OpenStack Testing (Tempest) of an existing cloud
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test_users.py 3.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
  1. # Copyright 2015 OpenStack Foundation
  2. # All Rights Reserved.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. import copy
  16. import time
  17. from tempest.api.identity import base
  18. from tempest.lib.common.utils import data_utils
  19. from tempest.lib import exceptions
  20. from tempest import manager
  21. from tempest import test
  22. class IdentityUsersTest(base.BaseIdentityV2Test):
  23. @classmethod
  24. def resource_setup(cls):
  25. super(IdentityUsersTest, cls).resource_setup()
  26. cls.creds = cls.os.credentials
  27. cls.username = cls.creds.username
  28. cls.password = cls.creds.password
  29. cls.tenant_name = cls.creds.tenant_name
  30. @test.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
  31. def test_user_update_own_password(self):
  32. self.new_creds = copy.copy(self.creds.credentials)
  33. self.new_creds.password = data_utils.rand_password()
  34. # we need new non-admin Identity Client with new credentials, since
  35. # current non_admin_client token will be revoked after updating
  36. # password
  37. self.non_admin_users_client_for_cleanup = copy.copy(
  38. self.non_admin_users_client)
  39. self.non_admin_users_client_for_cleanup.auth_provider = (
  40. manager.get_auth_provider(self.new_creds))
  41. user_id = self.creds.credentials.user_id
  42. old_pass = self.creds.credentials.password
  43. new_pass = self.new_creds.password
  44. # to change password back. important for allow_tenant_isolation = false
  45. self.addCleanup(
  46. self.non_admin_users_client_for_cleanup.update_user_own_password,
  47. user_id, original_password=new_pass, password=old_pass)
  48. # user updates own password
  49. self.non_admin_users_client.update_user_own_password(
  50. user_id, password=new_pass, original_password=old_pass)
  51. # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
  52. # Keystone should only be precise to the second. Sleep to ensure
  53. # we are passing the second boundary.
  54. time.sleep(1)
  55. # check authorization with new password
  56. self.non_admin_token_client.auth(self.username,
  57. new_pass,
  58. self.tenant_name)
  59. # authorize with old token should lead to Unauthorized
  60. self.assertRaises(exceptions.Unauthorized,
  61. self.non_admin_token_client.auth_token,
  62. self.non_admin_users_client.token)
  63. # authorize with old password should lead to Unauthorized
  64. self.assertRaises(exceptions.Unauthorized,
  65. self.non_admin_token_client.auth,
  66. self.username,
  67. old_pass,
  68. self.tenant_name)