The method is deprecated since Python 3.2[1] and shows the following
DeprecationWarning.
/usr/lib/python3.9/unittest/case.py:1134: DeprecationWarning:
assertDictContainsSubset is deprecated
warnings.warn('assertDictContainsSubset is deprecated',
[1] https://docs.python.org/3/whatsnew/3.2.html#unittest
Closes-Bug: #1938103
Change-Id: I2e868d13d52a2d3c6081a8b756fbe83f8b57cf66
tempest.api.identity.admin.v3.test_tokens.TokensV3TestJSON.test_rescope_token fails
if not used default value for CONF.identity.default_domain_id
Closes-Bug: 1951446
Change-Id: Ie08d570907ddf9102c1297f717355a7f772aabb8
This test's cleanup method needs to have security compliance feature enabled to take effect. Because it uses constant which is valid only if it's enabled.
That's why this test has to be skipped unless Security compliance is available.
Closes-Bug: 1934249
Change-Id: I006fdf233b0af20625e41beb2a4c63109fcdcb17
Add tempest client methods and API tests for grant operations on the
system scope, similar to the existing grant operations for users and
groups on project and domain scopes.
Change-Id: Ie430b2ef0cadf6af3813d82812cce27729d27af1
The v2 version of the /users/{}/credentials/OS-EC2 API was already
present, for completeness this patch adds the v3 equivalent.
This API is not documented because it is preferred to use the
/v3/credentials API for this functionality.
Change-Id: Ide90658fa07a3d5a7ba2e52c3ab7377170273b76
When Tempest is used in customer site, often we are required to
provide a testcase list including testcase names and descriptions.
Now no this kind of doc is available, so we can add descriptions
with the format of doc string for every testcase, so later we
can generata such a testcase description list.
There are hundreds of testcases missing descriptions, so we can
add them gradually, and limit the modified files in one patch
for the convenience of reviewing.
Change-Id: Ifd23fd4cc442a3188a5a19b506694abffadea610
partially-implements: blueprint testcase-description
When Tempest is used in customer site, often we are required to
provide a testcase list including testcase names and descriptions.
Now no this kind of doc is available, so we can add descriptions
with the format of doc string for every testcase, so later we
can generata such a testcase description list.
There are hundreds of testcases missing descriptions, so we can
add them gradually, and limit the modified files in one patch
for the convenience of reviewing.
Change-Id: I47fc64ac84b4d0ea3da0a9469efec7bd6e0b0f3d
partially-implements: blueprint testcase-description
When Tempest is used in customer site, often we are required to
provide a testcase list including testcase names and descriptions.
Now no this kind of doc is available, so we can add descriptions
with the format of doc string for every testcase, so later we
can generata such a testcase description list.
There are hundreds of testcases missing descriptions, so we can
add them gradually, and limit the modified files in one patch
for the convenience of reviewing.
Change-Id: I6d8fd63c7a473b498cde35ed53d83270b9e526c3
partially-implements: blueprint testcase-description
Closes-bug: 1879359
https://bugs.launchpad.net/tempest/+bug/1879359
Sorts the roles in the scoped tokens so that the
test case does not fail
Change-Id: Iac94eab78035a9b0f3926bd7da237ae4f5fb68d8
When Tempest is used in customer site, often we are required to
provide a testcase list including testcase names and descriptions.
Now no this kind of doc is available, so we can add descriptions
with the format of doc string for every testcase, so later we
can generata such a testcase description list.
There are hundreds of testcases missing descriptions, so we can
add them gradually, and limit the modified files in one patch
for the convenience of reviewing.
Change-Id: Ia6c3ba8e7ff220be0b0b9bcd64ae2680bec75c4a
partially-implements: blueprint testcase-description
When Tempest is used in customer site, often we are required to
provide a testcase list including testcase names and descriptions.
Now no this kind of doc is available, so we can add descriptions
with the format of doc string for every testcase, so later we
can generata such a testcase description list.
There are hundreds of testcases missing descriptions, so we can
add them gradually, and limit the modified files in one patch
for the convenience of reviewing.
BTW: some minor code refactor is done along with this patch.
Change-Id: I072bd2c86a7f50559e9e452dda3e1669fad3be00
partially-implements: blueprint testcase-description
With the introduction of expiring group memberships, there is a
new attribute `membership_expires_at` when listing user groups.
This patch updates the test to check the attribute and then
ignore it for group dict comparison.
Change-Id: I4294a879071dde07e5eb1da4df133de8032e1059
Partial-Bug: 1809116
Access rules for application credentials were added in the Train release
of keystone. This change adds related CRUD tests for access rules. See
the API reference for additional information[1].
[1] https://docs.openstack.org/api-ref/identity/v3/index.html#application-credentials
Change-Id: Ifd4ff2245277c2c57f5ccf450923434c0277a724
Keystone is updating the project response to include resource-specific
options. The test `test_project_get_equals_list` is looking at explicit
data being returned and prevents the additional field. Keystone does not
(and currently has not plan) to support microversions. This changes the
test checking the returned fields to ensure that the expected fields is
a subset (inclusive) of the returned fields. This allows for Keystone to
iterate and respond with additional fields for future changes.
Any future fields added become part of the contract and should be added
to the expected "fields" list in the test after the new field response
code lands within keystone.
Related-Bug: #1807751
Required-by: https://review.opendev.org/#/c/678322/
Change-Id: I266d98503066f3a8027effc43a95f9ad9ff12492
This is to remove unused project_ids in test_list_projects,
also to change some unnecessary instance variables to local
variables, and also to use cls.__name__ in rand_name.
