Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 6694fec2a0b85a80005f603304009cc7a3489acb / . / tempest / services / identity / json / identity_client.py
blob: c95faaaa993f0445086ef17a1fb2d0cd040764aa [file] [log] [blame]
Sean Dague556add52013-07-19 14:28:44 -0400[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License"); you may
2# not use this file except in compliance with the License. You may obtain
3# a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10# License for the specific language governing permissions and limitations
11# under the License.
12
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]13import json
14
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]15from tempest.common import rest_client
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]16from tempest import config
Matthew Treinisha83a16e2012-12-07 13:44:02 -0500[diff] [blame]17from tempest import exceptions
18
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]19CONF = config.CONF
20
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]21
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]22class IdentityClientJSON(rest_client.RestClient):
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]23
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]24 def __init__(self, auth_provider):
25 super(IdentityClientJSON, self).__init__(auth_provider)
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]26 self.service = CONF.identity.catalog_type
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]27 self.endpoint_url = 'adminURL'
28
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]29 # Needed for xml service client
30 self.list_tags = ["roles", "tenants", "users", "services"]
31
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]32 def has_admin_extensions(self):
33 """
34 Returns True if the KSADM Admin Extensions are supported
35 False otherwise
36 """
37 if hasattr(self, '_has_admin_extensions'):
38 return self._has_admin_extensions
39 resp, body = self.list_roles()
40 self._has_admin_extensions = ('status' in resp and resp.status != 503)
41 return self._has_admin_extensions
42
43 def create_role(self, name):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]44 """Create a role."""
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]45 post_body = {
46 'name': name,
47 }
48 post_body = json.dumps({'role': post_body})
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]49 resp, body = self.post('OS-KSADM/roles', post_body)
50 return resp, self._parse_resp(body)
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]51
Gong Zhangcb6b8862014-02-20 15:14:05 +0800[diff] [blame]52 def get_role(self, role_id):
53 """Get a role by its id."""
54 resp, body = self.get('OS-KSADM/roles/%s' % role_id)
55 body = json.loads(body)
56 return resp, body['role']
57
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]58 def create_tenant(self, name, **kwargs):
59 """
60 Create a tenant
61 name (required): New tenant name
62 description: Description of new tenant (default is none)
63 enabled <true|false>: Initial tenant status (default is true)
64 """
65 post_body = {
66 'name': name,
67 'description': kwargs.get('description', ''),
Gordon Chungad873602013-02-18 19:26:27 -0500[diff] [blame]68 'enabled': kwargs.get('enabled', True),
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]69 }
70 post_body = json.dumps({'tenant': post_body})
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]71 resp, body = self.post('tenants', post_body)
72 return resp, self._parse_resp(body)
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]73
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]74 def delete_role(self, role_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]75 """Delete a role."""
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]76 return self.delete('OS-KSADM/roles/%s' % str(role_id))
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]77
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]78 def list_user_roles(self, tenant_id, user_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]79 """Returns a list of roles assigned to a user for a tenant."""
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]80 url = '/tenants/%s/users/%s/roles' % (tenant_id, user_id)
81 resp, body = self.get(url)
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]82 return resp, self._parse_resp(body)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]83
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]84 def assign_user_role(self, tenant_id, user_id, role_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]85 """Add roles to a user on a tenant."""
Zhongyue Luoe0884a32012-09-25 17:24:17 +0800[diff] [blame]86 resp, body = self.put('/tenants/%s/users/%s/roles/OS-KSADM/%s' %
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]87 (tenant_id, user_id, role_id), "")
88 return resp, self._parse_resp(body)
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]89
rajalakshmi-ganesan8ba945e2012-08-01 15:43:19 +0530[diff] [blame]90 def remove_user_role(self, tenant_id, user_id, role_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]91 """Removes a role assignment for a user on a tenant."""
Zhongyue Luo79d8d362012-09-25 13:49:27 +0800[diff] [blame]92 return self.delete('/tenants/%s/users/%s/roles/OS-KSADM/%s' %
93 (tenant_id, user_id, role_id))
Rohit Karajgi69e80a02012-05-15 03:54:04 -0700[diff] [blame]94
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]95 def delete_tenant(self, tenant_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]96 """Delete a tenant."""
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]97 return self.delete('tenants/%s' % str(tenant_id))
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]98
99 def get_tenant(self, tenant_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]100 """Get tenant details."""
