Migrate to override_role for identity module (part 1)
Now that override_role has supplanted switch_role (which has
been deprecated) in [0], the RBAC tests need to switch to use
override_role.
This PS switches to override_role for the identity module. This
PS handles the first 10 modules for identity.
This PS also removes unnecessary indexing into response bodies.
[0] I670fba358bf321eae0d22d18cea6d2f530f00716
Partially Implements: blueprint rbac-utils-contextmanager
Change-Id: Ia80582119a98e63320859d8473987cdc2196d7e8
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
index 6a26f2b..8393696 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_auth_rbac.py
@@ -34,12 +34,12 @@
@rbac_rule_validation.action(service="keystone",
rule="identity:get_auth_projects")
def test_list_auth_projects(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.identity_client.list_auth_projects()['projects']
+ with self.rbac_utils.override_role(self):
+ self.identity_client.list_auth_projects()
@decorators.idempotent_id('6a40af0d-7265-4657-b6b2-87a2828e263e')
@rbac_rule_validation.action(service="keystone",
rule="identity:get_auth_domains")
def test_list_auth_domain(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.identity_client.list_auth_domains()
+ with self.rbac_utils.override_role(self):
+ self.identity_client.list_auth_domains()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
index 995c3b0..af6feb6 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
@@ -34,8 +34,8 @@
def test_create_credential(self):
project = self.setup_test_project()
user = self.setup_test_user(project_id=project['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_credential(user=user)
+ with self.rbac_utils.override_role(self):
+ self.setup_test_credential(user=user)
@rbac_rule_validation.action(service="keystone",
rule="identity:update_credential")
@@ -45,13 +45,13 @@
new_keys = [data_utils.rand_uuid_hex(),
data_utils.rand_uuid_hex()]
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.creds_client.update_credential(
- credential['id'],
- credential=credential,
- access_key=new_keys[0],
- secret_key=new_keys[1],
- project_id=credential['project_id'])['credential']
+ with self.rbac_utils.override_role(self):
+ self.creds_client.update_credential(
+ credential['id'],
+ credential=credential,
+ access_key=new_keys[0],
+ secret_key=new_keys[1],
+ project_id=credential['project_id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_credential")
@@ -59,8 +59,8 @@
def test_delete_credential(self):
credential = self._create_user_project_and_credential()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.creds_client.delete_credential(credential['id'])
+ with self.rbac_utils.override_role(self):
+ self.creds_client.delete_credential(credential['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_credential")
@@ -68,12 +68,12 @@
def test_show_credential(self):
credential = self._create_user_project_and_credential()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.creds_client.show_credential(credential['id'])
+ with self.rbac_utils.override_role(self):
+ self.creds_client.show_credential(credential['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_credentials")
@decorators.idempotent_id('3de303e2-12a7-4811-805a-f18906472038')
def test_list_credentials(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.creds_client.list_credentials()
+ with self.rbac_utils.override_role(self):
+ self.creds_client.list_credentials()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py
index 31f962a..8db8906 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_domain_configuration_rbac.py
@@ -56,31 +56,31 @@
rule="identity:create_domain_config")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd115')
def test_create_domain_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_domain_config(self.domain_id)
+ with self.rbac_utils.override_role(self):
+ self._create_domain_config(self.domain_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:get_domain_config")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd118')
def test_show_domain_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.show_domain_config(self.domain_id)['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.show_domain_config(self.domain_id)
@decorators.idempotent_id('1b539f95-4991-4e09-960f-fa771e1007d7')
@rbac_rule_validation.action(service="keystone",
rule="identity:get_domain_config")
def test_show_domain_group_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.show_domain_group_config(
- self.domain_id, 'identity')['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.show_domain_group_config(
+ self.domain_id, 'identity')
@decorators.idempotent_id('590c774d-a294-44f8-866e-aac9f4ab3809')
@rbac_rule_validation.action(service="keystone",
rule="identity:get_domain_config")
def test_show_domain_group_option_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.show_domain_group_option_config(
- self.domain_id, 'identity', 'driver')['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.show_domain_group_option_config(
+ self.domain_id, 'identity', 'driver')
@decorators.idempotent_id('21053885-1ce3-4167-b5e3-e470253481da')
@rbac_rule_validation.action(
@@ -89,77 +89,76 @@
def test_show_security_compliance_domain_config(self):
