Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 840011bcdf8011d2ec5a5507a688c67577d8e512 / . / tempest / api / identity / admin / test_tokens.py
blob: 7fec28d6002e5dcfe869d14f32c79e83574487da [file] [log] [blame]
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]1# Copyright 2013 Huawei Technologies Co.,LTD.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]16from tempest.api.identity import base
17from tempest.common.utils import data_utils
18from tempest.test import attr
19
20
Matthew Treinishdb2c5972014-01-31 22:18:59 +0000[diff] [blame]21class TokensTestJSON(base.BaseIdentityV2AdminTest):
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]22 _interface = 'json'
23
24 @attr(type='gate')
Zhi Kun Liu30caeae2014-02-26 15:30:24 +0800[diff] [blame]25 def test_create_get_delete_token(self):
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]26 # get a token by username and password
27 user_name = data_utils.rand_name(name='user-')
28 user_password = data_utils.rand_name(name='pass-')
29 # first:create a tenant
30 tenant_name = data_utils.rand_name(name='tenant-')
31 resp, tenant = self.client.create_tenant(tenant_name)
32 self.assertEqual(200, resp.status)
33 self.data.tenants.append(tenant)
34 # second:create a user
35 resp, user = self.client.create_user(user_name, user_password,
36 tenant['id'], '')
37 self.assertEqual(200, resp.status)
38 self.data.users.append(user)
39 # then get a token for the user
40 rsp, body = self.token_client.auth(user_name,
41 user_password,
42 tenant['name'])
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]43 self.assertEqual(rsp['status'], '200')
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]44 self.assertEqual(body['token']['tenant']['name'],
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]45 tenant['name'])
Zhi Kun Liu30caeae2014-02-26 15:30:24 +0800[diff] [blame]46 # Perform GET Token
Andrea Frittoli8bbdb162014-01-06 11:06:13 +0000[diff] [blame]47 token_id = body['token']['id']
Zhi Kun Liu30caeae2014-02-26 15:30:24 +0800[diff] [blame]48 resp, token_details = self.client.get_token(token_id)
49 self.assertEqual(resp['status'], '200')
50 self.assertEqual(token_id, token_details['token']['id'])
51 self.assertEqual(user['id'], token_details['user']['id'])
52 self.assertEqual(user_name, token_details['user']['name'])
53 self.assertEqual(tenant['name'],
54 token_details['token']['tenant']['name'])
55 # then delete the token
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]56 resp, body = self.client.delete_token(token_id)
57 self.assertEqual(resp['status'], '204')
58
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]59 @attr(type='gate')
60 def test_rescope_token(self):
61 """An unscoped token can be requested, that token can be used to
62 request a scoped token.
63 """
64
65 # Create a user.
66 user_name = data_utils.rand_name(name='user-')
67 user_password = data_utils.rand_name(name='pass-')
68 tenant_id = None # No default tenant so will get unscoped token.
69 email = ''
70 resp, user = self.client.create_user(user_name, user_password,
71 tenant_id, email)
72 self.assertEqual(200, resp.status)
73 self.data.users.append(user)
74
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame^]75 # Create a couple tenants.
76 tenant1_name = data_utils.rand_name(name='tenant-')
77 resp, tenant1 = self.client.create_tenant(tenant1_name)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]78 self.assertEqual(200, resp.status)
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame^]79 self.data.tenants.append(tenant1)
80
81 tenant2_name = data_utils.rand_name(name='tenant-')
82 resp, tenant2 = self.client.create_tenant(tenant2_name)
83 self.assertEqual(200, resp.status)
84 self.data.tenants.append(tenant2)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]85
86 # Create a role
87 role_name = data_utils.rand_name(name='role-')
88 resp, role = self.client.create_role(role_name)
89 self.assertEqual(200, resp.status)
90 self.data.roles.append(role)
91
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame^]92 # Grant the user the role on the tenants.
93 resp, _ = self.client.assign_user_role(tenant1['id'], user['id'],
94 role['id'])
95 self.assertEqual(200, resp.status)
96
97 resp, _ = self.client.assign_user_role(tenant2['id'], user['id'],
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]98 role['id'])
99 self.assertEqual(200, resp.status)
100
101 # Get an unscoped token.
102 rsp, body = self.token_client.auth(user_name, user_password)
103 self.assertEqual(200, resp.status)
104
105 token_id = body['token']['id']
106
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame^]107 # Use the unscoped token to get a token scoped to tenant1
108 rsp, body = self.token_client.auth_token(token_id, tenant=tenant1_name)
Brant Knudsona4cfe0c2014-03-15 09:36:45 -0500[diff] [blame]109 self.assertEqual(200, resp.status)
110
Brant Knudson840011b2014-03-16 11:14:14 -0500[diff] [blame^]111 scoped_token_id = body['token']['id']
112
113 # Revoke the scoped token
114 resp, body = self.client.delete_token(scoped_token_id)
115 self.assertEqual(204, resp.status)
116
117 # Use the unscoped token to get a token scoped to tenant2
118 rsp, body = self.token_client.auth_token(token_id, tenant=tenant2_name)
119 self.assertEqual(204, resp.status)
120
huangtianhua1b855bc2013-10-10 11:12:44 +0800[diff] [blame]121
122class TokensTestXML(TokensTestJSON):
123 _interface = 'xml'