Split users_client from keystone client v2.
Removes users client from identity client v2 into an own one.
Partially implements blueprint consistent-service-method-names
Change-Id: I2473fc29c68c763d02fe2d6ce59266e0eb84816d
diff --git a/tempest/api/identity/admin/v2/test_tokens.py b/tempest/api/identity/admin/v2/test_tokens.py
index fdb5a5a..ee04420 100644
--- a/tempest/api/identity/admin/v2/test_tokens.py
+++ b/tempest/api/identity/admin/v2/test_tokens.py
@@ -30,8 +30,8 @@
tenant = self.tenants_client.create_tenant(tenant_name)['tenant']
self.data.tenants.append(tenant)
# second:create a user
- user = self.client.create_user(user_name, user_password,
- tenant['id'], '')['user']
+ user = self.users_client.create_user(user_name, user_password,
+ tenant['id'], '')['user']
self.data.users.append(user)
# then get a token for the user
body = self.token_client.auth(user_name,
@@ -62,8 +62,8 @@
user_password = data_utils.rand_password()
tenant_id = None # No default tenant so will get unscoped token.
email = ''
- user = self.client.create_user(user_name, user_password,
- tenant_id, email)['user']
+ user = self.users_client.create_user(user_name, user_password,
+ tenant_id, email)['user']
self.data.users.append(user)
# Create a couple tenants.
diff --git a/tempest/api/identity/admin/v2/test_users.py b/tempest/api/identity/admin/v2/test_users.py
index d886524..4497575 100644
--- a/tempest/api/identity/admin/v2/test_users.py
+++ b/tempest/api/identity/admin/v2/test_users.py
@@ -34,9 +34,9 @@
def test_create_user(self):
# Create a user
self.data.setup_test_tenant()
- user = self.client.create_user(self.alt_user, self.alt_password,
- self.data.tenant['id'],
- self.alt_email)['user']
+ user = self.users_client.create_user(self.alt_user, self.alt_password,
+ self.data.tenant['id'],
+ self.alt_email)['user']
self.data.users.append(user)
self.assertEqual(self.alt_user, user['name'])
@@ -45,9 +45,10 @@
# Create a user with enabled : False
self.data.setup_test_tenant()
name = data_utils.rand_name('test_user')
- user = self.client.create_user(name, self.alt_password,
- self.data.tenant['id'],
- self.alt_email, enabled=False)['user']
+ user = self.users_client.create_user(name, self.alt_password,
+ self.data.tenant['id'],
+ self.alt_email,
+ enabled=False)['user']
self.data.users.append(user)
self.assertEqual(name, user['name'])
self.assertEqual(False, user['enabled'])
@@ -58,22 +59,22 @@
# Test case to check if updating of user attributes is successful.
test_user = data_utils.rand_name('test_user')
self.data.setup_test_tenant()
- user = self.client.create_user(test_user, self.alt_password,
- self.data.tenant['id'],
- self.alt_email)['user']
+ user = self.users_client.create_user(test_user, self.alt_password,
+ self.data.tenant['id'],
+ self.alt_email)['user']
# Delete the User at the end of this method
- self.addCleanup(self.client.delete_user, user['id'])
+ self.addCleanup(self.users_client.delete_user, user['id'])
# Updating user details with new values
u_name2 = data_utils.rand_name('user2')
u_email2 = u_name2 + '@testmail.tm'
- update_user = self.client.update_user(user['id'], name=u_name2,
- email=u_email2,
- enabled=False)['user']
+ update_user = self.users_client.update_user(user['id'], name=u_name2,
+ email=u_email2,
+ enabled=False)['user']
self.assertEqual(u_name2, update_user['name'])
self.assertEqual(u_email2, update_user['email'])
self.assertEqual(False, update_user['enabled'])
# GET by id after updating
- updated_user = self.client.show_user(user['id'])['user']
+ updated_user = self.users_client.show_user(user['id'])['user']
# Assert response body of GET after updating
self.assertEqual(u_name2, updated_user['name'])
self.assertEqual(u_email2, updated_user['email'])
@@ -84,10 +85,10 @@
# Delete a user
test_user = data_utils.rand_name('test_user')
self.data.setup_test_tenant()
- user = self.client.create_user(test_user, self.alt_password,
- self.data.tenant['id'],
- self.alt_email)['user']
- self.client.delete_user(user['id'])
+ user = self.users_client.create_user(test_user, self.alt_password,
+ self.data.tenant['id'],
+ self.alt_email)['user']
+ self.users_client.delete_user(user['id'])
@test.idempotent_id('aca696c3-d645-4f45-b728-63646045beb1')
def test_user_authentication(self):
@@ -121,7 +122,7 @@
def test_get_users(self):
# Get a list of users and find the test user
self.data.setup_test_user()
- users = self.client.list_users()['users']
+ users = self.users_client.list_users()['users']
self.assertThat([u['name'] for u in users],
matchers.Contains(self.data.test_user),
"Could not find %s" % self.data.test_user)
@@ -134,16 +135,16 @@
fetched_user_ids = list()
password1 = data_utils.rand_password()
alt_tenant_user1 = data_utils.rand_name('tenant_user1')
- user1 = self.client.create_user(alt_tenant_user1, password1,
- self.data.tenant['id'],
- 'user1@123')['user']
+ user1 = self.users_client.create_user(alt_tenant_user1, password1,
+ self.data.tenant['id'],
+ 'user1@123')['user']
user_ids.append(user1['id'])
self.data.users.append(user1)
password2 = data_utils.rand_password()
alt_tenant_user2 = data_utils.rand_name('tenant_user2')
- user2 = self.client.create_user(alt_tenant_user2, password2,
- self.data.tenant['id'],
- 'user2@123')['user']
+ user2 = self.users_client.create_user(alt_tenant_user2, password2,
+ self.data.tenant['id'],
+ 'user2@123')['user']
user_ids.append(user2['id'])
self.data.users.append(user2)
# List of users for the respective tenant ID
@@ -175,9 +176,9 @@
alt_user2 = data_utils.rand_name('second_user')
alt_password2 = data_utils.rand_password()
- second_user = self.client.create_user(alt_user2, alt_password2,
