Remove the local tempest plugin
The plugin has been split into its own repository[1] in accordance with Queens Goal "Split Tempest Plugins into Separate Repos/Projects[2]". This patch removes the local copy as well as the setuptools entry point. We can also now remove the autodoc_tree_excludes pbr option since there's no more plugin to exclude and it defaults to [setup.py]. [1] http://git.openstack.org/cgit/openstack/keystone-tempest-plugin [2] https://governance.openstack.org/tc/goals/queens/split-tempest-plugins.html Depends-On: I47f59505126509b6b52cf04b8f7501e8ef4041b7 Change-Id: I1805b196b42b6a76c56e129a316e170e767455c1
This commit is contained in:
parent
5258c340d6
commit
6f4e37e9e6
@ -1,6 +1,5 @@
|
||||
==========================
|
||||
Tempest tests for keystone
|
||||
==========================
|
||||
|
||||
This directory contains Tempest tests to cover the keystone project.
|
||||
=====
|
||||
MOVED
|
||||
=====
|
||||
|
||||
The keystone tempest plugin has moved to http://git.openstack.org/cgit/openstack/keystone-tempest-plugin
|
||||
|
@ -1,42 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystone_tempest_plugin.services.identity.v3 import (
|
||||
identity_providers_client)
|
||||
from keystone_tempest_plugin.services.identity.v3 import (
|
||||
mapping_rules_client)
|
||||
from keystone_tempest_plugin.services.identity.v3 import (
|
||||
service_providers_client)
|
||||
from keystone_tempest_plugin.services.identity.v3 import auth_client
|
||||
from keystone_tempest_plugin.services.identity.v3 import saml2_client
|
||||
|
||||
from tempest import clients
|
||||
|
||||
|
||||
class Manager(clients.Manager):
|
||||
|
||||
def __init__(self, credentials):
|
||||
super(Manager, self).__init__(credentials)
|
||||
|
||||
self.auth_client = auth_client.AuthClient(self.auth_provider)
|
||||
self.identity_providers_client = (
|
||||
identity_providers_client.IdentityProvidersClient(
|
||||
self.auth_provider))
|
||||
self.mapping_rules_client = (
|
||||
mapping_rules_client.MappingRulesClient(
|
||||
self.auth_provider))
|
||||
self.saml2_client = saml2_client.Saml2Client()
|
||||
self.service_providers_client = (
|
||||
service_providers_client.ServiceProvidersClient(
|
||||
self.auth_provider))
|
@ -1,61 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
identity_feature_option = [
|
||||
cfg.BoolOpt('federation',
|
||||
default=False,
|
||||
help='Does the environment support the Federated Identity '
|
||||
'feature?'),
|
||||
]
|
||||
|
||||
fed_scenario_group = cfg.OptGroup(name='fed_scenario',
|
||||
title='Federation Scenario Tests Options')
|
||||
|
||||
FedScenarioGroup = [
|
||||
# Identity Provider
|
||||
cfg.StrOpt('idp_id',
|
||||
help='The Identity Provider ID'),
|
||||
cfg.ListOpt('idp_remote_ids',
|
||||
default=[],
|
||||
help='The Identity Provider remote IDs list'),
|
||||
cfg.StrOpt('idp_username',
|
||||
help='Username used to login in the Identity Provider'),
|
||||
cfg.StrOpt('idp_password',
|
||||
help='Password used to login in the Identity Provider'),
|
||||
cfg.StrOpt('idp_ecp_url',
|
||||
help='Identity Provider SAML2/ECP URL'),
|
||||
|
||||
# Mapping rules
|
||||
cfg.StrOpt('mapping_remote_type',
|
||||
help='The assertion attribute to be used in the remote rules'),
|
||||
cfg.StrOpt('mapping_user_name',
|
||||
default='{0}',
|
||||
help='The username to be used in the local rules.'),
|
||||
cfg.StrOpt('mapping_group_name',
|
||||
default='federated_users',
|
||||
help='The group name to be used in the local rules. The group '
|
||||
'must have at least one assignment in one project.'),
|
||||
cfg.StrOpt('mapping_group_domain_name',
|
||||
default='federated_domain',
|
||||
help='The domain name where the "mapping_group_name" is '
|
||||
'created.'),
|
||||
|
||||
# Protocol
|
||||
cfg.StrOpt('protocol_id',
|
||||
default='mapped',
|
||||
help='The Protocol ID')
|
||||
]
|
@ -1,43 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
|
||||
import os
|
||||
|
||||
from tempest import config
|
||||
from tempest.test_discover import plugins
|
||||
|
||||
from keystone_tempest_plugin import config as project_config
|
||||
|
||||
|
||||
class KeystoneTempestPlugin(plugins.TempestPlugin):
|
||||
def load_tests(self):
|
||||
base_path = os.path.split(os.path.dirname(
|
||||
os.path.abspath(__file__)))[0]
|
||||
test_dir = "keystone_tempest_plugin/tests"
|
||||
full_test_dir = os.path.join(base_path, test_dir)
|
||||
return full_test_dir, base_path
|
||||
|
||||
def register_opts(self, conf):
|
||||
config.register_opt_group(conf, config.identity_feature_group,
|
||||
project_config.identity_feature_option)
|
||||
config.register_opt_group(conf, project_config.fed_scenario_group,
|
||||
project_config.FedScenarioGroup)
|
||||
|
||||
def get_opt_lists(self):
|
||||
return [(config.identity_feature_group.name,
|
||||
project_config.identity_feature_option),
|
||||
(project_config.fed_scenario_group.name,
|
||||
project_config.FedScenarioGroup)]
|
@ -1,78 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import json
|
||||
|
||||
import six
|
||||
from six.moves import http_client
|
||||
from tempest import config
|
||||
from tempest.lib.common import rest_client
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
# We only use the identity catalog type
|
||||
SERVICE_TYPE = 'identity'
|
||||
|
||||
|
||||
class Identity(rest_client.RestClient):
|
||||
"""Tempest REST client for keystone."""
|
||||
|
||||
# Used by the superclass to build the correct URL paths
|
||||
api_version = 'v3'
|
||||
|
||||
def __init__(self, auth_provider):
|
||||
super(Identity, self).__init__(
|
||||
auth_provider,
|
||||
SERVICE_TYPE,
|
||||
CONF.identity.region,
|
||||
endpoint_type='adminURL')
|
||||
|
||||
|
||||
class Federation(Identity):
|
||||
"""Tempest REST client for keystone's Federated Identity API."""
