Merge "Identity V3 rbac_base method refactor"
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
index 7a67459..47f6590 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/rbac_base.py
@@ -38,43 +38,153 @@
def setup_clients(cls):
super(BaseIdentityV3RbacAdminTest, cls).setup_clients()
cls.auth_provider = cls.os.auth_provider
- cls.creds_client = cls.os.credentials_client
- cls.services_client = cls.os.identity_services_v3_client
- cls.endpoints_client = cls.os.endpoints_v3_client
- cls.groups_client = cls.os.groups_client
- cls.policies_client = cls.os.policies_client
+
cls.rbac_utils = rbac_utils()
cls.rbac_utils.switch_role(cls, switchToRbacRole=False)
- def _create_service(self):
- """Creates a service for test."""
- name = data_utils.rand_name('service')
- serv_type = data_utils.rand_name('type')
- desc = data_utils.rand_name('description')
- service = self.services_client \
- .create_service(name=name,
- type=serv_type,
- description=desc)['service']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.services_client.delete_service, service['id'])
- return service
+ cls.creds_client = cls.os.credentials_client
+ cls.domains_client = cls.os.domains_client
+ cls.endpoints_client = cls.os.endpoints_v3_client
+ cls.groups_client = cls.os.groups_client
+ cls.projects_client = cls.os.projects_client
+ cls.policies_client = cls.os.policies_client
+ cls.regions_client = cls.os.regions_client
+ cls.roles_client = cls.os.roles_v3_client
+ cls.services_client = cls.os.identity_services_v3_client
+ cls.users_client = cls.os.users_v3_client
- def _setup_test_project(self):
+ def setup_test_credential(self, user=None):
+ """Creates a user, project, and credential for test."""
+ keys = [data_utils.rand_uuid_hex(),
+ data_utils.rand_uuid_hex()]
+ blob = '{"access": "%s", "secret": "%s"}' % (keys[0], keys[1])
+ credential = self.creds_client.create_credential(
+ user_id=user['id'],
+ project_id=user['project_id'],
+ blob=blob,
+ type='ec2')['credential']
+
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.creds_client.delete_credential,
+ credential['id'])
+
+ return credential
+
+ def setup_test_domain(self):
+ """Set up a test domain."""
+ domain = self.domains_client.create_domain(
+ name=data_utils.rand_name('test_domain'),
+ description=data_utils.rand_name('desc'))['domain']
+ # Delete the domain at the end of the test, but the domain must be
+ # disabled first (cleanup called in reverse order)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.domains_client.delete_domain,
+ domain['id'])
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.domains_client.update_domain,
+ domain['id'],
+ enabled=False)
+ return domain
+
+ def setup_test_endpoint(self, service=None):
+ """Creates a service and an endpoint for test."""
+ interface = 'public'
+ url = data_utils.rand_url()
+ # Endpoint creation requires a service
+ if service is None:
+ service = self.setup_test_service()
+ endpoint = self.endpoints_client.create_endpoint(
+ service_id=service['id'],
+ interface=interface,
+ url=url)['endpoint']
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.endpoints_client.delete_endpoint,
+ endpoint['id'])
+ return endpoint
+
+ def setup_test_group(self):
+ """Creates a group for test."""
+ name = data_utils.rand_name('test_group')
+ group = self.groups_client.create_group(name=name)['group']
+ # Delete the group at the end of the test
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.groups_client.delete_group,
+ group['id'])
+ return group
+
+ def setup_test_policy(self):
+ """Creates a policy for test."""
+ blob = data_utils.rand_name('test_blob')
+ policy_type = data_utils.rand_name('PolicyType')
+ policy = self.policies_client.create_policy(
+ blob=blob,
+ policy=policy_type,
+ type="application/json")['policy']
+
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.policies_client.delete_policy,
+ policy['id'])
+ return policy
+
+ def setup_test_project(self):
"""Set up a test project."""
project = self.projects_client.create_project(
name=data_utils.rand_name('test_project'),
description=data_utils.rand_name('desc'))['project']
# Delete the project at the end of the test
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.projects_client.delete_project, project['id'])
+ self.projects_client.delete_project,
+ project['id'])
return project
- def _create_test_user(self, **kwargs):
- if kwargs['password'] is None:
- user_password = data_utils.rand_password()
- kwargs['password'] = user_password
- user = self.users_client.create_user(**kwargs)['user']
+ def setup_test_region(self):
+ """Creates a region for test."""
