Merge "Add option to disable testing against external idp"
diff --git a/keystone_tempest_plugin/config.py b/keystone_tempest_plugin/config.py
index 87872c5..d3e3c02 100644
--- a/keystone_tempest_plugin/config.py
+++ b/keystone_tempest_plugin/config.py
@@ -20,6 +20,11 @@
default=False,
help='Does the environment support the Federated Identity '
'feature?'),
+ cfg.BoolOpt('external_idp',
+ default=True,
+ help='Whether to test federated scenarios against an external '
+ 'identity provider. If disabled, only '
+ 'Keystone-to-Keystone tests will be enabled.'),
]
fed_scenario_group = cfg.OptGroup(name='fed_scenario',
diff --git a/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py b/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py
index 89af4ce..e930205 100644
--- a/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py
+++ b/keystone_tempest_plugin/tests/scenario/test_federated_authentication.py
@@ -183,14 +183,10 @@
return resp
- @testtools.skipUnless(CONF.identity_feature_enabled.federation,
- "Federated Identity feature not enabled")
- def test_request_unscoped_token(self):
+ def _test_request_unscoped_token(self):
self._request_unscoped_token()
- @testtools.skipUnless(CONF.identity_feature_enabled.federation,
- "Federated Identity feature not enabled")
- def test_request_scoped_token(self):
+ def _test_request_scoped_token(self):
resp = self._request_unscoped_token()
token_id = resp.headers['X-Subject-Token']
@@ -203,6 +199,24 @@
project_id=projects[0]['id'], token=token_id)
+class TestSaml2FederatedExternalAuthentication(
+ TestSaml2EcpFederatedAuthentication):
+
+ @testtools.skipUnless(CONF.identity_feature_enabled.federation,
+ "Federated Identity feature not enabled")
+ @testtools.skipUnless(CONF.identity_feature_enabled.external_idp,
+ "External identity provider is not available")
+ def test_request_unscoped_token(self):
+ self._test_request_unscoped_token()
+
+ @testtools.skipUnless(CONF.identity_feature_enabled.federation,
+ "Federated Identity feature not enabled")
+ @testtools.skipUnless(CONF.identity_feature_enabled.external_idp,
+ "External identity provider is not available")
+ def test_request_scoped_token(self):
+ self._test_request_scoped_token()
+
+
class TestK2KFederatedAuthentication(TestSaml2EcpFederatedAuthentication):
def setUp(self):
@@ -253,3 +267,13 @@
self.auth_client.expected_success(200, resp.status)
return etree.XML(saml), self.sp_url
+
+ @testtools.skipUnless(CONF.identity_feature_enabled.federation,
+ "Federated Identity feature not enabled")
+ def test_request_unscoped_token(self):
+ self._test_request_unscoped_token()
+
+ @testtools.skipUnless(CONF.identity_feature_enabled.federation,
+ "Federated Identity feature not enabled")
+ def test_request_scoped_token(self):
+ self._test_request_scoped_token()