Merge "Add keystone v3 user negative case test authentication with disabed user"
diff --git a/tempest/api/identity/admin/v3/test_users_negative.py b/tempest/api/identity/admin/v3/test_users_negative.py
index ca2aaa4..d40a5b9 100644
--- a/tempest/api/identity/admin/v3/test_users_negative.py
+++ b/tempest/api/identity/admin/v3/test_users_negative.py
@@ -33,3 +33,14 @@
u_name, u_password,
email=u_email,
domain_id=data_utils.rand_uuid_hex())
+
+ @test.attr(type=['negative'])
+ @test.idempotent_id('b3c9fccc-4134-46f5-b600-1da6fb0a3b1f')
+ def test_authentication_for_disabled_user(self):
+ # Attempt to authenticate for disabled user should fail
+ self.data.setup_test_v3_user()
+ self.disable_user(self.data.test_user)
+ self.assertRaises(lib_exc.Unauthorized, self.token.auth,
+ username=self.data.test_user,
+ password=self.data.test_password,
+ user_domain_id='default')
diff --git a/tempest/api/identity/base.py b/tempest/api/identity/base.py
index c56f4fb..0364f3a 100644
--- a/tempest/api/identity/base.py
+++ b/tempest/api/identity/base.py
@@ -170,6 +170,11 @@
if len(role) > 0:
return role[0]
+ @classmethod
+ def disable_user(cls, user_name):
+ user = cls.get_user_by_name(user_name)
+ cls.client.update_user(user['id'], user_name, enabled=False)
+
def delete_domain(self, domain_id):
# NOTE(mpavlase) It is necessary to disable the domain before deleting
# otherwise it raises Forbidden exception