Merge "Removal of methods from json/xml network_client files"
diff --git a/tempest/api/compute/admin/test_servers.py b/tempest/api/compute/admin/test_servers.py
index 03b041c..8a5f1a5 100644
--- a/tempest/api/compute/admin/test_servers.py
+++ b/tempest/api/compute/admin/test_servers.py
@@ -118,26 +118,6 @@
                          map(lambda x: x['id'], nonexistent_servers))
 
     @test.attr(type='gate')
-    def test_admin_delete_servers_of_others(self):
-        # Administrator can delete servers of others
-        _, server = self.create_test_server(wait_until='ACTIVE')
-        resp, _ = self.client.delete_server(server['id'])
-        self.assertEqual('204', resp['status'])
-        self.servers_client.wait_for_server_termination(server['id'])
-
-    @test.attr(type='gate')
-    def test_delete_server_while_in_error_state(self):
-        # Delete a server while it's VM state is error
-        resp, server = self.create_test_server(wait_until='ACTIVE')
-        resp, body = self.client.reset_state(server['id'], state='error')
-        self.assertEqual(202, resp.status)
-        # Verify server's state
-        resp, server = self.client.get_server(server['id'])
-        self.assertEqual(server['status'], 'ERROR')
-        resp, _ = self.client.delete_server(server['id'])
-        self.assertEqual('204', resp['status'])
-
-    @test.attr(type='gate')
     def test_reset_state_server(self):
         # Reset server's state to 'error'
         resp, server = self.client.reset_state(self.s1_id)
diff --git a/tempest/api/compute/servers/test_delete_server.py b/tempest/api/compute/servers/test_delete_server.py
index 6a9b996..ec40ce0 100644
--- a/tempest/api/compute/servers/test_delete_server.py
+++ b/tempest/api/compute/servers/test_delete_server.py
@@ -81,5 +81,41 @@
         self.assertEqual('204', resp['status'])
 
 
+class DeleteServersAdminTestJSON(base.BaseV2ComputeAdminTest):
+    # NOTE: Server creations of each test class should be under 10
+    # for preventing "Quota exceeded for instances".
+    _interface = 'json'
+
+    @classmethod
+    def setUpClass(cls):
+        super(DeleteServersAdminTestJSON, cls).setUpClass()
+        cls.non_admin_client = cls.servers_client
+        cls.admin_client = cls.os_adm.servers_client
+
+    @test.attr(type='gate')
+    def test_delete_server_while_in_error_state(self):
+        # Delete a server while it's VM state is error
+        resp, server = self.create_test_server(wait_until='ACTIVE')
+        resp, body = self.admin_client.reset_state(server['id'], state='error')
+        self.assertEqual(202, resp.status)
+        # Verify server's state
+        resp, server = self.non_admin_client.get_server(server['id'])
+        self.assertEqual(server['status'], 'ERROR')
+        resp, _ = self.non_admin_client.delete_server(server['id'])
+        self.assertEqual('204', resp['status'])
+
+    @test.attr(type='gate')
+    def test_admin_delete_servers_of_others(self):
+        # Administrator can delete servers of others
+        resp, server = self.create_test_server(wait_until='ACTIVE')
+        resp, _ = self.admin_client.delete_server(server['id'])
+        self.assertEqual('204', resp['status'])
+        self.servers_client.wait_for_server_termination(server['id'])
+
+
 class DeleteServersTestXML(DeleteServersTestJSON):
     _interface = 'xml'
+
+
+class DeleteServersAdminTestXML(DeleteServersAdminTestJSON):
+    _interface = 'xml'
diff --git a/tempest/api/compute/v3/admin/test_quotas.py b/tempest/api/compute/v3/admin/test_quotas.py
index 1541059..b388b70 100644
--- a/tempest/api/compute/v3/admin/test_quotas.py
+++ b/tempest/api/compute/v3/admin/test_quotas.py
@@ -16,7 +16,6 @@
 from tempest.api.compute import base
 from tempest.common.utils import data_utils
 from tempest import config
-from tempest import exceptions
 from tempest import test
 
