diff --git a/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml new file mode 100644 index 0000000000..d927a685a0 --- /dev/null +++ b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml @@ -0,0 +1,23 @@ +--- +upgrade: + - | + Tests for identity v2 API have been removed. + +deprecations: + - | + The following options have been formally deprecated. These options were + used to test identity v2 API which was removed during Queens cycle. + The tests for identity v2 API were removed from tempest and these options + have no effect. + + - ``[identity] uri`` + - ``[identity] v2_admin_endpoint_type`` + - ``[identity] v2_public_endpoint_type`` + - ``[identity-feature-enabled] api_v2_admin`` + + - | + The following options have been deprecated because only identity v3 API + is used. + + - ``[identity] auth_version`` + - ``[identity-feature-enabled] api_v3`` diff --git a/tempest/api/identity/admin/v2/__init__.py b/tempest/api/identity/admin/v2/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/tempest/api/identity/admin/v2/test_endpoints.py b/tempest/api/identity/admin/v2/test_endpoints.py deleted file mode 100644 index 20d023b4b3..0000000000 --- a/tempest/api/identity/admin/v2/test_endpoints.py +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright 2013 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators - -CONF = config.CONF - - -class EndPointsTestJSON(base.BaseIdentityV2AdminTest): - """Test keystone v2 endpoints""" - - @classmethod - def resource_setup(cls): - super(EndPointsTestJSON, cls).resource_setup() - s_name = data_utils.rand_name( - name='service', prefix=CONF.resource_name_prefix) - s_type = data_utils.rand_name( - name='type', prefix=CONF.resource_name_prefix) - s_description = data_utils.rand_name( - name='description', prefix=CONF.resource_name_prefix) - service_data = cls.services_client.create_service( - name=s_name, type=s_type, - description=s_description)['OS-KSADM:service'] - cls.addClassResourceCleanup(cls.services_client.delete_service, - service_data['id']) - cls.service_id = service_data['id'] - # Create endpoints so as to use for LIST and GET test cases - cls.setup_endpoints = list() - for _ in range(2): - region = data_utils.rand_name( - name='region', prefix=CONF.resource_name_prefix) - url = data_utils.rand_url() - endpoint = cls.endpoints_client.create_endpoint( - service_id=cls.service_id, - region=region, - publicurl=url, - adminurl=url, - internalurl=url)['endpoint'] - cls.addClassResourceCleanup(cls.endpoints_client.delete_endpoint, - endpoint['id']) - # list_endpoints() will return 'enabled' field - endpoint['enabled'] = True - cls.setup_endpoints.append(endpoint) - - @decorators.idempotent_id('11f590eb-59d8-4067-8b2b-980c7f387f51') - def test_list_endpoints(self): - """Test listing keystone endpoints""" - # Get a list of endpoints - fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints'] - # Asserting LIST endpoints - missing_endpoints =\ - [e for e in self.setup_endpoints if e not in fetched_endpoints] - self.assertEmpty(missing_endpoints, - "Failed to find endpoint %s in fetched list" % - ', '.join(str(e) for e in missing_endpoints)) - - @decorators.idempotent_id('9974530a-aa28-4362-8403-f06db02b26c1') - def test_create_list_delete_endpoint(self): - """Test creating, listing and deleting a keystone endpoint""" - region = data_utils.rand_name( - name='region', prefix=CONF.resource_name_prefix) - url = data_utils.rand_url() - endpoint = self.endpoints_client.create_endpoint( - service_id=self.service_id, - region=region, - publicurl=url, - adminurl=url, - internalurl=url)['endpoint'] - # Asserting Create Endpoint response body - self.assertIn('id', endpoint) - self.assertEqual(region, endpoint['region']) - self.assertEqual(url, endpoint['publicurl']) - # Checking if created endpoint is present in the list of endpoints - fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints'] - fetched_endpoints_id = [e['id'] for e in fetched_endpoints] - self.assertIn(endpoint['id'], fetched_endpoints_id) - # Deleting the endpoint created in this method - self.endpoints_client.delete_endpoint(endpoint['id']) - # Checking whether endpoint is deleted successfully - fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints'] - fetched_endpoints_id = [e['id'] for e in fetched_endpoints] - self.assertNotIn(endpoint['id'], fetched_endpoints_id) diff --git a/tempest/api/identity/admin/v2/test_roles.py b/tempest/api/identity/admin/v2/test_roles.py deleted file mode 100644 index 6d384ab5fa..0000000000 --- a/tempest/api/identity/admin/v2/test_roles.py +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib.common.utils import test_utils -from tempest.lib import decorators - -CONF = config.CONF - - -class RolesTestJSON(base.BaseIdentityV2AdminTest): - - @classmethod - def resource_setup(cls): - super(RolesTestJSON, cls).resource_setup() - cls.roles = list() - for _ in range(5): - role_name = data_utils.rand_name( - name='role', prefix=CONF.resource_name_prefix) - role = cls.roles_client.create_role(name=role_name)['role'] - cls.addClassResourceCleanup( - test_utils.call_and_ignore_notfound_exc, - cls.roles_client.delete_role, role['id']) - cls.roles.append(role) - - def _get_role_params(self): - user = self.setup_test_user() - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - role = self.setup_test_role() - return (user, tenant, role) - - def assert_role_in_role_list(self, role, roles): - found = False - for user_role in roles: - if user_role['id'] == role['id']: - found = True - self.assertTrue(found, "assigned role was not in list") - - @decorators.idempotent_id('75d9593f-50b7-4fcf-bd64-e3fb4a278e23') - def test_list_roles(self): - """Return a list of all roles.""" - body = self.roles_client.list_roles()['roles'] - found = [role for role in body if role in self.roles] - self.assertNotEmpty(found) - self.assertEqual(len(found), len(self.roles)) - - @decorators.idempotent_id('c62d909d-6c21-48c0-ae40-0a0760e6db5e') - def test_role_create_delete(self): - """Role should be created, verified, and deleted.""" - role_name = data_utils.rand_name( - name='role-test', prefix=CONF.resource_name_prefix) - body = self.roles_client.create_role(name=role_name)['role'] - self.addCleanup(test_utils.call_and_ignore_notfound_exc, - self.roles_client.delete_role, body['id']) - self.assertEqual(role_name, body['name']) - - body = self.roles_client.list_roles()['roles'] - found = [role for role in body if role['name'] == role_name] - self.assertNotEmpty(found) - - body = self.roles_client.delete_role(found[0]['id']) - - body = self.roles_client.list_roles()['roles'] - found = [role for role in body if role['name'] == role_name] - self.assertEmpty(found) - - @decorators.idempotent_id('db6870bd-a6ed-43be-a9b1-2f10a5c9994f') - def test_get_role_by_id(self): - """Get a role by its id.""" - role = self.setup_test_role() - role_id = role['id'] - role_name = role['name'] - body = self.roles_client.show_role(role_id)['role'] - self.assertEqual(role_id, body['id']) - self.assertEqual(role_name, body['name']) - - @decorators.idempotent_id('0146f675-ffbd-4208-b3a4-60eb628dbc5e') - def test_assign_user_role(self): - """Assign a role to a user on a tenant.""" - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - roles = self.roles_client.list_user_roles_on_project( - tenant['id'], user['id'])['roles'] - self.assert_role_in_role_list(role, roles) - - @decorators.idempotent_id('f0b9292c-d3ba-4082-aa6c-440489beef69') - def test_remove_user_role(self): - """Remove a role assigned to a user on a tenant.""" - (user, tenant, role) = self._get_role_params() - user_role = self.roles_client.create_user_role_on_project( - tenant['id'], user['id'], role['id'])['role'] - self.roles_client.delete_role_from_user_on_project(tenant['id'], - user['id'], - user_role['id']) - - @decorators.idempotent_id('262e1e3e-ed71-4edd-a0e5-d64e83d66d05') - def test_list_user_roles(self): - """List roles assigned to a user on tenant.""" - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - roles = self.roles_client.list_user_roles_on_project( - tenant['id'], user['id'])['roles'] - self.assert_role_in_role_list(role, roles) diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py deleted file mode 100644 index 0f0466eece..0000000000 --- a/tempest/api/identity/admin/v2/test_roles_negative.py +++ /dev/null @@ -1,296 +0,0 @@ -# Copyright 2013 Huawei Technologies Co.,LTD. