add bp:cross-domain-testing
A new set of tests to verify cross-domain scenarios with keystone v3. Change-Id: I87ac45f7cd09224518e29df8f5d2097746c69401
This commit is contained in:
parent
7c6f296c2c
commit
8a7d43e5b6
|
@ -0,0 +1,100 @@
|
|||
::
|
||||
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
..
|
||||
This template should be in ReSTructured text. The filename in the git
|
||||
repository should match the launchpad URL, for example a URL of
|
||||
https://blueprints.launchpad.net/tempest/+spec/awesome-thing should be named
|
||||
awesome-thing.rst . Please do not delete any of the sections in this
|
||||
template. If you have nothing to say for a whole section, just write: None
|
||||
For help with syntax, see http://sphinx-doc.org/rest.html
|
||||
To test out your formatting, see http://www.tele3.cz/jbar/rest/rest.html
|
||||
|
||||
=====================
|
||||
Cross Domain Testing
|
||||
=====================
|
||||
|
||||
https://blueprints.launchpad.net/tempest/+spec/cross-domain-testing
|
||||
|
||||
A new set of tests to verify cross-domain scenarios with keystone v3.
|
||||
|
||||
Problem description
|
||||
===================
|
||||
|
||||
Keystone V3 introduces the concept of domains.
|
||||
|
||||
http://api.openstack.org/api-ref-identity.html#Domain_Calls
|
||||
|
||||
With keystone V2, the both names and IDs of keystone entities were
|
||||
globablly unique. In keystone V3, IDs remain globally unique, but
|
||||
names are scoped to a specific domain.
|
||||
|
||||
We need to verify that the scope of IDs and names is properly implemented
|
||||
in keystone.
|
||||
|
||||
We need to verify that that the introduction of domains and modified
|
||||
scope of names does not cause issues with the services consuming keystone.
|
||||
|
||||
A example scenario is verifying that there is no visibility of resources
|
||||
such as keypairs or servers across a pair of identical username, tenant_name
|
||||
defined in two different domains.
|
||||
|
||||
Proposed change
|
||||
===============
|
||||
|
||||
Add two groups of tests:
|
||||
- Keystone scenario tests, to verify the correct scope of ID and name for
|
||||
users, groups, roles and projects, as well as cross domain user / project
|
||||
association.
|
||||
- Scenario tests for each service, to verify the impact of multi-domain
|
||||
scenarios on existing services.
|
||||
|
||||
Example test:
|
||||
|
||||
::
|
||||
TestAccount1: Domain1, UserName1, ProjectName1
|
||||
TestAccount2: Domain2, UserName1, ProjectName1
|
||||
|
||||
Create a resource A with TestAccount1
|
||||
Create a resource B with TestAccount2
|
||||
|
||||
Client obtains token1 via keystone v3 API for TestAccount1.
|
||||
Client requests list of a resources using token1, verify that only A
|
||||
is returned.
|
||||
|
||||
Tests using keystone v3 shall be executed only if api_v3 is True.
|
||||
|
||||
Alternatives
|
||||
------------
|
||||
|
||||
None
|
||||
|
||||
Implementation
|
||||
==============
|
||||
|
||||
Assignee(s)
|
||||
-----------
|
||||
|
||||
Primary assignee:
|
||||
Andrea Frittoli <andrea.frittoli@hp.com>
|
||||
|
||||
Milestones
|
||||
----------
|
||||
|
||||
Target Milestone for completion:
|
||||
Juno-1
|
||||
|
||||
Work Items
|
||||
----------
|
||||
|
||||
None
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
Availability of keystone V3 to obtain tokens in scenario tests depends on
|
||||
the implementation of multi-keystone-api-version-tests bp:
|
||||
|
||||
https://blueprints.launchpad.net/tempest/+spec/multi-keystone-api-version-tests
|
Loading…
Reference in New Issue