openinfra
/
interop
Code Issues Proposed changes

Add tokens validate capability as 2017.08 advisory 

Add keystone validate token capability into next.json/ 2017.08.
non-admin test case is now available in tempest. Further
details on commit Ice1a241445d532ee2c4b1ad8d2c4c896d755798d
TC call GET on /v3/auth/tokens API.

Depends-On: Ice1a241445d532ee2c4b1ad8d2c4c896d755798d

Change-Id: I062e6148e90ae84d34f2df4577eb581ce76d021b
This commit is contained in:
Luz Cazares 2017-06-19 16:10:39 +00:00
parent b397863e9a
commit a7d431a975
4 changed files with 53 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
next.json
View File

@ -71,6 +71,7 @@
"volumes-v2-upload"
],
"advisory": [
"identity-v3-tokens-validate",
"networks-l3-router",
"networks-l3-CRUD",
"networks-list-api-versions",
@ -1010,31 +1011,6 @@
}
}
},
"identity-v3-tokens-create": {
"achievements": [
"foundation",
"complete",
"doc",
"proximity",
"clients",
"discover",
"sticky",
"future",
"atomic",
"stable",
"tools",
"deployed"
],
"admin": false,
"description": "Auth operations within the Identity API",
"project": "keystone",
"required-since": "2015.05",
"tests": {
"tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
"idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
}
}
},
"identity-v3-api-discovery": {
"achievements": [
"atomic",
@ -1083,13 +1059,60 @@
"admin": false,
"description": "List projects a user belongs to",
"project": "keystone",
"required-since": "",
"required-since": "2017.08",
"tests": {
"tempest.api.identity.v3.test_projects.IdentityV3ProjectsTest.test_list_projects_returns_only_authorized_projects": {
"idempotent_id": "id-86128d46-e170-4644-866a-cc487f699e1d"
}
}
},
"identity-v3-tokens-create": {
"achievements": [
"foundation",
"complete",
"doc",
"proximity",
"clients",
"discover",
"sticky",
"future",
"atomic",
"stable",
"tools",
"deployed"
],
"admin": false,
"description": "Auth operations within the Identity API",
"project": "keystone",
"required-since": "2015.05",
"tests": {
"tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
"idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
}
}
},
"identity-v3-tokens-validate": {
"achievements": [
"deployed",
"tools",
"clients",
"future",
"stable",
"complete",
"discover",
"doc",
"atomic"
],
"admin": false,
"description": "Validate and show token information",
"project": "keystone",
"required-since": "",
"tests": {
"tempest.api.identity.v3.test_tokens.TokensV3Test.test_validate_token": {
"idempotent_id": "id-a9512ac3-3909-48a4-b395-11f438e16260"
}
}
},
"images-v2-index": {
"achievements": [
"foundation",

2
working_materials/keystone_capabilities_info.csv
View File

@ -19,7 +19,7 @@ identity-v3-get-role,platform/compute,,GET,/v3/roles/{role_id},,no,,,admin requi
identity-v3-list-domains,platform/compute,,GET,/v3/domains,,no,,,admin required,
identity-v3-get-domain,platform/compute,,GET,/v3/domains/{domain_id},,no,,,admin required,
,,,,,,,,,,
identity-v3-validate-token,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
identity-v3-tokens-validate,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
identity-v3-revoke-token,platform/compute,,DELETE,/v3/auth/tokens,1,yes,Token to be revoked is passed in the X-Subject-Token header,keystone.keystone.tests.unit.test_revoke{test_revoke_by_user},,
identity-v3-get-catalog,platform/compute/object,,GET,/v3/auth/catalog,0,yes,,,"couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",
identity-v3-get-auth-projects,platform/compute,,GET,/v3/auth/projects,0,yes,,,"equivalent as far as I can tell to identity-v3-list-projects. couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",

Can't render this file because it has a wrong number of fields in line 2.

7
working_materials/scoring.txt
View File

@ -288,7 +288,7 @@ identity-v3-api-discovery: [1,0,1] [1,1,1] [1,1,1] [1,1,1] [1] [94]*
identity-v3-catalog: [1,0,1] [1,1,1] [1,1,0] [1,1,1] [1] [85]*
identity-v3-list-projects: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
identity-v3-list-groups: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
identity-v3-validate-token: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
identity-v3-tokens-validate: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
Notes:
* identity-v3-catalog is returned when the api for
@ -312,12 +312,9 @@ Notes:
to be done on the backend system. It probably needs further study to see
if it's really interoperable, but it seems unlikely at this point (I also
don't see it being supported by many external tools, etc).
* identity-v3-validate-token A given user can validate its own token. An
* identity-v3-tokens-validate A given user can validate its own token. An
admin user is able to validate any token. This is enought for capability to
be considered non admin.
At the time of scoring, there is no non-admin test case in Tempest. Patch
https://review.openstack.org/#/c/467493 will add the test case but due to
timing, capability won't be added in this cycle - not until TC is available.
Object Store
------------

2
working_materials/tabulated_scores.csv
View File

@ -105,7 +105,7 @@ identity-v3-api-discovery,1,0,1,1,1,1,1,1,1,1,1,1,1,94*
identity-v3-catalog,1,0,1,1,1,1,1,1,0,1,1,1,1,85*
identity-v3-list-projects,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
identity-v3-list-groups,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
identity-v3-validate-token,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
identity-v3-tokens-validate,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
objectstore-object-copy,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
objectstore-object-create,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
objectstore-object-delete,1,1,1,1,1,1,1,1,1,1,1,1,1,100*

Can't render this file because it has a wrong number of fields in line 25.