def error_cleanup():
global role_uuid, project_uuid, project_02_uuid, project_template_01_uuid, project_template_02_uuid, \
company_uuid_01, company_uuid_02, department_01_uuid, department_02_uuid, virtual_id_group_uuid, \
virtual_id_uuid
if company_uuid_01:
iam2_ops.delete_iam2_organization(company_uuid_01)
if company_uuid_02:
iam2_ops.delete_iam2_organization(company_uuid_02)
if department_01_uuid:
iam2_ops.delete_iam2_organization(department_01_uuid)
if department_02_uuid:
iam2_ops.delete_iam2_organization(department_02_uuid)
if virtual_id_group_uuid:
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid)
if project_uuid:
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
if project_02_uuid:
iam2_ops.delete_iam2_project(project_02_uuid)
iam2_ops.expunge_iam2_project(project_02_uuid)
if project_template_01_uuid:
iam2_ops.delete_iam2_project_template(project_template_01_uuid)
if project_template_02_uuid:
iam2_ops.delete_iam2_project_template(project_template_02_uuid)
if virtual_id_uuid:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if role_uuid:
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
def error_cleanup():
global role_uuid, project_uuid, project_02_uuid, project_template_01_uuid, project_template_02_uuid, \
company_uuid_01, company_uuid_02, department_01_uuid, department_02_uuid, virtual_id_group_uuid, \
virtual_id_uuid, platform_admin_uuid
if company_uuid_01:
iam2_ops.delete_iam2_organization(company_uuid_01)
if company_uuid_02:
iam2_ops.delete_iam2_organization(company_uuid_02)
if department_01_uuid:
iam2_ops.delete_iam2_organization(department_01_uuid)
if department_02_uuid:
iam2_ops.delete_iam2_organization(department_02_uuid)
if virtual_id_group_uuid:
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid)
if project_uuid:
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
if project_02_uuid:
iam2_ops.delete_iam2_project(project_02_uuid)
iam2_ops.expunge_iam2_project(project_02_uuid)
if project_template_01_uuid:
iam2_ops.delete_iam2_project_template(project_template_01_uuid)
if project_template_02_uuid:
iam2_ops.delete_iam2_project_template(project_template_02_uuid)
if virtual_id_uuid:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if platform_admin_uuid:
iam2_ops.delete_iam2_virtual_id(platform_admin_uuid)
if role_uuid:
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
def test():
iam2_ops.clean_iam2_enviroment()
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_name = project.name
project_uuid = project.uuid
# 2 create plain user
plain_user_name = 'username'
plain_user_password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(
plain_user_name, plain_user_password, project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid], project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(
plain_user_name, plain_user_password)
# 4 login in project
# project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_session_uuid = iam2_ops.login_iam2_project(
project_name, plain_user_session_uuid).uuid
# 5 get iam2 virtual id api permission and project
iam2_ops.get_iam2_virtual_id_permission(session_uuid=project_session_uuid)
# time.sleep(20)
# 6 logout
acc_ops.logout(project_session_uuid)
try:
iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
except:
test_util.test_dsc("the user [%s] is deleted,can't login" %
plain_user_name)
username = '******' * 85
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
iam2_ops.create_iam2_virtual_id(username, password)
test_util.test_dsc("success test 255 varchar long username")
username = '******' * 256
try:
iam2_ops.create_iam2_virtual_id(username, password)
test_util.test_fail(
"256 varchar long name is bigger than number in database")
except:
test_util.test_dsc(
"can't create username more than 255 varchar ,success!")
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by plain user')
def test():
iam2_ops.clean_iam2_enviroment()
virtual_id_uuid_list = []
password = '******'
for char in ['A','B','C','D','E']:
username = '******'+char
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
virtual_id_uuid_list.append(virtual_id_uuid)
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
company_uuid_01 = iam2_ops.create_iam2_organization('test_company_01', 'Company').uuid
department_01_uuid = iam2_ops.create_iam2_organization('test_department_01', 'Department',
parent_uuid=company_uuid_01).uuid
for virtual_id_uuid in virtual_id_uuid_list:
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],project_uuid)
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid],company_uuid_01)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid_list[0], attributes)
try:
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid_list[1],attributes)
test_util.test_fail("can't set 2 projectAdmin in one project")
except:
test_util.test_dsc("can't set 2 projectAdmin in one project,success")
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid_list[2]}]
iam2_ops.add_attributes_to_iam2_organization(department_01_uuid, attributes)
try:
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid_list[3]}]
iam2_ops.add_attributes_to_iam2_organization(department_01_uuid,attributes)
test_util.test_fail("can't set 2 OrganizationSupervisor in 1 organization")
except:
test_util.test_dsc("can't set 2 OrganizationSupervisor in 1 organization,success")
try:
attributes = [{"name": "phone", "value": 'abcdefg'}]
iam2_ops.add_attributes_to_iam2_organization(virtual_id_uuid_list[4],attributes)
test_util.test_fail("can't set wrong phone number")
except:
test_util.test_dsc("can't set wrong phone number,success")
try:
attributes = [{"name": "mail", "value": '1234098djfghd'}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid_list[4],attributes)
test_util.test_fail("can't set wrong mail")
except:
test_util.test_dsc("can't set wrong mail,success")
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 admin negtive operations!')
def error_cleanup():
global image
iam2_ops.clean_iam2_enviroment()
if image:
try:
img_ops.delete_image(image.uuid)
except:
img_ops.expunge_image(image.uuid)
def destroy_initial_database():
zoneinvs = res_ops.query_resource_fields(res_ops.ZONE, [], None, ['uuid'])
for zoneinv in zoneinvs:
zone_operations.delete_zone(zoneinv.uuid)
backstorageinvs = res_ops.query_resource_fields(res_ops.BACKUP_STORAGE, [], None, ['uuid'])
for backstorageinv in backstorageinvs:
bs_operations.delete_backup_storage(backstorageinv.uuid)
iam2_ops.clean_iam2_enviroment()
def error_cleanup():
global image
iam2_ops.clean_iam2_enviroment()
if image:
try:
img_ops.delete_image(image.uuid)
except:
img_ops.expunge_image(image.uuid)
def error_cleanup():
global company_uuid_01 , virtual_id_uuid
if company_uuid_01:
iam2_ops.delete_iam2_organization(company_uuid_01)
if virtual_id_uuid_list:
for virtual_id_uuid in virtual_id_uuid_list:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
iam2_ops.clean_iam2_enviroment()
def error_cleanup():
global company_uuid_01, virtual_id_uuid
if company_uuid_01:
iam2_ops.delete_iam2_organization(company_uuid_01)
if virtual_id_uuid_list:
for virtual_id_uuid in virtual_id_uuid_list:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
iam2_ops.clean_iam2_enviroment()
def test():
global vm, volume
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(
project_name, project_admin_session_uuid).uuid
res_ops.query_resource(res_ops.L2_VXLAN_NETWORK_POOL)
# 3 create volume
vm = test_stub.create_vm(session_uuid=project_admin_session_uuid)
volume = test_stub.create_volume(session_uuid=project_admin_session_uuid)
volume.attach(vm)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', volume.get_volume().uuid)
vol_inv = res_ops.query_resource(res_ops.VOLUME, cond)
if not vol_inv:
test_util.test_fail(
"can't query volume after delete the project ,test fail")
# 5 expunge project
iam2_ops.expunge_iam2_project(project_uuid)
# query volume
cond = res_ops.gen_query_conditions('uuid', '=', volume.get_volume().uuid)
vol_inv = res_ops.query_resource(res_ops.VOLUME, cond)[0]
if vol_inv.status != 'Deleted':
test_util.test_fail(
'The volume created in project is still not deleted after the project is expunge ,now status is %s'
% vol_inv.status)
volume.expunge()
vm.clean()
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def test():
iam2_ops.clean_iam2_enviroment()
global project_uuid,project_admin_uuid,virtual_id_uuid
# create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
#create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
#create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
#login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
#create ticket
ticket_name = 'ticket_1'
session_uuid = project_login_uuid
api_name='org.zstack.header.vm.APICreateVmInstanceMsg'
request_name='create-vm-ticket'
executeTimes=1
account_system_type='iam2'
conditions = res_ops.gen_query_conditions('type', '=', 'UserVm')
instance_offering_uuid =res_ops.query_resource(res_ops.INSTANCE_OFFERING, conditions)[0].uuid
image_name = os.environ.get('imageName_s')
image_uuid=test_lib.lib_get_image_by_name(image_name).uuid
l3_name = os.environ.get('l3VlanNetworkName1')
l3_network_uuids=test_lib.lib_get_l3_by_name(l3_name).uuid
api_body={"name":"vm","instanceOfferingUuid":instance_offering_uuid,"imageUuid":image_uuid,"l3NetworkUuids":l3_network_uuids}
try:
ticket= ticket_ops.create_ticket(ticket_name,request_name,api_body,api_name,executeTimes,account_system_type,virtual_id_uuid,project_uuid,session_uuid)
test_util.test_fail("can't create ticket by project admin ")
except:
test_util.test_logger('create ticket fail by project admin ')
#query ticket
try:
cond= res_ops.gen_query_conditions('uuid','=', ticket.uuid)
ticket_list = res_ops.query_resource(res_ops.TICKET,cond)
test_util.test_fail("can't query ticket by project admin ")
except:
test_util.test_pass('success test iam2 ticket by project admin')
def test():
global image
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid], project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name,password)
project_admin_session_uuid = iam2_ops.login_iam2_project(project_name,project_admin_session_uuid).uuid
res_ops.query_resource(res_ops.L2_VXLAN_NETWORK_POOL)
# 3 add image
bs_cond = res_ops.gen_query_conditions("status", '=', "Connected")
bss = res_ops.query_resource(res_ops.BACKUP_STORAGE, bs_cond)
image_option = test_util.ImageOption()
image_option.set_format('iso')
image_option.set_name('test_add_iso_image')
image_option.set_url(os.environ.get('imageServer') + "/iso/CentOS-x86_64-7.2-Minimal.iso")
image_option.set_backup_storage_uuid_list([bss[0].uuid])
image_option.set_timeout(60000)
image_option.set_session_uuid(project_admin_session_uuid)
image = img_ops.add_image(image_option)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
cond =res_ops.gen_query_conditions('uuid','=',image.uuid)
img_inv=res_ops.query_resource(res_ops.IMAGE,cond)
if not img_inv:
test_util.test_fail("can't query image %s after delete the project,test fail"%image.uuid)
# 5 expunge project
iam2_ops.expunge_iam2_project(project_uuid)
cond = res_ops.gen_query_conditions('uuid','=',image.uuid)
