Merge "Drop identity v2 api tests"
diff --git a/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml
new file mode 100644
index 0000000..d927a68
--- /dev/null
+++ b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml
@@ -0,0 +1,23 @@
+---
+upgrade:
+ - |
+ Tests for identity v2 API have been removed.
+
+deprecations:
+ - |
+ The following options have been formally deprecated. These options were
+ used to test identity v2 API which was removed during Queens cycle.
+ The tests for identity v2 API were removed from tempest and these options
+ have no effect.
+
+ - ``[identity] uri``
+ - ``[identity] v2_admin_endpoint_type``
+ - ``[identity] v2_public_endpoint_type``
+ - ``[identity-feature-enabled] api_v2_admin``
+
+ - |
+ The following options have been deprecated because only identity v3 API
+ is used.
+
+ - ``[identity] auth_version``
+ - ``[identity-feature-enabled] api_v3``
diff --git a/tempest/api/identity/admin/v2/__init__.py b/tempest/api/identity/admin/v2/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/api/identity/admin/v2/__init__.py
+++ /dev/null
diff --git a/tempest/api/identity/admin/v2/test_endpoints.py b/tempest/api/identity/admin/v2/test_endpoints.py
deleted file mode 100644
index 20d023b..0000000
--- a/tempest/api/identity/admin/v2/test_endpoints.py
+++ /dev/null
@@ -1,97 +0,0 @@
-# Copyright 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class EndPointsTestJSON(base.BaseIdentityV2AdminTest):
- """Test keystone v2 endpoints"""
-
- @classmethod
- def resource_setup(cls):
- super(EndPointsTestJSON, cls).resource_setup()
- s_name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- s_description = data_utils.rand_name(
- name='description', prefix=CONF.resource_name_prefix)
- service_data = cls.services_client.create_service(
- name=s_name, type=s_type,
- description=s_description)['OS-KSADM:service']
- cls.addClassResourceCleanup(cls.services_client.delete_service,
- service_data['id'])
- cls.service_id = service_data['id']
- # Create endpoints so as to use for LIST and GET test cases
- cls.setup_endpoints = list()
- for _ in range(2):
- region = data_utils.rand_name(
- name='region', prefix=CONF.resource_name_prefix)
- url = data_utils.rand_url()
- endpoint = cls.endpoints_client.create_endpoint(
- service_id=cls.service_id,
- region=region,
- publicurl=url,
- adminurl=url,
- internalurl=url)['endpoint']
- cls.addClassResourceCleanup(cls.endpoints_client.delete_endpoint,
- endpoint['id'])
- # list_endpoints() will return 'enabled' field
- endpoint['enabled'] = True
- cls.setup_endpoints.append(endpoint)
-
- @decorators.idempotent_id('11f590eb-59d8-4067-8b2b-980c7f387f51')
- def test_list_endpoints(self):
- """Test listing keystone endpoints"""
- # Get a list of endpoints
- fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
- # Asserting LIST endpoints
- missing_endpoints =\
- [e for e in self.setup_endpoints if e not in fetched_endpoints]
- self.assertEmpty(missing_endpoints,
- "Failed to find endpoint %s in fetched list" %
- ', '.join(str(e) for e in missing_endpoints))
-
- @decorators.idempotent_id('9974530a-aa28-4362-8403-f06db02b26c1')
- def test_create_list_delete_endpoint(self):
- """Test creating, listing and deleting a keystone endpoint"""
- region = data_utils.rand_name(
- name='region', prefix=CONF.resource_name_prefix)
- url = data_utils.rand_url()
- endpoint = self.endpoints_client.create_endpoint(
- service_id=self.service_id,
- region=region,
- publicurl=url,
- adminurl=url,
- internalurl=url)['endpoint']
- # Asserting Create Endpoint response body
- self.assertIn('id', endpoint)
- self.assertEqual(region, endpoint['region'])
- self.assertEqual(url, endpoint['publicurl'])
- # Checking if created endpoint is present in the list of endpoints
- fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
- fetched_endpoints_id = [e['id'] for e in fetched_endpoints]
- self.assertIn(endpoint['id'], fetched_endpoints_id)
- # Deleting the endpoint created in this method
- self.endpoints_client.delete_endpoint(endpoint['id'])
- # Checking whether endpoint is deleted successfully
- fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
- fetched_endpoints_id = [e['id'] for e in fetched_endpoints]
- self.assertNotIn(endpoint['id'], fetched_endpoints_id)
diff --git a/tempest/api/identity/admin/v2/test_roles.py b/tempest/api/identity/admin/v2/test_roles.py
deleted file mode 100644
index 6d384ab..0000000
--- a/tempest/api/identity/admin/v2/test_roles.py
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class RolesTestJSON(base.BaseIdentityV2AdminTest):
-
- @classmethod
- def resource_setup(cls):
- super(RolesTestJSON, cls).resource_setup()
- cls.roles = list()
- for _ in range(5):
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- role = cls.roles_client.create_role(name=role_name)['role']
- cls.addClassResourceCleanup(
- test_utils.call_and_ignore_notfound_exc,
- cls.roles_client.delete_role, role['id'])
- cls.roles.append(role)
-
- def _get_role_params(self):
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- role = self.setup_test_role()
- return (user, tenant, role)
-
- def assert_role_in_role_list(self, role, roles):
- found = False
- for user_role in roles:
- if user_role['id'] == role['id']:
- found = True
- self.assertTrue(found, "assigned role was not in list")
-
- @decorators.idempotent_id('75d9593f-50b7-4fcf-bd64-e3fb4a278e23')
- def test_list_roles(self):
- """Return a list of all roles."""
- body = self.roles_client.list_roles()['roles']
- found = [role for role in body if role in self.roles]
- self.assertNotEmpty(found)
- self.assertEqual(len(found), len(self.roles))
-
- @decorators.idempotent_id('c62d909d-6c21-48c0-ae40-0a0760e6db5e')
- def test_role_create_delete(self):
- """Role should be created, verified, and deleted."""
- role_name = data_utils.rand_name(
- name='role-test', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.roles_client.delete_role, body['id'])
- self.assertEqual(role_name, body['name'])
-
- body = self.roles_client.list_roles()['roles']
- found = [role for role in body if role['name'] == role_name]
- self.assertNotEmpty(found)
-
- body = self.roles_client.delete_role(found[0]['id'])
-
- body = self.roles_client.list_roles()['roles']
- found = [role for role in body if role['name'] == role_name]
- self.assertEmpty(found)
-
- @decorators.idempotent_id('db6870bd-a6ed-43be-a9b1-2f10a5c9994f')
- def test_get_role_by_id(self):
- """Get a role by its id."""
- role = self.setup_test_role()
- role_id = role['id']
- role_name = role['name']
- body = self.roles_client.show_role(role_id)['role']
- self.assertEqual(role_id, body['id'])
- self.assertEqual(role_name, body['name'])
-
- @decorators.idempotent_id('0146f675-ffbd-4208-b3a4-60eb628dbc5e')
- def test_assign_user_role(self):
- """Assign a role to a user on a tenant."""
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles_on_project(
- tenant['id'], user['id'])['roles']
- self.assert_role_in_role_list(role, roles)
-
- @decorators.idempotent_id('f0b9292c-d3ba-4082-aa6c-440489beef69')
- def test_remove_user_role(self):
- """Remove a role assigned to a user on a tenant."""
- (user, tenant, role) = self._get_role_params()
- user_role = self.roles_client.create_user_role_on_project(
- tenant['id'], user['id'], role['id'])['role']
- self.roles_client.delete_role_from_user_on_project(tenant['id'],
- user['id'],
- user_role['id'])
-
- @decorators.idempotent_id('262e1e3e-ed71-4edd-a0e5-d64e83d66d05')
- def test_list_user_roles(self):
- """List roles assigned to a user on tenant."""
