Merge "Don't use duplicate IP addresses"
diff --git a/etc/tempest.conf.sample b/etc/tempest.conf.sample
index 4d02dc5..f1a6f67 100644
--- a/etc/tempest.conf.sample
+++ b/etc/tempest.conf.sample
@@ -153,7 +153,7 @@
[compute-feature-enabled]
# Do we run the Nova V3 API tests?
-api_v3 = true
+api_v3 = false
# Does the Compute API support creation of images?
create_image = true
@@ -309,11 +309,13 @@
# Set operator role for tests that require creating a container
operator_role = Member
-[object-feature-enabled]
+[object-storage-feature-enabled]
# Set to True if the Account Quota middleware is enabled
accounts_quotas = True
# Set to True if the Container Quota middleware is enabled
container_quotas = True
+# Set to True if the Crossdomain middleware is enabled
+crossdomain_available = True
[boto]
# This section contains configuration options used when executing tests
diff --git a/tempest/api/compute/floating_ips/test_floating_ips_actions.py b/tempest/api/compute/floating_ips/test_floating_ips_actions.py
index 21a2256..a06309a 100644
--- a/tempest/api/compute/floating_ips/test_floating_ips_actions.py
+++ b/tempest/api/compute/floating_ips/test_floating_ips_actions.py
@@ -37,7 +37,6 @@
# Server creation
resp, server = cls.create_test_server(wait_until='ACTIVE')
cls.server_id = server['id']
- resp, body = cls.servers_client.get_server(server['id'])
# Floating IP creation
resp, body = cls.client.create_floating_ip()
cls.floating_ip_id = body['id']
diff --git a/tempest/api/compute/floating_ips/test_list_floating_ips.py b/tempest/api/compute/floating_ips/test_list_floating_ips.py
index 7fec2d1..6387f4e 100644
--- a/tempest/api/compute/floating_ips/test_list_floating_ips.py
+++ b/tempest/api/compute/floating_ips/test_list_floating_ips.py
@@ -32,7 +32,6 @@
cls.client = cls.floating_ips_client
cls.floating_ip = []
cls.floating_ip_id = []
- cls.random_number = 0
for i in range(3):
resp, body = cls.client.create_floating_ip()
cls.floating_ip.append(body)
diff --git a/tempest/api/compute/images/test_images_oneserver.py b/tempest/api/compute/images/test_images_oneserver.py
index d0bed57..870b268 100644
--- a/tempest/api/compute/images/test_images_oneserver.py
+++ b/tempest/api/compute/images/test_images_oneserver.py
@@ -22,10 +22,8 @@
from tempest import clients
from tempest.common.utils.data_utils import parse_image_id
from tempest.common.utils.data_utils import rand_name
-from tempest import exceptions
from tempest.openstack.common import log as logging
from tempest.test import attr
-from tempest.test import skip_because
LOG = logging.getLogger(__name__)
@@ -83,31 +81,6 @@
cls.alt_manager = clients.AltManager()
cls.alt_client = cls.alt_manager.images_client
- @skip_because(bug="1006725")
- @attr(type=['negative', 'gate'])
- def test_create_image_specify_multibyte_character_image_name(self):
- # Return an error if the image name has multi-byte characters
- snapshot_name = rand_name('\xef\xbb\xbf')
- self.assertRaises(exceptions.BadRequest,
- self.client.create_image, self.server_id,
- snapshot_name)
-
- @attr(type=['negative', 'gate'])
- def test_create_image_specify_invalid_metadata(self):
- # Return an error when creating image with invalid metadata
- snapshot_name = rand_name('test-snap-')
- meta = {'': ''}
- self.assertRaises(exceptions.BadRequest, self.client.create_image,
- self.server_id, snapshot_name, meta)
