From c0c90279ce45b62c9cee49c53e0fa2375b82e573 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Sat, 20 Jan 2024 11:23:09 +0900
Subject: [PATCH] Drop identity v2 api tests

These tests can be removed now, because the identity v2 API was removed
from Keystone during Queens cycle and Queens is no longer supported
by current master of tempest.

This also deprecates the related options so that we can drop these
options later.

Change-Id: I0be2273890cecaa26da37624c185c1bd367b2acf
---
 ...ve-identity-v2-tests-369b3fa190f624da.yaml |  23 ++
 tempest/api/identity/admin/v2/__init__.py     |   0
 .../api/identity/admin/v2/test_endpoints.py   |  97 ------
 tempest/api/identity/admin/v2/test_roles.py   | 121 -------
 .../identity/admin/v2/test_roles_negative.py  | 296 ------------------
 .../api/identity/admin/v2/test_services.py    | 115 -------
 .../identity/admin/v2/test_tenant_negative.py | 164 ----------
 tempest/api/identity/admin/v2/test_tenants.py | 157 ----------
 tempest/api/identity/admin/v2/test_tokens.py  | 143 ---------
 .../identity/admin/v2/test_tokens_negative.py |  43 ---
 tempest/api/identity/admin/v2/test_users.py   | 204 ------------
 .../identity/admin/v2/test_users_negative.py  | 286 -----------------
 tempest/api/identity/base.py                  |  79 -----
 tempest/api/identity/v2/__init__.py           |   0
 tempest/api/identity/v2/test_api_discovery.py |  60 ----
 .../api/identity/v2/test_ec2_credentials.py   | 113 -------
 tempest/api/identity/v2/test_extension.py     |  32 --
 tempest/api/identity/v2/test_tenants.py       |  52 ---
 tempest/api/identity/v2/test_tokens.py        |  50 ---
 tempest/api/identity/v2/test_users.py         | 112 -------
 tempest/clients.py                            |  34 --
 tempest/config.py                             |  29 +-
 22 files changed, 44 insertions(+), 2166 deletions(-)
 create mode 100644 releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml
 delete mode 100644 tempest/api/identity/admin/v2/__init__.py
 delete mode 100644 tempest/api/identity/admin/v2/test_endpoints.py
 delete mode 100644 tempest/api/identity/admin/v2/test_roles.py
 delete mode 100644 tempest/api/identity/admin/v2/test_roles_negative.py
 delete mode 100644 tempest/api/identity/admin/v2/test_services.py
 delete mode 100644 tempest/api/identity/admin/v2/test_tenant_negative.py
 delete mode 100644 tempest/api/identity/admin/v2/test_tenants.py
 delete mode 100644 tempest/api/identity/admin/v2/test_tokens.py
 delete mode 100644 tempest/api/identity/admin/v2/test_tokens_negative.py
 delete mode 100644 tempest/api/identity/admin/v2/test_users.py
 delete mode 100644 tempest/api/identity/admin/v2/test_users_negative.py
 delete mode 100644 tempest/api/identity/v2/__init__.py
 delete mode 100644 tempest/api/identity/v2/test_api_discovery.py
 delete mode 100644 tempest/api/identity/v2/test_ec2_credentials.py
 delete mode 100644 tempest/api/identity/v2/test_extension.py
 delete mode 100644 tempest/api/identity/v2/test_tenants.py
 delete mode 100644 tempest/api/identity/v2/test_tokens.py
 delete mode 100644 tempest/api/identity/v2/test_users.py

diff --git a/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml
new file mode 100644
index 0000000000..d927a685a0
--- /dev/null
+++ b/releasenotes/notes/remove-identity-v2-tests-369b3fa190f624da.yaml
@@ -0,0 +1,23 @@
+---
+upgrade:
+  - |
+    Tests for identity v2 API have been removed.
+
+deprecations:
+  - |
+    The following options have been formally deprecated. These options were
+    used to test identity v2 API which was removed during Queens cycle.
+    The tests for identity v2 API were removed from tempest and these options
+    have no effect.
+
+    - ``[identity] uri``
+    - ``[identity] v2_admin_endpoint_type``
+    - ``[identity] v2_public_endpoint_type``
+    - ``[identity-feature-enabled] api_v2_admin``
+
+  - |
+    The following options have been deprecated because only identity v3 API
+    is used.
+
+    - ``[identity] auth_version``
+    - ``[identity-feature-enabled] api_v3``
diff --git a/tempest/api/identity/admin/v2/__init__.py b/tempest/api/identity/admin/v2/__init__.py
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/tempest/api/identity/admin/v2/test_endpoints.py b/tempest/api/identity/admin/v2/test_endpoints.py
deleted file mode 100644
index 20d023b4b3..0000000000
--- a/tempest/api/identity/admin/v2/test_endpoints.py
+++ /dev/null
@@ -1,97 +0,0 @@
-# Copyright 2013 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class EndPointsTestJSON(base.BaseIdentityV2AdminTest):
-    """Test keystone v2 endpoints"""
-
-    @classmethod
-    def resource_setup(cls):
-        super(EndPointsTestJSON, cls).resource_setup()
-        s_name = data_utils.rand_name(
-            name='service', prefix=CONF.resource_name_prefix)
-        s_type = data_utils.rand_name(
-            name='type', prefix=CONF.resource_name_prefix)
-        s_description = data_utils.rand_name(
-            name='description', prefix=CONF.resource_name_prefix)
-        service_data = cls.services_client.create_service(
-            name=s_name, type=s_type,
-            description=s_description)['OS-KSADM:service']
-        cls.addClassResourceCleanup(cls.services_client.delete_service,
-                                    service_data['id'])
-        cls.service_id = service_data['id']
-        # Create endpoints so as to use for LIST and GET test cases
-        cls.setup_endpoints = list()
-        for _ in range(2):
-            region = data_utils.rand_name(
-                name='region', prefix=CONF.resource_name_prefix)
-            url = data_utils.rand_url()
-            endpoint = cls.endpoints_client.create_endpoint(
-                service_id=cls.service_id,
-                region=region,
-                publicurl=url,
-                adminurl=url,
-                internalurl=url)['endpoint']
-            cls.addClassResourceCleanup(cls.endpoints_client.delete_endpoint,
-                                        endpoint['id'])
-            # list_endpoints() will return 'enabled' field
-            endpoint['enabled'] = True
-            cls.setup_endpoints.append(endpoint)
-
-    @decorators.idempotent_id('11f590eb-59d8-4067-8b2b-980c7f387f51')
-    def test_list_endpoints(self):
-        """Test listing keystone endpoints"""
-        # Get a list of endpoints
-        fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
-        # Asserting LIST endpoints
-        missing_endpoints =\
-            [e for e in self.setup_endpoints if e not in fetched_endpoints]
-        self.assertEmpty(missing_endpoints,
-                         "Failed to find endpoint %s in fetched list" %
-                         ', '.join(str(e) for e in missing_endpoints))
-
-    @decorators.idempotent_id('9974530a-aa28-4362-8403-f06db02b26c1')
-    def test_create_list_delete_endpoint(self):
-        """Test creating, listing and deleting a keystone endpoint"""
-        region = data_utils.rand_name(
-            name='region', prefix=CONF.resource_name_prefix)
-        url = data_utils.rand_url()
-        endpoint = self.endpoints_client.create_endpoint(
-            service_id=self.service_id,
-            region=region,
-            publicurl=url,
-            adminurl=url,
-            internalurl=url)['endpoint']
-        # Asserting Create Endpoint response body
-        self.assertIn('id', endpoint)
-        self.assertEqual(region, endpoint['region'])
-        self.assertEqual(url, endpoint['publicurl'])
-        # Checking if created endpoint is present in the list of endpoints
-        fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
-        fetched_endpoints_id = [e['id'] for e in fetched_endpoints]
-        self.assertIn(endpoint['id'], fetched_endpoints_id)
-        # Deleting the endpoint created in this method
-        self.endpoints_client.delete_endpoint(endpoint['id'])
-        # Checking whether endpoint is deleted successfully
-        fetched_endpoints = self.endpoints_client.list_endpoints()['endpoints']
-        fetched_endpoints_id = [e['id'] for e in fetched_endpoints]
-        self.assertNotIn(endpoint['id'], fetched_endpoints_id)
diff --git a/tempest/api/identity/admin/v2/test_roles.py b/tempest/api/identity/admin/v2/test_roles.py
deleted file mode 100644
index 6d384ab5fa..0000000000
--- a/tempest/api/identity/admin/v2/test_roles.py
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class RolesTestJSON(base.BaseIdentityV2AdminTest):
-
-    @classmethod
-    def resource_setup(cls):
-        super(RolesTestJSON, cls).resource_setup()
-        cls.roles = list()
-        for _ in range(5):
-            role_name = data_utils.rand_name(
-                name='role', prefix=CONF.resource_name_prefix)
-            role = cls.roles_client.create_role(name=role_name)['role']
-            cls.addClassResourceCleanup(
-                test_utils.call_and_ignore_notfound_exc,
-                cls.roles_client.delete_role, role['id'])
-            cls.roles.append(role)
-
-    def _get_role_params(self):
-        user = self.setup_test_user()
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        role = self.setup_test_role()
-        return (user, tenant, role)
-
-    def assert_role_in_role_list(self, role, roles):
-        found = False
-        for user_role in roles:
-            if user_role['id'] == role['id']:
-                found = True
-        self.assertTrue(found, "assigned role was not in list")
-
-    @decorators.idempotent_id('75d9593f-50b7-4fcf-bd64-e3fb4a278e23')
-    def test_list_roles(self):
-        """Return a list of all roles."""
-        body = self.roles_client.list_roles()['roles']
-        found = [role for role in body if role in self.roles]
-        self.assertNotEmpty(found)
-        self.assertEqual(len(found), len(self.roles))
-
-    @decorators.idempotent_id('c62d909d-6c21-48c0-ae40-0a0760e6db5e')
-    def test_role_create_delete(self):
-        """Role should be created, verified, and deleted."""
-        role_name = data_utils.rand_name(
-            name='role-test', prefix=CONF.resource_name_prefix)
-        body = self.roles_client.create_role(name=role_name)['role']
-        self.addCleanup(test_utils.call_and_ignore_notfound_exc,
-                        self.roles_client.delete_role, body['id'])
-        self.assertEqual(role_name, body['name'])
-
-        body = self.roles_client.list_roles()['roles']
-        found = [role for role in body if role['name'] == role_name]
-        self.assertNotEmpty(found)
-
-        body = self.roles_client.delete_role(found[0]['id'])
-
-        body = self.roles_client.list_roles()['roles']
-        found = [role for role in body if role['name'] == role_name]
-        self.assertEmpty(found)
-
-    @decorators.idempotent_id('db6870bd-a6ed-43be-a9b1-2f10a5c9994f')
-    def test_get_role_by_id(self):
-        """Get a role by its id."""
