Use ephemeral test user for k2k tests

Do not use the admin user as a shadowed federated user for the K2K tests. When trying to add expiring groups for the admin user, keystone has trouble looking up the user in the cache and fails to add the groups to the user. This sometimes results in test failures, which may be masked as failure to clean up the identity provider in between tests and resulting in a conflict trying to recreate it. This change instead uses an ephemeral test user rather than the admin user, which is not meant to be used for authentication tests anyway. Change-Id: Ia4b53b41a0030772a2abdba949ad7529880d8f70
2020-05-10 22:23:50 -07:00 · 2020-05-10 22:23:50 -07:00 · 7814dc2034
parent b8f6b25ddd
commit 7814dc2034
1 changed files with 13 additions and 2 deletions
--- a/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py
+++ b/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py
@ -222,10 +222,17 @@ class TestK2KFederatedAuthentication(TestSaml2EcpFederatedAuthentication):
    def setUp(self):
        super(TestK2KFederatedAuthentication, self).setUp()
        self._setup_sp()
-        user_id = self.keystone_manager.identity_providers_client.user_id
+        self.auth = {'password': data_utils.rand_password()}
+        user_id = self.keystone_manager.users_v3_client.create_user(
+            name=data_utils.rand_name('user'),
+            password=self.auth['password'])['user']['id']
+        self.addCleanup(
+            self.keystone_manager.users_v3_client.delete_user, user_id)
+        self.auth['user_id'] = user_id
        idp_info = self.idps_client.show_identity_provider(self.idp_id)
        domain_id = idp_info['identity_provider']['domain_id']
        project_id = self.keystone_manager.identity_providers_client.tenant_id
+        self.auth['project_id'] = project_id
        group = self.keystone_manager.groups_client.create_group(
            name=data_utils.rand_uuid_hex(), domain_id=domain_id)
        role = self.keystone_manager.roles_v3_client.create_role(
@ -295,12 +302,16 @@ class TestK2KFederatedAuthentication(TestSaml2EcpFederatedAuthentication):
        self.addCleanup(self.sps_client.delete_service_provider, self.sp_id)

    def _get_sp_authn_request(self):
+        token = self.tokens_client.get_token(
+            user_id=self.auth['user_id'],
+            password=self.auth['password'],
+            project_id=self.auth['project_id'])
        body = {
            'auth': {
                'identity': {
                    'methods': ['token'],
                    'token': {
-                        'id': self.auth_client.token
+                        'id': token
                    }
                },
                'scope': {