Add the group and role checks API in tempest
Group and Role checks API does not exist api client and test.
Add this for normal API test.
Change-Id: I9146f9040f32e371154f96e72db6416ca0c34bab
Closes-bug: #1523368
diff --git a/tempest/api/identity/admin/v3/test_groups.py b/tempest/api/identity/admin/v3/test_groups.py
index e022023..df01074 100644
--- a/tempest/api/identity/admin/v3/test_groups.py
+++ b/tempest/api/identity/admin/v3/test_groups.py
@@ -76,8 +76,10 @@
# list users in group
group_users = self.groups_client.list_group_users(group['id'])['users']
self.assertEqual(sorted(users), sorted(group_users))
- # delete user in group
+ # check and delete user in group
for user in users:
+ self.groups_client.check_group_user_existence(
+ group['id'], user['id'])
self.groups_client.delete_group_user(group['id'], user['id'])
group_users = self.groups_client.list_group_users(group['id'])['users']
self.assertEqual(len(group_users), 0)
diff --git a/tempest/api/identity/admin/v3/test_roles.py b/tempest/api/identity/admin/v3/test_roles.py
index f194d9c..e5a6535 100644
--- a/tempest/api/identity/admin/v3/test_roles.py
+++ b/tempest/api/identity/admin/v3/test_roles.py
@@ -102,6 +102,9 @@
self._list_assertions(roles, self.fetched_role_ids,
self.role['id'])
+ self.client.check_user_role_existence_on_project(
+ self.project['id'], self.user_body['id'], self.role['id'])
+
self.client.delete_role_from_user_on_project(
self.project['id'], self.user_body['id'], self.role['id'])
@@ -119,6 +122,9 @@
self._list_assertions(roles, self.fetched_role_ids,
self.role['id'])
+ self.client.check_user_role_existence_on_domain(
+ self.domain['id'], self.user_body['id'], self.role['id'])
+
self.client.delete_role_from_user_on_domain(
self.domain['id'], self.user_body['id'], self.role['id'])
@@ -149,6 +155,10 @@
roles = body['token']['roles']
self.assertEqual(len(roles), 1)
self.assertEqual(roles[0]['id'], self.role['id'])
+
+ self.client.check_role_from_group_on_project_existence(
+ self.project['id'], self.group_body['id'], self.role['id'])
+
# Revoke role to group on project
self.client.delete_role_from_group_on_project(
self.project['id'], self.group_body['id'], self.role['id'])
@@ -167,6 +177,9 @@
self._list_assertions(roles, self.fetched_role_ids,
self.role['id'])
+ self.client.check_role_from_group_on_domain_existence(
+ self.domain['id'], self.group_body['id'], self.role['id'])
+
self.client.delete_role_from_group_on_domain(
self.domain['id'], self.group_body['id'], self.role['id'])
diff --git a/tempest/services/identity/v3/json/groups_client.py b/tempest/services/identity/v3/json/groups_client.py
index 70edd23..6ed85cf 100644
--- a/tempest/services/identity/v3/json/groups_client.py
+++ b/tempest/services/identity/v3/json/groups_client.py
@@ -88,3 +88,9 @@
resp, body = self.delete('groups/%s/users/%s' % (group_id, user_id))
self.expected_success(204, resp.status)
return service_client.ResponseBody(resp, body)
+
+ def check_group_user_existence(self, group_id, user_id):
+ """Check user in group."""
+ resp, body = self.head('groups/%s/users/%s' % (group_id, user_id))
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp)
diff --git a/tempest/services/identity/v3/json/identity_client.py b/tempest/services/identity/v3/json/identity_client.py
index 972db99..54d7723 100644
--- a/tempest/services/identity/v3/json/identity_client.py
+++ b/tempest/services/identity/v3/json/identity_client.py
@@ -350,6 +350,22 @@
self.expected_success(204, resp.status)
return service_client.ResponseBody(resp, body)
+ def check_user_role_existence_on_project(self, project_id,
+ user_id, role_id):
+ """Check role of a user on a project."""
+ resp, body = self.head('projects/%s/users/%s/roles/%s' %
+ (project_id, user_id, role_id))
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp)
+
+ def check_user_role_existence_on_domain(self, domain_id,
+ user_id, role_id):
+ """Check role of a user on a domain."""
+ resp, body = self.head('domains/%s/users/%s/roles/%s' %
+ (domain_id, user_id, role_id))
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp)
+
def assign_group_role_on_project(self, project_id, group_id, role_id):
"""Add roles to a user on a project."""
resp, body = self.put('projects/%s/groups/%s/roles/%s' %
@@ -394,6 +410,22 @@
self.expected_success(204, resp.status)
return service_client.ResponseBody(resp, body)
+ def check_role_from_group_on_project_existence(self, project_id,
+ group_id, role_id):
+ """Check role of a user on a project."""
+ resp, body = self.head('projects/%s/groups/%s/roles/%s' %
+ (project_id, group_id, role_id))
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp)
+
+ def check_role_from_group_on_domain_existence(self, domain_id,
+ group_id, role_id):
+ """Check role of a user on a domain."""
+ resp, body = self.head('domains/%s/groups/%s/roles/%s' %
+ (domain_id, group_id, role_id))
+ self.expected_success(204, resp.status)
+ return service_client.ResponseBody(resp)
+
def create_trust(self, **kwargs):
"""Creates a trust.