Open Stack

Hi,


Right now, "identity-auth" capability has only 2 approved tests. I'm
working on a task to investigate the Identity API and expand its coverage
for non-admin user. As a result, we already have a couple patches on review:

Expanded assertion in test_create_token for keystone v2, v3

https://review.openstack.org/#/190123
<https://review.openstack.org/#/c/190123/>

Added test_list_tenant non-admin test to test_tokens.py
https://review.openstack.org/#/192709
<https://review.openstack.org/#/c/192709>


Any help in furtherance of these tests will be appreciated)

Surprisingly, I have found, that no more positive testcases for base
Identity API can be added without admin rights. It can be considered as an
issue because most of Identity API stays uncovered in this case. Does
anyone have thoughts related to this topic?

>From my side, I can say, that this issue can be resolved if refstack user
has admin rights in his domain. But I don't have any ideas, does such
solution is appropriate for defcore/refstack.

Also, I found that we can add non-admin tests for Identity API EC2
extension:

* non-admin user can create ec2-credentials;

* non-admin user can get created ec2-credentials;

* non-admin user can list created ec2-credentials;

* non-admin user can delete created ec2-credentials;

* non-admin user can update own password.

Does this API hit defcore/refstack interests?

One another option is to add negative tests for non-admin user:

* non-admin user cannot create/delete a user/role/endpoint/service/tenant;

* non-admin user cannot list users/roles.

Have these tests sense for defcore/refstack projects?

-- 
Best regards,

Ievgeniia Zadorozhna
QA Engineer
Mirantis Inc

[image: OSSV-signature-2015.gif] <http://www.openstacksv.com/>
Follow the OpenStack Silicon Valley event on Twitter
<https://twitter.com/OpenStackSV>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/defcore-committee/attachments/20150622/cabe1a19/attachment.html>