as ex: raise exceptions.RateLimitExceeded(ex) except lib_exceptions.InvalidContentType as ex: raise exceptions.InvalidContentType(ex) except lib_exceptions.UnprocessableEntity as ex: raise exceptions.UnprocessableEntity(ex) except lib_exceptions.InvalidHTTPResponseBody as ex: raise exceptions.InvalidHTTPResponseBody(ex) except lib_exceptions.NotImplemented as ex: raise exceptions.NotImplemented(ex) except lib_exceptions.ServerFault as ex: raise exceptions.ServerFault(ex) except lib_exceptions.UnexpectedResponseCode as ex: raise exceptions.UnexpectedResponseCode(ex)
def _create_creds(self, suffix="", admin=False): """Create random credentials under the following schema. If the name contains a '.' is the full class path of something, and we don't really care. If it isn't, it's probably a meaningful name, so use it. For logging purposes, -user and -tenant are long and redundant, don't use them. The user# will be sufficient to figure it out. """ if '.' in self.name: root = "" else: root = self.name tenant_name = data_utils.rand_name(root) + suffix tenant_desc = tenant_name + "-desc" tenant = self._create_tenant(name=tenant_name, description=tenant_desc) username = data_utils.rand_name(root) + suffix email = data_utils.rand_name(root) + suffix + "@example.com" user = self._create_user(username, self.password, tenant, email) if admin: role = None try: roles = self._list_roles() admin_role = CONF.identity.admin_role if self.tempest_client: role = next(r for r in roles if r['name'] == admin_role) else: role = next(r for r in roles if r.name == admin_role) except StopIteration: msg = "No admin role found" raise exceptions.NotFound(msg) if self.tempest_client: self._assign_user_role(tenant['id'], user['id'], role['id']) else: self._assign_user_role(tenant.id, user.id, role.id) return user, tenant
def setUpClass(cls): super(AccountQuotasTest, cls).setUpClass() cls.container_name = data_utils.rand_name(name="TestContainer") cls.container_client.create_container(cls.container_name) cls.data.setup_test_user() cls.os_reselleradmin = clients.Manager(cls.data.test_user, cls.data.test_password, cls.data.test_tenant) # Retrieve the ResellerAdmin role id reseller_role_id = None try: _, roles = cls.os_admin.identity_client.list_roles() reseller_role_id = next(r['id'] for r in roles if r['name'] == 'ResellerAdmin') except StopIteration: msg = "No ResellerAdmin role found" raise exceptions.NotFound(msg) # Retrieve the ResellerAdmin tenant id _, users = cls.os_admin.identity_client.get_users() reseller_user_id = next(usr['id'] for usr in users if usr['name'] == cls.data.test_user) # Retrieve the ResellerAdmin tenant id _, tenants = cls.os_admin.identity_client.list_tenants() reseller_tenant_id = next(tnt['id'] for tnt in tenants if tnt['name'] == cls.data.test_tenant) # Assign the newly created user the appropriate ResellerAdmin role cls.os_admin.identity_client.assign_user_role(reseller_tenant_id, reseller_user_id, reseller_role_id) # Retrieve a ResellerAdmin auth data and use it to set a quota # on the client's account cls.reselleradmin_auth_data = \ cls.os_reselleradmin.get_auth_provider().auth_data