Best Python code snippet using tempest_python
test_application_credential.py
Source:test_application_credential.py
1# Copyright 2020 SUSE LLC2#3# Licensed under the Apache License, Version 2.0 (the "License"); you may4# not use this file except in compliance with the License. You may obtain5# a copy of the License at6#7# http://www.apache.org/licenses/LICENSE-2.08#9# Unless required by applicable law or agreed to in writing, software10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the12# License for the specific language governing permissions and limitations13# under the License.14import abc15from tempest.api.identity import base16from tempest import clients17from tempest.lib import auth18from tempest.lib.common.utils import data_utils19from tempest.lib import exceptions20from keystone_tempest_plugin.tests.rbac.v3 import base as rbac_base21class IdentityV3RbacApplicationCredentialTest(22 rbac_base.IdentityV3RbacBaseTests, metaclass=abc.ABCMeta):23 @classmethod24 def setup_clients(cls):25 super(IdentityV3RbacApplicationCredentialTest, cls).setup_clients()26 cls.persona = getattr(cls, 'os_%s' % cls.credentials[0])27 cls.client = cls.persona.application_credentials_client28 cls.admin_client = cls.os_system_admin29 @classmethod30 def setup_user_client(cls, domain_id=None):31 """Set up project user with its own client.32 This is to enable the project user to create its own app cred.33 Returns a client object and the user's ID.34 """35 user_dict = {36 'name': data_utils.rand_name('user'),37 'password': data_utils.rand_password(),38 }39 if domain_id:40 user_dict['domain_id'] = domain_id41 user_id = cls.admin_client.users_v3_client.create_user(42 **user_dict)['user']['id']43 def try_cleanup_user():44 # if domain is cleaned up first, user will already be deleted45 try:46 cls.admin_client.users_v3_client.delete_user(user_id)47 except exceptions.NotFound:48 pass49 cls.addClassResourceCleanup(try_cleanup_user)50 project_id = cls.admin_client.projects_client.create_project(51 data_utils.rand_name())['project']['id']52 cls.addClassResourceCleanup(53 cls.admin_client.projects_client.delete_project, project_id)54 member_role_id = cls.admin_client.roles_v3_client.list_roles(55 name='member')['roles'][0]['id']56 cls.admin_client.roles_v3_client.create_user_role_on_project(57 project_id, user_id, member_role_id)58 creds = auth.KeystoneV3Credentials(59 user_id=user_id,60 password=user_dict['password'],61 project_id=project_id)62 auth_provider = clients.get_auth_provider(creds)63 creds = auth_provider.fill_credentials()64 client = clients.Manager(credentials=creds)65 return client, user_id66 def app_cred(self):67 app_cred = {}68 app_cred['name'] = data_utils.rand_name('app_cred')69 return app_cred70 @abc.abstractmethod71 def test_identity_create_application_credential(self):72 """Test identity:create_application_credential policy.73 This test must check:74 * whether the persona can create an application credential for75 themself76 * whether the persona can create an application credential for77 another user78 """79 pass80 @abc.abstractmethod81 def test_identity_get_application_credential(self):82 """Test identity:get_application_credential policy.83 This test must check:84 * whether the persona can get their own application credential85 * whether the persona can get an application credential for another86 user87 * whether the persona can get an application credential for a user in88 another domain (if applicable)89 * whether the persona can get an application credential for a user in90 their own domain (if applicable)91 * whether the persona can get an application credential that does not92 exist93 """94 pass95 @abc.abstractmethod96 def test_identity_list_application_credentials(self):97 """Test identity:list_application_credentials policy.98 This test must check:99 * whether the persona can list all application credentials for100 themself101 * whether the persona can list all application credentials for102 another user103 * whether the persona can list application credentials for a user in104 their own domain105 * whether the persona can list application credentials for a user in106 another domain107 """108 pass109 @abc.abstractmethod110 def test_identity_delete_application_credential(self):111 """Test identity:delete_application_credential policy.112 This test must check113 * whether the persona can delete their own application credential114 * whether the persona can delete an application credential for115 another user116 * whether the persona can delete an application credential for a user117 in another domain (if applicable)118 * whether the persona can delete an application credential for a user119 in their own domain (if applicable)120 * whether the persona can delete an application credential that does121 not exist122 """123 pass124class SystemAdminTests(125 IdentityV3RbacApplicationCredentialTest, base.BaseIdentityTest):126 credentials = ['system_admin']127 @classmethod128 def setup_clients(cls):129 super(SystemAdminTests, cls).setup_clients()130 cls.test_user_client, cls.test_user_id = cls.setup_user_client()131 def test_identity_create_application_credential(self):132 # Creating an application credential requires a project