Keystone¶
Keystone conftest¶
-
stepler.keystone.conftest.admin(user_steps)[source]¶ Function fixture to get admin.
Parameters: user_steps (object) – instantiated user steps Returns: user ‘admin’ Return type: object
-
stepler.keystone.conftest.create_domain(domain_steps)[source]¶ Fixture to create domain with options.
Can be called several times during test.
-
stepler.keystone.conftest.create_group(group_steps)[source]¶ Callable function fixture to create single keystone group with options.
Can be called several times during a test. After the test it destroys all created groups.
Parameters: group_steps (object) – instantiated keystone steps Returns: function to create single keystone group with options Return type: function
-
stepler.keystone.conftest.create_project(project_steps)[source]¶ Fixture to create project with options.
Can be called several times during test.
-
stepler.keystone.conftest.create_role(role_steps)[source]¶ Fixture to create role with options.
Can be called several times during test.
-
stepler.keystone.conftest.create_user(user_steps)[source]¶ Session callable fixture to create user with options.
Can be called several times during a test. After the test it destroys all created users.
- Examples of using this fixture in test:
- create_user(‘user1’, ‘qwerty!’) create_user(user_name=’user2’, password=’user2’, domain=’ldap2’)
Parameters: user_steps (object) – instantiated user steps Yields: function – function to create user with options
-
stepler.keystone.conftest.current_project(get_current_project)[source]¶ Function fixture to get current project.
Parameters: get_current_project (function) – function to get current project Returns: current project Return type: obj
-
stepler.keystone.conftest.current_user(session, user_steps)[source]¶ Fixture to get current user.
Parameters: - session (obj) – keystone session
- user_steps (obj) – instantiated user steps
Returns: current user
Return type: obj
-
stepler.keystone.conftest.domain(create_domain)[source]¶ Fixture to create domain with default options before test.
-
stepler.keystone.conftest.ec2_credentials(ec2_steps, current_project, current_user)[source]¶ Fixture to create EC2 credentials for current user.
After the test it destroys created credentials.
Parameters: - ec2_steps (obj) – instantiated EC2 steps
- current_project (obj) – current project
- current_user (obj) – current user
Yields: keystoneclient.v3.ec2.Ec2 – ec2 credentials object
-
stepler.keystone.conftest.ec2_steps(keystone_client)[source]¶ Fixture to get ec2 steps.
Parameters: keystone_client (object) – keystone client for authorizing Returns: object with ec2 credentials steps Return type: object
-
stepler.keystone.conftest.get_current_project(get_session, get_project_steps)[source]¶ Callable session fixture to get current project.
Parameters: - get_session (function) – function to get keystone session
- get_project_steps (function) – function to get project steps
Returns: function to get current project
Return type: function
-
stepler.keystone.conftest.get_keystone_client(get_session)[source]¶ Callable session fixture to get keystone client.
Parameters: get_session (function) – function to get authenticated keystone session Returns: function to get keystone client Return type: function
-
stepler.keystone.conftest.get_project_steps(get_keystone_client)[source]¶ Callable session fixture to get project steps.
Parameters: get_keystone_client (function) – function to get keystone client. Returns: function to get project steps. Return type: function
-
stepler.keystone.conftest.get_role_steps(get_keystone_client)[source]¶ Callable session fixture to get role steps.
Parameters: get_keystone_client (function) – function to get keystone client. Returns: function to get role steps. Return type: function
-
stepler.keystone.conftest.get_service_steps(get_keystone_client)[source]¶ Callable session fixture to get service steps.
Parameters: get_keystone_client (function) – function to get keystone client Returns: function to get project steps Return type: function
-
stepler.keystone.conftest.get_user_steps(get_keystone_client)[source]¶ Callable session fixture to get users steps.
Parameters: get_keystone_client (function) – function to get keystone client. Returns: function to get users steps. Return type: function
-
stepler.keystone.conftest.group(create_group)[source]¶ Function fixture to create single keystone group.
Parameters: create_group (function) – function to create group with options Returns: keystone group Return type: object
-
stepler.keystone.conftest.group_steps(keystone_client)[source]¶ Function fixture to get group steps.
Parameters: keystone_client (object) – instantiated keystone client Returns: instantiated group steps Return type: stepler.keystone.steps.GroupSteps
-
stepler.keystone.conftest.keystone_client(get_keystone_client)[source]¶ Function fixture to get keystone client.