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]101 resp, body = self.get('tenants/%s' % str(tenant_id))
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]102 return resp, self._parse_resp(body)
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]103
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]104 def list_roles(self):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]105 """Returns roles."""
chris fattarsi8ed39ac2012-04-30 14:11:27 -0700[diff] [blame]106 resp, body = self.get('OS-KSADM/roles')
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]107 return resp, self._parse_resp(body)
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]108
109 def list_tenants(self):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]110 """Returns tenants."""
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]111 resp, body = self.get('tenants')
112 body = json.loads(body)
113 return resp, body['tenants']
114
Dan Smithd6ff6b72012-08-23 10:29:41 -0700[diff] [blame]115 def get_tenant_by_name(self, tenant_name):
116 resp, tenants = self.list_tenants()
117 for tenant in tenants:
118 if tenant['name'] == tenant_name:
119 return tenant
120 raise exceptions.NotFound('No such tenant')
121
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]122 def update_tenant(self, tenant_id, **kwargs):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]123 """Updates a tenant."""
chris fattarsi9ba7b0e2012-05-07 13:55:51 -0700[diff] [blame]124 resp, body = self.get_tenant(tenant_id)
125 name = kwargs.get('name', body['name'])
126 desc = kwargs.get('description', body['description'])
127 en = kwargs.get('enabled', body['enabled'])
128 post_body = {
129 'id': tenant_id,
130 'name': name,
131 'description': desc,
132 'enabled': en,
133 }
134 post_body = json.dumps({'tenant': post_body})
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]135 resp, body = self.post('tenants/%s' % tenant_id, post_body)
136 return resp, self._parse_resp(body)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]137
huangtianhuafc8db4f2013-10-08 12:05:58 +0800[diff] [blame]138 def create_user(self, name, password, tenant_id, email, **kwargs):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]139 """Create a user."""
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]140 post_body = {
141 'name': name,
142 'password': password,
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]143 'email': email
144 }
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]145 if tenant_id is not None:
146 post_body['tenantId'] = tenant_id
huangtianhuafc8db4f2013-10-08 12:05:58 +0800[diff] [blame]147 if kwargs.get('enabled') is not None:
148 post_body['enabled'] = kwargs.get('enabled')
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]149 post_body = json.dumps({'user': post_body})
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]150 resp, body = self.post('users', post_body)
151 return resp, self._parse_resp(body)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]152
Chang Bo Guob36b2f12013-09-13 04:52:00 -0700[diff] [blame]153 def update_user(self, user_id, **kwargs):
154 """Updates a user."""
155 put_body = json.dumps({'user': kwargs})
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]156 resp, body = self.put('users/%s' % user_id, put_body)
157 return resp, self._parse_resp(body)
Chang Bo Guob36b2f12013-09-13 04:52:00 -0700[diff] [blame]158
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]159 def get_user(self, user_id):
160 """GET a user."""
161 resp, body = self.get("users/%s" % user_id)
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]162 return resp, self._parse_resp(body)
rajalakshmi-ganesan7312bb52013-01-29 20:03:42 +0530[diff] [blame]163
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]164 def delete_user(self, user_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]165 """Delete a user."""
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]166 return self.delete("users/%s" % user_id)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]167
168 def get_users(self):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]169 """Get the list of users."""
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]170 resp, body = self.get("users")
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]171 return resp, self._parse_resp(body)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]172
173 def enable_disable_user(self, user_id, enabled):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]174 """Enables or disables a user."""
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]175 put_body = {
Sean Dague14c68182013-04-14 15:34:30 -0400[diff] [blame]176 'enabled': enabled
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]177 }
178 put_body = json.dumps({'user': put_body})
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]179 resp, body = self.put('users/%s/enabled' % user_id, put_body)
180 return resp, self._parse_resp(body)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]181
Zhi Kun Liu30caeae2014-02-26 15:30:24 +0800[diff] [blame]182 def get_token(self, token_id):
183 """Get token details."""
184 resp, body = self.get("tokens/%s" % token_id)
185 return resp, self._parse_resp(body)
186
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]187 def delete_token(self, token_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]188 """Delete a token."""
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]189 return self.delete("tokens/%s" % token_id)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]190
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]191 def list_users_for_tenant(self, tenant_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]192 """List users for a Tenant."""
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]193 resp, body = self.get('/tenants/%s/users' % tenant_id)
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]194 return resp, self._parse_resp(body)
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]195
Dan Smithd6ff6b72012-08-23 10:29:41 -0700[diff] [blame]196 def get_user_by_username(self, tenant_id, username):
197 resp, users = self.list_users_for_tenant(tenant_id)
198 for user in users:
199 if user['name'] == username:
200 return user
201 raise exceptions.NotFound('No such user')
202
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]203 def create_service(self, name, type, **kwargs):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]204 """Create a service."""