 CONF = config.CONF
@@ -111,56 +110,3 @@
         resp, quota_set = self.adm_client.get_quota_set(tenant_id)
         self.assertEqual(200, resp.status)
         self.assertEqual(quota_set['ram'], 5120)
-
-    # TODO(afazekas): Add dedicated tenant to the skiped quota tests
-    # it can be moved into the setUpClass as well
-    @test.attr(type='gate')
-    def test_create_server_when_cpu_quota_is_full(self):
-        # Disallow server creation when tenant's vcpu quota is full
-        resp, quota_set = self.adm_client.get_quota_set(self.demo_tenant_id)
-        default_vcpu_quota = quota_set['cores']
-        vcpu_quota = 0  # Set the quota to zero to conserve resources
-
-        resp, quota_set = self.adm_client.update_quota_set(self.demo_tenant_id,
-                                                           force=True,
-                                                           cores=vcpu_quota)
-
-        self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
-                        cores=default_vcpu_quota)
-        self.assertRaises(exceptions.OverLimit, self.create_test_server)
-
-    @test.attr(type='gate')
-    def test_create_server_when_memory_quota_is_full(self):
-        # Disallow server creation when tenant's memory quota is full
-        resp, quota_set = self.adm_client.get_quota_set(self.demo_tenant_id)
-        default_mem_quota = quota_set['ram']
-        mem_quota = 0  # Set the quota to zero to conserve resources
-
-        self.adm_client.update_quota_set(self.demo_tenant_id,
-                                         force=True,
-                                         ram=mem_quota)
-
-        self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
-                        ram=default_mem_quota)
-        self.assertRaises(exceptions.OverLimit, self.create_test_server)
-
-    @test.attr(type='gate')
-    def test_update_quota_normal_user(self):
-        self.assertRaises(exceptions.Unauthorized,
-                          self.client.update_quota_set,
-                          self.demo_tenant_id,
-                          ram=0)
-
-    @test.attr(type=['negative', 'gate'])
-    def test_create_server_when_instances_quota_is_full(self):
-        # Once instances quota limit is reached, disallow server creation
-        resp, quota_set = self.adm_client.get_quota_set(self.demo_tenant_id)
-        default_instances_quota = quota_set['instances']
-        instances_quota = 0  # Set quota to zero to disallow server creation
-
-        self.adm_client.update_quota_set(self.demo_tenant_id,
-                                         force=True,
-                                         instances=instances_quota)
-        self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
-                        instances=default_instances_quota)
-        self.assertRaises(exceptions.OverLimit, self.create_test_server)
diff --git a/tempest/api/compute/v3/admin/test_quotas_negative.py b/tempest/api/compute/v3/admin/test_quotas_negative.py
new file mode 100644
index 0000000..c9f14f8
--- /dev/null
+++ b/tempest/api/compute/v3/admin/test_quotas_negative.py
@@ -0,0 +1,88 @@
+# Copyright 2013 OpenStack Foundation
+# Copyright 2014 NEC Corporation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.api.compute import base
+from tempest import exceptions
+from tempest import test
+
+
+class QuotasAdminNegativeV3Test(base.BaseV3ComputeAdminTest):
+    _interface = 'json'
+    force_tenant_isolation = True
+
+    @classmethod
+    def setUpClass(cls):
+        super(QuotasAdminNegativeV3Test, cls).setUpClass()
+        cls.client = cls.quotas_client
+        cls.adm_client = cls.quotas_admin_client
+
+        # NOTE(afazekas): these test cases should always create and use a new
+        # tenant most of them should be skipped if we can't do that
+        cls.demo_tenant_id = cls.isolated_creds.get_primary_user().get(
+            'tenantId')
+
+    # TODO(afazekas): Add dedicated tenant to the skiped quota tests
+    # it can be moved into the setUpClass as well
+    @test.attr(type=['negative', 'gate'])
+    def test_create_server_when_cpu_quota_is_full(self):
+        # Disallow server creation when tenant's vcpu quota is full
+        resp, quota_set = self.adm_client.get_quota_set(self.demo_tenant_id)
+        default_vcpu_quota = quota_set['cores']
+        vcpu_quota = 0  # Set the quota to zero to conserve resources
+
+        resp, quota_set = self.adm_client.update_quota_set(self.demo_tenant_id,
+                                                           force=True,
+                                                           cores=vcpu_quota)
+
+        self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
+                        cores=default_vcpu_quota)
+        self.assertRaises(exceptions.OverLimit, self.create_test_server)
+
+    @test.attr(type=['negative', 'gate'])
+    def test_create_server_when_memory_quota_is_full(self):
+        # Disallow server creation when tenant's memory quota is full
+        resp, quota_set = self.adm_client.get_quota_set(self.demo_tenant_id)
+        default_mem_quota = quota_set['ram']
+        mem_quota = 0  # Set the quota to zero to conserve resources
+
+        self.adm_client.update_quota_set(self.demo_tenant_id,
+                                         force=True,
+                                         ram=mem_quota)
+
+        self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
+                        ram=default_mem_quota)
+        self.assertRaises(exceptions.OverLimit, self.create_test_server)
+
+    @test.attr(type=['negative', 'gate'])
+    def test_update_quota_normal_user(self):
+        self.assertRaises(exceptions.Unauthorized,
+                          self.client.update_quota_set,
+                          self.demo_tenant_id,
+                          ram=0)
+
+    @test.attr(type=['negative', 'gate'])
+    def test_create_server_when_instances_quota_is_full(self):
+        # Once instances quota limit is reached, disallow server creation
+        resp, quota_set = self.adm_client.get_quota_set(self.demo_tenant_id)
+        default_instances_quota = quota_set['instances']
+        instances_quota = 0  # Set quota to zero to disallow server creation
+
+        self.adm_client.update_quota_set(self.demo_tenant_id,
+                                         force=True,
+                                         instances=instances_quota)
+        self.addCleanup(self.adm_client.update_quota_set, self.demo_tenant_id,
+                        instances=default_instances_quota)
+        self.assertRaises(exceptions.OverLimit, self.create_test_server)
diff --git a/tempest/api/compute/v3/admin/test_servers.py b/tempest/api/compute/v3/admin/test_servers.py
index 653e498..0dc3dbc 100644
--- a/tempest/api/compute/v3/admin/test_servers.py
+++ b/tempest/api/compute/v3/admin/test_servers.py
@@ -103,26 +103,6 @@
                          map(lambda x: x['id'], nonexistent_servers))
 