-        role = self.setup_test_role()
-        role_id = role['id']
-        role_name = role['name']
-        body = self.roles_client.show_role(role_id)['role']
-        self.assertEqual(role_id, body['id'])
-        self.assertEqual(role_name, body['name'])
-
-    @decorators.idempotent_id('0146f675-ffbd-4208-b3a4-60eb628dbc5e')
-    def test_assign_user_role(self):
-        """Assign a role to a user on a tenant."""
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        roles = self.roles_client.list_user_roles_on_project(
-            tenant['id'], user['id'])['roles']
-        self.assert_role_in_role_list(role, roles)
-
-    @decorators.idempotent_id('f0b9292c-d3ba-4082-aa6c-440489beef69')
-    def test_remove_user_role(self):
-        """Remove a role assigned to a user on a tenant."""
-        (user, tenant, role) = self._get_role_params()
-        user_role = self.roles_client.create_user_role_on_project(
-            tenant['id'], user['id'], role['id'])['role']
-        self.roles_client.delete_role_from_user_on_project(tenant['id'],
-                                                           user['id'],
-                                                           user_role['id'])
-
-    @decorators.idempotent_id('262e1e3e-ed71-4edd-a0e5-d64e83d66d05')
-    def test_list_user_roles(self):
-        """List roles assigned to a user on tenant."""
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        roles = self.roles_client.list_user_roles_on_project(
-            tenant['id'], user['id'])['roles']
-        self.assert_role_in_role_list(role, roles)
diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py
deleted file mode 100644
index 0f0466eece..0000000000
--- a/tempest/api/identity/admin/v2/test_roles_negative.py
+++ /dev/null
@@ -1,296 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
-    """Negative tests of keystone roles via v2 API"""
-
-    def _get_role_params(self):
-        user = self.setup_test_user()
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        role = self.setup_test_role()
-        return (user, tenant, role)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('d5d5f1df-f8ca-4de0-b2ef-259c1cc67025')
-    def test_list_roles_by_unauthorized_user(self):
-        """Test Non-admin user should not be able to list roles via v2 API"""
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_roles_client.list_roles)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('11a3c7da-df6c-40c2-abc2-badd682edf9f')
-    def test_list_roles_request_without_token(self):
-        """Test listing roles without a valid token via v2 API should fail"""
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(lib_exc.Unauthorized, self.roles_client.list_roles)
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('c0b89e56-accc-4c73-85f8-9c0f866104c1')
-    def test_role_create_blank_name(self):
-        """Test creating a role with a blank name via v2 API is not allowed"""
-        self.assertRaises(lib_exc.BadRequest, self.roles_client.create_role,
-                          name='')
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('585c8998-a8a4-4641-a5dd-abef7a8ced00')
-    def test_create_role_by_unauthorized_user(self):
-        """Test non-admin user should not be able to create role via v2 API"""
-        role_name = data_utils.rand_name(
-            name='role', prefix=CONF.resource_name_prefix)
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_roles_client.create_role,
-                          name=role_name)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('a7edd17a-e34a-4aab-8bb7-fa6f498645b8')
-    def test_create_role_request_without_token(self):
-        """Test creating role without a valid token via v2 API should fail"""
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        role_name = data_utils.rand_name(
-            name='role', prefix=CONF.resource_name_prefix)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.roles_client.create_role, name=role_name)
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('c0cde2c8-81c1-4bb0-8fe2-cf615a3547a8')
-    def test_role_create_duplicate(self):
-        """Test role names should be unique via v2 API"""
-        role_name = data_utils.rand_name(
-            name='role-dup', prefix=CONF.resource_name_prefix)
-        body = self.roles_client.create_role(name=role_name)['role']
-        role1_id = body.get('id')
-        self.addCleanup(self.roles_client.delete_role, role1_id)
-        self.assertRaises(lib_exc.Conflict, self.roles_client.create_role,
-                          name=role_name)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('15347635-b5b1-4a87-a280-deb2bd6d865e')
-    def test_delete_role_by_unauthorized_user(self):
-        """Test non-admin user should not be able to delete role via v2 API"""
-        role_name = data_utils.rand_name(
-            name='role', prefix=CONF.resource_name_prefix)
-        body = self.roles_client.create_role(name=role_name)['role']
-        self.addCleanup(self.roles_client.delete_role, body['id'])
-        role_id = body.get('id')
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_roles_client.delete_role, role_id)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('44b60b20-70de-4dac-beaf-a3fc2650a16b')
-    def test_delete_role_request_without_token(self):
-        """Test deleting role without a valid token via v2 API should fail"""
-        role_name = data_utils.rand_name(
-            name='role', prefix=CONF.resource_name_prefix)
-        body = self.roles_client.create_role(name=role_name)['role']
-        self.addCleanup(self.roles_client.delete_role, body['id'])
-        role_id = body.get('id')
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.roles_client.delete_role,
-                          role_id)
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('38373691-8551-453a-b074-4260ad8298ef')
-    def test_delete_role_non_existent(self):
-        """Test deleting a non existent role via v2 API should fail"""
-        non_existent_role = data_utils.rand_uuid_hex()
-        self.assertRaises(lib_exc.NotFound, self.roles_client.delete_role,
-                          non_existent_role)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('391df5cf-3ec3-46c9-bbe5-5cb58dd4dc41')
-    def test_assign_user_role_by_unauthorized_user(self):
-        """Test non-admin user assigning a role to user via v2 API
-
-        Non-admin user should not be authorized to assign a role to user via
-        v2 API.
-        """
-        (user, tenant, role) = self._get_role_params()
-        self.assertRaises(
-            lib_exc.Forbidden,
-            self.non_admin_roles_client.create_user_role_on_project,
-            tenant['id'], user['id'], role['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('f0d2683c-5603-4aee-95d7-21420e87cfd8')
-    def test_assign_user_role_request_without_token(self):
-        """Test assigning a role to a user without a valid token via v2 API
-
-        Assigning a role to a user without a valid token via v2 API should
-        fail.
-        """
-        (user, tenant, role) = self._get_role_params()
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(
-            lib_exc.Unauthorized,
-            self.roles_client.create_user_role_on_project, tenant['id'],
-            user['id'], role['id'])
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('99b297f6-2b5d-47c7-97a9-8b6bb4f91042')
-    def test_assign_user_role_for_non_existent_role(self):
-        """Test assigning a non existent role to user via v2 API
-
-        Assigning a non existent role to user via v2 API should fail.
-        """
-        (user, tenant, _) = self._get_role_params()
-        non_existent_role = data_utils.rand_uuid_hex()
-        self.assertRaises(lib_exc.NotFound,
-                          self.roles_client.create_user_role_on_project,
-                          tenant['id'], user['id'], non_existent_role)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('b2285aaa-9e76-4704-93a9-7a8acd0a6c8f')
-    def test_assign_user_role_for_non_existent_tenant(self):
-        """Test assigning a role on a non existent tenant via v2 API
-
-        Assigning a role on a non existent tenant via v2 API should fail.
-        """
-        (user, _, role) = self._get_role_params()
-        non_existent_tenant = data_utils.rand_uuid_hex()
-        self.assertRaises(lib_exc.NotFound,
-                          self.roles_client.create_user_role_on_project,
-                          non_existent_tenant, user['id'], role['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('5c3132cd-c4c8-4402-b5ea-71eb44e97793')
-    def test_assign_duplicate_user_role(self):
-        """Test duplicate user role should not get assigned via v2 API"""
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        self.assertRaises(lib_exc.Conflict,
-                          self.roles_client.create_user_role_on_project,
-                          tenant['id'], user['id'], role['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('d0537987-0977-448f-a435-904c15de7298')
-    def test_remove_user_role_by_unauthorized_user(self):
-        """Test non-admin user removing a user's role via v2 API
-
-        Non-admin user should not be authorized to remove a user's role via
-        v2 API
-        """
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        self.assertRaises(
-            lib_exc.Forbidden,
-            self.non_admin_roles_client.delete_role_from_user_on_project,
-            tenant['id'], user['id'], role['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('cac81cf4-c1d2-47dc-90d3-f2b7eb572286')
-    def test_remove_user_role_request_without_token(self):
-        """Test removing a user's role without a valid token via v2 API
-
-        Removing a user's role without a valid token via v2 API should fail.
-        """
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.roles_client.delete_role_from_user_on_project,
-                          tenant['id'], user['id'], role['id'])
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('ab32d759-cd16-41f1-a86e-44405fa9f6d2')
-    def test_remove_user_role_non_existent_role(self):
-        """Test deleting a non existent role from a user via v2 API
-
-        Deleting a non existent role from a user via v2 API should fail.
-        """
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        non_existent_role = data_utils.rand_uuid_hex()
-        self.assertRaises(lib_exc.NotFound,
-                          self.roles_client.delete_role_from_user_on_project,
-                          tenant['id'], user['id'], non_existent_role)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('67a679ec-03dd-4551-bbfc-d1c93284f023')
-    def test_remove_user_role_non_existent_tenant(self):
-        """Test removing a role from a non existent tenant via v2 API
-
-        Removing a role from a non existent tenant via v2 API should fail.
-        """
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        non_existent_tenant = data_utils.rand_uuid_hex()
-        self.assertRaises(lib_exc.NotFound,
-                          self.roles_client.delete_role_from_user_on_project,
-                          non_existent_tenant, user['id'], role['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('7391ab4c-06f3-477a-a64a-c8e55ce89837')
-    def test_list_user_roles_by_unauthorized_user(self):
-        """Test non-admin user listing a user's roles via v2 API
-
-        Non-admin user should not be authorized to list a user's roles via v2
-        API.