# The "security_compliance" group can only be shown for the default
# domain.
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.show_domain_group_config(
- CONF.identity.default_domain_id, 'security_compliance')
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.show_domain_group_config(
+ CONF.identity.default_domain_id, 'security_compliance')
@decorators.idempotent_id('d1addd10-9ae4-4360-9961-47324fd22f23')
@rbac_rule_validation.action(service="keystone",
rule="identity:get_domain_config_default")
def test_show_default_config_settings(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.show_default_config_settings()['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.show_default_config_settings()
@decorators.idempotent_id('63183377-251f-4622-81f0-6b58a8a285c9')
@rbac_rule_validation.action(service="keystone",
rule="identity:get_domain_config_default")
def test_show_default_group_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.show_default_group_config('identity')[
- 'config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.show_default_group_config('identity')
@decorators.idempotent_id('6440e9c1-e8da-474d-9118-89996fffe5f8')
@rbac_rule_validation.action(service="keystone",
rule="identity:get_domain_config_default")
def test_show_default_group_option(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.show_default_group_option('identity',
- 'driver')['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.show_default_group_option('identity',
+ 'driver')
@rbac_rule_validation.action(service="keystone",
rule="identity:update_domain_config")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd116')
def test_update_domain_config(self):
updated_config = {'ldap': {'url': data_utils.rand_url()}}
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.update_domain_config(
- self.domain_id, **updated_config)['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.update_domain_config(
+ self.domain_id, **updated_config)
@decorators.idempotent_id('6e32bf96-dbe9-4ac8-b814-0e79fa948285')
@rbac_rule_validation.action(service="keystone",
rule="identity:update_domain_config")
def test_update_domain_group_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.update_domain_group_config(
- self.domain_id, 'identity', identity=self.identity)['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.update_domain_group_config(
+ self.domain_id, 'identity', identity=self.identity)
@decorators.idempotent_id('d2c510da-a077-4c67-9522-27745ef2812b')
@rbac_rule_validation.action(service="keystone",
rule="identity:update_domain_config")
def test_update_domain_group_option_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.update_domain_group_option_config(
- self.domain_id, 'identity', 'driver', driver='ldap')['config']
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.update_domain_group_option_config(
+ self.domain_id, 'identity', 'driver', driver='ldap')
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_domain_config")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd117')
def test_delete_domain_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.delete_domain_config(self.domain_id)
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.delete_domain_config(self.domain_id)
@decorators.idempotent_id('f479694b-df02-4d5a-88b6-c8b52f9341eb')
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_domain_config")
def test_delete_domain_group_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.delete_domain_group_config(self.domain_id,
- 'identity')
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.delete_domain_group_config(
+ self.domain_id, 'identity')
@decorators.idempotent_id('f594bde3-31c9-414f-922d-0ddafdc0ca40')
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_domain_config")
def test_delete_domain_group_option_config(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domain_config_client.delete_domain_group_option_config(
- self.domain_id, 'identity', 'driver')
+ with self.rbac_utils.override_role(self):
+ self.domain_config_client.delete_domain_group_option_config(
+ self.domain_id, 'identity', 'driver')
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
index a8cd022..3837051 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_domains_rbac.py
@@ -26,8 +26,8 @@
rule="identity:create_domain")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd110')
def test_create_domain(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_domain()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_domain()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_domain")
@@ -36,10 +36,10 @@
domain = self.setup_test_domain()
new_domain_name = data_utils.rand_name(
self.__class__.__name__ + '-test_update_domain')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domains_client.update_domain(domain['id'],
- domain=domain,
- name=new_domain_name)
+ with self.rbac_utils.override_role(self):
+ self.domains_client.update_domain(domain['id'],
+ domain=domain,
+ name=new_domain_name)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_domain")
@@ -50,20 +50,20 @@
self.domains_client.update_domain(domain['id'],
