Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 32541388d99c908a4c16fdebbe21cb43e1073f02 / . / tempest / api / compute / test_authorization.py
blob: 1f4f1242d477f2d2e8266fbfee02ef17d07a4183 [file] [log] [blame]
ZhiQiang Fan39f97222013-09-20 04:49:44 +0800[diff] [blame]1# Copyright 2012 OpenStack Foundation
Jay Pipes13b479b2012-06-11 14:52:27 -0400[diff] [blame]2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]15
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]16import StringIO
17
Sean Dague1937d092013-05-17 16:36:38 -0400[diff] [blame]18from tempest.api.compute import base
Matthew Treinish481466b2012-12-20 17:16:01 -0500[diff] [blame]19from tempest import clients
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]20from tempest.common.utils import data_utils
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]21from tempest import config
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]22from tempest import exceptions
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]23from tempest.openstack.common import log as logging
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]24from tempest import test
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]25
Matthew Treinishb0a78fc2014-01-29 16:49:12 +0000[diff] [blame]26CONF = config.CONF
27
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]28LOG = logging.getLogger(__name__)
29
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]30
ivan-zhuf2b00502013-10-18 10:06:52 +0800[diff] [blame]31class AuthorizationTestJSON(base.BaseV2ComputeTest):
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]32 @classmethod
Andrea Frittoli50bb80d2014-09-15 12:34:27 +0100[diff] [blame]33 def resource_setup(cls):
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]34 if not CONF.service_available.glance:
35 raise cls.skipException('Glance is not available.')
Salvatore Orlando5a337242014-01-15 22:49:22 +0000[diff] [blame]36 # No network resources required for this test
37 cls.set_network_resources()
Andrea Frittoli50bb80d2014-09-15 12:34:27 +0100[diff] [blame]38 super(AuthorizationTestJSON, cls).resource_setup()
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]39 if not cls.multi_user:
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]40 msg = "Need >1 user"
ivan-zhu1feeb382013-01-24 10:14:39 +0800[diff] [blame]41 raise cls.skipException(msg)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]42 cls.client = cls.os.servers_client
43 cls.images_client = cls.os.images_client
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]44 cls.glance_client = cls.os.image_client
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]45 cls.keypairs_client = cls.os.keypairs_client
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]46 cls.security_client = cls.os.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]47
Andrea Frittoli8283b4e2014-07-17 13:28:58 +0100[diff] [blame]48 creds = cls.isolated_creds.get_alt_creds()
49 cls.alt_manager = clients.Manager(credentials=creds)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]50
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]51 cls.alt_client = cls.alt_manager.servers_client
52 cls.alt_images_client = cls.alt_manager.images_client
53 cls.alt_keypairs_client = cls.alt_manager.keypairs_client
54 cls.alt_security_client = cls.alt_manager.security_groups_client
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]55
Ken'ichi Ohmichicfc052e2013-10-23 11:50:04 +0900[diff] [blame]56 resp, server = cls.create_test_server(wait_until='ACTIVE')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]57 resp, cls.server = cls.client.get_server(server['id'])
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]58
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]59 name = data_utils.rand_name('image')
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]60 resp, body = cls.glance_client.create_image(name=name,
Matthew Treinish1d14c542014-06-17 20:25:40 -0400[diff] [blame]61 container_format='bare',
62 disk_format='raw',
63 is_public=False)
Adam Gandelman85f5bed2014-06-19 16:48:17 -0700[diff] [blame]64 image_id = body['id']
65 image_file = StringIO.StringIO(('*' * 1024))
66 resp, body = cls.glance_client.update_image(image_id, data=image_file)
67 cls.glance_client.wait_for_image_status(image_id, 'active')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]68 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]69
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]70 cls.keypairname = data_utils.rand_name('keypair')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]71 resp, keypair = \
72 cls.keypairs_client.create_keypair(cls.keypairname)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]73
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]74 name = data_utils.rand_name('security')
75 description = data_utils.rand_name('description')
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]76 resp, cls.security_group = cls.security_client.create_security_group(
77 name, description)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]78
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]79 parent_group_id = cls.security_group['id']
80 ip_protocol = 'tcp'
81 from_port = 22
82 to_port = 22
nayna-pateleda1d122013-03-20 14:44:31 +0000[diff] [blame]83 resp, cls.rule = cls.security_client.create_security_group_rule(
84 parent_group_id, ip_protocol, from_port, to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]85
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]86 @classmethod
Andrea Frittoli50bb80d2014-09-15 12:34:27 +0100[diff] [blame]87 def resource_cleanup(cls):
Matthew Treinishf7fca6a2013-12-09 16:27:23 +0000[diff] [blame]88 if cls.multi_user:
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]89 cls.images_client.delete_image(cls.image['id'])
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]90 cls.keypairs_client.delete_keypair(cls.keypairname)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]91 cls.security_client.delete_security_group(cls.security_group['id'])
Andrea Frittoli50bb80d2014-09-15 12:34:27 +0100[diff] [blame]92 super(AuthorizationTestJSON, cls).resource_cleanup()
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]93
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]94 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]95 def test_get_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]96 # A GET request for a server on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]97 self.assertRaises(exceptions.NotFound, self.alt_client.get_server,
