Merge "Add test to verify hostname allows FQDN"
diff --git a/releasenotes/notes/Add-http_qcow2_image-config-option-a9dca410897c3044.yaml b/releasenotes/notes/Add-http_qcow2_image-config-option-a9dca410897c3044.yaml
new file mode 100644
index 0000000..c1b0033
--- /dev/null
+++ b/releasenotes/notes/Add-http_qcow2_image-config-option-a9dca410897c3044.yaml
@@ -0,0 +1,8 @@
+---
+features:
+ - |
+ Added a new config option in the `image` section, `http_qcow2_image`,
+ which will use `qcow2` format image to download from the external
+ source specified and use it for image conversion in glance tests. By
+ default it will download
+ `http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img`
diff --git a/releasenotes/notes/add-enable-volume-image-dep-tests-option-150b929d18da233f.yaml b/releasenotes/notes/add-enable-volume-image-dep-tests-option-150b929d18da233f.yaml
new file mode 100644
index 0000000..e78201e
--- /dev/null
+++ b/releasenotes/notes/add-enable-volume-image-dep-tests-option-150b929d18da233f.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Add new config option 'enable_volume_image_dep_tests' in section
+ [volume-feature-enabled] which should be used in
+ image<->volume<->snapshot dependency tests.
diff --git a/releasenotes/notes/add-placement-resource-provider-traits-api-calls-9f4b0455afec9afb.yaml b/releasenotes/notes/add-placement-resource-provider-traits-api-calls-9f4b0455afec9afb.yaml
new file mode 100644
index 0000000..1d1811c
--- /dev/null
+++ b/releasenotes/notes/add-placement-resource-provider-traits-api-calls-9f4b0455afec9afb.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Adds API calls for traits in ResourceProvidersClient.
diff --git a/releasenotes/notes/add-placement-traits-api-calls-087061f5455f0b12.yaml b/releasenotes/notes/add-placement-traits-api-calls-087061f5455f0b12.yaml
new file mode 100644
index 0000000..77d0b38
--- /dev/null
+++ b/releasenotes/notes/add-placement-traits-api-calls-087061f5455f0b12.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Adds API calls for traits in PlacementClient.
diff --git a/releasenotes/notes/cleanup-attr-decorator-alias-78ce21eb20d87e01.yaml b/releasenotes/notes/cleanup-attr-decorator-alias-78ce21eb20d87e01.yaml
new file mode 100644
index 0000000..43091e1
--- /dev/null
+++ b/releasenotes/notes/cleanup-attr-decorator-alias-78ce21eb20d87e01.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - |
+ The ``attr`` decorator is no longer available in the ``tempest.test``
+ module. Use the ``tempest.lib.decorators`` module instead.
diff --git a/releasenotes/notes/image-config-http-image-default-value-change-476622e984e16ab5.yaml b/releasenotes/notes/image-config-http-image-default-value-change-476622e984e16ab5.yaml
new file mode 100644
index 0000000..96e9251
--- /dev/null
+++ b/releasenotes/notes/image-config-http-image-default-value-change-476622e984e16ab5.yaml
@@ -0,0 +1,7 @@
+---
+upgrade:
+ - |
+ Changed the default value of 'http_image' config option in the
+ 'image' group to 'http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-uec.tar.gz'
+ from 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz' as former
+ image is very old and we should always use latest one.
\ No newline at end of file
diff --git a/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml
new file mode 100644
index 0000000..d927a68
--- /dev/null
+++ b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml
@@ -0,0 +1,23 @@
+---
+upgrade:
+ - |
+ Tests for identity v2 API have been removed.
+
+deprecations:
+ - |
+ The following options have been formally deprecated. These options were
+ used to test identity v2 API which was removed during Queens cycle.
+ The tests for identity v2 API were removed from tempest and these options
+ have no effect.
+
+ - ``[identity] uri``
+ - ``[identity] v2_admin_endpoint_type``
+ - ``[identity] v2_public_endpoint_type``
+ - ``[identity-feature-enabled] api_v2_admin``
+
+ - |
+ The following options have been deprecated because only identity v3 API
+ is used.
+
+ - ``[identity] auth_version``
+ - ``[identity-feature-enabled] api_v3``
diff --git a/tempest/api/compute/servers/test_delete_server.py b/tempest/api/compute/servers/test_delete_server.py
index ee25a22..596d2bd 100644
--- a/tempest/api/compute/servers/test_delete_server.py
+++ b/tempest/api/compute/servers/test_delete_server.py
@@ -99,11 +99,14 @@
def test_delete_server_while_in_verify_resize_state(self):
"""Test deleting a server while it's VM state is VERIFY_RESIZE"""
server = self.create_test_server(wait_until='ACTIVE')
- self.client.resize_server(server['id'], self.flavor_ref_alt)
- waiters.wait_for_server_status(self.client, server['id'],
- 'VERIFY_RESIZE')
- self.client.delete_server(server['id'])
- waiters.wait_for_server_termination(self.client, server['id'])
+ body = self.client.resize_server(server['id'], self.flavor_ref_alt)
+ request_id = body.response['x-openstack-request-id']
+ waiters.wait_for_server_status(
+ self.client, server['id'], 'VERIFY_RESIZE', request_id=request_id)
+ body = self.client.delete_server(server['id'])
+ request_id = body.response['x-openstack-request-id']
+ waiters.wait_for_server_termination(
+ self.client, server['id'], request_id=request_id)
@decorators.idempotent_id('d0f3f0d6-d9b6-4a32-8da4-23015dcab23c')
@utils.services('volume')
diff --git a/tempest/api/identity/admin/v2/__init__.py b/tempest/api/identity/admin/v2/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/api/identity/admin/v2/__init__.py
+++ /dev/null
diff --git a/tempest/api/identity/admin/v2/test_endpoints.py b/tempest/api/identity/admin/v2/test_endpoints.py
deleted file mode 100644
index 20d023b..0000000
--- a/tempest/api/identity/admin/v2/test_endpoints.py
+++ /dev/null
@@ -1,97 +0,0 @@
-# Copyright 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class EndPointsTestJSON(base.BaseIdentityV2AdminTest):
- """Test keystone v2 endpoints"""
-
- @classmethod
- def resource_setup(cls):
- super(EndPointsTestJSON, cls).resource_setup()
- s_name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- s_description = data_utils.rand_name(
- name='description', prefix=CONF.resource_name_prefix)
- service_data = cls.services_client.create_service(
- name=s_name, type=s_type,
- description=s_description)['OS-KSADM:service']
- cls.addClassResourceCleanup(cls.services_client.delete_service,
- service_data['id'])
- cls.service_id = service_data['id']
- # Create endpoints so as to use for LIST and GET test cases
- cls.setup_endpoints = list()
- for _ in range(2):
- region = data_utils.rand_name(
- name='region', prefix=CONF.resource_name_prefix)
- url = data_utils.rand_url()
- endpoint = cls.endpoints_client.create_endpoint(
- service_id=cls.service_id,
- region=region,
- publicurl=url,
- adminurl=url,
- internalurl=url)['endpoint']
- cls.addClassResourceCleanup(cls.endpoints_client.delete_endpoint,
- endpoint['id'])
- # list_endpoints() will return 'enabled' field
- endpoint['enabled'] = True
- cls.setup_endpoints.append(endpoint)
-
- @decorators.idempotent_id('11f590eb-59d8-4067-8b2b-980c7f387f51')
- def test_list_endpoints(self):
- """Test listing keystone endpoints"""
- # Get a list of endpoints
- fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
- # Asserting LIST endpoints
- missing_endpoints =\
- [e for e in self.setup_endpoints if e not in fetched_endpoints]
- self.assertEmpty(missing_endpoints,
- "Failed to find endpoint %s in fetched list" %
- ', '.join(str(e) for e in missing_endpoints))
-
- @decorators.idempotent_id('9974530a-aa28-4362-8403-f06db02b26c1')
- def test_create_list_delete_endpoint(self):
- """Test creating, listing and deleting a keystone endpoint"""
- region = data_utils.rand_name(
- name='region', prefix=CONF.resource_name_prefix)
- url = data_utils.rand_url()
- endpoint = self.endpoints_client.create_endpoint(
- service_id=self.service_id,
- region=region,
- publicurl=url,
- adminurl=url,
- internalurl=url)['endpoint']
- # Asserting Create Endpoint response body
- self.assertIn('id', endpoint)
- self.assertEqual(region, endpoint['region'])
- self.assertEqual(url, endpoint['publicurl'])
- # Checking if created endpoint is present in the list of endpoints
- fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
- fetched_endpoints_id = [e['id'] for e in fetched_endpoints]
- self.assertIn(endpoint['id'], fetched_endpoints_id)
- # Deleting the endpoint created in this method
- self.endpoints_client.delete_endpoint(endpoint['id'])
- # Checking whether endpoint is deleted successfully
- fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
- fetched_endpoints_id = [e['id'] for e in fetched_endpoints]
- self.assertNotIn(endpoint['id'], fetched_endpoints_id)
diff --git a/tempest/api/identity/admin/v2/test_roles.py b/tempest/api/identity/admin/v2/test_roles.py
deleted file mode 100644
index 6d384ab..0000000
--- a/tempest/api/identity/admin/v2/test_roles.py
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class RolesTestJSON(base.BaseIdentityV2AdminTest):
-
- @classmethod
- def resource_setup(cls):
- super(RolesTestJSON, cls).resource_setup()
- cls.roles = list()
- for _ in range(5):
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- role = cls.roles_client.create_role(name=role_name)['role']
- cls.addClassResourceCleanup(
- test_utils.call_and_ignore_notfound_exc,
- cls.roles_client.delete_role, role['id'])
- cls.roles.append(role)
-
- def _get_role_params(self):
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- role = self.setup_test_role()
- return (user, tenant, role)
-
- def assert_role_in_role_list(self, role, roles):
- found = False
- for user_role in roles:
- if user_role['id'] == role['id']:
- found = True
- self.assertTrue(found, "assigned role was not in list")
-
- @decorators.idempotent_id('75d9593f-50b7-4fcf-bd64-e3fb4a278e23')
- def test_list_roles(self):
- """Return a list of all roles."""
- body = self.roles_client.list_roles()['roles']
- found = [role for role in body if role in self.roles]
- self.assertNotEmpty(found)
- self.assertEqual(len(found), len(self.roles))
-
- @decorators.idempotent_id('c62d909d-6c21-48c0-ae40-0a0760e6db5e')
- def test_role_create_delete(self):
- """Role should be created, verified, and deleted."""
- role_name = data_utils.rand_name(
- name='role-test', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.roles_client.delete_role, body['id'])
- self.assertEqual(role_name, body['name'])
-
- body = self.roles_client.list_roles()['roles']
- found = [role for role in body if role['name'] == role_name]
- self.assertNotEmpty(found)
-
- body = self.roles_client.delete_role(found[0]['id'])
-
- body = self.roles_client.list_roles()['roles']
- found = [role for role in body if role['name'] == role_name]
- self.assertEmpty(found)
-
- @decorators.idempotent_id('db6870bd-a6ed-43be-a9b1-2f10a5c9994f')
- def test_get_role_by_id(self):
- """Get a role by its id."""
- role = self.setup_test_role()
- role_id = role['id']
- role_name = role['name']
- body = self.roles_client.show_role(role_id)['role']
- self.assertEqual(role_id, body['id'])
- self.assertEqual(role_name, body['name'])
-
- @decorators.idempotent_id('0146f675-ffbd-4208-b3a4-60eb628dbc5e')
- def test_assign_user_role(self):
- """Assign a role to a user on a tenant."""
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles_on_project(
- tenant['id'], user['id'])['roles']
- self.assert_role_in_role_list(role, roles)
-
- @decorators.idempotent_id('f0b9292c-d3ba-4082-aa6c-440489beef69')
- def test_remove_user_role(self):
- """Remove a role assigned to a user on a tenant."""
- (user, tenant, role) = self._get_role_params()
- user_role = self.roles_client.create_user_role_on_project(
- tenant['id'], user['id'], role['id'])['role']
- self.roles_client.delete_role_from_user_on_project(tenant['id'],
- user['id'],
- user_role['id'])
-
- @decorators.idempotent_id('262e1e3e-ed71-4edd-a0e5-d64e83d66d05')
- def test_list_user_roles(self):
- """List roles assigned to a user on tenant."""
