Added Identity API tests for user ec2 credentials
The Identity API is not covered in a whole for non-admin user.
Since user can manipulate ec2 credentials, created tests for
creating, listing, getting, deleting ec2 credentials.
Added tests:
* test_create_ec2_credentials
* test_list_ec2_credentials
* test_show_ec2_credentials
* test_delete_ec2_credentials.
Change-Id: I9112916aa744a0a7522330d12a7cf410be28dbf6
diff --git a/tempest/api/identity/v2/test_ec2_credentials.py b/tempest/api/identity/v2/test_ec2_credentials.py
new file mode 100644
index 0000000..dbb50be
--- /dev/null
+++ b/tempest/api/identity/v2/test_ec2_credentials.py
@@ -0,0 +1,111 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest_lib import exceptions as lib_exc
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class EC2CredentialsTest(base.BaseIdentityV2Test):
+
+ @classmethod
+ def skip_checks(cls):
+ super(EC2CredentialsTest, cls).skip_checks()
+ if not test.is_extension_enabled('OS-EC2', 'identity'):
+ msg = "OS-EC2 identity extension not enabled."
+ raise cls.skipException(msg)
+
+ @classmethod
+ def resource_setup(cls):
+ super(EC2CredentialsTest, cls).resource_setup()
+ cls.creds = cls.os.credentials
+
+ @test.idempotent_id('b580fab9-7ae9-46e8-8138-417260cb6f9f')
+ def test_create_ec2_credentials(self):
+ """Create user ec2 credentials."""
+ resp = self.non_admin_client.create_user_ec2_credentials(
+ self.creds.credentials.user_id,
+ self.creds.credentials.tenant_id)
+ access = resp['access']
+ self.addCleanup(
+ self.non_admin_client.delete_user_ec2_credentials,
+ self.creds.credentials.user_id, access)
+ self.assertNotEmpty(resp['access'])
+ self.assertNotEmpty(resp['secret'])
+ self.assertEqual(self.creds.credentials.user_id, resp['user_id'])
+ self.assertEqual(self.creds.credentials.tenant_id, resp['tenant_id'])
+
+ @test.idempotent_id('9e2ea42f-0a4f-468c-a768-51859ce492e0')
+ def test_list_ec2_credentials(self):
+ """Get the list of user ec2 credentials."""
+ created_creds = []
+ fetched_creds = []
+ # create first ec2 credentials
+ creds1 = self.non_admin_client.create_user_ec2_credentials(
+ self.creds.credentials.user_id, self.creds.credentials.tenant_id)
+ created_creds.append(creds1['access'])
+ # create second ec2 credentials
+ creds2 = self.non_admin_client.create_user_ec2_credentials(
+ self.creds.credentials.user_id, self.creds.credentials.tenant_id)
+ created_creds.append(creds2['access'])
+ # add credentials to be cleaned up
+ self.addCleanup(
+ self.non_admin_client.delete_user_ec2_credentials,
+ self.creds.credentials.user_id, creds1['access'])
+ self.addCleanup(
+ self.non_admin_client.delete_user_ec2_credentials,
+ self.creds.credentials.user_id, creds2['access'])
+ # get the list of user ec2 credentials
+ resp = self.non_admin_client.list_user_ec2_credentials(
+ self.creds.credentials.user_id)
+ fetched_creds = [cred['access'] for cred in resp]
+ # created credentials should be in a fetched list
+ missing = [cred for cred in created_creds
+ if cred not in fetched_creds]
+ self.assertEmpty(missing,
+ "Failed to find ec2_credentials %s in fetched list" %
+ ', '.join(cred for cred in missing))
+
+ @test.idempotent_id('cb284075-b613-440d-83ca-fe0b33b3c2b8')
+ def test_show_ec2_credentials(self):
+ """Get the definite user ec2 credentials."""
+ resp = self.non_admin_client.create_user_ec2_credentials(
+ self.creds.credentials.user_id,
+ self.creds.credentials.tenant_id)
+ self.addCleanup(
+ self.non_admin_client.delete_user_ec2_credentials,
+ self.creds.credentials.user_id, resp['access'])
+
+ ec2_creds = self.non_admin_client.show_user_ec2_credentials(
+ self.creds.credentials.user_id, resp['access']
+ )
+ for key in ['access', 'secret', 'user_id', 'tenant_id']:
+ self.assertEqual(ec2_creds[key], resp[key])
+
+ @test.idempotent_id('6aba0d4c-b76b-4e46-aa42-add79bc1551d')
+ def test_delete_ec2_credentials(self):
+ """Delete user ec2 credentials."""
+ resp = self.non_admin_client.create_user_ec2_credentials(
+ self.creds.credentials.user_id,
+ self.creds.credentials.tenant_id)
+ access = resp['access']
+ self.non_admin_client.delete_user_ec2_credentials(
+ self.creds.credentials.user_id, access)
+ self.assertRaises(
+ lib_exc.NotFound,
+ self.non_admin_client.show_user_ec2_credentials,
+ self.creds.credentials.user_id,
+ access)
diff --git a/tempest/config.py b/tempest/config.py
index 295b74d..d95c462 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -188,6 +188,12 @@
cfg.BoolOpt('api_v3',
default=True,
help='Is the v3 identity API enabled'),
+ cfg.ListOpt('api_extensions',
+ default=['all'],
+ help="A list of enabled identity extensions with a special "
+ "entry all which indicates every extension is enabled. "
+ "Empty list indicates all extensions are disabled. "
+ "To get the list of extensions run: 'keystone discover'")
]
compute_group = cfg.OptGroup(name='compute',
diff --git a/tempest/services/identity/v2/json/identity_client.py b/tempest/services/identity/v2/json/identity_client.py
index 8eeefe7..81e967d 100644
--- a/tempest/services/identity/v2/json/identity_client.py
+++ b/tempest/services/identity/v2/json/identity_client.py
@@ -323,7 +323,19 @@
self.expected_success(200, resp.status)
return service_client.ResponseBody(resp, self._parse_resp(body))
+ def delete_user_ec2_credentials(self, user_id, access):
+ resp, body = self.delete('/users/%s/credentials/OS-EC2/%s' %
+ (user_id, access))
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp, body)
+
def list_user_ec2_credentials(self, user_id):
resp, body = self.get('/users/%s/credentials/OS-EC2' % user_id)
self.expected_success(200, resp.status)
return service_client.ResponseBodyList(resp, self._parse_resp(body))
+
+ def show_user_ec2_credentials(self, user_id, access):
+ resp, body = self.get('/users/%s/credentials/OS-EC2/%s' %
+ (user_id, access))
+ self.expected_success(200, resp.status)
+ return service_client.ResponseBody(resp, self._parse_resp(body))
diff --git a/tempest/test.py b/tempest/test.py
index b664b47..b737152 100644
--- a/tempest/test.py
+++ b/tempest/test.py
@@ -182,6 +182,7 @@
'volume': CONF.volume_feature_enabled.api_extensions,
'network': CONF.network_feature_enabled.api_extensions,
'object': CONF.object_storage_feature_enabled.discoverable_apis,
+ 'identity': CONF.identity_feature_enabled.api_extensions
}
if len(config_dict[service]) == 0:
return False