Merge "Make identity v3 roles_client use **kwargs"
diff --git a/tempest/api/identity/admin/v3/test_default_project_id.py b/tempest/api/identity/admin/v3/test_default_project_id.py
index 3616e77..59ffc19 100644
--- a/tempest/api/identity/admin/v3/test_default_project_id.py
+++ b/tempest/api/identity/admin/v3/test_default_project_id.py
@@ -69,7 +69,7 @@
admin_role_id = admin_role['id']
# grant the admin role to the user on his project
- self.roles_client.assign_user_role_on_project(proj_id, user_id,
+ self.roles_client.create_user_role_on_project(proj_id, user_id,
admin_role_id)
# create a new client with user's credentials (NOTE: unscoped token!)
diff --git a/tempest/api/identity/admin/v3/test_roles.py b/tempest/api/identity/admin/v3/test_roles.py
index 4ecf0a5..f5bf923 100644
--- a/tempest/api/identity/admin/v3/test_roles.py
+++ b/tempest/api/identity/admin/v3/test_roles.py
@@ -94,7 +94,7 @@
@test.idempotent_id('c6b80012-fe4a-498b-9ce8-eb391c05169f')
def test_grant_list_revoke_role_to_user_on_project(self):
- self.roles_client.assign_user_role_on_project(self.project['id'],
+ self.roles_client.create_user_role_on_project(self.project['id'],
self.user_body['id'],
self.role['id'])
@@ -115,7 +115,7 @@
@test.idempotent_id('6c9a2940-3625-43a3-ac02-5dcec62ef3bd')
def test_grant_list_revoke_role_to_user_on_domain(self):
- self.roles_client.assign_user_role_on_domain(
+ self.roles_client.create_user_role_on_domain(
self.domain['id'], self.user_body['id'], self.role['id'])
roles = self.roles_client.list_user_roles_on_domain(
@@ -136,7 +136,7 @@
@test.idempotent_id('cbf11737-1904-4690-9613-97bcbb3df1c4')
def test_grant_list_revoke_role_to_group_on_project(self):
# Grant role to group on project
- self.roles_client.assign_group_role_on_project(
+ self.roles_client.create_group_role_on_project(
self.project['id'], self.group_body['id'], self.role['id'])
# List group roles on project
roles = self.roles_client.list_group_roles_on_project(
@@ -170,7 +170,7 @@
@test.idempotent_id('4bf8a70b-e785-413a-ad53-9f91ce02faa7')
def test_grant_list_revoke_role_to_group_on_domain(self):
- self.roles_client.assign_group_role_on_domain(
+ self.roles_client.create_group_role_on_domain(
self.domain['id'], self.group_body['id'], self.role['id'])
roles = self.roles_client.list_group_roles_on_domain(
diff --git a/tempest/api/identity/admin/v3/test_tokens.py b/tempest/api/identity/admin/v3/test_tokens.py
index fcf4772..8706cf7 100644
--- a/tempest/api/identity/admin/v3/test_tokens.py
+++ b/tempest/api/identity/admin/v3/test_tokens.py
@@ -83,11 +83,11 @@
self.addCleanup(self.roles_client.delete_role, role['id'])
# Grant the user the role on both projects.
- self.roles_client.assign_user_role_on_project(project1['id'],
+ self.roles_client.create_user_role_on_project(project1['id'],
user['id'],
role['id'])
- self.roles_client.assign_user_role_on_project(project2['id'],
+ self.roles_client.create_user_role_on_project(project2['id'],
user['id'],
role['id'])
diff --git a/tempest/api/identity/admin/v3/test_trusts.py b/tempest/api/identity/admin/v3/test_trusts.py
index 58e2ab8..4e69de8 100644
--- a/tempest/api/identity/admin/v3/test_trusts.py
+++ b/tempest/api/identity/admin/v3/test_trusts.py
@@ -77,11 +77,11 @@
self.not_delegated_role_id = role['id']
# Assign roles to trustor
- self.roles_client.assign_user_role_on_project(
+ self.roles_client.create_user_role_on_project(
self.trustor_project_id,
self.trustor_user_id,
self.delegated_role_id)
- self.roles_client.assign_user_role_on_project(
+ self.roles_client.create_user_role_on_project(
self.trustor_project_id,
self.trustor_user_id,
self.not_delegated_role_id)
diff --git a/tempest/api/identity/admin/v3/test_users.py b/tempest/api/identity/admin/v3/test_users.py
index 1bcec62..fd2683e 100644
--- a/tempest/api/identity/admin/v3/test_users.py
+++ b/tempest/api/identity/admin/v3/test_users.py
@@ -130,7 +130,7 @@
self.addCleanup(
self.projects_client.delete_project, project_body['id'])
# Assigning roles to user on project
- self.roles_client.assign_user_role_on_project(project['id'],
