RubyGems - fog - Versions diffs - 1.32.0 → 1.33.0 - Mend

fog 1.32.0 → 1.33.0

Files changed (204) hide show

data/spec/fog/openstack/identity_v3_spec.rb CHANGED

@@ -1,54 +1,20 @@
 require 'fog/openstack/identity'
 require 'fog/openstack/identity_v3'
-require 'rspec/core'
-require 'rspec/expectations'
-require 'vcr'
-RSpec.describe Fog::Identity::OpenStack::V3 do
-  before :all do |example|
-    @os_auth_url = ENV['OS_AUTH_URL']
-    # if OS_AUTH_URL is set but FOG_MOCK is not, don't record anything and just pass through the requests
-    VCR.configure do |c|
-      c.ignore_request do |request|
-        ENV['FOG_MOCK']!='true' && !ENV['OS_AUTH_URL'].nil?
-      end
-    end if @os_auth_url
-    # Fail-safe URL which matches the VCR recordings
-    @os_auth_url ||= 'http://devstack.openstack.stack:5000/v3'
-    VCR.configure do |config|
-      config.allow_http_connections_when_no_cassette = true
-      config.hook_into :webmock
-      config.cassette_library_dir = "spec/fog/openstack/identity_v3"
-      config.default_cassette_options = {:record => :none}
-      config.default_cassette_options.merge! :match_requests_on => [:method, :uri, :body] unless RUBY_VERSION =~ /1.8/ # Ruby 1.8.7 encodes JSON differently, which screws up request matching
-    end
-    if ENV['DEBUG']
-      VCR.configure do |config|
-        config.ignore_request do |request|
-          false && !ENV['OS_AUTH_URL'].nil?
-        end
-        config.cassette_library_dir = "spec/debug"
-        config.default_cassette_options.merge! :record => :all
-      end
-    end
+if RUBY_VERSION =~ /1.8/
+  require File.expand_path('../shared_context', __FILE__)
+else
+  require_relative './shared_context'
+end
-    # Allow us to ignore dev certificates on servers
-    Excon.defaults[:ssl_verify_peer] = false if ENV['SSL_VERIFY_PEER'] == 'false'
+RSpec.describe Fog::Identity::OpenStack::V3 do
-    VCR.use_cassette('idv3') do
-      @id_v3 = Fog::Identity::OpenStack::V3.new(
-          :openstack_project_name => ENV['OS_PROJECT_NAME'] || 'admin',
-          :openstack_domain_name => ENV['OS_USER_DOMAIN_NAME'] || 'Default',
-          :openstack_api_key => ENV['OS_PASSWORD'] || 'password',
-          :openstack_username => ENV['OS_USERNAME'] || 'admin',
-          :openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
-          :openstack_auth_url => "#{@os_auth_url}/auth/tokens") unless @id_v3
-    end
+  include_context 'OpenStack specs with VCR'
+  before :all do
+    setup_vcr_and_service(
+      :vcr_directory => 'spec/fog/openstack/identity_v3',
+      :service_class => Fog::Identity::OpenStack::V3
+    )
   end
   it 'authenticates with password, userid and domain_id' do
@@ -86,7 +52,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it 'authenticates in another region' do
     VCR.use_cassette('idv3_endpoint') do
-      @endpoints_all = @id_v3.endpoints.all
+      @endpoints_all = @service.endpoints.all
     end
     endpoints_in_region = @endpoints_all.select { |endpoint| endpoint.region == (ENV['OS_REGION_OTHER']||'europe') }
@@ -104,14 +70,14 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it 'get an unscoped token, then reauthenticate with it' do
     VCR.use_cassette('authv3_unscoped_reauth') do
-      @id_v3 = Fog::Identity::OpenStack::V3.new(
+      id_v3 = Fog::Identity::OpenStack::V3.new(
           :openstack_api_key => ENV['OS_PASSWORD'] || 'password',
           :openstack_userid => ENV['OS_USER_ID'] || 'aa9f25defa6d4cafb48466df83106065',
           :openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
           :openstack_auth_url => "#{@os_auth_url}/auth/tokens")
       auth_params = {:provider => "openstack",
-                     :openstack_auth_token => @id_v3.credentials[:openstack_auth_token],
+                     :openstack_auth_token => id_v3.credentials[:openstack_auth_token],
                      :openstack_auth_url => "#{@os_auth_url}/auth/tokens",
                      :openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne'}
       @fog2 = Fog::Identity::OpenStack::V3.new(auth_params)
@@ -167,23 +133,23 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it "find specific user, lists users" do
     VCR.use_cassette('idv3_users') do
-      expect { nonexistent_user = @id_v3.users.find_by_id 'u-random-blah' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { nonexistent_user = @service.users.find_by_id 'u-random-blah' }.to raise_error(Fog::Identity::OpenStack::NotFound)
-      admin_user = @id_v3.users.find_by_name ENV['OS_USERNAME'] || 'admin'
+      admin_user = @service.users.find_by_name ENV['OS_USERNAME'] || 'admin'
       expect(admin_user.length).to be 1
-      users = @id_v3.users
+      users = @service.users
       expect(users).to_not be_nil
       expect(users.length).to_not be 0
-      users_all = @id_v3.users.all
+      users_all = @service.users.all
       expect(users_all).to_not be_nil
       expect(users_all.length).to_not be 0
-      admin_by_id = @id_v3.users.find_by_id admin_user.first.id
+      admin_by_id = @service.users.find_by_id admin_user.first.id
       expect(admin_by_id).to_not be_nil
-      expect(@id_v3.users.find_by_name('pimpernel').length).to be 0
+      expect(@service.users.find_by_name('pimpernel').length).to be 0
     end
   end
@@ -192,44 +158,44 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       # Make sure there are no existing users called foobar or baz
       ['foobar', 'baz'].each do |username|
-        user = @id_v3.users.find_by_name(username).first
+        user = @service.users.find_by_name(username).first
         user.update(:enabled => false) if user
         user.destroy if user
       end
-      expect(@id_v3.users.find_by_name('foobar').length).to be 0
-      expect(@id_v3.users.find_by_name('baz').length).to be 0
+      expect(@service.users.find_by_name('foobar').length).to be 0
+      expect(@service.users.find_by_name('baz').length).to be 0
       # Create a user called foobar
-      foobar_user = @id_v3.users.create(:name => 'foobar',
+      foobar_user = @service.users.create(:name => 'foobar',
                                         :email => 'foobar@example.com',
                                         :password => 's3cret!')