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles_on_project(
- tenant['id'], user['id'])['roles']
- self.assert_role_in_role_list(role, roles)
diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py
deleted file mode 100644
index 0f0466e..0000000
--- a/tempest/api/identity/admin/v2/test_roles_negative.py
+++ /dev/null
@@ -1,296 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
- """Negative tests of keystone roles via v2 API"""
-
- def _get_role_params(self):
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- role = self.setup_test_role()
- return (user, tenant, role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d5d5f1df-f8ca-4de0-b2ef-259c1cc67025')
- def test_list_roles_by_unauthorized_user(self):
- """Test Non-admin user should not be able to list roles via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.list_roles)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('11a3c7da-df6c-40c2-abc2-badd682edf9f')
- def test_list_roles_request_without_token(self):
- """Test listing roles without a valid token via v2 API should fail"""
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized, self.roles_client.list_roles)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('c0b89e56-accc-4c73-85f8-9c0f866104c1')
- def test_role_create_blank_name(self):
- """Test creating a role with a blank name via v2 API is not allowed"""
- self.assertRaises(lib_exc.BadRequest, self.roles_client.create_role,
- name='')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('585c8998-a8a4-4641-a5dd-abef7a8ced00')
- def test_create_role_by_unauthorized_user(self):
- """Test non-admin user should not be able to create role via v2 API"""
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.create_role,
- name=role_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a7edd17a-e34a-4aab-8bb7-fa6f498645b8')
- def test_create_role_request_without_token(self):
- """Test creating role without a valid token via v2 API should fail"""
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.create_role, name=role_name)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('c0cde2c8-81c1-4bb0-8fe2-cf615a3547a8')
- def test_role_create_duplicate(self):
- """Test role names should be unique via v2 API"""
- role_name = data_utils.rand_name(
- name='role-dup', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- role1_id = body.get('id')
- self.addCleanup(self.roles_client.delete_role, role1_id)
- self.assertRaises(lib_exc.Conflict, self.roles_client.create_role,
- name=role_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('15347635-b5b1-4a87-a280-deb2bd6d865e')
- def test_delete_role_by_unauthorized_user(self):
- """Test non-admin user should not be able to delete role via v2 API"""
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- self.addCleanup(self.roles_client.delete_role, body['id'])
- role_id = body.get('id')
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.delete_role, role_id)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('44b60b20-70de-4dac-beaf-a3fc2650a16b')
- def test_delete_role_request_without_token(self):
- """Test deleting role without a valid token via v2 API should fail"""
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- self.addCleanup(self.roles_client.delete_role, body['id'])
- role_id = body.get('id')
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.delete_role,
- role_id)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('38373691-8551-453a-b074-4260ad8298ef')
- def test_delete_role_non_existent(self):
- """Test deleting a non existent role via v2 API should fail"""
- non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.delete_role,
- non_existent_role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('391df5cf-3ec3-46c9-bbe5-5cb58dd4dc41')
- def test_assign_user_role_by_unauthorized_user(self):
- """Test non-admin user assigning a role to user via v2 API
-
- Non-admin user should not be authorized to assign a role to user via
- v2 API.
- """
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(
- lib_exc.Forbidden,
- self.non_admin_roles_client.create_user_role_on_project,
- tenant['id'], user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('f0d2683c-5603-4aee-95d7-21420e87cfd8')
- def test_assign_user_role_request_without_token(self):
- """Test assigning a role to a user without a valid token via v2 API
-
- Assigning a role to a user without a valid token via v2 API should
- fail.
- """
- (user, tenant, role) = self._get_role_params()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(
- lib_exc.Unauthorized,
- self.roles_client.create_user_role_on_project, tenant['id'],
- user['id'], role['id'])
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('99b297f6-2b5d-47c7-97a9-8b6bb4f91042')
- def test_assign_user_role_for_non_existent_role(self):
- """Test assigning a non existent role to user via v2 API
-
- Assigning a non existent role to user via v2 API should fail.
- """
- (user, tenant, _) = self._get_role_params()
- non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.create_user_role_on_project,
- tenant['id'], user['id'], non_existent_role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('b2285aaa-9e76-4704-93a9-7a8acd0a6c8f')
- def test_assign_user_role_for_non_existent_tenant(self):
- """Test assigning a role on a non existent tenant via v2 API
-
- Assigning a role on a non existent tenant via v2 API should fail.
- """
- (user, _, role) = self._get_role_params()
- non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.create_user_role_on_project,
- non_existent_tenant, user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('5c3132cd-c4c8-4402-b5ea-71eb44e97793')
- def test_assign_duplicate_user_role(self):
- """Test duplicate user role should not get assigned via v2 API"""
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(lib_exc.Conflict,
- self.roles_client.create_user_role_on_project,
- tenant['id'], user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d0537987-0977-448f-a435-904c15de7298')
- def test_remove_user_role_by_unauthorized_user(self):
- """Test non-admin user removing a user's role via v2 API
-
- Non-admin user should not be authorized to remove a user's role via
- v2 API
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(
- lib_exc.Forbidden,
- self.non_admin_roles_client.delete_role_from_user_on_project,
- tenant['id'], user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('cac81cf4-c1d2-47dc-90d3-f2b7eb572286')
- def test_remove_user_role_request_without_token(self):
- """Test removing a user's role without a valid token via v2 API
-
- Removing a user's role without a valid token via v2 API should fail.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.delete_role_from_user_on_project,
- tenant['id'], user['id'], role['id'])
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('ab32d759-cd16-41f1-a86e-44405fa9f6d2')
- def test_remove_user_role_non_existent_role(self):
- """Test deleting a non existent role from a user via v2 API
-
- Deleting a non existent role from a user via v2 API should fail.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.delete_role_from_user_on_project,
- tenant['id'], user['id'], non_existent_role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('67a679ec-03dd-4551-bbfc-d1c93284f023')
- def test_remove_user_role_non_existent_tenant(self):
- """Test removing a role from a non existent tenant via v2 API
-
- Removing a role from a non existent tenant via v2 API should fail.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.delete_role_from_user_on_project,
- non_existent_tenant, user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7391ab4c-06f3-477a-a64a-c8e55ce89837')
- def test_list_user_roles_by_unauthorized_user(self):
- """Test non-admin user listing a user's roles via v2 API
-
- Non-admin user should not be authorized to list a user's roles via v2
- API.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(
- lib_exc.Forbidden,
- self.non_admin_roles_client.list_user_roles_on_project,
- tenant['id'], user['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('682adfb2-fd5f-4b0a-a9ca-322e9bebb907')
- def test_list_user_roles_request_without_token(self):
- """Test listing user's roles without a valid token via v2 API
-
- Listing user's roles without a valid token via v2 API should fail
- """
- (user, tenant, _) = self._get_role_params()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- try:
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.list_user_roles_on_project,
- tenant['id'],
- user['id'])
- finally:
- self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_services.py b/tempest/api/identity/admin/v2/test_services.py
deleted file mode 100644
index 0e5d378..0000000
--- a/tempest/api/identity/admin/v2/test_services.py
+++ /dev/null
@@ -1,115 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class ServicesTestJSON(base.BaseIdentityV2AdminTest):
- """Test identity services via v2 API"""
-
- def _del_service(self, service_id):
- # Deleting the service created in this method
- self.services_client.delete_service(service_id)
- # Checking whether service is deleted successfully
- self.assertRaises(lib_exc.NotFound, self.services_client.show_service,
- service_id)
-
- @decorators.idempotent_id('84521085-c6e6-491c-9a08-ec9f70f90110')
- def test_create_get_delete_service(self):
- """Test verifies the identity service create/get/delete via v2 API"""
- # GET Service
- # Creating a Service
- name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- description = data_utils.rand_name(
- name='description', prefix=CONF.resource_name_prefix)
- service_data = self.services_client.create_service(
- name=name, type=s_type,
- description=description)['OS-KSADM:service']
- self.assertIsNotNone(service_data['id'])
- self.addCleanup(self._del_service, service_data['id'])
- # Verifying response body of create service
- self.assertIn('name', service_data)
- self.assertEqual(name, service_data['name'])
- self.assertIn('type', service_data)
- self.assertEqual(s_type, service_data['type'])
- self.assertIn('description', service_data)
- self.assertEqual(description, service_data['description'])
- # Get service
- fetched_service = (
- self.services_client.show_service(service_data['id'])
- ['OS-KSADM:service'])
- # verifying the existence of service created
- self.assertIn('id', fetched_service)
- self.assertEqual(fetched_service['id'], service_data['id'])
- self.assertIn('name', fetched_service)
- self.assertEqual(fetched_service['name'], service_data['name'])
- self.assertIn('type', fetched_service)
- self.assertEqual(fetched_service['type'], service_data['type'])
- self.assertIn('description', fetched_service)
- self.assertEqual(fetched_service['description'],
- service_data['description'])
-
- @decorators.idempotent_id('5d3252c8-e555-494b-a6c8-e11d7335da42')
- def test_create_service_without_description(self):
- """Test creating identity service without description via v2 API
-
- Create a service only with name and type.
- """
- name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- service = self.services_client.create_service(
- name=name, type=s_type)['OS-KSADM:service']
- self.assertIn('id', service)
- self.addCleanup(self._del_service, service['id'])
- self.assertIn('name', service)
- self.assertEqual(name, service['name'])
- self.assertIn('type', service)
- self.assertEqual(s_type, service['type'])
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('34ea6489-012d-4a86-9038-1287cadd5eca')
- def test_list_services(self):
- """Test Create/List/Verify/Delete of identity service via v2 API"""
- services = []
- for _ in range(3):
- name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- description = data_utils.rand_name(
- name='description', prefix=CONF.resource_name_prefix)
-
- service = self.services_client.create_service(
- name=name, type=s_type,
- description=description)['OS-KSADM:service']
- self.addCleanup(self.services_client.delete_service, service['id'])
- services.append(service)
- service_ids = [svc['id'] for svc in services]
-
- # List and Verify Services
- body = self.services_client.list_services()['OS-KSADM:services']
- found = [serv for serv in body if serv['id'] in service_ids]
- self.assertEqual(len(found), len(services), 'Services not found')
diff --git a/tempest/api/identity/admin/v2/test_tenant_negative.py b/tempest/api/identity/admin/v2/test_tenant_negative.py
deleted file mode 100644
index 4c7c44c..0000000
--- a/tempest/api/identity/admin/v2/test_tenant_negative.py
+++ /dev/null
@@ -1,164 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
- """Negative tests of keystone tenants via v2 API"""
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('ca9bb202-63dd-4240-8a07-8ef9c19c04bb')
- def test_list_tenants_by_unauthorized_user(self):
- """Test Non-admin should not be able to list tenants via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.list_tenants)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('df33926c-1c96-4d8d-a762-79cc6b0c3cf4')
- def test_list_tenant_request_without_token(self):
- """Test listing tenants without a valid token via v2 API
-
- Listing tenants without a valid token via v2 API should fail.
- """
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.list_tenants)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('162ba316-f18b-4987-8c0c-fd9140cd63ed')
- def test_tenant_delete_by_unauthorized_user(self):
- """Test non-admin should not be able to delete a tenant via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.delete_tenant,
- tenant['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('e450db62-2e9d-418f-893a-54772d6386b1')
- def test_tenant_delete_request_without_token(self):
- """Test deleting a tenant without a valid token via v2 API
-
- Deleting a tenant without a valid token via v2 API should fail.
- """
- tenant = self.setup_test_tenant()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.delete_tenant,
- tenant['id'])
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('9c9a2aed-6e3c-467a-8f5c-89da9d1b516b')
- def test_delete_non_existent_tenant(self):
- """Test deleting a non existent tenant via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.tenants_client.delete_tenant,
- data_utils.rand_uuid_hex())
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('af16f44b-a849-46cb-9f13-a751c388f739')
- def test_tenant_create_duplicate(self):
- """Test tenant names should be unique via v2 API"""
- tenant_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- self.setup_test_tenant(name=tenant_name)
- self.assertRaises(lib_exc.Conflict, self.tenants_client.create_tenant,
- name=tenant_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d26b278a-6389-4702-8d6e-5980d80137e0')
- def test_create_tenant_by_unauthorized_user(self):
- """Test non-admin user creating a tenant via v2 API
-
- Non-admin user should not be authorized to create a tenant via v2 API.
