diff options
author | Sam Kumar <sp810x@att.com> | 2020-08-28 15:52:39 +0000 |
---|---|---|
committer | Rico Lin <rico.lin.guanyu@gmail.com> | 2020-11-17 15:19:13 +0000 |
commit | d2be2f9cfecffc9228207e180f59f049bf14df41 (patch) | |
tree | 0188063e68ce8509e78981c104500b5518a49ffb /heat_integrationtests | |
parent | 4a707e45f5a203c42f661f6a6bf4d6bc849836a0 (diff) | |
download | heat-d2be2f9cfecffc9228207e180f59f049bf14df41.tar.gz |
Add test cases to check user{domain}
pattern.
Heat uses domain in user{domain} pattern to
find the user in the corresponding domain.
Change-Id: Ic01877e2524e094b087fcbddac7504356e395031
Story:2007867
Task:40234
Diffstat (limited to 'heat_integrationtests')
-rw-r--r-- | heat_integrationtests/common/clients.py | 8 | ||||
-rw-r--r-- | heat_integrationtests/common/test.py | 1 | ||||
-rw-r--r-- | heat_integrationtests/functional/test_keystone_user_with_domain.py | 183 |
3 files changed, 192 insertions, 0 deletions
diff --git a/heat_integrationtests/common/clients.py b/heat_integrationtests/common/clients.py index d2cc92977..6079db19d 100644 --- a/heat_integrationtests/common/clients.py +++ b/heat_integrationtests/common/clients.py @@ -17,6 +17,7 @@ from heat.common.i18n import _ from heatclient import client as heat_client from keystoneauth1.identity.generic import password from keystoneauth1 import session +from keystoneclient.v3 import client as kc_v3 from neutronclient.v2_0 import client as neutron_client from novaclient import client as nova_client from swiftclient import client as swift_client @@ -79,6 +80,7 @@ class ClientManager(object): self.ca_file = self.conf.ca_file self.identity_client = self._get_identity_client() + self.keystone_client = self._get_keystone_client() self.orchestration_client = self._get_orchestration_client() self.compute_client = self._get_compute_client() self.network_client = self._get_network_client() @@ -143,6 +145,12 @@ class ClientManager(object): return KeystoneWrapperClient(auth, verify_cert) + def _get_keystone_client(self): + # Create our default Keystone client to use in testing + return kc_v3.Client( + session=self.identity_client.session, + region_name=self.conf.region) + def _get_compute_client(self): # Create our default Nova client to use in testing return nova_client.Client( diff --git a/heat_integrationtests/common/test.py b/heat_integrationtests/common/test.py index fcc117d6e..52a7fe45d 100644 --- a/heat_integrationtests/common/test.py +++ b/heat_integrationtests/common/test.py @@ -100,6 +100,7 @@ class HeatIntegrationTest(testscenarios.WithScenarios, def setup_clients(self, conf, admin_credentials=False): self.manager = clients.ClientManager(conf, admin_credentials) self.identity_client = self.manager.identity_client + self.keystone_client = self.manager.keystone_client self.orchestration_client = self.manager.orchestration_client self.compute_client = self.manager.compute_client self.network_client = self.manager.network_client diff --git a/heat_integrationtests/functional/test_keystone_user_with_domain.py b/heat_integrationtests/functional/test_keystone_user_with_domain.py new file mode 100644 index 000000000..aff4f75a1 --- /dev/null +++ b/heat_integrationtests/functional/test_keystone_user_with_domain.py @@ -0,0 +1,183 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from heat_integrationtests.common import test +from heat_integrationtests.functional import functional_base + +create_user = ''' +heat_template_version: 2014-10-16 +description: test template to test user role assignment with user{domain} +parameters: + user_name: + type: string + label: User Name + description: Test user name + project_name: + type: string + label: Project Name + description: Test project name + domain_name: + type: string + label: Domain Name + description: Test domain name +resources: + Domain: + properties: + description: "Test Domain" + enabled: true + name: {get_param: domain_name} + type: OS::Keystone::Domain + Project: + properties: + description: "Test Project" + enabled: true + name: {get_param: project_name} + type: OS::Keystone::Project + User: + type: OS::Keystone::User + properties: + name: {get_param: user_name} + domain: {get_resource: Domain} + description: Test user + enabled: true + email: xyz@abc.com + password: passWORD +outputs: + project_name: + value: {get_attr: [Project, name]} + user_name: + value: {get_attr: [User, name]} +''' +assign_user_roles = ''' +heat_template_version: 2014-10-16 +description: test template to test user role assignment with user{domain} +parameters: + user_name: + type: string + label: User Name + description: Test user name + project_name: + type: string + label: Project Name + description: Test project name + domain_name: + type: string + label: Domain Name + description: Test domain name +resources: + UserRoleAssignemnt: + properties: + roles: + - role: admin + project: {get_param: project_name} + user: + list_join: ['', + [ + {get_param: user_name}, + '{', + {get_param: domain_name}, + '}' + ] + ] + type: OS::Keystone::UserRoleAssignment +''' +disable_domain = ''' +heat_template_version: 2014-10-16 +description: test template to test user role assignment with user{domain} +parameters: + user_name: + type: string + label: User Name + description: Test user name + project_name: + type: string + label: Project Name + description: Test project name + domain_name: + type: string + label: Domain Name + description: Test domain name +resources: + Domain: + properties: + description: "Test Domain" + enabled: false + name: {get_param: domain_name} + type: OS::Keystone::Domain + Project: + properties: + description: "Test Project" + enabled: true + name: {get_param: project_name} + type: OS::Keystone::Project + User: + type: OS::Keystone::User + properties: + name: {get_param: user_name} + domain: {get_resource: Domain} + description: Test user + enabled: true + email: xyz@abc.com + password: passWORD +outputs: + project_name: + value: {get_attr: [Project, name]} + user_name: + value: {get_attr: [User, name]} +''' + + +class CreateUserTest(functional_base.FunctionalTestsBase): + + def get_user_and_project_outputs(self, stack_identifier): + stack = self.client.stacks.get(stack_identifier) + project_name = self._stack_output(stack, 'project_name') + user_name = self._stack_output(stack, 'user_name') + return project_name, user_name + + def get_outputs(self, stack_identifier, output_key): + stack = self.client.stacks.get(stack_identifier) + return self._stack_output(stack, output_key) + + def test_assign_user_role_with_domain(self): + # Setup admin clients + self.setup_clients_for_admin() + parms = { + 'user_name': test.rand_name('test-user-domain-user-name'), + 'project_name': test.rand_name('test-user-domain-project'), + 'domain_name': test.rand_name('test-user-domain-domain-name') + } + stack_identifier_create_user = self.stack_create( + template=create_user, + parameters=parms) + + self.stack_create( + template=assign_user_roles, + parameters=parms) + + project_name, user_name = self.get_user_and_project_outputs( + stack_identifier_create_user) + self.assertEqual(project_name, project_name) + self.assertEqual(user_name, user_name) + users = self.keystone_client.users.list() + projects = self.keystone_client.projects.list() + user_id = [x for x in users if x.name == user_name][0].id + project_id = [x for x in projects if x.name == project_name][0].id + self.assertIsNotNone( + self.keystone_client.role_assignments.list( + user=user_id, project=project_id)) + + # Disable domain so stack can be deleted + self.update_stack( + stack_identifier=stack_identifier_create_user, + template=disable_domain, + parameters=parms) |