Migrate to override_role for identity module (part 2)
Now that override_role has supplanted switch_role (which has
been deprecated) in [0], the RBAC tests need to switch to use
override_role.
This PS switches to override_role for the identity module. This
PS handles the last 10 modules for identity.
This PS also removes unnecessary indexing into response bodies.
[0] I670fba358bf321eae0d22d18cea6d2f530f00716
Partially Implements: blueprint rbac-utils-contextmanager
Change-Id: I6be1dcebf75ff19ba746b24c005d6acc5aeb2787
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
index 3e03ac0..a8c10ca 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
@@ -26,8 +26,8 @@
rule="identity:create_policy")
@decorators.idempotent_id('de2f7ecb-fbf0-41f3-abf4-b97b5e082fd5')
def test_create_policy(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_policy()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_policy()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_policy")
@@ -37,9 +37,9 @@
updated_policy_type = data_utils.rand_name(
self.__class__.__name__ + '-policy_type')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.policies_client.update_policy(policy['id'],
- type=updated_policy_type)
+ with self.rbac_utils.override_role(self):
+ self.policies_client.update_policy(policy['id'],
+ type=updated_policy_type)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_policy")
@@ -47,8 +47,8 @@
def test_delete_policy(self):
policy = self.setup_test_policy()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.policies_client.delete_policy(policy['id'])
+ with self.rbac_utils.override_role(self):
+ self.policies_client.delete_policy(policy['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_policy")
@@ -56,12 +56,12 @@
def test_show_policy(self):
policy = self.setup_test_policy()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.policies_client.show_policy(policy['id'])
+ with self.rbac_utils.override_role(self):
+ self.policies_client.show_policy(policy['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_policies")
@decorators.idempotent_id('35a56161-4054-4237-8a78-7ce805dce202')
def test_list_policies(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.policies_client.list_policies()['policies']
+ with self.rbac_utils.override_role(self):
+ self.policies_client.list_policies()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
index 51086ae..0b394b4 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
@@ -26,8 +26,8 @@
rule="identity:create_project")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d904')
def test_create_project(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_project()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_project()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_project")
@@ -37,9 +37,9 @@
new_desc = data_utils.rand_name(
self.__class__.__name__ + '-description')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.projects_client.update_project(project['id'],
- description=new_desc)
+ with self.rbac_utils.override_role(self):
+ self.projects_client.update_project(project['id'],
+ description=new_desc)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_project")
@@ -47,8 +47,8 @@
def test_delete_project(self):
project = self.setup_test_project()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.projects_client.delete_project(project['id'])
+ with self.rbac_utils.override_role(self):
+ self.projects_client.delete_project(project['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_project")
@@ -56,12 +56,12 @@
def test_show_project(self):
project = self.setup_test_project()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.projects_client.show_project(project['id'])
+ with self.rbac_utils.override_role(self):
+ self.projects_client.show_project(project['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_projects")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d908')
def test_list_projects(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.projects_client.list_projects()
+ with self.rbac_utils.override_role(self):
+ self.projects_client.list_projects()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
index 55a2f77..14b9de5 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_regions_rbac.py
@@ -26,8 +26,8 @@
rule="identity:create_region")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd119')
def test_create_region(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_region()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_region()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_region")
@@ -37,9 +37,9 @@
new_description = data_utils.rand_name(
self.__class__.__name__ + '-test_update_region')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.regions_client.update_region(region['id'],
- description=new_description)
+ with self.rbac_utils.override_role(self):
+ self.regions_client.update_region(region['id'],
+ description=new_description)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_region")
@@ -47,8 +47,8 @@
def test_delete_region(self):
region = self.setup_test_region()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.regions_client.delete_region(region['id'])
+ with self.rbac_utils.override_role(self):
+ self.regions_client.delete_region(region['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_region")
@@ -56,12 +56,12 @@
def test_show_region(self):
region = self.setup_test_region()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.regions_client.show_region(region['id'])
+ with self.rbac_utils.override_role(self):
+ self.regions_client.show_region(region['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_regions")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd123')
def test_list_regions(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.regions_client.list_regions()
+ with self.rbac_utils.override_role(self):
+ self.regions_client.list_regions()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
index c1d0369..90cf255 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_role_assignments_rbac.py
@@ -25,9 +25,8 @@
@rbac_rule_validation.action(service="keystone",
rule="identity:list_role_assignments")
def test_list_role_assignments(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.role_assignments_client.\
- list_role_assignments()['role_assignments']
+ with self.rbac_utils.override_role(self):
+ self.role_assignments_client.list_role_assignments()
@decorators.idempotent_id('36c7a990-857e-415c-8717-38d7200a9894')
@rbac_rule_validation.action(
@@ -36,7 +35,7 @@
def test_list_role_assignments_for_tree(self):
project = self.setup_test_project()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.role_assignments_client.list_role_assignments(