Parameters: get_keystone_client (function) – function to get keystone client Returns: authenticated keystone client Return type: keystoneclient.client.Client
-
stepler.keystone.conftest.new_user_with_project(request, create_user_with_project)[source]¶ Fixture to create new project with new ‘_member_’ user.
Parameters: - request (obj) – pytest SubRequest instance
- create_user_with_project (function) – function to create project resources
Yields: dict – dict with username, password and project_name
-
stepler.keystone.conftest.project(create_project)[source]¶ Fixture to create project with default options before test.
-
stepler.keystone.conftest.project_steps(get_project_steps)[source]¶ Function fixture to get project steps.
Parameters: get_project_steps (function) – function to get project steps Returns: instantiated project steps. Return type: ProjectSteps
-
stepler.keystone.conftest.projects(request, role_steps, create_project, create_user)[source]¶ Function fixture to create different projects.
By default count of projects equal to 2 , but if you want another count please add this quantity before your function.
All created resources are to be deleted after test.
Parameters: - role_steps (obj) – instantiated role steps
- create_project (function) – function to create project
- create_user (function) – function to create user
Returns: created resources
Return type: attrdict.AttrDict
-
stepler.keystone.conftest.role(create_role)[source]¶ Fixture to create role with default options before test.
-
stepler.keystone.conftest.role_steps(get_role_steps)[source]¶ Function fixture to get role steps.
Parameters: get_role_steps (function) – function to get role steps Returns: instantiated role steps. Return type: RoleSteps
-
stepler.keystone.conftest.service_steps(get_service_steps)[source]¶ Function fixture to get service steps.
Parameters: get_service_steps (function) – function to get service steps Returns: instantiated service steps Return type: ServiceSteps
-
stepler.keystone.conftest.token_steps(keystone_client)[source]¶ Callable session fixture to get keystone steps.
Parameters: keystone_client (function) – function to get keystone client Returns: function to instantiated keystone token steps Return type: function
-
stepler.keystone.conftest.user(create_user)[source]¶ Function fixture to create user with default options before test.
Parameters: create_user (function) – function to create user with options Returns: user Return type: object
-
stepler.keystone.conftest.user_steps(get_user_steps)[source]¶ Function fixture to get user steps.
Parameters: get_user_steps (function) – function to get user steps Returns: instantiated user steps Return type: stepler.keystone.steps.UserSteps
Keystone steps¶
-
class
stepler.keystone.steps.DomainSteps(client)[source]¶ Domain steps.
-
check_domain_presence(domain, must_present=True, timeout=0)[source]¶ Step to check domain presence.
Parameters: - domain (object) – domain
- must_present (bool) – flag whether domain should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
create_domain(domain_name, check=True)[source]¶ Step to create domain.
Parameters: - domain_name (str) – domain name
- check (bool) – flag whether to check step or not
Returns: domain
Return type: object
-
delete_domain(domain, check=True)[source]¶ Step to delete domain.
Parameters: - domain (object) – domain
- check (bool) – flag whether to check step or not
-
-
class
stepler.keystone.steps.Ec2Steps(client)[source]¶ Ec2 credentials steps
-
check_presence(credentials, must_present=True, timeout=0)[source]¶ Step to check EC2 credentials presence.
Parameters: - credentials (keystoneclient.v3.ec2.Ec2) – ec2 credentials object
- must_present (bool) – flag whether credentials should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
create(user, project, check=True)[source]¶ Step to create EC2 credentials.
Parameters: - user (object) – user
- project (object) – project
- check (bool) – flag whether to check step or not
Returns: ec2 credentials object
Return type: keystoneclient.v3.ec2.Ec2
Raises: AssertionError– if check failed
-
-
class
stepler.keystone.steps.GroupSteps(client)[source]¶ Group steps.
-
check_group_presence(group, must_present=True, timeout=0)[source]¶ Step to check group presence.
Parameters: - group (object) – the keystone group to be checked
- must_present (bool) – flag whether group should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check is triggered to an error after timeout
-
create_group(name, domain=None, description=None, check=True)[source]¶ Step to create a group.
