Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 840011bcdf8011d2ec5a5507a688c67577d8e512^! / .
commit840011bcdf8011d2ec5a5507a688c67577d8e512[log] [tgz]
authorBrant Knudson <bknudson@us.ibm.com>Sun Mar 16 11:14:14 2014 -0500
committerBrant Knudson <bknudson@us.ibm.com>Sun Mar 16 11:14:57 2014 -0500
treedb595cb71e552e7cdc49f1b3be4a50be14407456
parenta4cfe0c92cc308ccbede29b1d782036d83b97795 [diff]
Enhance test to rescope token using v2

There was a problem in Keystone recently where revoking a token
derived from another token caused the original token to be
revoked, so adding a test here to validate it continues to work
as expected.

Change-Id: I4b6a1440b661c075793e73edc52b4a5919d93d71

diff --git a/tempest/api/identity/admin/test_tokens.py b/tempest/api/identity/admin/test_tokens.py
index c931bcf..7fec28d 100644
--- a/tempest/api/identity/admin/test_tokens.py
+++ b/tempest/api/identity/admin/test_tokens.py

@@ -72,11 +72,16 @@
         self.assertEqual(200, resp.status)
         self.data.users.append(user)
 
-        # Create a tenant.
-        tenant_name = data_utils.rand_name(name='tenant-')
-        resp, tenant = self.client.create_tenant(tenant_name)
+        # Create a couple tenants.
+        tenant1_name = data_utils.rand_name(name='tenant-')
+        resp, tenant1 = self.client.create_tenant(tenant1_name)
         self.assertEqual(200, resp.status)
-        self.data.tenants.append(tenant)
+        self.data.tenants.append(tenant1)
+
+        tenant2_name = data_utils.rand_name(name='tenant-')
+        resp, tenant2 = self.client.create_tenant(tenant2_name)
+        self.assertEqual(200, resp.status)
+        self.data.tenants.append(tenant2)
 
         # Create a role
         role_name = data_utils.rand_name(name='role-')
@@ -84,8 +89,12 @@
         self.assertEqual(200, resp.status)
         self.data.roles.append(role)
 
-        # Grant the user the role on the tenant.
-        resp, _ = self.client.assign_user_role(tenant['id'], user['id'],
+        # Grant the user the role on the tenants.
+        resp, _ = self.client.assign_user_role(tenant1['id'], user['id'],
+                                               role['id'])
+        self.assertEqual(200, resp.status)
+
+        resp, _ = self.client.assign_user_role(tenant2['id'], user['id'],
                                                role['id'])
         self.assertEqual(200, resp.status)
 
@@ -95,10 +104,20 @@
 
         token_id = body['token']['id']
 
-        # Use the unscoped token to get a scoped token.
-        rsp, body = self.token_client.auth_token(token_id, tenant=tenant_name)
+        # Use the unscoped token to get a token scoped to tenant1
+        rsp, body = self.token_client.auth_token(token_id, tenant=tenant1_name)
         self.assertEqual(200, resp.status)
 
+        scoped_token_id = body['token']['id']
+
+        # Revoke the scoped token
+        resp, body = self.client.delete_token(scoped_token_id)
+        self.assertEqual(204, resp.status)
+
+        # Use the unscoped token to get a token scoped to tenant2
+        rsp, body = self.token_client.auth_token(token_id, tenant=tenant2_name)
+        self.assertEqual(204, resp.status)
+
 
 class TokensTestXML(TokensTestJSON):
     _interface = 'xml'