Add missing v2 token related testcases

We have added scenarios to test_validate_token_head(), test_validate_token() and test_validate_revoke_token() Change-Id: I9a781e3062b3d86cfb2d846b10437453bcb6a56e Co-Authored-By: Nishant Kumar <nk613n@att.com> Co-Authored-By: Pradeep Kumar <pk5294@att.com> Depends-On: Idc351fdcce420bb42c00bab23460f32e3c66e9ce Closes-Bug: #1689262
2017-04-13 10:12:24 +05:30 · 2017-04-13 10:12:24 +05:30 · f85cedce58
parent 4aa609ea01
commit f85cedce58
3 changed files with 89 additions and 0 deletions
--- a/patrole_tempest_plugin/tests/api/identity/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
@ -183,6 +183,7 @@ class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
    def resource_setup(cls):
        super(BaseIdentityV2AdminRbacTest, cls).resource_setup()
        cls.tenants = []
+        cls.tokens = []

    @classmethod
    def resource_cleanup(cls):
@ -190,6 +191,10 @@ class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
            test_utils.call_and_ignore_notfound_exc(
                cls.tenants_client.delete_tenant, tenant['id'])

+        for token in cls.tokens:
+            test_utils.call_and_ignore_notfound_exc(
+                cls.client.delete_token, token)
+
        super(BaseIdentityV2AdminRbacTest, cls).resource_cleanup()

    @classmethod
@ -203,6 +208,15 @@ class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
        cls.tenants.append(tenant)
        return tenant

+    @classmethod
+    def setup_test_token(cls, user_name, password, tenant_name):
+        """Set up a test token."""
+        token = cls.token_client.auth(user_name, password,
+                                      tenant_name)['token']
+        token_id = token['id']
+        cls.tokens.append(token_id)
+        return token_id
+

 class BaseIdentityV3RbacTest(BaseIdentityRbacTest):

--- a/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py
@ -0,0 +1,72 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.identity import rbac_base
+
+
+class IdentityTokenV2RbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
+
+    def _create_token(self):
+
+        user_name = self.client.auth_provider.credentials.username
+        tenant_name = self.client.auth_provider.credentials.tenant_name
+        password = self.client.auth_provider.credentials.password
+        token_id = self.setup_test_token(user_name, password,
+                                         tenant_name)
+        return token_id
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:validate_token")
+    @decorators.idempotent_id('71471202-4c4e-4a3d-9d41-57eb621bf3bb')
+    def test_validate_token(self):
+
+        """Validate token (get-token)
+
+        RBAC test for Identity v2 get token validation
+        """
+        token_id = self._create_token()
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.client.show_token(token_id)
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:revoke_token")
+    @decorators.idempotent_id('77338f66-0713-4f20-b11c-b0d750618276')
+    def test_revoke_token(self):
+
+        """Revoke token (delete-token)
+
+        RBAC test for Identity v2 delete token
+        """
+        token_id = self._create_token()
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.client.delete_token(token_id)
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:validate_token_head")
+    @decorators.idempotent_id('71471202-4c4e-4a3d-9d41-57eb621bf3ba')
+    def test_check_token_existence(self):
+
+        """Validate Token head
+
+        RBAC test for Identity v2 token head validation
+        """
+        token_id = self._create_token()
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.client.check_token_existence(token_id)
--- a/releasenotes/notes/test_tokens_rbac-7f36919b786e9ffc.yaml
+++ b/releasenotes/notes/test_tokens_rbac-7f36919b786e9ffc.yaml
@ -0,0 +1,3 @@
+---
+features:
+  - Added RBAC test scenarios for the token-related admin v2 identity API.