blob: 7ad932b56e8b862e534229eec5dd57adacc63430 [file] [log] [blame]
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2012 OpenStack, LLC
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from nose.plugins.attrib import attr
import unittest2 as unittest
from tempest.common.utils.data_utils import rand_name
from tempest import exceptions
from tempest.tests.identity import base
class UsersTestBase(object):
alt_user = rand_name('test_user_')
alt_password = rand_name('pass_')
alt_email = alt_user + '@testmail.tm'
alt_tenant = rand_name('test_tenant_')
alt_description = rand_name('desc_')
@attr(type='smoke')
def test_create_user(self):
# Create a user
self.data.setup_test_tenant()
resp, user = self.client.create_user(self.alt_user, self.alt_password,
self.data.tenant['id'],
self.alt_email)
self.data.users.append(user)
self.assertEqual('200', resp['status'])
self.assertEqual(self.alt_user, user['name'])
@attr(type='negative')
def test_create_user_by_unauthorized_user(self):
# Non-admin should not be authorized to create a user
self.data.setup_test_tenant()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.create_user, self.alt_user,
self.alt_password, self.data.tenant['id'],
self.alt_email)
@attr(type='negative')
def test_create_user_with_empty_name(self):
# User with an empty name should not be created
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user, '',
self.alt_password, self.data.tenant['id'],
self.alt_email)
@attr(type='negative')
def test_create_user_with_name_length_over_64(self):
# Length of user name filed should be restricted to 64 characters
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user,
'a' * 65, self.alt_password,
self.data.tenant['id'], self.alt_email)
@attr(type='negative')
def test_create_user_with_duplicate_name(self):
# Duplicate user should not be created
self.data.setup_test_user()
self.assertRaises(exceptions.Duplicate, self.client.create_user,
self.data.test_user, self.data.test_password,
self.data.tenant['id'], self.data.test_email)
@attr(type='negative')
@unittest.skip("Until Bug 999084 is fixed")
def test_create_user_with_empty_password(self):
# User with an empty password should not be created
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user,
self.alt_user, '', self.data.tenant['id'],
self.alt_email)
@attr(type='nagative')
@unittest.skip("Until Bug 999084 is fixed")
def test_create_user_with_long_password(self):
# User having password exceeding max length should not be created
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user,
self.alt_user, 'a' * 65, self.data.tenant['id'],
self.alt_email)
@attr(type='negative')
@unittest.skip("Until Bug 999084 is fixed")
def test_create_user_with_invalid_email_format(self):
# Email format should be validated while creating a user
self.data.setup_test_tenant()
self.assertRaises(exceptions.BadRequest, self.client.create_user,
self.alt_user, '', self.data.tenant['id'], '12345')
@attr(type='negative')
def test_create_user_for_non_existant_tenant(self):
# Attempt to create a user in a non-existent tenant should fail
self.assertRaises(exceptions.NotFound, self.client.create_user,
self.alt_user, self.alt_password, '49ffgg99999',
self.alt_email)
@attr(type='negative')
def test_create_user_request_without_a_token(self):
# Request to create a user without a valid token should fail
self.data.setup_test_tenant()
# Get the token of the current client
token = self.client.get_auth()
# Delete the token from database
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.create_user,
self.alt_user, self.alt_password,
self.data.tenant['id'], self.alt_email)
# Unset the token to allow further tests to generate a new token
self.client.clear_auth()
@attr(type='smoke')
def test_delete_user(self):
# Delete a user
self.data.setup_test_tenant()
resp, user = self.client.create_user('user_1234', self.alt_password,
self.data.tenant['id'],
self.alt_email)
resp, body = self.client.delete_user(user['id'])
self.assertEquals('204', resp['status'])
@attr(type='negative')
def test_delete_users_by_unauthorized_user(self):
# Non admin user should not be authorized to delete a user
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.delete_user,
self.data.user['id'])
@attr(type='negative')
def test_delete_non_existant_user(self):
# Attempt to delete a non-existent user should fail
self.assertRaises(exceptions.NotFound, self.client.delete_user,
'junk12345123')
@attr(type='smoke')
def test_user_authentication(self):
# Valid user's token is authenticated
self.data.setup_test_user()
# Get a token
self.token_client.auth(self.data.test_user, self.data.test_password,
self.data.test_tenant)
# Re-auth
resp, body = self.token_client.auth(self.data.test_user,
self.data.test_password,
self.data.test_tenant)
self.assertEqual('200', resp['status'])
@attr(type='negative')
def test_authentication_for_disabled_user(self):
# Disabled user's token should not get authenticated
self.data.setup_test_user()
self.disable_user(self.data.test_user)
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
self.data.test_tenant)
@attr(type='negative')
def test_authentication_when_tenant_is_disabled(self):
# User's token for a disabled tenant should not be authenticated
self.data.setup_test_user()
self.disable_tenant(self.data.test_tenant)
