Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 12fdf4bda5f697c68b166abc655deb17bde0a962 / . / tempest / api / compute / test_authorization.py
blob: 0a8595f13cd96962426a2398cfedfbddf1795a2c [file] [log] [blame]
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]1# vim: tabstop=4 shiftwidth=4 softtabstop=4
2
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]3# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]4# All Rights Reserved.
5#
6# Licensed under the Apache License, Version 2.0 (the "License"); you may
7# not use this file except in compliance with the License. You may obtain
8# a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15# License for the specific language governing permissions and limitations
16# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]17
Sean Dague1937d092013-05-17 16:36:38 -0400[diff] [blame]18from tempest.api import compute
19from tempest.api.compute import base
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]20from tempest import clients
Matthew Treinisha83a16e2012-12-07 13:44:02 -0500[diff] [blame]21from tempest.common.utils.data_utils import parse_image_id
22from tempest.common.utils.data_utils import rand_name
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]23from tempest import exceptions
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]24from tempest.openstack.common import log as logging
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]25from tempest.test import attr
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]26
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]27LOG = logging.getLogger(__name__)
28
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]29
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]30class AuthorizationTestJSON(base.BaseComputeTest):
Attila Fazekas19044d52013-02-16 07:35:06 +0100[diff] [blame]31 _interface = 'json'
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]32
33 @classmethod
34 def setUpClass(cls):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]35 if not compute.MULTI_USER:
36 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]37 raise cls.skipException(msg)
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]38
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]39 super(AuthorizationTestJSON, cls).setUpClass()
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]40
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]41 cls.client = cls.os.servers_client
42 cls.images_client = cls.os.images_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]43 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]44 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]45
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]46 if cls.config.compute.allow_tenant_isolation:
Matthew Treinishb86cda92013-07-29 11:22:23 -0400[diff] [blame]47 creds = cls.isolated_creds.get_alt_creds()
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]48 username, tenant_name, password = creds
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]49 cls.alt_manager = clients.Manager(username=username,
50 password=password,
51 tenant_name=tenant_name)
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]52 else:
53 # Use the alt_XXX credentials in the config file
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]54 cls.alt_manager = clients.AltManager()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]55
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]56 cls.alt_client = cls.alt_manager.servers_client
57 cls.alt_images_client = cls.alt_manager.images_client
58 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
59 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]60
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]61 cls.alt_security_client._set_auth()
Mauro S. M. Rodrigues0a1bdff2013-03-11 11:41:18 -0400[diff] [blame]62 resp, server = cls.create_server(wait_until='ACTIVE')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]63 resp, cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]64
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]65 name = rand_name('image')
66 resp, body = cls.client.create_image(server['id'], name)
67 image_id = parse_image_id(resp['location'])
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]68 cls.images_client.wait_for_image_status(image_id, 'ACTIVE')
69 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]70
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]71 cls.keypairname = rand_name('keypair')
72 resp, keypair = \
73 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]74
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]75 name = rand_name('security')
76 description = rand_name('description')
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]77 resp, cls.security_group = cls.security_client.create_security_group(
78 name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]79
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]80 parent_group_id = cls.security_group['id']
81 ip_protocol = 'tcp'
82 from_port = 22
83 to_port = 22
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]84 resp, cls.rule = cls.security_client.create_security_group_rule(
85 parent_group_id, ip_protocol, from_port, to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]86
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]87 @classmethod
88 def tearDownClass(cls):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]89 if compute.MULTI_USER:
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]90 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]91 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]92 cls.security_client.delete_security_group(cls.security_group['id'])
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]93 super(AuthorizationTestJSON, cls).tearDownClass()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]94
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]95 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]96 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]97 # A GET request for a server on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]98 self.assertRaises(exceptions.NotFound, self.alt_client.get_server,
99 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]100
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]101 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]102 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]103 # A DELETE request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]104 self.assertRaises(exceptions.NotFound, self.alt_client.delete_server,
105 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]106
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]107 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]108 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]109 # An update server request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]110 self.assertRaises(exceptions.NotFound, self.alt_client.update_server,
111 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]112
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]113 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]114 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]115 # A list addresses request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]116 self.assertRaises(exceptions.NotFound, self.alt_client.list_addresses,
117 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]118
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]119 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]120 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]121 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]122 server_id = self.server['id']
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]123 self.assertRaises(exceptions.NotFound,
124 self.alt_client.list_addresses_by_network, server_id,
125 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]126
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]127 @attr(type='gate')
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]128 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]129 # A list on servers from one tenant should not
130 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]131 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]132 alt_server_ids = []
133 resp, body = self.alt_client.list_servers()
134 alt_server_ids = [s['id'] for s in body['servers']]
135 self.assertNotIn(self.server['id'], alt_server_ids)
136
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]137 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]138 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]139 # A change password request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]140 self.assertRaises(exceptions.NotFound, self.alt_client.change_password,
141 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]142
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]143 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]144 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]145 # A reboot request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]146 self.assertRaises(exceptions.NotFound, self.alt_client.reboot,
147 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]148
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]149 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]150 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]151 # A rebuild request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]152 self.assertRaises(exceptions.NotFound, self.alt_client.rebuild,
153 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]154
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]155 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]156 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]157 # A resize request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]158 self.assertRaises(exceptions.NotFound, self.alt_client.resize,
159 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]160
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]161 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]162 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]163 # A create image request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]164 self.assertRaises(exceptions.NotFound,
165 self.alt_images_client.create_image,
166 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]167
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]168 @attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]169 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]170 # Server creation with another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]171 self.assertRaises(exceptions.BadRequest, self.alt_client.create_server,
172 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]173
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]174 @attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]175 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]176 # A create server request should fail if the tenant id does not match
177 # the current user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]178 saved_base_url = self.alt_client.base_url
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]179 try:
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]180 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]181 self.alt_client.base_url = self.client.base_url
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]182 self.assertRaises(exceptions.BadRequest,
183 self.alt_client.create_server, 'test',
184 self.image['id'], self.flavor_ref)
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]185 finally:
