Test cases for Roles V3 Actions
This submission adds 'test_roles.py' test script with test cases
so as to verify the functionality of all 'role' actions available
in V3 keystone api. And also with required support functions in
identity_client.py of both JSON/XML interfaces
Change-Id: I79f0a68ab62e7d86b5789e5e6f938621b35cf70b
Implements: blueprint keystone-v3-roles-test
diff --git a/tempest/api/identity/admin/v3/test_roles.py b/tempest/api/identity/admin/v3/test_roles.py
new file mode 100644
index 0000000..cab84c0
--- /dev/null
+++ b/tempest/api/identity/admin/v3/test_roles.py
@@ -0,0 +1,170 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.identity import base
+from tempest.common.utils.data_utils import rand_name
+from tempest.test import attr
+
+
+class RolesV3TestJSON(base.BaseIdentityAdminTest):
+ _interface = 'json'
+
+ @classmethod
+ def setUpClass(cls):
+ super(RolesV3TestJSON, cls).setUpClass()
+ cls.fetched_role_ids = list()
+ u_name = rand_name('user-')
+ u_desc = '%s description' % u_name
+ u_email = '%s@testmail.tm' % u_name
+ u_password = rand_name('pass-')
+ resp = [None] * 5
+ resp[0], cls.project = cls.v3_client.create_project(
+ rand_name('project-'), description=rand_name('project-desc-'))
+ resp[1], cls.domain = cls.v3_client.create_domain(
+ rand_name('domain-'), description=rand_name('domain-desc-'))
+ resp[2], cls.group_body = cls.v3_client.create_group(
+ rand_name('Group-'), project_id=cls.project['id'],
+ domain_id=cls.domain['id'])
+ resp[3], cls.user_body = cls.v3_client.create_user(
+ u_name, description=u_desc, password=u_password,
+ email=u_email, project_id=cls.project['id'],
+ domain_id=cls.domain['id'])
+ resp[4], cls.role = cls.v3_client.create_role(rand_name('Role-'))
+ for r in resp:
+ assert r['status'] == '201', "Expected: %s" % r['status']
+
+ @classmethod
+ def tearDownClass(cls):
+ resp = [None] * 5
+ resp[0], _ = cls.v3_client.delete_role(cls.role['id'])
+ resp[1], _ = cls.v3_client.delete_group(cls.group_body['id'])
+ resp[2], _ = cls.v3_client.delete_user(cls.user_body['id'])
+ resp[3], _ = cls.v3_client.delete_project(cls.project['id'])
+ #NOTE(harika-vakadi): It is necessary to disable the domian
+ # before deleting,or else it would result in unauthorized error
+ cls.v3_client.update_domain(cls.domain['id'], enabled=False)
+ resp[4], _ = cls.v3_client.delete_domain(cls.domain['id'])
+ for r in resp:
+ assert r['status'] == '204', "Expected: %s" % r['status']
+ super(RolesV3TestJSON, cls).tearDownClass()
+
+ def _list_assertions(self, resp, body, fetched_role_ids, role_id):
+ self.assertEqual(resp['status'], '200')
+ self.assertEqual(len(body), 1)
+ self.assertIn(role_id, fetched_role_ids)
+
+ @attr(type='smoke')
+ def test_role_create_update_get(self):
+ r_name = rand_name('Role-')
+ resp, role = self.v3_client.create_role(r_name)
+ self.addCleanup(self.v3_client.delete_role, role['id'])
+ self.assertEqual(resp['status'], '201')
+ self.assertIn('name', role)
+ self.assertEqual(role['name'], r_name)
+
+ new_name = rand_name('NewRole-')
+ resp, updated_role = self.v3_client.update_role(new_name, role['id'])
+ self.assertEqual(resp['status'], '200')
+ self.assertIn('name', updated_role)
+ self.assertIn('id', updated_role)
+ self.assertIn('links', updated_role)
+ self.assertNotEqual(r_name, updated_role['name'])
+
+ resp, new_role = self.v3_client.get_role(role['id'])
+ self.assertEqual(resp['status'], '200')
+ self.assertEqual(new_name, new_role['name'])
+ self.assertEqual(updated_role['id'], new_role['id'])
+
+ @attr(type='smoke')
+ def test_grant_list_revoke_role_to_user_on_project(self):
+ resp, _ = self.v3_client.assign_user_role_on_project(
+ self.project['id'], self.user_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+ resp, roles = self.v3_client.list_user_roles_on_project(
+ self.project['id'], self.user_body['id'])
+
+ for i in roles:
+ self.fetched_role_ids.append(i['id'])
+
+ self._list_assertions(resp, roles, self.fetched_role_ids,
+ self.role['id'])
+
+ resp, _ = self.v3_client.revoke_role_from_user_on_project(
+ self.project['id'], self.user_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+ @attr(type='smoke')