domain=domain,
enabled=False)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domains_client.delete_domain(domain['id'])
+ with self.rbac_utils.override_role(self):
+ self.domains_client.delete_domain(domain['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_domain")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd113')
def test_show_domain(self):
domain = self.setup_test_domain()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domains_client.show_domain(domain['id'])
+ with self.rbac_utils.override_role(self):
+ self.domains_client.show_domain(domain['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_domains")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd114')
def test_list_domains(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.domains_client.list_domains()
+ with self.rbac_utils.override_role(self):
+ self.domains_client.list_domains()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
index 2659bae..ad1fd9b 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
@@ -27,8 +27,8 @@
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd127')
def test_create_endpoint(self):
service = self.setup_test_service()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_endpoint(service=service)
+ with self.rbac_utils.override_role(self):
+ self.setup_test_endpoint(service=service)
@rbac_rule_validation.action(service="keystone",
rule="identity:update_endpoint")
@@ -37,10 +37,10 @@
endpoint = self.setup_test_endpoint()
new_url = data_utils.rand_url()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.update_endpoint(
- endpoint["id"],
- url=new_url)
+ with self.rbac_utils.override_role(self):
+ self.endpoints_client.update_endpoint(
+ endpoint["id"],
+ url=new_url)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_endpoint")
@@ -48,8 +48,8 @@
def test_delete_endpoint(self):
endpoint = self.setup_test_endpoint()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.delete_endpoint(endpoint['id'])
+ with self.rbac_utils.override_role(self):
+ self.endpoints_client.delete_endpoint(endpoint['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_endpoint")
@@ -57,12 +57,12 @@
def test_show_endpoint(self):
endpoint = self.setup_test_endpoint()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.show_endpoint(endpoint['id'])
+ with self.rbac_utils.override_role(self):
+ self.endpoints_client.show_endpoint(endpoint['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_endpoints")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd131')
def test_list_endpoints(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.list_endpoints()
+ with self.rbac_utils.override_role(self):
+ self.endpoints_client.list_endpoints()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py
index 00c9f55..6e58289 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_groups_rbac.py
@@ -61,31 +61,31 @@
rule="identity:create_endpoint_group")
@decorators.idempotent_id('b4765906-52ec-477b-b441-a8508ced68e3')
def test_create_endpoint_group(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_endpoint_group(ignore_not_found=True)
+ with self.rbac_utils.override_role(self):
+ self._create_endpoint_group(ignore_not_found=True)
@rbac_rule_validation.action(service="keystone",
rule="identity:list_endpoint_groups")
@decorators.idempotent_id('089aa3a7-ba1f-4f70-a1cf-f298a845058a')
def test_list_endpoint_groups(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_groups_client.list_endpoint_groups()['endpoint_groups']
+ with self.rbac_utils.override_role(self):
+ self.endpoint_groups_client.list_endpoint_groups()
@decorators.idempotent_id('5c16368d-1485-4c28-9803-db3fa3510623')
@rbac_rule_validation.action(service="keystone",
rule="identity:get_endpoint_group")
def test_check_endpoint_group(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_groups_client.check_endpoint_group(
- self.endpoint_group_id)
+ with self.rbac_utils.override_role(self):
+ self.endpoint_groups_client.check_endpoint_group(
+ self.endpoint_group_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:get_endpoint_group")
@decorators.idempotent_id('bd2b6fb8-661f-4255-84b2-50fea4a1dc61')
def test_show_endpoint_group(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_groups_client.show_endpoint_group(
- self.endpoint_group_id)['endpoint_group']
+ with self.rbac_utils.override_role(self):
+ self.endpoint_groups_client.show_endpoint_group(
+ self.endpoint_group_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:update_endpoint_group")
@@ -94,9 +94,9 @@
updated_name = data_utils.rand_name(
self.__class__.__name__ + '-EPFilterGroup')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_groups_client.update_endpoint_group(
- self.endpoint_group_id, name=updated_name)['endpoint_group']
+ with self.rbac_utils.override_role(self):
+ self.endpoint_groups_client.update_endpoint_group(
+ self.endpoint_group_id, name=updated_name)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_endpoint_group")
@@ -104,5 +104,6 @@
def test_delete_endpoint_group(self):
endpoint_group_id = self._create_endpoint_group(ignore_not_found=True)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_groups_client.delete_endpoint_group(endpoint_group_id)
