Add existing user logic
There may be a need to run these tests with an existing user. This
checks the existing user flags and uses that information if they
are true. Defautls to false.
Change-Id: I5dfab4cfa2c55fd133ab7ad2d5235399865794ab
diff --git a/keystone_tempest_plugin/config.py b/keystone_tempest_plugin/config.py
index ae93471..b040fea 100644
--- a/keystone_tempest_plugin/config.py
+++ b/keystone_tempest_plugin/config.py
@@ -44,7 +44,8 @@
cfg.StrOpt('idp_username',
help='Username used to login in the Identity Provider'),
cfg.StrOpt('idp_password',
- help='Password used to login in the Identity Provider'),
+ help='Password used to login in the Identity Provider',
+ secret=True),
cfg.StrOpt('idp_ecp_url',
help='Identity Provider SAML2/ECP URL'),
cfg.StrOpt('idp_oidc_url',
@@ -56,6 +57,13 @@
cfg.StrOpt('idp_client_secret',
help='Identity Provider Client Secret'),
+ # existing user (oidc)
+ cfg.StrOpt('idp_test_user_name',
+ help='Identity Provider Test User Name'),
+ cfg.StrOpt('idp_test_user_password',
+ help='Identity Provider Test User Password',
+ secret=True),
+
# Mapping rules
cfg.StrOpt('mapping_remote_type',
help='The assertion attribute to be used in the remote rules'),
@@ -81,5 +89,4 @@
cfg.StrOpt('protocol_id',
default='mapped',
help='The Protocol ID'),
-
]
diff --git a/keystone_tempest_plugin/tests/scenario/test_oidc_federated_authentication.py b/keystone_tempest_plugin/tests/scenario/test_oidc_federated_authentication.py
index d6d064f..a860dcb 100644
--- a/keystone_tempest_plugin/tests/scenario/test_oidc_federated_authentication.py
+++ b/keystone_tempest_plugin/tests/scenario/test_oidc_federated_authentication.py
@@ -18,6 +18,7 @@
from keystoneauth1 import session as ks_session
from tempest import config
from tempest.lib.common.utils import data_utils
+from tempest.lib import exceptions
import testtools
from .keycloak import KeycloakClient
@@ -51,6 +52,14 @@
# custom CA certificate settings
self.ca_certificates_file = CONF.identity.ca_certificates_file
+ def _check_existing_protocol(self):
+ try:
+ self.idps_client.get_protocol_and_mapping(
+ self.idp_id, self.protocol_id)
+ return True
+ except exceptions.NotFound:
+ return False
+
def _setup_mapping(self):
self.mapping_id = data_utils.rand_uuid_hex()
rules = [{
@@ -84,26 +93,12 @@
self.idp_id,
self.protocol_id)
- def setUp(self):
- super(TestOidcFederatedAuthentication, self).setUp()
- self._setup_settings()
-
- # Setup mapping and protocol
- self._setup_mapping()
- self._setup_protocol()
- self.keycloak = KeycloakClient(
- keycloak_url=self.idp_url,
- keycloak_username=self.idp_username,
- keycloak_password=self.idp_password,
- ca_certs_file=self.ca_certificates_file,
- )
-
def _setup_user(self, email=None):
email = email if email else f'test-{uuid.uuid4().hex}@example.com'
self.keycloak.create_user(email, 'Test', 'User')
return email
- def _request_unscoped_token(self, user):
+ def _request_unscoped_token(self, user, password):
auth = identity.v3.OidcPassword(
auth_url=self.keystone_v3_endpoint,
identity_provider=self.idp_id,
@@ -113,11 +108,34 @@
access_token_endpoint=self.keycloak.token_endpoint,
discovery_endpoint=self.keycloak.discovery_endpoint,
username=user,
- password='secret'
+ password=password
)
s = ks_session.Session(auth, verify=self.ca_certificates_file)
return s.get_auth_headers()
+ def setUp(self):
+ super(TestOidcFederatedAuthentication, self).setUp()
+ self._setup_settings()
+
+ # Setup mapping and protocol
+ if not self._check_existing_protocol():
+ self._setup_mapping()
+ self._setup_protocol()
+
+ self.keycloak = KeycloakClient(
+ keycloak_url=self.idp_url,
+ keycloak_username=self.idp_username,
+ keycloak_password=self.idp_password,
+ ca_certs_file=self.ca_certificates_file,
+ )
+
+ if CONF.fed_scenario.idp_test_user_name:
+ self.test_user = CONF.fed_scenario.idp_test_user_name
+ self.test_user_password = CONF.fed_scenario.idp_test_user_password
+ else:
+ self.test_user = self._setup_user()
+ self.test_user_password = 'secret'
+
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
"Federated Identity feature not enabled")
@testtools.skipUnless(CONF.identity_feature_enabled.external_idp,
@@ -125,10 +143,9 @@
@testtools.skipUnless(CONF.fed_scenario.protocol_id == 'openid',
"Protocol not openid")
def test_request_unscoped_token(self):
- user = self._setup_user()
- token = self._request_unscoped_token(user)
+ token = self._request_unscoped_token(self.test_user,
+ self.test_user_password)
self.assertNotEmpty(token)
- self.keycloak.delete_user(user)
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
"Federated Identity feature not enabled")
@@ -137,8 +154,8 @@
@testtools.skipUnless(CONF.fed_scenario.protocol_id == 'openid',
"Protocol not openid")
def test_request_scoped_token(self):
- user = self._setup_user()
- token = self._request_unscoped_token(user)
+ token = self._request_unscoped_token(self.test_user,
+ self.test_user_password)
token_id = token['X-Auth-Token']
projects = self.auth_client.get_available_projects_scopes(
@@ -148,4 +165,8 @@
# Get a scoped token to one of the listed projects
self.tokens_client.auth(
project_id=projects[0]['id'], token=token_id)
- self.keycloak.delete_user(user)
+
+ def tearDown(self):
+ super(TestOidcFederatedAuthentication, self).tearDown()
+ if not CONF.fed_scenario.idp_test_user_name:
+ self.keycloak.delete_user(self.test_user)