Keystone

Keystone conftest

stepler.keystone.conftest.admin(user_steps)[source]

Function fixture to get admin.

Parameters:user_steps (object) – instantiated user steps
Returns:user ‘admin’
Return type:object
stepler.keystone.conftest.admin_role(role_steps)[source]

Fixture to get admin role.

stepler.keystone.conftest.create_domain(domain_steps)[source]

Fixture to create domain with options.

Can be called several times during test.

stepler.keystone.conftest.create_group(group_steps)[source]

Callable function fixture to create single keystone group with options.

Can be called several times during a test. After the test it destroys all created groups.

Parameters:group_steps (object) – instantiated keystone steps
Returns:function to create single keystone group with options
Return type:function
stepler.keystone.conftest.create_project(project_steps)[source]

Fixture to create project with options.

Can be called several times during test.

stepler.keystone.conftest.create_role(role_steps)[source]

Fixture to create role with options.

Can be called several times during test.

stepler.keystone.conftest.create_user(user_steps)[source]

Session callable fixture to create user with options.

Can be called several times during a test. After the test it destroys all created users.

Examples of using this fixture in test:
create_user(‘user1’, ‘qwerty!’) create_user(user_name=’user2’, password=’user2’, domain=’ldap2’)
Parameters:user_steps (object) – instantiated user steps
Yields:function – function to create user with options
stepler.keystone.conftest.current_project(get_current_project)[source]

Function fixture to get current project.

Parameters:get_current_project (function) – function to get current project
Returns:current project
Return type:obj
stepler.keystone.conftest.current_user(session, user_steps)[source]

Fixture to get current user.

Parameters:
  • session (obj) – keystone session
  • user_steps (obj) – instantiated user steps
Returns:

current user

Return type:

obj

stepler.keystone.conftest.domain(create_domain)[source]

Fixture to create domain with default options before test.

stepler.keystone.conftest.domain_steps(keystone_client)[source]

Fixture to get domain steps.

stepler.keystone.conftest.ec2_credentials(ec2_steps, current_project, current_user)[source]

Fixture to create EC2 credentials for current user.

After the test it destroys created credentials.

Parameters:
  • ec2_steps (obj) – instantiated EC2 steps
  • current_project (obj) – current project
  • current_user (obj) – current user
Yields:

keystoneclient.v3.ec2.Ec2 – ec2 credentials object

stepler.keystone.conftest.ec2_steps(keystone_client)[source]

Fixture to get ec2 steps.

Parameters:keystone_client (object) – keystone client for authorizing
Returns:object with ec2 credentials steps
Return type:object
stepler.keystone.conftest.get_current_project(get_session, get_project_steps)[source]

Callable session fixture to get current project.

Parameters:
  • get_session (function) – function to get keystone session
  • get_project_steps (function) – function to get project steps
Returns:

function to get current project

Return type:

function

stepler.keystone.conftest.get_keystone_client(get_session)[source]

Callable session fixture to get keystone client.

Parameters:get_session (function) – function to get authenticated keystone session
Returns:function to get keystone client
Return type:function
stepler.keystone.conftest.get_project_steps(get_keystone_client)[source]

Callable session fixture to get project steps.

Parameters:get_keystone_client (function) – function to get keystone client.
Returns:function to get project steps.
Return type:function
stepler.keystone.conftest.get_role_steps(get_keystone_client)[source]

Callable session fixture to get role steps.

Parameters:get_keystone_client (function) – function to get keystone client.
Returns:function to get role steps.
Return type:function
stepler.keystone.conftest.get_service_steps(get_keystone_client)[source]

Callable session fixture to get service steps.

Parameters:get_keystone_client (function) – function to get keystone client
Returns:function to get project steps
Return type:function
stepler.keystone.conftest.get_user_steps(get_keystone_client)[source]

Callable session fixture to get users steps.

Parameters:get_keystone_client (function) – function to get keystone client.
Returns:function to get users steps.
Return type:function
stepler.keystone.conftest.group(create_group)[source]

Function fixture to create single keystone group.

