def test_rand_password_with_len_2(self): actual = data_utils.rand_password(2) self.assertIsInstance(actual, str) self.assertEqual(len(actual), 3) self.assertRegexpMatches(actual, "[A-Za-z0-9~!@#$%^&*_=+]{3}") actual2 = data_utils.rand_password(2) self.assertNotEqual(actual, actual2)
def test_can_create_server_with_max_number_personality_files(self): # Server should be created successfully if maximum allowed number of # files is injected into the server during creation. file_contents = 'This is a test file.' limits = self.user_client.show_limits()['limits'] max_file_limit = limits['absolute']['maxPersonality'] if max_file_limit == -1: raise self.skipException("No limit for personality files") person = [] for i in range(0, int(max_file_limit)): path = '/etc/test' + str(i) + '.txt' person.append({ 'path': path, 'contents': base64.b64encode(file_contents), }) password = data_utils.rand_password() created_server = self.create_test_server(personality=person, adminPass=password, wait_until='ACTIVE', validatable=True) server = self.client.show_server(created_server['id'])['server'] if CONF.validation.run_validation: linux_client = remote_client.RemoteClient( self.get_server_ip(server), self.ssh_user, password, self.validation_resources['keypair']['private_key']) for i in person: self.assertEqual( base64.b64decode(i['contents']), linux_client.exec_command('sudo cat %s' % i['path']))
def test_can_create_server_with_max_number_personality_files(self): # Server should be created successfully if maximum allowed number of # files is injected into the server during creation. file_contents = 'This is a test file.' limits = self.user_client.show_limits()['limits'] max_file_limit = limits['absolute']['maxPersonality'] if max_file_limit == -1: raise self.skipException("No limit for personality files") person = [] for i in range(0, int(max_file_limit)): path = '/etc/test' + str(i) + '.txt' person.append({ 'path': path, 'contents': base64.b64encode(file_contents), }) password = data_utils.rand_password() created_server = self.create_test_server(personality=person, adminPass=password, wait_until='ACTIVE', validatable=True) server = self.client.show_server(created_server['id'])['server'] if CONF.validation.run_validation: linux_client = remote_client.RemoteClient( self.get_server_ip(server), self.ssh_user, password, self.validation_resources['keypair']['private_key']) for i in person: self.assertEqual(base64.b64decode(i['contents']), linux_client.exec_command( 'sudo cat %s' % i['path']))
def test_user_update_own_password(self): self.new_creds = copy.copy(self.creds.credentials) self.new_creds.password = data_utils.rand_password() # we need new non-admin Identity Client with new credentials, since # current non_admin_client token will be revoked after updating # password self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client) self.non_admin_client_for_cleanup.auth_provider = ( manager.get_auth_provider(self.new_creds)) user_id = self.creds.credentials.user_id old_pass = self.creds.credentials.password new_pass = self.new_creds.password # to change password back. important for allow_tenant_isolation = false self.addCleanup( self.non_admin_client_for_cleanup.update_user_own_password, user_id=user_id, new_pass=old_pass, old_pass=new_pass) # user updates own password resp = self.non_admin_client.update_user_own_password( user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access'] # TODO(lbragstad): Sleeping after the response status has been checked # and the body loaded as JSON allows requests to fail-fast. The sleep # is necessary because keystone will err on the side of security and # invalidate tokens within a small margin of error (within the same # wall clock second) after a revocation event is issued (such as a # password change). Remove this once keystone and Fernet support # sub-second precision. time.sleep(1) # check authorization with new token self.non_admin_token_client.auth_token(resp['token']['id']) # check authorization with new password self.non_admin_token_client.auth(self.username, new_pass, self.tenant_name) # authorize with old token should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth_token, self.non_admin_client.token) # authorize with old password should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth, self.username, old_pass, self.tenant_name)
def test_user_update_own_password(self): self.new_creds = copy.copy(self.creds.credentials) self.new_creds.password = data_utils.rand_password() # we need new non-admin Identity Client with new credentials, since # current non_admin_client token will be revoked after updating # password self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client) self.non_admin_client_for_cleanup.auth_provider = ( manager.get_auth_provider(self.new_creds)) user_id = self.creds.credentials.user_id old_pass = self.creds.credentials.password new_pass = self.new_creds.password # to change password back. important for allow_tenant_isolation = false self.addCleanup( self.non_admin_client_for_cleanup.update_user_own_password, user_id=user_id, new_pass=old_pass, old_pass=new_pass) # user updates own password resp = self.non_admin_client.update_user_own_password( user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access'] # TODO(lbragstad): Sleeping after the response status has been checked # and the body loaded as JSON allows requests to fail-fast. The sleep # is necessary because keystone will err on the side of security and # invalidate tokens within a small margin of error (within the same # wall clock second) after a revocation event is issued (such as a # password change). Remove this once keystone and Fernet support # sub-second precision. time.sleep(1) # check authorization with new token self.non_admin_token_client.auth_token(resp['token']['id']) # check authorization with new password self.non_admin_token_client.auth(self.username, new_pass, self.tenant_name) # authorize with old token should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth_token, self.non_admin_client.token) # authorize with old password should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth, self.username, old_pass, self.tenant_name)