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles_on_project(
- tenant['id'], user['id'])['roles']
- self.assert_role_in_role_list(role, roles)
diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py
deleted file mode 100644
index 0f0466e..0000000
--- a/tempest/api/identity/admin/v2/test_roles_negative.py
+++ /dev/null
@@ -1,296 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
- """Negative tests of keystone roles via v2 API"""
-
- def _get_role_params(self):
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- role = self.setup_test_role()
- return (user, tenant, role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d5d5f1df-f8ca-4de0-b2ef-259c1cc67025')
- def test_list_roles_by_unauthorized_user(self):
- """Test Non-admin user should not be able to list roles via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.list_roles)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('11a3c7da-df6c-40c2-abc2-badd682edf9f')
- def test_list_roles_request_without_token(self):
- """Test listing roles without a valid token via v2 API should fail"""
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized, self.roles_client.list_roles)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('c0b89e56-accc-4c73-85f8-9c0f866104c1')
- def test_role_create_blank_name(self):
- """Test creating a role with a blank name via v2 API is not allowed"""
- self.assertRaises(lib_exc.BadRequest, self.roles_client.create_role,
- name='')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('585c8998-a8a4-4641-a5dd-abef7a8ced00')
- def test_create_role_by_unauthorized_user(self):
- """Test non-admin user should not be able to create role via v2 API"""
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.create_role,
- name=role_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a7edd17a-e34a-4aab-8bb7-fa6f498645b8')
- def test_create_role_request_without_token(self):
- """Test creating role without a valid token via v2 API should fail"""
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.create_role, name=role_name)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('c0cde2c8-81c1-4bb0-8fe2-cf615a3547a8')
- def test_role_create_duplicate(self):
- """Test role names should be unique via v2 API"""
- role_name = data_utils.rand_name(
- name='role-dup', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- role1_id = body.get('id')
- self.addCleanup(self.roles_client.delete_role, role1_id)
- self.assertRaises(lib_exc.Conflict, self.roles_client.create_role,
- name=role_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('15347635-b5b1-4a87-a280-deb2bd6d865e')
- def test_delete_role_by_unauthorized_user(self):
- """Test non-admin user should not be able to delete role via v2 API"""
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- self.addCleanup(self.roles_client.delete_role, body['id'])
- role_id = body.get('id')
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.delete_role, role_id)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('44b60b20-70de-4dac-beaf-a3fc2650a16b')
- def test_delete_role_request_without_token(self):
- """Test deleting role without a valid token via v2 API should fail"""
- role_name = data_utils.rand_name(
- name='role', prefix=CONF.resource_name_prefix)
- body = self.roles_client.create_role(name=role_name)['role']
- self.addCleanup(self.roles_client.delete_role, body['id'])
- role_id = body.get('id')
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.delete_role,
- role_id)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('38373691-8551-453a-b074-4260ad8298ef')
- def test_delete_role_non_existent(self):
- """Test deleting a non existent role via v2 API should fail"""
- non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.delete_role,
- non_existent_role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('391df5cf-3ec3-46c9-bbe5-5cb58dd4dc41')
- def test_assign_user_role_by_unauthorized_user(self):
- """Test non-admin user assigning a role to user via v2 API
-
- Non-admin user should not be authorized to assign a role to user via
- v2 API.
- """
- (user, tenant, role) = self._get_role_params()
- self.assertRaises(
- lib_exc.Forbidden,
- self.non_admin_roles_client.create_user_role_on_project,
- tenant['id'], user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('f0d2683c-5603-4aee-95d7-21420e87cfd8')
- def test_assign_user_role_request_without_token(self):
- """Test assigning a role to a user without a valid token via v2 API
-
- Assigning a role to a user without a valid token via v2 API should
- fail.
- """
- (user, tenant, role) = self._get_role_params()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(
- lib_exc.Unauthorized,
- self.roles_client.create_user_role_on_project, tenant['id'],
- user['id'], role['id'])
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('99b297f6-2b5d-47c7-97a9-8b6bb4f91042')
- def test_assign_user_role_for_non_existent_role(self):
- """Test assigning a non existent role to user via v2 API
-
- Assigning a non existent role to user via v2 API should fail.
- """
- (user, tenant, _) = self._get_role_params()
- non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.create_user_role_on_project,
- tenant['id'], user['id'], non_existent_role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('b2285aaa-9e76-4704-93a9-7a8acd0a6c8f')
- def test_assign_user_role_for_non_existent_tenant(self):
- """Test assigning a role on a non existent tenant via v2 API
-
- Assigning a role on a non existent tenant via v2 API should fail.
- """
- (user, _, role) = self._get_role_params()
- non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.create_user_role_on_project,
- non_existent_tenant, user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('5c3132cd-c4c8-4402-b5ea-71eb44e97793')
- def test_assign_duplicate_user_role(self):
- """Test duplicate user role should not get assigned via v2 API"""
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(lib_exc.Conflict,
- self.roles_client.create_user_role_on_project,
- tenant['id'], user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d0537987-0977-448f-a435-904c15de7298')
- def test_remove_user_role_by_unauthorized_user(self):
- """Test non-admin user removing a user's role via v2 API
-
- Non-admin user should not be authorized to remove a user's role via
- v2 API
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(
- lib_exc.Forbidden,
- self.non_admin_roles_client.delete_role_from_user_on_project,
- tenant['id'], user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('cac81cf4-c1d2-47dc-90d3-f2b7eb572286')
- def test_remove_user_role_request_without_token(self):
- """Test removing a user's role without a valid token via v2 API
-
- Removing a user's role without a valid token via v2 API should fail.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.delete_role_from_user_on_project,
- tenant['id'], user['id'], role['id'])
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('ab32d759-cd16-41f1-a86e-44405fa9f6d2')
- def test_remove_user_role_non_existent_role(self):
- """Test deleting a non existent role from a user via v2 API
-
- Deleting a non existent role from a user via v2 API should fail.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.delete_role_from_user_on_project,
- tenant['id'], user['id'], non_existent_role)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('67a679ec-03dd-4551-bbfc-d1c93284f023')
- def test_remove_user_role_non_existent_tenant(self):
- """Test removing a role from a non existent tenant via v2 API
-
- Removing a role from a non existent tenant via v2 API should fail.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound,
- self.roles_client.delete_role_from_user_on_project,
- non_existent_tenant, user['id'], role['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7391ab4c-06f3-477a-a64a-c8e55ce89837')
- def test_list_user_roles_by_unauthorized_user(self):
- """Test non-admin user listing a user's roles via v2 API
-
- Non-admin user should not be authorized to list a user's roles via v2
- API.
- """
- (user, tenant, role) = self._get_role_params()
- self.roles_client.create_user_role_on_project(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(
- lib_exc.Forbidden,
- self.non_admin_roles_client.list_user_roles_on_project,
- tenant['id'], user['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('682adfb2-fd5f-4b0a-a9ca-322e9bebb907')
- def test_list_user_roles_request_without_token(self):
- """Test listing user's roles without a valid token via v2 API
-
- Listing user's roles without a valid token via v2 API should fail
- """
- (user, tenant, _) = self._get_role_params()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- try:
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.list_user_roles_on_project,
- tenant['id'],
- user['id'])
- finally:
- self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_services.py b/tempest/api/identity/admin/v2/test_services.py
deleted file mode 100644
index 0e5d378..0000000
--- a/tempest/api/identity/admin/v2/test_services.py
+++ /dev/null
@@ -1,115 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class ServicesTestJSON(base.BaseIdentityV2AdminTest):
- """Test identity services via v2 API"""
-
- def _del_service(self, service_id):
- # Deleting the service created in this method
- self.services_client.delete_service(service_id)
- # Checking whether service is deleted successfully
- self.assertRaises(lib_exc.NotFound, self.services_client.show_service,
- service_id)
-
- @decorators.idempotent_id('84521085-c6e6-491c-9a08-ec9f70f90110')
- def test_create_get_delete_service(self):
- """Test verifies the identity service create/get/delete via v2 API"""
- # GET Service
- # Creating a Service
- name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- description = data_utils.rand_name(
- name='description', prefix=CONF.resource_name_prefix)
- service_data = self.services_client.create_service(
- name=name, type=s_type,
- description=description)['OS-KSADM:service']
- self.assertIsNotNone(service_data['id'])
- self.addCleanup(self._del_service, service_data['id'])
- # Verifying response body of create service
- self.assertIn('name', service_data)
- self.assertEqual(name, service_data['name'])
- self.assertIn('type', service_data)
- self.assertEqual(s_type, service_data['type'])
- self.assertIn('description', service_data)
- self.assertEqual(description, service_data['description'])
- # Get service
- fetched_service = (
- self.services_client.show_service(service_data['id'])
- ['OS-KSADM:service'])
- # verifying the existence of service created
- self.assertIn('id', fetched_service)
- self.assertEqual(fetched_service['id'], service_data['id'])
- self.assertIn('name', fetched_service)
- self.assertEqual(fetched_service['name'], service_data['name'])
- self.assertIn('type', fetched_service)
- self.assertEqual(fetched_service['type'], service_data['type'])
- self.assertIn('description', fetched_service)
- self.assertEqual(fetched_service['description'],
- service_data['description'])
-
- @decorators.idempotent_id('5d3252c8-e555-494b-a6c8-e11d7335da42')
- def test_create_service_without_description(self):
- """Test creating identity service without description via v2 API
-
- Create a service only with name and type.
