Browse Source

Merge "Adding description for testcases - identity part5"

changes/39/744039/1
Zuul 1 week ago
committed by Gerrit Code Review
parent
commit
f2727fa6b4
9 changed files with 142 additions and 52 deletions
  1. +55
    -23
      tempest/api/identity/admin/v2/test_roles_negative.py
  2. +29
    -13
      tempest/api/identity/admin/v2/test_tenant_negative.py
  3. +4
    -1
      tempest/api/identity/admin/v2/test_tokens.py
  4. +5
    -0
      tempest/api/identity/admin/v2/test_tokens_negative.py
  5. +14
    -9
      tempest/api/identity/admin/v2/test_users.py
  6. +6
    -2
      tempest/api/identity/admin/v3/test_regions.py
  7. +15
    -0
      tempest/api/identity/admin/v3/test_roles.py
  8. +9
    -4
      tempest/api/identity/admin/v3/test_tokens.py
  9. +5
    -0
      tempest/api/identity/v3/test_application_credentials.py

+ 55
- 23
tempest/api/identity/admin/v2/test_roles_negative.py View File

@@ -20,6 +20,7 @@ from tempest.lib import exceptions as lib_exc


class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
"""Negative tests of keystone roles via v2 API"""

def _get_role_params(self):
user = self.setup_test_user()
@@ -30,14 +31,14 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('d5d5f1df-f8ca-4de0-b2ef-259c1cc67025')
def test_list_roles_by_unauthorized_user(self):
# Non-administrator user should not be able to list roles
"""Test Non-admin user should not be able to list roles via v2 API"""
self.assertRaises(lib_exc.Forbidden,
self.non_admin_roles_client.list_roles)

@decorators.attr(type=['negative'])
@decorators.idempotent_id('11a3c7da-df6c-40c2-abc2-badd682edf9f')
def test_list_roles_request_without_token(self):
# Request to list roles without a valid token should fail
"""Test listing roles without a valid token via v2 API should fail"""
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
self.assertRaises(lib_exc.Unauthorized, self.roles_client.list_roles)
@@ -46,14 +47,14 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('c0b89e56-accc-4c73-85f8-9c0f866104c1')
def test_role_create_blank_name(self):
# Should not be able to create a role with a blank name
"""Test creating a role with a blank name via v2 API is not allowed"""
self.assertRaises(lib_exc.BadRequest, self.roles_client.create_role,
name='')

@decorators.attr(type=['negative'])
@decorators.idempotent_id('585c8998-a8a4-4641-a5dd-abef7a8ced00')
def test_create_role_by_unauthorized_user(self):
# Non-administrator user should not be able to create role
"""Test non-admin user should not be able to create role via v2 API"""
role_name = data_utils.rand_name(name='role')
self.assertRaises(lib_exc.Forbidden,
self.non_admin_roles_client.create_role,
@@ -62,7 +63,7 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('a7edd17a-e34a-4aab-8bb7-fa6f498645b8')
def test_create_role_request_without_token(self):
# Request to create role without a valid token should fail
"""Test creating role without a valid token via v2 API should fail"""
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
role_name = data_utils.rand_name(name='role')
@@ -73,7 +74,7 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('c0cde2c8-81c1-4bb0-8fe2-cf615a3547a8')
def test_role_create_duplicate(self):
# Role names should be unique
"""Test role names should be unique via v2 API"""
role_name = data_utils.rand_name(name='role-dup')
body = self.roles_client.create_role(name=role_name)['role']
role1_id = body.get('id')
@@ -84,7 +85,7 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('15347635-b5b1-4a87-a280-deb2bd6d865e')
def test_delete_role_by_unauthorized_user(self):
# Non-administrator user should not be able to delete role
"""Test non-admin user should not be able to delete role via v2 API"""
role_name = data_utils.rand_name(name='role')
body = self.roles_client.create_role(name=role_name)['role']
self.addCleanup(self.roles_client.delete_role, body['id'])
@@ -95,7 +96,7 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('44b60b20-70de-4dac-beaf-a3fc2650a16b')
def test_delete_role_request_without_token(self):
# Request to delete role without a valid token should fail
"""Test deleting role without a valid token via v2 API should fail"""
role_name = data_utils.rand_name(name='role')
body = self.roles_client.create_role(name=role_name)['role']
self.addCleanup(self.roles_client.delete_role, body['id'])
@@ -110,7 +111,7 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('38373691-8551-453a-b074-4260ad8298ef')
def test_delete_role_non_existent(self):
# Attempt to delete a non existent role should fail
"""Test deleting a non existent role via v2 API should fail"""
non_existent_role = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound, self.roles_client.delete_role,
non_existent_role)
@@ -118,8 +119,11 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('391df5cf-3ec3-46c9-bbe5-5cb58dd4dc41')
def test_assign_user_role_by_unauthorized_user(self):
# Non-administrator user should not be authorized to
# assign a role to user
"""Test non-admin user assigning a role to user via v2 API

