Merge "add role negative tests"
diff --git a/tempest/api/identity/admin/test_roles.py b/tempest/api/identity/admin/test_roles.py
index 543cd91..8205d15 100644
--- a/tempest/api/identity/admin/test_roles.py
+++ b/tempest/api/identity/admin/test_roles.py
@@ -16,8 +16,7 @@
# under the License.
from tempest.api.identity import base
-from tempest.common.utils.data_utils import rand_name
-from tempest import exceptions
+from tempest.common.utils import data_utils
from tempest.test import attr
@@ -28,7 +27,8 @@
def setUpClass(cls):
super(RolesTestJSON, cls).setUpClass()
for _ in xrange(5):
- resp, role = cls.client.create_role(rand_name('role-'))
+ role_name = data_utils.rand_name(name='role-')
+ resp, role = cls.client.create_role(role_name)
cls.data.roles.append(role)
def _get_role_params(self):
@@ -55,23 +55,9 @@
self.assertEqual(len(found), len(self.data.roles))
@attr(type='gate')
- def test_list_roles_by_unauthorized_user(self):
- # Non-administrator user should not be able to list roles
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.list_roles)
-
- @attr(type='gate')
- def test_list_roles_request_without_token(self):
- # Request to list roles without a valid token should fail
- token = self.client.get_auth()
- self.client.delete_token(token)
- self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
- self.client.clear_auth()
-
- @attr(type='gate')
def test_role_create_delete(self):
# Role should be created, verified, and deleted
- role_name = rand_name('role-test-')
+ role_name = data_utils.rand_name(name='role-test-')
resp, body = self.client.create_role(role_name)
self.assertIn('status', resp)
self.assertTrue(resp['status'].startswith('2'))
@@ -90,23 +76,6 @@
self.assertFalse(any(found))
@attr(type='gate')
- def test_role_create_blank_name(self):
- # Should not be able to create a role with a blank name
- self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
-
- @attr(type='gate')
- def test_role_create_duplicate(self):
- # Role names should be unique
- role_name = rand_name('role-dup-')
- resp, body = self.client.create_role(role_name)
- role1_id = body.get('id')
- self.assertIn('status', resp)
- self.assertTrue(resp['status'].startswith('2'))
- self.addCleanup(self.client.delete_role, role1_id)
- self.assertRaises(exceptions.Conflict, self.client.create_role,
- role_name)
-
- @attr(type='gate')
def test_assign_user_role(self):
# Assign a role to a user on a tenant
(user, tenant, role) = self._get_role_params()
@@ -115,55 +84,6 @@
self.assert_role_in_role_list(role, roles)
@attr(type='gate')
- def test_assign_user_role_by_unauthorized_user(self):
- # Non-administrator user should not be authorized to
- # assign a role to user
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.assign_user_role,
- tenant['id'], user['id'], role['id'])
-
- @attr(type='gate')
- def test_assign_user_role_request_without_token(self):
- # Request to assign a role to a user without a valid token
- (user, tenant, role) = self._get_role_params()
- token = self.client.get_auth()
- self.client.delete_token(token)
- self.assertRaises(exceptions.Unauthorized,
- self.client.assign_user_role, tenant['id'],
- user['id'], role['id'])
- self.client.clear_auth()
-
- @attr(type='gate')
- def test_assign_user_role_for_non_existent_user(self):
- # Attempt to assign a role to a non existent user should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
- tenant['id'], 'junk-user-id-999', role['id'])
-
- @attr(type='gate')
- def test_assign_user_role_for_non_existent_role(self):
- # Attempt to assign a non existent role to user should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
- tenant['id'], user['id'], 'junk-role-id-12345')
-
- @attr(type='gate')
- def test_assign_user_role_for_non_existent_tenant(self):
- # Attempt to assign a role on a non existent tenant should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
- 'junk-tenant-1234', user['id'], role['id'])
-
- @attr(type='gate')
- def test_assign_duplicate_user_role(self):
- # Duplicate user role should not get assigned
- (user, tenant, role) = self._get_role_params()
- self.client.assign_user_role(tenant['id'], user['id'], role['id'])
- self.assertRaises(exceptions.Conflict, self.client.assign_user_role,
- tenant['id'], user['id'], role['id'])
-
- @attr(type='gate')
def test_remove_user_role(self):
# Remove a role assigned to a user on a tenant
(user, tenant, role) = self._get_role_params()
@@ -174,62 +94,6 @@
self.assertEqual(resp['status'], '204')
@attr(type='gate')
- def test_remove_user_role_by_unauthorized_user(self):
- # Non-administrator user should not be authorized to
- # remove a user's role
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.remove_user_role,
- tenant['id'], user['id'], role['id'])
-
- @attr(type='gate')
- def test_remove_user_role_request_without_token(self):
- # Request to remove a user's role without a valid token
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- token = self.client.get_auth()
- self.client.delete_token(token)
- self.assertRaises(exceptions.Unauthorized,
- self.client.remove_user_role, tenant['id'],
- user['id'], role['id'])
- self.client.clear_auth()
-
- @attr(type='gate')
- def test_remove_user_role_non_existant_user(self):
