Make identity v2 roles_client use **kwargs
As we discussed on
http://lists.openstack.org/pipermail/openstack-dev/2015-July/068864.html
All http POST/PUT methods need to contain **kwargs as their arguments.
This patch makes identity v2 roles_client use **kwargs.
Also rename some method to match the consistency and later those
can match with v3 clients methods naming and we can remove many wrapper
method exist currently to call v2 and v3 methods.
Partially implements blueprint consistent-service-method-names
Change-Id: I88153db1649ef890786b1354180e528fb3f3dc25
diff --git a/tempest/api/identity/admin/v2/test_roles.py b/tempest/api/identity/admin/v2/test_roles.py
index 5847129..0924619 100644
--- a/tempest/api/identity/admin/v2/test_roles.py
+++ b/tempest/api/identity/admin/v2/test_roles.py
@@ -84,28 +84,30 @@
def test_assign_user_role(self):
"""Assign a role to a user on a tenant."""
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles(tenant['id'],
- user['id'])['roles']
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ roles = self.roles_client.list_user_roles_on_project(
+ tenant['id'], user['id'])['roles']
self.assert_role_in_role_list(role, roles)
@test.idempotent_id('f0b9292c-d3ba-4082-aa6c-440489beef69')
def test_remove_user_role(self):
"""Remove a role assigned to a user on a tenant."""
(user, tenant, role) = self._get_role_params()
- user_role = self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])['role']
- self.roles_client.delete_user_role(tenant['id'], user['id'],
- user_role['id'])
+ user_role = self.roles_client.create_user_role_on_project(
+ tenant['id'], user['id'], role['id'])['role']
+ self.roles_client.delete_role_from_user_on_project(tenant['id'],
+ user['id'],
+ user_role['id'])
@test.idempotent_id('262e1e3e-ed71-4edd-a0e5-d64e83d66d05')
def test_list_user_roles(self):
"""List roles assigned to a user on tenant."""
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- roles = self.roles_client.list_user_roles(tenant['id'],
- user['id'])['roles']
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ roles = self.roles_client.list_user_roles_on_project(
+ tenant['id'], user['id'])['roles']
self.assert_role_in_role_list(role, roles)
diff --git a/tempest/api/identity/admin/v2/test_roles_negative.py b/tempest/api/identity/admin/v2/test_roles_negative.py
index fd56285..770bb14 100644
--- a/tempest/api/identity/admin/v2/test_roles_negative.py
+++ b/tempest/api/identity/admin/v2/test_roles_negative.py
@@ -123,9 +123,10 @@
# Non-administrator user should not be authorized to
# assign a role to user
(user, tenant, role) = self._get_role_params()
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.assign_user_role,
- tenant['id'], user['id'], role['id'])
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.non_admin_roles_client.create_user_role_on_project,
+ tenant['id'], user['id'], role['id'])
@test.attr(type=['negative'])
@test.idempotent_id('f0d2683c-5603-4aee-95d7-21420e87cfd8')
@@ -134,9 +135,10 @@
(user, tenant, role) = self._get_role_params()
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.assign_user_role, tenant['id'],
- user['id'], role['id'])
+ self.assertRaises(
+ lib_exc.Unauthorized,
+ self.roles_client.create_user_role_on_project, tenant['id'],
+ user['id'], role['id'])
self.client.auth_provider.clear_auth()
@test.attr(type=['negative'])
@@ -145,7 +147,8 @@
# Attempt to assign a non existent role to user should fail
(user, tenant, role) = self._get_role_params()
non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.assign_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.create_user_role_on_project,
tenant['id'], user['id'], non_existent_role)
@test.attr(type=['negative'])
@@ -154,7 +157,8 @@