Parameters:create_group (function) – function to create group with options
Returns:keystone group
Return type:object
stepler.keystone.conftest.group_steps(keystone_client)[source]

Function fixture to get group steps.

Parameters:keystone_client (object) – instantiated keystone client
Returns:instantiated group steps
Return type:stepler.keystone.steps.GroupSteps
stepler.keystone.conftest.keystone_client(get_keystone_client)[source]

Function fixture to get keystone client.

Parameters:get_keystone_client (function) – function to get keystone client
Returns:authenticated keystone client
Return type:keystoneclient.client.Client
stepler.keystone.conftest.new_user_with_project(request, create_user_with_project)[source]

Fixture to create new project with new ‘_member_’ user.

Parameters:
  • request (obj) – pytest SubRequest instance
  • create_user_with_project (function) – function to create project resources
Yields:

dict – dict with username, password and project_name

stepler.keystone.conftest.project(create_project)[source]

Fixture to create project with default options before test.

stepler.keystone.conftest.project_steps(get_project_steps)[source]

Function fixture to get project steps.

Parameters:get_project_steps (function) – function to get project steps
Returns:instantiated project steps.
Return type:ProjectSteps
stepler.keystone.conftest.projects(request, role_steps, create_project, create_user)[source]

Function fixture to create different projects.

By default count of projects equal to 2 , but if you want another count please add this quantity before your function.

All created resources are to be deleted after test.

Parameters:
  • role_steps (obj) – instantiated role steps
  • create_project (function) – function to create project
  • create_user (function) – function to create user
Returns:

created resources

Return type:

attrdict.AttrDict

stepler.keystone.conftest.role(create_role)[source]

Fixture to create role with default options before test.

stepler.keystone.conftest.role_steps(get_role_steps)[source]

Function fixture to get role steps.

Parameters:get_role_steps (function) – function to get role steps
Returns:instantiated role steps.
Return type:RoleSteps
stepler.keystone.conftest.service_steps(get_service_steps)[source]

Function fixture to get service steps.

Parameters:get_service_steps (function) – function to get service steps
Returns:instantiated service steps
Return type:ServiceSteps
stepler.keystone.conftest.token_steps(keystone_client)[source]

Callable session fixture to get keystone steps.

Parameters:keystone_client (function) – function to get keystone client
Returns:function to instantiated keystone token steps
Return type:function
stepler.keystone.conftest.user(create_user)[source]

Function fixture to create user with default options before test.

Parameters:create_user (function) – function to create user with options
Returns:user
Return type:object
stepler.keystone.conftest.user_steps(get_user_steps)[source]

Function fixture to get user steps.

Parameters:get_user_steps (function) – function to get user steps
Returns:instantiated user steps
Return type:stepler.keystone.steps.UserSteps
stepler.keystone.conftest.users(request, user_steps)[source]

Function fixture to create users with default options before test.

Parameters:
  • request (obj) – py.test’s SubRequest instance
  • user_steps (UserSteps) – instantiated user steps
Returns:

users

Return type:

list

Keystone steps

class stepler.keystone.steps.DomainSteps(client)[source]

Domain steps.

check_domain_presence(domain, must_present=True, timeout=0)[source]

Step to check domain presence.

Parameters:
  • domain (object) – domain
  • must_present (bool) – flag whether domain should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

create_domain(domain_name, check=True)[source]

Step to create domain.

Parameters:
  • domain_name (str) – domain name
  • check (bool) – flag whether to check step or not
Returns:

domain

Return type:

object

delete_domain(domain, check=True)[source]

Step to delete domain.

Parameters:
  • domain (object) – domain
  • check (bool) – flag whether to check step or not
get_domain(name, check=True)[source]

Step to find domain.

Parameters:name (str) –
Raises:NotFound – if domain does not exist
Returns:domain
Return type:object
get_domains(check=True)[source]

Step to get domains.

Parameters:check (bool) – flag whether to check step or not
Returns:list of domains
Return type:list of objects
class stepler.keystone.steps.Ec2Steps(client)[source]

Ec2 credentials steps

check_presence(credentials, must_present=True, timeout=0)[source]

Step to check EC2 credentials presence.