       foobar_id = foobar_user.id
-      expect(@id_v3.users.find_by_name('foobar').length).to be 1
+      expect(@service.users.find_by_name('foobar').length).to be 1
       # Rename it to baz and disable it (required so we can delete it)
       foobar_user.update(:name => 'baz', :enabled => false)
       expect(foobar_user.name).to eq 'baz'
       # Read the user freshly and check the name & enabled state
-      expect(@id_v3.users.find_by_name('baz').length).to be 1
-      baz_user = @id_v3.users.find_by_id foobar_id
+      expect(@service.users.find_by_name('baz').length).to be 1
+      baz_user = @service.users.find_by_id foobar_id
       expect(baz_user).to_not be_nil
       expect(baz_user.name).to eq 'baz'
       expect(baz_user.email).to eq 'foobar@example.com'
       expect(baz_user.enabled).to be false
       # Try to create the user again
-      expect { @id_v3.users.create(:name => 'baz',
+      expect { @service.users.create(:name => 'baz',
                                    :email => 'foobar@example.com',
                                    :password => 's3cret!') }.to raise_error(Excon::Errors::Conflict)
       # Delete the user
       baz_user.destroy
       # Check that the deletion worked
-      expect { @id_v3.users.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
-      expect(@id_v3.users.all.select { |user| ['foobar', 'baz'].include? user.name }.length).to be 0
-      expect(@id_v3.users.find_by_name('foobar').length).to be 0
-      expect(@id_v3.users.find_by_name('baz').length).to be 0
+      expect { @service.users.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect(@service.users.all.select { |user| ['foobar', 'baz'].include? user.name }.length).to be 0
+      expect(@service.users.find_by_name('foobar').length).to be 0
+      expect(@service.users.find_by_name('baz').length).to be 0
     end
   end
@@ -237,35 +203,35 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
     VCR.use_cassette('idv3_group_crud_mutation') do
       # Make sure there are no existing groups called foobar or baz
-      @id_v3.groups.all.select { |group| ['foobar', 'baz'].include? group.name }.each do |group|
+      @service.groups.all.select { |group| ['foobar', 'baz'].include? group.name }.each do |group|
         group.destroy
       end
-      expect(@id_v3.groups.all.select { |group| ['foobar', 'baz'].include? group.name }.length).to be 0
+      expect(@service.groups.all.select { |group| ['foobar', 'baz'].include? group.name }.length).to be 0
       # Create a group called foobar
-      foobar_group = @id_v3.groups.create(:name => 'foobar', :description => "Group of Foobar users")
+      foobar_group = @service.groups.create(:name => 'foobar', :description => "Group of Foobar users")
       foobar_id = foobar_group.id
-      expect(@id_v3.groups.all.select { |group| group.name == 'foobar' }.length).to be 1
+      expect(@service.groups.all.select { |group| group.name == 'foobar' }.length).to be 1
       # Rename it to baz
       foobar_group.update(:name => 'baz', :description => "Group of Baz users")
       expect(foobar_group.name).to eq 'baz'
       # Read the group freshly and check the name
-      expect(@id_v3.groups.all.select { |group| group.name == 'baz' }.length).to be 1
-      baz_group = @id_v3.groups.find_by_id foobar_id
+      expect(@service.groups.all.select { |group| group.name == 'baz' }.length).to be 1
+      baz_group = @service.groups.find_by_id foobar_id
       expect(baz_group).to_not be_nil
       expect(baz_group.name).to eq 'baz'
       # Add users to the group
-      #foobar_user1 = @id_v3.users.find_by_name('foobar1').first
+      #foobar_user1 = @service.users.find_by_name('foobar1').first
       #foobar_user1.destroy if foobar_user1
-      foobar_user1 = @id_v3.users.create(:name => 'foobar1',
+      foobar_user1 = @service.users.create(:name => 'foobar1',
                                          :email => 'foobar1@example.com',
                                          :password => 's3cret!1')
-      #foobar_user2 = @id_v3.users.find_by_name('foobar2').first
+      #foobar_user2 = @service.users.find_by_name('foobar2').first
       #foobar_user2.destroy if foobar_user2
-      foobar_user2 = @id_v3.users.create(:name => 'foobar2',
+      foobar_user2 = @service.users.create(:name => 'foobar2',
                                          :email => 'foobar2@example.com',
                                          :password => 's3cret!2')
@@ -297,8 +263,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       # Delete the group
       baz_group.destroy
-      expect { @id_v3.groups.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
-      expect(@id_v3.groups.all.select { |group| ['foobar', 'baz'].include? group.name }.length).to be 0
+      expect { @service.groups.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect(@service.groups.all.select { |group| ['foobar', 'baz'].include? group.name }.length).to be 0
     end
   end
@@ -310,16 +276,16 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
                         :scope => {:project => {:domain => {:name => ENV['OS_USER_DOMAIN_NAME']||'Default'},
                                                 :name => ENV['OS_PROJECT_NAME']||'admin'}}}}
-      token = @id_v3.tokens.authenticate(auth)
+      token = @service.tokens.authenticate(auth)
       expect(token).to_not be_nil
-      validated_token = @id_v3.tokens.validate token.value
+      validated_token = @service.tokens.validate token.value
       expect(validated_token).to_not be_nil
-      @id_v3.tokens.check(token.value)
-      @id_v3.tokens.revoke(token.value)
+      @service.tokens.check(token.value)
+      @service.tokens.revoke(token.value)
-      expect { @id_v3.tokens.check(token.value) }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.tokens.check(token.value) }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
@@ -330,12 +296,12 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       begin
-        foobar_user = @id_v3.users.create(:name => 'foobar_385',
+        foobar_user = @service.users.create(:name => 'foobar_385',
                                           :email => 'foobar_demo@example.com',
                                           :domain_id => ENV['OS_USER_DOMAIN_ID'] || 'default',
                                           :password => 's3cret!')