|
||||
|
||||
subpath_prefix = 'OS-FEDERATION'
|
||||
subpath_suffix = None
|
||||
|
||||
def _build_path(self, entity_id=None):
|
||||
subpath = '%s/%s' % (self.subpath_prefix, self.subpath_suffix)
|
||||
return '%s/%s' % (subpath, entity_id) if entity_id else subpath
|
||||
|
||||
def _delete(self, entity_id, **kwargs):
|
||||
url = self._build_path(entity_id)
|
||||
resp, body = super(Federation, self).delete(url, **kwargs)
|
||||
self.expected_success(http_client.NO_CONTENT, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def _get(self, entity_id=None, **kwargs):
|
||||
url = self._build_path(entity_id)
|
||||
resp, body = super(Federation, self).get(url, **kwargs)
|
||||
self.expected_success(http_client.OK, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def _patch(self, entity_id, body, **kwargs):
|
||||
url = self._build_path(entity_id)
|
||||
resp, body = super(Federation, self).patch(url, body, **kwargs)
|
||||
self.expected_success(http_client.OK, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def _put(self, entity_id, body, **kwargs):
|
||||
url = self._build_path(entity_id)
|
||||
resp, body = super(Federation, self).put(url, body, **kwargs)
|
||||
self.expected_success(http_client.CREATED, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
@ -1,40 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import json
|
||||
|
||||
import six
|
||||
from tempest.lib.common import rest_client
|
||||
|
||||
from keystone_tempest_plugin.services.identity import clients
|
||||
|
||||
|
||||
class AuthClient(clients.Identity):
|
||||
|
||||
def _get_scopes(self, url, token_id):
|
||||
resp, body = self.raw_request(
|
||||
url, 'GET', headers={'X-Auth-Token': token_id})
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def get_available_projects_scopes(self, keystone_v3_endpoint, token_id):
|
||||
"""Get projects that are available to be scoped to based on a token."""
|
||||
url = '%s/auth/projects' % keystone_v3_endpoint
|
||||
return self._get_scopes(url, token_id)
|
||||
|
||||
def get_available_domains_scopes(self, keystone_v3_endpoint, token_id):
|
||||
"""Get domains that are available to be scoped to based on a token."""
|
||||
url = '%s/auth/domains' % keystone_v3_endpoint
|
||||
return self._get_scopes(url, token_id)
|
@ -1,102 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import json
|
||||
|
||||
import six
|
||||
from tempest.lib.common import rest_client
|
||||
|
||||
from keystone_tempest_plugin.services.identity import clients
|
||||
|
||||
|
||||
class IdentityProvidersClient(clients.Federation):
|
||||
|
||||
subpath_suffix = 'identity_providers'
|
||||
|
||||
def create_identity_provider(self, idp_id, **kwargs):
|
||||
"""Create an identity provider.
|
||||
|
||||
:param str idp_id: The ID to be used to create the Identity Provider.
|
||||
:param kwargs: All optional attributes: description (str), enabled
|
||||
(boolean) and remote_ids (list).
|
||||
"""
|
||||
put_body = json.dumps({'identity_provider': kwargs})
|
||||
return self._put(idp_id, put_body)
|
||||
|
||||
def list_identity_providers(self):
|
||||
"""List the identity providers."""
|
||||
return self._get()
|
||||
|
||||
def show_identity_provider(self, idp_id):
|
||||
"""Get an identity provider."""
|
||||
return self._get(idp_id)
|
||||
|
||||
def delete_identity_provider(self, idp_id):
|
||||
"""Delete an identity provider."""
|
||||
return self._delete(idp_id)
|
||||
|
||||
def update_identity_provider(self, idp_id, **kwargs):
|
||||
"""Update an identity provider.
|
||||
|
||||
:param str idp_id: The ID from the Identity Provider to be updated.
|
||||
:param kwargs: All optional attributes to update: description (str),
|
||||
enabled (boolean) and remote_ids (list).
|
||||
"""
|
||||
patch_body = json.dumps({'identity_provider': kwargs})
|
||||
return self._patch(idp_id, patch_body)
|
||||
|
||||
def add_protocol_and_mapping(self, idp_id, protocol_id, mapping_id):
|
||||
"""Add a protocol and mapping to an identity provider."""
|
||||
put_body = json.dumps({'protocol': {'mapping_id': mapping_id}})
|
||||
url = '%s/%s/%s' % (
|
||||
self._build_path(entity_id=idp_id), 'protocols', protocol_id)
|
||||
resp, body = self.put(url, put_body)
|
||||
self.expected_success(201, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def delete_protocol_and_mapping(self, idp_id, protocol_id):
|
||||
"""Delete a protocol and mapping from an identity provider."""
|
||||
url = '%s/%s/%s' % (
|
||||
self._build_path(entity_id=idp_id), 'protocols', protocol_id)
|
||||
resp, body = self.delete(url)
|
||||
self.expected_success(204, resp.status)
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def get_protocol_and_mapping(self, idp_id, protocol_id):
|
||||
"""Get a protocol and mapping from an identity provider."""
|
||||
url = '%s/%s/%s' % (
|
||||
self._build_path(entity_id=idp_id), 'protocols', protocol_id)
|
||||
resp, body = self.get(url)
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def list_protocols_and_mappings(self, idp_id):
|
||||
"""List the protocols and mappings from an identity provider."""
|
||||
url = '%s/%s' % (self._build_path(entity_id=idp_id), 'protocols')
|
||||
resp, body = self.get(url)
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
||||
|
||||
def update_protocol_mapping(self, idp_id, protocol_id, mapping_id):
|
||||
"""Update the identity provider protocol with a new mapping."""
|
||||
patch_body = json.dumps({'protocol': {'mapping_id': mapping_id}})
|
||||
url = '%s/%s/%s' % (
|
||||
self._build_path(entity_id=idp_id), 'protocols', protocol_id)
|
||||
resp, body = self.patch(url, patch_body)
|
||||
self.expected_success(200, resp.status)
|
||||
body = json.loads(body if six.PY2 else body.decode('utf-8'))
|
||||
return rest_client.ResponseBody(resp, body)
|
@ -1,44 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import json
|
||||
|
||||
from keystone_tempest_plugin.services.identity import clients
|
||||
|
||||
|
||||
class MappingRulesClient(clients.Federation):
|
||||
|
||||
subpath_suffix = 'mappings'
|
||||
|
||||
def create_mapping_rule(self, mapping_id, rules):
|
||||
"""Create a mapping rule."""