img_inv = res_ops.query_resource(res_ops.IMAGE,cond)[0]
if img_inv.status != 'Deleted':
test_util.test_fail('The image created in project is not deleted after project is expunge, test fail')
img_ops.expunge_image(image.uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def error_cleanup(): global project_uuid, project_admin_uuid, virtual_id_uuid if virtual_id_uuid: iam2_ops.delete_iam2_virtual_id(virtual_id_uuid) if project_admin_uuid: iam2_ops.delete_iam2_virtual_id(project_admin_uuid) if project_uuid: iam2_ops.delete_iam2_project(project_uuid) iam2_ops.expunge_iam2_project(project_uuid) iam2_ops.clean_iam2_enviroment()
def error_cleanup():
global project_uuid, project_admin_uuid, virtual_id_uuid
if virtual_id_uuid:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_uuid:
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
iam2_ops.clean_iam2_enviroment()
def error_cleanup():
global company_uuid_02 , virtual_id_uuid , platform_admin_uuid
if company_uuid_02:
iam2_ops.delete_iam2_organization(company_uuid_02)
if platform_admin_uuid:
iam2_ops.delete_iam2_virtual_id(platform_admin_uuid)
if virtual_id_uuid_list:
for virtual_id_uuid in virtual_id_uuid_list:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
iam2_ops.clean_iam2_enviroment()
def error_cleanup():
global vm, volume
iam2_ops.clean_iam2_enviroment()
if vm:
vm.clean()
if volume:
try:
volume.delete()
except:
volume.expunge()
def error_cleanup():
global vm, volume
iam2_ops.clean_iam2_enviroment()
if vm:
vm.clean()
if volume:
try:
volume.delete()
except:
volume.expunge()
def test():
iam2_ops.clean_iam2_enviroment()
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_name = project.name
project_uuid = project.uuid
# 2 create plain user
plain_user_name = 'username'
plain_user_password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid], project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
# project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_session_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
# 5 get iam2 virtual id api permission and project
iam2_ops.get_iam2_virtual_id_permission(session_uuid=project_session_uuid)
# time.sleep(20)
# 6 logout
acc_ops.logout(project_session_uuid)
try:
iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
except:
test_util.test_dsc("the user [%s] is deleted,can't login" % plain_user_name)
username = '******' * 85
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
iam2_ops.create_iam2_virtual_id(username, password)
test_util.test_dsc("success test 255 varchar long username")
username = '******' * 256
try:
iam2_ops.create_iam2_virtual_id(username, password)
test_util.test_fail("256 varchar long name is bigger than number in database")
except:
test_util.test_dsc("can't create username more than 255 varchar ,success!")
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by plain user')
def test():
global vm, volume
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid], project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(project_name, project_admin_session_uuid).uuid
res_ops.query_resource(res_ops.L2_VXLAN_NETWORK_POOL)
# 3 create volume
vm = test_stub.create_vm(session_uuid=project_admin_session_uuid)
volume = test_stub.create_volume(session_uuid=project_admin_session_uuid)
volume.attach(vm)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', volume.get_volume().uuid)
vol_inv = res_ops.query_resource(res_ops.VOLUME, cond)
if not vol_inv:
test_util.test_fail("can't query volume after delete the project ,test fail")
# 5 expunge project
iam2_ops.expunge_iam2_project(project_uuid)
# query volume
cond = res_ops.gen_query_conditions('uuid', '=', volume.get_volume().uuid)
vol_inv = res_ops.query_resource(res_ops.VOLUME, cond)[0]
if vol_inv.status != 'Deleted':
test_util.test_fail(
'The volume created in project is still not deleted after the project is expunge ,now status is %s' %
vol_inv.status)
volume.expunge()
vm.clean()
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def test():
global vid_uuid, vid_uuid2
iam2_ops.clean_iam2_enviroment()
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
password = '******'
vid_tst_obj = test_vid.ZstackTestVid()
vid_tst_obj2 = None
if flavor['target_role'] == 'system_admin':
attributes = [{"name": "__SystemAdmin__"}]
username = "******"
vid_tst_obj = test_vid.ZstackTestVid()
test_stub.create_system_admin(username, password, vid_tst_obj)
virtual_id_uuid = vid_tst_obj.get_vid().uuid
system_admin_session_uuid = acc_ops.login_by_account(username, password)
#create systemadmin by systemadmin session
vid_tst_obj2 = test_vid.ZstackTestVid()
vid_tst_obj2.create("systemsubadmin", password, session_uuid=system_admin_session_uuid, without_default_role="true")
vid_uuid2 = vid_tst_obj2.get_vid().uuid
iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid2, attributes, session_uuid=system_admin_session_uuid)
role_uuid = iam2_ops.create_role('systemAdminSubRole').uuid
statements = [{"effect":"Allow","actions":["org.zstack.header.image.**"]}]
iam2_ops.add_policy_statements_to_role(role_uuid, statements)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], vid_tst_obj2.get_vid().uuid)
elif flavor['target_role'] == 'security_admin':
attributes = [{"name": "__SecurityAdmin__"}]
username = "******"
vid_tst_obj.create(username, password, without_default_role="true")
vid_uuid = vid_tst_obj.get_vid().uuid
iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid, attributes)
elif flavor['target_role'] == 'audit_admin':
attributes = [{"name": "__AuditAdmin__"}]
username = "******"
vid_tst_obj.create(username, password, without_default_role="true")
vid_uuid = vid_tst_obj.get_vid().uuid
iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid, attributes)
else:
test_util.test_fail("not a candidate role")
vid_tst_obj.set_vid_attributes(attributes)
vid_tst_obj.check()
vid_tst_obj.delete()
if vid_tst_obj2:
iam2_ops.delete_iam2_virtual_id(vid_uuid2)
test_util.test_pass('success test 3 admins attributes!')
def test():
iam2_ops.clean_iam2_enviroment()
global project_uuid,platform_admin_uuid,virtual_id_uuid
#create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
#create virtual id
platform_admin_name = 'username'
platform_admin_password = '******'
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(platform_admin_name, platform_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
#create platform admin
iam2_ops.add_iam2_virtual_ids_to_project([platform_admin_uuid],project_uuid)
attributes = [{"name": "__PlatformAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
#login in project by platform admin
platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(platform_admin_name, platform_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=platform_admin_session_uuid).uuid
#create ticket
ticket_name = 'ticket_1'
session_uuid = project_login_uuid
api_name='org.zstack.header.vm.APICreateVmInstanceMsg'
request_name='create-vm-ticket'
executeTimes=1
account_system_type='iam2'
conditions = res_ops.gen_query_conditions('type', '=', 'UserVm')
instance_offering_uuid =res_ops.query_resource(res_ops.INSTANCE_OFFERING, conditions)[0].uuid
image_name = os.environ.get('imageName_s')
image_uuid=test_lib.lib_get_image_by_name(image_name).uuid
l3_name = os.environ.get('l3VlanNetworkName1')
l3_network_uuids=test_lib.lib_get_l3_by_name(l3_name).uuid
api_body={"name":"vm","instanceOfferingUuid":instance_offering_uuid,"imageUuid":image_uuid,"l3NetworkUuids":[l3_network_uuids]}
try:
ticket= ticket_ops.create_ticket(ticket_name,request_name,api_body,api_name,executeTimes,account_system_type,virtual_id_uuid,project_uuid,session_uuid)
test_util.test_fail("can't create ticket by platform admin ")
except:
test_util.test_logger("create ticket fail by platform admin ")
#query ticket
try:
cond= res_ops.gen_query_conditions('uuid','=', ticket.uuid)
ticket_list = res_ops.query_resource(res_ops.TICKET,cond)
test_util.test_fail("can't query ticket by platform admin ")
except:
test_util.test_pass('success test iam2 ticket by platform admin')
def test():
iam2_ops.clean_iam2_enviroment()
# 1 create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
# 2 create project operator and virtual id
project_operator_name = 'username'
project_operator_password = '******'
password='******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo',password).uuid
# 3 login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
# 4 create virtual id group
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(project_uuid,'test_virtual_id_group',session_uuid=project_login_uuid).uuid
# 5 add virtual id into project and group
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
# 6 remove virtual id from project and group
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
# 7 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('role1', statements,session_uuid=project_login_uuid).uuid
# 8 add/remove roles to/from virtual id(group)
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid],virtual_id_uuid,session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid],virtual_id_uuid,session_uuid=project_login_uuid)
# 9 delete
iam2_ops.delete_role(role_uuid,session_uuid=project_login_uuid)
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid,session_uuid=project_login_uuid)
acc_ops.logout(project_login_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login by project operator')
def test():
iam2_ops.clean_iam2_enviroment()
# 1 create platformAdmin
username = '******'
password = '******'
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(username,
password).uuid
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
username, password)
# 2 create platformAdmin by platformAdmin
username_02 = 'username_02'
password_02 = 'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
username_02, password_02,
session_uuid=platform_admin_session_uuid).uuid
try:
iam2_ops.add_attributes_to_iam2_virtual_id(
virtual_id_uuid,
attributes,
session_uuid=platform_admin_session_uuid)
test_util.test_fail("platformAdmin can't create platformAdmin")
except:
pass
# 3 delete platformAdmin by platformAdmin
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
try:
iam2_ops.remove_attributes_from_iam2_virtual_id(
virtual_id_uuid,
attributes,
session_uuid=platform_admin_session_uuid)
test_util.test_fail("platformAdmin can't cancel platformAdmin")
except:
pass
acc_ops.logout(platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id(platform_admin_uuid)
try:
iam2_ops.login_iam2_virtual_id(username, password)
test_util.test_fail(
"the platform admin is Deleted,can't login,but now login success,test fail"
)
except:
pass
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("success test platform admin negtive operations")
def error_cleanup():
global vm
global schd_job1
global schd_job2
global schd_trigger1
global schd_trigger2
iam2_ops.clean_iam2_enviroment()
if vm:
vm.clean()
if schd_job1:
schd_ops.del_scheduler_job(schd_job1.uuid)
if schd_trigger1:
schd_ops.del_scheduler_trigger(schd_trigger1.uuid)
if schd_job2:
schd_ops.del_scheduler_job(schd_job2.uuid)
if schd_trigger2:
schd_ops.del_scheduler_trigger(schd_trigger2.uuid)
def error_cleanup():
global vm
global schd_job1
global schd_job2
global schd_trigger1
global schd_trigger2
iam2_ops.clean_iam2_enviroment()
if vm:
vm.clean()
if schd_job1:
schd_ops.del_scheduler_job(schd_job1.uuid)
if schd_trigger1:
schd_ops.del_scheduler_trigger(schd_trigger1.uuid)
if schd_job2:
schd_ops.del_scheduler_job(schd_job2.uuid)
if schd_trigger2:
schd_ops.del_scheduler_trigger(schd_trigger2.uuid)
def test():
global cert
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(
project_name, project_admin_session_uuid).uuid
cert = net_ops.create_certificate('certificate_for_pm',
'fake certificate',
session_uuid=project_admin_session_uuid)
acc_ops.logout(project_admin_session_uuid)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
# 5 check for cascade delete
test_stub.check_resource_not_exist(cert.uuid, res_ops.CERTIFICATE)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('Create Simple VM Stop Start Scheduler Success')
def error_cleanup():
global email_platform_uuid, email_endpoint_uuid, dingtalk_endpoint_uuid, http_endpoint_uuid, alarm_uuid, ps_event_sub_uuid, sns_topic_uuid, alarm_template_uuid
iam2_ops.clean_iam2_enviroment()
if email_platform_uuid:
zwt_ops.delete_sns_application_platform(email_platform_uuid)
if email_endpoint_uuid:
zwt_ops.delete_sns_application_endpoint(email_endpoint_uuid)
if dingtalk_endpoint_uuid:
zwt_ops.delete_sns_application_endpoint(dingtalk_endpoint_uuid)
if http_endpoint_uuid:
zwt_ops.delete_sns_application_endpoint(http_endpoint_uuid)
if alarm_uuid:
zwt_ops.delete_alarm(alarm_uuid)
if ps_event_sub_uuid:
zwt_ops.unsubscribe_event(ps_event_sub_uuid)
if sns_topic_uuid:
zwt_ops.delete_sns_topic(sns_topic_uuid)
if alarm_template_uuid:
zwt_ops.delete_sns_text_template(alarm_template_uuid)
def error_cleanup():
global email_platform_uuid,email_endpoint_uuid,dingtalk_endpoint_uuid,http_endpoint_uuid,alarm_uuid,ps_event_sub_uuid,sns_topic_uuid,alarm_template_uuid
iam2_ops.clean_iam2_enviroment()
if email_platform_uuid:
zwt_ops.delete_sns_application_platform(email_platform_uuid)
if email_endpoint_uuid:
zwt_ops.delete_sns_application_endpoint(email_endpoint_uuid)
if dingtalk_endpoint_uuid:
zwt_ops.delete_sns_application_endpoint(dingtalk_endpoint_uuid)
if http_endpoint_uuid:
zwt_ops.delete_sns_application_endpoint(http_endpoint_uuid)
if alarm_uuid:
zwt_ops.delete_alarm(alarm_uuid)
if ps_event_sub_uuid:
zwt_ops.unsubscribe_event(ps_event_sub_uuid)
if sns_topic_uuid:
zwt_ops.delete_sns_topic(sns_topic_uuid)
if alarm_template_uuid:
zwt_ops.delete_sns_text_template(alarm_template_uuid)
def test():
iam2_ops.clean_iam2_enviroment()
# 1 create platformAdmin
username = '******'
password = '******'
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
# 2 create platformAdmin by platformAdmin
username_02 = 'username_02'
password_02 = 'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username_02, password_02,
session_uuid=platform_admin_session_uuid).uuid
try:
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes,
session_uuid=platform_admin_session_uuid)
test_util.test_fail("platformAdmin can't create platformAdmin")
except:
pass
# 3 delete platformAdmin by platformAdmin
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
try:
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes,
session_uuid=platform_admin_session_uuid)
test_util.test_fail("platformAdmin can't cancel platformAdmin")
except:
pass
acc_ops.logout(platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id(platform_admin_uuid)
try:
iam2_ops.login_iam2_virtual_id(username,password)
test_util.test_fail("the platform admin is Deleted,can't login,but now login success,test fail")
except:
pass
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("success test platform admin negtive operations")
def test():
global cert
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid], project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name,password)
project_admin_session_uuid = iam2_ops.login_iam2_project(project_name,project_admin_session_uuid).uuid
cert = net_ops.create_certificate('certificate_for_pm', 'fake certificate', session_uuid=project_admin_session_uuid)
acc_ops.logout(project_admin_session_uuid)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
# 5 check for cascade delete
test_stub.check_resource_not_exist(cert.uuid,res_ops.CERTIFICATE)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('Create Simple VM Stop Start Scheduler Success')
def error_cleanup():
global cert
iam2_ops.clean_iam2_enviroment()
if cert:
net_ops.delete_certificate(cert.uuid)
def error_cleanup():
global test_obj_dict
test_lib.lib_error_cleanup(test_obj_dict)
iam2_ops.clean_iam2_enviroment()
def test():
global vm
global schd_job1
global schd_job2
global schd_trigger1
global schd_trigger2
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(
project_name, project_admin_session_uuid).uuid
# 3 create scheduler job and trigger
vm = test_stub.create_vm(session_uuid=project_admin_session_uuid)
start_date = int(time.time())
schd_job1 = schd_ops.create_scheduler_job(
'simple_stop_vm_scheduler',
'simple_stop_vm_scheduler',
vm.get_vm().uuid,
'stopVm',
None,
session_uuid=project_admin_session_uuid)
schd_trigger1 = schd_ops.create_scheduler_trigger(
'simple_stop_vm_scheduler',
start_date + 60,
None,
120,
'simple',
session_uuid=project_admin_session_uuid)
schd_ops.add_scheduler_job_to_trigger(
schd_trigger1.uuid,
schd_job1.uuid,
session_uuid=project_admin_session_uuid)
schd_job2 = schd_ops.create_scheduler_job(
'simple_start_vm_scheduler',
'simple_start_vm_scheduler',
vm.get_vm().uuid,
'startVm',
None,
session_uuid=project_admin_session_uuid)
schd_trigger2 = schd_ops.create_scheduler_trigger(
'simple_start_vm_scheduler',
start_date + 120,
None,
120,
'simple',
session_uuid=project_admin_session_uuid)
schd_ops.add_scheduler_job_to_trigger(
schd_trigger2.uuid,
schd_job2.uuid,
session_uuid=project_admin_session_uuid)
acc_ops.logout(project_admin_session_uuid)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
try:
schd_job1_inv = res_ops.get_resource(res_ops.SCHEDULERJOB,
uuid=schd_job1.uuid)[0]
except:
test_util.test_fail(
"delete project but not expunge,the schedulerjob [%s] is lost" %
schd_job1.uuid)
try:
res_ops.get_resource(res_ops.SCHEDULERJOB, uuid=schd_job2.uuid)[0]
except:
test_util.test_fail(
"delete project but not expunge,the schedulerjob [%s] is lost" %
schd_job2.uuid)
try:
schd_trigger1_inv = res_ops.get_resource(res_ops.SCHEDULERTRIGGER,
uuid=schd_trigger1.uuid)[0]
except:
test_util.test_fail(
"delete project but not expunge,the scheduler trigger [%s] is lost"
% schd_job1.uuid)
try:
res_ops.get_resource(res_ops.SCHEDULERTRIGGER,
uuid=schd_trigger2.uuid)[0]
except:
test_util.test_fail(
"delete project but not expunge,the scheduler trigger [%s] is lost"
% schd_job1.uuid)
iam2_ops.recover_iam2_project(project_uuid)
try:
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(
project_name, project_admin_session_uuid).uuid
except:
test_util.test_fail("recover the deleted project , but can't login in")
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
# 5 check for cascade delete
test_stub.check_resource_not_exist(schd_job1.uuid, res_ops.SCHEDULERJOB)
test_stub.check_resource_not_exist(schd_job2.uuid, res_ops.SCHEDULERJOB)
test_stub.check_resource_not_exist(schd_trigger1.uuid,
res_ops.SCHEDULERTRIGGER)
test_stub.check_resource_not_exist(schd_trigger2.uuid,
res_ops.SCHEDULERTRIGGER)
vm.clean()
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('Create Simple VM Stop Start Scheduler Success')
def test():
global test_obj_dict
# need at least 2 zones
zones_inv = res_ops.query_resource(res_ops.ZONE)
if len(zones_inv) < 2:
test_util.test_skip('test need at least 2 zones')
zone1_uuid = zones_inv[0].uuid
zone2_uuid = zones_inv[1].uuid
iam2_ops.clean_iam2_enviroment()
username = '******'
password = '******'
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
attributes = [{"name": "__PlatformAdmin__"}, {"name": "__PlatformAdminRelatedZone__", "value": zone1_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
username2 = 'username2'
password2 = 'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
platform_admin2_uuid = iam2_ops.create_iam2_virtual_id(username2, password2).uuid
attributes = [{"name": "__PlatformAdmin__"}, {"name": "__PlatformAdminRelatedZone__", "value": zone2_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin2_uuid, attributes)
zone1_cluster = []
zone2_cluster = []
cond = res_ops.gen_query_conditions('zoneUuid', '=', zone1_uuid)
cluster_inv = res_ops.query_resource(res_ops.CLUSTER, cond)
for cluster in cluster_inv:
zone1_cluster.append(cluster.uuid)
cond = res_ops.gen_query_conditions('zoneUuid', '=', zone2_uuid)
cluster_inv = res_ops.query_resource(res_ops.CLUSTER, cond)
for cluster in cluster_inv:
zone2_cluster.append(cluster.uuid)
platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
cluster_list = res_ops.query_resource(res_ops.CLUSTER, session_uuid=platform_admin_session_uuid)
for cluster in cluster_list:
if cluster.uuid not in zone1_cluster:
test_util.test_fail("can't get zone1:[%s] cluster [%s]" % (zone1_uuid, cluster.uuid))
if cluster.uuid in zone2_cluster:
test_util.test_fail(
"platformadmin has no permission get zone2:[%s] cluster [%s]" % (zone2_uuid, cluster.uuid))
zone1_hosts = []
zone2_hosts = []
cond = res_ops.gen_query_conditions('zoneUuid', '=', zone1_uuid)
hosts_inv = res_ops.query_resource(res_ops.HOST, cond)
for host in hosts_inv:
zone1_hosts.append(host.uuid)
cond = res_ops.gen_query_conditions('zoneUuid', '=', zone2_uuid)
hosts_inv = res_ops.query_resource(res_ops.HOST, cond)
for host in hosts_inv:
zone2_hosts.append(host.uuid)
host_list = res_ops.query_resource_fields(res_ops.HOST, session_uuid=platform_admin_session_uuid)
for host in host_list:
if host.uuid not in zone1_hosts:
test_util.test_fail("can't get zone1:[%s] host [%s]" % (zone1_uuid, host.uuid))
if host.uuid in zone2_hosts:
test_util.test_fail("platformadmin has no permission get zone2:[%s] host [%s]" % (zone2_uuid, host.uuid))
vm = test_stub.create_vm(session_uuid=platform_admin_session_uuid)
test_obj_dict.add_vm(vm)
vm_uuid = vm.get_vm().uuid
volume = test_stub.create_volume(session_uuid=platform_admin_session_uuid)
test_obj_dict.add_volume(volume)
volume_uuid = volume.get_volume().uuid
acc_ops.logout(platform_admin_session_uuid)
platform_admin2_session_uuid = iam2_ops.login_iam2_virtual_id(username2, password2)
# TODO:there is a bug below this operation ZSTAC-13105
# vm_inv=res_ops.query_resource(res_ops.VM_INSTANCE,session_uuid=platform_admin2_session_uuid)
# if vm_inv:
# if vm_inv.uuid == vm_uuid:
# test_util.test_fail("zone2:[%s] platformadmin can't query zone1 vm "%zone2_uuid)
volume_inv = res_ops.query_resource(res_ops.VOLUME, session_uuid=platform_admin2_session_uuid)
if volume_inv:
if volume_inv[0].uuid == volume_uuid:
test_util.test_fail("zone2:[%s] platformadmin can't query zone1 volume " % zone2_uuid)
test_lib.lib_robot_cleanup(test_obj_dict)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by admin!')