-        """
-        (user, tenant, role) = self._get_role_params()
-        self.roles_client.create_user_role_on_project(tenant['id'],
-                                                      user['id'],
-                                                      role['id'])
-        self.assertRaises(
-            lib_exc.Forbidden,
-            self.non_admin_roles_client.list_user_roles_on_project,
-            tenant['id'], user['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('682adfb2-fd5f-4b0a-a9ca-322e9bebb907')
-    def test_list_user_roles_request_without_token(self):
-        """Test listing user's roles without a valid token via v2 API
-
-        Listing user's roles without a valid token via v2 API should fail
-        """
-        (user, tenant, _) = self._get_role_params()
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        try:
-            self.assertRaises(lib_exc.Unauthorized,
-                              self.roles_client.list_user_roles_on_project,
-                              tenant['id'],
-                              user['id'])
-        finally:
-            self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_services.py b/tempest/api/identity/admin/v2/test_services.py
deleted file mode 100644
index 0e5d3783fe..0000000000
--- a/tempest/api/identity/admin/v2/test_services.py
+++ /dev/null
@@ -1,115 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class ServicesTestJSON(base.BaseIdentityV2AdminTest):
-    """Test identity services via v2 API"""
-
-    def _del_service(self, service_id):
-        # Deleting the service created in this method
-        self.services_client.delete_service(service_id)
-        # Checking whether service is deleted successfully
-        self.assertRaises(lib_exc.NotFound, self.services_client.show_service,
-                          service_id)
-
-    @decorators.idempotent_id('84521085-c6e6-491c-9a08-ec9f70f90110')
-    def test_create_get_delete_service(self):
-        """Test verifies the identity service create/get/delete via v2 API"""
-        # GET Service
-        # Creating a Service
-        name = data_utils.rand_name(
-            name='service', prefix=CONF.resource_name_prefix)
-        s_type = data_utils.rand_name(
-            name='type', prefix=CONF.resource_name_prefix)
-        description = data_utils.rand_name(
-            name='description', prefix=CONF.resource_name_prefix)
-        service_data = self.services_client.create_service(
-            name=name, type=s_type,
-            description=description)['OS-KSADM:service']
-        self.assertIsNotNone(service_data['id'])
-        self.addCleanup(self._del_service, service_data['id'])
-        # Verifying response body of create service
-        self.assertIn('name', service_data)
-        self.assertEqual(name, service_data['name'])
-        self.assertIn('type', service_data)
-        self.assertEqual(s_type, service_data['type'])
-        self.assertIn('description', service_data)
-        self.assertEqual(description, service_data['description'])
-        # Get service
-        fetched_service = (
-            self.services_client.show_service(service_data['id'])
-            ['OS-KSADM:service'])
-        # verifying the existence of service created
-        self.assertIn('id', fetched_service)
-        self.assertEqual(fetched_service['id'], service_data['id'])
-        self.assertIn('name', fetched_service)
-        self.assertEqual(fetched_service['name'], service_data['name'])
-        self.assertIn('type', fetched_service)
-        self.assertEqual(fetched_service['type'], service_data['type'])
-        self.assertIn('description', fetched_service)
-        self.assertEqual(fetched_service['description'],
-                         service_data['description'])
-
-    @decorators.idempotent_id('5d3252c8-e555-494b-a6c8-e11d7335da42')
-    def test_create_service_without_description(self):
-        """Test creating identity service without description via v2 API
-
-        Create a service only with name and type.
-        """
-        name = data_utils.rand_name(
-            name='service', prefix=CONF.resource_name_prefix)
-        s_type = data_utils.rand_name(
-            name='type', prefix=CONF.resource_name_prefix)
-        service = self.services_client.create_service(
-            name=name, type=s_type)['OS-KSADM:service']
-        self.assertIn('id', service)
-        self.addCleanup(self._del_service, service['id'])
-        self.assertIn('name', service)
-        self.assertEqual(name, service['name'])
-        self.assertIn('type', service)
-        self.assertEqual(s_type, service['type'])
-
-    @decorators.attr(type='smoke')
-    @decorators.idempotent_id('34ea6489-012d-4a86-9038-1287cadd5eca')
-    def test_list_services(self):
-        """Test Create/List/Verify/Delete of identity service via v2 API"""
-        services = []
-        for _ in range(3):
-            name = data_utils.rand_name(
-                name='service', prefix=CONF.resource_name_prefix)
-            s_type = data_utils.rand_name(
-                name='type', prefix=CONF.resource_name_prefix)
-            description = data_utils.rand_name(
-                name='description', prefix=CONF.resource_name_prefix)
-
-            service = self.services_client.create_service(
-                name=name, type=s_type,
-                description=description)['OS-KSADM:service']
-            self.addCleanup(self.services_client.delete_service, service['id'])
-            services.append(service)
-        service_ids = [svc['id'] for svc in services]
-
-        # List and Verify Services
-        body = self.services_client.list_services()['OS-KSADM:services']
-        found = [serv for serv in body if serv['id'] in service_ids]
-        self.assertEqual(len(found), len(services), 'Services not found')
diff --git a/tempest/api/identity/admin/v2/test_tenant_negative.py b/tempest/api/identity/admin/v2/test_tenant_negative.py
deleted file mode 100644
index 4c7c44ccd9..0000000000
--- a/tempest/api/identity/admin/v2/test_tenant_negative.py
+++ /dev/null
@@ -1,164 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
-    """Negative tests of keystone tenants via v2 API"""
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('ca9bb202-63dd-4240-8a07-8ef9c19c04bb')
-    def test_list_tenants_by_unauthorized_user(self):
-        """Test Non-admin should not be able to list tenants via v2 API"""
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_tenants_client.list_tenants)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('df33926c-1c96-4d8d-a762-79cc6b0c3cf4')
-    def test_list_tenant_request_without_token(self):
-        """Test listing tenants without a valid token via v2 API
-
-        Listing tenants without a valid token via v2 API should fail.
-        """
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.tenants_client.list_tenants)
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('162ba316-f18b-4987-8c0c-fd9140cd63ed')
-    def test_tenant_delete_by_unauthorized_user(self):
-        """Test non-admin should not be able to delete a tenant via v2 API"""
-        tenant = self.setup_test_tenant()
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_tenants_client.delete_tenant,
-                          tenant['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('e450db62-2e9d-418f-893a-54772d6386b1')
-    def test_tenant_delete_request_without_token(self):
-        """Test deleting a tenant without a valid token via v2 API
-
-        Deleting a tenant without a valid token via v2 API should fail.
-        """
-        tenant = self.setup_test_tenant()
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.tenants_client.delete_tenant,
-                          tenant['id'])
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('9c9a2aed-6e3c-467a-8f5c-89da9d1b516b')
-    def test_delete_non_existent_tenant(self):
-        """Test deleting a non existent tenant via v2 API should fail"""
-        self.assertRaises(lib_exc.NotFound, self.tenants_client.delete_tenant,
-                          data_utils.rand_uuid_hex())
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('af16f44b-a849-46cb-9f13-a751c388f739')
-    def test_tenant_create_duplicate(self):
-        """Test tenant names should be unique via v2 API"""
-        tenant_name = data_utils.rand_name(
-            name='tenant', prefix=CONF.resource_name_prefix)
-        self.setup_test_tenant(name=tenant_name)
-        self.assertRaises(lib_exc.Conflict, self.tenants_client.create_tenant,
-                          name=tenant_name)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('d26b278a-6389-4702-8d6e-5980d80137e0')
-    def test_create_tenant_by_unauthorized_user(self):
-        """Test non-admin user creating a tenant via v2 API
-
-        Non-admin user should not be authorized to create a tenant via v2 API.
-        """
-        tenant_name = data_utils.rand_name(
-            name='tenant', prefix=CONF.resource_name_prefix)
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_tenants_client.create_tenant,
-                          name=tenant_name)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('a3ee9d7e-6920-4dd5-9321-d4b2b7f0a638')
-    def test_create_tenant_request_without_token(self):
-        """Test creating tenant without a token via v2 API is not allowed"""
-        tenant_name = data_utils.rand_name(
-            name='tenant', prefix=CONF.resource_name_prefix)
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.tenants_client.create_tenant,
-                          name=tenant_name)
-        self.client.auth_provider.clear_auth()
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('5a2e4ca9-b0c0-486c-9c48-64a94fba2395')
-    def test_create_tenant_with_empty_name(self):
-        """Test tenant name should not be empty via v2 API"""
-        self.assertRaises(lib_exc.BadRequest,
-                          self.tenants_client.create_tenant,
-                          name='')
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('2ff18d1e-dfe3-4359-9dc3-abf582c196b9')
-    def test_create_tenants_name_length_over_64(self):
-        """Test tenant name length should not exceed 64 via v2 API"""
-        tenant_name = 'a' * 65
-        self.assertRaises(lib_exc.BadRequest,
-                          self.tenants_client.create_tenant,
-                          name=tenant_name)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('bd20dc2a-9557-4db7-b755-f48d952ad706')
-    def test_update_non_existent_tenant(self):
-        """Test updating a non existent tenant via v2 API should fail"""
-        self.assertRaises(lib_exc.NotFound, self.tenants_client.update_tenant,
-                          data_utils.rand_uuid_hex())
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('41704dc5-c5f7-4f79-abfa-76e6fedc570b')
-    def test_tenant_update_by_unauthorized_user(self):
-        """Test non-admin user updating a tenant via v2 API
-
-        Non-admin user should not be able to update a tenant via v2 API
-        """
-        tenant = self.setup_test_tenant()
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_tenants_client.update_tenant,
-                          tenant['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('7a421573-72c7-4c22-a98e-ce539219c657')
-    def test_tenant_update_request_without_token(self):
-        """Test updating a tenant without a valid token via v2 API
-
-        Updating a tenant without a valid token via v2 API should fail
-        """
-        tenant = self.setup_test_tenant()
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.tenants_client.update_tenant,
-                          tenant['id'])
