def test():
global vid_uuid, vid_uuid2
iam2_ops.clean_iam2_enviroment()
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
password = '******'
vid_tst_obj = test_vid.ZstackTestVid()
vid_tst_obj2 = None
if flavor['target_role'] == 'system_admin':
attributes = [{"name": "__SystemAdmin__"}]
username = "******"
vid_tst_obj = test_vid.ZstackTestVid()
test_stub.create_system_admin(username, password, vid_tst_obj)
virtual_id_uuid = vid_tst_obj.get_vid().uuid
system_admin_session_uuid = acc_ops.login_by_account(username, password)
#create systemadmin by systemadmin session
vid_tst_obj2 = test_vid.ZstackTestVid()
vid_tst_obj2.create("systemsubadmin", password, session_uuid=system_admin_session_uuid, without_default_role="true")
vid_uuid2 = vid_tst_obj2.get_vid().uuid
iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid2, attributes, session_uuid=system_admin_session_uuid)
role_uuid = iam2_ops.create_role('systemAdminSubRole').uuid
statements = [{"effect":"Allow","actions":["org.zstack.header.image.**"]}]
iam2_ops.add_policy_statements_to_role(role_uuid, statements)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], vid_tst_obj2.get_vid().uuid)
elif flavor['target_role'] == 'security_admin':
attributes = [{"name": "__SecurityAdmin__"}]
username = "******"
vid_tst_obj.create(username, password, without_default_role="true")
vid_uuid = vid_tst_obj.get_vid().uuid
iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid, attributes)
elif flavor['target_role'] == 'audit_admin':
attributes = [{"name": "__AuditAdmin__"}]
username = "******"
vid_tst_obj.create(username, password, without_default_role="true")
vid_uuid = vid_tst_obj.get_vid().uuid
iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid, attributes)
else:
test_util.test_fail("not a candidate role")
vid_tst_obj.set_vid_attributes(attributes)
vid_tst_obj.check()
vid_tst_obj.delete()
if vid_tst_obj2:
iam2_ops.delete_iam2_virtual_id(vid_uuid2)
test_util.test_pass('success test 3 admins attributes!')
def test():
iam2_ops.clean_iam2_enviroment()
# 1 create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
# 2 create project operator and virtual id
project_operator_name = 'username'
project_operator_password = '******'
password='******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo',password).uuid
# 3 login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
# 4 create virtual id group
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(project_uuid,'test_virtual_id_group',session_uuid=project_login_uuid).uuid
# 5 add virtual id into project and group
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
# 6 remove virtual id from project and group
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
# 7 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('role1', statements,session_uuid=project_login_uuid).uuid
# 8 add/remove roles to/from virtual id(group)
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid],virtual_id_group_uuid,session_uuid=project_login_uuid)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid],virtual_id_uuid,session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid],virtual_id_uuid,session_uuid=project_login_uuid)
# 9 delete
iam2_ops.delete_role(role_uuid,session_uuid=project_login_uuid)
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid,session_uuid=project_login_uuid)
acc_ops.logout(project_login_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login by project operator')
def test():
global role_uuid, project_uuid, project_02_uuid, project_template_01_uuid, project_template_02_uuid, \
company_uuid_01, company_uuid_02, department_01_uuid, department_02_uuid, virtual_id_group_uuid, \
virtual_id_uuid
iam2_ops.clean_iam2_enviroment()
# 1 create role and add/remove policy
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
action = "org.zstack.header.image.**"
statements = [{"effect": "Allow", "actions": [action]}]
iam2_ops.add_policy_statements_to_role(role_uuid, statements)
statement_uuid = iam2_ops.get_policy_statement_uuid_of_role(
role_uuid, action)
# statement_uuid= res_ops.get_resource(res_ops.ROLE, uuid=role_uuid)[0].statements[0].uuid
iam2_ops.remove_policy_statements_from_role(role_uuid, [statement_uuid])
# 2 create project and add/remove attributes to/from it
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
zone_inv = res_ops.query_resource(res_ops.ZONE)
if len(zone_inv) >= 2:
attributes = [{
"name": "__ProjectRelatedZone__",
"value": zone_inv[0].uuid
}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
username = '******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username,
password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],
project_uuid)
session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
session_uuid = iam2_ops.login_iam2_project(project_name,
session_uuid).uuid
cond = res_ops.gen_query_conditions('zoneUuid', '=', zone_inv[1].uuid)
host_inv = res_ops.query_resource(res_ops.HOST,
cond,
session_uuid=session_uuid)
if host_inv:
test_util.test_fail("test Project Related Zone fail")
attribute_uuid = iam2_ops.get_attribute_uuid_of_project(
project_uuid, "__ProjectRelatedZone__")
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
iam2_ops.remove_attributes_from_iam2_project(project_uuid,
[attribute_uuid])
# 3 create project template from project
project_template_01_uuid = iam2_ops.create_iam2_project_template_from_project(
'project_template', project_uuid, 'this is a template '
'description').uuid
project_template_inv = res_ops.get_resource(res_ops.IAM2_PROJECT_TEMPLATE,
uuid=project_template_01_uuid)
if not project_template_inv:
test_util.test_fail("create template from project fail")
# 4 create project template and then create project from template
project_template_02_uuid = iam2_ops.create_iam2_project_template(
'project_template_02').uuid
project_02_uuid = iam2_ops.create_iam2_project_from_template(
'project_02', project_template_02_uuid).uuid
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT,
uuid=project_02_uuid)
if not project_inv:
test_util.test_fail("create project from template fail")
# 5 create Company and Department (organization)
company_uuid_01 = iam2_ops.create_iam2_organization(
'test_company_01', 'Company').uuid
company_uuid_02 = iam2_ops.create_iam2_organization(
'test_company_02', 'Company').uuid
department_01_uuid = iam2_ops.create_iam2_organization(
'test_department_01', 'Department', parent_uuid=company_uuid_01).uuid
department_02_uuid = iam2_ops.create_iam2_organization(
'test_department_02', 'Department').uuid
# 6 organization change parent
iam2_ops.change_iam2_organization_parent(company_uuid_02,
[department_02_uuid])
iam2_ops.change_iam2_organization_parent(company_uuid_02,
[department_01_uuid])
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=department_01_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=department_02_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
# 7 create virtual id group and add/remove role and attributes to/from it
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(
project_uuid, 'test_virtual_id_group').uuid
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid],
virtual_id_group_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid],
virtual_id_group_uuid)
# TODO:there is nothing to do with the below api in the first version of iam2
# iam2_ops.add_attributes_to_iam2_virtual_id_group()
# iam2_ops.remove_attributes_from_iam2_virtual_id_group()
# 8 create virtual id and add/remove role or attributes to/from it
password = '******'
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('username',
password).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], virtual_id_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid], virtual_id_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
cond_01 = res_ops.gen_query_conditions('name', '=', "__PlatformAdmin__",
cond)
attribute_uuid = res_ops.query_resource_fields(
res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_01)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid,
[attribute_uuid])
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectAdmin__",
cond)
attribute_uuid = res_ops.query_resource_fields(
res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid,
[attribute_uuid])
# admin can't create Project operator
# attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
# iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes)
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
# 9 add virtual id to organization and set it as OrganizationSupervisor
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid],
department_01_uuid)
attributes = [{
"name": "__OrganizationSupervisor__",
"value": virtual_id_uuid
}]
iam2_ops.add_attributes_to_iam2_organization(department_01_uuid,
attributes)
cond_03 = res_ops.gen_query_conditions('name', '=',
"__OrganizationSupervisor__")
cond_03 = res_ops.gen_query_conditions('value', '=', virtual_id_uuid,
cond_03)
attribute_uuid = res_ops.query_resource(
res_ops.IAM2_ORGANIZATION_ATTRIBUTE, cond_03)[0].uuid
iam2_ops.remove_attributes_from_iam2_organization(department_01_uuid,
[attribute_uuid])
iam2_ops.remove_iam2_virtual_ids_from_organization([virtual_id_uuid],
department_01_uuid)
# 10 add virtual id to group and project
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid],
virtual_id_group_uuid)
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid],
virtual_id_group_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid],
project_uuid)
# 11 change state
disable = 'disable'
enable = 'enable'
Disabled = 'Disabled'
iam2_ops.change_iam2_organization_state(company_uuid_01, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=company_uuid_01)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 organization state fail")
iam2_ops.change_iam2_organization_state(company_uuid_01, enable)
iam2_ops.change_iam2_organization_state(department_01_uuid, disable)
iam2_ops.change_iam2_organization_state(department_01_uuid, enable)
iam2_ops.change_iam2_project_state(project_uuid, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 project state fail")
iam2_ops.change_iam2_project_state(project_uuid, enable)
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID,
uuid=virtual_id_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id state fail")
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, enable)
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, disable)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP,
uuid=virtual_id_group_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id group state fail")
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, enable)
iam2_ops.change_role_state(role_uuid, disable)
res_inv = res_ops.get_resource(res_ops.ROLE, uuid=role_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 role state fail")
iam2_ops.change_role_state(role_uuid, enable)
# 12 update
virtual_id_new_name = 'virtual_id_new_name'
virtual_id_new_des = 'virtual_id_new_des'
virtual_id_new_password = '******'
iam2_ops.update_iam2_virtual_id(virtual_id_uuid, virtual_id_new_name,
virtual_id_new_des,
virtual_id_new_password)
virtual_id_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID,
uuid=virtual_id_uuid)[0]
if virtual_id_inv.name != virtual_id_new_name:
test_util.test_fail("update iam2 virtual id name fail")
try:
iam2_ops.login_iam2_virtual_id('username', password)
except:
test_util.test_logger("the old username and password can't login")
try:
virtual_id_session_uuid = iam2_ops.login_iam2_virtual_id(
virtual_id_new_name, virtual_id_new_password)
acc_ops.logout(virtual_id_session_uuid)
except:
test_util.test_fail("update iam2 virtual id name or password fail.")