def test():
global virtual_id_uuid_list
# 1 create PlatformAdmin
platformname = "platformadmin"
password = "******"
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(platformname, password).uuid
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
# 2 log in by PlatformAdmin
platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(platformname, password, timeout=160000)
# 3 create Company
company_uuid_02 = iam2_ops.create_iam2_organization('test_company_02', 'Company',
session_uuid=platform_admin_session_uuid).uuid
# 4 Create sub department and set virtual id as OrganizationSupervisor
department_name = "test_department"
for i in range(1, 2):
department1_uuid = iam2_ops.create_iam2_organization(department_name + "_" + str(i), 'Department',
parent_uuid=company_uuid_02,
session_uuid=platform_admin_session_uuid).uuid
for n1 in range(1, 3):
username = department_name + "_" + str(i) + "_user_" + str(n1)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password',
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department1_uuid,
session_uuid=platform_admin_session_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department1_uuid, attributes,
session_uuid=platform_admin_session_uuid)
for j in range(1, 2):
department2_uuid = iam2_ops.create_iam2_organization(department_name + "_" + str(i) + "_" + str(j),
'Department', parent_uuid=department1_uuid,
session_uuid=platform_admin_session_uuid).uuid
for n2 in range(1, 3):
username = department_name + "_" + str(i) + "_" + str(j) + "_user_" + str(n2)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password',
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department2_uuid,
session_uuid=platform_admin_session_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department2_uuid, attributes,
session_uuid=platform_admin_session_uuid)
for k in range(1, 2):
department3_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i) + "_" + str(j) + "_" + str(k), 'Department',
parent_uuid=department2_uuid, session_uuid=platform_admin_session_uuid).uuid
for n3 in range(1, 3):
username = department_name + "_" + str(i) + "_" + str(j) + "_" + str(k) + "_user_" + str(n3)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password',
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department3_uuid,
session_uuid=platform_admin_session_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department3_uuid, attributes,
session_uuid=platform_admin_session_uuid)
for l in range(1, 11):
department4_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i) + "_" + str(j) + "_" + str(k) + "_" + str(l), 'Department',
parent_uuid=department3_uuid, session_uuid=platform_admin_session_uuid).uuid
for n4 in range(1, 21):
username = department_name + "_" + str(i) + "_" + str(j) + "_" + str(k) + "_" + str(
l) + "_user_" + str(n4)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password',
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department4_uuid,
session_uuid=platform_admin_session_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department4_uuid, attributes,
session_uuid=platform_admin_session_uuid)
for m in range(1, 11):
department5_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i) + "_" + str(j) + "_" + str(k) + "_" + str(l) + "_" + str(m),
'Department', parent_uuid=department4_uuid, session_uuid=platform_admin_session_uuid).uuid
for n5 in range(1, 21):
username = department_name + "_" + str(i) + "_" + str(j) + "_" + str(k) + "_" + str(
l) + "_" + str(m) + "_user_" + str(n5)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password',
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department5_uuid,
session_uuid=platform_admin_session_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department5_uuid, attributes,
session_uuid=platform_admin_session_uuid)
# 5 delete
iam2_ops.delete_iam2_organization(company_uuid_02)
for virtual_id_uuid in virtual_id_uuid_list:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
virtual_id_uuid_list = []
iam2_ops.delete_iam2_virtual_id(platform_admin_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def error_cleanup():
global role_uuid
if role_uuid:
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
def test():
global virtual_id_uuid_list
# 1 create Company
company_uuid_01 = iam2_ops.create_iam2_organization(
'test_company_01', 'Company').uuid
department_name = "test_department"
# 2 Create sub department and set virtual id as OrganizationSupervisor
for i in range(1, 2):
department1_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i),
'Department',
parent_uuid=company_uuid_01).uuid
for n1 in range(1, 3):
username = department_name + "_" + str(i) + "_user_" + str(n1)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid],
department1_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{
"name": "__OrganizationSupervisor__",
"value": virtual_id_uuid
}]
iam2_ops.add_attributes_to_iam2_organization(department1_uuid,
attributes)
for j in range(1, 2):
department2_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i) + "_" + str(j),
'Department',
parent_uuid=department1_uuid).uuid
for n2 in range(1, 3):
username = department_name + "_" + str(i) + "_" + str(
j) + "_user_" + str(n2)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization(
[virtual_id_uuid], department2_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{
"name": "__OrganizationSupervisor__",
"value": virtual_id_uuid
}]
iam2_ops.add_attributes_to_iam2_organization(
department2_uuid, attributes)
for k in range(1, 2):
department3_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i) + "_" + str(j) + "_" +
str(k),
'Department',
parent_uuid=department2_uuid).uuid
for n3 in range(1, 3):
username = department_name + "_" + str(i) + "_" + str(
j) + "_" + str(k) + "_user_" + str(n3)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization(
[virtual_id_uuid], department3_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{
"name": "__OrganizationSupervisor__",
"value": virtual_id_uuid
}]
iam2_ops.add_attributes_to_iam2_organization(
department3_uuid, attributes)
for l in range(1, 11):
department4_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i) + "_" + str(j) + "_" +
str(k) + "_" + str(l),
'Department',
parent_uuid=department3_uuid).uuid
for n4 in range(1, 21):
username = department_name + "_" + str(i) + "_" + str(
j) + "_" + str(k) + "_" + str(l) + "_user_" + str(
n4)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization(
[virtual_id_uuid], department4_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{
"name": "__OrganizationSupervisor__",
"value": virtual_id_uuid
}]
iam2_ops.add_attributes_to_iam2_organization(
department4_uuid, attributes)
for m in range(1, 11):
department5_uuid = iam2_ops.create_iam2_organization(
department_name + "_" + str(i) + "_" + str(j) +
"_" + str(k) + "_" + str(l) + "_" + str(m),
'Department',
parent_uuid=department4_uuid).uuid
for n5 in range(1, 21):
username = department_name + "_" + str(
i) + "_" + str(j) + "_" + str(k) + "_" + str(
l) + "_" + str(m) + "_user_" + str(n5)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization(
[virtual_id_uuid], department5_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{
"name": "__OrganizationSupervisor__",
"value": virtual_id_uuid
}]
iam2_ops.add_attributes_to_iam2_organization(
department5_uuid, attributes)
# 3 delete
iam2_ops.delete_iam2_organization(company_uuid_01)
for virtual_id_uuid in virtual_id_uuid_list:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
virtual_id_uuid_list = []
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def test():
global vm
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(
project_name, project_admin_session_uuid).uuid
res_ops.query_resource(res_ops.L2_VXLAN_NETWORK_POOL)
# 3 create vm
vm = test_stub.create_vm(session_uuid=project_admin_session_uuid)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', vm.get_vm().uuid)
vm_inv = res_ops.query_resource(res_ops.VM_INSTANCE, cond)[0]
if vm_inv.state == 'Running':
test_util.test_fail(
"the vm is still running after delete project,test fail")
# 5 recover project
vm.update()
iam2_ops.recover_iam2_project(project_uuid)
vm.start()
# 6 expunge project
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
vm.update()
# query vm
cond = res_ops.gen_query_conditions('uuid', '=', vm.get_vm().uuid)
vm_inv = res_ops.query_resource(res_ops.VM_INSTANCE, cond)[0]
if vm_inv.state != 'Destroyed':
test_util.test_fail(
'The vminstance created by project is not Destroyed ,the state now is %s , test fail'
% vm_inv.state)
vm.clean()
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def test():
global virtual_id_uuid_list
# 1 create Company
company_uuid_01 = iam2_ops.create_iam2_organization('test_company_01', 'Company').uuid
department_name="test_department"
# 2 Create sub department and set virtual id as OrganizationSupervisor
for i in range(1,2):
department1_uuid = iam2_ops.create_iam2_organization(department_name + "_" + str(i), 'Department',parent_uuid=company_uuid_01).uuid
for n1 in range(1,3):
username = department_name + "_" + str(i) + "_user_" + str(n1)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department1_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department1_uuid, attributes)
for j in range(1,2):
department2_uuid = iam2_ops.create_iam2_organization(department_name+ "_" + str(i) + "_" + str(j), 'Department',parent_uuid=department1_uuid).uuid
for n2 in range(1,3):
username=department_name+ "_" + str(i) + "_" + str(j) + "_user_" + str(n2)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department2_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department2_uuid, attributes)
for k in range(1,2):
