[openstack-dev] [Keystone] Functional Testing

Adam Young ayoung at redhat.com
Mon Dec 1 21:54:52 UTC 2014

Keystone doesn't depend on other services, but every other service in 
OpenStack depends on Keystone.

So, I propose we treat all of the Admin aspects of the Keystone server 
just like any other consumer of auth token middleware, but only for testing.

It means that we would be using a different middleware for /v3/auth than 
we use for, say /v3/users and /v3/policy.  /auth would use the mechanism 
that Keystone uses today (Middleware inside of Keystone) but the rest of 
Keystone would use keystonemiddleware.auth_token. Ok, so we would 
probably need to work around fetching certificates, too.

The idea is that Keystone should be run just like any other service, and 
perform all of the same checks on tokens and policy for anything that is 
an administrative task;  creating users etc.  In doing so, we would 
provide a framework for functional tests.

Doing this would require a bit of reworking of the past pipeline, but 
that is stuff we've considered doing before.

Does this fit in with the vision of each project doing our own 
functional testing?

More information about the OpenStack-dev mailing list