Change project and domain parameters
Make way for user and project specific domains and domain scopes.
Related-Bug: #1420605
Change-Id: I6311f50d6c98b9cc48ece16c90075a32d775a41e
diff --git a/tempest/api/identity/admin/v3/test_roles.py b/tempest/api/identity/admin/v3/test_roles.py
index b8b309d..b0f48fa 100644
--- a/tempest/api/identity/admin/v3/test_roles.py
+++ b/tempest/api/identity/admin/v3/test_roles.py
@@ -140,9 +140,11 @@
self.client.add_group_user(self.group_body['id'], self.user_body['id'])
self.addCleanup(self.client.delete_group_user,
self.group_body['id'], self.user_body['id'])
- body = self.token.auth(self.user_body['id'], self.u_password,
- self.project['name'],
- domain=self.domain['name'])
+ body = self.token.auth(user=self.user_body['id'],
+ password=self.u_password,
+ user_domain=self.domain['name'],
+ project=self.project['name'],
+ project_domain=self.domain['name'])
roles = body['token']['roles']
self.assertEqual(len(roles), 1)
self.assertEqual(roles[0]['id'], self.role['id'])
diff --git a/tempest/api/identity/admin/v3/test_tokens.py b/tempest/api/identity/admin/v3/test_tokens.py
index f0acfdf..b907151 100644
--- a/tempest/api/identity/admin/v3/test_tokens.py
+++ b/tempest/api/identity/admin/v3/test_tokens.py
@@ -108,8 +108,8 @@
# Use the unscoped token to get a scoped token.
token_auth = self.token.auth(token=token_id,
- tenant=project1_name,
- domain='Default')
+ project=project1_name,
+ project_domain='Default')
token1_id = token_auth.response['x-subject-token']
self.assertEqual(orig_expires_at, token_auth['token']['expires_at'],
@@ -138,8 +138,8 @@
# Now get another scoped token using the unscoped token.
token_auth = self.token.auth(token=token_id,
- tenant=project2_name,
- domain='Default')
+ project=project2_name,
+ project_domain='Default')
self.assertEqual(project2['id'],
token_auth['token']['project']['id'])
diff --git a/tempest/auth.py b/tempest/auth.py
index 6a92b5f..63c9102 100644
--- a/tempest/auth.py
+++ b/tempest/auth.py
@@ -336,8 +336,9 @@
return dict(
user=self.credentials.username,
password=self.credentials.password,
- tenant=self.credentials.tenant_name,
- domain=self.credentials.user_domain_name,
+ project=self.credentials.tenant_name,
+ user_domain=self.credentials.user_domain_name,
+ project_domain=self.credentials.project_domain_name,
auth_data=True)
def _fill_credentials(self, auth_data_body):
diff --git a/tempest/services/identity/v3/json/token_client.py b/tempest/services/identity/v3/json/token_client.py
index 14c4a0a..891de9f 100644
--- a/tempest/services/identity/v3/json/token_client.py
+++ b/tempest/services/identity/v3/json/token_client.py
@@ -35,23 +35,22 @@
self.auth_url = auth_url
- def auth(self, user=None, password=None, tenant=None, user_type='id',
- domain=None, token=None):
+ def auth(self, user=None, password=None, project=None, user_type='id',
+ user_domain=None, project_domain=None, token=None):
"""
:param user: user id or name, as specified in user_type
- :param domain: the user and tenant domain
+ :param user_domain: the user domain
+ :param project_domain: the project domain
:param token: a token to re-scope.
Accepts different combinations of credentials. Restrictions:
- - tenant and domain are only name (no id)
- - user domain and tenant domain are assumed identical
- - domain scope is not supported here
+ - project and domain are only name (no id)
Sample sample valid combinations:
- token
- - token, tenant, domain
+ - token, project, project_domain
- user_id, password
- - username, password, domain
- - username, password, tenant, domain
+ - username, password, user_domain
+ - username, password, project, user_domain, project_domain
Validation is left to the server side.
"""
creds = {
@@ -78,13 +77,13 @@
id_obj['password']['user']['id'] = user
else:
id_obj['password']['user']['name'] = user
- if domain is not None:
- _domain = dict(name=domain)
+ if user_domain is not None:
+ _domain = dict(name=user_domain)
id_obj['password']['user']['domain'] = _domain
- if tenant is not None:
- _domain = dict(name=domain)
- project = dict(name=tenant, domain=_domain)
- scope = dict(project=project)
+ if project is not None:
+ _domain = dict(name=project_domain)
+ _project = dict(name=project, domain=_domain)
+ scope = dict(project=_project)
creds['auth']['scope'] = scope
body = json.dumps(creds)
@@ -119,14 +118,15 @@
return resp, json.loads(resp_body)
- def get_token(self, user, password, tenant, domain='Default',
- auth_data=False):
+ def get_token(self, user, password, project=None, project_domain='Default',
+ user_domain='Default', auth_data=False):
"""
:param user: username
Returns (token id, token data) for supplied credentials
"""
- body = self.auth(user, password, tenant, user_type='name',
- domain=domain)
+ body = self.auth(user, password, project, user_type='name',
+ user_domain=user_domain,
+ project_domain=project_domain)
token = body.response.get('x-subject-token')
if auth_data: