"""
--------------
Keystone tests
--------------
"""
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import time
import pytest
from stepler import config
from stepler.third_party.supported_platforms import platform
from stepler.third_party import utils
@pytest.mark.idempotent_id('89ef26c6-600a-4f69-afeb-d3b8d9ad1244')
[docs]def test_keystone_permission_lose(admin,
project,
admin_role,
project_steps,
role_steps,
user_steps):
"""**Scenario:** Check that admin have access to users and projects in this
session.
**Setup:**
#. Create new project
**Steps:**
#. Add admin member with admin role to this project
#. Remove the admin role for this project
#. Check that admin is able to get projects and users
**Teardown:**
#. Delete project
"""
role_steps.grant_role(admin_role, user=admin, project=project)
role_steps.revoke_role(admin_role, user=admin, project=project)
project_steps.get_projects()
user_steps.get_users()
@pytest.mark.idempotent_id('76f823ac-5c8b-4617-a4cc-9e30257a679f')
[docs]def test_restart_keystone_service(cirros_image,
flavor,
keypair,
net_subnet_router,
security_group,
server,
floating_ip,
user,
create_user,
user_steps,
os_faults_steps,
server_steps,
get_session):
"""**Scenario:** Check that keystone works after restarting services.
**Setup:**
#. Create cirros image
#. Create flavor
#. Create keypair
#. Create network with subnet and router
#. Create security group
#. Create server_1
#. Create user_1
**Steps:**
#. Attach floating IP
#. Check that ping from server_1 to 8.8.8.8 is successful
#. Restart keystone services
#. Check that user_1 is in user list
#. Create server_2
#. Attach floating IP
#. Check ping from server_2 to 8.8.8.8 and to server_1
#. Create user_2 and check its presence in user list
**Teardown:**
#. Delete users
#. Delete servers
#. Delete security group
#. Delete network, subnet, router
#. Delete keypair
#. Delete flavor
#. Delete cirros image
"""
server_steps.attach_floating_ip(server, floating_ip)
with server_steps.get_server_ssh(
server, floating_ip['floating_ip_address']) as server_ssh:
server_steps.check_ping_for_ip(
config.GOOGLE_DNS_IP, server_ssh, timeout=config.PING_CALL_TIMEOUT)
os_faults_steps.restart_services([config.KEYSTONE])
# Wait until keystone wake up
get_session()
time.sleep(config.TIME_AFTER_KEYSTONE_RESTART)
user_steps.check_user_presence(user)
server_2 = server_steps.create_servers(image=cirros_image,
flavor=flavor,
networks=[net_subnet_router[0]],
keypair=keypair,
security_groups=[security_group],
username=config.CIRROS_USERNAME)[0]
server_steps.detach_floating_ip(server, floating_ip)
server_steps.attach_floating_ip(server_2, floating_ip)
server_1_ip = server_steps.get_fixed_ip(server)
with server_steps.get_server_ssh(
server_2, floating_ip['floating_ip_address']) as server_2_ssh:
server_steps.check_ping_for_ip(config.GOOGLE_DNS_IP, server_2_ssh,
timeout=config.PING_CALL_TIMEOUT)
server_steps.check_ping_for_ip(server_1_ip, server_2_ssh,
timeout=config.PING_CALL_TIMEOUT)
name_2, password_2 = utils.generate_ids(count=2)
create_user(user_name=name_2, password=password_2)
@pytest.mark.idempotent_id('14ed4331-c05e-4b9a-9723-eac8c6f3f26a')
[docs]def test_check_objects_are_revoked(role_steps,
get_project_steps,
create_project,
create_user):
"""**Scenario:** Check that keystone objects are revoked correctly.
https://bugs.launchpad.net/mos/+bug/1546197
When you delete a role assignment using a user+role+project pairing,
unscoped tokens between the user+project are unnecessarily revoked as
well. In fact, two events are created for each role assignment deletion
(one that is scoped correctly and one that is scoped too broadly).
**Setup:**
#. Create project
#. Create user
**Steps:**
#. Add new project in admin tenant
#. Login under this user
#. Get projects
#. Delete new user from admin tenant
#. Get projects
**Teardown:**
#. Delete user
#. Delete project
"""
user_name = next(utils.generate_ids('user'))
user_password = next(utils.generate_ids('password'))
project_name = next(utils.generate_ids('project'))
project = create_project(project_name=project_name, domain='default')
user = create_user(user_name,
user_password,
default_project=project)
admin_role = role_steps.get_role(name='admin')
role_steps.grant_role(role=admin_role, user=user, project=project)
user_credentials = {'username': user_name,
'password': user_password,
'project_name': project_name}
user_project_steps = get_project_steps(**user_credentials)
user_project_steps.get_projects()
role_steps.revoke_role(role=admin_role, user=user, project=project)
user_project_steps.check_get_projects_requires_authentication()
@pytest.mark.idempotent_id('e52e771c-b8e4-4af5-981f-76b975e5b110')
[docs]def test_modify_project_members_update_quotas(admin_role,
create_project,
create_group,
role_steps,
project_steps):
"""**Scenario:** Failed to modify project members and update project quotas.