-        foobar_role = @id_v3.roles.create(:name => 'foobar_role390')
+        foobar_role = @service.roles.create(:name => 'foobar_role390')
         foobar_user.grant_role(foobar_role.id)
         nonadmin_v3 = Fog::Identity::OpenStack::V3.new(
@@ -359,9 +325,9 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
             :openstack_auth_url => auth_url) }.to raise_error(Excon::Errors::NotFound)
       ensure
         # Clean up
-        foobar_user = @id_v3.users.find_by_name('foobar_385').first unless foobar_user
+        foobar_user = @service.users.find_by_name('foobar_385').first unless foobar_user
         foobar_user.destroy if foobar_user
-        foobar_role = @id_v3.roles.all.select { |role| role.name == 'foobar_role390' }.first unless foobar_role
+        foobar_role = @service.roles.all.select { |role| role.name == 'foobar_role390' }.first unless foobar_role
         foobar_role.destroy if foobar_role
       end
@@ -371,18 +337,18 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it "lists domains" do
     VCR.use_cassette('idv3_domain') do
-      domains = @id_v3.domains
+      domains = @service.domains
       expect(domains).to_not be_nil
       expect(domains.length).to_not be 0
-      domains_all = @id_v3.domains.all
+      domains_all = @service.domains.all
       expect(domains_all).to_not be_nil
       expect(domains_all.length).to_not be 0
-      default_domain = @id_v3.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
+      default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
       expect(default_domain).to_not be_nil
-      expect { @id_v3.domains.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.domains.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
@@ -391,17 +357,17 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       begin
         # Create a domain called foobar
-        foobar_domain = @id_v3.domains.create(:name => 'foobar')
+        foobar_domain = @service.domains.create(:name => 'foobar')
         foobar_id = foobar_domain.id
-        expect(@id_v3.domains.all(:name => 'foobar').length).to be 1
+        expect(@service.domains.all(:name => 'foobar').length).to be 1
         # Rename it to baz and disable it (required so we can delete it)
         foobar_domain.update(:name => 'baz', :enabled => false)
         expect(foobar_domain.name).to eq 'baz'
         # Read the domain freshly and check the name & enabled state
-        expect(@id_v3.domains.all(:name => 'baz').length).to be 1
-        baz_domain = @id_v3.domains.find_by_id foobar_id
+        expect(@service.domains.all(:name => 'baz').length).to be 1
+        baz_domain = @service.domains.find_by_id foobar_id
         expect(baz_domain).to_not be_nil
         expect(baz_domain.name).to eq 'baz'
         expect(baz_domain.enabled).to be false
@@ -415,9 +381,9 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         rescue
         end
         # Check that the deletion worked
-        expect { @id_v3.domains.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
+        expect { @service.domains.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
         ['foobar', 'baz'].each do |domain_name|
-          expect(@id_v3.domains.all(:name => domain_name).length).to be 0
+          expect(@service.domains.all(:name => domain_name).length).to be 0
         end
       end
     end
@@ -428,7 +394,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
     VCR.use_cassette('idv3_domain_roles_mutation') do
       begin
-        foobar_user = @id_v3.users.create(:name => 'foobar_role_user',
+        foobar_user = @service.users.create(:name => 'foobar_role_user',
                                           :email => 'foobar@example.com',
                                           :password => 's3cret!')
