Use ephemeral test user for k2k tests
Do not use the admin user as a shadowed federated user for the K2K tests. When trying to add expiring groups for the admin user, keystone has trouble looking up the user in the cache and fails to add the groups to the user. This sometimes results in test failures, which may be masked as failure to clean up the identity provider in between tests and resulting in a conflict trying to recreate it. This change instead uses an ephemeral test user rather than the admin user, which is not meant to be used for authentication tests anyway. Change-Id: Ia4b53b41a0030772a2abdba949ad7529880d8f70
This commit is contained in:
parent
b8f6b25ddd
commit
7814dc2034
|
@ -222,10 +222,17 @@ class TestK2KFederatedAuthentication(TestSaml2EcpFederatedAuthentication):
|
|||
def setUp(self):
|
||||
super(TestK2KFederatedAuthentication, self).setUp()
|
||||
self._setup_sp()
|
||||
user_id = self.keystone_manager.identity_providers_client.user_id
|
||||
self.auth = {'password': data_utils.rand_password()}
|
||||
user_id = self.keystone_manager.users_v3_client.create_user(
|
||||
name=data_utils.rand_name('user'),
|
||||
password=self.auth['password'])['user']['id']
|
||||
self.addCleanup(
|
||||
self.keystone_manager.users_v3_client.delete_user, user_id)
|
||||
self.auth['user_id'] = user_id
|
||||
idp_info = self.idps_client.show_identity_provider(self.idp_id)
|
||||
domain_id = idp_info['identity_provider']['domain_id']
|
||||
project_id = self.keystone_manager.identity_providers_client.tenant_id
|
||||
self.auth['project_id'] = project_id
|
||||
group = self.keystone_manager.groups_client.create_group(
|
||||
name=data_utils.rand_uuid_hex(), domain_id=domain_id)
|
||||
role = self.keystone_manager.roles_v3_client.create_role(
|
||||
|
@ -295,12 +302,16 @@ class TestK2KFederatedAuthentication(TestSaml2EcpFederatedAuthentication):
|
|||
self.addCleanup(self.sps_client.delete_service_provider, self.sp_id)
|
||||
|
||||
def _get_sp_authn_request(self):
|
||||
token = self.tokens_client.get_token(
|
||||
user_id=self.auth['user_id'],
|
||||
password=self.auth['password'],
|
||||
project_id=self.auth['project_id'])
|
||||
body = {
|
||||
'auth': {
|
||||
'identity': {
|
||||
'methods': ['token'],
|
||||
'token': {
|
||||
'id': self.auth_client.token
|
||||
'id': token
|
||||
}
|
||||
},
|
||||
'scope': {
|
||||
|
|
Loading…
Reference in New Issue