def test_user_auth_against_nonexistent_tenant(self): # Create an unscoped token unscoped = self.post_token(as_json={ 'auth': { 'passwordCredentials': { 'username': self.user['name'], 'password': self.user['password']}}}).json['access'] # Invalid tenant id self.post_token(assert_status=401, as_json={ 'auth': { 'token': {'id': unscoped['token']['id']}, 'tenantId': common.unique_str()}}) # Invalid tenant name self.post_token(assert_status=401, as_json={ 'auth': { 'token': {'id': unscoped['token']['id']}, 'tenantName': common.unique_str()}}) # Invalid tenant id self.post_token(assert_status=401, as_json={ 'auth': { 'passwordCredentials': { 'username': self.user['name'], 'password': self.user['password']}, 'tenantId': common.unique_str()}}) # Invalid tenant name self.post_token(assert_status=401, as_json={ 'auth': { 'passwordCredentials': { 'username': self.user['name'], 'password': self.user['password']}, 'tenantName': common.unique_str()}})
def test_service_create_xml_using_empty_type(self): name = common.unique_str() type = '' description = common.unique_str() data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<service xmlns="%s" name="%s" type="%s" description="%s"/>') % ( self.xmlns_ksadm, name, type, description) self.post_service(as_xml=data, assert_status=400)
def test_create_tenant(self): name = common.unique_str() description = common.unique_str() response = self.create_tenant(tenant_name=name, tenant_description=description, assert_status=201) tenant = self.assertValidJsonTenantResponse(response) self.assertEqual(name, tenant.get('name')) self.assertEqual(description, tenant.get('description'))
def test_create_tenant_invalid_token_xml(self): self.admin_token = common.unique_str() data = '<?xml version="1.0" encoding="UTF-8"?> \ <tenant xmlns="http://docs.openstack.org/identity/api/v2.0" \ enabled="true" name="%s"> \ <description>A description...</description> \ </tenant>' % (common.unique_str()) self.post_tenant(as_xml=data, assert_status=404)
def test_update_tenant(self): new_tenant_name = common.unique_str() new_description = common.unique_str() updated_tenant = self.update_tenant(self.tenant['id'], tenant_name=new_tenant_name, tenant_description=new_description, assert_status=200).\ json['tenant'] self.assertEqual(updated_tenant['name'], new_tenant_name) self.assertEqual(updated_tenant['description'], new_description)
def test_update_tenant(self): new_tenant_name = common.unique_str() new_description = common.unique_str() response = self.update_tenant(self.tenant['id'], tenant_name=new_tenant_name, tenant_enabled=False, tenant_description=new_description, assert_status=200) updated_tenant = self.assertValidJsonTenantResponse(response) self.assertEqual(updated_tenant['name'], new_tenant_name) self.assertEqual(updated_tenant['description'], new_description) self.assertEqual(updated_tenant['enabled'], False)
def test_get_tenant_data(self): tenant = self.fixture_create_tenant(name=common.unique_str(), description=common.unique_str(), enabled=True) response = self.fetch_tenant_by_name(tenant['name'], assert_status=200) returned = self.assertValidJsonTenantResponse(response) self.assertEquals(returned['id'], tenant['id']) self.assertEquals(returned['name'], tenant['name']) self.assertEquals(returned['description'], tenant['description']) self.assertEquals(returned['enabled'], tenant['enabled'])
def test_endpoint_create_xml_using_invalid_token(self): self.admin_token = common.unique_str() data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<endpointTemplate ' 'xmlns="http://docs.openstack.org/identity/api/v2.0" ' 'region="%s" serviceId="%s" publicURL="%s" adminURL="%s" ' 'internalURL="%s" enabled="%s" global="%s"/>') % ( common.unique_str(), self.service['id'], common.unique_url(), common.unique_url(), common.unique_url(), True, True) self.post_endpoint_template(as_xml=data, assert_status=401, headers={ 'Accept': 'application/xml'})
def test_create_role_mapped_to_a_service_xml(self): service = self.create_service().json['OS-KSADM:service'] name = service['name'] + ':' + common.unique_str() description = common.unique_str() data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<role xmlns="%s" name="%s" description="%s" serviceId="%s"/>') % ( self.xmlns, name, description, service['id']) role_id = self.post_role(assert_status=201, as_xml=data).xml.get('id') role = self.fetch_role(role_id, assert_status=200).json['role'] self.assertEqual(role['id'], role_id) self.assertEqual(role['serviceId'], service['id'])