- self.data.tenant['id'],
- 'user2@123')['user']
+ second_user = self.users_client.create_user(alt_user2, alt_password2,
+ self.data.tenant['id'],
+ 'user2@123')['user']
user_ids.append(second_user['id'])
self.data.users.append(second_user)
role = self.roles_client.assign_user_role(tenant['id'],
@@ -201,7 +202,7 @@
self.data.setup_test_user()
# Updating the user with new password
new_pass = data_utils.rand_password()
- update_user = self.client.update_user_password(
+ update_user = self.users_client.update_user_password(
self.data.user['id'], password=new_pass)['user']
self.assertEqual(update_user['id'], self.data.user['id'])
diff --git a/tempest/api/identity/admin/v2/test_users_negative.py b/tempest/api/identity/admin/v2/test_users_negative.py
index 8fa5a36..c5248fd 100644
--- a/tempest/api/identity/admin/v2/test_users_negative.py
+++ b/tempest/api/identity/admin/v2/test_users_negative.py
@@ -37,8 +37,9 @@
# Non-administrator should not be authorized to create a user
self.data.setup_test_tenant()
self.assertRaises(lib_exc.Forbidden,
- self.non_admin_client.create_user, self.alt_user,
- self.alt_password, self.data.tenant['id'],
+ self.non_admin_users_client.create_user,
+ self.alt_user, self.alt_password,
+ self.data.tenant['id'],
self.alt_email)
@test.attr(type=['negative'])
@@ -46,8 +47,8 @@
def test_create_user_with_empty_name(self):
# User with an empty name should not be created
self.data.setup_test_tenant()
- self.assertRaises(lib_exc.BadRequest, self.client.create_user, '',
- self.alt_password, self.data.tenant['id'],
+ self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
+ '', self.alt_password, self.data.tenant['id'],
self.alt_email)
@test.attr(type=['negative'])
@@ -55,7 +56,7 @@
def test_create_user_with_name_length_over_255(self):
# Length of user name filed should be restricted to 255 characters
self.data.setup_test_tenant()
- self.assertRaises(lib_exc.BadRequest, self.client.create_user,
+ self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
'a' * 256, self.alt_password,
self.data.tenant['id'], self.alt_email)
@@ -64,7 +65,7 @@
def test_create_user_with_duplicate_name(self):
# Duplicate user should not be created
self.data.setup_test_user()
- self.assertRaises(lib_exc.Conflict, self.client.create_user,
+ self.assertRaises(lib_exc.Conflict, self.users_client.create_user,
self.data.test_user, self.data.test_password,
self.data.tenant['id'], self.data.test_email)
@@ -72,7 +73,7 @@
@test.idempotent_id('0132cc22-7c4f-42e1-9e50-ac6aad31d59a')
def test_create_user_for_non_existent_tenant(self):
# Attempt to create a user in a non-existent tenant should fail
- self.assertRaises(lib_exc.NotFound, self.client.create_user,
+ self.assertRaises(lib_exc.NotFound, self.users_client.create_user,
self.alt_user, self.alt_password, '49ffgg99999',
self.alt_email)
@@ -85,7 +86,7 @@
token = self.client.auth_provider.get_token()
# Delete the token from database
self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized, self.client.create_user,
+ self.assertRaises(lib_exc.Unauthorized, self.users_client.create_user,
self.alt_user, self.alt_password,
self.data.tenant['id'], self.alt_email)
@@ -98,7 +99,7 @@
# Attempt to create a user with valid enabled para should fail
self.data.setup_test_tenant()
name = data_utils.rand_name('test_user')
- self.assertRaises(lib_exc.BadRequest, self.client.create_user,
+ self.assertRaises(lib_exc.BadRequest, self.users_client.create_user,
name, self.alt_password,
self.data.tenant['id'],
self.alt_email, enabled=3)
@@ -109,7 +110,7 @@
# Attempt to update a user non-existent user should fail
user_name = data_utils.rand_name('user')
non_existent_id = str(uuid.uuid4())
- self.assertRaises(lib_exc.NotFound, self.client.update_user,
+ self.assertRaises(lib_exc.NotFound, self.users_client.update_user,
non_existent_id, name=user_name)
@test.attr(type=['negative'])
@@ -121,7 +122,7 @@
token = self.client.auth_provider.get_token()
# Delete the token from database
self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized, self.client.update_user,
+ self.assertRaises(lib_exc.Unauthorized, self.users_client.update_user,
self.alt_user)
# Unset the token to allow further tests to generate a new token
@@ -133,7 +134,8 @@
# Non-administrator should not be authorized to update user
self.data.setup_test_tenant()
self.assertRaises(lib_exc.Forbidden,
- self.non_admin_client.update_user, self.alt_user)
+ self.non_admin_users_client.update_user,
+ self.alt_user)
@test.attr(type=['negative'])
@test.idempotent_id('d45195d5-33ed-41b9-a452-7d0d6a00f6e9')
@@ -141,14 +143,14 @@
# Non-administrator user should not be authorized to delete a user
self.data.setup_test_user()
self.assertRaises(lib_exc.Forbidden,
- self.non_admin_client.delete_user,
+ self.non_admin_users_client.delete_user,
self.data.user['id'])
@test.attr(type=['negative'])
@test.idempotent_id('7cc82f7e-9998-4f89-abae-23df36495867')
def test_delete_non_existent_user(self):
# Attempt to delete a non-existent user should fail
- self.assertRaises(lib_exc.NotFound, self.client.delete_user,
+ self.assertRaises(lib_exc.NotFound, self.users_client.delete_user,
'junk12345123')
@test.attr(type=['negative'])
@@ -160,7 +162,7 @@
token = self.client.auth_provider.get_token()
# Delete the token from database
self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized, self.client.delete_user,
+ self.assertRaises(lib_exc.Unauthorized, self.users_client.delete_user,
self.alt_user)
# Unset the token to allow further tests to generate a new token
@@ -222,7 +224,7 @@
# Non-administrator user should not be authorized to get user list
self.data.setup_test_user()
self.assertRaises(lib_exc.Forbidden,