Parameters: - name (str) – the name of the group
- domain (str or class keystoneclient.v3.domains.Domain) – the domain of the group
- description (str) – the description of the group
Returns: - the created group returned
from server
Return type: keystoneclient.v3.groups.Group
Raises: TimeoutExpired|AssertionError– if check was triggered to an error
-
delete_group(group, check=True)[source]¶ Step to delete group.
Parameters: group (object) – the group to be deleted
-
-
class
stepler.keystone.steps.ProjectSteps(client)[source]¶ Project steps.
-
check_get_projects_requires_authentication()[source]¶ Step to check unauthorized request returns (HTTP 401)
Raises: AssertionError– if check failed
-
check_project_presence(project, must_present=True, timeout=0)[source]¶ Check step that project is present.
Parameters: - project (object) – keystone project to check presence status
- must_present (bool) – flag whether project should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
create_project(project_name, domain='default', check=True)[source]¶ Step to create project.
Parameters: - project_name (str) – project name
- domain (str or object) – domain
- check (bool) – flag whether to check step or not
Returns: project
Return type: object
-
delete_project(project, check=True)[source]¶ Step to delete project.
Parameters: - project (object) – keystone project
- check (bool) – flag whether to check step or not
Raises: TimeoutExpired– if check failed after timeout
-
-
class
stepler.keystone.steps.RoleSteps(client)[source]¶ Role steps.
-
check_role_grant_status(role, user=None, group=None, domain=None, project=None, must_granted=True, timeout=0)[source]¶ Check step if a user or group has a role on a domain or project.
Parameters: - role (str or obj) – the role to be checked on a domain or project
- user (str or obj) – check for role grants for the specified user on a resource. Domain or project must be specified. User and group are mutually exclusive.
- group (str or obj) – check for role grants for the specified user on a resource. Domain or project must be specified. User and group are mutually exclusive.
- domain (str or obj) – check for role grants on the specified domain. Either user or group must be specified. Project and domain are mutually exclusive.
- project (str or obj) – check for role grants on the specified project. Either user or group must be specified. Project and domain are mutually exclusive.
- must_granted (bool) – flag whether role should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
check_role_presence(role, must_present=True, timeout=0)[source]¶ Check step that role is present.
Parameters: - role (str or obj) – the role to be checked on the server
- must_present (bool) – flag whether role should present or no
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
create_role(role_name=None, check=True)[source]¶ Step to create role.
Parameters: - role_name (str) – the name of the role
- check (bool) – flag whether to check step or not
Returns: new role
Return type: keystoneclient.v3.roles.Role
Raises: TimeoutExpired– if check failed after timeout
-
delete_role(role, check=True)[source]¶ Step to delete role.
Parameters: - role (object) – role
- check (bool) – flag whether to check step or not
Raises: TimeoutExpired|AssertionError– if check failed
-
get_role(check=True, **kwgs)[source]¶ Step to retrieve role.
Parameters: - check (bool) – flag whether to check step or not
- **kwgs – any suitable to role keyword arguments
Returns: role
Return type: keystoneclient.v3.roles.Role
-
grant_role(role, user=None, group=None, domain=None, project=None, check=True)[source]¶ Step to grant role to user or group on domain or project.
Parameters: - role (str or obj) – the role to be granted on the server
- user (str or obj) – the specified user to have the role granted on a resource. Domain or project must be specified. User and group are mutually exclusive.
- group (str or obj) – the specified group to have the role granted on a resource. Domain or project must be specified. User and group are mutually exclusive.
- domain (str or obj) – the domain in which the role will be granted. Either user or group must be specified. Project and domain are mutually exclusive.
- project (str or obj) – the project in which the role will be granted. Either user or group must be specified. Project and domain are mutually exclusive.
- check (bool) – flag whether to check step or not
Raises: NotFound– if check failed after timeout
-
revoke_role(role, user=None, group=None, domain=None, project=None, check=True)[source]¶ Step to revoke role from user or group on domain or project.
Parameters: - role (str or obj) – the role to be revoked on the server
- user (str or obj) – the specified user to have the role revoked on a resource. Domain or project must be specified. User and group are mutually exclusive.
- group (str or obj) – revoke role grants for the specified group on a resource. Domain or project must be specified. User and group are mutually exclusive.
- domain (str or obj) – revoke role grants on the specified domain. Either user or group must be specified. Project and domain are mutually exclusive.
- project (str or obj) – revoke role grants on the specified project. Either user or group must be specified. Project and domain are mutually exclusive.
