Consolidates rbac_base for v2 and v3 identity tests
Consolidates identity v2 and v3 base classes into one file and
refactors necessary identity tests as a result of this change.
Change-Id: Iab2850f6863cb4c2250bd2ad5fe47ee7ba5fb954
Closes-Bug: #1685958
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
similarity index 70%
rename from patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
rename to patrole_tempest_plugin/tests/api/identity/rbac_base.py
index 927ec39..b37477e 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
@@ -12,6 +12,7 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
+from oslo_log import log as logging
from tempest.api.identity import base
from tempest import config
@@ -21,27 +22,194 @@
from patrole_tempest_plugin.rbac_utils import rbac_utils
CONF = config.CONF
+LOG = logging.getLogger(__name__)
-class BaseIdentityV3RbacTest(base.BaseIdentityV3Test):
+class BaseIdentityRbacTest(base.BaseIdentityTest):
credentials = ['admin', 'primary']
@classmethod
def skip_checks(cls):
- super(BaseIdentityV3RbacTest, cls).skip_checks()
+ super(BaseIdentityRbacTest, cls).skip_checks()
if not CONF.rbac.enable_rbac:
raise cls.skipException(
"%s skipped as RBAC testing not enabled" % cls.__name__)
@classmethod
def setup_clients(cls):
- super(BaseIdentityV3RbacTest, cls).setup_clients()
+ super(BaseIdentityRbacTest, cls).setup_clients()
cls.auth_provider = cls.os_primary.auth_provider
cls.rbac_utils = rbac_utils()
cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
+ @classmethod
+ def resource_setup(cls):
+ super(BaseIdentityRbacTest, cls).resource_setup()
+ cls.endpoints = []
+ cls.roles = []
+ cls.services = []
+ cls.users = []
+
+ @classmethod
+ def resource_cleanup(cls):
+ for endpoint in cls.endpoints:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.endpoints_client.delete_endpoint, endpoint['id'])
+
+ for role in cls.roles:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.roles_client.delete_role, role['id'])
+
+ for service in cls.services:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.services_client.delete_service, service['id'])
+
+ for user in cls.users:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.users_client.delete_user, user['id'])
+
+ super(BaseIdentityRbacTest, cls).resource_cleanup()
+
+ @classmethod
+ def setup_test_endpoint(cls, service=None):
+ """Creates a service and an endpoint for test."""
+ interface = 'public'
+ url = data_utils.rand_url()
+ region_name = data_utils.rand_name('region')
+ # Endpoint creation requires a service
+ if service is None:
+ service = cls.setup_test_service()
+ params = {
+ 'service_id': service['id'],
+ 'region': region_name,
+ 'interface': interface
+ }
+ if cls.identity_version == 'v2':
+ params['publicurl'] = url
+ elif cls.identity_version == 'v3':
+ params['url'] = url
+ else:
+ LOG.debug("Keystone version is invalid."
+ " Please enter a valid version number.")
+ raise KeyError
+
+ endpoint = cls.endpoints_client.create_endpoint(**params)['endpoint']
+ cls.endpoints.append(endpoint)
+
+ return endpoint
+
+ @classmethod
+ def setup_test_role(cls):
+ """Set up a test role."""
+ name = data_utils.rand_name('test_role')
+ role = cls.roles_client.create_role(name=name)['role']
+ cls.roles.append(role)
+
+ return role
+
+ @classmethod
+ def setup_test_service(cls):
+ """Setup a test service."""
+ name = data_utils.rand_name('service')
+ serv_type = data_utils.rand_name('type')
+ desc = data_utils.rand_name('description')
+
+ service = cls.services_client.create_service(
+ name=name,
+ type=serv_type,
+ description=desc)
+
+ if cls.identity_version == 'v2':
+ service = service['OS-KSADM:service']
+ elif cls.identity_version == 'v3':
+ service = service['service']
+ else:
+ LOG.debug("Keystone version is invalid."
+ " Please enter a valid version number.")
+ raise KeyError
+
+ cls.services.append(service)
+
+ return service
+
+ @classmethod
+ def setup_test_user(cls, password=None, **kwargs):
+ """Set up a test user."""