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -CONF = config.CONF - - -class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest): - """Negative tests of keystone roles via v2 API""" - - def _get_role_params(self): - user = self.setup_test_user() - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - role = self.setup_test_role() - return (user, tenant, role) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('d5d5f1df-f8ca-4de0-b2ef-259c1cc67025') - def test_list_roles_by_unauthorized_user(self): - """Test Non-admin user should not be able to list roles via v2 API""" - self.assertRaises(lib_exc.Forbidden, - self.non_admin_roles_client.list_roles) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('11a3c7da-df6c-40c2-abc2-badd682edf9f') - def test_list_roles_request_without_token(self): - """Test listing roles without a valid token via v2 API should fail""" - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises(lib_exc.Unauthorized, self.roles_client.list_roles) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('c0b89e56-accc-4c73-85f8-9c0f866104c1') - def test_role_create_blank_name(self): - """Test creating a role with a blank name via v2 API is not allowed""" - self.assertRaises(lib_exc.BadRequest, self.roles_client.create_role, - name='') - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('585c8998-a8a4-4641-a5dd-abef7a8ced00') - def test_create_role_by_unauthorized_user(self): - """Test non-admin user should not be able to create role via v2 API""" - role_name = data_utils.rand_name( - name='role', prefix=CONF.resource_name_prefix) - self.assertRaises(lib_exc.Forbidden, - self.non_admin_roles_client.create_role, - name=role_name) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('a7edd17a-e34a-4aab-8bb7-fa6f498645b8') - def test_create_role_request_without_token(self): - """Test creating role without a valid token via v2 API should fail""" - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - role_name = data_utils.rand_name( - name='role', prefix=CONF.resource_name_prefix) - self.assertRaises(lib_exc.Unauthorized, - self.roles_client.create_role, name=role_name) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('c0cde2c8-81c1-4bb0-8fe2-cf615a3547a8') - def test_role_create_duplicate(self): - """Test role names should be unique via v2 API""" - role_name = data_utils.rand_name( - name='role-dup', prefix=CONF.resource_name_prefix) - body = self.roles_client.create_role(name=role_name)['role'] - role1_id = body.get('id') - self.addCleanup(self.roles_client.delete_role, role1_id) - self.assertRaises(lib_exc.Conflict, self.roles_client.create_role, - name=role_name) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('15347635-b5b1-4a87-a280-deb2bd6d865e') - def test_delete_role_by_unauthorized_user(self): - """Test non-admin user should not be able to delete role via v2 API""" - role_name = data_utils.rand_name( - name='role', prefix=CONF.resource_name_prefix) - body = self.roles_client.create_role(name=role_name)['role'] - self.addCleanup(self.roles_client.delete_role, body['id']) - role_id = body.get('id') - self.assertRaises(lib_exc.Forbidden, - self.non_admin_roles_client.delete_role, role_id) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('44b60b20-70de-4dac-beaf-a3fc2650a16b') - def test_delete_role_request_without_token(self): - """Test deleting role without a valid token via v2 API should fail""" - role_name = data_utils.rand_name( - name='role', prefix=CONF.resource_name_prefix) - body = self.roles_client.create_role(name=role_name)['role'] - self.addCleanup(self.roles_client.delete_role, body['id']) - role_id = body.get('id') - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises(lib_exc.Unauthorized, - self.roles_client.delete_role, - role_id) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('38373691-8551-453a-b074-4260ad8298ef') - def test_delete_role_non_existent(self): - """Test deleting a non existent role via v2 API should fail""" - non_existent_role = data_utils.rand_uuid_hex() - self.assertRaises(lib_exc.NotFound, self.roles_client.delete_role, - non_existent_role) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('391df5cf-3ec3-46c9-bbe5-5cb58dd4dc41') - def test_assign_user_role_by_unauthorized_user(self): - """Test non-admin user assigning a role to user via v2 API - - Non-admin user should not be authorized to assign a role to user via - v2 API. - """ - (user, tenant, role) = self._get_role_params() - self.assertRaises( - lib_exc.Forbidden, - self.non_admin_roles_client.create_user_role_on_project, - tenant['id'], user['id'], role['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('f0d2683c-5603-4aee-95d7-21420e87cfd8') - def test_assign_user_role_request_without_token(self): - """Test assigning a role to a user without a valid token via v2 API - - Assigning a role to a user without a valid token via v2 API should - fail. - """ - (user, tenant, role) = self._get_role_params() - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises( - lib_exc.Unauthorized, - self.roles_client.create_user_role_on_project, tenant['id'], - user['id'], role['id']) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('99b297f6-2b5d-47c7-97a9-8b6bb4f91042') - def test_assign_user_role_for_non_existent_role(self): - """Test assigning a non existent role to user via v2 API - - Assigning a non existent role to user via v2 API should fail. - """ - (user, tenant, _) = self._get_role_params() - non_existent_role = data_utils.rand_uuid_hex() - self.assertRaises(lib_exc.NotFound, - self.roles_client.create_user_role_on_project, - tenant['id'], user['id'], non_existent_role) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('b2285aaa-9e76-4704-93a9-7a8acd0a6c8f') - def test_assign_user_role_for_non_existent_tenant(self): - """Test assigning a role on a non existent tenant via v2 API - - Assigning a role on a non existent tenant via v2 API should fail. - """ - (user, _, role) = self._get_role_params() - non_existent_tenant = data_utils.rand_uuid_hex() - self.assertRaises(lib_exc.NotFound, - self.roles_client.create_user_role_on_project, - non_existent_tenant, user['id'], role['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('5c3132cd-c4c8-4402-b5ea-71eb44e97793') - def test_assign_duplicate_user_role(self): - """Test duplicate user role should not get assigned via v2 API""" - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - self.assertRaises(lib_exc.Conflict, - self.roles_client.create_user_role_on_project, - tenant['id'], user['id'], role['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('d0537987-0977-448f-a435-904c15de7298') - def test_remove_user_role_by_unauthorized_user(self): - """Test non-admin user removing a user's role via v2 API - - Non-admin user should not be authorized to remove a user's role via - v2 API - """ - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - self.assertRaises( - lib_exc.Forbidden, - self.non_admin_roles_client.delete_role_from_user_on_project, - tenant['id'], user['id'], role['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('cac81cf4-c1d2-47dc-90d3-f2b7eb572286') - def test_remove_user_role_request_without_token(self): - """Test removing a user's role without a valid token via v2 API - - Removing a user's role without a valid token via v2 API should fail. - """ - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises(lib_exc.Unauthorized, - self.roles_client.delete_role_from_user_on_project, - tenant['id'], user['id'], role['id']) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('ab32d759-cd16-41f1-a86e-44405fa9f6d2') - def test_remove_user_role_non_existent_role(self): - """Test deleting a non existent role from a user via v2 API - - Deleting a non existent role from a user via v2 API should fail. - """ - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - non_existent_role = data_utils.rand_uuid_hex() - self.assertRaises(lib_exc.NotFound, - self.roles_client.delete_role_from_user_on_project, - tenant['id'], user['id'], non_existent_role) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('67a679ec-03dd-4551-bbfc-d1c93284f023') - def test_remove_user_role_non_existent_tenant(self): - """Test removing a role from a non existent tenant via v2 API - - Removing a role from a non existent tenant via v2 API should fail. - """ - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - non_existent_tenant = data_utils.rand_uuid_hex() - self.assertRaises(lib_exc.NotFound, - self.roles_client.delete_role_from_user_on_project, - non_existent_tenant, user['id'], role['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('7391ab4c-06f3-477a-a64a-c8e55ce89837') - def test_list_user_roles_by_unauthorized_user(self): - """Test non-admin user listing a user's roles via v2 API - - Non-admin user should not be authorized to list a user's roles via v2 - API. - """ - (user, tenant, role) = self._get_role_params() - self.roles_client.create_user_role_on_project(tenant['id'], - user['id'], - role['id']) - self.assertRaises( - lib_exc.Forbidden, - self.non_admin_roles_client.list_user_roles_on_project, - tenant['id'], user['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('682adfb2-fd5f-4b0a-a9ca-322e9bebb907') - def test_list_user_roles_request_without_token(self): - """Test listing user's roles without a valid token via v2 API - - Listing user's roles without a valid token via v2 API should fail - """ - (user, tenant, _) = self._get_role_params() - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - try: - self.assertRaises(lib_exc.Unauthorized, - self.roles_client.list_user_roles_on_project, - tenant['id'], - user['id']) - finally: - self.client.auth_provider.clear_auth() diff --git a/tempest/api/identity/admin/v2/test_services.py b/tempest/api/identity/admin/v2/test_services.py deleted file mode 100644 index 0e5d3783fe..0000000000 --- a/tempest/api/identity/admin/v2/test_services.py +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -CONF = config.CONF - - -class ServicesTestJSON(base.BaseIdentityV2AdminTest): - """Test identity services via v2 API""" - - def _del_service(self, service_id): - # Deleting the service created in this method - self.services_client.delete_service(service_id) - # Checking whether service is deleted successfully - self.assertRaises(lib_exc.NotFound, self.services_client.show_service, - service_id) - - @decorators.idempotent_id('84521085-c6e6-491c-9a08-ec9f70f90110') - def test_create_get_delete_service(self): - """Test verifies the identity service create/get/delete via v2 API""" - # GET Service - # Creating a Service - name = data_utils.rand_name( - name='service', prefix=CONF.resource_name_prefix) - s_type = data_utils.rand_name( - name='type', prefix=CONF.resource_name_prefix) - description = data_utils.rand_name( - name='description', prefix=CONF.resource_name_prefix) - service_data = self.services_client.create_service( - name=name, type=s_type, - description=description)['OS-KSADM:service'] - self.assertIsNotNone(service_data['id']) - self.addCleanup(self._del_service, service_data['id']) - # Verifying response body of create service - self.assertIn('name', service_data) - self.assertEqual(name, service_data['name']) - self.assertIn('type', service_data) - self.assertEqual(s_type, service_data['type']) - self.assertIn('description', service_data) - self.assertEqual(description, service_data['description']) - # Get service - fetched_service = ( - self.services_client.show_service(service_data['id']) - ['OS-KSADM:service']) - # verifying the existence of service created - self.assertIn('id', fetched_service) - self.assertEqual(fetched_service['id'], service_data['id']) - self.assertIn('name', fetched_service) - self.assertEqual(fetched_service['name'], service_data['name']) - self.assertIn('type', fetched_service) - self.assertEqual(fetched_service['type'], service_data['type']) - self.assertIn('description', fetched_service) - self.assertEqual(fetched_service['description'], - service_data['description']) - - @decorators.idempotent_id('5d3252c8-e555-494b-a6c8-e11d7335da42') - def test_create_service_without_description(self): - """Test creating identity service without description via v2 API - - Create a service only with name and type. - """ - name = data_utils.rand_name( - name='service', prefix=CONF.resource_name_prefix) - s_type = data_utils.rand_name( - name='type', prefix=CONF.resource_name_prefix) - service = self.services_client.create_service( - name=name, type=s_type)['OS-KSADM:service'] - self.assertIn('id', service) - self.addCleanup(self._del_service, service['id']) - self.assertIn('name', service) - self.assertEqual(name, service['name']) - self.assertIn('type', service) - self.assertEqual(s_type, service['type']) - - @decorators.attr(type='smoke') - @decorators.idempotent_id('34ea6489-012d-4a86-9038-1287cadd5eca') - def test_list_services(self): - """Test Create/List/Verify/Delete of identity service via v2 API""" - services = [] - for _ in range(3): - name = data_utils.rand_name( - name='service', prefix=CONF.resource_name_prefix) - s_type = data_utils.rand_name( - name='type', prefix=CONF.resource_name_prefix) - description = data_utils.rand_name( - name='description', prefix=CONF.resource_name_prefix) - - service = self.services_client.create_service( - name=name, type=s_type, - description=description)['OS-KSADM:service'] - self.addCleanup(self.services_client.delete_service, service['id']) - services.append(service) - service_ids = [svc['id'] for svc in services] - - # List and Verify Services - body = self.services_client.list_services()['OS-KSADM:services'] - found = [serv for serv in body if serv['id'] in service_ids] - self.assertEqual(len(found), len(services), 'Services not found') diff --git a/tempest/api/identity/admin/v2/test_tenant_negative.py b/tempest/api/identity/admin/v2/test_tenant_negative.py deleted file mode 100644 index 4c7c44ccd9..0000000000 --- a/tempest/api/identity/admin/v2/test_tenant_negative.py +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 2013 Huawei Technologies Co.,LTD. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -CONF = config.CONF - - -class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest): - """Negative tests of keystone tenants via v2 API""" - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('ca9bb202-63dd-4240-8a07-8ef9c19c04bb') - def test_list_tenants_by_unauthorized_user(self): - """Test Non-admin should not be able to list tenants via v2 API""" - self.assertRaises(lib_exc.Forbidden, - self.non_admin_tenants_client.list_tenants) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('df33926c-1c96-4d8d-a762-79cc6b0c3cf4') - def test_list_tenant_request_without_token(self): - """Test listing tenants without a valid token via v2 API - - Listing tenants without a valid token via v2 API should fail. - """ - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises(lib_exc.Unauthorized, - self.tenants_client.list_tenants) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('162ba316-f18b-4987-8c0c-fd9140cd63ed') - def test_tenant_delete_by_unauthorized_user(self): - """Test non-admin should not be able to delete a tenant via v2 API""" - tenant = self.setup_test_tenant() - self.assertRaises(lib_exc.Forbidden, - self.non_admin_tenants_client.delete_tenant, - tenant['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('e450db62-2e9d-418f-893a-54772d6386b1') - def test_tenant_delete_request_without_token(self): - """Test deleting a tenant without a valid token via v2 API - - Deleting a tenant without a valid token via v2 API should fail. - """ - tenant = self.setup_test_tenant() - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises(lib_exc.Unauthorized, - self.tenants_client.delete_tenant, - tenant['id']) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('9c9a2aed-6e3c-467a-8f5c-89da9d1b516b') - def test_delete_non_existent_tenant(self): - """Test deleting a non existent tenant via v2 API should fail""" - self.assertRaises(lib_exc.NotFound, self.tenants_client.delete_tenant, - data_utils.rand_uuid_hex()) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('af16f44b-a849-46cb-9f13-a751c388f739') - def test_tenant_create_duplicate(self): - """Test tenant names should be unique via v2 API""" - tenant_name = data_utils.rand_name( - name='tenant', prefix=CONF.resource_name_prefix) - self.setup_test_tenant(name=tenant_name) - self.assertRaises(lib_exc.Conflict, self.tenants_client.create_tenant, - name=tenant_name) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('d26b278a-6389-4702-8d6e-5980d80137e0') - def test_create_tenant_by_unauthorized_user(self): - """Test non-admin user creating a tenant via v2 API - - Non-admin user should not be authorized to create a tenant via v2 API. - """ - tenant_name = data_utils.rand_name( - name='tenant', prefix=CONF.resource_name_prefix) - self.assertRaises(lib_exc.Forbidden, - self.non_admin_tenants_client.create_tenant, - name=tenant_name) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('a3ee9d7e-6920-4dd5-9321-d4b2b7f0a638') - def test_create_tenant_request_without_token(self): - """Test creating tenant without a token via v2 API is not allowed""" - tenant_name = data_utils.rand_name( - name='tenant', prefix=CONF.resource_name_prefix) - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises(lib_exc.Unauthorized, - self.tenants_client.create_tenant, - name=tenant_name) - self.client.auth_provider.clear_auth() - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('5a2e4ca9-b0c0-486c-9c48-64a94fba2395') - def test_create_tenant_with_empty_name(self): - """Test tenant name should not be empty via v2 API""" - self.assertRaises(lib_exc.BadRequest, - self.tenants_client.create_tenant, - name='') - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('2ff18d1e-dfe3-4359-9dc3-abf582c196b9') - def test_create_tenants_name_length_over_64(self): - """Test tenant name length should not exceed 64 via v2 API""" - tenant_name = 'a' * 65 - self.assertRaises(lib_exc.BadRequest, - self.tenants_client.create_tenant, - name=tenant_name) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('bd20dc2a-9557-4db7-b755-f48d952ad706') - def test_update_non_existent_tenant(self): - """Test updating a non existent tenant via v2 API should fail""" - self.assertRaises(lib_exc.NotFound, self.tenants_client.update_tenant, - data_utils.rand_uuid_hex()) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('41704dc5-c5f7-4f79-abfa-76e6fedc570b') - def test_tenant_update_by_unauthorized_user(self): - """Test non-admin user updating a tenant via v2 API - - Non-admin user should not be able to update a tenant via v2 API - """ - tenant = self.setup_test_tenant() - self.assertRaises(lib_exc.Forbidden, - self.non_admin_tenants_client.update_tenant, - tenant['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('7a421573-72c7-4c22-a98e-ce539219c657') - def test_tenant_update_request_without_token(self): - """Test updating a tenant without a valid token via v2 API - - Updating a tenant without a valid token via v2 API should fail - """ - tenant = self.setup_test_tenant() - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - self.assertRaises(lib_exc.Unauthorized, - self.tenants_client.update_tenant, - tenant['id']) - self.client.auth_provider.clear_auth() diff --git a/tempest/api/identity/admin/v2/test_tenants.py b/tempest/api/identity/admin/v2/test_tenants.py deleted file mode 100644 index 4f674a8498..0000000000 --- a/tempest/api/identity/admin/v2/test_tenants.py +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators - -CONF = config.CONF - - -class TenantsTestJSON(base.BaseIdentityV2AdminTest): - """Test identity tenants via v2 API""" - - @decorators.idempotent_id('16c6e05c-6112-4b0e-b83f-5e43f221b6b0') - def test_tenant_list_delete(self): - """Test listing and deleting tenants via v2 API - - Create several tenants and delete them - """ - tenants = [] - for _ in range(3): - tenant = self.setup_test_tenant() - tenants.append(tenant) - tenant_ids = [tn['id'] for tn in tenants] - body = self.tenants_client.list_tenants()['tenants'] - found = [t for t in body if t['id'] in tenant_ids] - self.assertEqual(len(found), len(tenants), 'Tenants not created') - - for tenant in tenants: - self.tenants_client.delete_tenant(tenant['id']) - - body = self.tenants_client.list_tenants()['tenants'] - found = [tenant for tenant in body if tenant['id'] in tenant_ids] - self.assertEmpty(found, 'Tenants failed to delete') - - @decorators.idempotent_id('d25e9f24-1310-4d29-b61b-d91299c21d6d') - def test_tenant_create_with_description(self): - """Test creating tenant with a description via v2 API""" - tenant_desc = data_utils.rand_name( - name='desc', prefix=CONF.resource_name_prefix) - tenant = self.setup_test_tenant(description=tenant_desc) - tenant_id = tenant['id'] - desc1 = tenant['description'] - self.assertEqual(desc1, tenant_desc, 'Description should have ' - 'been sent in response for create') - body = self.tenants_client.show_tenant(tenant_id)['tenant'] - desc2 = body['description'] - self.assertEqual(desc2, tenant_desc, 'Description does not appear ' - 'to be set') - self.tenants_client.delete_tenant(tenant_id) - - @decorators.idempotent_id('670bdddc-1cd7-41c7-b8e2-751cfb67df50') - def test_tenant_create_enabled(self): - """Test creating a tenant that is enabled via v2 API""" - tenant = self.setup_test_tenant(enabled=True) - tenant_id = tenant['id'] - self.assertTrue(tenant['enabled'], 'Enable should be True in response') - body = self.tenants_client.show_tenant(tenant_id)['tenant'] - self.assertTrue(body['enabled'], 'Enable should be True in lookup') - self.tenants_client.delete_tenant(tenant_id) - - @decorators.idempotent_id('3be22093-b30f-499d-b772-38340e5e16fb') - def test_tenant_create_not_enabled(self): - """Test creating a tenant that is not enabled via v2 API""" - tenant = self.setup_test_tenant(enabled=False) - tenant_id = tenant['id'] - self.assertFalse(tenant['enabled'], - 'Enable should be False in response') - body = self.tenants_client.show_tenant(tenant_id)['tenant'] - self.assertFalse(body['enabled'], - 'Enable should be False in lookup') - self.tenants_client.delete_tenant(tenant_id) - - @decorators.idempotent_id('781f2266-d128-47f3-8bdb-f70970add238') - def test_tenant_update_name(self): - """Test updating name attribute of a tenant via v2 API""" - t_name1 = data_utils.rand_name( - name='tenant', prefix=CONF.resource_name_prefix) - tenant = self.setup_test_tenant(name=t_name1) - t_id = tenant['id'] - resp1_name = tenant['name'] - - t_name2 = data_utils.rand_name( - name='tenant2', prefix=CONF.resource_name_prefix) - body = self.tenants_client.update_tenant(t_id, name=t_name2)['tenant'] - resp2_name = body['name'] - self.assertNotEqual(resp1_name, resp2_name) - - body = self.tenants_client.show_tenant(t_id)['tenant'] - resp3_name = body['name'] - - self.assertNotEqual(resp1_name, resp3_name) - self.assertEqual(t_name1, resp1_name) - self.assertEqual(resp2_name, resp3_name) - - self.tenants_client.delete_tenant(t_id) - - @decorators.idempotent_id('859fcfe1-3a03-41ef-86f9-b19a47d1cd87') - def test_tenant_update_desc(self): - """Test updating description attribute of a tenant via v2 API""" - t_desc = data_utils.rand_name( - name='desc', prefix=CONF.resource_name_prefix) - tenant = self.setup_test_tenant(description=t_desc) - t_id = tenant['id'] - resp1_desc = tenant['description'] - - t_desc2 = data_utils.rand_name( - name='desc2', prefix=CONF.resource_name_prefix) - body = self.tenants_client.update_tenant(t_id, description=t_desc2) - updated_tenant = body['tenant'] - resp2_desc = updated_tenant['description'] - self.assertNotEqual(resp1_desc, resp2_desc) - - body = self.tenants_client.show_tenant(t_id)['tenant'] - resp3_desc = body['description'] - - self.assertNotEqual(resp1_desc, resp3_desc) - self.assertEqual(t_desc, resp1_desc) - self.assertEqual(resp2_desc, resp3_desc) - - self.tenants_client.delete_tenant(t_id) - - @decorators.idempotent_id('8fc8981f-f12d-4c66-9972-2bdcf2bc2e1a') - def test_tenant_update_enable(self): - """Test updating the enabled attribute of a tenant via v2 API""" - t_en = False - tenant = self.setup_test_tenant(enabled=t_en) - t_id = tenant['id'] - resp1_en = tenant['enabled'] - - t_en2 = True - body = self.tenants_client.update_tenant(t_id, enabled=t_en2) - updated_tenant = body['tenant'] - resp2_en = updated_tenant['enabled'] - self.assertNotEqual(resp1_en, resp2_en) - - body = self.tenants_client.show_tenant(t_id)['tenant'] - resp3_en = body['enabled'] - - self.assertNotEqual(resp1_en, resp3_en) - self.assertFalse(tenant['enabled']) - self.assertEqual(resp2_en, resp3_en) - - self.tenants_client.delete_tenant(t_id) diff --git a/tempest/api/identity/admin/v2/test_tokens.py b/tempest/api/identity/admin/v2/test_tokens.py deleted file mode 100644 index 78a2aada5c..0000000000 --- a/tempest/api/identity/admin/v2/test_tokens.py +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 2013 Huawei Technologies Co.,LTD. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -CONF = config.CONF - - -class TokensTestJSON(base.BaseIdentityV2AdminTest): - """Test keystone tokens via v2 API""" - - @decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586') - def test_create_check_get_delete_token(self): - """Test getting create/check/get/delete token for user via v2 API""" - # get a token by username and password - user_name = data_utils.rand_name( - name='user', prefix=CONF.resource_name_prefix) - user_password = data_utils.rand_password() - # first:create a tenant - tenant = self.setup_test_tenant() - # second:create a user - user = self.create_test_user(name=user_name, - password=user_password, - tenantId=tenant['id'], - email='') - # then get a token for the user - body = self.token_client.auth(user_name, - user_password, - tenant['name']) - self.assertEqual(body['token']['tenant']['name'], - tenant['name']) - # Perform GET Token - token_id = body['token']['id'] - self.client.check_token_existence(token_id) - token_details = self.client.show_token(token_id)['access'] - self.assertEqual(token_id, token_details['token']['id']) - self.assertEqual(user['id'], token_details['user']['id']) - self.assertEqual(user_name, token_details['user']['name']) - self.assertEqual(tenant['name'], - token_details['token']['tenant']['name']) - # then delete the token - self.client.delete_token(token_id) - self.assertRaises(lib_exc.NotFound, - self.client.check_token_existence, - token_id) - - @decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e') - def test_rescope_token(self): - """Test an unscoped token can be requested via v2 API - - That token can be used to request a scoped token. - """ - - # Create a user. - user_name = data_utils.rand_name( - name='user', prefix=CONF.resource_name_prefix) - user_password = data_utils.rand_password() - tenant_id = None # No default tenant so will get unscoped token. - user = self.create_test_user(name=user_name, - password=user_password, - tenantId=tenant_id, - email='') - - # Create a couple tenants. - tenant1_name = data_utils.rand_name( - name='tenant', prefix=CONF.resource_name_prefix) - tenant1 = self.setup_test_tenant(name=tenant1_name) - - tenant2_name = data_utils.rand_name( - name='tenant', prefix=CONF.resource_name_prefix) - tenant2 = self.setup_test_tenant(name=tenant2_name) - - # Create a role - role = self.setup_test_role() - - # Grant the user the role on the tenants. - self.roles_client.create_user_role_on_project(tenant1['id'], - user['id'], - role['id']) - - self.roles_client.create_user_role_on_project(tenant2['id'], - user['id'], - role['id']) - - # Get an unscoped token. - body = self.token_client.auth(user_name, user_password) - - token_id = body['token']['id'] - - # Use the unscoped token to get a token scoped to tenant1 - body = self.token_client.auth_token(token_id, - tenant=tenant1_name) - - scoped_token_id = body['token']['id'] - - # Revoke the scoped token - self.client.delete_token(scoped_token_id) - - # Use the unscoped token to get a token scoped to tenant2 - body = self.token_client.auth_token(token_id, - tenant=tenant2_name) - - @decorators.idempotent_id('ca3ea6f7-ed08-4a61-adbd-96906456ad31') - def test_list_endpoints_for_token(self): - """Test listing endpoints for token via v2 API""" - tempest_services = ['keystone', 'nova', 'neutron', 'swift', 'cinder', - 'neutron'] - # get a token for the user - creds = self.os_primary.credentials - username = creds.username - password = creds.password - tenant_name = creds.tenant_name - token = self.token_client.auth(username, - password, - tenant_name)['token'] - endpoints = self.client.list_endpoints_for_token( - token['id'])['endpoints'] - self.assertIsInstance(endpoints, list) - # Store list of service names - service_names = [e['name'] for e in endpoints] - # Get the list of available services. Keystone is always available. - available_services = [s[0] for s in list( - CONF.service_available.items()) if s[1] is True] + ['keystone'] - # Verify that all available services are present. - for service in tempest_services: - if service in available_services: - self.assertIn(service, service_names) diff --git a/tempest/api/identity/admin/v2/test_tokens_negative.py b/tempest/api/identity/admin/v2/test_tokens_negative.py deleted file mode 100644 index f2e41ffff2..0000000000 --- a/tempest/api/identity/admin/v2/test_tokens_negative.py +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2017 AT&T Corporation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - - -class TokensAdminTestNegative(base.BaseIdentityV2AdminTest): - """Negative tests of keystone tokens via v2 API""" - - credentials = ['primary', 'admin', 'alt'] - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('a0a0a600-4292-4364-99c5-922c834fdf05') - def test_check_token_existence_negative(self): - """Test checking other tenant's token existence via v2 API - - Checking other tenant's token existence via v2 API should fail. - """ - creds = self.os_primary.credentials - creds_alt = self.os_alt.credentials - username = creds.username - password = creds.password - tenant_name = creds.tenant_name - alt_tenant_name = creds_alt.tenant_name - body = self.token_client.auth(username, password, tenant_name) - self.assertRaises(lib_exc.Unauthorized, - self.client.check_token_existence, - body['token']['id'], - belongsTo=alt_tenant_name) diff --git a/tempest/api/identity/admin/v2/test_users.py b/tempest/api/identity/admin/v2/test_users.py deleted file mode 100644 index 011419e3e7..0000000000 --- a/tempest/api/identity/admin/v2/test_users.py +++ /dev/null @@ -1,204 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import time - -from testtools import matchers - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators - -CONF = config.CONF - - -class