Credentials Keystone V3 API Tests
This submission adds new test script 'test_credentials.py' so as
to verify CRUD Operations on Credentials API. And also added
required support functions in 'credentials_client.py' for both
JSON/XMl interfaces
Implements blueprint: add-credentials-test-keystone-v3
Change-Id: I00269eaeb01af821c47300a80d89fae3dd2598a2
diff --git a/tempest/api/identity/admin/v3/test_credentials.py b/tempest/api/identity/admin/v3/test_credentials.py
new file mode 100644
index 0000000..efd2f83
--- /dev/null
+++ b/tempest/api/identity/admin/v3/test_credentials.py
@@ -0,0 +1,120 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.identity import base
+from tempest.common.utils.data_utils import rand_name
+from tempest.test import attr
+
+
+class CredentialsTestJSON(base.BaseIdentityAdminTest):
+ _interface = 'json'
+
+ @classmethod
+ def setUpClass(cls):
+ super(CredentialsTestJSON, cls).setUpClass()
+ cls.projects = list()
+ cls.creds_list = [['project_id', 'user_id', 'id'],
+ ['access', 'secret']]
+ u_name = rand_name('user-')
+ u_desc = '%s description' % u_name
+ u_email = '%s@testmail.tm' % u_name
+ u_password = rand_name('pass-')
+ for i in range(2):
+ resp, cls.project = cls.v3_client.create_project(
+ rand_name('project-'), description=rand_name('project-desc-'))
+ assert resp['status'] == '201', "Expected %s" % resp['status']
+ cls.projects.append(cls.project['id'])
+
+ resp, cls.user_body = cls.v3_client.create_user(
+ u_name, description=u_desc, password=u_password,
+ email=u_email, project_id=cls.projects[0])
+ assert resp['status'] == '201', "Expected: %s" % resp['status']
+
+ @classmethod
+ def tearDownClass(cls):
+ resp, _ = cls.v3_client.delete_user(cls.user_body['id'])
+ assert resp['status'] == '204', "Expected: %s" % resp['status']
+ for p in cls.projects:
+ resp, _ = cls.v3_client.delete_project(p)
+ assert resp['status'] == '204', "Expected: %s" % resp['status']
+ super(CredentialsTestJSON, cls).tearDownClass()
+
+ def _delete_credential(self, cred_id):
+ resp, body = self.creds_client.delete_credential(cred_id)
+ self.assertEqual(resp['status'], '204')
+
+ @attr(type='smoke')
+ def test_credentials_create_get_update_delete(self):
+ keys = [rand_name('Access-'), rand_name('Secret-')]
+ resp, cred = self.creds_client.create_credential(
+ keys[0], keys[1], self.user_body['id'],
+ self.projects[0])
+ self.addCleanup(self._delete_credential, cred['id'])
+ self.assertEqual(resp['status'], '201')
+ for value1 in self.creds_list[0]:
+ self.assertIn(value1, cred)
+ for value2 in self.creds_list[1]:
+ self.assertIn(value2, cred['blob'])
+
+ new_keys = [rand_name('NewAccess-'), rand_name('NewSecret-')]
+ resp, update_body = self.creds_client.update_credential(
+ cred['id'], access_key=new_keys[0], secret_key=new_keys[1],
+ project_id=self.projects[1])
+ self.assertEqual(resp['status'], '200')
+ self.assertEqual(cred['id'], update_body['id'])
+ self.assertEqual(self.projects[1], update_body['project_id'])
+ self.assertEqual(self.user_body['id'], update_body['user_id'])
+ self.assertEqual(update_body['blob']['access'], new_keys[0])
+ self.assertEqual(update_body['blob']['secret'], new_keys[1])
+
+ resp, get_body = self.creds_client.get_credential(cred['id'])
+ self.assertEqual(resp['status'], '200')
+ for value1 in self.creds_list[0]:
+ self.assertEqual(update_body[value1],
+ get_body[value1])
+ for value2 in self.creds_list[1]:
+ self.assertEqual(update_body['blob'][value2],
+ get_body['blob'][value2])
+
+ @attr(type='smoke')
+ def test_credentials_list_delete(self):
+ created_cred_ids = list()
+ fetched_cred_ids = list()
+
+ for i in range(2):
+ resp, cred = self.creds_client.create_credential(
+ rand_name('Access-'), rand_name('Secret-'),
+ self.user_body['id'], self.projects[0])
+ self.assertEqual(resp['status'], '201')
+ created_cred_ids.append(cred['id'])
+ self.addCleanup(self._delete_credential, cred['id'])
+
+ resp, creds = self.creds_client.list_credentials()
+ self.assertEqual(resp['status'], '200')
+
+ for i in creds:
+ fetched_cred_ids.append(i['id'])
+ missing_creds = [c for c in created_cred_ids
+ if c not in fetched_cred_ids]
+ self.assertEqual(0, len(missing_creds),
+ "Failed to find cred %s in fetched list" %
+ ', '.join(m_cred for m_cred
+ in missing_creds))
+
+
+class CredentialsTestXML(CredentialsTestJSON):
+ _interface = 'xml'