# Attempt to assign a role on a non existent tenant should fail
(user, tenant, role) = self._get_role_params()
non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.assign_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.create_user_role_on_project,
non_existent_tenant, user['id'], role['id'])
@test.attr(type=['negative'])
@@ -162,9 +166,11 @@
def test_assign_duplicate_user_role(self):
# Duplicate user role should not get assigned
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- self.assertRaises(lib_exc.Conflict, self.roles_client.assign_user_role,
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(lib_exc.Conflict,
+ self.roles_client.create_user_role_on_project,
tenant['id'], user['id'], role['id'])
@test.attr(type=['negative'])
@@ -173,26 +179,27 @@
# Non-administrator user should not be authorized to
# remove a user's role
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.delete_user_role,
- tenant['id'], user['id'], role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.non_admin_roles_client.delete_role_from_user_on_project,
+ tenant['id'], user['id'], role['id'])
@test.attr(type=['negative'])
@test.idempotent_id('cac81cf4-c1d2-47dc-90d3-f2b7eb572286')
def test_remove_user_role_request_without_token(self):
# Request to remove a user's role without a valid token
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.delete_user_role, tenant['id'],
- user['id'], role['id'])
+ self.roles_client.delete_role_from_user_on_project,
+ tenant['id'], user['id'], role['id'])
self.client.auth_provider.clear_auth()
@test.attr(type=['negative'])
@@ -200,11 +207,12 @@
def test_remove_user_role_non_existent_role(self):
# Attempt to delete a non existent role from a user should fail
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
non_existent_role = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.delete_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.delete_role_from_user_on_project,
tenant['id'], user['id'], non_existent_role)
@test.attr(type=['negative'])
@@ -212,11 +220,12 @@
def test_remove_user_role_non_existent_tenant(self):
# Attempt to remove a role from a non existent tenant should fail
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'],
- user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
non_existent_tenant = data_utils.rand_uuid_hex()
- self.assertRaises(lib_exc.NotFound, self.roles_client.delete_user_role,
+ self.assertRaises(lib_exc.NotFound,
+ self.roles_client.delete_role_from_user_on_project,
non_existent_tenant, user['id'], role['id'])
@test.attr(type=['negative'])
@@ -225,11 +234,13 @@
# Non-administrator user should not be authorized to list
# a user's roles
(user, tenant, role) = self._get_role_params()
- self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])
- self.assertRaises(lib_exc.Forbidden,
- self.non_admin_roles_client.list_user_roles,
- tenant['id'], user['id'])
+ self.roles_client.create_user_role_on_project(tenant['id'],
+ user['id'],
+ role['id'])
+ self.assertRaises(
+ lib_exc.Forbidden,
+ self.non_admin_roles_client.list_user_roles_on_project,
+ tenant['id'], user['id'])
@test.attr(type=['negative'])
@test.idempotent_id('682adfb2-fd5f-4b0a-a9ca-322e9bebb907')
@@ -240,7 +251,8 @@
self.client.delete_token(token)
try:
self.assertRaises(lib_exc.Unauthorized,
- self.roles_client.list_user_roles, tenant['id'],
+ self.roles_client.list_user_roles_on_project,
+ tenant['id'],
user['id'])
finally:
self.client.auth_provider.clear_auth()
diff --git a/tempest/api/identity/admin/v2/test_tokens.py b/tempest/api/identity/admin/v2/test_tokens.py
index 1675126..5cf337b 100644
--- a/tempest/api/identity/admin/v2/test_tokens.py
+++ b/tempest/api/identity/admin/v2/test_tokens.py
@@ -87,11 +87,13 @@
self.data.roles.append(role)