- """
- name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- service = self.services_client.create_service(
- name=name, type=s_type)['OS-KSADM:service']
- self.assertIn('id', service)
- self.addCleanup(self._del_service, service['id'])
- self.assertIn('name', service)
- self.assertEqual(name, service['name'])
- self.assertIn('type', service)
- self.assertEqual(s_type, service['type'])
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('34ea6489-012d-4a86-9038-1287cadd5eca')
- def test_list_services(self):
- """Test Create/List/Verify/Delete of identity service via v2 API"""
- services = []
- for _ in range(3):
- name = data_utils.rand_name(
- name='service', prefix=CONF.resource_name_prefix)
- s_type = data_utils.rand_name(
- name='type', prefix=CONF.resource_name_prefix)
- description = data_utils.rand_name(
- name='description', prefix=CONF.resource_name_prefix)
-
- service = self.services_client.create_service(
- name=name, type=s_type,
- description=description)['OS-KSADM:service']
- self.addCleanup(self.services_client.delete_service, service['id'])
- services.append(service)
- service_ids = [svc['id'] for svc in services]
-
- # List and Verify Services
- body = self.services_client.list_services()['OS-KSADM:services']
- found = [serv for serv in body if serv['id'] in service_ids]
- self.assertEqual(len(found), len(services), 'Services not found')
diff --git a/tempest/api/identity/admin/v2/test_tenant_negative.py b/tempest/api/identity/admin/v2/test_tenant_negative.py
deleted file mode 100644
index 4c7c44c..0000000
--- a/tempest/api/identity/admin/v2/test_tenant_negative.py
+++ /dev/null
@@ -1,164 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
- """Negative tests of keystone tenants via v2 API"""
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('ca9bb202-63dd-4240-8a07-8ef9c19c04bb')
- def test_list_tenants_by_unauthorized_user(self):
- """Test Non-admin should not be able to list tenants via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.list_tenants)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('df33926c-1c96-4d8d-a762-79cc6b0c3cf4')
- def test_list_tenant_request_without_token(self):
- """Test listing tenants without a valid token via v2 API
-
- Listing tenants without a valid token via v2 API should fail.
- """
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.list_tenants)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('162ba316-f18b-4987-8c0c-fd9140cd63ed')
- def test_tenant_delete_by_unauthorized_user(self):
- """Test non-admin should not be able to delete a tenant via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.delete_tenant,
- tenant['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('e450db62-2e9d-418f-893a-54772d6386b1')
- def test_tenant_delete_request_without_token(self):
- """Test deleting a tenant without a valid token via v2 API
-
- Deleting a tenant without a valid token via v2 API should fail.
- """
- tenant = self.setup_test_tenant()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.delete_tenant,
- tenant['id'])
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('9c9a2aed-6e3c-467a-8f5c-89da9d1b516b')
- def test_delete_non_existent_tenant(self):
- """Test deleting a non existent tenant via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.tenants_client.delete_tenant,
- data_utils.rand_uuid_hex())
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('af16f44b-a849-46cb-9f13-a751c388f739')
- def test_tenant_create_duplicate(self):
- """Test tenant names should be unique via v2 API"""
- tenant_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- self.setup_test_tenant(name=tenant_name)
- self.assertRaises(lib_exc.Conflict, self.tenants_client.create_tenant,
- name=tenant_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d26b278a-6389-4702-8d6e-5980d80137e0')
- def test_create_tenant_by_unauthorized_user(self):
- """Test non-admin user creating a tenant via v2 API
-
- Non-admin user should not be authorized to create a tenant via v2 API.
- """
- tenant_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.create_tenant,
- name=tenant_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a3ee9d7e-6920-4dd5-9321-d4b2b7f0a638')
- def test_create_tenant_request_without_token(self):
- """Test creating tenant without a token via v2 API is not allowed"""
- tenant_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.create_tenant,
- name=tenant_name)
- self.client.auth_provider.clear_auth()
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('5a2e4ca9-b0c0-486c-9c48-64a94fba2395')
- def test_create_tenant_with_empty_name(self):
- """Test tenant name should not be empty via v2 API"""
- self.assertRaises(lib_exc.BadRequest,
- self.tenants_client.create_tenant,
- name='')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('2ff18d1e-dfe3-4359-9dc3-abf582c196b9')
- def test_create_tenants_name_length_over_64(self):
- """Test tenant name length should not exceed 64 via v2 API"""
- tenant_name = 'a' * 65
- self.assertRaises(lib_exc.BadRequest,
- self.tenants_client.create_tenant,
- name=tenant_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('bd20dc2a-9557-4db7-b755-f48d952ad706')
- def test_update_non_existent_tenant(self):
- """Test updating a non existent tenant via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.tenants_client.update_tenant,
- data_utils.rand_uuid_hex())
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('41704dc5-c5f7-4f79-abfa-76e6fedc570b')
- def test_tenant_update_by_unauthorized_user(self):
- """Test non-admin user updating a tenant via v2 API
-
- Non-admin user should not be able to update a tenant via v2 API
- """
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_tenants_client.update_tenant,
- tenant['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7a421573-72c7-4c22-a98e-ce539219c657')
- def test_tenant_update_request_without_token(self):
- """Test updating a tenant without a valid token via v2 API
-
- Updating a tenant without a valid token via v2 API should fail
- """
- tenant = self.setup_test_tenant()
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.tenants_client.update_tenant,
- tenant['id'])
- self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_tenants.py b/tempest/api/identity/admin/v2/test_tenants.py
deleted file mode 100644
index 4f674a8..0000000
--- a/tempest/api/identity/admin/v2/test_tenants.py
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class TenantsTestJSON(base.BaseIdentityV2AdminTest):
- """Test identity tenants via v2 API"""
-
- @decorators.idempotent_id('16c6e05c-6112-4b0e-b83f-5e43f221b6b0')
- def test_tenant_list_delete(self):
- """Test listing and deleting tenants via v2 API
-
- Create several tenants and delete them
- """
- tenants = []
- for _ in range(3):
- tenant = self.setup_test_tenant()
- tenants.append(tenant)
- tenant_ids = [tn['id'] for tn in tenants]
- body = self.tenants_client.list_tenants()['tenants']
- found = [t for t in body if t['id'] in tenant_ids]
- self.assertEqual(len(found), len(tenants), 'Tenants not created')
-
- for tenant in tenants:
- self.tenants_client.delete_tenant(tenant['id'])
-
- body = self.tenants_client.list_tenants()['tenants']
- found = [tenant for tenant in body if tenant['id'] in tenant_ids]
- self.assertEmpty(found, 'Tenants failed to delete')
-
- @decorators.idempotent_id('d25e9f24-1310-4d29-b61b-d91299c21d6d')
- def test_tenant_create_with_description(self):
- """Test creating tenant with a description via v2 API"""
- tenant_desc = data_utils.rand_name(
- name='desc', prefix=CONF.resource_name_prefix)
- tenant = self.setup_test_tenant(description=tenant_desc)
- tenant_id = tenant['id']
- desc1 = tenant['description']
- self.assertEqual(desc1, tenant_desc, 'Description should have '
- 'been sent in response for create')
- body = self.tenants_client.show_tenant(tenant_id)['tenant']
- desc2 = body['description']
- self.assertEqual(desc2, tenant_desc, 'Description does not appear '
- 'to be set')
- self.tenants_client.delete_tenant(tenant_id)
-
- @decorators.idempotent_id('670bdddc-1cd7-41c7-b8e2-751cfb67df50')
- def test_tenant_create_enabled(self):
- """Test creating a tenant that is enabled via v2 API"""
- tenant = self.setup_test_tenant(enabled=True)
- tenant_id = tenant['id']
- self.assertTrue(tenant['enabled'], 'Enable should be True in response')