def generate_resources(opts): spec = [{'number': 1, 'prefix': 'primary', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.operator_role])}, {'number': 1, 'prefix': 'alt', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.operator_role])}] if CONF.service_available.swift: spec.append({'number': 1, 'prefix': 'swift_operator', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.operator_role])}) spec.append({'number': 1, 'prefix': 'swift_reseller_admin', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.reseller_admin_role])}) if CONF.service_available.heat: spec.append({'number': 1, 'prefix': 'stack_owner', 'roles': (CONF.auth.tempest_roles + [CONF.orchestration.stack_owner_role])}) if opts.admin: spec.append({ 'number': 1, 'prefix': 'admin', 'roles': (CONF.auth.tempest_roles + [CONF.identity.admin_role]) }) resources = {'tenants': [], 'users': []} for count in range(opts.concurrency): for user_group in spec: users = [random_user_name(opts.tag, user_group['prefix']) for _ in range(user_group['number'])] for user in users: tenant = '-'.join((user, 'tenant')) resources['tenants'].append(tenant) resources['users'].append({ 'tenant': tenant, 'name': user, 'pass': data_utils.rand_password(), 'prefix': user_group['prefix'], 'roles': user_group['roles'] }) return resources
def test_create_server_with_personality(self): file_contents = 'This is a test file.' file_path = '/test.txt' personality = [{'path': file_path, 'contents': base64.b64encode(file_contents)}] password = data_utils.rand_password() created_server = self.create_test_server(personality=personality, adminPass=password, wait_until='ACTIVE', validatable=True) server = self.client.show_server(created_server['id'])['server'] if CONF.validation.run_validation: linux_client = remote_client.RemoteClient( self.get_server_ip(server), self.ssh_user, password, self.validation_resources['keypair']['private_key']) self.assertEqual(file_contents, linux_client.exec_command( 'sudo cat %s' % file_path))
def test_user_update_own_password(self): self.new_creds = copy.copy(self.creds.credentials) self.new_creds.password = data_utils.rand_password() # we need new non-admin Identity Client with new credentials, since # current non_admin_client token will be revoked after updating # password self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client) self.non_admin_client_for_cleanup.auth_provider = ( manager.get_auth_provider(self.new_creds)) user_id = self.creds.credentials.user_id old_pass = self.creds.credentials.password new_pass = self.new_creds.password # to change password back. important for allow_tenant_isolation = false self.addCleanup( self.non_admin_client_for_cleanup.update_user_own_password, user_id=user_id, new_pass=old_pass, old_pass=new_pass) # user updates own password resp = self.non_admin_client.update_user_own_password( user_id=user_id, new_pass=new_pass, old_pass=old_pass) # check authorization with new token self.non_admin_token_client.auth_token(resp['token']['id']) # check authorization with new password self.non_admin_token_client.auth(self.username, new_pass, self.tenant_name) # authorize with old token should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth_token, self.non_admin_client.token) # authorize with old password should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth, self.username, old_pass, self.tenant_name)
def __init__(self): self.username = data_utils.rand_name(name="user", prefix="akanda") self.user_id = None self.password = data_utils.rand_password() self.tenant_name = data_utils.rand_name(name="tenant", prefix="akanda") self.tenant_id = None self.role_name = data_utils.rand_name(name="role", prefix="akanda") self._admin_clients = AdminClientManager() self._admin_ks_client = self._admin_clients.keystoneclient self.auth_url = self._admin_ks_client.auth_url # create the tenant before creating its clients. self._create_tenant() self.clients = ClientManager(self.username, self.password, self.tenant_name, self.auth_url) self.tester = ClientManager("demo", "akanda", "demo", self.auth_url) self._subnets = [] self._routers = []
def test_create_server_with_personality(self): file_contents = 'This is a test file.' file_path = '/test.txt' personality = [{ 'path': file_path, 'contents': base64.b64encode(file_contents) }] password = data_utils.rand_password() created_server = self.create_test_server(personality=personality, adminPass=password, wait_until='ACTIVE', validatable=True) server = self.client.show_server(created_server['id'])['server'] if CONF.validation.run_validation: linux_client = remote_client.RemoteClient( self.get_server_ip(server), self.ssh_user, password, self.validation_resources['keypair']['private_key']) self.assertEqual( file_contents, linux_client.exec_command('sudo cat %s' % file_path))
