def test_rand_password_with_len_2(self):
actual = data_utils.rand_password(2)
self.assertIsInstance(actual, str)
self.assertEqual(len(actual), 3)
self.assertRegexpMatches(actual, "[A-Za-z0-9~!@#$%^&*_=+]{3}")
actual2 = data_utils.rand_password(2)
self.assertNotEqual(actual, actual2)
def test_can_create_server_with_max_number_personality_files(self):
# Server should be created successfully if maximum allowed number of
# files is injected into the server during creation.
file_contents = 'This is a test file.'
limits = self.user_client.show_limits()['limits']
max_file_limit = limits['absolute']['maxPersonality']
if max_file_limit == -1:
raise self.skipException("No limit for personality files")
person = []
for i in range(0, int(max_file_limit)):
path = '/etc/test' + str(i) + '.txt'
person.append({
'path': path,
'contents': base64.b64encode(file_contents),
})
password = data_utils.rand_password()
created_server = self.create_test_server(personality=person,
adminPass=password,
wait_until='ACTIVE',
validatable=True)
server = self.client.show_server(created_server['id'])['server']
if CONF.validation.run_validation:
linux_client = remote_client.RemoteClient(
self.get_server_ip(server), self.ssh_user, password,
self.validation_resources['keypair']['private_key'])
for i in person:
self.assertEqual(
base64.b64decode(i['contents']),
linux_client.exec_command('sudo cat %s' % i['path']))
def test_can_create_server_with_max_number_personality_files(self):
# Server should be created successfully if maximum allowed number of
# files is injected into the server during creation.
file_contents = 'This is a test file.'
limits = self.user_client.show_limits()['limits']
max_file_limit = limits['absolute']['maxPersonality']
if max_file_limit == -1:
raise self.skipException("No limit for personality files")
person = []
for i in range(0, int(max_file_limit)):
path = '/etc/test' + str(i) + '.txt'
person.append({
'path': path,
'contents': base64.b64encode(file_contents),
})
password = data_utils.rand_password()
created_server = self.create_test_server(personality=person,
adminPass=password,
wait_until='ACTIVE',
validatable=True)
server = self.client.show_server(created_server['id'])['server']
if CONF.validation.run_validation:
linux_client = remote_client.RemoteClient(
self.get_server_ip(server),
self.ssh_user, password,
self.validation_resources['keypair']['private_key'])
for i in person:
self.assertEqual(base64.b64decode(i['contents']),
linux_client.exec_command(
'sudo cat %s' % i['path']))
def test_user_update_own_password(self):
self.new_creds = copy.copy(self.creds.credentials)
self.new_creds.password = data_utils.rand_password()
# we need new non-admin Identity Client with new credentials, since
# current non_admin_client token will be revoked after updating
# password
self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
self.non_admin_client_for_cleanup.auth_provider = (
manager.get_auth_provider(self.new_creds))
user_id = self.creds.credentials.user_id
old_pass = self.creds.credentials.password
new_pass = self.new_creds.password
# to change password back. important for allow_tenant_isolation = false
self.addCleanup(
self.non_admin_client_for_cleanup.update_user_own_password,
user_id=user_id,
new_pass=old_pass,
old_pass=new_pass)
# user updates own password
resp = self.non_admin_client.update_user_own_password(
user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']
