Source code for identity.admin.v2.test_tokens

# Copyright 2013 Huawei Technologies Co.,LTD.
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from tempest.api.identity import base
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc

CONF = config.CONF


[docs] class TokensTestJSON(base.BaseIdentityV2AdminTest): """Test keystone tokens via v2 API"""
[docs] @decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586') def test_create_check_get_delete_token(self): """Test getting create/check/get/delete token for user via v2 API""" # get a token by username and password user_name = data_utils.rand_name( name='user', prefix=CONF.resource_name_prefix) user_password = data_utils.rand_password() # first:create a tenant tenant = self.setup_test_tenant() # second:create a user user = self.create_test_user(name=user_name, password=user_password, tenantId=tenant['id'], email='') # then get a token for the user body = self.token_client.auth(user_name, user_password, tenant['name']) self.assertEqual(body['token']['tenant']['name'], tenant['name']) # Perform GET Token token_id = body['token']['id'] self.client.check_token_existence(token_id) token_details = self.client.show_token(token_id)['access'] self.assertEqual(token_id, token_details['token']['id']) self.assertEqual(user['id'], token_details['user']['id']) self.assertEqual(user_name, token_details['user']['name']) self.assertEqual(tenant['name'], token_details['token']['tenant']['name']) # then delete the token self.client.delete_token(token_id) self.assertRaises(lib_exc.NotFound, self.client.check_token_existence, token_id)
[docs] @decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e') def test_rescope_token(self): """Test an unscoped token can be requested via v2 API That token can be used to request a scoped token. """ # Create a user. user_name = data_utils.rand_name( name='user', prefix=CONF.resource_name_prefix) user_password = data_utils.rand_password() tenant_id = None # No default tenant so will get unscoped token. user = self.create_test_user(name=user_name, password=user_password, tenantId=tenant_id, email='') # Create a couple tenants. tenant1_name = data_utils.rand_name( name='tenant', prefix=CONF.resource_name_prefix) tenant1 = self.setup_test_tenant(name=tenant1_name) tenant2_name = data_utils.rand_name( name='tenant', prefix=CONF.resource_name_prefix) tenant2 = self.setup_test_tenant(name=tenant2_name) # Create a role role = self.setup_test_role() # Grant the user the role on the tenants. self.roles_client.create_user_role_on_project(tenant1['id'], user['id'], role['id']) self.roles_client.create_user_role_on_project(tenant2['id'], user['id'], role['id']) # Get an unscoped token. body = self.token_client.auth(user_name, user_password) token_id = body['token']['id'] # Use the unscoped token to get a token scoped to tenant1 body = self.token_client.auth_token(token_id, tenant=tenant1_name) scoped_token_id = body['token']['id'] # Revoke the scoped token self.client.delete_token(scoped_token_id) # Use the unscoped token to get a token scoped to tenant2 body = self.token_client.auth_token(token_id, tenant=tenant2_name)
[docs] @decorators.idempotent_id('ca3ea6f7-ed08-4a61-adbd-96906456ad31') def test_list_endpoints_for_token(self): """Test listing endpoints for token via v2 API""" tempest_services = ['keystone', 'nova', 'neutron', 'swift', 'cinder', 'neutron'] # get a token for the user creds = self.os_primary.credentials username = creds.username password = creds.password tenant_name = creds.tenant_name token = self.token_client.auth(username, password, tenant_name)['token'] endpoints = self.client.list_endpoints_for_token( token['id'])['endpoints'] self.assertIsInstance(endpoints, list) # Store list of service names service_names = [e['name'] for e in endpoints] # Get the list of available services. Keystone is always available. available_services = [s[0] for s in list( CONF.service_available.items()) if s[1] is True] + ['keystone'] # Verify that all available services are present. for service in tempest_services: if service in available_services: self.assertIn(service, service_names)