+ username = data_utils.rand_name('test_user')
+ email = username + '@testmail.tm'
+
+ user = cls.users_client.create_user(
+ name=username,
+ email=email,
+ password=password,
+ **kwargs)['user']
+ cls.users.append(user)
+
+ return user
+
+
+class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
+ """Base test class for the Identity v2 admin API.
+
+ Keystone's v2 API is split into two APIs: an admin and non-admin API. RBAC
+ testing is only provided for the admin API. Instead of policy enforcement,
+ these APIs execute ``self.assert_admin(request)``, which checks that the
+ request object has ``context_is_admin``. For more details, see the
+ implementation of ``assert_admin`` in ``keystone.common.wsgi``.
+ """
+
+ identity_version = 'v2'
+
+ @classmethod
+ def skip_checks(cls):
+ super(BaseIdentityV2AdminRbacTest, cls).skip_checks()
+ if not CONF.identity_feature_enabled.api_v2_admin:
+ raise cls.skipException('Identity v2 admin not available')
+
+ @classmethod
+ def setup_clients(cls):
+ super(BaseIdentityV2AdminRbacTest, cls).setup_clients()
+ cls.client = cls.os_primary.identity_client
+ cls.endpoints_client = cls.os_primary.endpoints_client
+ cls.roles_client = cls.os_primary.roles_client
+ cls.services_client = cls.os_primary.identity_services_client
+ cls.tenants_client = cls.os_primary.tenants_client
+ cls.token_client = cls.os_primary.token_client
+ cls.users_client = cls.os_primary.users_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(BaseIdentityV2AdminRbacTest, cls).resource_setup()
+ cls.tenants = []
+
+ @classmethod
+ def resource_cleanup(cls):
+ for tenant in cls.tenants:
+ test_utils.call_and_ignore_notfound_exc(
+ cls.tenants_client.delete_tenant, tenant['id'])
+
+ super(BaseIdentityV2AdminRbacTest, cls).resource_cleanup()
+
+ @classmethod
+ def setup_test_tenant(cls):
+ """Set up a test tenant."""
+ name = data_utils.rand_name('test_tenant')
+ tenant = cls.tenants_client.create_tenant(
+ name=name,
+ description=data_utils.rand_name('desc'))['tenant']
+ cls.tenants.append(tenant)
+ return tenant
+
+
+class BaseIdentityV3RbacTest(BaseIdentityRbacTest):
+
+ identity_version = 'v3'
+
+ @classmethod
+ def setup_clients(cls):
+ super(BaseIdentityV3RbacTest, cls).setup_clients()
cls.creds_client = cls.os_primary.credentials_client
cls.consumers_client = cls.os_primary.oauth_consumers_client
cls.domains_client = cls.os_primary.domains_client
@@ -61,15 +229,11 @@
super(BaseIdentityV3RbacTest, cls).resource_setup()
cls.credentials = []
cls.domains = []
- cls.endpoints = []
cls.groups = []
cls.policies = []
cls.projects = []
cls.regions = []
- cls.roles = []
- cls.services = []
cls.trusts = []
- cls.users = []
@classmethod
def resource_cleanup(cls):
@@ -85,10 +249,6 @@
test_utils.call_and_ignore_notfound_exc(
cls.domains_client.delete_domain, domain['id'])
- for endpoint in cls.endpoints:
- test_utils.call_and_ignore_notfound_exc(
- cls.endpoints_client.delete_endpoint, endpoint['id'])
-
for group in cls.groups:
test_utils.call_and_ignore_notfound_exc(
cls.groups_client.delete_group, group['id'])
@@ -105,22 +265,10 @@
test_utils.call_and_ignore_notfound_exc(
cls.regions_client.delete_region, region['id'])
- for role in cls.roles:
- test_utils.call_and_ignore_notfound_exc(
- cls.roles_client.delete_role, role['id'])
-
- for service in cls.services:
- test_utils.call_and_ignore_notfound_exc(
- cls.services_client.delete_service, service['id'])
-
for trust in cls.trusts:
test_utils.call_and_ignore_notfound_exc(
cls.trusts_client.delete_trust, trust['id'])
- for user in cls.users:
- test_utils.call_and_ignore_notfound_exc(
- cls.users_client.delete_user, user['id'])
-
super(BaseIdentityV3RbacTest, cls).resource_cleanup()
@classmethod
@@ -150,23 +298,6 @@
return domain
@classmethod
- def setup_test_endpoint(cls, service=None):
- """Creates a service and an endpoint for test."""