# Grant the user the role on the tenants.
- self.roles_client.assign_user_role(tenant1['id'], user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant1['id'],
+ user['id'],
+ role['id'])
- self.roles_client.assign_user_role(tenant2['id'], user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(tenant2['id'],
+ user['id'],
+ role['id'])
# Get an unscoped token.
body = self.token_client.auth(user_name, user_password)
diff --git a/tempest/api/identity/admin/v2/test_users.py b/tempest/api/identity/admin/v2/test_users.py
index 0f783b3..167cbc7 100644
--- a/tempest/api/identity/admin/v2/test_users.py
+++ b/tempest/api/identity/admin/v2/test_users.py
@@ -181,8 +181,8 @@
user_ids = list()
fetched_user_ids = list()
user_ids.append(user['id'])
- role = self.roles_client.assign_user_role(tenant['id'], user['id'],
- role['id'])['role']
+ role = self.roles_client.create_user_role_on_project(
+ tenant['id'], user['id'], role['id'])['role']
alt_user2 = data_utils.rand_name('second_user')
alt_password2 = data_utils.rand_password()
@@ -193,9 +193,8 @@
email='user2@123')['user']
user_ids.append(second_user['id'])
self.data.users.append(second_user)
- role = self.roles_client.assign_user_role(tenant['id'],
- second_user['id'],
- role['id'])['role']
+ role = self.roles_client.create_user_role_on_project(
+ tenant['id'], second_user['id'], role['id'])['role']
# List of users with roles for the respective tenant ID
body = (self.tenants_client.list_tenant_users(self.data.tenant['id'])
['users'])
diff --git a/tempest/cmd/cleanup.py b/tempest/cmd/cleanup.py
index e8e691e..289650f 100644
--- a/tempest/cmd/cleanup.py
+++ b/tempest/cmd/cleanup.py
@@ -232,15 +232,16 @@
def _add_admin(self, tenant_id):
rl_cl = self.admin_mgr.roles_client
needs_role = True
- roles = rl_cl.list_user_roles(tenant_id, self.admin_id)['roles']
+ roles = rl_cl.list_user_roles_on_project(tenant_id,
+ self.admin_id)['roles']
for role in roles:
if role['id'] == self.admin_role_id:
needs_role = False
LOG.debug("User already had admin privilege for this tenant")
if needs_role:
LOG.debug("Adding admin privilege for : %s" % tenant_id)
- rl_cl.assign_user_role(tenant_id, self.admin_id,
- self.admin_role_id)
+ rl_cl.create_user_role_on_project(tenant_id, self.admin_id,
+ self.admin_role_id)
self.admin_role_added.append(tenant_id)
def _remove_admin_role(self, tenant_id):
@@ -250,8 +251,9 @@
id_cl = credentials.AdminManager().identity_client
if (self._tenant_exists(tenant_id)):
try:
- id_cl.delete_user_role(tenant_id, self.admin_id,
- self.admin_role_id)
+ id_cl.delete_role_from_user_on_project(tenant_id,
+ self.admin_id,
+ self.admin_role_id)
except Exception as ex:
LOG.exception("Failed removing role from tenant which still"
"exists, exception: %s" % ex)
diff --git a/tempest/cmd/javelin.py b/tempest/cmd/javelin.py
index 3d57c35..08ad94f 100755
--- a/tempest/cmd/javelin.py
+++ b/tempest/cmd/javelin.py
@@ -361,7 +361,7 @@
role = next(r for r in roles if r['name'] == swift_role)
LOG.debug(USERS[user])
try:
- admin.roles.assign_user_role(
+ admin.roles.create_user_role_on_project(
USERS[user]['tenant_id'],
USERS[user]['id'],
role['id'])
diff --git a/tempest/common/cred_client.py b/tempest/common/cred_client.py
index 48d81ca..2ca9f40 100644
--- a/tempest/common/cred_client.py
+++ b/tempest/common/cred_client.py
@@ -129,8 +129,9 @@
password=password)
def _assign_user_role(self, project, user, role):
- self.roles_client.assign_user_role(project['id'], user['id'],
- role['id'])
+ self.roles_client.create_user_role_on_project(project['id'],
+ user['id'],
+ role['id'])
class V3CredsClient(CredsClient):
diff --git a/tempest/services/identity/v2/json/roles_client.py b/tempest/services/identity/v2/json/roles_client.py
index acd97c6..d2d29a3 100644
--- a/tempest/services/identity/v2/json/roles_client.py
+++ b/tempest/services/identity/v2/json/roles_client.py
@@ -11,6 +11,7 @@
# under the License.
from oslo_serialization import jsonutils as json
+from six.moves.urllib import parse as urllib
from tempest.lib.common import rest_client
@@ -30,45 +31,77 @@
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def show_role(self, role_id):
- """Get a role by its id."""