+ with self.rbac_utils.override_role(self):
+ self.endpoint_groups_client.delete_endpoint_group(
+ endpoint_group_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py
index 7a4f2d7..1045b9b 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_ep_filter_projects_rbac.py
@@ -48,17 +48,17 @@
@decorators.idempotent_id('9199ec13-816d-4efe-b8b1-e1cd026b9747')
def test_add_endpoint_to_project(self):
# Adding endpoints to projects
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._add_endpoint_to_project(ignore_not_found=True)
+ with self.rbac_utils.override_role(self):
+ self._add_endpoint_to_project(ignore_not_found=True)
@rbac_rule_validation.action(
service="keystone",
rule="identity:list_projects_for_endpoint")
@decorators.idempotent_id('f53dca42-ec8a-48e9-924b-0bbe6c99727f')
def test_list_projects_for_endpoint(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_filter_client.list_projects_for_endpoint(
- self.endpoint['id'])
+ with self.rbac_utils.override_role(self):
+ self.endpoint_filter_client.list_projects_for_endpoint(
+ self.endpoint['id'])
@rbac_rule_validation.action(
service="keystone",
@@ -66,18 +66,18 @@
@decorators.idempotent_id('0c1425eb-833c-4aa1-a21d-52ffa41fdc6a')
def test_check_endpoint_in_project(self):
self._add_endpoint_to_project()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_filter_client.check_endpoint_in_project(
- self.project['id'], self.endpoint['id'])
+ with self.rbac_utils.override_role(self):
+ self.endpoint_filter_client.check_endpoint_in_project(
+ self.project['id'], self.endpoint['id'])
@rbac_rule_validation.action(
service="keystone",
rule="identity:list_endpoints_for_project")
@decorators.idempotent_id('5d86c659-c6ad-41e0-854e-3823e95c7cc2')
def test_list_endpoints_in_project(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_filter_client.list_endpoints_in_project(
- self.project['id'])
+ with self.rbac_utils.override_role(self):
+ self.endpoint_filter_client.list_endpoints_in_project(
+ self.project['id'])
@rbac_rule_validation.action(
service="keystone",
@@ -85,6 +85,6 @@
@decorators.idempotent_id('b4e21c10-4f47-427b-9b8a-f5b5601adfda')
def test_remove_endpoint_from_project(self):
self._add_endpoint_to_project(ignore_not_found=True)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoint_filter_client.delete_endpoint_from_project(
- self.project['id'], self.endpoint['id'])
+ with self.rbac_utils.override_role(self):
+ self.endpoint_filter_client.delete_endpoint_from_project(
+ self.project['id'], self.endpoint['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
index 0fc29b7..06148d9 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
@@ -33,8 +33,8 @@
rule="identity:create_group")
@decorators.idempotent_id('88377f51-9074-4d64-a22f-f8931d048c9a')
def test_create_group(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_group()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_group()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_group")
@@ -44,9 +44,8 @@
new_group_name = data_utils.rand_name(
self.__class__.__name__ + '-group')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.update_group(group['id'],
- name=new_group_name)
+ with self.rbac_utils.override_role(self):
+ self.groups_client.update_group(group['id'], name=new_group_name)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_group")
@@ -54,8 +53,8 @@
def test_delete_group(self):
group = self.setup_test_group()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.delete_group(group['id'])
+ with self.rbac_utils.override_role(self):
+ self.groups_client.delete_group(group['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_group")
@@ -63,15 +62,15 @@
def test_show_group(self):
group = self.setup_test_group()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.show_group(group['id'])
+ with self.rbac_utils.override_role(self):
+ self.groups_client.show_group(group['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_groups")
@decorators.idempotent_id('c4d0f76b-735f-4fd0-868b-0006bc420ff4')
def test_list_groups(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.list_groups()
+ with self.rbac_utils.override_role(self):
+ self.groups_client.list_groups()
@rbac_rule_validation.action(service="keystone",
rule="identity:add_user_to_group")
@@ -80,8 +79,8 @@
group = self.setup_test_group()
user = self.setup_test_user()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.add_group_user(group['id'], user['id'])
+ with self.rbac_utils.override_role(self):
+ self.groups_client.add_group_user(group['id'], user['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:remove_user_from_group")
@@ -89,8 +88,8 @@
def test_remove_user_group(self):
group_id, user_id = self._create_user_and_add_to_new_group()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.delete_group_user(group_id, user_id)
+ with self.rbac_utils.override_role(self):
+ self.groups_client.delete_group_user(group_id, user_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:list_users_in_group")
@@ -98,8 +97,8 @@
def test_list_user_group(self):