-
- @attr(type=['negative', 'gate'])
- def test_create_image_specify_metadata_over_limits(self):
- # Return an error when creating image with meta data over 256 chars
- snapshot_name = rand_name('test-snap-')
- meta = {'a' * 260: 'b' * 260}
- self.assertRaises(exceptions.BadRequest, self.client.create_image,
- self.server_id, snapshot_name, meta)
-
def _get_default_flavor_disk_size(self, flavor_id):
resp, flavor = self.flavors_client.get_flavor_details(flavor_id)
return flavor['disk']
@@ -145,49 +118,6 @@
self.assertEqual('204', resp['status'])
self.client.wait_for_resource_deletion(image_id)
- @attr(type=['negative', 'gate'])
- def test_create_second_image_when_first_image_is_being_saved(self):
- # Disallow creating another image when first image is being saved
-
- # Create first snapshot
- snapshot_name = rand_name('test-snap-')
- resp, body = self.client.create_image(self.server_id,
- snapshot_name)
- self.assertEqual(202, resp.status)
- image_id = parse_image_id(resp['location'])
- self.image_ids.append(image_id)
-
- # Create second snapshot
- alt_snapshot_name = rand_name('test-snap-')
- self.assertRaises(exceptions.Conflict, self.client.create_image,
- self.server_id, alt_snapshot_name)
- self.client.wait_for_image_status(image_id, 'ACTIVE')
-
- @attr(type=['negative', 'gate'])
- def test_create_image_specify_name_over_256_chars(self):
- # Return an error if snapshot name over 256 characters is passed
-
- snapshot_name = rand_name('a' * 260)
- self.assertRaises(exceptions.BadRequest, self.client.create_image,
- self.server_id, snapshot_name)
-
- @attr(type=['negative', 'gate'])
- def test_delete_image_that_is_not_yet_active(self):
- # Return an error while trying to delete an image what is creating
-
- snapshot_name = rand_name('test-snap-')
- resp, body = self.client.create_image(self.server_id, snapshot_name)
- self.assertEqual(202, resp.status)
- image_id = parse_image_id(resp['location'])
- self.image_ids.append(image_id)
-
- # Do not wait, attempt to delete the image, ensure it's successful
- resp, body = self.client.delete_image(image_id)
- self.assertEqual('204', resp['status'])
- self.image_ids.remove(image_id)
-
- self.assertRaises(exceptions.NotFound, self.client.get_image, image_id)
-
class ImagesOneServerTestXML(ImagesOneServerTestJSON):
_interface = 'xml'
diff --git a/tempest/api/compute/images/test_images_oneserver_negative.py b/tempest/api/compute/images/test_images_oneserver_negative.py
new file mode 100644
index 0000000..db3acb5
--- /dev/null
+++ b/tempest/api/compute/images/test_images_oneserver_negative.py
@@ -0,0 +1,155 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2012 OpenStack Foundation
+# Copyright 2013 IBM Corp.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api import compute
+from tempest.api.compute import base
+from tempest import clients
+from tempest.common.utils.data_utils import parse_image_id
+from tempest.common.utils.data_utils import rand_name
+from tempest import exceptions
+from tempest.openstack.common import log as logging
+from tempest.test import attr
+from tempest.test import skip_because
+
+LOG = logging.getLogger(__name__)
+
+
+class ImagesOneServerNegativeTestJSON(base.BaseV2ComputeTest):
+ _interface = 'json'
+
+ def tearDown(self):
+ """Terminate test instances created after a test is executed."""