- body = self.tenants_client.show_tenant(tenant_id)['tenant']
- self.assertTrue(body['enabled'], 'Enable should be True in lookup')
- self.tenants_client.delete_tenant(tenant_id)
-
- @decorators.idempotent_id('3be22093-b30f-499d-b772-38340e5e16fb')
- def test_tenant_create_not_enabled(self):
- """Test creating a tenant that is not enabled via v2 API"""
- tenant = self.setup_test_tenant(enabled=False)
- tenant_id = tenant['id']
- self.assertFalse(tenant['enabled'],
- 'Enable should be False in response')
- body = self.tenants_client.show_tenant(tenant_id)['tenant']
- self.assertFalse(body['enabled'],
- 'Enable should be False in lookup')
- self.tenants_client.delete_tenant(tenant_id)
-
- @decorators.idempotent_id('781f2266-d128-47f3-8bdb-f70970add238')
- def test_tenant_update_name(self):
- """Test updating name attribute of a tenant via v2 API"""
- t_name1 = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- tenant = self.setup_test_tenant(name=t_name1)
- t_id = tenant['id']
- resp1_name = tenant['name']
-
- t_name2 = data_utils.rand_name(
- name='tenant2', prefix=CONF.resource_name_prefix)
- body = self.tenants_client.update_tenant(t_id, name=t_name2)['tenant']
- resp2_name = body['name']
- self.assertNotEqual(resp1_name, resp2_name)
-
- body = self.tenants_client.show_tenant(t_id)['tenant']
- resp3_name = body['name']
-
- self.assertNotEqual(resp1_name, resp3_name)
- self.assertEqual(t_name1, resp1_name)
- self.assertEqual(resp2_name, resp3_name)
-
- self.tenants_client.delete_tenant(t_id)
-
- @decorators.idempotent_id('859fcfe1-3a03-41ef-86f9-b19a47d1cd87')
- def test_tenant_update_desc(self):
- """Test updating description attribute of a tenant via v2 API"""
- t_desc = data_utils.rand_name(
- name='desc', prefix=CONF.resource_name_prefix)
- tenant = self.setup_test_tenant(description=t_desc)
- t_id = tenant['id']
- resp1_desc = tenant['description']
-
- t_desc2 = data_utils.rand_name(
- name='desc2', prefix=CONF.resource_name_prefix)
- body = self.tenants_client.update_tenant(t_id, description=t_desc2)
- updated_tenant = body['tenant']
- resp2_desc = updated_tenant['description']
- self.assertNotEqual(resp1_desc, resp2_desc)
-
- body = self.tenants_client.show_tenant(t_id)['tenant']
- resp3_desc = body['description']
-
- self.assertNotEqual(resp1_desc, resp3_desc)
- self.assertEqual(t_desc, resp1_desc)
- self.assertEqual(resp2_desc, resp3_desc)
-
- self.tenants_client.delete_tenant(t_id)
-
- @decorators.idempotent_id('8fc8981f-f12d-4c66-9972-2bdcf2bc2e1a')
- def test_tenant_update_enable(self):
- """Test updating the enabled attribute of a tenant via v2 API"""
- t_en = False
- tenant = self.setup_test_tenant(enabled=t_en)
- t_id = tenant['id']
- resp1_en = tenant['enabled']
-
- t_en2 = True
- body = self.tenants_client.update_tenant(t_id, enabled=t_en2)
- updated_tenant = body['tenant']
- resp2_en = updated_tenant['enabled']
- self.assertNotEqual(resp1_en, resp2_en)
-
- body = self.tenants_client.show_tenant(t_id)['tenant']
- resp3_en = body['enabled']
-
- self.assertNotEqual(resp1_en, resp3_en)
- self.assertFalse(tenant['enabled'])
- self.assertEqual(resp2_en, resp3_en)
-
- self.tenants_client.delete_tenant(t_id)
diff --git a/tempest/api/identity/admin/v2/test_tokens.py b/tempest/api/identity/admin/v2/test_tokens.py
deleted file mode 100644
index 78a2aad..0000000
--- a/tempest/api/identity/admin/v2/test_tokens.py
+++ /dev/null
@@ -1,143 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class TokensTestJSON(base.BaseIdentityV2AdminTest):
- """Test keystone tokens via v2 API"""
-
- @decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586')
- def test_create_check_get_delete_token(self):
- """Test getting create/check/get/delete token for user via v2 API"""
- # get a token by username and password
- user_name = data_utils.rand_name(
- name='user', prefix=CONF.resource_name_prefix)
- user_password = data_utils.rand_password()
- # first:create a tenant
- tenant = self.setup_test_tenant()
- # second:create a user
- user = self.create_test_user(name=user_name,
- password=user_password,
- tenantId=tenant['id'],
- email='')
- # then get a token for the user
- body = self.token_client.auth(user_name,
- user_password,
- tenant['name'])
- self.assertEqual(body['token']['tenant']['name'],
- tenant['name'])
- # Perform GET Token
- token_id = body['token']['id']
- self.client.check_token_existence(token_id)
- token_details = self.client.show_token(token_id)['access']
- self.assertEqual(token_id, token_details['token']['id'])
- self.assertEqual(user['id'], token_details['user']['id'])
- self.assertEqual(user_name, token_details['user']['name'])
- self.assertEqual(tenant['name'],
- token_details['token']['tenant']['name'])
- # then delete the token
- self.client.delete_token(token_id)
- self.assertRaises(lib_exc.NotFound,
- self.client.check_token_existence,
- token_id)
-
- @decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e')
- def test_rescope_token(self):
- """Test an unscoped token can be requested via v2 API
-
- That token can be used to request a scoped token.
- """
-
- # Create a user.
- user_name = data_utils.rand_name(
- name='user', prefix=CONF.resource_name_prefix)
- user_password = data_utils.rand_password()
- tenant_id = None # No default tenant so will get unscoped token.
- user = self.create_test_user(name=user_name,
- password=user_password,
- tenantId=tenant_id,
- email='')
-
- # Create a couple tenants.
- tenant1_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- tenant1 = self.setup_test_tenant(name=tenant1_name)
-
- tenant2_name = data_utils.rand_name(
- name='tenant', prefix=CONF.resource_name_prefix)
- tenant2 = self.setup_test_tenant(name=tenant2_name)
-
- # Create a role
- role = self.setup_test_role()
-
- # Grant the user the role on the tenants.
- self.roles_client.create_user_role_on_project(tenant1['id'],
- user['id'],
- role['id'])
-
- self.roles_client.create_user_role_on_project(tenant2['id'],
- user['id'],
- role['id'])
-
- # Get an unscoped token.
- body = self.token_client.auth(user_name, user_password)
-
- token_id = body['token']['id']
-
- # Use the unscoped token to get a token scoped to tenant1
- body = self.token_client.auth_token(token_id,
- tenant=tenant1_name)
-
- scoped_token_id = body['token']['id']
-
- # Revoke the scoped token
- self.client.delete_token(scoped_token_id)
-
- # Use the unscoped token to get a token scoped to tenant2
- body = self.token_client.auth_token(token_id,
- tenant=tenant2_name)
-
- @decorators.idempotent_id('ca3ea6f7-ed08-4a61-adbd-96906456ad31')
- def test_list_endpoints_for_token(self):
- """Test listing endpoints for token via v2 API"""
- tempest_services = ['keystone', 'nova', 'neutron', 'swift', 'cinder',
- 'neutron']
- # get a token for the user
- creds = self.os_primary.credentials
- username = creds.username
- password = creds.password
- tenant_name = creds.tenant_name
- token = self.token_client.auth(username,
- password,
- tenant_name)['token']
- endpoints = self.client.list_endpoints_for_token(
- token['id'])['endpoints']
- self.assertIsInstance(endpoints, list)
- # Store list of service names
- service_names = [e['name'] for e in endpoints]
- # Get the list of available services. Keystone is always available.
- available_services = [s[0] for s in list(
- CONF.service_available.items()) if s[1] is True] + ['keystone']
- # Verify that all available services are present.
- for service in tempest_services:
- if service in available_services:
- self.assertIn(service, service_names)
diff --git a/tempest/api/identity/admin/v2/test_tokens_negative.py b/tempest/api/identity/admin/v2/test_tokens_negative.py
deleted file mode 100644
index f2e41ff..0000000
--- a/tempest/api/identity/admin/v2/test_tokens_negative.py
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 2017 AT&T Corporation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class TokensAdminTestNegative(base.BaseIdentityV2AdminTest):
- """Negative tests of keystone tokens via v2 API"""
-
- credentials = ['primary', 'admin', 'alt']
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a0a0a600-4292-4364-99c5-922c834fdf05')
- def test_check_token_existence_negative(self):
- """Test checking other tenant's token existence via v2 API
-
- Checking other tenant's token existence via v2 API should fail.