Non-admin user should not be authorized to assign a role to user via
v2 API.
"""
(user, tenant, role) = self._get_role_params()
self.assertRaises(
lib_exc.Forbidden,
@@ -129,7 +133,11 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('f0d2683c-5603-4aee-95d7-21420e87cfd8')
def test_assign_user_role_request_without_token(self):
# Request to assign a role to a user without a valid token
"""Test assigning a role to a user without a valid token via v2 API

Assigning a role to a user without a valid token via v2 API should
fail.
"""
(user, tenant, role) = self._get_role_params()
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
@@ -142,7 +150,10 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('99b297f6-2b5d-47c7-97a9-8b6bb4f91042')
def test_assign_user_role_for_non_existent_role(self):
# Attempt to assign a non existent role to user should fail
"""Test assigning a non existent role to user via v2 API

Assigning a non existent role to user via v2 API should fail.
"""
(user, tenant, _) = self._get_role_params()
non_existent_role = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound,
@@ -152,7 +163,10 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('b2285aaa-9e76-4704-93a9-7a8acd0a6c8f')
def test_assign_user_role_for_non_existent_tenant(self):
# Attempt to assign a role on a non existent tenant should fail
"""Test assigning a role on a non existent tenant via v2 API

Assigning a role on a non existent tenant via v2 API should fail.
"""
(user, _, role) = self._get_role_params()
non_existent_tenant = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound,
@@ -162,7 +176,7 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('5c3132cd-c4c8-4402-b5ea-71eb44e97793')
def test_assign_duplicate_user_role(self):
# Duplicate user role should not get assigned
"""Test duplicate user role should not get assigned via v2 API"""
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'],
user['id'],
@@ -174,8 +188,11 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('d0537987-0977-448f-a435-904c15de7298')
def test_remove_user_role_by_unauthorized_user(self):
# Non-administrator user should not be authorized to
# remove a user's role
"""Test non-admin user removing a user's role via v2 API

Non-admin user should not be authorized to remove a user's role via
v2 API
"""
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'],
user['id'],
@@ -188,7 +205,10 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('cac81cf4-c1d2-47dc-90d3-f2b7eb572286')
def test_remove_user_role_request_without_token(self):
# Request to remove a user's role without a valid token
"""Test removing a user's role without a valid token via v2 API

Removing a user's role without a valid token via v2 API should fail.
"""
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'],
user['id'],
@@ -203,7 +223,10 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('ab32d759-cd16-41f1-a86e-44405fa9f6d2')
def test_remove_user_role_non_existent_role(self):
# Attempt to delete a non existent role from a user should fail
"""Test deleting a non existent role from a user via v2 API

Deleting a non existent role from a user via v2 API should fail.
"""
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'],
user['id'],
@@ -216,7 +239,10 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('67a679ec-03dd-4551-bbfc-d1c93284f023')
def test_remove_user_role_non_existent_tenant(self):
# Attempt to remove a role from a non existent tenant should fail
"""Test removing a role from a non existent tenant via v2 API

Removing a role from a non existent tenant via v2 API should fail.
"""
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'],
user['id'],
@@ -229,8 +255,11 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('7391ab4c-06f3-477a-a64a-c8e55ce89837')
def test_list_user_roles_by_unauthorized_user(self):
# Non-administrator user should not be authorized to list
# a user's roles
"""Test non-admin user listing a user's roles via v2 API

Non-admin user should not be authorized to list a user's roles via v2
API.
"""
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'],
user['id'],
@@ -243,7 +272,10 @@ class RolesNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('682adfb2-fd5f-4b0a-a9ca-322e9bebb907')
def test_list_user_roles_request_without_token(self):
# Request to list user's roles without a valid token should fail
"""Test listing user's roles without a valid token via v2 API