ID in the133 # token, therefore system-scoped users cannot create app creds.134 raise self.skipException(135 "Skipping identity:create_application_credential test for "136 "system user")137 def test_identity_get_application_credential(self):138 # Creating an application credential requires a project ID in the139 # token, therefore system-scoped users cannot create app creds, so skip140 # check for showing user's own app creds141 # retrieve other user's app cred142 user_app_cred_client = \143 self.test_user_client.application_credentials_client144 app_cred = user_app_cred_client.create_application_credential(145 user_id=self.test_user_id, **self.app_cred()146 )['application_credential']147 self.addCleanup(148 user_app_cred_client.delete_application_credential,149 self.test_user_id,150 app_cred['id'])151 self.do_request(152 'show_application_credential',153 user_id=self.test_user_id,154 application_credential_id=app_cred['id'])155 # retrieve app cred that does not exist156 self.do_request(157 'show_application_credential',158 expected_status=exceptions.NotFound,159 user_id=self.test_user_id,160 application_credential_id=data_utils.rand_uuid_hex())161 def test_identity_list_application_credentials(self):162 # Creating an application credential requires a project ID in the163 # token, therefore system-scoped users cannot create app creds, so skip164 # check for listing user's own app creds165 # list other user's app creds166 user_app_cred_client = \167 self.test_user_client.application_credentials_client168 app_cred = user_app_cred_client.create_application_credential(169 user_id=self.test_user_id, **self.app_cred()170 )['application_credential']171 self.addCleanup(172 user_app_cred_client.delete_application_credential,173 self.test_user_id,174 app_cred['id'])175 resp = self.do_request(176 'list_application_credentials',177 user_id=self.test_user_id)178 self.assertEqual(179 resp['application_credentials'][0]['id'],180 app_cred['id'])181 def test_identity_delete_application_credential(self):182 # Creating an application credential requires a project ID in the183 # token, therefore system-scoped users cannot create app creds, so skip184 # check for deleting user's own app creds185 # delete other user's app cred186 user_app_cred_client = \187 self.test_user_client.application_credentials_client188 app_cred = user_app_cred_client.create_application_credential(189 user_id=self.test_user_id, **self.app_cred()190 )['application_credential']191 self.do_request(192 'delete_application_credential',193 expected_status=204,194 user_id=self.test_user_id,195 application_credential_id=app_cred['id'])196 # delete app cred that does not exist197 self.do_request(198 'delete_application_credential',199 expected_status=exceptions.NotFound,200 user_id=self.test_user_id,201 application_credential_id=data_utils.rand_uuid_hex())202class SystemMemberTests(SystemAdminTests):203 credentials = ['system_member', 'system_admin']204 def test_identity_delete_application_credential(self):205 # Creating an application credential requires a project ID in the206 # token, therefore system-scoped users cannot create app creds, so skip207 # check for deleting user's own app creds208 # delete other user's app cred209 user_app_cred_client = \210 self.test_user_client.application_credentials_client211 app_cred = user_app_cred_client.create_application_credential(212 user_id=self.test_user_id, **self.app_cred()213 )['application_credential']214 self.addCleanup(215 user_app_cred_client.delete_application_credential,216 self.test_user_id,217 app_cred['id'])218 self.do_request(219 'delete_application_credential',220 expected_status=exceptions.Forbidden,221 user_id=self.test_user_id,222 application_credential_id=app_cred['id'])223 # delete app cred that does not exist224 self.do_request(225 'delete_application_credential',226 expected_status=exceptions.Forbidden,227 user_id=self.test_user_id,228 application_credential_id=data_utils.rand_uuid_hex())229class SystemReaderTests(SystemMemberTests):230 credentials = ['system_reader', 'system_admin']231class DomainAdminTests(232 IdentityV3RbacApplicationCredentialTest, base.BaseIdentityTest):233 # Domain admins cannot create their own app creds (app creds can only be234 # scoped to projects) and domain admins have no special privileges over the235 # app creds own by users in their domains.236 credentials = ['domain_admin', 'system_admin']237 @classmethod238 def setup_clients(cls):239 super(DomainAdminTests, cls).setup_clients()240 own_domain_id = cls.persona.credentials.domain_id241 cls.test_client_1, cls.test_user_1 = cls.setup_user_client(242 domain_id=own_domain_id)243 def setUp(self):244 super(DomainAdminTests, self).setUp()245 self.other_domain_id = self.admin_client.domains_client.create_domain(246 name=data_utils.rand_name())['domain']['id']247 self.addCleanup(self.admin_client.domains_client.delete_domain,248 self.other_domain_id)249 self.addCleanup(self.admin_client.domains_client.update_domain,250 domain_id=self.other_domain_id, enabled=False)251 self.test_client_2, self.test_user_2 = self.setup_user_client(252 domain_id=self.other_domain_id)253 client = self.test_client_1.application_credentials_client254 