- include_subtree=True,
- **{'scope.project.id': project['id']})['role_assignments']
+ with self.rbac_utils.override_role(self):
+ self.role_assignments_client.list_role_assignments(
+ include_subtree=True,
+ **{'scope.project.id': project['id']})
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
index 22b03f5..099c702 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_roles_rbac.py
@@ -37,8 +37,8 @@
rule="identity:create_role")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d904')
def test_create_role(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_role()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_role()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_role")
@@ -47,9 +47,9 @@
new_role_name = data_utils.rand_name(
self.__class__.__name__ + '-test_update_role')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.update_role(self.role['id'],
- name=new_role_name)
+ with self.rbac_utils.override_role(self):
+ self.roles_client.update_role(self.role['id'],
+ name=new_role_name)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_role")
@@ -57,32 +57,32 @@
def test_delete_role(self):
role = self.setup_test_role()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role(role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role(role['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_role")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d907')
def test_show_role(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.show_role(self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.show_role(self.role['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_roles")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d908')
def test_list_roles(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_roles()
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_roles()
@rbac_rule_validation.action(service="keystone",
rule="identity:create_grant")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d909')
def test_create_user_role_on_project(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.create_user_role_on_project(
- self.project['id'],
- self.user['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.create_user_role_on_project(
+ self.project['id'],
+ self.user['id'],
+ self.role['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.roles_client.delete_role_from_user_on_project,
self.project['id'],
@@ -93,11 +93,11 @@
rule="identity:create_grant")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90c')
def test_create_group_role_on_project(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.create_group_role_on_project(
- self.project['id'],
- self.group['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.create_group_role_on_project(
+ self.project['id'],
+ self.group['id'],
+ self.role['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.roles_client.delete_role_from_group_on_project,
self.project['id'],
@@ -108,11 +108,11 @@
rule="identity:create_grant")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90f')
def test_create_user_role_on_domain(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.create_user_role_on_domain(
- self.domain['id'],
- self.user['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.create_user_role_on_domain(
+ self.domain['id'],
+ self.user['id'],
+ self.role['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.roles_client.delete_role_from_user_on_domain,
self.domain['id'],
@@ -123,11 +123,11 @@
rule="identity:create_grant")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d912')
def test_create_group_role_on_domain(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.create_group_role_on_domain(
- self.domain['id'],
- self.group['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.create_group_role_on_domain(
+ self.domain['id'],
+ self.group['id'],
+ self.role['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.roles_client.delete_role_from_group_on_domain,
self.domain['id'],
@@ -148,11 +148,11 @@
self.user['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.check_user_role_existence_on_project(
- self.project['id'],
- self.user['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.check_user_role_existence_on_project(
+ self.project['id'],
+ self.user['id'],
+ self.role['id'])
@decorators.idempotent_id('92f8e67d-85bf-407d-9814-edd5664abc47')
@rbac_rule_validation.action(service="keystone",
@@ -168,11 +168,11 @@
self.user['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.check_user_role_existence_on_domain(
- self.domain['id'],
- self.user['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.check_user_role_existence_on_domain(
+ self.domain['id'],
+ self.user['id'],
+ self.role['id'])
@decorators.idempotent_id('8738d3d2-8c84-4423-b36c-7c59eaa08b73')
@rbac_rule_validation.action(service="keystone",
@@ -188,11 +188,11 @@
self.group['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.check_role_from_group_on_project_existence(
- self.project['id'],
- self.group['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.check_role_from_group_on_project_existence(
+ self.project['id'],
+ self.group['id'],
+ self.role['id'])
@decorators.idempotent_id('e7d73bd0-cf5e-4c0c-9c93-cf53e23232d6')
@rbac_rule_validation.action(service="keystone",
@@ -208,11 +208,11 @@
self.group['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.check_role_from_group_on_domain_existence(
- self.domain['id'],
- self.group['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.check_role_from_group_on_domain_existence(
+ self.domain['id'],
+ self.group['id'],
+ self.role['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:revoke_grant")
@@ -228,11 +228,11 @@
self.user['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role_from_user_on_project(
- self.project['id'],
- self.user['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role_from_user_on_project(
+ self.project['id'],
+ self.user['id'],
+ self.role['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:revoke_grant")
@@ -248,11 +248,11 @@
self.group['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role_from_group_on_project(
- self.project['id'],
- self.group['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role_from_group_on_project(
+ self.project['id'],
+ self.group['id'],
+ self.role['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:revoke_grant")
@@ -268,11 +268,11 @@
self.user['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role_from_user_on_domain(
- self.domain['id'],
- self.user['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role_from_user_on_domain(
+ self.domain['id'],