Listing user's roles without a valid token via v2 API should fail
"""
(user, tenant, _) = self._get_role_params()
token = self.client.auth_provider.get_token()
self.client.delete_token(token)


+ 29
- 13
tempest/api/identity/admin/v2/test_tenant_negative.py View File

@@ -20,18 +20,22 @@ from tempest.lib import exceptions as lib_exc


class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
"""Negative tests of keystone tenants via v2 API"""

@decorators.attr(type=['negative'])
@decorators.idempotent_id('ca9bb202-63dd-4240-8a07-8ef9c19c04bb')
def test_list_tenants_by_unauthorized_user(self):
# Non-administrator user should not be able to list tenants
"""Test Non-admin should not be able to list tenants via v2 API"""
self.assertRaises(lib_exc.Forbidden,
self.non_admin_tenants_client.list_tenants)

@decorators.attr(type=['negative'])
@decorators.idempotent_id('df33926c-1c96-4d8d-a762-79cc6b0c3cf4')
def test_list_tenant_request_without_token(self):
# Request to list tenants without a valid token should fail
"""Test listing tenants without a valid token via v2 API

Listing tenants without a valid token via v2 API should fail.
"""
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
self.assertRaises(lib_exc.Unauthorized,
@@ -41,7 +45,7 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('162ba316-f18b-4987-8c0c-fd9140cd63ed')
def test_tenant_delete_by_unauthorized_user(self):
# Non-administrator user should not be able to delete a tenant
"""Test non-admin should not be able to delete a tenant via v2 API"""
tenant = self.setup_test_tenant()
self.assertRaises(lib_exc.Forbidden,
self.non_admin_tenants_client.delete_tenant,
@@ -50,7 +54,10 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('e450db62-2e9d-418f-893a-54772d6386b1')
def test_tenant_delete_request_without_token(self):
# Request to delete a tenant without a valid token should fail
"""Test deleting a tenant without a valid token via v2 API

Deleting a tenant without a valid token via v2 API should fail.
"""
tenant = self.setup_test_tenant()
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
@@ -62,14 +69,14 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('9c9a2aed-6e3c-467a-8f5c-89da9d1b516b')
def test_delete_non_existent_tenant(self):
# Attempt to delete a non existent tenant should fail
"""Test deleting a non existent tenant via v2 API should fail"""
self.assertRaises(lib_exc.NotFound, self.tenants_client.delete_tenant,
data_utils.rand_uuid_hex())

@decorators.attr(type=['negative'])
@decorators.idempotent_id('af16f44b-a849-46cb-9f13-a751c388f739')
def test_tenant_create_duplicate(self):
# Tenant names should be unique
"""Test tenant names should be unique via v2 API"""
tenant_name = data_utils.rand_name(name='tenant')
self.setup_test_tenant(name=tenant_name)
self.assertRaises(lib_exc.Conflict, self.tenants_client.create_tenant,
@@ -78,7 +85,10 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('d26b278a-6389-4702-8d6e-5980d80137e0')
def test_create_tenant_by_unauthorized_user(self):
# Non-administrator user should not be authorized to create a tenant
"""Test non-admin user creating a tenant via v2 API

Non-admin user should not be authorized to create a tenant via v2 API.
"""
tenant_name = data_utils.rand_name(name='tenant')
self.assertRaises(lib_exc.Forbidden,
self.non_admin_tenants_client.create_tenant,
@@ -87,7 +97,7 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('a3ee9d7e-6920-4dd5-9321-d4b2b7f0a638')
def test_create_tenant_request_without_token(self):
# Create tenant request without a token should not be authorized
"""Test creating tenant without a token via v2 API is not allowed"""
tenant_name = data_utils.rand_name(name='tenant')
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
@@ -99,7 +109,7 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('5a2e4ca9-b0c0-486c-9c48-64a94fba2395')
def test_create_tenant_with_empty_name(self):
# Tenant name should not be empty
"""Test tenant name should not be empty via v2 API"""
self.assertRaises(lib_exc.BadRequest,
self.tenants_client.create_tenant,
name='')
@@ -107,7 +117,7 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('2ff18d1e-dfe3-4359-9dc3-abf582c196b9')
def test_create_tenants_name_length_over_64(self):
# Tenant name length should not be greater than 64 characters
"""Test tenant name length should not exceed 64 via v2 API"""
tenant_name = 'a' * 65
self.assertRaises(lib_exc.BadRequest,
self.tenants_client.create_tenant,
@@ -116,14 +126,17 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('bd20dc2a-9557-4db7-b755-f48d952ad706')
def test_update_non_existent_tenant(self):
# Attempt to update a non existent tenant should fail
"""Test updating a non existent tenant via v2 API should fail"""
self.assertRaises(lib_exc.NotFound, self.tenants_client.update_tenant,
data_utils.rand_uuid_hex())