     @test.attr(type='gate')
-    def test_admin_delete_servers_of_others(self):
-        # Administrator can delete servers of others
-        _, server = self.create_test_server(wait_until='ACTIVE')
-        resp, _ = self.client.delete_server(server['id'])
-        self.assertEqual('204', resp['status'])
-        self.servers_client.wait_for_server_termination(server['id'])
-
-    @test.attr(type='gate')
-    def test_delete_server_while_in_error_state(self):
-        # Delete a server while it's VM state is error
-        resp, server = self.create_test_server(wait_until='ACTIVE')
-        resp, body = self.client.reset_state(server['id'], state='error')
-        self.assertEqual(202, resp.status)
-        # Verify server's state
-        resp, server = self.client.get_server(server['id'])
-        self.assertEqual(server['status'], 'ERROR')
-        resp, _ = self.client.delete_server(server['id'])
-        self.assertEqual('204', resp['status'])
-
-    @test.attr(type='gate')
     def test_reset_state_server(self):
         # Reset server's state to 'error'
         resp, server = self.client.reset_state(self.s1_id)
diff --git a/tempest/api/compute/v3/servers/test_delete_server.py b/tempest/api/compute/v3/servers/test_delete_server.py
index e98e1b7..f53ab6e 100644
--- a/tempest/api/compute/v3/servers/test_delete_server.py
+++ b/tempest/api/compute/v3/servers/test_delete_server.py
@@ -79,3 +79,35 @@
 
         resp, _ = self.client.delete_server(server['id'])
         self.assertEqual('204', resp['status'])
+
+
+class DeleteServersAdminV3Test(base.BaseV3ComputeAdminTest):
+    # NOTE: Server creations of each test class should be under 10
+    # for preventing "Quota exceeded for instances".
+    _interface = 'json'
+
+    @classmethod
+    def setUpClass(cls):
+        super(DeleteServersAdminV3Test, cls).setUpClass()
+        cls.non_admin_client = cls.servers_client
+        cls.admin_client = cls.servers_admin_client
+
+    @test.attr(type='gate')
+    def test_delete_server_while_in_error_state(self):
+        # Delete a server while it's VM state is error
+        resp, server = self.create_test_server(wait_until='ACTIVE')
+        resp, body = self.admin_client.reset_state(server['id'], state='error')
+        self.assertEqual(202, resp.status)
+        # Verify server's state
+        resp, server = self.non_admin_client.get_server(server['id'])
+        self.assertEqual(server['status'], 'ERROR')
+        resp, _ = self.non_admin_client.delete_server(server['id'])
+        self.assertEqual('204', resp['status'])
+
+    @test.attr(type='gate')
+    def test_admin_delete_servers_of_others(self):
+        # Administrator can delete servers of others
+        resp, server = self.create_test_server(wait_until='ACTIVE')
+        resp, _ = self.admin_client.delete_server(server['id'])
+        self.assertEqual('204', resp['status'])
+        self.servers_client.wait_for_server_termination(server['id'])
diff --git a/tempest/config.py b/tempest/config.py
index e1a19f3..4380608 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -15,6 +15,7 @@
 
 from __future__ import print_function
 
+import logging as std_logging
 import os
 
 from oslo.config import cfg
@@ -876,6 +877,9 @@
             self.compute_admin.password = self.identity.admin_password
             self.compute_admin.tenant_name = self.identity.admin_tenant_name
 