@@ -436,18 +402,18 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         expect(foobar_user.roles.length).to be 0
         # Create a role and add it to the user in the user's domain
-        foobar_role = @id_v3.roles.create(:name => 'foobar_role')
+        foobar_role = @service.roles.create(:name => 'foobar_role')
         foobar_user.grant_role(foobar_role.id)
         expect(foobar_user.roles.length).to be 1
-        assignments = @id_v3.role_assignments.all(:user_id => foobar_user.id)
+        assignments = @service.role_assignments.all(:user_id => foobar_user.id)
         expect(assignments.length).to be 1
         expect(assignments.first.role['id']).to eq foobar_role.id
         expect(assignments.first.user['id']).to eq foobar_user.id
         expect(assignments.first.scope['domain']['id']).to eq foobar_user.domain_id
         expect(assignments.first.links['assignment'].end_with? "/v3/domains/#{foobar_user.domain_id}/users/#{foobar_user.id}/roles/#{foobar_role.id}").to be true
-        # Quick test of @id_v3.role_assignments.all while we're at it
-        all_assignments = @id_v3.role_assignments.all
+        # Quick test of @service.role_assignments.all while we're at it
+        all_assignments = @service.role_assignments.all
         expect(all_assignments.length).to be >= 1
         # Check that the user has the role
@@ -457,9 +423,9 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         foobar_user.revoke_role(foobar_role.id)
         expect(foobar_user.check_role(foobar_role.id)).to be false
       ensure
-        foobar_user = @id_v3.users.find_by_name('u-foobar_role_user').first unless foobar_user
+        foobar_user = @service.users.find_by_name('u-foobar_role_user').first unless foobar_user
         foobar_user.destroy if foobar_user
-        foobar_role = @id_v3.roles.all.select { |role| role.name == 'foobar_role' }.first unless foobar_role
+        foobar_role = @service.roles.all.select { |role| role.name == 'foobar_role' }.first unless foobar_role
         foobar_role.destroy if foobar_role
       end
@@ -471,15 +437,15 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       begin
         # Create a domain called foobar
-        foobar_domain = @id_v3.domains.create(:name => 'd-foobar')
+        foobar_domain = @service.domains.create(:name => 'd-foobar')
         # Create a group in this domain
-        foobar_group = @id_v3.groups.create(:name => 'g-foobar',
+        foobar_group = @service.groups.create(:name => 'g-foobar',
                                             :description => "Group of Foobar users",
                                             :domain_id => foobar_domain.id)
         # Create a user in the domain
-        foobar_user = @id_v3.users.create(:name => 'u-foobar_foobar',
+        foobar_user = @service.users.create(:name => 'u-foobar_foobar',
                                           :email => 'foobar@example.com',
                                           :password => 's3cret!',
                                           :domain_id => foobar_domain.id)
@@ -488,19 +454,19 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         expect(foobar_user.roles.length).to be 0
         # Create a role and add it to the domain group
-        foobar_role = @id_v3.roles.all.select { |role| role.name == 'foobar_role' }.first
+        foobar_role = @service.roles.all.select { |role| role.name == 'foobar_role' }.first
         foobar_role.destroy if foobar_role
-        foobar_role = @id_v3.roles.create(:name => 'foobar_role')
+        foobar_role = @service.roles.create(:name => 'foobar_role')
         foobar_group.grant_role foobar_role.id
         expect(foobar_group.roles.length).to be 1
         # Add user to the group and check that it inherits the role
         expect(foobar_user.check_role foobar_role.id).to be false
-        expect(@id_v3.role_assignments.all(:user_id => foobar_user.id, :effective => true).length).to be 0
+        expect(@service.role_assignments.all(:user_id => foobar_user.id, :effective => true).length).to be 0
         foobar_group.add_user foobar_user.id
         expect(foobar_user.check_role foobar_role.id).to be false # Still false in absolute assignment terms
-        assignments = @id_v3.role_assignments.all(:user_id => foobar_user.id, :effective => true)
+        assignments = @service.role_assignments.all(:user_id => foobar_user.id, :effective => true)
         expect(assignments.length).to be 1
         expect(assignments.first.role['id']).to eq foobar_role.id
         expect(assignments.first.user['id']).to eq foobar_user.id
@@ -508,7 +474,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         expect(assignments.first.links['assignment'].end_with? "/v3/domains/#{foobar_domain.id}/groups/#{foobar_group.id}/roles/#{foobar_role.id}").to be true
         expect(assignments.first.links['membership'].end_with? "/v3/groups/#{foobar_group.id}/users/#{foobar_user.id}").to be true
-        group_assignments = @id_v3.role_assignments.all(:group_id => foobar_group.id)
+        group_assignments = @service.role_assignments.all(:group_id => foobar_group.id)
         expect(group_assignments.length).to be 1
         expect(group_assignments.first.role['id']).to eq foobar_role.id
         expect(group_assignments.first.group['id']).to eq foobar_group.id
@@ -517,16 +483,16 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         # Revoke the role from the group and check the user no longer has it
         foobar_group.revoke_role foobar_role.id
-        expect(@id_v3.role_assignments.all(:user_id => foobar_user.id, :effective => true).length).to be 0
+        expect(@service.role_assignments.all(:user_id => foobar_user.id, :effective => true).length).to be 0
       ensure
         # Clean up
-        foobar_user = @id_v3.users.find_by_name('u-foobar_foobar').first unless foobar_user
+        foobar_user = @service.users.find_by_name('u-foobar_foobar').first unless foobar_user
