diff --git a/releasenotes/notes/add-keystone-v3-ec2-tests-d959b7d36f0bd7fc.yaml b/releasenotes/notes/add-keystone-v3-ec2-tests-d959b7d36f0bd7fc.yaml new file mode 100644 index 0000000000..ab8d748670 --- /dev/null +++ b/releasenotes/notes/add-keystone-v3-ec2-tests-d959b7d36f0bd7fc.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Added missing clients and tests for keystone's v3 EC2 API which already + existed for keystone v2. diff --git a/tempest/api/identity/v3/test_ec2_credentials.py b/tempest/api/identity/v3/test_ec2_credentials.py new file mode 100644 index 0000000000..a2cbc4aab1 --- /dev/null +++ b/tempest/api/identity/v3/test_ec2_credentials.py @@ -0,0 +1,113 @@ +# Copyright 2020 SUSE LLC +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.api.identity import base +from tempest.common import utils +from tempest.lib import decorators +from tempest.lib import exceptions as lib_exc + + +class EC2CredentialsTest(base.BaseIdentityV3Test): + + @classmethod + def skip_checks(cls): + super(EC2CredentialsTest, cls).skip_checks() + if not utils.is_extension_enabled('OS-EC2', 'identity'): + msg = "OS-EC2 identity extension not enabled." + raise cls.skipException(msg) + + @classmethod + def resource_setup(cls): + super(EC2CredentialsTest, cls).resource_setup() + cls.creds = cls.os_primary.credentials + + @decorators.idempotent_id('b0f55a29-54e5-4166-999d-712347e0c920') + def test_create_ec2_credential(self): + """Create user ec2 credential.""" + resp = self.non_admin_users_client.create_user_ec2_credential( + self.creds.user_id, + tenant_id=self.creds.tenant_id)["credential"] + access = resp['access'] + self.addCleanup( + self.non_admin_users_client.delete_user_ec2_credential, + self.creds.user_id, access) + self.assertNotEmpty(resp['access']) + self.assertNotEmpty(resp['secret']) + self.assertEqual(self.creds.user_id, resp['user_id']) + self.assertEqual(self.creds.tenant_id, resp['tenant_id']) + + @decorators.idempotent_id('897813f0-160c-4fdc-aabc-24ee635ce4a9') + def test_list_ec2_credentials(self): + """Get the list of user ec2 credentials.""" + created_creds = [] + # create first ec2 credentials + creds1 = self.non_admin_users_client.create_user_ec2_credential( + self.creds.user_id, + tenant_id=self.creds.tenant_id)["credential"] + created_creds.append(creds1['access']) + self.addCleanup( + self.non_admin_users_client.delete_user_ec2_credential, + self.creds.user_id, creds1['access']) + + # create second ec2 credentials + creds2 = self.non_admin_users_client.create_user_ec2_credential( + self.creds.user_id, + tenant_id=self.creds.tenant_id)["credential"] + created_creds.append(creds2['access']) + self.addCleanup( + self.non_admin_users_client.delete_user_ec2_credential, + self.creds.user_id, creds2['access']) + + # get the list of user ec2 credentials + resp = self.non_admin_users_client.list_user_ec2_credentials( + self.creds.user_id)["credentials"] + fetched_creds = [cred['access'] for cred in resp] + # created credentials should be in a fetched list + missing = [cred for cred in created_creds + if cred not in fetched_creds] + self.assertEmpty(missing, + "Failed to find ec2_credentials %s in fetched list" % + ', '.join(cred for cred in missing)) + + @decorators.idempotent_id('8b8d1010-5958-48df-a6cd-5e3df72e6bcf') + def test_show_ec2_credential(self): + """Get the definite user ec2 credential.""" + resp = self.non_admin_users_client.create_user_ec2_credential( + self.creds.user_id, + tenant_id=self.creds.tenant_id)["credential"] + self.addCleanup( + self.non_admin_users_client.delete_user_ec2_credential, + self.creds.user_id, resp['access']) + + ec2_creds = self.non_admin_users_client.show_user_ec2_credential( + self.creds.user_id, resp['access'] + )["credential"] + for key in ['access', 'secret', 'user_id', 'tenant_id']: + self.assertEqual(ec2_creds[key], resp[key]) + + @decorators.idempotent_id('9408d61b-8be0-4a8d-9b85-14f61edb456b') + def test_delete_ec2_credential(self): + """Delete user ec2 credential.""" + resp = self.non_admin_users_client.create_user_ec2_credential( + self.creds.user_id, + tenant_id=self.creds.tenant_id)["credential"] + access = resp['access'] + self.non_admin_users_client.delete_user_ec2_credential( + self.creds.user_id, access) + self.assertRaises( + lib_exc.NotFound, + self.non_admin_users_client.show_user_ec2_credential, + self.creds.user_id, + access) diff --git a/tempest/lib/services/identity/v3/users_client.py b/tempest/lib/services/identity/v3/users_client.py index f47730f6a6..bba02a494f 100644 --- a/tempest/lib/services/identity/v3/users_client.py +++ b/tempest/lib/services/identity/v3/users_client.py @@ -118,3 +118,30 @@ class UsersClient(rest_client.RestClient): self.expected_success(200, resp.status) body = json.loads(body) return rest_client.ResponseBody(resp, body) + + def create_user_ec2_credential(self, user_id, **kwargs): + post_body = json.dumps(kwargs) + resp, body = self.post('/users/%s/credentials/OS-EC2' % user_id, + post_body) + self.expected_success(201, resp.status) + body = json.loads(body) + return rest_client.ResponseBody(resp, body) + + def delete_user_ec2_credential(self, user_id, access): + resp, body = self.delete('/users/%s/credentials/OS-EC2/%s' % + (user_id, access)) + self.expected_success(204, resp.status) + return rest_client.ResponseBody(resp, body) + + def list_user_ec2_credentials(self, user_id): + resp, body = self.get('/users/%s/credentials/OS-EC2' % user_id) + self.expected_success(200, resp.status) + body = json.loads(body) + return rest_client.ResponseBody(resp, body) + + def show_user_ec2_credential(self, user_id, access): + resp, body = self.get('/users/%s/credentials/OS-EC2/%s' % + (user_id, access)) + self.expected_success(200, resp.status) + body = json.loads(body) + return rest_client.ResponseBody(resp, body) diff --git a/tempest/tests/lib/services/identity/v3/test_users_client.py b/tempest/tests/lib/services/identity/v3/test_users_client.py index c0dfdaec40..7be04802b0 100644 --- a/tempest/tests/lib/services/identity/v3/test_users_client.py +++ b/tempest/tests/lib/services/identity/v3/test_users_client.py @@ -141,6 +141,35 @@ class TestUsersClient(base.BaseServiceTest): ] } + FAKE_USER_EC2_CREDENTIAL_INFO = { + "credential": { + 'user_id': '9beb0e12f3e5416db8d7cccfc785db3b', + 'access': '79abf59acc77492a86170cbe2f1feafa', + 'secret': 'c4e7d3a691fd4563873d381a40320f46', + 'trust_id': None, + 'tenant_id': '596557269d7b4dd78631a602eb9f151d' + } + } + + FAKE_LIST_USER_EC2_CREDENTIALS = { + "credentials": [ + { + 'user_id': '9beb0e12f3e5416db8d7cccfc785db3b', + 'access': '79abf59acc77492a86170cbe2f1feafa', + 'secret': 'c4e7d3a691fd4563873d381a40320f46', + 'trust_id': None, + 'tenant_id': '596557269d7b4dd78631a602eb9f151d' + }, + { + 'user_id': '3beb0e12f3e5416db8d7cccfc785de4r', + 'access': '45abf59acc77492a86170cbe2f1fesde', + 'secret': 'g4e7d3a691fd4563873d381a40320e45', + 'trust_id': None, + 'tenant_id': '123557269d7b4dd78631a602eb9f112f' + } + ] + } + def setUp(self): super(TestUsersClient, self).setUp() fake_auth = fake_auth_provider.FakeAuthProvider() @@ -201,6 +230,33 @@ class TestUsersClient(base.BaseServiceTest): user_id='817fb3c23fd7465ba6d7fe1b1320121d', ) + def _test_create_user_ec2_credential(self, bytes_body=False): + self.check_service_client_function( + self.client.create_user_ec2_credential, + 'tempest.lib.common.rest_client.RestClient.post', + self.FAKE_USER_EC2_CREDENTIAL_INFO, + bytes_body, + status=201, + user_id="1", + tenant_id="123") + + def _test_show_user_ec2_credential(self, bytes_body=False): + self.check_service_client_function( + self.client.show_user_ec2_credential, + 'tempest.lib.common.rest_client.RestClient.get', + self.FAKE_USER_EC2_CREDENTIAL_INFO, + bytes_body, + user_id="1", + access="123") + + def _test_list_user_ec2_credentials(self, bytes_body=False): + self.check_service_client_function( + self.client.list_user_ec2_credentials, + 'tempest.lib.common.rest_client.RestClient.get', + self.FAKE_LIST_USER_EC2_CREDENTIALS, + bytes_body, + user_id="1") + def test_create_user_with_string_body(self): self._test_create_user() @@ -255,3 +311,30 @@ class TestUsersClient(base.BaseServiceTest): user_id='817fb3c23fd7465ba6d7fe1b1320121d', password='NewTempestPassword', original_password='OldTempestPassword') + + def test_create_user_ec2_credential_with_str_body(self): + self._test_create_user_ec2_credential() + + def test_create_user_ec2_credential_with_bytes_body(self): + self._test_create_user_ec2_credential(bytes_body=True) + + def test_show_user_ec2_credential_with_str_body(self): + self._test_show_user_ec2_credential() + + def test_show_user_ec2_credential_with_bytes_body(self): + self._test_show_user_ec2_credential(bytes_body=True) + + def test_list_user_ec2_credentials_with_str_body(self): + self._test_list_user_ec2_credentials() + + def test_list_user_ec2_credentials_with_bytes_body(self): + self._test_list_user_ec2_credentials(bytes_body=True) + + def test_delete_user_ec2_credential(self): + self.check_service_client_function( + self.client.delete_user_ec2_credential, + 'tempest.lib.common.rest_client.RestClient.delete', + {}, + user_id="123", + access="1234", + status=204)