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index bfb5372..2a168de 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -34,6 +34,7 @@
cls.service_client = os.service_client
cls.policy_client = os.policy_client
cls.v3_token = os.token_v3_client
+ cls.creds_client = os.credentials_client
if not cls.client.has_admin_extensions():
raise cls.skipException("Admin extensions disabled")
diff --git a/tempest/clients.py b/tempest/clients.py
index 48e4939..49b9283 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -71,6 +71,8 @@
VolumesExtensionsClientXML
from tempest.services.identity.json.identity_client import IdentityClientJSON
from tempest.services.identity.json.identity_client import TokenClientJSON
+from tempest.services.identity.v3.json.credentials_client import \
+ CredentialsClientJSON
from tempest.services.identity.v3.json.endpoints_client import \
EndPointClientJSON
from tempest.services.identity.v3.json.identity_client import \
@@ -79,6 +81,8 @@
from tempest.services.identity.v3.json.policy_client import PolicyClientJSON
from tempest.services.identity.v3.json.service_client import \
ServiceClientJSON
+from tempest.services.identity.v3.xml.credentials_client import \
+ CredentialsClientXML
from tempest.services.identity.v3.xml.endpoints_client import EndPointClientXML
from tempest.services.identity.v3.xml.identity_client import \
IdentityV3ClientXML
@@ -252,6 +256,11 @@
"xml": V3TokenClientXML,
}
+CREDENTIALS_CLIENT = {
+ "json": CredentialsClientJSON,
+ "xml": CredentialsClientXML,
+}
+
class Manager(object):
@@ -336,6 +345,8 @@
self.policy_client = POLICY_CLIENT[interface](*client_args)
self.hypervisor_client = HYPERVISOR_CLIENT[interface](*client_args)
self.token_v3_client = V3_TOKEN_CLIENT[interface](*client_args)
+ self.credentials_client = \
+ CREDENTIALS_CLIENT[interface](*client_args)
if client_args_v3_auth:
self.servers_client_v3_auth = SERVERS_CLIENTS[interface](
diff --git a/tempest/services/identity/v3/json/credentials_client.py b/tempest/services/identity/v3/json/credentials_client.py
new file mode 100644
index 0000000..c3f788a
--- /dev/null
+++ b/tempest/services/identity/v3/json/credentials_client.py
@@ -0,0 +1,97 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import json
+from urlparse import urlparse
+
+from tempest.common.rest_client import RestClient
+
+
+class CredentialsClientJSON(RestClient):
+
+ def __init__(self, config, username, password, auth_url, tenant_name=None):
+ super(CredentialsClientJSON, self).__init__(config, username, password,
+ auth_url, tenant_name)
+ self.service = self.config.identity.catalog_type
+ self.endpoint_url = 'adminURL'
+
+ def request(self, method, url, headers=None, body=None, wait=None):
+ """Overriding the existing HTTP request in super class rest_client."""
+ self._set_auth()
+ self.base_url = self.base_url.replace(urlparse(self.base_url).path,
+ "/v3")
+ return super(CredentialsClientJSON, self).request(method, url,
+ headers=headers,
+ body=body)
+
+ def create_credential(self, access_key, secret_key, user_id, project_id):
+ """Creates a credential."""
+ blob = "{\"access\": \"%s\", \"secret\": \"%s\"}" % (
+ access_key, secret_key)
+ post_body = {
+ "blob": blob,
+ "project_id": project_id,
+ "type": "ec2",
+ "user_id": user_id
+ }
+ post_body = json.dumps({'credential': post_body})
+ resp, body = self.post('credentials', post_body,
+ self.headers)
+ body = json.loads(body)
+ body['credential']['blob'] = json.loads(body['credential']['blob'])
+ return resp, body['credential']
+
+ def update_credential(self, credential_id, **kwargs):
+ """Updates a credential."""
+ resp, body = self.get_credential(credential_id)
+ cred_type = kwargs.get('type', body['type'])
+ access_key = kwargs.get('access_key', body['blob']['access'])
+ secret_key = kwargs.get('secret_key', body['blob']['secret'])
+ project_id = kwargs.get('project_id', body['project_id'])
+ user_id = kwargs.get('user_id', body['user_id'])
+ blob = "{\"access\": \"%s\", \"secret\": \"%s\"}" % (
+ access_key, secret_key)
+ post_body = {
+ "blob": blob,
+ "project_id": project_id,
+ "type": cred_type,
+ "user_id": user_id
+ }
+ post_body = json.dumps({'credential': post_body})
+ resp, body = self.patch('credentials/%s' % credential_id, post_body,
+ self.headers)
+ body = json.loads(body)
+ body['credential']['blob'] = json.loads(body['credential']['blob'])
+ return resp, body['credential']
+
+ def get_credential(self, credential_id):
+ """To GET Details of a credential."""
