Merge "Add keystone v3 EC2 credential tests and client"

This commit is contained in:
Zuul 2020-09-26 11:48:30 +00:00 committed by Gerrit Code Review
commit 24ffe96042
4 changed files with 228 additions and 0 deletions

View File

@ -0,0 +1,5 @@
---
features:
- |
Added missing clients and tests for keystone's v3 EC2 API which already
existed for keystone v2.

View File

@ -0,0 +1,113 @@
# Copyright 2020 SUSE LLC
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.api.identity import base
from tempest.common import utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
class EC2CredentialsTest(base.BaseIdentityV3Test):
@classmethod
def skip_checks(cls):
super(EC2CredentialsTest, cls).skip_checks()
if not utils.is_extension_enabled('OS-EC2', 'identity'):
msg = "OS-EC2 identity extension not enabled."
raise cls.skipException(msg)
@classmethod
def resource_setup(cls):
super(EC2CredentialsTest, cls).resource_setup()
cls.creds = cls.os_primary.credentials
@decorators.idempotent_id('b0f55a29-54e5-4166-999d-712347e0c920')
def test_create_ec2_credential(self):
"""Create user ec2 credential."""
resp = self.non_admin_users_client.create_user_ec2_credential(
self.creds.user_id,
tenant_id=self.creds.tenant_id)["credential"]
access = resp['access']
self.addCleanup(
self.non_admin_users_client.delete_user_ec2_credential,
self.creds.user_id, access)
self.assertNotEmpty(resp['access'])
self.assertNotEmpty(resp['secret'])
self.assertEqual(self.creds.user_id, resp['user_id'])
self.assertEqual(self.creds.tenant_id, resp['tenant_id'])
@decorators.idempotent_id('897813f0-160c-4fdc-aabc-24ee635ce4a9')
def test_list_ec2_credentials(self):
"""Get the list of user ec2 credentials."""
created_creds = []
# create first ec2 credentials
creds1 = self.non_admin_users_client.create_user_ec2_credential(
self.creds.user_id,
tenant_id=self.creds.tenant_id)["credential"]
created_creds.append(creds1['access'])
self.addCleanup(
self.non_admin_users_client.delete_user_ec2_credential,
self.creds.user_id, creds1['access'])
# create second ec2 credentials
creds2 = self.non_admin_users_client.create_user_ec2_credential(
self.creds.user_id,
tenant_id=self.creds.tenant_id)["credential"]
created_creds.append(creds2['access'])
self.addCleanup(
self.non_admin_users_client.delete_user_ec2_credential,
self.creds.user_id, creds2['access'])
# get the list of user ec2 credentials
resp = self.non_admin_users_client.list_user_ec2_credentials(
self.creds.user_id)["credentials"]
fetched_creds = [cred['access'] for cred in resp]
# created credentials should be in a fetched list
missing = [cred for cred in created_creds
if cred not in fetched_creds]
self.assertEmpty(missing,
"Failed to find ec2_credentials %s in fetched list" %
', '.join(cred for cred in missing))
@decorators.idempotent_id('8b8d1010-5958-48df-a6cd-5e3df72e6bcf')
def test_show_ec2_credential(self):
"""Get the definite user ec2 credential."""
resp = self.non_admin_users_client.create_user_ec2_credential(
self.creds.user_id,
tenant_id=self.creds.tenant_id)["credential"]
self.addCleanup(
self.non_admin_users_client.delete_user_ec2_credential,
self.creds.user_id, resp['access'])
ec2_creds = self.non_admin_users_client.show_user_ec2_credential(
self.creds.user_id, resp['access']
)["credential"]
for key in ['access', 'secret', 'user_id', 'tenant_id']:
self.assertEqual(ec2_creds[key], resp[key])
@decorators.idempotent_id('9408d61b-8be0-4a8d-9b85-14f61edb456b')
def test_delete_ec2_credential(self):
"""Delete user ec2 credential."""
resp = self.non_admin_users_client.create_user_ec2_credential(
self.creds.user_id,
tenant_id=self.creds.tenant_id)["credential"]
access = resp['access']
self.non_admin_users_client.delete_user_ec2_credential(
self.creds.user_id, access)
self.assertRaises(
lib_exc.NotFound,
self.non_admin_users_client.show_user_ec2_credential,
self.creds.user_id,
access)