virtual_id_group_new_name = 'virtual_id_group_new_name'
virtual_id_group_new_des = 'virtual_id_group_new_des'
iam2_ops.update_iam2_virtual_id_group(virtual_id_group_uuid,
virtual_id_group_new_name,
virtual_id_group_new_des)
virtual_id_group_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP,
uuid=virtual_id_group_uuid)[0]
if virtual_id_group_inv.name != virtual_id_group_new_name:
test_util.test_fail("update iam2 virtual id group name fail")
project_new_name = 'project_new_name'
project_new_dsc = 'project_new_dsc'
iam2_ops.update_iam2_project(project_uuid, project_new_name,
project_new_dsc)
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT,
uuid=project_uuid)[0]
if project_inv.name != project_new_name or project_inv.description != project_new_dsc:
test_util.test_fail("update project information fail")
company_new_name = 'company_new_name'
company_new_dsc = 'company_new_dsc'
iam2_ops.update_iam2_organization(company_uuid_02, company_new_name,
company_new_dsc)
organization_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION,
uuid=company_uuid_02)[0]
if organization_inv.name != company_new_name or organization_inv.description != company_new_dsc:
test_util.test_fail("update organization name fail")
# 13 delete
iam2_ops.delete_iam2_organization(company_uuid_01)
iam2_ops.delete_iam2_organization(company_uuid_02)
iam2_ops.delete_iam2_organization(department_01_uuid)
iam2_ops.delete_iam2_organization(department_02_uuid)
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.delete_iam2_project(project_02_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_02_uuid)
iam2_ops.delete_iam2_project_template(project_template_01_uuid)
iam2_ops.delete_iam2_project_template(project_template_02_uuid)
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}, {"effect": "Allow", "actions": ["org.zstack.scheduler.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
vm_creation_option = test_util.VmOption()
l3_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetwork3')).uuid
acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid])
vm_creation_option.set_l3_uuids([l3_net_uuid])
image_uuid = test_lib.lib_get_image_by_name("centos").uuid
vm_creation_option.set_image_uuid(image_uuid)
acc_ops.share_resources([project_linked_account_uuid], [image_uuid])
instance_offering_uuid = test_lib.lib_get_instance_offering_by_name(os.environ.get('instanceOfferingName_s')).uuid
vm_creation_option.set_instance_offering_uuid(instance_offering_uuid)
acc_ops.share_resources([project_linked_account_uuid], [instance_offering_uuid])
vm_creation_option.set_name('vm_for_project_management')
vm_creation_option.set_session_uuid(project_login_uuid)
vm = test_stub.create_vm(image_uuid = image_uuid, session_uuid=project_login_uuid)
# scheduler ops:
start_date = int(time.time())
schd_job1 = schd_ops.create_scheduler_job('simple_start_vm_scheduler', 'simple_start_vm_scheduler', vm.get_vm().uuid, 'startVm', None, session_uuid=project_login_uuid)
schd_trigger1 = schd_ops.create_scheduler_trigger('simple_start_vm_scheduler', start_date+5, None, 15, 'simple', session_uuid=project_login_uuid)
schd_ops.add_scheduler_job_to_trigger(schd_trigger1.uuid, schd_job1.uuid, session_uuid=project_login_uuid)
schd_ops.change_scheduler_state(schd_job1.uuid, 'disable', session_uuid=project_login_uuid)
schd_ops.change_scheduler_state(schd_job1.uuid, 'enable', session_uuid=project_login_uuid)
schd_ops.remove_scheduler_job_from_trigger(schd_trigger1.uuid, schd_job1.uuid, session_uuid=project_login_uuid)
schd_ops.del_scheduler_job(schd_job1.uuid, session_uuid=project_login_uuid)
schd_ops.del_scheduler_trigger(schd_trigger1.uuid, session_uuid=project_login_uuid)
schd_ops.get_current_time()
vm_ops.destroy_vm(vm.get_vm().uuid, session_uuid=project_login_uuid)
vm_ops.expunge_vm(vm.get_vm().uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global role_uuid, project_uuid, project_02_uuid, project_template_01_uuid, project_template_02_uuid, \
company_uuid_01, company_uuid_02, department_01_uuid, department_02_uuid, virtual_id_group_uuid, \
virtual_id_uuid, platform_admin_uuid
iam2_ops.clean_iam2_enviroment()
# 1 create platformAdmin
username = '******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
# 2 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements, platform_admin_session_uuid).uuid
action = "org.zstack.header.image.**"
statements = [{"effect": "Allow", "actions": [action]}]
iam2_ops.add_policy_statements_to_role(role_uuid, statements, platform_admin_session_uuid)
statement_uuid = iam2_ops.get_policy_statement_uuid_of_role(role_uuid, action)
# statement_uuid= res_ops.get_resource(res_ops.ROLE, uuid=role_uuid)[0].statements[0].uuid
iam2_ops.remove_policy_statements_from_role(role_uuid, [statement_uuid], platform_admin_session_uuid)
# 3 create project and and add/remove role and attributes to/from it
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name, session_uuid=platform_admin_session_uuid).uuid
zone_inv=res_ops.query_resource(res_ops.ZONE)
if len(zone_inv)>=2:
attributes = [{"name":"__ProjectRelatedZone__", "value":zone_inv[0].uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid,attributes,session_uuid=platform_admin_session_uuid)
username='******'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
virtual_id_uuid=iam2_ops.create_iam2_virtual_id(username,password,session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],project_uuid,session_uuid=platform_admin_session_uuid)
session_uuid=iam2_ops.login_iam2_virtual_id(username,password)
session_uuid=iam2_ops.login_iam2_project(project_name,session_uuid).uuid
cond=res_ops.gen_query_conditions('zoneUuid','=',zone_inv[1].uuid)
host_inv=res_ops.query_resource(res_ops.HOST,cond,session_uuid=session_uuid)
if host_inv:
test_util.test_fail("test Project Related Zone fail")
attribute_uuid=iam2_ops.get_attribute_uuid_of_project(project_uuid,"__ProjectRelatedZone__")
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid,session_uuid=platform_admin_session_uuid)
iam2_ops.remove_attributes_from_iam2_project(project_uuid,[attribute_uuid],session_uuid=platform_admin_session_uuid)
# iam2_ops.add_attributes_to_iam2_project(project_uuid,attributes='')
# iam2_ops.remove_attributes_from_iam2_project(project_uuid,attributes='')
# 4 create project template from project
project_template_01_uuid = iam2_ops.create_iam2_project_template_from_project('project_template', project_uuid,
'this is a template description',
platform_admin_session_uuid).uuid
project_template_inv = res_ops.get_resource(res_ops.IAM2_PROJECT_TEMPLATE, uuid=project_template_01_uuid,
session_uuid=platform_admin_session_uuid)[0]
if not project_template_inv:
test_util.test_fail("create template from project fail")
# 5 create project template and then create project from template
project_template_02_uuid = iam2_ops.create_iam2_project_template('project_template_02',
session_uuid=platform_admin_session_uuid).uuid
project_02_uuid = iam2_ops.create_iam2_project_from_template('project_02', project_template_02_uuid,
session_uuid=platform_admin_session_uuid).uuid
project_inv = res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_02_uuid,
session_uuid=platform_admin_session_uuid)
if not project_inv:
test_util.test_fail("create project from template fail")
# 6 create Company and Department
company_uuid_01 = iam2_ops.create_iam2_organization('test_company_01', 'Company',
session_uuid=platform_admin_session_uuid).uuid
company_uuid_02 = iam2_ops.create_iam2_organization('test_company_02', 'Company',
session_uuid=platform_admin_session_uuid).uuid
department_01_uuid = iam2_ops.create_iam2_organization('test_department_01', 'Department',
parent_uuid=company_uuid_01,
session_uuid=platform_admin_session_uuid).uuid
department_02_uuid = iam2_ops.create_iam2_organization('test_department_02', 'Department',
session_uuid=platform_admin_session_uuid).uuid
# 7 organization change parent
iam2_ops.change_iam2_organization_parent(company_uuid_02, [department_02_uuid],
session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_organization_parent(company_uuid_02, [department_01_uuid],
session_uuid=platform_admin_session_uuid)
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=department_01_uuid,
session_uuid=platform_admin_session_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
department_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=department_02_uuid,
session_uuid=platform_admin_session_uuid)[0]
if department_inv.parentUuid != company_uuid_02:
test_util.test_fail('change organization parent fail')
# 8 create virtual id group and add/remove role and attributes to/from it
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(project_uuid, 'test_virtual_id_group',
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
# TODO:there is nothing to do with the below api in the first version of iam2
# iam2_ops.add_attributes_to_iam2_virtual_id_group()
# iam2_ops.remove_attributes_from_iam2_virtual_id_group()
# 9 create virtual id and add/remove role or attributes to/from it
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', password,
session_uuid=platform_admin_session_uuid).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=platform_admin_session_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes, session_uuid=platform_admin_session_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectAdmin__", cond)
attribute_uuid = res_ops.query_resource_fields(res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, [attribute_uuid],
session_uuid=platform_admin_session_uuid)
# attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
# iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid, attributes, session_uuid=platform_admin_session_uuid)
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes,
# session_uuid=platform_admin_session_uuid)
iam2_ops.add_iam2_virtual_ids_to_organization([virtual_id_uuid], department_01_uuid,
session_uuid=platform_admin_session_uuid)
attributes = [{"name": "__OrganizationSupervisor__", "value": virtual_id_uuid}]
iam2_ops.add_attributes_to_iam2_organization(department_01_uuid, attributes,
session_uuid=platform_admin_session_uuid)
cond_03 = res_ops.gen_query_conditions('name', '=', "__OrganizationSupervisor__")
cond_03 = res_ops.gen_query_conditions('value', '=', virtual_id_uuid, cond_03)
attribute_uuid = \
res_ops.query_resource(res_ops.IAM2_ORGANIZATION_ATTRIBUTE, cond_03, session_uuid=platform_admin_session_uuid)[
0].uuid
iam2_ops.remove_attributes_from_iam2_organization(department_01_uuid, [attribute_uuid],
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_iam2_virtual_ids_from_organization([virtual_id_uuid], department_01_uuid,
session_uuid=platform_admin_session_uuid)
# 10 add virtual id to group and project
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid], project_uuid,
session_uuid=platform_admin_session_uuid)
# 11 change state
disable = 'disable'
enable = 'enable'
Disabled = 'Disabled'
iam2_ops.change_iam2_organization_state(company_uuid_01, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=company_uuid_01,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 organization state fail")
iam2_ops.change_iam2_organization_state(company_uuid_01, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_organization_state(department_01_uuid, disable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_organization_state(department_01_uuid, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_project_state(project_uuid, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_uuid,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 project state fail")
iam2_ops.change_iam2_project_state(project_uuid, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID, uuid=virtual_id_uuid,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id state fail")
iam2_ops.change_iam2_virtual_id_state(virtual_id_uuid, enable, session_uuid=platform_admin_session_uuid)
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, disable,
session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP, uuid=virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 virtual id group state fail")
iam2_ops.change_iam2_virtual_id_group_state(virtual_id_group_uuid, enable,
session_uuid=platform_admin_session_uuid)
iam2_ops.change_role_state(role_uuid, disable, session_uuid=platform_admin_session_uuid)
res_inv = res_ops.get_resource(res_ops.ROLE, uuid=role_uuid, session_uuid=platform_admin_session_uuid)[0]
if res_inv.state != Disabled:
test_util.test_fail("test change iam2 role state fail")
iam2_ops.change_role_state(role_uuid, enable, session_uuid=platform_admin_session_uuid)
# 12 update
virtual_id_new_name = 'virtual_id_new_name'
virtual_id_new_des = 'virtual_id_new_des'
virtual_id_new_password = '******'
iam2_ops.update_iam2_virtual_id(virtual_id_uuid, virtual_id_new_name, virtual_id_new_des, virtual_id_new_password,
session_uuid=platform_admin_session_uuid)
virtual_id_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID, uuid=virtual_id_uuid,
session_uuid=platform_admin_session_uuid)[0]
if virtual_id_inv.name != virtual_id_new_name:
test_util.test_fail("update iam2 virtual id name fail")
try:
virtual_id_session_uuid = iam2_ops.login_iam2_virtual_id(virtual_id_new_name, virtual_id_new_password)
except:
test_util.test_fail("update iam2 virtual id name or password fail.")
virtual_id_group_new_name = 'virtual_id_group_new_name'
virtual_id_group_new_des = 'virtual_id_group_new_des'
iam2_ops.update_iam2_virtual_id_group(virtual_id_group_uuid, virtual_id_group_new_name, virtual_id_group_new_des,
session_uuid=platform_admin_session_uuid)
virtual_id_group_inv = res_ops.get_resource(res_ops.IAM2_VIRTUAL_ID_GROUP, uuid=virtual_id_group_uuid,
session_uuid=platform_admin_session_uuid)[0]
if virtual_id_group_inv.name != virtual_id_group_new_name:
test_util.test_fail("update iam2 virtual id group name fail")
project_new_name = 'project_new_name'
project_new_dsc = 'project_new_dsc'
iam2_ops.update_iam2_project(project_uuid, project_new_name, project_new_dsc,
session_uuid=platform_admin_session_uuid)
project_inv = \
res_ops.get_resource(res_ops.IAM2_PROJECT, uuid=project_uuid, session_uuid=platform_admin_session_uuid)[0]
if project_inv.name != project_new_name or project_inv.description != project_new_dsc:
test_util.test_fail("update project information fail")
company_new_name = 'company_new_name'
company_new_dsc = 'company_new_dsc'
iam2_ops.update_iam2_organization(company_uuid_02, company_new_name, company_new_dsc,
session_uuid=platform_admin_session_uuid)
organization_inv = res_ops.get_resource(res_ops.IAM2_ORGANIZATION, uuid=company_uuid_02,
session_uuid=platform_admin_session_uuid)[0]
if organization_inv.name != company_new_name or organization_inv.description != company_new_dsc:
test_util.test_fail("update organization name fail")