|
||||
put_body = json.dumps({'mapping': rules})
|
||||
return self._put(mapping_id, put_body)
|
||||
|
||||
def list_mapping_rules(self):
|
||||
"""List the mapping rules."""
|
||||
return self._get()
|
||||
|
||||
def show_mapping_rule(self, mapping_id):
|
||||
"""Get a mapping rule."""
|
||||
return self._get(mapping_id)
|
||||
|
||||
def delete_mapping_rule(self, mapping_id):
|
||||
"""Delete a mapping rule."""
|
||||
return self._delete(mapping_id)
|
||||
|
||||
def update_mapping_rule(self, mapping_id, rules):
|
||||
"""Update a mapping rule."""
|
||||
patch_body = json.dumps({'mapping': rules})
|
||||
return self._patch(mapping_id, patch_body)
|
@ -1,92 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from lxml import etree
|
||||
import requests
|
||||
|
||||
|
||||
class Saml2Client(object):
|
||||
|
||||
ECP_SP_EMPTY_REQUEST_HEADERS = {
|
||||
'Accept': 'text/html, application/vnd.paos+xml',
|
||||
'PAOS': ('ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:'
|
||||
'SAML:2.0:profiles:SSO:ecp"')
|
||||
}
|
||||
|
||||
ECP_SP_SAML2_REQUEST_HEADERS = {'Content-Type': 'application/vnd.paos+xml'}
|
||||
|
||||
def __init__(self):
|
||||
self.reset_session()
|
||||
|
||||
def reset_session(self):
|
||||
self.session = requests.Session()
|
||||
|
||||
def _idp_auth_url(self, keystone_v3_endpoint, idp_id, protocol_id):
|
||||
subpath = 'OS-FEDERATION/identity_providers/%s/protocols/%s/auth' % (
|
||||
idp_id, protocol_id)
|
||||
return '%s/%s' % (keystone_v3_endpoint, subpath)
|
||||
|
||||
def send_service_provider_request(self, keystone_v3_endpoint,
|
||||
idp_id, protocol_id):
|
||||
return self.session.get(
|
||||
self._idp_auth_url(keystone_v3_endpoint, idp_id, protocol_id),
|
||||
headers=self.ECP_SP_EMPTY_REQUEST_HEADERS
|
||||
)
|
||||
|
||||
def _prepare_sp_saml2_authn_response(self, saml2_idp_authn_response,
|
||||
relay_state):
|
||||
# Replace the header contents of the Identity Provider response with
|
||||
# the relay state initially sent by the Service Provider. The response
|
||||
# is a SOAP envelope with the following structure:
|
||||
#
|
||||
# <S:Envelope
|
||||
# <S:Header>
|
||||
# ...
|
||||
# </S:Header>
|
||||
# <S:Body>
|
||||
# ...
|
||||
# </S:Body>
|
||||
# </S:Envelope>
|
||||
saml2_idp_authn_response[0][0] = relay_state
|
||||
|
||||
def send_identity_provider_authn_request(self, saml2_authn_request,
|
||||
idp_url, username, password):
|
||||
|
||||
saml2_authn_request.remove(saml2_authn_request[0])
|
||||
return self.session.post(
|
||||
idp_url,
|
||||
headers={'Content-Type': 'text/xml'},
|
||||
data=etree.tostring(saml2_authn_request),
|
||||
auth=(username, password)
|
||||
)
|
||||
|
||||
def send_service_provider_saml2_authn_response(
|
||||
self, saml2_idp_authn_response, relay_state, idp_consumer_url):
|
||||
|
||||
self._prepare_sp_saml2_authn_response(
|
||||
saml2_idp_authn_response, relay_state)
|
||||
|
||||
return self.session.post(
|
||||
idp_consumer_url,
|
||||
headers=self.ECP_SP_SAML2_REQUEST_HEADERS,
|
||||
data=etree.tostring(saml2_idp_authn_response),
|
||||
# Do not follow HTTP redirect
|
||||
allow_redirects=False
|
||||
)
|
||||
|
||||
def send_service_provider_unscoped_token_request(self, sp_url):
|
||||
return self.session.get(
|
||||
sp_url,
|
||||
headers=self.ECP_SP_SAML2_REQUEST_HEADERS
|
||||
)
|
@ -1,73 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import json
|
||||
|
||||
from keystone_tempest_plugin.services.identity import clients
|
||||
|
||||
|
||||
class ServiceProvidersClient(clients.Federation):
|
||||
|
||||
subpath_suffix = 'service_providers'
|
||||
|
||||
def create_service_provider(self, sp_id, **kwargs):
|
||||
"""Create a service provider.
|
||||
|
||||
:param str sp_id: The ID to be used to create the Service Provider.
|
||||
:param kwargs: Extra attributes. Mandatory: auth_url (str) and sp_url
|
||||
(str). Optional: description (str), enabled (boolean)
|
||||
and relay_state_prefix (str).
|
||||
"""
|
||||
put_body = json.dumps({'service_provider': kwargs})
|
||||
return self._put(sp_id, put_body)
|
||||
|
||||
def list_service_providers(self):
|
||||
"""List the service providers."""
|
||||
return self._get()
|
||||
|
||||
def show_service_provider(self, sp_id):
|
||||
"""Get a service provider."""
|
||||
return self._get(sp_id)
|
||||
|
||||
def delete_service_provider(self, sp_id):
|
||||
"""Delete a service provider."""
|
||||
return self._delete(sp_id)
|
||||
|
||||
def update_service_provider(self, sp_id, **kwargs):
|
||||
"""Update a service provider.
|
||||
|
||||
:param str sp_id: The ID of the Service Provider to be updated.
|
||||
:param kwargs: All attributes to be updated: auth_url (str) and sp_url
|
||||
(str), description (str), enabled (boolean) and
|
||||
relay_state_prefix (str).
|
||||
"""
|
||||
patch_body = json.dumps({'service_provider': kwargs})
|
||||
return self._patch(sp_id, patch_body)
|
||||
|
||||
def get_service_providers_in_token(self):
|
||||
"""Get the service providers list present in the token.
|
||||
|
||||
Only enabled service providers are displayed in the token.
