| Jane Zadorozhna | bfc7237 | 2015-06-16 17:32:59 +0300 | [diff] [blame] | 1 | # Copyright 2015 OpenStack Foundation |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| Jane Zadorozhna | bfc7237 | 2015-06-16 17:32:59 +0300 | [diff] [blame] | 16 | from tempest.api.identity import base |
| Andrea Frittoli (andreaf) | db9672e | 2016-02-23 14:07:24 -0500 | [diff] [blame] | 17 | from tempest.lib import exceptions as lib_exc |
| Jane Zadorozhna | bfc7237 | 2015-06-16 17:32:59 +0300 | [diff] [blame] | 18 | from tempest import test |
| 19 | |
| 20 | |
| 21 | class IdentityTenantsTest(base.BaseIdentityV2Test): |
| 22 | |
| 23 | credentials = ['primary', 'alt'] |
| 24 | |
| 25 | @test.idempotent_id('ecae2459-243d-4ba1-ad02-65f15dc82b78') |
| 26 | def test_list_tenants_returns_only_authorized_tenants(self): |
| 27 | alt_tenant_name = self.alt_manager.credentials.credentials.tenant_name |
| Daniel Mellado | b04da90 | 2015-11-20 17:43:12 +0100 | [diff] [blame] | 28 | resp = self.non_admin_tenants_client.list_tenants() |
| Jane Zadorozhna | bfc7237 | 2015-06-16 17:32:59 +0300 | [diff] [blame] | 29 | |
| 30 | # check that user can see only that tenants that he presents in so user |
| 31 | # can successfully authenticate using his credentials and tenant name |
| 32 | # from received tenants list |
| 33 | for tenant in resp['tenants']: |
| 34 | body = self.non_admin_token_client.auth( |
| 35 | self.os.credentials.username, |
| 36 | self.os.credentials.password, |
| 37 | tenant['name']) |
| 38 | self.assertNotEmpty(body['token']['id']) |
| 39 | self.assertEqual(body['token']['tenant']['id'], tenant['id']) |
| 40 | self.assertEqual(body['token']['tenant']['name'], tenant['name']) |
| 41 | self.assertEqual(body['user']['id'], self.os.credentials.user_id) |
| 42 | |
| 43 | # check that user cannot log in to alt user's tenant |
| 44 | self.assertRaises( |
| 45 | lib_exc.Unauthorized, |
| 46 | self.non_admin_token_client.auth, |
| 47 | self.os.credentials.username, |
| 48 | self.os.credentials.password, |
| 49 | alt_tenant_name) |