@decorators.attr(type=['negative'])
@decorators.idempotent_id('41704dc5-c5f7-4f79-abfa-76e6fedc570b')
def test_tenant_update_by_unauthorized_user(self):
# Non-administrator user should not be able to update a tenant
"""Test non-admin user updating a tenant via v2 API

Non-admin user should not be able to update a tenant via v2 API
"""
tenant = self.setup_test_tenant()
self.assertRaises(lib_exc.Forbidden,
self.non_admin_tenants_client.update_tenant,
@@ -132,7 +145,10 @@ class TenantsNegativeTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type=['negative'])
@decorators.idempotent_id('7a421573-72c7-4c22-a98e-ce539219c657')
def test_tenant_update_request_without_token(self):
# Request to update a tenant without a valid token should fail
"""Test updating a tenant without a valid token via v2 API

Updating a tenant without a valid token via v2 API should fail
"""
tenant = self.setup_test_tenant()
token = self.client.auth_provider.get_token()
self.client.delete_token(token)


+ 4
- 1
tempest/api/identity/admin/v2/test_tokens.py View File

@@ -23,9 +23,11 @@ CONF = config.CONF


class TokensTestJSON(base.BaseIdentityV2AdminTest):
"""Test keystone tokens via v2 API"""

@decorators.idempotent_id('453ad4d5-e486-4b2f-be72-cffc8149e586')
def test_create_check_get_delete_token(self):
"""Test getting create/check/get/delete token for user via v2 API"""
# get a token by username and password
user_name = data_utils.rand_name(name='user')
user_password = data_utils.rand_password()
@@ -59,7 +61,7 @@ class TokensTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('25ba82ee-8a32-4ceb-8f50-8b8c71e8765e')
def test_rescope_token(self):
"""An unscoped token can be requested
"""Test an unscoped token can be requested via v2 API

That token can be used to request a scoped token.
"""
@@ -112,6 +114,7 @@ class TokensTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('ca3ea6f7-ed08-4a61-adbd-96906456ad31')
def test_list_endpoints_for_token(self):
"""Test listing endpoints for token via v2 API"""
tempest_services = ['keystone', 'nova', 'neutron', 'swift', 'cinder',
'neutron']
# get a token for the user


+ 5
- 0
tempest/api/identity/admin/v2/test_tokens_negative.py View File

@@ -19,12 +19,17 @@ from tempest.lib import exceptions as lib_exc


class TokensAdminTestNegative(base.BaseIdentityV2AdminTest):
"""Negative tests of keystone tokens via v2 API"""

credentials = ['primary', 'admin', 'alt']

@decorators.attr(type=['negative'])
@decorators.idempotent_id('a0a0a600-4292-4364-99c5-922c834fdf05')
def test_check_token_existence_negative(self):
"""Test checking other tenant's token existence via v2 API

Checking other tenant's token existence via v2 API should fail.
"""
creds = self.os_primary.credentials
creds_alt = self.os_alt.credentials
username = creds.username


+ 14
- 9
tempest/api/identity/admin/v2/test_users.py View File

@@ -23,6 +23,7 @@ from tempest.lib import decorators


class UsersTestJSON(base.BaseIdentityV2AdminTest):
"""Test keystone users via v2 API"""

@classmethod
def resource_setup(cls):
@@ -33,14 +34,14 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):
@decorators.attr(type='smoke')
@decorators.idempotent_id('2d55a71e-da1d-4b43-9c03-d269fd93d905')
def test_create_user(self):
# Create a user
"""Test creating a user via v2 API"""
tenant = self.setup_test_tenant()
user = self.create_test_user(name=self.alt_user, tenantId=tenant['id'])
self.assertEqual(self.alt_user, user['name'])

