| Jane Zadorozhna | bfc7237 | 2015-06-16 17:32:59 +0300 | [diff] [blame] | 1 | # Copyright 2015 OpenStack Foundation |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| 16 | from tempest_lib import exceptions as lib_exc |
| 17 | |
| 18 | from tempest.api.identity import base |
| 19 | from tempest import test |
| 20 | |
| 21 | |
| 22 | class IdentityV3ProjectsTest(base.BaseIdentityV3Test): |
| 23 | |
| 24 | credentials = ['primary', 'alt'] |
| 25 | |
| 26 | @test.idempotent_id('86128d46-e170-4644-866a-cc487f699e1d') |
| 27 | def test_list_projects_returns_only_authorized_projects(self): |
| 28 | alt_project_name =\ |
| 29 | self.alt_manager.credentials.credentials.project_name |
| 30 | resp = self.non_admin_client.list_user_projects( |
| 31 | self.os.credentials.user_id) |
| 32 | |
| 33 | # check that user can see only that projects that he presents in so |
| 34 | # user can successfully authenticate using his credentials and |
| 35 | # project name from received projects list |
| 36 | for project in resp['projects']: |
| 37 | token_id, body = self.non_admin_token.get_token( |
| 38 | username=self.os.credentials.username, |
| 39 | password=self.os.credentials.password, |
| 40 | project_name=project['name'], |
| 41 | auth_data=True) |
| 42 | self.assertNotEmpty(token_id) |
| 43 | self.assertEqual(body['project']['id'], project['id']) |
| 44 | self.assertEqual(body['project']['name'], project['name']) |
| 45 | self.assertEqual(body['user']['id'], self.os.credentials.user_id) |
| 46 | |
| 47 | # check that user cannot log in to alt user's project |
| 48 | self.assertRaises( |
| 49 | lib_exc.Unauthorized, |
| 50 | self.non_admin_token.get_token, |
| 51 | username=self.os.credentials.username, |
| 52 | password=self.os.credentials.password, |
| 53 | project_name=alt_project_name) |