openstack/tempest
Code Issues Proposed changes

add some tests for user api

Browse Source 
make a seperate file test_users_negative.py and move exist negative tests
over to it,also add some negative tests to it

- test_create_user_with_enabled_non_bool
- test_create_user_with_enabled
- create_user
- test_update_user_for_non_existant_user
- test_update_user_request_without_a_token
- test_update_user_by_unauthorized_user
- test_delete_user_request_without_a_token

Change-Id: I5a87d72ecb94046809faf0ce14b1af347c2e4dcc
This commit is contained in:
huangtianhua 2013-10-08 12:05:58 +08:00
parent 308614d45a
commit fc8db4f6ac
4 changed files with 255 additions and 145 deletions
tempest
api/identity/admin
test_users.pytest_users_negative.py
services/identity
json
identity_client.py
xml
identity_client.py

155
tempest/api/identity/admin/test_users.py

@ -19,7 +19,6 @@ from testtools.matchers import Contains
from tempest.api.identity import base
from tempest.common.utils.data_utils import rand_name
from tempest import exceptions
from tempest.test import attr
@ -46,60 +45,19 @@ class UsersTestJSON(base.BaseIdentityAdminTest):
self.assertEqual('200', resp['status'])
self.assertEqual(self.alt_user, user['name'])
@attr(type=['negative', 'gate'])
def test_create_user_by_unauthorized_user(self):
# Non-administrator should not be authorized to create a user
@attr(type='smoke')
def test_create_user_with_enabled(self):
# Create a user with enabled : False
self.data.setup_test_tenant()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.create_user, self.alt_user,
self.alt_password, self.data.tenant['id'],
self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_with_empty_name(self):
# User with an empty name should not be created
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user, '',
self.alt_password, self.data.tenant['id'],
self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_with_name_length_over_255(self):
# Length of user name filed should be restricted to 255 characters
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user,
'a' * 256, self.alt_password,
self.data.tenant['id'], self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_with_duplicate_name(self):
# Duplicate user should not be created
self.data.setup_test_user()
self.assertRaises(exceptions.Duplicate, self.client.create_user,
self.data.test_user, self.data.test_password,
self.data.tenant['id'], self.data.test_email)
@attr(type=['negative', 'gate'])
def test_create_user_for_non_existant_tenant(self):
# Attempt to create a user in a non-existent tenant should fail
self.assertRaises(exceptions.NotFound, self.client.create_user,
self.alt_user, self.alt_password, '49ffgg99999',
self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_request_without_a_token(self):
# Request to create a user without a valid token should fail
self.data.setup_test_tenant()
# Get the token of the current client
token = self.client.get_auth()
# Delete the token from database
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.create_user,
self.alt_user, self.alt_password,
self.data.tenant['id'], self.alt_email)
# Unset the token to allow further tests to generate a new token
self.client.clear_auth()
name = rand_name('test_user_')
resp, user = self.client.create_user(name, self.alt_password,
self.data.tenant['id'],
self.alt_email, enabled=False)
self.data.users.append(user)
self.assertEqual('200', resp['status'])
self.assertEqual(name, user['name'])
self.assertEqual('false', str(user['enabled']).lower())
self.assertEqual(self.alt_email, user['email'])
@attr(type='smoke')
def test_update_user(self):
@ -141,20 +99,6 @@ class UsersTestJSON(base.BaseIdentityAdminTest):
resp, body = self.client.delete_user(user['id'])
self.assertEqual('204', resp['status'])
@attr(type=['negative', 'gate'])
def test_delete_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to delete a user
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.delete_user,
self.data.user['id'])
@attr(type=['negative', 'gate'])
def test_delete_non_existant_user(self):
# Attempt to delete a non-existent user should fail
self.assertRaises(exceptions.NotFound, self.client.delete_user,
'junk12345123')
@attr(type='smoke')
def test_user_authentication(self):
# Valid user's token is authenticated
@ -168,51 +112,6 @@ class UsersTestJSON(base.BaseIdentityAdminTest):
self.data.test_tenant)
self.assertEqual('200', resp['status'])
@attr(type=['negative', 'gate'])
def test_authentication_for_disabled_user(self):
# Disabled user's token should not get authenticated
self.data.setup_test_user()
self.disable_user(self.data.test_user)
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
self.data.test_tenant)
@attr(type=['negative', 'gate'])
def test_authentication_when_tenant_is_disabled(self):
# User's token for a disabled tenant should not be authenticated
self.data.setup_test_user()
self.disable_tenant(self.data.test_tenant)
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
self.data.test_tenant)
@attr(type=['negative', 'gate'])
def test_authentication_with_invalid_tenant(self):
# User's token for an invalid tenant should not be authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
'junktenant1234')
@attr(type=['negative', 'gate'])
def test_authentication_with_invalid_username(self):
# Non-existent user's token should not get authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
'junkuser123', self.data.test_password,
self.data.test_tenant)
@attr(type=['negative', 'gate'])
def test_authentication_with_invalid_password(self):
# User's token with invalid password should not be authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user, 'junkpass1234',
self.data.test_tenant)
@attr(type='gate')
def test_authentication_request_without_token(self):
# Request for token authentication with a valid token in header
@ -239,21 +138,6 @@ class UsersTestJSON(base.BaseIdentityAdminTest):
Contains(self.data.test_user),
"Could not find %s" % self.data.test_user)
@attr(type=['negative', 'gate'])
def test_get_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to get user list
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.get_users)
@attr(type=['negative', 'gate'])
def test_get_users_request_without_token(self):
# Request to get list of users without a valid token should fail
token = self.client.get_auth()
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.get_users)
self.client.clear_auth()
@attr(type='gate')
def test_list_users_for_tenant(self):
# Return a list of all users for a tenant
@ -326,21 +210,6 @@ class UsersTestJSON(base.BaseIdentityAdminTest):
"Failed to find user %s in fetched list" %
', '.join(m_user for m_user in missing_users))
@attr(type=['negative', 'gate'])
def test_list_users_with_invalid_tenant(self):
# Should not be able to return a list of all
# users for a non-existent tenant
# Assign invalid tenant ids
invalid_id = list()
invalid_id.append(rand_name('999'))
invalid_id.append('alpha')
invalid_id.append(rand_name("dddd@#%%^$"))
invalid_id.append('!@#()$%^&*?<>{}[]')
# List the users with invalid tenant id
for invalid in invalid_id:
self.assertRaises(exceptions.NotFound,
self.client.list_users_for_tenant, invalid)
class UsersTestXML(UsersTestJSON):
_interface = 'xml'