- interface = 'public'
- url = data_utils.rand_url()
- # Endpoint creation requires a service
- if service is None:
- service = cls.setup_test_service()
-
- endpoint = cls.endpoints_client.create_endpoint(
- service_id=service['id'],
- interface=interface,
- url=url)['endpoint']
- cls.endpoints.append(endpoint)
-
- return endpoint
-
- @classmethod
def setup_test_group(cls):
"""Creates a group for test."""
name = data_utils.rand_name('test_group')
@@ -211,30 +342,6 @@
return region
@classmethod
- def setup_test_role(cls):
- """Set up a test role."""
- name = data_utils.rand_name('test_role')
- role = cls.roles_client.create_role(name=name)['role']
- cls.roles.append(role)
-
- return role
-
- @classmethod
- def setup_test_service(cls):
- """Setup a test service."""
- name = data_utils.rand_name('service')
- serv_type = data_utils.rand_name('type')
- desc = data_utils.rand_name('description')
-
- service = cls.services_client.create_service(
- name=name,
- type=serv_type,
- description=desc)['service']
- cls.services.append(service)
-
- return service
-
- @classmethod
def setup_test_trust(cls, trustee_user_id, trustor_user_id, **kwargs):
"""Setup a test trust."""
trust = cls.trusts_client.create_trust(
@@ -243,18 +350,3 @@
cls.trusts.append(trust)
return trust
-
- @classmethod
- def setup_test_user(cls, password=None, **kwargs):
- """Set up a test user."""
- username = data_utils.rand_name('test_user')
- email = username + '@testmail.tm'
-
- user = cls.users_client.create_user(
- name=username,
- email=email,
- password=password,
- **kwargs)['user']
- cls.users.append(user)
-
- return user
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py
deleted file mode 100644
index bc07675..0000000
--- a/patrole_tempest_plugin/tests/api/identity/v2/rbac_base.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.api.identity import base
-from tempest import config
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
-
-from patrole_tempest_plugin.rbac_utils import rbac_utils
-
-CONF = config.CONF
-
-
-class BaseIdentityV2AdminRbacTest(base.BaseIdentityV2Test):
- """Base test class for the Identity v2 admin API.
-
- Keystone's v2 API is split into two APIs: an admin and non-admin API. RBAC
- testing is only provided for the admin API. Instead of policy enforcement,
- these APIs execute ``self.assert_admin(request)``, which checks that the
- request object has ``context_is_admin``. For more details, see the
- implementation of ``assert_admin`` in ``keystone.common.wsgi``.
- """
-
- credentials = ['admin', 'primary']
-
- @classmethod
- def skip_checks(cls):
- super(BaseIdentityV2AdminRbacTest, cls).skip_checks()
- if not CONF.rbac.enable_rbac:
- raise cls.skipException(
- "%s skipped as RBAC testing not enabled" % cls.__name__)
- if not CONF.identity_feature_enabled.api_v2_admin:
- raise cls.skipException('Identity v2 admin not available')
-
- @classmethod
- def setup_clients(cls):
- super(BaseIdentityV2AdminRbacTest, cls).setup_clients()
- cls.auth_provider = cls.os_primary.auth_provider
-
- cls.rbac_utils = rbac_utils()
- cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
-
- cls.client = cls.os_primary.identity_client
- cls.endpoints_client = cls.os_primary.endpoints_client
- cls.roles_client = cls.os_primary.roles_client
- cls.services_client = cls.os_primary.identity_services_client
- cls.tenants_client = cls.os_primary.tenants_client
- cls.token_client = cls.os_primary.token_client
- cls.users_client = cls.os_primary.users_client
-
- def _create_service(self):
- name = data_utils.rand_name('service')
- type = data_utils.rand_name('type')
-
- self.service = self.services_client.create_service(
- name=name, type=type,
- description="description")
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.services_client.delete_service,
- self.service['OS-KSADM:service']['id'])
- return self.service
-
- def _create_user(self, name=None, email=None, password=None, **kwargs):
- """Set up a test user."""