@decorators.idempotent_id('89d9fdb8-15c2-4304-a429-48715d0af33d')
def test_create_user_with_enabled(self):
# Create a user with enabled : False
"""Test creating a user with enabled : False via v2 API"""
tenant = self.setup_test_tenant()
name = data_utils.rand_name('test_user')
user = self.create_test_user(name=name,
@@ -53,7 +54,7 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('39d05857-e8a5-4ed4-ba83-0b52d3ab97ee')
def test_update_user(self):
# Test case to check if updating of user attributes is successful.
"""Test updating user attributes via v2 API"""
tenant = self.setup_test_tenant()
user = self.create_test_user(tenantId=tenant['id'])

@@ -75,14 +76,14 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('29ed26f4-a74e-4425-9a85-fdb49fa269d2')
def test_delete_user(self):
# Delete a user
"""Test deleting a user via v2 API"""
tenant = self.setup_test_tenant()
user = self.create_test_user(tenantId=tenant['id'])
self.users_client.delete_user(user['id'])

@decorators.idempotent_id('aca696c3-d645-4f45-b728-63646045beb1')
def test_user_authentication(self):
# Valid user's token is authenticated
"""Test that valid user's token is authenticated via v2 API"""
password = data_utils.rand_password()
user = self.setup_test_user(password)
tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
@@ -97,6 +98,7 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('5d1fa498-4c2d-4732-a8fe-2b054598cfdd')
def test_authentication_request_without_token(self):
"""Test authentication request without token via v2 API"""
# Request for token authentication with a valid token in header
password = data_utils.rand_password()
user = self.setup_test_user(password)
@@ -116,7 +118,10 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('a149c02e-e5e0-4b89-809e-7e8faf33ccda')
def test_get_users(self):
# Get a list of users and find the test user
"""Test getting users via v2 API

Get a list of users and find the test user
"""
user = self.setup_test_user()
users = self.users_client.list_users()['users']
self.assertThat([u['name'] for u in users],
@@ -125,7 +130,7 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('6e317209-383a-4bed-9f10-075b7c82c79a')
def test_list_users_for_tenant(self):
# Return a list of all users for a tenant
"""Test returning a list of all users for a tenant via v2 API"""
tenant = self.setup_test_tenant()
user_ids = list()
fetched_user_ids = list()
@@ -147,7 +152,7 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('a8b54974-40e1-41c0-b812-50fc90827971')
def test_list_users_with_roles_for_tenant(self):
# Return list of users on tenant when roles are assigned to users
"""Test listing users on tenant with roles assigned via v2 API"""
user = self.setup_test_user()
tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
role = self.setup_test_role()
@@ -175,7 +180,7 @@ class UsersTestJSON(base.BaseIdentityV2AdminTest):

@decorators.idempotent_id('1aeb25ac-6ec5-4d8b-97cb-7ac3567a989f')
def test_update_user_password(self):
# Test case to check if updating of user password is successful.
"""Test updating of user password via v2 API"""
user = self.setup_test_user()
tenant = self.tenants_client.show_tenant(user['tenantId'])['tenant']
# Updating the user with new password


+ 6
- 2
tempest/api/identity/admin/v3/test_regions.py View File

@@ -20,6 +20,8 @@ from tempest.lib import decorators


class RegionsTestJSON(base.BaseIdentityV3AdminTest):
"""Test regions"""

# NOTE: force_tenant_isolation is true in the base class by default but
# overridden to false here to allow test execution for clouds using the
# pre-provisioned credentials provider.
@@ -44,6 +46,7 @@ class RegionsTestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('56186092-82e4-43f2-b954-91013218ba42')
def test_create_update_get_delete_region(self):
"""Test creating, updating, getting and updating region"""
# Create region
r_description = data_utils.rand_name('description')
region = self.client.create_region(
@@ -81,7 +84,7 @@ class RegionsTestJSON(base.BaseIdentityV3AdminTest):
@decorators.attr(type='smoke')
@decorators.idempotent_id('2c12c5b5-efcf-4aa5-90c5-bff1ab0cdbe2')
def test_create_region_with_specific_id(self):
# Create a region with a specific id
"""Test creating region with specific id"""
r_region_id = data_utils.rand_uuid()
r_description = data_utils.rand_name('description')
region = self.client.create_region(
@@ -93,7 +96,7 @@ class RegionsTestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('d180bf99-544a-445c-ad0d-0c0d27663796')
def test_list_regions(self):
# Get a list of regions
"""Test getting a list of regions"""
fetched_regions = self.client.list_regions()['regions']
missing_regions =\
[e for e in self.setup_regions if e not in fetched_regions]
@@ -104,6 +107,7 @@ class RegionsTestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('2d1057cb-bbde-413a-acdf-e2d265284542')
def test_list_regions_filter_by_parent_region_id(self):
"""Test listing regions filtered by parent region id"""
# Add a sub-region to one of the existing test regions
r_description = data_utils.rand_name('description')
region = self.client.create_region(