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
self.data.test_tenant)
@attr(type='negative')
def test_authentication_with_invalid_tenant(self):
# User's token for an invalid tenant should not be authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user,
self.data.test_password,
'junktenant1234')
@attr(type='negative')
def test_authentication_with_invalid_username(self):
# Non-existent user's token should not get authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
'junkuser123', self.data.test_password,
self.data.test_tenant)
@attr(type='negative')
def test_authentication_with_invalid_password(self):
# User's token with invalid password should not be authenticated
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized, self.token_client.auth,
self.data.test_user, 'junkpass1234',
self.data.test_tenant)
@attr(type='positive')
def test_authentication_request_without_token(self):
# Request for token authentication with a valid token in header
self.data.setup_test_user()
self.token_client.auth(self.data.test_user, self.data.test_password,
self.data.test_tenant)
# Get the token of the current client
token = self.client.get_auth()
# Delete the token from database
self.client.delete_token(token)
# Re-auth
resp, body = self.token_client.auth(self.data.test_user,
self.data.test_password,
self.data.test_tenant)
self.assertEqual('200', resp['status'])
self.client.clear_auth()
@attr(type='smoke')
def test_get_users(self):
# Get a list of users and find the test user
self.data.setup_test_user()
resp, users = self.client.get_users()
self.assertIn(self.data.test_user, [u['name'] for u in users],
"Could not find %s" % self.data.test_user)
@attr(type='negative')
def test_get_users_by_unauthorized_user(self):
# Non admin user should not be authorized to get user list
self.data.setup_test_user()
self.assertRaises(exceptions.Unauthorized,
self.non_admin_client.get_users)
@attr(type='negative')
def test_get_users_request_without_token(self):
# Request to get list of users without a valid token should fail
token = self.client.get_auth()
self.client.delete_token(token)
self.assertRaises(exceptions.Unauthorized, self.client.get_users)
self.client.clear_auth()
@attr(type='positive')
def test_list_users_for_tenant(self):
# Return a list of all users for a tenant
self.data.setup_test_tenant()
user_ids = list()
fetched_user_ids = list()
resp, user1 = self.client.create_user('tenant_user1', 'password1',
self.data.tenant['id'],
'user1@123')
user_ids.append(user1['id'])
self.data.users.append(user1)
resp, user2 = self.client.create_user('tenant_user2', 'password2',
self.data.tenant['id'],
'user2@123')
user_ids.append(user2['id'])
self.data.users.append(user2)
#List of users for the respective tenant ID
resp, body = self.client.list_users_for_tenant(self.data.tenant['id'])
self.assertTrue(resp['status'].startswith('2'))
for i in body:
fetched_user_ids.append(i['id'])
#verifying the user Id in the list
missing_users =\
[user for user in user_ids if user not in fetched_user_ids]
self.assertEqual(0, len(missing_users),
"Failed to find user %s in fetched list" %
', '.join(m_user for m_user in missing_users))
@attr(type='positive')
def test_list_users_with_roles_for_tenant(self):
# Return list of users on tenant when roles are assigned to users
self.data.setup_test_user()
self.data.setup_test_role()
user = self.get_user_by_name(self.data.test_user)
tenant = self.get_tenant_by_name(self.data.test_tenant)
role = self.get_role_by_name(self.data.test_role)
#Assigning roles to two users
user_ids = list()
fetched_user_ids = list()
user_ids.append(user['id'])
self.client.assign_user_role(tenant['id'], user['id'], role['id'])
resp, second_user = self.client.create_user('second_user', 'password1',
self.data.tenant['id'],
'user1@123')
user_ids.append(second_user['id'])
self.data.users.append(second_user)
self.client.assign_user_role(tenant['id'], second_user['id'],
role['id'])
#List of users with roles for the respective tenant ID
resp, body = self.client.list_users_for_tenant(self.data.tenant['id'])
self.assertTrue(resp['status'].startswith('2'))
for i in body:
fetched_user_ids.append(i['id'])
#verifying the user Id in the list
missing_users =\
[user for user in user_ids if user not in fetched_user_ids]
self.assertEqual(0, len(missing_users),
"Failed to find user %s in fetched list" %
', '.join(m_user for m_user in missing_users))
@attr(type='negative')
def test_list_users_with_invalid_tenant(self):
# Should not be able to return a list of all
# users for a nonexistant tenant
#Assign invalid tenant ids
invalid_id = list()
invalid_id.append(rand_name('999'))
invalid_id.append('alpha')
invalid_id.append(rand_name("dddd@#%%^$"))
invalid_id.append('!@#()$%^&*?<>{}[]')
#List the users with invalid tenant id
fail = list()
for invalid in invalid_id:
try:
resp, body = self.client.list_users_for_tenant(invalid)
except exceptions.NotFound:
pass
else:
fail.append(invalid)
if len(fail) != 0:
self.fail('Should raise Not Found when list users with invalid'
'tenant ids %s' % fail)
class UsersTestJSON(base.BaseIdentityAdminTestJSON,
UsersTestBase):
@classmethod
def setUpClass(cls):
super(UsersTestJSON, cls).setUpClass()
class UsersTestXML(base.BaseIdentityAdminTestXML, UsersTestBase):
@classmethod
def setUpClass(cls):
super(UsersTestXML, cls).setUpClass()