- """
- tenant_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.create_tenant,
- name=tenant_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a3ee9d7e-6920-4dd5-9321-d4b2b7f0a638')
- def test_create_tenant_request_without_token(self):
- """Test creating tenant without a token via v2 API is not allowed"""
- tenant_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.create_tenant,
- name=tenant_name)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('5a2e4ca9-b0c0-486c-9c48-64a94fba2395')
- def test_create_tenant_with_empty_name(self):
- """Test tenant name should not be empty via v2 API"""
- self.assertRaises(lib_exc.BadRequest,
- self.tenants_client.create_tenant,
- name='')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('2ff18d1e-dfe3-4359-9dc3-abf582c196b9')
- def test_create_tenants_name_length_over_64(self):
- """Test tenant name length should not exceed 64 via v2 API"""
- tenant_name = 'a' * 65
- self.assertRaises(lib_exc.BadRequest,
- self.tenants_client.create_tenant,
- name=tenant_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('bd20dc2a-9557-4db7-b755-f48d952ad706')
- def test_update_non_existent_tenant(self):
- """Test updating a non existent tenant via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.tenants_client.update_tenant,
- data_utils.rand_uuid_hex())
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('41704dc5-c5f7-4f79-abfa-76e6fedc570b')
- def test_tenant_update_by_unauthorized_user(self):
- """Test non-admin user updating a tenant via v2 API
-
- Non-admin user should not be able to update a tenant via v2 API
- """
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.update_tenant,
- tenant['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7a421573-72c7-4c22-a98e-ce539219c657')
- def test_tenant_update_request_without_token(self):
- """Test updating a tenant without a valid token via v2 API
-
- Updating a tenant without a valid token via v2 API should fail
- """
- tenant = self.setup_test_tenant()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.update_tenant,
- tenant['id'])
- self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_tenants.py b/tempest/api/identity/admin/v2/test_tenants.py
deleted file mode 100644
index 4f674a8..0000000
--- a/tempest/api/identity/admin/v2/test_tenants.py
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class TenantsTestJSON(base.BaseIdentityV2AdminTest):
- """Test identity tenants via v2 API"""
-
- @decorators.idempotent_id('16c6e05c-6112-4b0e-b83f-5e43f221b6b0')
- def test_tenant_list_delete(self):
- """Test listing and deleting tenants via v2 API
-
- Create several tenants and delete them
- """
- tenants = []
- for _ in range(3):
- tenant = self.setup_test_tenant()
- tenants.append(tenant)
- tenant_ids = [tn['id'] for tn in tenants]
- body = self.tenants_client.list_tenants()['tenants']
- found = [t for t in body if t['id'] in tenant_ids]
- self.assertEqual(len(found), len(tenants), 'Tenants not created')
-
- for tenant in tenants:
- self.tenants_client.delete_tenant(tenant['id'])
-
- body = self.tenants_client.list_tenants()['tenants']
- found = [tenant for tenant in body if tenant['id'] in tenant_ids]
- self.assertEmpty(found, 'Tenants failed to delete')
-
- @decorators.idempotent_id('d25e9f24-1310-4d29-b61b-d91299c21d6d')
- def test_tenant_create_with_description(self):
- """Test creating tenant with a description via v2 API"""
- tenant_desc = data_utils.rand_name(
- name='desc', prefix=CONF.resource_name_prefix)
- tenant = self.setup_test_tenant(description=tenant_desc)
- tenant_id = tenant['id']
- desc1 = tenant['description']
- self.assertEqual(desc1, tenant_desc, 'Description should have '
- 'been sent in response for create')
- body = self.tenants_client.show_tenant(tenant_id)['tenant']
- desc2 = body['description']
- self.assertEqual(desc2, tenant_desc, 'Description does not appear '
- 'to be set')
- self.tenants_client.delete_tenant(tenant_id)
-
- @decorators.idempotent_id('670bdddc-1cd7-41c7-b8e2-751cfb67df50')
- def test_tenant_create_enabled(self):
- """Test creating a tenant that is enabled via v2 API"""
- tenant = self.setup_test_tenant(enabled=True)
- tenant_id = tenant['id']
- self.assertTrue(tenant['enabled'], 'Enable should be True in response')
- body = self.tenants_client.show_tenant(tenant_id)['tenant']
- self.assertTrue(body['enabled'], 'Enable should be True in lookup')
- self.tenants_client.delete_tenant(tenant_id)
-
- @decorators.idempotent_id('3be22093-b30f-499d-b772-38340e5e16fb')
- def test_tenant_create_not_enabled(self):
- """Test creating a tenant that is not enabled via v2 API"""
- tenant = self.setup_test_tenant(enabled=False)
- tenant_id = tenant['id']
- self.assertFalse(tenant['enabled'],
- 'Enable should be False in response')
- body = self.tenants_client.show_tenant(tenant_id)['tenant']
- self.assertFalse(body['enabled'],
- 'Enable should be False in lookup')
- self.tenants_client.delete_tenant(tenant_id)
-
- @decorators.idempotent_id('781f2266-d128-47f3-8bdb-f70970add238')
- def test_tenant_update_name(self):
- """Test updating name attribute of a tenant via v2 API"""
- t_name1 = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- tenant = self.setup_test_tenant(name=t_name1)
- t_id = tenant['id']
- resp1_name = tenant['name']
-
- t_name2 = data_utils.rand_name(
- name='tenant2', prefix=CONF.resource_name_prefix)
- body = self.tenants_client.update_tenant(t_id, name=t_name2)['tenant']
- resp2_name = body['name']
- self.assertNotEqual(resp1_name, resp2_name)
-
- body = self.tenants_client.show_tenant(t_id)['tenant']
- resp3_name = body['name']
-
- self.assertNotEqual(resp1_name, resp3_name)
- self.assertEqual(t_name1, resp1_name)
- self.assertEqual(resp2_name, resp3_name)
-
- self.tenants_client.delete_tenant(t_id)
-
- @decorators.idempotent_id('859fcfe1-3a03-41ef-86f9-b19a47d1cd87')
- def test_tenant_update_desc(self):
- """Test updating description attribute of a tenant via v2 API"""
- t_desc = data_utils.rand_name(
- name='desc', prefix=CONF.resource_name_prefix)
- tenant = self.setup_test_tenant(description=t_desc)
- t_id = tenant['id']
- resp1_desc = tenant['description']
-
- t_desc2 = data_utils.rand_name(
- name='desc2', prefix=CONF.resource_name_prefix)
- body = self.tenants_client.update_tenant(t_id, description=t_desc2)
- updated_tenant = body['tenant']
- resp2_desc = updated_tenant['description']
- self.assertNotEqual(resp1_desc, resp2_desc)
-
- body = self.tenants_client.show_tenant(t_id)['tenant']
- resp3_desc = body['description']
-
- self.assertNotEqual(resp1_desc, resp3_desc)
- self.assertEqual(t_desc, resp1_desc)
- self.assertEqual(resp2_desc, resp3_desc)
-
- self.tenants_client.delete_tenant(t_id)
-
- @decorators.idempotent_id('8fc8981f-f12d-4c66-9972-2bdcf2bc2e1a')
- def test_tenant_update_enable(self):
- """Test updating the enabled attribute of a tenant via v2 API"""
- t_en = False
- tenant = self.setup_test_tenant(enabled=t_en)
- t_id = tenant['id']
- resp1_en = tenant['enabled']
-
- t_en2 = True
- body = self.tenants_client.update_tenant(t_id, enabled=t_en2)
- updated_tenant = body['tenant']
- resp2_en = updated_tenant['enabled']
- self.assertNotEqual(resp1_en, resp2_en)
-
- body = self.tenants_client.show_tenant(t_id)['tenant']
- resp3_en = body['enabled']
-
- self.assertNotEqual(resp1_en, resp3_en)
- self.assertFalse(tenant['enabled'])
- self.assertEqual(resp2_en, resp3_en)
-
- self.tenants_client.delete_tenant(t_id)
diff --git a/tempest/api/identity/admin/v2/test_tokens.py b/tempest/api/identity/admin/v2/test_tokens.py
deleted file mode 100644
index 78a2aad..0000000
--- a/tempest/api/identity/admin/v2/test_tokens.py
+++ /dev/null
@@ -1,143 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class TokensTestJSON(base.BaseIdentityV2AdminTest):
- """Test keystone tokens via v2 API"""
-
- @decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586')
- def test_create_check_get_delete_token(self):
- """Test getting create/check/get/delete token for user via v2 API"""
- # get a token by username and password
- user_name = data_utils.rand_name(
- name='user', prefix=CONF.resource_name_prefix)
- user_password = data_utils.rand_password()
- # first:create a tenant
- tenant = self.setup_test_tenant()
- # second:create a user
- user = self.create_test_user(name=user_name,
- password=user_password,
- tenantId=tenant['id'],
- email='')
- # then get a token for the user
- body = self.token_client.auth(user_name,
- user_password,
- tenant['name'])
- self.assertEqual(body['token']['tenant']['name'],
- tenant['name'])
- # Perform GET Token
- token_id = body['token']['id']
- self.client.check_token_existence(token_id)
- token_details = self.client.show_token(token_id)['access']
- self.assertEqual(token_id, token_details['token']['id'])
- self.assertEqual(user['id'], token_details['user']['id'])
- self.assertEqual(user_name, token_details['user']['name'])
- self.assertEqual(tenant['name'],
- token_details['token']['tenant']['name'])
- # then delete the token
- self.client.delete_token(token_id)
- self.assertRaises(lib_exc.NotFound,
- self.client.check_token_existence,
- token_id)
-
- @decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e')
- def test_rescope_token(self):
- """Test an unscoped token can be requested via v2 API
-
- That token can be used to request a scoped token.
- """
-
- # Create a user.
- user_name = data_utils.rand_name(
- name='user', prefix=CONF.resource_name_prefix)
- user_password = data_utils.rand_password()
- tenant_id = None # No default tenant so will get unscoped token.
- user = self.create_test_user(name=user_name,
- password=user_password,
- tenantId=tenant_id,
- email='')
-
- # Create a couple tenants.
- tenant1_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- tenant1 = self.setup_test_tenant(name=tenant1_name)
-
- tenant2_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- tenant2 = self.setup_test_tenant(name=tenant2_name)
-
- # Create a role
- role = self.setup_test_role()
-
- # Grant the user the role on the tenants.
- self.roles_client.create_user_role_on_project(tenant1['id'],
- user['id'],
- role['id'])
-
- self.roles_client.create_user_role_on_project(tenant2['id'],
- user['id'],
- role['id'])
-
- # Get an unscoped token.
- body = self.token_client.auth(user_name, user_password)
-
- token_id = body['token']['id']
-
- # Use the unscoped token to get a token scoped to tenant1
- body = self.token_client.auth_token(token_id,
- tenant=tenant1_name)
-
- scoped_token_id = body['token']['id']
-
- # Revoke the scoped token
- self.client.delete_token(scoped_token_id)
-
- # Use the unscoped token to get a token scoped to tenant2
- body = self.token_client.auth_token(token_id,
- tenant=tenant2_name)
-
- @decorators.idempotent_id('ca3ea6f7-ed08-4a61-adbd-96906456ad31')
- def test_list_endpoints_for_token(self):
- """Test listing endpoints for token via v2 API"""
- tempest_services = ['keystone', 'nova', 'neutron', 'swift', 'cinder',
- 'neutron']
- # get a token for the user
- creds = self.os_primary.credentials
- username = creds.username
- password = creds.password
- tenant_name = creds.tenant_name
- token = self.token_client.auth(username,
- password,
- tenant_name)['token']
- endpoints = self.client.list_endpoints_for_token(
- token['id'])['endpoints']
- self.assertIsInstance(endpoints, list)
- # Store list of service names
- service_names = [e['name'] for e in endpoints]
- # Get the list of available services. Keystone is always available.
- available_services = [s[0] for s in list(
- CONF.service_available.items()) if s[1] is True] + ['keystone']
- # Verify that all available services are present.
- for service in tempest_services:
- if service in available_services:
- self.assertIn(service, service_names)
diff --git a/tempest/api/identity/admin/v2/test_tokens_negative.py b/tempest/api/identity/admin/v2/test_tokens_negative.py
deleted file mode 100644
index f2e41ff..0000000
--- a/tempest/api/identity/admin/v2/test_tokens_negative.py
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 2017 AT&T Corporation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class TokensAdminTestNegative(base.BaseIdentityV2AdminTest):
- """Negative tests of keystone tokens via v2 API"""
-
- credentials = ['primary', 'admin', 'alt']
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a0a0a600-4292-4364-99c5-922c834fdf05')
- def test_check_token_existence_negative(self):
- """Test checking other tenant's token existence via v2 API
-
- Checking other tenant's token existence via v2 API should fail.