+ for image_id in self.image_ids:
+ self.client.delete_image(image_id)
+ self.image_ids.remove(image_id)
+ super(ImagesOneServerNegativeTestJSON, self).tearDown()
+
+ def setUp(self):
+ # NOTE(afazekas): Normally we use the same server with all test cases,
+ # but if it has an issue, we build a new one
+ super(ImagesOneServerNegativeTestJSON, self).setUp()
+ # Check if the server is in a clean state after test
+ try:
+ self.servers_client.wait_for_server_status(self.server_id,
+ 'ACTIVE')
+ except Exception as exc:
+ LOG.exception(exc)
+ # Rebuild server if cannot reach the ACTIVE state
+ # Usually it means the server had a serius accident
+ self.rebuild_server()
+
+ @classmethod
+ def setUpClass(cls):
+ super(ImagesOneServerNegativeTestJSON, cls).setUpClass()
+ cls.client = cls.images_client
+ if not cls.config.service_available.glance:
+ skip_msg = ("%s skipped as glance is not available" % cls.__name__)
+ raise cls.skipException(skip_msg)
+
+ try:
+ resp, server = cls.create_test_server(wait_until='ACTIVE')
+ cls.server_id = server['id']
+ except Exception:
+ cls.tearDownClass()
+ raise
+
+ cls.image_ids = []
+
+ if compute.MULTI_USER:
+ if cls.config.compute.allow_tenant_isolation:
+ creds = cls.isolated_creds.get_alt_creds()
+ username, tenant_name, password = creds
+ cls.alt_manager = clients.Manager(username=username,
+ password=password,
+ tenant_name=tenant_name)
+ else:
+ # Use the alt_XXX credentials in the config file
+ cls.alt_manager = clients.AltManager()
+ cls.alt_client = cls.alt_manager.images_client
+
+ @skip_because(bug="1006725")
+ @attr(type=['negative', 'gate'])
+ def test_create_image_specify_multibyte_character_image_name(self):
+ # Return an error if the image name has multi-byte characters
+ snapshot_name = rand_name('\xef\xbb\xbf')
+ self.assertRaises(exceptions.BadRequest,
+ self.client.create_image, self.server_id,
+ snapshot_name)
+
+ @attr(type=['negative', 'gate'])
+ def test_create_image_specify_invalid_metadata(self):
+ # Return an error when creating image with invalid metadata
+ snapshot_name = rand_name('test-snap-')
+ meta = {'': ''}
+ self.assertRaises(exceptions.BadRequest, self.client.create_image,
+ self.server_id, snapshot_name, meta)
+
+ @attr(type=['negative', 'gate'])
+ def test_create_image_specify_metadata_over_limits(self):
+ # Return an error when creating image with meta data over 256 chars
+ snapshot_name = rand_name('test-snap-')
+ meta = {'a' * 260: 'b' * 260}
+ self.assertRaises(exceptions.BadRequest, self.client.create_image,
+ self.server_id, snapshot_name, meta)
+
+ @attr(type=['negative', 'gate'])
+ def test_create_second_image_when_first_image_is_being_saved(self):
+ # Disallow creating another image when first image is being saved
+
+ # Create first snapshot
+ snapshot_name = rand_name('test-snap-')
+ resp, body = self.client.create_image(self.server_id,
+ snapshot_name)
+ self.assertEqual(202, resp.status)
+ image_id = parse_image_id(resp['location'])
+ self.image_ids.append(image_id)
+
+ # Create second snapshot
+ alt_snapshot_name = rand_name('test-snap-')
+ self.assertRaises(exceptions.Conflict, self.client.create_image,
+ self.server_id, alt_snapshot_name)
+ self.client.wait_for_image_status(image_id, 'ACTIVE')
+
+ @attr(type=['negative', 'gate'])
+ def test_create_image_specify_name_over_256_chars(self):
+ # Return an error if snapshot name over 256 characters is passed
+
+ snapshot_name = rand_name('a' * 260)
+ self.assertRaises(exceptions.BadRequest, self.client.create_image,
+ self.server_id, snapshot_name)
+
+ @attr(type=['negative', 'gate'])
+ def test_delete_image_that_is_not_yet_active(self):
+ # Return an error while trying to delete an image what is creating
+
+ snapshot_name = rand_name('test-snap-')
+ resp, body = self.client.create_image(self.server_id, snapshot_name)
+ self.assertEqual(202, resp.status)
+ image_id = parse_image_id(resp['location'])
+ self.image_ids.append(image_id)
+
+ # Do not wait, attempt to delete the image, ensure it's successful
+ resp, body = self.client.delete_image(image_id)
+ self.assertEqual('204', resp['status'])
+ self.image_ids.remove(image_id)
+
+ self.assertRaises(exceptions.NotFound, self.client.get_image, image_id)
+
+
+class ImagesOneServerNegativeTestXML(ImagesOneServerNegativeTestJSON):
+ _interface = 'xml'
diff --git a/tempest/api/compute/servers/test_server_actions.py b/tempest/api/compute/servers/test_server_actions.py
index b8700ec..bc53862 100644
--- a/tempest/api/compute/servers/test_server_actions.py
+++ b/tempest/api/compute/servers/test_server_actions.py
@@ -199,6 +199,7 @@
required time (%s s).' % (self.server_id, self.build_timeout)