236
tempest/api/identity/admin/test_users_negative.py Normal file

@ -0,0 +1,236 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2012 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.api.identity import base
from tempest.common.utils.data_utils import rand_name
from tempest import exceptions
from tempest.test import attr
import uuid
class UsersNegativeTestJSON(base.BaseIdentityAdminTest):
_interface = 'json'
@classmethod
def setUpClass(cls):
super(UsersNegativeTestJSON, cls).setUpClass()
cls.alt_user = rand_name('test_user_')
cls.alt_password = rand_name('pass_')
cls.alt_email = cls.alt_user + '@testmail.tm'
cls.alt_tenant = rand_name('test_tenant_')
cls.alt_description = rand_name('desc_')
@attr(type=['negative', 'gate'])
def test_create_user_by_unauthorized_user(self):
# Non-administrator should not be authorized to create a user
self.data.setup_test_tenant()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.create_user, self.alt_user,
self.alt_password, self.data.tenant['id'],
self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_with_empty_name(self):
# User with an empty name should not be created
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user, '',
self.alt_password, self.data.tenant['id'],
self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_with_name_length_over_255(self):
# Length of user name filed should be restricted to 255 characters
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user,
'a' * 256, self.alt_password,
self.data.tenant['id'], self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_with_duplicate_name(self):
# Duplicate user should not be created
self.data.setup_test_user()
self.assertRaises(exceptions.Duplicate, self.client.create_user,
self.data.test_user, self.data.test_password,
self.data.tenant['id'], self.data.test_email)
@attr(type=['negative', 'gate'])
def test_create_user_for_non_existant_tenant(self):
# Attempt to create a user in a non-existent tenant should fail
self.assertRaises(exceptions.NotFound, self.client.create_user,
self.alt_user, self.alt_password, '49ffgg99999',
self.alt_email)
@attr(type=['negative', 'gate'])
def test_create_user_request_without_a_token(self):
# Request to create a user without a valid token should fail
self.data.setup_test_tenant()
# Get the token of the current client
token = self.client.get_auth()
# Delete the token from database
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.create_user,
self.alt_user, self.alt_password,
self.data.tenant['id'], self.alt_email)
# Unset the token to allow further tests to generate a new token
self.client.clear_auth()
@attr(type=['negative', 'gate'])
def test_create_user_with_enabled_non_bool(self):
# Attempt to create a user with valid enabled para should fail
self.data.setup_test_tenant()
name = rand_name('test_user_')
self.assertRaises(exceptions.BadRequest, self.client.create_user,
name, self.alt_password,
self.data.tenant['id'],
self.alt_email, enabled=3)
@attr(type=['negative', 'gate'])
def test_update_user_for_non_existant_user(self):
# Attempt to update a user non-existent user should fail
user_name = rand_name('user-')
non_existent_id = str(uuid.uuid4())
self.assertRaises(exceptions.NotFound, self.client.update_user,
non_existent_id, name=user_name)
@attr(type=['negative', 'gate'])
def test_update_user_request_without_a_token(self):
# Request to update a user without a valid token should fail
# Get the token of the current client
token = self.client.get_auth()
# Delete the token from database
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.update_user,
self.alt_user)
# Unset the token to allow further tests to generate a new token
self.client.clear_auth()
@attr(type=['negative', 'gate'])
def test_update_user_by_unauthorized_user(self):
# Non-administrator should not be authorized to update user
self.data.setup_test_tenant()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.update_user, self.alt_user)
@attr(type=['negative', 'gate'])
def test_delete_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to delete a user
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.delete_user,
self.data.user['id'])
@attr(type=['negative', 'gate'])
def test_delete_non_existant_user(self):