UsersTestJSON(base.BaseIdentityV2AdminTest): - """Test keystone users via v2 API""" - - @classmethod - def resource_setup(cls): - super(UsersTestJSON, cls).resource_setup() - cls.alt_user = data_utils.rand_name( - name='test_user', prefix=CONF.resource_name_prefix) - cls.alt_email = cls.alt_user + '@testmail.tm' - - @decorators.attr(type='smoke') - @decorators.idempotent_id('2d55a71e-da1d-4b43-9c03-d269fd93d905') - def test_create_user(self): - """Test creating a user via v2 API""" - tenant = self.setup_test_tenant() - user = self.create_test_user(name=self.alt_user, tenantId=tenant['id']) - self.assertEqual(self.alt_user, user['name']) - - @decorators.idempotent_id('89d9fdb8-15c2-4304-a429-48715d0af33d') - def test_create_user_with_enabled(self): - """Test creating a user with enabled : False via v2 API""" - tenant = self.setup_test_tenant() - name = data_utils.rand_name( - name='test_user', prefix=CONF.resource_name_prefix) - user = self.create_test_user(name=name, - tenantId=tenant['id'], - email=self.alt_email, - enabled=False) - self.assertEqual(name, user['name']) - self.assertEqual(False, user['enabled']) - self.assertEqual(self.alt_email, user['email']) - - @decorators.idempotent_id('39d05857-e8a5-4ed4-ba83-0b52d3ab97ee') - def test_update_user(self): - """Test updating user attributes via v2 API""" - tenant = self.setup_test_tenant() - user = self.create_test_user(tenantId=tenant['id']) - - # Updating user details with new values - u_name2 = data_utils.rand_name( - name='user2', prefix=CONF.resource_name_prefix) - u_email2 = u_name2 + '@testmail.tm' - update_user = self.users_client.update_user(user['id'], name=u_name2, - email=u_email2, - enabled=False)['user'] - self.assertEqual(u_name2, update_user['name']) - self.assertEqual(u_email2, update_user['email']) - self.assertEqual(False, update_user['enabled']) - # GET by id after updating - updated_user = self.users_client.show_user(user['id'])['user'] - # Assert response body of GET after updating - self.assertEqual(u_name2, updated_user['name']) - self.assertEqual(u_email2, updated_user['email']) - self.assertEqual(False, update_user['enabled']) - - @decorators.idempotent_id('29ed26f4-a74e-4425-9a85-fdb49fa269d2') - def test_delete_user(self): - """Test deleting a user via v2 API""" - tenant = self.setup_test_tenant() - user = self.create_test_user(tenantId=tenant['id']) - self.users_client.delete_user(user['id']) - - @decorators.idempotent_id('aca696c3-d645-4f45-b728-63646045beb1') - def test_user_authentication(self): - """Test that valid user's token is authenticated via v2 API""" - password = data_utils.rand_password() - user = self.setup_test_user(password) - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - # Get a token - self.token_client.auth(user['name'], - password, - tenant['name']) - # Re-auth - self.token_client.auth(user['name'], - password, - tenant['name']) - - @decorators.idempotent_id('5d1fa498-4c2d-4732-a8fe-2b054598cfdd') - def test_authentication_request_without_token(self): - """Test authentication request without token via v2 API""" - # Request for token authentication with a valid token in header - password = data_utils.rand_password() - user = self.setup_test_user(password) - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - self.token_client.auth(user['name'], - password, - tenant['name']) - # Get the token of the current client - token = self.client.auth_provider.get_token() - # Delete the token from database - self.client.delete_token(token) - # Re-auth - self.token_client.auth(user['name'], - password, - tenant['name']) - self.client.auth_provider.clear_auth() - - @decorators.idempotent_id('a149c02e-e5e0-4b89-809e-7e8faf33ccda') - def test_get_users(self): - """Test getting users via v2 API - - Get a list of users and find the test user - """ - user = self.setup_test_user() - users = self.users_client.list_users()['users'] - self.assertThat([u['name'] for u in users], - matchers.Contains(user['name']), - "Could not find %s" % user['name']) - - @decorators.idempotent_id('6e317209-383a-4bed-9f10-075b7c82c79a') - def test_list_users_for_tenant(self): - """Test returning a list of all users for a tenant via v2 API""" - tenant = self.setup_test_tenant() - user_ids = list() - fetched_user_ids = list() - user1 = self.create_test_user(tenantId=tenant['id']) - user_ids.append(user1['id']) - user2 = self.create_test_user(tenantId=tenant['id']) - user_ids.append(user2['id']) - # List of users for the respective tenant ID - body = (self.tenants_client.list_tenant_users(tenant['id']) - ['users']) - for i in body: - fetched_user_ids.append(i['id']) - # verifying the user Id in the list - missing_users =\ - [user for user in user_ids if user not in fetched_user_ids] - self.assertEmpty(missing_users, - "Failed to find user %s in fetched list" % - ', '.join(m_user for m_user in missing_users)) - - @decorators.idempotent_id('a8b54974-40e1-41c0-b812-50fc90827971') - def test_list_users_with_roles_for_tenant(self): - """Test listing users on tenant with roles assigned via v2 API""" - user = self.setup_test_user() - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - role = self.setup_test_role() - # Assigning roles to two users - user_ids = list() - fetched_user_ids = list() - user_ids.append(user['id']) - role = self.roles_client.create_user_role_on_project( - tenant['id'], user['id'], role['id'])['role'] - - second_user = self.create_test_user(tenantId=tenant['id']) - user_ids.append(second_user['id']) - role = self.roles_client.create_user_role_on_project( - tenant['id'], second_user['id'], role['id'])['role'] - # List of users with roles for the respective tenant ID - body = (self.tenants_client.list_tenant_users(tenant['id'])['users']) - for i in body: - fetched_user_ids.append(i['id']) - # verifying the user Id in the list - missing_users = [missing_user for missing_user in user_ids - if missing_user not in fetched_user_ids] - self.assertEmpty(missing_users, - "Failed to find user %s in fetched list" % - ', '.join(m_user for m_user in missing_users)) - - @decorators.idempotent_id('1aeb25ac-6ec5-4d8b-97cb-7ac3567a989f') - def test_update_user_password(self): - """Test updating of user password via v2 API""" - user = self.setup_test_user() - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - # Updating the user with new password - new_pass = data_utils.rand_password() - update_user = self.users_client.update_user_password( - user['id'], password=new_pass)['user'] - self.assertEqual(update_user['id'], user['id']) - # NOTE(morganfainberg): Fernet tokens are not subsecond aware and - # Keystone should only be precise to the second. Sleep to ensure - # we are passing the second boundary. - time.sleep(1) - # Validate the updated password through getting a token. - body = self.token_client.auth(user['name'], new_pass, - tenant['name']) - self.assertIn('id', body['token']) diff --git a/tempest/api/identity/admin/v2/test_users_negative.py b/tempest/api/identity/admin/v2/test_users_negative.py deleted file mode 100644 index 7ccd75cb8e..0000000000 --- a/tempest/api/identity/admin/v2/test_users_negative.py +++ /dev/null @@ -1,286 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - -CONF = config.CONF - - -class UsersNegativeTestJSON(base.BaseIdentityV2AdminTest): - """Negative tests of identity users via v2 API""" - - @classmethod - def resource_setup(cls): - super(UsersNegativeTestJSON, cls).resource_setup() - cls.alt_user = data_utils.rand_name( - 'test_user', prefix=CONF.resource_name_prefix) - cls.alt_password = data_utils.rand_password() - cls.alt_email = cls.alt_user + '@testmail.tm' - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('60a1f5fa-5744-4cdf-82bf-60b7de2d29a4') - def test_create_user_by_unauthorized_user(self): - """Non-admin should not be authorized to create a user via v2 API""" - tenant = self.setup_test_tenant() - self.assertRaises(lib_exc.Forbidden, - self.non_admin_users_client.create_user, - name=self.alt_user, password=self.alt_password, - tenantId=tenant['id'], - email=self.alt_email) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('d80d0c2f-4514-4d1e-806d-0930dfc5a187') - def test_create_user_with_empty_name(self): - """User with an empty name should not be created via v2 API""" - tenant = self.setup_test_tenant() - self.assertRaises(lib_exc.BadRequest, self.users_client.create_user, - name='', password=self.alt_password, - tenantId=tenant['id'], - email=self.alt_email) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('7704b4f3-3b75-4b82-87cc-931d41c8f780') - def test_create_user_with_name_length_over_255(self): - """Length of user name should not exceed 255 via v2 API""" - tenant = self.setup_test_tenant() - self.assertRaises(lib_exc.BadRequest, self.users_client.create_user, - name='a' * 256, password=self.alt_password, - tenantId=tenant['id'], - email=self.alt_email) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('57ae8558-120c-4723-9308-3751474e7ecf') - def test_create_user_with_duplicate_name(self): - """Duplicate user should not be created via v2 API""" - password = data_utils.rand_password() - user = self.setup_test_user(password) - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - self.assertRaises(lib_exc.Conflict, self.users_client.create_user, - name=user['name'], - password=password, - tenantId=tenant['id'], - email=user['email']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('0132cc22-7c4f-42e1-9e50-ac6aad31d59a') - def test_create_user_for_non_existent_tenant(self): - """Creating a user in a non-existent tenant via v2 API should fail""" - self.assertRaises(lib_exc.NotFound, self.users_client.create_user, - name=self.alt_user, - password=self.alt_password, - tenantId='49ffgg99999', - email=self.alt_email) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('55bbb103-d1ae-437b-989b-bcdf8175c1f4') - def