- if name is None:
- name = data_utils.rand_name('test_user')
- if email is None:
- email = name + '@testmail.tm'
- if password is None:
- password = data_utils.rand_password()
- user = self.users_client.create_user(
- name=name, email=email, password=password, **kwargs)['user']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.users_client.delete_user,
- user['id'])
- return user
-
- def _create_tenant(self):
- """Set up a test tenant."""
- name = data_utils.rand_name('test_tenant')
- tenant = self.tenants_client.create_tenant(
- name=name,
- description=data_utils.rand_name('desc'))['tenant']
- # Delete the tenant at the end of the test
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.tenants_client.delete_tenant,
- tenant['id'])
- return tenant
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
index f16d0aa..0a9feef 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
@@ -13,43 +13,14 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityEndpointsV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
- @classmethod
- def setup_clients(cls):
- super(IdentityEndpointsV2AdminRbacTest, cls).setup_clients()
- cls.endpoints_client = cls.os_primary.endpoints_client
-
- @classmethod
- def resource_setup(cls):
- super(IdentityEndpointsV2AdminRbacTest, cls).resource_setup()
- cls.region = data_utils.rand_name('region')
- cls.public_url = data_utils.rand_url()
- cls.admin_url = data_utils.rand_url()
- cls.internal_url = data_utils.rand_url()
-
- def _create_endpoint(self):
- self._create_service()
- endpoint = self.endpoints_client.create_endpoint(
- service_id=self.service['OS-KSADM:service']['id'],
- region=self.region,
- publicurl=self.public_url,
- adminurl=self.admin_url,
- internalurl=self.internal_url
- )
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.endpoints_client.delete_endpoint,
- endpoint['endpoint']['id'])
- return endpoint
-
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd124')
@@ -61,7 +32,7 @@
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_endpoint()
+ self.setup_test_endpoint()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -73,9 +44,9 @@
RBAC test for Identity v2 delete_endpoint
"""
- endpoint = self._create_endpoint()
+ endpoint = self.setup_test_endpoint()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.delete_endpoint(endpoint['endpoint']['id'])
+ self.endpoints_client.delete_endpoint(endpoint['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
index a557bb8..9a4363d 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
@@ -18,7 +18,7 @@
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
CONF = config.CONF
@@ -36,7 +36,7 @@
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_tenant()
+ self.setup_test_tenant()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -47,7 +47,7 @@
RBAC test for Identity 2.0 update_tenant
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.update_tenant(tenant['id'],
@@ -62,7 +62,7 @@
RBAC test for Identity 2.0 delete_tenant
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.delete_tenant(tenant['id'])
@@ -77,7 +77,7 @@
RBAC test for Identity 2.0 show_tenant
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.show_tenant(tenant['id'])
@@ -91,7 +91,7 @@
RBAC test for Identity 2.0 list_tenant_users
"""
- tenant = self._create_tenant()
+ tenant = self.setup_test_tenant()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.tenants_client.list_tenant_users(tenant['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
index a1ec5c6..9d80469 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
@@ -13,12 +13,11 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRolesV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
@@ -28,17 +27,10 @@
super(IdentityRolesV2AdminRbacTest, cls).setup_clients()
cls.roles_client = cls.os_primary.roles_client
- def _create_role(self):
- role = self.roles_client.create_role(
- name=data_utils.rand_name('test_role'))['role']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.roles_client.delete_role, role['id'])
- return role
-
def _create_tenant_user_and_role(self):
- tenant = self._create_tenant()
- user = self._create_user(tenantid=tenant['id'])
- role = self._create_role()
+ tenant = self.setup_test_tenant()
+ user = self.setup_test_user(tenantid=tenant['id'])
+ role = self.setup_test_role()
return tenant, user, role
def _create_role_on_project(self, tenant, user, role):
@@ -60,7 +52,7 @@
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_role()
+ self.setup_test_role()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -71,7 +63,7 @@
RBAC test for Identity v2 delete_role
"""
- role = self._create_role()
+ role = self.setup_test_role()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.roles_client.delete_role(role['id'])
@@ -85,7 +77,7 @@
RBAC test for Identity v2 show_role
"""
- role = self._create_role()
+ role = self.setup_test_role()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.roles_client.show_role(role['id'])
@@ -140,8 +132,8 @@
RBAC test for Identity v2 list_user_roles_on_project
"""
- tenant = self._create_tenant()
- user = self._create_user(tenantid=tenant['id'])
+ tenant = self.setup_test_tenant()
+ user = self.setup_test_user(tenantid=tenant['id'])
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.roles_client.list_user_roles_on_project(
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