self.app_cred_1 = client.create_application_credential(255 user_id=self.test_user_1, **self.app_cred()256 )['application_credential']257 self.addCleanup(258 client.delete_application_credential,259 self.test_user_1,260 self.app_cred_1['id'])261 client = self.test_client_2.application_credentials_client262 self.app_cred_2 = client.create_application_credential(263 user_id=self.test_user_2, **self.app_cred()264 )['application_credential']265 self.addCleanup(266 client.delete_application_credential,267 self.test_user_2,268 self.app_cred_2['id'])269 def test_identity_create_application_credential(self):270 # Creating an application credential requires a project ID in the271 # token, therefore system-scoped users cannot create app creds.272 raise self.skipException(273 "Skipping identity:create_application_credential test for "274 "domain user")275 def test_identity_get_application_credential(self):276 # Creating an application credential requires a project ID in the277 # token, therefore domain-scoped users cannot create app creds, so skip278 # check for showing user's own app creds279 # accessing application credentials should be forbidden no matter280 # whether the owner is in the domain or outside of it281 # retrieve app cred from user in own domain282 self.do_request(283 'show_application_credential',284 expected_status=exceptions.Forbidden,285 user_id=self.test_user_1,286 application_credential_id=self.app_cred_1['id'])287 # retrieve app cred from user in other domain288 self.do_request(289 'show_application_credential',290 expected_status=exceptions.Forbidden,291 user_id=self.test_user_2,292 application_credential_id=self.app_cred_2['id'])293 # retrieve app cred that does not exist294 self.do_request(295 'show_application_credential',296 expected_status=exceptions.Forbidden,297 user_id=self.test_user_1,298 application_credential_id=data_utils.rand_uuid_hex())299 def test_identity_list_application_credentials(self):300 # Creating an application credential requires a project ID in the301 # token, therefore domain-scoped users cannot create app creds, so skip302 # check for listing user's own app creds303 # listing application credentials should be forbidden no matter304 # whether the owner is in the domain or outside of it305 # list app creds from user in own domain306 self.do_request(307 'list_application_credentials',308 expected_status=exceptions.Forbidden,309 user_id=self.test_user_1)310 # list app creds from user in other domain311 self.do_request(312 'list_application_credentials',313 expected_status=exceptions.Forbidden,314 user_id=self.test_user_2)315 def test_identity_delete_application_credential(self):316 # Creating an application credential requires a project ID in the317 # token, therefore domain-scoped users cannot create app creds, so skip318 # check for deleting user's own app creds319 # deleting application credentials should be forbidden no matter320 # whether the owner is in the domain or outside of it321 # delete app cred from user in own domain322 self.do_request(323 'delete_application_credential',324 expected_status=exceptions.Forbidden,325 user_id=self.test_user_1,326 application_credential_id=self.app_cred_1['id'])327 # delete app cred from user in other domain328 self.do_request(329 'delete_application_credential',330 expected_status=exceptions.Forbidden,331 user_id=self.test_user_2,332 application_credential_id=self.app_cred_2['id'])333 # delete app cred that does not exist334 self.do_request(335 'delete_application_credential',336 expected_status=exceptions.Forbidden,337 user_id=self.test_user_1,338 application_credential_id=data_utils.rand_uuid_hex())339class DomainMemberTests(DomainAdminTests):340 credentials = ['domain_member', 'system_admin']341class DomainReaderTests(DomainAdminTests):342 credentials = ['domain_reader', 'system_admin']343class ProjectAdminTests(IdentityV3RbacApplicationCredentialTest,344 base.BaseIdentityTest):345 credentials = ['project_admin', 'system_admin']346 @classmethod347 def setup_clients(cls):348 super(ProjectAdminTests, cls).setup_clients()349 cls.test_user_client, cls.test_user_id = cls.setup_user_client()350 def test_identity_create_application_credential(self):351 # user can create their own app cred352 user_id = self.persona.credentials.user_id353 resp = self.do_request(354 'create_application_credential',355 expected_status=201,356 user_id=user_id,357 **self.app_cred())['application_credential']358 self.addCleanup(359 self.client.delete_application_credential,360 user_id, resp['id'])361 # user cannot create app cred for another user362 user_id = self.test_user_id363 self.do_request(364 'create_application_credential',365 expected_status=exceptions.Forbidden,366 user_id=user_id,367 **self.app_cred())368 def test_identity_get_application_credential(self):369 # user can retrieve their own app cred370 user_id = self.persona.credentials.user_id371 app_cred = self.client.create_application_credential(372 user_id=user_id, **self.app_cred())['application_credential']373 self.addCleanup(374 self.client.delete_application_credential,375 user_id=user_id, application_credential_id=app_cred['id'])376 self.do_request(377 'show_application_credential',378 