Move test_tokens test to static
Letting os_primary be the user in this test case allows the token to authenticate, get and delete without having to create a test user. This allows the test to work with pre-provisioned credentials. Also moves the test to the non-admin directory because the test uses os_primary creds (for principle of least privilege). Partial-Bug: #1714277 Co-Authored-By: Tin Lam <tin@irrational.io> Change-Id: I55345132e0f461b36b08d222680a7e11eb945116
This commit is contained in:
parent
e6c330892f
commit
285b3f887e
|
@ -19,7 +19,6 @@ from tempest.api.identity import base
|
|||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
@ -28,30 +27,6 @@ class TokensV3TestJSON(base.BaseIdentityV3AdminTest):
|
|||
|
||||
credentials = ['primary', 'admin', 'alt']
|
||||
|
||||
@decorators.idempotent_id('0f9f5a5f-d5cd-4a86-8a5b-c5ded151f212')
|
||||
def test_tokens(self):
|
||||
# Valid user's token is authenticated
|
||||
# Create a User
|
||||
u_name = data_utils.rand_name('user')
|
||||
u_desc = '%s-description' % u_name
|
||||
u_password = data_utils.rand_password()
|
||||
user = self.create_test_user(
|
||||
name=u_name, description=u_desc, password=u_password)
|
||||
# Perform Authentication
|
||||
resp = self.token.auth(user_id=user['id'],
|
||||
password=u_password).response
|
||||
subject_token = resp['x-subject-token']
|
||||
self.client.check_token_existence(subject_token)
|
||||
# Perform GET Token
|
||||
token_details = self.client.show_token(subject_token)['token']
|
||||
self.assertEqual(resp['x-subject-token'], subject_token)
|
||||
self.assertEqual(token_details['user']['id'], user['id'])
|
||||
self.assertEqual(token_details['user']['name'], u_name)
|
||||
# Perform Delete Token
|
||||
self.client.delete_token(subject_token)
|
||||
self.assertRaises(lib_exc.NotFound, self.client.check_token_existence,
|
||||
subject_token)
|
||||
|
||||
@decorators.idempotent_id('565fa210-1da1-4563-999b-f7b5b67cf112')
|
||||
def test_rescope_token(self):
|
||||
"""Rescope a token.
|
||||
|
|
|
@ -91,3 +91,28 @@ class TokensV3Test(base.BaseIdentityV3Test):
|
|||
self.assertIsNotNone(subject_name, 'Expected user name in token.')
|
||||
|
||||
self.assertEqual(resp['methods'][0], 'password')
|
||||
|
||||
@decorators.idempotent_id('0f9f5a5f-d5cd-4a86-8a5b-c5ded151f212')
|
||||
def test_token_auth_creation_existence_deletion(self):
|
||||
# Tests basic token auth functionality in a way that is compatible with
|
||||
# pre-provisioned credentials. The default user is used for token
|
||||
# authentication.
|
||||
|
||||
# Valid user's token is authenticated
|
||||
user = self.os_primary.credentials
|
||||
# Perform Authentication
|
||||
resp = self.non_admin_token.auth(
|
||||
user_id=user.user_id, password=user.password).response
|
||||
subject_token = resp['x-subject-token']
|
||||
self.non_admin_client.check_token_existence(subject_token)
|
||||
# Perform GET Token
|
||||
token_details = self.non_admin_client.show_token(
|
||||
subject_token)['token']
|
||||
self.assertEqual(resp['x-subject-token'], subject_token)
|
||||
self.assertEqual(token_details['user']['id'], user.user_id)
|
||||
self.assertEqual(token_details['user']['name'], user.username)
|
||||
# Perform Delete Token
|
||||
self.non_admin_client.delete_token(subject_token)
|
||||
self.assertRaises(lib_exc.NotFound,
|
||||
self.non_admin_client.check_token_existence,
|
||||
subject_token)
|
||||
|
|
Loading…
Reference in New Issue