# TODO(lbragstad): Sleeping after the response status has been checked
# and the body loaded as JSON allows requests to fail-fast. The sleep
# is necessary because keystone will err on the side of security and
# invalidate tokens within a small margin of error (within the same
# wall clock second) after a revocation event is issued (such as a
# password change). Remove this once keystone and Fernet support
# sub-second precision.
time.sleep(1)
# check authorization with new token
self.non_admin_token_client.auth_token(resp['token']['id'])
# check authorization with new password
self.non_admin_token_client.auth(self.username,
new_pass,
self.tenant_name)
# authorize with old token should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth_token,
self.non_admin_client.token)
# authorize with old password should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth,
self.username,
old_pass,
self.tenant_name)
def test_user_update_own_password(self):
self.new_creds = copy.copy(self.creds.credentials)
self.new_creds.password = data_utils.rand_password()
# we need new non-admin Identity Client with new credentials, since
# current non_admin_client token will be revoked after updating
# password
self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
self.non_admin_client_for_cleanup.auth_provider = (
manager.get_auth_provider(self.new_creds))
user_id = self.creds.credentials.user_id
old_pass = self.creds.credentials.password
new_pass = self.new_creds.password
# to change password back. important for allow_tenant_isolation = false
self.addCleanup(
self.non_admin_client_for_cleanup.update_user_own_password,
user_id=user_id,
new_pass=old_pass,
old_pass=new_pass)
# user updates own password
resp = self.non_admin_client.update_user_own_password(
user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']
# TODO(lbragstad): Sleeping after the response status has been checked
# and the body loaded as JSON allows requests to fail-fast. The sleep
# is necessary because keystone will err on the side of security and
# invalidate tokens within a small margin of error (within the same
# wall clock second) after a revocation event is issued (such as a
# password change). Remove this once keystone and Fernet support
# sub-second precision.
time.sleep(1)
# check authorization with new token
self.non_admin_token_client.auth_token(resp['token']['id'])
# check authorization with new password
self.non_admin_token_client.auth(self.username, new_pass,
self.tenant_name)
# authorize with old token should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth_token,
self.non_admin_client.token)
# authorize with old password should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth, self.username,
old_pass, self.tenant_name)
def generate_resources(opts):
spec = [{'number': 1,
'prefix': 'primary',
'roles': (CONF.auth.tempest_roles +
[CONF.object_storage.operator_role])},
{'number': 1,
'prefix': 'alt',
'roles': (CONF.auth.tempest_roles +
[CONF.object_storage.operator_role])}]
if CONF.service_available.swift:
spec.append({'number': 1,
'prefix': 'swift_operator',
'roles': (CONF.auth.tempest_roles +
[CONF.object_storage.operator_role])})
spec.append({'number': 1,
'prefix': 'swift_reseller_admin',
'roles': (CONF.auth.tempest_roles +
[CONF.object_storage.reseller_admin_role])})
if CONF.service_available.heat:
spec.append({'number': 1,
'prefix': 'stack_owner',
'roles': (CONF.auth.tempest_roles +
[CONF.orchestration.stack_owner_role])})
if opts.admin:
spec.append({
'number': 1,
'prefix': 'admin',
'roles': (CONF.auth.tempest_roles +
[CONF.identity.admin_role])
})
resources = {'tenants': [],
'users': []}
for count in range(opts.concurrency):
for user_group in spec:
users = [random_user_name(opts.tag, user_group['prefix'])
for _ in range(user_group['number'])]
for user in users:
tenant = '-'.join((user, 'tenant'))
resources['tenants'].append(tenant)
resources['users'].append({
'tenant': tenant,
'name': user,
'pass': data_utils.rand_password(),
'prefix': user_group['prefix'],
'roles': user_group['roles']
})
return resources
def test_create_server_with_personality(self):
file_contents = 'This is a test file.'