# 13 delete
iam2_ops.delete_iam2_organization(company_uuid_01, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_organization(company_uuid_02, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_organization(department_01_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_organization(department_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id_group(virtual_id_group_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project(project_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project(project_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.expunge_iam2_project(project_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.expunge_iam2_project(project_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project_template(project_template_01_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_project_template(project_template_02_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_role(role_uuid, session_uuid=platform_admin_session_uuid)
iam2_ops.delete_iam2_virtual_id(platform_admin_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
if flavor['target_role'] != 'system_admin':
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
elif flavor['target_role'] == 'system_admin':
username = "******"
password = '******'
vid_tst_obj = test_vid.ZstackTestVid()
test_stub.create_system_admin(username, password, vid_tst_obj)
virtual_id_uuid = vid_tst_obj.get_vid().uuid
project_login_uuid = acc_ops.login_by_account(username, password)
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}, {"effect": "Allow", "actions": ["org.zstack.scheduler.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
vm_creation_option = test_util.VmOption()
l3_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetwork3')).uuid
if flavor['target_role'] != 'system_admin':
acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid])
vm_creation_option.set_l3_uuids([l3_net_uuid])
image_uuid = test_lib.lib_get_image_by_name("centos").uuid
vm_creation_option.set_image_uuid(image_uuid)
if flavor['target_role'] != 'system_admin':
acc_ops.share_resources([project_linked_account_uuid], [image_uuid])
instance_offering_uuid = test_lib.lib_get_instance_offering_by_name(os.environ.get('instanceOfferingName_s')).uuid
vm_creation_option.set_instance_offering_uuid(instance_offering_uuid)
if flavor['target_role'] != 'system_admin':
acc_ops.share_resources([project_linked_account_uuid], [instance_offering_uuid])
vm_creation_option.set_name('vm_for_project_management')
vm_creation_option.set_session_uuid(project_login_uuid)
vm = test_stub.create_vm(image_uuid = image_uuid, session_uuid=project_login_uuid)
# scheduler ops:
start_date = int(time.time())
schd_job1 = schd_ops.create_scheduler_job('simple_start_vm_scheduler', 'simple_start_vm_scheduler', vm.get_vm().uuid, 'startVm', None, session_uuid=project_login_uuid)
schd_trigger1 = schd_ops.create_scheduler_trigger('simple_start_vm_scheduler', start_date+5, None, 15, 'simple', session_uuid=project_login_uuid)
schd_ops.add_scheduler_job_to_trigger(schd_trigger1.uuid, schd_job1.uuid, session_uuid=project_login_uuid)
schd_ops.change_scheduler_state(schd_job1.uuid, 'disable', session_uuid=project_login_uuid)
schd_ops.change_scheduler_state(schd_job1.uuid, 'enable', session_uuid=project_login_uuid)
schd_ops.remove_scheduler_job_from_trigger(schd_trigger1.uuid, schd_job1.uuid, session_uuid=project_login_uuid)
schd_ops.del_scheduler_job(schd_job1.uuid, session_uuid=project_login_uuid)
schd_ops.del_scheduler_trigger(schd_trigger1.uuid, session_uuid=project_login_uuid)
schd_ops.get_current_time()
vm_ops.destroy_vm(vm.get_vm().uuid, session_uuid=project_login_uuid)
vm_ops.expunge_vm(vm.get_vm().uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
if flavor['target_role'] != 'system_admin':
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
vm_creation_option = test_util.VmOption()
l3_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetwork3')).uuid
acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid])
vm_creation_option.set_l3_uuids([l3_net_uuid])
image_uuid = test_lib.lib_get_image_by_name("centos").uuid
vm_creation_option.set_image_uuid(image_uuid)
acc_ops.share_resources([project_linked_account_uuid], [image_uuid])
instance_offering_uuid = test_lib.lib_get_instance_offering_by_name(os.environ.get('instanceOfferingName_s')).uuid
vm_creation_option.set_instance_offering_uuid(instance_offering_uuid)
acc_ops.share_resources([project_linked_account_uuid], [instance_offering_uuid])
vm_creation_option.set_name('vm_for_project_management')
vm_creation_option.set_session_uuid(project_login_uuid)
vm = test_stub.create_vm(image_uuid = image_uuid, session_uuid=project_login_uuid)
vm_uuid = vm.get_vm().uuid
# VM related ops: Create, Delete, Expunge, Start, Stop, Suspend, Resume, Migrate
vm_ops.stop_vm(vm_uuid, session_uuid=project_login_uuid)
vm_ops.start_vm(vm_uuid, session_uuid=project_login_uuid)
candidate_hosts = vm_ops.get_vm_migration_candidate_hosts(vm_uuid)
if candidate_hosts != None and test_lib.lib_check_vm_live_migration_cap(vm.get_vm()):
vm_ops.migrate_vm(vm_uuid, candidate_hosts.inventories[0].uuid, session_uuid=project_login_uuid)
vm_ops.stop_vm(vm_uuid, force='cold', session_uuid=project_login_uuid)
vm_ops.start_vm(vm_uuid, session_uuid=project_login_uuid)
vm_ops.suspend_vm(vm_uuid, session_uuid=project_login_uuid)
vm_ops.resume_vm(vm_uuid, session_uuid=project_login_uuid)
vm_ops.destroy_vm(vm_uuid, session_uuid=project_login_uuid)
vm_ops.expunge_vm(vm_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
if flavor['target_role'] != 'system_admin':
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
elif flavor['target_role'] == 'system_admin':
username = "******"
password = '******'
vid_tst_obj = test_vid.ZstackTestVid()
test_stub.create_system_admin(username, password, vid_tst_obj)
virtual_id_uuid = vid_tst_obj.get_vid().uuid
project_login_uuid = acc_ops.login_by_account(username, password)
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
try:
l2 = net_ops.create_l2_novlan('l2_for_pm', 'eth0', zone_uuid, session_uuid=project_login_uuid)
test_util.test_fail("Expect exception: project admin not allowed to create Novlan L2 except vxlan")
except:
pass
try:
l2 = net_ops.create_l2_vlan('l2_for_pm', 'eth0', zone_uuid, 1234, session_uuid=project_login_uuid)
test_util.test_fail("Expect exception: project admin not allowed to create vlan L2 except vxlan")
except:
pass
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.network.l2.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
vxlan_pool = res_ops.get_resource(res_ops.L2_VXLAN_NETWORK_POOL)
if vxlan_pool == None or len(vxlan_pool) == 0:
test_util.test_skip('Vxlan is required for testing')
vxlan_pool_uuid = vxlan_pool[0].uuid
if flavor['target_role'] != 'system_admin':
acc_ops.share_resources([project_linked_account_uuid], [vxlan_pool_uuid])
vxlan_pool_uuid = res_ops.get_resource(res_ops.L2_VXLAN_NETWORK_POOL, session_uuid=project_login_uuid)[0].uuid
vxlan_l2_uuid = vxlan_ops.create_l2_vxlan_network('vxlan_for_pm', vxlan_pool_uuid, zone_uuid, session_uuid=project_login_uuid).uuid
net_ops.delete_l2(vxlan_l2_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
if flavor['target_role'] != 'system_admin':
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global role_uuid, project_uuid, project_admin_uuid, virtual_id_uuid, virtual_id_group_uuid
# 1 create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo',
password).uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# 4 login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
# 5 create virtual id group
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(
project_uuid, 'test_virtual_id_group',
session_uuid=project_login_uuid).uuid
# 6 add virtual id into project and group
# TODO:add query
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid],
project_uuid,
session_uuid=project_login_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid],
virtual_id_group_uuid,
session_uuid=project_login_uuid)
# 7 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role',
statements,
session_uuid=project_login_uuid).uuid
# 8 add/remove roles to/from virtual id (group)
iam2_ops.add_roles_to_iam2_virtual_id_group(
[role_uuid], virtual_id_group_uuid, session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup(
[role_uuid], virtual_id_group_uuid, session_uuid=project_login_uuid)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid],
virtual_id_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid],
virtual_id_uuid,
session_uuid=project_login_uuid)
# 9 create/delete project operator
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid,
attributes,
session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectOperator__",
cond)
attribute_uuid = res_ops.query_resource_fields(
res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(
virtual_id_uuid, [attribute_uuid], session_uuid=project_login_uuid)
# 10 remove virtual ids from group and project
iam2_ops.remove_iam2_virtual_ids_from_group(
[virtual_id_uuid],
virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project(
[virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
if flavor['target_role'] != 'system_admin':
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
elif flavor['target_role'] == 'system_admin':
username = "******"
password = '******'
vid_tst_obj = test_vid.ZstackTestVid()
test_stub.create_system_admin(username, password, vid_tst_obj)
virtual_id_uuid = vid_tst_obj.get_vid().uuid
project_login_uuid = acc_ops.login_by_account(username, password)
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.header.image.**"]}, {"effect": "Allow", "actions": ["org.zstack.header.storage.backup.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
bs = res_ops.query_resource(res_ops.BACKUP_STORAGE)[0]
image_option = test_util.ImageOption()
image_option.set_name('fake_image')
image_option.set_description('fake image')
image_option.set_format('raw')
image_option.set_mediaType('RootVolumeTemplate')
image_option.set_backup_storage_uuid_list([bs.uuid])
image_option.url = "http://fake/fake.raw"
image_option.set_session_uuid(project_login_uuid)
image_uuid = img_ops.add_image(image_option).uuid
img_ops.sync_image_size(image_uuid, session_uuid=project_login_uuid)
img_ops.change_image_state(image_uuid, 'disable', session_uuid=project_login_uuid)
img_ops.change_image_state(image_uuid, 'enable', session_uuid=project_login_uuid)
if bs.type == inventory.IMAGE_STORE_BACKUP_STORAGE_TYPE:
img_ops.export_image_from_backup_storage(image_uuid, bs.uuid, session_uuid=project_login_uuid)
img_ops.delete_exported_image_from_backup_storage(image_uuid, bs.uuid, session_uuid=project_login_uuid)
img_ops.set_image_qga_enable(image_uuid, session_uuid=project_login_uuid)
img_ops.set_image_qga_disable(image_uuid, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('name', '=', "fake_image")
image = res_ops.query_resource(res_ops.IMAGE, cond, session_uuid=project_login_uuid)
if image == None:
test_util.test_fail('fail to query image just added')
img_ops.delete_image(image_uuid, session_uuid=project_login_uuid)
img_ops.expunge_image(image_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
if flavor['target_role'] != 'system_admin':
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid,
attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(
project_operator_name,
project_operator_password,
attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernamethree', 'password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],
project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(
project_operator_name, project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(
plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],
project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(
plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.header.vm.**"]
}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
vm_creation_option = test_util.VmOption()
pub_l3_uuid = test_lib.lib_get_l3_by_name(
os.environ.get('l3PublicNetworkName')).uuid
l3_net_uuid = test_lib.lib_get_l3_by_name(
os.environ.get('l3VlanNetworkName3')).uuid
acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid])
vm_creation_option.set_l3_uuids([l3_net_uuid])
image_uuid = test_lib.lib_get_image_by_name(
os.environ.get('imageName_net')).uuid
vm_creation_option.set_image_uuid(image_uuid)
acc_ops.share_resources([project_linked_account_uuid], [image_uuid])
instance_offering_uuid = test_lib.lib_get_instance_offering_by_name(
os.environ.get('instanceOfferingName_s')).uuid
vm_creation_option.set_instance_offering_uuid(instance_offering_uuid)
acc_ops.share_resources([project_linked_account_uuid],
[instance_offering_uuid])
vm_creation_option.set_name('vm_for_project_management')
vm_creation_option.set_session_uuid(project_login_uuid)
vm = test_stub.create_vm(image_uuid=image_uuid,
session_uuid=project_login_uuid)
vm_uuid = vm.get_vm().uuid
vip_option = test_util.VipOption()
vip_option.set_name("vip for pm")
vip_option.set_session_uuid(project_login_uuid)
vip_option.set_l3_uuid(pub_l3_uuid)
vm_nic = vm.vm.vmNics[0]
vm_nic_uuid = vm_nic.uuid
vip = net_ops.create_vip(vip_option)
eip_option = test_util.EipOption()
eip_option.set_name('eip for pm')
eip_option.set_session_uuid(project_login_uuid)
eip_option.set_vip_uuid(vip.uuid)
eip_option.set_vm_nic_uuid(vm_nic_uuid)
eip = net_ops.create_eip(eip_option)
net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid)
net_ops.attach_eip(eip.uuid, vm_nic_uuid, session_uuid=project_login_uuid)
net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid)
net_ops.delete_eip(eip.uuid)
net_ops.delete_vip(vip.uuid)
vm_ops.destroy_vm(vm_uuid, session_uuid=project_login_uuid)
vm_ops.expunge_vm(vm_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.header.volume.**"]}, {"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
# Volume related ops: Create, Delete, Expunge, Attach, Dettach, Enable, Disable
disk_offering_uuid = res_ops.query_resource(res_ops.DISK_OFFERING)[0].uuid
acc_ops.share_resources([project_linked_account_uuid], [disk_offering_uuid])
volume_option = test_util.VolumeOption()
volume_option.set_disk_offering_uuid(disk_offering_uuid)
volume_option.set_name('data_volume_project_management')
volume_option.set_session_uuid(project_login_uuid)
data_volume = vol_ops.create_volume_from_offering(volume_option)
vol_ops.stop_volume(data_volume.uuid, session_uuid=project_login_uuid)
vol_ops.start_volume(data_volume.uuid, session_uuid=project_login_uuid)
vm_creation_option = test_util.VmOption()
l3_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetwork3')).uuid
acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid])
vm_creation_option.set_l3_uuids([l3_net_uuid])
image_uuid = test_lib.lib_get_image_by_name("centos").uuid
vm_creation_option.set_image_uuid(image_uuid)
acc_ops.share_resources([project_linked_account_uuid], [image_uuid])
instance_offering_uuid = test_lib.lib_get_instance_offering_by_name(os.environ.get('instanceOfferingName_s')).uuid
vm_creation_option.set_instance_offering_uuid(instance_offering_uuid)
acc_ops.share_resources([project_linked_account_uuid], [instance_offering_uuid])
vm_creation_option.set_name('vm_for_project_management')
vm_creation_option.set_session_uuid(project_login_uuid)
vm = test_stub.create_vm(image_uuid = image_uuid, session_uuid=project_login_uuid)
vm_uuid = vm.get_vm().uuid
vol_ops.attach_volume(data_volume.uuid, vm_uuid, session_uuid=project_login_uuid)