186 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]187 self.alt_client.base_url = saved_base_url
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]188
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]189 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]190 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]191 # A create keypair request should fail if the tenant id does not match
192 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]193 # POST keypair with other user tenant
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]194 k_name = rand_name('keypair-')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]195 self.alt_keypairs_client._set_auth()
196 self.saved_base_url = self.alt_keypairs_client.base_url
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]197 try:
198 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]199 self.alt_keypairs_client.base_url = self.keypairs_client.base_url
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]200 resp = {}
201 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]202 self.assertRaises(exceptions.BadRequest,
203 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]204 finally:
205 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]206 self.alt_keypairs_client.base_url = self.saved_base_url
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]207 if (resp['status'] is not None):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]208 resp, _ = self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]209 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]210 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]211
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]212 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]213 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]214 # A GET request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]215 self.assertRaises(exceptions.NotFound,
216 self.alt_keypairs_client.get_keypair,
217 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]218
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]219 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]220 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]221 # A DELETE request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]222 self.assertRaises(exceptions.NotFound,
223 self.alt_keypairs_client.delete_keypair,
224 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]225
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]226 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]227 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]228 # A GET request for an image on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]229 self.assertRaises(exceptions.NotFound,
230 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]231
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]232 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]233 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]234 # A DELETE request for another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]235 self.assertRaises(exceptions.NotFound,
236 self.alt_images_client.delete_image,
237 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]238
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]239 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]240 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]241 # A create security group request should fail if the tenant id does not
242 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]243 # POST security group with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]244 s_name = rand_name('security-')
245 s_description = rand_name('security')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]246 self.saved_base_url = self.alt_security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]247 try:
248 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]249 self.alt_security_client.base_url = self.security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]250 resp = {}
251 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]252 self.assertRaises(exceptions.BadRequest,
253 self.alt_security_client.create_security_group,
254 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]255 finally:
256 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]257 self.alt_security_client.base_url = self.saved_base_url
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]258 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]259 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]260 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]261 "the tenant id does not match the current user")
262
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]263 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]264 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]265 # A GET request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]266 self.assertRaises(exceptions.NotFound,
267 self.alt_security_client.get_security_group,
268 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]269
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]270 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]271 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]272 # A DELETE request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]273 self.assertRaises(exceptions.NotFound,
274 self.alt_security_client.delete_security_group,
275 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]276
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]277 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]278 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]279 # A create security group rule request should fail if the tenant id
280 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]281 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]282 parent_group_id = self.security_group['id']
283 ip_protocol = 'icmp'
284 from_port = -1
285 to_port = -1
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]286 self.saved_base_url = self.alt_security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]287 try:
288 # Change the base URL to impersonate another user
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]289 self.alt_security_client.base_url = self.security_client.base_url
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]290 resp = {}
291 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]292 self.assertRaises(exceptions.BadRequest,
293 self.alt_security_client.
294 create_security_group_rule,
295 parent_group_id, ip_protocol, from_port,
296 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]297 finally:
298 # Reset the base_url...
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]299 self.alt_security_client.base_url = self.saved_base_url
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]300 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]301 self.alt_security_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]302 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]303 "happen if the tenant id does not match the"
304 " current user")
305
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]306 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]307 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]308 # A DELETE request for another user's security group rule
309 # should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]310 self.assertRaises(exceptions.NotFound,
311 self.alt_security_client.delete_security_group_rule,
312 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]313
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]314 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]315 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]316 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]317 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]318 self.assertRaises(exceptions.NotFound,
319 self.alt_client.set_server_metadata,
320 self.server['id'],
321 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]322
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]323 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]324 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]325 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]326 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]327 self.assertRaises(exceptions.NotFound,
328 self.alt_images_client.set_image_metadata,
329 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]330
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]331 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]332 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]333 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]334 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]335 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]336 self.addCleanup(self.client.delete_server_metadata_item,
337 self.server['id'], 'meta1')
338 self.assertRaises(exceptions.NotFound,
339 self.alt_client.get_server_metadata_item,
340 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]341
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]342 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]343 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]344 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]345 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]346 self.addCleanup(self.images_client.delete_image_metadata_item,
347 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]348 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]349 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]350 self.assertRaises(exceptions.NotFound,
351 self.alt_images_client.get_image_metadata_item,
352 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]353
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]354 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]355 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]356 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]357 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]358 self.addCleanup(self.client.delete_server_metadata_item,
359 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]360 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]361 self.assertRaises(exceptions.NotFound,
362 self.alt_client.delete_server_metadata_item,
363 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]364
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]365 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]366 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]367 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]368 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]369 self.addCleanup(self.images_client.delete_image_metadata_item,
370 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]371 self.images_client.set_image_metadata(self.image['id'],
372 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]373 self.assertRaises(exceptions.NotFound,
374 self.alt_images_client.delete_image_metadata_item,
375 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530[diff] [blame]376
Giampaolo Lauriae9c77022013-05-22 01:23:58 -0400[diff] [blame]377 @attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]378 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]379 # A Get Console Output for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]380 self.assertRaises(exceptions.NotFound,
381 self.alt_client.get_console_output,
382 self.server['id'], 10)
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]383
384
385class AuthorizationTestXML(AuthorizationTestJSON):
386 _interface = 'xml'