+ description = data_utils.rand_name('test_region_desc')
+
+ region = self.regions_client.create_region(
+ description=description)['region']
+
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.regions_client.delete_region,
+ region['id'])
+ return region
+
+ def setup_test_role(self):
+ """Set up a test role."""
+ name = data_utils.rand_name('test_role')
+ role = self.roles_client.create_role(name=name)['role']
+ # Delete the role at the end of the test
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.roles_client.delete_role,
+ role['id'])
+ return role
+
+ def setup_test_service(self):
+ """Setup a test service."""
+ name = data_utils.rand_name('service')
+ serv_type = data_utils.rand_name('type')
+ desc = data_utils.rand_name('description')
+ service = self.services_client.create_service(
+ name=name,
+ type=serv_type,
+ description=desc)['service']
+ # Delete the service at the end of the test
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.services_client.delete_service,
+ service['id'])
+ return service
+
+ def setup_test_user(self, password=None, **kwargs):
+ """Set up a test user."""
+ username = data_utils.rand_name('test_user')
+ email = username + '@testmail.tm'
+ user = self.users_client.create_user(
+ name=username,
+ email=email,
+ password=password,
+ **kwargs)['user']
# Delete the user at the end of the test
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.users_client.delete_user, user['id'])
+ self.users_client.delete_user,
+ user['id'])
return user
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
index 7812ea8..1262c2e 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_credentials_rbac.py
@@ -14,7 +14,6 @@
# under the License.
from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
@@ -24,67 +23,42 @@
class IdentityCredentialsV3AdminRbacTest(
rbac_base.BaseIdentityV3RbacAdminTest):
- def _create_credential(self):
- """Creates a user, project, and credential for test."""
- user = self.setup_test_user()
- user_id = user['id']
- project_id = user['project_id']
- keys = [data_utils.rand_name('Access'),
- data_utils.rand_name('Secret')]
- blob = "{\"access\": \"%s\", \"secret\": \"%s\"}" % (
- keys[0], keys[1])
- credential = self.creds_client \
- .create_credential(user_id=user_id,
- project_id=project_id,
- blob=blob,
- type='ec2')['credential']
-
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.creds_client.delete_credential, credential['id'])
-
- return (project_id, credential)
+ def _create_user_project_and_credential(self):
+ project = self.setup_test_project()
+ user = self.setup_test_user(project_id=project['id'])
+ credential = self.setup_test_credential(user=user)
+ return credential
@rbac_rule_validation.action(service="keystone",
rule="identity:create_credential")
@decorators.idempotent_id('c1ab6d34-c59f-4ae1-bae9-bb3c1089b48e')
def test_create_credential(self):
- """Create a Credential.
-
- RBAC test for Keystone: identity:create_credential
- """
+ project = self.setup_test_project()
+ user = self.setup_test_user(project_id=project['id'])
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self._create_credential()
+ self.setup_test_credential(user=user)
@rbac_rule_validation.action(service="keystone",
rule="identity:update_credential")
@decorators.idempotent_id('cfb05ce3-bffb-496e-a3c2-9515d730da63')
def test_update_credential(self):
- """Update a Credential.
-
- RBAC test for Keystone: identity:update_credential
- """
- project_id, credential = self._create_credential()
- # Update blob keys
- new_keys = [data_utils.rand_name('NewAccess'),
- data_utils.rand_name('NewSecret')]
+ credential = self._create_user_project_and_credential()
+ new_keys = [data_utils.rand_uuid_hex(),
+ data_utils.rand_uuid_hex()]
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.creds_client \
- .update_credential(credential['id'],
- credential=credential,
- access_key=new_keys[0],
- secret_key=new_keys[1],
- project_id=project_id)['credential']
+ self.creds_client.update_credential(
+ credential['id'],
+ credential=credential,
+ access_key=new_keys[0],
+ secret_key=new_keys[1],
+ project_id=credential['project_id'])['credential']
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_credential")
@decorators.idempotent_id('87ab42af-8d41-401b-90df-21e72919fcde')
def test_delete_credential(self):
- """Delete a Credential.