98 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]99
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]100 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]101 def test_delete_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]102 # A DELETE request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]103 self.assertRaises(exceptions.NotFound, self.alt_client.delete_server,
104 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]105
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]106 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]107 def test_update_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]108 # An update server request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]109 self.assertRaises(exceptions.NotFound, self.alt_client.update_server,
110 self.server['id'], name='test')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]111
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]112 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]113 def test_list_server_addresses_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]114 # A list addresses request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]115 self.assertRaises(exceptions.NotFound, self.alt_client.list_addresses,
116 self.server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]117
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]118 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]119 def test_list_server_addresses_by_network_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]120 # A list address/network request for another user's server should fail
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]121 server_id = self.server['id']
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]122 self.assertRaises(exceptions.NotFound,
123 self.alt_client.list_addresses_by_network, server_id,
124 'public')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]125
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]126 @test.attr(type='gate')
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]127 def test_list_servers_with_alternate_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]128 # A list on servers from one tenant should not
129 # show on alternate tenant
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]130 # Listing servers from alternate tenant
sapan-kona37939762012-06-28 20:22:43 +0530[diff] [blame]131 alt_server_ids = []
132 resp, body = self.alt_client.list_servers()
133 alt_server_ids = [s['id'] for s in body['servers']]
134 self.assertNotIn(self.server['id'], alt_server_ids)
135
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]136 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]137 def test_change_password_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]138 # A change password request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]139 self.assertRaises(exceptions.NotFound, self.alt_client.change_password,
140 self.server['id'], 'newpass')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]141
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]142 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]143 def test_reboot_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]144 # A reboot request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]145 self.assertRaises(exceptions.NotFound, self.alt_client.reboot,
146 self.server['id'], 'HARD')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]147
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]148 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]149 def test_rebuild_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]150 # A rebuild request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]151 self.assertRaises(exceptions.NotFound, self.alt_client.rebuild,
152 self.server['id'], self.image_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]153
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]154 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]155 def test_resize_server_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]156 # A resize request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]157 self.assertRaises(exceptions.NotFound, self.alt_client.resize,
158 self.server['id'], self.flavor_ref_alt)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]159
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]160 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]161 def test_create_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]162 # A create image request for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]163 self.assertRaises(exceptions.NotFound,
164 self.alt_images_client.create_image,
165 self.server['id'], 'testImage')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]166
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]167 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]168 def test_create_server_with_unauthorized_image(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]169 # Server creation with another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]170 self.assertRaises(exceptions.BadRequest, self.alt_client.create_server,
171 'test', self.image['id'], self.flavor_ref)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]172
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]173 @test.attr(type='gate')
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]174 def test_create_server_fails_when_tenant_incorrect(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]175 # A create server request should fail if the tenant id does not match
176 # the current user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]177 # Change the base URL to impersonate another user
178 self.alt_client.auth_provider.set_alt_auth_data(
179 request_part='url',
180 auth_data=self.client.auth_provider.auth_data
181 )
182 self.assertRaises(exceptions.BadRequest,
183 self.alt_client.create_server, 'test',
184 self.image['id'], self.flavor_ref)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]185
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]186 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]187 def test_create_keypair_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]188 # A create keypair request should fail if the tenant id does not match
189 # the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]190 # POST keypair with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]191 k_name = data_utils.rand_name('keypair-')
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]192 try:
193 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]194 self.alt_keypairs_client.auth_provider.set_alt_auth_data(
195 request_part='url',
196 auth_data=self.keypairs_client.auth_provider.auth_data
197 )
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]198 resp = {}
199 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]200 self.assertRaises(exceptions.BadRequest,
201 self.alt_keypairs_client.create_keypair, k_name)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]202 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]203 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]204 if (resp['status'] is not None):
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]205 resp, _ = self.alt_keypairs_client.delete_keypair(k_name)
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]206 LOG.error("Create keypair request should not happen "
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]207 "if the tenant id does not match the current user")
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]208
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]209 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]210 def test_get_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]211 # A GET request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]212 self.assertRaises(exceptions.NotFound,
213 self.alt_keypairs_client.get_keypair,
214 self.keypairname)
rajalakshmi-ganesanb74a11a2012-05-16 10:37:58 +0530[diff] [blame]215
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]216 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]217 def test_delete_keypair_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]218 # A DELETE request for another user's keypair should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]219 self.assertRaises(exceptions.NotFound,
220 self.alt_keypairs_client.delete_keypair,
221 self.keypairname)
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]222
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]223 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]224 def test_get_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]225 # A GET request for an image on another user's account should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]226 self.assertRaises(exceptions.NotFound,
227 self.alt_images_client.get_image, self.image['id'])
rajalakshmi-ganesan32f8db62012-05-18 19:13:40 +0530[diff] [blame]228
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]229 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]230 def test_delete_image_for_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]231 # A DELETE request for another user's image should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]232 self.assertRaises(exceptions.NotFound,
233 self.alt_images_client.delete_image,
234 self.image['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]235
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]236 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]237 def test_create_security_group_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]238 # A create security group request should fail if the tenant id does not
239 # match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]240 # POST security group with other user tenant
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]241 s_name = data_utils.rand_name('security-')
242 s_description = data_utils.rand_name('security')
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]243 try:
244 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]245 self.alt_security_client.auth_provider.set_alt_auth_data(
246 request_part='url',
247 auth_data=self.security_client.auth_provider.auth_data
248 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]249 resp = {}
250 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]251 self.assertRaises(exceptions.BadRequest,
252 self.alt_security_client.create_security_group,
253 s_name, s_description)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]254 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]255 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]256 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]257 self.alt_security_client.delete_security_group(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]258 LOG.error("Create Security Group request should not happen if"
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]259 "the tenant id does not match the current user")
260
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]261 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]262 def test_get_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]263 # A GET request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]264 self.assertRaises(exceptions.NotFound,
265 self.alt_security_client.get_security_group,
266 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]267
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]268 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]269 def test_delete_security_group_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]270 # A DELETE request for another user's security group should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]271 self.assertRaises(exceptions.NotFound,
272 self.alt_security_client.delete_security_group,
273 self.security_group['id'])
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]274
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]275 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]276 def test_create_security_group_rule_in_analt_user_tenant(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]277 # A create security group rule request should fail if the tenant id
278 # does not match the current user
Attila Fazekasf7f34f92013-08-01 17:01:44 +0200[diff] [blame]279 # POST security group rule with other user tenant
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]280 parent_group_id = self.security_group['id']
281 ip_protocol = 'icmp'
282 from_port = -1
283 to_port = -1
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]284 try:
285 # Change the base URL to impersonate another user
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]286 self.alt_security_client.auth_provider.set_alt_auth_data(
287 request_part='url',
288 auth_data=self.security_client.auth_provider.auth_data
289 )
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]290 resp = {}
291 resp['status'] = None
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]292 self.assertRaises(exceptions.BadRequest,
293 self.alt_security_client.