+        if parse_conf:
+            cfg.CONF.log_opt_values(LOG, std_logging.DEBUG)
+
 
 class TempestConfigProxy(object):
     _config = None
diff --git a/tempest/scenario/test_load_balancer_basic.py b/tempest/scenario/test_load_balancer_basic.py
index 2f7d9d9..5bcdacd 100644
--- a/tempest/scenario/test_load_balancer_basic.py
+++ b/tempest/scenario/test_load_balancer_basic.py
@@ -61,12 +61,8 @@
         super(TestLoadBalancerBasic, cls).setUpClass()
         cls.check_preconditions()
         cls.security_groups = {}
-        cls.networks = []
-        cls.subnets = []
         cls.servers_keypairs = {}
-        cls.pools = []
         cls.members = []
-        cls.vips = []
         cls.floating_ips = {}
         cls.port1 = 80
         cls.port2 = 88
@@ -80,21 +76,19 @@
         name = data_utils.rand_name("smoke_server-")
         keypair = self.create_keypair(name='keypair-%s' % name)
         security_groups = [self.security_groups[tenant_id].name]
-        nets = self.network_client.list_networks()
-        for net in nets['networks']:
-            if net['tenant_id'] == self.tenant_id:
-                self.networks.append(net)
-                create_kwargs = {
-                    'nics': [
-                        {'net-id': net['id']},
-                    ],
-                    'key_name': keypair.name,
-                    'security_groups': security_groups,
-                }
-                server = self.create_server(name=name,
-                                            create_kwargs=create_kwargs)
-                self.servers_keypairs[server] = keypair
-                break
+        net = self.list_networks(tenant_id=self.tenant_id)[0]
+        self.network = net_common.DeletableNetwork(client=self.network_client,
+                                                   **net['network'])
+        create_kwargs = {
+            'nics': [
+                {'net-id': self.network.id},
+            ],
+            'key_name': keypair.name,
+            'security_groups': security_groups,
+        }
+        server = self.create_server(name=name,
+                                    create_kwargs=create_kwargs)
+        self.servers_keypairs[server] = keypair
         self.assertTrue(self.servers_keypairs)
 
     def _start_servers(self):
@@ -105,7 +99,7 @@
         for server in self.servers_keypairs.keys():
             ssh_login = config.compute.image_ssh_user
             private_key = self.servers_keypairs[server].private_key
-            network_name = self.networks[0]['name']
+            network_name = self.network.name
 
             ip_address = server.networks[network_name][0]
             ssh_client = ssh.Client(ip_address, ssh_login,
@@ -138,17 +132,15 @@
 
     def _create_pool(self):
         """Create a pool with ROUND_ROBIN algorithm."""
-        subnets = self.network_client.list_subnets()
-        for subnet in subnets['subnets']:
-            if subnet['tenant_id'] == self.tenant_id:
-                self.subnets.append(subnet)
-                pool = super(TestLoadBalancerBasic, self)._create_pool(
-                    'ROUND_ROBIN',
-                    'HTTP',
-                    subnet['id'])
-                self.pools.append(pool)
-                break
-        self.assertTrue(self.pools)
+        # get tenant subnet and verify there's only one
+        subnet = self._list_subnets(tenant_id=self.tenant_id)[0]
+        self.subnet = net_common.DeletableSubnet(client=self.network_client,
+                                                 **subnet['subnet'])
+        self.pool = super(TestLoadBalancerBasic, self)._create_pool(
+            'ROUND_ROBIN',
+            'HTTP',
+            self.subnet.id)
+        self.assertTrue(self.pool)
 
     def _create_members(self, network_name, server_ids):
         """
@@ -161,7 +153,7 @@
         for server in servers:
             if server.id in server_ids:
                 ip = server.networks[network_name][0]
-                pool_id = self.pools[0]['id']
+                pool_id = self.pool.id
                 if len(set(server_ids)) == 1 or len(servers) == 1:
                     member1 = self._create_member(ip, self.port1, pool_id)
                     member2 = self._create_member(ip, self.port2, pool_id)
@@ -173,28 +165,27 @@
 
     def _assign_floating_ip_to_vip(self, vip):
         public_network_id = config.network.public_network_id
-        port_id = vip['port_id']
+        port_id = vip.port_id
         floating_ip = self._create_floating_ip(vip, public_network_id,
                                                port_id=port_id)
-        self.floating_ips.setdefault(vip['id'], [])
-        self.floating_ips[vip['id']].append(floating_ip)
+        self.floating_ips.setdefault(vip.id, [])
+        self.floating_ips[vip.id].append(floating_ip)
 
     def _create_load_balancer(self):
         self._create_pool()
-        self._create_members(self.networks[0]['name'],
+        self._create_members(self.network.name,
                              [self.servers_keypairs.keys()[0].id])
-        subnet_id = self.subnets[0]['id']
-        pool_id = self.pools[0]['id']
-        vip = super(TestLoadBalancerBasic, self)._create_vip('HTTP', 80,
-                                                             subnet_id,
-                                                             pool_id)
-        self.vips.append(vip)
+        subnet_id = self.subnet.id
+        pool_id = self.pool.id
+        self.vip = super(TestLoadBalancerBasic, self)._create_vip('HTTP', 80,
+                                                                  subnet_id,
+                                                                  pool_id)
         self._status_timeout(NeutronRetriever(self.network_client,
                                               self.network_client.vip_path,
                                               net_common.DeletableVip),
-                             self.vips[0]['id'],
+                             self.vip.id,
                              expected_status='ACTIVE')
-        self._assign_floating_ip_to_vip(self.vips[0])
+        self._assign_floating_ip_to_vip(self.vip)
 
     def _check_load_balancing(self):
         """
@@ -204,9 +195,8 @@
            of the requests
         """
 
