diff --git a/keystone/tests/unit/application_credential/test_backends.py b/keystone/tests/unit/application_credential/test_backends.py index 8259a54e30..061312a154 100644 --- a/keystone/tests/unit/application_credential/test_backends.py +++ b/keystone/tests/unit/application_credential/test_backends.py @@ -55,7 +55,7 @@ class ApplicationCredentialTests(object): def test_create_application_credential(self): app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) resp = self.app_cred_api.create_application_credential(app_cred) resp_roles = resp.pop('roles') orig_roles = app_cred.pop('roles') @@ -66,11 +66,11 @@ class ApplicationCredentialTests(object): # Ensure a user can't create two application credentials with the same # name app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) name = app_cred['name'] self.app_cred_api.create_application_credential(app_cred) app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], name=name) self.assertRaises(exception.Conflict, self.app_cred_api.create_application_credential, @@ -80,14 +80,14 @@ class ApplicationCredentialTests(object): # Ensure a user can't create an application credential for a project # they don't have a role assignment on app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_baz['id']) + project_id=self.project_baz['id']) self.assertRaises(exception.RoleAssignmentNotFound, self.app_cred_api.create_application_credential, app_cred) def test_application_credential_allow_recursion(self): app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) app_cred['unrestricted'] = True resp = self.app_cred_api.create_application_credential(app_cred) resp.pop('roles') @@ -98,7 +98,7 @@ class ApplicationCredentialTests(object): config_fixture_ = self.user = self.useFixture(config_fixture.Config()) config_fixture_.config(group='application_credential', user_limit=2) app_cred = self._new_app_cred_data(self.user_foo['id'], - self.tenant_bar['id']) + self.project_bar['id']) self.app_cred_api.create_application_credential(app_cred) app_cred['name'] = 'two' self.app_cred_api.create_application_credential(app_cred) @@ -109,7 +109,7 @@ class ApplicationCredentialTests(object): def test_get_application_credential(self): app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) create_resp = self.app_cred_api.create_application_credential(app_cred) app_cred_id = create_resp['id'] get_resp = self.app_cred_api.get_application_credential(app_cred_id) @@ -123,13 +123,13 @@ class ApplicationCredentialTests(object): def test_list_application_credentials(self): app_cred_1 = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], name='app1') app_cred_2 = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], name='app2') app_cred_3 = self._new_app_cred_data(self.user_two['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], name='app3') resp1 = self.app_cred_api.create_application_credential(app_cred_1) resp2 = self.app_cred_api.create_application_credential(app_cred_2) @@ -152,7 +152,7 @@ class ApplicationCredentialTests(object): def test_delete_application_credential(self): app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.app_cred_api.create_application_credential(app_cred) # cache the information @@ -174,10 +174,10 @@ class ApplicationCredentialTests(object): def test_deleting_a_user_deletes_application_credentials(self): app_cred_1 = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], name='app1') app_cred_2 = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], name='app2') self.app_cred_api.create_application_credential(app_cred_1) self.app_cred_api.create_application_credential(app_cred_2) @@ -207,13 +207,13 @@ class ApplicationCredentialTests(object): def test_removing_user_from_project_deletes_application_credentials(self): app_cred_proj_A_1 = self._new_app_cred_data( - self.user_foo['id'], project_id=self.tenant_bar['id'], name='app1') + self.user_foo['id'], project_id=self.project_bar['id'], name='app1') app_cred_proj_A_2 = self._new_app_cred_data( - self.user_foo['id'], project_id=self.tenant_bar['id'], name='app2') + self.user_foo['id'], project_id=self.project_bar['id'], name='app2') app_cred_proj_B = self._new_app_cred_data( - self.user_foo['id'], project_id=self.tenant_baz['id'], name='app3') + self.user_foo['id'], project_id=self.project_baz['id'], name='app3') PROVIDERS.assignment_api.add_role_to_user_and_project( - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], user_id=self.user_foo['id'], role_id=self.role__member_['id']) self.app_cred_api.create_application_credential(app_cred_proj_A_1) @@ -233,7 +233,7 @@ class ApplicationCredentialTests(object): # application credentials on project bar. PROVIDERS.assignment_api.remove_role_from_user_and_project( user_id=self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=self.role__member_['id']) self.assertNotIn(app_cred_proj_A_1['id'], self._list_ids(self.user_foo)) @@ -255,7 +255,7 @@ class ApplicationCredentialTests(object): def test_authenticate(self): app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) resp = self.app_cred_api.create_application_credential(app_cred) self.app_cred_api.authenticate(resp['id'], resp['secret']) @@ -268,7 +268,7 @@ class ApplicationCredentialTests(object): def test_authenticate_expired(self): yesterday = datetime.datetime.utcnow() - datetime.timedelta(days=1) app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], expires=yesterday) resp = self.app_cred_api.create_application_credential(app_cred) self.assertRaises(AssertionError, @@ -278,7 +278,7 @@ class ApplicationCredentialTests(object): def test_authenticate_bad_secret(self): app_cred = self._new_app_cred_data(self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) resp = self.app_cred_api.create_application_credential(app_cred) badpass = 'badpass' self.assertNotEqual(badpass, resp['secret']) diff --git a/keystone/tests/unit/assignment/test_backends.py b/keystone/tests/unit/assignment/test_backends.py index 9115209bf2..589256effc 100644 --- a/keystone/tests/unit/assignment/test_backends.py +++ b/keystone/tests/unit/assignment/test_backends.py @@ -459,24 +459,24 @@ class AssignmentTests(AssignmentTestHelperMixin): def test_project_add_and_remove_user_role(self): user_ids = PROVIDERS.assignment_api.list_user_ids_for_project( - self.tenant_bar['id']) + self.project_bar['id']) self.assertNotIn(self.user_two['id'], user_ids) PROVIDERS.assignment_api.add_role_to_user_and_project( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], user_id=self.user_two['id'], role_id=self.role_other['id']) user_ids = PROVIDERS.assignment_api.list_user_ids_for_project( - self.tenant_bar['id']) + self.project_bar['id']) self.assertIn(self.user_two['id'], user_ids) PROVIDERS.assignment_api.remove_role_from_user_and_project( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], user_id=self.user_two['id'], role_id=self.role_other['id']) user_ids = PROVIDERS.assignment_api.list_user_ids_for_project( - self.tenant_bar['id']) + self.project_bar['id']) self.assertNotIn(self.user_two['id'], user_ids) def test_remove_user_role_not_assigned(self): @@ -485,13 +485,13 @@ class AssignmentTests(AssignmentTestHelperMixin): self.assertRaises(exception.RoleNotFound, PROVIDERS.assignment_api. remove_role_from_user_and_project, - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], user_id=self.user_two['id'], role_id=self.role_other['id']) def test_list_user_ids_for_project(self): user_ids = PROVIDERS.assignment_api.list_user_ids_for_project( - self.tenant_baz['id']) + self.project_baz['id']) self.assertEqual(2, len(user_ids)) self.assertIn(self.user_two['id'], user_ids) self.assertIn(self.user_badguy['id'], user_ids) @@ -686,15 +686,15 @@ class AssignmentTests(AssignmentTestHelperMixin): def test_add_duplicate_role_grant(self): roles_ref = PROVIDERS.assignment_api.get_roles_for_user_and_project( - self.user_foo['id'], self.tenant_bar['id']) + self.user_foo['id'], self.project_bar['id']) self.assertNotIn(self.role_admin['id'], roles_ref) PROVIDERS.assignment_api.add_role_to_user_and_project( - self.user_foo['id'], self.tenant_bar['id'], self.role_admin['id']) + self.user_foo['id'], self.project_bar['id'], self.role_admin['id']) self.assertRaises( exception.Conflict, PROVIDERS.assignment_api.add_role_to_user_and_project, self.user_foo['id'], - self.tenant_bar['id'], + self.project_bar['id'], self.role_admin['id'] ) @@ -739,21 +739,21 @@ class AssignmentTests(AssignmentTestHelperMixin): def test_get_role_by_user_and_project(self): roles_ref = PROVIDERS.assignment_api.get_roles_for_user_and_project( - self.user_foo['id'], self.tenant_bar['id']) + self.user_foo['id'], self.project_bar['id']) self.assertNotIn(self.role_admin['id'], roles_ref) PROVIDERS.assignment_api.add_role_to_user_and_project( - self.user_foo['id'], self.tenant_bar['id'], self.role_admin['id']) + self.user_foo['id'], self.project_bar['id'], self.role_admin['id']) roles_ref = PROVIDERS.assignment_api.get_roles_for_user_and_project( - self.user_foo['id'], self.tenant_bar['id']) + self.user_foo['id'], self.project_bar['id']) self.assertIn(self.role_admin['id'], roles_ref) self.assertNotIn(default_fixtures.MEMBER_ROLE_ID, roles_ref) PROVIDERS.assignment_api.add_role_to_user_and_project( self.user_foo['id'], - self.tenant_bar['id'], + self.project_bar['id'], default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.get_roles_for_user_and_project( - self.user_foo['id'], self.tenant_bar['id']) + self.user_foo['id'], self.project_bar['id']) self.assertIn(self.role_admin['id'], roles_ref) self.assertIn(default_fixtures.MEMBER_ROLE_ID, roles_ref) @@ -873,7 +873,7 @@ class AssignmentTests(AssignmentTestHelperMixin): exception.UserNotFound, PROVIDERS.assignment_api.get_roles_for_user_and_project, uuid.uuid4().hex, - self.tenant_bar['id'] + self.project_bar['id'] ) self.assertRaises( @@ -896,7 +896,7 @@ class AssignmentTests(AssignmentTestHelperMixin): exception.RoleNotFound, PROVIDERS.assignment_api.add_role_to_user_and_project, self.user_foo['id'], - self.tenant_bar['id'], + self.project_bar['id'], uuid.uuid4().hex ) @@ -905,49 +905,49 @@ class AssignmentTests(AssignmentTestHelperMixin): # no error. user_id_not_exist = uuid.uuid4().hex PROVIDERS.assignment_api.add_role_to_user_and_project( - user_id_not_exist, self.tenant_bar['id'], self.role_admin['id']) + user_id_not_exist, self.project_bar['id'], self.role_admin['id']) def test_remove_role_from_user_and_project(self): PROVIDERS.assignment_api.add_role_to_user_and_project( self.user_foo['id'], - self.tenant_bar['id'], + self.project_bar['id'], default_fixtures.MEMBER_ROLE_ID) PROVIDERS.assignment_api.remove_role_from_user_and_project( self.user_foo['id'], - self.tenant_bar['id'], + self.project_bar['id'], default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.get_roles_for_user_and_project( - self.user_foo['id'], self.tenant_bar['id']) + self.user_foo['id'], self.project_bar['id']) self.assertNotIn(default_fixtures.MEMBER_ROLE_ID, roles_ref) self.assertRaises(exception.NotFound, PROVIDERS.assignment_api. remove_role_from_user_and_project, self.user_foo['id'], - self.tenant_bar['id'], + self.project_bar['id'], default_fixtures.MEMBER_ROLE_ID) def test_get_role_grant_by_user_and_project(self): roles_ref = PROVIDERS.assignment_api.list_grants( user_id=self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertEqual(1, len(roles_ref)) PROVIDERS.assignment_api.create_grant( - user_id=self.user_foo['id'], project_id=self.tenant_bar['id'], + user_id=self.user_foo['id'], project_id=self.project_bar['id'], role_id=self.role_admin['id'] ) roles_ref = PROVIDERS.assignment_api.list_grants( user_id=self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertIn(self.role_admin['id'], [role_ref['id'] for role_ref in roles_ref]) PROVIDERS.assignment_api.create_grant( user_id=self.user_foo['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( user_id=self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) roles_ref_ids = [] for ref in roles_ref: @@ -958,38 +958,38 @@ class AssignmentTests(AssignmentTestHelperMixin): def test_remove_role_grant_from_user_and_project(self): PROVIDERS.assignment_api.create_grant( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id']) + project_id=self.project_baz['id']) self.assertDictEqual(self.role_member, roles_ref[0]) PROVIDERS.assignment_api.delete_grant( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id']) + project_id=self.project_baz['id']) self.assertEqual(0, len(roles_ref)) self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.delete_grant, user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) def test_get_role_assignment_by_project_not_found(self): self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.check_grant_role_id, user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.check_grant_role_id, group_id=uuid.uuid4().hex, - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) def test_get_role_assignment_by_domain_not_found(self): @@ -1009,13 +1009,13 @@ class AssignmentTests(AssignmentTestHelperMixin): self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.delete_grant, user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.delete_grant, group_id=uuid.uuid4().hex, - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) def