- check (bool) – flag whether to check step or not
Raises: NotFound– if check failed after timeout
-
-
class
stepler.keystone.steps.UserSteps(client)[source]¶ User steps.
-
add_user_to_group(user, group, check=True)[source]¶ Step to add the specified user as a member of the specified group.
Parameters: - user (str or keystoneclient.v3.users.User) – the user to be added to the group
- group (str or keystoneclient.v3.groups.Group) – the group to put the user in
- check (bool) – flag whether to check step or not
Raises: NotFound– if check was triggered to an error
-
check_user_in_group(user, group, must_present=True, timeout=0)[source]¶ Step to check if the user is a member of the group.
Parameters: - user (str or keystoneclient.v3.users.User) – the user to be verified in the group
- group (str or keystoneclient.v3.groups.Group) – the group to check the user in
- must_present (bool) – flag whether group should present or not
- timeout (int) – seconds to wait a result of check
Returns: if check is triggered to an error after timeout
Return type:
-
check_user_presence(user, must_present=True, timeout=0)[source]¶ Step to check user presence.
Parameters: - user (object) – user
- must_present (bool) – flag whether user should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
create_user(user_name, password, domain='default', enabled=True, email=None, description=None, default_project=None, check=True, **kwargs)[source]¶ Step to create new user.
Parameters: - user_name (str) – the new name of the user
- password (str) – the new password of the user
- domain (str or keystoneclient.v3.domains.Domain) – the new domain of the user
- enabled (str) – whether the user is enabled
- email (str) – the new email of the user
- description (str) – the new description of the user
- default_project (str or keystoneclient.v3.projects.Project) – the new default project of the user
- check (bool) – flag whether to check step or not
- kwargs – any other attribute provided will be passed to server
Returns: new user
Return type: keystoneclient.v3.users.User
Raises: TimeoutExpired|AssertionError– if check was triggered to an error
-
delete_user(user, check=True)[source]¶ Step to delete user.
Parameters: - user (object) – user
- check (bool) – flag whether to check step or not
-
get_user(name, domain='default', group=None, check=True)[source]¶ Step to find user.
Parameters: - name (str) –
- domain (str or object) – domain
- group (str or object) – group
- check (bool) – flag whether to check step or not
Raises: NotFound– if user does not existReturns: user
Return type: object
-
get_user_by_id(user_id, check=True)[source]¶ Step to find user by id.
Parameters: - user_id (str) – user ID
- check (bool) – flag whether to check step or not
Raises: NotFound– if user does not existReturns: user
Return type: object
-
get_user_token(check=True)[source]¶ Step to get user token.
Parameters: check (bool) – flag whether to check step or not Returns: token – user token Return type: str
-
get_users(domain='default', group=None, check=True)[source]¶ Step to get users.
Parameters: - domain (str or object) – domain
- group (str or object) – group
- check (bool) – flag whether to check step or not
Returns: list of users
Return type: list of object
-
update_user(user, check=True, **kwargs)[source]¶ Step to update the user.
Parameters: - user (str or keystoneclient.v3.users.User) – the user to be updated on the server
- name (str) – the new name of the user
- domain (str or keystoneclient.v3.domains.Domain) – the new domain of the user
- password (str) – the new password of the user
- email (str) – the new email of the user
- description (str) – the new description of the user
- enabled (str) – whether the user is enabled
- default_project (str or keystoneclient.v3.projects.Project) – the new default project of the user
kwargs: any other attribute provided will be passed to server
Raises: TimeoutExpired|AssertionError– if check was triggered to an error
-
-
class
stepler.keystone.steps.TokenSteps(client)[source]¶ Token steps.
-
check_token_is_revoked(token, must_revoked=True, timeout=0)[source]¶ Step to check if token is revoked.
Parameters: - token (str) – The token to be checked.
- must_revoked (bool) – flag whether volume should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
get_token_data(token, include_catalog=True, check=True)[source]¶ Step to fetch the data about a token from the identity server.
Parameters: - token (str) – The ID of the token to be fetched
- include_catalog (bool) – Whether the service catalog should be included in the response.
- check (bool) – flag whether to check step or not
Returns: data about the token
Return type: dict
-
get_token_validate(token, include_catalog=True, check=True)[source]¶ Step to get validate a token.
