Merge "Make identity v2 roles_client use **kwargs"
diff --git a/tempest/api/identity/admin/v2/test_roles.py b/tempest/api/identity/admin/v2/test_roles.py
index 5847129..0924619 100644
--- a/tempest/api/identity/admin/v2/test_roles.py
+++ b/tempest/api/identity/admin/v2/test_roles.py
@@ -84,28 +84,30 @@
def test_assign_user_role(self):
"""Assign a role to a user on a tenant."""
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles(tenant['id'],
- user['id'])['roles']
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ roles = self.roles_client.list_user_roles_on_project(
+ tenant['id'], user['id'])['roles']
self.assert_role_in_role_list(role, roles)
@test.idempotent_id('f0b9292c-d3ba-4082-aa6c-440489beef69')
def test_remove_user_role(self):
"""Remove a role assigned to a user on a tenant."""
(user, tenant, role) = self._get_role_params()
- user_role = self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])['role']
- self.roles_client.delete_user_role(tenant['id'], user['id'],
- user_role['id'])
+ user_role = self.roles_client.create_user_role_on_project(
+ tenant['id'], user['id'], role['id'])['role']
+ self.roles_client.delete_role_from_user_on_project(tenant['id'],
+ user['id'],
+ user_role['id'])
@test.idempotent_id('262e1e3e-ed71-4edd-a0e5-d64e83d66d05')
def test_list_user_roles(self):
"""List roles assigned to a user on tenant."""
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles(tenant['id'],
- user['id'])['roles']
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ roles = self.roles_client.list_user_roles_on_project(
+ tenant['id'], user['id'])['roles']
self.assert_role_in_role_list(role, roles)
diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py
index fd56285..770bb14 100644
--- a/tempest/api/identity/admin/v2/test_roles_negative.py
+++ b/tempest/api/identity/admin/v2/test_roles_negative.py
@@ -123,9 +123,10 @@
# Non-administrator user should not be authorized to
# assign a role to user
(user, tenant, role) = self._get_role_params()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.assign_user_role,
- tenant['id'], user['id'], role['id'])
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.non_admin_roles_client.create_user_role_on_project,
+ tenant['id'], user['id'], role['id'])
@test.attr(type=['negative'])
@test.idempotent_id('f0d2683c-5603-4aee-95d7-21420e87cfd8')
@@ -134,9 +135,10 @@
(user, tenant, role) = self._get_role_params()
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.assign_user_role, tenant['id'],
- user['id'], role['id'])
+ self.assertRaises(
+ lib_exc.Unauthorized,
+ self.roles_client.create_user_role_on_project, tenant['id'],
+ user['id'], role['id'])
self.client.auth_provider.clear_auth()
@test.attr(type=['negative'])
@@ -145,7 +147,8 @@
# Attempt to assign a non existent role to user should fail
(user, tenant, role) = self._get_role_params()
non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.assign_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.create_user_role_on_project,
tenant['id'], user['id'], non_existent_role)
@test.attr(type=['negative'])
@@ -154,7 +157,8 @@
# Attempt to assign a role on a non existent tenant should fail
(user, tenant, role) = self._get_role_params()
non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.assign_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.create_user_role_on_project,
non_existent_tenant, user['id'], role['id'])
@test.attr(type=['negative'])
@@ -162,9 +166,11 @@
def test_assign_duplicate_user_role(self):
# Duplicate user role should not get assigned
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- self.assertRaises(lib_exc.Conflict, self.roles_client.assign_user_role,
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(lib_exc.Conflict,
+ self.roles_client.create_user_role_on_project,
tenant['id'], user['id'], role['id'])
@test.attr(type=['negative'])
@@ -173,26 +179,27 @@
# Non-administrator user should not be authorized to
# remove a user's role
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.delete_user_role,
- tenant['id'], user['id'], role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.non_admin_roles_client.delete_role_from_user_on_project,
+ tenant['id'], user['id'], role['id'])
@test.attr(type=['negative'])
@test.idempotent_id('cac81cf4-c1d2-47dc-90d3-f2b7eb572286')
def test_remove_user_role_request_without_token(self):
# Request to remove a user's role without a valid token
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.delete_user_role, tenant['id'],
- user['id'], role['id'])
+ self.roles_client.delete_role_from_user_on_project,
+ tenant['id'], user['id'], role['id'])
self.client.auth_provider.clear_auth()
@test.attr(type=['negative'])
@@ -200,11 +207,12 @@
def test_remove_user_role_non_existent_role(self):
# Attempt to delete a non existent role from a user should fail
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.delete_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.delete_role_from_user_on_project,
tenant['id'], user['id'], non_existent_role)
@test.attr(type=['negative'])
@@ -212,11 +220,12 @@
def test_remove_user_role_non_existent_tenant(self):
# Attempt to remove a role from a non existent tenant should fail
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.delete_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.delete_role_from_user_on_project,
non_existent_tenant, user['id'], role['id'])
@test.attr(type=['negative'])
@@ -225,11 +234,13 @@
# Non-administrator user should not be authorized to list
# a user's roles
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.list_user_roles,
- tenant['id'], user['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.non_admin_roles_client.list_user_roles_on_project,
+ tenant['id'], user['id'])
@test.attr(type=['negative'])
@test.idempotent_id('682adfb2-fd5f-4b0a-a9ca-322e9bebb907')
@@ -240,7 +251,8 @@
self.client.delete_token(token)
try:
self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.list_user_roles, tenant['id'],
+ self.roles_client.list_user_roles_on_project,
+ tenant['id'],
user['id'])
finally:
self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_tokens.py b/tempest/api/identity/admin/v2/test_tokens.py
index 1675126..5cf337b 100644
--- a/tempest/api/identity/admin/v2/test_tokens.py
+++ b/tempest/api/identity/admin/v2/test_tokens.py
@@ -87,11 +87,13 @@
self.data.roles.append(role)
