Add option to disable testing against external idp
Currently, the federation tests are non-voting because they require connecting to an external service that is not under our control, and is therefore unreliable. Non-voting tests are a problem because they are often ignored even when their results are related to new changes. This change adds a tempest config option ``[identity-feature-enabled]/external_idp``, defaulting to true for backwards compatibility, which when disabled causes the tests that rely on the external IdP to be disabled leaving only the K2K federation tests to be executed. Exercising only the K2K tests is still a good means of regression testing and we can safely make those tests voting. Change-Id: I534470df7ca529511ab9a7631f167ec2035ab4be
This commit is contained in:
parent
a9f65e0bcf
commit
8ec445b13d
|
@ -20,6 +20,11 @@ identity_feature_option = [
|
|||
default=False,
|
||||
help='Does the environment support the Federated Identity '
|
||||
'feature?'),
|
||||
cfg.BoolOpt('external_idp',
|
||||
default=True,
|
||||
help='Whether to test federated scenarios against an external '
|
||||
'identity provider. If disabled, only '
|
||||
'Keystone-to-Keystone tests will be enabled.'),
|
||||
]
|
||||
|
||||
fed_scenario_group = cfg.OptGroup(name='fed_scenario',
|
||||
|
|
|
@ -183,14 +183,10 @@ class TestSaml2EcpFederatedAuthentication(base.BaseIdentityTest):
|
|||
|
||||
return resp
|
||||
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
|
||||
"Federated Identity feature not enabled")
|
||||
def test_request_unscoped_token(self):
|
||||
def _test_request_unscoped_token(self):
|
||||
self._request_unscoped_token()
|
||||
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
|
||||
"Federated Identity feature not enabled")
|
||||
def test_request_scoped_token(self):
|
||||
def _test_request_scoped_token(self):
|
||||
resp = self._request_unscoped_token()
|
||||
token_id = resp.headers['X-Subject-Token']
|
||||
|
||||
|
@ -203,6 +199,24 @@ class TestSaml2EcpFederatedAuthentication(base.BaseIdentityTest):
|
|||
project_id=projects[0]['id'], token=token_id)
|
||||
|
||||
|
||||
class TestSaml2FederatedExternalAuthentication(
|
||||
TestSaml2EcpFederatedAuthentication):
|
||||
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
|
||||
"Federated Identity feature not enabled")
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.external_idp,
|
||||
"External identity provider is not available")
|
||||
def test_request_unscoped_token(self):
|
||||
self._test_request_unscoped_token()
|
||||
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
|
||||
"Federated Identity feature not enabled")
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.external_idp,
|
||||
"External identity provider is not available")
|
||||
def test_request_scoped_token(self):
|
||||
self._test_request_scoped_token()
|
||||
|
||||
|
||||
class TestK2KFederatedAuthentication(TestSaml2EcpFederatedAuthentication):
|
||||
|
||||
def setUp(self):
|
||||
|
@ -253,3 +267,13 @@ class TestK2KFederatedAuthentication(TestSaml2EcpFederatedAuthentication):
|
|||
self.auth_client.expected_success(200, resp.status)
|
||||
|
||||
return etree.XML(saml), self.sp_url
|
||||
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
|
||||
"Federated Identity feature not enabled")
|
||||
def test_request_unscoped_token(self):
|
||||
self._test_request_unscoped_token()
|
||||
|
||||
@testtools.skipUnless(CONF.identity_feature_enabled.federation,
|
||||
"Federated Identity feature not enabled")
|
||||
def test_request_scoped_token(self):
|
||||
self._test_request_scoped_token()
|
||||
|
|
Loading…
Reference in New Issue