Parameters: - token (str) – The ID of the token to be fetched
- include_catalog (bool) – Whether the service catalog should be included in the response.
- check (bool) – flag whether to check step or not
Returns: token access info
Return type: keystoneclient.access.AccessInfoV3
-
-
class
stepler.keystone.steps.ServiceSteps(client)[source]¶ Services steps.
-
check_service_presence(service, must_present=True, timeout=0)[source]¶ Step to check that service is present.
Parameters: - service (object) – openstack service to check presence status
- must_present (bool) – flag whether service should present or not
- timeout (int) – seconds to wait a result of check
Raises: TimeoutExpired– if check failed after timeout
-
create_service(service_name, service_type=None, enabled=True, description=None, check=True)[source]¶ Step to create service.
Parameters: - service_name (str) – service name
- service_type (str) – service type
- enabled (bool) – whether the service appears in the catalog
- description (str) – the description of the service
- check (bool) – flag whether to check step or not
Raises: AssertionError– if check failedReturns: service
Return type: object
-
delete_service(service, check=True)[source]¶ Step to delete service.
Parameters: - service (object) – openstack service
- check (bool) – flag whether to check step or not
Raises: TimeoutExpired– if check failed after timeout
-
Keystone tests¶
Keystone tests¶
-
stepler.keystone.tests.test_keystone.test_check_objects_are_revoked(role_steps, get_project_steps, create_project, create_user)[source]¶ Scenario: Check that keystone objects are revoked correctly.
https://bugs.launchpad.net/mos/+bug/1546197 When you delete a role assignment using a user+role+project pairing, unscoped tokens between the user+project are unnecessarily revoked as well. In fact, two events are created for each role assignment deletion (one that is scoped correctly and one that is scoped too broadly).
Setup:
- Create project
- Create user
Steps:
- Add new project in admin tenant
- Login under this user
- Get projects
- Delete new user from admin tenant
- Get projects
Teardown:
- Delete user
- Delete project
-
stepler.keystone.tests.test_keystone.test_create_user_and_authenticate(new_user_with_project, get_server_steps)[source]¶ Scenario: Create new user
Setup:
- Create new user
- Create new project
- Create new user role
- Grant role to user for project
Steps:
- Perform user authentication
- Get list of servers
Teardown:
- Delete user role
- Delete project
- Delete user
-
stepler.keystone.tests.test_keystone.test_keystone_permission_lose(admin, project, admin_role, project_steps, role_steps, user_steps)[source]¶ Scenario: Check that admin have access to users and projects in this session.
Setup:
- Create new project
Steps:
- Add admin member with admin role to this project
- Remove the admin role for this project
- Check that admin is able to get projects and users
Teardown:
- Delete project
-
stepler.keystone.tests.test_keystone.test_list_ec2(ec2_steps, ec2_credentials, current_user)[source]¶ Scenario: List all ec2 credentials.
Steps:
- Get the list of all ec2 credentials
-
stepler.keystone.tests.test_keystone.test_modify_project_members_update_quotas(admin_role, create_project, create_group, role_steps, project_steps)[source]¶ Scenario: Failed to modify project members and update project quotas.
https://bugs.launchpad.net/horizon/+bug/1326668
Setup:
- Get admin role
Steps:
- Create project
- Create group
- Add new project in admin tenant
- Get projects
- Delete new project from admin tenant
- Get projects
Teardown:
- Delete group
- Delete project
-
stepler.keystone.tests.test_keystone.test_restart_keystone_service(cirros_image, flavor, keypair, net_subnet_router, security_group, server, floating_ip, user, create_user, user_steps, os_faults_steps, server_steps, get_session)[source]¶ Scenario: Check that keystone works after restarting services.
Setup:
- Create cirros image
- Create flavor
- Create keypair
- Create network with subnet and router
- Create security group
- Create server_1
- Create user_1
Steps:
- Attach floating IP
- Check that ping from server_1 to 8.8.8.8 is successful
- Restart keystone services
- Check that user_1 is in user list
- Create server_2
- Attach floating IP
- Check ping from server_2 to 8.8.8.8 and to server_1
- Create user_2 and check its presence in user list
Teardown:
- Delete users
- Delete servers
- Delete security group
- Delete network, subnet, router
- Delete keypair
- Delete flavor
- Delete cirros image