- self.non_admin_client.list_users)
+ self.non_admin_users_client.list_users)
@test.attr(type=['negative'])
@test.idempotent_id('a73591ec-1903-4ffe-be42-282b39fefc9d')
@@ -230,7 +232,7 @@
# Request to get list of users without a valid token should fail
token = self.client.auth_provider.get_token()
self.client.delete_token(token)
- self.assertRaises(lib_exc.Unauthorized, self.client.list_users)
+ self.assertRaises(lib_exc.Unauthorized, self.users_client.list_users)
self.client.auth_provider.clear_auth()
@test.attr(type=['negative'])
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index d68a204..1ad8b92 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -30,7 +30,7 @@
@classmethod
def disable_user(cls, user_name):
user = cls.get_user_by_name(user_name)
- cls.client.enable_disable_user(user['id'], enabled=False)
+ cls.users_client.enable_disable_user(user['id'], enabled=False)
@classmethod
def disable_tenant(cls, tenant_name):
@@ -39,7 +39,7 @@
@classmethod
def get_user_by_name(cls, name):
- users = cls.client.list_users()['users']
+ users = cls.users_client.list_users()['users']
user = [u for u in users if u['name'] == name]
if len(user) > 0:
return user[0]
@@ -77,6 +77,7 @@
cls.non_admin_token_client = cls.os.token_client
cls.non_admin_tenants_client = cls.os.tenants_public_client
cls.non_admin_roles_client = cls.os.roles_public_client
+ cls.non_admin_users_client = cls.os.users_public_client
@classmethod
def resource_setup(cls):
@@ -101,12 +102,14 @@
cls.non_admin_tenants_client = cls.os.tenants_client
cls.roles_client = cls.os_adm.roles_client
cls.non_admin_roles_client = cls.os.roles_client
+ cls.users_client = cls.os_adm.users_client
+ cls.non_admin_users_client = cls.os.users_client
@classmethod
def resource_setup(cls):
super(BaseIdentityV2AdminTest, cls).resource_setup()
cls.data = DataGenerator(cls.client, cls.tenants_client,
- cls.roles_client)
+ cls.roles_client, cls.users_client)
@classmethod
def resource_cleanup(cls):
@@ -191,11 +194,13 @@
class DataGenerator(object):
- def __init__(self, client, tenants_client=None, roles_client=None):
+ def __init__(self, client, tenants_client=None, roles_client=None,
+ users_client=None):
self.client = client
# TODO(dmellado) split Datagenerator for v2 and v3
self.tenants_client = tenants_client
self.roles_client = roles_client
+ self.users_client = users_client
self.users = []
self.tenants = []
self.roles = []
@@ -219,10 +224,10 @@
self.test_user = data_utils.rand_name('test_user')
self.test_password = data_utils.rand_password()
self.test_email = self.test_user + '@testmail.tm'
- self.user = self.client.create_user(self.test_user,
- self.test_password,
- self.tenant['id'],
- self.test_email)['user']
+ self.user = self.users_client.create_user(self.test_user,
+ self.test_password,
+ self.tenant['id'],
+ self.test_email)['user']
self.users.append(self.user)
def setup_test_tenant(self):
@@ -296,7 +301,7 @@
# (e.g. delete_tenant) So we need to check resources existence
# before using client methods.
for user in self.users:
- self._try_wrapper(self.client.delete_user, user)
+ self._try_wrapper(self.users_client.delete_user, user)
for tenant in self.tenants:
self._try_wrapper(self.tenants_client.delete_tenant, tenant)
for role in self.roles:
diff --git a/tempest/api/identity/v2/test_ec2_credentials.py b/tempest/api/identity/v2/test_ec2_credentials.py
index 88161a3..bd49326 100644
--- a/tempest/api/identity/v2/test_ec2_credentials.py
+++ b/tempest/api/identity/v2/test_ec2_credentials.py
@@ -36,12 +36,12 @@
@test.idempotent_id('b580fab9-7ae9-46e8-8138-417260cb6f9f')
def test_create_ec2_credentials(self):
"""Create user ec2 credentials."""
- resp = self.non_admin_client.create_user_ec2_credentials(
+ resp = self.non_admin_users_client.create_user_ec2_credentials(
self.creds.credentials.user_id,
tenant_id=self.creds.credentials.tenant_id)["credential"]
access = resp['access']
self.addCleanup(
- self.non_admin_client.delete_user_ec2_credentials,
+ self.non_admin_users_client.delete_user_ec2_credentials,
self.creds.credentials.user_id, access)
self.assertNotEmpty(resp['access'])
self.assertNotEmpty(resp['secret'])
@@ -54,24 +54,24 @@
created_creds = []
fetched_creds = []
# create first ec2 credentials
- creds1 = self.non_admin_client.create_user_ec2_credentials(
+ creds1 = self.non_admin_users_client.create_user_ec2_credentials(
self.creds.credentials.user_id,
tenant_id=self.creds.credentials.tenant_id)["credential"]
created_creds.append(creds1['access'])
# create second ec2 credentials
- creds2 = self.non_admin_client.create_user_ec2_credentials(
+ creds2 = self.non_admin_users_client.create_user_ec2_credentials(
self.creds.credentials.user_id,
tenant_id=self.creds.credentials.tenant_id)["credential"]
created_creds.append(creds2['access'])
# add credentials to be cleaned up
self.addCleanup(
- self.non_admin_client.delete_user_ec2_credentials,
+ self.non_admin_users_client.delete_user_ec2_credentials,
self.creds.credentials.user_id, creds1['access'])
self.addCleanup(
- self.non_admin_client.delete_user_ec2_credentials,
+ self.non_admin_users_client.delete_user_ec2_credentials,
self.creds.credentials.user_id, creds2['access'])
# get the list of user ec2 credentials
- resp = self.non_admin_client.list_user_ec2_credentials(
+ resp = self.non_admin_users_client.list_user_ec2_credentials(
self.creds.credentials.user_id)["credentials"]
fetched_creds = [cred['access'] for cred in resp]
# created credentials should be in a fetched list
@@ -84,14 +84,14 @@
@test.idempotent_id('cb284075-b613-440d-83ca-fe0b33b3c2b8')
def test_show_ec2_credentials(self):
"""Get the definite user ec2 credentials."""
