From a7d431a975810858f7931cf093591e56761ff3a6 Mon Sep 17 00:00:00 2001
From: Luz Cazares <luz.cazares@intel.com>
Date: Mon, 19 Jun 2017 16:10:39 +0000
Subject: [PATCH] Add tokens validate capability as 2017.08 advisory

Add keystone validate token capability into next.json/ 2017.08.
non-admin test case is now available in tempest. Further
details on commit Ice1a241445d532ee2c4b1ad8d2c4c896d755798d
TC call GET on /v3/auth/tokens API.

Depends-On: Ice1a241445d532ee2c4b1ad8d2c4c896d755798d

Change-Id: I062e6148e90ae84d34f2df4577eb581ce76d021b
---
 next.json                                     | 75 ++++++++++++-------
 .../keystone_capabilities_info.csv            |  2 +-
 working_materials/scoring.txt                 |  7 +-
 working_materials/tabulated_scores.csv        |  2 +-
 4 files changed, 53 insertions(+), 33 deletions(-)

diff --git a/next.json b/next.json
index 609464b5..8c9d80ff 100644
--- a/next.json
+++ b/next.json
@@ -71,6 +71,7 @@
         "volumes-v2-upload"
       ],
       "advisory": [
+        "identity-v3-tokens-validate",
         "networks-l3-router",
         "networks-l3-CRUD",
         "networks-list-api-versions",
@@ -1010,31 +1011,6 @@
         }
       }
     },
-    "identity-v3-tokens-create": {
-      "achievements": [
-        "foundation",
-        "complete",
-        "doc",
-        "proximity",
-        "clients",
-        "discover",
-        "sticky",
-        "future",
-        "atomic",
-        "stable",
-        "tools",
-        "deployed"
-      ],
-      "admin": false,
-      "description": "Auth operations within the Identity API",
-      "project": "keystone",
-      "required-since": "2015.05",
-      "tests": {
-        "tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
-          "idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
-        }
-      }
-    },
     "identity-v3-api-discovery": {
         "achievements": [
           "atomic",
@@ -1083,13 +1059,60 @@
       "admin": false,
       "description": "List projects a user belongs to",
       "project": "keystone",
-      "required-since": "",
+      "required-since": "2017.08",
       "tests": {
         "tempest.api.identity.v3.test_projects.IdentityV3ProjectsTest.test_list_projects_returns_only_authorized_projects": {
           "idempotent_id": "id-86128d46-e170-4644-866a-cc487f699e1d"
         }
       }
     },
+    "identity-v3-tokens-create": {
+      "achievements": [
+        "foundation",
+        "complete",
+        "doc",
+        "proximity",
+        "clients",
+        "discover",
+        "sticky",
+        "future",
+        "atomic",
+        "stable",
+        "tools",
+        "deployed"
+      ],
+      "admin": false,
+      "description": "Auth operations within the Identity API",
+      "project": "keystone",
+      "required-since": "2015.05",
+      "tests": {
+        "tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
+          "idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
+        }
+      }
+    },
+    "identity-v3-tokens-validate": {
+      "achievements": [
+        "deployed",
+        "tools",
+        "clients",
+        "future",
+        "stable",
+        "complete",
+        "discover",
+        "doc",
+        "atomic"
+      ],
+      "admin": false,
+      "description": "Validate and show token information",
+      "project": "keystone",
+      "required-since": "",
+      "tests": {
+        "tempest.api.identity.v3.test_tokens.TokensV3Test.test_validate_token": {
+          "idempotent_id": "id-a9512ac3-3909-48a4-b395-11f438e16260"
+        }
+      }
+    },
     "images-v2-index": {
       "achievements": [
         "foundation",
diff --git a/working_materials/keystone_capabilities_info.csv b/working_materials/keystone_capabilities_info.csv
index 7ce0a028..29039970 100644
--- a/working_materials/keystone_capabilities_info.csv
+++ b/working_materials/keystone_capabilities_info.csv
@@ -19,7 +19,7 @@ identity-v3-get-role,platform/compute,,GET,/v3/roles/{role_id},,no,,,admin requi
 identity-v3-list-domains,platform/compute,,GET,/v3/domains,,no,,,admin required,
 identity-v3-get-domain,platform/compute,,GET,/v3/domains/{domain_id},,no,,,admin required,
 ,,,,,,,,,,
-identity-v3-validate-token,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
+identity-v3-tokens-validate,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
 identity-v3-revoke-token,platform/compute,,DELETE,/v3/auth/tokens,1,yes,Token to be revoked is passed in the X-Subject-Token header,keystone.keystone.tests.unit.test_revoke{test_revoke_by_user},,
 identity-v3-get-catalog,platform/compute/object,,GET,/v3/auth/catalog,0,yes,,,"couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",
 identity-v3-get-auth-projects,platform/compute,,GET,/v3/auth/projects,0,yes,,,"equivalent as far as I can tell to identity-v3-list-projects. couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",
diff --git a/working_materials/scoring.txt b/working_materials/scoring.txt
index 10ef0cfd..181b3cef 100644
--- a/working_materials/scoring.txt
+++ b/working_materials/scoring.txt
@@ -288,7 +288,7 @@ identity-v3-api-discovery:       [1,0,1] [1,1,1] [1,1,1] [1,1,1] [1] [94]*
 identity-v3-catalog:             [1,0,1] [1,1,1] [1,1,0] [1,1,1] [1] [85]*
 identity-v3-list-projects:       [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
 identity-v3-list-groups:         [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
-identity-v3-validate-token:      [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
+identity-v3-tokens-validate:     [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
 
 Notes:
   * identity-v3-catalog is returned when the api for
@@ -312,12 +312,9 @@ Notes:
   to be done on the backend system.  It probably needs further study to see
   if it's really interoperable, but it seems unlikely at this point (I also
   don't see it being supported by many external tools, etc).
-  * identity-v3-validate-token A given user can validate its own token. An
+  * identity-v3-tokens-validate A given user can validate its own token. An
   admin user is able to validate any token. This is enought for capability to
   be considered non admin.
-  At the time of scoring, there is no non-admin test case in Tempest. Patch
-  https://review.openstack.org/#/c/467493 will add the test case but due to 
-  timing, capability won't be added in this cycle - not until TC is available.
 
 Object Store
 ------------
diff --git a/working_materials/tabulated_scores.csv b/working_materials/tabulated_scores.csv
index 11628f38..65ea91b2 100644
--- a/working_materials/tabulated_scores.csv
+++ b/working_materials/tabulated_scores.csv
@@ -105,7 +105,7 @@ identity-v3-api-discovery,1,0,1,1,1,1,1,1,1,1,1,1,1,94*
 identity-v3-catalog,1,0,1,1,1,1,1,1,0,1,1,1,1,85*
 identity-v3-list-projects,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
 identity-v3-list-groups,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
-identity-v3-validate-token,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
+identity-v3-tokens-validate,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
 objectstore-object-copy,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
 objectstore-object-create,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
 objectstore-object-delete,1,1,1,1,1,1,1,1,1,1,1,1,1,100*