Пример #1
0
    def setUpClass(cls):
        super(ScenarioPolicyBase, cls).setUpClass()
        # auth provider for admin credentials
        creds = cred_provider.get_configured_credentials("identity_admin")
        auth_prov = tempestmanager.get_auth_provider(creds)

        cls.admin_manager.congress_client = policy_client.PolicyClient(auth_prov, "policy", CONF.identity.region)
Пример #2
0
    def resource_setup(cls):
        super(ESXNetworksTestJSON, cls).resource_setup()
        cls.servers_client = cls.manager.servers_client
        cls.networks_client = cls.manager.networks_client
        cls.ports_client = cls.manager.ports_client
        cls.routers_client = cls.manager.routers_client
        cls.subnets_client = cls.manager.subnets_client
        cls.floating_ips_client = cls.manager.floating_ips_client
        cls.security_groups_client = cls.manager.security_groups_client
        cls.security_group_rules_client = (
            cls.manager.security_group_rules_client)

        cls.creds = cls.os.credentials
        cls.user_id = cls.creds.user_id
        cls.username = cls.creds.username
        cls.password = cls.creds.password
        cls.auth_provider = manager.get_auth_provider(cls.creds)
        if not test.is_extension_enabled('router', 'network'):
            msg = "router extension not enabled."
            raise cls.skipException(msg)
        cls.ext_net_id = CONF.network.public_network_id

        # Create network, subnet, router and add interface
        cls.network = cls.create_network()
        cls.subnet = cls.create_subnet(cls.network)
        cls.tenant_cidr = (CONF.network.project_network_cidr
                           if cls._ip_version == 4 else
                           CONF.network.tenant_network_v6_cidr)
        cls.router = cls.create_router(data_utils.rand_name('router-'),
                                       external_network_id=cls.ext_net_id,
                                       admin_state_up="true")
        cls.create_router_interface(cls.router['id'], cls.subnet['id'])
        cls.port = list()
        cls.floating_ip = cls.create_floatingip(cls.ext_net_id)
        tempest_config.register_options()
Пример #3
0
    def create_client(self, client_type):
        creds = credentials.get_configured_admin_credentials('identity_admin')
        auth_prov = tempestmanager.get_auth_provider(creds)

        return policy_client.PolicyClient(
            auth_prov, client_type,
            CONF.identity.region)
Пример #4
0
    def resource_setup(cls):
        super(ESXNetworksTestJSON, cls).resource_setup()
        cls.servers_client = cls.manager.servers_client
        cls.networks_client = cls.manager.networks_client
        cls.ports_client = cls.manager.ports_client
        cls.routers_client = cls.manager.routers_client
        cls.subnets_client = cls.manager.subnets_client
        cls.floating_ips_client = cls.manager.floating_ips_client
        cls.security_groups_client = cls.manager.security_groups_client
        cls.security_group_rules_client = (
            cls.manager.security_group_rules_client)

        cls.creds = cls.os.credentials
        cls.user_id = cls.creds.user_id
        cls.username = cls.creds.username
        cls.password = cls.creds.password
        cls.auth_provider = manager.get_auth_provider(cls.creds)
        if not test.is_extension_enabled('router', 'network'):
            msg = "router extension not enabled."
            raise cls.skipException(msg)
        cls.ext_net_id = CONF.network.public_network_id

        # Create network, subnet, router and add interface
        cls.network = cls.create_network()
        cls.subnet = cls.create_subnet(cls.network)
        cls.tenant_cidr = (CONF.network.project_network_cidr
                           if cls._ip_version == 4 else
                           CONF.network.tenant_network_v6_cidr)
        cls.router = cls.create_router(data_utils.rand_name('router-'),
                                       external_network_id=cls.ext_net_id,
                                       admin_state_up="true")
        cls.create_router_interface(cls.router['id'], cls.subnet['id'])
        cls.port = list()
        cls.floating_ip = cls.create_floatingip(cls.ext_net_id)
        tempest_config.register_options()
Пример #5
0
    def setUp(self):
        super(TestCase, self).setUp()

        credentials = SolumCredentials()

        auth_provider = manager.get_auth_provider(credentials)
        self.client = SolumClient(auth_provider)
        self.builderclient = SolumClient(auth_provider, 'image_builder')
Пример #6
0
    def setUp(self):
        super(TestCase, self).setUp()

        credentials = SolumCredentials()