- """
- creds = self.os_primary.credentials
- creds_alt = self.os_alt.credentials
- username = creds.username
- password = creds.password
- tenant_name = creds.tenant_name
- alt_tenant_name = creds_alt.tenant_name
- body = self.token_client.auth(username, password, tenant_name)
- self.assertRaises(lib_exc.Unauthorized,
- self.client.check_token_existence,
- body['token']['id'],
- belongsTo=alt_tenant_name)
diff --git a/tempest/api/identity/admin/v2/test_users.py b/tempest/api/identity/admin/v2/test_users.py
deleted file mode 100644
index 011419e..0000000
--- a/tempest/api/identity/admin/v2/test_users.py
+++ /dev/null
@@ -1,204 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import time
-
-from testtools import matchers
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class UsersTestJSON(base.BaseIdentityV2AdminTest):
- """Test keystone users via v2 API"""
-
- @classmethod
- def resource_setup(cls):
- super(UsersTestJSON, cls).resource_setup()
- cls.alt_user = data_utils.rand_name(
- name='test_user', prefix=CONF.resource_name_prefix)
- cls.alt_email = cls.alt_user + '@testmail.tm'
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('2d55a71e-da1d-4b43-9c03-d269fd93d905')
- def test_create_user(self):
- """Test creating a user via v2 API"""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(name=self.alt_user, tenantId=tenant['id'])
- self.assertEqual(self.alt_user, user['name'])
-
- @decorators.idempotent_id('89d9fdb8-15c2-4304-a429-48715d0af33d')
- def test_create_user_with_enabled(self):
- """Test creating a user with enabled : False via v2 API"""
- tenant = self.setup_test_tenant()
- name = data_utils.rand_name(
- name='test_user', prefix=CONF.resource_name_prefix)
- user = self.create_test_user(name=name,
- tenantId=tenant['id'],
- email=self.alt_email,
- enabled=False)
- self.assertEqual(name, user['name'])
- self.assertEqual(False, user['enabled'])
- self.assertEqual(self.alt_email, user['email'])
-
- @decorators.idempotent_id('39d05857-e8a5-4ed4-ba83-0b52d3ab97ee')
- def test_update_user(self):
- """Test updating user attributes via v2 API"""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(tenantId=tenant['id'])
-
- # Updating user details with new values
- u_name2 = data_utils.rand_name(
- name='user2', prefix=CONF.resource_name_prefix)
- u_email2 = u_name2 + '@testmail.tm'
- update_user = self.users_client.update_user(user['id'], name=u_name2,
- email=u_email2,
- enabled=False)['user']
- self.assertEqual(u_name2, update_user['name'])
- self.assertEqual(u_email2, update_user['email'])
- self.assertEqual(False, update_user['enabled'])
- # GET by id after updating
- updated_user = self.users_client.show_user(user['id'])['user']
- # Assert response body of GET after updating
- self.assertEqual(u_name2, updated_user['name'])
- self.assertEqual(u_email2, updated_user['email'])
- self.assertEqual(False, update_user['enabled'])
-
- @decorators.idempotent_id('29ed26f4-a74e-4425-9a85-fdb49fa269d2')
- def test_delete_user(self):
- """Test deleting a user via v2 API"""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(tenantId=tenant['id'])
- self.users_client.delete_user(user['id'])
-
- @decorators.idempotent_id('aca696c3-d645-4f45-b728-63646045beb1')
- def test_user_authentication(self):
- """Test that valid user's token is authenticated via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- # Get a token
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
- # Re-auth
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
-
- @decorators.idempotent_id('5d1fa498-4c2d-4732-a8fe-2b054598cfdd')
- def test_authentication_request_without_token(self):
- """Test authentication request without token via v2 API"""
- # Request for token authentication with a valid token in header
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
- # Re-auth
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
- self.client.auth_provider.clear_auth()
-
- @decorators.idempotent_id('a149c02e-e5e0-4b89-809e-7e8faf33ccda')
- def test_get_users(self):
- """Test getting users via v2 API
-
- Get a list of users and find the test user
- """
- user = self.setup_test_user()
- users = self.users_client.list_users()['users']
- self.assertThat([u['name'] for u in users],
- matchers.Contains(user['name']),
- "Could not find %s" % user['name'])
-
- @decorators.idempotent_id('6e317209-383a-4bed-9f10-075b7c82c79a')
- def test_list_users_for_tenant(self):
- """Test returning a list of all users for a tenant via v2 API"""
- tenant = self.setup_test_tenant()
- user_ids = list()
- fetched_user_ids = list()
- user1 = self.create_test_user(tenantId=tenant['id'])
- user_ids.append(user1['id'])
- user2 = self.create_test_user(tenantId=tenant['id'])
- user_ids.append(user2['id'])
- # List of users for the respective tenant ID
- body = (self.tenants_client.list_tenant_users(tenant['id'])
- ['users'])
- for i in body:
- fetched_user_ids.append(i['id'])
- # verifying the user Id in the list
- missing_users =\
- [user for user in user_ids if user not in fetched_user_ids]
- self.assertEmpty(missing_users,
- "Failed to find user %s in fetched list" %
- ', '.join(m_user for m_user in missing_users))
-
- @decorators.idempotent_id('a8b54974-40e1-41c0-b812-50fc90827971')
- def test_list_users_with_roles_for_tenant(self):
- """Test listing users on tenant with roles assigned via v2 API"""
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- role = self.setup_test_role()
- # Assigning roles to two users
- user_ids = list()
- fetched_user_ids = list()
- user_ids.append(user['id'])
- role = self.roles_client.create_user_role_on_project(
- tenant['id'], user['id'], role['id'])['role']
-
- second_user = self.create_test_user(tenantId=tenant['id'])
- user_ids.append(second_user['id'])
- role = self.roles_client.create_user_role_on_project(
- tenant['id'], second_user['id'], role['id'])['role']
- # List of users with roles for the respective tenant ID
- body = (self.tenants_client.list_tenant_users(tenant['id'])['users'])
- for i in body:
- fetched_user_ids.append(i['id'])
- # verifying the user Id in the list
- missing_users = [missing_user for missing_user in user_ids
- if missing_user not in fetched_user_ids]
- self.assertEmpty(missing_users,
- "Failed to find user %s in fetched list" %
- ', '.join(m_user for m_user in missing_users))
-
- @decorators.idempotent_id('1aeb25ac-6ec5-4d8b-97cb-7ac3567a989f')
- def test_update_user_password(self):
- """Test updating of user password via v2 API"""
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- # Updating the user with new password
- new_pass = data_utils.rand_password()
- update_user = self.users_client.update_user_password(
- user['id'], password=new_pass)['user']
- self.assertEqual(update_user['id'], user['id'])
- # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
- # Keystone should only be precise to the second. Sleep to ensure
- # we are passing the second boundary.
- time.sleep(1)
- # Validate the updated password through getting a token.
- body = self.token_client.auth(user['name'], new_pass,
- tenant['name'])
- self.assertIn('id', body['token'])
diff --git a/tempest/api/identity/admin/v2/test_users_negative.py b/tempest/api/identity/admin/v2/test_users_negative.py
deleted file mode 100644
index 7ccd75c..0000000
--- a/tempest/api/identity/admin/v2/test_users_negative.py
+++ /dev/null
@@ -1,286 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class UsersNegativeTestJSON(base.BaseIdentityV2AdminTest):
- """Negative tests of identity users via v2 API"""
-
- @classmethod
- def resource_setup(cls):
- super(UsersNegativeTestJSON, cls).resource_setup()
- cls.alt_user = data_utils.rand_name(
- 'test_user', prefix=CONF.resource_name_prefix)
- cls.alt_password = data_utils.rand_password()
- cls.alt_email = cls.alt_user + '@testmail.tm'
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('60a1f5fa-5744-4cdf-82bf-60b7de2d29a4')
- def test_create_user_by_unauthorized_user(self):
- """Non-admin should not be authorized to create a user via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.create_user,
- name=self.alt_user, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d80d0c2f-4514-4d1e-806d-0930dfc5a187')
- def test_create_user_with_empty_name(self):
- """User with an empty name should not be created via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
- name='', password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7704b4f3-3b75-4b82-87cc-931d41c8f780')
- def test_create_user_with_name_length_over_255(self):
- """Length of user name should not exceed 255 via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
- name='a' * 256, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('57ae8558-120c-4723-9308-3751474e7ecf')
- def test_create_user_with_duplicate_name(self):
- """Duplicate user should not be created via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.assertRaises(lib_exc.Conflict, self.users_client.create_user,
- name=user['name'],
- password=password,
- tenantId=tenant['id'],
- email=user['email'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('0132cc22-7c4f-42e1-9e50-ac6aad31d59a')
- def test_create_user_for_non_existent_tenant(self):
- """Creating a user in a non-existent tenant via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.users_client.create_user,
- name=self.alt_user,
- password=self.alt_password,
- tenantId='49ffgg99999',
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('55bbb103-d1ae-437b-989b-bcdf8175c1f4')
- def test_create_user_request_without_a_token(self):
- """Creating a user without a valid token via v2 API should fail"""
- tenant = self.setup_test_tenant()
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.create_user,
- name=self.alt_user, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('23a2f3da-4a1a-41da-abdd-632328a861ad')
- def test_create_user_with_enabled_non_bool(self):
- """Creating a user with invalid enabled para via v2 API should fail"""
- tenant = self.setup_test_tenant()
- name = data_utils.rand_name(
- 'test_user', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
- name=name, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email, enabled=3)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('3d07e294-27a0-4144-b780-a2a1bf6fee19')
- def test_update_user_for_non_existent_user(self):
- """Updating a non-existent user via v2 API should fail"""
- user_name = data_utils.rand_name(
- 'user', prefix=CONF.resource_name_prefix)
- non_existent_id = data_utils.rand_uuid()
- self.assertRaises(lib_exc.NotFound, self.users_client.update_user,
- non_existent_id, name=user_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('3cc2a64b-83aa-4b02-88f0-d6ab737c4466')
- def test_update_user_request_without_a_token(self):
- """Updating a user without a valid token via v2 API should fail"""
-
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.update_user,
- self.alt_user)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('424868d5-18a7-43e1-8903-a64f95ee3aac')
- def test_update_user_by_unauthorized_user(self):
- """Non-admin should not be authorized to update user via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.update_user,
- self.alt_user)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d45195d5-33ed-41b9-a452-7d0d6a00f6e9')
- def test_delete_users_by_unauthorized_user(self):
- """Non-admin should not be authorized to delete a user via v2 API"""
- user = self.setup_test_user()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.delete_user,
- user['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7cc82f7e-9998-4f89-abae-23df36495867')
- def test_delete_non_existent_user(self):
- """Attempt to delete a non-existent user via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.users_client.delete_user,
- 'junk12345123')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('57fe1df8-0aa7-46c0-ae9f-c2e785c7504a')
- def test_delete_user_request_without_a_token(self):
- """Deleting a user without a valid token via v2 API should fail"""
-
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.delete_user,
- self.alt_user)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('593a4981-f6d4-460a-99a1-57a78bf20829')
- def test_authentication_for_disabled_user(self):
- """Disabled user's token should not get authenticated via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.disable_user(user['name'])
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'],
- password,
- tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('440a7a8d-9328-4b7b-83e0-d717010495e4')
- def test_authentication_when_tenant_is_disabled(self):
- """Test User's token for a disabled tenant via v2 API
-
- User's token for a disabled tenant should not be authenticated via
- v2 API.
- """
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.disable_tenant(tenant['name'])
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'],
- password,
- tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('921f1ad6-7907-40b8-853f-637e7ee52178')
- def test_authentication_with_invalid_tenant(self):
- """Test User's token for an invalid tenant via v2 API
-
- User's token for an invalid tenant should not be authenticated via V2
- API.
- """
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'],
- password,
- 'junktenant1234')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('bde9aecd-3b1c-4079-858f-beb5deaa5b5e')
- def test_authentication_with_invalid_username(self):
- """Non-existent user's token should not get authorized via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- 'junkuser123', password, tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d5308b33-3574-43c3-8d87-1c090c5e1eca')
- def test_authentication_with_invalid_password(self):
- """Test User's token with invalid password via v2 API
-
- User's token with invalid password should not be authenticated via V2
- API.
- """
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'], 'junkpass1234', tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('284192ce-fb7c-4909-a63b-9a502e0ddd11')
- def test_get_users_by_unauthorized_user(self):
- """Non-admin should not be authorized to get user list via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.list_users)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a73591ec-1903-4ffe-be42-282b39fefc9d')
- def test_get_users_request_without_token(self):
- """Listing users without a valid token via v2 API should fail"""
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.list_users)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('f5d39046-fc5f-425c-b29e-bac2632da28e')
- def test_list_users_with_invalid_tenant(self):
- """Listing users for a non-existent tenant via v2 API should fail"""
- # Assign invalid tenant ids
- invalid_id = list()
- invalid_id.append(data_utils.rand_name('999'))
- invalid_id.append('alpha')
- invalid_id.append(data_utils.rand_name("dddd@#%%^$"))
- invalid_id.append('!@#()$%^&*?<>{}[]')
- # List the users with invalid tenant id
- for invalid in invalid_id:
- self.assertRaises(lib_exc.NotFound,
- self.tenants_client.list_tenant_users, invalid)
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 9cdd917..811dff4 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -98,85 +98,6 @@
return role
-class BaseIdentityV2Test(BaseIdentityTest):
-
- credentials = ['primary']
-
- # identity v2 tests should obtain tokens and create accounts via v2
- # regardless of the configured CONF.identity.auth_version
- identity_version = 'v2'
-
- @classmethod
- def setup_clients(cls):
- super(BaseIdentityV2Test, cls).setup_clients()
- cls.non_admin_client = cls.os_primary.identity_public_client
- cls.non_admin_token_client = cls.os_primary.token_client
- cls.non_admin_tenants_client = cls.os_primary.tenants_public_client
- cls.non_admin_users_client = cls.os_primary.users_public_client
-
-
-class BaseIdentityV2AdminTest(BaseIdentityV2Test):
-
- credentials = ['primary', 'admin']
-
- # NOTE(andreaf) Identity tests work with credentials, so it is safer
- # for them to always use disposable credentials. Forcing dynamic creds
- # on regular identity tests would be however to restrictive, since it
- # would prevent any identity test from being executed against clouds where
- # admin credentials are not available.
