diff --git a/keystone_tempest_plugin/README.rst b/keystone_tempest_plugin/README.rst index c880e28041..1f310e54ef 100644 --- a/keystone_tempest_plugin/README.rst +++ b/keystone_tempest_plugin/README.rst @@ -1,6 +1,5 @@ -========================== -Tempest tests for keystone -========================== - -This directory contains Tempest tests to cover the keystone project. +===== +MOVED +===== +The keystone tempest plugin has moved to http://git.openstack.org/cgit/openstack/keystone-tempest-plugin diff --git a/keystone_tempest_plugin/__init__.py b/keystone_tempest_plugin/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/clients.py b/keystone_tempest_plugin/clients.py deleted file mode 100644 index 97b5b1456b..0000000000 --- a/keystone_tempest_plugin/clients.py +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone_tempest_plugin.services.identity.v3 import ( - identity_providers_client) -from keystone_tempest_plugin.services.identity.v3 import ( - mapping_rules_client) -from keystone_tempest_plugin.services.identity.v3 import ( - service_providers_client) -from keystone_tempest_plugin.services.identity.v3 import auth_client -from keystone_tempest_plugin.services.identity.v3 import saml2_client - -from tempest import clients - - -class Manager(clients.Manager): - - def __init__(self, credentials): - super(Manager, self).__init__(credentials) - - self.auth_client = auth_client.AuthClient(self.auth_provider) - self.identity_providers_client = ( - identity_providers_client.IdentityProvidersClient( - self.auth_provider)) - self.mapping_rules_client = ( - mapping_rules_client.MappingRulesClient( - self.auth_provider)) - self.saml2_client = saml2_client.Saml2Client() - self.service_providers_client = ( - service_providers_client.ServiceProvidersClient( - self.auth_provider)) diff --git a/keystone_tempest_plugin/config.py b/keystone_tempest_plugin/config.py deleted file mode 100644 index 87872c598b..0000000000 --- a/keystone_tempest_plugin/config.py +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from oslo_config import cfg - -identity_feature_option = [ - cfg.BoolOpt('federation', - default=False, - help='Does the environment support the Federated Identity ' - 'feature?'), -] - -fed_scenario_group = cfg.OptGroup(name='fed_scenario', - title='Federation Scenario Tests Options') - -FedScenarioGroup = [ - # Identity Provider - cfg.StrOpt('idp_id', - help='The Identity Provider ID'), - cfg.ListOpt('idp_remote_ids', - default=[], - help='The Identity Provider remote IDs list'), - cfg.StrOpt('idp_username', - help='Username used to login in the Identity Provider'), - cfg.StrOpt('idp_password', - help='Password used to login in the Identity Provider'), - cfg.StrOpt('idp_ecp_url', - help='Identity Provider SAML2/ECP URL'), - - # Mapping rules - cfg.StrOpt('mapping_remote_type', - help='The assertion attribute to be used in the remote rules'), - cfg.StrOpt('mapping_user_name', - default='{0}', - help='The username to be used in the local rules.'), - cfg.StrOpt('mapping_group_name', - default='federated_users', - help='The group name to be used in the local rules. The group ' - 'must have at least one assignment in one project.'), - cfg.StrOpt('mapping_group_domain_name', - default='federated_domain', - help='The domain name where the "mapping_group_name" is ' - 'created.'), - - # Protocol - cfg.StrOpt('protocol_id', - default='mapped', - help='The Protocol ID') -] diff --git a/keystone_tempest_plugin/plugin.py b/keystone_tempest_plugin/plugin.py deleted file mode 100644 index 76f7a9c1dd..0000000000 --- a/keystone_tempest_plugin/plugin.py +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -import os - -from tempest import config -from tempest.test_discover import plugins - -from keystone_tempest_plugin import config as project_config - - -class KeystoneTempestPlugin(plugins.TempestPlugin): - def load_tests(self): - base_path = os.path.split(os.path.dirname( - os.path.abspath(__file__)))[0] - test_dir = "keystone_tempest_plugin/tests" - full_test_dir = os.path.join(base_path, test_dir) - return full_test_dir, base_path - - def register_opts(self, conf): - config.register_opt_group(conf, config.identity_feature_group, - project_config.identity_feature_option) - config.register_opt_group(conf, project_config.fed_scenario_group, - project_config.FedScenarioGroup) - - def get_opt_lists(self): - return [(config.identity_feature_group.name, - project_config.identity_feature_option), - (project_config.fed_scenario_group.name, - project_config.FedScenarioGroup)] diff --git a/keystone_tempest_plugin/services/__init__.py b/keystone_tempest_plugin/services/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/services/identity/__init__.py b/keystone_tempest_plugin/services/identity/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/services/identity/clients.py b/keystone_tempest_plugin/services/identity/clients.py deleted file mode 100644 index aac45d3626..0000000000 --- a/keystone_tempest_plugin/services/identity/clients.py +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import json - -import six -from six.moves import http_client -from tempest import config -from tempest.lib.common import rest_client - - -CONF = config.CONF - -# We only use the identity catalog type -SERVICE_TYPE = 'identity' - - -class Identity(rest_client.RestClient): - """Tempest REST client for keystone.""" - - # Used by the superclass to build the correct URL paths - api_version = 'v3' - - def __init__(self, auth_provider): - super(Identity, self).__init__( - auth_provider, - SERVICE_TYPE, - CONF.identity.region, - endpoint_type='adminURL') - - -class Federation(Identity): - """Tempest REST client for keystone's Federated Identity API.""" - - subpath_prefix = 'OS-FEDERATION' - subpath_suffix = None - - def _build_path(self, entity_id=None): - subpath = '%s/%s' % (self.subpath_prefix, self.subpath_suffix) - return '%s/%s' % (subpath, entity_id) if entity_id else subpath - - def _delete(self, entity_id, **kwargs): - url = self._build_path(entity_id) - resp, body = super(Federation, self).delete(url, **kwargs) - self.expected_success(http_client.NO_CONTENT, resp.status) - return rest_client.ResponseBody(resp, body) - - def _get(self, entity_id=None, **kwargs): - url = self._build_path(entity_id) - resp, body = super(Federation, self).get(url, **kwargs) - self.expected_success(http_client.OK, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) - - def _patch(self, entity_id, body, **kwargs): - url = self._build_path(entity_id) - resp, body = super(Federation, self).patch(url, body, **kwargs) - self.expected_success(http_client.OK, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) - - def _put(self, entity_id, body, **kwargs): - url = self._build_path(entity_id) - resp, body = super(Federation, self).put(url, body, **kwargs) - self.expected_success(http_client.CREATED, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) diff --git a/keystone_tempest_plugin/services/identity/v3/__init__.py b/keystone_tempest_plugin/services/identity/v3/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/services/identity/v3/auth_client.py b/keystone_tempest_plugin/services/identity/v3/auth_client.py deleted file mode 100644 index f6cd660501..0000000000 --- a/keystone_tempest_plugin/services/identity/v3/auth_client.py +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import json - -import six -from tempest.lib.common import rest_client - -from keystone_tempest_plugin.services.identity import clients - - -class AuthClient(clients.Identity): - - def _get_scopes(self, url, token_id): - resp, body = self.raw_request( - url, 'GET', headers={'X-Auth-Token': token_id}) - self.expected_success(200, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) - - def get_available_projects_scopes(self, keystone_v3_endpoint, token_id): - """Get projects that are available to be scoped to based on a token.""" - url = '%s/auth/projects' % keystone_v3_endpoint - return self._get_scopes(url, token_id) - - def get_available_domains_scopes(self, keystone_v3_endpoint, token_id): - """Get domains that are available to be scoped to based on a token.""" - url = '%s/auth/domains' % keystone_v3_endpoint - return self._get_scopes(url, token_id) diff --git a/keystone_tempest_plugin/services/identity/v3/identity_providers_client.py b/keystone_tempest_plugin/services/identity/v3/identity_providers_client.py deleted file mode 100644 index 98f49c7bca..0000000000 --- a/keystone_tempest_plugin/services/identity/v3/identity_providers_client.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import json - -import six -from tempest.lib.common import rest_client - -from keystone_tempest_plugin.services.identity import clients - - -class IdentityProvidersClient(clients.Federation): - - subpath_suffix = 'identity_providers' - - def create_identity_provider(self, idp_id, **kwargs): - """Create an identity provider. - - :param str idp_id: The ID to be used to create the Identity Provider. - :param kwargs: All optional attributes: description (str), enabled - (boolean) and remote_ids (list). - """ - put_body = json.dumps({'identity_provider': kwargs}) - return self._put(idp_id, put_body) - - def list_identity_providers(self): - """List the identity providers.""" - return self._get() - - def show_identity_provider(self, idp_id): - """Get an identity provider.""" - return self._get(idp_id) - - def delete_identity_provider(self, idp_id): - """Delete an identity provider.""" - return self._delete(idp_id) - - def update_identity_provider(self, idp_id, **kwargs): - """Update an identity provider. - - :param str idp_id: The ID from the Identity Provider to be updated. - :param kwargs: All optional attributes to update: description (str), - enabled (boolean) and remote_ids (list). - """ - patch_body = json.dumps({'identity_provider': kwargs}) - return self._patch(idp_id, patch_body) - - def add_protocol_and_mapping(self, idp_id, protocol_id, mapping_id): - """Add a protocol and mapping to an identity provider.""" - put_body = json.dumps({'protocol': {'mapping_id': mapping_id}}) - url = '%s/%s/%s' % ( - self._build_path(entity_id=idp_id), 'protocols', protocol_id) - resp, body = self.put(url, put_body) - self.expected_success(201, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) - - def delete_protocol_and_mapping(self, idp_id, protocol_id): - """Delete a protocol and mapping from an identity provider.""" - url = '%s/%s/%s' % ( - self._build_path(entity_id=idp_id), 'protocols', protocol_id) - resp, body = self.delete(url) - self.expected_success(204, resp.status) - return rest_client.ResponseBody(resp, body) - - def get_protocol_and_mapping(self, idp_id, protocol_id): - """Get a protocol and mapping from an identity provider.""" - url = '%s/%s/%s' % ( - self._build_path(entity_id=idp_id), 'protocols', protocol_id) - resp, body = self.get(url) - self.expected_success(200, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) - - def list_protocols_and_mappings(self, idp_id): - """List the protocols and mappings from an identity provider.""" - url = '%s/%s' % (self._build_path(entity_id=idp_id), 'protocols') - resp, body = self.get(url) - self.expected_success(200, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) - - def update_protocol_mapping(self, idp_id, protocol_id, mapping_id): - """Update