- # Attempt to remove a role from a non existent user should fail
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
- tenant['id'], 'junk-user-id-123', role['id'])
-
- @attr(type='gate')
- def test_remove_user_role_non_existant_role(self):
- # Attempt to delete a non existent role from a user should fail
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
- tenant['id'], user['id'], 'junk-user-role-123')
-
- @attr(type='gate')
- def test_remove_user_role_non_existant_tenant(self):
- # Attempt to remove a role from a non existent tenant should fail
- (user, tenant, role) = self._get_role_params()
- resp, user_role = self.client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
- 'junk-tenant-id-123', user['id'], role['id'])
-
- @attr(type='gate')
def test_list_user_roles(self):
# List roles assigned to a user on tenant
(user, tenant, role) = self._get_role_params()
@@ -237,36 +101,6 @@
resp, roles = self.client.list_user_roles(tenant['id'], user['id'])
self.assert_role_in_role_list(role, roles)
- @attr(type='gate')
- def test_list_user_roles_by_unauthorized_user(self):
- # Non-administrator user should not be authorized to list
- # a user's roles
- (user, tenant, role) = self._get_role_params()
- self.client.assign_user_role(tenant['id'], user['id'], role['id'])
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_client.list_user_roles, tenant['id'],
- user['id'])
-
- @attr(type='gate')
- def test_list_user_roles_request_without_token(self):
- # Request to list user's roles without a valid token should fail
- (user, tenant, role) = self._get_role_params()
- token = self.client.get_auth()
- self.client.delete_token(token)
- try:
- self.assertRaises(exceptions.Unauthorized,
- self.client.list_user_roles, tenant['id'],
- user['id'])
- finally:
- self.client.clear_auth()
-
- @attr(type='gate')
- def test_list_user_roles_for_non_existent_user(self):
- # Attempt to list roles of a non existent user should fail
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
- tenant['id'], 'junk-role-aabbcc11')
-
class RolesTestXML(RolesTestJSON):
_interface = 'xml'
diff --git a/tempest/api/identity/admin/test_roles_negative.py b/tempest/api/identity/admin/test_roles_negative.py
new file mode 100644
index 0000000..83d1d4d
--- /dev/null
+++ b/tempest/api/identity/admin/test_roles_negative.py
@@ -0,0 +1,262 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 Huawei Technologies Co.,LTD.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import uuid
+
+from tempest.api.identity import base
+from tempest.common.utils import data_utils
+from tempest import exceptions
+from tempest.test import attr
+
+
+class RolesNegativeTestJSON(base.BaseIdentityAdminTest):
+ _interface = 'json'
+
+ def _get_role_params(self):
+ self.data.setup_test_user()
+ self.data.setup_test_role()
+ user = self.get_user_by_name(self.data.test_user)
+ tenant = self.get_tenant_by_name(self.data.test_tenant)
+ role = self.get_role_by_name(self.data.test_role)
+ return (user, tenant, role)
+
+ @attr(type=['negative', 'gate'])
+ def test_list_roles_by_unauthorized_user(self):
+ # Non-administrator user should not be able to list roles
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.list_roles)
+
+ @attr(type=['negative', 'gate'])
+ def test_list_roles_request_without_token(self):
+ # Request to list roles without a valid token should fail
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized, self.client.list_roles)
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_role_create_blank_name(self):
+ # Should not be able to create a role with a blank name
+ self.assertRaises(exceptions.BadRequest, self.client.create_role, '')
+
+ @attr(type=['negative', 'gate'])
+ def test_create_role_by_unauthorized_user(self):
+ # Non-administrator user should not be able to create role
+ role_name = data_utils.rand_name(name='role-')
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.create_role, role_name)
+
+ @attr(type=['negative', 'gate'])
+ def test_create_role_request_without_token(self):
+ # Request to create role without a valid token should fail
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ role_name = data_utils.rand_name(name='role-')
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.create_role, role_name)
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_role_create_duplicate(self):
+ # Role names should be unique
+ role_name = data_utils.rand_name(name='role-dup-')
+ resp, body = self.client.create_role(role_name)
+ role1_id = body.get('id')
+ self.assertIn('status', resp)
+ self.assertTrue(resp['status'].startswith('2'))
+ self.addCleanup(self.client.delete_role, role1_id)
+ self.assertRaises(exceptions.Conflict, self.client.create_role,
+ role_name)
+
+ @attr(type=['negative', 'gate'])
+ def test_delete_role_by_unauthorized_user(self):
+ # Non-administrator user should not be able to delete role
+ role_name = data_utils.rand_name(name='role-')
+ resp, body = self.client.create_role(role_name)
+ self.assertEqual(200, resp.status)
+ self.data.roles.append(body)
+ role_id = body.get('id')
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.delete_role, role_id)
+
+ @attr(type=['negative', 'gate'])
+ def test_delete_role_request_without_token(self):