def test_service_create_xml(self): name = common.unique_str() type = common.unique_str() description = common.unique_str() data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<service xmlns="%s" name="%s" type="%s" description="%s"/>') % ( self.xmlns_ksadm, name, type, description) r = self.post_service(as_xml=data, assert_status=201) self.assertEqual(r.xml.tag, "{%s}service" % self.xmlns_ksadm) self.assertIsNotNone(r.xml.get('id')) self.assertEqual(name, r.xml.get('name')) self.assertEqual(type, r.xml.get('type')) self.assertEqual(description, r.xml.get('description'))
def test_service_create_json(self): name = common.unique_str() type = common.unique_str() description = common.unique_str() service = self.create_service(service_name=name, service_type=type, service_description=description, assert_status=201).json['OS-KSADM:service'] self.assertIsNotNone(service.get('id')) self.assertEqual(name, service.get('name')) self.assertEqual(type, service.get('type')) self.assertEqual(description, service.get('description'))
def test_endpoint_create_xml_using_invalid_token(self): self.admin_token = common.unique_str() data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<endpointTemplate ' 'xmlns="%s" ' 'region="%s" name="%s" type="%s" publicURL="%s" adminURL="%s" ' 'internalURL="%s" enabled="%s" global="%s"/>') % ( self.xmlns_kscatalog, common.unique_str(), self.service['name'], self.service['type'], common.unique_url(), common.unique_url(), common.unique_url(), True, True) self.post_endpoint_template(as_xml=data, assert_status=401, headers={ 'Accept': 'application/xml'})
def test_service_create_json(self): name = common.unique_str() type = common.unique_str() description = common.unique_str() service = self.create_service( service_name=name, service_type=type, service_description=description, assert_status=201 ).json["OS-KSADM:service"] self.assertIsNotNone(service.get("id")) self.assertEqual(name, service.get("name")) self.assertEqual(type, service.get("type")) self.assertEqual(description, service.get("description"))
def test_create_tenant_xml(self): name = common.unique_str() description = common.unique_str() data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<tenant xmlns="http://docs.openstack.org/identity/api/v2.0" ' 'enabled="true" name="%s"> ' '<description>%s</description> ' '</tenant>') % (name, description) response = self.post_tenant(as_xml=data, assert_status=201, headers={ 'Accept': 'application/xml'}) tenant = self.assertValidXmlTenantResponse(response) self.assertEqual(name, tenant.get('name')) self.assertEqual(description, tenant.find('{%s}description' % self.xmlns).text)
def test_update_user_name(self): new_user_name = common.unique_str() new_user_email = common.unique_email() self.update_user(self.user['id'], user_name=new_user_name, user_email=new_user_email) r = self.fetch_user(self.user['id']) self.assertTrue(r.json['user']['name'], new_user_name)
def test_service_create_xml(self): service_id = common.unique_str() data = '<?xml version="1.0" encoding="UTF-8"?>\ <service xmlns="http://docs.openstack.org/identity/api/v2.0" \ id="%s" description="A Description of the service"/>\ ' % (service_id,) self.post_service(as_xml=data, assert_status=201)
def test_create_endpoint_template_xml(self): region = common.unique_str() public_url = common.unique_url() admin_url = common.unique_url() internal_url = common.unique_url() enabled = True is_global = True data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<endpointTemplate xmlns="%s" region="%s" serviceId="%s" ' 'publicURL="%s" adminURL="%s" internalURL="%s" enabled="%s" ' 'global="%s"/>') % (self.xmlns, region, self.service['id'], public_url, admin_url, internal_url, enabled, is_global) r = self.post_endpoint_template(as_xml=data, assert_status=201) self.assertEqual(r.xml.tag, '{%s}endpointTemplate' % self.xmlns) self.assertIsNotNone(r.xml.get("id")) self.assertEqual(r.xml.get("serviceId"), self.service['id']) self.assertEqual(r.xml.get("region"), region) self.assertEqual(r.xml.get("publicURL"), public_url) self.assertEqual(r.xml.get("adminURL"), admin_url) self.assertEqual(r.xml.get("internalURL"), internal_url) self.assertEqual(r.xml.get("enabled"), str(enabled).lower()) self.assertEqual(r.xml.get("global"), str(is_global).lower())