- resp = self.non_admin_client.create_user_ec2_credentials(
+ resp = self.non_admin_users_client.create_user_ec2_credentials(
self.creds.credentials.user_id,
tenant_id=self.creds.credentials.tenant_id)["credential"]
self.addCleanup(
- self.non_admin_client.delete_user_ec2_credentials,
+ self.non_admin_users_client.delete_user_ec2_credentials,
self.creds.credentials.user_id, resp['access'])
- ec2_creds = self.non_admin_client.show_user_ec2_credentials(
+ ec2_creds = self.non_admin_users_client.show_user_ec2_credentials(
self.creds.credentials.user_id, resp['access']
)["credential"]
for key in ['access', 'secret', 'user_id', 'tenant_id']:
@@ -100,14 +100,14 @@
@test.idempotent_id('6aba0d4c-b76b-4e46-aa42-add79bc1551d')
def test_delete_ec2_credentials(self):
"""Delete user ec2 credentials."""
- resp = self.non_admin_client.create_user_ec2_credentials(
+ resp = self.non_admin_users_client.create_user_ec2_credentials(
self.creds.credentials.user_id,
tenant_id=self.creds.credentials.tenant_id)["credential"]
access = resp['access']
- self.non_admin_client.delete_user_ec2_credentials(
+ self.non_admin_users_client.delete_user_ec2_credentials(
self.creds.credentials.user_id, access)
self.assertRaises(
lib_exc.NotFound,
- self.non_admin_client.show_user_ec2_credentials,
+ self.non_admin_users_client.show_user_ec2_credentials,
self.creds.credentials.user_id,
access)
diff --git a/tempest/api/identity/v2/test_users.py b/tempest/api/identity/v2/test_users.py
index 98a2e68..a59a1a0 100644
--- a/tempest/api/identity/v2/test_users.py
+++ b/tempest/api/identity/v2/test_users.py
@@ -41,8 +41,9 @@
# we need new non-admin Identity Client with new credentials, since
# current non_admin_client token will be revoked after updating
# password
- self.non_admin_client_for_cleanup = copy.copy(self.non_admin_client)
- self.non_admin_client_for_cleanup.auth_provider = (
+ self.non_admin_users_client_for_cleanup = copy.copy(
+ self.non_admin_users_client)
+ self.non_admin_users_client_for_cleanup.auth_provider = (
manager.get_auth_provider(self.new_creds))
user_id = self.creds.credentials.user_id
old_pass = self.creds.credentials.password
@@ -50,10 +51,10 @@
# to change password back. important for allow_tenant_isolation = false
self.addCleanup(
- self.non_admin_client_for_cleanup.update_user_own_password,
+ self.non_admin_users_client_for_cleanup.update_user_own_password,
user_id, original_password=new_pass, password=old_pass)
# user updates own password
- self.non_admin_client.update_user_own_password(
+ self.non_admin_users_client.update_user_own_password(
user_id, password=new_pass, original_password=old_pass)
# TODO(lbragstad): Sleeping after the response status has been checked
# and the body loaded as JSON allows requests to fail-fast. The sleep
@@ -72,7 +73,7 @@
# authorize with old token should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
self.non_admin_token_client.auth_token,
- self.non_admin_client.token)
+ self.non_admin_users_client.token)
# authorize with old password should lead to Unauthorized
self.assertRaises(exceptions.Unauthorized,
diff --git a/tempest/clients.py b/tempest/clients.py
index 333852e..b81b28b 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -92,6 +92,8 @@
RolesClient
from tempest.services.identity.v2.json.tenants_client import \
TenantsClient
+from tempest.services.identity.v2.json.users_client import \
+ UsersClient
from tempest.services.identity.v3.json.credentials_client import \
CredentialsClient as CredentialsV3Client
from tempest.services.identity.v3.json.endpoints_client import \
@@ -484,6 +486,8 @@
**params_v2_admin)
self.roles_client = RolesClient(self.auth_provider,
**params_v2_admin)
+ self.users_client = UsersClient(self.auth_provider,
+ **params_v2_admin)
params_v2_public = params.copy()
params_v2_public['endpoint_type'] = (
CONF.identity.v2_public_endpoint_type)
@@ -494,6 +498,8 @@
**params_v2_public)
self.roles_public_client = RolesClient(self.auth_provider,
**params_v2_public)
+ self.users_public_client = UsersClient(self.auth_provider,
+ **params_v2_public)
params_v3 = params.copy()
params_v3['endpoint_type'] = CONF.identity.v3_endpoint_type
# Clients below use the endpoint type of Keystone API v3
diff --git a/tempest/cmd/account_generator.py b/tempest/cmd/account_generator.py
index 5a2713b..d40aec5 100755
--- a/tempest/cmd/account_generator.py
+++ b/tempest/cmd/account_generator.py
@@ -95,6 +95,7 @@
from tempest.services.identity.v2.json import identity_client
from tempest.services.identity.v2.json import roles_client
from tempest.services.identity.v2.json import tenants_client
+from tempest.services.identity.v2.json import users_client
from tempest.services.network.json import network_client
from tempest.services.network.json import networks_client
from tempest.services.network.json import subnets_client
@@ -154,6 +155,13 @@
endpoint_type='adminURL',
**params
)
+ users_admin = users_client.UsersClient(
+ _auth,
+ CONF.identity.catalog_type,
+ CONF.identity.region,
+ endpoint_type='adminURL',
+ **params
+ )
network_admin = None
networks_admin = None
subnets_admin = None
@@ -179,13 +187,14 @@
CONF.network.region or CONF.identity.region,
endpoint_type='adminURL',
**params)
- return (identity_admin, tenants_admin, roles_admin, neutron_iso_networks,