- """
- creds = self.os_primary.credentials
- creds_alt = self.os_alt.credentials
- username = creds.username
- password = creds.password
- tenant_name = creds.tenant_name
- alt_tenant_name = creds_alt.tenant_name
- body = self.token_client.auth(username, password, tenant_name)
- self.assertRaises(lib_exc.Unauthorized,
- self.client.check_token_existence,
- body['token']['id'],
- belongsTo=alt_tenant_name)
diff --git a/tempest/api/identity/admin/v2/test_users.py b/tempest/api/identity/admin/v2/test_users.py
deleted file mode 100644
index 011419e..0000000
--- a/tempest/api/identity/admin/v2/test_users.py
+++ /dev/null
@@ -1,204 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import time
-
-from testtools import matchers
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class UsersTestJSON(base.BaseIdentityV2AdminTest):
- """Test keystone users via v2 API"""
-
- @classmethod
- def resource_setup(cls):
- super(UsersTestJSON, cls).resource_setup()
- cls.alt_user = data_utils.rand_name(
- name='test_user', prefix=CONF.resource_name_prefix)
- cls.alt_email = cls.alt_user + '@testmail.tm'
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('2d55a71e-da1d-4b43-9c03-d269fd93d905')
- def test_create_user(self):
- """Test creating a user via v2 API"""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(name=self.alt_user, tenantId=tenant['id'])
- self.assertEqual(self.alt_user, user['name'])
-
- @decorators.idempotent_id('89d9fdb8-15c2-4304-a429-48715d0af33d')
- def test_create_user_with_enabled(self):
- """Test creating a user with enabled : False via v2 API"""
- tenant = self.setup_test_tenant()
- name = data_utils.rand_name(
- name='test_user', prefix=CONF.resource_name_prefix)
- user = self.create_test_user(name=name,
- tenantId=tenant['id'],
- email=self.alt_email,
- enabled=False)
- self.assertEqual(name, user['name'])
- self.assertEqual(False, user['enabled'])
- self.assertEqual(self.alt_email, user['email'])
-
- @decorators.idempotent_id('39d05857-e8a5-4ed4-ba83-0b52d3ab97ee')
- def test_update_user(self):
- """Test updating user attributes via v2 API"""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(tenantId=tenant['id'])
-
- # Updating user details with new values
- u_name2 = data_utils.rand_name(
- name='user2', prefix=CONF.resource_name_prefix)
- u_email2 = u_name2 + '@testmail.tm'
- update_user = self.users_client.update_user(user['id'], name=u_name2,
- email=u_email2,
- enabled=False)['user']
- self.assertEqual(u_name2, update_user['name'])
- self.assertEqual(u_email2, update_user['email'])
- self.assertEqual(False, update_user['enabled'])
- # GET by id after updating
- updated_user = self.users_client.show_user(user['id'])['user']
- # Assert response body of GET after updating
- self.assertEqual(u_name2, updated_user['name'])
- self.assertEqual(u_email2, updated_user['email'])
- self.assertEqual(False, update_user['enabled'])
-
- @decorators.idempotent_id('29ed26f4-a74e-4425-9a85-fdb49fa269d2')
- def test_delete_user(self):
- """Test deleting a user via v2 API"""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(tenantId=tenant['id'])
- self.users_client.delete_user(user['id'])
-
- @decorators.idempotent_id('aca696c3-d645-4f45-b728-63646045beb1')
- def test_user_authentication(self):
- """Test that valid user's token is authenticated via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- # Get a token
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
- # Re-auth
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
-
- @decorators.idempotent_id('5d1fa498-4c2d-4732-a8fe-2b054598cfdd')
- def test_authentication_request_without_token(self):
- """Test authentication request without token via v2 API"""
- # Request for token authentication with a valid token in header
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
- # Re-auth
- self.token_client.auth(user['name'],
- password,
- tenant['name'])
- self.client.auth_provider.clear_auth()
-
- @decorators.idempotent_id('a149c02e-e5e0-4b89-809e-7e8faf33ccda')
- def test_get_users(self):
- """Test getting users via v2 API
-
- Get a list of users and find the test user
- """
- user = self.setup_test_user()
- users = self.users_client.list_users()['users']
- self.assertThat([u['name'] for u in users],
- matchers.Contains(user['name']),
- "Could not find %s" % user['name'])
-
- @decorators.idempotent_id('6e317209-383a-4bed-9f10-075b7c82c79a')
- def test_list_users_for_tenant(self):
- """Test returning a list of all users for a tenant via v2 API"""
- tenant = self.setup_test_tenant()
- user_ids = list()
- fetched_user_ids = list()
- user1 = self.create_test_user(tenantId=tenant['id'])
- user_ids.append(user1['id'])
- user2 = self.create_test_user(tenantId=tenant['id'])
- user_ids.append(user2['id'])
- # List of users for the respective tenant ID
- body = (self.tenants_client.list_tenant_users(tenant['id'])
- ['users'])
- for i in body:
- fetched_user_ids.append(i['id'])
- # verifying the user Id in the list
- missing_users =\
- [user for user in user_ids if user not in fetched_user_ids]
- self.assertEmpty(missing_users,
- "Failed to find user %s in fetched list" %
- ', '.join(m_user for m_user in missing_users))
-
- @decorators.idempotent_id('a8b54974-40e1-41c0-b812-50fc90827971')
- def test_list_users_with_roles_for_tenant(self):
- """Test listing users on tenant with roles assigned via v2 API"""
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- role = self.setup_test_role()
- # Assigning roles to two users
- user_ids = list()
- fetched_user_ids = list()
- user_ids.append(user['id'])
- role = self.roles_client.create_user_role_on_project(
- tenant['id'], user['id'], role['id'])['role']
-
- second_user = self.create_test_user(tenantId=tenant['id'])
- user_ids.append(second_user['id'])
- role = self.roles_client.create_user_role_on_project(
- tenant['id'], second_user['id'], role['id'])['role']
- # List of users with roles for the respective tenant ID
- body = (self.tenants_client.list_tenant_users(tenant['id'])['users'])
- for i in body:
- fetched_user_ids.append(i['id'])
- # verifying the user Id in the list
- missing_users = [missing_user for missing_user in user_ids
- if missing_user not in fetched_user_ids]
- self.assertEmpty(missing_users,
- "Failed to find user %s in fetched list" %
- ', '.join(m_user for m_user in missing_users))
-
- @decorators.idempotent_id('1aeb25ac-6ec5-4d8b-97cb-7ac3567a989f')
- def test_update_user_password(self):
- """Test updating of user password via v2 API"""
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- # Updating the user with new password
- new_pass = data_utils.rand_password()
- update_user = self.users_client.update_user_password(
- user['id'], password=new_pass)['user']
- self.assertEqual(update_user['id'], user['id'])
- # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
- # Keystone should only be precise to the second. Sleep to ensure
- # we are passing the second boundary.
- time.sleep(1)
- # Validate the updated password through getting a token.
