openinfra
/
interop
Code Issues Proposed changes

Merge "Add tokens validate capability as 2017.08 advisory"

This commit is contained in:
Jenkins 2017-07-12 15:42:41 +00:00 committed by Gerrit Code Review
parent d2e4de1483 a7d431a975
commit bab28fb9a9
4 changed files with 53 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
next.json
View File

@ -71,6 +71,7 @@
"volumes-v2-upload"
],
"advisory": [
"identity-v3-tokens-validate",
"networks-l3-router",
"networks-l3-CRUD",
"networks-list-api-versions",
@ -1010,31 +1011,6 @@
}
}
},
"identity-v3-tokens-create": {
"achievements": [
"foundation",
"complete",
"doc",
"proximity",
"clients",
"discover",
"sticky",
"future",
"atomic",
"stable",
"tools",
"deployed"
],
"admin": false,
"description": "Auth operations within the Identity API",
"project": "keystone",
"required-since": "2015.05",
"tests": {
"tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
"idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
}
}
},
"identity-v3-api-discovery": {
"achievements": [
"atomic",
@ -1083,13 +1059,60 @@
"admin": false,
"description": "List projects a user belongs to",
"project": "keystone",
"required-since": "",
"required-since": "2017.08",
"tests": {
"tempest.api.identity.v3.test_projects.IdentityV3ProjectsTest.test_list_projects_returns_only_authorized_projects": {
"idempotent_id": "id-86128d46-e170-4644-866a-cc487f699e1d"
}
}
},
"identity-v3-tokens-create": {
"achievements": [
"foundation",
"complete",
"doc",
"proximity",
"clients",
"discover",
"sticky",
"future",
"atomic",
"stable",
"tools",
"deployed"
],
"admin": false,
"description": "Auth operations within the Identity API",
"project": "keystone",
"required-since": "2015.05",
"tests": {
"tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
"idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
}
}
},
"identity-v3-tokens-validate": {
"achievements": [
"deployed",
"tools",
"clients",
"future",
"stable",
"complete",
"discover",
"doc",
"atomic"
],
"admin": false,
"description": "Validate and show token information",
"project": "keystone",
"required-since": "",
"tests": {
"tempest.api.identity.v3.test_tokens.TokensV3Test.test_validate_token": {
"idempotent_id": "id-a9512ac3-3909-48a4-b395-11f438e16260"
}
}
},
"images-v2-index": {
"achievements": [
"foundation",

2
working_materials/keystone_capabilities_info.csv
View File

@ -19,7 +19,7 @@ identity-v3-get-role,platform/compute,,GET,/v3/roles/{role_id},,no,,,admin requi
identity-v3-list-domains,platform/compute,,GET,/v3/domains,,no,,,admin required,
identity-v3-get-domain,platform/compute,,GET,/v3/domains/{domain_id},,no,,,admin required,
,,,,,,,,,,
identity-v3-validate-token,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
identity-v3-tokens-validate,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
identity-v3-revoke-token,platform/compute,,DELETE,/v3/auth/tokens,1,yes,Token to be revoked is passed in the X-Subject-Token header,keystone.keystone.tests.unit.test_revoke{test_revoke_by_user},,
identity-v3-get-catalog,platform/compute/object,,GET,/v3/auth/catalog,0,yes,,,"couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",
identity-v3-get-auth-projects,platform/compute,,GET,/v3/auth/projects,0,yes,,,"equivalent as far as I can tell to identity-v3-list-projects. couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",

Can't render this file because it has a wrong number of fields in line 2.

7
working_materials/scoring.txt
View File

@ -288,7 +288,7 @@ identity-v3-api-discovery: [1,0,1] [1,1,1] [1,1,1] [1,1,1] [1] [94]*
identity-v3-catalog: [1,0,1] [1,1,1] [1,1,0] [1,1,1] [1] [85]*
identity-v3-list-projects: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
identity-v3-list-groups: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
identity-v3-validate-token: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
identity-v3-tokens-validate: [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
Notes:
* identity-v3-catalog is returned when the api for
@ -312,12 +312,9 @@ Notes:
to be done on the backend system. It probably needs further study to see
if it's really interoperable, but it seems unlikely at this point (I also
don't see it being supported by many external tools, etc).
* identity-v3-validate-token A given user can validate its own token. An
* identity-v3-tokens-validate A given user can validate its own token. An
admin user is able to validate any token. This is enought for capability to
be considered non admin.
At the time of scoring, there is no non-admin test case in Tempest. Patch
https://review.openstack.org/#/c/467493 will add the test case but due to
timing, capability won't be added in this cycle - not until TC is available.
Object Store
------------

2
working_materials/tabulated_scores.csv
View File

@ -105,7 +105,7 @@ identity-v3-api-discovery,1,0,1,1,1,1,1,1,1,1,1,1,1,94*
identity-v3-catalog,1,0,1,1,1,1,1,1,0,1,1,1,1,85*
identity-v3-list-projects,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
identity-v3-list-groups,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
identity-v3-validate-token,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
identity-v3-tokens-validate,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
objectstore-object-copy,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
objectstore-object-create,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
objectstore-object-delete,1,1,1,1,1,1,1,1,1,1,1,1,1,100*

Can't render this file because it has a wrong number of fields in line 25.