vol_ops.detach_volume(data_volume.uuid, vm_uuid, session_uuid=project_login_uuid)
vol_ops.delete_volume(data_volume.uuid, session_uuid=project_login_uuid)
vol_ops.expunge_volume(data_volume.uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
if flavor['target_role'] != 'system_admin':
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
elif flavor['target_role'] == 'system_admin':
username = "******"
password = '******'
vid_tst_obj = test_vid.ZstackTestVid()
test_stub.create_system_admin(username, password, vid_tst_obj)
virtual_id_uuid = vid_tst_obj.get_vid().uuid
project_login_uuid = acc_ops.login_by_account(username, password)
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.sns.**"]}, {"effect": "Allow", "actions": ["org.zstack.zwatch.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
# create platform
smtp_server = os.environ.get('smtpServer')
smtp_port = os.environ.get('smtpPort')
email_platform_name = 'Alarm_email'
email_username = os.environ.get('mailUsername')
email_password = os.environ.get('mailPassword')
email_platform = zwt_ops.create_sns_email_platform(smtp_server, smtp_port, email_platform_name, email_username, email_password, session_uuid=project_login_uuid)
email_platform_uuid = email_platform.uuid
cond=res_ops.gen_query_conditions('uuid','=',email_platform_uuid)
inv = res_ops.query_resource(res_ops.SNS_EMAIL_PLATFORM,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create sns email platform failed')
try:
zwt_ops.validate_sns_email_platform(email_platform_uuid)
except:
test_util.test_fail('Validate SNS Email Platform Failed, Email Plarform: %s' % email_platform_uuid)
# create endpoint
email_receiver = os.environ.get('mailUsername')
email_endpoint_name = os.environ.get('mailPassword')
email_endpoint_uuid = zwt_ops.create_sns_email_endpoint(email_receiver, email_endpoint_name, email_platform_uuid, session_uuid=project_login_uuid).uuid
cond=res_ops.gen_query_conditions('uuid','=',email_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_EMAIL_ENDPOINT,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create sns email endpoint failed')
http_endpoint_name='http'
url = 'http://localhost:8080/webhook-url'
http_username='******'
http_password='******'
http_endpoint=zwt_ops.create_sns_http_endpoint(url,http_endpoint_name,http_username,http_password, session_uuid=project_login_uuid)
http_endpoint_uuid=http_endpoint.uuid
cond=res_ops.gen_query_conditions('uuid','=',http_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_HTTP_ENDPOINT,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create sns http endpoint failed')
# create sns topic and query system-in topic
sns_topic_uuid = zwt_ops.create_sns_topic('sns_topic_01', session_uuid=project_login_uuid).uuid
zwt_ops.subscribe_sns_topic(sns_topic_uuid, email_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('endpoints.uuid','=',email_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create and subscribe snstopic failed')
cond = res_ops.gen_query_conditions('name', '=', 'system-alarm')
system_alarm_topic = res_ops.query_resource(res_ops.SNS_TOPIC, cond)[0]
system_alarm_topic_uuid=system_alarm_topic.uuid
if flavor['target_role'] != 'system_admin':
acc_ops.share_resources([project_linked_account_uuid], [system_alarm_topic_uuid])
cond = res_ops.gen_query_conditions('name', '=', 'system-alarm')
system_alarm_topic = res_ops.query_resource(res_ops.SNS_TOPIC, cond)[0]
system_alarm_topic_uuid=system_alarm_topic.uuid
zwt_ops.subscribe_sns_topic(system_alarm_topic_uuid, email_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('endpoints.uuid','=',email_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('subscribe system-alarm topic failed')
cond = res_ops.gen_query_conditions('name','=','api')
api_topic= res_ops.query_resource(res_ops.SNS_TOPIC,cond)[0]
api_topic_uuid=api_topic.uuid
if flavor['target_role'] != 'system_admin':
acc_ops.share_resources([project_linked_account_uuid], [api_topic_uuid])
cond = res_ops.gen_query_conditions('name','=','api')
api_topic= res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)[0]
api_topic_uuid=api_topic.uuid
zwt_ops.subscribe_sns_topic(api_topic_uuid,http_endpoint_uuid, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('endpointUuid','=',http_endpoint_uuid)
cond = res_ops.gen_query_conditions('topicUuid','=',api_topic_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('subscribe api topic failed')
# subscribe event
namespace = 'ZStack/VM'
actions = [{"actionUuid": sns_topic_uuid, "actionType": "sns"}]
labels = [{"key": "NewState", "op": "Equal", "value": "Disconnected"}]
event_name = 'VMStateChangedOnHost'
event_sub_uuid = zwt_ops.subscribe_event(namespace, event_name, actions, labels, session_uuid=project_login_uuid).uuid
cond = res_ops.gen_query_conditions('uuid', '=', event_sub_uuid)
event_subscription = res_ops.query_resource(res_ops.EVENT_SUBSCRIPTION, cond, session_uuid=project_login_uuid)
if not event_subscription:
test_util.test_fail('Subscribe event failed')
#update endpoint
new_name='endpointNewName'
new_description='endpoint new description'
zwt_ops.update_sns_application_endpoint(email_endpoint_uuid,new_name,new_description, session_uuid=project_login_uuid)
cond= res_ops.gen_query_conditions('uuid','=',email_endpoint_uuid)
inv =res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT,cond, session_uuid=project_login_uuid)[0]
if inv.name!=new_name or inv.description!=new_description:
test_util.test_fail('test update email endpoint failed')
zwt_ops.update_sns_application_endpoint(http_endpoint_uuid,new_name,new_description, session_uuid=project_login_uuid)
cond= res_ops.gen_query_conditions('uuid','=',http_endpoint_uuid)
inv =res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT,cond, session_uuid=project_login_uuid)[0]
if inv.name!=new_name or inv.description!=new_description:
test_util.test_fail('test update http endpoint failed')
new_name_platform='platformNewName'
new_description_platform='platformNewName'
zwt_ops.update_sns_application_platform(email_platform_uuid,new_name_platform,new_description_platform, session_uuid=project_login_uuid)
cond= res_ops.gen_query_conditions('uuid','=',email_platform_uuid)
inv =res_ops.query_resource(res_ops.SNS_APPLICATION_PLATFORM,cond, session_uuid=project_login_uuid)[0]
if inv.name!=new_name_platform or inv.description!=new_description_platform:
test_util.test_fail('test update email platform failed')
#change state
state_event = 'disable'
state_result = 'Disabled'
zwt_ops.change_sns_topic_state(system_alarm_topic_uuid,state_event, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',system_alarm_topic_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)[0]
if inv.state!=state_result:
test_util.test_fail('change system alarm topic state failed')
zwt_ops.change_sns_topic_state(api_topic_uuid, state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', api_topic_uuid)
inv = res_ops.query_resource(res_ops.SNS_TOPIC, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change api topic state failed')
zwt_ops.change_sns_application_endpoint_state(email_endpoint_uuid,state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', email_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change email endpoint state failed')
zwt_ops.change_sns_application_endpoint_state(http_endpoint_uuid,state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', http_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change http endpoint state failed')
zwt_ops.change_sns_application_platform_state(email_platform_uuid,state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', email_platform_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_PLATFORM, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change email platform state failed')
# test recover and delete
state_event='enable'
state_result='Enabled'
zwt_ops.change_sns_topic_state(system_alarm_topic_uuid,state_event, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',system_alarm_topic_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)[0]
if inv.state!=state_result:
test_util.test_fail('change system alarm topic state failed')
zwt_ops.change_sns_topic_state(api_topic_uuid, state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', api_topic_uuid)
inv = res_ops.query_resource(res_ops.SNS_TOPIC, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change api topic state failed')
zwt_ops.unsubscribe_event(event_sub_uuid, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', event_sub_uuid)
event_subscription = res_ops.query_resource(res_ops.EVENT_SUBSCRIPTION, cond, session_uuid=project_login_uuid)
if event_subscription:
test_util.test_fail('unsubscribe event failed')
zwt_ops.unsubscribe_sns_topic(sns_topic_uuid, email_endpoint_uuid)
cond =res_ops.gen_query_conditions('endpointUuid','=',email_endpoint_uuid)
cond=res_ops.gen_query_conditions('topicUuid','=',sns_topic_uuid,cond)
inv = res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('unsubscribe sns topic failed')
zwt_ops.unsubscribe_sns_topic(system_alarm_topic_uuid, email_endpoint_uuid, session_uuid=project_login_uuid)
cond =res_ops.gen_query_conditions('endpointUuid','=',email_endpoint_uuid)
cond=res_ops.gen_query_conditions('topicUuid','=',system_alarm_topic_uuid,cond)
inv = res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('unsubscribe system alarm topic failed')
zwt_ops.unsubscribe_sns_topic(api_topic_uuid, http_endpoint_uuid, session_uuid=project_login_uuid)
cond =res_ops.gen_query_conditions('endpointUuid','=',http_endpoint_uuid)
cond=res_ops.gen_query_conditions('topicUuid','=',api_topic_uuid,cond)
inv = res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('unsubscribe api topic failed')
zwt_ops.delete_sns_topic(sns_topic_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',sns_topic_uuid)
inv = res_ops.query_resource(res_ops.SNS_TOPIC, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete sns topic failed')
zwt_ops.delete_sns_application_endpoint(http_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',http_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete http endpoint failed')
zwt_ops.delete_sns_application_endpoint(email_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',email_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete email endpoint failed')
zwt_ops.delete_sns_application_platform(email_platform_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',email_platform_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_PLATFORM, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete email platform failed')
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
if flavor['target_role'] != 'system_admin':
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
if flavor['target_role'] != 'system_admin':
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
elif flavor['target_role'] == 'system_admin':
username = "******"
password = '******'
vid_tst_obj = test_vid.ZstackTestVid()
test_stub.create_system_admin(username, password, vid_tst_obj)
virtual_id_uuid = vid_tst_obj.get_vid().uuid
project_login_uuid = acc_ops.login_by_account(username, password)
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.network.service.lb.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
# certificate
cert = net_ops.create_certificate('certificate_for_pm', 'fake certificate', session_uuid=project_login_uuid)
net_ops.delete_certificate(cert.uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
if flavor['target_role'] != 'system_admin':
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid,
attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(
project_operator_name,
project_operator_password,
attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernamethree', 'password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],
project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(
project_operator_name, project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(
plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],
project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(
plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.header.image.**"]
}, {
"effect": "Allow",
"actions": ["org.zstack.header.storage.backup.**"]
}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
bs = res_ops.query_resource(res_ops.BACKUP_STORAGE)[0]
image_option = test_util.ImageOption()
image_option.set_name('fake_image')
image_option.set_description('fake image')
image_option.set_format('raw')
image_option.set_mediaType('RootVolumeTemplate')
image_option.set_backup_storage_uuid_list([bs.uuid])
image_option.url = "http://fake/fake.raw"
image_option.set_session_uuid(project_login_uuid)
image_uuid = img_ops.add_image(image_option).uuid
img_ops.sync_image_size(image_uuid, session_uuid=project_login_uuid)
img_ops.change_image_state(image_uuid,
'disable',
session_uuid=project_login_uuid)
img_ops.change_image_state(image_uuid,
'enable',
session_uuid=project_login_uuid)
if bs.type == inventory.IMAGE_STORE_BACKUP_STORAGE_TYPE:
img_ops.export_image_from_backup_storage(
image_uuid, bs.uuid, session_uuid=project_login_uuid)
img_ops.delete_exported_image_from_backup_storage(
image_uuid, bs.uuid, session_uuid=project_login_uuid)
img_ops.set_image_qga_enable(image_uuid, session_uuid=project_login_uuid)
img_ops.set_image_qga_disable(image_uuid, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('name', '=', "fake_image")
image = res_ops.query_resource(res_ops.IMAGE,
cond,
session_uuid=project_login_uuid)
if image == None:
test_util.test_fail('fail to query image just added')
img_ops.delete_image(image_uuid, session_uuid=project_login_uuid)
img_ops.expunge_image(image_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global role_uuid, project_uuid, project_admin_uuid, virtual_id_uuid, virtual_id_group_uuid
# 1 create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', password).uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# 4 login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
# 5 create virtual id group
virtual_id_group_uuid = iam2_ops.create_iam2_virtual_id_group(project_uuid, 'test_virtual_id_group',session_uuid=project_login_uuid).uuid
# 6 add virtual id into project and group
# TODO:add query
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid, session_uuid=project_login_uuid)
iam2_ops.add_iam2_virtual_ids_to_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
# 7 create role
statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements,session_uuid=project_login_uuid).uuid
# 8 add/remove roles to/from virtual id (group)
iam2_ops.add_roles_to_iam2_virtual_id_group([role_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_idgroup([role_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=project_login_uuid)
iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid], virtual_id_uuid, session_uuid=project_login_uuid)
# 9 create/delete project operator
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(virtual_id_uuid,attributes,session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', virtual_id_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectOperator__", cond)