-
- RBAC test for Keystone: identity:delete_credential
- """
- _, credential = self._create_credential()
+ credential = self._create_user_project_and_credential()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.creds_client.delete_credential(credential['id'])
@@ -93,11 +67,7 @@
rule="identity:get_credential")
@decorators.idempotent_id('1b6eeae6-f1e8-4cdf-8903-1c002b1fc271')
def test_show_credential(self):
- """Show/Get a Credential.
-
- RBAC test for Keystone: identity:get_credential
- """
- _, credential = self._create_credential()
+ credential = self._create_user_project_and_credential()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.creds_client.show_credential(credential['id'])
@@ -106,9 +76,5 @@
rule="identity:list_credentials")
@decorators.idempotent_id('3de303e2-12a7-4811-805a-f18906472038')
def test_list_credentials(self):
- """List all Credentials.
-
- RBAC test for Keystone: identity:list_credentials
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.creds_client.list_credentials()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
index e416b15..a18a056 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_endpoints_rbac.py
@@ -13,69 +13,41 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
-CONF = config.CONF
-
class IdentityEndpointsV3AdminRbacTest(
rbac_base.BaseIdentityV3RbacAdminTest):
- def _create_endpoint(self):
- """Creates a service and an endpoint for test."""
- interface = 'public'
- url = data_utils.rand_url()
- service = self._create_service()
- endpoint = self.endpoints_client \
- .create_endpoint(service_id=service['id'],
- interface=interface,
- url=url)['endpoint']
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.endpoints_client.delete_endpoint, endpoint['id'])
- return (service, endpoint)
-
@rbac_rule_validation.action(service="keystone",
rule="identity:create_endpoint")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd127')
def test_create_endpoint(self):
- """Create an endpoint.
-
- RBAC test for Keystone: identity:create_endpoint
- """
+ service = self.setup_test_service()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self._create_endpoint()
+ self.setup_test_endpoint(service=service)
@rbac_rule_validation.action(service="keystone",
rule="identity:update_endpoint")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd128')
def test_update_endpoint(self):
- """Update an endpoint.
-
- RBAC test for Keystone: identity:update_endpoint
- """
- service, endpoint = self._create_endpoint()
+ endpoint = self.setup_test_endpoint()
new_url = data_utils.rand_url()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.endpoints_client.update_endpoint(endpoint["id"],
- service_id=service['id'],
- url=new_url)
+ self.endpoints_client.update_endpoint(
+ endpoint["id"],
+ url=new_url)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_endpoint")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd129')
def test_delete_endpoint(self):
- """Delete an endpoint.
-
- RBAC test for Keystone: identity:delete_endpoint
- """
- _, endpoint = self._create_endpoint()
+ endpoint = self.setup_test_endpoint()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.endpoints_client.delete_endpoint(endpoint['id'])
@@ -84,11 +56,7 @@
rule="identity:get_endpoint")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd130')
def test_show_endpoint(self):
- """Show/Get an endpoint.
-
- RBAC test for Keystone: identity:get_endpoint
- """
- _, endpoint = self._create_endpoint()
+ endpoint = self.setup_test_endpoint()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.endpoints_client.show_endpoint(endpoint['id'])
@@ -97,9 +65,5 @@
rule="identity:list_endpoints")
@decorators.idempotent_id('6bdaecd4-0843-4ed6-ab64-3a57ab0cd131')
def test_list_endpoints(self):
- """Create a Domain.
-
- RBAC test for Keystone: identity:create_domain
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.endpoints_client.list_endpoints()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
index a61149e..5b5c079 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_groups_rbac.py
@@ -13,61 +13,45 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
-CONF = config.CONF
-
class IdentityGroupsV3AdminRbacTest(rbac_base.BaseIdentityV3RbacAdminTest):
- def _create_group(self):
- """Creates a group for test."""
- name = data_utils.rand_name('group')
- group = self.groups_client.create_group(name=name)['group']
-
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.groups_client.delete_group, group['id'])
- return group
-
- def _add_user_to_group(self, group_id):
+ def _create_user_and_add_to_new_group(self):
"""Creates a user and adds to a group for test."""
