Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / e81e01d294047d900a556af450bcb2b43e9040c4 / . / tempest / tests / test_authorization.py
blob: e66446d5679faa3fee0896ea7aa522151430fff6 [file] [log] [blame]
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]1import unittest2 as unittest
2
3from nose.plugins.attrib import attr
4from nose.tools import raises
5
6from tempest import openstack
Rohit Karajgiaeddf632012-05-04 05:39:13 -0700[diff] [blame]7from tempest.common.utils.data_utils import rand_name, parse_image_id
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]8from tempest import exceptions
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]9from tempest.tests import utils
10
11
12class AuthorizationTest(unittest.TestCase):
13
14 @classmethod
15 def setUpClass(cls):
16 cls.os = openstack.Manager()
17 cls.client = cls.os.servers_client
18 cls.images_client = cls.os.images_client
19 cls.config = cls.os.config
20 cls.image_ref = cls.config.compute.image_ref
21 cls.flavor_ref = cls.config.compute.flavor_ref
22 cls.image_ref_alt = cls.config.compute.image_ref_alt
23 cls.flavor_ref_alt = cls.config.compute.flavor_ref_alt
24
25 # Verify the second user is not the same as the first and is configured
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]26 cls.user1 = cls.config.compute.username
27 cls.user2 = cls.config.compute.alt_username
28 cls.user2_password = cls.config.compute.alt_password
29 cls.user2_tenant_name = cls.config.compute.alt_tenant_name
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]30 cls.multi_user = False
31
32 if (cls.user2 != None and cls.user1 != cls.user2
33 and cls.user2_password != None
34 and cls.user2_tenant_name != None):
35
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]36 try:
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]37 cls.other_manager = openstack.AltManager()
38 cls.other_client = cls.other_manager.servers_client
39 cls.other_images_client = cls.other_manager.images_client
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]40 except exceptions.AuthenticationFailure:
41 # multi_user is already set to false, just fall through
42 pass
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]43 else:
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]44 cls.multi_user = True
Jay Pipes3f981df2012-03-27 18:59:44 -0400[diff] [blame]45
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]46 name = rand_name('server')
47 resp, server = cls.client.create_server(name, cls.image_ref,
48 cls.flavor_ref)
49 cls.client.wait_for_server_status(server['id'], 'ACTIVE')
50 resp, cls.server = cls.client.get_server(server['id'])
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]51
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]52 name = rand_name('image')
53 resp, body = cls.client.create_image(server['id'], name)
Rohit Karajgiaeddf632012-05-04 05:39:13 -0700[diff] [blame]54 image_id = parse_image_id(resp['location'])
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]55 cls.images_client.wait_for_image_resp_code(image_id, 200)
56 cls.images_client.wait_for_image_status(image_id, 'ACTIVE')
57 resp, cls.image = cls.images_client.get_image(image_id)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]58
59 @classmethod
60 def tearDownClass(cls):
61 if cls.multi_user:
62 cls.client.delete_server(cls.server['id'])
63 cls.images_client.delete_image(cls.image['id'])
64
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]65 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]66 @attr(type='negative')
67 @utils.skip_unless_attr('multi_user', 'Second user not configured')
68 def test_get_server_for_other_account_fails(self):
69 """A GET request for a server on another user's account should fail"""
70 self.other_client.get_server(self.server['id'])
71
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]72 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]73 @attr(type='negative')
74 @utils.skip_unless_attr('multi_user', 'Second user not configured')
75 def test_delete_server_for_other_account_fails(self):
76 """A DELETE request for another user's server should fail"""
77 self.other_client.delete_server(self.server['id'])
78
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]79 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]80 @attr(type='negative')
81 @utils.skip_unless_attr('multi_user', 'Second user not configured')
82 def test_update_server_for_other_account_fails(self):
83 """An update server request for another user's server should fail"""
84 self.other_client.update_server(self.server['id'], name='test')
85
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]86 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]87 @attr(type='negative')
88 @utils.skip_unless_attr('multi_user', 'Second user not configured')
89 def test_list_server_addresses_for_other_account_fails(self):
90 """A list addresses request for another user's server should fail"""
91 self.other_client.list_addresses(self.server['id'])
92
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]93 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]94 @attr(type='negative')
95 @utils.skip_unless_attr('multi_user', 'Second user not configured')
96 def test_list_server_addresses_by_network_for_other_account_fails(self):
97 """
98 A list address/network request for another user's server should fail
99 """
100 server_id = self.server['id']
101 self.other_client.list_addresses_by_network(server_id, 'public')
102
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]103 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]104 @attr(type='negative')
105 @utils.skip_unless_attr('multi_user', 'Second user not configured')
106 def test_change_password_for_other_account_fails(self):
107 """A change password request for another user's server should fail"""
108 self.other_client.change_password(self.server['id'], 'newpass')
109
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]110 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]111 @attr(type='negative')
112 @utils.skip_unless_attr('multi_user', 'Second user not configured')
113 def test_reboot_server_for_other_account_fails(self):
114 """A reboot request for another user's server should fail"""
115 self.other_client.reboot(self.server['id'], 'HARD')
116
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]117 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]118 @attr(type='negative')
119 @utils.skip_unless_attr('multi_user', 'Second user not configured')
120 def test_rebuild_server_for_other_account_fails(self):
121 """A rebuild request for another user's server should fail"""
122 self.other_client.rebuild(self.server['id'], self.image_ref_alt)
123
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]124 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]125 @attr(type='negative')
126 @utils.skip_unless_attr('multi_user', 'Second user not configured')
127 def test_resize_server_for_other_account_fails(self):
128 """A resize request for another user's server should fail"""
129 self.other_client.resize(self.server['id'], self.flavor_ref_alt)
130
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]131 @raises(exceptions.NotFound)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]132 @attr(type='negative')
133 @utils.skip_unless_attr('multi_user', 'Second user not configured')
134 def test_create_image_for_other_account_fails(self):
135 """A create image request for another user's server should fail"""
136 self.other_images_client.create_image(self.server['id'], 'testImage')
137
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]138 @raises(exceptions.BadRequest)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]139 @attr(type='negative')
140 @utils.skip_unless_attr('multi_user', 'Second user not configured')
141 def test_create_server_with_unauthorized_image(self):
142 """Server creation with another user's image should fail"""
143 self.other_client.create_server('test', self.image['id'],
144 self.flavor_ref)
145
Daryl Walleckdc9e0c42012-04-02 16:51:26 -0500[diff] [blame]146 @raises(exceptions.BadRequest)
Daryl Walleckced8eb82012-03-19 13:52:37 -0500[diff] [blame]147 @attr(type='negative')
148 @utils.skip_unless_attr('multi_user', 'Second user not configured')
149 def test_create_server_fails_when_tenant_incorrect(self):
150 """
151 A create server request should fail if the tenant id does not match
152 the current user
153 """
Daryl Walleckc7251962012-03-12 17:26:54 -0500[diff] [blame]154 saved_base_url = self.other_client.base_url
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]155 try:
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]156 # Change the base URL to impersonate another user
Daryl Walleckc7251962012-03-12 17:26:54 -0500[diff] [blame]157 self.other_client.base_url = self.client.base_url
Jay Pipesff10d552012-04-06 14:18:50 -0400[diff] [blame]158 self.other_client.create_server('test', self.image['id'],
159 self.flavor_ref)
160 finally:
161 # Reset the base_url...
Daryl Walleckc7251962012-03-12 17:26:54 -0500[diff] [blame]162 self.other_client.base_url = saved_base_url