         foobar_user.destroy if foobar_user
-        foobar_group = @id_v3.groups.all.select { |group| group.name == 'g-foobar' }.first unless foobar_group
+        foobar_group = @service.groups.all.select { |group| group.name == 'g-foobar' }.first unless foobar_group
         foobar_group.destroy if foobar_group
-        foobar_role = @id_v3.roles.all.select { |role| role.name == 'foobar_role' }.first unless foobar_role
+        foobar_role = @service.roles.all.select { |role| role.name == 'foobar_role' }.first unless foobar_role
         foobar_role.destroy if foobar_role
-        foobar_domain = @id_v3.domains.all.select { |domain| domain.name == 'd-foobar' }.first unless foobar_domain
+        foobar_domain = @service.domains.all.select { |domain| domain.name == 'd-foobar' }.first unless foobar_domain
         foobar_domain.update(:enabled => false) if foobar_domain
         foobar_domain.destroy if foobar_domain
       end
@@ -536,18 +502,18 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it "lists roles" do
     VCR.use_cassette('idv3_role') do
-      roles = @id_v3.roles
+      roles = @service.roles
       expect(roles).to_not be_nil
       expect(roles.length).to_not be 0
-      roles_all = @id_v3.roles.all
+      roles_all = @service.roles.all
       expect(roles_all).to_not be_nil
       expect(roles_all.length).to_not be 0
-      role_by_id = @id_v3.roles.find_by_id roles_all.first.id
+      role_by_id = @service.roles.find_by_id roles_all.first.id
       expect(role_by_id).to_not be_nil
-      expect { @id_v3.roles.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.roles.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
@@ -556,26 +522,26 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       begin
         # Create a role called foobar
-        foobar_role = @id_v3.roles.create(:name => 'foobar23')
+        foobar_role = @service.roles.create(:name => 'foobar23')
         foobar_id = foobar_role.id
-        expect(@id_v3.roles.all(:name => 'foobar23').length).to be 1
+        expect(@service.roles.all(:name => 'foobar23').length).to be 1
         # Rename it to baz
         foobar_role.update(:name => 'baz23')
         expect(foobar_role.name).to eq 'baz23'
         # Read the role freshly and check the name & enabled state
-        expect(@id_v3.roles.all(:name => 'baz23').length).to be 1
-        baz_role = @id_v3.roles.find_by_id foobar_id
+        expect(@service.roles.all(:name => 'baz23').length).to be 1
+        baz_role = @service.roles.find_by_id foobar_id
         expect(baz_role).to_not be_nil
         expect(baz_role.name).to eq 'baz23'
       ensure
         # Delete the role
         baz_role.destroy if baz_role
         # Check that the deletion worked
-        expect { @id_v3.roles.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
+        expect { @service.roles.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
         ['foobar23', 'baz23'].each do |role_name|
-          expect(@id_v3.roles.all(:name => role_name).length).to be 0
+          expect(@service.roles.all(:name => role_name).length).to be 0
         end
       end
     end
@@ -584,30 +550,30 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it "lists projects" do
     VCR.use_cassette('idv3_project') do
-      projects = @id_v3.projects
+      projects = @service.projects
       expect(projects).to_not be_nil
       expect(projects.length).to_not be 0
-      projects_all = @id_v3.projects.all
+      projects_all = @service.projects.all
       expect(projects_all).to_not be_nil
       expect(projects_all.length).to_not be 0
-      project_byid = @id_v3.projects.find_by_id projects_all.first.id
+      project_byid = @service.projects.find_by_id projects_all.first.id
       expect(project_byid).to_not be_nil
-      expect { @id_v3.projects.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.projects.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
   it "CRUD projects" do
     VCR.use_cassette('idv3_project_crud') do
-      default_domain = @id_v3.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
+      default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
       begin
         # Create a project called foobar - should not work without domain id?
-        foobar_project = @id_v3.projects.create(:name => 'p-foobar46')
+        foobar_project = @service.projects.create(:name => 'p-foobar46')
         foobar_id = foobar_project.id
-        expect(@id_v3.projects.all(:name => 'p-foobar46').length).to be 1
+        expect(@service.projects.all(:name => 'p-foobar46').length).to be 1
         expect(foobar_project.domain_id).to eq default_domain.id
         # Rename it to baz and disable it (required so we can delete it)
@@ -615,8 +581,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         expect(foobar_project.name).to eq 'p-baz46'
         # Read the project freshly and check the name & enabled state
-        expect(@id_v3.projects.all(:name => 'p-baz46').length).to be 1
-        baz_project = @id_v3.projects.find_by_id foobar_id
+        expect(@service.projects.all(:name => 'p-baz46').length).to be 1
+        baz_project = @service.projects.find_by_id foobar_id
         expect(baz_project).to_not be_nil
         expect(baz_project.name).to eq 'p-baz46'
         expect(baz_project.enabled).to be false
@@ -625,9 +591,102 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         baz_project.destroy
         # Check that the deletion worked
-        expect { @id_v3.projects.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
+        expect { @service.projects.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
         ['p-foobar46', 'p-baz46'].each do |project_name|
-          expect(@id_v3.projects.all(:name => project_name).length).to be 0
+          expect(@service.projects.all(:name => project_name).length).to be 0
+        end
+      end