Parameters:
  • credentials (keystoneclient.v3.ec2.Ec2) – ec2 credentials object
  • must_present (bool) – flag whether credentials should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

create(user, project, check=True)[source]

Step to create EC2 credentials.

Parameters:
  • user (object) – user
  • project (object) – project
  • check (bool) – flag whether to check step or not
Returns:

ec2 credentials object

Return type:

keystoneclient.v3.ec2.Ec2

Raises:

AssertionError – if check failed

delete(credentials, check=True)[source]

Step to delete EC2 credentials.

Parameters:
  • credentials (keystoneclient.v3.ec2.Ec2) – ec2 credentials object
  • check (bool) – flag whether to check step or not
Raises:

AssertionError – if check failed

list(user, check=True)[source]

Step to list all ec2 credentials.

Parameters:
  • user (object) – user
  • check (bool) – flag whether to check step or not
Returns:

list of ec2 credentials

Return type:

keystoneclient.v3.ec2.Ec2

Raises:

AssertionError – if check failed

class stepler.keystone.steps.GroupSteps(client)[source]

Group steps.

check_group_presence(group, must_present=True, timeout=0)[source]

Step to check group presence.

Parameters:
  • group (object) – the keystone group to be checked
  • must_present (bool) – flag whether group should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check is triggered to an error after timeout

create_group(name, domain=None, description=None, check=True)[source]

Step to create a group.

Parameters:
  • name (str) – the name of the group
  • domain (str or class keystoneclient.v3.domains.Domain) – the domain of the group
  • description (str) – the description of the group
Returns:

the created group returned

from server

Return type:

keystoneclient.v3.groups.Group

Raises:

TimeoutExpired|AssertionError – if check was triggered to an error

delete_group(group, check=True)[source]

Step to delete group.

Parameters:group (object) – the group to be deleted
get_group(name, domain='default', check=True)[source]

Step to find group.

Parameters:
  • name (str) –
  • domain (str or object) – domain
Raises:

NotFound – if group does not exist

Returns:

group

Return type:

object

get_groups(domain='default', check=True)[source]

Step to get groups.

Parameters:
  • domain (str or object) – domain
  • check (bool) – flag whether to check step or not
Returns:

list of groups

Return type:

list of objects

class stepler.keystone.steps.ProjectSteps(client)[source]

Project steps.

check_get_projects_requires_authentication()[source]

Step to check unauthorized request returns (HTTP 401)

Raises:AssertionError – if check failed
check_project_presence(project, must_present=True, timeout=0)[source]

Check step that project is present.

Parameters:
  • project (object) – keystone project to check presence status
  • must_present (bool) – flag whether project should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

create_project(project_name, domain='default', check=True)[source]

Step to create project.

Parameters:
  • project_name (str) – project name
  • domain (str or object) – domain
  • check (bool) – flag whether to check step or not
Returns:

project

Return type:

object

delete_project(project, check=True)[source]

Step to delete project.

Parameters:
  • project (object) – keystone project
  • check (bool) – flag whether to check step or not
Raises:

TimeoutExpired – if check failed after timeout

get_current_project(session, check=True)[source]

Step to get current project.

Parameters:
  • session (object) – session object
  • check (bool) – flag whether to check step or not
Raises:
  • AssertionError – if id of retrieved project is not equal to
  • session project id
Returns:

project

Return type:

object

get_projects(check=True)[source]

Step to get projects.

Parameters:check (bool) – flag whether to check step or not
Returns:projects – list of projects
Return type:list
Raises:AssertionError – if no projects found
class stepler.keystone.steps.RoleSteps(client)[source]

Role steps.

check_role_grant_status(role, user=None, group=None, domain=None, project=None, must_granted=True, timeout=0)[source]

Check step if a user or group has a role on a domain or project.

Parameters:
  • role (str or obj) – the role to be checked on a domain or project
  • user (str or obj) – check for role grants for the specified user on a resource. Domain or project must be specified. User and group are mutually exclusive.
  • group (str or obj) – check for role grants for the specified user on a resource. Domain or project must be specified. User and group are mutually exclusive.
  • domain (str or obj) – check for role grants on the specified domain. Either user or group must be specified. Project and domain are mutually exclusive.
  • project (str or obj) – check for role grants on the specified project. Either user or group must be specified. Project and domain are mutually exclusive.
  • must_granted (bool) – flag whether role should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

check_role_presence(role, must_present=True, timeout=0)[source]

Check step that role is present.