department3_uuid = iam2_ops.create_iam2_organization(department_name+ "_" + str(i) + "_" + str(j) + "_" +str(k), 'Department',parent_uuid=department2_uuid).uuid
for n3 in range(1,3):
username=department_name+ "_" + str(i) + "_" + str(j) + "_" +str(k) + "_user_" + str(n3)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department3_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department3_uuid, attributes)
for l in range(1,11):
department4_uuid = iam2_ops.create_iam2_organization(department_name+ "_" + str(i) + "_" + str(j) + "_" +str(k) + "_" +str(l), 'Department',parent_uuid=department3_uuid).uuid
for n4 in range(1,21):
username=department_name+ "_" + str(i) + "_" + str(j) + "_" +str(k) + "_" +str(l) + "_user_" + str(n4)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department4_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department4_uuid, attributes)
for m in range(1,11):
department5_uuid = iam2_ops.create_iam2_organization(department_name+ "_" + str(i) + "_" + str(j) + "_" +str(k) + "_" +str(l) + "_" +str(m), 'Department',parent_uuid=department4_uuid).uuid
for n5 in range(1,21):
username=department_name+ "_" + str(i) + "_" + str(j) + "_" +str(k) + "_" +str(l) + "_" +str(m) + "_user_" + str(n5)
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, 'password').uuid
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department5_uuid)
virtual_id_uuid_list.append(virtual_id_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department5_uuid, attributes)
# 3 delete
iam2_ops.delete_iam2_organization(company_uuid_01)
for virtual_id_uuid in virtual_id_uuid_list:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
virtual_id_uuid_list=[]
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def test():
global role_uuid, project_uuid, project_02_uuid, project_template_01_uuid, project_template_02_uuid, \
company_uuid_01, company_uuid_02, department_01_uuid, department_02_uuid, virtual_id_group_uuid, \
virtual_id_uuid
iam2_ops.clean_iam2_enviroment()
# 1 create role and add/remove policy
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
action = "org.zstack.header.image.**"
statements = [{"effect": "Allow", "actions": [action]}]
iam2_ops.add_policy_statements_to_role(role_uuid, statements)
statement_uuid = iam2_ops.get_policy_statement_uuid_of_role(
role_uuid, action)
# statement_uuid= res_ops.get_resource(res_ops.ROLE, uuid=role_uuid)[0].statements[0].uuid
iam2_ops.remove_policy_statements_from_role(role_uuid, [statement_uuid])
# 2 create project and add/remove attributes to/from it
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
zone_inv = res_ops.query_resource(res_ops.ZONE)
if len(zone_inv) >= 2:
attributes = [{
"name": "__ProjectRelatedZone__",
"value": zone_inv[0].uuid
}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
username = '******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username,
password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],
project_uuid)
session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
session_uuid = iam2_ops.login_iam2_project(project_name,
session_uuid).uuid
cond = res_ops.gen_query_conditions('zoneUuid', '=', zone_inv[1].uuid)
host_inv = res_ops.query_resource(res_ops.HOST,
cond,
session_uuid=session_uuid)
if host_inv:
test_util.test_fail("test Project Related Zone fail")
attribute_uuid = iam2_ops.get_attribute_uuid_of_project(
project_uuid, "__ProjectRelatedZone__")
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
iam2_ops.remove_attributes_from_iam2_project(project_uuid,
[attribute_uuid])
# 3 create project template from project
project_template_01_uuid = iam2_ops.create_iam2_project_template_from_project(
'project_template', project_uuid, 'this is a template '
'description').uuid
project_template_inv = res_ops.get_resource(res_ops.IAM2_PROJECT_TEMPLATE,
uuid=project_template_01_uuid)
if not project_template_inv:
test_util.test_fail("create template from project fail")
# 4 create project template and then create project from template
project_template_02_uuid = iam2_ops.create_iam2_project_template(
'project_template_02').uuid
project_02_uuid = iam2_ops.create_iam2_project_from_template(
'project_02', project_template_02_uuid).uuid
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT,
uuid=project_02_uuid)
if not project_inv:
test_util.test_fail("create project from template fail")
# 5 create Company and Department (organization)
company_uuid_01 = iam2_ops.create_iam2_organization(
'test_company_01', 'Company').uuid
company_uuid_02 = iam2_ops.create_iam2_organization(
'test_company_02', 'Company').uuid
department_01_uuid = iam2_ops.create_iam2_organization(
'test_department_01', 'Department', parent_uuid=company_uuid_01).uuid
department_02_uuid = iam2_ops.create_iam2_organization(
'test_department_02', 'Department').uuid
# 6 organization change parent
iam2_ops.change_iam2_organization_parent(company_uuid_02,
[department_02_uuid])
iam2_ops.change_iam2_organization_parent(company_uuid_02,
[department_01_uuid])
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=department_01_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=department_02_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
# 7 create virtual id group and add/remove role and attributes to/from it
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(
project_uuid, 'test_virtual_id_group').uuid
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid],
virtual_id_group_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid],
virtual_id_group_uuid)
# TODO:there is nothing to do with the below api in the first version of iam2
# iam2_ops.add_attributes_to_iam2_virtual_id_group()
# iam2_ops.remove_attributes_from_iam2_virtual_id_group()
# 8 create virtual id and add/remove role or attributes to/from it
password = '******'
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('username',
password).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], virtual_id_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid], virtual_id_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
cond_01 = res_ops.gen_query_conditions('name', '=', "__PlatformAdmin__",
cond)
attribute_uuid = res_ops.query_resource_fields(
res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_01)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid,
[attribute_uuid])
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectAdmin__",
cond)
attribute_uuid = res_ops.query_resource_fields(
res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid,
[attribute_uuid])
# admin can't create Project operator
# attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
# iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
# 9 add virtual id to organization and set it as OrganizationSupervisor
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid],
department_01_uuid)
attributes = [{
"name": "__OrganizationSupervisor__",
"value": virtual_id_uuid
}]
iam2_ops.add_attributes_to_iam2_organization(department_01_uuid,
attributes)
cond_03 = res_ops.gen_query_conditions('name', '=',
"__OrganizationSupervisor__")
cond_03 = res_ops.gen_query_conditions('value', '=', virtual_id_uuid,
cond_03)
attribute_uuid = res_ops.query_resource(
res_ops.IAM2_ORGANIZATION_ATTRIBUTE, cond_03)[0].uuid
iam2_ops.remove_attributes_from_iam2_organization(department_01_uuid,
[attribute_uuid])
iam2_ops.remove_iam2_virtual_ids_from_organization([virtual_id_uuid],
department_01_uuid)
# 10 add virtual id to group and project
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid],
virtual_id_group_uuid)
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid],
virtual_id_group_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid],
project_uuid)
# 11 change state
disable = 'disable'
enable = 'enable'
Disabled = 'Disabled'
iam2_ops.change_iam2_organization_state(company_uuid_01, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=company_uuid_01)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 organization state fail")
iam2_ops.change_iam2_organization_state(company_uuid_01, enable)
iam2_ops.change_iam2_organization_state(department_01_uuid, disable)
iam2_ops.change_iam2_organization_state(department_01_uuid, enable)
iam2_ops.change_iam2_project_state(project_uuid, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 project state fail")
iam2_ops.change_iam2_project_state(project_uuid, enable)
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID,
uuid=virtual_id_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id state fail")
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, enable)
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP,
uuid=virtual_id_group_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id group state fail")
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, enable)
iam2_ops.change_role_state(role_uuid, disable)
res_inv = res_ops.get_resource(res_ops.ROLE, uuid=role_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 role state fail")
iam2_ops.change_role_state(role_uuid, enable)
# 12 update
virtual_id_new_name = 'virtual_id_new_name'
virtual_id_new_des = 'virtual_id_new_des'
virtual_id_new_password = '******'
iam2_ops.update_iam2_virtual_id(virtual_id_uuid, virtual_id_new_name,
virtual_id_new_des,
virtual_id_new_password)
virtual_id_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID,
uuid=virtual_id_uuid)[0]
if virtual_id_inv.name != virtual_id_new_name:
test_util.test_fail("update iam2 virtual id name fail")
try:
iam2_ops.login_iam2_virtual_id('username', password)
except:
test_util.test_logger("the old username and password can't login")
try:
virtual_id_session_uuid = iam2_ops.login_iam2_virtual_id(
virtual_id_new_name, virtual_id_new_password)
acc_ops.logout(virtual_id_session_uuid)
except:
test_util.test_fail("update iam2 virtual id name or password fail.")