test_create_user_request_without_a_token(self): - """Creating a user without a valid token via v2 API should fail""" - tenant = self.setup_test_tenant() - # Get the token of the current client - token = self.client.auth_provider.get_token() - # Delete the token from database - self.client.delete_token(token) - - # Unset the token to allow further tests to generate a new token - self.addCleanup(self.client.auth_provider.clear_auth) - - self.assertRaises(lib_exc.Unauthorized, self.users_client.create_user, - name=self.alt_user, password=self.alt_password, - tenantId=tenant['id'], - email=self.alt_email) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('23a2f3da-4a1a-41da-abdd-632328a861ad') - def test_create_user_with_enabled_non_bool(self): - """Creating a user with invalid enabled para via v2 API should fail""" - tenant = self.setup_test_tenant() - name = data_utils.rand_name( - 'test_user', prefix=CONF.resource_name_prefix) - self.assertRaises(lib_exc.BadRequest, self.users_client.create_user, - name=name, password=self.alt_password, - tenantId=tenant['id'], - email=self.alt_email, enabled=3) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('3d07e294-27a0-4144-b780-a2a1bf6fee19') - def test_update_user_for_non_existent_user(self): - """Updating a non-existent user via v2 API should fail""" - user_name = data_utils.rand_name( - 'user', prefix=CONF.resource_name_prefix) - non_existent_id = data_utils.rand_uuid() - self.assertRaises(lib_exc.NotFound, self.users_client.update_user, - non_existent_id, name=user_name) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('3cc2a64b-83aa-4b02-88f0-d6ab737c4466') - def test_update_user_request_without_a_token(self): - """Updating a user without a valid token via v2 API should fail""" - - # Get the token of the current client - token = self.client.auth_provider.get_token() - # Delete the token from database - self.client.delete_token(token) - - # Unset the token to allow further tests to generate a new token - self.addCleanup(self.client.auth_provider.clear_auth) - - self.assertRaises(lib_exc.Unauthorized, self.users_client.update_user, - self.alt_user) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('424868d5-18a7-43e1-8903-a64f95ee3aac') - def test_update_user_by_unauthorized_user(self): - """Non-admin should not be authorized to update user via v2 API""" - self.assertRaises(lib_exc.Forbidden, - self.non_admin_users_client.update_user, - self.alt_user) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('d45195d5-33ed-41b9-a452-7d0d6a00f6e9') - def test_delete_users_by_unauthorized_user(self): - """Non-admin should not be authorized to delete a user via v2 API""" - user = self.setup_test_user() - self.assertRaises(lib_exc.Forbidden, - self.non_admin_users_client.delete_user, - user['id']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('7cc82f7e-9998-4f89-abae-23df36495867') - def test_delete_non_existent_user(self): - """Attempt to delete a non-existent user via v2 API should fail""" - self.assertRaises(lib_exc.NotFound, self.users_client.delete_user, - 'junk12345123') - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('57fe1df8-0aa7-46c0-ae9f-c2e785c7504a') - def test_delete_user_request_without_a_token(self): - """Deleting a user without a valid token via v2 API should fail""" - - # Get the token of the current client - token = self.client.auth_provider.get_token() - # Delete the token from database - self.client.delete_token(token) - - # Unset the token to allow further tests to generate a new token - self.addCleanup(self.client.auth_provider.clear_auth) - - self.assertRaises(lib_exc.Unauthorized, self.users_client.delete_user, - self.alt_user) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('593a4981-f6d4-460a-99a1-57a78bf20829') - def test_authentication_for_disabled_user(self): - """Disabled user's token should not get authenticated via v2 API""" - password = data_utils.rand_password() - user = self.setup_test_user(password) - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - self.disable_user(user['name']) - self.assertRaises(lib_exc.Unauthorized, self.token_client.auth, - user['name'], - password, - tenant['name']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('440a7a8d-9328-4b7b-83e0-d717010495e4') - def test_authentication_when_tenant_is_disabled(self): - """Test User's token for a disabled tenant via v2 API - - User's token for a disabled tenant should not be authenticated via - v2 API. - """ - password = data_utils.rand_password() - user = self.setup_test_user(password) - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - self.disable_tenant(tenant['name']) - self.assertRaises(lib_exc.Unauthorized, self.token_client.auth, - user['name'], - password, - tenant['name']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('921f1ad6-7907-40b8-853f-637e7ee52178') - def test_authentication_with_invalid_tenant(self): - """Test User's token for an invalid tenant via v2 API - - User's token for an invalid tenant should not be authenticated via V2 - API. - """ - password = data_utils.rand_password() - user = self.setup_test_user(password) - self.assertRaises(lib_exc.Unauthorized, self.token_client.auth, - user['name'], - password, - 'junktenant1234') - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('bde9aecd-3b1c-4079-858f-beb5deaa5b5e') - def test_authentication_with_invalid_username(self): - """Non-existent user's token should not get authorized via v2 API""" - password = data_utils.rand_password() - user = self.setup_test_user(password) - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - self.assertRaises(lib_exc.Unauthorized, self.token_client.auth, - 'junkuser123', password, tenant['name']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('d5308b33-3574-43c3-8d87-1c090c5e1eca') - def test_authentication_with_invalid_password(self): - """Test User's token with invalid password via v2 API - - User's token with invalid password should not be authenticated via V2 - API. - """ - user = self.setup_test_user() - tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant'] - self.assertRaises(lib_exc.Unauthorized, self.token_client.auth, - user['name'], 'junkpass1234', tenant['name']) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('284192ce-fb7c-4909-a63b-9a502e0ddd11') - def test_get_users_by_unauthorized_user(self): - """Non-admin should not be authorized to get user list via v2 API""" - self.assertRaises(lib_exc.Forbidden, - self.non_admin_users_client.list_users) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('a73591ec-1903-4ffe-be42-282b39fefc9d') - def test_get_users_request_without_token(self): - """Listing users without a valid token via v2 API should fail""" - token = self.client.auth_provider.get_token() - self.client.delete_token(token) - - # Unset the token to allow further tests to generate a new token - self.addCleanup(self.client.auth_provider.clear_auth) - - self.assertRaises(lib_exc.Unauthorized, self.users_client.list_users) - - @decorators.attr(type=['negative']) - @decorators.idempotent_id('f5d39046-fc5f-425c-b29e-bac2632da28e') - def test_list_users_with_invalid_tenant(self): - """Listing users for a non-existent tenant via v2 API should fail""" - # Assign invalid tenant ids - invalid_id = list() - invalid_id.append(data_utils.rand_name('999')) - invalid_id.append('alpha') - invalid_id.append(data_utils.rand_name("dddd@#%%^$")) - invalid_id.append('!@#()$%^&*?<>{}[]') - # List the users with invalid tenant id - for invalid in invalid_id: - self.assertRaises(lib_exc.NotFound, - self.tenants_client.list_tenant_users, invalid) diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py index 9cdd917d9a..811dff4fed 100644 --- a/tempest/api/identity/base.py +++ b/tempest/api/identity/base.py @@ -98,85 +98,6 @@ class BaseIdentityTest(tempest.test.BaseTestCase): return role -class BaseIdentityV2Test(BaseIdentityTest): - - credentials = ['primary'] - - # identity v2 tests should obtain tokens and create accounts via v2 - # regardless of the configured CONF.identity.auth_version - identity_version = 'v2' - - @classmethod - def setup_clients(cls): - super(BaseIdentityV2Test, cls).setup_clients() - cls.non_admin_client = cls.os_primary.identity_public_client - cls.non_admin_token_client = cls.os_primary.token_client - cls.non_admin_tenants_client = cls.os_primary.tenants_public_client - cls.non_admin_users_client = cls.os_primary.users_public_client - - -class BaseIdentityV2AdminTest(BaseIdentityV2Test): - - credentials = ['primary', 'admin'] - - # NOTE(andreaf) Identity tests work with credentials, so it is safer - # for them to always use disposable credentials. Forcing dynamic creds - # on regular identity tests would be however to restrictive, since it - # would prevent any identity test from being executed against clouds where - # admin credentials are not available. - # Since All admin tests require admin credentials to be - # executed, so this will not impact the ability to execute tests. - force_tenant_isolation = True - - @classmethod - def skip_checks(cls): - super(BaseIdentityV2AdminTest, cls).skip_checks() - if not CONF.identity_feature_enabled.api_v2_admin: - raise cls.skipException('Identity v2 admin not available') - - @classmethod - def setup_clients(cls): - super(BaseIdentityV2AdminTest, cls).setup_clients() - cls.client = cls.os_admin.identity_client - cls.non_admin_client = cls.os_primary.identity_client - cls.token_client = cls.os_admin.token_client - cls.tenants_client = cls.os_admin.tenants_client - cls.non_admin_tenants_client = cls.os_primary.tenants_client - cls.roles_client = cls.os_admin.roles_client - cls.non_admin_roles_client = cls.os_primary.roles_client - cls.users_client = cls.os_admin.users_client - cls.non_admin_users_client = cls.os_primary.users_client - cls.services_client = cls.os_admin.identity_services_client - cls.endpoints_client = cls.os_admin.endpoints_client - - @classmethod - def resource_setup(cls): - super(BaseIdentityV2AdminTest, cls).resource_setup() - cls.projects_client = cls.tenants_client - - def setup_test_user(self, password=None): - """Set up a test user.""" - tenant = self.setup_test_tenant() - user = self.create_test_user(tenantId=tenant['id'], password=password) - return user - - def setup_test_tenant(self, **kwargs): - """Set up a test tenant.""" - if 'name' not in kwargs: - kwargs['name'] = data_utils.rand_name( - name='test_tenant', - prefix=CONF.resource_name_prefix) - if 'description' not in kwargs: - kwargs['description'] = data_utils.rand_name( - name='desc', prefix=CONF.resource_name_prefix) - tenant = self.projects_client.create_tenant(**kwargs)['tenant'] - # Delete the tenant at the end of the test - self.addCleanup( - test_utils.call_and_ignore_notfound_exc, - self.tenants_client.delete_tenant, tenant['id']) - return tenant - - class BaseIdentityV3Test(BaseIdentityTest): credentials = ['primary'] diff --git a/tempest/api/identity/v2/__init__.py b/tempest/api/identity/v2/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/tempest/api/identity/v2/test_api_discovery.py b/tempest/api/identity/v2/test_api_discovery.py deleted file mode 100644 index afda104f79..0000000000 --- a/tempest/api/identity/v2/test_api_discovery.py +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2015 OpenStack Foundation. -# Copyright 2015, Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest.lib import decorators - - -class TestApiDiscovery(base.BaseIdentityV2Test): - """Tests for identity v2 API discovery features.""" - - @decorators.attr(type='smoke') - @decorators.idempotent_id('ea889a68-a15f-4166-bfb1-c12456eae853') - def test_api_version_resources(self): - """Test showing identity v2 api version resources""" - descr = self.non_admin_client.show_api_description()['version'] - expected_resources = ('id', 'links', 'media-types', 'status', - 'updated') - - keys = descr.keys() - for res in expected_resources: - self.assertIn(res, keys) - - @decorators.attr(type='smoke') - @decorators.idempotent_id('007a0be0-78fe-4fdb-bbee-e9216cc17bb2') - def test_api_media_types(self): - """Test showing identity v2 api version media type""" - descr = self.non_admin_client.show_api_description()['version'] - # Get MIME type bases and descriptions - media_types = [(media_type['base'], media_type['type']) for - media_type in descr['media-types']] - # These are supported for API version 2 - supported_types = [('application/json', - 'application/vnd.openstack.identity-v2.0+json')] - - # Check if supported types exist in response body - for s_type in supported_types: - self.assertIn(s_type, media_types) - - @decorators.attr(type='smoke') - @decorators.idempotent_id('77fd6be0-8801-48e6-b9bf-38cdd2f253ec') - def test_api_version_statuses(self): - """Test showing identity v2 api version status""" - descr = self.non_admin_client.show_api_description()['version'] - status = descr['status'].lower() - supported_statuses = ['current', 'stable', 'experimental', - 'supported', 'deprecated'] - - self.assertIn(status, supported_statuses) diff --git a/tempest/api/identity/v2/test_ec2_credentials.py b/tempest/api/identity/v2/test_ec2_credentials.py deleted file mode 100644 index 9981ef8bea..0000000000 --- a/tempest/api/identity/v2/test_ec2_credentials.py +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright 2015 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest.common import utils -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - - -class EC2CredentialsTest(base.BaseIdentityV2Test): - - @classmethod - def skip_checks(cls): - super(EC2CredentialsTest, cls).skip_checks() - if not utils.is_extension_enabled('OS-EC2', 'identity'): - msg = "OS-EC2 identity extension not enabled." - raise cls.skipException(msg) - - @classmethod - def resource_setup(cls): - super(EC2CredentialsTest, cls).resource_setup() - cls.creds = cls.os_primary.credentials - - @decorators.idempotent_id('b580fab9-7ae9-46e8-8138-417260cb6f9f') - def test_create_ec2_credential(self): - """Create user ec2 credential.""" - resp = self.non_admin_users_client.create_user_ec2_credential( - self.creds.user_id, - tenant_id=self.creds.tenant_id)["credential"] - access = resp['access'] - self.addCleanup( - self.non_admin_users_client.delete_user_ec2_credential, - self.creds.user_id, access) - self.assertNotEmpty(resp['access']) - self.assertNotEmpty(resp['secret']) - self.assertEqual(self.creds.user_id, resp['user_id']) - self.assertEqual(self.creds.tenant_id, resp['tenant_id']) - - @decorators.idempotent_id('9e2ea42f-0a4f-468c-a768-51859ce492e0') - def test_list_ec2_credentials(self): - """Get the list of user ec2 credentials.""" - created_creds = [] - # create first ec2 credentials - creds1 = self.non_admin_users_client.create_user_ec2_credential( - self.creds.user_id, - tenant_id=self.creds.tenant_id)["credential"] - created_creds.append(creds1['access']) - self.addCleanup( - self.non_admin_users_client.delete_user_ec2_credential, - self.creds.user_id, creds1['access']) - - # create second ec2 credentials - creds2 = self.non_admin_users_client.create_user_ec2_credential( - self.creds.user_id, - tenant_id=self.creds.tenant_id)["credential"] - created_creds.append(creds2['access']) - self.addCleanup( - self.non_admin_users_client.delete_user_ec2_credential, - self.creds.user_id, creds2['access']) - - # get the list of user ec2 credentials - resp = self.non_admin_users_client.list_user_ec2_credentials( - self.creds.user_id)["credentials"] - fetched_creds = [cred['access'] for cred in resp] - # created credentials should be in a fetched list - missing = [cred for cred in created_creds - if cred not in fetched_creds] - self.assertEmpty(missing, - "Failed to find ec2_credentials %s in fetched list" % - ', '.join(cred for cred in missing)) - - @decorators.idempotent_id('cb284075-b613-440d-83ca-fe0b33b3c2b8') - def test_show_ec2_credential(self): - """Get the definite user ec2 credential.""" - resp = self.non_admin_users_client.create_user_ec2_credential( - self.creds.user_id, - tenant_id=self.creds.tenant_id)["credential"] - self.addCleanup( - self.non_admin_users_client.delete_user_ec2_credential, - self.creds.user_id, resp['access']) - - ec2_creds = self.non_admin_users_client.show_user_ec2_credential( - self.creds.user_id, resp['access'] - )["credential"] - for key in ['access', 'secret', 'user_id', 'tenant_id']: - self.assertEqual(ec2_creds[key], resp[key]) - - @decorators.idempotent_id('6aba0d4c-b76b-4e46-aa42-add79bc1551d') - def test_delete_ec2_credential(self): - """Delete user ec2 credential.""" - resp = self.non_admin_users_client.create_user_ec2_credential( - self.creds.user_id, - tenant_id=self.creds.tenant_id)["credential"] - access = resp['access'] - self.non_admin_users_client.delete_user_ec2_credential( - self.creds.user_id, access) - self.assertRaises( - lib_exc.NotFound, - self.non_admin_users_client.show_user_ec2_credential, - self.creds.user_id, - access) diff --git a/tempest/api/identity/v2/test_extension.py b/tempest/api/identity/v2/test_extension.py deleted file mode 100644 index 13555bdf01..0000000000 --- a/tempest/api/identity/v2/test_extension.py +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2014 NEC Corporation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest.lib import decorators - - -class ExtensionTestJSON(base.BaseIdentityV2Test): - """Test extensions in identity v2 API""" - - @decorators.idempotent_id('85f3f661-f54c-4d48-b563-72ae952b9383') - def test_list_extensions(self): - """List all the identity extensions via v2 API""" - body = self.non_admin_client.list_extensions()['extensions']['values'] - self.assertNotEmpty(body) - keys = ['name', 'updated', 'alias', 'links', - 'namespace', 'description'] - for value in body: - for key in keys: - self.assertIn(key, value) diff --git a/tempest/api/identity/v2/test_tenants.py b/tempest/api/identity/v2/test_tenants.py deleted file mode 100644 index 1752b650fb..0000000000 --- a/tempest/api/identity/v2/test_tenants.py +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2015 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from tempest.api.identity import base -from tempest.lib import decorators -from tempest.lib import exceptions as lib_exc - - -class IdentityTenantsTest(base.BaseIdentityV2Test): - """Test listing tenants in identity v2 API""" - - credentials = ['primary', 'alt'] - - @decorators.idempotent_id('ecae2459-243d-4ba1-ad02-65f15dc82b78') - def test_list_tenants_returns_only_authorized_tenants(self): - """Test listing tenants only returns authorized tenants via v2 API""" - alt_tenant_name = self.os_alt.credentials.tenant_name - resp = self.non_admin_tenants_client.list_tenants() - - # check that user can see only that tenants that he presents in so user - # can successfully authenticate using his credentials and tenant name - # from received tenants list - for tenant in resp['tenants']: - body = self.non_admin_token_client.auth( - self.os_primary.credentials.username, - self.os_primary.credentials.password, - tenant['name']) - self.assertNotEmpty(body['token']['id']) - self.assertEqual(body['token']['tenant']['id'], tenant['id']) - self.assertEqual(body['token']['tenant']['name'], tenant['name']) - self.assertEqual( - body['user']['id'], self.os_primary.credentials.user_id) - - # check that user cannot log in to alt user's tenant - self.assertRaises( - lib_exc.Unauthorized, - self.non_admin_token_client.auth, - self.os_primary.credentials.username, - self.os_primary.credentials.password, - alt_tenant_name) diff --git a/tempest/api/identity/v2/test_tokens.py