        auth_provider = manager.get_auth_provider(credentials)
        self.client = SolumClient(auth_provider)
        self.builderclient = SolumClient(auth_provider, 'image_builder')
Пример #7
0
 def resource_setup(cls):
     super(OVSVAPPTestadminJSON, cls).resource_setup()
     cls.creds = cls.os_admin.credentials
     cls.user_id = cls.creds.user_id
     cls.username = cls.creds.username
     cls.password = cls.creds.password
     cls.auth_provider = auth_manager.get_auth_provider(
         cls.creds.credentials)
     cls.ext_net_id = CONF.network.public_network_id
     cls.network = cls.create_shared_network()
     cls.subnet = cls.create_subnet(cls.network, client=cls.admin_client)
Пример #8
0
 def resource_setup(cls):
     super(OVSVAPPTestadminJSON, cls).resource_setup()
     cls.creds = cls.os_admin.credentials
     cls.user_id = cls.creds.user_id
     cls.username = cls.creds.username
     cls.password = cls.creds.password
     cls.auth_provider = auth_manager.get_auth_provider(
         cls.creds.credentials)
     cls.ext_net_id = CONF.network.public_network_id
     cls.network = cls.create_shared_network()
     cls.subnet = cls.create_subnet(cls.network, client=cls.admin_client)
    def test_default_project_id(self):
        # create a domain
        dom_name = data_utils.rand_name('dom')
        domain_body = self.domains_client.create_domain(dom_name)['domain']
        dom_id = domain_body['id']
        self.addCleanup(self._delete_domain, dom_id)

        # create a project in the domain
        proj_name = data_utils.rand_name('proj')
        proj_body = self.projects_client.create_project(
            proj_name, domain_id=dom_id)['project']
        proj_id = proj_body['id']
        self.addCleanup(self.projects_client.delete_project, proj_id)
        self.assertEqual(
            proj_body['domain_id'], dom_id,
            "project " + proj_name + "doesn't have domain id " + dom_id)

        # create a user in the domain, with the previous project as his
        # default project
        user_name = data_utils.rand_name('user')
        user_body = self.users_client.create_user(
            user_name,
            password=user_name,
            domain_id=dom_id,
            default_project_id=proj_id)['user']
        user_id = user_body['id']
        self.addCleanup(self.users_client.delete_user, user_id)
        self.assertEqual(
            user_body['domain_id'], dom_id,
            "user " + user_name + "doesn't have domain id " + dom_id)

        # get roles and find the admin role
        admin_role = self.get_role_by_name(CONF.identity.admin_role)
        admin_role_id = admin_role['id']

        # grant the admin role to the user on his project
        self.roles_client.assign_user_role_on_project(proj_id, user_id,
                                                      admin_role_id)

        # create a new client with user's credentials (NOTE: unscoped token!)
        creds = auth.KeystoneV3Credentials(username=user_name,
                                           password=user_name,
                                           user_domain_name=dom_name)
        auth_provider = manager.get_auth_provider(creds)
        creds = auth_provider.fill_credentials()
        admin_client = clients.Manager(credentials=creds)

        # verify the user's token and see that it is scoped to the project
        token, auth_data = admin_client.auth_provider.get_auth()
        result = admin_client.identity_v3_client.show_token(token)['token']
        self.assertEqual(result['project']['domain']['id'], dom_id)
        self.assertEqual(result['project']['id'], proj_id)
    def test_default_project_id(self):
        # create a domain
        dom_name = data_utils.rand_name('dom')
        domain_body = self.domains_client.create_domain(dom_name)['domain']
        dom_id = domain_body['id']
        self.addCleanup(self._delete_domain, dom_id)

        # create a project in the domain
        proj_name = data_utils.rand_name('proj')
        proj_body = self.projects_client.create_project(
            proj_name, domain_id=dom_id)['project']
        proj_id = proj_body['id']
        self.addCleanup(self.projects_client.delete_project, proj_id)
        self.assertEqual(proj_body['domain_id'], dom_id,
                         "project " + proj_name +
                         "doesn't have domain id " + dom_id)

        # create a user in the domain, with the previous project as his
        # default project
        user_name = data_utils.rand_name('user')
        user_body = self.users_client.create_user(
            user_name,
            password=user_name,
            domain_id=dom_id,
            default_project_id=proj_id)['user']
        user_id = user_body['id']
        self.addCleanup(self.users_client.delete_user, user_id)
        self.assertEqual(user_body['domain_id'], dom_id,
                         "user " + user_name +
                         "doesn't have domain id " + dom_id)

