Add keystone v3 user negative case test authentication with disabed user
Add keystone v3 user negative case test authentication with disabed user,
in the meantime, fix the problem that there is no disable_user function
in v3 admin test class
Partial-Bug: 1513748
Change-Id: I0cb460a374ad0c46e17d7fb5b4f65585009fb281
diff --git a/tempest/api/identity/admin/v3/test_users_negative.py b/tempest/api/identity/admin/v3/test_users_negative.py
index ca2aaa4..d40a5b9 100644
--- a/tempest/api/identity/admin/v3/test_users_negative.py
+++ b/tempest/api/identity/admin/v3/test_users_negative.py
@@ -33,3 +33,14 @@
u_name, u_password,
email=u_email,
domain_id=data_utils.rand_uuid_hex())
+
+ @test.attr(type=['negative'])
+ @test.idempotent_id('b3c9fccc-4134-46f5-b600-1da6fb0a3b1f')
+ def test_authentication_for_disabled_user(self):
+ # Attempt to authenticate for disabled user should fail
+ self.data.setup_test_v3_user()
+ self.disable_user(self.data.test_user)
+ self.assertRaises(lib_exc.Unauthorized, self.token.auth,
+ username=self.data.test_user,
+ password=self.data.test_password,
+ user_domain_id='default')
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index c56f4fb..0364f3a 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -170,6 +170,11 @@
if len(role) > 0:
return role[0]
+ @classmethod
+ def disable_user(cls, user_name):
+ user = cls.get_user_by_name(user_name)
+ cls.client.update_user(user['id'], user_name, enabled=False)
+
def delete_domain(self, domain_id):
# NOTE(mpavlase) It is necessary to disable the domain before deleting
# otherwise it raises Forbidden exception