- network_admin, networks_admin, subnets_admin)
+ return (identity_admin, tenants_admin, roles_admin, users_admin,
+ neutron_iso_networks, network_admin, networks_admin, subnets_admin)
def create_resources(opts, resources):
- (identity_admin, tenants_admin, roles_admin, neutron_iso_networks,
- network_admin, networks_admin, subnets_admin) = get_admin_clients(opts)
+ (identity_admin, tenants_admin, roles_admin, users_admin,
+ neutron_iso_networks, network_admin, networks_admin,
+ subnets_admin) = get_admin_clients(opts)
roles = roles_admin.list_roles()['roles']
for u in resources['users']:
u['role_ids'] = []
@@ -215,7 +224,7 @@
identity.get_user_by_username(tenants_admin,
tenant['id'], u['name'])
except tempest_lib.exceptions.NotFound:
- identity_admin.create_user(
+ users_admin.create_user(
u['name'], u['pass'], tenant['id'],
"%s@%s" % (u['name'], tenant['id']),
enabled=True)
diff --git a/tempest/cmd/cleanup_service.py b/tempest/cmd/cleanup_service.py
index 8538509..8a47406 100644
--- a/tempest/cmd/cleanup_service.py
+++ b/tempest/cmd/cleanup_service.py
@@ -815,11 +815,14 @@
self.client = manager.identity_client
-class UserService(IdentityService):
+class UserService(BaseService):
+
+ def __init__(self, manager, **kwargs):
+ super(UserService, self).__init__(kwargs)
+ self.client = manager.users_client
def list(self):
- client = self.client
- users = client.list_users()['users']
+ users = self.client.list_users()['users']
if not self.is_save_state:
users = [user for user in users if user['id']
@@ -837,11 +840,10 @@
return users
def delete(self):
- client = self.client
users = self.list()
for user in users:
try:
- client.delete_user(user['id'])
+ self.client.delete_user(user['id'])
except Exception:
LOG.exception("Delete User exception.")
diff --git a/tempest/cmd/javelin.py b/tempest/cmd/javelin.py
index 9d889bd..7d2ee9c 100755
--- a/tempest/cmd/javelin.py
+++ b/tempest/cmd/javelin.py
@@ -130,6 +130,7 @@
from tempest.services.identity.v2.json import identity_client
from tempest.services.identity.v2.json import roles_client
from tempest.services.identity.v2.json import tenants_client
+from tempest.services.identity.v2.json import users_client
from tempest.services.image.v2.json import images_client
from tempest.services.network.json import network_client
from tempest.services.network.json import subnets_client
@@ -213,6 +214,12 @@
CONF.identity.region,
endpoint_type='adminURL',
**default_params_with_timeout_values)
+ self.users = users_client.UsersClient(
+ _auth,
+ CONF.identity.catalog_type,
+ CONF.identity.region,
+ endpoint_type='adminURL',
+ **default_params_with_timeout_values)
self.servers = servers_client.ServersClient(_auth,
**compute_params)
self.flavors = flavors_client.FlavorsClient(_auth,
@@ -375,12 +382,12 @@
LOG.error("Tenant: %s - not found" % u['tenant'])
continue
try:
- identity.get_user_by_username(admin.identity,
+ identity.get_user_by_username(admin.tenants,
tenant['id'], u['name'])
LOG.warning("User '%s' already exists in this environment"
% u['name'])
except lib_exc.NotFound:
- admin.identity.create_user(
+ admin.users.create_user(
u['name'], u['pass'], tenant['id'],
"%s@%s" % (u['name'], tenant['id']),
enabled=True)
@@ -391,9 +398,9 @@
for user in users:
tenant_id = identity.get_tenant_by_name(admin.tenants,
user['tenant'])['id']
- user_id = identity.get_user_by_username(admin.identity,
+ user_id = identity.get_user_by_username(admin.tenants,
tenant_id, user['name'])['id']
- admin.identity.delete_user(user_id)
+ admin.users.delete_user(user_id)
def collect_users(users):
@@ -404,7 +411,7 @@
tenant = identity.get_tenant_by_name(admin.tenants, u['tenant'])
u['tenant_id'] = tenant['id']
USERS[u['name']] = u
- body = identity.get_user_by_username(admin.identity,
+ body = identity.get_user_by_username(admin.tenants,
tenant['id'], u['name'])
USERS[u['name']]['id'] = body['id']
@@ -458,7 +465,7 @@
LOG.info("checking users")
for name, user in six.iteritems(self.users):
client = keystone_admin()
- found = client.identity.show_user(user['id'])['user']
+ found = client.users.show_user(user['id'])['user']
self.assertEqual(found['name'], user['name'])
self.assertEqual(found['tenantId'], user['tenant_id'])
diff --git a/tempest/common/cred_client.py b/tempest/common/cred_client.py
index 5d15988..6df7eb2 100644
--- a/tempest/common/cred_client.py
+++ b/tempest/common/cred_client.py
@@ -32,16 +32,17 @@
"""
def __init__(self, identity_client, projects_client=None,
- roles_client=None):
+ roles_client=None, users_client=None):
# The client implies version and credentials
self.identity_client = identity_client
# this is temporary until the v3 project client is
# separated, then projects_client will become mandatory
self.projects_client = projects_client or identity_client
self.roles_client = roles_client or identity_client
+ self.users_client = users_client or identity_client
def create_user(self, username, password, project, email):
- user = self.identity_client.create_user(
+ user = self.users_client.create_user(
username, password, project['id'], email)
if 'user' in user:
user = user['user']
@@ -87,7 +88,7 @@
pass
def delete_user(self, user_id):
- self.identity_client.delete_user(user_id)
+ self.users_client.delete_user(user_id)
def _list_roles(self):
roles = self.roles_client.list_roles()['roles']