+ def test_grant_list_revoke_role_to_user_on_domain(self):
+ resp, _ = self.v3_client.assign_user_role_on_domain(
+ self.domain['id'], self.user_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+ resp, roles = self.v3_client.list_user_roles_on_domain(
+ self.domain['id'], self.user_body['id'])
+
+ for i in roles:
+ self.fetched_role_ids.append(i['id'])
+
+ self._list_assertions(resp, roles, self.fetched_role_ids,
+ self.role['id'])
+
+ resp, _ = self.v3_client.revoke_role_from_user_on_domain(
+ self.domain['id'], self.user_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+ @attr(type='smoke')
+ def test_grant_list_revoke_role_to_group_on_project(self):
+ resp, _ = self.v3_client.assign_group_role_on_project(
+ self.project['id'], self.group_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+ resp, roles = self.v3_client.list_group_roles_on_project(
+ self.project['id'], self.group_body['id'])
+
+ for i in roles:
+ self.fetched_role_ids.append(i['id'])
+
+ self._list_assertions(resp, roles, self.fetched_role_ids,
+ self.role['id'])
+
+ resp, _ = self.v3_client.revoke_role_from_group_on_project(
+ self.project['id'], self.group_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+ @attr(type='smoke')
+ def test_grant_list_revoke_role_to_group_on_domain(self):
+ resp, _ = self.v3_client.assign_group_role_on_domain(
+ self.domain['id'], self.group_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+ resp, roles = self.v3_client.list_group_roles_on_domain(
+ self.domain['id'], self.group_body['id'])
+
+ for i in roles:
+ self.fetched_role_ids.append(i['id'])
+
+ self._list_assertions(resp, roles, self.fetched_role_ids,
+ self.role['id'])
+
+ resp, _ = self.v3_client.revoke_role_from_group_on_domain(
+ self.domain['id'], self.group_body['id'], self.role['id'])
+ self.assertEqual(resp['status'], '204')
+
+
+class RolesV3TestXML(RolesV3TestJSON):
+ _interface = 'xml'
diff --git a/tempest/services/identity/v3/json/identity_client.py b/tempest/services/identity/v3/json/identity_client.py
index 56a1a72..0a56e84 100644
--- a/tempest/services/identity/v3/json/identity_client.py
+++ b/tempest/services/identity/v3/json/identity_client.py
@@ -63,11 +63,12 @@
def update_user(self, user_id, name, **kwargs):
"""Updates a user."""
- email = kwargs.get('email', None)
- en = kwargs.get('enabled', True)
- project_id = kwargs.get('project_id', None)
- description = kwargs.get('description', None)
- domain_id = kwargs.get('domain_id', 'default')
+ resp, body = self.get_user(user_id)
+ email = kwargs.get('email', body['email'])
+ en = kwargs.get('enabled', body['enabled'])
+ project_id = kwargs.get('project_id', body['project_id'])
+ description = kwargs.get('description', body['description'])
+ domain_id = kwargs.get('domain_id', body['domain_id'])
post_body = {
'name': name,
'email': email,
@@ -149,6 +150,17 @@
body = json.loads(body)
return resp, body['role']
+ def update_role(self, name, role_id):
+ """Create a Role."""
+ post_body = {
+ 'name': name
+ }
+ post_body = json.dumps({'role': post_body})
+ resp, body = self.patch('roles/%s' % str(role_id), post_body,
+ self.headers)
+ body = json.loads(body)
+ return resp, body['role']
+
def delete_role(self, role_id):
"""Delete a role."""
resp, body = self.delete('roles/%s' % str(role_id))
@@ -222,6 +234,107 @@
resp, body = self.delete("auth/tokens", headers=headers)
return resp, body
+ def create_group(self, name, **kwargs):
+ """Creates a group."""
+ description = kwargs.get('description', None)
+ domain_id = kwargs.get('domain_id', 'default')
+ project_id = kwargs.get('project_id', None)
+ post_body = {
+ 'description': description,
+ 'domain_id': domain_id,
+ 'project_id': project_id,
+ 'name': name
+ }
+ post_body = json.dumps({'group': post_body})
+ resp, body = self.post('groups', post_body, self.headers)
+ body = json.loads(body)
+ return resp, body['group']
+
+ def delete_group(self, group_id):
+ """Delete a group."""
+ resp, body = self.delete('groups/%s' % str(group_id))
+ return resp, body
+
+ def assign_user_role_on_project(self, project_id, user_id, role_id):
+ """Add roles to a user on a project."""