-        vip = self.vips[0]
-        floating_ip_vip = self.floating_ips[
-            vip['id']][0]['floating_ip_address']
+        vip = self.vip
+        floating_ip_vip = self.floating_ips[vip.id][0]['floating_ip_address']
         self._check_connection(floating_ip_vip)
         resp = []
         for count in range(10):
diff --git a/tempest/scenario/test_network_basic_ops.py b/tempest/scenario/test_network_basic_ops.py
index a4002d4..998a474 100644
--- a/tempest/scenario/test_network_basic_ops.py
+++ b/tempest/scenario/test_network_basic_ops.py
@@ -13,6 +13,7 @@
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
+import collections
 
 from tempest.common import debug
 from tempest.common.utils import data_utils
@@ -24,6 +25,9 @@
 CONF = config.CONF
 LOG = logging.getLogger(__name__)
 
+Floating_IP_tuple = collections.namedtuple('Floating_IP_tuple',
+                                           ['floating_ip', 'server'])
+
 
 class TestNetworkBasicOps(manager.NetworkScenarioTest):
 
@@ -134,7 +138,7 @@
         serv_dict = self._create_server(name, self.network)
         self.servers[serv_dict['server']] = serv_dict['keypair']
         self._check_tenant_network_connectivity()
-        self.floating_ips = {}
+
         self._create_and_associate_floating_ips()
 
     def check_networks(self):
@@ -178,11 +182,6 @@
         self.addCleanup(self.cleanup_wrapper, server)
         return dict(server=server, keypair=keypair)
 
-    def _create_servers(self):
-        for i, network in enumerate(self.networks):
-            name = data_utils.rand_name('server-smoke-%d-' % i)
-            self._create_server(name, network)
-
     def _check_tenant_network_connectivity(self):
         if not CONF.network.tenant_networks_reachable:
             msg = 'Tenant networks not configured to be reachable.'
@@ -207,7 +206,7 @@
         public_network_id = CONF.network.public_network_id
         for server in self.servers.keys():
             floating_ip = self._create_floating_ip(server, public_network_id)
-            self.floating_ips[floating_ip] = server
+            self.floating_ip_tuple = Floating_IP_tuple(floating_ip, server)
             self.addCleanup(self.cleanup_wrapper, floating_ip)
 
     def _check_public_network_connectivity(self, should_connect=True,
@@ -216,16 +215,16 @@
         # key-based authentication by cloud-init.
         ssh_login = CONF.compute.image_ssh_user
         LOG.debug('checking network connections')
+        floating_ip, server = self.floating_ip_tuple
+        ip_address = floating_ip.floating_ip_address
+        private_key = None
+        if should_connect:
+            private_key = self.servers[server].private_key
         try:
-            for floating_ip, server in self.floating_ips.iteritems():
-                ip_address = floating_ip.floating_ip_address
-                private_key = None
-                if should_connect:
-                    private_key = self.servers[server].private_key
-                self._check_vm_connectivity(ip_address,
-                                            ssh_login,
-                                            private_key,
-                                            should_connect=should_connect)
+            self._check_vm_connectivity(ip_address,
+                                        ssh_login,
+                                        private_key,
+                                        should_connect=should_connect)
         except Exception:
             ex_msg = 'Public network connectivity check failed'
             if msg:
@@ -236,18 +235,20 @@
             raise
 
     def _disassociate_floating_ips(self):
-        for floating_ip, server in self.floating_ips.iteritems():
-            self._disassociate_floating_ip(floating_ip)
-            self.floating_ips[floating_ip] = None
+        floating_ip, server = self.floating_ip_tuple
+        self._disassociate_floating_ip(floating_ip)
+        self.floating_ip_tuple = Floating_IP_tuple(
+            floating_ip, None)
 
     def _reassociate_floating_ips(self):
-        for floating_ip in self.floating_ips.keys():
-            name = data_utils.rand_name('new_server-smoke-')
-            # create a new server for the floating ip
-            serv_dict = self._create_server(name, self.network)
-            self.servers[serv_dict['server']] = serv_dict['keypair']
-            self._associate_floating_ip(floating_ip, serv_dict['server'])
-            self.floating_ips[floating_ip] = serv_dict['server']
+        floating_ip, server = self.floating_ip_tuple
+        name = data_utils.rand_name('new_server-smoke-')
+        # create a new server for the floating ip
+        serv_dict = self._create_server(name, self.network)
+        self.servers[serv_dict['server']] = serv_dict['keypair']
+        self._associate_floating_ip(floating_ip, serv_dict['server'])
+        self.floating_ip_tuple = Floating_IP_tuple(
+            floating_ip, serv_dict['server'])
 