the identity provider protocol with a new mapping.""" - patch_body = json.dumps({'protocol': {'mapping_id': mapping_id}}) - url = '%s/%s/%s' % ( - self._build_path(entity_id=idp_id), 'protocols', protocol_id) - resp, body = self.patch(url, patch_body) - self.expected_success(200, resp.status) - body = json.loads(body if six.PY2 else body.decode('utf-8')) - return rest_client.ResponseBody(resp, body) diff --git a/keystone_tempest_plugin/services/identity/v3/mapping_rules_client.py b/keystone_tempest_plugin/services/identity/v3/mapping_rules_client.py deleted file mode 100644 index b7fcbd72a8..0000000000 --- a/keystone_tempest_plugin/services/identity/v3/mapping_rules_client.py +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import json - -from keystone_tempest_plugin.services.identity import clients - - -class MappingRulesClient(clients.Federation): - - subpath_suffix = 'mappings' - - def create_mapping_rule(self, mapping_id, rules): - """Create a mapping rule.""" - put_body = json.dumps({'mapping': rules}) - return self._put(mapping_id, put_body) - - def list_mapping_rules(self): - """List the mapping rules.""" - return self._get() - - def show_mapping_rule(self, mapping_id): - """Get a mapping rule.""" - return self._get(mapping_id) - - def delete_mapping_rule(self, mapping_id): - """Delete a mapping rule.""" - return self._delete(mapping_id) - - def update_mapping_rule(self, mapping_id, rules): - """Update a mapping rule.""" - patch_body = json.dumps({'mapping': rules}) - return self._patch(mapping_id, patch_body) diff --git a/keystone_tempest_plugin/services/identity/v3/saml2_client.py b/keystone_tempest_plugin/services/identity/v3/saml2_client.py deleted file mode 100644 index b70a389bae..0000000000 --- a/keystone_tempest_plugin/services/identity/v3/saml2_client.py +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from lxml import etree -import requests - - -class Saml2Client(object): - - ECP_SP_EMPTY_REQUEST_HEADERS = { - 'Accept': 'text/html, application/vnd.paos+xml', - 'PAOS': ('ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:' - 'SAML:2.0:profiles:SSO:ecp"') - } - - ECP_SP_SAML2_REQUEST_HEADERS = {'Content-Type': 'application/vnd.paos+xml'} - - def __init__(self): - self.reset_session() - - def reset_session(self): - self.session = requests.Session() - - def _idp_auth_url(self, keystone_v3_endpoint, idp_id, protocol_id): - subpath = 'OS-FEDERATION/identity_providers/%s/protocols/%s/auth' % ( - idp_id, protocol_id) - return '%s/%s' % (keystone_v3_endpoint, subpath) - - def send_service_provider_request(self, keystone_v3_endpoint, - idp_id, protocol_id): - return self.session.get( - self._idp_auth_url(keystone_v3_endpoint, idp_id, protocol_id), - headers=self.ECP_SP_EMPTY_REQUEST_HEADERS - ) - - def _prepare_sp_saml2_authn_response(self, saml2_idp_authn_response, - relay_state): - # Replace the header contents of the Identity Provider response with - # the relay state initially sent by the Service Provider. The response - # is a SOAP envelope with the following structure: - # - # - # ... - # - # - # ... - # - # - saml2_idp_authn_response[0][0] = relay_state - - def send_identity_provider_authn_request(self, saml2_authn_request, - idp_url, username, password): - - saml2_authn_request.remove(saml2_authn_request[0]) - return self.session.post( - idp_url, - headers={'Content-Type': 'text/xml'}, - data=etree.tostring(saml2_authn_request), - auth=(username, password) - ) - - def send_service_provider_saml2_authn_response( - self, saml2_idp_authn_response, relay_state, idp_consumer_url): - - self._prepare_sp_saml2_authn_response( - saml2_idp_authn_response, relay_state) - - return self.session.post( - idp_consumer_url, - headers=self.ECP_SP_SAML2_REQUEST_HEADERS, - data=etree.tostring(saml2_idp_authn_response), - # Do not follow HTTP redirect - allow_redirects=False - ) - - def send_service_provider_unscoped_token_request(self, sp_url): - return self.session.get( - sp_url, - headers=self.ECP_SP_SAML2_REQUEST_HEADERS - ) diff --git a/keystone_tempest_plugin/services/identity/v3/service_providers_client.py b/keystone_tempest_plugin/services/identity/v3/service_providers_client.py deleted file mode 100644 index 093ce0f210..0000000000 --- a/keystone_tempest_plugin/services/identity/v3/service_providers_client.py +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import json - -from keystone_tempest_plugin.services.identity import clients - - -class ServiceProvidersClient(clients.Federation): - - subpath_suffix = 'service_providers' - - def create_service_provider(self, sp_id, **kwargs): - """Create a service provider. - - :param str sp_id: The ID to be used to create the Service Provider. - :param kwargs: Extra attributes. Mandatory: auth_url (str) and sp_url - (str). Optional: description (str), enabled (boolean) - and relay_state_prefix (str). - """ - put_body = json.dumps({'service_provider': kwargs}) - return self._put(sp_id, put_body) - - def list_service_providers(self): - """List the service providers.""" - return self._get() - - def show_service_provider(self, sp_id): - """Get a service provider.""" - return self._get(sp_id) - - def delete_service_provider(self, sp_id): - """Delete a service provider.""" - return self._delete(sp_id) - - def update_service_provider(self, sp_id, **kwargs): - """Update a service provider. - - :param str sp_id: The ID of the Service Provider to be updated. - :param kwargs: All attributes to be updated: auth_url (str) and sp_url - (str), description (str), enabled (boolean) and - relay_state_prefix (str). - """ - patch_body = json.dumps({'service_provider': kwargs}) - return