test_del_role_assignment_by_domain_not_found(self): @@ -1043,29 +1043,29 @@ class AssignmentTests(AssignmentTestHelperMixin): ) roles_ref = PROVIDERS.assignment_api.list_grants( group_id=new_group['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertEqual(0, len(roles_ref)) PROVIDERS.assignment_api.create_grant( group_id=new_group['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( group_id=new_group['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertDictEqual(self.role_member, roles_ref[0]) PROVIDERS.assignment_api.delete_grant( group_id=new_group['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( group_id=new_group['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertEqual(0, len(roles_ref)) self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.delete_grant, group_id=new_group['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=default_fixtures.MEMBER_ROLE_ID) def test_get_and_remove_role_grant_by_group_and_domain(self): @@ -1404,11 +1404,11 @@ class AssignmentTests(AssignmentTestHelperMixin): user_id = uuid.uuid4().hex PROVIDERS.assignment_api.create_grant( - role_id, user_id=user_id, project_id=self.tenant_bar['id'] + role_id, user_id=user_id, project_id=self.project_bar['id'] ) PROVIDERS.assignment_api.delete_grant( - role_id, user_id=user_id, project_id=self.tenant_bar['id'] + role_id, user_id=user_id, project_id=self.project_bar['id'] ) def test_delete_group_grant_no_group(self): @@ -1420,11 +1420,11 @@ class AssignmentTests(AssignmentTestHelperMixin): group_id = uuid.uuid4().hex PROVIDERS.assignment_api.create_grant( - role_id, group_id=group_id, project_id=self.tenant_bar['id'] + role_id, group_id=group_id, project_id=self.project_bar['id'] ) PROVIDERS.assignment_api.delete_grant( - role_id, group_id=group_id, project_id=self.tenant_bar['id'] + role_id, group_id=group_id, project_id=self.project_bar['id'] ) def test_grant_crud_throws_exception_if_invalid_role(self): @@ -1903,7 +1903,7 @@ class AssignmentTests(AssignmentTestHelperMixin): role_member = unit.new_role_ref() PROVIDERS.role_api.create_role(role_member['id'], role_member) PROVIDERS.assignment_api.add_role_to_user_and_project( - user['id'], self.tenant_bar['id'], role_member['id'] + user['id'], self.project_bar['id'], role_member['id'] ) PROVIDERS.identity_api.delete_user(user['id']) self.assertRaises(exception.UserNotFound, @@ -1915,7 +1915,7 @@ class AssignmentTests(AssignmentTestHelperMixin): user = PROVIDERS.identity_api.create_user(user) PROVIDERS.assignment_api.add_role_to_user_and_project( user['id'], - self.tenant_bar['id'], + self.project_bar['id'], self.role_member['id']) PROVIDERS.identity_api.delete_user(user['id']) self.assertRaises(exception.UserNotFound, @@ -1946,12 +1946,12 @@ class AssignmentTests(AssignmentTestHelperMixin): PROVIDERS.role_api.create_role(role['id'], role) PROVIDERS.role_api.create_role(alt_role['id'], alt_role) PROVIDERS.assignment_api.add_role_to_user_and_project( - self.user_foo['id'], self.tenant_bar['id'], role['id']) + self.user_foo['id'], self.project_bar['id'], role['id']) PROVIDERS.assignment_api.add_role_to_user_and_project( - self.user_foo['id'], self.tenant_bar['id'], alt_role['id']) + self.user_foo['id'], self.project_bar['id'], alt_role['id']) PROVIDERS.role_api.delete_role(role['id']) roles_ref = PROVIDERS.assignment_api.get_roles_for_user_and_project( - self.user_foo['id'], self.tenant_bar['id']) + self.user_foo['id'], self.project_bar['id']) self.assertNotIn(role['id'], roles_ref) self.assertIn(alt_role['id'], roles_ref) @@ -1965,11 +1965,11 @@ class AssignmentTests(AssignmentTestHelperMixin): ) self.assertEqual(0, len(user_projects)) PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_bar['id'], + user_id=user1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_baz['id'], + user_id=user1['id'], project_id=self.project_baz['id'], role_id=self.role_member['id'] ) user_projects = PROVIDERS.assignment_api.list_projects_for_user( @@ -1998,7 +1998,7 @@ class AssignmentTests(AssignmentTestHelperMixin): # Create 3 grants, one user grant, the other two as group grants PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_bar['id'], + user_id=user1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) PROVIDERS.assignment_api.create_grant( @@ -2019,14 +2019,14 @@ class AssignmentTests(AssignmentTestHelperMixin): PROVIDERS.assignment_api.create_grant( self.role_other['id'], user_id=uuid.uuid4().hex, - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) def test_create_grant_no_group(self): # If call create_grant with a group that doesn't exist, doesn't fail. PROVIDERS.assignment_api.create_grant( self.role_other['id'], group_id=uuid.uuid4().hex, - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) def test_delete_group_removes_role_assignments(self): # When a group is deleted any role assignments for the group are @@ -2786,14 +2786,14 @@ class InheritanceTests(AssignmentTestHelperMixin): def test_crud_inherited_and_direct_assignment_for_user_on_project(self): self._test_crud_inherited_and_direct_assignment( - user_id=self.user_foo['id'], project_id=self.tenant_baz['id']) + user_id=self.user_foo['id'], project_id=self.project_baz['id']) def test_crud_inherited_and_direct_assignment_for_group_on_project(self): group = unit.new_group_ref(domain_id=CONF.identity.default_domain_id) group = PROVIDERS.identity_api.create_group(group) self._test_crud_inherited_and_direct_assignment( - group_id=group['id'], project_id=self.tenant_baz['id']) + group_id=group['id'], project_id=self.project_baz['id']) def test_inherited_role_grants_for_user(self): """Test inherited user roles. @@ -3062,7 +3062,7 @@ class InheritanceTests(AssignmentTestHelperMixin): # Create 2 grants, one on a project and one inherited grant # on the domain PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_bar['id'], + user_id=user1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) PROVIDERS.assignment_api.create_grant( @@ -3230,7 +3230,7 @@ class InheritanceTests(AssignmentTestHelperMixin): role_id=self.role_member['id'] ) PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_bar['id'], + user_id=user1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) PROVIDERS.assignment_api.create_grant( diff --git a/keystone/tests/unit/catalog/test_backends.py b/keystone/tests/unit/catalog/test_backends.py index 762fd88705..9ed40a138c 100644 --- a/keystone/tests/unit/catalog/test_backends.py +++ b/keystone/tests/unit/catalog/test_backends.py @@ -586,7 +586,7 @@ class CatalogTests(object): # should exist if we want to filter the catalog by the project or # replace the url with a valid project id. catalog = PROVIDERS.catalog_api.get_v3_catalog( - user_id, self.tenant_bar['id'] + user_id, self.project_bar['id'] ) endpoint_ids = [x['id'] for x in catalog[0]['endpoints']] diff --git a/keystone/tests/unit/common/test_notifications.py b/keystone/tests/unit/common/test_notifications.py index ebcb65b7fb..e9b47ac6e4 100644 --- a/keystone/tests/unit/common/test_notifications.py +++ b/keystone/tests/unit/common/test_notifications.py @@ -1272,17 +1272,17 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase): project_ref = unit.new_project_ref(self.domain_id) project = PROVIDERS.resource_api.create_project( project_ref['id'], project_ref) - tenant_id = project['id'] + project_id = project['id'] PROVIDERS.assignment_api.add_role_to_user_and_project( - self.user_id, tenant_id, self.role_id) + self.user_id, project_id, self.role_id) self.assertTrue(self._notifications) note = self._notifications[-1] self.assertEqual('created.role_assignment', note['action']) self.assertTrue(note['send_notification_called']) - self._assert_event(self.role_id, project=tenant_id, user=self.user_id) + self._assert_event(self.role_id, project=project_id, user=self.user_id) def test_remove_role_from_user_and_project(self): # A notification is sent when remove_role_from_user_and_project is diff --git a/keystone/tests/unit/common/test_rbac_enforcer.py b/keystone/tests/unit/common/test_rbac_enforcer.py index 83ef883c3f..d68463f49e 100644 --- a/keystone/tests/unit/common/test_rbac_enforcer.py +++ b/keystone/tests/unit/common/test_rbac_enforcer.py @@ -151,7 +151,7 @@ class _TestRBACEnforcerBase(rest.RestfulTestCase): }, 'scope': { 'project': { - 'id': self.tenant_service['id'] + 'id': self.project_service['id'] } } } diff --git a/keystone/tests/unit/core.py b/keystone/tests/unit/core.py index ea6f2d63ef..f3a2719e61 100644 --- a/keystone/tests/unit/core.py +++ b/keystone/tests/unit/core.py @@ -901,12 +901,12 @@ class TestCase(BaseTestCase): setattr(self, attrname, rv) fixtures_to_cleanup.append(attrname) - for tenant in fixtures.TENANTS: - tenant_attr_name = 'tenant_%s' % tenant['name'].lower() + for project in fixtures.PROJECTS: + project_attr_name = 'project_%s' % project['name'].lower() rv = PROVIDERS.resource_api.create_project( - tenant['id'], tenant) - setattr(self, tenant_attr_name, rv) - fixtures_to_cleanup.append(tenant_attr_name) + project['id'], project) + setattr(self, project_attr_name, rv) + fixtures_to_cleanup.append(project_attr_name) for role in fixtures.ROLES: rv = PROVIDERS.role_api.create_role(role['id'], role) @@ -916,7 +916,7 @@ class TestCase(BaseTestCase): for user in fixtures.USERS: user_copy = user.copy() - tenants = user_copy.pop('tenants') + projects = user_copy.pop('projects') # For users, the manager layer will generate the ID user_copy = PROVIDERS.identity_api.create_user(user_copy) @@ -926,9 +926,9 @@ class TestCase(BaseTestCase): user_copy['password'] = user['password'] # fixtures.ROLES[2] is the _member_ role. - for tenant_id in tenants: + for project_id in projects: PROVIDERS.assignment_api.add_role_to_user_and_project( - user_copy['id'], tenant_id, fixtures.ROLES[2]['id']) + user_copy['id'], project_id, fixtures.ROLES[2]['id']) # Use the ID from the fixture as the attribute name, so # that our tests can easily reference each user dict, while @@ -940,10 +940,10 @@ class TestCase(BaseTestCase): for role_assignment in fixtures.ROLE_ASSIGNMENTS: role_id = role_assignment['role_id'] user = role_assignment['user'] - tenant_id = role_assignment['tenant_id'] + project_id = role_assignment['project_id'] user_id = getattr(self, 'user_%s' % user)['id'] PROVIDERS.assignment_api.add_role_to_user_and_project( - user_id, tenant_id, role_id) + user_id, project_id, role_id) self.addCleanup(self.cleanup_instance(*fixtures_to_cleanup)) diff --git a/keystone/tests/unit/default_fixtures.py b/keystone/tests/unit/default_fixtures.py index e119a8ab3d..f286d62ff3 100644 --- a/keystone/tests/unit/default_fixtures.py +++ b/keystone/tests/unit/default_fixtures.py @@ -16,18 +16,18 @@ # performance may be negatively affected. import uuid -BAR_TENANT_ID = uuid.uuid4().hex -BAZ_TENANT_ID = uuid.uuid4().hex -MTU_TENANT_ID = uuid.uuid4().hex -SERVICE_TENANT_ID = uuid.uuid4().hex +BAR_PROJECT_ID = uuid.uuid4().hex +BAZ_PROJECT_ID = uuid.uuid4().hex +MTU_PROJECT_ID = uuid.uuid4().hex +SERVICE_PROJECT_ID = uuid.uuid4().hex DEFAULT_DOMAIN_ID = 'default' ADMIN_ROLE_ID = uuid.uuid4().hex MEMBER_ROLE_ID = uuid.uuid4().hex OTHER_ROLE_ID = uuid.uuid4().hex -TENANTS = [ +PROJECTS = [ { - 'id': BAR_TENANT_ID, + 'id': BAR_PROJECT_ID, 'name': 'BAR', 'domain_id': DEFAULT_DOMAIN_ID, 'description': 'description', @@ -36,7 +36,7 @@ TENANTS = [ 'is_domain': False, 'tags': [] }, { - 'id': BAZ_TENANT_ID, + 'id': BAZ_PROJECT_ID, 'name': 'BAZ', 'domain_id': DEFAULT_DOMAIN_ID, 'description': 'description', @@ -45,7 +45,7 @@ TENANTS = [ 'is_domain': False, 'tags': [] }, { - 'id': MTU_TENANT_ID, + 'id': MTU_PROJECT_ID, 'name': 'MTU', 'description': 'description', 'enabled': True, @@ -54,7 +54,7 @@ TENANTS = [ 'is_domain': False, 'tags': [] }, { - 'id': SERVICE_TENANT_ID, + 'id': SERVICE_PROJECT_ID, 'name': 'service', 'description': 'description', 'enabled': True, @@ -73,7 +73,7 @@ USERS = [ 'name': 'req_admin', 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'password', - 'tenants': [], + 'projects': [], 'enabled': True, 'options': {}, }, @@ -82,7 +82,7 @@ USERS = [ 'name': 'foo', 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'foo2', - 'tenants': [BAR_TENANT_ID], + 'projects': [BAR_PROJECT_ID], 'enabled': True, 'email': 'foo@bar.com', 'options': {}, @@ -92,8 +92,8 @@ USERS = [ 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'two2', 'enabled': True, - 'default_project_id': BAZ_TENANT_ID, - 'tenants': [BAZ_TENANT_ID], + 'default_project_id': BAZ_PROJECT_ID, + 'projects': [BAZ_PROJECT_ID], 'email': 'two@three.com', 'options': {}, }, { @@ -102,8 +102,8 @@ USERS = [ 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'bad', 'enabled': False, - 'default_project_id': BAZ_TENANT_ID, - 'tenants': [BAZ_TENANT_ID], + 'default_project_id': BAZ_PROJECT_ID, + 'projects': [BAZ_PROJECT_ID], 'email': 'bad@guy.com', 'options': {}, }, { @@ -112,7 +112,7 @@ USERS = [ 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'snafu', 'enabled': True, - 'tenants': [BAR_TENANT_ID], + 'projects': [BAR_PROJECT_ID], 