Added test_list_tenants non-admin test for v2, v3 api/identity
test_list_tenant test uses non-admin user's token and public
(non-admin) Identity API v2/v3 client to make a request to list
tenants as a user action. Test checks that user can see only
that tenants that he was bound to and cannot log in to tenant
that is not in his list.
Added 2 tests:
* test_list_tenants_returns_only_authorized_tenants to
api/identity/v2/test_tokens.py
* test_list_projects_returns_only_authorized_projects to
api/identity/v3/test_projects.py
Change-Id: Iabf3a474e70f87bc494d87d6333d668d52de2968
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 7b23e66..ada292f 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -77,7 +77,7 @@
@classmethod
def setup_clients(cls):
super(BaseIdentityV2Test, cls).setup_clients()
- cls.non_admin_client = cls.os.identity_client
+ cls.non_admin_client = cls.os.identity_public_client
cls.non_admin_token_client = cls.os.token_client
@classmethod
@@ -97,6 +97,7 @@
def setup_clients(cls):
super(BaseIdentityV2AdminTest, cls).setup_clients()
cls.client = cls.os_adm.identity_client
+ cls.non_admin_client = cls.os.identity_client
cls.token_client = cls.os_adm.token_client
@classmethod
diff --git a/tempest/api/identity/v2/test_tenants.py b/tempest/api/identity/v2/test_tenants.py
new file mode 100644
index 0000000..1fcff8d
--- /dev/null
+++ b/tempest/api/identity/v2/test_tenants.py
@@ -0,0 +1,50 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest_lib import exceptions as lib_exc
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class IdentityTenantsTest(base.BaseIdentityV2Test):
+
+ credentials = ['primary', 'alt']
+
+ @test.idempotent_id('ecae2459-243d-4ba1-ad02-65f15dc82b78')
+ def test_list_tenants_returns_only_authorized_tenants(self):
+ alt_tenant_name = self.alt_manager.credentials.credentials.tenant_name
+ resp = self.non_admin_client.list_tenants()
+
+ # check that user can see only that tenants that he presents in so user
+ # can successfully authenticate using his credentials and tenant name
+ # from received tenants list
+ for tenant in resp['tenants']:
+ body = self.non_admin_token_client.auth(
+ self.os.credentials.username,
+ self.os.credentials.password,
+ tenant['name'])
+ self.assertNotEmpty(body['token']['id'])
+ self.assertEqual(body['token']['tenant']['id'], tenant['id'])
+ self.assertEqual(body['token']['tenant']['name'], tenant['name'])
+ self.assertEqual(body['user']['id'], self.os.credentials.user_id)
+
+ # check that user cannot log in to alt user's tenant
+ self.assertRaises(
+ lib_exc.Unauthorized,
+ self.non_admin_token_client.auth,
+ self.os.credentials.username,
+ self.os.credentials.password,
+ alt_tenant_name)
diff --git a/tempest/api/identity/v3/test_projects.py b/tempest/api/identity/v3/test_projects.py
new file mode 100644
index 0000000..a547b06
--- /dev/null
+++ b/tempest/api/identity/v3/test_projects.py
@@ -0,0 +1,53 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest_lib import exceptions as lib_exc
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class IdentityV3ProjectsTest(base.BaseIdentityV3Test):
+
+ credentials = ['primary', 'alt']
+
+ @test.idempotent_id('86128d46-e170-4644-866a-cc487f699e1d')
+ def test_list_projects_returns_only_authorized_projects(self):
+ alt_project_name =\
+ self.alt_manager.credentials.credentials.project_name
+ resp = self.non_admin_client.list_user_projects(
+ self.os.credentials.user_id)
+
+ # check that user can see only that projects that he presents in so
+ # user can successfully authenticate using his credentials and
+ # project name from received projects list
+ for project in resp['projects']:
+ token_id, body = self.non_admin_token.get_token(
+ username=self.os.credentials.username,
+ password=self.os.credentials.password,
+ project_name=project['name'],
+ auth_data=True)
+ self.assertNotEmpty(token_id)
+ self.assertEqual(body['project']['id'], project['id'])
+ self.assertEqual(body['project']['name'], project['name'])
+ self.assertEqual(body['user']['id'], self.os.credentials.user_id)
+
+ # check that user cannot log in to alt user's project
+ self.assertRaises(
+ lib_exc.Unauthorized,
+ self.non_admin_token.get_token,
+ username=self.os.credentials.username,
+ password=self.os.credentials.password,
+ project_name=alt_project_name)