     @test.attr(type='smoke')
     @test.services('compute', 'network')
diff --git a/tempest/scenario/test_security_groups_basic_ops.py b/tempest/scenario/test_security_groups_basic_ops.py
index 8e4192d..a26e0cf 100644
--- a/tempest/scenario/test_security_groups_basic_ops.py
+++ b/tempest/scenario/test_security_groups_basic_ops.py
@@ -148,9 +148,6 @@
         cls.check_preconditions()
         # TODO(mnewby) Consider looking up entities as needed instead
         # of storing them as collections on the class.
-        cls.networks = []
-        cls.subnets = []
-        cls.routers = []
         cls.floating_ips = {}
         cls.tenants = {}
         cls.primary_tenant = cls.TenantProperties(cls.tenant_id,
diff --git a/tempest/tests/fake_config.py b/tempest/tests/fake_config.py
index 42237ca..41b0558 100644
--- a/tempest/tests/fake_config.py
+++ b/tempest/tests/fake_config.py
@@ -21,6 +21,9 @@
 
     class fake_identity(object):
         disable_ssl_certificate_validation = True
+        catalog_type = 'identity'
+        uri = 'http://fake_uri.com/auth'
+        uri_v3 = 'http://fake_uri_v3.com/auth'
 
     class fake_default_feature_enabled(object):
         api_extensions = ['all']
diff --git a/tempest/tests/fake_http.py b/tempest/tests/fake_http.py
index ac5f765..a09d5ba 100644
--- a/tempest/tests/fake_http.py
+++ b/tempest/tests/fake_http.py
@@ -17,7 +17,7 @@
 
 class fake_httplib2(object):
 
-    def __init__(self, return_type=None):
+    def __init__(self, return_type=None, *args, **kwargs):
         self.return_type = return_type
 