-        self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_tenants.py b/tempest/api/identity/admin/v2/test_tenants.py
deleted file mode 100644
index 4f674a8498..0000000000
--- a/tempest/api/identity/admin/v2/test_tenants.py
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class TenantsTestJSON(base.BaseIdentityV2AdminTest):
-    """Test identity tenants via v2 API"""
-
-    @decorators.idempotent_id('16c6e05c-6112-4b0e-b83f-5e43f221b6b0')
-    def test_tenant_list_delete(self):
-        """Test listing and deleting tenants via v2 API
-
-        Create several tenants and delete them
-        """
-        tenants = []
-        for _ in range(3):
-            tenant = self.setup_test_tenant()
-            tenants.append(tenant)
-        tenant_ids = [tn['id'] for tn in tenants]
-        body = self.tenants_client.list_tenants()['tenants']
-        found = [t for t in body if t['id'] in tenant_ids]
-        self.assertEqual(len(found), len(tenants), 'Tenants not created')
-
-        for tenant in tenants:
-            self.tenants_client.delete_tenant(tenant['id'])
-
-        body = self.tenants_client.list_tenants()['tenants']
-        found = [tenant for tenant in body if tenant['id'] in tenant_ids]
-        self.assertEmpty(found, 'Tenants failed to delete')
-
-    @decorators.idempotent_id('d25e9f24-1310-4d29-b61b-d91299c21d6d')
-    def test_tenant_create_with_description(self):
-        """Test creating tenant with a description via v2 API"""
-        tenant_desc = data_utils.rand_name(
-            name='desc', prefix=CONF.resource_name_prefix)
-        tenant = self.setup_test_tenant(description=tenant_desc)
-        tenant_id = tenant['id']
-        desc1 = tenant['description']
-        self.assertEqual(desc1, tenant_desc, 'Description should have '
-                         'been sent in response for create')
-        body = self.tenants_client.show_tenant(tenant_id)['tenant']
-        desc2 = body['description']
-        self.assertEqual(desc2, tenant_desc, 'Description does not appear '
-                         'to be set')
-        self.tenants_client.delete_tenant(tenant_id)
-
-    @decorators.idempotent_id('670bdddc-1cd7-41c7-b8e2-751cfb67df50')
-    def test_tenant_create_enabled(self):
-        """Test creating a tenant that is enabled via v2 API"""
-        tenant = self.setup_test_tenant(enabled=True)
-        tenant_id = tenant['id']
-        self.assertTrue(tenant['enabled'], 'Enable should be True in response')
-        body = self.tenants_client.show_tenant(tenant_id)['tenant']
-        self.assertTrue(body['enabled'], 'Enable should be True in lookup')
-        self.tenants_client.delete_tenant(tenant_id)
-
-    @decorators.idempotent_id('3be22093-b30f-499d-b772-38340e5e16fb')
-    def test_tenant_create_not_enabled(self):
-        """Test creating a tenant that is not enabled via v2 API"""
-        tenant = self.setup_test_tenant(enabled=False)
-        tenant_id = tenant['id']
-        self.assertFalse(tenant['enabled'],
-                         'Enable should be False in response')
-        body = self.tenants_client.show_tenant(tenant_id)['tenant']
-        self.assertFalse(body['enabled'],
-                         'Enable should be False in lookup')
-        self.tenants_client.delete_tenant(tenant_id)
-
-    @decorators.idempotent_id('781f2266-d128-47f3-8bdb-f70970add238')
-    def test_tenant_update_name(self):
-        """Test updating name attribute of a tenant via v2 API"""
-        t_name1 = data_utils.rand_name(
-            name='tenant', prefix=CONF.resource_name_prefix)
-        tenant = self.setup_test_tenant(name=t_name1)
-        t_id = tenant['id']
-        resp1_name = tenant['name']
-
-        t_name2 = data_utils.rand_name(
-            name='tenant2', prefix=CONF.resource_name_prefix)
-        body = self.tenants_client.update_tenant(t_id, name=t_name2)['tenant']
-        resp2_name = body['name']
-        self.assertNotEqual(resp1_name, resp2_name)
-
-        body = self.tenants_client.show_tenant(t_id)['tenant']
-        resp3_name = body['name']
-
-        self.assertNotEqual(resp1_name, resp3_name)
-        self.assertEqual(t_name1, resp1_name)
-        self.assertEqual(resp2_name, resp3_name)
-
-        self.tenants_client.delete_tenant(t_id)
-
-    @decorators.idempotent_id('859fcfe1-3a03-41ef-86f9-b19a47d1cd87')
-    def test_tenant_update_desc(self):
-        """Test updating description attribute of a tenant via v2 API"""
-        t_desc = data_utils.rand_name(
-            name='desc', prefix=CONF.resource_name_prefix)
-        tenant = self.setup_test_tenant(description=t_desc)
-        t_id = tenant['id']
-        resp1_desc = tenant['description']
-
-        t_desc2 = data_utils.rand_name(
-            name='desc2', prefix=CONF.resource_name_prefix)
-        body = self.tenants_client.update_tenant(t_id, description=t_desc2)
-        updated_tenant = body['tenant']
-        resp2_desc = updated_tenant['description']
-        self.assertNotEqual(resp1_desc, resp2_desc)
-
-        body = self.tenants_client.show_tenant(t_id)['tenant']
-        resp3_desc = body['description']
-
-        self.assertNotEqual(resp1_desc, resp3_desc)
-        self.assertEqual(t_desc, resp1_desc)
-        self.assertEqual(resp2_desc, resp3_desc)
-
-        self.tenants_client.delete_tenant(t_id)
-
-    @decorators.idempotent_id('8fc8981f-f12d-4c66-9972-2bdcf2bc2e1a')
-    def test_tenant_update_enable(self):
-        """Test updating the enabled attribute of a tenant via v2 API"""
-        t_en = False
-        tenant = self.setup_test_tenant(enabled=t_en)
-        t_id = tenant['id']
-        resp1_en = tenant['enabled']
-
-        t_en2 = True
-        body = self.tenants_client.update_tenant(t_id, enabled=t_en2)
-        updated_tenant = body['tenant']
-        resp2_en = updated_tenant['enabled']
-        self.assertNotEqual(resp1_en, resp2_en)
-
-        body = self.tenants_client.show_tenant(t_id)['tenant']
-        resp3_en = body['enabled']
-
-        self.assertNotEqual(resp1_en, resp3_en)
-        self.assertFalse(tenant['enabled'])
-        self.assertEqual(resp2_en, resp3_en)
-
-        self.tenants_client.delete_tenant(t_id)
diff --git a/tempest/api/identity/admin/v2/test_tokens.py b/tempest/api/identity/admin/v2/test_tokens.py
deleted file mode 100644
index 78a2aada5c..0000000000
--- a/tempest/api/identity/admin/v2/test_tokens.py
+++ /dev/null
@@ -1,143 +0,0 @@
-# Copyright 2013 Huawei Technologies Co.,LTD.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class TokensTestJSON(base.BaseIdentityV2AdminTest):
-    """Test keystone tokens via v2 API"""
-
-    @decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586')
-    def test_create_check_get_delete_token(self):
-        """Test getting create/check/get/delete token for user via v2 API"""
-        # get a token by username and password
-        user_name = data_utils.rand_name(
-            name='user', prefix=CONF.resource_name_prefix)
-        user_password = data_utils.rand_password()
-        # first:create a tenant
-        tenant = self.setup_test_tenant()
-        # second:create a user
-        user = self.create_test_user(name=user_name,
-                                     password=user_password,
-                                     tenantId=tenant['id'],
-                                     email='')
-        # then get a token for the user
-        body = self.token_client.auth(user_name,
-                                      user_password,
-                                      tenant['name'])
-        self.assertEqual(body['token']['tenant']['name'],
-                         tenant['name'])
-        # Perform GET Token
-        token_id = body['token']['id']
-        self.client.check_token_existence(token_id)
-        token_details = self.client.show_token(token_id)['access']
-        self.assertEqual(token_id, token_details['token']['id'])
-        self.assertEqual(user['id'], token_details['user']['id'])
-        self.assertEqual(user_name, token_details['user']['name'])
-        self.assertEqual(tenant['name'],
-                         token_details['token']['tenant']['name'])
-        # then delete the token
-        self.client.delete_token(token_id)
-        self.assertRaises(lib_exc.NotFound,
-                          self.client.check_token_existence,
-                          token_id)
-
-    @decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e')
-    def test_rescope_token(self):
-        """Test an unscoped token can be requested via v2 API
-
-        That token can be used to request a scoped token.
-        """
-
-        # Create a user.
-        user_name = data_utils.rand_name(
-            name='user', prefix=CONF.resource_name_prefix)
-        user_password = data_utils.rand_password()
-        tenant_id = None  # No default tenant so will get unscoped token.
-        user = self.create_test_user(name=user_name,
-                                     password=user_password,
-                                     tenantId=tenant_id,
-                                     email='')
-
-        # Create a couple tenants.
-        tenant1_name = data_utils.rand_name(
-            name='tenant', prefix=CONF.resource_name_prefix)
-        tenant1 = self.setup_test_tenant(name=tenant1_name)
-
-        tenant2_name = data_utils.rand_name(
-            name='tenant', prefix=CONF.resource_name_prefix)
-        tenant2 = self.setup_test_tenant(name=tenant2_name)
-
-        # Create a role
-        role = self.setup_test_role()
-
-        # Grant the user the role on the tenants.
-        self.roles_client.create_user_role_on_project(tenant1['id'],
-                                                      user['id'],
-                                                      role['id'])
-
-        self.roles_client.create_user_role_on_project(tenant2['id'],
-                                                      user['id'],
-                                                      role['id'])
-
-        # Get an unscoped token.
-        body = self.token_client.auth(user_name, user_password)
-
-        token_id = body['token']['id']
-
-        # Use the unscoped token to get a token scoped to tenant1
-        body = self.token_client.auth_token(token_id,
-                                            tenant=tenant1_name)
-
-        scoped_token_id = body['token']['id']
-
-        # Revoke the scoped token
-        self.client.delete_token(scoped_token_id)
-
-        # Use the unscoped token to get a token scoped to tenant2
-        body = self.token_client.auth_token(token_id,
-                                            tenant=tenant2_name)
-
-    @decorators.idempotent_id('ca3ea6f7-ed08-4a61-adbd-96906456ad31')
-    def test_list_endpoints_for_token(self):
-        """Test listing endpoints for token via v2 API"""
-        tempest_services = ['keystone', 'nova', 'neutron', 'swift', 'cinder',
-                            'neutron']
-        # get a token for the user
-        creds = self.os_primary.credentials
-        username = creds.username
-        password = creds.password
-        tenant_name = creds.tenant_name
-        token = self.token_client.auth(username,
-                                       password,
-                                       tenant_name)['token']
-        endpoints = self.client.list_endpoints_for_token(
-            token['id'])['endpoints']
-        self.assertIsInstance(endpoints, list)
-        # Store list of service names
-        service_names = [e['name'] for e in endpoints]
-        # Get the list of available services. Keystone is always available.
-        available_services = [s[0] for s in list(
-            CONF.service_available.items()) if s[1] is True] + ['keystone']
-        # Verify that all available services are present.