raise exceptions.TimeoutException(message)
+ @skip_because(bug="1251920")
@attr(type='gate')
def test_create_backup(self):
# Positive test:create backup successfully and rotate backups correctly
diff --git a/tempest/api/compute/servers/test_server_password.py b/tempest/api/compute/servers/test_server_password.py
new file mode 100644
index 0000000..93c6e44
--- /dev/null
+++ b/tempest/api/compute/servers/test_server_password.py
@@ -0,0 +1,44 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 IBM Corporation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+from tempest.api.compute import base
+from tempest.test import attr
+
+
+class ServerPasswordTestJSON(base.BaseV2ComputeTest):
+ _interface = 'json'
+
+ @classmethod
+ def setUpClass(cls):
+ super(ServerPasswordTestJSON, cls).setUpClass()
+ cls.client = cls.servers_client
+ resp, cls.server = cls.create_test_server(wait_until="ACTIVE")
+
+ @attr(type='gate')
+ def test_get_server_password(self):
+ resp, body = self.client.get_password(self.server['id'])
+ self.assertEqual(200, resp.status)
+
+ @attr(type='gate')
+ def test_delete_server_password(self):
+ resp, body = self.client.delete_password(self.server['id'])
+ self.assertEqual(204, resp.status)
+
+
+class ServerPasswordTestXML(ServerPasswordTestJSON):
+ _interface = 'xml'
diff --git a/tempest/api/identity/admin/test_roles.py b/tempest/api/identity/admin/test_roles.py
index 543cd91..8205d15 100644
--- a/tempest/api/identity/admin/test_roles.py
+++ b/tempest/api/identity/admin/test_roles.py
@@ -16,8 +16,7 @@
# under the License.
from tempest.api.identity import base
-from tempest.common.utils.data_utils import rand_name
-from tempest import exceptions
+from tempest.common.utils import data_utils
from tempest.test import attr
@@ -28,7 +27,8 @@
def setUpClass(cls):
super(RolesTestJSON, cls).setUpClass()
for _ in xrange(5):
- resp, role = cls.client.create_role(rand_name('role-'))
+ role_name = data_utils.rand_name(name='role-')
+ resp, role = cls.client.create_role(role_name)
cls.data.roles.append(role)
def _get_role_params(self):
@@ -55,23 +55,9 @@
self.assertEqual(len(found), len(self.data.roles))
@attr(type='gate')
- def test_list_roles_by_unauthorized_user(self):
- # Non-administrator user should not be able to list roles
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.list_roles)
-
- @attr(type='gate')
- def test_list_roles_request_without_token(self):
- # Request to list roles without a valid token should fail
- token = self.client.get_auth()
- self.client.delete_token(token)
- self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
- self.client.clear_auth()
-
- @attr(type='gate')
def test_role_create_delete(self):
# Role should be created, verified, and deleted
- role_name = rand_name('role-test-')
+ role_name = data_utils.rand_name(name='role-test-')
resp, body = self.client.create_role(role_name)
self.assertIn('status', resp)
self.assertTrue(resp['status'].startswith('2'))
@@ -90,23 +76,6 @@
self.assertFalse(any(found))
@attr(type='gate')
- def test_role_create_blank_name(self):
- # Should not be able to create a role with a blank name
- self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
-
- @attr(type='gate')
- def test_role_create_duplicate(self):
- # Role names should be unique
- role_name = rand_name('role-dup-')
- resp, body = self.client.create_role(role_name)
- role1_id = body.get('id')
- self.assertIn('status', resp)
- self.assertTrue(resp['status'].startswith('2'))
- self.addCleanup(self.client.delete_role, role1_id)
- self.assertRaises(exceptions.Conflict, self.client.create_role,
- role_name)
-
- @attr(type='gate')
def test_assign_user_role(self):
# Assign a role to a user on a tenant
(user, tenant, role) = self._get_role_params()
@@ -115,55 +84,6 @@
self.assert_role_in_role_list(role, roles)
@attr(type='gate')
- def test_assign_user_role_by_unauthorized_user(self):
- # Non-administrator user should not be authorized to
- # assign a role to user
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.assign_user_role,
- tenant['id'], user['id'], role['id'])
-
- @attr(type='gate')
- def test_assign_user_role_request_without_token(self):
- # Request to assign a role to a user without a valid token
- (user, tenant, role) = self._get_role_params()
- token = self.client.get_auth()
- self.client.delete_token(token)
- self.assertRaises(exceptions.Unauthorized,
- self.client.assign_user_role, tenant['id'],
- user['id'], role['id'])
- self.client.clear_auth()
-
- @attr(type='gate')
- def test_assign_user_role_for_non_existent_user(self):