+ resp, body = self.get('credentials/%s' % credential_id)
+ body = json.loads(body)
+ body['credential']['blob'] = json.loads(body['credential']['blob'])
+ return resp, body['credential']
+
+ def list_credentials(self):
+ """Lists out all the available credentials."""
+ resp, body = self.get('credentials')
+ body = json.loads(body)
+ return resp, body['credentials']
+
+ def delete_credential(self, credential_id):
+ """Deletes a credential."""
+ resp, body = self.delete('credentials/%s' % credential_id)
+ return resp, body
diff --git a/tempest/services/identity/v3/xml/credentials_client.py b/tempest/services/identity/v3/xml/credentials_client.py
new file mode 100644
index 0000000..dc0ade1
--- /dev/null
+++ b/tempest/services/identity/v3/xml/credentials_client.py
@@ -0,0 +1,121 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import json
+from urlparse import urlparse
+
+from lxml import etree
+
+from tempest.common.rest_client import RestClientXML
+from tempest.services.compute.xml.common import Document
+from tempest.services.compute.xml.common import Element
+from tempest.services.compute.xml.common import Text
+from tempest.services.compute.xml.common import xml_to_json
+
+
+XMLNS = "http://docs.openstack.org/identity/api/v3"
+
+
+class CredentialsClientXML(RestClientXML):
+
+ def __init__(self, config, username, password, auth_url, tenant_name=None):
+ super(CredentialsClientXML, self).__init__(config, username, password,
+ auth_url, tenant_name)
+ self.service = self.config.identity.catalog_type
+ self.endpoint_url = 'adminURL'
+
+ def request(self, method, url, headers=None, body=None, wait=None):
+ """Overriding the existing HTTP request in super class rest_client."""
+ self._set_auth()
+ self.base_url = self.base_url.replace(urlparse(self.base_url).path,
+ "/v3")
+ return super(CredentialsClientXML, self).request(method, url,
+ headers=headers,
+ body=body)
+
+ def _parse_body(self, body):
+ data = xml_to_json(body)
+ return data
+
+ def _parse_creds(self, node):
+ array = []
+ for child in node.getchildren():
+ tag_list = child.tag.split('}', 1)
+ if tag_list[1] == "credential":
+ array.append(xml_to_json(child))
+ return array
+
+ def create_credential(self, access_key, secret_key, user_id, project_id):
+ """Creates a credential."""
+ cred_type = 'ec2'
+ access = ""access": "%s"" % access_key
+ secret = ""secret": "%s"" % secret_key
+ blob = Element('blob',
+ xmlns=XMLNS)
+ blob.append(Text("{%s , %s}"
+ % (access, secret)))
+ credential = Element('credential', project_id=project_id,
+ type=cred_type, user_id=user_id)
+ credential.append(blob)
+ resp, body = self.post('credentials', str(Document(credential)),
+ self.headers)
+ body = self._parse_body(etree.fromstring(body))
+ body['blob'] = json.loads(body['blob'])
+ return resp, body
+
+ def update_credential(self, credential_id, **kwargs):
+ """Updates a credential."""
+ resp, body = self.get_credential(credential_id)
+ cred_type = kwargs.get('type', body['type'])
+ access_key = kwargs.get('access_key', body['blob']['access'])
+ secret_key = kwargs.get('secret_key', body['blob']['secret'])
+ project_id = kwargs.get('project_id', body['project_id'])
+ user_id = kwargs.get('user_id', body['user_id'])
+ access = ""access": "%s"" % access_key
+ secret = ""secret": "%s"" % secret_key
+ blob = Element('blob',
+ xmlns=XMLNS)
+ blob.append(Text("{%s , %s}"
+ % (access, secret)))
+ credential = Element('credential', project_id=project_id,
+ type=cred_type, user_id=user_id)
+ credential.append(blob)
+ resp, body = self.patch('credentials/%s' % credential_id,
+ str(Document(credential)),
+ self.headers)
+ body = self._parse_body(etree.fromstring(body))
+ body['blob'] = json.loads(body['blob'])
+ return resp, body
+
+ def get_credential(self, credential_id):
+ """To GET Details of a credential."""
+ resp, body = self.get('credentials/%s' % credential_id, self.headers)
+ body = self._parse_body(etree.fromstring(body))
+ body['blob'] = json.loads(body['blob'])
+ return resp, body
+
+ def list_credentials(self):
+ """Lists out all the available credentials."""
+ resp, body = self.get('credentials', self.headers)
+ body = self._parse_creds(etree.fromstring(body))
+ return resp, body
+
+ def delete_credential(self, credential_id):
+ """Deletes a credential."""
+ resp, body = self.delete('credentials/%s' % credential_id,
+ self.headers)
+ return resp, body