-        for service in tempest_services:
-            if service in available_services:
-                self.assertIn(service, service_names)
diff --git a/tempest/api/identity/admin/v2/test_tokens_negative.py b/tempest/api/identity/admin/v2/test_tokens_negative.py
deleted file mode 100644
index f2e41ffff2..0000000000
--- a/tempest/api/identity/admin/v2/test_tokens_negative.py
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 2017 AT&T Corporation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class TokensAdminTestNegative(base.BaseIdentityV2AdminTest):
-    """Negative tests of keystone tokens via v2 API"""
-
-    credentials = ['primary', 'admin', 'alt']
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('a0a0a600-4292-4364-99c5-922c834fdf05')
-    def test_check_token_existence_negative(self):
-        """Test checking other tenant's token existence via v2 API
-
-        Checking other tenant's token existence via v2 API should fail.
-        """
-        creds = self.os_primary.credentials
-        creds_alt = self.os_alt.credentials
-        username = creds.username
-        password = creds.password
-        tenant_name = creds.tenant_name
-        alt_tenant_name = creds_alt.tenant_name
-        body = self.token_client.auth(username, password, tenant_name)
-        self.assertRaises(lib_exc.Unauthorized,
-                          self.client.check_token_existence,
-                          body['token']['id'],
-                          belongsTo=alt_tenant_name)
diff --git a/tempest/api/identity/admin/v2/test_users.py b/tempest/api/identity/admin/v2/test_users.py
deleted file mode 100644
index 011419e3e7..0000000000
--- a/tempest/api/identity/admin/v2/test_users.py
+++ /dev/null
@@ -1,204 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-import time
-
-from testtools import matchers
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-
-CONF = config.CONF
-
-
-class UsersTestJSON(base.BaseIdentityV2AdminTest):
-    """Test keystone users via v2 API"""
-
-    @classmethod
-    def resource_setup(cls):
-        super(UsersTestJSON, cls).resource_setup()
-        cls.alt_user = data_utils.rand_name(
-            name='test_user', prefix=CONF.resource_name_prefix)
-        cls.alt_email = cls.alt_user + '@testmail.tm'
-
-    @decorators.attr(type='smoke')
-    @decorators.idempotent_id('2d55a71e-da1d-4b43-9c03-d269fd93d905')
-    def test_create_user(self):
-        """Test creating a user via v2 API"""
-        tenant = self.setup_test_tenant()
-        user = self.create_test_user(name=self.alt_user, tenantId=tenant['id'])
-        self.assertEqual(self.alt_user, user['name'])
-
-    @decorators.idempotent_id('89d9fdb8-15c2-4304-a429-48715d0af33d')
-    def test_create_user_with_enabled(self):
-        """Test creating a user with enabled : False via v2 API"""
-        tenant = self.setup_test_tenant()
-        name = data_utils.rand_name(
-            name='test_user', prefix=CONF.resource_name_prefix)
-        user = self.create_test_user(name=name,
-                                     tenantId=tenant['id'],
-                                     email=self.alt_email,
-                                     enabled=False)
-        self.assertEqual(name, user['name'])
-        self.assertEqual(False, user['enabled'])
-        self.assertEqual(self.alt_email, user['email'])
-
-    @decorators.idempotent_id('39d05857-e8a5-4ed4-ba83-0b52d3ab97ee')
-    def test_update_user(self):
-        """Test updating user attributes via v2 API"""
-        tenant = self.setup_test_tenant()
-        user = self.create_test_user(tenantId=tenant['id'])
-
-        # Updating user details with new values
-        u_name2 = data_utils.rand_name(
-            name='user2', prefix=CONF.resource_name_prefix)
-        u_email2 = u_name2 + '@testmail.tm'
-        update_user = self.users_client.update_user(user['id'], name=u_name2,
-                                                    email=u_email2,
-                                                    enabled=False)['user']
-        self.assertEqual(u_name2, update_user['name'])
-        self.assertEqual(u_email2, update_user['email'])
-        self.assertEqual(False, update_user['enabled'])
-        # GET by id after updating
-        updated_user = self.users_client.show_user(user['id'])['user']
-        # Assert response body of GET after updating
-        self.assertEqual(u_name2, updated_user['name'])
-        self.assertEqual(u_email2, updated_user['email'])
-        self.assertEqual(False, update_user['enabled'])
-
-    @decorators.idempotent_id('29ed26f4-a74e-4425-9a85-fdb49fa269d2')
-    def test_delete_user(self):
-        """Test deleting a user via v2 API"""
-        tenant = self.setup_test_tenant()
-        user = self.create_test_user(tenantId=tenant['id'])
-        self.users_client.delete_user(user['id'])
-
-    @decorators.idempotent_id('aca696c3-d645-4f45-b728-63646045beb1')
-    def test_user_authentication(self):
-        """Test that valid user's token is authenticated via v2 API"""
-        password = data_utils.rand_password()
-        user = self.setup_test_user(password)
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        # Get a token
-        self.token_client.auth(user['name'],
-                               password,
-                               tenant['name'])
-        # Re-auth
-        self.token_client.auth(user['name'],
-                               password,
-                               tenant['name'])
-
-    @decorators.idempotent_id('5d1fa498-4c2d-4732-a8fe-2b054598cfdd')
-    def test_authentication_request_without_token(self):
-        """Test authentication request without token via v2 API"""
-        # Request for token authentication with a valid token in header
-        password = data_utils.rand_password()
-        user = self.setup_test_user(password)
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        self.token_client.auth(user['name'],
-                               password,
-                               tenant['name'])
-        # Get the token of the current client
-        token = self.client.auth_provider.get_token()
-        # Delete the token from database
-        self.client.delete_token(token)
-        # Re-auth
-        self.token_client.auth(user['name'],
-                               password,
-                               tenant['name'])
-        self.client.auth_provider.clear_auth()
-
-    @decorators.idempotent_id('a149c02e-e5e0-4b89-809e-7e8faf33ccda')
-    def test_get_users(self):
-        """Test getting users via v2 API
-
-        Get a list of users and find the test user
-        """
-        user = self.setup_test_user()
-        users = self.users_client.list_users()['users']
-        self.assertThat([u['name'] for u in users],
-                        matchers.Contains(user['name']),
-                        "Could not find %s" % user['name'])
-
-    @decorators.idempotent_id('6e317209-383a-4bed-9f10-075b7c82c79a')
-    def test_list_users_for_tenant(self):
-        """Test returning a list of all users for a tenant via v2 API"""
-        tenant = self.setup_test_tenant()
-        user_ids = list()
-        fetched_user_ids = list()
-        user1 = self.create_test_user(tenantId=tenant['id'])
-        user_ids.append(user1['id'])
-        user2 = self.create_test_user(tenantId=tenant['id'])
-        user_ids.append(user2['id'])
-        # List of users for the respective tenant ID
-        body = (self.tenants_client.list_tenant_users(tenant['id'])
-                ['users'])
-        for i in body:
-            fetched_user_ids.append(i['id'])
-        # verifying the user Id in the list
-        missing_users =\
-            [user for user in user_ids if user not in fetched_user_ids]
-        self.assertEmpty(missing_users,
-                         "Failed to find user %s in fetched list" %
-                         ', '.join(m_user for m_user in missing_users))
-
-    @decorators.idempotent_id('a8b54974-40e1-41c0-b812-50fc90827971')
-    def test_list_users_with_roles_for_tenant(self):
-        """Test listing users on tenant with roles assigned via v2 API"""
-        user = self.setup_test_user()
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        role = self.setup_test_role()
-        # Assigning roles to two users
-        user_ids = list()
-        fetched_user_ids = list()
-        user_ids.append(user['id'])
-        role = self.roles_client.create_user_role_on_project(
-            tenant['id'], user['id'], role['id'])['role']
-
-        second_user = self.create_test_user(tenantId=tenant['id'])
-        user_ids.append(second_user['id'])
-        role = self.roles_client.create_user_role_on_project(
-            tenant['id'], second_user['id'], role['id'])['role']
-        # List of users with roles for the respective tenant ID
-        body = (self.tenants_client.list_tenant_users(tenant['id'])['users'])
-        for i in body:
-            fetched_user_ids.append(i['id'])
-        # verifying the user Id in the list
-        missing_users = [missing_user for missing_user in user_ids
-                         if missing_user not in fetched_user_ids]
-        self.assertEmpty(missing_users,
-                         "Failed to find user %s in fetched list" %
-                         ', '.join(m_user for m_user in missing_users))
-
-    @decorators.idempotent_id('1aeb25ac-6ec5-4d8b-97cb-7ac3567a989f')
-    def test_update_user_password(self):
-        """Test updating of user password via v2 API"""
-        user = self.setup_test_user()
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        # Updating the user with new password
-        new_pass = data_utils.rand_password()
-        update_user = self.users_client.update_user_password(
-            user['id'], password=new_pass)['user']
-        self.assertEqual(update_user['id'], user['id'])
-        # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
-        # Keystone should only be precise to the second. Sleep to ensure
-        # we are passing the second boundary.
-        time.sleep(1)
-        # Validate the updated password through getting a token.