- # Attempt to assign a role to a non existent user should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
- tenant['id'], 'junk-user-id-999', role['id'])
-
- @attr(type='gate')
- def test_assign_user_role_for_non_existent_role(self):
- # Attempt to assign a non existent role to user should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
- tenant['id'], user['id'], 'junk-role-id-12345')
-
- @attr(type='gate')
- def test_assign_user_role_for_non_existent_tenant(self):
- # Attempt to assign a role on a non existent tenant should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
- 'junk-tenant-1234', user['id'], role['id'])
-
- @attr(type='gate')
- def test_assign_duplicate_user_role(self):
- # Duplicate user role should not get assigned
- (user, tenant, role) = self._get_role_params()
- self.client.assign_user_role(tenant['id'], user['id'], role['id'])
- self.assertRaises(exceptions.Conflict, self.client.assign_user_role,
- tenant['id'], user['id'], role['id'])
-
- @attr(type='gate')
def test_remove_user_role(self):
# Remove a role assigned to a user on a tenant
(user, tenant, role) = self._get_role_params()
@@ -174,62 +94,6 @@
self.assertEqual(resp['status'], '204')
@attr(type='gate')
- def test_remove_user_role_by_unauthorized_user(self):
- # Non-administrator user should not be authorized to
- # remove a user's role
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.remove_user_role,
- tenant['id'], user['id'], role['id'])
-
- @attr(type='gate')
- def test_remove_user_role_request_without_token(self):
- # Request to remove a user's role without a valid token
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- token = self.client.get_auth()
- self.client.delete_token(token)
- self.assertRaises(exceptions.Unauthorized,
- self.client.remove_user_role, tenant['id'],
- user['id'], role['id'])
- self.client.clear_auth()
-
- @attr(type='gate')
- def test_remove_user_role_non_existant_user(self):
- # Attempt to remove a role from a non existent user should fail
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
- tenant['id'], 'junk-user-id-123', role['id'])
-
- @attr(type='gate')
- def test_remove_user_role_non_existant_role(self):
- # Attempt to delete a non existent role from a user should fail
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
- tenant['id'], user['id'], 'junk-user-role-123')
-
- @attr(type='gate')
- def test_remove_user_role_non_existant_tenant(self):
- # Attempt to remove a role from a non existent tenant should fail
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
- 'junk-tenant-id-123', user['id'], role['id'])
-
- @attr(type='gate')
def test_list_user_roles(self):
# List roles assigned to a user on tenant
(user, tenant, role) = self._get_role_params()
@@ -237,36 +101,6 @@
resp, roles = self.client.list_user_roles(tenant['id'], user['id'])
self.assert_role_in_role_list(role, roles)
- @attr(type='gate')
- def test_list_user_roles_by_unauthorized_user(self):
- # Non-administrator user should not be authorized to list
- # a user's roles
- (user, tenant, role) = self._get_role_params()
- self.client.assign_user_role(tenant['id'], user['id'], role['id'])
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.list_user_roles, tenant['id'],
- user['id'])
-
- @attr(type='gate')
- def test_list_user_roles_request_without_token(self):
- # Request to list user's roles without a valid token should fail
- (user, tenant, role) = self._get_role_params()
- token = self.client.get_auth()
- self.client.delete_token(token)
- try:
- self.assertRaises(exceptions.Unauthorized,
- self.client.list_user_roles, tenant['id'],
- user['id'])
- finally:
- self.client.clear_auth()
-
- @attr(type='gate')
- def test_list_user_roles_for_non_existent_user(self):
- # Attempt to list roles of a non existent user should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
- tenant['id'], 'junk-role-aabbcc11')
-
class RolesTestXML(RolesTestJSON):
_interface = 'xml'
diff --git a/tempest/api/identity/admin/test_roles_negative.py b/tempest/api/identity/admin/test_roles_negative.py
new file mode 100644
index 0000000..83d1d4d
--- /dev/null
+++ b/tempest/api/identity/admin/test_roles_negative.py
@@ -0,0 +1,262 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 Huawei Technologies Co.,LTD.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import uuid
+
+from tempest.api.identity import base
+from tempest.common.utils import data_utils
+from tempest import exceptions
+from tempest.test import attr
+
+
+class RolesNegativeTestJSON(base.BaseIdentityAdminTest):
+ _interface = 'json'
+
+ def _get_role_params(self):
+ self.data.setup_test_user()
+ self.data.setup_test_role()