|
||||
"""
|
||||
# First we force the auth_data update via the set_auth() command
|
||||
# in the auth_provider
|
||||
self.auth_provider.set_auth()
|
||||
|
||||
# Now we can retrieve the updated auth_data
|
||||
auth_data = self.auth_provider.get_auth()[1]
|
||||
try:
|
||||
return auth_data['service_providers']
|
||||
except KeyError:
|
||||
# no service providers in token
|
||||
return []
|
@ -1,67 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib.common.utils import data_utils
|
||||
|
||||
|
||||
def idp_ref(enabled=None, remote_ids=None):
|
||||
ref = {
|
||||
'description': data_utils.rand_uuid_hex(),
|
||||
}
|
||||
if enabled is not None:
|
||||
ref['enabled'] = enabled
|
||||
|
||||
if remote_ids:
|
||||
ref['remote_ids'] = remote_ids
|
||||
|
||||
return ref
|
||||
|
||||
|
||||
def mapping_ref():
|
||||
rules = [{
|
||||
'local': [
|
||||
{
|
||||
'user': {'name': '{0}'}
|
||||
},
|
||||
{
|
||||
'group_ids': '{1}'
|
||||
}
|
||||
],
|
||||
'remote': [
|
||||
{
|
||||
'type': 'openstack_username'
|
||||
},
|
||||
{
|
||||
'type': 'group_ids',
|
||||
'whitelist': ['abc', '123']
|
||||
}
|
||||
|
||||
]
|
||||
}]
|
||||
return {'rules': rules}
|
||||
|
||||
|
||||
def sp_ref(enabled=None, relay_state_prefix=None):
|
||||
ref = {
|
||||
'auth_url': data_utils.rand_url(),
|
||||
'description': data_utils.rand_uuid_hex(),
|
||||
'sp_url': data_utils.rand_url(),
|
||||
}
|
||||
if enabled:
|
||||
ref['enabled'] = enabled
|
||||
|
||||
if relay_state_prefix:
|
||||
ref['relay_state_prefix'] = relay_state_prefix
|
||||
|
||||
return ref
|
@ -1,244 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
|
||||
from keystone_tempest_plugin.tests.api.identity.v3 import fixtures
|
||||
from keystone_tempest_plugin.tests import base
|
||||
|
||||
|
||||
class IdentityProvidersTest(base.BaseIdentityTest):
|
||||
|
||||
def _assert_identity_provider_attributes(self, idp, idp_id, idp_ref=None):
|
||||
self.assertIn('id', idp)
|
||||
self.assertEqual(idp_id, idp['id'])
|
||||
|
||||
# Check the optional attributes have been set
|
||||
self.assertIn('description', idp)
|
||||
self.assertIn('enabled', idp)
|
||||
self.assertIn('remote_ids', idp)
|
||||
|
||||
if idp_ref:
|
||||
self.assertEqual(idp_ref['description'], idp['description'])
|
||||
|
||||
if 'enabled' in idp_ref:
|
||||
self.assertEqual(idp_ref['enabled'], idp['enabled'])
|
||||
|
||||
if 'remote_ids' in idp_ref:
|
||||
self.assertItemsEqual(idp_ref['remote_ids'], idp['remote_ids'])
|
||||
|
||||
def _create_idp(self, idp_id, idp_ref):
|
||||
idp = self.idps_client.create_identity_provider(
|
||||
idp_id, **idp_ref)['identity_provider']
|
||||
self.addCleanup(
|
||||
self.idps_client.delete_identity_provider, idp_id)
|
||||
return idp
|
||||
|
||||
@decorators.idempotent_id('09450910-b816-4150-8513-a2fd4628a0c3')
|
||||
def test_identity_provider_create(self):
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
idp_ref = fixtures.idp_ref()
|
||||
idp = self._create_idp(idp_id, idp_ref)
|
||||
|
||||
# The identity provider is disabled by default
|
||||
idp_ref['enabled'] = False
|
||||
|
||||
# The remote_ids attribute should be set to an empty list by default
|
||||
idp_ref['remote_ids'] = []
|
||||
|
||||
self._assert_identity_provider_attributes(idp, idp_id, idp_ref)
|
||||
|
||||
@decorators.idempotent_id('f430a337-545d-455e-bb6c-cb0fdf4be5c1')
|
||||
def test_identity_provider_create_with_enabled_true(self):
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
idp_ref = fixtures.idp_ref(enabled=True)
|
||||
idp = self._create_idp(idp_id, idp_ref)
|
||||
|
||||
self._assert_identity_provider_attributes(idp, idp_id, idp_ref)
|
||||
|
||||
@decorators.idempotent_id('238e6163-d600-4f59-9982-c621f057221d')
|
||||
def test_identity_provider_create_with_remote_ids(self):
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
remote_ids = [data_utils.rand_uuid_hex(), data_utils.rand_uuid_hex()]
|
||||
idp_ref = fixtures.idp_ref(remote_ids=remote_ids)
|
||||
idp = self._create_idp(idp_id, idp_ref)
|
||||
|
||||
self._assert_identity_provider_attributes(idp, idp_id, idp_ref)
|
||||
|
||||
@decorators.idempotent_id('8a7817ad-27f8-436b-9cbe-46aa20989beb')
|
||||
def test_identity_provider_get(self):
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
idp_create = self._create_idp(idp_id, fixtures.idp_ref())
|
||||
|
||||
idp_get = self.idps_client.show_identity_provider(
|
||||
idp_id)['identity_provider']
|
||||
self._assert_identity_provider_attributes(idp_get, idp_id, idp_create)
|
||||
|
||||
@decorators.idempotent_id('cbfe5de9-c58a-4810-950c-2acdf985879d')
|
||||
def test_identity_provider_list(self):
|
||||
idp_ids = []
|
||||
for _ in range(3):
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
self._create_idp(idp_id, fixtures.idp_ref())
|
||||
idp_ids.append(idp_id)
|
||||
|
||||
idp_list = self.idps_client.list_identity_providers()[
|
||||
'identity_providers']
|
||||
fetched_ids = [fetched_idp['id'] for fetched_idp in idp_list]
|
||||
|
||||
for idp_id in idp_ids:
|
||||
self.assertIn(idp_id, fetched_ids)
|
||||
|
||||
@decorators.idempotent_id('36a0d9f0-9517-4139-85d0-f78d905aece5')
|
||||
def test_identity_provider_update(self):
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
idp = self._create_idp(idp_id, fixtures.idp_ref(enabled=True))
|
||||
|
||||
# The identity provider should be enabled
|
||||