+ 15
- 0
tempest/api/identity/admin/v3/test_roles.py View File

@@ -25,6 +25,8 @@ CONF = config.CONF


class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
"""Test roles"""

# NOTE: force_tenant_isolation is true in the base class by default but
# overridden to false here to allow test execution for clouds using the
# pre-provisioned credentials provider.
@@ -75,6 +77,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
@decorators.attr(type='smoke')
@decorators.idempotent_id('18afc6c0-46cf-4911-824e-9989cc056c3a')
def test_role_create_update_show_list(self):
"""Test creating, updating, showing and listing a role"""
r_name = data_utils.rand_name('Role')
role = self.roles_client.create_role(name=r_name)['role']
self.addCleanup(self.roles_client.delete_role, role['id'])
@@ -101,6 +104,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
'Skipped because environment has an immutable user '
'source and solely provides read-only access to users.')
def test_grant_list_revoke_role_to_user_on_project(self):
"""Test granting, listing, revoking role to user on project"""
self.roles_client.create_user_role_on_project(self.project['id'],
self.user_body['id'],
self.role['id'])
@@ -122,6 +126,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
'Skipped because environment has an immutable user '
'source and solely provides read-only access to users.')
def test_grant_list_revoke_role_to_user_on_domain(self):
"""Test granting, listing, revoking role to user on domain"""
self.roles_client.create_user_role_on_domain(
self.domain['id'], self.user_body['id'], self.role['id'])

@@ -142,6 +147,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
'Skipped because environment has an immutable user '
'source and solely provides read-only access to users.')
def test_grant_list_revoke_role_to_group_on_project(self):
"""Test granting, listing, revoking role to group on project"""
# Grant role to group on project
self.roles_client.create_group_role_on_project(
self.project['id'], self.group_body['id'], self.role['id'])
@@ -175,6 +181,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('4bf8a70b-e785-413a-ad53-9f91ce02faa7')
def test_grant_list_revoke_role_to_group_on_domain(self):
"""Test granting, listing, revoking role to group on domain"""
self.roles_client.create_group_role_on_domain(
self.domain['id'], self.group_body['id'], self.role['id'])

@@ -192,6 +199,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('f5654bcc-08c4-4f71-88fe-05d64e06de94')
def test_list_roles(self):
"""Test listing roles"""
# Return a list of all roles
body = self.roles_client.list_roles()['roles']
found = [role for role in body if role in self.roles]
@@ -215,6 +223,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('c90c316c-d706-4728-bcba-eb1912081b69')
def test_implied_roles_create_check_show_delete(self):
"""Test creating, checking, showing and deleting implied roles"""
prior_role_id = self.roles[0]['id']
implies_role_id = self.roles[1]['id']

@@ -248,6 +257,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('dc6f5959-b74d-4e30-a9e5-a8255494ff00')
def test_roles_hierarchy(self):
"""Test creating implied role and listing role inferences rules"""
# Create inference rule from "roles[0]" to "role[1]"
self._create_implied_role(
self.roles[0]['id'], self.roles[1]['id'])
@@ -280,6 +290,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
'Skipped because environment has an immutable user '
'source and solely provides read-only access to users.')
def test_assignments_for_implied_roles_create_delete(self):
"""Test assignments when implied roles are created and deleted"""
# Create a grant using "roles[0]"
self.roles_client.create_user_role_on_project(
self.project['id'], self.user_body['id'], self.roles[0]['id'])
@@ -321,6 +332,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('d92a41d2-5501-497a-84bb-6e294330e8f8')
def test_domain_roles_create_delete(self):
"""Test creating, listing and deleting domain roles"""
domain_role = self.roles_client.create_role(
name=data_utils.rand_name('domain_role'),
domain_id=self.domain['id'])['role']
@@ -341,6 +353,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('eb1e1c24-1bc4-4d47-9748-e127a1852c82')
def test_implied_domain_roles(self):
"""Test creating implied roles when roles are in domains"""
# Create two roles in the same domain
domain_role1 = self.setup_test_role(domain_id=self.domain['id'])
domain_role2 = self.setup_test_role(domain_id=self.domain['id'])
@@ -373,6 +386,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):
'Skipped because environment has an immutable user '
'source and solely provides read-only access to users.')
def test_assignments_for_domain_roles(self):
"""Test assignments for domain roles"""
domain_role = self.setup_test_role(domain_id=self.domain['id'])

