Migrate to override_role for identity v2 module
Now that override_role has supplanted switch_role (which has
been deprecated) in [0], the RBAC tests need to switch to use
override_role.
This PS switches to override_role for the identity ve module.
This patch handles all the remaining modules for identity v2.
[0] I670fba358bf321eae0d22d18cea6d2f530f00716
Partially Implements: blueprint rbac-utils-contextmanager
Change-Id: Ia8c0a465e906239e1572fdda2eceea820328faa8
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
index 0a9feef..133562c 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_endpoints_rbac.py
@@ -31,8 +31,8 @@
RBAC test for Identity v2 create_endpoint
"""
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_endpoint()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_endpoint()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -45,8 +45,8 @@
"""
endpoint = self.setup_test_endpoint()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.delete_endpoint(endpoint['id'])
+ with self.rbac_utils.override_role(self):
+ self.endpoints_client.delete_endpoint(endpoint['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -58,5 +58,5 @@
RBAC test for Identity v2 list_endpoint
"""
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.endpoints_client.list_endpoints()
+ with self.rbac_utils.override_role(self):
+ self.endpoints_client.list_endpoints()
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
index db1f6e6..74886ec 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
@@ -36,8 +36,8 @@
RBAC test for Identity 2.0 create_tenant
"""
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_tenant()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_tenant()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -50,9 +50,9 @@
"""
tenant = self.setup_test_tenant()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.tenants_client.update_tenant(tenant['id'],
- description="Changed description")
+ with self.rbac_utils.override_role(self):
+ self.tenants_client.update_tenant(
+ tenant['id'], description="Changed description")
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -65,8 +65,8 @@
"""
tenant = self.setup_test_tenant()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.tenants_client.delete_tenant(tenant['id'])
+ with self.rbac_utils.override_role(self):
+ self.tenants_client.delete_tenant(tenant['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -80,8 +80,8 @@
tenant = self.setup_test_tenant()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.tenants_client.show_tenant(tenant['id'])
+ with self.rbac_utils.override_role(self):
+ self.tenants_client.show_tenant(tenant['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -94,8 +94,8 @@
"""
tenant = self.setup_test_tenant()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.tenants_client.list_tenant_users(tenant['id'])
+ with self.rbac_utils.override_role(self):
+ self.tenants_client.list_tenant_users(tenant['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -117,8 +117,8 @@
admin_tenant_id = self.os_admin.credentials.project_id
non_admin_tenant_id = self.os_primary.credentials.project_id
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- tenants = tenants_client.list_tenants()['tenants']
+ with self.rbac_utils.override_role(self):
+ tenants = tenants_client.list_tenants()['tenants']
tenant_ids = [t['id'] for t in tenants]
if admin_tenant_id not in tenant_ids:
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
index 9d80469..2065c42 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_roles_rbac.py
@@ -51,8 +51,8 @@
RBAC test for Identity v2 role-create
"""
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_role()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_role()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -65,8 +65,8 @@
"""
role = self.setup_test_role()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role(role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role(role['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -79,8 +79,8 @@
"""
role = self.setup_test_role()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.show_role(role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.show_role(role['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -91,8 +91,8 @@
RBAC test for Identity v2 list_roles
"""
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_roles()
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_roles()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -104,8 +104,8 @@
RBAC test for Identity v2 create_user_role_on_project
"""
tenant, user, role = self._create_tenant_user_and_role()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self._create_role_on_project(tenant, user, role)
+ with self.rbac_utils.override_role(self):
+ self._create_role_on_project(tenant, user, role)
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -119,9 +119,9 @@
tenant, user, role = self._create_tenant_user_and_role()
self._create_role_on_project(tenant, user, role)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role_from_user_on_project(
- tenant['id'], user['id'], role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role_from_user_on_project(
+ tenant['id'], user['id'], role['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -135,6 +135,6 @@
tenant = self.setup_test_tenant()
user = self.setup_test_user(tenantid=tenant['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_user_roles_on_project(
- tenant['id'], user['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_user_roles_on_project(
+ tenant['id'], user['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
index 8419ec9..6485c91 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_services_rbac.py
@@ -29,8 +29,8 @@
RBAC test for Identity v2 create_service
"""
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_service()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_service()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -42,8 +42,8 @@
"""
service_id = self.setup_test_service()['id']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.services_client.delete_service(service_id)
+ with self.rbac_utils.override_role(self):
+ self.services_client.delete_service(service_id)
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -55,8 +55,8 @@
"""
service_id = self.setup_test_service()['id']
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.services_client.show_service(service_id)
+ with self.rbac_utils.override_role(self):
+ self.services_client.show_service(service_id)
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -66,5 +66,5 @@
RBAC test for Identity v2 list_service
"""
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.services_client.list_services()
+ with self.rbac_utils.override_role(self):
+ self.services_client.list_services()
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py
index 25150dd..424e2d3 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py
@@ -41,8 +41,8 @@
"""
token_id = self._create_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.show_token(token_id)
+ with self.rbac_utils.override_role(self):
+ self.client.show_token(token_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:revoke_token")
@@ -55,8 +55,8 @@
"""
token_id = self._create_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.delete_token(token_id)
+ with self.rbac_utils.override_role(self):
+ self.client.delete_token(token_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:validate_token_head")
@@ -68,5 +68,5 @@
RBAC test for Identity v2 token head validation
"""
token_id = self._create_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.client.check_token_existence(token_id)
+ with self.rbac_utils.override_role(self):
+ self.client.check_token_existence(token_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
index dfe6e71..315637f 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_users_rbac.py
@@ -26,8 +26,8 @@
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d904')
def test_create_user(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_user()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_user()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -35,8 +35,9 @@
def test_update_user(self):
user = self.setup_test_user()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.update_user(user['id'], email="changedUser@xyz.com")
+ with self.rbac_utils.override_role(self):
+ self.users_client.update_user(user['id'],
+ email="changedUser@xyz.com")
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -44,8 +45,8 @@
def test_update_user_enabled(self):
user = self.setup_test_user()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.update_user_enabled(user['id'], enabled=True)
+ with self.rbac_utils.override_role(self):
+ self.users_client.update_user_enabled(user['id'], enabled=True)
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -53,15 +54,15 @@
def test_delete_user(self):
user = self.setup_test_user()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.delete_user(user['id'])
+ with self.rbac_utils.override_role(self):
+ self.users_client.delete_user(user['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@decorators.idempotent_id('0f148510-63bf-11e6-1342-080044d0d907')
def test_list_users(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.list_users()
+ with self.rbac_utils.override_role(self):
+ self.users_client.list_users()
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -69,8 +70,8 @@
def test_show_user(self):
user = self.setup_test_user()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.show_user(user['id'])
+ with self.rbac_utils.override_role(self):
+ self.users_client.show_user(user['id'])
@rbac_rule_validation.action(service="keystone",
admin_only=True)
@@ -78,6 +79,6 @@
def test_update_user_password(self):
user = self.setup_test_user()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.update_user_password(
- user['id'], password=data_utils.rand_password())
+ with self.rbac_utils.override_role(self):
+ self.users_client.update_user_password(
+ user['id'], password=data_utils.rand_password())