+    end
+  end
+  it "CRUD & list hierarchical projects" do
+    VCR.use_cassette('idv3_project_hier_crud_list') do
+      default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
+      begin
+        # Create a project called foobar
+        foobar_project = @service.projects.create(:name => 'p-foobar67')
+        foobar_id = foobar_project.id
+        # Create a sub-project called baz
+        baz_project = @service.projects.create(:name => 'p-baz67', :parent_id => foobar_id)
+        baz_id = baz_project.id
+        expect(baz_project.parent_id).to eq foobar_id
+        # Read the project freshly and check the parent_id
+        fresh_baz_project = @service.projects.all(:name => 'p-baz67').first
+        expect(fresh_baz_project).to_not be_nil
+        expect(fresh_baz_project.parent_id).to eq foobar_id
+        # Create another sub-project called boo
+        boo_project = @service.projects.create(:name => 'p-boo67', :parent_id => foobar_id)
+        boo_id = boo_project.id
+        # Create a sub-project of boo called booboo
+        booboo_project = @service.projects.create(:name => 'p-booboo67', :parent_id => boo_id)
+        booboo_id = booboo_project.id
+        # Make sure we have a role on all these projects (needed for subtree_as_list and parents_as_list)
+        prj_role = @service.roles.create(:name => 'r-project67')
+        [foobar_project, baz_project, boo_project, booboo_project].each do |project|
+          project.grant_role_to_user(prj_role.id, @service.current_user_id)
+        end
+        # Get the children of foobar, as a tree of IDs
+        foobar_kids = @service.projects.find_by_id(foobar_id, :subtree_as_ids).subtree
+        expect(foobar_kids.keys.length).to eq 2
+        boo_index = foobar_kids.keys.index boo_id
+        expect(boo_index).to_not be_nil
+        foobar_child_id = foobar_kids.keys[boo_index]
+        expect(foobar_kids[foobar_child_id].length).to eq 1
+        foobar_grandchild_id = foobar_kids[foobar_child_id].keys.first
+        expect(foobar_grandchild_id).to eq booboo_id
+        # Get the children of foobar, as a list of objects
+        foobar_kids = @service.projects.find_by_id(foobar_id, :subtree_as_list).subtree
+        expect(foobar_kids.length).to eq 3
+        expect([foobar_kids[0].id,foobar_kids[1].id,foobar_kids[2].id].sort
+          ).to eq [baz_id, boo_id, booboo_id].sort
+        # Create a another sub-project of boo called fooboo and check that it appears in the parent's subtree
+        fooboo_project = @service.projects.create(:name => 'p-fooboo67', :parent_id => boo_id)
+        fooboo_id = fooboo_project.id
+        fooboo_project.grant_role_to_user(prj_role.id, @service.current_user_id)
+        foobar_new_kids = @service.projects.find_by_id(foobar_id, :subtree_as_list).subtree
+        expect(foobar_new_kids.length).to eq 4
+        # Get the parents of booboo, as a tree of IDs
+        booboo_parents = @service.projects.find_by_id(booboo_id, :parents_as_ids).parents
+        expect(booboo_parents.keys.length).to eq 1
+        booboo_parent_id = booboo_parents.keys.first
+        expect(booboo_parents[booboo_parent_id].length).to eq 1
+        booboo_grandparent_id = booboo_parents[booboo_parent_id].keys.first
+        expect(booboo_grandparent_id).to eq foobar_id
+        expect(booboo_parents[booboo_parent_id][booboo_grandparent_id]).to be_nil
+        # Get the parents of booboo, as a list of objects
+        booboo_parents = @service.projects.find_by_id(booboo_id, :parents_as_list).parents
+        expect(booboo_parents.length).to eq 2
+        expect([booboo_parents[0].id,booboo_parents[1].id].sort).to eq [foobar_id, boo_id].sort
+      ensure
+        # Delete the projects
+        fooboo_project.destroy if fooboo_project
+        booboo_project.destroy if booboo_project
+        boo_project.destroy if boo_project
+        baz_project.destroy if baz_project
+        foobar_project.destroy if foobar_project
+        prj_role = @service.roles.all(:name => 'r-project67').first unless prj_role
+        prj_role.destroy if prj_role
+        # Check that the deletion worked
+        expect { @service.projects.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
+        ['p-booboo67', 'p-fooboo67', 'p-boo67', 'p-baz67', 'p-foobar67'].each do |project_name|
+          prj = @service.projects.all(:name => project_name).first
+          prj.destroy if prj
+          expect(@service.projects.all(:name => project_name).length).to be 0
         end
       end
     end
@@ -637,35 +696,35 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
     VCR.use_cassette('idv3_project_group_user_roles_mutation') do
       # Make sure there is no existing project called foobar
-      @id_v3.projects.all(:name => 'p-foobar69').each do |project|
+      @service.projects.all(:name => 'p-foobar69').each do |project|
         project.update(:enabled => false)
         project.destroy
       end
-      expect(@id_v3.projects.all(:name => 'p-foobar69').length).to be 0
+      expect(@service.projects.all(:name => 'p-foobar69').length).to be 0
       begin
         # Create a project called foobar
-        foobar_project = @id_v3.projects.create(:name => 'p-foobar69')
+        foobar_project = @service.projects.create(:name => 'p-foobar69')
         # Create a role called baz
-        @id_v3.roles.all(:name => 'baz').each do |role|
+        @service.roles.all(:name => 'baz').each do |role|
           role.update(:enabled => false)
           role.destroy
         end
-        baz_role = @id_v3.roles.create(:name => 'baz69')
+        baz_role = @service.roles.create(:name => 'baz69')
         # Create a user
-        foobar_user = @id_v3.users.create(:name => 'u-foobar69',
+        foobar_user = @service.users.create(:name => 'u-foobar69',
                                           :email => 'foobar@example.com',
                                           :password => 's3cret!')