@@ -96,10 +97,12 @@
class V2CredsClient(CredsClient):
- def __init__(self, identity_client, projects_client, roles_client):
+ def __init__(self, identity_client, projects_client, roles_client,
+ users_client):
super(V2CredsClient, self).__init__(identity_client,
projects_client,
- roles_client)
+ roles_client,
+ users_client)
def create_project(self, name, description):
tenant = self.projects_client.create_tenant(
@@ -165,8 +168,10 @@
def get_creds_client(identity_client,
projects_client=None,
roles_client=None,
+ users_client=None,
project_domain_name=None):
if isinstance(identity_client, v2_identity.IdentityClient):
- return V2CredsClient(identity_client, projects_client, roles_client)
+ return V2CredsClient(identity_client, projects_client, roles_client,
+ users_client)
else:
return V3CredsClient(identity_client, project_domain_name)
diff --git a/tempest/common/dynamic_creds.py b/tempest/common/dynamic_creds.py
index 0af07f0..95ad229 100644
--- a/tempest/common/dynamic_creds.py
+++ b/tempest/common/dynamic_creds.py
@@ -59,6 +59,7 @@
self.default_admin_creds = admin_creds
(self.identity_admin_client, self.tenants_admin_client,
self.roles_admin_client,
+ self.users_admin_client,
self.network_admin_client,
self.networks_admin_client,
self.subnets_admin_client,
@@ -75,6 +76,7 @@
self.identity_admin_client,
self.tenants_admin_client,
self.roles_admin_client,
+ self.users_admin_client,
self.creds_domain_name)
def _get_admin_clients(self):
@@ -87,10 +89,11 @@
os = clients.Manager(self.default_admin_creds)
if self.identity_version == 'v2':
return (os.identity_client, os.tenants_client, os.roles_client,
- os.network_client, os.networks_client, os.subnets_client,
- os.ports_client, os.security_groups_client)
+ os.users_client, os.network_client, os.networks_client,
+ os.subnets_client, os.ports_client,
+ os.security_groups_client)
else:
- return (os.identity_v3_client, None, None, os.network_client,
+ return (os.identity_v3_client, None, None, None, os.network_client,
os.networks_client, os.subnets_client, os.ports_client,
os.security_groups_client)
diff --git a/tempest/services/identity/v2/json/identity_client.py b/tempest/services/identity/v2/json/identity_client.py
index ff6c838..0ff59d5 100644
--- a/tempest/services/identity/v2/json/identity_client.py
+++ b/tempest/services/identity/v2/json/identity_client.py
@@ -26,67 +26,6 @@
body = json.loads(body)
return service_client.ResponseBody(resp, body)
- def create_user(self, name, password, tenant_id, email, **kwargs):
- """Create a user."""
- post_body = {
- 'name': name,
- 'password': password,
- 'email': email
- }
- if tenant_id is not None:
- post_body['tenantId'] = tenant_id
- if kwargs.get('enabled') is not None:
- post_body['enabled'] = kwargs.get('enabled')
- post_body = json.dumps({'user': post_body})
- resp, body = self.post('users', post_body)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
- def update_user(self, user_id, **kwargs):
- """Updates a user."""
- put_body = json.dumps({'user': kwargs})
- resp, body = self.put('users/%s' % user_id, put_body)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
- def show_user(self, user_id):
- """GET a user."""
- resp, body = self.get("users/%s" % user_id)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
- def delete_user(self, user_id):
- """Delete a user."""
- resp, body = self.delete("users/%s" % user_id)
- self.expected_success(204, resp.status)
- return service_client.ResponseBody(resp, body)
-
- def list_users(self):
- """Get the list of users."""
- resp, body = self.get("users")
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
- def enable_disable_user(self, user_id, **kwargs):
- """Enables or disables a user.
-
- Available params: see http://developer.openstack.org/
- api-ref-identity-v2-ext.html#enableUser
- """
- # NOTE: The URL (users/<id>/enabled) is different from the api-site
- # one (users/<id>/OS-KSADM/enabled) , but they are the same API
- # because of the fact that in keystone/contrib/admin_crud/core.py
- # both api use same action='set_user_enabled'
- put_body = json.dumps({'user': kwargs})
- resp, body = self.put('users/%s/enabled' % user_id, put_body)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
def show_token(self, token_id):
"""Get token details."""
resp, body = self.get("tokens/%s" % token_id)
@@ -164,66 +103,9 @@
self.expected_success(204, resp.status)
return service_client.ResponseBody(resp, body)
- def update_user_password(self, user_id, **kwargs):
- """Update User Password."""
- # TODO(piyush): Current api-site doesn't contain this API description.
- # After fixing the api-site, we need to fix here also for putting the
- # link to api-site.
- # LP: https://bugs.launchpad.net/openstack-api-site/+bug/1524147
- put_body = json.dumps({'user': kwargs})
- resp, body = self.put('users/%s/OS-KSADM/password' % user_id, put_body)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
- def update_user_own_password(self, user_id, **kwargs):
- """User updates own password"""
- # TODO(piyush): Current api-site doesn't contain this API description.
- # After fixing the api-site, we need to fix here also for putting the
- # link to api-site.
- # LP: https://bugs.launchpad.net/openstack-api-site/+bug/1524153
- # NOTE: This API is used for updating user password by itself.