virtual_id_group_new_name = 'virtual_id_group_new_name'
virtual_id_group_new_des = 'virtual_id_group_new_des'
iam2_ops.update_iam2_virtual_id_group(virtual_id_group_uuid,
virtual_id_group_new_name,
virtual_id_group_new_des)
virtual_id_group_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP,
uuid=virtual_id_group_uuid)[0]
if virtual_id_group_inv.name != virtual_id_group_new_name:
test_util.test_fail("update iam2 virtual id group name fail")
project_new_name = 'project_new_name'
project_new_dsc = 'project_new_dsc'
iam2_ops.update_iam2_project(project_uuid, project_new_name,
project_new_dsc)
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT,
uuid=project_uuid)[0]
if project_inv.name != project_new_name or project_inv.description != project_new_dsc:
test_util.test_fail("update project information fail")
company_new_name = 'company_new_name'
company_new_dsc = 'company_new_dsc'
iam2_ops.update_iam2_organization(company_uuid_02, company_new_name,
company_new_dsc)
organization_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=company_uuid_02)[0]
if organization_inv.name != company_new_name or organization_inv.description != company_new_dsc:
test_util.test_fail("update organization name fail")
# 13 delete
iam2_ops.delete_iam2_organization(company_uuid_01)
iam2_ops.delete_iam2_organization(company_uuid_02)
iam2_ops.delete_iam2_organization(department_01_uuid)
iam2_ops.delete_iam2_organization(department_02_uuid)
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.delete_iam2_project(project_02_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_02_uuid)
iam2_ops.delete_iam2_project_template(project_template_01_uuid)
iam2_ops.delete_iam2_project_template(project_template_02_uuid)
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by admin!')
def error_cleanup():
global vm
iam2_ops.clean_iam2_enviroment()
vm.clean()
def test():
global test_obj_dict
iam2_ops.clean_iam2_enviroment()
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
zone_inv = res_ops.query_resource(res_ops.ZONE)
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_inv[0].uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 update project quota
acc_ops.update_quota(linked_account_uuid, 'volume.data.num', '1')
cond = res_ops.gen_query_conditions('identityUuid', '=', linked_account_uuid)
cond = res_ops.gen_query_conditions('name', '=', 'volume.data.num', cond)
project_quota = res_ops.query_resource(res_ops.QUOTA, cond)
if project_quota:
if project_quota[0].value != 1:
test_util.test_fail("update project quata fail")
# 3 create virtual id and login project
username = '******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, password, attributes=attributes).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid)
virtual_id_session = iam2_ops.login_iam2_virtual_id(username, password)
virtual_id_session = iam2_ops.login_iam2_project(project_name, virtual_id_session).uuid
volume = test_stub.create_volume(session_uuid=virtual_id_session)
test_obj_dict.add_volume(volume)
try:
volume = test_stub.create_volume(session_uuid=virtual_id_session)
test_obj_dict.add_volume(volume)
test_util.test_fail("create more than one data volume in project ,test fail")
except:
test_util.test_dsc("success test limit create only 1 vm")
acc_ops.logout(virtual_id_session)
# 4 add project retired policy
attributes = [{"name": "__RetirePolicy__", "value": "NoLogin after 20s"}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
time.sleep(20)
# 5 login project
virtual_id_session = iam2_ops.login_iam2_virtual_id(username, password)
try:
iam2_ops.login_iam2_project(project_name, session_uuid=virtual_id_session)
test_util.test_fail("login project success ,the retire policy is useless")
except:
test_util.test_logger("can't login project,retire policy is useful")
# 6 change retired policy
enable = 'enable'
disable = 'disable'
cond = res_ops.gen_query_conditions('name', '=', '__RetirePolicy__')
cond = res_ops.gen_query_conditions('value', '=', 'NoLogin after 20s', cond)
attribute_uuid = res_ops.query_resource(res_ops.IAM2_PROJECT_ATTRIBUTE, cond)[0].uuid
iam2_ops.remove_attributes_from_iam2_project(project_uuid, [attribute_uuid])
iam2_ops.change_iam2_project_state(project_uuid, enable)
attributes = [{"name": "__RetirePolicy__", "value": "DeleteProject after 20s"}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
time.sleep(20)
# 7 query project
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_uuid)[0]
if project_inv.state != 'Deleted':
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_fail("the project [%s] is still available after 20s " % project_uuid)
test_lib.lib_robot_cleanup(test_obj_dict)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("success test project retired")
def error_cleanup():
iam2_ops.clean_iam2_enviroment()
def test():
global role_uuid, project_uuid, project_admin_uuid, virtual_id_uuid, virtual_id_group_uuid
# 1 create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo',
password).uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# 4 login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
# 5 create virtual id group
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(
project_uuid, 'test_virtual_id_group',
session_uuid=project_login_uuid).uuid
# 6 add virtual id into project and group
# TODO:add query
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],
project_uuid,
session_uuid=project_login_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid],
virtual_id_group_uuid,
session_uuid=project_login_uuid)
# 7 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role',
statements,
session_uuid=project_login_uuid).uuid
# 8 add/remove roles to/from virtual id (group)
iam2_ops.add_roles_to_iam2_virtual_id_group(
[role_uuid], virtual_id_group_uuid, session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup(
[role_uuid], virtual_id_group_uuid, session_uuid=project_login_uuid)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid],
virtual_id_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid],
virtual_id_uuid,
session_uuid=project_login_uuid)
# 9 create/delete project operator
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid,
attributes,
session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectOperator__",
cond)
attribute_uuid = res_ops.query_resource_fields(
res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(
virtual_id_uuid, [attribute_uuid], session_uuid=project_login_uuid)
# 10 remove virtual ids from group and project
iam2_ops.remove_iam2_virtual_ids_from_group(
[virtual_id_uuid],
virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project(
[virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global image
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(
project_name, project_admin_session_uuid).uuid
res_ops.query_resource(res_ops.L2_VXLAN_NETWORK_POOL)
# 3 add image
bs_cond = res_ops.gen_query_conditions("status", '=', "Connected")
bss = res_ops.query_resource(res_ops.BACKUP_STORAGE, bs_cond)
image_option = test_util.ImageOption()
image_option.set_format('iso')
image_option.set_name('test_add_iso_image')
image_option.set_url(
os.environ.get('imageServer') + "/iso/CentOS-x86_64-7.2-Minimal.iso")
image_option.set_backup_storage_uuid_list([bss[0].uuid])
image_option.set_timeout(60000)
image_option.set_session_uuid(project_admin_session_uuid)
image = img_ops.add_image(image_option)
# 4 delete project
iam2_ops.delete_iam2_project(project_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', image.uuid)
img_inv = res_ops.query_resource(res_ops.IMAGE, cond)
if not img_inv:
test_util.test_fail(
"can't query image %s after delete the project,test fail" %
image.uuid)
# 5 expunge project
iam2_ops.expunge_iam2_project(project_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', image.uuid)
img_inv = res_ops.query_resource(res_ops.IMAGE, cond)[0]
if img_inv.status != 'Deleted':
test_util.test_fail(
'The image created in project is not deleted after project is expunge, test fail'
)
img_ops.expunge_image(image.uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success')
def test():
global email_platform_uuid, email_endpoint_uuid, dingtalk_endpoint_uuid, http_endpoint_uuid, alarm_uuid, ps_event_sub_uuid, sns_topic_uuid, alarm_template_uuid
iam2_ops.clean_iam2_enviroment()
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 3 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 4 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, password)
project_admin_session_uuid = iam2_ops.login_iam2_project(
project_name, project_admin_session_uuid).uuid
# 5 create zwatch resource
smtp_server = os.environ.get('smtpServer')
smtp_port = os.environ.get('smtpPort')
email_platform_name = 'Alarm_email'
email_username = os.environ.get('mailUsername')
email_password = os.environ.get('mailPassword')
email_platform_uuid = zwt_ops.create_sns_email_platform(
smtp_server,
smtp_port,
email_platform_name,
email_username,
email_password,
session_uuid=project_admin_session_uuid).uuid
email_receiver = os.environ.get('mailUsername')
email_endpoint_uuid = zwt_ops.create_sns_email_endpoint(
email_receiver,
'test_email_endpoint',
email_platform_uuid,
session_uuid=project_admin_session_uuid).uuid
url_01 = 'https://oapi.dingtalk.com/robot/send?access_token' \
'=0be899d4bd0a7629961a5ccd3035dfba30d084b57944897838f1b601006dd153'
name_01 = 'dingtalkAtPerson'
dingtalk_endpoint_uuid = zwt_ops.create_sns_dingtalk_endpoint(
url_01, name_01, at_all=False,
session_uuid=project_admin_session_uuid).uuid
http_endpoint_name = 'http'
url = 'http://localhost:8080/webhook-url'
http_username = '******'
http_password = '******'
http_endpoint_uuid = zwt_ops.create_sns_http_endpoint(
url,
http_endpoint_name,
http_username,
http_password,
session_uuid=project_admin_session_uuid).uuid
sns_topic_uuid = zwt_ops.create_sns_topic(
'sns_topic_01', session_uuid=project_admin_session_uuid).uuid
zwt_ops.subscribe_sns_topic(sns_topic_uuid,
dingtalk_endpoint_uuid,
session_uuid=project_admin_session_uuid)
zwt_ops.subscribe_sns_topic(sns_topic_uuid,
email_endpoint_uuid,
session_uuid=project_admin_session_uuid)
zwt_ops.subscribe_sns_topic(sns_topic_uuid,
http_endpoint_uuid,
session_uuid=project_admin_session_uuid)
namespace = 'ZStack/Volume'
actions = [{"actionUuid": sns_topic_uuid, "actionType": "sns"}]
comparisonOperator = 'GreaterThanOrEqualTo'
repeat_interval = 20
period = 10
threshold = 5
metric_name = 'TotalVolumeCount'
alarm_uuid = zwt_ops.create_alarm(
comparisonOperator,
period,
threshold,
namespace,
metric_name,
actions=actions,
repeat_interval=repeat_interval,
session_uuid=project_admin_session_uuid).uuid
ps_actions = [{"actionUuid": sns_topic_uuid, "actionType": "sns"}]
ps_namespace = 'ZStack/PrimaryStorage'
ps_disconnected = 'PrimaryStorageDisconnected'
ps_event_sub_uuid = zwt_ops.subscribe_event(ps_namespace, ps_disconnected,
ps_actions).uuid
application_platform_type = 'Email'
alarm_template_name = 'my-alarm-template'
alarm_template = '${ALARM_NAME} Change status to ${ALARM_CURRENT_STATUS}' \
'ALARM_UUID:${ALARM_UUID}' \
'keyword1:ThisWordIsKeyWord' \
'keyword2:TemplateForAlarmOn' \
'(Using for template changes email check)'
alarm_template_uuid = zwt_ops.create_sns_text_template(
alarm_template_name,
application_platform_type,
alarm_template,
default_template=False).uuid
acc_ops.logout(project_admin_session_uuid)
# 6 delete project
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
# 7 cascade test
try:
test_stub.check_resource_not_exist(email_platform_uuid,
res_ops.SNS_EMAIL_PLATFORM)
except:
test_util.test_logger("email platform should not be delete ,success")
test_stub.check_resource_not_exist(email_endpoint_uuid,
res_ops.SNS_APPLICATION_ENDPOINT)
test_stub.check_resource_not_exist(dingtalk_endpoint_uuid,
res_ops.SNS_APPLICATION_ENDPOINT)
test_stub.check_resource_not_exist(http_endpoint_uuid,
res_ops.SNS_APPLICATION_ENDPOINT)
test_stub.check_resource_not_exist(alarm_uuid, res_ops.ALARM)
test_stub.check_resource_not_exist(ps_event_sub_uuid,
res_ops.EVENT_SUBSCRIPTION)
test_stub.check_resource_not_exist(sns_topic_uuid, res_ops.SNS_TOPIC)
test_stub.check_resource_not_exist(alarm_template_uuid,
res_ops.SNS_TEXT_TEMPLATE)
zwt_ops.delete_sns_application_platform(email_platform_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("success test project retired")
def error_cleanup():
global cert
iam2_ops.clean_iam2_enviroment()
if cert:
net_ops.delete_certificate(cert.uuid)
def error_cleanup():
global test_obj_dict
test_lib.lib_robot_cleanup(test_obj_dict)
iam2_ops.clean_iam2_enviroment()
def test():
global role_uuid, project_uuid, project_admin_uuid, virtual_id_uuid, virtual_id_group_uuid
# 1 create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', password).uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# 4 login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
# 5 create virtual id group
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(project_uuid, 'test_virtual_id_group',session_uuid=project_login_uuid).uuid
# 6 add virtual id into project and group
# TODO:add query
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
# 7 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements,session_uuid=project_login_uuid).uuid
# 8 add/remove roles to/from virtual id (group)
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=project_login_uuid)
# 9 create/delete project operator
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid,attributes,session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectOperator__", cond)
attribute_uuid = res_ops.query_resource_fields(res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid,[attribute_uuid],session_uuid=project_login_uuid)
# 10 remove virtual ids from group and project
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid], project_uuid,
session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by project admin!')
