| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 1 | # Copyright 2013 Huawei Technologies Co.,LTD. |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 16 | from tempest.api.identity import base |
| 17 | from tempest.common.utils import data_utils |
| Matthew Treinish | 5c660ab | 2014-05-18 21:14:36 -0400 | [diff] [blame] | 18 | from tempest import test |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 19 | |
| 20 | |
| Matthew Treinish | db2c597 | 2014-01-31 22:18:59 +0000 | [diff] [blame] | 21 | class TokensTestJSON(base.BaseIdentityV2AdminTest): |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 22 | |
| Matthew Treinish | 5c660ab | 2014-05-18 21:14:36 -0400 | [diff] [blame] | 23 | @test.attr(type='gate') |
| Chris Hoge | 7579c1a | 2015-02-26 14:12:15 -0800 | [diff] [blame] | 24 | @test.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586') |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 25 | def test_create_get_delete_token(self): |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 26 | # get a token by username and password |
| 27 | user_name = data_utils.rand_name(name='user-') |
| 28 | user_password = data_utils.rand_name(name='pass-') |
| 29 | # first:create a tenant |
| 30 | tenant_name = data_utils.rand_name(name='tenant-') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 31 | tenant = self.client.create_tenant(tenant_name) |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 32 | self.data.tenants.append(tenant) |
| 33 | # second:create a user |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 34 | user = self.client.create_user(user_name, user_password, |
| 35 | tenant['id'], '') |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 36 | self.data.users.append(user) |
| 37 | # then get a token for the user |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 38 | body = self.token_client.auth(user_name, |
| 39 | user_password, |
| 40 | tenant['name']) |
| Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 41 | self.assertEqual(body['token']['tenant']['name'], |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 42 | tenant['name']) |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 43 | # Perform GET Token |
| Andrea Frittoli | 8bbdb16 | 2014-01-06 11:06:13 +0000 | [diff] [blame] | 44 | token_id = body['token']['id'] |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 45 | token_details = self.client.get_token(token_id) |
| Zhi Kun Liu | 30caeae | 2014-02-26 15:30:24 +0800 | [diff] [blame] | 46 | self.assertEqual(token_id, token_details['token']['id']) |
| 47 | self.assertEqual(user['id'], token_details['user']['id']) |
| 48 | self.assertEqual(user_name, token_details['user']['name']) |
| 49 | self.assertEqual(tenant['name'], |
| 50 | token_details['token']['tenant']['name']) |
| 51 | # then delete the token |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 52 | self.client.delete_token(token_id) |
| huangtianhua | 1b855bc | 2013-10-10 11:12:44 +0800 | [diff] [blame] | 53 | |
| Matthew Treinish | 5c660ab | 2014-05-18 21:14:36 -0400 | [diff] [blame] | 54 | @test.attr(type='gate') |
| Chris Hoge | 7579c1a | 2015-02-26 14:12:15 -0800 | [diff] [blame] | 55 | @test.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e') |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 56 | def test_rescope_token(self): |
| 57 | """An unscoped token can be requested, that token can be used to |
| 58 | request a scoped token. |
| 59 | """ |
| 60 | |
| 61 | # Create a user. |
| 62 | user_name = data_utils.rand_name(name='user-') |
| 63 | user_password = data_utils.rand_name(name='pass-') |
| 64 | tenant_id = None # No default tenant so will get unscoped token. |
| 65 | email = '' |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 66 | user = self.client.create_user(user_name, user_password, |
| 67 | tenant_id, email) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 68 | self.data.users.append(user) |
| 69 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 70 | # Create a couple tenants. |
| 71 | tenant1_name = data_utils.rand_name(name='tenant-') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 72 | tenant1 = self.client.create_tenant(tenant1_name) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 73 | self.data.tenants.append(tenant1) |
| 74 | |
| 75 | tenant2_name = data_utils.rand_name(name='tenant-') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 76 | tenant2 = self.client.create_tenant(tenant2_name) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 77 | self.data.tenants.append(tenant2) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 78 | |
| 79 | # Create a role |
| 80 | role_name = data_utils.rand_name(name='role-') |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 81 | role = self.client.create_role(role_name) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 82 | self.data.roles.append(role) |
| 83 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 84 | # Grant the user the role on the tenants. |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 85 | self.client.assign_user_role(tenant1['id'], user['id'], |
| 86 | role['id']) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 87 | |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 88 | self.client.assign_user_role(tenant2['id'], user['id'], |
| 89 | role['id']) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 90 | |
| 91 | # Get an unscoped token. |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 92 | body = self.token_client.auth(user_name, user_password) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 93 | |
| 94 | token_id = body['token']['id'] |
| 95 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 96 | # Use the unscoped token to get a token scoped to tenant1 |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 97 | body = self.token_client.auth_token(token_id, |
| 98 | tenant=tenant1_name) |
| Brant Knudson | a4cfe0c | 2014-03-15 09:36:45 -0500 | [diff] [blame] | 99 | |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 100 | scoped_token_id = body['token']['id'] |
| 101 | |
| 102 | # Revoke the scoped token |
| David Kranz | e9d2f42 | 2014-07-02 13:57:41 -0400 | [diff] [blame] | 103 | self.client.delete_token(scoped_token_id) |
| Brant Knudson | 840011b | 2014-03-16 11:14:14 -0500 | [diff] [blame] | 104 | |
| 105 | # Use the unscoped token to get a token scoped to tenant2 |
| David Kranz | b7afa92 | 2014-12-30 10:56:26 -0500 | [diff] [blame] | 106 | body = self.token_client.auth_token(token_id, |
| 107 | tenant=tenant2_name) |