# Grant the user the role on the tenants.
- self.roles_client.assign_user_role(tenant1['id'], user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant1['id'],
+ user['id'],
+ role['id'])
- self.roles_client.assign_user_role(tenant2['id'], user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant2['id'],
+ user['id'],
+ role['id'])
# Get an unscoped token.
body = self.token_client.auth(user_name, user_password)
diff --git a/tempest/api/identity/admin/v2/test_users.py b/tempest/api/identity/admin/v2/test_users.py
index 0f783b3..167cbc7 100644
--- a/tempest/api/identity/admin/v2/test_users.py
+++ b/tempest/api/identity/admin/v2/test_users.py
@@ -181,8 +181,8 @@
user_ids = list()
fetched_user_ids = list()
user_ids.append(user['id'])
- role = self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])['role']
+ role = self.roles_client.create_user_role_on_project(
+ tenant['id'], user['id'], role['id'])['role']
alt_user2 = data_utils.rand_name('second_user')
alt_password2 = data_utils.rand_password()
@@ -193,9 +193,8 @@
email='user2@123')['user']
user_ids.append(second_user['id'])
self.data.users.append(second_user)
- role = self.roles_client.assign_user_role(tenant['id'],
- second_user['id'],
- role['id'])['role']
+ role = self.roles_client.create_user_role_on_project(
+ tenant['id'], second_user['id'], role['id'])['role']
# List of users with roles for the respective tenant ID
body = (self.tenants_client.list_tenant_users(self.data.tenant['id'])
['users'])
diff --git a/tempest/cmd/cleanup.py b/tempest/cmd/cleanup.py
index e8e691e..289650f 100644
--- a/tempest/cmd/cleanup.py
+++ b/tempest/cmd/cleanup.py
@@ -232,15 +232,16 @@
def _add_admin(self, tenant_id):
rl_cl = self.admin_mgr.roles_client
needs_role = True
- roles = rl_cl.list_user_roles(tenant_id, self.admin_id)['roles']
+ roles = rl_cl.list_user_roles_on_project(tenant_id,
+ self.admin_id)['roles']
for role in roles:
if role['id'] == self.admin_role_id:
needs_role = False
LOG.debug("User already had admin privilege for this tenant")
if needs_role:
LOG.debug("Adding admin privilege for : %s" % tenant_id)
- rl_cl.assign_user_role(tenant_id, self.admin_id,
- self.admin_role_id)
+ rl_cl.create_user_role_on_project(tenant_id, self.admin_id,
+ self.admin_role_id)
self.admin_role_added.append(tenant_id)
def _remove_admin_role(self, tenant_id):
@@ -250,8 +251,9 @@
id_cl = credentials.AdminManager().identity_client
if (self._tenant_exists(tenant_id)):
try:
- id_cl.delete_user_role(tenant_id, self.admin_id,
- self.admin_role_id)
+ id_cl.delete_role_from_user_on_project(tenant_id,
+ self.admin_id,
+ self.admin_role_id)
except Exception as ex:
LOG.exception("Failed removing role from tenant which still"
"exists, exception: %s" % ex)
diff --git a/tempest/cmd/javelin.py b/tempest/cmd/javelin.py
index 3d57c35..08ad94f 100755
--- a/tempest/cmd/javelin.py
+++ b/tempest/cmd/javelin.py
@@ -361,7 +361,7 @@
role = next(r for r in roles if r['name'] == swift_role)
LOG.debug(USERS[user])
try:
- admin.roles.assign_user_role(
+ admin.roles.create_user_role_on_project(
USERS[user]['tenant_id'],
USERS[user]['id'],
role['id'])
diff --git a/tempest/common/cred_client.py b/tempest/common/cred_client.py
index 48d81ca..2ca9f40 100644
--- a/tempest/common/cred_client.py
+++ b/tempest/common/cred_client.py
@@ -129,8 +129,9 @@
password=password)
def _assign_user_role(self, project, user, role):
- self.roles_client.assign_user_role(project['id'], user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(project['id'],
+ user['id'],
+ role['id'])
class V3CredsClient(CredsClient):
diff --git a/tempest/services/identity/v2/json/roles_client.py b/tempest/services/identity/v2/json/roles_client.py