def test():
iam2_ops.clean_iam2_enviroment()
# 1 create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
project_name_02='test_project_02'
project_uuid_02 = iam2_ops.create_iam2_project(project_name_02).uuid
# 2 create projectAdmin
username = '******'
password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_login_uuid = iam2_ops.login_iam2_virtual_id(username, password)
project_admin_login_uuid = iam2_ops.login_iam2_project(project_name, project_admin_login_uuid)
# 3 create virtual ID by projectAdmin
username_02 = 'username_02'
try:
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username_02, password,
session_uuid=project_admin_login_uuid).uuid
test_util.test_fail("ProjectAdmin can't create virtual ID")
except:
pass
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username_02, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],project_uuid)
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],project_uuid_02)
# 4 create PlatformAdmin by PorjectAdmin
attributes = [{"name":"__PlatformAdmin__"}]
try:
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid,attributes,session_uuid=project_admin_login_uuid)
test_util.test_fail("ProjectAdmin can't create PlatformAdmin")
except:
pass
# 5 create ProjectAdmin by ProjectAdmin
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
try:
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes,session_uuid=project_admin_login_uuid)
test_util.test_fail("ProjectAdmin can't create ProjectAdmin")
except:
pass
# 6 create ProjectOperator in other project
attributes = [{"name": "__ProjectOperator__", "value": project_uuid_02}]
try:
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes, session_uuid=project_admin_login_uuid)
test_util.test_fail("ProjectAdmin can't create ProjectOperator in other project")
except:
pass
fake_virtual_uuid='iamafakevirtualiduuid'
try:
iam2_ops.add_iam2_virtual_ids_to_project([fake_virtual_uuid],project_uuid,session_uuid=project_admin_login_uuid)
test_util.test_fail("can't add fake virtual id into project")
except:
pass
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("success test ProjectAdmin negtive operations")
def error_cleanup():
global role_uuid
if role_uuid:
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
def error_cleanup():
iam2_ops.clean_iam2_enviroment()
def test():
# global test_obj_dict
iam2_ops.clean_iam2_enviroment()
global project_uuid,virtual_id_uuid,project_admin_uuid
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
# 1 create project
project_name = 'test_project'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 create projectAdmin into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid], project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name,password)
project_admin_session_uuid = iam2_ops.login_iam2_project(project_name,project_admin_session_uuid).uuid
#create Security Group
sg = test_sg_header.ZstackTestSecurityGroup()
sg_creation_option = test_util.SecurityGroupOption()
sg_creation_option.set_name('test_sg')
sg_creation_option.session_uuid = project_admin_session_uuid
sg.set_creation_option(sg_creation_option)
sg.create()
test_obj_dict.add_sg(sg.get_security_group().uuid)
#create EIP
vm = test_stub.create_vm(session_uuid=project_admin_session_uuid)
test_obj_dict.add_vm(vm)
pri_l3_name = os.environ.get('l3VlanNetworkName3')
pri_l3_uuid = test_lib.lib_get_l3_by_name(pri_l3_name).uuid
pub_l3_name = os.environ.get('l3PublicNetworkName')
pub_l3_uuid = test_lib.lib_get_l3_by_name(pub_l3_name).uuid
vm_nic = vm.vm.vmNics[0]
vm_nic_uuid = vm_nic.uuid
vip_for_eip = test_stub.create_vip('create_eip_test', pub_l3_uuid,session_uuid=project_admin_session_uuid)
test_obj_dict.add_vip(vip_for_eip)
eip = test_stub.create_eip(vip_uuid=vip_for_eip.get_vip().uuid ,eip_name='create eip test', vnic_uuid=vm_nic_uuid, vm_obj=vm,session_uuid=project_admin_session_uuid)
vip_for_eip.attach_eip(eip)
# create LB
vip_for_lb = test_stub.create_vip('create_lb_test', pub_l3_uuid,session_uuid=project_admin_session_uuid)
test_obj_dict.add_vip(vip_for_lb)
lb = zstack_lb_header.ZstackTestLoadBalancer()
lb.create('create lb test', vip_for_lb.get_vip().uuid,session_uuid=project_admin_session_uuid)
test_obj_dict.add_load_balancer(lb)
vip_for_lb.attach_lb(lb)
lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port = 222, lbi_port = 22)
lb_creation_option.set_session_uuid(project_admin_session_uuid)
lbl = lb.create_listener(lb_creation_option)
# test PF
vip_for_pf = test_stub.create_vip('create_pf_test', pub_l3_uuid,session_uuid=project_admin_session_uuid)
test_obj_dict.add_vip(vip_for_pf)
vr = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid)[0]
vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr)
pf_creation_opt = PfRule.generate_pf_rule_option(vr_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule4_ports, private_target_rule=Port.rule4_ports, vip_uuid=vip_for_pf.get_vip().uuid)
pf_creation_opt.set_session_uuid(project_admin_session_uuid)
pf = test_pf_header.ZstackTestPortForwarding()
pf.set_creation_option(pf_creation_opt)
pf.create()
vip_for_pf.attach_pf(pf)
# delete project
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_stub.check_resource_not_exist(eip.get_eip().uuid,res_ops.EIP)
test_stub.check_resource_not_exist(sg.get_security_group().uuid,res_ops.SECURITY_GROUP)
test_stub.check_resource_not_exist(lb.get_load_balancer().uuid,res_ops.LOAD_BALANCER)
test_stub.check_resource_not_exist(lbl.get_load_balancer_listener().uuid,res_ops.LOAD_BALANCER_LISTENER)
test_stub.check_resource_not_exist(pf.get_port_forwarding().uuid,res_ops.PORT_FORWARDING)
test_lib.lib_robot_cleanup(test_obj_dict)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("Test for iam2 delete project cascade net services success.")
