Capability,Program,Status,Method,Endpoint,Test available?,interop relevant?,PTL Comments,From Defcore Discussion,Scorer Comments, identity-v3-tokens-create,platform/compute/object,required,POST,/v3/auth/tokens,1,yes,The returned token value is in the X-Auth-Token header,,tempest.api.identity.v3.test_tokens{test_create_token}, This TC refers to API https://developer.openstack.org/api-ref/identity/v3/#password-authentication-with-unscoped-authorization. Should we add other test cases to tempest in order to validate API for: password-authentication-with-scoped-authorization and password-authentication-with-explicit-unscoped-authorization?, identity-v3-api-discovery,platform/compute,required,,,3,yes,,make required,"tempest.api.identity.v3.test_api_discovery{test_api_version_resources, test_api_media_types, test_api_version_statuses}", identity-v3-list-projects,platform/compute,advisory,GET,/v3/users/{user_id}/projects,1,yes,,,, ,,,,,,,,,, identity-v3-create-ec2-credentials,,,POST,/v3/credentials,1,yes,,Should we make ec2 compatibility required? unclear,, identity-v3-list-ec2-credentials,,,GET,/v3/credentials,1,yes,,Should we make ec2 compatibility required? unclear,, identity-v3-show-ec2-credentials,,,GET,/v3/credentials/{credential_id},1,yes,,Should we make ec2 compatibility required? unclear,, identity-v3-delete-ec2-credentials,,,DELETE,/v3/credentials/{credential_id},1,yes,,Should we make ec2 compatibility required? unclear,, identity-v3-update-ec2-credentials,,,PATCH,/v3/credentials/{credential_id},,,,Should we make ec2 compatibility required? unclear,, identity-v3-catalog,(make sure it works on all supported releases),,,,,,returned with the token,,, identity-v3-password-update,,,POST,/v3/users/{user_id}/password,1,yes,," Untestable without changing user's password, security risk. Also password policies are very particular to different companies, making a test that would pass on all is near impossible.",tempest.api.identity.v3.test_users{test_update_own_password}, ,,,,,,,,,, identity-v3-list-groups,platform/compute,,GET,/v3/users/{user_id}/groups,0,yes,,,no test available for this feature, identity-v3-get-project,platform/compute,,GET,/v3/projects/{project_id},0,yes,,,admin required, identity-v3-list-roles,platform/compute,,GET,/v3/roles,0,no,,,admin required, identity-v3-get-role,platform/compute,,GET,/v3/roles/{role_id},,no,,,admin required, identity-v3-list-domains,platform/compute,,GET,/v3/domains,,no,,,admin required, identity-v3-get-domain,platform/compute,,GET,/v3/domains/{domain_id},,no,,,admin required, ,,,,,,,,,, identity-v3-validate-token,platform/compute,,GET,/v3/auth/tokens,,yes,Token to be validated is passed in the X-Subject-Token header,,,"This sounds backwards to me, need to check with steve, shouldn't it be POST for validating and GET for getting a token?" identity-v3-revoke-token,platform/compute,,DELETE,/v3/auth/tokens,1,yes,Token to be revoked is passed in the X-Subject-Token header,keystone.keystone.tests.unit.test_revoke{test_revoke_by_user},, identity-v3-get-catalog,platform/compute/object,,GET,/v3/auth/catalog,0,yes,,,"couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py", identity-v3-get-auth-projects,platform/compute,,GET,/v3/auth/projects,0,yes,,,"equivalent as far as I can tell to identity-v3-list-projects. couldn't find a test specific for this, there are some tests related in keystone.tests.unit.test_v3_auth.py", ,,,,,,,,,, identity-v2-list-versions,,,GET,/,1,yes,,,Deprecated, identity-v2-show-version,,,GET,/v2.0,1,yes,,,Deprecated, identity-v2-token-generation,,,POST,/v2.0/tokens,1,yes,,,Deprecated, identity-v2-tenants,,,GET,/v2.0/tenants,1,yes,,,Deprecated, identity-v2-list-extensions,,,GET,/v2.0/extensions,,,,,Deprecated, identity-v2-show-extension,,,GET,/v2.0/extensions/{alias},,,,,Deprecated,