Add tokens validate capability as 2017.08 advisory

Add keystone validate token capability into next.json/ 2017.08.
non-admin test case is now available in tempest. Further
details on commit Ice1a241445d532ee2c4b1ad8d2c4c896d755798d
TC call GET on /v3/auth/tokens API.

Depends-On: Ice1a241445d532ee2c4b1ad8d2c4c896d755798d

Change-Id: I062e6148e90ae84d34f2df4577eb581ce76d021b

next.json

@@ -71,6 +71,7 @@
         "volumes-v2-upload"
       ],
       "advisory": [
+        "identity-v3-tokens-validate",
         "networks-l3-router",
         "networks-l3-CRUD",
         "networks-list-api-versions",
@@ -1010,31 +1011,6 @@
         }
       }
     },
-    "identity-v3-tokens-create": {
-      "achievements": [
-        "foundation",
-        "complete",
-        "doc",
-        "proximity",
-        "clients",
-        "discover",
-        "sticky",
-        "future",
-        "atomic",
-        "stable",
-        "tools",
-        "deployed"
-      ],
-      "admin": false,
-      "description": "Auth operations within the Identity API",
-      "project": "keystone",
-      "required-since": "2015.05",
-      "tests": {
-        "tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
-          "idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
-        }
-      }
-    },
     "identity-v3-api-discovery": {
         "achievements": [
           "atomic",
@@ -1083,13 +1059,60 @@
       "admin": false,
       "description": "List projects a user belongs to",
       "project": "keystone",
-      "required-since": "",
+      "required-since": "2017.08",
       "tests": {
         "tempest.api.identity.v3.test_projects.IdentityV3ProjectsTest.test_list_projects_returns_only_authorized_projects": {
           "idempotent_id": "id-86128d46-e170-4644-866a-cc487f699e1d"
         }
       }
     },
+    "identity-v3-tokens-create": {
+      "achievements": [
+        "foundation",
+        "complete",
+        "doc",
+        "proximity",
+        "clients",
+        "discover",
+        "sticky",
+        "future",
+        "atomic",
+        "stable",
+        "tools",
+        "deployed"
+      ],
+      "admin": false,
+      "description": "Auth operations within the Identity API",
+      "project": "keystone",
+      "required-since": "2015.05",
+      "tests": {
+        "tempest.api.identity.v3.test_tokens.TokensV3Test.test_create_token": {
+          "idempotent_id": "id-6f8e4436-fc96-4282-8122-e41df57197a9"
+        }
+      }
+    },
+    "identity-v3-tokens-validate": {
+      "achievements": [
+        "deployed",
+        "tools",
+        "clients",
+        "future",
+        "stable",
+        "complete",
+        "discover",
+        "doc",
+        "atomic"
+      ],
+      "admin": false,
+      "description": "Validate and show token information",
+      "project": "keystone",
+      "required-since": "",
+      "tests": {
+        "tempest.api.identity.v3.test_tokens.TokensV3Test.test_validate_token": {
+          "idempotent_id": "id-a9512ac3-3909-48a4-b395-11f438e16260"
+        }
+      }
+    },
     "images-v2-index": {
       "achievements": [
         "foundation",

working_materials/keystone_capabilities_info.csv

@@ -19,7 +19,7 @@ identity-v3-get-role,platform/compute,,GET,/v3/roles/{role_id},,no,,,admin requi
 identity-v3-list-domains,platform/compute,,GET,/v3/domains,,no,,,admin required,
 identity-v3-get-domain,platform/compute,,GET,/v3/domains/{domain_id},,no,,,admin required,
 ,,,,,,,,,,
-identity-v3-validate-token,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
+identity-v3-tokens-validate,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?"
 identity-v3-revoke-token,platform/compute,,DELETE,/v3/auth/tokens,1,yes,Token to be revoked is passed in the X-Subject-Token header,keystone.keystone.tests.unit.test_revoke{test_revoke_by_user},,
 identity-v3-get-catalog,platform/compute/object,,GET,/v3/auth/catalog,0,yes,,,"couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",
 identity-v3-get-auth-projects,platform/compute,,GET,/v3/auth/projects,0,yes,,,"equivalent as far as I can tell to identity-v3-list-projects. couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py",

working_materials/scoring.txt

@@ -288,7 +288,7 @@ identity-v3-api-discovery:       [1,0,1] [1,1,1] [1,1,1] [1,1,1] [1] [94]*
 identity-v3-catalog:             [1,0,1] [1,1,1] [1,1,0] [1,1,1] [1] [85]*
 identity-v3-list-projects:       [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
 identity-v3-list-groups:         [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
-identity-v3-validate-token:      [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
+identity-v3-tokens-validate:     [1,1,1] [1,1,1] [1,1,0] [0,1,0] [1] [74]*
 
 Notes:
   * identity-v3-catalog is returned when the api for
@@ -312,12 +312,9 @@ Notes:
   to be done on the backend system.  It probably needs further study to see
   if it's really interoperable, but it seems unlikely at this point (I also
   don't see it being supported by many external tools, etc).
-  * identity-v3-validate-token A given user can validate its own token. An
+  * identity-v3-tokens-validate A given user can validate its own token. An
   admin user is able to validate any token. This is enought for capability to
   be considered non admin.
-  At the time of scoring, there is no non-admin test case in Tempest. Patch
-  https://review.openstack.org/#/c/467493 will add the test case but due to 
-  timing, capability won't be added in this cycle - not until TC is available.
 
 Object Store
 ------------

working_materials/tabulated_scores.csv

@@ -105,7 +105,7 @@ identity-v3-api-discovery,1,0,1,1,1,1,1,1,1,1,1,1,1,94*
 identity-v3-catalog,1,0,1,1,1,1,1,1,0,1,1,1,1,85*
 identity-v3-list-projects,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
 identity-v3-list-groups,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
-identity-v3-validate-token,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
+identity-v3-tokens-validate,1,1,1,1,1,1,1,1,0,0,1,0,1,74*
 objectstore-object-copy,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
 objectstore-object-create,1,1,1,1,1,1,1,1,1,1,1,1,1,100*
 objectstore-object-delete,1,1,1,1,1,1,1,1,1,1,1,1,1,100*