commit 3fcc213478f21f39040f85f8d98a07ffd1226464
author Zuul <zuul@review.opendev.org> Thu May 09 18:35:00 2024 +0000
committer Gerrit Code Review <review@openstack.org> Thu May 09 18:35:00 2024 +0000
tree 3600278d9680525139e0889cc2f15f6d868fa011
parent 9f39c23dc2182c7021efe30b2655704a7cac4130
parent 6a9ed00486e3654a7ee5f8dc4a69a28fd2d81664

Merge "Run federation jobs on Ubuntu Jammy"

keystone_tempest_plugin/tests/rbac/v3/test_role.py

diff --git a/keystone_tempest_plugin/tests/rbac/v3/test_role.py b/keystone_tempest_plugin/tests/rbac/v3/test_role.py
index 997731c..32fa424 100644
--- a/keystone_tempest_plugin/tests/rbac/v3/test_role.py
+++ b/keystone_tempest_plugin/tests/rbac/v3/test_role.py
@@ -323,26 +323,10 @@
 
     credentials = ['domain_admin', 'system_admin']
 
-    def test_identity_get_role(self):
-        # user cannot get role
-        role = self.admin_roles_client.create_role(
-            **self.role())['role']
-        self.addCleanup(self.admin_roles_client.delete_role, role['id'])
-        self.do_request('show_role', expected_status=exceptions.Forbidden,
-                        role_id=role['id'])
-        # user gets a 404 for nonexistent role
-        self.do_request('show_role', expected_status=exceptions.NotFound,
-                        role_id=data_utils.rand_uuid_hex())
-
-    def test_identity_list_roles(self):
-        # user cannot list roles
-        role = self.admin_roles_client.create_role(**self.role())['role']
-        self.addCleanup(self.admin_roles_client.delete_role, role['id'])
-        self.do_request('list_roles', expected_status=exceptions.Forbidden)
-
     def test_identity_get_domain_role(self):
         # user cannot get domain role in own domain
-        role = self.admin_roles_client.create_role(**self.role())['role']
+        role = self.admin_roles_client.create_role(
+            **self.role(domain_id=self.own_domain))['role']
         self.addCleanup(self.admin_roles_client.delete_role, role['id'])
         self.do_request('show_role', expected_status=exceptions.Forbidden,
                         role_id=role['id'])
@@ -369,6 +353,23 @@
 
     credentials = ['domain_member', 'system_admin']
 
+    def test_identity_get_role(self):
+        # user cannot get role
+        role = self.admin_roles_client.create_role(
+            **self.role())['role']
+        self.addCleanup(self.admin_roles_client.delete_role, role['id'])
+        self.do_request('show_role', expected_status=exceptions.Forbidden,
+                        role_id=role['id'])
+        # user gets a 404 for nonexistent role
+        self.do_request('show_role', expected_status=exceptions.NotFound,
+                        role_id=data_utils.rand_uuid_hex())
+
+    def test_identity_list_roles(self):
+        # user cannot list roles
+        role = self.admin_roles_client.create_role(**self.role())['role']
+        self.addCleanup(self.admin_roles_client.delete_role, role['id'])
+        self.do_request('list_roles', expected_status=exceptions.Forbidden)
+
 
 class DomainReaderTests(DomainMemberTests):
 
@@ -380,7 +381,7 @@
     credentials = ['project_admin', 'system_admin']
 
 
-class ProjectMemberTests(DomainReaderTests):
+class ProjectMemberTests(DomainMemberTests):
 
     credentials = ['project_member', 'system_admin']