self.assertTrue(idp['enabled'])
|
||||
|
||||
idp = self.idps_client.update_identity_provider(
|
||||
idp_id, enabled=False)['identity_provider']
|
||||
|
||||
# The identity provider should be disabled
|
||||
self.assertFalse(idp['enabled'])
|
||||
|
||||
idp_get = self.idps_client.show_identity_provider(
|
||||
idp_id)['identity_provider']
|
||||
self.assertFalse(idp_get['enabled'])
|
||||
|
||||
def _assert_protocol_attributes(self, protocol, protocol_id,
|
||||
mapping_id=None):
|
||||
self.assertIn('id', protocol)
|
||||
self.assertEqual(protocol_id, protocol['id'])
|
||||
|
||||
self.assertIn('mapping_id', protocol)
|
||||
if mapping_id:
|
||||
self.assertEqual(mapping_id, protocol['mapping_id'])
|
||||
|
||||
def _create_identity_provider_and_mapping(self):
|
||||
# Create an identity provider
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
self._create_idp(idp_id, fixtures.idp_ref(enabled=True))
|
||||
|
||||
# Create a mapping rule
|
||||
mapping_id = data_utils.rand_uuid_hex()
|
||||
self.mappings_client.create_mapping_rule(
|
||||
mapping_id, fixtures.mapping_ref())
|
||||
self.addCleanup(self.mappings_client.delete_mapping_rule, mapping_id)
|
||||
|
||||
return idp_id, mapping_id
|
||||
|
||||
def _create_protocol(self, idp_id, protocol_id, mapping_id):
|
||||
protocol = self.idps_client.add_protocol_and_mapping(
|
||||
idp_id, protocol_id, mapping_id)['protocol']
|
||||
self.addCleanup(
|
||||
self.idps_client.delete_protocol_and_mapping, idp_id, protocol_id)
|
||||
return protocol
|
||||
|
||||
@decorators.idempotent_id('f5bdf482-1ad3-4aad-b52e-8fe7c1361104')
|
||||
def test_add_protocol_to_identity_provider(self):
|
||||
idp_id, mapping_id = self._create_identity_provider_and_mapping()
|
||||
|
||||
# Now we try to add a protocol to the identity provider
|
||||
protocol_id = data_utils.rand_uuid_hex()
|
||||
protocol = self._create_protocol(idp_id, protocol_id, mapping_id)
|
||||
|
||||
self._assert_protocol_attributes(protocol, protocol_id, mapping_id)
|
||||
|
||||
@decorators.idempotent_id('613d073b-0db7-41aa-b4df-5a1848cde0b3')
|
||||
def test_get_protocol_from_identity_provider(self):
|
||||
idp_id, mapping_id = self._create_identity_provider_and_mapping()
|
||||
|
||||
# Add a protocol to the identity provider
|
||||
protocol_id = data_utils.rand_uuid_hex()
|
||||
self._create_protocol(idp_id, protocol_id, mapping_id)
|
||||
|
||||
# Try to get the protocol
|
||||
protocol = self.idps_client.get_protocol_and_mapping(
|
||||
idp_id, protocol_id)['protocol']
|
||||
self._assert_protocol_attributes(protocol, protocol_id, mapping_id)
|
||||
|
||||
@decorators.idempotent_id('6e6501ac-edae-4dc2-bb68-7a2b58602383')
|
||||
def test_list_protocols_from_identity_provider(self):
|
||||
idp_id, mapping_id = self._create_identity_provider_and_mapping()
|
||||
|
||||
protocol_ids = []
|
||||
for _ in range(3):
|
||||
protocol_id = data_utils.rand_uuid_hex()
|
||||
self._create_protocol(idp_id, protocol_id, mapping_id)
|
||||
protocol_ids.append(protocol_id)
|
||||
|
||||
protocols_list = self.idps_client.list_protocols_and_mappings(idp_id)[
|
||||
'protocols']
|
||||
fetched_ids = [fetched['id'] for fetched in protocols_list]
|
||||
|
||||
for protocol_id in protocol_ids:
|
||||
self.assertIn(protocol_id, fetched_ids)
|
||||
|
||||
@decorators.idempotent_id('680d36df-d6b9-4695-be29-6fc2065c5dde')
|
||||
def test_update_mapping_from_identity_provider_protocol(self):
|
||||
idp_id, mapping_id = self._create_identity_provider_and_mapping()
|
||||
|
||||
# Add a protocol to the identity provider
|
||||
protocol_id = data_utils.rand_uuid_hex()
|
||||
protocol = self._create_protocol(idp_id, protocol_id, mapping_id)
|
||||
|
||||
# Create another mapping
|
||||
new_mapping_id = data_utils.rand_uuid_hex()
|
||||
self.mappings_client.create_mapping_rule(
|
||||
new_mapping_id, fixtures.mapping_ref())
|
||||
|
||||
# Update the identity provider protocol
|
||||
protocol = self.idps_client.update_protocol_mapping(
|
||||
idp_id, protocol_id, new_mapping_id)['protocol']
|
||||
|
||||
self._assert_protocol_attributes(protocol, protocol_id, new_mapping_id)
|
||||
|
||||
@decorators.idempotent_id('04fdf262-af91-4a68-a1cf-794c6d2f2eeb')
|
||||
def test_add_protocol_to_identity_provider_unknown_mapping(self):
|
||||
# Create an identity provider
|
||||
idp_id = data_utils.rand_uuid_hex()
|
||||
self._create_idp(idp_id, fixtures.idp_ref(enabled=True))
|
||||
|
||||
# Now we try to add a protocol to the identity provider using
|
||||
# a non existent mapping ID
|
||||
mapping_id = data_utils.rand_uuid_hex()
|
||||
protocol_id = data_utils.rand_uuid_hex()
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self._create_protocol,
|
||||
idp_id,
|
||||
protocol_id,
|
||||
mapping_id)
|
||||
|
||||
@decorators.idempotent_id('c73311e7-c207-4c11-998f-532a91f1b0d1')
|
||||
def test_update_protocol_from_identity_provider_unknown_mapping(self):
|
||||
idp_id, mapping_id = self._create_identity_provider_and_mapping()
|
||||
|
||||
# Add a protocol to the identity provider
|
||||
protocol_id = data_utils.rand_uuid_hex()
|
||||
self._create_protocol(idp_id, protocol_id, mapping_id)
|
||||
|
||||
# Update the identity provider protocol using a non existent
|
||||
# mapping_id
|
||||
new_mapping_id = data_utils.rand_uuid_hex()
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self.idps_client.update_protocol_mapping,
