openstack/python-openstackclient
Code Issues Proposed changes
a59262e44d
python-openstackclient/openstackclient/tests/functional/identity/v3/test_application_credential.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

178 lines
6.1 KiB
Python
Raw Normal View History

Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
# Copyright 2018 SUSE Linux GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import datetime
from tempest.lib.common.utils import data_utils
from openstackclient.tests.functional.identity.v3 import common
class ApplicationCredentialTests(common.IdentityTests):
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
APPLICATION_CREDENTIAL_FIELDS = [
identity: Migrate 'application credential' commands to SDK Change-Id: Iba3fee2672d32266623c6f367beaabe84bd3d24e
2024-06-26 15:54:44 +00:00
'ID',
'Name',
'Project ID',
'Description',
'Roles',
'Expires At',
'Unrestricted',
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
]
APPLICATION_CREDENTIAL_LIST_HEADERS = [
'ID',
'Name',
'Project ID',
'Description',
'Expires At',
]
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
def test_application_credential_create(self):
name = data_utils.rand_name('name')
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
raw_output = self.openstack(f'application credential create {name}')
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
self.addCleanup(
self.openstack,
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
f'application credential delete {name}',
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
items = self.parse_show(raw_output)
self.assert_show_fields(items, self.APPLICATION_CREDENTIAL_FIELDS)
def _create_role_assignments(self):
try:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
user = self.openstack(
'configuration show -f value' ' -c auth.username'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
except Exception:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
user = self.openstack(
'configuration show -f value' ' -c auth.user_id'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
try:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
user_domain = self.openstack(
'configuration show -f value' ' -c auth.user_domain_name'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
except Exception:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
user_domain = self.openstack(
'configuration show -f value' ' -c auth.user_domain_id'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
try:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
project = self.openstack(
'configuration show -f value' ' -c auth.project_name'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
except Exception:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
project = self.openstack(
'configuration show -f value' ' -c auth.project_id'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
try:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
project_domain = self.openstack(
'configuration show -f value' ' -c auth.project_domain_name'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
except Exception:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
project_domain = self.openstack(
'configuration show -f value' ' -c auth.project_domain_id'
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
role1 = self._create_dummy_role()
role2 = self._create_dummy_role()
for role in role1, role2:
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
self.openstack(
'role add'
' --user %(user)s'
' --user-domain %(user_domain)s'
' --project %(project)s'
' --project-domain %(project_domain)s'
' %(role)s'
% {
'user': user,
'user_domain': user_domain,
'project': project,
'project_domain': project_domain,
'role': role,
}
)
self.addCleanup(
self.openstack,
'role remove'
' --user %(user)s'
' --user-domain %(user_domain)s'
' --project %(project)s'
' --project-domain %(project_domain)s'
' %(role)s'
% {
'user': user,
'user_domain': user_domain,
'project': project,
'project_domain': project_domain,
'role': role,
},
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
return role1, role2
def test_application_credential_create_with_options(self):
name = data_utils.rand_name('name')
secret = data_utils.rand_name('secret')
description = data_utils.rand_name('description')
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
tomorrow = (
datetime.datetime.utcnow() + datetime.timedelta(days=1)
).strftime('%Y-%m-%dT%H:%M:%S%z')
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
role1, role2 = self._create_role_assignments()
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
raw_output = self.openstack(
'application credential create %(name)s'
' --secret %(secret)s'
' --description %(description)s'
' --expiration %(tomorrow)s'
' --role %(role1)s'
' --role %(role2)s'
' --unrestricted'
% {
'name': name,
'secret': secret,
'description': description,
'tomorrow': tomorrow,
'role1': role1,
'role2': role2,
}
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
self.addCleanup(
self.openstack,
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
f'application credential delete {name}',
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
items = self.parse_show(raw_output)
self.assert_show_fields(items, self.APPLICATION_CREDENTIAL_FIELDS)
def test_application_credential_delete(self):
name = data_utils.rand_name('name')
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
self.openstack(f'application credential create {name}')
raw_output = self.openstack(
'application credential delete ' '%(name)s' % {'name': name}
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
self.assertEqual(0, len(raw_output))
def test_application_credential_list(self):
raw_output = self.openstack('application credential list')
items = self.parse_listing(raw_output)
self.assert_table_structure(
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
items, self.APPLICATION_CREDENTIAL_LIST_HEADERS
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
def test_application_credential_show(self):
name = data_utils.rand_name('name')
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
raw_output = self.openstack(f'application credential create {name}')
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
self.addCleanup(
self.openstack,
Blacken openstackclient.identity Black used with the '-l 79 -S' flags. A future change will ignore this commit in git-blame history by adding a 'git-blame-ignore-revs' file. Change-Id: I2eeade1ce6653be8e9179ecc40105182c5ff5f16 Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-05-08 11:32:01 +01:00
f'application credential delete {name}',
)
raw_output = self.openstack(
'application credential show ' '%(name)s' % {'name': name}
)
Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
2018-01-21 20:02:02 +01:00
items = self.parse_show(raw_output)
self.assert_show_fields(items, self.APPLICATION_CREDENTIAL_FIELDS)
Copy Permalink