Parameters:
  • role (str or obj) – the role to be checked on the server
  • must_present (bool) – flag whether role should present or no
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

create_role(role_name=None, check=True)[source]

Step to create role.

Parameters:
  • role_name (str) – the name of the role
  • check (bool) – flag whether to check step or not
Returns:

new role

Return type:

keystoneclient.v3.roles.Role

Raises:

TimeoutExpired – if check failed after timeout

delete_role(role, check=True)[source]

Step to delete role.

Parameters:
  • role (object) – role
  • check (bool) – flag whether to check step or not
Raises:

TimeoutExpired|AssertionError – if check failed

get_role(check=True, **kwgs)[source]

Step to retrieve role.

Parameters:
  • check (bool) – flag whether to check step or not
  • **kwgs – any suitable to role keyword arguments
Returns:

role

Return type:

keystoneclient.v3.roles.Role

grant_role(role, user=None, group=None, domain=None, project=None, check=True)[source]

Step to grant role to user or group on domain or project.

Parameters:
  • role (str or obj) – the role to be granted on the server
  • user (str or obj) – the specified user to have the role granted on a resource. Domain or project must be specified. User and group are mutually exclusive.
  • group (str or obj) – the specified group to have the role granted on a resource. Domain or project must be specified. User and group are mutually exclusive.
  • domain (str or obj) – the domain in which the role will be granted. Either user or group must be specified. Project and domain are mutually exclusive.
  • project (str or obj) – the project in which the role will be granted. Either user or group must be specified. Project and domain are mutually exclusive.
  • check (bool) – flag whether to check step or not
Raises:

NotFound – if check failed after timeout

revoke_role(role, user=None, group=None, domain=None, project=None, check=True)[source]

Step to revoke role from user or group on domain or project.

Parameters:
  • role (str or obj) – the role to be revoked on the server
  • user (str or obj) – the specified user to have the role revoked on a resource. Domain or project must be specified. User and group are mutually exclusive.
  • group (str or obj) – revoke role grants for the specified group on a resource. Domain or project must be specified. User and group are mutually exclusive.
  • domain (str or obj) – revoke role grants on the specified domain. Either user or group must be specified. Project and domain are mutually exclusive.
  • project (str or obj) – revoke role grants on the specified project. Either user or group must be specified. Project and domain are mutually exclusive.
  • check (bool) – flag whether to check step or not
Raises:

NotFound – if check failed after timeout

class stepler.keystone.steps.UserSteps(client)[source]

User steps.

add_user_to_group(user, group, check=True)[source]

Step to add the specified user as a member of the specified group.

Parameters:
  • user (str or keystoneclient.v3.users.User) – the user to be added to the group
  • group (str or keystoneclient.v3.groups.Group) – the group to put the user in
  • check (bool) – flag whether to check step or not
Raises:

NotFound – if check was triggered to an error

check_user_in_group(user, group, must_present=True, timeout=0)[source]

Step to check if the user is a member of the group.

Parameters:
  • user (str or keystoneclient.v3.users.User) – the user to be verified in the group
  • group (str or keystoneclient.v3.groups.Group) – the group to check the user in
  • must_present (bool) – flag whether group should present or not
  • timeout (int) – seconds to wait a result of check
Returns:

if check is triggered to an error after timeout

Return type:

TimeoutExpired

check_user_presence(user, must_present=True, timeout=0)[source]

Step to check user presence.

Parameters:
  • user (object) – user
  • must_present (bool) – flag whether user should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

create_user(user_name, password, domain='default', enabled=True, email=None, description=None, default_project=None, check=True, **kwargs)[source]

Step to create new user.