|
||||
idp_id,
|
||||
protocol_id,
|
||||
new_mapping_id)
|
@ -1,102 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
|
||||
from keystone_tempest_plugin.tests.api.identity.v3 import fixtures
|
||||
from keystone_tempest_plugin.tests import base
|
||||
|
||||
|
||||
class MappingRulesTest(base.BaseIdentityTest):
|
||||
|
||||
_MAPPING_REF = fixtures.mapping_ref()
|
||||
|
||||
def _assert_mapping_rules_attributes(self, mapping, mapping_id,
|
||||
mapping_ref=None):
|
||||
self.assertIn('id', mapping)
|
||||
self.assertEqual(mapping_id, mapping['id'])
|
||||
|
||||
self.assertIn('rules', mapping)
|
||||
|
||||
if mapping_ref:
|
||||
self.assertItemsEqual(mapping_ref['rules'], mapping['rules'])
|
||||
|
||||
def _create_mapping_rule(self, mapping_id, mapping_ref):
|
||||
mapping = self.mappings_client.create_mapping_rule(
|
||||
mapping_id, mapping_ref)['mapping']
|
||||
self.addCleanup(self.mappings_client.delete_mapping_rule, mapping_id)
|
||||
return mapping
|
||||
|
||||
@decorators.idempotent_id('4ca48c01-b6da-4759-acb6-007e15ad712a')
|
||||
def test_mapping_rules_create(self):
|
||||
mapping_id = data_utils.rand_uuid_hex()
|
||||
mapping = self._create_mapping_rule(mapping_id, self._MAPPING_REF)
|
||||
self._assert_mapping_rules_attributes(
|
||||
mapping, mapping_id, self._MAPPING_REF)
|
||||
|
||||
@decorators.attr(type=['negative'])
|
||||
@decorators.idempotent_id('341dac45-ce1f-4f15-afdc-1f9a7d7d7c40')
|
||||
def test_mapping_rules_create_without_mandatory_attributes_fails(self):
|
||||
mapping_id = data_utils.rand_uuid_hex()
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self.mappings_client.create_mapping_rule,
|
||||
mapping_id,
|
||||
{})
|
||||
|
||||
@decorators.idempotent_id('8db213e3-1db0-48c6-863c-7a3ed23577ec')
|
||||
def test_mapping_rules_get(self):
|
||||
mapping_id = data_utils.rand_uuid_hex()
|
||||
mapping_create = self._create_mapping_rule(
|
||||
mapping_id, self._MAPPING_REF)
|
||||
|
||||
mapping_get = self.mappings_client.show_mapping_rule(mapping_id)[
|
||||
'mapping']
|
||||
self._assert_mapping_rules_attributes(
|
||||
mapping_get, mapping_id, mapping_create)
|
||||
|
||||
@decorators.idempotent_id('bb80b242-2a6a-4d29-b45f-4035be574a6e')
|
||||
def test_mapping_rules_list(self):
|
||||
mapping_ids = []
|
||||
for _ in range(3):
|
||||
mapping_id = data_utils.rand_uuid_hex()
|
||||
self._create_mapping_rule(mapping_id, self._MAPPING_REF)
|
||||
mapping_ids.append(mapping_id)
|
||||
|
||||
mappings_list = self.mappings_client.list_mapping_rules()['mappings']
|
||||
fetched_ids = [mapping['id'] for mapping in mappings_list]
|
||||
|
||||
for mapping_id in mapping_ids:
|
||||
self.assertIn(mapping_id, fetched_ids)
|
||||
|
||||
@decorators.idempotent_id('1fc5d104-faf5-4809-8c89-29b5c1666a96')
|
||||
def test_mapping_rule_update(self):
|
||||
mapping_id = data_utils.rand_uuid_hex()
|
||||
mapping_ref = fixtures.mapping_ref()
|
||||
mapping = self._create_mapping_rule(mapping_id, mapping_ref)
|
||||
|
||||
new_local = [{'group': {'id': data_utils.rand_uuid_hex()}}]
|
||||
mapping_ref['rules'][0]['local'] = new_local
|
||||
|
||||
mapping = self.mappings_client.update_mapping_rule(
|
||||
mapping_id, mapping_ref)['mapping']
|
||||
self._assert_mapping_rules_attributes(
|
||||
mapping, mapping_id, mapping_ref)
|
||||
|
||||
mapping_get = self.mappings_client.show_mapping_rule(mapping_id)[
|
||||
'mapping']
|
||||
self._assert_mapping_rules_attributes(
|
||||
mapping_get, mapping_id, mapping)
|
@ -1,206 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
|
||||
from keystone_tempest_plugin.tests.api.identity.v3 import fixtures
|
||||
from keystone_tempest_plugin.tests import base
|
||||
|
||||
DEFAULT_RELAY_STATE_PREFIX = 'ss:mem:'
|
||||
|
||||
|
||||
class ServiceProvidersTest(base.BaseIdentityTest):
|
||||
|
||||
def _assert_service_provider_attributes(self, sp, sp_id, sp_ref=None):
|
||||
self.assertIn('id', sp)
|
||||
self.assertEqual(sp_id, sp['id'])
|
||||
|
||||
self.assertIn('auth_url', sp)
|
||||
self.assertIn('sp_url', sp)
|
||||
|
||||
# Check the optional attributes have been set
|
||||
self.assertIn('description', sp)
|
||||
self.assertIn('enabled', sp)
|
||||
self.assertIn('relay_state_prefix', sp)
|
||||
|
||||
if sp_ref:
|
||||
self.assertEqual(sp_ref['auth_url'], sp['auth_url'])
|
||||
self.assertEqual(sp_ref['sp_url'], sp['sp_url'])
|
||||
self.assertEqual(sp_ref['description'], sp['description'])
|
||||
|
||||
if 'enabled' in sp_ref:
|
||||
self.assertEqual(sp_ref['enabled'], sp['enabled'])
|
||||
|
||||
if 'relay_state_prefix' in sp_ref:
|
||||
self.assertEqual(
|
||||
sp_ref['relay_state_prefix'], sp['relay_state_prefix'])
|
||||
|
||||
def _add_cleanup(self, sp_id):
|
||||
self.addCleanup(
|
||||
self.sps_client.delete_service_provider, sp_id)
|
||||
|
||||
def _create_sp(self, sp_id, sp_ref):
|
||||
sp = self.sps_client.create_service_provider(
|
||||
sp_id, **sp_ref)['service_provider']
|
||||
self.addCleanup(self.sps_client.delete_service_provider, sp_id)
|
||||
return sp
|
||||
|
||||
@decorators.idempotent_id('6fae0971-5acb-4559-ba25-96f1fd7e5385')
|
||||
def test_service_provider_create(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
sp_ref = fixtures.sp_ref()
|
||||
sp = self._create_sp(sp_id, sp_ref)
|
||||
|
||||
# The service provider is disabled by default
|
||||
sp_ref['enabled'] = False
|
||||
|
||||