https://bugs.launchpad.net/horizon/+bug/1326668
**Setup:**
#. Get admin role
**Steps:**
#. Create project
#. Create group
#. Add new project in admin tenant
#. Get projects
#. Delete new project from admin tenant
#. Get projects
**Teardown:**
#. Delete group
#. Delete project
"""
project = create_project(next(utils.generate_ids('project')))
group = create_group(next(utils.generate_ids('group')))
role_steps.grant_role(role=admin_role, project=project, group=group)
project_steps.get_projects()
role_steps.revoke_role(role=admin_role, project=project, group=group)
project_steps.get_projects()
@pytest.mark.idempotent_id('06bf8aba-9fa2-45e6-ac71-622fe0440541')
[docs]def test_user_list(user_steps):
"""**Scenario:** Request list of users.
**Steps:**
#. Get list of users
"""
user_steps.get_users()
@pytest.mark.idempotent_id('9a306d49-a3ad-4632-bf5d-ef11b0a07995')
@pytest.mark.parametrize('new_user_with_project',
[{'with_role': True}], indirect=True)
[docs]def test_create_user_and_authenticate(new_user_with_project,
get_server_steps):
"""**Scenario:** Create new user
**Setup:**
#. Create new user
#. Create new project
#. Create new user role
#. Grant role to user for project
**Steps:**
#. Perform user authentication
#. Get list of servers
**Teardown:**
#. Delete user role
#. Delete project
#. Delete user
"""
server_steps = get_server_steps(**new_user_with_project)
server_steps.get_servers(check=False)
services_list = [
pytest.mark.requires('ceilometer')(config.CEILOMETER),
pytest.mark.requires('cinder_nodes_count >= 1')(config.CINDER),
pytest.mark.requires('cinder_nodes_count >= 1')(config.CINDERV2),
config.GLANCE,
config.HEAT,
config.HEAT_CNF,
config.KEYSTONE,
config.NEUTRON,
config.NOVA,
platform.mk2x(config.NOVA_EC2),
platform.mk2x(config.NOVA20)
]
@pytest.mark.idempotent_id('1304cc00-4797-48ee-9b36-fa2997ba96d6',
service_name=config.CEILOMETER)
@pytest.mark.idempotent_id('993d7997-43c9-4fa0-9bb2-82e138022574',
service_name=config.CINDER)
@pytest.mark.idempotent_id('2c48707f-863b-4849-8b3f-f39643abf23c',
service_name=config.CINDERV2)
@pytest.mark.idempotent_id('ebeea432-7045-4f95-bcf7-eceea9ab874a',
service_name=config.GLANCE)
@pytest.mark.idempotent_id('220a4390-64d1-49d1-8b39-a07b96cfa47f',
service_name=config.HEAT)
@pytest.mark.idempotent_id('6a0cc9ee-e102-4754-8adc-041ccad86a53',
service_name=config.HEAT_CNF)
@pytest.mark.idempotent_id('ee5acce0-ca90-43d5-9167-4df322bece79',
service_name=config.KEYSTONE)
@pytest.mark.idempotent_id('93d319d2-2faf-47df-8026-9bee641bf859',
service_name=config.NEUTRON)
@pytest.mark.idempotent_id('64ce7134-de41-48cd-a015-2e4c4f687e9f',
service_name=config.NOVA)
@pytest.mark.idempotent_id('ce7eed04-b057-4076-aac7-f5042b50b8e6',
service_name=config.NOVA_EC2)
@pytest.mark.idempotent_id('8274b37e-6dca-4fdc-9725-e07fdf185047',
service_name=config.NOVA20)
@pytest.mark.parametrize('service_name', services_list)
[docs]def test_service_list(service_steps, service_name):
"""**Scenario:** Check if service is present.
**Steps:**
#. Get service by name and check if it exists
"""
service_steps.get_service(service_name)
@pytest.mark.idempotent_id('cd6c32f7-759a-457e-b695-55305743020f')
[docs]def test_list_ec2(ec2_steps, ec2_credentials, current_user):
"""**Scenario:** List all ec2 credentials.
**Steps:**
#. Get the list of all ec2 credentials
"""
ec2_steps.list(current_user)