- # Ref: http://lists.openstack.org/pipermail/openstack-dev/2015-December
- # /081803.html
- patch_body = json.dumps({'user': kwargs})
- resp, body = self.patch('OS-KSCRUD/users/%s' % user_id, patch_body)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
def list_extensions(self):
"""List all the extensions."""
resp, body = self.get('/extensions')
self.expected_success(200, resp.status)
body = json.loads(body)
return service_client.ResponseBody(resp, body)
-
- def create_user_ec2_credentials(self, user_id, **kwargs):
- # TODO(piyush): Current api-site doesn't contain this API description.
- # After fixing the api-site, we need to fix here also for putting the
- # link to api-site.
- post_body = json.dumps(kwargs)
- resp, body = self.post('/users/%s/credentials/OS-EC2' % user_id,
- post_body)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
- def delete_user_ec2_credentials(self, user_id, access):
- resp, body = self.delete('/users/%s/credentials/OS-EC2/%s' %
- (user_id, access))
- self.expected_success(204, resp.status)
- return service_client.ResponseBody(resp, body)
-
- def list_user_ec2_credentials(self, user_id):
- resp, body = self.get('/users/%s/credentials/OS-EC2' % user_id)
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
-
- def show_user_ec2_credentials(self, user_id, access):
- resp, body = self.get('/users/%s/credentials/OS-EC2/%s' %
- (user_id, access))
- self.expected_success(200, resp.status)
- body = json.loads(body)
- return service_client.ResponseBody(resp, body)
diff --git a/tempest/services/identity/v2/json/users_client.py b/tempest/services/identity/v2/json/users_client.py
new file mode 100644
index 0000000..5327638
--- /dev/null
+++ b/tempest/services/identity/v2/json/users_client.py
@@ -0,0 +1,137 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_serialization import jsonutils as json
+
+from tempest.common import service_client
+
+
+class UsersClient(service_client.ServiceClient):
+ api_version = "v2.0"
+
+ def create_user(self, name, password, tenant_id, email, **kwargs):
+ """Create a user."""
+ post_body = {
+ 'name': name,
+ 'password': password,
+ 'email': email
+ }
+ if tenant_id is not None:
+ post_body['tenantId'] = tenant_id
+ if kwargs.get('enabled') is not None:
+ post_body['enabled'] = kwargs.get('enabled')
+ post_body = json.dumps({'user': post_body})
+ resp, body = self.post('users', post_body)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def update_user(self, user_id, **kwargs):
+ """Updates a user."""
+ put_body = json.dumps({'user': kwargs})
+ resp, body = self.put('users/%s' % user_id, put_body)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def show_user(self, user_id):
+ """GET a user."""
+ resp, body = self.get("users/%s" % user_id)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def delete_user(self, user_id):
+ """Delete a user."""
+ resp, body = self.delete("users/%s" % user_id)
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp, body)
+
+ def list_users(self):
+ """Get the list of users."""
+ resp, body = self.get("users")
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def enable_disable_user(self, user_id, **kwargs):
+ """Enables or disables a user.
+
+ Available params: see http://developer.openstack.org/
+ api-ref-identity-v2-ext.html#enableUser
+ """
+ # NOTE: The URL (users/<id>/enabled) is different from the api-site
+ # one (users/<id>/OS-KSADM/enabled) , but they are the same API
+ # because of the fact that in keystone/contrib/admin_crud/core.py
+ # both api use same action='set_user_enabled'
+ put_body = json.dumps({'user': kwargs})
+ resp, body = self.put('users/%s/enabled' % user_id, put_body)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def update_user_password(self, user_id, **kwargs):
+ """Update User Password."""
+ # TODO(piyush): Current api-site doesn't contain this API description.
+ # After fixing the api-site, we need to fix here also for putting the
+ # link to api-site.
+ # LP: https://bugs.launchpad.net/openstack-api-site/+bug/1524147
+ put_body = json.dumps({'user': kwargs})
+ resp, body = self.put('users/%s/OS-KSADM/password' % user_id, put_body)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def update_user_own_password(self, user_id, **kwargs):
+ """User updates own password"""
+ # TODO(piyush): Current api-site doesn't contain this API description.
+ # After fixing the api-site, we need to fix here also for putting the
+ # link to api-site.
+ # LP: https://bugs.launchpad.net/openstack-api-site/+bug/1524153
+ # NOTE: This API is used for updating user password by itself.
+ # Ref: http://lists.openstack.org/pipermail/openstack-dev/2015-December
+ # /081803.html
+ patch_body = json.dumps({'user': kwargs})
+ resp, body = self.patch('OS-KSCRUD/users/%s' % user_id, patch_body)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def create_user_ec2_credentials(self, user_id, **kwargs):
+ # TODO(piyush): Current api-site doesn't contain this API description.
+ # After fixing the api-site, we need to fix here also for putting the
+ # link to api-site.
