Test your AI Agents with the all-new Agent to Agent Testing Platform.Learn More

How to use create_application_credential method in tempest

Best Python code snippet using tempest_python

test_application_credential.py

Source:test_application_credential.py

...67        app_cred = {}68        app_cred['name'] = data_utils.rand_name('app_cred')69        return app_cred70    @abc.abstractmethod71    def test_identity_create_application_credential(self):72        """Test identity:create_application_credential policy.73        This test must check:74          * whether the persona can create an application credential for75            themself76          * whether the persona can create an application credential for77            another user78        """79        pass80    @abc.abstractmethod81    def test_identity_get_application_credential(self):82        """Test identity:get_application_credential policy.83        This test must check:84          * whether the persona can get their own application credential85          * whether the persona can get an application credential for another86            user87          * whether the persona can get an application credential for a user in88            another domain (if applicable)89          * whether the persona can get an application credential for a user in90            their own domain (if applicable)91          * whether the persona can get an application credential that does not92            exist93        """94        pass95    @abc.abstractmethod96    def test_identity_list_application_credentials(self):97        """Test identity:list_application_credentials policy.98        This test must check:99          * whether the persona can list all application credentials for100            themself101          * whether the persona can list all application credentials for102            another user103          * whether the persona can list application credentials for a user in104            their own domain105          * whether the persona can list application credentials for a user in106            another domain107        """108        pass109    @abc.abstractmethod110    def test_identity_delete_application_credential(self):111        """Test identity:delete_application_credential policy.112        This test must check113          * whether the persona can delete their own application credential114          * whether the persona can delete an application credential for115            another user116          * whether the persona can delete an application credential for a user117            in another domain (if applicable)118          * whether the persona can delete an application credential for a user119            in their own domain (if applicable)120          * whether the persona can delete an application credential that does121            not exist122        """123        pass124class SystemAdminTests(125    IdentityV3RbacApplicationCredentialTest, base.BaseIdentityTest):126    credentials = ['system_admin']127    @classmethod128    def setup_clients(cls):129        super(SystemAdminTests, cls).setup_clients()130        cls.test_user_client, cls.test_user_id = cls.setup_user_client()131    def test_identity_create_application_credential(self):132        # Creating an application credential requires a project ID in the133        # token, therefore system-scoped users cannot create app creds.134        raise self.skipException(135            "Skipping identity:create_application_credential test for "136            "system user")137    def test_identity_get_application_credential(self):138        # Creating an application credential requires a project ID in the139        # token, therefore system-scoped users cannot create app creds, so skip140        # check for showing user's own app creds141        # retrieve other user's app cred142        user_app_cred_client = \143            self.test_user_client.application_credentials_client144        app_cred = user_app_cred_client.create_application_credential(145            user_id=self.test_user_id, **self.app_cred()146        )['application_credential']147        self.addCleanup(148            user_app_cred_client.delete_application_credential,149            self.test_user_id,150            app_cred['id'])151        self.do_request(152            'show_application_credential',153            user_id=self.test_user_id,154            application_credential_id=app_cred['id'])155        # retrieve app cred that does not exist156        self.do_request(157            'show_application_credential',158            expected_status=exceptions.NotFound,159            user_id=self.test_user_id,160            application_credential_id=data_utils.rand_uuid_hex())161    def test_identity_list_application_credentials(self):162        # Creating an application credential requires a project ID in the163        # token, therefore system-scoped users cannot create app creds, so skip164        # check for listing user's own app creds165        # list other user's app creds166        user_app_cred_client = \167            self.test_user_client.application_credentials_client168        app_cred = user_app_cred_client.create_application_credential(169            user_id=self.test_user_id, **self.app_cred()170        )['application_credential']171        self.addCleanup(172            user_app_cred_client.delete_application_credential,173            self.test_user_id,174            app_cred['id'])175        resp = self.do_request(176            'list_application_credentials',177            user_id=self.test_user_id)178        self.assertEqual(179            resp['application_credentials'][0]['id'],180            app_cred['id'])181    def test_identity_delete_application_credential(self):182        # Creating an application credential requires a project ID in the183        # token, therefore system-scoped users cannot create app creds, so skip184        # check for deleting user's own app creds185        # delete other user's app cred186        user_app_cred_client = \187            self.test_user_client.application_credentials_client188        app_cred = user_app_cred_client.create_application_credential(189            user_id=self.test_user_id, **self.app_cred()190        )['application_credential']191        self.do_request(192            'delete_application_credential',193            expected_status=204,194            user_id=self.test_user_id,195            application_credential_id=app_cred['id'])196        # delete app cred that does not exist197        self.do_request(198            'delete_application_credential',199            expected_status=exceptions.NotFound,200            user_id=self.test_user_id,201            application_credential_id=data_utils.rand_uuid_hex())202class SystemMemberTests(SystemAdminTests):203    credentials = ['system_member', 'system_admin']204    def test_identity_delete_application_credential(self):205        # Creating an application credential requires a project ID in the206        # token, therefore system-scoped users cannot create app creds, so skip207        # check for deleting user's own app creds208        # delete other user's app cred209        user_app_cred_client = \210            self.test_user_client.application_credentials_client211        app_cred = user_app_cred_client.create_application_credential(212            user_id=self.test_user_id, **self.app_cred()213        )['application_credential']214        self.addCleanup(215            user_app_cred_client.delete_application_credential,216            self.test_user_id,217            app_cred['id'])218        self.do_request(219            'delete_application_credential',220            expected_status=exceptions.Forbidden,221            user_id=self.test_user_id,222            application_credential_id=app_cred['id'])223        # delete app cred that does not exist224        self.do_request(225            'delete_application_credential',226            expected_status=exceptions.Forbidden,227            user_id=self.test_user_id,228            application_credential_id=data_utils.rand_uuid_hex())229class SystemReaderTests(SystemMemberTests):230    credentials = ['system_reader', 'system_admin']231class DomainAdminTests(232    IdentityV3RbacApplicationCredentialTest, base.BaseIdentityTest):233    # Domain admins cannot create their own app creds (app creds can only be234    # scoped to projects) and domain admins have no special privileges over the235    # app creds own by users in their domains.236    credentials = ['domain_admin', 'system_admin']237    @classmethod238    def setup_clients(cls):239        super(DomainAdminTests, cls).setup_clients()240        own_domain_id = cls.persona.credentials.domain_id241        cls.test_client_1, cls.test_user_1 = cls.setup_user_client(242            domain_id=own_domain_id)243    def setUp(self):244        super(DomainAdminTests, self).setUp()245        self.other_domain_id = self.admin_client.domains_client.create_domain(246            name=data_utils.rand_name())['domain']['id']247        self.addCleanup(self.admin_client.domains_client.delete_domain,248                        self.other_domain_id)249        self.addCleanup(self.admin_client.domains_client.update_domain,250                        domain_id=self.other_domain_id, enabled=False)251        self.test_client_2, self.test_user_2 = self.setup_user_client(252            domain_id=self.other_domain_id)253        client = self.test_client_1.application_credentials_client254        self.app_cred_1 = client.create_application_credential(255            user_id=self.test_user_1, **self.app_cred()256        )['application_credential']257        self.addCleanup(258            client.delete_application_credential,259            self.test_user_1,260            self.app_cred_1['id'])261        client = self.test_client_2.application_credentials_client262        self.app_cred_2 = client.create_application_credential(263            user_id=self.test_user_2, **self.app_cred()264        )['application_credential']265        self.addCleanup(266            client.delete_application_credential,267            self.test_user_2,268            self.app_cred_2['id'])269    def test_identity_create_application_credential(self):270        # Creating an application credential requires a project ID in the271        # token, therefore system-scoped users cannot create app creds.272        raise self.skipException(273            "Skipping identity:create_application_credential test for "274            "domain user")275    def test_identity_get_application_credential(self):276        # Creating an application credential requires a project ID in the277        # token, therefore domain-scoped users cannot create app creds, so skip278        # check for showing user's own app creds279        # accessing application credentials should be forbidden no matter280        # whether the owner is in the domain or outside of it281        # retrieve app cred from user in own domain282        self.do_request(283            'show_application_credential',284            expected_status=exceptions.Forbidden,285            user_id=self.test_user_1,286            application_credential_id=self.app_cred_1['id'])287        # retrieve app cred from user in other domain288        self.do_request(289            'show_application_credential',290            expected_status=exceptions.Forbidden,291            user_id=self.test_user_2,292            application_credential_id=self.app_cred_2['id'])293        # retrieve app cred that does not exist294        self.do_request(295            'show_application_credential',296            expected_status=exceptions.Forbidden,297            user_id=self.test_user_1,298            application_credential_id=data_utils.rand_uuid_hex())299    def test_identity_list_application_credentials(self):300        # Creating an application credential requires a project ID in the301        # token, therefore domain-scoped users cannot create app creds, so skip302        # check for listing user's own app creds303        # listing application credentials should be forbidden no matter304        # whether the owner is in the domain or outside of it305        # list app creds from user in own domain306        self.do_request(307            'list_application_credentials',308            expected_status=exceptions.Forbidden,309            user_id=self.test_user_1)310        # list app creds from user in other domain311        self.do_request(312            'list_application_credentials',313            expected_status=exceptions.Forbidden,314            user_id=self.test_user_2)315    def test_identity_delete_application_credential(self):316        # Creating an application credential requires a project ID in the317        # token, therefore domain-scoped users cannot create app creds, so skip318        # check for deleting user's own app creds319        # deleting application credentials should be forbidden no matter320        # whether the owner is in the domain or outside of it321        # delete app cred from user in own domain322        self.do_request(323            'delete_application_credential',324            expected_status=exceptions.Forbidden,325            user_id=self.test_user_1,326            application_credential_id=self.app_cred_1['id'])327        # delete app cred from user in other domain328        self.do_request(329            'delete_application_credential',330            expected_status=exceptions.Forbidden,331            user_id=self.test_user_2,332            application_credential_id=self.app_cred_2['id'])333        # delete app cred that does not exist334        