+ self.user['id'],
+ self.role['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:revoke_grant")
@@ -288,55 +288,55 @@
self.group['id'],
self.role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role_from_group_on_domain(
- self.domain['id'],
- self.group['id'],
- self.role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role_from_group_on_domain(
+ self.domain['id'],
+ self.group['id'],
+ self.role['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_grants")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90b')
def test_list_user_roles_on_project(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_user_roles_on_project(
- self.project['id'],
- self.user['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_user_roles_on_project(
+ self.project['id'],
+ self.user['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_grants")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d90e')
def test_list_group_roles_on_project(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_group_roles_on_project(
- self.project['id'],
- self.group['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_group_roles_on_project(
+ self.project['id'],
+ self.group['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_grants")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d911')
def test_list_user_roles_on_domain(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_user_roles_on_domain(
- self.domain['id'],
- self.user['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_user_roles_on_domain(
+ self.domain['id'],
+ self.user['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_grants")
@decorators.idempotent_id('0f148510-63bf-11e6-1395-080044d0d914')
def test_list_group_roles_on_domain(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_group_roles_on_domain(
- self.domain['id'],
- self.group['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_group_roles_on_domain(
+ self.domain['id'],
+ self.group['id'])
@decorators.idempotent_id('2aef3eaa-8156-4962-a01d-c9bb0e499e15')
@rbac_rule_validation.action(service="keystone",
rule="identity:create_implied_role")
def test_create_role_inference_rule(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.create_role_inference_rule(
- self.role['id'], self.implies_role['id'])['role_inference']
+ with self.rbac_utils.override_role(self):
+ self.roles_client.create_role_inference_rule(
+ self.role['id'], self.implies_role['id'])
self.addCleanup(self.roles_client.delete_role_inference_rule,
self.role['id'], self.implies_role['id'])
@@ -349,17 +349,16 @@
self.addCleanup(self.roles_client.delete_role_inference_rule,
self.role['id'], self.implies_role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.show_role_inference_rule(
- self.role['id'], self.implies_role['id'])['role_inference']
+ with self.rbac_utils.override_role(self):
+ self.roles_client.show_role_inference_rule(
+ self.role['id'], self.implies_role['id'])
@decorators.idempotent_id('f7bb39bf-0b06-468e-a8b0-60a4fb1f258d')
@rbac_rule_validation.action(service="keystone",
rule="identity:list_implied_roles")
def test_list_role_inferences_rules(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_role_inferences_rules(self.role['id'])[
- 'role_inference']
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_role_inferences_rules(self.role['id'])
@decorators.idempotent_id('eca2d502-09bb-45cd-9773-bce2e7bcddd1')
@rbac_rule_validation.action(service="keystone",
@@ -370,9 +369,9 @@
self.addCleanup(self.roles_client.delete_role_inference_rule,
self.role['id'], self.implies_role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.check_role_inference_rule(
- self.role['id'], self.implies_role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.check_role_inference_rule(
+ self.role['id'], self.implies_role['id'])
@decorators.idempotent_id('13a5db1e-dd4a-4ca1-81ec-d5452aaaf54b')
@rbac_rule_validation.action(service="keystone",
@@ -384,13 +383,13 @@
self.roles_client.delete_role_inference_rule,
self.role['id'], self.implies_role['id'])
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.delete_role_inference_rule(
- self.role['id'], self.implies_role['id'])
+ with self.rbac_utils.override_role(self):
+ self.roles_client.delete_role_inference_rule(
+ self.role['id'], self.implies_role['id'])
@decorators.idempotent_id('05869f2b-4dd4-425a-905e-eec9a6f06374')
@rbac_rule_validation.action(service="keystone",
rule="identity:list_role_inference_rules")
def test_list_all_role_inference_rules(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.roles_client.list_all_role_inference_rules()['role_inferences']
+ with self.rbac_utils.override_role(self):
+ self.roles_client.list_all_role_inference_rules()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
index 44ce1a1..6ab17ff 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
@@ -26,8 +26,8 @@
rule="identity:create_service")
@decorators.idempotent_id('9a4bb317-f0bb-4005-8df0-4b672885b7c8')
def test_create_service(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_service()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_service()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_service")
@@ -36,11 +36,11 @@
service = self.setup_test_service()
new_name = data_utils.rand_name(self.__class__.__name__ + '-service')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.services_client.update_service(service['id'],
- service=service,
- name=new_name,
- type=service['type'])
+ with self.rbac_utils.override_role(self):
+ self.services_client.update_service(service['id'],
+ service=service,
+ name=new_name,
+ type=service['type'])
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_service")
@@ -48,8 +48,8 @@
def test_delete_service(self):
service = self.setup_test_service()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.services_client.delete_service(service['id'])
+ with self.rbac_utils.override_role(self):
+ self.services_client.delete_service(service['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_service")
@@ -57,12 +57,12 @@
def test_show_service(self):
service = self.setup_test_service()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.services_client.show_service(service['id'])
+ with self.rbac_utils.override_role(self):
+ self.services_client.show_service(service['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_services")
@decorators.idempotent_id('706e6bea-3385-4718-919c-0b5121395806')
def test_list_services(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.services_client.list_services()
+ with self.rbac_utils.override_role(self):
+ self.services_client.list_services()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