# Create a grant using "domain_role"
@@ -395,6 +409,7 @@ class RolesV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('3748c316-c18f-4b08-997b-c60567bc6235')
def test_list_all_implied_roles(self):
"""Test listing all implied roles"""
# Create inference rule from "roles[0]" to "roles[1]"
self._create_implied_role(
self.roles[0]['id'], self.roles[1]['id'])


+ 9
- 4
tempest/api/identity/admin/v3/test_tokens.py View File

@@ -24,6 +24,7 @@ CONF = config.CONF


class TokensV3TestJSON(base.BaseIdentityV3AdminTest):
"""Test tokens"""

credentials = ['primary', 'admin', 'alt']

@@ -123,6 +124,7 @@ class TokensV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('08ed85ce-2ba8-4864-b442-bcc61f16ae89')
def test_get_available_project_scopes(self):
"""Test getting available project scopes"""
manager_project_id = self.os_primary.credentials.project_id
admin_user_id = self.os_admin.credentials.user_id
admin_role_id = self.get_role_by_name(CONF.identity.admin_role)['id']
@@ -152,10 +154,13 @@ class TokensV3TestJSON(base.BaseIdentityV3AdminTest):

@decorators.idempotent_id('ec5ecb05-af64-4c04-ac86-4d9f6f12f185')
def test_get_available_domain_scopes(self):
# Test for verifying that listing domain scopes for a user works if
# the user has a domain role or belongs to a group that has a domain
# role. For this test, admin client is used to add roles to alt user,
# which performs API calls, to avoid 401 Unauthorized errors.
"""Test getting available domain scopes

To verify that listing domain scopes for a user works if
the user has a domain role or belongs to a group that has a domain
role. For this test, admin client is used to add roles to alt user,
which performs API calls, to avoid 401 Unauthorized errors.
"""
alt_user_id = self.os_alt.credentials.user_id

def _create_user_domain_role_for_alt_user():


+ 5
- 0
tempest/api/identity/v3/test_application_credentials.py View File

@@ -23,6 +23,7 @@ from tempest.lib import decorators


class ApplicationCredentialsV3Test(base.BaseApplicationCredentialsV3Test):
"""Test application credentials"""

def _list_app_creds(self, name=None):
kwargs = dict(user_id=self.user_id)
@@ -33,6 +34,7 @@ class ApplicationCredentialsV3Test(base.BaseApplicationCredentialsV3Test):

@decorators.idempotent_id('8080c75c-eddc-4786-941a-c2da7039ae61')
def test_create_application_credential(self):
"""Test creating application credential"""
app_cred = self.create_application_credential()

# Check that the secret appears in the create response
@@ -55,6 +57,7 @@ class ApplicationCredentialsV3Test(base.BaseApplicationCredentialsV3Test):

@decorators.idempotent_id('852daf0c-42b5-4239-8466-d193d0543ed3')
def test_create_application_credential_expires(self):
"""Test creating application credential with expire time"""
expires_at = timeutils.utcnow() + datetime.timedelta(hours=1)

app_cred = self.create_application_credential(expires_at=expires_at)
@@ -64,6 +67,7 @@ class ApplicationCredentialsV3Test(base.BaseApplicationCredentialsV3Test):

@decorators.idempotent_id('ff0cd457-6224-46e7-b79e-0ada4964a8a6')
def test_list_application_credentials(self):
"""Test listing application credentials"""
self.create_application_credential()
self.create_application_credential()

@@ -72,6 +76,7 @@ class ApplicationCredentialsV3Test(base.BaseApplicationCredentialsV3Test):

@decorators.idempotent_id('9bb5e5cc-5250-493a-8869-8b665f6aa5f6')
def test_query_application_credentials(self):
"""Test listing application credentials filtered by name"""
self.create_application_credential()
app_cred_two = self.create_application_credential()
app_cred_two_name = app_cred_two['name']


Loading…
Cancel
Save