- user_name = data_utils.rand_name('User')
- user = self._create_test_user(name=user_name, password=None)
-
- self.groups_client.add_group_user(group_id, user['id'])
-
- return user['id']
+ group = self.setup_test_group()
+ user = self.setup_test_user()
+ self.groups_client.add_group_user(group['id'], user['id'])
+ return (group['id'], user['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:create_group")
@decorators.idempotent_id('88377f51-9074-4d64-a22f-f8931d048c9a')
def test_create_group(self):
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self._create_group()
+ self.setup_test_group()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_group")
@decorators.idempotent_id('790fb7be-a657-4a64-9b83-c43425cf180b')
def test_update_group(self):
- group = self._create_group()
- # Update Group
- new_name = data_utils.rand_name('UpdateGroup')
+ group = self.setup_test_group()
+ new_group_name = data_utils.rand_name('group')
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.groups_client.update_group(group['id'],
- name=new_name)
+ name=new_group_name)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_group")
@decorators.idempotent_id('646b52da-2a5f-486a-afb0-51fdc86a6c12')
def test_delete_group(self):
- group = self._create_group()
+ group = self.setup_test_group()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.groups_client.delete_group(group['id'])
@@ -76,7 +60,7 @@
rule="identity:get_group")
@decorators.idempotent_id('d530f0ad-42b9-429b-ad05-e53ac95a040e')
def test_show_group(self):
- group = self._create_group()
+ group = self.setup_test_group()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.groups_client.show_group(group['id'])
@@ -92,26 +76,26 @@
rule="identity:add_user_to_group")
@decorators.idempotent_id('fdd49b74-3ed3-4736-9f0e-9027a32017ac')
def test_add_user_group(self):
- group = self._create_group()
+ group = self.setup_test_group()
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self._add_user_to_group(group['id'])
+ self.groups_client.add_group_user(group['id'], user['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:remove_user_from_group")
@decorators.idempotent_id('8a60d11c-7d2b-47e5-a0f3-9ea900ca66fe')
def test_remove_user_group(self):
- group = self._create_group()
- user_id = self._add_user_to_group(group['id'])
+ group_id, user_id = self._create_user_and_add_to_new_group()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.groups_client.delete_group_user(group['id'], user_id)
+ self.groups_client.delete_group_user(group_id, user_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:list_users_in_group")
@decorators.idempotent_id('b3e394a7-079e-4a0d-a4ff-9b266293d1ee')
def test_list_user_group(self):
- group = self._create_group()
+ group = self.setup_test_group()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.groups_client.list_group_users(group['id'])
@@ -120,8 +104,7 @@
rule="identity:check_user_in_group")
@decorators.idempotent_id('d3603241-fd87-4a2d-94f9-f32469d1aaba')
def test_check_user_group(self):
- group = self._create_group()
- user_id = self._add_user_to_group(group['id'])
+ group_id, user_id = self._create_user_and_add_to_new_group()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.groups_client.check_group_user_existence(group['id'], user_id)
+ self.groups_client.check_group_user_existence(group_id, user_id)
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
index b115fb0..792ddaa 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_policies_rbac.py
@@ -13,55 +13,38 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
from tempest.lib.common.utils import data_utils
-from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
-CONF = config.CONF
-
class IdentityPoliciesV3AdminRbacTest(rbac_base.BaseIdentityV3RbacAdminTest):
- def _create_policy(self):
- """Creates a policy for test."""
- blob = data_utils.rand_name('BlobName')
- policy_type = data_utils.rand_name('PolicyType')
- policy = self.policies_client.create_policy(
- blob=blob,
- policy=policy_type,
- type="application/json")['policy']
-
- self.addCleanup(test_utils.call_and_ignore_notfound_exc,
- self.policies_client.delete_policy, policy['id'])
- return policy
-
@rbac_rule_validation.action(service="keystone",
rule="identity:create_policy")
@decorators.idempotent_id('de2f7ecb-fbf0-41f3-abf4-b97b5e082fd5')
def test_create_policy(self):
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self._create_policy()
+ self.setup_test_policy()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_policy")
@decorators.idempotent_id('9cfed3c6-0b27-4d15-be67-e06e0cfb01b9')
def test_update_policy(self):
- policy = self._create_policy()
- update_type = data_utils.rand_name('UpdatedPolicyType')
+ policy = self.setup_test_policy()
+ new_policy_type = data_utils.rand_name('policy_type')
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.policies_client.update_policy(policy['id'],
- type=update_type)
+ type=new_policy_type)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_policy")
@decorators.idempotent_id('dcd93f75-1e1b-4fbe-bee0-9c4c7b201735')
def test_delete_policy(self):
- policy = self._create_policy()
+ policy = self.setup_test_policy()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.policies_client.delete_policy(policy['id'])
@@ -70,7 +53,7 @@
rule="identity:get_policy")
@decorators.idempotent_id('d7e415c2-945a-4504-9571-0e2d0dd8594b')
def test_show_policy(self):
- policy = self._create_policy()
+ policy = self.setup_test_policy()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.policies_client.show_policy(policy['id'])
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
index d0b843d..fbbc81b 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_projects_rbac.py
@@ -13,15 +13,12 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
-CONF = config.CONF
-
class IdentityProjectV3AdminRbacTest(
rbac_base.BaseIdentityV3RbacAdminTest):
@@ -30,64 +27,41 @@
rule="identity:create_project")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d904')
def test_create_project(self):
- """Create a Project.
