Source code for identity.admin.v3.test_groups
# Copyright 2013 IBM Corp.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import testtools
from tempest.api.identity import base
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
CONF = config.CONF
[docs]
class GroupsV3TestJSON(base.BaseIdentityV3AdminTest):
"""Test keystone groups"""
# NOTE: force_tenant_isolation is true in the base class by default but
# overridden to false here to allow test execution for clouds using the
# pre-provisioned credentials provider.
force_tenant_isolation = False
@classmethod
def resource_setup(cls):
super(GroupsV3TestJSON, cls).resource_setup()
cls.domain = cls.create_domain()
[docs]
@decorators.idempotent_id('2e80343b-6c81-4ac3-88c7-452f3e9d5129')
def test_group_create_update_get(self):
"""Test creating, updating and getting keystone group"""
prefix = CONF.resource_name_prefix
# Verify group creation works.
name = data_utils.rand_name(name='Group', prefix=prefix)
description = data_utils.rand_name(name='Description', prefix=prefix)
group = self.setup_test_group(name=name, domain_id=self.domain['id'],
description=description)
self.assertEqual(group['name'], name)
self.assertEqual(group['description'], description)
self.assertEqual(self.domain['id'], group['domain_id'])
# Verify updating name and description works.
first_name_update = data_utils.rand_name(
name='UpdateGroup', prefix=prefix)
first_desc_update = data_utils.rand_name(
name='UpdateDescription', prefix=prefix)
updated_group = self.groups_client.update_group(
group['id'], name=first_name_update,
description=first_desc_update)['group']
self.assertEqual(updated_group['name'], first_name_update)
self.assertEqual(updated_group['description'], first_desc_update)
# Verify that the updated values are reflected after performing show.
new_group = self.groups_client.show_group(group['id'])['group']
self.assertEqual(group['id'], new_group['id'])
self.assertEqual(first_name_update, new_group['name'])
self.assertEqual(first_desc_update, new_group['description'])
# Verify that updating a single field for a group (name) leaves the
# other fields (description, domain_id) unchanged.
second_name_update = data_utils.rand_name(
self.__class__.__name__ + 'UpdateGroup', prefix=prefix)
updated_group = self.groups_client.update_group(
group['id'], name=second_name_update)['group']
self.assertEqual(second_name_update, updated_group['name'])
# Verify that 'description' and 'domain_id' were not updated or
# deleted.
self.assertEqual(first_desc_update, updated_group['description'])
self.assertEqual(self.domain['id'], updated_group['domain_id'])
[docs]
@decorators.attr(type='smoke')
@decorators.idempotent_id('1598521a-2f36-4606-8df9-30772bd51339')
@testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
'Skipped because environment has an '
'immutable user source and solely '
'provides read-only access to users.')
def test_group_users_add_list_delete(self):
"""Test adding/listing/deleting group users"""
group = self.setup_test_group(domain_id=self.domain['id'])
# add user into group
users = []
for _ in range(3):
user = self.create_test_user()
users.append(user)
self.groups_client.add_group_user(group['id'], user['id'])
# list users in group
group_users = self.groups_client.list_group_users(group['id'])['users']
self.assertEqual(sorted(users, key=lambda k: k['name']),
sorted(group_users, key=lambda k: k['name']))
# check and delete user in group
for user in users:
self.groups_client.check_group_user_existence(
group['id'], user['id'])
self.groups_client.delete_group_user(group['id'], user['id'])
group_users = self.groups_client.list_group_users(group['id'])['users']
self.assertEqual(len(group_users), 0)
[docs]
@decorators.idempotent_id('64573281-d26a-4a52-b899-503cb0f4e4ec')
@testtools.skipIf(CONF.identity_feature_enabled.immutable_user_source,
'Skipped because environment has an '
'immutable user source and solely '
'provides read-only access to users.')
def test_list_user_groups(self):
"""Test listing user groups when the user is in two groups"""
# create a user
user = self.create_test_user()
# create two groups, and add user into them
groups = []
for _ in range(2):
group = self.setup_test_group(domain_id=self.domain['id'])
groups.append(group)
self.groups_client.add_group_user(group['id'], user['id'])
# list groups which user belongs to
user_groups = self.users_client.list_user_groups(user['id'])['groups']
# The `membership_expires_at` attribute is present when listing user
# group memberships, and is not an attribute of the groups themselves.
# Therefore we remove it from the comparison.
for g in user_groups:
if 'membership_expires_at' in g:
self.assertIsNone(g['membership_expires_at'])
del g['membership_expires_at']
self.assertEqual(sorted(groups, key=lambda k: k['name']),
sorted(user_groups, key=lambda k: k['name']))
self.assertEqual(2, len(user_groups))
[docs]
@decorators.idempotent_id('cc9a57a5-a9ed-4f2d-a29f-4f979a06ec71')
def test_list_groups(self):
"""Test listing groups"""
group_ids = list()
fetched_ids = list()
for _ in range(3):
group = self.setup_test_group(domain_id=self.domain['id'])
group_ids.append(group['id'])
# List and Verify Groups
# When domain specific drivers are enabled the operations
# of listing all users and listing all groups are not supported,
# they need a domain filter to be specified
if CONF.identity_feature_enabled.domain_specific_drivers:
body = self.groups_client.list_groups(
domain_id=self.domain['id'])['groups']
else:
body = self.groups_client.list_groups()['groups']
for g in body:
fetched_ids.append(g['id'])
missing_groups = [g for g in group_ids if g not in fetched_ids]
self.assertEmpty(missing_groups)