294 create_security_group_rule,
295 parent_group_id, ip_protocol, from_port,
296 to_port)
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]297 finally:
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]298 # Next request the base_url is back to normal
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]299 if resp['status'] is not None:
Monty Taylorb2ca5ca2013-04-28 18:00:21 -0700[diff] [blame]300 self.alt_security_client.delete_security_group_rule(resp['id'])
Giulio Fidente92f77192013-08-26 17:13:28 +0200[diff] [blame]301 LOG.error("Create security group rule request should not "
rajalakshmi-ganesan184daad2012-05-18 14:47:38 +0530[diff] [blame]302 "happen if the tenant id does not match the"
303 " current user")
304
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]305 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]306 def test_delete_security_group_rule_of_alt_account_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]307 # A DELETE request for another user's security group rule
308 # should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]309 self.assertRaises(exceptions.NotFound,
310 self.alt_security_client.delete_security_group_rule,
311 self.rule['id'])
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]312
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]313 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]314 def test_set_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]315 # A set metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]316 req_metadata = {'meta1': 'data1', 'meta2': 'data2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]317 self.assertRaises(exceptions.NotFound,
318 self.alt_client.set_server_metadata,
319 self.server['id'],
320 req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]321
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]322 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]323 def test_set_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]324 # A set metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]325 req_metadata = {'meta1': 'value1', 'meta2': 'value2'}
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]326 self.assertRaises(exceptions.NotFound,
327 self.alt_images_client.set_image_metadata,
328 self.image['id'], req_metadata)
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]329
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]330 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]331 def test_get_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]332 # A get metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]333 req_metadata = {'meta1': 'data1'}
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]334 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2suresh31bb7cb2013-03-14 04:53:49 +0000[diff] [blame]335 self.addCleanup(self.client.delete_server_metadata_item,
336 self.server['id'], 'meta1')
337 self.assertRaises(exceptions.NotFound,
338 self.alt_client.get_server_metadata_item,
339 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]340
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]341 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]342 def test_get_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]343 # A get metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]344 req_metadata = {'meta1': 'value1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]345 self.addCleanup(self.images_client.delete_image_metadata_item,
346 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]347 self.images_client.set_image_metadata(self.image['id'],
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]348 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]349 self.assertRaises(exceptions.NotFound,
350 self.alt_images_client.get_image_metadata_item,
351 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]352
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]353 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]354 def test_delete_metadata_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]355 # A delete metadata for another user's server should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]356 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]357 self.addCleanup(self.client.delete_server_metadata_item,
358 self.server['id'], 'meta1')
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]359 self.client.set_server_metadata(self.server['id'], req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]360 self.assertRaises(exceptions.NotFound,
361 self.alt_client.delete_server_metadata_item,
362 self.server['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]363
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]364 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]365 def test_delete_metadata_of_alt_account_image_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]366 # A delete metadata for another user's image should fail
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]367 req_metadata = {'meta1': 'data1'}
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]368 self.addCleanup(self.images_client.delete_image_metadata_item,
369 self.image['id'], 'meta1')
rajalakshmi-ganesan929a32a2012-05-29 18:00:25 +0530[diff] [blame]370 self.images_client.set_image_metadata(self.image['id'],
371 req_metadata)
hi2sureshd0e24122013-03-15 03:06:53 +0000[diff] [blame]372 self.assertRaises(exceptions.NotFound,
373 self.alt_images_client.delete_image_metadata_item,
374 self.image['id'], 'meta1')
rajalakshmi-ganesan72ea31a2012-05-25 11:59:10 +0530[diff] [blame]375
Yuiko Takadae9999d62014-03-06 09:22:54 +0000[diff] [blame]376 @test.attr(type='gate')
Jay Pipesf38eaac2012-06-21 13:37:35 -0400[diff] [blame]377 def test_get_console_output_of_alt_account_server_fails(self):
Sean Dague4dd2c0b2013-01-03 17:50:28 -0500[diff] [blame]378 # A Get Console Output for another user's server should fail
Chris Yeoh8b4eaa52013-02-06 18:03:10 +1030[diff] [blame]379 self.assertRaises(exceptions.NotFound,
380 self.alt_client.get_console_output,
381 self.server['id'], 10)