<div dir="ltr"><span id="docs-internal-guid-ddbf2bb3-1b98-45b0-89ef-994e09df03ac"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Hi,</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><br class=""></span><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Right now, "identity-auth" capability has only 2 approved tests. I'm working on a task to investigate the Identity API and expand its coverage for non-admin user. As a result, we already have a couple patches on review:</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Expanded assertion in test_create_token for keystone v2, v3</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://review.openstack.org/#/c/190123/" style="text-decoration:none"><span style="font-family:Arial;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">https://review.openstack.org/#/190123</span></a></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Added test_list_tenant non-admin test to test_tokens.py</span><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><br class=""></span><a href="https://review.openstack.org/#/c/192709" style="text-decoration:none"><span style="font-family:Arial;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">https://review.openstack.org/#/192709</span></a><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><br class=""></span><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Any help in furtherance of these tests will be appreciated)</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Surprisingly, I have found, that no more positive testcases for base Identity API can be added without admin rights. It can be considered as an issue because most of Identity API stays uncovered in this case. Does anyone have thoughts related to this topic? </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">From my side, I can say, that this issue can be resolved if refstack user has admin rights in his domain. But I don't have any ideas, does such solution is appropriate for defcore/refstack.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Also, I found that we can add non-admin tests for Identity API EC2 extension:</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">* non-admin user can create ec2-credentials;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">* non-admin user can get created ec2-credentials;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">* non-admin user can list created ec2-credentials;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">* non-admin user can delete created ec2-credentials;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">* non-admin user can update own password.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Does this API hit defcore/refstack interests?</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">One another option is to add negative tests for non-admin user:</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">* non-admin user cannot create/delete a user/role/endpoint/service/tenant;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">* non-admin user cannot list users/roles.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Have these tests sense for defcore/refstack projects?</span></p><div><br></div></span>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">Best regards,<div><br><div>Ievgeniia Zadorozhna</div><div><div>QA Engineer</div><div>Mirantis Inc</div></div></div><div><br></div><div><span><span style="text-decoration:underline;font-size:14.6666666666667px;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><a href="http://www.openstacksv.com/" style="text-decoration:none" target="_blank"><img src="https://lh6.googleusercontent.com/zIeukmjpMB8-YM-ILbvNI-NYJ0NaTVK7b3oD7_epAZu-XCO2ed3rYD-V8Dd02LNd3ELGZphz5mukyVtR6p6glTx4Z8B07DfE94LHO7ayaJsRzDQz_YYQuxHr4UuNvOtfePFLyZo" width="245px;" height="44px;" style="border: none;" alt="OSSV-signature-2015.gif"></a></span></span><br></div><div><span><a href="https://twitter.com/OpenStackSV" style="text-decoration:none" target="_blank"><span style="font-size:13.3333333333333px;font-family:Arial;color:rgb(17,85,204);text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Follow the OpenStack Silicon Valley event on Twitter</span></a></span><span><br></span></div></div></div></div></div>
</div>