Add test to rescope token using v2
This adds a test that shows that an unscoped token can be used to
get a scoped token using the identity v2 API.
Change-Id: Ibb6da68d5be2f46f27eb23fbbb7e6e282b026556
diff --git a/tempest/api/identity/admin/test_tokens.py b/tempest/api/identity/admin/test_tokens.py
index 533f374..c931bcf 100644
--- a/tempest/api/identity/admin/test_tokens.py
+++ b/tempest/api/identity/admin/test_tokens.py
@@ -56,6 +56,49 @@
resp, body = self.client.delete_token(token_id)
self.assertEqual(resp['status'], '204')
+ @attr(type='gate')
+ def test_rescope_token(self):
+ """An unscoped token can be requested, that token can be used to
+ request a scoped token.
+ """
+
+ # Create a user.
+ user_name = data_utils.rand_name(name='user-')
+ user_password = data_utils.rand_name(name='pass-')
+ tenant_id = None # No default tenant so will get unscoped token.
+ email = ''
+ resp, user = self.client.create_user(user_name, user_password,
+ tenant_id, email)
+ self.assertEqual(200, resp.status)
+ self.data.users.append(user)
+
+ # Create a tenant.
+ tenant_name = data_utils.rand_name(name='tenant-')
+ resp, tenant = self.client.create_tenant(tenant_name)
+ self.assertEqual(200, resp.status)
+ self.data.tenants.append(tenant)
+
+ # Create a role
+ role_name = data_utils.rand_name(name='role-')
+ resp, role = self.client.create_role(role_name)
+ self.assertEqual(200, resp.status)
+ self.data.roles.append(role)
+
+ # Grant the user the role on the tenant.
+ resp, _ = self.client.assign_user_role(tenant['id'], user['id'],
+ role['id'])
+ self.assertEqual(200, resp.status)
+
+ # Get an unscoped token.
+ rsp, body = self.token_client.auth(user_name, user_password)
+ self.assertEqual(200, resp.status)
+
+ token_id = body['token']['id']
+
+ # Use the unscoped token to get a scoped token.
+ rsp, body = self.token_client.auth_token(token_id, tenant=tenant_name)
+ self.assertEqual(200, resp.status)
+
class TokensTestXML(TokensTestJSON):
_interface = 'xml'
diff --git a/tempest/services/identity/json/identity_client.py b/tempest/services/identity/json/identity_client.py
index 9a31540..99b4036 100644
--- a/tempest/services/identity/json/identity_client.py
+++ b/tempest/services/identity/json/identity_client.py
@@ -134,9 +134,10 @@
post_body = {
'name': name,
'password': password,
- 'tenantId': tenant_id,
'email': email
}
+ if tenant_id is not None:
+ post_body['tenantId'] = tenant_id
if kwargs.get('enabled') is not None:
post_body['enabled'] = kwargs.get('enabled')
post_body = json.dumps({'user': post_body})
@@ -233,16 +234,36 @@
self.auth_url = auth_url
- def auth(self, user, password, tenant):
+ def auth(self, user, password, tenant=None):
creds = {
'auth': {
'passwordCredentials': {
'username': user,
'password': password,
},
- 'tenantName': tenant,
}
}
+
+ if tenant:
+ creds['auth']['tenantName'] = tenant
+
+ body = json.dumps(creds)
+ resp, body = self.post(self.auth_url, body=body)
+
+ return resp, body['access']
+
+ def auth_token(self, token_id, tenant=None):
+ creds = {
+ 'auth': {
+ 'token': {
+ 'id': token_id,
+ },
+ }
+ }
+
+ if tenant:
+ creds['auth']['tenantName'] = tenant
+
body = json.dumps(creds)
resp, body = self.post(self.auth_url, body=body)
diff --git a/tempest/services/identity/xml/identity_client.py b/tempest/services/identity/xml/identity_client.py
index 50403fb..c5bf310 100644
--- a/tempest/services/identity/xml/identity_client.py
+++ b/tempest/services/identity/xml/identity_client.py
@@ -75,8 +75,9 @@
xmlns=XMLNS,
name=name,
password=password,
- tenantId=tenant_id,
email=email)
+ if tenant_id:
+ create_user.add_attr('tenantId', tenant_id)
if 'enabled' in kwargs:
create_user.add_attr('enabled', str(kwargs['enabled']).lower())
@@ -116,11 +117,24 @@
class TokenClientXML(identity_client.TokenClientJSON):
TYPE = "xml"
- def auth(self, user, password, tenant):
- passwordCreds = xml.Element("passwordCredentials",
+ def auth(self, user, password, tenant=None):
+ passwordCreds = xml.Element('passwordCredentials',
username=user,
password=password)
- auth = xml.Element("auth", tenantName=tenant)
+ auth_kwargs = {}
+ if tenant:
+ auth_kwargs['tenantName'] = tenant
+ auth = xml.Element('auth', **auth_kwargs)
auth.append(passwordCreds)
resp, body = self.post(self.auth_url, body=str(xml.Document(auth)))
return resp, body['access']
+
+ def auth_token(self, token_id, tenant=None):
+ tokenCreds = xml.Element('token', id=token_id)
+ auth_kwargs = {}
+ if tenant:
+ auth_kwargs['tenantName'] = tenant
+ auth = xml.Element('auth', **auth_kwargs)
+ auth.append(tokenCreds)
+ resp, body = self.post(self.auth_url, body=str(xml.Document(auth)))
+ return resp, body['access']