Parameters:
  • user_name (str) – the new name of the user
  • password (str) – the new password of the user
  • domain (str or keystoneclient.v3.domains.Domain) – the new domain of the user
  • enabled (str) – whether the user is enabled
  • email (str) – the new email of the user
  • description (str) – the new description of the user
  • default_project (str or keystoneclient.v3.projects.Project) – the new default project of the user
  • check (bool) – flag whether to check step or not
  • kwargs – any other attribute provided will be passed to server
Returns:

new user

Return type:

keystoneclient.v3.users.User

Raises:

TimeoutExpired|AssertionError – if check was triggered to an error

delete_user(user, check=True)[source]

Step to delete user.

Parameters:
  • user (object) – user
  • check (bool) – flag whether to check step or not
get_user(name, domain='default', group=None, check=True)[source]

Step to find user.

Parameters:
  • name (str) –
  • domain (str or object) – domain
  • group (str or object) – group
  • check (bool) – flag whether to check step or not
Raises:

NotFound – if user does not exist

Returns:

user

Return type:

object

get_user_by_id(user_id, check=True)[source]

Step to find user by id.

Parameters:
  • user_id (str) – user ID
  • check (bool) – flag whether to check step or not
Raises:

NotFound – if user does not exist

Returns:

user

Return type:

object

get_user_token(check=True)[source]

Step to get user token.

Parameters:check (bool) – flag whether to check step or not
Returns:token – user token
Return type:str
get_users(domain='default', group=None, check=True)[source]

Step to get users.

Parameters:
  • domain (str or object) – domain
  • group (str or object) – group
  • check (bool) – flag whether to check step or not
Returns:

list of users

Return type:

list of object

update_user(user, check=True, **kwargs)[source]

Step to update the user.

Parameters:
  • user (str or keystoneclient.v3.users.User) – the user to be updated on the server
  • name (str) – the new name of the user
  • domain (str or keystoneclient.v3.domains.Domain) – the new domain of the user
  • password (str) – the new password of the user
  • email (str) – the new email of the user
  • description (str) – the new description of the user
  • enabled (str) – whether the user is enabled
  • default_project (str or keystoneclient.v3.projects.Project) – the new default project of the user

kwargs: any other attribute provided will be passed to server

Raises:TimeoutExpired|AssertionError – if check was triggered to an error
class stepler.keystone.steps.TokenSteps(client)[source]

Token steps.

check_token_is_revoked(token, must_revoked=True, timeout=0)[source]

Step to check if token is revoked.

Parameters:
  • token (str) – The token to be checked.
  • must_revoked (bool) – flag whether volume should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

get_token_data(token, include_catalog=True, check=True)[source]

Step to fetch the data about a token from the identity server.

Parameters:
  • token (str) – The ID of the token to be fetched
  • include_catalog (bool) – Whether the service catalog should be included in the response.
  • check (bool) – flag whether to check step or not
Returns:

data about the token

Return type:

dict

get_token_validate(token, include_catalog=True, check=True)[source]

Step to get validate a token.

Parameters:
  • token (str) – The ID of the token to be fetched
  • include_catalog (bool) – Whether the service catalog should be included in the response.
  • check (bool) – flag whether to check step or not
Returns:

token access info

Return type:

keystoneclient.access.AccessInfoV3

revoke_token(token, check=True)[source]

Step to revoke a token.

Parameters:
  • token (str) – The token to be revoked.
  • check (bool) – flag whether to check step or not
Returns:

token

Return type:

keystoneclient.access.AccessInfo

class stepler.keystone.steps.ServiceSteps(client)[source]

Services steps.

check_service_presence(service, must_present=True, timeout=0)[source]

Step to check that service is present.

Parameters:
  • service (object) – openstack service to check presence status
  • must_present (bool) – flag whether service should present or not
  • timeout (int) – seconds to wait a result of check
Raises:

TimeoutExpired – if check failed after timeout

create_service(service_name, service_type=None, enabled=True, description=None, check=True)[source]

Step to create service.

Parameters:
  • service_name (str) – service name
  • service_type (str) – service type
  • enabled (bool) – whether the service appears in the catalog
  • description (str) – the description of the service
  • check (bool) – flag whether to check step or not
Raises:

AssertionError – if check failed

Returns:

service

Return type:

object

delete_service(service, check=True)[source]

Step to delete service.