'email': 'sna@snl.coom', 'options': {}, } @@ -154,7 +154,7 @@ ROLES = [ ROLE_ASSIGNMENTS = [ { 'user': 'req_admin', - 'tenant_id': SERVICE_TENANT_ID, + 'project_id': SERVICE_PROJECT_ID, 'role_id': ADMIN_ROLE_ID }, ] diff --git a/keystone/tests/unit/fakeldap.py b/keystone/tests/unit/fakeldap.py index 32067d8188..ab5de95432 100644 --- a/keystone/tests/unit/fakeldap.py +++ b/keystone/tests/unit/fakeldap.py @@ -191,9 +191,9 @@ def _subs(value): so subclasses need to be defined manually in the dictionary below. """ - subs = {'groupOfNames': ['keystoneTenant', + subs = {'groupOfNames': ['keystoneProject', 'keystoneRole', - 'keystoneTenantRole']} + 'keystoneProjectRole']} if value in subs: return [value] + subs[value] return [value] diff --git a/keystone/tests/unit/identity/test_backends.py b/keystone/tests/unit/identity/test_backends.py index 45da9591fc..e65cd3c419 100644 --- a/keystone/tests/unit/identity/test_backends.py +++ b/keystone/tests/unit/identity/test_backends.py @@ -81,7 +81,7 @@ class IdentityTests(object): PROVIDERS.role_api.create_role(role_member['id'], role_member) PROVIDERS.assignment_api.add_role_to_user_and_project( - new_user['id'], self.tenant_baz['id'], role_member['id'] + new_user['id'], self.project_baz['id'], role_member['id'] ) with self.make_request(): user_ref = PROVIDERS.identity_api.authenticate( @@ -94,7 +94,7 @@ class IdentityTests(object): user.pop('password') self.assertDictContainsSubset(user, user_ref) role_list = PROVIDERS.assignment_api.get_roles_for_user_and_project( - new_user['id'], self.tenant_baz['id']) + new_user['id'], self.project_baz['id']) self.assertEqual(1, len(role_list)) self.assertIn(role_member['id'], role_list) diff --git a/keystone/tests/unit/limit/test_backends.py b/keystone/tests/unit/limit/test_backends.py index eae88af85c..4de63f2085 100644 --- a/keystone/tests/unit/limit/test_backends.py +++ b/keystone/tests/unit/limit/test_backends.py @@ -205,7 +205,7 @@ class RegisteredLimitTests(object): PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit_1]) limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -224,7 +224,7 @@ class RegisteredLimitTests(object): PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit_2]) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) PROVIDERS.unified_limit_api.create_limits([limit_2]) @@ -366,7 +366,7 @@ class RegisteredLimitTests(object): PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit_1]) limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -382,7 +382,7 @@ class RegisteredLimitTests(object): PROVIDERS.unified_limit_api.create_registered_limits( [registered_limit_2]) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) PROVIDERS.unified_limit_api.create_limits([limit_2]) @@ -411,7 +411,7 @@ class LimitTests(object): def test_create_limit(self): # create one, return it. limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex, @@ -421,12 +421,12 @@ class LimitTests(object): # create another two, return them. limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=5, id=uuid.uuid4().hex) limit_3 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='backup', resource_limit=5, id=uuid.uuid4().hex) @@ -440,7 +440,7 @@ class LimitTests(object): def test_create_limit_duplicate(self): limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -448,7 +448,7 @@ class LimitTests(object): # use different id but the same project_id, service_id and region_id limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -458,7 +458,7 @@ class LimitTests(object): def test_create_limit_with_invalid_service_raises_validation_error(self): limit = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=uuid.uuid4().hex, region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -468,7 +468,7 @@ class LimitTests(object): def test_create_limit_with_invalid_region_raises_validation_error(self): limit = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=uuid.uuid4().hex, resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -478,7 +478,7 @@ class LimitTests(object): def test_create_limit_without_reference_registered_limit(self): limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -488,7 +488,7 @@ class LimitTests(object): def test_create_limit_description_none(self): limit = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex, @@ -498,7 +498,7 @@ class LimitTests(object): def test_create_limit_without_description(self): limit = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) @@ -509,12 +509,12 @@ class LimitTests(object): def test_update_limit(self): # create two limits limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=5, id=uuid.uuid4().hex) @@ -536,12 +536,12 @@ class LimitTests(object): def test_list_limits(self): # create two limits limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=5, id=uuid.uuid4().hex) @@ -549,7 +549,7 @@ class LimitTests(object): # list hints = driver_hints.Hints() - hints.add_filter('project_id', self.tenant_bar['id']) + hints.add_filter('project_id', self.project_bar['id']) limits = PROVIDERS.unified_limit_api.list_limits(hints) self.assertEqual(2, len(limits)) for re in limits: @@ -562,12 +562,12 @@ class LimitTests(object): self.config_fixture.config(list_limit=1) # create two limits limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=5, id=uuid.uuid4().hex) @@ -584,12 +584,12 @@ class LimitTests(object): def test_list_limit_by_filter(self): limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=10, id=uuid.uuid4().hex) @@ -612,18 +612,18 @@ class LimitTests(object): self.assertEqual(0, len(res)) hints = driver_hints.Hints() - hints.add_filter('project_id', self.tenant_bar['id']) + hints.add_filter('project_id', self.project_bar['id']) res = PROVIDERS.unified_limit_api.list_limits(hints) self.assertEqual(1, len(res)) def test_list_limit_by_multi_filter_with_project_id(self): limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=10, id=uuid.uuid4().hex) @@ -631,19 +631,19 @@ class LimitTests(object): hints = driver_hints.Hints() hints.add_filter('service_id', self.service_one['id']) - hints.add_filter('project_id', self.tenant_bar['id']) + hints.add_filter('project_id', self.project_bar['id']) res = PROVIDERS.unified_limit_api.list_limits(hints) self.assertEqual(1, len(res)) def test_get_limit(self): # create two limits limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=5, id=uuid.uuid4().hex) @@ -661,12 +661,12 @@ class LimitTests(object): def test_delete_limit(self): # create two limits limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=5, id=uuid.uuid4().hex) @@ -686,23 +686,23 @@ class LimitTests(object): def test_delete_limit_project(self): # create two limits limit_1 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_one['id'], resource_name='volume', resource_limit=10, id=uuid.uuid4().hex) limit_2 = unit.new_limit_ref( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], service_id=self.service_one['id'], region_id=self.region_two['id'], resource_name='snapshot', resource_limit=5, id=uuid.uuid4().hex) PROVIDERS.unified_limit_api.create_limits([limit_1, limit_2]) # delete a unrelated project, the limits should still be there. - PROVIDERS.resource_api.delete_project(self.tenant_baz['id']) + PROVIDERS.resource_api.delete_project(self.project_baz['id']) ref = PROVIDERS.unified_limit_api.list_limits() self.assertEqual(2, len(ref)) # delete the referenced project, the limits should be deleted as well. - PROVIDERS.resource_api.delete_project(self.tenant_bar['id']) + PROVIDERS.resource_api.delete_project(self.project_bar['id']) ref = PROVIDERS.unified_limit_api.list_limits() self.assertEqual([], ref) diff --git a/keystone/tests/unit/resource/test_backends.py b/keystone/tests/unit/resource/test_backends.py index c792cf1dde..98863e5927 100644 --- a/keystone/tests/unit/resource/test_backends.py +++ b/keystone/tests/unit/resource/test_backends.py @@ -36,8 +36,8 @@ class ResourceTests(object): domain_count = len(default_fixtures.DOMAINS) def test_get_project(self): - tenant_ref = PROVIDERS.resource_api.get_project(self.tenant_bar['id']) - self.assertDictEqual(self.tenant_bar, tenant_ref) + project_ref = PROVIDERS.resource_api.get_project(self.project_bar['id']) + self.assertDictEqual(self.project_bar, project_ref) def test_get_project_returns_not_found(self): self.assertRaises(exception.ProjectNotFound, @@ -45,10 +45,10 @@ class ResourceTests(object): uuid.uuid4().hex) def test_get_project_by_name(self): - tenant_ref = PROVIDERS.resource_api.get_project_by_name( - self.tenant_bar['name'], + project_ref = PROVIDERS.resource_api.get_project_by_name( + self.project_bar['name'], CONF.identity.default_domain_id) - self.assertDictEqual(self.tenant_bar, tenant_ref) + self.assertDictEqual(self.project_bar, project_ref) @unit.skip_if_no_multiple_domains_support def test_get_project_by_name_for_project_acting_as_a_domain(self): @@ -229,9 +229,9 @@ class ResourceTests(object): def test_list_projects(self): project_refs = PROVIDERS.resource_api.list_projects() - project_count = len(default_fixtures.TENANTS) + self.domain_count + project_count = len(default_fixtures.PROJECTS) + self.domain_count self.assertEqual(project_count, len(project_refs)) - for project in default_fixtures.TENANTS: + for project in default_fixtures.PROJECTS: self.assertIn(project, project_refs) def test_list_projects_with_multiple_filters(self): @@ -269,11 +269,11 @@ class ResourceTests(object): # filtering by domain does not include any project that acts as a # domain. self.assertThat( - project_ids, matchers.HasLength(len(default_fixtures.TENANTS))) - self.assertIn(self.tenant_bar['id'], project_ids) - self.assertIn(self.tenant_baz['id'], project_ids) - self.assertIn(self.tenant_mtu['id'], project_ids) - self.assertIn(self.tenant_service['id'], project_ids) + project_ids, matchers.HasLength(len(default_fixtures.PROJECTS))) + self.assertIn(self.project_bar['id'], project_ids) + self.assertIn(self.project_baz['id'], project_ids) + self.assertIn(self.project_mtu['id'], project_ids) + self.assertIn(self.project_service['id'], project_ids) @unit.skip_if_no_multiple_domains_support def test_list_projects_acting_as_domain(self): diff --git a/keystone/tests/unit/server/test_keystone_flask.py b/keystone/tests/unit/server/test_keystone_flask.py index efa05226f2..f916fccef8 100644 --- a/keystone/tests/unit/server/test_keystone_flask.py +++ b/keystone/tests/unit/server/test_keystone_flask.py @@ -172,7 +172,7 @@ class TestKeystoneFlaskCommon(rest.RestfulTestCase): }, 'scope': { 'project': { - 'id': self.tenant_service['id'] + 'id': self.project_service['id'] } } } diff --git a/keystone/tests/unit/test_backend_ldap.py b/keystone/tests/unit/test_backend_ldap.py index 33794a2d76..a13c718bc2 100644 --- a/keystone/tests/unit/test_backend_ldap.py +++ b/keystone/tests/unit/test_backend_ldap.py @@ -458,25 +458,25 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, def test_remove_role_grant_from_user_and_project(self): PROVIDERS.assignment_api.create_grant( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id']) + project_id=self.project_baz['id']) self.assertDictEqual(self.role_member, roles_ref[0]) PROVIDERS.assignment_api.delete_grant( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( user_id=self.user_foo['id'], - project_id=self.tenant_baz['id']) + project_id=self.project_baz['id']) self.assertEqual(0, len(roles_ref)) self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.delete_grant, user_id=self.user_foo['id'], - project_id=self.tenant_baz['id'], + project_id=self.project_baz['id'], role_id=default_fixtures.MEMBER_ROLE_ID) def test_get_and_remove_role_grant_by_group_and_project(self): @@ -491,32 +491,32 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, roles_ref = PROVIDERS.assignment_api.list_grants( group_id=new_group['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertEqual([], roles_ref) self.assertEqual(0, len(roles_ref)) PROVIDERS.assignment_api.create_grant( group_id=new_group['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( group_id=new_group['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertNotEmpty(roles_ref) self.assertDictEqual(self.role_member, roles_ref[0]) PROVIDERS.assignment_api.delete_grant( group_id=new_group['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=default_fixtures.MEMBER_ROLE_ID) roles_ref = PROVIDERS.assignment_api.list_grants( group_id=new_group['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) self.assertEqual(0, len(roles_ref)) self.assertRaises(exception.RoleAssignmentNotFound, PROVIDERS.assignment_api.delete_grant, group_id=new_group['id'], - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], role_id=default_fixtures.MEMBER_ROLE_ID) def test_get_and_remove_role_grant_by_group_and_domain(self): @@ -571,14 +571,14 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, ) self.assertThat(user_projects, matchers.HasLength(0)) - # new grant(user1, role_member, tenant_bar) + # new grant(user1, role_member, project_bar) PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_bar['id'], + user_id=user1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) - # new