+ resp, body = self.put('projects/%s/users/%s/roles/%s' %
+ (project_id, user_id, role_id), None,
+ self.headers)
+ return resp, body
+
+ def assign_user_role_on_domain(self, domain_id, user_id, role_id):
+ """Add roles to a user on a domain."""
+ resp, body = self.put('domains/%s/users/%s/roles/%s' %
+ (domain_id, user_id, role_id), None,
+ self.headers)
+ return resp, body
+
+ def list_user_roles_on_project(self, project_id, user_id):
+ """list roles of a user on a project."""
+ resp, body = self.get('projects/%s/users/%s/roles' %
+ (project_id, user_id))
+ body = json.loads(body)
+ return resp, body['roles']
+
+ def list_user_roles_on_domain(self, domain_id, user_id):
+ """list roles of a user on a domain."""
+ resp, body = self.get('domains/%s/users/%s/roles' %
+ (domain_id, user_id))
+ body = json.loads(body)
+ return resp, body['roles']
+
+ def revoke_role_from_user_on_project(self, project_id, user_id, role_id):
+ """Delete role of a user on a project."""
+ resp, body = self.delete('projects/%s/users/%s/roles/%s' %
+ (project_id, user_id, role_id))
+ return resp, body
+
+ def revoke_role_from_user_on_domain(self, domain_id, user_id, role_id):
+ """Delete role of a user on a domain."""
+ resp, body = self.delete('domains/%s/users/%s/roles/%s' %
+ (domain_id, user_id, role_id))
+ return resp, body
+
+ def assign_group_role_on_project(self, project_id, group_id, role_id):
+ """Add roles to a user on a project."""
+ resp, body = self.put('projects/%s/groups/%s/roles/%s' %
+ (project_id, group_id, role_id), None,
+ self.headers)
+ return resp, body
+
+ def assign_group_role_on_domain(self, domain_id, group_id, role_id):
+ """Add roles to a user on a domain."""
+ resp, body = self.put('domains/%s/groups/%s/roles/%s' %
+ (domain_id, group_id, role_id), None,
+ self.headers)
+ return resp, body
+
+ def list_group_roles_on_project(self, project_id, group_id):
+ """list roles of a user on a project."""
+ resp, body = self.get('projects/%s/groups/%s/roles' %
+ (project_id, group_id))
+ body = json.loads(body)
+ return resp, body['roles']
+
+ def list_group_roles_on_domain(self, domain_id, group_id):
+ """list roles of a user on a domain."""
+ resp, body = self.get('domains/%s/groups/%s/roles' %
+ (domain_id, group_id))
+ body = json.loads(body)
+ return resp, body['roles']
+
+ def revoke_role_from_group_on_project(self, project_id, group_id, role_id):
+ """Delete role of a user on a project."""
+ resp, body = self.delete('projects/%s/groups/%s/roles/%s' %
+ (project_id, group_id, role_id))
+ return resp, body
+
+ def revoke_role_from_group_on_domain(self, domain_id, group_id, role_id):
+ """Delete role of a user on a domain."""
+ resp, body = self.delete('domains/%s/groups/%s/roles/%s' %
+ (domain_id, group_id, role_id))
+ return resp, body
+
class V3TokenClientJSON(RestClient):
diff --git a/tempest/services/identity/v3/xml/identity_client.py b/tempest/services/identity/v3/xml/identity_client.py
index 571b491..03e06dc 100644
--- a/tempest/services/identity/v3/xml/identity_client.py
+++ b/tempest/services/identity/v3/xml/identity_client.py
@@ -52,6 +52,14 @@
array.append(xml_to_json(child))
return array
+ def _parse_roles(self, node):
+ array = []
+ for child in node.getchildren():
+ tag_list = child.tag.split('}', 1)
+ if tag_list[1] == "role":
+ array.append(xml_to_json(child))
+ return array
+
def _parse_array(self, node):
array = []
for child in node.getchildren():
@@ -95,11 +103,12 @@
def update_user(self, user_id, name, **kwargs):
"""Updates a user."""
- email = kwargs.get('email', None)
- en = kwargs.get('enabled', True)
- project_id = kwargs.get('project_id', None)
- domain_id = kwargs.get('domain_id', 'default')
- description = kwargs.get('description', None)
+ resp, body = self.get_user(user_id)
+ email = kwargs.get('email', body['email'])
+ en = kwargs.get('enabled', body['enabled'])
+ project_id = kwargs.get('project_id', body['project_id'])
+ description = kwargs.get('description', body['description'])
+ domain_id = kwargs.get('domain_id', body['domain_id'])
update_user = Element("user",
xmlns=XMLNS,
name=name,
@@ -182,6 +191,17 @@
body = self._parse_body(etree.fromstring(body))
return resp, body
+ def update_role(self, name, role_id):
+ """Updates a Role."""