        # get roles and find the admin role
        admin_role = self.get_role_by_name(CONF.identity.admin_role)
        admin_role_id = admin_role['id']

        # grant the admin role to the user on his project
        self.roles_client.assign_user_role_on_project(proj_id, user_id,
                                                      admin_role_id)

        # create a new client with user's credentials (NOTE: unscoped token!)
        creds = auth.KeystoneV3Credentials(username=user_name,
                                           password=user_name,
                                           user_domain_name=dom_name)
        auth_provider = manager.get_auth_provider(creds)
        creds = auth_provider.fill_credentials()
        admin_client = clients.Manager(credentials=creds)

        # verify the user's token and see that it is scoped to the project
        token, auth_data = admin_client.auth_provider.get_auth()
        result = admin_client.identity_v3_client.show_token(token)['token']
        self.assertEqual(result['project']['domain']['id'], dom_id)
        self.assertEqual(result['project']['id'], proj_id)
Пример #11
0
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity Client with new credentials, since
        # current non_admin_client token will be revoked after updating
        # password
        self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
        self.non_admin_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password

        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_client_for_cleanup.update_user_own_password,
            user_id=user_id,
            new_pass=old_pass,
            old_pass=new_pass)

        # user updates own password
        resp = self.non_admin_client.update_user_own_password(
            user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']

        # TODO(lbragstad): Sleeping after the response status has been checked
        # and the body loaded as JSON allows requests to fail-fast. The sleep
        # is necessary because keystone will err on the side of security and
        # invalidate tokens within a small margin of error (within the same
        # wall clock second) after a revocation event is issued (such as a
        # password change). Remove this once keystone and Fernet support
        # sub-second precision.
        time.sleep(1)

        # check authorization with new token
        self.non_admin_token_client.auth_token(resp['token']['id'])
        # check authorization with new password
        self.non_admin_token_client.auth(self.username,
                                         new_pass,
                                         self.tenant_name)

        # authorize with old token should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth_token,
                          self.non_admin_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth,
                          self.username,
                          old_pass,
                          self.tenant_name)
Пример #12
0
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity Client with new credentials, since
        # current non_admin_client token will be revoked after updating
        # password
        self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
        self.non_admin_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password

        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_client_for_cleanup.update_user_own_password,
            user_id=user_id,
            new_pass=old_pass,
            old_pass=new_pass)

        # user updates own password
        resp = self.non_admin_client.update_user_own_password(
            user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']

        # TODO(lbragstad): Sleeping after the response status has been checked
        # and the body loaded as JSON allows requests to fail-fast. The sleep
        # is necessary because keystone will err on the side of security and
        # invalidate tokens within a small margin of error (within the same
        # wall clock second) after a revocation event is issued (such as a
        # password change). Remove this once keystone and Fernet support
        # sub-second precision.
        time.sleep(1)

        # check authorization with new token
        self.non_admin_token_client.auth_token(resp['token']['id'])
        # check authorization with new password
        self.non_admin_token_client.auth(self.username, new_pass,
                                         self.tenant_name)

        # authorize with old token should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth_token,
                          self.non_admin_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth, self.username,
                          old_pass, self.tenant_name)
Пример #13
0
 def _fetch_cluster_in_use_from_server(self, server_id):
     region = CONF.compute.region
     auth_provider = manager.get_auth_provider(self.creds.credentials)
     endpoint_type = CONF.compute.endpoint_type
     build_interval = CONF.compute.build_interval
     build_timeout = CONF.compute.build_timeout
     disable_ssl_cert = CONF.identity.disable_ssl_certificate_validation
     ca_certs = CONF.identity.ca_certificates_file
     rs_client = rest_client.RestClient(auth_provider, "compute", region,
                                        endpoint_type, build_interval,
                                        build_timeout, disable_ssl_cert,
                                        ca_certs)
     resp, body = rs_client.get("servers/%s" % str(server_id))
     body = jsonutils.loads(body)
     cst_name = body['server']['OS-EXT-SRV-ATTR:hypervisor_hostname']
     return cst_name[cst_name.index("(") + 1:cst_name.rindex(")")]
Пример #14
0
 def get_server_ip(self, server_id, net_name):
     region = CONF.compute.region
     auth_provider = manager.get_auth_provider(self.creds.credentials)
     endpoint_type = CONF.compute.endpoint_type
     build_interval = CONF.compute.build_interval
     build_timeout = CONF.compute.build_timeout
     disable_ssl_cert = CONF.identity.disable_ssl_certificate_validation
     ca_certs = CONF.identity.ca_certificates_file
     rs_client = rest_client.RestClient(auth_provider, "compute", region,
                                        endpoint_type, build_interval,
                                        build_timeout, disable_ssl_cert,
                                        ca_certs)
     resp, body = rs_client.get("servers/%s" % str(server_id))
     body = jsonutils.loads(body)
     ipaddress = body['server']['addresses'][net_name][0]['addr']
     return ipaddress
Пример #15
0
    def setUpClass(cls):
        super(ScenarioPolicyBase, cls).setUpClass()
        # auth provider for admin credentials
        creds = credentials.get_configured_admin_credentials('identity_admin')
        auth_prov = tempestmanager.get_auth_provider(creds)

