openstack
/
keystone-tempest-plugin
Code Issues Proposed changes

Adjust domain tests for changed list_domains scoping behavior 

Domain admins, members and readers are now allowed to use the
list_domains endpoint by default but the returned list will contain
their own domain only. This patch adjusts some RBAC tests to account
for this new behavior.

Depends-On: https://review.opendev.org/c/openstack/keystone/+/900028
Change-Id: I3d89dd26400d06fcf4653035267a84ca1c775afa
This commit is contained in:
Markus Hentsch 2023-11-09 17:33:20 +01:00
parent c0ae2d9930
commit db1b2a7e0d
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
keystone_tempest_plugin/tests/rbac/v3/test_domain.py
View File

@ -178,8 +178,15 @@ class DomainAdminTests(SystemReaderTests, base.BaseIdentityTest):
def test_identity_list_domains(self):
domain_id = self.persona.credentials.domain_id
other_domain_id = self.admin_domains_client.create_domain(
name=data_utils.rand_name())['domain']['id']
self.addCleanup(self.admin_domains_client.delete_domain,
other_domain_id)
self.addCleanup(self.admin_domains_client.update_domain,
domain_id=other_domain_id, enabled=False)
resp = self.do_request('list_domains')
self.assertIn(domain_id, [d['id'] for d in resp['domains']])
self.assertNotIn(other_domain_id, [d['id'] for d in resp['domains']])
class DomainMemberTests(DomainAdminTests, base.BaseIdentityTest):
@ -208,6 +215,15 @@ class ProjectAdminTests(SystemAdminTests):
credentials = ['project_admin', 'system_admin']
def test_identity_list_domains(self):
domain_id = self.admin_domains_client.create_domain(
name=data_utils.rand_name())['domain']['id']
self.addCleanup(self.admin_domains_client.delete_domain, domain_id)
self.addCleanup(self.admin_domains_client.update_domain,
domain_id=domain_id, enabled=False)
self.do_request('list_domains',
expected_status=exceptions.Forbidden)
class ProjectMemberTests(DomainReaderTests):