attribute_uuid = res_ops.query_resource_fields(res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)[0].uuid
iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid,[attribute_uuid],session_uuid=project_login_uuid)
# 10 remove virtual ids from group and project
iam2_ops.remove_iam2_virtual_ids_from_group([virtual_id_uuid], virtual_id_group_uuid,
session_uuid=project_login_uuid)
iam2_ops.remove_iam2_virtual_ids_from_project([virtual_id_uuid], project_uuid,
session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
iam2_ops.delete_role(role_uuid)
iam2_ops.clean_iam2_enviroment()
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(
project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],
project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid,
attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(
project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(
project_operator_name,
project_operator_password,
attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(
'usernamethree', 'password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],
project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(
project_operator_name, project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(
plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],
project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(
plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(
project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.network.service.lb.**"]
}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
# certificate
cert = net_ops.create_certificate('certificate_for_pm',
'fake certificate',
session_uuid=project_login_uuid)
net_ops.delete_certificate(cert.uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
zone_uuid = res_ops.get_resource(res_ops.ZONE)[0].uuid
try:
l2 = net_ops.create_l2_novlan('l2_for_pm', 'eth0', zone_uuid, session_uuid=project_login_uuid)
test_util.test_fail("Expect exception: project admin not allowed to create Novlan L2 except vxlan")
except:
pass
try:
l2 = net_ops.create_l2_vlan('l2_for_pm', 'eth0', zone_uuid, 1234, session_uuid=project_login_uuid)
test_util.test_fail("Expect exception: project admin not allowed to create vlan L2 except vxlan")
except:
pass
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.network.l2.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
vxlan_pool = res_ops.get_resource(res_ops.L2_VXLAN_NETWORK_POOL)
if vxlan_pool == None or len(vxlan_pool) == 0:
test_util.test_skip('Vxlan is required for testing')
vxlan_pool_uuid = vxlan_pool[0].uuid
acc_ops.share_resources([project_linked_account_uuid], [vxlan_pool_uuid])
vxlan_pool_uuid = res_ops.get_resource(res_ops.L2_VXLAN_NETWORK_POOL, session_uuid=project_login_uuid)[0].uuid
vxlan_l2_uuid = vxlan_ops.create_l2_vxlan_network('vxlan_for_pm', vxlan_pool_uuid, zone_uuid, session_uuid=project_login_uuid).uuid
net_ops.delete_l2(vxlan_l2_uuid, session_uuid=project_login_uuid)
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
# 1 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
project_linked_account_uuid = project.linkedAccountUuid
if flavor['target_role'] == 'project_admin':
# 2 create virtual id
project_admin_name = 'username'
project_admin_password = '******'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid
# 3 create project admin
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
# login in project by project admin
project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid
# iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes)
elif flavor['target_role'] == 'project_operator':
project_operator_name = 'username2'
project_operator_password = '******'
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid
virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid
# login in project by project operator
iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid)
project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid
elif flavor['target_role'] == 'project_member':
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,
project_uuid=project_uuid).uuid
# 3 add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
# 4 login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
# 4 login in project
#project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid)
project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid
# Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge
if flavor['target_role'] == 'project_member':
statements = [{"effect": "Allow", "actions": ["org.zstack.sns.**"]}, {"effect": "Allow", "actions": ["org.zstack.zwatch.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
# create platform
smtp_server = os.environ.get('smtpServer')
smtp_port = os.environ.get('smtpPort')
email_platform_name = 'Alarm_email'
email_username = os.environ.get('mailUsername')
email_password = os.environ.get('mailPassword')
email_platform = zwt_ops.create_sns_email_platform(smtp_server, smtp_port, email_platform_name, email_username, email_password, session_uuid=project_login_uuid)
email_platform_uuid = email_platform.uuid
cond=res_ops.gen_query_conditions('uuid','=',email_platform_uuid)
inv = res_ops.query_resource(res_ops.SNS_EMAIL_PLATFORM,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create sns email platform failed')
try:
zwt_ops.validate_sns_email_platform(email_platform_uuid)
except:
test_util.test_fail('Validate SNS Email Platform Failed, Email Plarform: %s' % email_platform_uuid)
# create endpoint
email_receiver = os.environ.get('mailUsername')
email_endpoint_name = os.environ.get('mailPassword')
email_endpoint_uuid = zwt_ops.create_sns_email_endpoint(email_receiver, email_endpoint_name, email_platform_uuid, session_uuid=project_login_uuid).uuid
cond=res_ops.gen_query_conditions('uuid','=',email_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_EMAIL_ENDPOINT,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create sns email endpoint failed')
http_endpoint_name='http'
url = 'http://localhost:8080/webhook-url'
http_username='******'
http_password='******'
http_endpoint=zwt_ops.create_sns_http_endpoint(url,http_endpoint_name,http_username,http_password, session_uuid=project_login_uuid)
http_endpoint_uuid=http_endpoint.uuid
cond=res_ops.gen_query_conditions('uuid','=',http_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_HTTP_ENDPOINT,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create sns http endpoint failed')
# create sns topic and query system-in topic
sns_topic_uuid = zwt_ops.create_sns_topic('sns_topic_01', session_uuid=project_login_uuid).uuid
zwt_ops.subscribe_sns_topic(sns_topic_uuid, email_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('endpoints.uuid','=',email_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('create and subscribe snstopic failed')
cond = res_ops.gen_query_conditions('name', '=', 'system-alarm')
system_alarm_topic = res_ops.query_resource(res_ops.SNS_TOPIC, cond)[0]
system_alarm_topic_uuid=system_alarm_topic.uuid
acc_ops.share_resources([project_linked_account_uuid], [system_alarm_topic_uuid])
cond = res_ops.gen_query_conditions('name', '=', 'system-alarm')
system_alarm_topic = res_ops.query_resource(res_ops.SNS_TOPIC, cond)[0]
system_alarm_topic_uuid=system_alarm_topic.uuid
zwt_ops.subscribe_sns_topic(system_alarm_topic_uuid, email_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('endpoints.uuid','=',email_endpoint_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('subscribe system-alarm topic failed')
cond = res_ops.gen_query_conditions('name','=','api')
api_topic= res_ops.query_resource(res_ops.SNS_TOPIC,cond)[0]
api_topic_uuid=api_topic.uuid
acc_ops.share_resources([project_linked_account_uuid], [api_topic_uuid])
cond = res_ops.gen_query_conditions('name','=','api')
api_topic= res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)[0]
api_topic_uuid=api_topic.uuid
zwt_ops.subscribe_sns_topic(api_topic_uuid,http_endpoint_uuid, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('endpointUuid','=',http_endpoint_uuid)
cond = res_ops.gen_query_conditions('topicUuid','=',api_topic_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if not inv:
test_util.test_fail('subscribe api topic failed')
# subscribe event
namespace = 'ZStack/VM'
actions = [{"actionUuid": sns_topic_uuid, "actionType": "sns"}]
labels = [{"key": "NewState", "op": "Equal", "value": "Disconnected"}]
event_name = 'VMStateChangedOnHost'
event_sub_uuid = zwt_ops.subscribe_event(namespace, event_name, actions, labels, session_uuid=project_login_uuid).uuid
cond = res_ops.gen_query_conditions('uuid', '=', event_sub_uuid)
event_subscription = res_ops.query_resource(res_ops.EVENT_SUBSCRIPTION, cond, session_uuid=project_login_uuid)
if not event_subscription:
test_util.test_fail('Subscribe event failed')
#update endpoint
new_name='endpointNewName'
new_description='endpoint new description'
zwt_ops.update_sns_application_endpoint(email_endpoint_uuid,new_name,new_description, session_uuid=project_login_uuid)
cond= res_ops.gen_query_conditions('uuid','=',email_endpoint_uuid)
inv =res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT,cond, session_uuid=project_login_uuid)[0]
if inv.name!=new_name or inv.description!=new_description:
test_util.test_fail('test update email endpoint failed')
zwt_ops.update_sns_application_endpoint(http_endpoint_uuid,new_name,new_description, session_uuid=project_login_uuid)
cond= res_ops.gen_query_conditions('uuid','=',http_endpoint_uuid)
inv =res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT,cond, session_uuid=project_login_uuid)[0]
if inv.name!=new_name or inv.description!=new_description:
test_util.test_fail('test update http endpoint failed')
new_name_platform='platformNewName'
new_description_platform='platformNewName'
zwt_ops.update_sns_application_platform(email_platform_uuid,new_name_platform,new_description_platform, session_uuid=project_login_uuid)
cond= res_ops.gen_query_conditions('uuid','=',email_platform_uuid)
inv =res_ops.query_resource(res_ops.SNS_APPLICATION_PLATFORM,cond, session_uuid=project_login_uuid)[0]
if inv.name!=new_name_platform or inv.description!=new_description_platform:
test_util.test_fail('test update email platform failed')
#change state
state_event = 'disable'
state_result = 'Disabled'
zwt_ops.change_sns_topic_state(system_alarm_topic_uuid,state_event, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',system_alarm_topic_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)[0]
if inv.state!=state_result:
test_util.test_fail('change system alarm topic state failed')
zwt_ops.change_sns_topic_state(api_topic_uuid, state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', api_topic_uuid)
inv = res_ops.query_resource(res_ops.SNS_TOPIC, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change api topic state failed')
zwt_ops.change_sns_application_endpoint_state(email_endpoint_uuid,state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', email_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change email endpoint state failed')
zwt_ops.change_sns_application_endpoint_state(http_endpoint_uuid,state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', http_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change http endpoint state failed')
zwt_ops.change_sns_application_platform_state(email_platform_uuid,state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', email_platform_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_PLATFORM, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change email platform state failed')
# test recover and delete
state_event='enable'
state_result='Enabled'
zwt_ops.change_sns_topic_state(system_alarm_topic_uuid,state_event, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',system_alarm_topic_uuid)
inv=res_ops.query_resource(res_ops.SNS_TOPIC,cond, session_uuid=project_login_uuid)[0]
if inv.state!=state_result:
test_util.test_fail('change system alarm topic state failed')
zwt_ops.change_sns_topic_state(api_topic_uuid, state_event, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', api_topic_uuid)
inv = res_ops.query_resource(res_ops.SNS_TOPIC, cond, session_uuid=project_login_uuid)[0]
if inv.state != state_result:
test_util.test_fail('change api topic state failed')
zwt_ops.unsubscribe_event(event_sub_uuid, session_uuid=project_login_uuid)
cond = res_ops.gen_query_conditions('uuid', '=', event_sub_uuid)
event_subscription = res_ops.query_resource(res_ops.EVENT_SUBSCRIPTION, cond, session_uuid=project_login_uuid)
if event_subscription:
test_util.test_fail('unsubscribe event failed')
zwt_ops.unsubscribe_sns_topic(sns_topic_uuid, email_endpoint_uuid)
cond =res_ops.gen_query_conditions('endpointUuid','=',email_endpoint_uuid)
cond=res_ops.gen_query_conditions('topicUuid','=',sns_topic_uuid,cond)
inv = res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('unsubscribe sns topic failed')
zwt_ops.unsubscribe_sns_topic(system_alarm_topic_uuid, email_endpoint_uuid, session_uuid=project_login_uuid)
cond =res_ops.gen_query_conditions('endpointUuid','=',email_endpoint_uuid)
cond=res_ops.gen_query_conditions('topicUuid','=',system_alarm_topic_uuid,cond)
inv = res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('unsubscribe system alarm topic failed')
zwt_ops.unsubscribe_sns_topic(api_topic_uuid, http_endpoint_uuid, session_uuid=project_login_uuid)
cond =res_ops.gen_query_conditions('endpointUuid','=',http_endpoint_uuid)
cond=res_ops.gen_query_conditions('topicUuid','=',api_topic_uuid,cond)
inv = res_ops.query_resource(res_ops.SNS_TOPIC_SUBSCRIBER,cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('unsubscribe api topic failed')
zwt_ops.delete_sns_topic(sns_topic_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',sns_topic_uuid)
inv = res_ops.query_resource(res_ops.SNS_TOPIC, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete sns topic failed')
zwt_ops.delete_sns_application_endpoint(http_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',http_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete http endpoint failed')
zwt_ops.delete_sns_application_endpoint(email_endpoint_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',email_endpoint_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_ENDPOINT, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete email endpoint failed')
zwt_ops.delete_sns_application_platform(email_platform_uuid, session_uuid=project_login_uuid)
cond=res_ops.gen_query_conditions('uuid','=',email_platform_uuid)
inv = res_ops.query_resource(res_ops.SNS_APPLICATION_PLATFORM, cond, session_uuid=project_login_uuid)
if inv:
test_util.test_fail('delete email platform failed')
# 11 delete
acc_ops.logout(project_login_uuid)
if virtual_id_uuid != None:
iam2_ops.delete_iam2_virtual_id(virtual_id_uuid)
if project_admin_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_admin_uuid)
if project_operator_uuid != None:
iam2_ops.delete_iam2_virtual_id(project_operator_uuid)
if plain_user_uuid != None:
iam2_ops.delete_iam2_virtual_id(plain_user_uuid)
iam2_ops.delete_iam2_project(project_uuid)
iam2_ops.expunge_iam2_project(project_uuid)
test_util.test_pass('success test iam2 login in by project admin!')