-        body = self.token_client.auth(user['name'], new_pass,
-                                      tenant['name'])
-        self.assertIn('id', body['token'])
diff --git a/tempest/api/identity/admin/v2/test_users_negative.py b/tempest/api/identity/admin/v2/test_users_negative.py
deleted file mode 100644
index 7ccd75cb8e..0000000000
--- a/tempest/api/identity/admin/v2/test_users_negative.py
+++ /dev/null
@@ -1,286 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-CONF = config.CONF
-
-
-class UsersNegativeTestJSON(base.BaseIdentityV2AdminTest):
-    """Negative tests of identity users via v2 API"""
-
-    @classmethod
-    def resource_setup(cls):
-        super(UsersNegativeTestJSON, cls).resource_setup()
-        cls.alt_user = data_utils.rand_name(
-            'test_user', prefix=CONF.resource_name_prefix)
-        cls.alt_password = data_utils.rand_password()
-        cls.alt_email = cls.alt_user + '@testmail.tm'
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('60a1f5fa-5744-4cdf-82bf-60b7de2d29a4')
-    def test_create_user_by_unauthorized_user(self):
-        """Non-admin should not be authorized to create a user via v2 API"""
-        tenant = self.setup_test_tenant()
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_users_client.create_user,
-                          name=self.alt_user, password=self.alt_password,
-                          tenantId=tenant['id'],
-                          email=self.alt_email)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('d80d0c2f-4514-4d1e-806d-0930dfc5a187')
-    def test_create_user_with_empty_name(self):
-        """User with an empty name should not be created via v2 API"""
-        tenant = self.setup_test_tenant()
-        self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
-                          name='', password=self.alt_password,
-                          tenantId=tenant['id'],
-                          email=self.alt_email)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('7704b4f3-3b75-4b82-87cc-931d41c8f780')
-    def test_create_user_with_name_length_over_255(self):
-        """Length of user name should not exceed 255 via v2 API"""
-        tenant = self.setup_test_tenant()
-        self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
-                          name='a' * 256, password=self.alt_password,
-                          tenantId=tenant['id'],
-                          email=self.alt_email)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('57ae8558-120c-4723-9308-3751474e7ecf')
-    def test_create_user_with_duplicate_name(self):
-        """Duplicate user should not be created via v2 API"""
-        password = data_utils.rand_password()
-        user = self.setup_test_user(password)
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        self.assertRaises(lib_exc.Conflict, self.users_client.create_user,
-                          name=user['name'],
-                          password=password,
-                          tenantId=tenant['id'],
-                          email=user['email'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('0132cc22-7c4f-42e1-9e50-ac6aad31d59a')
-    def test_create_user_for_non_existent_tenant(self):
-        """Creating a user in a non-existent tenant via v2 API should fail"""
-        self.assertRaises(lib_exc.NotFound, self.users_client.create_user,
-                          name=self.alt_user,
-                          password=self.alt_password,
-                          tenantId='49ffgg99999',
-                          email=self.alt_email)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('55bbb103-d1ae-437b-989b-bcdf8175c1f4')
-    def test_create_user_request_without_a_token(self):
-        """Creating a user without a valid token via v2 API should fail"""
-        tenant = self.setup_test_tenant()
-        # Get the token of the current client
-        token = self.client.auth_provider.get_token()
-        # Delete the token from database
-        self.client.delete_token(token)
-
-        # Unset the token to allow further tests to generate a new token
-        self.addCleanup(self.client.auth_provider.clear_auth)
-
-        self.assertRaises(lib_exc.Unauthorized, self.users_client.create_user,
-                          name=self.alt_user, password=self.alt_password,
-                          tenantId=tenant['id'],
-                          email=self.alt_email)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('23a2f3da-4a1a-41da-abdd-632328a861ad')
-    def test_create_user_with_enabled_non_bool(self):
-        """Creating a user with invalid enabled para via v2 API should fail"""
-        tenant = self.setup_test_tenant()
-        name = data_utils.rand_name(
-            'test_user', prefix=CONF.resource_name_prefix)
-        self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
-                          name=name, password=self.alt_password,
-                          tenantId=tenant['id'],
-                          email=self.alt_email, enabled=3)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('3d07e294-27a0-4144-b780-a2a1bf6fee19')
-    def test_update_user_for_non_existent_user(self):
-        """Updating a non-existent user via v2 API should fail"""
-        user_name = data_utils.rand_name(
-            'user', prefix=CONF.resource_name_prefix)
-        non_existent_id = data_utils.rand_uuid()
-        self.assertRaises(lib_exc.NotFound, self.users_client.update_user,
-                          non_existent_id, name=user_name)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('3cc2a64b-83aa-4b02-88f0-d6ab737c4466')
-    def test_update_user_request_without_a_token(self):
-        """Updating a user without a valid token via v2 API should fail"""
-
-        # Get the token of the current client
-        token = self.client.auth_provider.get_token()
-        # Delete the token from database
-        self.client.delete_token(token)
-
-        # Unset the token to allow further tests to generate a new token
-        self.addCleanup(self.client.auth_provider.clear_auth)
-
-        self.assertRaises(lib_exc.Unauthorized, self.users_client.update_user,
-                          self.alt_user)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('424868d5-18a7-43e1-8903-a64f95ee3aac')
-    def test_update_user_by_unauthorized_user(self):
-        """Non-admin should not be authorized to update user via v2 API"""
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_users_client.update_user,
-                          self.alt_user)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('d45195d5-33ed-41b9-a452-7d0d6a00f6e9')
-    def test_delete_users_by_unauthorized_user(self):
-        """Non-admin should not be authorized to delete a user via v2 API"""
-        user = self.setup_test_user()
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_users_client.delete_user,
-                          user['id'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('7cc82f7e-9998-4f89-abae-23df36495867')
-    def test_delete_non_existent_user(self):
-        """Attempt to delete a non-existent user via v2 API should fail"""
-        self.assertRaises(lib_exc.NotFound, self.users_client.delete_user,
-                          'junk12345123')
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('57fe1df8-0aa7-46c0-ae9f-c2e785c7504a')
-    def test_delete_user_request_without_a_token(self):
-        """Deleting a user without a valid token via v2 API should fail"""
-
-        # Get the token of the current client
-        token = self.client.auth_provider.get_token()
-        # Delete the token from database
-        self.client.delete_token(token)
-
-        # Unset the token to allow further tests to generate a new token
-        self.addCleanup(self.client.auth_provider.clear_auth)
-
-        self.assertRaises(lib_exc.Unauthorized, self.users_client.delete_user,
-                          self.alt_user)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('593a4981-f6d4-460a-99a1-57a78bf20829')
-    def test_authentication_for_disabled_user(self):
-        """Disabled user's token should not get authenticated via v2 API"""
-        password = data_utils.rand_password()
-        user = self.setup_test_user(password)
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        self.disable_user(user['name'])
-        self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
-                          user['name'],
-                          password,
-                          tenant['name'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('440a7a8d-9328-4b7b-83e0-d717010495e4')
-    def test_authentication_when_tenant_is_disabled(self):
-        """Test User's token for a disabled tenant via v2 API
-
-        User's token for a disabled tenant should not be authenticated via
-        v2 API.
-        """
-        password = data_utils.rand_password()
-        user = self.setup_test_user(password)
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        self.disable_tenant(tenant['name'])
-        self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
-                          user['name'],
-                          password,
-                          tenant['name'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('921f1ad6-7907-40b8-853f-637e7ee52178')
-    def test_authentication_with_invalid_tenant(self):
-        """Test User's token for an invalid tenant via v2 API
-
-        User's token for an invalid tenant should not be authenticated via V2
-        API.
-        """
-        password = data_utils.rand_password()
-        user = self.setup_test_user(password)
-        self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
-                          user['name'],
-                          password,
-                          'junktenant1234')
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('bde9aecd-3b1c-4079-858f-beb5deaa5b5e')
-    def test_authentication_with_invalid_username(self):
-        """Non-existent user's token should not get authorized via v2 API"""
-        password = data_utils.rand_password()
-        user = self.setup_test_user(password)
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
-                          'junkuser123', password, tenant['name'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('d5308b33-3574-43c3-8d87-1c090c5e1eca')
-    def test_authentication_with_invalid_password(self):
-        """Test User's token with invalid password via v2 API
-
-        User's token with invalid password should not be authenticated via V2
-        API.
-        """
-        user = self.setup_test_user()
-        tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
-        self.assertRaises(lib_exc.Unauthorized, self.token_client.auth,
-                          user['name'], 'junkpass1234', tenant['name'])
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('284192ce-fb7c-4909-a63b-9a502e0ddd11')
-    def test_get_users_by_unauthorized_user(self):
-        """Non-admin should not be authorized to get user list via v2 API"""
-        self.assertRaises(lib_exc.Forbidden,
-                          self.non_admin_users_client.list_users)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('a73591ec-1903-4ffe-be42-282b39fefc9d')
-    def test_get_users_request_without_token(self):
-        """Listing users without a valid token via v2 API should fail"""
-        token = self.client.auth_provider.get_token()
-        self.client.delete_token(token)
-
-        # Unset the token to allow further tests to generate a new token
-        self.addCleanup(self.client.auth_provider.clear_auth)
-
-        self.assertRaises(lib_exc.Unauthorized, self.users_client.list_users)
-
-    @decorators.attr(type=['negative'])
-    @decorators.idempotent_id('f5d39046-fc5f-425c-b29e-bac2632da28e')
-    def test_list_users_with_invalid_tenant(self):
-        """Listing users for a non-existent tenant via v2 API should fail"""
-        # Assign invalid tenant ids
-        invalid_id = list()
-        invalid_id.append(data_utils.rand_name('999'))
-        invalid_id.append('alpha')
-        invalid_id.append(data_utils.rand_name("dddd@#%%^$"))
-        invalid_id.append('!@#()$%^&*?<>{}[]')
-        # List the users with invalid tenant id
-        for invalid in invalid_id:
-            self.assertRaises(lib_exc.NotFound,
-                              self.tenants_client.list_tenant_users, invalid)
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 9cdd917d9a..811dff4fed 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -98,85 +98,6 @@ class BaseIdentityTest(tempest.test.BaseTestCase):
         return role
 
 
-class BaseIdentityV2Test(BaseIdentityTest):
-
-    credentials = ['primary']
-
-    # identity v2 tests should obtain tokens and create accounts via v2
-    # regardless of the configured CONF.identity.auth_version
-    identity_version = 'v2'
-
-    @classmethod
-    def setup_clients(cls):
-        super(BaseIdentityV2Test, cls).setup_clients()
-        cls.non_admin_client = cls.os_primary.identity_public_client
-        cls.non_admin_token_client = cls.os_primary.token_client
-        cls.non_admin_tenants_client = cls.os_primary.tenants_public_client
-        cls.non_admin_users_client = cls.os_primary.users_public_client
-
-
-class BaseIdentityV2AdminTest(BaseIdentityV2Test):
-
-    credentials = ['primary', 'admin']
-
-    # NOTE(andreaf) Identity tests work with credentials, so it is safer
-    # for them to always use disposable credentials. Forcing dynamic creds
-    # on regular identity tests would be however to restrictive, since it
-    # would prevent any identity test from being executed against clouds where
-    # admin credentials are not available.
-    # Since All admin tests require admin credentials to be
-    # executed, so this will not impact the ability to execute tests.
-    force_tenant_isolation = True
-
-    @classmethod
-    def skip_checks(cls):
-        super(BaseIdentityV2AdminTest, cls).skip_checks()
-        if not CONF.identity_feature_enabled.api_v2_admin:
-            raise cls.skipException('Identity v2 admin not available')
-
-    @classmethod
-    def setup_clients(cls):
-        super(BaseIdentityV2AdminTest, cls).setup_clients()
-        cls.client = cls.os_admin.identity_client
-        cls.non_admin_client = cls.os_primary.identity_client
-        cls.token_client = cls.os_admin.token_client
-        cls.tenants_client = cls.os_admin.tenants_client
-        cls.non_admin_tenants_client = cls.os_primary.tenants_client
-        cls.roles_client = cls.os_admin.roles_client
-        cls.non_admin_roles_client = cls.os_primary.roles_client
-        cls.users_client = cls.os_admin.users_client
-        cls.non_admin_users_client = cls.os_primary.users_client
-        cls.services_client = cls.os_admin.identity_services_client
-        cls.endpoints_client = cls.os_admin.endpoints_client
-
-    @classmethod
-    def resource_setup(cls):
-        super(BaseIdentityV2AdminTest, cls).resource_setup()
-        cls.projects_client = cls.tenants_client
-
-    def setup_test_user(self, password=None):
-        """Set up a test user."""