# The relay_state_prefix should have been set to the default value
|
||||
sp_ref['relay_state_prefix'] = DEFAULT_RELAY_STATE_PREFIX
|
||||
|
||||
self._assert_service_provider_attributes(sp, sp_id, sp_ref)
|
||||
|
||||
@decorators.attr(type=['negative'])
|
||||
@decorators.idempotent_id('d9d7454c-50b7-4966-aedb-b9d520a41409')
|
||||
def test_service_provider_create_without_mandatory_attributes(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self.sps_client.create_service_provider,
|
||||
sp_id)
|
||||
|
||||
@decorators.attr(type=['negative'])
|
||||
@decorators.idempotent_id('f77ed1c0-c428-44a7-9364-e8e4362c360a')
|
||||
def test_service_provider_create_with_bad_attributes(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
sp_ref = fixtures.sp_ref()
|
||||
|
||||
# The auth_url must follow a URL regex
|
||||
sp_ref['auth_url'] = data_utils.rand_uuid_hex()
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self.sps_client.create_service_provider,
|
||||
sp_id,
|
||||
**sp_ref)
|
||||
|
||||
sp_ref = fixtures.sp_ref()
|
||||
|
||||
# The sp_url must follow a URL regex
|
||||
sp_ref['sp_url'] = data_utils.rand_uuid_hex()
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self.sps_client.create_service_provider,
|
||||
sp_id,
|
||||
**sp_ref)
|
||||
|
||||
@decorators.idempotent_id('8550b419-f212-4e34-a8fa-7ff64f8a7fd3')
|
||||
def test_service_provider_create_with_enabled_true(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
sp_ref = fixtures.sp_ref(enabled=True)
|
||||
sp = self._create_sp(sp_id, sp_ref)
|
||||
|
||||
self._assert_service_provider_attributes(sp, sp_id, sp_ref)
|
||||
|
||||
@decorators.idempotent_id('0e319a14-1548-474e-a406-273c6b1c1f2d')
|
||||
def test_service_provider_create_with_relay_state_prefix(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
sp_ref = fixtures.sp_ref(
|
||||
enabled=True, relay_state_prefix=data_utils.rand_uuid_hex())
|
||||
sp = self._create_sp(sp_id, sp_ref)
|
||||
|
||||
self._assert_service_provider_attributes(sp, sp_id, sp_ref)
|
||||
|
||||
@decorators.idempotent_id('7df78c7a-9265-4b4f-9630-193b7f07d9eb')
|
||||
def test_service_provider_get(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
sp_create = self._create_sp(sp_id, fixtures.sp_ref())
|
||||
|
||||
sp_get = self.sps_client.show_service_provider(sp_id)[
|
||||
'service_provider']
|
||||
|
||||
self._assert_service_provider_attributes(sp_get, sp_id, sp_create)
|
||||
|
||||
@decorators.idempotent_id('9237cea0-fbeb-4d64-8347-46c567e1d78f')
|
||||
def test_service_provider_list(self):
|
||||
sp_ids = []
|
||||
for _ in range(3):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
self._create_sp(sp_id, fixtures.sp_ref())
|
||||
sp_ids.append(sp_id)
|
||||
|
||||
sp_list = self.sps_client.list_service_providers()['service_providers']
|
||||
fetched_ids = [fetched_sp['id'] for fetched_sp in sp_list]
|
||||
|
||||
for sp_id in sp_ids:
|
||||
self.assertIn(sp_id, fetched_ids)
|
||||
|
||||
@decorators.idempotent_id('bb68653f-fbba-4f20-ac1b-7b318a557366')
|
||||
def test_service_provider_update(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
sp = self._create_sp(sp_id, fixtures.sp_ref(enabled=True))
|
||||
|
||||
# The service provider should be enabled
|
||||
self.assertTrue(sp['enabled'])
|
||||
|
||||
sp = self.sps_client.update_service_provider(
|
||||
sp_id, enabled=False)['service_provider']
|
||||
|
||||
# The service provider should be now disabled
|
||||
self.assertFalse(sp['enabled'])
|
||||
|
||||
sp_get = self.sps_client.show_service_provider(sp_id)[
|
||||
'service_provider']
|
||||
self.assertFalse(sp_get['enabled'])
|
||||
|
||||
@decorators.attr(type=['negative'])
|
||||
@decorators.idempotent_id('91ce1183-1a15-4598-ae5f-85cfa98a1c77')
|
||||
def test_service_provider_update_with_bad_attributes_fails(self):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
self._create_sp(sp_id, fixtures.sp_ref())
|
||||
|
||||
# The auth_url must follow a URL regex
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self.sps_client.update_service_provider,
|
||||
sp_id,
|
||||
auth_url=data_utils.rand_uuid_hex())
|
||||
|
||||
# The sp_url must follow a URL regex
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest,
|
||||
self.sps_client.update_service_provider,
|
||||
sp_id,
|
||||
auth_url=data_utils.rand_uuid_hex())
|
||||
|
||||
@decorators.idempotent_id('7553579b-9a9e-45dd-9ada-70d906b516c0')
|
||||
def test_service_providers_in_token(self):
|
||||
# Create some enabled service providers
|
||||
enabled_sps = []
|
||||
for _ in range(2):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
self._create_sp(sp_id, fixtures.sp_ref(enabled=True))
|
||||
enabled_sps.append(sp_id)
|
||||
|
||||
# Create some disabled service providers
|
||||
for _ in range(2):
|
||||
sp_id = data_utils.rand_uuid_hex()
|
||||
self._create_sp(sp_id, fixtures.sp_ref(enabled=False))
|
||||
|
||||
sps_in_token_ids = [
|
||||
sp['id'] for sp in
|
||||
self.sps_client.get_service_providers_in_token()]
|
||||
|
||||
# Should be equal to the enabled_sps list
|
||||
self.assertItemsEqual(enabled_sps, sps_in_token_ids)
|
@ -1,41 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.common import credentials_factory as common_creds
|
||||
from tempest import test
|
||||
|
||||
from keystone_tempest_plugin import clients
|
||||
|
||||
|
||||
class BaseIdentityTest(test.BaseTestCase):