def test():
global vid_uuid
iam2_ops.clean_iam2_enviroment()
statements = []
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
vid_test_obj = test_vid.ZstackTestVid()
if flavor['target_admin'] == 'noDeleteAdmin':
username = '******'
password = '******'
vid_test_obj.create(username, password, without_default_role="true")
vid_uuid = vid_test_obj.get_vid().uuid
#platform_admin_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
attributes = [{"name": "__PlatformAdmin__"}, {"name":"__PlatformAdminRelatedZone__", "value": "ALL_ZONES"}]
iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid, attributes)
#platform_admin_session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
role_uuid = iam2_ops.create_role('noDeleteRole').uuid
statements = [{"effect": "Deny", "actions": ["org.zstack.v2v.APIDeleteV2VConversionHostMsg",
"org.zstack.scheduler.APIRemoveSchedulerJobFromSchedulerTriggerMsg",
"org.zstack.header.hybrid.account.APIDeleteHybridKeySecretMsg",
"org.zstack.iam2.api.APIRemoveIAM2VirtualIDsFromOrganizationMsg",
"org.zstack.header.longjob.APIDeleteLongJobMsg",
"org.zstack.header.cloudformation.APIDeleteResourceStackMsg",
"org.zstack.monitoring.APIDetachMonitorTriggerActionFromTriggerMsg",
"org.zstack.iam2.api.APIDeleteIAM2ProjectTemplateMsg",
"org.zstack.header.cloudformation.APIDeleteStackTemplateMsg",
"org.zstack.header.aliyun.storage.disk.APIDeleteAliyunDiskFromLocalMsg",
"org.zstack.header.identity.APILogOutMsg",
"org.zstack.autoscaling.group.APIDeleteAutoScalingGroupMsg",
"org.zstack.header.aliyun.network.vpc.APIDeleteEcsVSwitchRemoteMsg",
"org.zstack.network.securitygroup.APIDeleteSecurityGroupMsg",
"org.zstack.iam2.api.APIRemoveAttributesFromIAM2VirtualIDGroupMsg",
"org.zstack.header.hybrid.network.vpn.APIDeleteVpcVpnGatewayLocalMsg",
"org.zstack.header.storage.primary.APIDetachPrimaryStorageFromClusterMsg",
"org.zstack.header.hybrid.backup.APIDeleteBackupFileInPublicMsg",
"org.zstack.header.storage.database.backup.APIDeleteExportedDatabaseBackupFromBackupStorageMsg",
"org.zstack.iam2.api.APIRemoveRolesFromIAM2VirtualIDGroupMsg",
"org.zstack.header.aliyun.network.group.APIDeleteEcsSecurityGroupRuleRemoteMsg",
"org.zstack.header.vm.APIDeleteVmNicMsg",
"org.zstack.header.affinitygroup.APIDeleteAffinityGroupMsg",
"org.zstack.header.zone.APIDeleteZoneMsg",
"org.zstack.sns.APIDeleteSNSApplicationPlatformMsg",
"org.zstack.header.aliyun.storage.snapshot.APIDeleteAliyunSnapshotFromRemoteMsg",
"org.zstack.vrouterRoute.APIDeleteVRouterRouteTableMsg",
"org.zstack.pciDevice.APIDeletePciDeviceMsg",
"org.zstack.header.network.l3.APIRemoveDnsFromL3NetworkMsg",
"org.zstack.storage.ceph.backup.APIRemoveMonFromCephBackupStorageMsg",
"org.zstack.header.image.APIExpungeImageMsg",
"org.zstack.header.network.l3.APIDeleteL3NetworkMsg",
"org.zstack.header.aliyun.network.connection.APIDeleteAliyunRouterInterfaceLocalMsg",
"org.zstack.network.service.lb.APIRemoveCertificateFromLoadBalancerListenerMsg",
"org.zstack.nas.APIDeleteNasMountTargetMsg",
"org.zstack.nas.APIDeleteNasFileSystemMsg",
"org.zstack.header.storage.primary.APIDeletePrimaryStorageMsg",
"org.zstack.zwatch.alarm.APIRemoveLabelFromEventSubscriptionMsg",
"org.zstack.ticket.iam2.api.APIDeleteIAM2TicketFlowMsg",
"org.zstack.header.identity.APIDeletePolicyMsg",
"org.zstack.network.service.portforwarding.APIDetachPortForwardingRuleMsg",
"org.zstack.header.host.APIDeleteHostMsg",
"org.zstack.header.affinitygroup.APIRemoveVmFromAffinityGroupMsg",
"org.zstack.header.baremetal.preconfiguration.APIDeletePreconfigurationTemplateMsg",
"org.zstack.iam2.api.APIRemoveAttributesFromIAM2VirtualIDMsg",
"org.zstack.sns.APIDeleteSNSApplicationEndpointMsg",
"org.zstack.header.aliyun.network.connection.APIDeleteVirtualBorderRouterLocalMsg",
"org.zstack.monitoring.media.APIDeleteMediaMsg",
"org.zstack.aliyun.pangu.APIDeleteAliyunPanguPartitionMsg",
"org.zstack.header.aliyun.ecs.APIDeleteEcsInstanceMsg",
"org.zstack.scheduler.APIDeleteSchedulerTriggerMsg",
"org.zstack.scheduler.APIRemoveSchedulerJobsFromSchedulerJobGroupMsg",
"org.zstack.zwatch.alarm.APIUnsubscribeEventMsg",
"org.zstack.header.identity.role.api.APIDetachRoleFromAccountMsg",
"org.zstack.zwatch.alarm.APIRemoveActionFromAlarmMsg",
"org.zstack.ldap.APIDeleteLdapBindingMsg",
"org.zstack.header.daho.process.APIDeleteDahoDataCenterConnectionMsg",
"org.zstack.monitoring.APIDeleteAlertMsg",
"org.zstack.header.configuration.APIDeleteInstanceOfferingMsg",
"org.zstack.storage.ceph.primary.APIRemoveMonFromCephPrimaryStorageMsg",
"org.zstack.ipsec.APIRemoveRemoteCidrsFromIPsecConnectionMsg",
"org.zstack.header.network.l3.APIRemoveHostRouteFromL3NetworkMsg",
"org.zstack.header.image.APIDeleteImageMsg",
"org.zstack.header.hybrid.network.eip.APIDeleteHybridEipRemoteMsg",
"org.zstack.header.vm.APIDeleteVmSshKeyMsg",
"org.zstack.header.identity.APIDetachPolicyFromUserMsg",
"org.zstack.iam2.api.APIRemoveAttributesFromIAM2ProjectMsg",
"org.zstack.iam2.api.APIRemoveAttributesFromIAM2OrganizationMsg",
"org.zstack.header.network.l2.APIDetachL2NetworkFromClusterMsg",
"org.zstack.header.aliyun.oss.APIDeleteOssBucketFileRemoteMsg",
"org.zstack.iam2.api.APIRemoveIAM2VirtualIDsFromGroupMsg",
"org.zstack.header.aliyun.storage.snapshot.APIDeleteAliyunSnapshotFromLocalMsg",
"org.zstack.header.aliyun.ecs.APIDeleteAllEcsInstancesFromDataCenterMsg",
"org.zstack.header.aliyun.network.connection.APIDeleteAliyunRouterInterfaceRemoteMsg",
"org.zstack.sns.platform.dingtalk.APIRemoveSNSDingTalkAtPersonMsg",
"org.zstack.autoscaling.template.APIDetachAutoScalingTemplateFromGroupMsg",
"org.zstack.aliyun.nas.message.APIDeleteAliyunNasAccessGroupMsg",
"org.zstack.header.storage.snapshot.APIDeleteVolumeSnapshotMsg",
"org.zstack.header.volume.APIDetachDataVolumeFromVmMsg",
"org.zstack.ipsec.APIDeleteIPsecConnectionMsg",
"org.zstack.header.aliyun.oss.APIDeleteOssBucketRemoteMsg",
"org.zstack.header.network.l2.APIDeleteL2NetworkMsg",
"org.zstack.iam2.api.APIDeleteIAM2VirtualIDMsg",
"org.zstack.header.baremetal.instance.APIDestroyBaremetalInstanceMsg",
"org.zstack.header.vm.cdrom.APIDeleteVmCdRomMsg",
"org.zstack.header.aliyun.network.vrouter.APIDeleteVirtualRouterLocalMsg",
"org.zstack.header.hybrid.network.vpn.APIDeleteVpcIkeConfigLocalMsg",
"org.zstack.header.aliyun.oss.APIDeleteOssBucketNameLocalMsg",
"org.zstack.header.vm.APIDeleteVmConsolePasswordMsg",
"org.zstack.header.storage.backup.APIDeleteBackupStorageMsg",
"org.zstack.iam2.api.APIExpungeIAM2ProjectMsg",
"org.zstack.vrouterRoute.APIDetachVRouterRouteTableFromVRouterMsg",
"org.zstack.ticket.api.APIDeleteTicketMsg",
"org.zstack.iam2.api.APIDeleteIAM2ProjectMsg",
"org.zstack.header.aliyun.network.vpc.APIDeleteEcsVSwitchInLocalMsg",
"org.zstack.zwatch.alarm.sns.APIDeleteSNSTextTemplateMsg",
"org.zstack.iam2.api.APIDeleteIAM2OrganizationMsg",
"org.zstack.header.tag.APIDeleteTagMsg",
"org.zstack.header.aliyun.network.group.APIDeleteEcsSecurityGroupInLocalMsg",
"org.zstack.network.securitygroup.APIDeleteSecurityGroupRuleMsg",
"org.zstack.storage.fusionstor.primary.APIRemoveMonFromFusionstorPrimaryStorageMsg",
"org.zstack.header.daho.process.APIDeleteDahoCloudConnectionMsg",
"org.zstack.header.identity.APIDeleteUserMsg",
"org.zstack.zwatch.alarm.APIRemoveActionFromEventSubscriptionMsg",
"org.zstack.ticket.api.APIDeleteTicketFlowCollectionMsg",
"org.zstack.network.service.lb.APIDeleteLoadBalancerListenerMsg",
"org.zstack.storage.fusionstor.backup.APIRemoveMonFromFusionstorBackupStorageMsg",
"org.zstack.header.identity.APIDetachPoliciesFromUserMsg",
"org.zstack.tag2.APIDetachTagFromResourcesMsg",
"org.zstack.header.identity.role.api.APIDetachPolicyFromRoleMsg",
"org.zstack.storage.ceph.primary.APIDeleteCephPrimaryStoragePoolMsg",
"org.zstack.header.aliyun.image.APIDeleteEcsImageLocalMsg",
"org.zstack.header.network.service.APIDetachNetworkServiceFromL3NetworkMsg",
"org.zstack.zwatch.alarm.APIRemoveLabelFromAlarmMsg",
"org.zstack.header.vm.APIDeleteVmBootModeMsg",
"org.zstack.billing.APIDeleteResourcePriceMsg",
"org.zstack.header.hybrid.network.vpn.APIDeleteVpcVpnConnectionLocalMsg",
"org.zstack.header.aliyun.storage.disk.APIDeleteAliyunDiskFromRemoteMsg",
"org.zstack.header.identity.APIDetachPolicyFromUserGroupMsg",
"org.zstack.header.identityzone.APIDeleteIdentityZoneInLocalMsg",
"org.zstack.header.vm.APIDeleteVmHostnameMsg",
"org.zstack.core.config.resourceconfig.APIDeleteResourceConfigMsg",
"org.zstack.header.aliyun.storage.snapshot.APIGCAliyunSnapshotRemoteMsg",
"org.zstack.zwatch.api.APIDeleteMetricDataMsg",
"org.zstack.header.baremetal.pxeserver.APIDetachBaremetalPxeServerFromClusterMsg",
"org.zstack.header.hybrid.network.vpn.APIDeleteVpcUserVpnGatewayRemoteMsg",
"org.zstack.header.identity.APIDeleteUserGroupMsg",
"org.zstack.header.vm.APIDetachIsoFromVmInstanceMsg",
"org.zstack.header.vm.APIDestroyVmInstanceMsg",
"org.zstack.network.securitygroup.APIDetachSecurityGroupFromL3NetworkMsg",
"org.zstack.autoscaling.group.rule.trigger.APIDeleteAutoScalingRuleTriggerMsg",
"org.zstack.scheduler.APIDeleteSchedulerJobGroupMsg",
"org.zstack.header.cluster.APIDeleteClusterMsg",
"org.zstack.zwatch.alarm.APIDeleteAlarmMsg",
"org.zstack.header.network.l3.APIDeleteIpRangeMsg",
"org.zstack.header.core.webhooks.APIDeleteWebhookMsg",
"org.zstack.network.service.lb.APIDeleteLoadBalancerMsg",
"org.zstack.autoscaling.group.rule.APIDeleteAutoScalingRuleMsg",
"org.zstack.header.storage.snapshot.APIBatchDeleteVolumeSnapshotMsg",
"org.zstack.header.vm.APIDeleteNicQosMsg",
"org.zstack.header.hybrid.network.vpn.APIDeleteVpcVpnConnectionRemoteMsg",
"org.zstack.header.vipQos.APIDeleteVipQosMsg",
"org.zstack.monitoring.actions.APIDeleteMonitorTriggerActionMsg",
"org.zstack.header.baremetal.chassis.APIDeleteBaremetalChassisMsg",
"org.zstack.header.volume.APIExpungeDataVolumeMsg",
"org.zstack.header.identity.role.api.APIRemovePolicyStatementsFromRoleMsg",
"org.zstack.header.aliyun.network.connection.APIDeleteConnectionBetweenL3NetWorkAndAliyunVSwitchMsg",
"org.zstack.header.vm.APIExpungeVmInstanceMsg",
"org.zstack.vpc.APIRemoveDnsFromVpcRouterMsg",
"org.zstack.header.configuration.APIDeleteDiskOfferingMsg",
"org.zstack.header.protocol.APIRemoveVRouterNetworksFromOspfAreaMsg",
"org.zstack.scheduler.APIDeleteSchedulerJobMsg",
"org.zstack.network.service.lb.APIDeleteCertificateMsg",
"org.zstack.header.hybrid.network.eip.APIDeleteHybridEipFromLocalMsg",
"org.zstack.header.hybrid.network.vpn.APIDeleteVpcIpSecConfigLocalMsg",
"org.zstack.header.identity.role.api.APIDeleteRoleMsg",
"org.zstack.scheduler.APIRemoveSchedulerJobGroupFromSchedulerTriggerMsg",
"org.zstack.accessKey.APIDeleteAccessKeyMsg",
"org.zstack.header.protocol.APIDeleteVRouterOspfAreaMsg",
"org.zstack.header.volume.APIDeleteVolumeQosMsg",
"org.zstack.pciDevice.APIDeletePciDeviceOfferingMsg",
"org.zstack.header.storage.volume.backup.APIDeleteVmBackupMsg",
"org.zstack.iam2.api.APIDeleteIAM2VirtualIDGroupMsg",
"org.zstack.ldap.APIDeleteLdapServerMsg",
"org.zstack.header.storage.database.backup.APIDeleteDatabaseBackupMsg",
"org.zstack.network.service.portforwarding.APIDeletePortForwardingRuleMsg",
"org.zstack.header.aliyun.ecs.APIDeleteEcsInstanceLocalMsg",
"org.zstack.sns.APIUnsubscribeSNSTopicMsg",
"org.zstack.vrouterRoute.APIDeleteVRouterRouteEntryMsg",
"org.zstack.network.service.vip.APIDeleteVipMsg",
"org.zstack.header.storage.backup.APIDeleteExportedImageFromBackupStorageMsg",