-
- RBAC test for Keystone: identity:create_project
- """
- name = data_utils.rand_name('project')
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- project = self.non_admin_projects_client \
- .create_project(name)['project']
- self.addCleanup(self.projects_client.delete_project, project['id'])
+ self.setup_test_project()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_project")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d905')
def test_update_project(self):
- """Update a Project.
-
- RBAC test for Keystone: identity:update_project
- """
- project = self._setup_test_project()
+ project = self.setup_test_project()
+ new_desc = data_utils.rand_name('description')
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_projects_client \
- .update_project(project['id'],
- description="Changed description")
+ self.projects_client.update_project(project['id'],
+ description=new_desc)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_project")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d906')
def test_delete_project(self):
- """Delete a Project.
-
- RBAC test for Keystone: identity:delete_project
- """
- project = self._setup_test_project()
+ project = self.setup_test_project()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_projects_client.delete_project(project['id'])
+ self.projects_client.delete_project(project['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:get_project")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d907')
def test_show_project(self):
- """Show a project.
-
- RBAC test for Keystone: identity:get_project
- """
- project = self._setup_test_project()
+ project = self.setup_test_project()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_projects_client.show_project(project['id'])
+ self.projects_client.show_project(project['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_projects")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d908')
def test_list_projects(self):
- """List all projects.
-
- RBAC test for Keystone: identity:list_projects
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_projects_client.list_projects()
+ self.projects_client.list_projects()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
index 1439f4f..1316be0 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_services_rbac.py
@@ -13,15 +13,12 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
-CONF = config.CONF
-
class IdentitySericesV3AdminRbacTest(rbac_base.BaseIdentityV3RbacAdminTest):
@@ -29,23 +26,15 @@
rule="identity:create_service")
@decorators.idempotent_id('9a4bb317-f0bb-4005-8df0-4b672885b7c8')
def test_create_service(self):
- """Create a service.
-
- RBAC test for Keystone: identity:create_service
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self._create_service()
+ self.setup_test_service()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_service")
@decorators.idempotent_id('b39447d1-2cf6-40e5-a899-46f287f2ecf0')
def test_update_service(self):
- """Update a service.
-
- RBAC test for Keystone: identity:update_service
- """
- service = self._create_service()
- new_name = data_utils.rand_name('new_test_name')
+ service = self.setup_test_service()
+ new_name = data_utils.rand_name('service')
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.services_client.update_service(service['id'],
@@ -57,11 +46,7 @@
rule="identity:delete_service")
@decorators.idempotent_id('177b991a-438d-4bef-8e9f-9c6cc5a1c9e8')
def test_delete_service(self):
- """Delete a service.
-
- RBAC test for Keystone: identity:delete_service
- """
- service = self._create_service()
+ service = self.setup_test_service()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.services_client.delete_service(service['id'])
@@ -70,11 +55,7 @@
rule="identity:get_service")
@decorators.idempotent_id('d89a9ac6-cd53-428d-84c0-5bc71f4a432d')
def test_show_service(self):
- """Show/Get a service.
-
- RBAC test for Keystone: identity:get_service
- """
- service = self._create_service()
+ service = self.setup_test_service()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.services_client.show_service(service['id'])
@@ -83,9 +64,5 @@
rule="identity:list_services")
@decorators.idempotent_id('706e6bea-3385-4718-919c-0b5121395806')
def test_list_services(self):
- """list all services.