def setUp(self): super(TestHPIDMTokensExtension, self).setUp() password = common.unique_str() self.user = self.create_user(user_password=password).json['user'] self.user['password'] = password self.tenant = self.create_tenant().json['tenant'] self.service = self.create_service().json['OS-KSADM:service'] r = self.create_role(service_name=self.service['name']) self.role = r.json['role'] self.another_service = self.create_service().json['OS-KSADM:service'] self.service_with_no_users = self.create_service().\ json['OS-KSADM:service'] ar = self.create_role(service_name=self.another_service['name']) self.another_role = ar.json['role'] rnu = self.create_role(service_name=self.service_with_no_users['name']) self.role_with_no_users = rnu.json['role'] rns = self.create_role() self.role_with_no_service = rns.json['role'] self.grant_role_to_user(self.user['id'], self.role['id'], self.tenant['id']) self.grant_role_to_user(self.user['id'], self.role_with_no_service['id'], self.tenant['id']) self.grant_role_to_user(self.user['id'], self.another_role['id'], self.tenant['id']) self.global_role = self.create_role().json['role'] # crete a global role self.put_user_role(self.user['id'], self.global_role['id'], None)
def test_endpoint_create_xml(self): region = common.unique_str() public_url = common.unique_url() admin_url = common.unique_url() internal_url = common.unique_url() enabled = True is_global = True data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<endpointTemplate ' 'xmlns="http://docs.openstack.org/identity/api/v2.0" ' 'region="%s" serviceId="%s" publicURL="%s" adminURL="%s" ' 'internalURL="%s" enabled="%s" global="%s"/>') % (region, self.service['id'], public_url, admin_url, internal_url, enabled, is_global) r = self.post_endpoint_template(as_xml=data, assert_status=201, headers={'Accept': 'application/xml'}) self.assertEqual(r.xml.tag, '{%s}endpointTemplate' % self.xmlns) self.assertIsNotNone(r.xml.get("id")) self.assertEqual(r.xml.get("serviceId"), self.service['id']) self.assertEqual(r.xml.get("region"), region) self.assertEqual(r.xml.get("publicURL"), public_url) self.assertEqual(r.xml.get("adminURL"), admin_url) self.assertEqual(r.xml.get("internalURL"), internal_url) self.assertEqual(r.xml.get("enabled"), str(enabled).lower()) self.assertEqual(r.xml.get("global"), str(is_global).lower())
def setUp(self, *args, **kwargs): super(GetRolesByServiceTest, self).setUp(*args, **kwargs) service = self.create_service().json['OS-KSADM:service'] role_name = service['name'] + ':' + common.unique_str() role = self.create_role(role_name=role_name, service_id=service['id']).json['role'] self.service_id = service['id']
def setUp(self): super(TestServiceAuthentication, self).setUp() # Create a user password = common.unique_str() self.user = self.create_user(user_password=password).json['user'] self.user['password'] = password
def test_disabling_tenant_disables_token(self): """Disabling a tenant should invalidate previously-issued tokens""" # Create a user for a specific tenant tenant = self.create_tenant().json['tenant'] password = common.unique_str() user = self.create_user(user_password=password, tenant_id=tenant['id']).json['user'] user['password'] = password # Authenticate as user to get a token *for a specific tenant* user_token = self.authenticate(user['name'], user['password'], tenant['id']).json['access']['token']['id'] # Validate and check that token belongs to tenant print self.get_token(user_token).body tenant_id = self.get_token(user_token).\ json['access']['token']['tenant']['id'] self.assertEqual(tenant_id, tenant['id']) # Disable tenant r = self.admin_request(method='POST', path='/tenants/%s' % tenant['id'], as_json={ 'tenant': { 'name': tenant['name'], 'description': 'description', 'enabled': False}}) self.assertEquals(r.json['tenant']['enabled'], False) # Assert that token belonging to disabled tenant is invalid r = self.admin_request(path='/tokens/%s?belongsTo=%s' % (user_token, tenant['id']), assert_status=403) self.assertTrue(r.json['tenantDisabled'], 'Tenant is disabled')