        cls.admin_manager.congress_client = policy_client.PolicyClient(
            auth_prov, "policy", CONF.identity.region)

        if getattr(CONF.service_available, 'ceilometer', False):
            import ceilometer.tests.tempest.service.client as telemetry_client
            cls.admin_manager.telemetry_client = (
                telemetry_client.TelemetryClient(
                    auth_prov, CONF.telemetry.catalog_type,
                    CONF.identity.region,
                    endpoint_type=CONF.telemetry.endpoint_type))
Пример #16
0
 def get_server_ip(self, server_id, net_name):
     region = CONF.compute.region
     auth_provider = manager.get_auth_provider(self.creds)
     endpoint_type = CONF.compute.endpoint_type
     build_interval = CONF.compute.build_interval
     build_timeout = CONF.compute.build_timeout
     disable_ssl_cert = CONF.identity.disable_ssl_certificate_validation
     ca_certs = CONF.identity.ca_certificates_file
     rs_client = rest_client.RestClient(auth_provider, "compute",
                                        region, endpoint_type,
                                        build_interval, build_timeout,
                                        disable_ssl_cert,
                                        ca_certs)
     resp, body = rs_client.get("servers/%s" % str(server_id))
     body = jsonutils.loads(body)
     ipaddress = body['server']['addresses'][net_name][0]['addr']
     return ipaddress
Пример #17
0
 def _fetch_cluster_in_use_from_server(self, server_id):
     region = CONF.compute.region
     auth_provider = manager.get_auth_provider(self.creds.credentials)
     endpoint_type = CONF.compute.endpoint_type
     build_interval = CONF.compute.build_interval
     build_timeout = CONF.compute.build_timeout
     disable_ssl_cert = CONF.identity.disable_ssl_certificate_validation
     ca_certs = CONF.identity.ca_certificates_file
     rs_client = rest_client.RestClient(auth_provider, "compute",
                                        region, endpoint_type,
                                        build_interval, build_timeout,
                                        disable_ssl_cert,
                                        ca_certs)
     resp, body = rs_client.get("servers/%s" % str(server_id))
     body = jsonutils.loads(body)
     cst_name = body['server']['OS-EXT-SRV-ATTR:hypervisor_hostname']
     return cst_name[cst_name.index("(") + 1:cst_name.rindex(")")]
Пример #18
0
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity V3 Client with new credentials, since
        # current non_admin_users_client token will be revoked after updating
        # password
        self.non_admin_users_client_for_cleanup = (
            copy.copy(self.non_admin_users_client))
        self.non_admin_users_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password
        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_users_client_for_cleanup.update_user_password,
            user_id,
            password=old_pass,
            original_password=new_pass)

        # user updates own password
        self.non_admin_users_client.update_user_password(
            user_id, password=new_pass, original_password=old_pass)

        # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
        # Keystone should only be precise to the second. Sleep to ensure
        # we are passing the second boundary.
        time.sleep(1)

        # check authorization with new password
        self.non_admin_token.auth(user_id=self.user_id, password=new_pass)

        # authorize with old token should lead to IdentityError (404 code)
        self.assertRaises(exceptions.IdentityError,
                          self.non_admin_token.auth,
                          token=self.non_admin_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token.auth,
                          user_id=self.user_id,
                          password=old_pass)
Пример #19
0
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity V3 Client with new credentials, since
        # current non_admin_users_client token will be revoked after updating
        # password
        self.non_admin_users_client_for_cleanup = (
            copy.copy(self.non_admin_users_client))
        self.non_admin_users_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password
        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_users_client_for_cleanup.update_user_password,
            user_id,
            password=old_pass,
            original_password=new_pass)