Change-Id: I4ef0b16db0869597e09e62d1694dbbb13013271b
Changes were made in ListProjectsStaticTestJSON in order to prevent
failure when the os_primary project is not in the default domain.
Instead of checking to see if the projects in question are both in the
default domain, check to see if they are in their respective correct
domains.
Closes-bug: #1838314
Change-Id: I5dfe04f6638657ba0b3c1f18c4bc5b5222228234
In any domain, due to case sensitivity, if a username
for the project and the username in tempest.conf or
accounts.yaml are not identical, then the test cases
are failing.
So, added .lower() method to change the username strings
to be case insensitive.
Closes-Bug: #1836618
Change-Id: Id7d079c881bbfae972d65ef6049f78da7f25fc1d
Adds a skip_checks condition to UsersV3TestJSON to skip if immutable
user source is true. resource_setup() in this class attempts to create
users, which will fail if the environment uses an LDAP directory for
example.
Change-Id: I42c3b7a17bfb73079b1d05951636359324bed207
Adds a simple condition in skip_checks to skip the entire test class
if the environment is configured to have an immutable user source. If
so, a skipException is raised and the entire class is not executed.
Partial-Bug: 1777047
Change-Id: I8c1c1df25401157c667bce97d4995f738eec8e05
If the keystone user source is immutable, such as an LDAP
active directory implementation, tempest tests that try
to create or delete a user will fail. Instead of failing,
we would like them to skip. This change uses a testtools
decorator to avoid unnecessary modifications and allow those tests
to skip. In [1], I introduced the config setting that allows
this to happen.
[1] https://review.openstack.org/#/c/585536/
Change-Id: I786499204acdb929ee341e014bcb0459d2f27483
Partial-Bug: 1777047
Thorough replacement of git.openstack.org and review.openstack.org URLs
with their opendev.org counterparts.
Change-Id: I88e894db7b854d32593c770f5aa9b8a91fad7866
I don't see any limitations by using pre-provisioned
credentials for these tests:
* test_role_create_update_show_list
* test_list_roles
* test_implied_roles_create_check_show_delete
* test_roles_hierarchy
* test_assignments_for_implied_roles_create_delete
* test_domain_roles_create_delete
* test_implied_domain_roles
* test_assignments_for_domain_roles
* test_list_all_implied_roles
* test_grant_list_revoke_role_to_user_on_project
* test_grant_list_revoke_role_to_user_on_domain
* test_grant_list_revoke_role_to_group_on_project
* test_grant_list_revoke_role_to_group_on_domain
By setting force_tenant_isolation=False these tests now be
can executed with backends that don't allow user creation
(immutable user source) like LDAP.
Partial-Bug: #1714277
Change-Id: Id82f3b6187e878abe04a0aea9e7dbb9e8fb6360e
I don't see any limitations by using pre-provisioned credentials
for the tests:
* test_inherit_assign_list_check_revoke_roles_on_domains_group
* test_inherit_assign_check_revoke_roles_on_projects_group
* test_inherit_assign_list_check_revoke_roles_on_domains_user
* test_inherit_assign_list_check_revoke_roles_on_domains_group
* test_inherit_assign_check_revoke_roles_on_projects_user
* test_inherit_assign_list_revoke_user_roles_on_domain
* test_inherit_assign_list_revoke_user_roles_on_project_tree
By setting force_tenant_isolation=False these tests now be
can executed with backends that don't allow user creation
(immutable user source) like LDAP.
Partial-Bug: #1714277
Change-Id: I6b7bfbaef3355afede2adba56f342d5bfcbe3975
If the keystone user source is immutable, such as an LDAP
active directory implementation, tempest tests that try
to create or delete a user will fail. Instead of failing,
we would like them to skip. This change uses a testtools
decorator to avoid unnecessary modifications and allow those tests
to skip.
Change-Id: Iba39c971468759d9b7b3f0382dfcb881cbb1801d
If the keystone user source is immutable, such as an LDAP
active directory implementation, tempest tests that try
to create or delete a user will fail. Instead of failing,
we would like them to skip. This change uses a testtools
decorator to avoid unnecessary modifications and allow those tests
to skip.
Parital-Bug: #1777047
Change-Id: I1d8105c24eb9b20e563de962f9e4d5776937126a
test_list_projects tests create a new domain and try to test the
list projects operation based on new domain-id. Keystone is
implementing the domain roles functionality for projects resource
- https://review.openstack.org/#/c/624218/
Which means listing the projects with authorized domain only.
This commit modify the tests to use the same domain as requester and
create project with that domain only not new one.
Also add the debug log.
Change-Id: I401815b4a0d3f7ad90801d5580897be870d33013
No need for dynamic credentials to test showing the default domain.
By setting this value to False, consumers with an immutable user source
can execute this test.
Depends-On: I83a9b8af775580d36a1141be55e9c1cc283a75b6
Partial-Bug: #1714277
Change-Id: Ib85691ae3f7b5a4d4a9da620b6ec46c44380ef03
Some systems require strong passwords, so we'd better
use data_utils.rand_password() to create password when
creating user, to avoid password strength validation error.
Change-Id: I503ba6e068b6f7c8487b7077637ee21a9c104595
I don't see any limitations by using pre-provisioned
credentials for these tests:
* test_group_create_update_get
* test_group_users_add_list_delete
* test_list_user_groups
* test_list_groups
Change-Id: Id22911035ce880ab1faa9b37b238b9372ae98087
Zuul