"org.zstack.core.gc.APIDeleteGCJobMsg",
"org.zstack.network.service.eip.APIDeleteEipMsg",
"org.zstack.header.daho.process.APIDeleteDahoVllMsg",
"org.zstack.header.aliyun.network.vrouter.APIDeleteAliyunRouteEntryRemoteMsg",
"org.zstack.header.aliyun.network.connection.APIDeleteConnectionAccessPointLocalMsg",
"org.zstack.network.service.lb.APIRemoveVmNicFromLoadBalancerMsg",
"org.zstack.sns.APIDeleteSNSTopicMsg",
"org.zstack.ipsec.APIDetachL3NetworksFromIPsecConnectionMsg",
"org.zstack.iam2.api.APIRemoveRolesFromIAM2VirtualIDMsg",
"org.zstack.iam2.api.APIRemoveIAM2VirtualIDsFromProjectMsg",
"org.zstack.header.vm.APIDeleteVmStaticIpMsg",
"org.zstack.header.storage.backup.APIDetachBackupStorageFromZoneMsg",
"org.zstack.header.aliyun.account.APIDeleteAliyunKeySecretMsg",
"org.zstack.storage.device.iscsi.APIDeleteIscsiServerMsg",
"org.zstack.autoscaling.template.APIDeleteAutoScalingTemplateMsg",
"org.zstack.header.storage.volume.backup.APIDeleteVolumeBackupMsg",
"org.zstack.header.baremetal.pxeserver.APIDeleteBaremetalPxeServerMsg",
"org.zstack.aliyun.nas.message.APIDeleteAliyunNasAccessGroupRuleMsg",
"org.zstack.header.volume.APIDeleteDataVolumeMsg",
"org.zstack.header.aliyun.network.group.APIDeleteEcsSecurityGroupRemoteMsg",
"org.zstack.network.securitygroup.APIDeleteVmNicFromSecurityGroupMsg",
"org.zstack.network.l2.vxlan.vxlanNetworkPool.APIDeleteVniRangeMsg",
"org.zstack.header.aliyun.image.APIDeleteEcsImageRemoteMsg",
"org.zstack.storage.device.iscsi.APIDetachIscsiServerFromClusterMsg",
"org.zstack.autoscaling.group.instance.APIDeleteAutoScalingGroupInstanceMsg",
"org.zstack.header.identity.APIDeleteAccountMsg",
"org.zstack.header.storageDevice.APIDetachScsiLunFromVmInstanceMsg",
"org.zstack.vmware.APIDeleteVCenterMsg",
"org.zstack.license.APIDeleteLicenseMsg",
"org.zstack.header.hybrid.network.vpn.APIDeleteVpcUserVpnGatewayLocalMsg",
"org.zstack.header.vm.APIDetachL3NetworkFromVmMsg",
"org.zstack.header.identity.APIRemoveUserFromGroupMsg",
"org.zstack.header.aliyun.network.vpc.APIDeleteEcsVpcRemoteMsg",
"org.zstack.header.datacenter.APIDeleteDataCenterInLocalMsg",
"org.zstack.header.aliyun.network.vpc.APIDeleteEcsVpcInLocalMsg",
"org.zstack.network.service.eip.APIDetachEipMsg",
"org.zstack.monitoring.APIDeleteMonitorTriggerMsg"]}]
policy_uuid = iam2_ops.create_policy('noDeletePolicy', statements).uuid
iam2_ops.attach_policy_to_role(policy_uuid, role_uuid)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], vid_test_obj.get_vid().uuid)
vid_test_obj.set_customized("noDeleteAdminPermission")
vid_test_obj.set_vid_statements(statements)
vid_test_obj.check()
iam2_ops.update_role(role_uuid, [])
iam2_ops.add_policy_statements_to_role(role_uuid, statements)
vid_test_obj.set_customized("noDeleteAdminPermission")
vid_test_obj.set_vid_statements(statements)
vid_test_obj.check()
#if flavor['target_admin'] == 'readOnlyAdmin':
# username = '******'
# password = '******'
# vid_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
# attributes = [{"name": "__AuditAdmin__"}]
# iam2_ops.add_attributes_to_iam2_virtual_id(vid_uuid, attributes)
# read_only_admin_session_uuid = iam2_ops.login_iam2_virtual_id(username, password)
# vid_test_obj.set_vid_statements(statements)
# vid_test_obj.check()
vid_test_obj.delete()
test_util.test_pass('success test iam2 policy!')
def test():
global new_zone_uuid
iam2_ops.clean_iam2_enviroment()
# 1 create new zone
new_zone_uuid = test_stub.create_zone().uuid
# 2 create platform admin related new zone
platform_admin_name = 'platformadmin'
password = \
'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
platform_admin_uuid = iam2_ops.create_iam2_virtual_id(platform_admin_name, password).uuid
attributes = [{"name": "__PlatformAdmin__"}, {"name": "__PlatformAdminRelatedZone__", "value": new_zone_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(platform_admin_uuid, attributes)
# 3 create project
project_name = 'test_project'
project = iam2_ops.create_iam2_project(project_name)
project_uuid = project.uuid
linked_account_uuid = project.linkedAccountUuid
attributes = [{"name": "__ProjectRelatedZone__", "value": new_zone_uuid}]
iam2_ops.add_attributes_to_iam2_project(project_uuid, attributes)
# 4 create projectAdmin and virtual id into project
project_admin_name = 'projectadmin'
project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid], project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes)
username = '******'
virtual_id_uuid = iam2_ops.create_iam2_virtual_id(username, password).uuid
iam2_ops.add_iam2_virtual_ids_to_project([virtual_id_uuid], project_uuid)
action = "org.zstack.ticket.**"
statements = [{"effect": "Allow", "actions": [action]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
iam2_ops.add_policy_statements_to_role(role_uuid, statements)
statement_uuid = iam2_ops.get_policy_statement_uuid_of_role(role_uuid, action)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], virtual_id_uuid)
virtual_id_session = iam2_ops.login_iam2_virtual_id(username, password)
virtual_id_session = iam2_ops.login_iam2_project(project_name, virtual_id_session).uuid
# 5 create ticket
ticket = test_stub.create_vm_ticket(virtual_id_uuid, project_uuid, virtual_id_session)
ticket_02 = test_stub.create_vm_ticket(virtual_id_uuid, project_uuid, virtual_id_session, name='new ticket',
request_name='ticket-vm-2')
acc_ops.logout(virtual_id_session)
ticket_ops.change_ticket_status(ticket.uuid, 'reject')
# 6 delete Zone
zone_ops.delete_zone(new_zone_uuid)
# 7 cascade test
# test for platformAdmin
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', platform_admin_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__PlatformAdminRelatedZone__", cond)
attributes = res_ops.query_resource(res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)
if attributes:
test_util.test_fail('the attributes:uuid[%s] name[%s] is still exist after delete the new zone[%s]' % (
attributes[0].uuid, attributes[0].name, new_zone_uuid))
# test for project
cond = res_ops.gen_query_conditions('uuid', '=', project_uuid)
project_inv = res_ops.query_resource(res_ops.IAM2_PROJECT, cond)
if project_inv:
test_util.test_fail(
'the project[%s] is still exist after delete the new zone[%s]' % (project_inv[0].uuid, new_zone_uuid))
cond = res_ops.gen_query_conditions('virtualIDUuid', '=', project_admin_uuid)
cond_02 = res_ops.gen_query_conditions('name', '=', "__ProjectAdmin__", cond)
attributes = res_ops.query_resource(res_ops.IAM2_VIRTUAL_ID_ATTRIBUTE, cond_02)
if attributes:
test_util.test_fail('the attributes:uuid[%s] name[%s] is still exist after delete the new zone[%s]' % (
attributes[0].uuid, attributes[0].name, new_zone_uuid))
platform_admin_session = iam2_ops.login_iam2_virtual_id(platform_admin_name, password)
project_admin_session = iam2_ops.login_iam2_virtual_id(project_admin_name, password)
virtual_id_session = iam2_ops.login_iam2_virtual_id(username, password)
try:
iam2_ops.login_iam2_project(project_name, project_admin_session)
test_util.test_fail("can't login deleted project ,fail!")
except:
test_util.test_logger("can't login deleted project ,success!")
try:
iam2_ops.login_iam2_project(project_name, virtual_id_session)
test_util.test_fail("can't login deleted project ,fail!")
except:
test_util.test_logger("can't login deleted project ,success!")
# test for ticket
cond = res_ops.gen_query_conditions('uuid', '=', ticket.uuid)
ticket_inv = res_ops.query_resource(res_ops.TICKET, cond)
if ticket_inv:
test_util.test_fail(
"Ticket [%s] is still exist after delete the zone[%s]" % (ticket_inv[0].uuid, new_zone_uuid))
cond = res_ops.gen_query_conditions('uuid', '=', ticket_02.uuid)
ticket_02_inv = res_ops.query_resource(res_ops.TICKET, cond)
if ticket_02_inv:
test_util.test_fail(
"Ticket [%s] is still exist after delete the zone[%s]" % (ticket_02_inv[0].uuid, new_zone_uuid))
iam2_ops.clean_iam2_enviroment()
test_util.test_pass("success test project retired")
def test():
global project_uuid, virtual_id_uuid
statements = []
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
zone_uuid = res_ops.query_resource(res_ops.ZONE)[0].uuid
project_name = 'test_project_01'
attributes = [{"name": "__ProjectRelatedZone__", "value": zone_uuid}]
project_obj = iam2_ops.create_iam2_project(project_name,
attributes=attributes)
project_uuid = project_obj.uuid
project_linked_account_uuid = project_obj.linkedAccountUuid
password = '******'
'''name = 'username'
name1 = 'username1'
name2 = 'username2'
password = '******'
vid = test_vid.ZstackTestVid()
vid.create(name, password)
attributes = [{"name": "__PlatformAdmin__"}]
iam2_ops.add_attributes_to_iam2_virtual_id(vid.get_vid().uuid, attributes)
vid.set_vid_attributes(attributes)
vid.check()
attributes = [{"name": "__ProjectAdmin__", "value": project_linked_account_uuid}]
vid1 = test_vid.ZstackTestVid()
vid1.create(name1, password)
iam2_ops.add_iam2_virtual_ids_to_project([vid1.get_vid().uuid], project_uuid)
attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(vid1.get_vid().uuid, attributes)
vid1.set_vid_attributes(attributes)
vid1.check()
vid2 = test_vid.ZstackTestVid()
vid2.create(name2, password)
iam2_ops.add_iam2_virtual_ids_to_project([vid2.get_vid().uuid], project_uuid)
attributes = [{"name": "__ProjectOperator__", "value": project_uuid}]
iam2_ops.add_attributes_to_iam2_virtual_id(vid2.get_vid().uuid, attributes)
vid2.set_vid_attributes(attributes)
vid2.check()
'''
policy_check_vid = test_vid.ZstackTestVid()
policy_check_vid.create('policy_check', password)
iam2_ops.add_iam2_virtual_ids_to_project([policy_check_vid.get_vid().uuid],
project_uuid)
virtual_id_uuid = policy_check_vid.get_vid().uuid
if flavor['target_role'] == 'vm':
statements = [{
"effect":
"Allow",
"actions": ["org.zstack.header.vm.**", "org.zstack.ha.**"]
}]
if flavor['target_role'] == 'vm_ops_without_creation':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.header.vm.APIGetVmQgaMsg",
"org.zstack.header.vm.APIChangeVmImageMsg",
"org.zstack.header.vm.APISetVmSshKeyMsg",
"org.zstack.header.vm.APIStopVmInstanceMsg",
"org.zstack.header.vm.APISetVmStaticIpMsg",
"org.zstack.header.vm.APIRecoverVmInstanceMsg",
"org.zstack.header.vm.APIQueryVmNicMsg",
"org.zstack.header.vm.APIStartVmInstanceMsg",
"org.zstack.header.vm.APIDestroyVmInstanceMsg",
"org.zstack.header.vm.APIGetVmConsolePasswordMsg",
"org.zstack.header.vm.APIDeleteVmStaticIpMsg",
"org.zstack.header.vm.APISetNicQosMsg",
"org.zstack.header.vm.APIRebootVmInstanceMsg",
"org.zstack.header.vm.APIGetNicQosMsg",
"org.zstack.header.vm.APIGetVmBootOrderMsg",
"org.zstack.header.vm.APIChangeVmPasswordMsg",
"org.zstack.header.vm.APIGetCandidatePrimaryStoragesForCreatingVmMsg",
"org.zstack.header.vm.APISetVmRDPMsg",
"org.zstack.header.vm.APIMigrateVmMsg",
"org.zstack.header.vm.APIGetVmMigrationCandidateHostsMsg",
"org.zstack.header.vm.APIAttachL3NetworkToVmMsg",
"org.zstack.header.vm.APIExpungeVmInstanceMsg",
"org.zstack.header.vm.APIGetCandidateVmForAttachingIsoMsg",
"org.zstack.header.vm.APIAttachIsoToVmInstanceMsg",
"org.zstack.header.vm.APIGetVmAttachableL3NetworkMsg",
"org.zstack.header.vm.APIGetVmHostnameMsg",
"org.zstack.header.vm.APIDeleteVmSshKeyMsg",
"org.zstack.header.vm.APIGetVmMonitorNumberMsg",
"org.zstack.header.vm.APISetVmQgaMsg",
"org.zstack.header.vm.APIDetachL3NetworkFromVmMsg",
"org.zstack.header.vm.APISetVmConsolePasswordMsg",
"org.zstack.header.vm.APIGetCandidateZonesClustersHostsForCreatingVmMsg",
