Non-admin token tests for Keystone API

Adds non-admin token tests for Keystone/identity API. Work in
support of adding Defcore/interop capabilities for identity.

Currently only supports get token for v2 and v3.

Depends-On: I06fd043e1b31ae0e5e33f4dcf898fb58f2907267
Change-Id: I2134e5694fdbab13b4b19205ecba5711dbac0c25

tempest/api/identity/base.py

@@ -19,6 +19,7 @@ from tempest_lib import exceptions as lib_exc
 
 from tempest import clients
 from tempest.common import cred_provider
+from tempest.common import credentials
 from tempest import config
 import tempest.test
 
@@ -26,13 +27,7 @@ CONF = config.CONF
 LOG = logging.getLogger(__name__)
 
 
-class BaseIdentityAdminTest(tempest.test.BaseTestCase):
-
-    @classmethod
-    def setup_credentials(cls):
-        super(BaseIdentityAdminTest, cls).setup_credentials()
-        cls.os = cls.get_client_manager()
-        cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
+class BaseIdentityTest(tempest.test.BaseTestCase):
 
     @classmethod
     def disable_user(cls, user_name):
@@ -69,14 +64,47 @@ class BaseIdentityAdminTest(tempest.test.BaseTestCase):
             return role[0]
 
 
-class BaseIdentityV2AdminTest(BaseIdentityAdminTest):
+class BaseIdentityV2Test(BaseIdentityTest):
+
+    @classmethod
+    def setup_credentials(cls):
+        super(BaseIdentityV2Test, cls).setup_credentials()
+        cls.os = cls.get_client_manager(identity_version='v2')
 
     @classmethod
     def skip_checks(cls):
-        super(BaseIdentityV2AdminTest, cls).skip_checks()
+        super(BaseIdentityV2Test, cls).skip_checks()
         if not CONF.identity_feature_enabled.api_v2:
             raise cls.skipException("Identity api v2 is not enabled")
 
+    @classmethod
+    def setup_clients(cls):
+        super(BaseIdentityV2Test, cls).setup_clients()
+        cls.non_admin_client = cls.os.identity_client
+        cls.non_admin_token_client = cls.os.token_client
+
+    @classmethod
+    def resource_setup(cls):
+        super(BaseIdentityV2Test, cls).resource_setup()
+
+    @classmethod
+    def resource_cleanup(cls):
+        super(BaseIdentityV2Test, cls).resource_cleanup()
+
+
+class BaseIdentityV2AdminTest(BaseIdentityV2Test):
+
+    @classmethod
+    def setup_credentials(cls):
+        super(BaseIdentityV2AdminTest, cls).setup_credentials()
+        cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
+
+    @classmethod
+    def skip_checks(cls):
+        if not credentials.is_admin_available():
+            raise cls.skipException('v2 Admin auth disabled')
+        super(BaseIdentityV2AdminTest, cls).skip_checks()
+
     @classmethod
     def setup_clients(cls):
         super(BaseIdentityV2AdminTest, cls).setup_clients()
@@ -85,8 +113,6 @@ class BaseIdentityV2AdminTest(BaseIdentityAdminTest):
         if not cls.client.has_admin_extensions():
             raise cls.skipException("Admin extensions disabled")
 
-        cls.non_admin_client = cls.os.identity_client
-
     @classmethod
     def resource_setup(cls):
         super(BaseIdentityV2AdminTest, cls).resource_setup()
@@ -98,14 +124,48 @@ class BaseIdentityV2AdminTest(BaseIdentityAdminTest):
         super(BaseIdentityV2AdminTest, cls).resource_cleanup()
 
 
-class BaseIdentityV3AdminTest(BaseIdentityAdminTest):
+class BaseIdentityV3Test(BaseIdentityTest):
+
+    @classmethod
+    def setup_credentials(cls):
+        super(BaseIdentityV3Test, cls).setup_credentials()
+        cls.os = cls.get_client_manager(identity_version='v3')
 
     @classmethod
     def skip_checks(cls):
-        super(BaseIdentityV3AdminTest, cls).skip_checks()
+        super(BaseIdentityV3Test, cls).skip_checks()
         if not CONF.identity_feature_enabled.api_v3:
             raise cls.skipException("Identity api v3 is not enabled")
 
+    @classmethod
+    def setup_clients(cls):
+        super(BaseIdentityV3Test, cls).setup_clients()
+        cls.non_admin_client = cls.os.identity_v3_client
+        cls.non_admin_token = cls.os.token_v3_client
+        cls.non_admin_endpoints_client = cls.os.endpoints_client
+        cls.non_admin_region_client = cls.os.region_client
+        cls.non_admin_service_client = cls.os.service_client
+        cls.non_admin_policy_client = cls.os.policy_client
+        cls.non_admin_creds_client = cls.os.credentials_client
+
+    @classmethod
+    def resource_cleanup(cls):
+        super(BaseIdentityV3Test, cls).resource_cleanup()
+
+
+class BaseIdentityV3AdminTest(BaseIdentityV3Test):
+
+    @classmethod
+    def setup_credentials(cls):
+        super(BaseIdentityV3AdminTest, cls).setup_credentials()
+        cls.os_adm = clients.Manager(cls.isolated_creds.get_admin_creds())
+
+    @classmethod
+    def skip_checks(cls):
+        if not credentials.is_admin_available():
+            raise cls.skipException('v3 Admin auth disabled')
+        super(BaseIdentityV3AdminTest, cls).skip_checks()
+
     @classmethod
     def setup_clients(cls):
         super(BaseIdentityV3AdminTest, cls).setup_clients()
@@ -114,11 +174,9 @@ class BaseIdentityV3AdminTest(BaseIdentityAdminTest):
         cls.endpoints_client = cls.os_adm.endpoints_client
         cls.region_client = cls.os_adm.region_client
         cls.data = DataGenerator(cls.client)
-        cls.non_admin_client = cls.os.identity_v3_client
         cls.service_client = cls.os_adm.service_client
         cls.policy_client = cls.os_adm.policy_client
         cls.creds_client = cls.os_adm.credentials_client
-        cls.non_admin_client = cls.os.identity_v3_client
 
     @classmethod
     def resource_cleanup(cls):

tempest/api/identity/v2/test_tokens.py

@@ -0,0 +1,38 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class TokensTest(base.BaseIdentityV2Test):
+
+    @test.idempotent_id('65ae3b78-91ff-467b-a705-f6678863b8ec')
+    def test_create_token(self):
+
+        token_client = self.non_admin_token_client
+
+        # get a token for the user
+        creds = self.os.credentials
+        username = creds.username
+        password = creds.password
+        tenant_name = creds.tenant_name
+
+        body = token_client.auth(username,
+                                 password,
+                                 tenant_name)
+
+        self.assertEqual(body['token']['tenant']['name'],
+                         tenant_name)

tempest/api/identity/v3/test_tokens.py

@@ -0,0 +1,33 @@
+# Copyright 2015 OpenStack Foundation
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.api.identity import base
+from tempest import test
+
+
+class TokensV3Test(base.BaseIdentityV3Test):
+
+    @test.idempotent_id('6f8e4436-fc96-4282-8122-e41df57197a9')
+    def test_create_token(self):
+
+        creds = self.os.credentials
+        user_id = creds.user_id
+        username = creds.username
+        password = creds.password
+        resp = self.non_admin_token.auth(user_id=user_id,
+                                         password=password)
+
+        subject_name = resp['token']['user']['name']
+        self.assertEqual(subject_name, username)