self._patch(sp_id, patch_body) - - def get_service_providers_in_token(self): - """Get the service providers list present in the token. - - Only enabled service providers are displayed in the token. - """ - # First we force the auth_data update via the set_auth() command - # in the auth_provider - self.auth_provider.set_auth() - - # Now we can retrieve the updated auth_data - auth_data = self.auth_provider.get_auth()[1] - try: - return auth_data['service_providers'] - except KeyError: - # no service providers in token - return [] diff --git a/keystone_tempest_plugin/tests/__init__.py b/keystone_tempest_plugin/tests/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/tests/api/__init__.py b/keystone_tempest_plugin/tests/api/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/tests/api/identity/__init__.py b/keystone_tempest_plugin/tests/api/identity/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/tests/api/identity/v3/__init__.py b/keystone_tempest_plugin/tests/api/identity/v3/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/tests/api/identity/v3/fixtures.py b/keystone_tempest_plugin/tests/api/identity/v3/fixtures.py deleted file mode 100644 index 4e5899c7d2..0000000000 --- a/keystone_tempest_plugin/tests/api/identity/v3/fixtures.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.lib.common.utils import data_utils - - -def idp_ref(enabled=None, remote_ids=None): - ref = { - 'description': data_utils.rand_uuid_hex(), - } - if enabled is not None: - ref['enabled'] = enabled - - if remote_ids: - ref['remote_ids'] = remote_ids - - return ref - - -def mapping_ref(): - rules = [{ - 'local': [ - { - 'user': {'name': '{0}'} - }, - { - 'group_ids': '{1}' - } - ], - 'remote': [ - { - 'type': 'openstack_username' - }, - { - 'type': 'group_ids', - 'whitelist': ['abc', '123'] - } - - ] - }] - return {'rules': rules} - - -def sp_ref(enabled=None, relay_state_prefix=None): - ref = { - 'auth_url': data_utils.rand_url(), - 'description': data_utils.rand_uuid_hex(), - 'sp_url': data_utils.rand_url(), - } - if enabled: - ref['enabled'] = enabled - - if relay_state_prefix: - ref['relay_state_prefix'] = relay_state_prefix - - return ref diff --git a/keystone_tempest_plugin/tests/api/identity/v3/test_identity_providers.py b/keystone_tempest_plugin/tests/api/identity/v3/test_identity_providers.py deleted file mode 100644 index 6b8f6a8600..0000000000 --- a/keystone_tempest_plugin/tests/api/identity/v3/test_identity_providers.py +++ /dev/null @@ -1,244 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -from keystone_tempest_plugin.tests.api.identity.v3 import fixtures -from keystone_tempest_plugin.tests import base - - -class IdentityProvidersTest(base.BaseIdentityTest): - - def _assert_identity_provider_attributes(self, idp, idp_id, idp_ref=None): - self.assertIn('id', idp) - self.assertEqual(idp_id, idp['id']) - - # Check the optional attributes have been set - self.assertIn('description', idp) - self.assertIn('enabled', idp) - self.assertIn('remote_ids', idp) - - if idp_ref: - self.assertEqual(idp_ref['description'], idp['description']) - - if 'enabled' in idp_ref: - self.assertEqual(idp_ref['enabled'], idp['enabled']) - - if 'remote_ids' in idp_ref: - self.assertItemsEqual(idp_ref['remote_ids'], idp['remote_ids']) - - def _create_idp(self, idp_id, idp_ref): - idp = self.idps_client.create_identity_provider( - idp_id, **idp_ref)['identity_provider'] - self.addCleanup( - self.idps_client.delete_identity_provider, idp_id) - return idp - - @decorators.idempotent_id('09450910-b816-4150-8513-a2fd4628a0c3') - def test_identity_provider_create(self): - idp_id = data_utils.rand_uuid_hex() - idp_ref = fixtures.idp_ref() - idp = self._create_idp(idp_id, idp_ref) - - # The identity provider is disabled by default - idp_ref['enabled'] = False - - # The remote_ids attribute should be set to an empty list by default - idp_ref['remote_ids'] = [] - - self._assert_identity_provider_attributes(idp, idp_id, idp_ref) - - @decorators.idempotent_id('f430a337-545d-455e-bb6c-cb0fdf4be5c1') - def test_identity_provider_create_with_enabled_true(self): - idp_id = data_utils.rand_uuid_hex() - idp_ref = fixtures.idp_ref(enabled=True) - idp = self._create_idp(idp_id, idp_ref) - - self._assert_identity_provider_attributes(idp, idp_id, idp_ref) - - @decorators.idempotent_id('238e6163-d600-4f59-9982-c621f057221d') - def test_identity_provider_create_with_remote_ids(self): - idp_id = data_utils.rand_uuid_hex() - remote_ids = [data_utils.rand_uuid_hex(), data_utils.rand_uuid_hex()] - idp_ref = fixtures.idp_ref(remote_ids=remote_ids) - idp = self._create_idp(idp_id, idp_ref) - - self._assert_identity_provider_attributes(idp, idp_id, idp_ref) - - @decorators.idempotent_id('8a7817ad-27f8-436b-9cbe-46aa20989beb') - def test_identity_provider_get(self): - idp_id = data_utils.rand_uuid_hex() - idp_create = self._create_idp(idp_id, fixtures.idp_ref()) - - idp_get = self.idps_client.show_identity_provider( - idp_id)['identity_provider'] - self._assert_identity_provider_attributes(idp_get, idp_id, idp_create) - - @decorators.idempotent_id('cbfe5de9-c58a-4810-950c-2acdf985879d') - def test_identity_provider_list(self): - idp_ids = [] - for _ in range(3): - idp_id = data_utils.rand_uuid_hex() - self._create_idp(idp_id, fixtures.idp_ref()) - idp_ids.append(idp_id) - - idp_list = self.idps_client.list_identity_providers()[ - 'identity_providers'] - fetched_ids = [fetched_idp['id'] for fetched_idp in idp_list] - - for idp_id in idp_ids: - self.assertIn(idp_id, fetched_ids) - - @decorators.idempotent_id('36a0d9f0-9517-4139-85d0-f78d905aece5') - def test_identity_provider_update(self): - idp_id = data_utils.rand_uuid_hex() - idp = self._create_idp(idp_id, fixtures.idp_ref(enabled=True)) - - # The identity provider should be enabled - self.assertTrue(idp['enabled']) - - idp = self.idps_client.update_identity_provider( - idp_id, enabled=False)['identity_provider'] - - # The identity provider should be disabled - self.assertFalse(idp['enabled']) - - idp_get = self.idps_client.show_identity_provider( - idp_id)['identity_provider'] - self.assertFalse(idp_get['enabled']) - - def _assert_protocol_attributes(self, protocol, protocol_id, - mapping_id=None): - self.assertIn('id', protocol) - self.assertEqual(protocol_id, protocol['id']) - - self.assertIn('mapping_id', protocol) - if mapping_id: - self.assertEqual(mapping_id, protocol['mapping_id']) - - def _create_identity_provider_and_mapping(self): - # Create an identity provider - idp_id = data_utils.rand_uuid_hex() - self._create_idp(idp_id, fixtures.idp_ref(enabled=True)) - - # Create a mapping rule - mapping_id = data_utils.rand_uuid_hex() - self.mappings_client.create_mapping_rule( - mapping_id, fixtures.mapping_ref()) - self.addCleanup(self.mappings_client.delete_mapping_rule, mapping_id) - - return idp_id, mapping_id - - def _create_protocol(self, idp_id, protocol_id, mapping_id): - protocol = self.idps_client.add_protocol_and_mapping( - idp_id, protocol_id, mapping_id)['protocol'] - self.addCleanup( - self.idps_client.delete_protocol_and_mapping, idp_id, protocol_id) - return protocol - - @decorators.idempotent_id('f5bdf482-1ad3-4aad-b52e-8fe7c1361104') - def test_add_protocol_to_identity_provider(self): - idp_id, mapping_id = self._create_identity_provider_and_mapping() - - # Now we try to add a protocol to the identity provider - protocol_id = data_utils.rand_uuid_hex() - protocol = self._create_protocol(idp_id, protocol_id, mapping_id) - - self._assert_protocol_attributes(protocol, protocol_id, mapping_id) - - @decorators.idempotent_id('613d073b-0db7-41aa-b4df-5a1848cde0b3') - def test_get_protocol_from_identity_provider(self): - idp_id, mapping_id = self._create_identity_provider_and_mapping() - - # Add a protocol to the identity provider - protocol_id = data_utils.rand_uuid_hex() - self._create_protocol(idp_id, protocol_id, mapping_id) - - # Try to get the protocol - protocol = self.idps_client.get_protocol_and_mapping( - idp_id, protocol_id)['protocol'] - self._assert_protocol_attributes(protocol, protocol_id, mapping_id) - - @decorators.idempotent_id('6e6501ac-edae-4dc2-bb68-7a2b58602383') - def test_list_protocols_from_identity_provider(self): - idp_id, mapping_id = self._create_identity_provider_and_mapping() - - protocol_ids = [] - for _ in range(3): - protocol_id = data_utils.rand_uuid_hex() - self._create_protocol(idp_id, protocol_id, mapping_id) - protocol_ids.append(protocol_id) - - protocols_list = self.idps_client.list_protocols_and_mappings(idp_id)[ - 'protocols'] - fetched_ids = [fetched['id'] for fetched in protocols_list] - - for protocol_id in protocol_ids: - self.assertIn(protocol_id, fetched_ids) - - @decorators.idempotent_id('680d36df-d6b9-4695-be29-6fc2065c5dde') - def test_update_mapping_from_identity_provider_protocol(self): - idp_id, mapping_id = self._create_identity_provider_and_mapping() - - # Add a protocol to the identity provider - protocol_id = data_utils.rand_uuid_hex() - protocol = self._create_protocol(idp_id, protocol_id, mapping_id) - - # Create another mapping - new_mapping_id = data_utils.rand_uuid_hex() - self.mappings_client.create_mapping_rule( - new_mapping_id, fixtures.mapping_ref()) - - # Update the identity provider protocol - protocol = self.idps_client.update_protocol_mapping( - idp_id, protocol_id, new_mapping_id)['protocol'] - - self._assert_protocol_attributes(protocol, protocol_id, new_mapping_id) - - @decorators.idempotent_id('04fdf262-af91-4a68-a1cf-794c6d2f2eeb') - def test_add_protocol_to_identity_provider_unknown_mapping(self): - # Create an identity provider - idp_id = data_utils.rand_uuid_hex() - self._create_idp(idp_id, fixtures.idp_ref(enabled=True)) - - # Now we try to add a protocol to the identity provider using - # a non existent mapping ID - mapping_id = data_utils.rand_uuid_hex() - protocol_id = data_utils.rand_uuid_hex() - self.assertRaises( - lib_exc.BadRequest, - self._create_protocol, - idp_id, - protocol_id, - mapping_id) - - @decorators.idempotent_id('c73311e7-c207-4c11-998f-532a91f1b0d1') - def test_update_protocol_from_identity_provider_unknown_mapping(self): - idp_id, mapping_id = self._create_identity_provider_and_mapping() - - # Add a protocol to the identity provider - protocol_id = data_utils.rand_uuid_hex() - self._create_protocol(idp_id, protocol_id, mapping_id) - - # Update the identity provider protocol using a non existent - # mapping_id - new_mapping_id = data_utils.rand_uuid_hex() - self.assertRaises( - lib_exc.BadRequest, - self.idps_client.update_protocol_mapping, - idp_id, - protocol_id, - new_mapping_id) diff --git a/keystone_tempest_plugin/tests/api/identity/v3/test_mapping_rules.py b/keystone_tempest_plugin/tests/api/identity/v3/test_mapping_rules.py deleted file mode 100644 index 7fcf3761ad..0000000000 --- a/keystone_tempest_plugin/tests/api/identity/v3/test_mapping_rules.