"org.zstack.header.vm.APIGetVmAttachableDataVolumeMsg",
"org.zstack.header.vm.APIGetInterdependentL3NetworksImagesMsg",
"org.zstack.header.vm.APIGetCandidateIsoForAttachingVmMsg",
"org.zstack.header.vm.APIDeleteNicQosMsg",
"org.zstack.header.vm.APISetVmUsbRedirectMsg",
"org.zstack.header.vm.APISetVmBootOrderMsg",
"org.zstack.header.vm.APIGetImageCandidatesForVmToChangeMsg",
"org.zstack.header.vm.APIGetVmConsoleAddressMsg",
"org.zstack.header.vm.APIChangeInstanceOfferingMsg",
"org.zstack.header.vm.APIDeleteVmHostnameMsg",
"org.zstack.header.vm.APIGetVmUsbRedirectMsg",
"org.zstack.header.vm.APIQueryVmInstanceMsg",
"org.zstack.header.vm.APISetVmMonitorNumberMsg",
"org.zstack.header.vm.APIReimageVmInstanceMsg",
"org.zstack.header.vm.APIResumeVmInstanceMsg",
"org.zstack.header.vm.APIUpdateVmNicMacMsg",
"org.zstack.header.vm.APIGetVmCapabilitiesMsg",
"org.zstack.header.vm.APIUpdateVmInstanceMsg",
"org.zstack.header.vm.APIGetVmSshKeyMsg",
"org.zstack.header.vm.APICloneVmInstanceMsg",
"org.zstack.header.vm.APIDeleteVmConsolePasswordMsg",
"org.zstack.header.vm.APISetVmHostnameMsg",
"org.zstack.header.vm.APIGetVmStartingCandidateClustersHostsMsg",
"org.zstack.header.vm.APIDetachIsoFromVmInstanceMsg",
"org.zstack.header.vm.APIGetVmRDPMsg",
"org.zstack.header.vm.APIPauseVmInstanceMsg"
]
}]
if flavor['target_role'] == 'image':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.header.image.**",
"org.zstack.storage.backup.imagestore.APIGetImagesFromImageStoreBackupStorageMsg"
]
}]
if flavor['target_role'] == 'snapshot':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.header.storage.snapshot.**",
"org.zstack.header.volume.APICreateVolumeSnapshotMsg"
]
}]
if flavor['target_role'] == 'volume':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.header.volume.APICreateDataVolumeFromVolumeTemplateMsg",
"org.zstack.header.volume.APIGetVolumeQosMsg",
"org.zstack.header.volume.APISyncVolumeSizeMsg",
"org.zstack.header.volume.APICreateDataVolumeFromVolumeSnapshotMsg",
"org.zstack.header.volume.APIResizeDataVolumeMsg",
"org.zstack.header.volume.APIRecoverDataVolumeMsg",
"org.zstack.header.volume.APIExpungeDataVolumeMsg",
"org.zstack.mevoco.APIQueryShareableVolumeVmInstanceRefMsg",
"org.zstack.header.volume.APICreateDataVolumeMsg",
"org.zstack.header.volume.APIGetVolumeCapabilitiesMsg",
"org.zstack.header.volume.APIDetachDataVolumeFromVmMsg",
"org.zstack.header.volume.APIDeleteVolumeQosMsg",
"org.zstack.header.volume.APIGetVolumeFormatMsg",
"org.zstack.header.volume.APIGetDataVolumeAttachableVmMsg",
"org.zstack.header.volume.APIAttachDataVolumeToVmMsg",
"org.zstack.header.volume.APIResizeRootVolumeMsg",
"org.zstack.header.volume.APISetVolumeQosMsg",
"org.zstack.header.volume.APIDeleteDataVolumeMsg",
"org.zstack.header.volume.APIUpdateVolumeMsg",
"org.zstack.header.volume.APIChangeVolumeStateMsg",
"org.zstack.header.volume.APIQueryVolumeMsg"
]
}]
if flavor['target_role'] == 'affinity_group':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.header.affinitygroup.**"]
}]
if flavor['target_role'] == 'networks':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.header.network.l3.**",
"org.zstack.network.service.flat.**",
"org.zstack.header.network.l2.APIUpdateL2NetworkMsg",
"org.zstack.header.network.service.APIQueryNetworkServiceProviderMsg",
"org.zstack.header.network.service.APIAttachNetworkServiceToL3NetworkMsg",
"org.zstack.network.l2.vxlan.vxlanNetworkPool.APIQueryVniRangeMsg",
"org.zstack.network.l2.vxlan.vxlanNetwork.APIQueryL2VxlanNetworkMsg",
"org.zstack.network.l2.vxlan.vxlanNetwork.APICreateL2VxlanNetworkMsg",
"org.zstack.network.l2.vxlan.vxlanNetworkPool.APIQueryL2VxlanNetworkPoolMsg"
]
}]
if flavor['target_role'] == 'eip':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.network.service.vip.**",
"org.zstack.network.service.eip.**",
"org.zstack.header.vipQos.**"
]
}]
if flavor['target_role'] == 'sg':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.network.securitygroup.**"]
}]
if flavor['target_role'] == 'lb':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.network.service.lb.**",
"org.zstack.network.service.vip.**",
"org.zstack.header.vipQos.**"
]
}]
if flavor['target_role'] == 'pf':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.network.service.portforwarding.**",
"org.zstack.network.service.vip.**",
"org.zstack.header.vipQos.**"
]
}]
if flavor['target_role'] == 'scheduler':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.scheduler.**"]
}]
if flavor['target_role'] == 'pci':
statements = [{
"effect":
"Allow",
"actions": [
"org.zstack.pciDevice.APIAttachPciDeviceToVmMsg",
"org.zstack.pciDevice.APIUpdateHostIommuStateMsg",
"org.zstack.pciDevice.APIGetPciDeviceCandidatesForNewCreateVmMsg",
"org.zstack.pciDevice.APIDetachPciDeviceFromVmMsg",
"org.zstack.pciDevice.APIQueryPciDeviceMsg",
"org.zstack.pciDevice.APIGetPciDeviceCandidatesForAttachingVmMsg"
]
}]
if flavor['target_role'] == 'zwatch':
statements = [{
"effect": "Allow",
"actions": ["org.zstack.zwatch.**", "org.zstack.sns.**"]
}]
if flavor['target_role'] == 'sns':
statements = [{"effect": "Allow", "actions": ["org.zstack.sns.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
#iam2_ops.add_policy_statements_to_role(role_uuid, statements)
#statement_uuid = iam2_ops.get_policy_statement_uuid_of_role(role_uuid, action)
#iam2_ops.remove_policy_statements_from_role(role_uuid, [statement_uuid])
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid],
policy_check_vid.get_vid().uuid)
policy_check_vid.set_vid_statements(statements)
policy_check_vid.check()
#iam2_ops.remove_roles_from_iam2_virtual_id([role_uuid], policy_check_vid.get_vid().uuid)
#policy_check_vid.set_vid_statements([])
#policy_check_vid.check()
iam2_ops.delete_iam2_project(project_uuid)
#vid.delete()
#vid1.delete()
#vid2.delete()
policy_check_vid.delete()
test_util.test_pass('success test iam2 policy!')
def test():
iam2_ops.clean_iam2_enviroment()
global project_uuid,project_admin_uuid,virtual_id_uuid
# create project
project_name = 'test_project'
project_uuid = iam2_ops.create_iam2_project(project_name).uuid
# create plain user
plain_user_name = 'username'
plain_user_password = '******'
plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password,project_uuid=project_uuid).uuid
#add role
statements = [{"effect": "Allow", "actions": ["org.zstack.ticket.**"]}]
role_uuid = iam2_ops.create_role('test_role', statements).uuid
action = "org.zstack.ticket.**"
statements = [{"effect": "Allow", "actions": [action]}]
iam2_ops.add_policy_statements_to_role(role_uuid, statements)
statement_uuid = iam2_ops.get_policy_statement_uuid_of_role(role_uuid, action)
iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid)
#add virtual id to project
iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid)
#login in project by plain user
plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password)
project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=plain_user_session_uuid).uuid
#get iam2 virtual id api permission and project
iam2_ops.get_iam2_virtual_id_permission(session_uuid=project_login_uuid)
#create ticket
ticket_name = 'ticket_1'
session_uuid = project_login_uuid
api_name='org.zstack.header.vm.APICreateVmInstanceMsg'
request_name='create-vm-ticket'
executeTimes=1
account_system_type='iam2'
conditions = res_ops.gen_query_conditions('type', '=', 'UserVm')
instance_offering_uuid =res_ops.query_resource(res_ops.INSTANCE_OFFERING, conditions)[0].uuid
image_name = os.environ.get('imageName_s')
image_uuid=test_lib.lib_get_image_by_name(image_name).uuid
l3_name = os.environ.get('l3VlanNetworkName1')
l3_network_uuids=test_lib.lib_get_l3_by_name(l3_name).uuid
api_body={"name":"vm","instanceOfferingUuid":instance_offering_uuid,"imageUuid":image_uuid,"l3NetworkUuids":[l3_network_uuids]}
ticket= ticket_ops.create_ticket(ticket_name,request_name,api_body,api_name,executeTimes,account_system_type,plain_user_uuid,project_uuid,session_uuid)
if ticket == None:
test_util.test_fail('fail to create ticket by plain user!')
#query ticket
cond= res_ops.gen_query_conditions('uuid','=', ticket.uuid)
ticket_list = res_ops.query_resource(res_ops.TICKET,cond,session_uuid)
if ticket_list!= None:
test_util.test_logger('success query ticket by plain user!')
#examination the ticket by user
try:
ticket_ops.change_ticket_status(ticket.uuid,'reject',session_uuid)
test_util.test_fail("can't examination ticket by user ")
except:
test_util.test_logger('examination ticket fail by user ')
#examination the ticket by admin
ticket_ops.change_ticket_status(ticket.uuid,'reject')
#update ticket
request_name_2='create-vm-ticket-2'
ticket_ops.update_ticket_request(ticket.uuid,request_name_2,api_body,api_name,executeTimes,session_uuid)
#query ticket
cond= res_ops.gen_query_conditions('uuid','=', ticket.uuid)
ticket_list = res_ops.query_resource(res_ops.TICKET,cond,session_uuid)[0]
request=ticket_list.request[0]
requestName=request.requestName
if requestName !='create-vm-ticket-2':
test_util.test_fail('fail to update ticket by plain user!')
#create ticket_2
ticket_name = 'ticket_2'
session_uuid = project_login_uuid
api_name='org.zstack.header.vm.APICreateVmInstanceMsg'
request_name='create-vm-ticket'
executeTimes=1
account_system_type='iam2'
conditions = res_ops.gen_query_conditions('type', '=', 'UserVm')
instance_offering_uuid =res_ops.query_resource(res_ops.INSTANCE_OFFERING, conditions)[0].uuid
image_name = os.environ.get('imageName_s')
image_uuid=test_lib.lib_get_image_by_name(image_name).uuid
l3_name = os.environ.get('l3VlanNetworkName1')
l3_network_uuids=test_lib.lib_get_l3_by_name(l3_name).uuid
api_body={"name":"vm","instanceOfferingUuid":instance_offering_uuid,"imageUuid":image_uuid,"l3NetworkUuids":[l3_network_uuids]}
ticket_2= ticket_ops.create_ticket(ticket_name,request_name,api_body,api_name,executeTimes,account_system_type,plain_user_uuid,project_uuid,session_uuid)
#Withdraw the ticket
ticket_ops.change_ticket_status(ticket_2.uuid,'cancel',session_uuid)
cond= res_ops.gen_query_conditions('uuid','=', ticket_2.uuid)
statusEvent = res_ops.query_resource(res_ops.TICKET,cond,session_uuid)[0].status
if statusEvent !='Cancelled' :
test_util.test_fail('fail to Withdraw ticket by plain user!')
#create ticket_3
ticket_name = 'ticket_3'
session_uuid = project_login_uuid
api_name='org.zstack.header.vm.APICreateVmInstanceMsg'
request_name='create-vm-ticket'
executeTimes=1
account_system_type='iam2'
conditions = res_ops.gen_query_conditions('type', '=', 'UserVm')
instance_offering_uuid =res_ops.query_resource(res_ops.INSTANCE_OFFERING, conditions)[0].uuid
image_name = os.environ.get('imageName_s')
image_uuid=test_lib.lib_get_image_by_name(image_name).uuid
l3_name = os.environ.get('l3VlanNetworkName1')
l3_network_uuids=test_lib.lib_get_l3_by_name(l3_name).uuid
api_body={"name":"vm","instanceOfferingUuid":instance_offering_uuid,"imageUuid":image_uuid,"l3NetworkUuids":[l3_network_uuids]}
ticket_3= ticket_ops.create_ticket(ticket_name,request_name,api_body,api_name,executeTimes,account_system_type,plain_user_uuid,project_uuid,session_uuid)
#delete ticket
ticket_ops.delete_ticket(ticket_3.uuid)
cond= res_ops.gen_query_conditions('uuid','=', ticket_3.uuid)
ticket_list_2 = res_ops.query_resource(res_ops.TICKET,cond)
if not ticket_list_2:
test_util.test_pass('success test iam2 ticket by plain user')
else:
test_util.test_fail("test fail ")