index acd97c6..d2d29a3 100644
--- a/tempest/services/identity/v2/json/roles_client.py
+++ b/tempest/services/identity/v2/json/roles_client.py
@@ -11,6 +11,7 @@
# under the License.
from oslo_serialization import jsonutils as json
+from six.moves.urllib import parse as urllib
from tempest.lib.common import rest_client
@@ -30,45 +31,77 @@
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def show_role(self, role_id):
- """Get a role by its id."""
- resp, body = self.get('OS-KSADM/roles/%s' % role_id)
+ def show_role(self, role_id_or_name):
+ """Get a role by its id or name.
+
+ Available params: see
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#showRoleByID
+ OR
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#showRoleByName
+ """
+ resp, body = self.get('OS-KSADM/roles/%s' % role_id_or_name)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def delete_role(self, role_id):
- """Delete a role."""
- resp, body = self.delete('OS-KSADM/roles/%s' % str(role_id))
- self.expected_success(204, resp.status)
- return resp, body
+ def list_roles(self, **params):
+ """Returns roles.
- def list_user_roles(self, tenant_id, user_id):
- """Returns a list of roles assigned to a user for a tenant."""
- url = '/tenants/%s/users/%s/roles' % (tenant_id, user_id)
+ Available params: see http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#listRoles
+ """
+ url = 'OS-KSADM/roles'
+ if params:
+ url += '?%s' % urllib.urlencode(params)
resp, body = self.get(url)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def assign_user_role(self, tenant_id, user_id, role_id):
- """Add roles to a user on a tenant."""
+ def delete_role(self, role_id):
+ """Delete a role.
+
+ Available params: see http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#deleteRole
+ """
+ resp, body = self.delete('OS-KSADM/roles/%s' % str(role_id))
+ self.expected_success(204, resp.status)
+ return resp, body
+
+ def create_user_role_on_project(self, tenant_id, user_id, role_id):
+ """Add roles to a user on a tenant.
+
+ Available params: see
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#grantRoleToUserOnTenant
+ """
resp, body = self.put('/tenants/%s/users/%s/roles/OS-KSADM/%s' %
(tenant_id, user_id, role_id), "")
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def delete_user_role(self, tenant_id, user_id, role_id):
- """Removes a role assignment for a user on a tenant."""
+ def list_user_roles_on_project(self, tenant_id, user_id, **params):
+ """Returns a list of roles assigned to a user for a tenant."""
+ # TODO(gmann): Need to write API-ref link, Bug# 1592711
+ url = '/tenants/%s/users/%s/roles' % (tenant_id, user_id)
+ if params:
+ url += '?%s' % urllib.urlencode(params)
+ resp, body = self.get(url)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
+ def delete_role_from_user_on_project(self, tenant_id, user_id, role_id):
+ """Removes a role assignment for a user on a tenant.
+
+ Available params: see
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#revokeRoleFromUserOnTenant
+ """
resp, body = self.delete('/tenants/%s/users/%s/roles/OS-KSADM/%s' %
(tenant_id, user_id, role_id))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
-
- def list_roles(self):
- """Returns roles."""
- resp, body = self.get('OS-KSADM/roles')
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return rest_client.ResponseBody(resp, body)
diff --git a/tempest/tests/common/test_dynamic_creds.py b/tempest/tests/common/test_dynamic_creds.py
index a7a3a22..e97f65f 100644
--- a/tempest/tests/common/test_dynamic_creds.py
+++ b/tempest/tests/common/test_dynamic_creds.py
@@ -54,7 +54,7 @@
users_client = v2_users_client
token_client_class = token_client.TokenClient
fake_response = fake_identity._fake_v2_response
- assign_role_on_project = 'assign_user_role'
+ assign_role_on_project = 'create_user_role_on_project'
tenants_client_class = tenants_client.TenantsClient
delete_tenant = 'delete_tenant'