def test_update_endpoint_xml(self): region = common.unique_str() public_url = common.unique_url() admin_url = common.unique_url() internal_url = common.unique_url() enabled = True is_global = True data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<endpointTemplate ' 'xmlns="%s" ' 'region="%s" name="%s" type="%s"' ' publicURL="%s" adminURL="%s"' ' internalURL="%s" enabled="%s" global="%s"/>') % ( self.xmlns_kscatalog, region, self.service['name'], self.service['type'], public_url, admin_url, internal_url, enabled, is_global) r = self.put_endpoint_template(self.endpoint_template['id'], as_xml=data, assert_status=201, headers={ 'Accept': 'application/xml'}) self.assertEqual(r.xml.tag, '{%s}endpointTemplate' % self.xmlns_kscatalog) self.assertIsNotNone(r.xml.get("id")) self.assertEqual(r.xml.get("name"), self.service['name']) self.assertEqual(r.xml.get("type"), self.service['type']) self.assertEqual(r.xml.get("region"), region) self.assertEqual(r.xml.get("publicURL"), public_url) self.assertEqual(r.xml.get("adminURL"), admin_url) self.assertEqual(r.xml.get("internalURL"), internal_url) self.assertEqual(r.xml.get("enabled"), str(enabled).lower()) self.assertEqual(r.xml.get("global"), str(is_global).lower())
def setUp(self): super(TestCreatePasswordCredentials, self).setUp() password = common.unique_str() self.user = self.create_user( user_password=password).json['user'] self.delete_user_credentials_by_type( self.user['id'], 'passwordCredentials')
def test_create_endpoint_template_xml_using_empty_type(self): region = common.unique_str() public_url = common.unique_url() admin_url = common.unique_url() internal_url = common.unique_url() enabled = True is_global = True data = ( '<?xml version="1.0" encoding="UTF-8"?> ' '<endpointTemplate xmlns="%s" region="%s" name="%s" ' 'type="%s" publicURL="%s" adminURL="%s" ' 'internalURL="%s" enabled="%s" global="%s"/>' ) % ( self.xmlns_kscatalog, region, self.service["name"], "", public_url, admin_url, internal_url, enabled, is_global, ) self.post_endpoint_template(as_xml=data, assert_status=400)
def test_update_tenant_not_found_xml(self): data = ('<?xml version="1.0" encoding="UTF-8"?>' '<tenant xmlns="http://docs.openstack.org/identity/api/v2.0" ' 'enabled="true"> ' '<description>A NEW description...</description> ' '</tenant>') self.put_tenant(common.unique_str(), as_xml=data, assert_status=404)
def test_create_role_using_empty_name_xml(self): name = '' description = common.unique_str() data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<role xmlns="%s" name="%s" description="%s" />') % ( self.xmlns, name, description) self.post_role(assert_status=400, as_xml=data)
def test_create_role_mapped_to_a_service(self): service = self.create_service().json['OS-KSADM:service'] role_name = service['name'] + ':' + common.unique_str() role = self.create_role(role_name=role_name, service_id=service['id']).json['role'] self.assertEqual(role_name, role['name']) self.assertEqual(service['id'], role['serviceId'])
def test_disabling_tenant_disables_token(self): """Disabling a tenant should invalidate previously-issued tokens""" # Create a user for a specific tenant tenant = self.create_tenant().json["tenant"] password = common.unique_str() user = self.create_user(user_password=password, tenant_id=tenant["id"]).json["user"] user["password"] = password # Authenticate as user to get a token *for a specific tenant* user_token = self.authenticate(user["name"], user["password"], tenant["id"]).json["access"]["token"]["id"] # Validate and check that token belongs to tenant tenant_id = self.get_token(user_token).json["access"]["token"]["tenant"]["id"] self.assertEqual(tenant_id, tenant["id"]) # Disable tenant r = self.admin_request( method="PUT", path="/tenants/%s" % tenant["id"], as_json={"tenant": {"name": tenant["name"], "description": "description", "enabled": False}}, ) self.assertFalse(r.json["tenant"]["enabled"]) # Assert that token belonging to disabled tenant is invalid r = self.admin_request(path="/tokens/%s?belongsTo=%s" % (user_token, tenant["id"]), assert_status=403) self.assertTrue(r.json["tenantDisabled"], "Tenant is disabled")
def test_create_tenant_xml(self): data = ('<?xml version="1.0" encoding="UTF-8"?> ' '<tenant xmlns="http://docs.openstack.org/identity/api/v2.0" ' 'enabled="true" name="%s"> ' '<description>A description...</description> ' '</tenant>') % (common.unique_str(),) self.post_tenant(as_xml=data, assert_status=201, headers={ 'Accept': 'application/xml'})
def test_get_role_using_invalid_token(self): self.admin_token = common.unique_str() self.fetch_role(self.role['id'], assert_status=404)
def test_service_create_json_using_invalid_token(self): self.admin_token = common.unique_str() self.create_service(assert_status=401)
def test_get_service_using_invalid_token(self): self.admin_token = common.unique_str() self.fetch_service(service_id=self.service['id'], assert_status=401)
