Merge "Add validation test in identity v3 test_role"
diff --git a/tempest/api/identity/admin/v3/test_roles.py b/tempest/api/identity/admin/v3/test_roles.py
index c63231f..3386238 100644
--- a/tempest/api/identity/admin/v3/test_roles.py
+++ b/tempest/api/identity/admin/v3/test_roles.py
@@ -29,19 +29,20 @@
u_name = data_utils.rand_name('user-')
u_desc = '%s description' % u_name
u_email = '%s@testmail.tm' % u_name
- u_password = data_utils.rand_name('pass-')
+ cls.u_password = data_utils.rand_name('pass-')
resp = [None] * 5
- resp[0], cls.project = cls.client.create_project(
- data_utils.rand_name('project-'),
- description=data_utils.rand_name('project-desc-'))
- resp[1], cls.domain = cls.client.create_domain(
+ resp[0], cls.domain = cls.client.create_domain(
data_utils.rand_name('domain-'),
description=data_utils.rand_name('domain-desc-'))
+ resp[1], cls.project = cls.client.create_project(
+ data_utils.rand_name('project-'),
+ description=data_utils.rand_name('project-desc-'),
+ domain_id=cls.domain['id'])
resp[2], cls.group_body = cls.client.create_group(
data_utils.rand_name('Group-'), project_id=cls.project['id'],
domain_id=cls.domain['id'])
resp[3], cls.user_body = cls.client.create_user(
- u_name, description=u_desc, password=u_password,
+ u_name, description=u_desc, password=cls.u_password,
email=u_email, project_id=cls.project['id'],
domain_id=cls.domain['id'])
resp[4], cls.role = cls.client.create_role(
@@ -131,10 +132,11 @@
@test.attr(type='smoke')
def test_grant_list_revoke_role_to_group_on_project(self):
+ # Grant role to group on project
resp, _ = self.client.assign_group_role_on_project(
self.project['id'], self.group_body['id'], self.role['id'])
self.assertEqual(resp['status'], '204')
-
+ # List group roles on project
resp, roles = self.client.list_group_roles_on_project(
self.project['id'], self.group_body['id'])
@@ -143,7 +145,18 @@
self._list_assertions(resp, roles, self.fetched_role_ids,
self.role['id'])
-
+ # Add user to group, and insure user has role on project
+ self.client.add_group_user(self.group_body['id'], self.user_body['id'])
+ self.addCleanup(self.client.delete_group_user,
+ self.group_body['id'], self.user_body['id'])
+ resp, body = self.token.auth(self.user_body['id'], self.u_password,
+ self.project['name'],
+ domain=self.domain['name'])
+ roles = body['token']['roles']
+ self.assertEqual(resp['status'], '201')
+ self.assertEqual(len(roles), 1)
+ self.assertEqual(roles[0]['id'], self.role['id'])
+ # Revoke role to group on project
resp, _ = self.client.revoke_role_from_group_on_project(
self.project['id'], self.group_body['id'], self.role['id'])
self.assertEqual(resp['status'], '204')