- # Since All admin tests require admin credentials to be
- # executed, so this will not impact the ability to execute tests.
- force_tenant_isolation = True
-
- @classmethod
- def skip_checks(cls):
- super(BaseIdentityV2AdminTest, cls).skip_checks()
- if not CONF.identity_feature_enabled.api_v2_admin:
- raise cls.skipException('Identity v2 admin not available')
-
- @classmethod
- def setup_clients(cls):
- super(BaseIdentityV2AdminTest, cls).setup_clients()
- cls.client = cls.os_admin.identity_client
- cls.non_admin_client = cls.os_primary.identity_client
- cls.token_client = cls.os_admin.token_client
- cls.tenants_client = cls.os_admin.tenants_client
- cls.non_admin_tenants_client = cls.os_primary.tenants_client
- cls.roles_client = cls.os_admin.roles_client
- cls.non_admin_roles_client = cls.os_primary.roles_client
- cls.users_client = cls.os_admin.users_client
- cls.non_admin_users_client = cls.os_primary.users_client
- cls.services_client = cls.os_admin.identity_services_client
- cls.endpoints_client = cls.os_admin.endpoints_client
-
- @classmethod
- def resource_setup(cls):
- super(BaseIdentityV2AdminTest, cls).resource_setup()
- cls.projects_client = cls.tenants_client
-
- def setup_test_user(self, password=None):
- """Set up a test user."""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(tenantId=tenant['id'], password=password)
- return user
-
- def setup_test_tenant(self, **kwargs):
- """Set up a test tenant."""
- if 'name' not in kwargs:
- kwargs['name'] = data_utils.rand_name(
- name='test_tenant',
- prefix=CONF.resource_name_prefix)
- if 'description' not in kwargs:
- kwargs['description'] = data_utils.rand_name(
- name='desc', prefix=CONF.resource_name_prefix)
- tenant = self.projects_client.create_tenant(**kwargs)['tenant']
- # Delete the tenant at the end of the test
- self.addCleanup(
- test_utils.call_and_ignore_notfound_exc,
- self.tenants_client.delete_tenant, tenant['id'])
- return tenant
-
-
class BaseIdentityV3Test(BaseIdentityTest):
credentials = ['primary']
diff --git a/tempest/api/identity/v2/__init__.py b/tempest/api/identity/v2/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/api/identity/v2/__init__.py
+++ /dev/null
diff --git a/tempest/api/identity/v2/test_api_discovery.py b/tempest/api/identity/v2/test_api_discovery.py
deleted file mode 100644
index afda104..0000000
--- a/tempest/api/identity/v2/test_api_discovery.py
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 2015 OpenStack Foundation.
-# Copyright 2015, Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class TestApiDiscovery(base.BaseIdentityV2Test):
- """Tests for identity v2 API discovery features."""
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('ea889a68-a15f-4166-bfb1-c12456eae853')
- def test_api_version_resources(self):
- """Test showing identity v2 api version resources"""
- descr = self.non_admin_client.show_api_description()['version']
- expected_resources = ('id', 'links', 'media-types', 'status',
- 'updated')
-
- keys = descr.keys()
- for res in expected_resources:
- self.assertIn(res, keys)
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('007a0be0-78fe-4fdb-bbee-e9216cc17bb2')
- def test_api_media_types(self):
- """Test showing identity v2 api version media type"""
- descr = self.non_admin_client.show_api_description()['version']
- # Get MIME type bases and descriptions
- media_types = [(media_type['base'], media_type['type']) for
- media_type in descr['media-types']]
- # These are supported for API version 2
- supported_types = [('application/json',
- 'application/vnd.openstack.identity-v2.0+json')]
-
- # Check if supported types exist in response body
- for s_type in supported_types:
- self.assertIn(s_type, media_types)
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('77fd6be0-8801-48e6-b9bf-38cdd2f253ec')
- def test_api_version_statuses(self):
- """Test showing identity v2 api version status"""
- descr = self.non_admin_client.show_api_description()['version']
- status = descr['status'].lower()
- supported_statuses = ['current', 'stable', 'experimental',
- 'supported', 'deprecated']
-
- self.assertIn(status, supported_statuses)
diff --git a/tempest/api/identity/v2/test_ec2_credentials.py b/tempest/api/identity/v2/test_ec2_credentials.py
deleted file mode 100644
index 9981ef8..0000000
--- a/tempest/api/identity/v2/test_ec2_credentials.py
+++ /dev/null
@@ -1,113 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.common import utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class EC2CredentialsTest(base.BaseIdentityV2Test):
-
- @classmethod
- def skip_checks(cls):
- super(EC2CredentialsTest, cls).skip_checks()
- if not utils.is_extension_enabled('OS-EC2', 'identity'):
- msg = "OS-EC2 identity extension not enabled."
- raise cls.skipException(msg)
-
- @classmethod
- def resource_setup(cls):
- super(EC2CredentialsTest, cls).resource_setup()
- cls.creds = cls.os_primary.credentials
-
- @decorators.idempotent_id('b580fab9-7ae9-46e8-8138-417260cb6f9f')
- def test_create_ec2_credential(self):
- """Create user ec2 credential."""
- resp = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- access = resp['access']
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, access)
- self.assertNotEmpty(resp['access'])
- self.assertNotEmpty(resp['secret'])
- self.assertEqual(self.creds.user_id, resp['user_id'])
- self.assertEqual(self.creds.tenant_id, resp['tenant_id'])
-
- @decorators.idempotent_id('9e2ea42f-0a4f-468c-a768-51859ce492e0')
- def test_list_ec2_credentials(self):
- """Get the list of user ec2 credentials."""
- created_creds = []
- # create first ec2 credentials
- creds1 = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- created_creds.append(creds1['access'])
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, creds1['access'])
-
- # create second ec2 credentials
- creds2 = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- created_creds.append(creds2['access'])
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, creds2['access'])
-
- # get the list of user ec2 credentials
- resp = self.non_admin_users_client.list_user_ec2_credentials(
- self.creds.user_id)["credentials"]
- fetched_creds = [cred['access'] for cred in resp]
- # created credentials should be in a fetched list
- missing = [cred for cred in created_creds
- if cred not in fetched_creds]
- self.assertEmpty(missing,
- "Failed to find ec2_credentials %s in fetched list" %
- ', '.join(cred for cred in missing))
-
- @decorators.idempotent_id('cb284075-b613-440d-83ca-fe0b33b3c2b8')
- def test_show_ec2_credential(self):
- """Get the definite user ec2 credential."""
- resp = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, resp['access'])
-
- ec2_creds = self.non_admin_users_client.show_user_ec2_credential(
- self.creds.user_id, resp['access']
- )["credential"]
- for key in ['access', 'secret', 'user_id', 'tenant_id']:
- self.assertEqual(ec2_creds[key], resp[key])
-
- @decorators.idempotent_id('6aba0d4c-b76b-4e46-aa42-add79bc1551d')
- def test_delete_ec2_credential(self):
- """Delete user ec2 credential."""
- resp = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- access = resp['access']
- self.non_admin_users_client.delete_user_ec2_credential(
- self.creds.user_id, access)
- self.assertRaises(
- lib_exc.NotFound,
- self.non_admin_users_client.show_user_ec2_credential,
- self.creds.user_id,
- access)
diff --git a/tempest/api/identity/v2/test_extension.py b/tempest/api/identity/v2/test_extension.py
deleted file mode 100644
index 13555bd..0000000
--- a/tempest/api/identity/v2/test_extension.py
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright 2014 NEC Corporation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class ExtensionTestJSON(base.BaseIdentityV2Test):
- """Test extensions in identity v2 API"""
-
- @decorators.idempotent_id('85f3f661-f54c-4d48-b563-72ae952b9383')
- def test_list_extensions(self):
- """List all the identity extensions via v2 API"""
- body = self.non_admin_client.list_extensions()['extensions']['values']
- self.assertNotEmpty(body)
- keys = ['name', 'updated', 'alias', 'links',
- 'namespace', 'description']
- for value in body:
- for key in keys:
- self.assertIn(key, value)
diff --git a/tempest/api/identity/v2/test_tenants.py b/tempest/api/identity/v2/test_tenants.py
deleted file mode 100644
index 1752b65..0000000
--- a/tempest/api/identity/v2/test_tenants.py
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class IdentityTenantsTest(base.BaseIdentityV2Test):
- """Test listing tenants in identity v2 API"""
-
- credentials = ['primary', 'alt']
-
- @decorators.idempotent_id('ecae2459-243d-4ba1-ad02-65f15dc82b78')
- def test_list_tenants_returns_only_authorized_tenants(self):
- """Test listing tenants only returns authorized tenants via v2 API"""
- alt_tenant_name = self.os_alt.credentials.tenant_name
- resp = self.non_admin_tenants_client.list_tenants()
-
- # check that user can see only that tenants that he presents in so user
- # can successfully authenticate using his credentials and tenant name
- # from received tenants list
- for tenant in resp['tenants']:
- body = self.non_admin_token_client.auth(
- self.os_primary.credentials.username,
- self.os_primary.credentials.password,
- tenant['name'])
- self.assertNotEmpty(body['token']['id'])
- self.assertEqual(body['token']['tenant']['id'], tenant['id'])
- self.assertEqual(body['token']['tenant']['name'], tenant['name'])
- self.assertEqual(
- body['user']['id'], self.os_primary.credentials.user_id)
-
- # check that user cannot log in to alt user's tenant
- self.assertRaises(
- lib_exc.Unauthorized,
- self.non_admin_token_client.auth,
- self.os_primary.credentials.username,
- self.os_primary.credentials.password,
- alt_tenant_name)
diff --git a/tempest/api/identity/v2/test_tokens.py b/tempest/api/identity/v2/test_tokens.py
deleted file mode 100644
index d3776b8..0000000
--- a/tempest/api/identity/v2/test_tokens.py
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo_utils import timeutils
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class TokensTest(base.BaseIdentityV2Test):
- """Test tokens in identity v2 API"""
-
- @decorators.idempotent_id('65ae3b78-91ff-467b-a705-f6678863b8ec')
- def test_create_token(self):
- """Test creating token for user via v2 API"""
- token_client = self.non_admin_token_client
-
- # get a token for the user
- creds = self.os_primary.credentials
- username = creds.username
- password = creds.password
- tenant_name = creds.tenant_name
-
- body = token_client.auth(username, password, tenant_name)
-
- self.assertNotEmpty(body['token']['id'])
- self.assertIsInstance(body['token']['id'], str)
-
- now = timeutils.utcnow()
- expires_at = timeutils.normalize_time(
- timeutils.parse_isotime(body['token']['expires']))
- self.assertGreater(expires_at, now)
-
- self.assertEqual(body['token']['tenant']['id'],
- creds.tenant_id)
- self.assertEqual(body['token']['tenant']['name'],
- tenant_name)
-
- self.assertEqual(body['user']['id'], creds.user_id)
diff --git a/tempest/api/identity/v2/test_users.py b/tempest/api/identity/v2/test_users.py
deleted file mode 100644
index a63b45c..0000000
--- a/tempest/api/identity/v2/test_users.py
+++ /dev/null
@@ -1,112 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import time
-
-import testtools
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions
-
-
-CONF = config.CONF
-
-
-class IdentityUsersTest(base.BaseIdentityV2Test):
- """Test user password in identity v2 API"""
-
- @classmethod
- def resource_setup(cls):
- super(IdentityUsersTest, cls).resource_setup()
- cls.creds = cls.os_primary.credentials
- cls.username = cls.creds.username
- cls.password = cls.creds.password
- cls.tenant_name = cls.creds.tenant_name
-
- def _update_password(self, user_id, original_password, password):
- self.non_admin_users_client.update_user_own_password(
- user_id, password=password, original_password=original_password)
-
- # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
- # Keystone should only be precise to the second. Sleep to ensure
- # we are passing the second boundary.
- time.sleep(1)
-
- # check authorization with new password
- self.non_admin_token_client.auth(self.username,
- password,
- self.tenant_name)
-
- # Reset auth to get a new token with the new password
- self.non_admin_users_client.auth_provider.clear_auth()
- self.non_admin_users_client.auth_provider.credentials.password = (
- password)
-
- def _restore_password(self, user_id, old_pass, new_pass):
- if CONF.identity_feature_enabled.security_compliance:
- # First we need to clear the password history
- unique_count = CONF.identity.user_unique_last_password_count
- for _ in range(unique_count):
- random_pass = data_utils.rand_password()
- self._update_password(
- user_id, original_password=new_pass, password=random_pass)
- new_pass = random_pass
-
- self._update_password(
- user_id, original_password=new_pass, password=old_pass)
- # Reset auth again to verify the password restore does work.