|
||||
|
||||
# The version of the identity that will be used in the tests.
|
||||
identity_version = 'v3'
|
||||
|
||||
# NOTE(rodrigods): for now, all tests are in the admin scope, if
|
||||
# necessary, another class can be created to handle non-admin tests.
|
||||
credential_type = 'identity_admin'
|
||||
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
super(BaseIdentityTest, cls).setup_clients()
|
||||
credentials = common_creds.get_configured_admin_credentials(
|
||||
cls.credential_type, identity_version=cls.identity_version)
|
||||
cls.keystone_manager = clients.Manager(credentials)
|
||||
cls.auth_client = cls.keystone_manager.auth_client
|
||||
cls.idps_client = cls.keystone_manager.identity_providers_client
|
||||
cls.mappings_client = cls.keystone_manager.mapping_rules_client
|
||||
cls.saml2_client = cls.keystone_manager.saml2_client
|
||||
cls.sps_client = cls.keystone_manager.service_providers_client
|
||||
cls.tokens_client = cls.keystone_manager.token_v3_client
|
@ -1,176 +0,0 @@
|
||||
# Copyright 2016 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from lxml import etree
|
||||
from six.moves import http_client
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
import testtools
|
||||
|
||||
from keystone_tempest_plugin.tests import base
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class TestSaml2EcpFederatedAuthentication(base.BaseIdentityTest):
|
||||
|
||||
ECP_SAML2_NAMESPACES = {
|
||||
'ecp': 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp',
|
||||
'S': 'http://schemas.xmlsoap.org/soap/envelope/',
|
||||
'paos': 'urn:liberty:paos:2003-08'
|
||||
}
|
||||
|
||||
ECP_SERVICE_PROVIDER_CONSUMER_URL = ('/S:Envelope/S:Header/paos:Request/'
|
||||
'@responseConsumerURL')
|
||||
|
||||
ECP_IDP_CONSUMER_URL = ('/S:Envelope/S:Header/ecp:Response/'
|
||||
'@AssertionConsumerServiceURL')
|
||||
|
||||
ECP_RELAY_STATE = '//ecp:RelayState'
|
||||
|
||||
def _setup_settings(self):
|
||||
self.idp_id = CONF.fed_scenario.idp_id
|
||||
self.idp_url = CONF.fed_scenario.idp_ecp_url
|
||||
self.keystone_v3_endpoint = CONF.identity.uri_v3
|
||||
self.password = CONF.fed_scenario.idp_password
|
||||
self.protocol_id = CONF.fed_scenario.protocol_id
|
||||
self.username = CONF.fed_scenario.idp_username
|
||||
|
||||
def _setup_idp(self):
|
||||
remote_ids = CONF.fed_scenario.idp_remote_ids
|
||||
self.idps_client.create_identity_provider(
|
||||
self.idp_id, remote_ids=remote_ids, enabled=True)
|
||||
self.addCleanup(
|
||||
self.idps_client.delete_identity_provider, self.idp_id)
|
||||
|
||||
def _setup_mapping(self):
|
||||
self.mapping_id = data_utils.rand_uuid_hex()
|
||||
mapping_remote_type = CONF.fed_scenario.mapping_remote_type
|
||||
mapping_user_name = CONF.fed_scenario.mapping_user_name
|
||||
mapping_group_name = CONF.fed_scenario.mapping_group_name
|
||||
mapping_group_domain_name = CONF.fed_scenario.mapping_group_domain_name
|
||||
|
||||
rules = [{
|
||||
'local': [
|
||||
{
|
||||
'user': {'name': mapping_user_name}
|
||||
},
|
||||
{
|
||||
'group': {
|
||||
'domain': {'name': mapping_group_domain_name},
|
||||
'name': mapping_group_name
|
||||
}
|
||||
}
|
||||
],
|
||||
'remote': [
|
||||
{
|
||||
'type': mapping_remote_type
|
||||
}
|
||||
]
|
||||
}]
|
||||
mapping_ref = {'rules': rules}
|
||||
self.mappings_client.create_mapping_rule(self.mapping_id, mapping_ref)
|
||||
self.addCleanup(
|
||||
self.mappings_client.delete_mapping_rule, self.mapping_id)
|
||||
|
||||
def _setup_protocol(self):
|
||||
self.idps_client.add_protocol_and_mapping(
|
||||
self.idp_id, self.protocol_id, self.mapping_id)
|
||||
self.addCleanup(
|
||||
self.idps_client.delete_protocol_and_mapping,
|
||||
self.idp_id,
|
||||
self.protocol_id)
|
||||
|
||||
def setUp(self):
|
||||
super(TestSaml2EcpFederatedAuthentication, self).setUp()
|
||||
self._setup_settings()
|
||||
|
||||
# Reset client's session to avoid getting garbage from another runs
|
||||
self.saml2_client.reset_session()
|
||||
|
||||
# Setup identity provider, mapping and protocol
|
||||
self._setup_idp()
|
||||
self._setup_mapping()
|
||||
self._setup_protocol()
|
||||
|
||||
def _str_from_xml(self, xml, path):
|
||||
l = xml.xpath(path, namespaces=self.ECP_SAML2_NAMESPACES)
|
||||
self.assertEqual(1, len(l))
|
||||
return l[0]
|
||||
|
||||
def _request_unscoped_token(self):
|
||||
resp = self.saml2_client.send_service_provider_request(
|
||||
self.keystone_v3_endpoint, self.idp_id, self.protocol_id)
|
||||
self.assertEqual(http_client.OK, resp.status_code)
|
||||
saml2_authn_request = etree.XML(resp.content)
|
||||
|
||||
relay_state = self._str_from_xml(
|
||||
saml2_authn_request, self.ECP_RELAY_STATE)
|
||||
sp_consumer_url = self._str_from_xml(
|
||||
saml2_authn_request, self.ECP_SERVICE_PROVIDER_CONSUMER_URL)
|
||||
|
||||
# Perform the authn request to the identity provider
|
||||
resp = self.saml2_client.send_identity_provider_authn_request(
|
||||
saml2_authn_request, self.idp_url, self.username, self.password)
|
||||
self.assertEqual(http_client.OK, resp.status_code)
|
||||
saml2_idp_authn_response = etree.XML(resp.content)
|
||||
|
||||
idp_consumer_url = self._str_from_xml(
|
||||
saml2_idp_authn_response, self.ECP_IDP_CONSUMER_URL)
|
||||
|
||||
# Assert that both saml2_authn_request and saml2_idp_authn_response
|
||||
# have the same consumer URL.
|
||||
self.assertEqual(sp_consumer_url, idp_co |