def __init__(self): self.username = data_utils.rand_name(name='user', prefix='akanda') self.user_id = None self.password = data_utils.rand_password() self.tenant_name = data_utils.rand_name(name='tenant', prefix='akanda') self.tenant_id = None self.role_name = data_utils.rand_name(name='role', prefix='akanda') self._admin_clients = AdminClientManager() self._admin_ks_client = self._admin_clients.keystoneclient self.auth_url = self._admin_ks_client.auth_url # create the tenant before creating its clients. self._create_tenant() self.clients = ClientManager(self.username, self.password, self.tenant_name, self.auth_url) self.tester = ClientManager('demo', 'akanda', 'demo', self.auth_url) self._subnets = [] self._routers = []
def __init__(self): parse_config() self.username = data_utils.rand_name(name='user', prefix='akanda') self.user_id = None self.password = data_utils.rand_password() self.tenant_name = data_utils.rand_name(name='tenant', prefix='akanda') self.tenant_id = None self.role_name = data_utils.rand_name(name='role', prefix='akanda') self._admin_clients = AdminClientManager() self._admin_ks_client = self._admin_clients.keystoneclient self.auth_url = self._admin_ks_client.auth_url # create the tenant before creating its clients. self._create_tenant() self.clients = ClientManager(self.username, self.password, self.tenant_name, self.auth_url) self.tester = ClientManager('demo', 'akanda', 'demo', self.auth_url) self._subnets = [] self._routers = []
def test_user_update_own_password(self): self.new_creds = copy.copy(self.creds.credentials) self.new_creds.password = data_utils.rand_password() # we need new non-admin Identity Client with new credentials, since # current non_admin_client token will be revoked after updating # password self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client) self.non_admin_client_for_cleanup.auth_provider = ( manager.get_auth_provider(self.new_creds)) user_id = self.creds.credentials.user_id old_pass = self.creds.credentials.password new_pass = self.new_creds.password # to change password back. important for allow_tenant_isolation = false self.addCleanup( self.non_admin_client_for_cleanup.update_user_own_password, user_id=user_id, new_pass=old_pass, old_pass=new_pass) # user updates own password resp = self.non_admin_client.update_user_own_password( user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access'] # check authorization with new token self.non_admin_token_client.auth_token(resp['token']['id']) # check authorization with new password self.non_admin_token_client.auth(self.username, new_pass, self.tenant_name) # authorize with old token should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth_token, self.non_admin_client.token) # authorize with old password should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token_client.auth, self.username, old_pass, self.tenant_name)
def test_user_update_own_password(self): self.new_creds = copy.copy(self.creds.credentials) self.new_creds.password = data_utils.rand_password() # we need new non-admin Identity V3 Client with new credentials, since # current non_admin_client token will be revoked after updating # password self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client) self.non_admin_client_for_cleanup.auth_provider = ( manager.get_auth_provider(self.new_creds)) user_id = self.creds.credentials.user_id old_pass = self.creds.credentials.password new_pass = self.new_creds.password # to change password back. important for allow_tenant_isolation = false self.addCleanup( self.non_admin_client_for_cleanup.update_user_password, user_id=user_id, password=old_pass, original_password=new_pass) # user updates own password self.non_admin_client.update_user_password( user_id=user_id, password=new_pass, original_password=old_pass) # check authorization with new password self.non_admin_token.auth(user_id=self.user_id, password=new_pass) # authorize with old token should lead to IdentityError (404 code) self.assertRaises(exceptions.IdentityError, self.non_admin_token.auth, token=self.non_admin_client.token) # authorize with old password should lead to Unauthorized self.assertRaises(exceptions.Unauthorized, self.non_admin_token.auth, user_id=self.user_id, password=old_pass)
def generate_resources(opts): spec = [{ 'number': 1, 'prefix': 'primary', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.operator_role]) }, { 'number': 1, 'prefix': 'alt', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.operator_role]) }] if CONF.service_available.swift: spec.append({ 'number': 1, 'prefix': 'swift_operator', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.operator_role]) }) spec.append({ 'number': 1, 'prefix': 'swift_reseller_admin', 'roles': (CONF.auth.tempest_roles + [CONF.object_storage.reseller_admin_role]) }) if CONF.service_available.heat: spec.append({ 'number': 1, 'prefix': 'stack_owner', 'roles': (CONF.auth.tempest_roles + [CONF.orchestration.stack_owner_role]) }) if opts.admin: spec.append({ 'number': 1, 'prefix': 'admin', 'roles': (CONF.auth.tempest_roles + [CONF.identity.admin_role]) }) resources = {'tenants': [], 'users': []} for count in range(opts.concurrency): for user_group in spec: users = [ random_user_name(opts.tag, user_group['prefix']) for _ in range(user_group['number']) ] for user in users: tenant = '-'.join((user, 'tenant')) resources['tenants'].append(tenant) resources['users'].append({ 'tenant': tenant, 'name': user, 'pass': data_utils.rand_password(), 'prefix': user_group['prefix'], 'roles': user_group['roles'] }) return resources
def test_rand_password(self): actual = data_utils.rand_password() self.assertIsInstance(actual, str) self.assertRegexpMatches(actual, "[A-Za-z0-9~!@#$%^&*_=+]{15,}") actual2 = data_utils.rand_password() self.assertNotEqual(actual, actual2)