self.do_request(335            'delete_application_credential',336            expected_status=exceptions.Forbidden,337            user_id=self.test_user_1,338            application_credential_id=data_utils.rand_uuid_hex())339class DomainMemberTests(DomainAdminTests):340    credentials = ['domain_member', 'system_admin']341class DomainReaderTests(DomainAdminTests):342    credentials = ['domain_reader', 'system_admin']343class ProjectAdminTests(IdentityV3RbacApplicationCredentialTest,344                        base.BaseIdentityTest):345    credentials = ['project_admin', 'system_admin']346    @classmethod347    def setup_clients(cls):348        super(ProjectAdminTests, cls).setup_clients()349        cls.test_user_client, cls.test_user_id = cls.setup_user_client()350    def test_identity_create_application_credential(self):351        # user can create their own app cred352        user_id = self.persona.credentials.user_id353        resp = self.do_request(354            'create_application_credential',355            expected_status=201,356            user_id=user_id,357            **self.app_cred())['application_credential']358        self.addCleanup(359            self.client.delete_application_credential,360            user_id, resp['id'])361        # user cannot create app cred for another user362        user_id = self.test_user_id363        self.do_request(364            'create_application_credential',365            expected_status=exceptions.Forbidden,366            user_id=user_id,367            **self.app_cred())368    def test_identity_get_application_credential(self):369        # user can retrieve their own app cred370        user_id = self.persona.credentials.user_id371        app_cred = self.client.create_application_credential(372            user_id=user_id, **self.app_cred())['application_credential']373        self.addCleanup(374            self.client.delete_application_credential,375            user_id=user_id, application_credential_id=app_cred['id'])376        self.do_request(377            'show_application_credential',378            user_id=user_id, application_credential_id=app_cred['id'])379        # retrieving non-existent app cred for self should return 404380        self.do_request(381            'show_application_credential',382            expected_status=exceptions.NotFound,383            user_id=user_id,384            application_credential_id=data_utils.rand_uuid_hex())385        # user cannot retrieve another user's app cred by using the victim's386        # user ID in the request or by trying to bypass the user ownership387        # check by crafting a path the the attacker's user ID388        user_id = self.test_user_id389        client = self.test_user_client.application_credentials_client390        app_cred = client.create_application_credential(391            user_id=user_id, **self.app_cred())['application_credential']392        self.addCleanup(393            client.delete_application_credential,394            user_id=user_id, application_credential_id=app_cred['id'])395        self.do_request(396            'show_application_credential',397            expected_status=exceptions.Forbidden,398            user_id=self.persona.credentials.user_id,399            application_credential_id=app_cred['id'])400        self.do_request(401            'show_application_credential',402            expected_status=exceptions.Forbidden,403            user_id=user_id, application_credential_id=app_cred['id'])404        # retrieving non-existent app cred for another user should return 403405        self.do_request(406            'show_application_credential',407            expected_status=exceptions.Forbidden,408            user_id=user_id,409            application_credential_id=data_utils.rand_uuid_hex())410    def test_identity_list_application_credentials(self):411        # user can list their own app creds412        user_id = self.persona.credentials.user_id413        app_cred = self.client.create_application_credential(414            user_id=user_id, **self.app_cred())['application_credential']415        self.addCleanup(416            self.client.delete_application_credential,417            user_id=user_id, application_credential_id=app_cred['id'])418        self.do_request(419            'list_application_credentials', user_id=user_id)420        # user cannot list another user's app creds421        user_id = self.test_user_id422        client = self.test_user_client.application_credentials_client423        app_cred = client.create_application_credential(424            user_id=user_id, **self.app_cred())['application_credential']425        self.addCleanup(426            client.delete_application_credential,427            user_id=user_id, application_credential_id=app_cred['id'])428        self.do_request(429            'list_application_credentials',430            expected_status=exceptions.Forbidden, user_id=user_id)431    def test_identity_delete_application_credential(self):432        # user can delete their own app cred433        user_id = self.persona.credentials.user_id434        app_cred = self.client.create_application_credential(435            user_id=user_id, **self.app_cred())['application_credential']436        self.do_request(437            'delete_application_credential',438            expected_status=204,439            user_id=user_id, application_credential_id=app_cred['id'])440        # deleting non-existent app cred for self should return 404441        self.do_request(442            'delete_application_credential',443            expected_status=exceptions.NotFound,444            user_id=user_id,445            application_credential_id=data_utils.rand_uuid_hex())446        # user cannot delete another user's app cred by using the victim's447        # user ID in the request or by trying to bypass the user ownership448        # check by crafting a path the the attacker's user ID449        user_id = self.test_user_id450        client = self.test_user_client.application_credentials_client451        app_cred = client.create_application_credential(452            user_id=user_id, **self.app_cred())['application_credential']453        self.addCleanup(454            client.delete_application_credential,455            user_id=user_id, application_credential_id=app_cred['id'])456        self.do_request(457            'delete_application_credential',458            expected_status=exceptions.Forbidden,459            user_id=self.persona.credentials.user_id,460            application_credential_id=app_cred['id'])461        self.do_request(462            'delete_application_credential',463            expected_status=exceptions.Forbidden,464            user_id=user_id, application_credential_id=app_cred['id'])465        # deleting non-existent app cred for another user should return 403...