+ self.roles_client.create_user_role_on_project(project['id'],
user['id'],
role['id'])
assigned_project_ids.append(project['id'])
diff --git a/tempest/common/cred_client.py b/tempest/common/cred_client.py
index d8b808b..ad968f1 100644
--- a/tempest/common/cred_client.py
+++ b/tempest/common/cred_client.py
@@ -74,7 +74,9 @@
msg = 'No "%s" role found' % role_name
raise lib_exc.NotFound(msg)
try:
- self._assign_user_role(project, user, role)
+ self.roles_client.create_user_role_on_project(project['id'],
+ user['id'],
+ role['id'])
except lib_exc.Conflict:
LOG.debug("Role %s already assigned on project %s for user %s" % (
role['id'], project['id'], user['id']))
@@ -124,11 +126,6 @@
tenant_name=project['name'], tenant_id=project['id'],
password=password)
- def _assign_user_role(self, project, user, role):
- self.roles_client.create_user_role_on_project(project['id'],
- user['id'],
- role['id'])
-
class V3CredsClient(CredsClient):
project_id_param = 'project_id'
@@ -176,11 +173,6 @@
domain_id=self.creds_domain['id'],
domain_name=self.creds_domain['name'])
- def _assign_user_role(self, project, user, role):
- self.roles_client.assign_user_role_on_project(project['id'],
- user['id'],
- role['id'])
-
def assign_user_role_on_domain(self, user, role_name, domain=None):
"""Assign the specified role on a domain
@@ -198,7 +190,7 @@
msg = 'No "%s" role found' % role_name
raise lib_exc.NotFound(msg)
try:
- self.roles_client.assign_user_role_on_domain(
+ self.roles_client.create_user_role_on_domain(
domain['id'], user['id'], role['id'])
except lib_exc.Conflict:
LOG.debug("Role %s already assigned on domain %s for user %s",
diff --git a/tempest/services/identity/v3/json/roles_client.py b/tempest/services/identity/v3/json/roles_client.py
index aab203f..3f165fa 100644
--- a/tempest/services/identity/v3/json/roles_client.py
+++ b/tempest/services/identity/v3/json/roles_client.py
@@ -13,6 +13,7 @@
# limitations under the License.
from oslo_serialization import jsonutils as json
+from six.moves.urllib import parse as urllib
from tempest.lib.common import rest_client
@@ -39,9 +40,13 @@
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
- def list_roles(self):
+ def list_roles(self, **params):
"""Get the list of Roles."""
- resp, body = self.get("roles")
+
+ url = 'roles'
+ if params:
+ url += '?%s' % urllib.urlencode(params)
+ resp, body = self.get(url)
self.expected_success(200, resp.status)
body = json.loads(body)
return rest_client.ResponseBody(resp, body)
@@ -64,14 +69,14 @@
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
- def assign_user_role_on_project(self, project_id, user_id, role_id):
+ def create_user_role_on_project(self, project_id, user_id, role_id):
"""Add roles to a user on a project."""
resp, body = self.put('projects/%s/users/%s/roles/%s' %
(project_id, user_id, role_id), None)
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
- def assign_user_role_on_domain(self, domain_id, user_id, role_id):
+ def create_user_role_on_domain(self, domain_id, user_id, role_id):
"""Add roles to a user on a domain."""
resp, body = self.put('domains/%s/users/%s/roles/%s' %
(domain_id, user_id, role_id), None)
@@ -124,22 +129,22 @@
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp)
- def assign_group_role_on_project(self, project_id, group_id, role_id):
- """Add roles to a user on a project."""
+ def create_group_role_on_project(self, project_id, group_id, role_id):
+ """Add roles to a group on a project."""
resp, body = self.put('projects/%s/groups/%s/roles/%s' %
(project_id, group_id, role_id), None)
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
- def assign_group_role_on_domain(self, domain_id, group_id, role_id):
- """Add roles to a user on a domain."""
+ def create_group_role_on_domain(self, domain_id, group_id, role_id):
+ """Add roles to a group on a domain."""
resp, body = self.put('domains/%s/groups/%s/roles/%s' %
(domain_id, group_id, role_id), None)
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def list_group_roles_on_project(self, project_id, group_id):
- """list roles of a user on a project."""