         # Create a group and add the user to it
-        foobar_group = @id_v3.groups.create(:name => 'g-foobar69',
+        foobar_group = @service.groups.create(:name => 'g-foobar69',
                                             :description => "Group of Foobar users")
         foobar_group.add_user foobar_user.id
         # User has no projects initially
         expect(foobar_user.projects.length).to be 0
-        expect(@id_v3.role_assignments.all(:user_id => foobar_user.id,
+        expect(@service.role_assignments.all(:user_id => foobar_user.id,
                                            :project_id => foobar_project.id,
                                            :effective => true).length).to be 0
         expect(foobar_project.user_roles(foobar_user.id).length).to be 0
@@ -684,7 +743,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         # Group initially has no roles in project
         expect(foobar_project.group_roles(foobar_group.id).length).to be 0
-        expect(@id_v3.role_assignments.all(:user_id => foobar_user.id,
+        expect(@service.role_assignments.all(:user_id => foobar_user.id,
                                            :project_id => foobar_project.id,
                                            :effective => true).length).to be 0
@@ -694,7 +753,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         expect(foobar_project.group_roles(foobar_group.id).length).to be 1
         # Now we check that a user has the role in that project
-        assignments = @id_v3.role_assignments.all(:user_id => foobar_user.id,
+        assignments = @service.role_assignments.all(:user_id => foobar_user.id,
                                                   :project_id => foobar_project.id,
                                                   :effective => true)
         expect(assignments.length).to be 1
@@ -726,39 +785,39 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it "lists services" do
     VCR.use_cassette('idv3_service') do
-      services = @id_v3.services
+      services = @service.services
       expect(services).to_not be_nil
       expect(services.length).to_not be 0
-      services_all = @id_v3.services.all
+      services_all = @service.services.all
       expect(services_all).to_not be_nil
       expect(services_all.length).to_not be 0
-      some_service = @id_v3.services.find_by_id services_all.first.id
+      some_service = @service.services.find_by_id services_all.first.id
       expect(some_service).to_not be_nil
-      expect { @id_v3.services.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.services.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
   it "CRUD services" do
     VCR.use_cassette('idv3_services_crud') do
-      all_services = @id_v3.services.all
+      all_services = @service.services.all
       begin
         # Create a service called foobar
-        foobar_service = @id_v3.services.create(:type => 'volume', :name => 'foobar')
+        foobar_service = @service.services.create(:type => 'volume', :name => 'foobar')
         foobar_id = foobar_service.id
-        expect(@id_v3.services.all(:type => 'volume').select { |service| service.name == 'foobar' }.length).to be 1
+        expect(@service.services.all(:type => 'volume').select { |service| service.name == 'foobar' }.length).to be 1
         # Rename it to baz
         foobar_service.update(:name => 'baz')
         expect(foobar_service.name).to eq 'baz'
         # Read the service freshly and check the name
-        expect(@id_v3.services.all.select { |service| service.name == 'baz' }.length).to be 1
-        baz_service = @id_v3.services.find_by_id foobar_id
+        expect(@service.services.all.select { |service| service.name == 'baz' }.length).to be 1
+        baz_service = @service.services.find_by_id foobar_id
         expect(baz_service).to_not be_nil
         expect(baz_service.name).to eq 'baz'
         expect(baz_service.type).to eq 'volume'
@@ -767,8 +826,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         baz_service.destroy if baz_service
         # Check that the deletion worked
-        expect { @id_v3.services.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
-        expect(@id_v3.services.all.select { |service| ['foobar', 'baz'].include? service.name }.length).to be 0
+        expect { @service.services.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
+        expect(@service.services.all.select { |service| ['foobar', 'baz'].include? service.name }.length).to be 0
       end
     end
   end
@@ -776,36 +835,36 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
   it "lists endpoints" do
     VCR.use_cassette('idv3_endpoint') do
-      endpoints = @id_v3.endpoints
+      endpoints = @service.endpoints
       expect(endpoints).to_not be_nil
       expect(endpoints.length).to_not be 0
-      endpoints_all = @id_v3.endpoints.all
+      endpoints_all = @service.endpoints.all
       expect(endpoints_all).to_not be_nil
       expect(endpoints_all.length).to_not be 0
-      some_endpoint = @id_v3.endpoints.find_by_id endpoints_all.first.id
+      some_endpoint = @service.endpoints.find_by_id endpoints_all.first.id
       expect(some_endpoint).to_not be_nil
-      expect { @id_v3.endpoints.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.endpoints.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
   it "CRUD endpoints" do
     VCR.use_cassette('idv3_endpoints_crud') do
-      service = @id_v3.services.all.first
-      all_endpoints = @id_v3.endpoints.all
+      service = @service.services.all.first
+      all_endpoints = @service.endpoints.all
       begin
         # Create a endpoint called foobar
-        foobar_endpoint = @id_v3.endpoints.create(:service_id => service.id,
+        foobar_endpoint = @service.endpoints.create(:service_id => service.id,
                                                   :interface => 'internal',
                                                   :name => 'foobar',
                                                   :url => 'http://example.com/foobar',
                                                   :enabled => false)
         foobar_id = foobar_endpoint.id
-        expect(@id_v3.endpoints.all(:interface => 'internal').select { |endpoint| endpoint.name == 'foobar' }.length).to be 1
+        expect(@service.endpoints.all(:interface => 'internal').select { |endpoint| endpoint.name == 'foobar' }.length).to be 1
         # Rename it to baz
         foobar_endpoint.update(:name => 'baz', :url => 'http://example.com/baz')
@@ -813,8 +872,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         expect(foobar_endpoint.url).to eq 'http://example.com/baz'
         # Read the endpoint freshly and check the name
-        expect(@id_v3.endpoints.all(:interface => 'internal').select { |endpoint| endpoint.name == 'baz' }.length).to be 1
-        baz_endpoint = @id_v3.endpoints.find_by_id foobar_id
+        expect(@service.endpoints.all(:interface => 'internal').select { |endpoint| endpoint.name == 'baz' }.length).to be 1
+        baz_endpoint = @service.endpoints.find_by_id foobar_id
         expect(baz_endpoint).to_not be_nil
         expect(baz_endpoint.name).to eq 'baz'
         expect(baz_endpoint.url).to eq 'http://example.com/baz'
@@ -824,21 +883,21 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         baz_endpoint.destroy
         # Check that the deletion worked
-        expect { @id_v3.endpoints.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
-        expect(@id_v3.endpoints.all.select { |endpoint| ['foobar', 'baz'].include? endpoint.name }.length).to be 0
+        expect { @service.endpoints.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
+        expect(@service.endpoints.all.select { |endpoint| ['foobar', 'baz'].include? endpoint.name }.length).to be 0
       end
     end
   end
   it "lists OS credentials" do
     VCR.use_cassette('idv3_credential') do
-      credentials = @id_v3.os_credentials
+      credentials = @service.os_credentials
       expect(credentials).to_not be_nil
-      credentials_all = @id_v3.os_credentials.all
+      credentials_all = @service.os_credentials.all
       expect(credentials_all).to_not be_nil
-      expect { @id_v3.os_credentials.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.os_credentials.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
@@ -847,10 +906,10 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       begin
         # Create a user
-        foobar_user = @id_v3.users.create(:name => 'u-foobar_cred',
+        foobar_user = @service.users.create(:name => 'u-foobar_cred',
                                           :email => 'foobar@example.com',
                                           :password => 's3cret!')