index 18e5bf1..00d522c 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
@@ -55,11 +55,11 @@
# Explicit negative test for identity:validate_token policy action.
# Assert expected exception is Forbidden and then reraise it.
alt_token_id = self._setup_alt_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- e = self.assertRaises(lib_exc.Forbidden,
- self.identity_client.show_token,
- alt_token_id)
- raise e
+ with self.rbac_utils.override_role(self):
+ e = self.assertRaises(lib_exc.Forbidden,
+ self.identity_client.show_token,
+ alt_token_id)
+ raise e
@decorators.idempotent_id('2786a55d-a818-433a-af7a-41ebf72ab4da')
@decorators.attr(type=['negative'])
@@ -74,11 +74,11 @@
# Explicit negative test for identity:revoke_token policy action.
# Assert expected exception is Forbidden and then reraise it.
alt_token_id = self._setup_alt_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- e = self.assertRaises(lib_exc.Forbidden,
- self.identity_client.delete_token,
- alt_token_id)
- raise e
+ with self.rbac_utils.override_role(self):
+ e = self.assertRaises(lib_exc.Forbidden,
+ self.identity_client.delete_token,
+ alt_token_id)
+ raise e
@decorators.idempotent_id('1ea02ac0-9a96-44bd-bdc3-4dae3c10cc2e')
@decorators.attr(type=['negative'])
@@ -93,8 +93,8 @@
# Explicit negative test for identity:check_token policy action.
# Assert expected exception is Forbidden and then reraise it.
alt_token_id = self._setup_alt_token()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- e = self.assertRaises(lib_exc.Forbidden,
- self.identity_client.check_token_existence,
- alt_token_id)
- raise e
+ with self.rbac_utils.override_role(self):
+ e = self.assertRaises(lib_exc.Forbidden,
+ self.identity_client.check_token_existence,
+ alt_token_id)
+ raise e
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py
index e6d0dd1..23ee768 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_rbac.py
@@ -37,8 +37,8 @@
})
def test_show_token(self):
token_id = self.setup_test_token(self.user_id, self.password)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.identity_client.show_token(token_id)
+ with self.rbac_utils.override_role(self):
+ self.identity_client.show_token(token_id)
@decorators.idempotent_id('42a299db-fe0a-4ea0-9824-0bfd13155886')
@rbac_rule_validation.action(
@@ -50,8 +50,8 @@
})
def test_delete_token(self):
token_id = self.setup_test_token(self.user_id, self.password)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.identity_client.delete_token(token_id)
+ with self.rbac_utils.override_role(self):
+ self.identity_client.delete_token(token_id)
@decorators.idempotent_id('3554d218-8cd6-4730-a1b2-0e22f9b78f45')
@rbac_rule_validation.action(
@@ -63,5 +63,5 @@
})
def test_check_token_exsitence(self):
token_id = self.setup_test_token(self.user_id, self.password)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.identity_client.check_token_existence(token_id)
+ with self.rbac_utils.override_role(self):
+ self.identity_client.check_token_existence(token_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
index 3639520..91dbb53 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_trusts_rbac.py
@@ -70,9 +70,9 @@
"trust.trustor_user_id": "os_primary.credentials.user_id"
})
def test_create_trust(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_trust(trustor_user_id=self.trustor_user_id,
- trustee_user_id=self.trustee_user_id)
+ with self.rbac_utils.override_role(self):
+ self.setup_test_trust(trustor_user_id=self.trustor_user_id,
+ trustee_user_id=self.trustee_user_id)
@decorators.idempotent_id('bd72d22a-6e11-4840-bd93-17b382e7f0e0')
@decorators.attr(type=['negative'])
@@ -85,11 +85,11 @@
def test_create_trust_negative(self):