grant(user1, role_member, tenant_baz) + # new grant(user1, role_member, project_baz) PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_baz['id'], + user_id=user1['id'], project_id=self.project_baz['id'], role_id=self.role_member['id'] ) user_projects = PROVIDERS.assignment_api.list_projects_for_user( @@ -595,14 +595,14 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, PROVIDERS.identity_api.add_user_to_group(user2['id'], group1['id']) - # new grant(group1(user2), role_member, tenant_bar) + # new grant(group1(user2), role_member, project_bar) PROVIDERS.assignment_api.create_grant( - group_id=group1['id'], project_id=self.tenant_bar['id'], + group_id=group1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) - # new grant(group1(user2), role_member, tenant_baz) + # new grant(group1(user2), role_member, project_baz) PROVIDERS.assignment_api.create_grant( - group_id=group1['id'], project_id=self.tenant_baz['id'], + group_id=group1['id'], project_id=self.project_baz['id'], role_id=self.role_member['id'] ) user_projects = PROVIDERS.assignment_api.list_projects_for_user( @@ -610,9 +610,9 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, ) self.assertThat(user_projects, matchers.HasLength(2)) - # new grant(group1(user2), role_other, tenant_bar) + # new grant(group1(user2), role_other, project_bar) PROVIDERS.assignment_api.create_grant( - group_id=group1['id'], project_id=self.tenant_bar['id'], + group_id=group1['id'], project_id=self.project_bar['id'], role_id=self.role_other['id'] ) user_projects = PROVIDERS.assignment_api.list_projects_for_user( @@ -633,13 +633,13 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, # Add user1 to group1 PROVIDERS.identity_api.add_user_to_group(user1['id'], group1['id']) - # Now, add grant to user1 and group1 in tenant_bar + # Now, add grant to user1 and group1 in project_bar PROVIDERS.assignment_api.create_grant( - user_id=user1['id'], project_id=self.tenant_bar['id'], + user_id=user1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) PROVIDERS.assignment_api.create_grant( - group_id=group1['id'], project_id=self.tenant_bar['id'], + group_id=group1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) @@ -649,9 +649,9 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, ) self.assertThat(user_projects, matchers.HasLength(1)) - # Now, delete user1 grant into tenant_bar and check + # Now, delete user1 grant into project_bar and check PROVIDERS.assignment_api.delete_grant( - user_id=user1['id'], project_id=self.tenant_bar['id'], + user_id=user1['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) @@ -685,7 +685,7 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, ) PROVIDERS.assignment_api.create_grant( - user_id=new_user['id'], project_id=self.tenant_bar['id'], + user_id=new_user['id'], project_id=self.project_bar['id'], role_id=self.role_member['id'] ) PROVIDERS.assignment_api.create_grant( @@ -761,7 +761,7 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, role_member = unit.new_role_ref() PROVIDERS.role_api.create_role(role_member['id'], role_member) PROVIDERS.assignment_api.add_role_to_user_and_project( - user['id'], self.tenant_baz['id'], role_member['id'] + user['id'], self.project_baz['id'], role_member['id'] ) driver = PROVIDERS.identity_api._select_identity_driver( user['domain_id']) @@ -898,7 +898,7 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, driver = PROVIDERS.identity_api._select_identity_driver( CONF.identity.default_domain_id) driver.user.attribute_ignore = ['enabled', 'email', - 'tenants', 'tenantId'] + 'projects', 'projectId'] user = self.new_user_ref(domain_id=CONF.identity.default_domain_id, project_id='maps_to_none') @@ -912,7 +912,7 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, driver = PROVIDERS.identity_api._select_identity_driver( CONF.identity.default_domain_id) driver.user.attribute_ignore = ['enabled', 'email', - 'tenants', 'tenantId'] + 'projects', 'projectId'] user = self.new_user_ref(domain_id=CONF.identity.default_domain_id) @@ -995,7 +995,7 @@ class BaseLDAPIdentity(LDAPTestSetup, IdentityTests, AssignmentTests, # Grant the user a role on a project. role_id = default_fixtures.MEMBER_ROLE_ID - project_id = self.tenant_baz['id'] + project_id = self.project_baz['id'] PROVIDERS.assignment_api.create_grant( role_id, user_id=public_user_id, project_id=project_id @@ -1947,7 +1947,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity, unit.TestCase): def load_fixtures(self, fixtures): # Override super impl since need to create group container. super(LDAPIdentity, self).load_fixtures(fixtures) - for obj in [self.tenant_bar, self.tenant_baz, self.user_foo, + for obj in [self.project_bar, self.project_baz, self.user_foo, self.user_two, self.user_badguy]: obj.setdefault('enabled', True) diff --git a/keystone/tests/unit/test_backend_sql.py b/keystone/tests/unit/test_backend_sql.py index 89a60f6fea..7141bd901f 100644 --- a/keystone/tests/unit/test_backend_sql.py +++ b/keystone/tests/unit/test_backend_sql.py @@ -274,7 +274,7 @@ class SqlIdentity(SqlTests, role_member = unit.new_role_ref() PROVIDERS.role_api.create_role(role_member['id'], role_member) PROVIDERS.assignment_api.add_role_to_user_and_project( - user['id'], self.tenant_bar['id'], role_member['id'] + user['id'], self.project_bar['id'], role_member['id'] ) PROVIDERS.identity_api.delete_user(user['id']) self.assertRaises(exception.UserNotFound, @@ -315,11 +315,11 @@ class SqlIdentity(SqlTests, role_member = unit.new_role_ref() PROVIDERS.role_api.create_role(role_member['id'], role_member) PROVIDERS.assignment_api.add_role_to_user_and_project( - user['id'], self.tenant_bar['id'], role_member['id'] + user['id'], self.project_bar['id'], role_member['id'] ) - PROVIDERS.resource_api.delete_project(self.tenant_bar['id']) - tenants = PROVIDERS.assignment_api.list_projects_for_user(user['id']) - self.assertEqual([], tenants) + PROVIDERS.resource_api.delete_project(self.project_bar['id']) + projects = PROVIDERS.assignment_api.list_projects_for_user(user['id']) + self.assertEqual([], projects) def test_update_project_returns_extra(self): """Test for backward compatibility with an essex/folsom bug. @@ -762,7 +762,7 @@ class SqlCatalog(SqlTests, catalog_tests.CatalogTests): service = unit.new_service_ref() PROVIDERS.catalog_api.create_service(service['id'], service) - malformed_url = "http://192.168.1.104:8774/v2/$(tenant)s" + malformed_url = "http://192.168.1.104:8774/v2/$(project)s" endpoint = unit.new_endpoint_ref(service_id=service['id'], url=malformed_url, region_id=None) @@ -770,7 +770,7 @@ class