- # Clear auth restores the original credentials and deletes
- # cached auth data
- self.non_admin_users_client.auth_provider.clear_auth()
- # NOTE(lbragstad): Fernet tokens are not subsecond aware and
- # Keystone should only be precise to the second. Sleep to ensure we
- # are passing the second boundary before attempting to
- # authenticate.
- time.sleep(1)
- self.non_admin_users_client.auth_provider.set_auth()
-
- @decorators.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
- @testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
- 'Skipped because environment has an '
- 'immutable user source and solely '
- 'provides read-only access to users.')
- def test_user_update_own_password(self):
- """test updating user's own password via v2 API"""
- old_pass = self.creds.password
- old_token = self.non_admin_users_client.token
- new_pass = data_utils.rand_password()
- user_id = self.creds.user_id
-
- # to change password back. important for use_dynamic_credentials=false
- self.addCleanup(self._restore_password, user_id, old_pass, new_pass)
-
- # user updates own password
- self._update_password(
- user_id, original_password=old_pass, password=new_pass)
-
- # authorize with old token should lead to Unauthorized
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_token_client.auth_token,
- old_token)
-
- # authorize with old password should lead to Unauthorized
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_token_client.auth,
- self.username,
- old_pass,
- self.tenant_name)
diff --git a/tempest/api/image/base.py b/tempest/api/image/base.py
index 89d5f91..0cc088a 100644
--- a/tempest/api/image/base.py
+++ b/tempest/api/image/base.py
@@ -100,10 +100,9 @@
"""Create Image & stage image file for glance-direct import method."""
image_name = data_utils.rand_name('test-image')
container_format = CONF.image.container_formats[0]
- disk_format = CONF.image.disk_formats[0]
image = self.create_image(name=image_name,
container_format=container_format,
- disk_format=disk_format,
+ disk_format='raw',
visibility='private')
self.assertEqual('queued', image['status'])
diff --git a/tempest/api/image/v2/test_images.py b/tempest/api/image/v2/test_images.py
index e468e32..5bb8eef 100644
--- a/tempest/api/image/v2/test_images.py
+++ b/tempest/api/image/v2/test_images.py
@@ -76,7 +76,7 @@
'%s import method' % method)
def _stage_and_check(self):
- image = self._create_image()
+ image = self._create_image(disk_format='raw')
# Stage image data
file_content = data_utils.random_bytes()
image_file = io.BytesIO(file_content)
@@ -131,7 +131,7 @@
self.assertEqual(image['id'], body['id'])
self.assertEqual('queued', body['status'])
# import image from web to backend
- image_uri = CONF.image.http_image
+ image_uri = CONF.image.http_qcow2_image
self.client.image_import(image['id'], method='web-download',
import_params={'uri': image_uri})
waiters.wait_for_image_imported_to_stores(self.client, image['id'])
diff --git a/tempest/api/image/v2/test_images_dependency.py b/tempest/api/image/v2/test_images_dependency.py
new file mode 100644
index 0000000..41611bb
--- /dev/null
+++ b/tempest/api/image/v2/test_images_dependency.py
@@ -0,0 +1,135 @@
+# Copyright 2024 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import io
+
+from oslo_log import log as logging
+
+from tempest.api.compute import base as compute_base
+from tempest.api.image import base as image_base
+from tempest.common import utils
+from tempest.common import waiters
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
+from tempest.scenario import manager
+
+CONF = config.CONF
+LOG = logging.getLogger(__name__)
+
+
+class ImageDependencyTests(image_base.BaseV2ImageTest,
+ compute_base.BaseV2ComputeTest,
+ manager.ScenarioTest):
+ """Test image, instance, and snapshot dependency.
+
+ The tests create image and remove the base image that other snapshots
+ were depend on.In OpenStack, images and snapshots should be separate,
+ but in some configurations like Glance with Ceph storage,
+ there were cases where images couldn't be removed.
+ This was fixed in glance store for RBD backend.
+
+ * Dependency scenarios:
+ - image > instance -> snapshot dependency
+
+ NOTE: volume -> image dependencies tests are in cinder-tempest-plugin
+ """
+
+ @classmethod
+ def skip_checks(cls):
+ super(ImageDependencyTests, cls).skip_checks()
+ if not CONF.volume_feature_enabled.enable_volume_image_dep_tests:
+ skip_msg = (
+ "%s Volume/image dependency tests "
+ "not enabled" % (cls.__name__))
+ raise cls.skipException(skip_msg)
+
+ def _create_instance_snapshot(self, bfv=False):
+ """Create instance from image and then snapshot the instance."""
+ # Create image and store data to image
+ source = 'volume' if bfv else 'image'
+ image_name = data_utils.rand_name(
+ prefix=CONF.resource_name_prefix,
+ name='image-dependency-test')
+ image = self.create_image(name=image_name,
+ container_format='bare',
+ disk_format='raw',
+ visibility='private')
+ file_content = data_utils.random_bytes()
+ image_file = io.BytesIO(file_content)
+ self.client.store_image_file(image['id'], image_file)
+ waiters.wait_for_image_status(
+ self.client, image['id'], 'active')
+ if bfv:
+ # Create instance
+ instance = self.create_test_server(
+ name='instance-depend-image',
+ image_id=image['id'],
+ volume_backed=True,
+ wait_until='ACTIVE')
+ else:
+ # Create instance
+ instance = self.create_test_server(
+ name='instance-depend-image',
+ image_id=image['id'],
+ wait_until='ACTIVE')
+ LOG.info("Instance from %s is created %s", source, instance)
+ instance_observed = \
+ self.servers_client.show_server(instance['id'])['server']
+ # Create instance snapshot
+ snapshot_instance = self.create_server_snapshot(
+ server=instance_observed)
+ LOG.info("Instance snapshot is created %s", snapshot_instance)
+ return image['id'], snapshot_instance['id']
+
+ @decorators.idempotent_id('d19b0731-e98e-4103-8b0e-02f651b8f586')
+ @utils.services('compute')
+ def test_nova_image_snapshot_dependency(self):
+ """Test with image > instance > snapshot dependency.
+
+ Create instance snapshot and check if we able to delete base
+ image
+
+ """
+ base_image_id, snapshot_image_id = self._create_instance_snapshot()
+ self.client.delete_image(base_image_id)
+ self.client.wait_for_resource_deletion(base_image_id)
+ images_list = self.client.list_images()['images']
+ fetched_images_id = [img['id'] for img in images_list]
+ self.assertNotIn(base_image_id, fetched_images_id)
+ self.assertIn(snapshot_image_id, fetched_images_id)
+
+ @utils.services('compute', 'volume')
+ @decorators.idempotent_id('f0c8a35d-8f8f-443c-8bcb-85a9c0f87d19')
+ def test_image_volume_server_snapshot_dependency(self):
+ """Test with image > volume > instance > snapshot dependency.
+
+ We are going to perform the following steps in the test:
+ * Create image
+ * Create a bootable volume from Image
+ * Launch an instance from the bootable volume
+ * Take snapshot of the instance -- which creates the volume snapshot
+ * Delete the image.
+
+ This will test the dependency chain of image -> volume -> snapshot.
+ """
+ base_image_id, snapshot_image_id = self._create_instance_snapshot(
+ bfv=True)
+ self.client.delete_image(base_image_id)
+ self.client.wait_for_resource_deletion(base_image_id)
+ images_list = self.client.list_images()['images']
+ fetched_images_id = [img['id'] for img in images_list]
+ self.assertNotIn(base_image_id, fetched_images_id)
+ self.assertIn(snapshot_image_id, fetched_images_id)
diff --git a/tempest/api/network/test_networks.py b/tempest/api/network/test_networks.py
index fd93779..b1fba2d 100644
--- a/tempest/api/network/test_networks.py
+++ b/tempest/api/network/test_networks.py
@@ -389,17 +389,20 @@
# belong to other tests and their state may have changed during this
# test
body = self.subnets_client.list_subnets(network_id=public_network_id)
+ extensions = [
+ ext['alias'] for ext in
+ self.network_extensions_client.list_extensions()['extensions']]
+ is_sen_ext = 'subnet-external-network' in extensions
# check subnet visibility of external_network
- if external_network['shared']:
- self.assertNotEmpty(body['subnets'], "Subnets should be visible "
- "for shared public network %s"
- % public_network_id)
+ if external_network['shared'] or is_sen_ext:
+ self.assertNotEmpty(body['subnets'],
+ 'Subnets should be visible for shared or '
+ 'external networks %s' % public_network_id)
else:
- self.assertEmpty(body['subnets'], "Subnets should not be visible "
- "for non-shared public "
- "network %s"
- % public_network_id)
+ self.assertEmpty(body['subnets'],
+ 'Subnets should not be visible for non-shared or'
+ 'non-external networks %s' % public_network_id)
@decorators.idempotent_id('c72c1c0c-2193-4aca-ccc4-b1442640bbbb')
@utils.requires_ext(extension="standard-attr-description",
diff --git a/tempest/clients.py b/tempest/clients.py
index e432120..6707429 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -183,30 +183,6 @@
self.placement.ResourceProvidersClient()
def _set_identity_clients(self):
- # Clients below use the admin endpoint type of Keystone API v2
- params_v2_admin = {
- 'endpoint_type': CONF.identity.v2_admin_endpoint_type}
- self.endpoints_client = self.identity_v2.EndpointsClient(
- **params_v2_admin)
- self.identity_client = self.identity_v2.IdentityClient(
- **params_v2_admin)
- self.tenants_client = self.identity_v2.TenantsClient(
- **params_v2_admin)
- self.roles_client = self.identity_v2.RolesClient(**params_v2_admin)
- self.users_client = self.identity_v2.UsersClient(**params_v2_admin)
- self.identity_services_client = self.identity_v2.ServicesClient(
- **params_v2_admin)
-
- # Clients below use the public endpoint type of Keystone API v2
- params_v2_public = {
- 'endpoint_type': CONF.identity.v2_public_endpoint_type}
- self.identity_public_client = self.identity_v2.IdentityClient(
- **params_v2_public)
- self.tenants_public_client = self.identity_v2.TenantsClient(
- **params_v2_public)
- self.users_public_client = self.identity_v2.UsersClient(
- **params_v2_public)
-
# Clients below use the endpoint type of Keystone API v3, which is set
# in endpoint_type
params_v3 = {'endpoint_type': CONF.identity.v3_endpoint_type}
@@ -251,16 +227,6 @@
self.identity_limits_client = \
self.identity_v3.LimitsClient(**params_v3)
- # Token clients do not use the catalog. They only need default_params.
- # They read auth_url, so they should only be set if the corresponding
- # API version is marked as enabled
- if CONF.identity_feature_enabled.api_v2:
- if CONF.identity.uri:
- self.token_client = self.identity_v2.TokenClient(
- auth_url=CONF.identity.uri)
- else:
- msg = 'Identity v2 API enabled, but no identity.uri set'
- raise lib_exc.InvalidConfiguration(msg)
if CONF.identity_feature_enabled.api_v3:
if CONF.identity.uri_v3:
self.token_v3_client = self.identity_v3.V3TokenClient(
diff --git a/tempest/common/waiters.py b/tempest/common/waiters.py
index d65b491..e249f35 100644
--- a/tempest/common/waiters.py
+++ b/tempest/common/waiters.py
@@ -103,7 +103,8 @@
old_task_state = task_state
-def wait_for_server_termination(client, server_id, ignore_error=False):
+def wait_for_server_termination(client, server_id, ignore_error=False,
+ request_id=None):
"""Waits for server to reach termination."""