def test_update_tenant(self): new_description = common.unique_str() updated_tenant = self.update_tenant(self.tenant['id'], tenant_description=new_description, assert_status=200).\ json['tenant'] self.assertEqual(updated_tenant['description'], new_description)
def test_get_services_using_invalid_token(self): self.admin_token = common.unique_str() self.list_services(assert_status=401)
def test_get_endpoint_json_using_invalid_auth_token(self): self.admin_token = common.unique_str() self.get_tenant_endpoints(self.tenant['id'], assert_status=401)
def test_delete_tenant_not_found_xml(self): self.delete_tenant(common.unique_str(), assert_status=404, headers={ 'Accept': 'application/xml'})
def test_create_role_mapped_to_a_service_using_incorrect_role_name(self): self.create_role(common.unique_str(), service_id=common.unique_str(), assert_status=400)
def test_create_role_mapped_to_a_service(self): service = self.create_service().json['OS-KSADM:service'] role_name = service['name'] + ':' + common.unique_str() role = self.create_role(role_name=role_name, service_id=service['id']).json['role'] self.assertEqual(service['id'], role['serviceId'])
def test_delete_roleref_using_invalid_token(self): self.admin_token = common.unique_str() self.delete_user_role(self.user['id'], self.roles[0]['id'], assert_status=404)
def test_create_roles_using_invalid_token(self): self.admin_token = common.unique_str() self.create_role(assert_status=404)
def test_get_rolerefs_xml_using_invalid_token(self): self.admin_token = common.unique_str() self.get_user_roles(self.user['id'], assert_status=404, headers={'Accept': 'application/xml'})
def test_get_rolerefs_json_using_invalid_token(self): self.admin_token = common.unique_str() self.get_user_roles(self.user['id'], assert_status=404)
def test_grant_role_json_using_invalid_token(self): self.admin_token = common.unique_str() self.grant_role_to_user(self.user['id'], self.role['id'], self.tenant['id'], assert_status=404)
def test_endpoint_create_json_using_invalid_token(self): self.admin_token = common.unique_str() self.create_endpoint_for_tenant(self.tenant['id'], self.endpoint_template['id'], assert_status=401)
def test_validate_token_invalid_xml(self): self.get_token(common.unique_str(), assert_status=404, headers={'Accept': 'application/xml'})
def test_get_tenant_endpoint_xml_using_invalid_auth_token(self): self.admin_token = common.unique_str() self.get_tenant_endpoints(self.tenant['id'], assert_status=401, headers={"Accept": "application/xml"})
def test_validate_token_invalid(self): self.get_token(common.unique_str(), assert_status=404)
def test_delete_endpoint_using_invalid_auth_token(self): self.admin_token = common.unique_str() self.delete_tenant_endpoint(self.tenant['id'], self.endpoint_template['id'], assert_status=401)
def test_endpoint_create_json_using_invalid_token(self): self.admin_token = common.unique_str() self.create_endpoint_template(service_id=self.service['id'], assert_status=401)
def test_delete_tenant_not_found(self): self.remove_tenant(common.unique_str(), assert_status=404)
def test_get_endpoint_templates_using_invalid_auth_token(self): self.admin_token = common.unique_str() self.list_endpoint_templates(service_id=self.service['id'], assert_status=401)
def test_create_tenant_invalid_token(self): self.admin_token = common.unique_str() self.create_tenant(assert_status=401)
def test_get_endpoint_templates_xml_invalid_auth_token(self): self.admin_token = common.unique_str() self.get_endpoint_templates_by_service( service_id=self.service['id'], assert_status=401, headers={'Accept': 'application/xml'})
def test_service_delete_json_using_invalid_token(self): self.admin_token = common.unique_str() self.remove_service(self.service['id'], assert_status=401)
def test_get_endpoint_using_invalid_auth_token(self): self.admin_token = common.unique_str() self.fetch_endpoint_template(self.endpoint_template['id'], assert_status=401)
def test_service_create_duplicate_json(self): service_name = common.unique_str() self.create_service(service_name=service_name, assert_status=201) self.create_service(service_name=service_name, assert_status=409)
def test_update_endpoint_template_with_invalid_token(self): self.admin_token = common.unique_str() self.update_endpoint_template(self.endpoint_template['id'], assert_status=401)
def test_get_role_xml_bad(self): self.get_role(common.unique_str(), assert_status=404, headers={'Accept': 'application/xml'})
def test_get_role_bad(self): self.fetch_role(common.unique_str(), assert_status=404)