View File

@ -118,3 +118,30 @@ class UsersClient(rest_client.RestClient):
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
def create_user_ec2_credential(self, user_id, **kwargs):
post_body = json.dumps(kwargs)
resp, body = self.post('/users/%s/credentials/OS-EC2' % user_id,
post_body)
self.expected_success(201, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
def delete_user_ec2_credential(self, user_id, access):
resp, body = self.delete('/users/%s/credentials/OS-EC2/%s' %
(user_id, access))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def list_user_ec2_credentials(self, user_id):
resp, body = self.get('/users/%s/credentials/OS-EC2' % user_id)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
def show_user_ec2_credential(self, user_id, access):
resp, body = self.get('/users/%s/credentials/OS-EC2/%s' %
(user_id, access))
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)

View File

@ -141,6 +141,35 @@ class TestUsersClient(base.BaseServiceTest):
]
}
FAKE_USER_EC2_CREDENTIAL_INFO = {
"credential": {
'user_id': '9beb0e12f3e5416db8d7cccfc785db3b',
'access': '79abf59acc77492a86170cbe2f1feafa',
'secret': 'c4e7d3a691fd4563873d381a40320f46',
'trust_id': None,
'tenant_id': '596557269d7b4dd78631a602eb9f151d'
}
}
FAKE_LIST_USER_EC2_CREDENTIALS = {
"credentials": [
{
'user_id': '9beb0e12f3e5416db8d7cccfc785db3b',
'access': '79abf59acc77492a86170cbe2f1feafa',
'secret': 'c4e7d3a691fd4563873d381a40320f46',
'trust_id': None,
'tenant_id': '596557269d7b4dd78631a602eb9f151d'
},
{
'user_id': '3beb0e12f3e5416db8d7cccfc785de4r',
'access': '45abf59acc77492a86170cbe2f1fesde',
'secret': 'g4e7d3a691fd4563873d381a40320e45',
'trust_id': None,
'tenant_id': '123557269d7b4dd78631a602eb9f112f'
}
]
}
def setUp(self):
super(TestUsersClient, self).setUp()
fake_auth = fake_auth_provider.FakeAuthProvider()
@ -201,6 +230,33 @@ class TestUsersClient(base.BaseServiceTest):
user_id='817fb3c23fd7465ba6d7fe1b1320121d',
)
def _test_create_user_ec2_credential(self, bytes_body=False):
self.check_service_client_function(
self.client.create_user_ec2_credential,
'tempest.lib.common.rest_client.RestClient.post',
self.FAKE_USER_EC2_CREDENTIAL_INFO,
bytes_body,
status=201,
user_id="1",
tenant_id="123")
def _test_show_user_ec2_credential(self, bytes_body=False):
self.check_service_client_function(
self.client.show_user_ec2_credential,
'tempest.lib.common.rest_client.RestClient.get',
self.FAKE_USER_EC2_CREDENTIAL_INFO,
bytes_body,
user_id="1",
access="123")
def _test_list_user_ec2_credentials(self, bytes_body=False):
self.check_service_client_function(
self.client.list_user_ec2_credentials,
'tempest.lib.common.rest_client.RestClient.get',
self.FAKE_LIST_USER_EC2_CREDENTIALS,
bytes_body,
user_id="1")
def test_create_user_with_string_body(self):
self._test_create_user()
@ -255,3 +311,30 @@ class TestUsersClient(base.BaseServiceTest):
user_id='817fb3c23fd7465ba6d7fe1b1320121d',
password='NewTempestPassword',
original_password='OldTempestPassword')
def test_create_user_ec2_credential_with_str_body(self):
self._test_create_user_ec2_credential()
def test_create_user_ec2_credential_with_bytes_body(self):
self._test_create_user_ec2_credential(bytes_body=True)
def test_show_user_ec2_credential_with_str_body(self):
self._test_show_user_ec2_credential()
def test_show_user_ec2_credential_with_bytes_body(self):
self._test_show_user_ec2_credential(bytes_body=True)
def test_list_user_ec2_credentials_with_str_body(self):
self._test_list_user_ec2_credentials()
def test_list_user_ec2_credentials_with_bytes_body(self):
self._test_list_user_ec2_credentials(bytes_body=True)
def test_delete_user_ec2_credential(self):
self.check_service_client_function(
self.client.delete_user_ec2_credential,
'tempest.lib.common.rest_client.RestClient.delete',
{},
user_id="123",
access="1234",
status=204)