Non-admin token tests for Keystone API
Adds non-admin token tests for Keystone/identity API. Work in
support of adding Defcore/interop capabilities for identity.
Currently only supports get token for v2 and v3.
Depends-On: I06fd043e1b31ae0e5e33f4dcf898fb58f2907267
Change-Id: I2134e5694fdbab13b4b19205ecba5711dbac0c25
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index 882ef98..db6bdba 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -19,6 +19,7 @@
from tempest import clients
from tempest.common import cred_provider
+from tempest.common import credentials
from tempest import config
import tempest.test
@@ -26,13 +27,7 @@
LOG = logging.getLogger(__name__)
-class BaseIdentityAdminTest(tempest.test.BaseTestCase):
-
- @classmethod
- def setup_credentials(cls):
- super(BaseIdentityAdminTest, cls).setup_credentials()
- cls.os = cls.get_client_manager()
- cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
+class BaseIdentityTest(tempest.test.BaseTestCase):
@classmethod
def disable_user(cls, user_name):
@@ -69,24 +64,55 @@
return role[0]
-class BaseIdentityV2AdminTest(BaseIdentityAdminTest):
+class BaseIdentityV2Test(BaseIdentityTest):
+
+ @classmethod
+ def setup_credentials(cls):
+ super(BaseIdentityV2Test, cls).setup_credentials()
+ cls.os = cls.get_client_manager(identity_version='v2')
@classmethod
def skip_checks(cls):
- super(BaseIdentityV2AdminTest, cls).skip_checks()
+ super(BaseIdentityV2Test, cls).skip_checks()
if not CONF.identity_feature_enabled.api_v2:
raise cls.skipException("Identity api v2 is not enabled")
@classmethod
def setup_clients(cls):
+ super(BaseIdentityV2Test, cls).setup_clients()
+ cls.non_admin_client = cls.os.identity_client
+ cls.non_admin_token_client = cls.os.token_client
+
+ @classmethod
+ def resource_setup(cls):
+ super(BaseIdentityV2Test, cls).resource_setup()
+
+ @classmethod
+ def resource_cleanup(cls):
+ super(BaseIdentityV2Test, cls).resource_cleanup()
+
+
+class BaseIdentityV2AdminTest(BaseIdentityV2Test):
+
+ @classmethod
+ def setup_credentials(cls):
+ super(BaseIdentityV2AdminTest, cls).setup_credentials()
+ cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
+
+ @classmethod
+ def skip_checks(cls):
+ if not credentials.is_admin_available():
+ raise cls.skipException('v2 Admin auth disabled')
+ super(BaseIdentityV2AdminTest, cls).skip_checks()
+
+ @classmethod
+ def setup_clients(cls):
super(BaseIdentityV2AdminTest, cls).setup_clients()
cls.client = cls.os_adm.identity_client
cls.token_client = cls.os_adm.token_client
if not cls.client.has_admin_extensions():
raise cls.skipException("Admin extensions disabled")
- cls.non_admin_client = cls.os.identity_client
-
@classmethod
def resource_setup(cls):
super(BaseIdentityV2AdminTest, cls).resource_setup()
@@ -98,27 +124,59 @@
super(BaseIdentityV2AdminTest, cls).resource_cleanup()
-class BaseIdentityV3AdminTest(BaseIdentityAdminTest):
+class BaseIdentityV3Test(BaseIdentityTest):
+
+ @classmethod
+ def setup_credentials(cls):
+ super(BaseIdentityV3Test, cls).setup_credentials()
+ cls.os = cls.get_client_manager(identity_version='v3')
@classmethod
def skip_checks(cls):
- super(BaseIdentityV3AdminTest, cls).skip_checks()
+ super(BaseIdentityV3Test, cls).skip_checks()
if not CONF.identity_feature_enabled.api_v3:
raise cls.skipException("Identity api v3 is not enabled")
@classmethod
def setup_clients(cls):
+ super(BaseIdentityV3Test, cls).setup_clients()
+ cls.non_admin_client = cls.os.identity_v3_client
+ cls.non_admin_token = cls.os.token_v3_client
+ cls.non_admin_endpoints_client = cls.os.endpoints_client
+ cls.non_admin_region_client = cls.os.region_client
+ cls.non_admin_service_client = cls.os.service_client
+ cls.non_admin_policy_client = cls.os.policy_client
+ cls.non_admin_creds_client = cls.os.credentials_client
+
+ @classmethod
+ def resource_cleanup(cls):
+ super(BaseIdentityV3Test, cls).resource_cleanup()
+
+
+class BaseIdentityV3AdminTest(BaseIdentityV3Test):
+
+ @classmethod
+ def setup_credentials(cls):
+ super(BaseIdentityV3AdminTest, cls).setup_credentials()
+ cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
+
+ @classmethod
+ def skip_checks(cls):
+ if not credentials.is_admin_available():
+ raise cls.skipException('v3 Admin auth disabled')
+ super(BaseIdentityV3AdminTest, cls).skip_checks()
+
+ @classmethod
+ def setup_clients(cls):
super(BaseIdentityV3AdminTest, cls).setup_clients()
cls.client = cls.os_adm.identity_v3_client
cls.token = cls.os_adm.token_v3_client
cls.endpoints_client = cls.os_adm.endpoints_client
cls.region_client = cls.os_adm.region_client
cls.data = DataGenerator(cls.client)
- cls.non_admin_client = cls.os.identity_v3_client
cls.service_client = cls.os_adm.service_client
cls.policy_client = cls.os_adm.policy_client
cls.creds_client = cls.os_adm.credentials_client
- cls.non_admin_client = cls.os.identity_v3_client
@classmethod
def resource_cleanup(cls):
diff --git a/tempest/api/identity/v2/__init__.py b/tempest/api/identity/v2/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tempest/api/identity/v2/__init__.py
diff --git a/tempest/api/identity/v2/test_tokens.py b/tempest/api/identity/v2/test_tokens.py
new file mode 100644
index 0000000..5a8afa0
--- /dev/null
+++ b/tempest/api/identity/v2/test_tokens.py
@@ -0,0 +1,38 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class TokensTest(base.BaseIdentityV2Test):
+
+ @test.idempotent_id('65ae3b78-91ff-467b-a705-f6678863b8ec')
+ def test_create_token(self):
+
+ token_client = self.non_admin_token_client
+
+ # get a token for the user
+ creds = self.os.credentials
+ username = creds.username
+ password = creds.password
+ tenant_name = creds.tenant_name
+
+ body = token_client.auth(username,
+ password,
+ tenant_name)
+
+ self.assertEqual(body['token']['tenant']['name'],
+ tenant_name)
diff --git a/tempest/api/identity/v3/__init__.py b/tempest/api/identity/v3/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tempest/api/identity/v3/__init__.py
diff --git a/tempest/api/identity/v3/test_tokens.py b/tempest/api/identity/v3/test_tokens.py
new file mode 100644
index 0000000..ab4a09f
--- /dev/null
+++ b/tempest/api/identity/v3/test_tokens.py
@@ -0,0 +1,33 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class TokensV3Test(base.BaseIdentityV3Test):
+
+ @test.idempotent_id('6f8e4436-fc96-4282-8122-e41df57197a9')
+ def test_create_token(self):
+
+ creds = self.os.credentials
+ user_id = creds.user_id
+ username = creds.username
+ password = creds.password
+ resp = self.non_admin_token.auth(user_id=user_id,
+ password=password)
+
+ subject_name = resp['token']['user']['name']
+ self.assertEqual(subject_name, username)