group = self.setup_test_group()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.list_group_users(group['id'])
+ with self.rbac_utils.override_role(self):
+ self.groups_client.list_group_users(group['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:check_user_in_group")
@@ -107,5 +106,5 @@
def test_check_user_group(self):
group_id, user_id = self._create_user_and_add_to_new_group()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.groups_client.check_group_user_existence(group_id, user_id)
+ with self.rbac_utils.override_role(self):
+ self.groups_client.check_group_user_existence(group_id, user_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
index d3e17f1..f591e15 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_consumers_rbac.py
@@ -37,8 +37,8 @@
rule="identity:create_consumer")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d970')
def test_create_consumer(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_consumer()
+ with self.rbac_utils.override_role(self):
+ self._create_consumer()
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_consumer")
@@ -46,8 +46,8 @@
def test_delete_consumer(self):
consumer = self._create_consumer()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.consumers_client.delete_consumer(consumer['id'])
+ with self.rbac_utils.override_role(self):
+ self.consumers_client.delete_consumer(consumer['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:update_consumer")
@@ -57,9 +57,9 @@
updated_description = data_utils.rand_name(
self.__class__.__name__ + '-IdentityConsumer')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.consumers_client.update_consumer(consumer['id'],
- updated_description)
+ with self.rbac_utils.override_role(self):
+ self.consumers_client.update_consumer(consumer['id'],
+ updated_description)
@rbac_rule_validation.action(service="keystone",
rule="identity:get_consumer")
@@ -67,12 +67,12 @@
def test_show_consumer(self):
consumer = self._create_consumer()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.consumers_client.show_consumer(consumer['id'])
+ with self.rbac_utils.override_role(self):
+ self.consumers_client.show_consumer(consumer['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_consumers")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d975')
def test_list_consumers(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.consumers_client.list_consumers()
+ with self.rbac_utils.override_role(self):
+ self.consumers_client.list_consumers()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py
index 0853d12..13731d5 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_oauth_tokens_rbac.py
@@ -85,10 +85,10 @@
def test_authorize_request_token(self):
_, request_token = self._create_consumer_and_request_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.oauth_token_client.authorize_request_token(
- request_token['oauth_token'],
- self.role_ids)
+ with self.rbac_utils.override_role(self):
+ self.oauth_token_client.authorize_request_token(
+ request_token['oauth_token'],
+ self.role_ids)
@rbac_rule_validation.action(service="keystone",
rule="identity:get_access_token")
@@ -96,9 +96,9 @@
def test_get_access_token(self):
access_token = self._create_access_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.oauth_token_client.get_access_token(self.user_id,
- access_token)
+ with self.rbac_utils.override_role(self):
+ self.oauth_token_client.get_access_token(self.user_id,
+ access_token)
@rbac_rule_validation.action(service="keystone",
rule="identity:get_access_token_role")
@@ -106,16 +106,16 @@
def test_get_access_token_role(self):
access_token = self._create_access_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.oauth_token_client.get_access_token_role(
- self.user_id, access_token, self.role_ids[0])
+ with self.rbac_utils.override_role(self):
+ self.oauth_token_client.get_access_token_role(
+ self.user_id, access_token, self.role_ids[0])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_access_tokens")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d979')
def test_list_access_tokens(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.oauth_token_client.list_access_tokens(self.user_id)
+ with self.rbac_utils.override_role(self):
+ self.oauth_token_client.list_access_tokens(self.user_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:list_access_token_roles")
@@ -123,9 +123,9 @@
def test_list_access_token_roles(self):
access_token = self._create_access_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.oauth_token_client.list_access_token_roles(
- self.user_id, access_token)
+ with self.rbac_utils.override_role(self):
+ self.oauth_token_client.list_access_token_roles(
+ self.user_id, access_token)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_access_token")
@@ -133,6 +133,6 @@
def test_revoke_access_token(self):
access_token = self._create_access_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.oauth_token_client.revoke_access_token(
- self.user_id, access_token)
+ with self.rbac_utils.override_role(self):
+ self.oauth_token_client.revoke_access_token(
+ self.user_id, access_token)