b/tempest/api/identity/v2/test_tokens.py deleted file mode 100644 index d3776b85c5..0000000000 --- a/tempest/api/identity/v2/test_tokens.py +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2015 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from oslo_utils import timeutils -from tempest.api.identity import base -from tempest.lib import decorators - - -class TokensTest(base.BaseIdentityV2Test): - """Test tokens in identity v2 API""" - - @decorators.idempotent_id('65ae3b78-91ff-467b-a705-f6678863b8ec') - def test_create_token(self): - """Test creating token for user via v2 API""" - token_client = self.non_admin_token_client - - # get a token for the user - creds = self.os_primary.credentials - username = creds.username - password = creds.password - tenant_name = creds.tenant_name - - body = token_client.auth(username, password, tenant_name) - - self.assertNotEmpty(body['token']['id']) - self.assertIsInstance(body['token']['id'], str) - - now = timeutils.utcnow() - expires_at = timeutils.normalize_time( - timeutils.parse_isotime(body['token']['expires'])) - self.assertGreater(expires_at, now) - - self.assertEqual(body['token']['tenant']['id'], - creds.tenant_id) - self.assertEqual(body['token']['tenant']['name'], - tenant_name) - - self.assertEqual(body['user']['id'], creds.user_id) diff --git a/tempest/api/identity/v2/test_users.py b/tempest/api/identity/v2/test_users.py deleted file mode 100644 index a63b45ca6f..0000000000 --- a/tempest/api/identity/v2/test_users.py +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 2015 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import time - -import testtools - -from tempest.api.identity import base -from tempest import config -from tempest.lib.common.utils import data_utils -from tempest.lib import decorators -from tempest.lib import exceptions - - -CONF = config.CONF - - -class IdentityUsersTest(base.BaseIdentityV2Test): - """Test user password in identity v2 API""" - - @classmethod - def resource_setup(cls): - super(IdentityUsersTest, cls).resource_setup() - cls.creds = cls.os_primary.credentials - cls.username = cls.creds.username - cls.password = cls.creds.password - cls.tenant_name = cls.creds.tenant_name - - def _update_password(self, user_id, original_password, password): - self.non_admin_users_client.update_user_own_password( - user_id, password=password, original_password=original_password) - - # NOTE(morganfainberg): Fernet tokens are not subsecond aware and - # Keystone should only be precise to the second. Sleep to ensure - # we are passing the second boundary. - time.sleep(1) - - # check authorization with new password - self.non_admin_token_client.auth(self.username, - password, - self.tenant_name) - - # Reset auth to get a new token with the new password - self.non_admin_users_client.auth_provider.clear_auth() - self.non_admin_users_client.auth_provider.credentials.password = ( - password) - - def _restore_password(self, user_id, old_pass, new_pass): - if CONF.identity_feature_enabled.security_compliance: - # First we need to clear the password history - unique_count = CONF.identity.user_unique_last_password_count - for _ in range(unique_count): - random_pass = data_utils.rand_password() - self._update_password( - user_id, original_password=new_pass, password=random_pass) - new_pass = random_pass - - self._update_password( - user_id, original_password=new_pass, password=old_pass) - # Reset auth again to verify the password restore does work. - # Clear auth restores the original credentials and deletes - # cached auth data - self.non_admin_users_client.auth_provider.clear_auth() - # NOTE(lbragstad): Fernet tokens are not subsecond aware and - # Keystone should only be precise to the second. Sleep to ensure we - # are passing the second boundary before attempting to - # authenticate. - time.sleep(1) - self.non_admin_users_client.auth_provider.set_auth() - - @decorators.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7') - @testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source, - 'Skipped because environment has an ' - 'immutable user source and solely ' - 'provides read-only access to users.') - def test_user_update_own_password(self): - """test updating user's own password via v2 API""" - old_pass = self.creds.password - old_token = self.non_admin_users_client.token - new_pass = data_utils.rand_password() - user_id = self.creds.user_id - - # to change password back. important for use_dynamic_credentials=false - self.addCleanup(self._restore_password, user_id, old_pass, new_pass) - - # user updates own password - self._update_password( - user_id, original_password=old_pass, password=new_pass) - - # authorize with old token should lead to Unauthorized - self.assertRaises(exceptions.Unauthorized, - self.non_admin_token_client.auth_token, - old_token) - - # authorize with old password should lead to Unauthorized - self.assertRaises(exceptions.Unauthorized, - self.non_admin_token_client.auth, - self.username, - old_pass, - self.tenant_name) diff --git a/tempest/clients.py b/tempest/clients.py index e432120eba..67074291e7 100644 --- a/tempest/clients.py +++ b/tempest/clients.py @@ -183,30 +183,6 @@ class Manager(clients.ServiceClients): self.placement.ResourceProvidersClient() def _set_identity_clients(self): - # Clients below use the admin endpoint type of Keystone API v2 - params_v2_admin = { - 'endpoint_type': CONF.identity.v2_admin_endpoint_type} - self.endpoints_client = self.identity_v2.EndpointsClient( - **params_v2_admin) - self.identity_client = self.identity_v2.IdentityClient( - **params_v2_admin) - self.tenants_client = self.identity_v2.TenantsClient( - **params_v2_admin) - self.roles_client = self.identity_v2.RolesClient(**params_v2_admin) - self.users_client = self.identity_v2.UsersClient(**params_v2_admin) - self.identity_services_client = self.identity_v2.ServicesClient( - **params_v2_admin) - - # Clients below use the public endpoint type of Keystone API v2 - params_v2_public = { - 'endpoint_type': CONF.identity.v2_public_endpoint_type} - self.identity_public_client = self.identity_v2.IdentityClient( - **params_v2_public) - self.tenants_public_client = self.identity_v2.TenantsClient( - **params_v2_public) - self.users_public_client = self.identity_v2.UsersClient( - **params_v2_public) - # Clients below use the endpoint type of Keystone API v3, which is set # in endpoint_type params_v3 = {'endpoint_type': CONF.identity.v3_endpoint_type} @@ -251,16 +227,6 @@ class Manager(clients.ServiceClients): self.identity_limits_client = \ self.identity_v3.LimitsClient(**params_v3) - # Token clients do not use the catalog. They only need default_params. - # They read auth_url, so they should only be set if the corresponding - # API version is marked as enabled - if CONF.identity_feature_enabled.api_v2: - if CONF.identity.uri: - self.token_client = self.identity_v2.TokenClient( - auth_url=CONF.identity.uri) - else: - msg = 'Identity v2 API enabled, but no identity.uri set' - raise lib_exc.InvalidConfiguration(msg) if CONF.identity_feature_enabled.api_v3: if CONF.identity.uri_v3: self.token_v3_client = self.identity_v3.V3TokenClient( diff --git a/tempest/config.py b/tempest/config.py index 63d4824f0a..bd4a7a171a 100644 --- a/tempest/config.py +++ b/tempest/config.py @@ -128,12 +128,18 @@ IdentityGroup = [ 'TLS (https) server certificate.'), cfg.URIOpt('uri', schemes=['http', 'https'], + deprecated_for_removal=True, + deprecated_reason='The identity v2 API tests were removed ' + 'and this option has no effect', help="Full URI of the OpenStack Identity API (Keystone), v2"), cfg.URIOpt('uri_v3', schemes=['http', 'https'], help='Full URI of the OpenStack Identity API (Keystone), v3'), cfg.StrOpt('auth_version', default='v3', + deprecated_for_removal=True, + deprecated_reason='Identity v2 API was removed and v3 is ' + 'the only available identity API version now', help="Identity API version to be used for authentication " "for API tests."), cfg.StrOpt('region', @@ -146,12 +152,16 @@ IdentityGroup = [ default='adminURL', choices=['public', 'admin', 'internal', 'publicURL', 'adminURL', 'internalURL'], + deprecated_for_removal=True, + deprecated_reason='This option has no effect', help="The admin endpoint type to use for OpenStack Identity " "(Keystone) API v2"), cfg.StrOpt('v2_public_endpoint_type', default='publicURL', choices=['public', 'admin', 'internal', 'publicURL', 'adminURL', 'internalURL'], + deprecated_for_removal=True, + deprecated_reason='This option has no effect', help="The public endpoint type to use for OpenStack Identity " "(Keystone) API v2"), cfg.StrOpt('v3_endpoint_type', @@ -234,19 +244,22 @@ IdentityFeatureGroup = [ 'impersonation enabled'), cfg.BoolOpt('api_v2', default=False, - help='Is the v2 identity API enabled', deprecated_for_removal=True, - deprecated_reason='The identity v2.0 API was removed in the ' - 'Queens release. Tests that exercise the ' - 'v2.0 API will be removed from tempest in ' - 'the v22.0.0 release. They are kept only to ' - 'test stable branches.'), + deprecated_reason='The identity v2 API tests were removed ' + 'and this option has no effect', + help='Is the v2 identity API enabled'), cfg.BoolOpt('api_v2_admin', default=True, - help="Is the v2 identity admin API available? This setting " - "only applies if api_v2 is set to True."), + deprecated_for_removal=True, + deprecated_reason='The identity v2 API tests were removed ' + 'and this option has no effect', + help="Is the v2 identity admin API available?"), cfg.BoolOpt('api_v3', default=True, + deprecated_for_removal=True, + deprecated_reason='Identity v2 API was removed and v3 is ' + 'the only available identity API version ' + 'now', help='Is the v3 identity API enabled'), cfg.ListOpt('api_extensions', default=['all'],