103 lines
3.9 KiB
Python
103 lines
3.9 KiB
Python
# Copyright 2018 SUSE Linux GmbH
|
|
#
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import datetime
|
|
|
|
from oslo_utils import timeutils
|
|
|
|
from tempest.api.identity import base
|
|
from tempest import config
|
|
from tempest.lib import decorators
|
|
|
|
CONF = config.CONF
|
|
|
|
|
|
class ApplicationCredentialsV3Test(base.BaseApplicationCredentialsV3Test):
|
|
|
|
def _list_app_creds(self, name=None):
|
|
kwargs = dict(user_id=self.user_id)
|
|
if name:
|
|
kwargs.update(name=name)
|
|
return self.non_admin_app_creds_client.list_application_credentials(
|
|
**kwargs)['application_credentials']
|
|
|
|
@decorators.idempotent_id('8080c75c-eddc-4786-941a-c2da7039ae61')
|
|
def test_create_application_credential(self):
|
|
app_cred = self.create_application_credential()
|
|
|
|
# Check that the secret appears in the create response
|
|
secret = app_cred['secret']
|
|
|
|
# Check that the secret is not retrievable after initial create
|
|
app_cred = self.non_admin_app_creds_client.show_application_credential(
|
|
user_id=self.user_id,
|
|
application_credential_id=app_cred['id']
|
|
)['application_credential']
|
|
self.assertNotIn('secret', app_cred)
|
|
|
|
# Check that the application credential is functional
|
|
token_id, resp = self.non_admin_token.get_token(
|
|
app_cred_id=app_cred['id'],
|
|
app_cred_secret=secret,
|
|
auth_data=True
|
|
)
|
|
self.assertEqual(resp['project']['id'], self.project_id)
|
|
|
|
@decorators.idempotent_id('852daf0c-42b5-4239-8466-d193d0543ed3')
|
|
def test_create_application_credential_expires(self):
|
|
expires_at = timeutils.utcnow() + datetime.timedelta(hours=1)
|
|
|
|
app_cred = self.create_application_credential(expires_at=expires_at)
|
|
|
|
expires_str = expires_at.isoformat()
|
|
self.assertEqual(expires_str, app_cred['expires_at'])
|
|
|
|
@decorators.idempotent_id('529936eb-aa5d-463d-9f79-01c113d3b88f')
|
|
def test_create_application_credential_access_rules(self):
|
|
if not CONF.identity_feature_enabled.access_rules:
|
|
raise self.skipException("Application credential access rules are "
|
|
"not available in this environment")
|
|
access_rules = [
|
|
{
|
|
"path": "/v2.1/servers/*/ips",
|
|
"method": "GET",
|
|
"service": "compute"
|
|
}
|
|
]
|
|
app_cred = self.create_application_credential(
|
|
access_rules=access_rules)
|
|
access_rule_resp = app_cred['access_rules'][0]
|
|
access_rule_resp.pop('id')
|
|
self.assertDictEqual(access_rules[0], access_rule_resp)
|
|
|
|
@decorators.idempotent_id('ff0cd457-6224-46e7-b79e-0ada4964a8a6')
|
|
def test_list_application_credentials(self):
|
|
self.create_application_credential()
|
|
self.create_application_credential()
|
|
|
|
app_creds = self._list_app_creds()
|
|
self.assertEqual(2, len(app_creds))
|
|
|
|
@decorators.idempotent_id('9bb5e5cc-5250-493a-8869-8b665f6aa5f6')
|
|
def test_query_application_credentials(self):
|
|
self.create_application_credential()
|
|
app_cred_two = self.create_application_credential()
|
|
app_cred_two_name = app_cred_two['name']
|
|
|
|
app_creds = self._list_app_creds(name=app_cred_two_name)
|
|
self.assertEqual(1, len(app_creds))
|
|
self.assertEqual(app_cred_two_name, app_creds[0]['name'])
|