+ user = self.get_user_by_name(self.data.test_user)
+ tenant = self.get_tenant_by_name(self.data.test_tenant)
+ role = self.get_role_by_name(self.data.test_role)
+ return (user, tenant, role)
+
+ @attr(type=['negative', 'gate'])
+ def test_list_roles_by_unauthorized_user(self):
+ # Non-administrator user should not be able to list roles
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.list_roles)
+
+ @attr(type=['negative', 'gate'])
+ def test_list_roles_request_without_token(self):
+ # Request to list roles without a valid token should fail
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_role_create_blank_name(self):
+ # Should not be able to create a role with a blank name
+ self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
+
+ @attr(type=['negative', 'gate'])
+ def test_create_role_by_unauthorized_user(self):
+ # Non-administrator user should not be able to create role
+ role_name = data_utils.rand_name(name='role-')
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.create_role, role_name)
+
+ @attr(type=['negative', 'gate'])
+ def test_create_role_request_without_token(self):
+ # Request to create role without a valid token should fail
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ role_name = data_utils.rand_name(name='role-')
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.create_role, role_name)
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_role_create_duplicate(self):
+ # Role names should be unique
+ role_name = data_utils.rand_name(name='role-dup-')
+ resp, body = self.client.create_role(role_name)
+ role1_id = body.get('id')
+ self.assertIn('status', resp)
+ self.assertTrue(resp['status'].startswith('2'))
+ self.addCleanup(self.client.delete_role, role1_id)
+ self.assertRaises(exceptions.Conflict, self.client.create_role,
+ role_name)
+
+ @attr(type=['negative', 'gate'])
+ def test_delete_role_by_unauthorized_user(self):
+ # Non-administrator user should not be able to delete role
+ role_name = data_utils.rand_name(name='role-')
+ resp, body = self.client.create_role(role_name)
+ self.assertEqual(200, resp.status)
+ self.data.roles.append(body)
+ role_id = body.get('id')
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.delete_role, role_id)
+
+ @attr(type=['negative', 'gate'])
+ def test_delete_role_request_without_token(self):
+ # Request to delete role without a valid token should fail
+ role_name = data_utils.rand_name(name='role-')
+ resp, body = self.client.create_role(role_name)
+ self.assertEqual(200, resp.status)
+ self.data.roles.append(body)
+ role_id = body.get('id')
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.delete_role,
+ role_id)
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_delete_role_non_existent(self):
+ # Attempt to delete a non existent role should fail
+ non_existent_role = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.delete_role,
+ non_existent_role)
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_by_unauthorized_user(self):
+ # Non-administrator user should not be authorized to
+ # assign a role to user
+ (user, tenant, role) = self._get_role_params()
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.assign_user_role,
+ tenant['id'], user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_request_without_token(self):
+ # Request to assign a role to a user without a valid token
+ (user, tenant, role) = self._get_role_params()
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.assign_user_role, tenant['id'],
+ user['id'], role['id'])
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_for_non_existent_user(self):
+ # Attempt to assign a role to a non existent user should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_user = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
+ tenant['id'], non_existent_user, role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_for_non_existent_role(self):
+ # Attempt to assign a non existent role to user should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_role = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
+ tenant['id'], user['id'], non_existent_role)
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_for_non_existent_tenant(self):
+ # Attempt to assign a role on a non existent tenant should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_tenant = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
+ non_existent_tenant, user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_duplicate_user_role(self):
+ # Duplicate user role should not get assigned
+ (user, tenant, role) = self._get_role_params()
+ self.client.assign_user_role(tenant['id'], user['id'], role['id'])