user_id=user_id, application_credential_id=app_cred['id'])379 # retrieving non-existent app cred for self should return 404380 self.do_request(381 'show_application_credential',382 expected_status=exceptions.NotFound,383 user_id=user_id,384 application_credential_id=data_utils.rand_uuid_hex())385 # user cannot retrieve another user's app cred by using the victim's386 # user ID in the request or by trying to bypass the user ownership387 # check by crafting a path the the attacker's user ID388 user_id = self.test_user_id389 client = self.test_user_client.application_credentials_client390 app_cred = client.create_application_credential(391 user_id=user_id, **self.app_cred())['application_credential']392 self.addCleanup(393 client.delete_application_credential,394 user_id=user_id, application_credential_id=app_cred['id'])395 self.do_request(396 'show_application_credential',397 expected_status=exceptions.Forbidden,398 user_id=self.persona.credentials.user_id,399 application_credential_id=app_cred['id'])400 self.do_request(401 'show_application_credential',402 expected_status=exceptions.Forbidden,403 user_id=user_id, application_credential_id=app_cred['id'])404 # retrieving non-existent app cred for another user should return 403405 self.do_request(406 'show_application_credential',407 expected_status=exceptions.Forbidden,408 user_id=user_id,409 application_credential_id=data_utils.rand_uuid_hex())410 def test_identity_list_application_credentials(self):411 # user can list their own app creds412 user_id = self.persona.credentials.user_id413 app_cred = self.client.create_application_credential(414 user_id=user_id, **self.app_cred())['application_credential']415 self.addCleanup(416 self.client.delete_application_credential,417 user_id=user_id, application_credential_id=app_cred['id'])418 self.do_request(419 'list_application_credentials', user_id=user_id)420 # user cannot list another user's app creds421 user_id = self.test_user_id422 client = self.test_user_client.application_credentials_client423 app_cred = client.create_application_credential(424 user_id=user_id, **self.app_cred())['application_credential']425 self.addCleanup(426 client.delete_application_credential,427 user_id=user_id, application_credential_id=app_cred['id'])428 self.do_request(429 'list_application_credentials',430 expected_status=exceptions.Forbidden, user_id=user_id)431 def test_identity_delete_application_credential(self):432 # user can delete their own app cred433 user_id = self.persona.credentials.user_id434 app_cred = self.client.create_application_credential(435 user_id=user_id, **self.app_cred())['application_credential']436 self.do_request(437 'delete_application_credential',438 expected_status=204,439 user_id=user_id, application_credential_id=app_cred['id'])440 # deleting non-existent app cred for self should return 404441 self.do_request(442 'delete_application_credential',443 expected_status=exceptions.NotFound,444 user_id=user_id,445 application_credential_id=data_utils.rand_uuid_hex())446 # user cannot delete another user's app cred by using the victim's447 # user ID in the request or by trying to bypass the user ownership448 # check by crafting a path the the attacker's user ID449 user_id = self.test_user_id450 client = self.test_user_client.application_credentials_client451 app_cred = client.create_application_credential(452 user_id=user_id, **self.app_cred())['application_credential']453 self.addCleanup(454 client.delete_application_credential,455 user_id=user_id, application_credential_id=app_cred['id'])456 self.do_request(457 'delete_application_credential',458 expected_status=exceptions.Forbidden,459 user_id=self.persona.credentials.user_id,460 application_credential_id=app_cred['id'])461 self.do_request(462 'delete_application_credential',463 expected_status=exceptions.Forbidden,464 user_id=user_id, application_credential_id=app_cred['id'])465 # deleting non-existent app cred for another user should return 403466 self.do_request(467 'delete_application_credential',468 expected_status=exceptions.Forbidden,469 user_id=user_id,470 application_credential_id=data_utils.rand_uuid_hex())471class ProjectMemberTests(ProjectAdminTests):472 credentials = ['project_member', 'system_admin']473class ProjectReaderTests(ProjectAdminTests):...
test_application_credentials_rbac.py
Source:test_application_credentials_rbac.py
...59 @decorators.idempotent_id('d7b13968-a8a6-47fd-8e1d-7cc7f565c7f8')60 @rbac_rule_validation.action(61 service="keystone",62 rules=["identity:get_application_credential"])63 def test_show_application_credential(self):64 app_cred = self._create_application_credential()65 with self.override_role():66 self.application_credentials_client.show_application_credential(67 user_id=self.user_id, application_credential_id=app_cred['id'])68 @decorators.idempotent_id('521b7c0f-1dd5-47a6-ae95-95c0323d7735')69 @rbac_rule_validation.action(70 service="keystone",71 rules=["identity:delete_application_credential"])72 def test_delete_application_credential(self):73 app_cred = self._create_application_credential()74 with self.override_role():75 self.application_credentials_client.delete_application_credential(...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!