Add missing v2 token related testcases
We have added scenarios to test_validate_token_head(), test_validate_token() and test_validate_revoke_token() Change-Id: I9a781e3062b3d86cfb2d846b10437453bcb6a56e Co-Authored-By: Nishant Kumar <nk613n@att.com> Co-Authored-By: Pradeep Kumar <pk5294@att.com> Depends-On: Idc351fdcce420bb42c00bab23460f32e3c66e9ce Closes-Bug: #1689262
This commit is contained in:
parent
4aa609ea01
commit
f85cedce58
|
@ -183,6 +183,7 @@ class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
|
|||
def resource_setup(cls):
|
||||
super(BaseIdentityV2AdminRbacTest, cls).resource_setup()
|
||||
cls.tenants = []
|
||||
cls.tokens = []
|
||||
|
||||
@classmethod
|
||||
def resource_cleanup(cls):
|
||||
|
@ -190,6 +191,10 @@ class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
|
|||
test_utils.call_and_ignore_notfound_exc(
|
||||
cls.tenants_client.delete_tenant, tenant['id'])
|
||||
|
||||
for token in cls.tokens:
|
||||
test_utils.call_and_ignore_notfound_exc(
|
||||
cls.client.delete_token, token)
|
||||
|
||||
super(BaseIdentityV2AdminRbacTest, cls).resource_cleanup()
|
||||
|
||||
@classmethod
|
||||
|
@ -203,6 +208,15 @@ class BaseIdentityV2AdminRbacTest(BaseIdentityRbacTest):
|
|||
cls.tenants.append(tenant)
|
||||
return tenant
|
||||
|
||||
@classmethod
|
||||
def setup_test_token(cls, user_name, password, tenant_name):
|
||||
"""Set up a test token."""
|
||||
token = cls.token_client.auth(user_name, password,
|
||||
tenant_name)['token']
|
||||
token_id = token['id']
|
||||
cls.tokens.append(token_id)
|
||||
return token_id
|
||||
|
||||
|
||||
class BaseIdentityV3RbacTest(BaseIdentityRbacTest):
|
||||
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
# Copyright 2017 AT&T Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib import decorators
|
||||
|
||||
from patrole_tempest_plugin import rbac_rule_validation
|
||||
from patrole_tempest_plugin.tests.api.identity import rbac_base
|
||||
|
||||
|
||||
class IdentityTokenV2RbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
|
||||
|
||||
def _create_token(self):
|
||||
|
||||
user_name = self.client.auth_provider.credentials.username
|
||||
tenant_name = self.client.auth_provider.credentials.tenant_name
|
||||
password = self.client.auth_provider.credentials.password
|
||||
token_id = self.setup_test_token(user_name, password,
|
||||
tenant_name)
|
||||
return token_id
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:validate_token")
|
||||
@decorators.idempotent_id('71471202-4c4e-4a3d-9d41-57eb621bf3bb')
|
||||
def test_validate_token(self):
|
||||
|
||||
"""Validate token (get-token)
|
||||
|
||||
RBAC test for Identity v2 get token validation
|
||||
"""
|
||||
token_id = self._create_token()
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.client.show_token(token_id)
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:revoke_token")
|
||||
@decorators.idempotent_id('77338f66-0713-4f20-b11c-b0d750618276')
|
||||
def test_revoke_token(self):
|
||||
|
||||
"""Revoke token (delete-token)
|
||||
|
||||
RBAC test for Identity v2 delete token
|
||||
"""
|
||||
token_id = self._create_token()
|
||||
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.client.delete_token(token_id)
|
||||
|
||||
@rbac_rule_validation.action(service="keystone",
|
||||
rule="identity:validate_token_head")
|
||||
@decorators.idempotent_id('71471202-4c4e-4a3d-9d41-57eb621bf3ba')
|
||||
def test_check_token_existence(self):
|
||||
|
||||
"""Validate Token head
|
||||
|
||||
RBAC test for Identity v2 token head validation
|
||||
"""
|
||||
token_id = self._create_token()
|
||||
self.rbac_utils.switch_role(self, toggle_rbac_role=True)
|
||||
self.client.check_token_existence(token_id)
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
features:
|
||||
- Added RBAC test scenarios for the token-related admin v2 identity API.
|
Loading…
Reference in New Issue