+ self.assertRaises(exceptions.Conflict, self.client.assign_user_role,
+ tenant['id'], user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_by_unauthorized_user(self):
+ # Non-administrator user should not be authorized to
+ # remove a user's role
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.remove_user_role,
+ tenant['id'], user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_request_without_token(self):
+ # Request to remove a user's role without a valid token
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.remove_user_role, tenant['id'],
+ user['id'], role['id'])
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_non_existant_user(self):
+ # Attempt to remove a role from a non existent user should fail
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ non_existant_user = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
+ tenant['id'], non_existant_user, role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_non_existant_role(self):
+ # Attempt to delete a non existent role from a user should fail
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ non_existant_role = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
+ tenant['id'], user['id'], non_existant_role)
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_non_existant_tenant(self):
+ # Attempt to remove a role from a non existent tenant should fail
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ non_existant_tenant = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
+ non_existant_tenant, user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_list_user_roles_by_unauthorized_user(self):
+ # Non-administrator user should not be authorized to list
+ # a user's roles
+ (user, tenant, role) = self._get_role_params()
+ self.client.assign_user_role(tenant['id'], user['id'], role['id'])
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.list_user_roles, tenant['id'],
+ user['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_list_user_roles_request_without_token(self):
+ # Request to list user's roles without a valid token should fail
+ (user, tenant, role) = self._get_role_params()
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ try:
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.list_user_roles, tenant['id'],
+ user['id'])
+ finally:
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_list_user_roles_for_non_existent_user(self):
+ # Attempt to list roles of a non existent user should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_user = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
+ tenant['id'], non_existent_user)
+
+
+class RolesTestXML(RolesNegativeTestJSON):
+ _interface = 'xml'
diff --git a/tempest/api/identity/admin/test_users.py b/tempest/api/identity/admin/test_users.py
index 906fad3..5d5a814 100644
--- a/tempest/api/identity/admin/test_users.py
+++ b/tempest/api/identity/admin/test_users.py
@@ -31,8 +31,6 @@
cls.alt_user = data_utils.rand_name('test_user_')
cls.alt_password = data_utils.rand_name('pass_')
cls.alt_email = cls.alt_user + '@testmail.tm'
- cls.alt_tenant = data_utils.rand_name('test_tenant_')
- cls.alt_description = data_utils.rand_name('desc_')
@attr(type='smoke')
def test_create_user(self):
diff --git a/tempest/api/identity/admin/test_users_negative.py b/tempest/api/identity/admin/test_users_negative.py
index b29d155..e3e5a63 100644
--- a/tempest/api/identity/admin/test_users_negative.py
+++ b/tempest/api/identity/admin/test_users_negative.py
@@ -31,8 +31,6 @@
cls.alt_user = rand_name('test_user_')
cls.alt_password = rand_name('pass_')
cls.alt_email = cls.alt_user + '@testmail.tm'
- cls.alt_tenant = rand_name('test_tenant_')
- cls.alt_description = rand_name('desc_')
@attr(type=['negative', 'gate'])
def test_create_user_by_unauthorized_user(self):
diff --git a/tempest/api/object_storage/test_crossdomain.py b/tempest/api/object_storage/test_crossdomain.py
new file mode 100644
index 0000000..0ae7e46
--- /dev/null
+++ b/tempest/api/object_storage/test_crossdomain.py
@@ -0,0 +1,82 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
+#
+# Author: Joe H. Rahme <joe.hakim.rahme@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.object_storage import base
+from tempest import clients
+from tempest import config
+from tempest.test import attr
+from tempest.test import HTTP_SUCCESS
+
+
+class CrossdomainTest(base.BaseObjectTest):
+ crossdomain_available = \
+ config.TempestConfig().object_storage_feature_enabled.crossdomain
+
+ @classmethod
+ def setUpClass(cls):
+ super(CrossdomainTest, cls).setUpClass()
+
+ # skip this test if CORS isn't enabled in the conf file.