def test():
global test_obj_dict
iam2_ops.clean_iam2_enviroment()
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
zone_inv = res_ops.query_resource(res_ops.ZONE)
attributes = [{
"name": "__ProjectRelatedZone__",
"value": zone_inv[0].uuid
}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
test_stub.share_admin_resource_include_vxlan_pool([linked_account_uuid])
# 2 update project quota
acc_ops.update_quota(linked_account_uuid, 'volume.data.num', '1')
cond = res_ops.gen_query_conditions('identityUuid', '=',
linked_account_uuid)
cond = res_ops.gen_query_conditions('name', '=', 'volume.data.num', cond)
project_quota = res_ops.query_resource(res_ops.QUOTA, cond)
if project_quota:
if project_quota[0].value != 1:
test_util.test_fail("update project quata fail")
# 3 create virtual id and login project
username = '******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
username, password, attributes=attributes).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid)
virtual_id_session = iam2_ops.login_iam2_virtual_id(username, password)
virtual_id_session = iam2_ops.login_iam2_project(project_name,
virtual_id_session).uuid
volume = test_stub.create_volume(session_uuid=virtual_id_session)
test_obj_dict.add_volume(volume)
try:
volume = test_stub.create_volume(session_uuid=virtual_id_session)
test_obj_dict.add_volume(volume)
test_util.test_fail(
"create more than one data volume in project ,test fail")
except:
test_util.test_dsc("success test limit create only 1 vm")
acc_ops.logout(virtual_id_session)
# 4 add project retired policy
attributes = [{"name": "__RetirePolicy__", "value": "NoLogin after 20s"}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
time.sleep(20)
# 5 login project
virtual_id_session = iam2_ops.login_iam2_virtual_id(username, password)
try:
iam2_ops.login_iam2_project(project_name,
session_uuid=virtual_id_session)
test_util.test_fail(
"login project success ,the retire policy is useless")
except:
test_util.test_logger("can't login project,retire policy is useful")
# 6 change retired policy
enable = 'enable'
disable = 'disable'
cond = res_ops.gen_query_conditions('name', '=', '__RetirePolicy__')
cond = res_ops.gen_query_conditions('value', '=', 'NoLogin after 20s',
cond)
attribute_uuid = res_ops.query_resource(res_ops.IAM2_PROJECT_ATTRIBUTE,
cond)[0].uuid
iam2_ops.remove_attributes_from_iam2_project(project_uuid,
[attribute_uuid])
iam2_ops.change_iam2_project_state(project_uuid, enable)
attributes = [{
"name": "__RetirePolicy__",
"value": "DeleteProject after 20s"
}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
time.sleep(20)
# 7 query project
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT,
uuid=project_uuid)[0]
if project_inv.state != 'Deleted':
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_fail("the project [%s] is still available after 20s " %
project_uuid)
test_lib.lib_robot_cleanup(test_obj_dict)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("success test project retired")
def test():
global role_uuid, project_uuid, project_02_uuid, project_template_01_uuid, project_template_02_uuid, \
company_uuid_01, company_uuid_02, department_01_uuid, department_02_uuid, virtual_id_group_uuid, \
virtual_id_uuid, platform_admin_uuid
iam2_ops.clean_iam2_enviroment()
# 1 create platformAdmin
username = '******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
# 2 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements, platform_admin_session_uuid).uuid
action = "org.zstack.header.image.**"
statements = [{"effect": "Allow", "actions": [action]}]
iam2_ops.add_policy_statements_to_role(role_uuid, statements, platform_admin_session_uuid)
statement_uuid = iam2_ops.get_policy_statement_uuid_of_role(role_uuid, action)
# statement_uuid= res_ops.get_resource(res_ops.ROLE, uuid=role_uuid)[0].statements[0].uuid
iam2_ops.remove_policy_statements_from_role(role_uuid, [statement_uuid], platform_admin_session_uuid)
# 3 create project and and add/remove role and attributes to/from it
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name, session_uuid=platform_admin_session_uuid).uuid
zone_inv=res_ops.query_resource(res_ops.ZONE)
if len(zone_inv)>=2:
attributes = [{"name":"__ProjectRelatedZone__", "value":zone_inv[0].uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid,attributes,session_uuid=platform_admin_session_uuid)
username='******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
virtual_id_uuid=iam2_ops.create_iam2_virtual_id(username,password,session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],project_uuid,session_uuid=platform_admin_session_uuid)
session_uuid=iam2_ops.login_iam2_virtual_id(username,password)
session_uuid=iam2_ops.login_iam2_project(project_name,session_uuid).uuid
cond=res_ops.gen_query_conditions('zoneUuid','=',zone_inv[1].uuid)
host_inv=res_ops.query_resource(res_ops.HOST,cond,session_uuid=session_uuid)
if host_inv:
test_util.test_fail("test Project Related Zone fail")
attribute_uuid=iam2_ops.get_attribute_uuid_of_project(project_uuid,"__ProjectRelatedZone__")
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid,session_uuid=platform_admin_session_uuid)
iam2_ops.remove_attributes_from_iam2_project(project_uuid,[attribute_uuid],session_uuid=platform_admin_session_uuid)
# iam2_ops.add_attributes_to_iam2_project(project_uuid,attributes='')
# iam2_ops.remove_attributes_from_iam2_project(project_uuid,attributes='')
# 4 create project template from project
project_template_01_uuid = iam2_ops.create_iam2_project_template_from_project('project_template', project_uuid,
'this is a template description',
platform_admin_session_uuid).uuid
project_template_inv = res_ops.get_resource(res_ops.IAM2_PROJECT_TEMPLATE, uuid=project_template_01_uuid,
session_uuid=platform_admin_session_uuid)[0]
if not project_template_inv:
test_util.test_fail("create template from project fail")
# 5 create project template and then create project from template
project_template_02_uuid = iam2_ops.create_iam2_project_template('project_template_02',
session_uuid=platform_admin_session_uuid).uuid
project_02_uuid = iam2_ops.create_iam2_project_from_template('project_02', project_template_02_uuid,
session_uuid=platform_admin_session_uuid).uuid
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_02_uuid,
session_uuid=platform_admin_session_uuid)
if not project_inv:
test_util.test_fail("create project from template fail")
# 6 create Company and Department
company_uuid_01 = iam2_ops.create_iam2_organization('test_company_01', 'Company',
session_uuid=platform_admin_session_uuid).uuid
company_uuid_02 = iam2_ops.create_iam2_organization('test_company_02', 'Company',
session_uuid=platform_admin_session_uuid).uuid
department_01_uuid = iam2_ops.create_iam2_organization('test_department_01', 'Department',
parent_uuid=company_uuid_01,
session_uuid=platform_admin_session_uuid).uuid
department_02_uuid = iam2_ops.create_iam2_organization('test_department_02', 'Department',
session_uuid=platform_admin_session_uuid).uuid
# 7 organization change parent
iam2_ops.change_iam2_organization_parent(company_uuid_02, [department_02_uuid],
session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_organization_parent(company_uuid_02, [department_01_uuid],
session_uuid=platform_admin_session_uuid)
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=department_01_uuid,
session_uuid=platform_admin_session_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=department_02_uuid,
session_uuid=platform_admin_session_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
# 8 create virtual id group and add/remove role and attributes to/from it
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(project_uuid, 'test_virtual_id_group',
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
# TODO:there is nothing to do with the below api in the first version of iam2
# iam2_ops.add_attributes_to_iam2_virtual_id_group()
# iam2_ops.remove_attributes_from_iam2_virtual_id_group()
# 9 create virtual id and add/remove role or attributes to/from it
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', password,
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=platform_admin_session_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes, session_uuid=platform_admin_session_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectAdmin__", cond)
attribute_uuid = res_ops.query_resource_fields(res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, [attribute_uuid],
session_uuid=platform_admin_session_uuid)
# attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
# iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes, session_uuid=platform_admin_session_uuid)
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes,
# session_uuid=platform_admin_session_uuid)
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department_01_uuid,
session_uuid=platform_admin_session_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department_01_uuid, attributes,
session_uuid=platform_admin_session_uuid)
cond_03 = res_ops.gen_query_conditions('name', '=', "__OrganizationSupervisor__")
cond_03 = res_ops.gen_query_conditions('value', '=', virtual_id_uuid, cond_03)
attribute_uuid = \
res_ops.query_resource(res_ops.IAM2_ORGANIZATION_ATTRIBUTE, cond_03, session_uuid=platform_admin_session_uuid)[
0].uuid
iam2_ops.remove_attributes_from_iam2_organization(department_01_uuid, [attribute_uuid],
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_iam2_virtual_ids_from_organization([virtual_id_uuid], department_01_uuid,
session_uuid=platform_admin_session_uuid)
# 10 add virtual id to group and project
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid], project_uuid,
session_uuid=platform_admin_session_uuid)
# 11 change state
disable = 'disable'
enable = 'enable'
Disabled = 'Disabled'
iam2_ops.change_iam2_organization_state(company_uuid_01, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=company_uuid_01,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 organization state fail")
iam2_ops.change_iam2_organization_state(company_uuid_01, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_organization_state(department_01_uuid, disable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_organization_state(department_01_uuid, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_project_state(project_uuid, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_uuid,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 project state fail")
iam2_ops.change_iam2_project_state(project_uuid, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID, uuid=virtual_id_uuid,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id state fail")
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, disable,
session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP, uuid=virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id group state fail")
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, enable,
session_uuid=platform_admin_session_uuid)
iam2_ops.change_role_state(role_uuid, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.ROLE, uuid=role_uuid, session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 role state fail")
iam2_ops.change_role_state(role_uuid, enable, session_uuid=platform_admin_session_uuid)
# 12 update
virtual_id_new_name = 'virtual_id_new_name'
virtual_id_new_des = 'virtual_id_new_des'
virtual_id_new_password = '******'
iam2_ops.update_iam2_virtual_id(virtual_id_uuid, virtual_id_new_name, virtual_id_new_des, virtual_id_new_password,
session_uuid=platform_admin_session_uuid)
virtual_id_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID, uuid=virtual_id_uuid,
session_uuid=platform_admin_session_uuid)[0]
if virtual_id_inv.name != virtual_id_new_name:
test_util.test_fail("update iam2 virtual id name fail")
try:
virtual_id_session_uuid = iam2_ops.login_iam2_virtual_id(virtual_id_new_name, virtual_id_new_password)
except:
test_util.test_fail("update iam2 virtual id name or password fail.")
virtual_id_group_new_name = 'virtual_id_group_new_name'
virtual_id_group_new_des = 'virtual_id_group_new_des'
iam2_ops.update_iam2_virtual_id_group(virtual_id_group_uuid, virtual_id_group_new_name, virtual_id_group_new_des,
session_uuid=platform_admin_session_uuid)
virtual_id_group_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP, uuid=virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)[0]
if virtual_id_group_inv.name != virtual_id_group_new_name:
test_util.test_fail("update iam2 virtual id group name fail")
project_new_name = 'project_new_name'
project_new_dsc = 'project_new_dsc'
iam2_ops.update_iam2_project(project_uuid, project_new_name, project_new_dsc,
session_uuid=platform_admin_session_uuid)
project_inv = \
res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_uuid, session_uuid=platform_admin_session_uuid)[0]
if project_inv.name != project_new_name or project_inv.description != project_new_dsc:
test_util.test_fail("update project information fail")
company_new_name = 'company_new_name'
company_new_dsc = 'company_new_dsc'
iam2_ops.update_iam2_organization(company_uuid_02, company_new_name, company_new_dsc,
session_uuid=platform_admin_session_uuid)
organization_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=company_uuid_02,
session_uuid=platform_admin_session_uuid)[0]
if organization_inv.name != company_new_name or organization_inv.description != company_new_dsc:
test_util.test_fail("update organization name fail")
# 13 delete
iam2_ops.delete_iam2_organization(company_uuid_01, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_organization(company_uuid_02, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_organization(department_01_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_organization(department_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project(project_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project(project_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.expunge_iam2_project(project_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.expunge_iam2_project(project_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project_template(project_template_01_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project_template(project_template_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_role(role_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id(platform_admin_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by admin!')