+ post_body = json.dumps(kwargs)
+ resp, body = self.post('/users/%s/credentials/OS-EC2' % user_id,
+ post_body)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def delete_user_ec2_credentials(self, user_id, access):
+ resp, body = self.delete('/users/%s/credentials/OS-EC2/%s' %
+ (user_id, access))
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp, body)
+
+ def list_user_ec2_credentials(self, user_id):
+ resp, body = self.get('/users/%s/credentials/OS-EC2' % user_id)
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
+
+ def show_user_ec2_credentials(self, user_id, access):
+ resp, body = self.get('/users/%s/credentials/OS-EC2/%s' %
+ (user_id, access))
+ self.expected_success(200, resp.status)
+ body = json.loads(body)
+ return service_client.ResponseBody(resp, body)
diff --git a/tempest/stress/cleanup.py b/tempest/stress/cleanup.py
index 5c25e32..00f760a 100644
--- a/tempest/stress/cleanup.py
+++ b/tempest/stress/cleanup.py
@@ -69,11 +69,11 @@
except Exception:
pass
- users = admin_manager.identity_client.list_users()['users']
+ users = admin_manager.users_client.list_users()['users']
LOG.info("Cleanup::remove %s users" % len(users))
for user in users:
if user['name'].startswith("stress_user"):
- admin_manager.identity_client.delete_user(user['id'])
+ admin_manager.users_client.delete_user(user['id'])
tenants = admin_manager.tenants_client.list_tenants()['tenants']
LOG.info("Cleanup::remove %s tenants" % len(tenants))
for tenant in tenants:
diff --git a/tempest/stress/driver.py b/tempest/stress/driver.py
index a3e1ea3..6531059 100644
--- a/tempest/stress/driver.py
+++ b/tempest/stress/driver.py
@@ -148,12 +148,15 @@
identity_client = admin_manager.identity_client
projects_client = admin_manager.tenants_client
roles_client = admin_manager.roles_client
+ users_client = admin_manager.users_client
else:
identity_client = admin_manager.identity_v3_client
projects_client = None
roles_client = None
+ users_client = None
credentials_client = cred_client.get_creds_client(
- identity_client, projects_client, roles_client)
+ identity_client, projects_client, roles_client,
+ users_client)
project = credentials_client.create_project(
name=tenant_name, description=tenant_name)
user = credentials_client.create_user(username, password,
diff --git a/tempest/test.py b/tempest/test.py
index aed438c..b4faa64 100644
--- a/tempest/test.py
+++ b/tempest/test.py
@@ -439,10 +439,12 @@
client = self.os_admin.identity_client
project_client = self.os_admin.tenants_client
roles_client = self.os_admin.roles_client
+ users_client = self.os_admin.users_client
else:
client = self.os_admin.identity_v3_client
project_client = None
roles_client = None
+ users_client = None
try:
domain = client.auth_provider.credentials.project_domain_name
@@ -451,6 +453,7 @@
return cred_client.get_creds_client(client, project_client,
roles_client,
+ users_client,
project_domain_name=domain)
@classmethod
diff --git a/tempest/tests/cmd/test_javelin.py b/tempest/tests/cmd/test_javelin.py
index 62409bf..2fbb206 100644
--- a/tempest/tests/cmd/test_javelin.py
+++ b/tempest/tests/cmd/test_javelin.py
@@ -119,7 +119,7 @@
fake_tenant_id = self.fake_object['tenant']['id']
fake_email = "%s@%s" % (self.fake_object['user'], fake_tenant_id)
- mocked_function = self.fake_client.identity.create_user
+ mocked_function = self.fake_client.users.create_user
mocked_function.assert_called_once_with(self.fake_object['name'],
self.fake_object['password'],
fake_tenant_id,
@@ -135,7 +135,7 @@
javelin.create_users([self.fake_object])
- mocked_function = self.fake_client.identity.create_user
+ mocked_function = self.fake_client.users.create_user
self.assertFalse(mocked_function.called)
def test_create_objects(self):
@@ -310,7 +310,7 @@
fake_auth = self.fake_client
fake_auth.tenants.list_tenants.return_value = \
{'tenants': [fake_tenant]}
- fake_auth.identity.list_users.return_value = {'users': [fake_user]}
+ fake_auth.users.list_users.return_value = {'users': [fake_user]}
self.useFixture(mockpatch.Patch(
'tempest.common.identity.get_user_by_username',
@@ -320,7 +320,7 @@
javelin.destroy_users([fake_user])
- mocked_function = fake_auth.identity.delete_user
+ mocked_function = fake_auth.users.delete_user
mocked_function.assert_called_once_with(fake_user['id'])
def test_destroy_objects(self):
diff --git a/tempest/tests/common/test_dynamic_creds.py b/tempest/tests/common/test_dynamic_creds.py
index a55e556..5cb204f 100644
--- a/tempest/tests/common/test_dynamic_creds.py
+++ b/tempest/tests/common/test_dynamic_creds.py
@@ -28,6 +28,8 @@
json_roles_client
from tempest.services.identity.v2.json import tenants_client as \
json_tenants_client
+from tempest.services.identity.v2.json import users_client as \
+ json_users_client
from tempest.services.network.json import network_client as json_network_client
from tempest.tests import base
from tempest.tests import fake_config
@@ -70,7 +72,7 @@
def _mock_user_create(self, id, name):
user_fix = self.useFixture(mockpatch.PatchObject(
- json_iden_client.IdentityClient,
+ json_users_client.UsersClient,
'create_user',
return_value=(service_client.ResponseBody
(200, {'user': {'id': id, 'name': name}}))))
@@ -125,7 +127,7 @@
def _mock_list_ec2_credentials(self, user_id, tenant_id):
ec2_creds_fix = self.useFixture(mockpatch.PatchObject(
- json_iden_client.IdentityClient,
+ json_users_client.UsersClient,
'list_user_ec2_credentials',
return_value=(service_client.ResponseBody
(200, {'credentials': [{
@@ -241,8 +243,8 @@
self._mock_list_roles('123456', 'admin')
creds.get_admin_creds()
user_mock = self.patch(
- 'tempest.services.identity.v2.json.identity_client.'
- 'IdentityClient.delete_user')
+ 'tempest.services.identity.v2.json.users_client.'
+ 'UsersClient.delete_user')
tenant_mock = self.patch(
'tempest.services.identity.v2.json.tenants_client.'
'TenantsClient.delete_tenant')
@@ -373,8 +375,8 @@
self._mock_router_create('123456', 'fake_admin_router')
self._mock_list_roles('123456', 'admin')
creds.get_admin_creds()
- self.patch('tempest.services.identity.v2.json.identity_client.'
- 'IdentityClient.delete_user')
+ self.patch('tempest.services.identity.v2.json.users_client.'
+ 'UsersClient.delete_user')
self.patch('tempest.services.identity.v2.json.tenants_client.'
'TenantsClient.delete_tenant')
net = mock.patch.object(creds.networks_admin_client,