file_path = '/test.txt'
personality = [{'path': file_path,
'contents': base64.b64encode(file_contents)}]
password = data_utils.rand_password()
created_server = self.create_test_server(personality=personality,
adminPass=password,
wait_until='ACTIVE',
validatable=True)
server = self.client.show_server(created_server['id'])['server']
if CONF.validation.run_validation:
linux_client = remote_client.RemoteClient(
self.get_server_ip(server),
self.ssh_user, password,
self.validation_resources['keypair']['private_key'])
self.assertEqual(file_contents,
linux_client.exec_command(
'sudo cat %s' % file_path))
def test_user_update_own_password(self):
self.new_creds = copy.copy(self.creds.credentials)
self.new_creds.password = data_utils.rand_password()
# we need new non-admin Identity Client with new credentials, since
# current non_admin_client token will be revoked after updating
# password
self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
self.non_admin_client_for_cleanup.auth_provider = (
manager.get_auth_provider(self.new_creds))
user_id = self.creds.credentials.user_id
old_pass = self.creds.credentials.password
new_pass = self.new_creds.password
# to change password back. important for allow_tenant_isolation = false
self.addCleanup(
self.non_admin_client_for_cleanup.update_user_own_password,
user_id=user_id,
new_pass=old_pass,
old_pass=new_pass)
# user updates own password
resp = self.non_admin_client.update_user_own_password(
user_id=user_id, new_pass=new_pass, old_pass=old_pass)
# check authorization with new token
self.non_admin_token_client.auth_token(resp['token']['id'])
# check authorization with new password
self.non_admin_token_client.auth(self.username,
new_pass,
self.tenant_name)
# authorize with old token should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth_token,
self.non_admin_client.token)
# authorize with old password should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth,
self.username,
old_pass,
self.tenant_name)
def __init__(self):
self.username = data_utils.rand_name(name="user", prefix="akanda")
self.user_id = None
self.password = data_utils.rand_password()
self.tenant_name = data_utils.rand_name(name="tenant", prefix="akanda")
self.tenant_id = None
self.role_name = data_utils.rand_name(name="role", prefix="akanda")
self._admin_clients = AdminClientManager()
self._admin_ks_client = self._admin_clients.keystoneclient
self.auth_url = self._admin_ks_client.auth_url
# create the tenant before creating its clients.
self._create_tenant()
self.clients = ClientManager(self.username, self.password, self.tenant_name, self.auth_url)
self.tester = ClientManager("demo", "akanda", "demo", self.auth_url)
self._subnets = []
self._routers = []
def test_create_server_with_personality(self):
file_contents = 'This is a test file.'
file_path = '/test.txt'
personality = [{
'path': file_path,
'contents': base64.b64encode(file_contents)
}]
password = data_utils.rand_password()
created_server = self.create_test_server(personality=personality,
adminPass=password,
wait_until='ACTIVE',
validatable=True)
server = self.client.show_server(created_server['id'])['server']
if CONF.validation.run_validation:
linux_client = remote_client.RemoteClient(
self.get_server_ip(server), self.ssh_user, password,
self.validation_resources['keypair']['private_key'])
self.assertEqual(
file_contents,
linux_client.exec_command('sudo cat %s' % file_path))
def __init__(self):
self.username = data_utils.rand_name(name='user', prefix='akanda')
self.user_id = None
self.password = data_utils.rand_password()
self.tenant_name = data_utils.rand_name(name='tenant', prefix='akanda')
self.tenant_id = None
self.role_name = data_utils.rand_name(name='role', prefix='akanda')
self._admin_clients = AdminClientManager()
self._admin_ks_client = self._admin_clients.keystoneclient
self.auth_url = self._admin_ks_client.auth_url
# create the tenant before creating its clients.
self._create_tenant()
self.clients = ClientManager(self.username, self.password,
self.tenant_name, self.auth_url)
self.tester = ClientManager('demo', 'akanda', 'demo', self.auth_url)
self._subnets = []
self._routers = []
def __init__(self):
parse_config()
self.username = data_utils.rand_name(name='user', prefix='akanda')
self.user_id = None
self.password = data_utils.rand_password()
self.tenant_name = data_utils.rand_name(name='tenant', prefix='akanda')
self.tenant_id = None
self.role_name = data_utils.rand_name(name='role', prefix='akanda')
self._admin_clients = AdminClientManager()