Parameters:
  • service (object) – openstack service
  • check (bool) – flag whether to check step or not
Raises:

TimeoutExpired – if check failed after timeout

get_service(service_name)[source]

Step to get service by name.

Parameters:service_name (str) – openstack service name to find
Returns:service
Return type:obj
Raises:LookupError – if no services are found
get_services(check=True)[source]

Step to get services.

Parameters:check (bool) – flag whether to check step or not
Returns:services
Return type:list
Raises:AssertionError – if no services are found

Keystone tests

Keystone tests

stepler.keystone.tests.test_keystone.test_check_objects_are_revoked(role_steps, get_project_steps, create_project, create_user)[source]

Scenario: Check that keystone objects are revoked correctly.

https://bugs.launchpad.net/mos/+bug/1546197 When you delete a role assignment using a user+role+project pairing, unscoped tokens between the user+project are unnecessarily revoked as well. In fact, two events are created for each role assignment deletion (one that is scoped correctly and one that is scoped too broadly).

Setup:

  1. Create project
  2. Create user

Steps:

  1. Add new project in admin tenant
  2. Login under this user
  3. Get projects
  4. Delete new user from admin tenant
  5. Get projects

Teardown:

  1. Delete user
  2. Delete project
stepler.keystone.tests.test_keystone.test_create_user_and_authenticate(new_user_with_project, get_server_steps)[source]

Scenario: Create new user

Setup:

  1. Create new user
  2. Create new project
  3. Create new user role
  4. Grant role to user for project

Steps:

  1. Perform user authentication
  2. Get list of servers

Teardown:

  1. Delete user role
  2. Delete project
  3. Delete user
stepler.keystone.tests.test_keystone.test_keystone_permission_lose(admin, project, admin_role, project_steps, role_steps, user_steps)[source]

Scenario: Check that admin have access to users and projects in this session.

Setup:

  1. Create new project

Steps:

  1. Add admin member with admin role to this project
  2. Remove the admin role for this project
  3. Check that admin is able to get projects and users

Teardown:

  1. Delete project
stepler.keystone.tests.test_keystone.test_list_ec2(ec2_steps, ec2_credentials, current_user)[source]

Scenario: List all ec2 credentials.

Steps:

  1. Get the list of all ec2 credentials
stepler.keystone.tests.test_keystone.test_modify_project_members_update_quotas(admin_role, create_project, create_group, role_steps, project_steps)[source]

Scenario: Failed to modify project members and update project quotas.

https://bugs.launchpad.net/horizon/+bug/1326668

Setup:

  1. Get admin role

Steps:

  1. Create project
  2. Create group
  3. Add new project in admin tenant
  4. Get projects
  5. Delete new project from admin tenant
  6. Get projects

Teardown:

  1. Delete group
  2. Delete project
stepler.keystone.tests.test_keystone.test_restart_keystone_service(cirros_image, flavor, keypair, net_subnet_router, security_group, server, floating_ip, user, create_user, user_steps, os_faults_steps, server_steps, get_session)[source]

Scenario: Check that keystone works after restarting services.

Setup:

  1. Create cirros image
  2. Create flavor
  3. Create keypair
  4. Create network with subnet and router
  5. Create security group
  6. Create server_1
  7. Create user_1

Steps:

  1. Attach floating IP
  2. Check that ping from server_1 to 8.8.8.8 is successful
  3. Restart keystone services
  4. Check that user_1 is in user list
  5. Create server_2
  6. Attach floating IP
  7. Check ping from server_2 to 8.8.8.8 and to server_1
  8. Create user_2 and check its presence in user list

Teardown:

  1. Delete users
  2. Delete servers
  3. Delete security group
  4. Delete network, subnet, router
  5. Delete keypair
  6. Delete flavor
  7. Delete cirros image
stepler.keystone.tests.test_keystone.test_service_list(service_steps, service_name)[source]

Scenario: Check if service is present.

Steps:

  1. Get service by name and check if it exists
stepler.keystone.tests.test_keystone.test_user_list(user_steps)[source]

Scenario: Request list of users.

Steps:

  1. Get list of users