index ad47fd2..8419ec9 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
@@ -16,16 +16,11 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityServicesV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
- @classmethod
- def setup_clients(cls):
- super(IdentityServicesV2AdminRbacTest, cls).setup_clients()
- cls.services_client = cls.os_primary.identity_services_client
-
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@decorators.idempotent_id('370050f6-d271-4fb4-abc5-4de1d6dfbad2')
@@ -35,7 +30,7 @@
RBAC test for Identity v2 create_service
"""
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_service()
+ self.setup_test_service()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -45,7 +40,7 @@
RBAC test for Identity v2 delete_service
"""
- service_id = self._create_service()['OS-KSADM:service']['id']
+ service_id = self.setup_test_service()['id']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.services_client.delete_service(service_id)
@@ -58,7 +53,7 @@
RBAC test for Identity v2 show_service
"""
- service_id = self._create_service()['OS-KSADM:service']['id']
+ service_id = self.setup_test_service()['id']
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.services_client.show_service(service_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
index f90680d..dfe6e71 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v2 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityUsersV2AdminRbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
@@ -27,13 +27,13 @@
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d904')
def test_create_user(self):
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_user()
+ self.setup_test_user()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d905')
def test_update_user(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.update_user(user['id'], email="changedUser@xyz.com")
@@ -42,7 +42,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d9a1')
def test_update_user_enabled(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.update_user_enabled(user['id'], enabled=True)
@@ -51,7 +51,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d906')
def test_delete_user(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.delete_user(user['id'])
@@ -67,7 +67,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d908')
def test_show_user(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.show_user(user['id'])
@@ -76,7 +76,7 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d909')
def test_update_user_password(self):
- user = self._create_user()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
self.users_client.update_user_password(
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
index 42f2c01..995c3b0 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityCredentialsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
index ba5d5e0..b45c091 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityDomainsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py
index 77ad647..7e844e7 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoint_filter_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityEndpointsFilterV3RbacTest(
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
index eabebb6..2659bae 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityEndpointsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
index 3cc71a6..74402d5 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityGroupsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
index f331cff..fab5a6e 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
@@ -18,7 +18,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityConsumersV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
index 8f11e30..da587d9 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityPoliciesV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
index 325b987..0c65602 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityProjectV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
index b35facd..541e8af 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRegionsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
index 2dd0ff5..6fe6c29 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
@@ -16,7 +16,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRoleAssignmentsV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
index 2676bf9..0458e16 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
@@ -18,7 +18,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityRolesV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
index c02b471..2f0d1ac 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentitySericesV3RbacTest(rbac_base.BaseIdentityV3RbacTest):
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
index 622b330..763c407 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
@@ -19,7 +19,7 @@
from tempest import test
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
CONF = config.CONF
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
index 7380531..d3b3e4c 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
@@ -17,7 +17,7 @@
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
-from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
+from patrole_tempest_plugin.tests.api.identity import rbac_base
class IdentityUserV3AdminRbacTest(rbac_base.BaseIdentityV3RbacTest):