Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 1938e67ffa00dffafb66058e47497515669d7df3^1..1938e67ffa00dffafb66058e47497515669d7df3 / .
commit1938e67ffa00dffafb66058e47497515669d7df3[log] [tgz]
authorJenkins <jenkins@review.openstack.org>Wed Jun 21 15:40:41 2017 +0000
committerGerrit Code Review <review@openstack.org>Wed Jun 21 15:40:41 2017 +0000
tree9dfd0539bf029ce45bfedcd0fd2b49f46b507129
parent4a8921680317507a2524c94d14c1188eabf4f447 [diff]
parentf85cedce588c0543034a57be948243c807144b25 [diff]
Merge "Add missing v2 token related testcases"
diff --git a/patrole_tempest_plugin/tests/api/identity/rbac_base.py b/patrole_tempest_plugin/tests/api/identity/rbac_base.py
index 6cb3d2f..a053614 100644
--- a/patrole_tempest_plugin/tests/api/identity/rbac_base.py
+++ b/patrole_tempest_plugin/tests/api/identity/rbac_base.py

@@ -183,6 +183,7 @@
     def resource_setup(cls):
         super(BaseIdentityV2AdminRbacTest, cls).resource_setup()
         cls.tenants = []
+        cls.tokens = []
 
     @classmethod
     def resource_cleanup(cls):
@@ -190,6 +191,10 @@
             test_utils.call_and_ignore_notfound_exc(
                 cls.tenants_client.delete_tenant, tenant['id'])
 
+        for token in cls.tokens:
+            test_utils.call_and_ignore_notfound_exc(
+                cls.client.delete_token, token)
+
         super(BaseIdentityV2AdminRbacTest, cls).resource_cleanup()
 
     @classmethod
@@ -203,6 +208,15 @@
         cls.tenants.append(tenant)
         return tenant
 
+    @classmethod
+    def setup_test_token(cls, user_name, password, tenant_name):
+        """Set up a test token."""
+        token = cls.token_client.auth(user_name, password,
+                                      tenant_name)['token']
+        token_id = token['id']
+        cls.tokens.append(token_id)
+        return token_id
+
 
 class BaseIdentityV3RbacTest(BaseIdentityRbacTest):
 

diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py
new file mode 100644
index 0000000..25150dd
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_tokens_rbac.py

@@ -0,0 +1,72 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.lib import decorators
+
+from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin.tests.api.identity import rbac_base
+
+
+class IdentityTokenV2RbacTest(rbac_base.BaseIdentityV2AdminRbacTest):
+
+    def _create_token(self):
+
+        user_name = self.client.auth_provider.credentials.username
+        tenant_name = self.client.auth_provider.credentials.tenant_name
+        password = self.client.auth_provider.credentials.password
+        token_id = self.setup_test_token(user_name, password,
+                                         tenant_name)
+        return token_id
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:validate_token")
+    @decorators.idempotent_id('71471202-4c4e-4a3d-9d41-57eb621bf3bb')
+    def test_validate_token(self):
+
+        """Validate token (get-token)
+
+        RBAC test for Identity v2 get token validation
+        """
+        token_id = self._create_token()
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.client.show_token(token_id)
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:revoke_token")
+    @decorators.idempotent_id('77338f66-0713-4f20-b11c-b0d750618276')
+    def test_revoke_token(self):
+
+        """Revoke token (delete-token)
+
+        RBAC test for Identity v2 delete token
+        """
+        token_id = self._create_token()
+
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.client.delete_token(token_id)
+
+    @rbac_rule_validation.action(service="keystone",
+                                 rule="identity:validate_token_head")
+    @decorators.idempotent_id('71471202-4c4e-4a3d-9d41-57eb621bf3ba')
+    def test_check_token_existence(self):
+
+        """Validate Token head
+
+        RBAC test for Identity v2 token head validation
+        """
+        token_id = self._create_token()
+        self.rbac_utils.switch_role(self, toggle_rbac_role=True)
+        self.client.check_token_existence(token_id)

diff --git a/releasenotes/notes/test_tokens_rbac-7f36919b786e9ffc.yaml b/releasenotes/notes/test_tokens_rbac-7f36919b786e9ffc.yaml
new file mode 100644
index 0000000..5ff448b
--- /dev/null
+++ b/releasenotes/notes/test_tokens_rbac-7f36919b786e9ffc.yaml

@@ -0,0 +1,3 @@
+---
+features:
+  - Added RBAC test scenarios for the token-related admin v2 identity API.