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -from keystone_tempest_plugin.tests.api.identity.v3 import fixtures -from keystone_tempest_plugin.tests import base - - -class MappingRulesTest(base.BaseIdentityTest): - - _MAPPING_REF = fixtures.mapping_ref() - - def _assert_mapping_rules_attributes(self, mapping, mapping_id, - mapping_ref=None): - self.assertIn('id', mapping) - self.assertEqual(mapping_id, mapping['id']) - - self.assertIn('rules', mapping) - - if mapping_ref: - self.assertItemsEqual(mapping_ref['rules'], mapping['rules']) - - def _create_mapping_rule(self, mapping_id, mapping_ref): - mapping = self.mappings_client.create_mapping_rule( - mapping_id, mapping_ref)['mapping'] - self.addCleanup(self.mappings_client.delete_mapping_rule, mapping_id) - return mapping - - @decorators.idempotent_id('4ca48c01-b6da-4759-acb6-007e15ad712a') - def test_mapping_rules_create(self): - mapping_id = data_utils.rand_uuid_hex() - mapping = self._create_mapping_rule(mapping_id, self._MAPPING_REF) - self._assert_mapping_rules_attributes( - mapping, mapping_id, self._MAPPING_REF) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('341dac45-ce1f-4f15-afdc-1f9a7d7d7c40') - def test_mapping_rules_create_without_mandatory_attributes_fails(self): - mapping_id = data_utils.rand_uuid_hex() - self.assertRaises( - lib_exc.BadRequest, - self.mappings_client.create_mapping_rule, - mapping_id, - {}) - - @decorators.idempotent_id('8db213e3-1db0-48c6-863c-7a3ed23577ec') - def test_mapping_rules_get(self): - mapping_id = data_utils.rand_uuid_hex() - mapping_create = self._create_mapping_rule( - mapping_id, self._MAPPING_REF) - - mapping_get = self.mappings_client.show_mapping_rule(mapping_id)[ - 'mapping'] - self._assert_mapping_rules_attributes( - mapping_get, mapping_id, mapping_create) - - @decorators.idempotent_id('bb80b242-2a6a-4d29-b45f-4035be574a6e') - def test_mapping_rules_list(self): - mapping_ids = [] - for _ in range(3): - mapping_id = data_utils.rand_uuid_hex() - self._create_mapping_rule(mapping_id, self._MAPPING_REF) - mapping_ids.append(mapping_id) - - mappings_list = self.mappings_client.list_mapping_rules()['mappings'] - fetched_ids = [mapping['id'] for mapping in mappings_list] - - for mapping_id in mapping_ids: - self.assertIn(mapping_id, fetched_ids) - - @decorators.idempotent_id('1fc5d104-faf5-4809-8c89-29b5c1666a96') - def test_mapping_rule_update(self): - mapping_id = data_utils.rand_uuid_hex() - mapping_ref = fixtures.mapping_ref() - mapping = self._create_mapping_rule(mapping_id, mapping_ref) - - new_local = [{'group': {'id': data_utils.rand_uuid_hex()}}] - mapping_ref['rules'][0]['local'] = new_local - - mapping = self.mappings_client.update_mapping_rule( - mapping_id, mapping_ref)['mapping'] - self._assert_mapping_rules_attributes( - mapping, mapping_id, mapping_ref) - - mapping_get = self.mappings_client.show_mapping_rule(mapping_id)[ - 'mapping'] - self._assert_mapping_rules_attributes( - mapping_get, mapping_id, mapping) diff --git a/keystone_tempest_plugin/tests/api/identity/v3/test_service_providers.py b/keystone_tempest_plugin/tests/api/identity/v3/test_service_providers.py deleted file mode 100644 index a6522f906c..0000000000 --- a/keystone_tempest_plugin/tests/api/identity/v3/test_service_providers.py +++ /dev/null @@ -1,206 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -from keystone_tempest_plugin.tests.api.identity.v3 import fixtures -from keystone_tempest_plugin.tests import base - -DEFAULT_RELAY_STATE_PREFIX = 'ss:mem:' - - -class ServiceProvidersTest(base.BaseIdentityTest): - - def _assert_service_provider_attributes(self, sp, sp_id, sp_ref=None): - self.assertIn('id', sp) - self.assertEqual(sp_id, sp['id']) - - self.assertIn('auth_url', sp) - self.assertIn('sp_url', sp) - - # Check the optional attributes have been set - self.assertIn('description', sp) - self.assertIn('enabled', sp) - self.assertIn('relay_state_prefix', sp) - - if sp_ref: - self.assertEqual(sp_ref['auth_url'], sp['auth_url']) - self.assertEqual(sp_ref['sp_url'], sp['sp_url']) - self.assertEqual(sp_ref['description'], sp['description']) - - if 'enabled' in sp_ref: - self.assertEqual(sp_ref['enabled'], sp['enabled']) - - if 'relay_state_prefix' in sp_ref: - self.assertEqual( - sp_ref['relay_state_prefix'], sp['relay_state_prefix']) - - def _add_cleanup(self, sp_id): - self.addCleanup( - self.sps_client.delete_service_provider, sp_id) - - def _create_sp(self, sp_id, sp_ref): - sp = self.sps_client.create_service_provider( - sp_id, **sp_ref)['service_provider'] - self.addCleanup(self.sps_client.delete_service_provider, sp_id) - return sp - - @decorators.idempotent_id('6fae0971-5acb-4559-ba25-96f1fd7e5385') - def test_service_provider_create(self): - sp_id = data_utils.rand_uuid_hex() - sp_ref = fixtures.sp_ref() - sp = self._create_sp(sp_id, sp_ref) - - # The service provider is disabled by default - sp_ref['enabled'] = False - - # The relay_state_prefix should have been set to the default value - sp_ref['relay_state_prefix'] = DEFAULT_RELAY_STATE_PREFIX - - self._assert_service_provider_attributes(sp, sp_id, sp_ref) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('d9d7454c-50b7-4966-aedb-b9d520a41409') - def test_service_provider_create_without_mandatory_attributes(self): - sp_id = data_utils.rand_uuid_hex() - self.assertRaises( - lib_exc.BadRequest, - self.sps_client.create_service_provider, - sp_id) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('f77ed1c0-c428-44a7-9364-e8e4362c360a') - def test_service_provider_create_with_bad_attributes(self): - sp_id = data_utils.rand_uuid_hex() - sp_ref = fixtures.sp_ref() - - # The auth_url must follow a URL regex - sp_ref['auth_url'] = data_utils.rand_uuid_hex() - self.assertRaises( - lib_exc.BadRequest, - self.sps_client.create_service_provider, - sp_id, - **sp_ref) - - sp_ref = fixtures.sp_ref() - - # The sp_url must follow a URL regex - sp_ref['sp_url'] = data_utils.rand_uuid_hex() - self.assertRaises( - lib_exc.BadRequest, - self.sps_client.create_service_provider, - sp_id, - **sp_ref) - - @decorators.idempotent_id('8550b419-f212-4e34-a8fa-7ff64f8a7fd3') - def