+ if not cls.crossdomain_available:
+ skip_msg = ("%s skipped as Crossdomain middleware not available"
+ % cls.__name__)
+ raise cls.skipException(skip_msg)
+
+ # creates a test user. The test user will set its base_url to the Swift
+ # endpoint and test the healthcheck feature.
+ cls.data.setup_test_user()
+
+ cls.os_test_user = clients.Manager(
+ cls.data.test_user,
+ cls.data.test_password,
+ cls.data.test_tenant)
+
+ cls.xml_start = '<?xml version="1.0"?>\n' \
+ '<!DOCTYPE cross-domain-policy SYSTEM ' \
+ '"http://www.adobe.com/xml/dtds/cross-domain-policy.' \
+ 'dtd" >\n<cross-domain-policy>\n'
+
+ cls.xml_end = "</cross-domain-policy>"
+
+ @classmethod
+ def tearDownClass(cls):
+ cls.data.teardown_all()
+ super(CrossdomainTest, cls).tearDownClass()
+
+ def setUp(self):
+ super(CrossdomainTest, self).setUp()
+
+ client = self.os_test_user.account_client
+ client._set_auth()
+ # Turning http://.../v1/foobar into http://.../
+ client.base_url = "/".join(client.base_url.split("/")[:-2])
+
+ def tearDown(self):
+ # clear the base_url for subsequent requests
+ self.os_test_user.account_client.base_url = None
+
+ super(CrossdomainTest, self).tearDown()
+
+ @attr('gate')
+ def test_get_crossdomain_policy(self):
+ resp, body = self.os_test_user.account_client.get("crossdomain.xml",
+ {})
+
+ self.assertIn(int(resp['status']), HTTP_SUCCESS)
+ self.assertTrue(body.startswith(self.xml_start) and
+ body.endswith(self.xml_end))
diff --git a/tempest/config.py b/tempest/config.py
index 68b51c3..009147b 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -211,7 +211,7 @@
ComputeFeaturesGroup = [
cfg.BoolOpt('api_v3',
- default=True,
+ default=False,
help="If false, skip all nova v3 tests."),
cfg.BoolOpt('disk_config',
default=True,
@@ -411,6 +411,9 @@
cfg.BoolOpt('accounts_quotas',
default=True,
help="Set to True if the Account Quota middleware is enabled"),
+ cfg.BoolOpt('crossdomain',
+ default=True,
+ help="Set to True if the Crossdomain middleware is enabled"),
]
diff --git a/tempest/services/compute/json/servers_client.py b/tempest/services/compute/json/servers_client.py
index 87512fb..3c6a40f 100644
--- a/tempest/services/compute/json/servers_client.py
+++ b/tempest/services/compute/json/servers_client.py
@@ -210,6 +210,21 @@
return self.action(server_id, 'changePassword', None,
adminPass=adminPass)
+ def get_password(self, server_id):
+ resp, body = self.get("servers/%s/os-server-password" %
+ str(server_id))
+ body = json.loads(body)
+ return resp, body
+
+ def delete_password(self, server_id):
+ """
+ Removes the encrypted server password from the metadata server
+ Note that this does not actually change the instance server
+ password.
+ """
+ return self.delete("servers/%s/os-server-password" %
+ str(server_id))
+
def reboot(self, server_id, reboot_type):
"""Reboots a server."""
return self.action(server_id, 'reboot', None, type=reboot_type)
diff --git a/tempest/services/compute/xml/servers_client.py b/tempest/services/compute/xml/servers_client.py
index 3319238..3e5413c 100644
--- a/tempest/services/compute/xml/servers_client.py
+++ b/tempest/services/compute/xml/servers_client.py
@@ -431,6 +431,21 @@
return self.action(server_id, "changePassword", None,
adminPass=password)
+ def get_password(self, server_id):
+ resp, body = self.get("servers/%s/os-server-password" %
+ str(server_id), self.headers)
+ body = xml_to_json(etree.fromstring(body))
+ return resp, body
+
+ def delete_password(self, server_id):
+ """
+ Removes the encrypted server password from the metadata server
+ Note that this does not actually change the instance server
+ password.
+ """
+ return self.delete("servers/%s/os-server-password" %
+ str(server_id))
+
def reboot(self, server_id, reboot_type):
return self.action(server_id, "reboot", None, type=reboot_type)