Move test_tokens test to static
Letting os_primary be the user in this test case allows the token to
authenticate, get and delete without having to create a test user. This
allows the test to work with pre-provisioned credentials. Also moves the
test to the non-admin directory because the test uses os_primary creds
(for principle of least privilege).
Partial-Bug: #1714277
Co-Authored-By: Tin Lam <tin@irrational.io>
Change-Id: I55345132e0f461b36b08d222680a7e11eb945116
diff --git a/tempest/api/identity/admin/v3/test_tokens.py b/tempest/api/identity/admin/v3/test_tokens.py
index 532f0d7..8ae43d6 100644
--- a/tempest/api/identity/admin/v3/test_tokens.py
+++ b/tempest/api/identity/admin/v3/test_tokens.py
@@ -19,7 +19,6 @@
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
-from tempest.lib import exceptions as lib_exc
CONF = config.CONF
@@ -28,30 +27,6 @@
credentials = ['primary', 'admin', 'alt']
- @decorators.idempotent_id('0f9f5a5f-d5cd-4a86-8a5b-c5ded151f212')
- def test_tokens(self):
- # Valid user's token is authenticated
- # Create a User
- u_name = data_utils.rand_name('user')
- u_desc = '%s-description' % u_name
- u_password = data_utils.rand_password()
- user = self.create_test_user(
- name=u_name, description=u_desc, password=u_password)
- # Perform Authentication
- resp = self.token.auth(user_id=user['id'],
- password=u_password).response
- subject_token = resp['x-subject-token']
- self.client.check_token_existence(subject_token)
- # Perform GET Token
- token_details = self.client.show_token(subject_token)['token']
- self.assertEqual(resp['x-subject-token'], subject_token)
- self.assertEqual(token_details['user']['id'], user['id'])
- self.assertEqual(token_details['user']['name'], u_name)
- # Perform Delete Token
- self.client.delete_token(subject_token)
- self.assertRaises(lib_exc.NotFound, self.client.check_token_existence,
- subject_token)
-
@decorators.idempotent_id('565fa210-1da1-4563-999b-f7b5b67cf112')
def test_rescope_token(self):
"""Rescope a token.
diff --git a/tempest/api/identity/v3/test_tokens.py b/tempest/api/identity/v3/test_tokens.py
index 4c72d82..f13aa10 100644
--- a/tempest/api/identity/v3/test_tokens.py
+++ b/tempest/api/identity/v3/test_tokens.py
@@ -91,3 +91,28 @@
self.assertIsNotNone(subject_name, 'Expected user name in token.')
self.assertEqual(resp['methods'][0], 'password')
+
+ @decorators.idempotent_id('0f9f5a5f-d5cd-4a86-8a5b-c5ded151f212')
+ def test_token_auth_creation_existence_deletion(self):
+ # Tests basic token auth functionality in a way that is compatible with
+ # pre-provisioned credentials. The default user is used for token
+ # authentication.
+
+ # Valid user's token is authenticated
+ user = self.os_primary.credentials
+ # Perform Authentication
+ resp = self.non_admin_token.auth(
+ user_id=user.user_id, password=user.password).response
+ subject_token = resp['x-subject-token']
+ self.non_admin_client.check_token_existence(subject_token)
+ # Perform GET Token
+ token_details = self.non_admin_client.show_token(
+ subject_token)['token']
+ self.assertEqual(resp['x-subject-token'], subject_token)
+ self.assertEqual(token_details['user']['id'], user.user_id)
+ self.assertEqual(token_details['user']['name'], user.username)
+ # Perform Delete Token
+ self.non_admin_client.delete_token(subject_token)
+ self.assertRaises(lib_exc.NotFound,
+ self.non_admin_client.check_token_existence,
+ subject_token)