- body = self.token_client.auth(user['name'], new_pass,
- tenant['name'])
- self.assertIn('id', body['token'])
diff --git a/tempest/api/identity/admin/v2/test_users_negative.py b/tempest/api/identity/admin/v2/test_users_negative.py
deleted file mode 100644
index 7ccd75c..0000000
--- a/tempest/api/identity/admin/v2/test_users_negative.py
+++ /dev/null
@@ -1,286 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class UsersNegativeTestJSON(base.BaseIdentityV2AdminTest):
- """Negative tests of identity users via v2 API"""
-
- @classmethod
- def resource_setup(cls):
- super(UsersNegativeTestJSON, cls).resource_setup()
- cls.alt_user = data_utils.rand_name(
- 'test_user', prefix=CONF.resource_name_prefix)
- cls.alt_password = data_utils.rand_password()
- cls.alt_email = cls.alt_user + '@testmail.tm'
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('60a1f5fa-5744-4cdf-82bf-60b7de2d29a4')
- def test_create_user_by_unauthorized_user(self):
- """Non-admin should not be authorized to create a user via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.create_user,
- name=self.alt_user, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d80d0c2f-4514-4d1e-806d-0930dfc5a187')
- def test_create_user_with_empty_name(self):
- """User with an empty name should not be created via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
- name='', password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7704b4f3-3b75-4b82-87cc-931d41c8f780')
- def test_create_user_with_name_length_over_255(self):
- """Length of user name should not exceed 255 via v2 API"""
- tenant = self.setup_test_tenant()
- self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
- name='a' * 256, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('57ae8558-120c-4723-9308-3751474e7ecf')
- def test_create_user_with_duplicate_name(self):
- """Duplicate user should not be created via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.assertRaises(lib_exc.Conflict, self.users_client.create_user,
- name=user['name'],
- password=password,
- tenantId=tenant['id'],
- email=user['email'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('0132cc22-7c4f-42e1-9e50-ac6aad31d59a')
- def test_create_user_for_non_existent_tenant(self):
- """Creating a user in a non-existent tenant via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.users_client.create_user,
- name=self.alt_user,
- password=self.alt_password,
- tenantId='49ffgg99999',
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('55bbb103-d1ae-437b-989b-bcdf8175c1f4')
- def test_create_user_request_without_a_token(self):
- """Creating a user without a valid token via v2 API should fail"""
- tenant = self.setup_test_tenant()
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.create_user,
- name=self.alt_user, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('23a2f3da-4a1a-41da-abdd-632328a861ad')
- def test_create_user_with_enabled_non_bool(self):
- """Creating a user with invalid enabled para via v2 API should fail"""
- tenant = self.setup_test_tenant()
- name = data_utils.rand_name(
- 'test_user', prefix=CONF.resource_name_prefix)
- self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
- name=name, password=self.alt_password,
- tenantId=tenant['id'],
- email=self.alt_email, enabled=3)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('3d07e294-27a0-4144-b780-a2a1bf6fee19')
- def test_update_user_for_non_existent_user(self):
- """Updating a non-existent user via v2 API should fail"""
- user_name = data_utils.rand_name(
- 'user', prefix=CONF.resource_name_prefix)
- non_existent_id = data_utils.rand_uuid()
- self.assertRaises(lib_exc.NotFound, self.users_client.update_user,
- non_existent_id, name=user_name)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('3cc2a64b-83aa-4b02-88f0-d6ab737c4466')
- def test_update_user_request_without_a_token(self):
- """Updating a user without a valid token via v2 API should fail"""
-
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.update_user,
- self.alt_user)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('424868d5-18a7-43e1-8903-a64f95ee3aac')
- def test_update_user_by_unauthorized_user(self):
- """Non-admin should not be authorized to update user via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.update_user,
- self.alt_user)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d45195d5-33ed-41b9-a452-7d0d6a00f6e9')
- def test_delete_users_by_unauthorized_user(self):
- """Non-admin should not be authorized to delete a user via v2 API"""
- user = self.setup_test_user()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.delete_user,
- user['id'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('7cc82f7e-9998-4f89-abae-23df36495867')
- def test_delete_non_existent_user(self):
- """Attempt to delete a non-existent user via v2 API should fail"""
- self.assertRaises(lib_exc.NotFound, self.users_client.delete_user,
- 'junk12345123')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('57fe1df8-0aa7-46c0-ae9f-c2e785c7504a')
- def test_delete_user_request_without_a_token(self):
- """Deleting a user without a valid token via v2 API should fail"""
-
- # Get the token of the current client
- token = self.client.auth_provider.get_token()
- # Delete the token from database
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.delete_user,
- self.alt_user)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('593a4981-f6d4-460a-99a1-57a78bf20829')
- def test_authentication_for_disabled_user(self):
- """Disabled user's token should not get authenticated via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.disable_user(user['name'])
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'],
- password,
- tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('440a7a8d-9328-4b7b-83e0-d717010495e4')
- def test_authentication_when_tenant_is_disabled(self):
- """Test User's token for a disabled tenant via v2 API
-
- User's token for a disabled tenant should not be authenticated via
- v2 API.
- """
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.disable_tenant(tenant['name'])
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'],
- password,
- tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('921f1ad6-7907-40b8-853f-637e7ee52178')
- def test_authentication_with_invalid_tenant(self):
- """Test User's token for an invalid tenant via v2 API
-
- User's token for an invalid tenant should not be authenticated via V2
- API.
- """
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'],
- password,
- 'junktenant1234')
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('bde9aecd-3b1c-4079-858f-beb5deaa5b5e')
- def test_authentication_with_invalid_username(self):
- """Non-existent user's token should not get authorized via v2 API"""
- password = data_utils.rand_password()
- user = self.setup_test_user(password)
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- 'junkuser123', password, tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('d5308b33-3574-43c3-8d87-1c090c5e1eca')
- def test_authentication_with_invalid_password(self):
- """Test User's token with invalid password via v2 API
-
- User's token with invalid password should not be authenticated via V2
- API.
- """
- user = self.setup_test_user()
- tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
- self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
- user['name'], 'junkpass1234', tenant['name'])
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('284192ce-fb7c-4909-a63b-9a502e0ddd11')
- def test_get_users_by_unauthorized_user(self):
- """Non-admin should not be authorized to get user list via v2 API"""
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_users_client.list_users)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('a73591ec-1903-4ffe-be42-282b39fefc9d')
- def test_get_users_request_without_token(self):
- """Listing users without a valid token via v2 API should fail"""
- token = self.client.auth_provider.get_token()
- self.client.delete_token(token)
-
- # Unset the token to allow further tests to generate a new token
- self.addCleanup(self.client.auth_provider.clear_auth)
-
- self.assertRaises(lib_exc.Unauthorized, self.users_client.list_users)
-
- @decorators.attr(type=['negative'])
- @decorators.idempotent_id('f5d39046-fc5f-425c-b29e-bac2632da28e')
- def test_list_users_with_invalid_tenant(self):
- """Listing users for a non-existent tenant via v2 API should fail"""
- # Assign invalid tenant ids
- invalid_id = list()
- invalid_id.append(data_utils.rand_name('999'))
- invalid_id.append('alpha')
- invalid_id.append(data_utils.rand_name("dddd@#%%^$"))
- invalid_id.append('!@#()$%^&*?<>{}[]')
- # List the users with invalid tenant id
- for invalid in invalid_id:
- self.assertRaises(lib_exc.NotFound,
- self.tenants_client.list_tenant_users, invalid)
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 9cdd917..811dff4 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -98,85 +98,6 @@
return role
-class BaseIdentityV2Test(BaseIdentityTest):
-
- credentials = ['primary']
-
- # identity v2 tests should obtain tokens and create accounts via v2
- # regardless of the configured CONF.identity.auth_version
- identity_version = 'v2'
-
- @classmethod
- def setup_clients(cls):
- super(BaseIdentityV2Test, cls).setup_clients()
- cls.non_admin_client = cls.os_primary.identity_public_client
- cls.non_admin_token_client = cls.os_primary.token_client
- cls.non_admin_tenants_client = cls.os_primary.tenants_public_client
- cls.non_admin_users_client = cls.os_primary.users_public_client
-
-
-class BaseIdentityV2AdminTest(BaseIdentityV2Test):
-
- credentials = ['primary', 'admin']
-
- # NOTE(andreaf) Identity tests work with credentials, so it is safer
- # for them to always use disposable credentials. Forcing dynamic creds
- # on regular identity tests would be however to restrictive, since it
- # would prevent any identity test from being executed against clouds where
- # admin credentials are not available.
- # Since All admin tests require admin credentials to be
- # executed, so this will not impact the ability to execute tests.
- force_tenant_isolation = True
-
- @classmethod
- def skip_checks(cls):
- super(BaseIdentityV2AdminTest, cls).skip_checks()
- if not CONF.identity_feature_enabled.api_v2_admin:
- raise cls.skipException('Identity v2 admin not available')
-
- @classmethod
- def setup_clients(cls):
- super(BaseIdentityV2AdminTest, cls).setup_clients()
- cls.client = cls.os_admin.identity_client
- cls.non_admin_client = cls.os_primary.identity_client
- cls.token_client = cls.os_admin.token_client
- cls.tenants_client = cls.os_admin.tenants_client
- cls.non_admin_tenants_client = cls.os_primary.tenants_client
- cls.roles_client = cls.os_admin.roles_client
- cls.non_admin_roles_client = cls.os_primary.roles_client
- cls.users_client = cls.os_admin.users_client
- cls.non_admin_users_client = cls.os_primary.users_client
- cls.services_client = cls.os_admin.identity_services_client
- cls.endpoints_client = cls.os_admin.endpoints_client
-
- @classmethod
- def resource_setup(cls):
- super(BaseIdentityV2AdminTest, cls).resource_setup()
- cls.projects_client = cls.tenants_client
-
- def setup_test_user(self, password=None):
- """Set up a test user."""
- tenant = self.setup_test_tenant()
- user = self.create_test_user(tenantId=tenant['id'], password=password)
- return user
-
- def setup_test_tenant(self, **kwargs):
- """Set up a test tenant."""
- if 'name' not in kwargs:
- kwargs['name'] = data_utils.rand_name(
- name='test_tenant',
- prefix=CONF.resource_name_prefix)
- if 'description' not in kwargs:
- kwargs['description'] = data_utils.rand_name(
- name='desc', prefix=CONF.resource_name_prefix)
- tenant = self.projects_client.create_tenant(**kwargs)['tenant']
- # Delete the tenant at the end of the test
- self.addCleanup(
- test_utils.call_and_ignore_notfound_exc,
- self.tenants_client.delete_tenant, tenant['id'])
- return tenant
-
-
class BaseIdentityV3Test(BaseIdentityTest):
credentials = ['primary']
diff --git a/tempest/api/identity/v2/__init__.py b/tempest/api/identity/v2/__init__.py
deleted file mode 100644
index e69de29..0000000
--- a/tempest/api/identity/v2/__init__.py
+++ /dev/null
diff --git a/tempest/api/identity/v2/test_api_discovery.py b/tempest/api/identity/v2/test_api_discovery.py
deleted file mode 100644
index afda104..0000000
--- a/tempest/api/identity/v2/test_api_discovery.py
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 2015 OpenStack Foundation.