try:
body = client.show_server(server_id)['server']
@@ -126,9 +127,13 @@
'/'.join((server_status, str(task_state))),
time.time() - start_time)
if server_status == 'ERROR' and not ignore_error:
- raise lib_exc.DeleteErrorException(
- "Server %s failed to delete and is in ERROR status" %
- server_id)
+ details = ("Server %s failed to delete and is in ERROR status." %
+ server_id)
+ if 'fault' in body:
+ details += ' Fault: %s.' % body['fault']
+ if request_id:
+ details += ' Server delete request ID: %s.' % request_id
+ raise lib_exc.DeleteErrorException(details, server_id=server_id)
if server_status == 'SOFT_DELETED':
# Soft-deleted instances need to be forcibly deleted to
diff --git a/tempest/config.py b/tempest/config.py
index 7d3b034..0fcc71c 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -128,12 +128,18 @@
'TLS (https) server certificate.'),
cfg.URIOpt('uri',
schemes=['http', 'https'],
+ deprecated_for_removal=True,
+ deprecated_reason='The identity v2 API tests were removed '
+ 'and this option has no effect',
help="Full URI of the OpenStack Identity API (Keystone), v2"),
cfg.URIOpt('uri_v3',
schemes=['http', 'https'],
help='Full URI of the OpenStack Identity API (Keystone), v3'),
cfg.StrOpt('auth_version',
default='v3',
+ deprecated_for_removal=True,
+ deprecated_reason='Identity v2 API was removed and v3 is '
+ 'the only available identity API version now',
help="Identity API version to be used for authentication "
"for API tests."),
cfg.StrOpt('region',
@@ -146,12 +152,16 @@
default='adminURL',
choices=['public', 'admin', 'internal',
'publicURL', 'adminURL', 'internalURL'],
+ deprecated_for_removal=True,
+ deprecated_reason='This option has no effect',
help="The admin endpoint type to use for OpenStack Identity "
"(Keystone) API v2"),
cfg.StrOpt('v2_public_endpoint_type',
default='publicURL',
choices=['public', 'admin', 'internal',
'publicURL', 'adminURL', 'internalURL'],
+ deprecated_for_removal=True,
+ deprecated_reason='This option has no effect',
help="The public endpoint type to use for OpenStack Identity "
"(Keystone) API v2"),
cfg.StrOpt('v3_endpoint_type',
@@ -234,19 +244,22 @@
'impersonation enabled'),
cfg.BoolOpt('api_v2',
default=False,
- help='Is the v2 identity API enabled',
deprecated_for_removal=True,
- deprecated_reason='The identity v2.0 API was removed in the '
- 'Queens release. Tests that exercise the '
- 'v2.0 API will be removed from tempest in '
- 'the v22.0.0 release. They are kept only to '
- 'test stable branches.'),
+ deprecated_reason='The identity v2 API tests were removed '
+ 'and this option has no effect',
+ help='Is the v2 identity API enabled'),
cfg.BoolOpt('api_v2_admin',
default=True,
- help="Is the v2 identity admin API available? This setting "
- "only applies if api_v2 is set to True."),
+ deprecated_for_removal=True,
+ deprecated_reason='The identity v2 API tests were removed '
+ 'and this option has no effect',
+ help="Is the v2 identity admin API available?"),
cfg.BoolOpt('api_v3',
default=True,
+ deprecated_for_removal=True,
+ deprecated_reason='Identity v2 API was removed and v3 is '
+ 'the only available identity API version '
+ 'now',
help='Is the v3 identity API enabled'),
cfg.ListOpt('api_extensions',
default=['all'],
@@ -644,12 +657,17 @@
cfg.BoolOpt('image_caching_enabled',
default=False,
help=("Flag to enable if caching is enabled by image "
- "service, operator should set this parameter to True"
+ "service, operator should set this parameter to True "
"if 'image_cache_dir' is set in glance-api.conf")),
cfg.StrOpt('http_image',
- default='http://download.cirros-cloud.net/0.3.1/'
- 'cirros-0.3.1-x86_64-uec.tar.gz',
+ default='http://download.cirros-cloud.net/0.6.2/'
+ 'cirros-0.6.2-x86_64-uec.tar.gz',
help='http accessible image'),
+ cfg.StrOpt('http_qcow2_image',
+ default='http://download.cirros-cloud.net/0.6.2/'
+ 'cirros-0.6.2-x86_64-disk.img',
+ help='http qcow2 accessible image which will be used '
+ 'for image conversion if enabled.'),
cfg.IntOpt('build_timeout',
default=300,
help="Timeout in seconds to wait for an image to "
@@ -659,11 +677,11 @@
help="Time in seconds between image operation status "
"checks."),
cfg.ListOpt('container_formats',
- default=['ami', 'ari', 'aki', 'bare', 'ovf', 'ova'],
+ default=['bare', 'ami', 'ari', 'aki', 'ovf', 'ova'],
help="A list of image's container formats "
"users can specify."),
cfg.ListOpt('disk_formats',
- default=['ami', 'ari', 'aki', 'vhd', 'vmdk', 'raw', 'qcow2',
+ default=['qcow2', 'raw', 'ami', 'ari', 'aki', 'vhd', 'vmdk',
'vdi', 'iso', 'vhdx'],
help="A list of image's disk formats "
"users can specify.")
@@ -927,8 +945,8 @@
"connect_method=floating."),
cfg.StrOpt('ssh_key_type',
default='ecdsa',
- help='Type of key to use for ssh connections. '
- 'Valid types are rsa, ecdsa'),
+ choices=['ecdsa', 'rsa'],
+ help='Type of key to use for ssh connections.'),
cfg.FloatOpt('allowed_network_downtime',
default=5.0,
help="Allowed VM network connection downtime during live "
@@ -1080,7 +1098,10 @@
default=None,
help='Volume types used for data volumes. Multiple volume '
'types can be assigned.'),
-
+ cfg.BoolOpt('enable_volume_image_dep_tests',
+ default=True,
+ help='Run tests for dependencies between images, volumes'
+ 'and instance snapshots')
]
@@ -1185,7 +1206,7 @@
default='icmp',
choices=('icmp', 'tcp', 'udp'),
help='The protocol used in security groups tests to check '
- 'connectivity.'),
+ 'connectivity.')
]
diff --git a/tempest/lib/common/rest_client.py b/tempest/lib/common/rest_client.py
index 4f9e9ba..b656b7a 100644
--- a/tempest/lib/common/rest_client.py
+++ b/tempest/lib/common/rest_client.py
@@ -46,6 +46,8 @@
JSONSCHEMA_VALIDATOR = jsonschema_validator.JSONSCHEMA_VALIDATOR
FORMAT_CHECKER = jsonschema_validator.FORMAT_CHECKER
+RESOURCE_LIST_JSON = "resource_list.json"
+
class RestClient(object):
"""Unified OpenStack RestClient class
@@ -1045,7 +1047,7 @@
data[res_type].update({res_dict.get('name'): ""})
self.rec_rw_lock.acquire_write_lock()
- with open("resource_list.json", 'w+') as f:
+ with open(RESOURCE_LIST_JSON, 'w+') as f:
f.write(json.dumps(data, indent=2, separators=(',', ': ')))
self.rec_rw_lock.release_write_lock()
@@ -1059,7 +1061,7 @@
self.rec_rw_lock.acquire_read_lock()
try:
- with open('resource_list.json', 'rb') as f:
+ with open(RESOURCE_LIST_JSON, 'rb') as f:
data = json.load(f)
except IOError:
data = {}
diff --git a/tempest/lib/services/placement/placement_client.py b/tempest/lib/services/placement/placement_client.py
index 216ac08..f272cbf 100644
--- a/tempest/lib/services/placement/placement_client.py
+++ b/tempest/lib/services/placement/placement_client.py
@@ -49,3 +49,39 @@
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
+
+ def list_traits(self, **params):
+ """API ref https://docs.openstack.org/api-ref/placement/#traits
+ """
+ url = "/traits"
+ if params:
+ url += '?%s' % urllib.urlencode(params)
+ resp, body = self.get(url)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
+ def show_trait(self, name, **params):
+ url = "/traits"
+ if params:
+ url += '?%s' % urllib.urlencode(params)
+ resp, body = self.get(url)
+ body = json.loads(body)
+ self.expected_success(200, resp.status)
+ return rest_client.ResponseBody(resp, body)
+ url = f"{url}/{name}"
+ resp, _ = self.get(url)
+ self.expected_success(204, resp.status)
+ return resp.status
+
+ def create_trait(self, name, **params):
+ url = f"/traits/{name}"
+ json_body = json.dumps(params)
+ resp, _ = self.put(url, body=json_body)
+ return resp.status
+
+ def delete_trait(self, name):
+ url = f"/traits/{name}"
+ resp, _ = self.delete(url)
+ self.expected_success(204, resp.status)
+ return resp.status
diff --git a/tempest/lib/services/placement/resource_providers_client.py b/tempest/lib/services/placement/resource_providers_client.py
index 3214053..a336500 100644
--- a/tempest/lib/services/placement/resource_providers_client.py
+++ b/tempest/lib/services/placement/resource_providers_client.py
@@ -121,3 +121,29 @@
resp, body = self.delete(url)
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
+
+ def list_resource_provider_traits(self, rp_uuid, **kwargs):
+ """https://docs.openstack.org/api-ref/placement/#resource-provider-traits
+ """
+ url = f"/resource_providers/{rp_uuid}/traits"
+ if kwargs:
+ url += '?%s' % urllib.urlencode(kwargs)
+ resp, body = self.get(url)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
+ def update_resource_provider_traits(self, rp_uuid, **kwargs):
+ url = f"/resource_providers/{rp_uuid}/traits"
+ data = json.dumps(kwargs)
+ resp, body = self.put(url, data)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
+ def delete_resource_provider_traits(self, rp_uuid):
+ url = f"/resource_providers/{rp_uuid}/traits"
+ resp, body = self.delete(url)
+ self.expected_success(204, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
diff --git a/tempest/scenario/test_instances_with_cinder_volumes.py b/tempest/scenario/test_instances_with_cinder_volumes.py
index a907acd..b9ac2c8 100644
--- a/tempest/scenario/test_instances_with_cinder_volumes.py
+++ b/tempest/scenario/test_instances_with_cinder_volumes.py
@@ -181,21 +181,24 @@
server=server
)
+ server_name = server['name'].split('-')[-1]
+
# run write test on all volumes
for volume in attached_volumes:
- # get the mount path
- dev_name = volume['attachments'][0]['device'][5:]
-
# dev name volume['attachments'][0]['device'][5:] is like
# /dev/vdb, we need to remove /dev/ -> first 5 chars
+ dev_name = volume['attachments'][0]['device'][5:]
+
+ mount_path = f"/mnt/{server_name}"
+
timestamp_before = self.create_timestamp(
ssh_ip, private_key=keypair['private_key'], server=server,
- dev_name=dev_name,
+ dev_name=dev_name, mount_path=mount_path,
)
timestamp_after = self.get_timestamp(
ssh_ip, private_key=keypair['private_key'], server=server,
- dev_name=dev_name,
+ dev_name=dev_name, mount_path=mount_path,
)
self.assertEqual(timestamp_before, timestamp_after)
diff --git a/tempest/test.py b/tempest/test.py
index 173bfab..85a6c36 100644
--- a/tempest/test.py
+++ b/tempest/test.py
@@ -31,7 +31,6 @@
from tempest.lib.common import fixed_network
from tempest.lib.common import profiler
from tempest.lib.common import validation_resources as vr
-from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
LOG = logging.getLogger(__name__)
@@ -39,11 +38,6 @@
CONF = config.CONF
-attr = debtcollector.moves.moved_function(
- decorators.attr, 'attr', __name__,
- version='Pike', removal_version='?')