test_application_credentials.py

Source:test_application_credentials.py

...24            kwargs.update(name=name)25        return self.non_admin_app_creds_client.list_application_credentials(26            **kwargs)['application_credentials']27    @decorators.idempotent_id('8080c75c-eddc-4786-941a-c2da7039ae61')28    def test_create_application_credential(self):29        app_cred = self.create_application_credential()30        # Check that the secret appears in the create response31        secret = app_cred['secret']32        # Check that the secret is not retrievable after initial create33        app_cred = self.non_admin_app_creds_client.show_application_credential(34            user_id=self.user_id,35            application_credential_id=app_cred['id']36        )['application_credential']37        self.assertNotIn('secret', app_cred)38        # Check that the application credential is functional39        token_id, resp = self.non_admin_token.get_token(40            app_cred_id=app_cred['id'],41            app_cred_secret=secret,42            auth_data=True43        )44        self.assertEqual(resp['project']['id'], self.project_id)45    @decorators.idempotent_id('852daf0c-42b5-4239-8466-d193d0543ed3')46    def test_create_application_credential_expires(self):47        expires_at = timeutils.utcnow() + datetime.timedelta(hours=1)48        app_cred = self.create_application_credential(expires_at=expires_at)49        expires_str = expires_at.isoformat()50        self.assertEqual(expires_str, app_cred['expires_at'])51    @decorators.idempotent_id('ff0cd457-6224-46e7-b79e-0ada4964a8a6')52    def test_list_application_credentials(self):53        self.create_application_credential()54        self.create_application_credential()55        app_creds = self._list_app_creds()56        self.assertEqual(2, len(app_creds))57    @decorators.idempotent_id('9bb5e5cc-5250-493a-8869-8b665f6aa5f6')58    def test_query_application_credentials(self):59        self.create_application_credential()60        app_cred_two = self.create_application_credential()61        app_cred_two_name = app_cred_two['name']62        app_creds = self._list_app_creds(name=app_cred_two_name)63        self.assertEqual(1, len(app_creds))...

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.