-        project = @id_v3.projects.all.first
+        project = @service.projects.all.first
         access_key = '9c4e774a-f644-498f-90c4-970b3f817fc5'
         secret_key = '7e084117-b13d-4656-9eca-85376b690897'
@@ -860,18 +919,18 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
                      :secret => secret_key}.to_json
         # Make sure there are no existing ec2 credentials
-        @id_v3.os_credentials.all.select { |credential| credential.type == 'foo' || credential.type == 'ec2' }.each do |credential|
+        @service.os_credentials.all.select { |credential| credential.type == 'foo' || credential.type == 'ec2' }.each do |credential|
           credential.destroy
         end
-        expect(@id_v3.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 0
+        expect(@service.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 0
         # Create a credential
-        foo_credential = @id_v3.os_credentials.create(:type => 'ec2',
+        foo_credential = @service.os_credentials.create(:type => 'ec2',
                                                       :project_id => project.id,
                                                       :user_id => foobar_user.id,
                                                       :blob => blob_json)
         credential_id = foo_credential.id
-        expect(@id_v3.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 1
+        expect(@service.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 1
         # Update secret key
         new_secret_key = '62307bcd-ca3c-47ae-a114-27a6cadb5bc9'
@@ -881,14 +940,14 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         expect(JSON.parse(foo_credential.blob)['secret']).to eq new_secret_key
         # Read the credential freshly and check the secret key
-        expect(@id_v3.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 1
-        updated_credential = @id_v3.os_credentials.find_by_id credential_id
+        expect(@service.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 1
+        updated_credential = @service.os_credentials.find_by_id credential_id
         expect(updated_credential).to_not be_nil
         expect(updated_credential.type).to eq 'ec2'
         expect(JSON.parse(updated_credential.blob)['secret']).to eq new_secret_key
       ensure
-        foobar_user = @id_v3.users.find_by_name('u-foobar_cred').first unless foobar_user
+        foobar_user = @service.users.find_by_name('u-foobar_cred').first unless foobar_user
         foobar_user.destroy if foobar_user
         # Delete the credential
         begin
@@ -899,23 +958,23 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
         end
         # Check that the deletion worked
-        expect { @id_v3.os_credentials.find_by_id credential_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if credential_id
-        expect(@id_v3.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 0
+        expect { @service.os_credentials.find_by_id credential_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if credential_id
+        expect(@service.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 0
       end
     end
   end
   it "lists policies" do
     VCR.use_cassette('idv3_policy') do
-      policies = @id_v3.policies
+      policies = @service.policies
       expect(policies).to_not be_nil
       expect(policies.length).to be 0
-      policies_all = @id_v3.policies.all
+      policies_all = @service.policies.all
       expect(policies_all).to_not be_nil
       expect(policies_all.length).to be 0
-      expect { @id_v3.policies.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect { @service.policies.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
     end
   end
@@ -925,13 +984,13 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       blob = {'foobar_user' => ['role:compute-user']}.to_json
       # Make sure there are no existing policies
-      expect(@id_v3.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 0
+      expect(@service.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 0
       # Create a policy
-      foo_policy = @id_v3.policies.create(:type => 'application/json',
+      foo_policy = @service.policies.create(:type => 'application/json',
                                           :blob => blob)
       policy_id = foo_policy.id
-      expect(@id_v3.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 1
+      expect(@service.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 1
       # Update policy blob
       new_blob = {'baz_user' => ['role:compute-user']}.to_json
@@ -939,8 +998,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       expect(foo_policy.blob).to eq new_blob
       # Read the policy freshly and check the secret key
-      expect(@id_v3.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 1
-      updated_policy = @id_v3.policies.find_by_id policy_id
+      expect(@service.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 1
+      updated_policy = @service.policies.find_by_id policy_id
       expect(updated_policy).to_not be_nil
       expect(updated_policy.type).to eq 'application/json'
       expect(updated_policy.blob).to eq new_blob
@@ -949,8 +1008,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
       updated_policy.destroy
       # Check that the deletion worked
-      expect { @id_v3.policies.find_by_id policy_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
-      expect(@id_v3.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 0
+      expect { @service.policies.find_by_id policy_id }.to raise_error(Fog::Identity::OpenStack::NotFound)
+      expect(@service.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 0
     end
   end