-
- RBAC test for Keystone: identity:list_services
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
self.services_client.list_services()
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
index 3ae4c21..b07e982 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_users_rbac.py
@@ -13,123 +13,86 @@
# License for the specific language governing permissions and limitations
# under the License.
-from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from patrole_tempest_plugin import rbac_rule_validation
from patrole_tempest_plugin.tests.api.identity.v3 import rbac_base
-CONF = config.CONF
-
class IdentityUserV3AdminRbacTest(
rbac_base.BaseIdentityV3RbacAdminTest):
- def setUp(self):
- super(IdentityUserV3AdminRbacTest, self).setUp()
- self.default_user_id = self.auth_provider.credentials.user_id
+ @classmethod
+ def resource_setup(cls):
+ super(IdentityUserV3AdminRbacTest, cls).resource_setup()
+ cls.default_user_id = cls.auth_provider.credentials.user_id
@rbac_rule_validation.action(service="keystone",
rule="identity:create_user")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d904')
def test_create_user(self):
- """Creates a user.
-
- RBAC test for Keystone: identity:create_user
- """
- user_name = data_utils.rand_name('test_create_user')
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.create_user(name=user_name)
+ self.setup_test_user()
@rbac_rule_validation.action(service="keystone",
rule="identity:update_user")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d905')
def test_update_user(self):
- """Updates a user.
-
- RBAC test for Keystone: identity:update_user
- """
- user_name = data_utils.rand_name('test_update_user')
- user = self._create_test_user(name=user_name, password=None)
+ user = self.setup_test_user()
+ new_email = data_utils.rand_name('user_email')
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.update_user(user['id'],
- name=user_name,
- email="changedUser@xyz.com")
+ self.users_client.update_user(user['id'],
+ name=user['name'],
+ email=new_email)
@rbac_rule_validation.action(service="keystone",
rule="identity:delete_user")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d906')
def test_delete_user(self):
- """Get the list of users.
-
- RBAC test for Keystone: identity:delete_user
- """
- user_name = data_utils.rand_name('test_delete_user')
- user = self._create_test_user(name=user_name, password=None)
+ user = self.setup_test_user()
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.delete_user(user['id'])
+ self.users_client.delete_user(user['id'])
@rbac_rule_validation.action(service="keystone",
rule="identity:list_users")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d907')
def test_list_users(self):
- """Get the list of users.
-
- RBAC test for Keystone: identity:list_users
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.list_users()
+ self.users_client.list_users()
@rbac_rule_validation.action(service="keystone",
rule="identity:get_user")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d908')
def test_show_own_user(self):
- """Get one user.
-
- RBAC test for Keystone: identity:get_user
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.show_user(self.default_user_id)
+ self.users_client.show_user(self.default_user_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:change_password")
@decorators.idempotent_id('0f148510-63bf-11e6-4522-080044d0d90a')
def test_change_password(self):
- """Update a user password
-
- RBAC test for Keystone: identity:change_password
- """
- user_name = data_utils.rand_name('test_change_password')
original_password = data_utils.rand_password()
- user = self._create_test_user(name=user_name,
- password=original_password)
+ user = self.setup_test_user(password=original_password)
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.update_user_password(
- user['id'], original_password=original_password,
+ self.users_client.update_user_password(
+ user['id'],
+ original_password=original_password,
password=data_utils.rand_password())
@rbac_rule_validation.action(service="keystone",
rule="identity:list_groups_for_user")
@decorators.idempotent_id('bd5946d4-46d2-423d-a800-a3e7aabc18b3')
def test_list_own_user_group(self):
- """Lists groups which a user belongs to.
-
- RBAC test for Keystone: identity:list_groups_for_user
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.list_user_groups(self.default_user_id)
+ self.users_client.list_user_groups(self.default_user_id)
@rbac_rule_validation.action(service="keystone",
rule="identity:list_user_projects")
@decorators.idempotent_id('0f148510-63bf-11e6-1564-080044d0d909')
def test_list_own_user_projects(self):
- """List User's Projects.
-
- RBAC test for Keystone: identity:list_user_projects
- """
self.rbac_utils.switch_role(self, switchToRbacRole=True)
- self.non_admin_users_client.list_user_projects(self.default_user_id)
+ self.users_client.list_user_projects(self.default_user_id)