# Attempt to delete a non-existent user should fail
self.assertRaises(exceptions.NotFound, self.client.delete_user,
'junk12345123')
@attr(type=['negative', 'gate'])
def test_delete_user_request_without_a_token(self):
# Request to delete a user without a valid token should fail
# Get the token of the current client
token = self.client.get_auth()
# Delete the token from database
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.delete_user,
self.alt_user)
# Unset the token to allow further tests to generate a new token
self.client.clear_auth()
@attr(type=['negative', 'gate'])
def test_authentication_for_disabled_user(self):
# Disabled user's token should not get authenticated
self.data.setup_test_user()
self.disable_user(self.data.test_user)
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
self.data.test_tenant)
@attr(type=['negative', 'gate'])
def test_authentication_when_tenant_is_disabled(self):
# User's token for a disabled tenant should not be authenticated
self.data.setup_test_user()
self.disable_tenant(self.data.test_tenant)
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
self.data.test_tenant)
@attr(type=['negative', 'gate'])
def test_authentication_with_invalid_tenant(self):
# User's token for an invalid tenant should not be authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
'junktenant1234')
@attr(type=['negative', 'gate'])
def test_authentication_with_invalid_username(self):
# Non-existent user's token should not get authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
'junkuser123', self.data.test_password,
self.data.test_tenant)
@attr(type=['negative', 'gate'])
def test_authentication_with_invalid_password(self):
# User's token with invalid password should not be authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user, 'junkpass1234',
self.data.test_tenant)
@attr(type=['negative', 'gate'])
def test_get_users_by_unauthorized_user(self):
# Non-administrator user should not be authorized to get user list
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.get_users)
@attr(type=['negative', 'gate'])
def test_get_users_request_without_token(self):
# Request to get list of users without a valid token should fail
token = self.client.get_auth()
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.get_users)
self.client.clear_auth()
@attr(type=['negative', 'gate'])
def test_list_users_with_invalid_tenant(self):
# Should not be able to return a list of all
# users for a non-existent tenant
# Assign invalid tenant ids
invalid_id = list()
invalid_id.append(rand_name('999'))
invalid_id.append('alpha')
invalid_id.append(rand_name("dddd@#%%^$"))
invalid_id.append('!@#()$%^&*?<>{}[]')
# List the users with invalid tenant id
for invalid in invalid_id:
self.assertRaises(exceptions.NotFound,
self.client.list_users_for_tenant, invalid)
class UsersNegativeTestXML(UsersNegativeTestJSON):
_interface = 'xml'

4
tempest/services/identity/json/identity_client.py

@ -139,7 +139,7 @@ class IdentityClientJSON(RestClient):
body = json.loads(body)
return resp, body['tenant']
def create_user(self, name, password, tenant_id, email):
def create_user(self, name, password, tenant_id, email, **kwargs):
"""Create a user."""
post_body = {
'name': name,
@ -147,6 +147,8 @@ class IdentityClientJSON(RestClient):
'tenantId': tenant_id,
'email': email
}
if kwargs.get('enabled') is not None:
post_body['enabled'] = kwargs.get('enabled')
post_body = json.dumps({'user': post_body})
resp, body = self.post('users', post_body, self.headers)
body = json.loads(body)

5
tempest/services/identity/xml/identity_client.py

@ -159,7 +159,7 @@ class IdentityClientXML(RestClientXML):
body = self._parse_body(etree.fromstring(body))
return resp, body
def create_user(self, name, password, tenant_id, email):
def create_user(self, name, password, tenant_id, email, **kwargs):
"""Create a user."""
create_user = Element("user",
xmlns=XMLNS,
@ -167,6 +167,9 @@ class IdentityClientXML(RestClientXML):
password=password,
tenantId=tenant_id,
email=email)
if 'enabled' in kwargs:
create_user.add_attr('enabled', str(kwargs['enabled']).lower())
resp, body = self.post('users', str(Document(create_user)),
self.headers)
body = self._parse_body(etree.fromstring(body))