-# Copyright 2015, Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class TestApiDiscovery(base.BaseIdentityV2Test):
- """Tests for identity v2 API discovery features."""
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('ea889a68-a15f-4166-bfb1-c12456eae853')
- def test_api_version_resources(self):
- """Test showing identity v2 api version resources"""
- descr = self.non_admin_client.show_api_description()['version']
- expected_resources = ('id', 'links', 'media-types', 'status',
- 'updated')
-
- keys = descr.keys()
- for res in expected_resources:
- self.assertIn(res, keys)
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('007a0be0-78fe-4fdb-bbee-e9216cc17bb2')
- def test_api_media_types(self):
- """Test showing identity v2 api version media type"""
- descr = self.non_admin_client.show_api_description()['version']
- # Get MIME type bases and descriptions
- media_types = [(media_type['base'], media_type['type']) for
- media_type in descr['media-types']]
- # These are supported for API version 2
- supported_types = [('application/json',
- 'application/vnd.openstack.identity-v2.0+json')]
-
- # Check if supported types exist in response body
- for s_type in supported_types:
- self.assertIn(s_type, media_types)
-
- @decorators.attr(type='smoke')
- @decorators.idempotent_id('77fd6be0-8801-48e6-b9bf-38cdd2f253ec')
- def test_api_version_statuses(self):
- """Test showing identity v2 api version status"""
- descr = self.non_admin_client.show_api_description()['version']
- status = descr['status'].lower()
- supported_statuses = ['current', 'stable', 'experimental',
- 'supported', 'deprecated']
-
- self.assertIn(status, supported_statuses)
diff --git a/tempest/api/identity/v2/test_ec2_credentials.py b/tempest/api/identity/v2/test_ec2_credentials.py
deleted file mode 100644
index 9981ef8..0000000
--- a/tempest/api/identity/v2/test_ec2_credentials.py
+++ /dev/null
@@ -1,113 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.common import utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class EC2CredentialsTest(base.BaseIdentityV2Test):
-
- @classmethod
- def skip_checks(cls):
- super(EC2CredentialsTest, cls).skip_checks()
- if not utils.is_extension_enabled('OS-EC2', 'identity'):
- msg = "OS-EC2 identity extension not enabled."
- raise cls.skipException(msg)
-
- @classmethod
- def resource_setup(cls):
- super(EC2CredentialsTest, cls).resource_setup()
- cls.creds = cls.os_primary.credentials
-
- @decorators.idempotent_id('b580fab9-7ae9-46e8-8138-417260cb6f9f')
- def test_create_ec2_credential(self):
- """Create user ec2 credential."""
- resp = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- access = resp['access']
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, access)
- self.assertNotEmpty(resp['access'])
- self.assertNotEmpty(resp['secret'])
- self.assertEqual(self.creds.user_id, resp['user_id'])
- self.assertEqual(self.creds.tenant_id, resp['tenant_id'])
-
- @decorators.idempotent_id('9e2ea42f-0a4f-468c-a768-51859ce492e0')
- def test_list_ec2_credentials(self):
- """Get the list of user ec2 credentials."""
- created_creds = []
- # create first ec2 credentials
- creds1 = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- created_creds.append(creds1['access'])
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, creds1['access'])
-
- # create second ec2 credentials
- creds2 = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- created_creds.append(creds2['access'])
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, creds2['access'])
-
- # get the list of user ec2 credentials
- resp = self.non_admin_users_client.list_user_ec2_credentials(
- self.creds.user_id)["credentials"]
- fetched_creds = [cred['access'] for cred in resp]
- # created credentials should be in a fetched list
- missing = [cred for cred in created_creds
- if cred not in fetched_creds]
- self.assertEmpty(missing,
- "Failed to find ec2_credentials %s in fetched list" %
- ', '.join(cred for cred in missing))
-
- @decorators.idempotent_id('cb284075-b613-440d-83ca-fe0b33b3c2b8')
- def test_show_ec2_credential(self):
- """Get the definite user ec2 credential."""
- resp = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- self.addCleanup(
- self.non_admin_users_client.delete_user_ec2_credential,
- self.creds.user_id, resp['access'])
-
- ec2_creds = self.non_admin_users_client.show_user_ec2_credential(
- self.creds.user_id, resp['access']
- )["credential"]
- for key in ['access', 'secret', 'user_id', 'tenant_id']:
- self.assertEqual(ec2_creds[key], resp[key])
-
- @decorators.idempotent_id('6aba0d4c-b76b-4e46-aa42-add79bc1551d')
- def test_delete_ec2_credential(self):
- """Delete user ec2 credential."""
- resp = self.non_admin_users_client.create_user_ec2_credential(
- self.creds.user_id,
- tenant_id=self.creds.tenant_id)["credential"]
- access = resp['access']
- self.non_admin_users_client.delete_user_ec2_credential(
- self.creds.user_id, access)
- self.assertRaises(
- lib_exc.NotFound,
- self.non_admin_users_client.show_user_ec2_credential,
- self.creds.user_id,
- access)
diff --git a/tempest/api/identity/v2/test_extension.py b/tempest/api/identity/v2/test_extension.py
deleted file mode 100644
index 13555bd..0000000
--- a/tempest/api/identity/v2/test_extension.py
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright 2014 NEC Corporation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class ExtensionTestJSON(base.BaseIdentityV2Test):
- """Test extensions in identity v2 API"""
-
- @decorators.idempotent_id('85f3f661-f54c-4d48-b563-72ae952b9383')
- def test_list_extensions(self):
- """List all the identity extensions via v2 API"""
- body = self.non_admin_client.list_extensions()['extensions']['values']
- self.assertNotEmpty(body)
- keys = ['name', 'updated', 'alias', 'links',
- 'namespace', 'description']
- for value in body:
- for key in keys:
- self.assertIn(key, value)
diff --git a/tempest/api/identity/v2/test_tenants.py b/tempest/api/identity/v2/test_tenants.py
deleted file mode 100644
index 1752b65..0000000
--- a/tempest/api/identity/v2/test_tenants.py
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class IdentityTenantsTest(base.BaseIdentityV2Test):
- """Test listing tenants in identity v2 API"""
-
- credentials = ['primary', 'alt']
-
- @decorators.idempotent_id('ecae2459-243d-4ba1-ad02-65f15dc82b78')
- def test_list_tenants_returns_only_authorized_tenants(self):
- """Test listing tenants only returns authorized tenants via v2 API"""
- alt_tenant_name = self.os_alt.credentials.tenant_name
- resp = self.non_admin_tenants_client.list_tenants()
-
- # check that user can see only that tenants that he presents in so user
- # can successfully authenticate using his credentials and tenant name
- # from received tenants list
- for tenant in resp['tenants']:
- body = self.non_admin_token_client.auth(
- self.os_primary.credentials.username,
- self.os_primary.credentials.password,
- tenant['name'])
- self.assertNotEmpty(body['token']['id'])
- self.assertEqual(body['token']['tenant']['id'], tenant['id'])
- self.assertEqual(body['token']['tenant']['name'], tenant['name'])
- self.assertEqual(
- body['user']['id'], self.os_primary.credentials.user_id)
-
- # check that user cannot log in to alt user's tenant
- self.assertRaises(
- lib_exc.Unauthorized,
- self.non_admin_token_client.auth,
- self.os_primary.credentials.username,
- self.os_primary.credentials.password,
- alt_tenant_name)
diff --git a/tempest/api/identity/v2/test_tokens.py b/tempest/api/identity/v2/test_tokens.py
deleted file mode 100644
index d3776b8..0000000
--- a/tempest/api/identity/v2/test_tokens.py
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo_utils import timeutils
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class TokensTest(base.BaseIdentityV2Test):
- """Test tokens in identity v2 API"""
-
- @decorators.idempotent_id('65ae3b78-91ff-467b-a705-f6678863b8ec')
- def test_create_token(self):
- """Test creating token for user via v2 API"""
- token_client = self.non_admin_token_client
-
- # get a token for the user
- creds = self.os_primary.credentials
- username = creds.username
- password = creds.password
- tenant_name = creds.tenant_name
-
- body = token_client.auth(username, password, tenant_name)
-
- self.assertNotEmpty(body['token']['id'])
- self.assertIsInstance(body['token']['id'], str)
-
- now = timeutils.utcnow()
- expires_at = timeutils.normalize_time(
- timeutils.parse_isotime(body['token']['expires']))
- self.assertGreater(expires_at, now)
-
- self.assertEqual(body['token']['tenant']['id'],
- creds.tenant_id)
- self.assertEqual(body['token']['tenant']['name'],
- tenant_name)
-
- self.assertEqual(body['user']['id'], creds.user_id)
diff --git a/tempest/api/identity/v2/test_users.py b/tempest/api/identity/v2/test_users.py
deleted file mode 100644
index a63b45c..0000000
--- a/tempest/api/identity/v2/test_users.py
+++ /dev/null
@@ -1,112 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import time
-
-import testtools
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions
-
-
-CONF = config.CONF
-
-
-class IdentityUsersTest(base.BaseIdentityV2Test):
- """Test user password in identity v2 API"""
-
- @classmethod
- def resource_setup(cls):
- super(IdentityUsersTest, cls).resource_setup()
- cls.creds = cls.os_primary.credentials
- cls.username = cls.creds.username
- cls.password = cls.creds.password
- cls.tenant_name = cls.creds.tenant_name
-
- def _update_password(self, user_id, original_password, password):
- self.non_admin_users_client.update_user_own_password(
- user_id, password=password, original_password=original_password)
-
- # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
- # Keystone should only be precise to the second. Sleep to ensure
- # we are passing the second boundary.