- resp, body = self.get('OS-KSADM/roles/%s' % role_id)
+ def show_role(self, role_id_or_name):
+ """Get a role by its id or name.
+
+ Available params: see
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#showRoleByID
+ OR
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#showRoleByName
+ """
+ resp, body = self.get('OS-KSADM/roles/%s' % role_id_or_name)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def delete_role(self, role_id):
- """Delete a role."""
- resp, body = self.delete('OS-KSADM/roles/%s' % str(role_id))
- self.expected_success(204, resp.status)
- return resp, body
+ def list_roles(self, **params):
+ """Returns roles.
- def list_user_roles(self, tenant_id, user_id):
- """Returns a list of roles assigned to a user for a tenant."""
- url = '/tenants/%s/users/%s/roles' % (tenant_id, user_id)
+ Available params: see http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#listRoles
+ """
+ url = 'OS-KSADM/roles'
+ if params:
+ url += '?%s' % urllib.urlencode(params)
resp, body = self.get(url)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def assign_user_role(self, tenant_id, user_id, role_id):
- """Add roles to a user on a tenant."""
+ def delete_role(self, role_id):
+ """Delete a role.
+
+ Available params: see http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#deleteRole
+ """
+ resp, body = self.delete('OS-KSADM/roles/%s' % str(role_id))
+ self.expected_success(204, resp.status)
+ return resp, body
+
+ def create_user_role_on_project(self, tenant_id, user_id, role_id):
+ """Add roles to a user on a tenant.
+
+ Available params: see
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#grantRoleToUserOnTenant
+ """
resp, body = self.put('/tenants/%s/users/%s/roles/OS-KSADM/%s' %
(tenant_id, user_id, role_id), "")
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def delete_user_role(self, tenant_id, user_id, role_id):
- """Removes a role assignment for a user on a tenant."""
+ def list_user_roles_on_project(self, tenant_id, user_id, **params):
+ """Returns a list of roles assigned to a user for a tenant."""
+ # TODO(gmann): Need to write API-ref link, Bug# 1592711
+ url = '/tenants/%s/users/%s/roles' % (tenant_id, user_id)
+ if params:
+ url += '?%s' % urllib.urlencode(params)
+ resp, body = self.get(url)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return rest_client.ResponseBody(resp, body)
+
+ def delete_role_from_user_on_project(self, tenant_id, user_id, role_id):
+ """Removes a role assignment for a user on a tenant.
+
+ Available params: see
+ http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#revokeRoleFromUserOnTenant
+ """
resp, body = self.delete('/tenants/%s/users/%s/roles/OS-KSADM/%s' %
(tenant_id, user_id, role_id))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
-
- def list_roles(self):
- """Returns roles."""
- resp, body = self.get('OS-KSADM/roles')
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return rest_client.ResponseBody(resp, body)
diff --git a/tempest/tests/common/test_dynamic_creds.py b/tempest/tests/common/test_dynamic_creds.py
index a7a3a22..e97f65f 100644
--- a/tempest/tests/common/test_dynamic_creds.py
+++ b/tempest/tests/common/test_dynamic_creds.py
@@ -54,7 +54,7 @@
users_client = v2_users_client
token_client_class = token_client.TokenClient
fake_response = fake_identity._fake_v2_response
- assign_role_on_project = 'assign_user_role'
+ assign_role_on_project = 'create_user_role_on_project'
tenants_client_class = tenants_client.TenantsClient
delete_tenant = 'delete_tenant'