test_service_provider_create_with_enabled_true(self): - sp_id = data_utils.rand_uuid_hex() - sp_ref = fixtures.sp_ref(enabled=True) - sp = self._create_sp(sp_id, sp_ref) - - self._assert_service_provider_attributes(sp, sp_id, sp_ref) - - @decorators.idempotent_id('0e319a14-1548-474e-a406-273c6b1c1f2d') - def test_service_provider_create_with_relay_state_prefix(self): - sp_id = data_utils.rand_uuid_hex() - sp_ref = fixtures.sp_ref( - enabled=True, relay_state_prefix=data_utils.rand_uuid_hex()) - sp = self._create_sp(sp_id, sp_ref) - - self._assert_service_provider_attributes(sp, sp_id, sp_ref) - - @decorators.idempotent_id('7df78c7a-9265-4b4f-9630-193b7f07d9eb') - def test_service_provider_get(self): - sp_id = data_utils.rand_uuid_hex() - sp_create = self._create_sp(sp_id, fixtures.sp_ref()) - - sp_get = self.sps_client.show_service_provider(sp_id)[ - 'service_provider'] - - self._assert_service_provider_attributes(sp_get, sp_id, sp_create) - - @decorators.idempotent_id('9237cea0-fbeb-4d64-8347-46c567e1d78f') - def test_service_provider_list(self): - sp_ids = [] - for _ in range(3): - sp_id = data_utils.rand_uuid_hex() - self._create_sp(sp_id, fixtures.sp_ref()) - sp_ids.append(sp_id) - - sp_list = self.sps_client.list_service_providers()['service_providers'] - fetched_ids = [fetched_sp['id'] for fetched_sp in sp_list] - - for sp_id in sp_ids: - self.assertIn(sp_id, fetched_ids) - - @decorators.idempotent_id('bb68653f-fbba-4f20-ac1b-7b318a557366') - def test_service_provider_update(self): - sp_id = data_utils.rand_uuid_hex() - sp = self._create_sp(sp_id, fixtures.sp_ref(enabled=True)) - - # The service provider should be enabled - self.assertTrue(sp['enabled']) - - sp = self.sps_client.update_service_provider( - sp_id, enabled=False)['service_provider'] - - # The service provider should be now disabled - self.assertFalse(sp['enabled']) - - sp_get = self.sps_client.show_service_provider(sp_id)[ - 'service_provider'] - self.assertFalse(sp_get['enabled']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('91ce1183-1a15-4598-ae5f-85cfa98a1c77') - def test_service_provider_update_with_bad_attributes_fails(self): - sp_id = data_utils.rand_uuid_hex() - self._create_sp(sp_id, fixtures.sp_ref()) - - # The auth_url must follow a URL regex - self.assertRaises( - lib_exc.BadRequest, - self.sps_client.update_service_provider, - sp_id, - auth_url=data_utils.rand_uuid_hex()) - - # The sp_url must follow a URL regex - self.assertRaises( - lib_exc.BadRequest, - self.sps_client.update_service_provider, - sp_id, - auth_url=data_utils.rand_uuid_hex()) - - @decorators.idempotent_id('7553579b-9a9e-45dd-9ada-70d906b516c0') - def test_service_providers_in_token(self): - # Create some enabled service providers - enabled_sps = [] - for _ in range(2): - sp_id = data_utils.rand_uuid_hex() - self._create_sp(sp_id, fixtures.sp_ref(enabled=True)) - enabled_sps.append(sp_id) - - # Create some disabled service providers - for _ in range(2): - sp_id = data_utils.rand_uuid_hex() - self._create_sp(sp_id, fixtures.sp_ref(enabled=False)) - - sps_in_token_ids = [ - sp['id'] for sp in - self.sps_client.get_service_providers_in_token()] - - # Should be equal to the enabled_sps list - self.assertItemsEqual(enabled_sps, sps_in_token_ids) diff --git a/keystone_tempest_plugin/tests/base.py b/keystone_tempest_plugin/tests/base.py deleted file mode 100644 index 6ba6659150..0000000000 --- a/keystone_tempest_plugin/tests/base.py +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.common import credentials_factory as common_creds -from tempest import test - -from keystone_tempest_plugin import clients - - -class BaseIdentityTest(test.BaseTestCase): - - # The version of the identity that will be used in the tests. - identity_version = 'v3' - - # NOTE(rodrigods): for now, all tests are in the admin scope, if - # necessary, another class can be created to handle non-admin tests. - credential_type = 'identity_admin' - - @classmethod - def setup_clients(cls): - super(BaseIdentityTest, cls).setup_clients() - credentials = common_creds.get_configured_admin_credentials( - cls.credential_type, identity_version=cls.identity_version) - cls.keystone_manager = clients.Manager(credentials) - cls.auth_client = cls.keystone_manager.auth_client - cls.idps_client = cls.keystone_manager.identity_providers_client - cls.mappings_client = cls.keystone_manager.mapping_rules_client - cls.saml2_client = cls.keystone_manager.saml2_client - cls.sps_client = cls.keystone_manager.service_providers_client - cls.tokens_client = cls.keystone_manager.token_v3_client diff --git a/keystone_tempest_plugin/tests/scenario/__init__.py b/keystone_tempest_plugin/tests/scenario/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py b/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py deleted file mode 100644 index 24d74160c3..0000000000 --- a/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py +++ /dev/null @@ -1,176 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from lxml import etree -from six.moves import http_client -from tempest import config -from tempest.lib.common.utils import data_utils -import testtools - -from keystone_tempest_plugin.tests import base - - -CONF = config.CONF - - -class TestSaml2EcpFederatedAuthentication(base.BaseIdentityTest): - - ECP_SAML2_NAMESPACES = { - 'ecp': 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp', - 'S': 'http://schemas.xmlsoap.org/soap/envelope/', - 'paos': 'urn:liberty:paos:2003-08' - } - - ECP_SERVICE_PROVIDER_CONSUMER_URL = ('/S:Envelope/S:Header/paos:Request/' - '@responseConsumerURL') - - ECP_IDP_CONSUMER_URL = ('/S:Envelope/S:Header/ecp:Response/' - '@AssertionConsumerServiceURL') - - ECP_RELAY_STATE = '//ecp:RelayState' - - def _setup_settings(self): - self.idp_id = CONF.fed_scenario.idp_id - self.idp_url = CONF.fed_scenario.idp_ecp_url - self.keystone_v3_endpoint = CONF.identity.uri_v3 - self.password = CONF.fed_scenario.idp_password - self.protocol_id = CONF.fed_scenario.protocol_id - self.username = CONF.fed_scenario.idp_username - - def _setup_idp(self): - remote_ids = CONF.fed_scenario.idp_remote_ids - self.idps_client.create_identity_provider( - self.idp_id, remote_ids=remote_ids, enabled=True) - self.addCleanup( - self.idps_client.delete_identity_provider, self.idp_id) - - def _setup_mapping(self): - self.mapping_id = data_utils.rand_uuid_hex() - mapping_remote_type = CONF.fed_scenario.mapping_remote_type - mapping_user_name = CONF.fed_scenario.mapping_user_name - mapping_group_name = CONF.fed_scenario.mapping_group_name - mapping_group_domain_name = CONF.fed_scenario.mapping_group_domain_name - - rules = [{ - 'local': [ - { - 'user': {'name': mapping_user_name} - }, - { - 'group': { - 'domain': {'name': mapping_group_domain_name}, - 'name': mapping_group_name - } - } - ], - 'remote': [ - { - 'type': mapping_remote_type - } - ] - }] - mapping_ref = {'rules': rules} - self.mappings_client.create_mapping_rule(self.mapping_id, mapping_ref) - self.addCleanup( - self.mappings_client.delete_mapping_rule, self.mapping_id) - - def _setup_protocol(self): - self.idps_client.add_protocol_and_mapping( - self.idp_id, self.protocol_id, self.mapping_id) - self.addCleanup( - self.idps_client.delete_protocol_and_mapping, - self.idp_id, - self.protocol_id) - - def setUp(self): - super(TestSaml2EcpFederatedAuthentication, self).setUp() - self._setup_settings() - - # Reset client's session to avoid getting garbage from another runs - self.saml2_client.reset_session() - - # Setup identity provider, mapping and protocol - self._setup_idp() - self._setup_mapping() - self._setup_protocol() - - def _str_from_xml(self, xml, path): - l = xml.xpath(path, namespaces=self.ECP_SAML2_NAMESPACES) - self.assertEqual(1, len(l)) - return l[0] - - def _request_unscoped_token(self): - resp = self.saml2_client.send_service_provider_request( - self.keystone_v3_endpoint, self.idp_id, self.protocol_id) - self.assertEqual(http_client.OK, resp.status_code) - saml2_authn_request = etree.XML(resp.content) - - relay_state = self._str_from_xml( - saml2_authn_request, self.ECP_RELAY_STATE) - sp_consumer_url = self._str_from_xml( - saml2_authn_request, self.ECP_SERVICE_PROVIDER_CONSUMER_URL) - - # Perform the authn request to the identity provider - resp = self.saml2_client.send_identity_provider_authn_request( - saml2_authn_request, self.idp_url, self.username, self.password) - self.assertEqual(http_client.OK, resp.status_code) - saml2_idp_authn_response = etree.XML(resp.content) - - idp_consumer_url = self._str_from_xml( - saml2_idp_authn_response, self.ECP_IDP_CONSUMER_URL) - - # Assert that both saml2_authn_request and saml2_idp_authn_response - # have the same consumer URL. - self.assertEqual(sp_consumer_url, idp_consumer_url) - - # Present the identity provider authn response to the service provider. - resp = self.saml2_client.send_service_provider_saml2_authn_response( - saml2_idp_authn_response, relay_state, idp_consumer_url) - # Must receive a redirect from service provider to the URL where the - # unscoped token can be retrieved. - self.assertIn(resp.status_code, - [http_client.FOUND, http_client.SEE_OTHER]) - - # We can receive multiple types of errors here, the response depends on - # the mapping and the username used to authenticate in the Identity - # Provider and also in the Identity Provider remote ID validation. - # If everything works well, we receive an unscoped token. - sp_url = resp.headers['location'] - resp = ( - self.saml2_client.send_service_provider_unscoped_token_request( - sp_url)) - self.assertEqual(http_client.CREATED, resp.status_code) - self.assertIn('X-Subject-Token', resp.headers) - self.assertNotEmpty(resp.json()) - - return resp - - @testtools.skipUnless(CONF.identity_feature_enabled.federation, - "Federated Identity feature not enabled") - def test_request_unscoped_token(self): - self._request_unscoped_token() - - @testtools.skipUnless(CONF.identity_feature_enabled.federation, - "Federated Identity feature not enabled") - def test_request_scoped_token(self): - resp = self._request_unscoped_token() - token_id = resp.headers['X-Subject-Token'] - - projects = self.auth_client.get_available_projects_scopes( - self.keystone_v3_endpoint, token_id)['projects'] - self.assertNotEmpty(projects) - - # Get a scoped token to one of the listed projects - self.tokens_client.auth( - project_id=projects[0]['id'], token=token_id) diff --git a/setup.cfg b/setup.cfg index df40e0a58f..4c2a418571 100644 --- a/setup.cfg +++ b/setup.cfg @@ -69,11 +69,6 @@ msgid_bugs_address = https://bugs.launchpad.net/keystone [pbr] autodoc_tree_index_modules = True -# NOTE(gagehugo): building docs with autodoc_tree_index_modules set to True -# causes warnings when creating api docs with keystone_tempest_plugin and -# these issues seem to be related to tempest/oslo_config rather than -# keystone. -autodoc_tree_excludes = keystone_tempest_plugin setup.py [entry_points] console_scripts = @@ -213,6 +208,3 @@ paste.app_factory = public_service = keystone.version.service:public_app_factory public_version_service = keystone.version.service:public_version_app_factory service_v3 = keystone.version.service:v3_app_factory - -tempest.test_plugins = - keystone_tests = keystone_tempest_plugin.plugin:KeystoneTempestPlugin