        # user updates own password
        self.non_admin_users_client.update_user_password(
            user_id, password=new_pass, original_password=old_pass)

        # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
        # Keystone should only be precise to the second. Sleep to ensure
        # we are passing the second boundary.
        time.sleep(1)

        # check authorization with new password
        self.non_admin_token.auth(user_id=self.user_id, password=new_pass)

        # authorize with old token should lead to IdentityError (404 code)
        self.assertRaises(exceptions.IdentityError,
                          self.non_admin_token.auth,
                          token=self.non_admin_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token.auth,
                          user_id=self.user_id,
                          password=old_pass)
Пример #20
0
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity Client with new credentials, since
        # current non_admin_client token will be revoked after updating
        # password
        self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
        self.non_admin_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password

        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_client_for_cleanup.update_user_own_password,
            user_id=user_id,
            new_pass=old_pass,
            old_pass=new_pass)

        # user updates own password
        resp = self.non_admin_client.update_user_own_password(
            user_id=user_id, new_pass=new_pass, old_pass=old_pass)

        # check authorization with new token
        self.non_admin_token_client.auth_token(resp['token']['id'])
        # check authorization with new password
        self.non_admin_token_client.auth(self.username,
                                         new_pass,
                                         self.tenant_name)

        # authorize with old token should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth_token,
                          self.non_admin_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth,
                          self.username,
                          old_pass,
                          self.tenant_name)
Пример #21
0
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity Client with new credentials, since
        # current non_admin_client token will be revoked after updating
        # password
        self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
        self.non_admin_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password

        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_client_for_cleanup.update_user_own_password,
            user_id=user_id,
            new_pass=old_pass,
            old_pass=new_pass)

        # user updates own password
        resp = self.non_admin_client.update_user_own_password(
            user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']

        # check authorization with new token
        self.non_admin_token_client.auth_token(resp['token']['id'])
        # check authorization with new password
        self.non_admin_token_client.auth(self.username, new_pass,
                                         self.tenant_name)

        # authorize with old token should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth_token,
                          self.non_admin_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token_client.auth, self.username,
                          old_pass, self.tenant_name)
Пример #22
0
    def test_user_update_own_password(self):
        self.new_creds = copy.copy(self.creds.credentials)
        self.new_creds.password = data_utils.rand_password()
        # we need new non-admin Identity V3 Client with new credentials, since
        # current non_admin_client token will be revoked after updating
        # password
        self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
        self.non_admin_client_for_cleanup.auth_provider = (
            manager.get_auth_provider(self.new_creds))
        user_id = self.creds.credentials.user_id
        old_pass = self.creds.credentials.password
        new_pass = self.new_creds.password
        # to change password back. important for allow_tenant_isolation = false
        self.addCleanup(
            self.non_admin_client_for_cleanup.update_user_password,
            user_id=user_id,
            password=old_pass,
            original_password=new_pass)

        # user updates own password
        self.non_admin_client.update_user_password(
            user_id=user_id, password=new_pass, original_password=old_pass)

        # check authorization with new password
        self.non_admin_token.auth(user_id=self.user_id, password=new_pass)

        # authorize with old token should lead to IdentityError (404 code)
        self.assertRaises(exceptions.IdentityError,
                          self.non_admin_token.auth,
                          token=self.non_admin_client.token)

        # authorize with old password should lead to Unauthorized
        self.assertRaises(exceptions.Unauthorized,
                          self.non_admin_token.auth,
                          user_id=self.user_id,
                          password=old_pass)
Пример #23
0
 def setUpClass(cls):
     super(ScenarioPolicyBase, cls).setUpClass()
     # auth provider for admin credentials
     creds = credentials.get_configured_admin_credentials('identity_admin')
     auth_prov = tempestmanager.get_auth_provider(creds)
     cls.setup_required_clients(auth_prov)
Пример #24
0
    def create_client(self, client_type):
        creds = credentials.get_configured_admin_credentials('identity_admin')
        auth_prov = tempestmanager.get_auth_provider(creds)

        return policy_client.PolicyClient(auth_prov, client_type,
                                          CONF.identity.region)