-        tenant = self.setup_test_tenant()
-        user = self.create_test_user(tenantId=tenant['id'], password=password)
-        return user
-
-    def setup_test_tenant(self, **kwargs):
-        """Set up a test tenant."""
-        if 'name' not in kwargs:
-            kwargs['name'] = data_utils.rand_name(
-                name='test_tenant',
-                prefix=CONF.resource_name_prefix)
-        if 'description' not in kwargs:
-            kwargs['description'] = data_utils.rand_name(
-                name='desc', prefix=CONF.resource_name_prefix)
-        tenant = self.projects_client.create_tenant(**kwargs)['tenant']
-        # Delete the tenant at the end of the test
-        self.addCleanup(
-            test_utils.call_and_ignore_notfound_exc,
-            self.tenants_client.delete_tenant, tenant['id'])
-        return tenant
-
-
 class BaseIdentityV3Test(BaseIdentityTest):
 
     credentials = ['primary']
diff --git a/tempest/api/identity/v2/__init__.py b/tempest/api/identity/v2/__init__.py
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/tempest/api/identity/v2/test_api_discovery.py b/tempest/api/identity/v2/test_api_discovery.py
deleted file mode 100644
index afda104f79..0000000000
--- a/tempest/api/identity/v2/test_api_discovery.py
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 2015 OpenStack Foundation.
-# Copyright 2015, Red Hat, Inc.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class TestApiDiscovery(base.BaseIdentityV2Test):
-    """Tests for identity v2 API discovery features."""
-
-    @decorators.attr(type='smoke')
-    @decorators.idempotent_id('ea889a68-a15f-4166-bfb1-c12456eae853')
-    def test_api_version_resources(self):
-        """Test showing identity v2 api version resources"""
-        descr = self.non_admin_client.show_api_description()['version']
-        expected_resources = ('id', 'links', 'media-types', 'status',
-                              'updated')
-
-        keys = descr.keys()
-        for res in expected_resources:
-            self.assertIn(res, keys)
-
-    @decorators.attr(type='smoke')
-    @decorators.idempotent_id('007a0be0-78fe-4fdb-bbee-e9216cc17bb2')
-    def test_api_media_types(self):
-        """Test showing identity v2 api version media type"""
-        descr = self.non_admin_client.show_api_description()['version']
-        # Get MIME type bases and descriptions
-        media_types = [(media_type['base'], media_type['type']) for
-                       media_type in descr['media-types']]
-        # These are supported for API version 2
-        supported_types = [('application/json',
-                            'application/vnd.openstack.identity-v2.0+json')]
-
-        # Check if supported types exist in response body
-        for s_type in supported_types:
-            self.assertIn(s_type, media_types)
-
-    @decorators.attr(type='smoke')
-    @decorators.idempotent_id('77fd6be0-8801-48e6-b9bf-38cdd2f253ec')
-    def test_api_version_statuses(self):
-        """Test showing identity v2 api version status"""
-        descr = self.non_admin_client.show_api_description()['version']
-        status = descr['status'].lower()
-        supported_statuses = ['current', 'stable', 'experimental',
-                              'supported', 'deprecated']
-
-        self.assertIn(status, supported_statuses)
diff --git a/tempest/api/identity/v2/test_ec2_credentials.py b/tempest/api/identity/v2/test_ec2_credentials.py
deleted file mode 100644
index 9981ef8bea..0000000000
--- a/tempest/api/identity/v2/test_ec2_credentials.py
+++ /dev/null
@@ -1,113 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest.common import utils
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class EC2CredentialsTest(base.BaseIdentityV2Test):
-
-    @classmethod
-    def skip_checks(cls):
-        super(EC2CredentialsTest, cls).skip_checks()
-        if not utils.is_extension_enabled('OS-EC2', 'identity'):
-            msg = "OS-EC2 identity extension not enabled."
-            raise cls.skipException(msg)
-
-    @classmethod
-    def resource_setup(cls):
-        super(EC2CredentialsTest, cls).resource_setup()
-        cls.creds = cls.os_primary.credentials
-
-    @decorators.idempotent_id('b580fab9-7ae9-46e8-8138-417260cb6f9f')
-    def test_create_ec2_credential(self):
-        """Create user ec2 credential."""
-        resp = self.non_admin_users_client.create_user_ec2_credential(
-            self.creds.user_id,
-            tenant_id=self.creds.tenant_id)["credential"]
-        access = resp['access']
-        self.addCleanup(
-            self.non_admin_users_client.delete_user_ec2_credential,
-            self.creds.user_id, access)
-        self.assertNotEmpty(resp['access'])
-        self.assertNotEmpty(resp['secret'])
-        self.assertEqual(self.creds.user_id, resp['user_id'])
-        self.assertEqual(self.creds.tenant_id, resp['tenant_id'])
-
-    @decorators.idempotent_id('9e2ea42f-0a4f-468c-a768-51859ce492e0')
-    def test_list_ec2_credentials(self):
-        """Get the list of user ec2 credentials."""
-        created_creds = []
-        # create first ec2 credentials
-        creds1 = self.non_admin_users_client.create_user_ec2_credential(
-            self.creds.user_id,
-            tenant_id=self.creds.tenant_id)["credential"]
-        created_creds.append(creds1['access'])
-        self.addCleanup(
-            self.non_admin_users_client.delete_user_ec2_credential,
-            self.creds.user_id, creds1['access'])
-
-        # create second ec2 credentials
-        creds2 = self.non_admin_users_client.create_user_ec2_credential(
-            self.creds.user_id,
-            tenant_id=self.creds.tenant_id)["credential"]
-        created_creds.append(creds2['access'])
-        self.addCleanup(
-            self.non_admin_users_client.delete_user_ec2_credential,
-            self.creds.user_id, creds2['access'])
-
-        # get the list of user ec2 credentials
-        resp = self.non_admin_users_client.list_user_ec2_credentials(
-            self.creds.user_id)["credentials"]
-        fetched_creds = [cred['access'] for cred in resp]
-        # created credentials should be in a fetched list
-        missing = [cred for cred in created_creds
-                   if cred not in fetched_creds]
-        self.assertEmpty(missing,
-                         "Failed to find ec2_credentials %s in fetched list" %
-                         ', '.join(cred for cred in missing))
-
-    @decorators.idempotent_id('cb284075-b613-440d-83ca-fe0b33b3c2b8')
-    def test_show_ec2_credential(self):
-        """Get the definite user ec2 credential."""
-        resp = self.non_admin_users_client.create_user_ec2_credential(
-            self.creds.user_id,
-            tenant_id=self.creds.tenant_id)["credential"]
-        self.addCleanup(
-            self.non_admin_users_client.delete_user_ec2_credential,
-            self.creds.user_id, resp['access'])
-
-        ec2_creds = self.non_admin_users_client.show_user_ec2_credential(
-            self.creds.user_id, resp['access']
-        )["credential"]
-        for key in ['access', 'secret', 'user_id', 'tenant_id']:
-            self.assertEqual(ec2_creds[key], resp[key])
-
-    @decorators.idempotent_id('6aba0d4c-b76b-4e46-aa42-add79bc1551d')
-    def test_delete_ec2_credential(self):
-        """Delete user ec2 credential."""
-        resp = self.non_admin_users_client.create_user_ec2_credential(
-            self.creds.user_id,
-            tenant_id=self.creds.tenant_id)["credential"]
-        access = resp['access']
-        self.non_admin_users_client.delete_user_ec2_credential(
-            self.creds.user_id, access)
-        self.assertRaises(
-            lib_exc.NotFound,
-            self.non_admin_users_client.show_user_ec2_credential,
-            self.creds.user_id,
-            access)
diff --git a/tempest/api/identity/v2/test_extension.py b/tempest/api/identity/v2/test_extension.py
deleted file mode 100644
index 13555bdf01..0000000000
--- a/tempest/api/identity/v2/test_extension.py
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright 2014 NEC Corporation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class ExtensionTestJSON(base.BaseIdentityV2Test):
-    """Test extensions in identity v2 API"""
-
-    @decorators.idempotent_id('85f3f661-f54c-4d48-b563-72ae952b9383')
-    def test_list_extensions(self):
-        """List all the identity extensions via v2 API"""
-        body = self.non_admin_client.list_extensions()['extensions']['values']
-        self.assertNotEmpty(body)
-        keys = ['name', 'updated', 'alias', 'links',
-                'namespace', 'description']
-        for value in body:
-            for key in keys:
-                self.assertIn(key, value)
diff --git a/tempest/api/identity/v2/test_tenants.py b/tempest/api/identity/v2/test_tenants.py
deleted file mode 100644
index 1752b650fb..0000000000
--- a/tempest/api/identity/v2/test_tenants.py
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.api.identity import base
-from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
-
-
-class IdentityTenantsTest(base.BaseIdentityV2Test):
-    """Test listing tenants in identity v2 API"""
-
-    credentials = ['primary', 'alt']
-
-    @decorators.idempotent_id('ecae2459-243d-4ba1-ad02-65f15dc82b78')
-    def test_list_tenants_returns_only_authorized_tenants(self):
-        """Test listing tenants only returns authorized tenants via v2 API"""
-        alt_tenant_name = self.os_alt.credentials.tenant_name
-        resp = self.non_admin_tenants_client.list_tenants()
-
-        # check that user can see only that tenants that he presents in so user
-        # can successfully authenticate using his credentials and tenant name
-        # from received tenants list
-        for tenant in resp['tenants']:
-            body = self.non_admin_token_client.auth(
-                self.os_primary.credentials.username,
-                self.os_primary.credentials.password,
-                tenant['name'])
-            self.assertNotEmpty(body['token']['id'])
-            self.assertEqual(body['token']['tenant']['id'], tenant['id'])
-            self.assertEqual(body['token']['tenant']['name'], tenant['name'])
-            self.assertEqual(
-                body['user']['id'], self.os_primary.credentials.user_id)
-
-        # check that user cannot log in to alt user's tenant
-        self.assertRaises(
-            lib_exc.Unauthorized,
-            self.non_admin_token_client.auth,
-            self.os_primary.credentials.username,
-            self.os_primary.credentials.password,
-            alt_tenant_name)
diff --git a/tempest/api/identity/v2/test_tokens.py b/tempest/api/identity/v2/test_tokens.py
deleted file mode 100644
index d3776b85c5..0000000000
--- a/tempest/api/identity/v2/test_tokens.py
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from oslo_utils import timeutils
-from tempest.api.identity import base
-from tempest.lib import decorators
-
-
-class TokensTest(base.BaseIdentityV2Test):
-    """Test tokens in identity v2 API"""
-
-    @decorators.idempotent_id('65ae3b78-91ff-467b-a705-f6678863b8ec')
-    def test_create_token(self):
-        """Test creating token for user via v2 API"""
-        token_client = self.non_admin_token_client
-
-        # get a token for the user
-        creds = self.os_primary.credentials
-        username = creds.username
-        password = creds.password
-        tenant_name = creds.tenant_name
-
-        body = token_client.auth(username, password, tenant_name)
-
-        self.assertNotEmpty(body['token']['id'])
-        self.assertIsInstance(body['token']['id'], str)
-
-        now = timeutils.utcnow()
-        expires_at = timeutils.normalize_time(
-            timeutils.parse_isotime(body['token']['expires']))
-        self.assertGreater(expires_at, now)
-
-        self.assertEqual(body['token']['tenant']['id'],
-                         creds.tenant_id)
-        self.assertEqual(body['token']['tenant']['name'],
-                         tenant_name)
-
-        self.assertEqual(body['user']['id'], creds.user_id)
diff --git a/tempest/api/identity/v2/test_users.py b/tempest/api/identity/v2/test_users.py
deleted file mode 100644
index a63b45ca6f..0000000000
--- a/tempest/api/identity/v2/test_users.py
+++ /dev/null
@@ -1,112 +0,0 @@
-# Copyright 2015 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-import time
-
-import testtools
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib import decorators
-from tempest.lib import exceptions
-
-
-CONF = config.CONF
-
-
-class IdentityUsersTest(base.BaseIdentityV2Test):
-    """Test user password in identity v2 API"""
-
-    @classmethod
-    def resource_setup(cls):
-        super(IdentityUsersTest, cls).resource_setup()
-        cls.creds = cls.os_primary.credentials
-        cls.username = cls.creds.username
-        cls.password = cls.creds.password
-        cls.tenant_name = cls.creds.tenant_name
-
-    def _update_password(self, user_id, original_password, password):
-        self.non_admin_users_client.update_user_own_password(
-            user_id, password=password, original_password=original_password)
-
-        # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
-        # Keystone should only be precise to the second. Sleep to ensure
-        # we are passing the second boundary.