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]205 post_body = {
Zhongyue Luoa1343de2013-01-04 16:21:35 +0800[diff] [blame]206 'name': name,
207 'type': type,
208 'description': kwargs.get('description')
209 }
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]210 post_body = json.dumps({'OS-KSADM:service': post_body})
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]211 resp, body = self.post('/OS-KSADM/services', post_body)
212 return resp, self._parse_resp(body)
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]213
214 def get_service(self, service_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]215 """Get Service."""
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]216 url = '/OS-KSADM/services/%s' % service_id
217 resp, body = self.get(url)
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]218 return resp, self._parse_resp(body)
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]219
umamohanb51ad002013-01-24 18:13:15 +0000[diff] [blame]220 def list_services(self):
221 """List Service - Returns Services."""
222 resp, body = self.get('/OS-KSADM/services/')
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]223 return resp, self._parse_resp(body)
umamohanb51ad002013-01-24 18:13:15 +0000[diff] [blame]224
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]225 def delete_service(self, service_id):
Sean Daguef237ccb2013-01-04 15:19:14 -0500[diff] [blame]226 """Delete Service."""
rajalakshmi-ganesanefc8bd72012-05-30 17:52:11 +0530[diff] [blame]227 url = '/OS-KSADM/services/%s' % service_id
228 return self.delete(url)
229
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]230
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]231class TokenClientJSON(IdentityClientJSON):
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]232
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]233 def __init__(self):
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]234 super(TokenClientJSON, self).__init__(None)
Matthew Treinish684d8992014-01-30 16:27:40 +0000[diff] [blame]235 auth_url = CONF.identity.uri
Jay Pipes7c88eb22013-01-16 21:32:43 -0500[diff] [blame]236
Jay Pipes7c88eb22013-01-16 21:32:43 -0500[diff] [blame]237 # Normalize URI to ensure /tokens is in it.
238 if 'tokens' not in auth_url:
239 auth_url = auth_url.rstrip('/') + '/tokens'
240
241 self.auth_url = auth_url
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]242
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]243 def auth(self, user, password, tenant=None):
Zhongyue Luo30a563f2012-09-30 23:43:50 +0900[diff] [blame]244 creds = {
245 'auth': {
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]246 'passwordCredentials': {
247 'username': user,
248 'password': password,
249 },
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]250 }
251 }
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]252
253 if tenant:
254 creds['auth']['tenantName'] = tenant
255
256 body = json.dumps(creds)
257 resp, body = self.post(self.auth_url, body=body)
258
259 return resp, body['access']
260
261 def auth_token(self, token_id, tenant=None):
262 creds = {
263 'auth': {
264 'token': {
265 'id': token_id,
266 },
267 }
268 }
269
270 if tenant:
271 creds['auth']['tenantName'] = tenant
272
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]273 body = json.dumps(creds)
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]274 resp, body = self.post(self.auth_url, body=body)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]275
276 return resp, body['access']
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]277
278 def request(self, method, url, headers=None, body=None):
279 """A simple HTTP request interface."""
Zhongyue Luoe471d6e2012-09-17 17:02:43 +0800[diff] [blame]280 if headers is None:
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]281 # Always accept 'json', for TokenClientXML too.
282 # Because XML response is not easily
283 # converted to the corresponding JSON one
284 headers = self.get_headers(accept_type="json")
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]285 resp, resp_body = self.http_obj.request(url, method,
286 headers=headers, body=body)
Sean Dague89a85912014-03-19 16:37:29 -0400[diff] [blame]287 self._log_request(method, url, resp)
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]288
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]289 if resp.status in [401, 403]:
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]290 resp_body = json.loads(resp_body)
291 raise exceptions.Unauthorized(resp_body['error']['message'])
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]292 elif resp.status not in [200, 201]:
293 raise exceptions.IdentityError(
294 'Unexpected status code {0}'.format(resp.status))
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]295
vponomaryov67b58fe2014-02-06 19:05:41 +0200[diff] [blame]296 if isinstance(resp_body, str):
297 resp_body = json.loads(resp_body)
298 return resp, resp_body
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]299
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]300 def get_token(self, user, password, tenant, auth_data=False):
301 """
302 Returns (token id, token data) for supplied credentials
303 """
Rohit Karajgi6b1e1542012-05-14 05:55:54 -0700[diff] [blame]304 resp, body = self.auth(user, password, tenant)
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]305
306 if auth_data:
307 return body['token']['id'], body
308 else:
309 return body['token']['id']