+ # Request to delete role without a valid token should fail
+ role_name = data_utils.rand_name(name='role-')
+ resp, body = self.client.create_role(role_name)
+ self.assertEqual(200, resp.status)
+ self.data.roles.append(body)
+ role_id = body.get('id')
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.delete_role,
+ role_id)
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_delete_role_non_existent(self):
+ # Attempt to delete a non existent role should fail
+ non_existent_role = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.delete_role,
+ non_existent_role)
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_by_unauthorized_user(self):
+ # Non-administrator user should not be authorized to
+ # assign a role to user
+ (user, tenant, role) = self._get_role_params()
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.assign_user_role,
+ tenant['id'], user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_request_without_token(self):
+ # Request to assign a role to a user without a valid token
+ (user, tenant, role) = self._get_role_params()
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.assign_user_role, tenant['id'],
+ user['id'], role['id'])
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_for_non_existent_user(self):
+ # Attempt to assign a role to a non existent user should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_user = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
+ tenant['id'], non_existent_user, role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_for_non_existent_role(self):
+ # Attempt to assign a non existent role to user should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_role = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
+ tenant['id'], user['id'], non_existent_role)
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_user_role_for_non_existent_tenant(self):
+ # Attempt to assign a role on a non existent tenant should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_tenant = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.assign_user_role,
+ non_existent_tenant, user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_assign_duplicate_user_role(self):
+ # Duplicate user role should not get assigned
+ (user, tenant, role) = self._get_role_params()
+ self.client.assign_user_role(tenant['id'], user['id'], role['id'])
+ self.assertRaises(exceptions.Conflict, self.client.assign_user_role,
+ tenant['id'], user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_by_unauthorized_user(self):
+ # Non-administrator user should not be authorized to
+ # remove a user's role
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.remove_user_role,
+ tenant['id'], user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_request_without_token(self):
+ # Request to remove a user's role without a valid token
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.remove_user_role, tenant['id'],
+ user['id'], role['id'])
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_non_existant_user(self):
+ # Attempt to remove a role from a non existent user should fail
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ non_existant_user = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
+ tenant['id'], non_existant_user, role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_non_existant_role(self):
+ # Attempt to delete a non existent role from a user should fail
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ non_existant_role = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
+ tenant['id'], user['id'], non_existant_role)
+
+ @attr(type=['negative', 'gate'])
+ def test_remove_user_role_non_existant_tenant(self):
+ # Attempt to remove a role from a non existent tenant should fail
+ (user, tenant, role) = self._get_role_params()
+ resp, user_role = self.client.assign_user_role(tenant['id'],
+ user['id'],
+ role['id'])
+ non_existant_tenant = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.remove_user_role,
+ non_existant_tenant, user['id'], role['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_list_user_roles_by_unauthorized_user(self):
+ # Non-administrator user should not be authorized to list
+ # a user's roles
+ (user, tenant, role) = self._get_role_params()
+ self.client.assign_user_role(tenant['id'], user['id'], role['id'])
+ self.assertRaises(exceptions.Unauthorized,
+ self.non_admin_client.list_user_roles, tenant['id'],
+ user['id'])
+
+ @attr(type=['negative', 'gate'])
+ def test_list_user_roles_request_without_token(self):
+ # Request to list user's roles without a valid token should fail
+ (user, tenant, role) = self._get_role_params()
+ token = self.client.get_auth()
+ self.client.delete_token(token)
+ try:
+ self.assertRaises(exceptions.Unauthorized,
+ self.client.list_user_roles, tenant['id'],
+ user['id'])
+ finally:
+ self.client.clear_auth()
+
+ @attr(type=['negative', 'gate'])
+ def test_list_user_roles_for_non_existent_user(self):
+ # Attempt to list roles of a non existent user should fail
+ (user, tenant, role) = self._get_role_params()
+ non_existent_user = str(uuid.uuid4().hex)
+ self.assertRaises(exceptions.NotFound, self.client.list_user_roles,
+ tenant['id'], non_existent_user)
+
+
+class RolesTestXML(RolesNegativeTestJSON):
+ _interface = 'xml'