-        time.sleep(1)
-
-        # check authorization with new password
-        self.non_admin_token_client.auth(self.username,
-                                         password,
-                                         self.tenant_name)
-
-        # Reset auth to get a new token with the new password
-        self.non_admin_users_client.auth_provider.clear_auth()
-        self.non_admin_users_client.auth_provider.credentials.password = (
-            password)
-
-    def _restore_password(self, user_id, old_pass, new_pass):
-        if CONF.identity_feature_enabled.security_compliance:
-            # First we need to clear the password history
-            unique_count = CONF.identity.user_unique_last_password_count
-            for _ in range(unique_count):
-                random_pass = data_utils.rand_password()
-                self._update_password(
-                    user_id, original_password=new_pass, password=random_pass)
-                new_pass = random_pass
-
-        self._update_password(
-            user_id, original_password=new_pass, password=old_pass)
-        # Reset auth again to verify the password restore does work.
-        # Clear auth restores the original credentials and deletes
-        # cached auth data
-        self.non_admin_users_client.auth_provider.clear_auth()
-        # NOTE(lbragstad): Fernet tokens are not subsecond aware and
-        # Keystone should only be precise to the second. Sleep to ensure we
-        # are passing the second boundary before attempting to
-        # authenticate.
-        time.sleep(1)
-        self.non_admin_users_client.auth_provider.set_auth()
-
-    @decorators.idempotent_id('165859c9-277f-4124-9479-a7d1627b0ca7')
-    @testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
-                      'Skipped because environment has an '
-                      'immutable user source and solely '
-                      'provides read-only access to users.')
-    def test_user_update_own_password(self):
-        """test updating user's own password via v2 API"""
-        old_pass = self.creds.password
-        old_token = self.non_admin_users_client.token
-        new_pass = data_utils.rand_password()
-        user_id = self.creds.user_id
-
-        # to change password back. important for use_dynamic_credentials=false
-        self.addCleanup(self._restore_password, user_id, old_pass, new_pass)
-
-        # user updates own password
-        self._update_password(
-            user_id, original_password=old_pass, password=new_pass)
-
-        # authorize with old token should lead to Unauthorized
-        self.assertRaises(exceptions.Unauthorized,
-                          self.non_admin_token_client.auth_token,
-                          old_token)
-
-        # authorize with old password should lead to Unauthorized
-        self.assertRaises(exceptions.Unauthorized,
-                          self.non_admin_token_client.auth,
-                          self.username,
-                          old_pass,
-                          self.tenant_name)
diff --git a/tempest/clients.py b/tempest/clients.py
index 5338ed4c7c..73a0f0583f 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -173,30 +173,6 @@ class Manager(clients.ServiceClients):
             self.placement.ResourceProvidersClient()
 
     def _set_identity_clients(self):
-        # Clients below use the admin endpoint type of Keystone API v2
-        params_v2_admin = {
-            'endpoint_type': CONF.identity.v2_admin_endpoint_type}
-        self.endpoints_client = self.identity_v2.EndpointsClient(
-            **params_v2_admin)
-        self.identity_client = self.identity_v2.IdentityClient(
-            **params_v2_admin)
-        self.tenants_client = self.identity_v2.TenantsClient(
-            **params_v2_admin)
-        self.roles_client = self.identity_v2.RolesClient(**params_v2_admin)
-        self.users_client = self.identity_v2.UsersClient(**params_v2_admin)
-        self.identity_services_client = self.identity_v2.ServicesClient(
-            **params_v2_admin)
-
-        # Clients below use the public endpoint type of Keystone API v2
-        params_v2_public = {
-            'endpoint_type': CONF.identity.v2_public_endpoint_type}
-        self.identity_public_client = self.identity_v2.IdentityClient(
-            **params_v2_public)
-        self.tenants_public_client = self.identity_v2.TenantsClient(
-            **params_v2_public)
-        self.users_public_client = self.identity_v2.UsersClient(
-            **params_v2_public)
-
         # Clients below use the endpoint type of Keystone API v3, which is set
         # in endpoint_type
         params_v3 = {'endpoint_type': CONF.identity.v3_endpoint_type}
@@ -241,16 +217,6 @@ class Manager(clients.ServiceClients):
         self.identity_limits_client = \
             self.identity_v3.LimitsClient(**params_v3)
 
-        # Token clients do not use the catalog. They only need default_params.
-        # They read auth_url, so they should only be set if the corresponding
-        # API version is marked as enabled
-        if CONF.identity_feature_enabled.api_v2:
-            if CONF.identity.uri:
-                self.token_client = self.identity_v2.TokenClient(
-                    auth_url=CONF.identity.uri)
-            else:
-                msg = 'Identity v2 API enabled, but no identity.uri set'
-                raise lib_exc.InvalidConfiguration(msg)
         if CONF.identity_feature_enabled.api_v3:
             if CONF.identity.uri_v3:
                 self.token_v3_client = self.identity_v3.V3TokenClient(
diff --git a/tempest/config.py b/tempest/config.py
index 8ed1ff68a7..dafd44099f 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -128,12 +128,18 @@ IdentityGroup = [
                     'TLS (https) server certificate.'),
     cfg.URIOpt('uri',
                schemes=['http', 'https'],
+               deprecated_for_removal=True,
+               deprecated_reason='The identity v2 API tests were removed '
+                                 'and this option has no effect',
                help="Full URI of the OpenStack Identity API (Keystone), v2"),
     cfg.URIOpt('uri_v3',
                schemes=['http', 'https'],
                help='Full URI of the OpenStack Identity API (Keystone), v3'),
     cfg.StrOpt('auth_version',
                default='v3',
+               deprecated_for_removal=True,
+               deprecated_reason='Identity v2 API was removed and v3 is '
+                                 'the only available identity API version now',
                help="Identity API version to be used for authentication "
                     "for API tests."),
     cfg.StrOpt('region',
@@ -146,12 +152,16 @@ IdentityGroup = [
                default='adminURL',
                choices=['public', 'admin', 'internal',
                         'publicURL', 'adminURL', 'internalURL'],
+               deprecated_for_removal=True,
+               deprecated_reason='This option has no effect',
                help="The admin endpoint type to use for OpenStack Identity "
                     "(Keystone) API v2"),
     cfg.StrOpt('v2_public_endpoint_type',
                default='publicURL',
                choices=['public', 'admin', 'internal',
                         'publicURL', 'adminURL', 'internalURL'],
+               deprecated_for_removal=True,
+               deprecated_reason='This option has no effect',
                help="The public endpoint type to use for OpenStack Identity "
                     "(Keystone) API v2"),
     cfg.StrOpt('v3_endpoint_type',
@@ -234,19 +244,22 @@ IdentityFeatureGroup = [
                      'impersonation enabled'),
     cfg.BoolOpt('api_v2',
                 default=False,
-                help='Is the v2 identity API enabled',
                 deprecated_for_removal=True,
-                deprecated_reason='The identity v2.0 API was removed in the '
-                                  'Queens release. Tests that exercise the '
-                                  'v2.0 API will be removed from tempest in '
-                                  'the v22.0.0 release. They are kept only to '
-                                  'test stable branches.'),
+                deprecated_reason='The identity v2 API tests were removed '
+                                  'and this option has no effect',
+                help='Is the v2 identity API enabled'),
     cfg.BoolOpt('api_v2_admin',
                 default=True,
-                help="Is the v2 identity admin API available? This setting "
-                     "only applies if api_v2 is set to True."),
+                deprecated_for_removal=True,
+                deprecated_reason='The identity v2 API tests were removed '
+                                  'and this option has no effect',
+                help="Is the v2 identity admin API available?"),
     cfg.BoolOpt('api_v3',
                 default=True,
+                deprecated_for_removal=True,
+                deprecated_reason='Identity v2 API was removed and v3 is '
+                                  'the only available identity API version '
+                                  'now',
                 help='Is the v3 identity API enabled'),
     cfg.ListOpt('api_extensions',
                 default=['all'],