     def request(self, uri, method="GET", body=None, headers=None,
diff --git a/tempest/tests/fake_identity.py b/tempest/tests/fake_identity.py
new file mode 100644
index 0000000..ea2bd44
--- /dev/null
+++ b/tempest/tests/fake_identity.py
@@ -0,0 +1,156 @@
+# Copyright 2014 IBM Corp.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+
+import httplib2
+import json
+
+
+TOKEN = "fake_token"
+ALT_TOKEN = "alt_fake_token"
+
+# Fake Identity v2 constants
+COMPUTE_ENDPOINTS_V2 = {
+    "endpoints": [
+        {
+            "adminURL": "http://fake_url/api/admin",
+            "region": "NoMatchRegion",
+            "internalURL": "http://fake_url/api/internal",
+            "publicURL": "http://fake_url/api/public"
+        },
+        {
+            "adminURL": "http://fake_url/api/admin",
+            "region": "FakeRegion",
+            "internalURL": "http://fake_url/api/internal",
+            "publicURL": "http://fake_url/api/public"
+        },
+    ],
+    "type": "compute",
+    "name": "nova"
+}
+
+CATALOG_V2 = [COMPUTE_ENDPOINTS_V2, ]
+
+ALT_IDENTITY_V2_RESPONSE = {
+    "access": {
+        "token": {
+            "expires": "2020-01-01T00:00:10Z",
+            "id": ALT_TOKEN,
+            "tenant": {
+                "id": "fake_tenant_id"
+            },
+        },
+        "user": {
+            "id": "fake_user_id",
+        },
+        "serviceCatalog": CATALOG_V2,
+    },
+}
+
+IDENTITY_V2_RESPONSE = {
+    "access": {
+        "token": {
+            "expires": "2020-01-01T00:00:10Z",
+            "id": TOKEN,
+            "tenant": {
+                "id": "fake_tenant_id"
+            },
+        },
+        "user": {
+            "id": "fake_user_id",
+        },
+        "serviceCatalog": CATALOG_V2,
+    },
+}
+
+# Fake Identity V3 constants
+COMPUTE_ENDPOINTS_V3 = {
+    "endpoints": [
+        {
+            "id": "fake_service",
+            "interface": "public",
+            "region": "NoMatchRegion",
+            "url": "http://fake_url/v3"
+        },
+        {
+            "id": "another_fake_service",
+            "interface": "public",
+            "region": "FakeRegion",
+            "url": "http://fake_url/v3"
+        }
+    ],
+    "type": "compute",
+    "id": "fake_compute_endpoint"
+}
+
+CATALOG_V3 = [COMPUTE_ENDPOINTS_V3, ]
+
+IDENTITY_V3_RESPONSE = {
+    "token": {
+        "methods": [
+            "token",
+            "password"
+        ],
+        "expires_at": "2020-01-01T00:00:10.000123Z",
+        "project": {
+            "domain": {
+                "id": "fake_id",
+                "name": "fake"
+            },
+            "id": "project_id",
+            "name": "project_name"
+        },
+        "user": {
+            "domain": {
+                "id": "domain_id",
+                "name": "domain_name"
+            },
+            "id": "fake_user_id",
+            "name": "username"
+        },
+        "issued_at": "2013-05-29T16:55:21.468960Z",
+        "catalog": CATALOG_V3
+    }
+}
+
+ALT_IDENTITY_V3 = IDENTITY_V3_RESPONSE
+
+
+def _fake_v3_response(self, uri, method="GET", body=None, headers=None,
+                      redirections=5, connection_type=None):
+    fake_headers = {
+        "status": "201",
+        "x-subject-token": TOKEN
+    }
+    return (httplib2.Response(fake_headers),
+            json.dumps(IDENTITY_V3_RESPONSE))
+
+
+def _fake_v2_response(self, uri, method="GET", body=None, headers=None,
+                      redirections=5, connection_type=None):
+    return (httplib2.Response({"status": "200"}),
+            json.dumps(IDENTITY_V2_RESPONSE))
+
+
+def _fake_auth_failure_response():
+    # the response body isn't really used in this case, but lets send it anyway
+    # to have a safe check in some future change on the rest client.
+    body = {
+        "unauthorized": {
+            "message": "Unauthorized",
+            "code": "401"
+        }
+    }
+    return httplib2.Response({"status": "401"}), json.dumps(body)
diff --git a/tempest/tests/test_auth.py b/tempest/tests/test_auth.py
new file mode 100644
index 0000000..5346052
--- /dev/null
+++ b/tempest/tests/test_auth.py
@@ -0,0 +1,210 @@
+# Copyright 2014 IBM Corp.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import copy
+
+from tempest import auth
+from tempest.common import http
+from tempest import config
+from tempest import exceptions
+from tempest.openstack.common.fixture import mockpatch
+from tempest.tests import base
+from tempest.tests import fake_config
+from tempest.tests import fake_http
+from tempest.tests import fake_identity
+
+
+class BaseAuthTestsSetUp(base.TestCase):
+    _auth_provider_class = None
+    credentials = {
+        'username': 'fake_user',
+        'password': 'fake_pwd',
+        'tenant_name': 'fake_tenant'
+    }
+
+    def _auth(self, credentials, **params):
+        """
+        returns auth method according to keystone
+        """
+        return self._auth_provider_class(credentials, **params)
+
+    def setUp(self):
+        super(BaseAuthTestsSetUp, self).setUp()
+        self.stubs.Set(config, 'TempestConfigPrivate', fake_config.FakeConfig)
+        self.fake_http = fake_http.fake_httplib2(return_type=200)
+        self.stubs.Set(http.ClosingHttp, 'request', self.fake_http.request)
+        self.auth_provider = self._auth(self.credentials)
+
+
+class TestBaseAuthProvider(BaseAuthTestsSetUp):
+    """
+    This tests auth.AuthProvider class which is base for the other so we
+    obviously don't test not implemented method or the ones which strongly
+    depends on them.
+    """
+    _auth_provider_class = auth.AuthProvider
+
+    def test_check_credentials_is_dict(self):
+        self.assertTrue(self.auth_provider.check_credentials({}))
+
+    def test_check_credentials_bad_type(self):
+        self.assertFalse(self.auth_provider.check_credentials([]))