SqlCatalog(SqlTests, catalog_tests.CatalogTests): self.assertRaises(exception.ProjectNotFound, PROVIDERS.catalog_api.get_v3_catalog, 'fake-user', - 'fake-tenant') + 'fake-project') def test_get_v3_catalog_with_empty_public_url(self): service = unit.new_service_ref() @@ -781,7 +781,7 @@ class SqlCatalog(SqlTests, catalog_tests.CatalogTests): PROVIDERS.catalog_api.create_endpoint(endpoint['id'], endpoint.copy()) catalog = PROVIDERS.catalog_api.get_v3_catalog(self.user_foo['id'], - self.tenant_bar['id']) + self.project_bar['id']) catalog_endpoint = catalog[0] self.assertEqual(service['name'], catalog_endpoint['name']) self.assertEqual(service['id'], catalog_endpoint['id']) @@ -846,7 +846,7 @@ class SqlCatalog(SqlTests, catalog_tests.CatalogTests): region['id']) def test_v3_catalog_domain_scoped_token(self): - # test the case that tenant_id is None. + # test the case that project_id is None. srv_1 = unit.new_service_ref() PROVIDERS.catalog_api.create_service(srv_1['id'], srv_1) endpoint_1 = unit.new_endpoint_ref(service_id=srv_1['id'], @@ -884,10 +884,10 @@ class SqlCatalog(SqlTests, catalog_tests.CatalogTests): # create endpoint-project association. PROVIDERS.catalog_api.add_endpoint_to_project( endpoint_1['id'], - self.tenant_bar['id']) + self.project_bar['id']) catalog_ref = PROVIDERS.catalog_api.get_v3_catalog( - uuid.uuid4().hex, self.tenant_bar['id'] + uuid.uuid4().hex, self.project_bar['id'] ) self.assertThat(catalog_ref, matchers.HasLength(1)) self.assertThat(catalog_ref[0]['endpoints'], matchers.HasLength(1)) @@ -909,7 +909,7 @@ class SqlCatalog(SqlTests, catalog_tests.CatalogTests): PROVIDERS.catalog_api.create_service(srv_2['id'], srv_2) catalog_ref = PROVIDERS.catalog_api.get_v3_catalog( - uuid.uuid4().hex, self.tenant_bar['id'] + uuid.uuid4().hex, self.project_bar['id'] ) self.assertThat(catalog_ref, matchers.HasLength(2)) srv_id_list = [catalog_ref[0]['id'], catalog_ref[1]['id']] diff --git a/keystone/tests/unit/test_v3.py b/keystone/tests/unit/test_v3.py index 31d553a50a..c782c9c27f 100644 --- a/keystone/tests/unit/test_v3.py +++ b/keystone/tests/unit/test_v3.py @@ -937,7 +937,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, self.assertIsNotNone(entity.get('domain_id')) self.assertIsNotNone(entity.get('email')) self.assertNotIn('password', entity) - self.assertNotIn('tenantId', entity) + self.assertNotIn('projectId', entity) self.assertIn('password_expires_at', entity) if ref: self.assertEqual(ref['domain_id'], entity['domain_id']) diff --git a/keystone/tests/unit/trust/test_backends.py b/keystone/tests/unit/trust/test_backends.py index ca1fb222be..6fdc5de0a5 100644 --- a/keystone/tests/unit/trust/test_backends.py +++ b/keystone/tests/unit/trust/test_backends.py @@ -32,7 +32,7 @@ class TrustTests(object): (new_id, {'trustor_user_id': self.trustor['id'], 'trustee_user_id': self.user_two['id'], - 'project_id': self.tenant_bar['id'], + 'project_id': self.project_bar['id'], 'expires_at': expires_at, 'impersonation': True, 'remaining_uses': remaining_uses}, @@ -169,7 +169,7 @@ class TrustTests(object): self.trustee = self.user_two trust_data = {'trustor_user_id': self.trustor['id'], 'trustee_user_id': self.user_two['id'], - 'project_id': self.tenant_bar['id'], + 'project_id': self.project_bar['id'], 'expires_at': timeutils.parse_isotime( '2032-02-18T18:10:00Z'), 'impersonation': True, @@ -190,12 +190,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=1) @@ -218,12 +218,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=5) @@ -235,7 +235,7 @@ class TrustTests(object): self.assertIsNotNone(trust_data) PROVIDERS.trust_api.flush_expired_and_soft_deleted_trusts( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], trustor_user_id=self.user_foo['id'], trustee_user_id=self.user_two['id'], date=datetime.datetime.utcnow()) @@ -249,12 +249,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=1) @@ -279,12 +279,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=1) @@ -296,7 +296,7 @@ class TrustTests(object): self.assertIsNotNone(trust_data) PROVIDERS.trust_api.flush_expired_and_soft_deleted_trusts( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], trustee_user_id=self.user_two['id'], date=datetime.datetime.utcnow()) trusts = self.trust_api.list_trusts() @@ -309,12 +309,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=1) @@ -326,7 +326,7 @@ class TrustTests(object): self.assertIsNotNone(trust_data) PROVIDERS.trust_api.flush_expired_and_soft_deleted_trusts( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], trustor_user_id=self.user_foo['id'], date=datetime.datetime.utcnow()) trusts = self.trust_api.list_trusts() @@ -339,7 +339,7 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( @@ -356,7 +356,7 @@ class TrustTests(object): self.assertIsNotNone(trust_data) PROVIDERS.trust_api.flush_expired_and_soft_deleted_trusts( - project_id=self.tenant_bar['id'], + project_id=self.project_bar['id'], date=datetime.datetime.utcnow()) trusts = self.trust_api.list_trusts() self.assertEqual(len(trusts), 1) @@ -368,12 +368,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( self.user_foo['id'], self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=5) @@ -396,12 +396,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=1) trust_ref2 = core.new_trust_ref( self.user_two['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=5) @@ -425,12 +425,12 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=10) trust_ref2 = core.new_trust_ref( self.user_two['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=5) @@ -454,17 +454,17 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=10) trust_ref2 = core.new_trust_ref( self.user_two['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=5) trust_ref3 = core.new_trust_ref( self.user_two['id'], self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref3['expires_at'] = None trust_data = PROVIDERS.trust_api.create_trust(trust_ref1['id'], @@ -489,17 +489,17 @@ class TrustTests(object): {"id": "browser"}] trust_ref1 = core.new_trust_ref( self.user_foo['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref1['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=10) trust_ref2 = core.new_trust_ref( self.user_two['id'], self.user_two['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref2['expires_at'] = \ timeutils.utcnow() + datetime.timedelta(minutes=30) trust_ref3 = core.new_trust_ref( self.user_two['id'], self.user_foo['id'], - project_id=self.tenant_bar['id']) + project_id=self.project_bar['id']) trust_ref3['expires_at'] = \ timeutils.utcnow() - datetime.timedelta(minutes=30)