Added test_list_tenants non-admin test for v2, v3 api/identity

test_list_tenant test uses non-admin user's token and public
(non-admin) Identity API v2/v3 client to make a request to list
tenants as a user action. Test checks that user can see only
that tenants that he was bound to and cannot log in to tenant
that is not in his list.

Added 2 tests:
* test_list_tenants_returns_only_authorized_tenants to
  api/identity/v2/test_tokens.py
* test_list_projects_returns_only_authorized_projects to
  api/identity/v3/test_projects.py

Change-Id: Iabf3a474e70f87bc494d87d6333d668d52de2968

tempest/api/identity/base.py

@@ -77,7 +77,7 @@ class BaseIdentityV2Test(BaseIdentityTest):
     @classmethod
     def setup_clients(cls):
         super(BaseIdentityV2Test, cls).setup_clients()
-        cls.non_admin_client = cls.os.identity_client
+        cls.non_admin_client = cls.os.identity_public_client
         cls.non_admin_token_client = cls.os.token_client
 
     @classmethod
@@ -97,6 +97,7 @@ class BaseIdentityV2AdminTest(BaseIdentityV2Test):
     def setup_clients(cls):
         super(BaseIdentityV2AdminTest, cls).setup_clients()
         cls.client = cls.os_adm.identity_client
+        cls.non_admin_client = cls.os.identity_client
         cls.token_client = cls.os_adm.token_client
 
     @classmethod

tempest/api/identity/v2/test_tenants.py

@@ -0,0 +1,50 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest_lib import exceptions as lib_exc
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class IdentityTenantsTest(base.BaseIdentityV2Test):
+
+    credentials = ['primary', 'alt']
+
+    @test.idempotent_id('ecae2459-243d-4ba1-ad02-65f15dc82b78')
+    def test_list_tenants_returns_only_authorized_tenants(self):
+        alt_tenant_name = self.alt_manager.credentials.credentials.tenant_name
+        resp = self.non_admin_client.list_tenants()
+
+        # check that user can see only that tenants that he presents in so user
+        # can successfully authenticate using his credentials and tenant name
+        # from received tenants list
+        for tenant in resp['tenants']:
+            body = self.non_admin_token_client.auth(
+                self.os.credentials.username,
+                self.os.credentials.password,
+                tenant['name'])
+            self.assertNotEmpty(body['token']['id'])
+            self.assertEqual(body['token']['tenant']['id'], tenant['id'])
+            self.assertEqual(body['token']['tenant']['name'], tenant['name'])
+            self.assertEqual(body['user']['id'], self.os.credentials.user_id)
+
+        # check that user cannot log in to alt user's tenant
+        self.assertRaises(
+            lib_exc.Unauthorized,
+            self.non_admin_token_client.auth,
+            self.os.credentials.username,
+            self.os.credentials.password,
+            alt_tenant_name)

tempest/api/identity/v3/test_projects.py

@@ -0,0 +1,53 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest_lib import exceptions as lib_exc
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class IdentityV3ProjectsTest(base.BaseIdentityV3Test):
+
+    credentials = ['primary', 'alt']
+
+    @test.idempotent_id('86128d46-e170-4644-866a-cc487f699e1d')
+    def test_list_projects_returns_only_authorized_projects(self):
+        alt_project_name =\
+            self.alt_manager.credentials.credentials.project_name
+        resp = self.non_admin_client.list_user_projects(
+            self.os.credentials.user_id)
+
+        # check that user can see only that projects that he presents in so
+        # user can successfully authenticate using his credentials and
+        # project name from received projects list
+        for project in resp['projects']:
+            token_id, body = self.non_admin_token.get_token(
+                username=self.os.credentials.username,
+                password=self.os.credentials.password,
+                project_name=project['name'],
+                auth_data=True)
+            self.assertNotEmpty(token_id)
+            self.assertEqual(body['project']['id'], project['id'])
+            self.assertEqual(body['project']['name'], project['name'])
+            self.assertEqual(body['user']['id'], self.os.credentials.user_id)
+
+        # check that user cannot log in to alt user's project
+        self.assertRaises(
+            lib_exc.Unauthorized,
+            self.non_admin_token.get_token,
+            username=self.os.credentials.username,
+            password=self.os.credentials.password,
+            project_name=alt_project_name)