+
+    def test_instantiate_with_bad_credentials_type(self):
+        """
+        Assure that credentials with bad type fail with TypeError
+        """
+        self.assertRaises(TypeError, self._auth, [])
+
+    def test_auth_data_property(self):
+        self.assertRaises(NotImplementedError, getattr, self.auth_provider,
+                          'auth_data')
+
+    def test_auth_data_property_when_cache_exists(self):
+        self.auth_provider.cache = 'foo'
+        self.useFixture(mockpatch.PatchObject(self.auth_provider,
+                                              'is_expired',
+                                              return_value=False))
+        self.assertEqual('foo', getattr(self.auth_provider, 'auth_data'))
+
+    def test_delete_auth_data_property_through_deleter(self):
+        self.auth_provider.cache = 'foo'
+        del self.auth_provider.auth_data
+        self.assertIsNone(self.auth_provider.cache)
+
+    def test_delete_auth_data_property_through_clear_auth(self):
+        self.auth_provider.cache = 'foo'
+        self.auth_provider.clear_auth()
+        self.assertIsNone(self.auth_provider.cache)
+
+    def test_set_and_reset_alt_auth_data(self):
+        self.auth_provider.set_alt_auth_data('foo', 'bar')
+        self.assertEqual(self.auth_provider.alt_part, 'foo')
+        self.assertEqual(self.auth_provider.alt_auth_data, 'bar')
+
+        self.auth_provider.reset_alt_auth_data()
+        self.assertIsNone(self.auth_provider.alt_part)
+        self.assertIsNone(self.auth_provider.alt_auth_data)
+
+
+class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp):
+    _auth_provider_class = auth.KeystoneV2AuthProvider
+
+    def setUp(self):
+        super(TestKeystoneV2AuthProvider, self).setUp()
+        self.stubs.Set(http.ClosingHttp, 'request',
+                       fake_identity._fake_v2_response)
+        self.target_url = 'test_api'
+
+    def _get_fake_alt_identity(self):
+        return fake_identity.ALT_IDENTITY_V2_RESPONSE['access']
+
+    def _get_result_url_from_fake_identity(self):
+        return fake_identity.COMPUTE_ENDPOINTS_V2['endpoints'][1]['publicURL']
+
+    def _get_token_from_fake_identity(self):
+        return fake_identity.TOKEN
+
+    def _test_request_helper(self):
+        filters = {
+            'service': 'compute',
+            'endpoint_type': 'publicURL',
+            'region': 'fakeRegion'
+        }
+
+        url, headers, body = self.auth_provider.auth_request('GET',
+                                                             self.target_url,
+                                                             filters=filters)
+
+        result_url = self._get_result_url_from_fake_identity()
+        self.assertEqual(url, result_url + '/' + self.target_url)
+        self.assertEqual(self._get_token_from_fake_identity(),
+                         headers['X-Auth-Token'])
+        self.assertEqual(body, None)
+
+    def test_request(self):
+        self._test_request_helper()
+
+    def test_request_with_alt_auth(self):
+        self.auth_provider.set_alt_auth_data(
+            'body',
+            (fake_identity.ALT_TOKEN, self._get_fake_alt_identity()))
+        self._test_request_helper()
+        # Assert alt auth data is clear after it
+        self.assertIsNone(self.auth_provider.alt_part)
+        self.assertIsNone(self.auth_provider.alt_auth_data)
+
+    def test_request_with_bad_service(self):
+        filters = {
+            'service': 'BAD_SERVICE',
+            'endpoint_type': 'publicURL',
+            'region': 'fakeRegion'
+        }
+        self.assertRaises(exceptions.EndpointNotFound,
+                          self.auth_provider.auth_request, 'GET',
+                          'http://fakeurl.com/fake_api', filters=filters)
+
+    def test_request_without_service(self):
+        filters = {
+            'service': None,
+            'endpoint_type': 'publicURL',
+            'region': 'fakeRegion'
+        }
+        self.assertRaises(exceptions.EndpointNotFound,
+                          self.auth_provider.auth_request, 'GET',
+                          'http://fakeurl.com/fake_api', filters=filters)
+
+    def test_check_credentials_missing_attribute(self):
+        for attr in ['username', 'password']:
+            cred = copy.copy(self.credentials)
+            del cred[attr]
+            self.assertFalse(self.auth_provider.check_credentials(cred))
+
+    def test_check_credentials_not_scoped_missing_tenant_name(self):
+        cred = copy.copy(self.credentials)
+        del cred['tenant_name']
+        self.assertTrue(self.auth_provider.check_credentials(cred,
+                                                             scoped=False))
+
+    def test_check_credentials_missing_tenant_name(self):
+        cred = copy.copy(self.credentials)
+        del cred['tenant_name']
+        self.assertFalse(self.auth_provider.check_credentials(cred))
+
+
+class TestKeystoneV3AuthProvider(TestKeystoneV2AuthProvider):
+    _auth_provider_class = auth.KeystoneV3AuthProvider
+    credentials = {
+        'username': 'fake_user',
+        'password': 'fake_pwd',
+        'tenant_name': 'fake_tenant',
+        'domain_name': 'fake_domain_name',
+    }
+
+    def setUp(self):
+        super(TestKeystoneV3AuthProvider, self).setUp()
+        self.stubs.Set(http.ClosingHttp, 'request',
+                       fake_identity._fake_v3_response)
+
+    def _get_fake_alt_identity(self):
+        return fake_identity.ALT_IDENTITY_V3['token']
+
+    def _get_result_url_from_fake_identity(self):
+        return fake_identity.COMPUTE_ENDPOINTS_V3['endpoints'][1]['url']
+
+    def test_check_credentials_missing_tenant_name(self):
+        cred = copy.copy(self.credentials)
+        del cred['domain_name']
+        self.assertFalse(self.auth_provider.check_credentials(cred))