+ """list roles of a group on a project."""
resp, body = self.get('projects/%s/groups/%s/roles' %
(project_id, group_id))
self.expected_success(200, resp.status)
@@ -147,7 +152,7 @@
return rest_client.ResponseBody(resp, body)
def list_group_roles_on_domain(self, domain_id, group_id):
- """list roles of a user on a domain."""
+ """list roles of a group on a domain."""
resp, body = self.get('domains/%s/groups/%s/roles' %
(domain_id, group_id))
self.expected_success(200, resp.status)
@@ -155,14 +160,14 @@
return rest_client.ResponseBody(resp, body)
def delete_role_from_group_on_project(self, project_id, group_id, role_id):
- """Delete role of a user on a project."""
+ """Delete role of a group on a project."""
resp, body = self.delete('projects/%s/groups/%s/roles/%s' %
(project_id, group_id, role_id))
self.expected_success(204, resp.status)
return rest_client.ResponseBody(resp, body)
def delete_role_from_group_on_domain(self, domain_id, group_id, role_id):
- """Delete role of a user on a domain."""
+ """Delete role of a group on a domain."""
resp, body = self.delete('domains/%s/groups/%s/roles/%s' %
(domain_id, group_id, role_id))
self.expected_success(204, resp.status)
@@ -170,7 +175,7 @@
def check_role_from_group_on_project_existence(self, project_id,
group_id, role_id):
- """Check role of a user on a project."""
+ """Check role of a group on a project."""
resp, body = self.head('projects/%s/groups/%s/roles/%s' %
(project_id, group_id, role_id))
self.expected_success(204, resp.status)
@@ -178,7 +183,7 @@
def check_role_from_group_on_domain_existence(self, domain_id,
group_id, role_id):
- """Check role of a user on a domain."""
+ """Check role of a group on a domain."""
resp, body = self.head('domains/%s/groups/%s/roles/%s' %
(domain_id, group_id, role_id))
self.expected_success(204, resp.status)
diff --git a/tempest/tests/common/test_dynamic_creds.py b/tempest/tests/common/test_dynamic_creds.py
index 8c74d9c..d74734e 100644
--- a/tempest/tests/common/test_dynamic_creds.py
+++ b/tempest/tests/common/test_dynamic_creds.py
@@ -55,7 +55,6 @@
users_client = v2_users_client
token_client_class = token_client.TokenClient
fake_response = fake_identity._fake_v2_response
- assign_role_on_project = 'create_user_role_on_project'
tenants_client_class = tenants_client.TenantsClient
delete_tenant = 'delete_tenant'
@@ -125,7 +124,7 @@
def _mock_assign_user_role(self):
tenant_fix = self.useFixture(mockpatch.PatchObject(
self.roles_client.RolesClient,
- self.assign_role_on_project,
+ 'create_user_role_on_project',
return_value=(rest_client.ResponseBody
(200, {}))))
return tenant_fix
@@ -198,11 +197,11 @@
self._mock_tenant_create('1234', 'fake_admin_tenant')
user_mock = mock.patch.object(self.roles_client.RolesClient,
- self.assign_role_on_project)
+ 'create_user_role_on_project')
user_mock.start()
self.addCleanup(user_mock.stop)
with mock.patch.object(self.roles_client.RolesClient,
- self.assign_role_on_project) as user_mock:
+ 'create_user_role_on_project') as user_mock:
admin_creds = creds.get_admin_creds()
user_mock.assert_has_calls([
mock.call('1234', '1234', '1234')])
@@ -221,11 +220,11 @@
self._mock_tenant_create('1234', 'fake_role_tenant')
user_mock = mock.patch.object(self.roles_client.RolesClient,
- self.assign_role_on_project)
+ 'create_user_role_on_project')
user_mock.start()
self.addCleanup(user_mock.stop)
with mock.patch.object(self.roles_client.RolesClient,
- self.assign_role_on_project) as user_mock:
+ 'create_user_role_on_project') as user_mock:
role_creds = creds.get_creds_by_roles(
roles=['role1', 'role2'])
calls = user_mock.mock_calls
@@ -612,7 +611,6 @@
users_client = v3_users_client
token_client_class = token_client.V3TokenClient
fake_response = fake_identity._fake_v3_response
- assign_role_on_project = 'assign_user_role_on_project'
tenants_client_class = tenants_client.ProjectsClient
delete_tenant = 'delete_project'
@@ -624,7 +622,7 @@
return_value=dict(domains=[dict(id='default',
name='Default')])))
self.patchobject(self.roles_client.RolesClient,
- 'assign_user_role_on_domain')
+ 'create_user_role_on_domain')
def _mock_list_ec2_credentials(self, user_id, tenant_id):
pass