blob: 1574ab772566d7d902042527a08eae7518a7b379 [file] [log] [blame]
# Copyright 2015 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.api.identity import base
from tempest.lib import exceptions as lib_exc
from tempest import test
class IdentityV3ProjectsTest(base.BaseIdentityV3Test):
credentials = ['primary', 'alt']
@test.idempotent_id('86128d46-e170-4644-866a-cc487f699e1d')
def test_list_projects_returns_only_authorized_projects(self):
alt_project_name =\
self.alt_manager.credentials.credentials.project_name
resp = self.non_admin_users_client.list_user_projects(
self.os.credentials.user_id)
# check that user can see only that projects that he presents in so
# user can successfully authenticate using his credentials and
# project name from received projects list
for project in resp['projects']:
# 'user_domain_id' needs to be specified otherwise tempest.lib
# assumes it to be 'default'
token_id, body = self.non_admin_token.get_token(
username=self.os.credentials.username,
user_domain_id=self.os.credentials.user_domain_id,
password=self.os.credentials.password,
project_name=project['name'],
project_domain_id=project['domain_id'],
auth_data=True)
self.assertNotEmpty(token_id)
self.assertEqual(body['project']['id'], project['id'])
self.assertEqual(body['project']['name'], project['name'])
self.assertEqual(body['user']['id'], self.os.credentials.user_id)
# check that user cannot log in to alt user's project
self.assertRaises(
lib_exc.Unauthorized,
self.non_admin_token.get_token,
username=self.os.credentials.username,
user_domain_id=self.os.credentials.user_domain_id,
password=self.os.credentials.password,
project_name=alt_project_name,
project_domain_id=project['domain_id'])