+ post_body = Element("role",
+ xmlns=XMLNS,
+ name=name)
+ resp, body = self.patch('roles/%s' % str(role_id),
+ str(Document(post_body)),
+ self.headers)
+ body = self._parse_body(etree.fromstring(body))
+ return resp, body
+
def delete_role(self, role_id):
"""Delete a role."""
resp, body = self.delete('roles/%s' % str(role_id),
@@ -257,6 +277,107 @@
resp, body = self.delete("auth/tokens", headers=headers)
return resp, body
+ def create_group(self, name, **kwargs):
+ """Creates a group."""
+ description = kwargs.get('description', None)
+ domain_id = kwargs.get('domain_id', 'default')
+ project_id = kwargs.get('project_id', None)
+ post_body = Element("group",
+ xmlns=XMLNS,
+ name=name,
+ description=description,
+ domain_id=domain_id,
+ project_id=project_id)
+ resp, body = self.post('groups', str(Document(post_body)),
+ self.headers)
+ body = self._parse_body(etree.fromstring(body))
+ return resp, body
+
+ def delete_group(self, group_id):
+ """Delete a group."""
+ resp, body = self.delete('groups/%s' % group_id, self.headers)
+ return resp, body
+
+ def assign_user_role_on_project(self, project_id, user_id, role_id):
+ """Add roles to a user on a project."""
+ resp, body = self.put('projects/%s/users/%s/roles/%s' %
+ (project_id, user_id, role_id), '',
+ self.headers)
+ return resp, body
+
+ def assign_user_role_on_domain(self, domain_id, user_id, role_id):
+ """Add roles to a user on a domain."""
+ resp, body = self.put('domains/%s/users/%s/roles/%s' %
+ (domain_id, user_id, role_id), '',
+ self.headers)
+ return resp, body
+
+ def list_user_roles_on_project(self, project_id, user_id):
+ """list roles of a user on a project."""
+ resp, body = self.get('projects/%s/users/%s/roles' %
+ (project_id, user_id), self.headers)
+ body = self._parse_roles(etree.fromstring(body))
+ return resp, body
+
+ def list_user_roles_on_domain(self, domain_id, user_id):
+ """list roles of a user on a domain."""
+ resp, body = self.get('domains/%s/users/%s/roles' %
+ (domain_id, user_id), self.headers)
+ body = self._parse_roles(etree.fromstring(body))
+ return resp, body
+
+ def revoke_role_from_user_on_project(self, project_id, user_id, role_id):
+ """Delete role of a user on a project."""
+ resp, body = self.delete('projects/%s/users/%s/roles/%s' %
+ (project_id, user_id, role_id), self.headers)
+ return resp, body
+
+ def revoke_role_from_user_on_domain(self, domain_id, user_id, role_id):
+ """Delete role of a user on a domain."""
+ resp, body = self.delete('domains/%s/users/%s/roles/%s' %
+ (domain_id, user_id, role_id), self.headers)
+ return resp, body
+
+ def assign_group_role_on_project(self, project_id, group_id, role_id):
+ """Add roles to a user on a project."""
+ resp, body = self.put('projects/%s/groups/%s/roles/%s' %
+ (project_id, group_id, role_id), '',
+ self.headers)
+ return resp, body
+
+ def assign_group_role_on_domain(self, domain_id, group_id, role_id):
+ """Add roles to a user on a domain."""
+ resp, body = self.put('domains/%s/groups/%s/roles/%s' %
+ (domain_id, group_id, role_id), '',
+ self.headers)
+ return resp, body
+
+ def list_group_roles_on_project(self, project_id, group_id):
+ """list roles of a user on a project."""
+ resp, body = self.get('projects/%s/groups/%s/roles' %
+ (project_id, group_id), self.headers)
+ body = self._parse_roles(etree.fromstring(body))
+ return resp, body
+
+ def list_group_roles_on_domain(self, domain_id, group_id):
+ """list roles of a user on a domain."""
+ resp, body = self.get('domains/%s/groups/%s/roles' %
+ (domain_id, group_id), self.headers)
+ body = self._parse_roles(etree.fromstring(body))
+ return resp, body
+
+ def revoke_role_from_group_on_project(self, project_id, group_id, role_id):
+ """Delete role of a user on a project."""
+ resp, body = self.delete('projects/%s/groups/%s/roles/%s' %
+ (project_id, group_id, role_id), self.headers)
+ return resp, body
+
+ def revoke_role_from_group_on_domain(self, domain_id, group_id, role_id):
+ """Delete role of a user on a domain."""
+ resp, body = self.delete('domains/%s/groups/%s/roles/%s' %
+ (domain_id, group_id, role_id), self.headers)
+ return resp, body
+
class V3TokenClientXML(RestClientXML):