Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / keystone-tempest-plugin / 7814dc20341d73db482f5128c642e9830a3f5daa^! / .
commit7814dc20341d73db482f5128c642e9830a3f5daa[log] [tgz]
authorColleen Murphy <colleen@gazlene.net>Sun May 10 22:23:50 2020 -0700
committerColleen Murphy <colleen@gazlene.net>Sun May 10 22:34:17 2020 -0700
treeae091a982d6ba255195e23643c51c64fc7290c25
parentb8f6b25dddca1feb451d847929c788cbf6a7285d [diff]
Use ephemeral test user for k2k tests

Do not use the admin user as a shadowed federated user for the K2K
tests. When trying to add expiring groups for the admin user, keystone
has trouble looking up the user in the cache and fails to add the groups
to the user. This sometimes results in test failures, which may be
masked as failure to clean up the identity provider in between tests and
resulting in a conflict trying to recreate it. This change instead uses
an ephemeral test user rather than the admin user, which is not meant to
be used for authentication tests anyway.

Change-Id: Ia4b53b41a0030772a2abdba949ad7529880d8f70

diff --git a/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py b/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py
index b152116..6853ab2 100644
--- a/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py
+++ b/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py

@@ -222,10 +222,17 @@
     def setUp(self):
         super(TestK2KFederatedAuthentication, self).setUp()
         self._setup_sp()
-        user_id = self.keystone_manager.identity_providers_client.user_id
+        self.auth = {'password': data_utils.rand_password()}
+        user_id = self.keystone_manager.users_v3_client.create_user(
+            name=data_utils.rand_name('user'),
+            password=self.auth['password'])['user']['id']
+        self.addCleanup(
+            self.keystone_manager.users_v3_client.delete_user, user_id)
+        self.auth['user_id'] = user_id
         idp_info = self.idps_client.show_identity_provider(self.idp_id)
         domain_id = idp_info['identity_provider']['domain_id']
         project_id = self.keystone_manager.identity_providers_client.tenant_id
+        self.auth['project_id'] = project_id
         group = self.keystone_manager.groups_client.create_group(
             name=data_utils.rand_uuid_hex(), domain_id=domain_id)
         role = self.keystone_manager.roles_v3_client.create_role(
@@ -295,12 +302,16 @@
         self.addCleanup(self.sps_client.delete_service_provider, self.sp_id)
 
     def _get_sp_authn_request(self):
+        token = self.tokens_client.get_token(
+            user_id=self.auth['user_id'],
+            password=self.auth['password'],
+            project_id=self.auth['project_id'])
         body = {
             'auth': {
                 'identity': {
                     'methods': ['token'],
                     'token': {
-                        'id': self.auth_client.token
+                        'id': token
                     }
                 },
                 'scope': {