self._admin_ks_client = self._admin_clients.keystoneclient
self.auth_url = self._admin_ks_client.auth_url
# create the tenant before creating its clients.
self._create_tenant()
self.clients = ClientManager(self.username, self.password,
self.tenant_name, self.auth_url)
self.tester = ClientManager('demo', 'akanda', 'demo', self.auth_url)
self._subnets = []
self._routers = []
def test_user_update_own_password(self):
self.new_creds = copy.copy(self.creds.credentials)
self.new_creds.password = data_utils.rand_password()
# we need new non-admin Identity Client with new credentials, since
# current non_admin_client token will be revoked after updating
# password
self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
self.non_admin_client_for_cleanup.auth_provider = (
manager.get_auth_provider(self.new_creds))
user_id = self.creds.credentials.user_id
old_pass = self.creds.credentials.password
new_pass = self.new_creds.password
# to change password back. important for allow_tenant_isolation = false
self.addCleanup(
self.non_admin_client_for_cleanup.update_user_own_password,
user_id=user_id,
new_pass=old_pass,
old_pass=new_pass)
# user updates own password
resp = self.non_admin_client.update_user_own_password(
user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']
# check authorization with new token
self.non_admin_token_client.auth_token(resp['token']['id'])
# check authorization with new password
self.non_admin_token_client.auth(self.username, new_pass,
self.tenant_name)
# authorize with old token should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth_token,
self.non_admin_client.token)
# authorize with old password should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth, self.username,
old_pass, self.tenant_name)
def test_user_update_own_password(self):
self.new_creds = copy.copy(self.creds.credentials)
self.new_creds.password = data_utils.rand_password()
# we need new non-admin Identity V3 Client with new credentials, since
# current non_admin_client token will be revoked after updating
# password
self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
self.non_admin_client_for_cleanup.auth_provider = (
manager.get_auth_provider(self.new_creds))
user_id = self.creds.credentials.user_id
old_pass = self.creds.credentials.password
new_pass = self.new_creds.password
# to change password back. important for allow_tenant_isolation = false
self.addCleanup(
self.non_admin_client_for_cleanup.update_user_password,
user_id=user_id,
password=old_pass,
original_password=new_pass)
# user updates own password
self.non_admin_client.update_user_password(
user_id=user_id, password=new_pass, original_password=old_pass)
# check authorization with new password
self.non_admin_token.auth(user_id=self.user_id, password=new_pass)
# authorize with old token should lead to IdentityError (404 code)
self.assertRaises(exceptions.IdentityError,
self.non_admin_token.auth,
token=self.non_admin_client.token)
# authorize with old password should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token.auth,
user_id=self.user_id,
password=old_pass)
def generate_resources(opts):
spec = [{
'number':
1,
'prefix':
'primary',
'roles':
(CONF.auth.tempest_roles + [CONF.object_storage.operator_role])
}, {
'number':
1,
'prefix':
'alt',
'roles':
(CONF.auth.tempest_roles + [CONF.object_storage.operator_role])
}]
if CONF.service_available.swift:
spec.append({
'number':
1,
'prefix':
'swift_operator',
'roles':
(CONF.auth.tempest_roles + [CONF.object_storage.operator_role])
})
spec.append({
'number':
1,
'prefix':
'swift_reseller_admin',
'roles': (CONF.auth.tempest_roles +
[CONF.object_storage.reseller_admin_role])
})
if CONF.service_available.heat:
spec.append({
'number':
1,
'prefix':
'stack_owner',
'roles':
(CONF.auth.tempest_roles + [CONF.orchestration.stack_owner_role])
})
if opts.admin:
spec.append({
'number':
1,
'prefix':
'admin',
'roles': (CONF.auth.tempest_roles + [CONF.identity.admin_role])
})
resources = {'tenants': [], 'users': []}
for count in range(opts.concurrency):
for user_group in spec:
users = [
random_user_name(opts.tag, user_group['prefix'])
for _ in range(user_group['number'])
]
for user in users:
tenant = '-'.join((user, 'tenant'))
resources['tenants'].append(tenant)
resources['users'].append({
'tenant': tenant,
'name': user,
'pass': data_utils.rand_password(),
'prefix': user_group['prefix'],
'roles': user_group['roles']
})
return resources
def test_rand_password(self):
actual = data_utils.rand_password()
self.assertIsInstance(actual, str)
self.assertRegexpMatches(actual, "[A-Za-z0-9~!@#$%^&*_=+]{15,}")
actual2 = data_utils.rand_password()
self.assertNotEqual(actual, actual2)
