Add test cases to check user{domain}

pattern.

Heat uses domain in user{domain} pattern to
find the user in the corresponding domain.

Change-Id: Ic01877e2524e094b087fcbddac7504356e395031
Story:2007867
Task:40234

3 files changed, 192 insertions, 0 deletions

diff --git a/heat_integrationtests/common/clients.py b/heat_integrationtests/common/clients.py
index d2cc92977..6079db19d 100644
--- a/heat_integrationtests/common/clients.py
+++ b/heat_integrationtests/common/clients.py
@@ -17,6 +17,7 @@ from heat.common.i18n import _
 from heatclient import client as heat_client
 from keystoneauth1.identity.generic import password
 from keystoneauth1 import session
+from keystoneclient.v3 import client as kc_v3
 from neutronclient.v2_0 import client as neutron_client
 from novaclient import client as nova_client
 from swiftclient import client as swift_client
@@ -79,6 +80,7 @@ class ClientManager(object):
         self.ca_file = self.conf.ca_file
 
         self.identity_client = self._get_identity_client()
+        self.keystone_client = self._get_keystone_client()
         self.orchestration_client = self._get_orchestration_client()
         self.compute_client = self._get_compute_client()
         self.network_client = self._get_network_client()
@@ -143,6 +145,12 @@ class ClientManager(object):
 
         return KeystoneWrapperClient(auth, verify_cert)
 
+    def _get_keystone_client(self):
+        # Create our default Keystone client to use in testing
+        return kc_v3.Client(
+            session=self.identity_client.session,
+            region_name=self.conf.region)
+
     def _get_compute_client(self):
         # Create our default Nova client to use in testing
         return nova_client.Client(
diff --git a/heat_integrationtests/common/test.py b/heat_integrationtests/common/test.py
index fcc117d6e..52a7fe45d 100644
--- a/heat_integrationtests/common/test.py
+++ b/heat_integrationtests/common/test.py
@@ -100,6 +100,7 @@ class HeatIntegrationTest(testscenarios.WithScenarios,
     def setup_clients(self, conf, admin_credentials=False):
         self.manager = clients.ClientManager(conf, admin_credentials)
         self.identity_client = self.manager.identity_client
+        self.keystone_client = self.manager.keystone_client
         self.orchestration_client = self.manager.orchestration_client
         self.compute_client = self.manager.compute_client
         self.network_client = self.manager.network_client
diff --git a/heat_integrationtests/functional/test_keystone_user_with_domain.py b/heat_integrationtests/functional/test_keystone_user_with_domain.py
new file mode 100644
index 000000000..aff4f75a1
--- /dev/null
+++ b/heat_integrationtests/functional/test_keystone_user_with_domain.py
@@ -0,0 +1,183 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from heat_integrationtests.common import test
+from heat_integrationtests.functional import functional_base
+
+create_user = '''
+heat_template_version: 2014-10-16
+description: test template to test user role assignment with user{domain}
+parameters:
+  user_name:
+    type: string
+    label: User Name
+    description: Test user name
+  project_name:
+    type: string
+    label: Project Name
+    description: Test project name
+  domain_name:
+    type: string
+    label: Domain Name
+    description: Test domain name
+resources:
+  Domain:
+    properties:
+      description: "Test Domain"
+      enabled: true
+      name: {get_param: domain_name}
+    type: OS::Keystone::Domain
+  Project:
+    properties:
+      description: "Test Project"
+      enabled: true
+      name: {get_param: project_name}
+    type: OS::Keystone::Project
+  User:
+    type: OS::Keystone::User
+    properties:
+      name: {get_param: user_name}
+      domain: {get_resource: Domain}
+      description: Test user
+      enabled: true
+      email: xyz@abc.com
+      password: passWORD
+outputs:
+  project_name:
+    value: {get_attr: [Project, name]}
+  user_name:
+    value: {get_attr: [User, name]}
+'''
+assign_user_roles = '''
+heat_template_version: 2014-10-16
+description: test template to test user role assignment with user{domain}
+parameters:
+  user_name:
+    type: string
+    label: User Name
+    description: Test user name
+  project_name:
+    type: string
+    label: Project Name
+    description: Test project name
+  domain_name:
+    type: string
+    label: Domain Name
+    description: Test domain name
+resources:
+  UserRoleAssignemnt:
+    properties:
+      roles:
+      - role: admin
+        project: {get_param: project_name}
+      user:
+        list_join: ['',
+                      [
+                        {get_param: user_name},
+                        '{',
+                        {get_param: domain_name},
+                        '}'
+                      ]
+                   ]
+    type: OS::Keystone::UserRoleAssignment
+'''
+disable_domain = '''
+heat_template_version: 2014-10-16
+description: test template to test user role assignment with user{domain}
+parameters:
+  user_name:
+    type: string
+    label: User Name
+    description: Test user name
+  project_name:
+    type: string
+    label: Project Name
+    description: Test project name
+  domain_name:
+    type: string
+    label: Domain Name
+    description: Test domain name
+resources:
+  Domain:
+    properties:
+      description: "Test Domain"
+      enabled: false
+      name: {get_param: domain_name}
+    type: OS::Keystone::Domain
+  Project:
+    properties:
+      description: "Test Project"
+      enabled: true
+      name: {get_param: project_name}
+    type: OS::Keystone::Project
+  User:
+    type: OS::Keystone::User
+    properties:
+      name: {get_param: user_name}
+      domain: {get_resource: Domain}
+      description: Test user
+      enabled: true
+      email: xyz@abc.com
+      password: passWORD
+outputs:
+  project_name:
+    value: {get_attr: [Project, name]}
+  user_name:
+    value: {get_attr: [User, name]}
+'''
+
+
+class CreateUserTest(functional_base.FunctionalTestsBase):
+
+    def get_user_and_project_outputs(self, stack_identifier):
+        stack = self.client.stacks.get(stack_identifier)
+        project_name = self._stack_output(stack, 'project_name')
+        user_name = self._stack_output(stack, 'user_name')
+        return project_name, user_name
+
+    def get_outputs(self, stack_identifier, output_key):
+        stack = self.client.stacks.get(stack_identifier)
+        return self._stack_output(stack, output_key)
+
+    def test_assign_user_role_with_domain(self):
+        # Setup admin clients
+        self.setup_clients_for_admin()
+        parms = {
+            'user_name': test.rand_name('test-user-domain-user-name'),
+            'project_name': test.rand_name('test-user-domain-project'),
+            'domain_name': test.rand_name('test-user-domain-domain-name')
+        }
+        stack_identifier_create_user = self.stack_create(
+            template=create_user,
+            parameters=parms)
+
+        self.stack_create(
+            template=assign_user_roles,
+            parameters=parms)
+
+        project_name, user_name = self.get_user_and_project_outputs(
+            stack_identifier_create_user)
+        self.assertEqual(project_name, project_name)
+        self.assertEqual(user_name, user_name)
+        users = self.keystone_client.users.list()
+        projects = self.keystone_client.projects.list()
+        user_id = [x for x in users if x.name == user_name][0].id
+        project_id = [x for x in projects if x.name == project_name][0].id
+        self.assertIsNotNone(
+            self.keystone_client.role_assignments.list(
+                user=user_id, project=project_id))
+
+        # Disable domain so stack can be deleted
+        self.update_stack(
+            stack_identifier=stack_identifier_create_user,
+            template=disable_domain,
+            parameters=parms)