# Explicit negative test for identity:create_trust policy action.
# Assert expected exception is Forbidden and then reraise it.
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- e = self.assertRaises(lib_exc.Forbidden, self.setup_test_trust,
- trustor_user_id=self.unauthorized_user_id,
- trustee_user_id=self.trustee_user_id)
- raise e
+ with self.rbac_utils.override_role(self):
+ e = self.assertRaises(lib_exc.Forbidden, self.setup_test_trust,
+ trustor_user_id=self.unauthorized_user_id,
+ trustee_user_id=self.trustee_user_id)
+ raise e
@decorators.idempotent_id('d9a6fd06-08f6-462c-a86c-ce009adf1230')
@rbac_rule_validation.action(
@@ -99,39 +99,39 @@
trust = self.setup_test_trust(trustor_user_id=self.trustor_user_id,
trustee_user_id=self.trustee_user_id)
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.trusts_client.delete_trust(trust['id'])
+ with self.rbac_utils.override_role(self):
+ self.trusts_client.delete_trust(trust['id'])
@decorators.idempotent_id('f2e32896-bf66-4f4e-89cf-e7fba0ef1f38')
@rbac_rule_validation.action(
service="keystone",
rule="identity:list_trusts")
def test_list_trusts(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.trusts_client.list_trusts(
- trustor_user_id=self.trustor_user_id)['trusts']
+ with self.rbac_utils.override_role(self):
+ self.trusts_client.list_trusts(
+ trustor_user_id=self.trustor_user_id)
@decorators.idempotent_id('3c9ff92f-a73e-4f9b-8865-e017f38c70f5')
@rbac_rule_validation.action(
service="keystone",
rule="identity:list_roles_for_trust")
def test_list_roles_for_trust(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.trusts_client.list_trust_roles(self.trust['id'])['roles']
+ with self.rbac_utils.override_role(self):
+ self.trusts_client.list_trust_roles(self.trust['id'])
@decorators.idempotent_id('3bb4f97b-cecd-4c7d-ad10-b88ee6c5d573')
@rbac_rule_validation.action(
service="keystone",
rule="identity:get_role_for_trust")
def test_show_trust_role(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.trusts_client.show_trust_role(
- self.trust['id'], self.delegated_role_id)['role']
+ with self.rbac_utils.override_role(self):
+ self.trusts_client.show_trust_role(
+ self.trust['id'], self.delegated_role_id)
@decorators.idempotent_id('0184e0fb-641e-4b52-ab73-81c1ce6ca5c1')
@rbac_rule_validation.action(
service="keystone",
rule="identity:get_trust")
def test_show_trust(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.trusts_client.show_trust(self.trust['id'])
+ with self.rbac_utils.override_role(self):
+ self.trusts_client.show_trust(self.trust['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
index 5812f9e..bd97535 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
@@ -31,8 +31,8 @@
rule="identity:create_user")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d904')
def test_create_user(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.setup_test_user()
+ with self.rbac_utils.override_role(self):
+ self.setup_test_user()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_user")
@@ -42,10 +42,10 @@
new_email = data_utils.rand_name(
self.__class__.__name__ + '-user_email')
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.update_user(user['id'],
- name=user['name'],
- email=new_email)
+ with self.rbac_utils.override_role(self):
+ self.users_client.update_user(user['id'],
+ name=user['name'],
+ email=new_email)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_user")
@@ -53,33 +53,33 @@
def test_delete_user(self):
user = self.setup_test_user()
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.delete_user(user['id'])
+ with self.rbac_utils.override_role(self):
+ self.users_client.delete_user(user['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_users")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d907')
def test_list_users(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.list_users()
+ with self.rbac_utils.override_role(self):
+ self.users_client.list_users()
@rbac_rule_validation.action(service="keystone",
rule="identity:get_user")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d908')
def test_show_own_user(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.show_user(self.default_user_id)
+ with self.rbac_utils.override_role(self):
+ self.users_client.show_user(self.default_user_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:list_groups_for_user")
@decorators.idempotent_id('bd5946d4-46d2-423d-a800-a3e7aabc18b3')
def test_list_own_user_group(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.list_user_groups(self.default_user_id)
+ with self.rbac_utils.override_role(self):
+ self.users_client.list_user_groups(self.default_user_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:list_user_projects")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d909')
def test_list_own_user_projects(self):
- self.rbac_utils.switch_role(self, toggle_rbac_role=True)
- self.users_client.list_user_projects(self.default_user_id)
+ with self.rbac_utils.override_role(self):
+ self.users_client.list_user_projects(self.default_user_id)