-
-
at_exit_set = set()
diff --git a/tempest/tests/lib/common/test_rest_client.py b/tempest/tests/lib/common/test_rest_client.py
index 9bc6f60..0d1660c 100644
--- a/tempest/tests/lib/common/test_rest_client.py
+++ b/tempest/tests/lib/common/test_rest_client.py
@@ -14,6 +14,7 @@
import copy
from unittest import mock
+from unittest.mock import patch
import fixtures
import jsonschema
@@ -755,103 +756,124 @@
def setUp(self):
self.fake_http = fake_http.fake_httplib2()
super(TestRecordResources, self).setUp()
-
- def _cleanup_test_resource_record(self):
- # clear resource_list.json file
- with open('resource_list.json', 'w') as f:
- f.write('{}')
+ self.rest_client.rec_rw_lock = mock.MagicMock()
def test_post_record_resources(self):
- self.rest_client.record_resources = True
- __, return_dict = self.rest_client.post(self.url, {}, {})
- self.assertEqual({}, return_dict['headers'])
- self.assertEqual({}, return_dict['body'])
-
- def test_resource_record_no_top_key(self):
- test_body_no_key = b'{}'
- self.rest_client.resource_record(test_body_no_key)
+ with patch('builtins.open', mock.mock_open(read_data=b'{}')):
+ self.rest_client.record_resources = True
+ __, return_dict = self.rest_client.post(self.url, {}, {})
+ self.assertEqual({}, return_dict['headers'])
+ self.assertEqual({}, return_dict['body'])
def test_resource_record_dict(self):
- test_dict_body = b'{"project": {"id": "test-id", "name": ""}}\n'
- self.rest_client.resource_record(test_dict_body)
+ mock_resource_list_1 = mock.mock_open(read_data=b'{}')
+ mock_resource_list_2 = mock.mock_open(
+ read_data=b'{"projects": {"test-id": ""}}')
- with open('resource_list.json', 'r') as f:
- content = f.read()
- resource_list_content = json.loads(content)
+ with patch('builtins.open') as mock_open_func:
+ mock_open_func.side_effect = [
+ mock_resource_list_1.return_value,
+ mock_resource_list_2.return_value
+ ]
- test_resource_list = {
- "projects": {"test-id": ""}
- }
- self.assertEqual(resource_list_content, test_resource_list)
+ test_dict_body = b'{"project": {"id": "test-id", "name": ""}}\n'
+ self.rest_client.resource_record(test_dict_body)
- # cleanup
- self._cleanup_test_resource_record()
+ content = mock_resource_list_2().read()
+ resource_list_2 = json.loads(content)
+ test_resource_list_2 = {
+ "projects": {"test-id": ""}
+ }
+ self.assertEqual(resource_list_2, test_resource_list_2)
def test_resource_record_list(self):
- test_list_body = '''{
- "user": [
- {
- "id": "test-uuid",
- "name": "test-name"
- },
- {
- "id": "test-uuid2",
- "name": "test-name2"
- }
+ mock_content_2 = b'{"users": {"test-uuid": "test-name"}}'
+ mock_content_3 = (
+ b'{"users": {"test-uuid": "test-name",'
+ b'"test-uuid2": "test-name2"}}'
+ )
+
+ mock_resource_list_1 = mock.mock_open(read_data=b'{}')
+ mock_resource_list_2 = mock.mock_open(read_data=mock_content_2)
+ mock_resource_list_3 = mock.mock_open(read_data=mock_content_3)
+
+ with patch('builtins.open') as mock_open_func:
+ mock_open_func.side_effect = [
+ mock_resource_list_1.return_value,
+ mock_resource_list_2.return_value,
+ mock_resource_list_3.return_value
]
- }'''
- test_list_body = test_list_body.encode('utf-8')
- self.rest_client.resource_record(test_list_body)
- with open('resource_list.json', 'r') as f:
- content = f.read()
- resource_list_content = json.loads(content)
+ test_list_body = '''{
+ "user": [
+ {
+ "id": "test-uuid",
+ "name": "test-name"
+ },
+ {
+ "id": "test-uuid2",
+ "name": "test-name2"
+ }
+ ]
+ }'''
+ test_list_body = test_list_body.encode('utf-8')
+ self.rest_client.resource_record(test_list_body)
- test_resource_list = {
- "users": {
- "test-uuid": "test-name",
- "test-uuid2": "test-name2"
+ content_2 = mock_resource_list_2().read()
+ resource_list_2 = json.loads(content_2)
+
+ test_resource_list_2 = {
+ "users": {
+ "test-uuid": "test-name"
+ }
}
- }
- self.assertEqual(resource_list_content, test_resource_list)
+ self.assertEqual(resource_list_2, test_resource_list_2)
- # cleanup
- self._cleanup_test_resource_record()
+ content_3 = mock_resource_list_3().read()
+ resource_list_3 = json.loads(content_3)
+
+ test_resource_list_3 = {
+ "users": {
+ "test-uuid": "test-name",
+ "test-uuid2": "test-name2"
+ }
+ }
+ self.assertEqual(resource_list_3, test_resource_list_3)
def test_resource_update_id(self):
data = {}
res_dict = {'id': 'test-uuid', 'name': 'test-name'}
- self.rest_client.rec_rw_lock = mock.MagicMock()
- self.rest_client.resource_update(data, 'user', res_dict)
- result = {'users': {'test-uuid': 'test-name'}}
- self.assertEqual(data, result)
+ with patch('builtins.open', mock.mock_open(read_data=b'{}')):
+ self.rest_client.resource_update(data, 'user', res_dict)
+ result = {'users': {'test-uuid': 'test-name'}}
+ self.assertEqual(data, result)
def test_resource_update_name(self):
data = {'keypairs': {}}
res_dict = {'name': 'test-keypair'}
- self.rest_client.rec_rw_lock = mock.MagicMock()
- self.rest_client.resource_update(data, 'keypair', res_dict)
- result = {'keypairs': {'test-keypair': ""}}
- self.assertEqual(data, result)
+ with patch('builtins.open', mock.mock_open(read_data=b'{}')):
+ self.rest_client.resource_update(data, 'keypair', res_dict)
+ result = {'keypairs': {'test-keypair': ""}}
+ self.assertEqual(data, result)
def test_resource_update_no_id(self):
data = {}
res_dict = {'type': 'test', 'description': 'example'}
- self.rest_client.rec_rw_lock = mock.MagicMock()
- self.rest_client.resource_update(data, 'projects', res_dict)
- result = {'projects': {}}
- self.assertEqual(data, result)
+ with patch('builtins.open', mock.mock_open(read_data=b'{}')):
+ self.rest_client.resource_update(data, 'projects', res_dict)
+ result = {'projects': {}}
+ self.assertEqual(data, result)
def test_resource_update_not_dict(self):
data = {}
res_dict = 'test-string'
- self.rest_client.rec_rw_lock = mock.MagicMock()
- self.rest_client.resource_update(data, 'user', res_dict)
- self.assertEqual(data, {})
+ with patch('builtins.open', mock.mock_open(read_data=b'{}')):
+ self.rest_client.resource_update(data, 'user', res_dict)
+ self.assertEqual(data, {})
class TestResponseBody(base.TestCase):
diff --git a/tempest/tests/lib/services/placement/test_placement_client.py b/tempest/tests/lib/services/placement/test_placement_client.py
index 1396a85..bb57bb0 100644
--- a/tempest/tests/lib/services/placement/test_placement_client.py
+++ b/tempest/tests/lib/services/placement/test_placement_client.py
@@ -87,3 +87,77 @@
def test_list_allocations_with_bytes_body(self):
self._test_list_allocations(bytes_body=True)
+
+ FAKE_ALL_TRAITS = {
+ "traits": [
+ "CUSTOM_HW_FPGA_CLASS1",
+ "CUSTOM_HW_FPGA_CLASS2",
+ "CUSTOM_HW_FPGA_CLASS3"
+ ]
+ }
+
+ FAKE_ASSOCIATED_TRAITS = {
+ "traits": [
+ "CUSTOM_HW_FPGA_CLASS1",
+ "CUSTOM_HW_FPGA_CLASS2"
+ ]
+ }
+
+ def test_list_traits(self):
+ self.check_service_client_function(
+ self.client.list_traits,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ self.FAKE_ALL_TRAITS)
+
+ self.check_service_client_function(
+ self.client.list_traits,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ self.FAKE_ASSOCIATED_TRAITS,
+ **{
+ "associated": "true"
+ })
+
+ self.check_service_client_function(
+ self.client.list_traits,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ self.FAKE_ALL_TRAITS,
+ **{
+ "associated": "true",
+ "name": "startswith:CUSTOM_HW_FPGPA"
+ })
+
+ def test_show_traits(self):
+ self.check_service_client_function(
+ self.client.show_trait,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ 204, status=204,
+ name="CUSTOM_HW_FPGA_CLASS1")
+
+ self.check_service_client_function(
+ self.client.show_trait,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ 404, status=404,
+ # trait with this name does not exists
+ name="CUSTOM_HW_FPGA_CLASS4")
+
+ def test_create_traits(self):
+ self.check_service_client_function(
+ self.client.create_trait,
+ 'tempest.lib.common.rest_client.RestClient.put',
+ 204, status=204,
+ # try to create trait with existing name
+ name="CUSTOM_HW_FPGA_CLASS1")
+
+ self.check_service_client_function(
+ self.client.create_trait,
+ 'tempest.lib.common.rest_client.RestClient.put',
+ 201, status=201,
+ # create new trait
+ name="CUSTOM_HW_FPGA_CLASS4")
+
+ def test_delete_traits(self):
+ self.check_service_client_function(
+ self.client.delete_trait,
+ 'tempest.lib.common.rest_client.RestClient.delete',
+ 204, status=204,
+ name="CUSTOM_HW_FPGA_CLASS1")
diff --git a/tempest/tests/lib/services/placement/test_resource_providers_client.py b/tempest/tests/lib/services/placement/test_resource_providers_client.py
index 2871395..399f323 100644
--- a/tempest/tests/lib/services/placement/test_resource_providers_client.py
+++ b/tempest/tests/lib/services/placement/test_resource_providers_client.py
@@ -204,3 +204,40 @@
def test_show_resource_provider_usages_with_with_bytes_body(self):
self._test_list_resource_provider_inventories(bytes_body=True)
+
+ FAKE_ALL_RESOURCE_PROVIDER_TRAITS = {
+ "resource_provider_generation": 0,
+ "traits": [
+ "CUSTOM_HW_FPGA_CLASS1",
+ "CUSTOM_HW_FPGA_CLASS2"
+ ]
+ }
+ FAKE_NEW_RESOURCE_PROVIDER_TRAITS = {
+ "resource_provider_generation": 1,
+ "traits": [
+ "CUSTOM_HW_FPGA_CLASS1",
+ "CUSTOM_HW_FPGA_CLASS2"
+ ]
+ }
+
+ def test_list_resource_provider_traits(self):
+ self.check_service_client_function(
+ self.client.list_resource_provider_traits,
+ 'tempest.lib.common.rest_client.RestClient.get',
+ self.FAKE_ALL_RESOURCE_PROVIDER_TRAITS,
+ rp_uuid=self.FAKE_RESOURCE_PROVIDER_UUID)
+
+ def test_update_resource_provider_traits(self):
+ self.check_service_client_function(
+ self.client.update_resource_provider_traits,
+ 'tempest.lib.common.rest_client.RestClient.put',
+ self.FAKE_NEW_RESOURCE_PROVIDER_TRAITS,
+ rp_uuid=self.FAKE_RESOURCE_PROVIDER_UUID,
+ **self.FAKE_NEW_RESOURCE_PROVIDER_TRAITS)
+
+ def test_delete_resource_provider_traits(self):
+ self.check_service_client_function(
+ self.client.delete_resource_provider_traits,
+ 'tempest.lib.common.rest_client.RestClient.delete',
+ self.FAKE_ALL_RESOURCE_PROVIDER_TRAITS, status=204,
+ rp_uuid=self.FAKE_RESOURCE_PROVIDER_UUID)
diff --git a/tox.ini b/tox.ini
index fcdf6ff..e3c8fcf 100644
--- a/tox.ini
+++ b/tox.ini
@@ -197,7 +197,7 @@
# tests listed in exclude-list file:
commands =
find . -type f -name "*.pyc" -delete
- tempest run --regex {[testenv:integrated-compute]regex1} --exclude-list ./tools/tempest-integrated-gate-compute-exclude-list.txt {posargs}
+ tempest run --slowest --regex {[testenv:integrated-compute]regex1} --exclude-list ./tools/tempest-integrated-gate-compute-exclude-list.txt {posargs}
tempest run --combine --serial --slowest --regex {[testenv:integrated-compute]regex2} --exclude-list ./tools/tempest-integrated-gate-compute-exclude-list.txt {posargs}
[testenv:integrated-placement]
diff --git a/zuul.d/integrated-gate.yaml b/zuul.d/integrated-gate.yaml
index 2fd6e36..1343a7c 100644
--- a/zuul.d/integrated-gate.yaml
+++ b/zuul.d/integrated-gate.yaml
@@ -65,6 +65,10 @@
branches:
regex: ^.*/(victoria|wallaby)$
negate: true
+ # NOTE(sean-k-mooney): this job and its descendants frequently times out
+ # run on rax-* providers with a timeout of 2 hours. temporary increase
+ # the timeout to 2.5 hours.
+ timeout: 9000
description: |
Base integration test with Neutron networking, horizon, swift enable,
and py3.
@@ -78,6 +82,8 @@
# end up 6 in upstream CI. Higher concurrency means high parallel
# requests to services and can cause more oom issues. To avoid the
# oom issue, setting the concurrency to 4 in this job.
+ # NOTE(sean-k-mooney): now that we use zswap we should be able to
+ # increase the concurrency to 6.
tempest_concurrency: 4
tox_envlist: integrated-full
devstack_localrc:
@@ -133,11 +139,18 @@
This job runs integration tests for compute. This is
subset of 'tempest-full-py3' job and run Nova, Neutron, Cinder (except backup tests)
and Glance related tests. This is meant to be run on Nova gate only.
+ # NOTE(sean-k-mooney): this job and its descendants frequently times out
+ # when run on rax-* providers, recent optimizations have reduced the
+ # runtime of the job but it still times out. temporary increase the
+ # timeout to 2.5 hours.
+ timeout: 9000
vars:
# NOTE(gmann): Default concurrency is higher (number of cpu -2) which
# end up 6 in upstream CI. Higher concurrency means high parallel
# requests to services and can cause more oom issues. To avoid the
# oom issue, setting the concurrency to 4 in this job.
+ # NOTE(sean-k-mooney): now that we use zswap we should be able to
+ # increase the concurrency to 6.
tempest_concurrency: 4
tox_envlist: integrated-compute
tempest_exclude_regex: ""