- time.sleep(1)
-
- # check authorization with new password
- self.non_admin_token_client.auth(self.username,
- password,
- self.tenant_name)
-
- # Reset auth to get a new token with the new password
- self.non_admin_users_client.auth_provider.clear_auth()
- self.non_admin_users_client.auth_provider.credentials.password = (
- password)
-
- def _restore_password(self, user_id, old_pass, new_pass):
- if CONF.identity_feature_enabled.security_compliance:
- # First we need to clear the password history
- unique_count = CONF.identity.user_unique_last_password_count
- for _ in range(unique_count):
- random_pass = data_utils.rand_password()
- self._update_password(
- user_id, original_password=new_pass, password=random_pass)
- new_pass = random_pass
-
- self._update_password(
- user_id, original_password=new_pass, password=old_pass)
- # Reset auth again to verify the password restore does work.
- # Clear auth restores the original credentials and deletes
- # cached auth data
- self.non_admin_users_client.auth_provider.clear_auth()
- # NOTE(lbragstad): Fernet tokens are not subsecond aware and
- # Keystone should only be precise to the second. Sleep to ensure we
- # are passing the second boundary before attempting to
- # authenticate.
- time.sleep(1)
- self.non_admin_users_client.auth_provider.set_auth()
-
- @decorators.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
- @testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
- 'Skipped because environment has an '
- 'immutable user source and solely '
- 'provides read-only access to users.')
- def test_user_update_own_password(self):
- """test updating user's own password via v2 API"""
- old_pass = self.creds.password
- old_token = self.non_admin_users_client.token
- new_pass = data_utils.rand_password()
- user_id = self.creds.user_id
-
- # to change password back. important for use_dynamic_credentials=false
- self.addCleanup(self._restore_password, user_id, old_pass, new_pass)
-
- # user updates own password
- self._update_password(
- user_id, original_password=old_pass, password=new_pass)
-
- # authorize with old token should lead to Unauthorized
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_token_client.auth_token,
- old_token)
-
- # authorize with old password should lead to Unauthorized
- self.assertRaises(exceptions.Unauthorized,
- self.non_admin_token_client.auth,
- self.username,
- old_pass,
- self.tenant_name)
diff --git a/tempest/clients.py b/tempest/clients.py
index e432120..6707429 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -183,30 +183,6 @@
self.placement.ResourceProvidersClient()
def _set_identity_clients(self):
- # Clients below use the admin endpoint type of Keystone API v2
- params_v2_admin = {
- 'endpoint_type': CONF.identity.v2_admin_endpoint_type}
- self.endpoints_client = self.identity_v2.EndpointsClient(
- **params_v2_admin)
- self.identity_client = self.identity_v2.IdentityClient(
- **params_v2_admin)
- self.tenants_client = self.identity_v2.TenantsClient(
- **params_v2_admin)
- self.roles_client = self.identity_v2.RolesClient(**params_v2_admin)
- self.users_client = self.identity_v2.UsersClient(**params_v2_admin)
- self.identity_services_client = self.identity_v2.ServicesClient(
- **params_v2_admin)
-
- # Clients below use the public endpoint type of Keystone API v2
- params_v2_public = {
- 'endpoint_type': CONF.identity.v2_public_endpoint_type}
- self.identity_public_client = self.identity_v2.IdentityClient(
- **params_v2_public)
- self.tenants_public_client = self.identity_v2.TenantsClient(
- **params_v2_public)
- self.users_public_client = self.identity_v2.UsersClient(
- **params_v2_public)
-
# Clients below use the endpoint type of Keystone API v3, which is set
# in endpoint_type
params_v3 = {'endpoint_type': CONF.identity.v3_endpoint_type}
@@ -251,16 +227,6 @@
self.identity_limits_client = \
self.identity_v3.LimitsClient(**params_v3)
- # Token clients do not use the catalog. They only need default_params.
- # They read auth_url, so they should only be set if the corresponding
- # API version is marked as enabled
- if CONF.identity_feature_enabled.api_v2:
- if CONF.identity.uri:
- self.token_client = self.identity_v2.TokenClient(
- auth_url=CONF.identity.uri)
- else:
- msg = 'Identity v2 API enabled, but no identity.uri set'
- raise lib_exc.InvalidConfiguration(msg)
if CONF.identity_feature_enabled.api_v3:
if CONF.identity.uri_v3:
self.token_v3_client = self.identity_v3.V3TokenClient(
diff --git a/tempest/config.py b/tempest/config.py
index 63d4824..bd4a7a1 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -128,12 +128,18 @@
'TLS (https) server certificate.'),
cfg.URIOpt('uri',
schemes=['http', 'https'],
+ deprecated_for_removal=True,
+ deprecated_reason='The identity v2 API tests were removed '
+ 'and this option has no effect',
help="Full URI of the OpenStack Identity API (Keystone), v2"),
cfg.URIOpt('uri_v3',
schemes=['http', 'https'],
help='Full URI of the OpenStack Identity API (Keystone), v3'),
cfg.StrOpt('auth_version',
default='v3',
+ deprecated_for_removal=True,
+ deprecated_reason='Identity v2 API was removed and v3 is '
+ 'the only available identity API version now',
help="Identity API version to be used for authentication "
"for API tests."),
cfg.StrOpt('region',
@@ -146,12 +152,16 @@
default='adminURL',
choices=['public', 'admin', 'internal',
'publicURL', 'adminURL', 'internalURL'],
+ deprecated_for_removal=True,
+ deprecated_reason='This option has no effect',
help="The admin endpoint type to use for OpenStack Identity "
"(Keystone) API v2"),
cfg.StrOpt('v2_public_endpoint_type',
default='publicURL',
choices=['public', 'admin', 'internal',
'publicURL', 'adminURL', 'internalURL'],
+ deprecated_for_removal=True,
+ deprecated_reason='This option has no effect',
help="The public endpoint type to use for OpenStack Identity "
"(Keystone) API v2"),
cfg.StrOpt('v3_endpoint_type',
@@ -234,19 +244,22 @@
'impersonation enabled'),
cfg.BoolOpt('api_v2',
default=False,
- help='Is the v2 identity API enabled',
deprecated_for_removal=True,
- deprecated_reason='The identity v2.0 API was removed in the '
- 'Queens release. Tests that exercise the '
- 'v2.0 API will be removed from tempest in '
- 'the v22.0.0 release. They are kept only to '
- 'test stable branches.'),
+ deprecated_reason='The identity v2 API tests were removed '
+ 'and this option has no effect',
+ help='Is the v2 identity API enabled'),
cfg.BoolOpt('api_v2_admin',
default=True,
- help="Is the v2 identity admin API available? This setting "
- "only applies if api_v2 is set to True."),
+ deprecated_for_removal=True,
+ deprecated_reason='The identity v2 API tests were removed '
+ 'and this option has no effect',
+ help="Is the v2 identity admin API available?"),
cfg.BoolOpt('api_v3',
default=True,
+ deprecated_for_removal=True,
+ deprecated_reason='Identity v2 API was removed and v3 is '
+ 'the only available identity API version '
+ 'now',
help='Is the v3 identity API enabled'),
cfg.ListOpt('api_extensions',
default=['all'],