Source code for identity.admin.v3.test_groups

# Copyright 2013 IBM Corp.
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
import testtools

from tempest.api.identity import base
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators

CONF = config.CONF


[docs] class GroupsV3TestJSON(base.BaseIdentityV3AdminTest): """Test keystone groups""" # NOTE: force_tenant_isolation is true in the base class by default but # overridden to false here to allow test execution for clouds using the # pre-provisioned credentials provider. force_tenant_isolation = False @classmethod def resource_setup(cls): super(GroupsV3TestJSON, cls).resource_setup() cls.domain = cls.create_domain()
[docs] @decorators.idempotent_id('2e80343b-6c81-4ac3-88c7-452f3e9d5129') def test_group_create_update_get(self): """Test creating, updating and getting keystone group""" prefix = CONF.resource_name_prefix # Verify group creation works. name = data_utils.rand_name(name='Group', prefix=prefix) description = data_utils.rand_name(name='Description', prefix=prefix) group = self.setup_test_group(name=name, domain_id=self.domain['id'], description=description) self.assertEqual(group['name'], name) self.assertEqual(group['description'], description) self.assertEqual(self.domain['id'], group['domain_id']) # Verify updating name and description works. first_name_update = data_utils.rand_name( name='UpdateGroup', prefix=prefix) first_desc_update = data_utils.rand_name( name='UpdateDescription', prefix=prefix) updated_group = self.groups_client.update_group( group['id'], name=first_name_update, description=first_desc_update)['group'] self.assertEqual(updated_group['name'], first_name_update) self.assertEqual(updated_group['description'], first_desc_update) # Verify that the updated values are reflected after performing show. new_group = self.groups_client.show_group(group['id'])['group'] self.assertEqual(group['id'], new_group['id']) self.assertEqual(first_name_update, new_group['name']) self.assertEqual(first_desc_update, new_group['description']) # Verify that updating a single field for a group (name) leaves the # other fields (description, domain_id) unchanged. second_name_update = data_utils.rand_name( self.__class__.__name__ + 'UpdateGroup', prefix=prefix) updated_group = self.groups_client.update_group( group['id'], name=second_name_update)['group'] self.assertEqual(second_name_update, updated_group['name']) # Verify that 'description' and 'domain_id' were not updated or # deleted. self.assertEqual(first_desc_update, updated_group['description']) self.assertEqual(self.domain['id'], updated_group['domain_id'])
[docs] @decorators.attr(type='smoke') @decorators.idempotent_id('1598521a-2f36-4606-8df9-30772bd51339') @testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source, 'Skipped because environment has an ' 'immutable user source and solely ' 'provides read-only access to users.') def test_group_users_add_list_delete(self): """Test adding/listing/deleting group users""" group = self.setup_test_group(domain_id=self.domain['id']) # add user into group users = [] for _ in range(3): user = self.create_test_user() users.append(user) self.groups_client.add_group_user(group['id'], user['id']) # list users in group group_users = self.groups_client.list_group_users(group['id'])['users'] self.assertEqual(sorted(users, key=lambda k: k['name']), sorted(group_users, key=lambda k: k['name'])) # check and delete user in group for user in users: self.groups_client.check_group_user_existence( group['id'], user['id']) self.groups_client.delete_group_user(group['id'], user['id']) group_users = self.groups_client.list_group_users(group['id'])['users'] self.assertEqual(len(group_users), 0)
[docs] @decorators.idempotent_id('64573281-d26a-4a52-b899-503cb0f4e4ec') @testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source, 'Skipped because environment has an ' 'immutable user source and solely ' 'provides read-only access to users.') def test_list_user_groups(self): """Test listing user groups when the user is in two groups""" # create a user user = self.create_test_user() # create two groups, and add user into them groups = [] for _ in range(2): group = self.setup_test_group(domain_id=self.domain['id']) groups.append(group) self.groups_client.add_group_user(group['id'], user['id']) # list groups which user belongs to user_groups = self.users_client.list_user_groups(user['id'])['groups'] # The `membership_expires_at` attribute is present when listing user # group memberships, and is not an attribute of the groups themselves. # Therefore we remove it from the comparison. for g in user_groups: if 'membership_expires_at' in g: self.assertIsNone(g['membership_expires_at']) del g['membership_expires_at'] self.assertEqual(sorted(groups, key=lambda k: k['name']), sorted(user_groups, key=lambda k: k['name'])) self.assertEqual(2, len(user_groups))
[docs] @decorators.idempotent_id('cc9a57a5-a9ed-4f2d-a29f-4f979a06ec71') def test_list_groups(self): """Test listing groups""" group_ids = list() fetched_ids = list() for _ in range(3): group = self.setup_test_group(domain_id=self.domain['id']) group_ids.append(group['id']) # List and Verify Groups # When domain specific drivers are enabled the operations # of listing all users and listing all groups are not supported, # they need a domain filter to be specified if CONF.identity_feature_enabled.domain_specific_drivers: body = self.groups_client.list_groups( domain_id=self.domain['id'])['groups'] else: body = self.groups_client.list_groups()['groups'] for g in body: fetched_ids.append(g['id']) missing_groups = [g for g in group_ids if g not in fetched_ids] self.assertEmpty(missing_groups)