tests: Add positive check for auth success

We only assessed if an authentication attempt failed, while tried to check the actual permissions for an authn assumed successful. To make errors more explicit, we add a `then` check that the "authentication succeeds". See: #2634
scality · Jun 24, 2020 · 3001109 · 3001109
1 parent 4647da5
commit 3001109
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/tests/post/features/salt_api.feature b/tests/post/features/salt_api.feature
@@ -3,7 +3,8 @@ Feature: SaltAPI
     Scenario: Login to SaltAPI using Basic auth
         Given the Kubernetes API is available
         When we login to SaltAPI as 'admin' using password 'admin'
-        Then we can ping all minions
+        Then authentication succeeds
+        And we can ping all minions
         And we can invoke '[".*"]' on '*'
         And we have '@wheel' perms
         And we have '@runner' perms
@@ -12,15 +13,17 @@ Feature: SaltAPI
     Scenario: Login to SaltAPI using the storage-operator ServiceAccount
         Given the Kubernetes API is available
         When we login to SaltAPI with the ServiceAccount 'kube-system/storage-operator'
-        Then we can invoke '["disk.dump", {"state.sls": {"kwargs": {"mods": r"metalk8s\.volumes.*"}}}]' on '*'
+        Then authentication succeeds
+        And we can invoke '["disk.dump", {"state.sls": {"kwargs": {"mods": r"metalk8s\.volumes.*"}}}]' on '*'
         And we have '@jobs' perms
         And we can not ping all minions
         And we can not run state 'test.nop' on '*'
 
     Scenario: Login to SaltAPI using any ServiceAccount
         Given the Kubernetes API is available
         When we login to SaltAPI with the ServiceAccount 'kube-system/default'
-        Then we have no permissions
+        Then authentication succeeds
+        And we have no permissions
 
     Scenario: SaltAPI impersonation using a ServiceAccount
         Given the Kubernetes API is available

diff --git a/tests/post/steps/test_salt_api.py b/tests/post/steps/test_salt_api.py
@@ -146,6 +146,12 @@ def run_state_on_targets(host, context, negated, module, targets):
 def authentication_fails(host, context):
     assert context['salt-api']['login-status-code'] == 401
 
+
+@then('authentication succeeds')
+def authentication_succeeds(host, context):
+    assert context['salt-api']['login-status-code'] == 200
+
+
 @then(parsers.parse("we can invoke '{modules}' on '{targets}'"))
 def invoke_module_on_target(host, context, modules, targets):
     assert {targets: ast.literal_eval(modules)} in context['salt-api']['perms']