diff options
author | asteroide <thomas.duval@orange.com> | 2015-09-24 16:27:16 +0200 |
---|---|---|
committer | asteroide <thomas.duval@orange.com> | 2015-09-24 16:27:16 +0200 |
commit | 92d11d139e9f76d4fd76859aea78643fc32ef36b (patch) | |
tree | bd5a2e7b50853498074ab55bdaee4452c460010b /keystone-moon/keystone/tests/unit/test_auth.py | |
parent | 49325d99acfadaadfad99c596c4ada6b5ec849de (diff) |
Update Keystone code from repository.
Change-Id: Ib3d0a06b10902fcc6d520f58e85aa617bc326d00
Diffstat (limited to 'keystone-moon/keystone/tests/unit/test_auth.py')
-rw-r--r-- | keystone-moon/keystone/tests/unit/test_auth.py | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/keystone-moon/keystone/tests/unit/test_auth.py b/keystone-moon/keystone/tests/unit/test_auth.py index f253b02d..6dd52c8a 100644 --- a/keystone-moon/keystone/tests/unit/test_auth.py +++ b/keystone-moon/keystone/tests/unit/test_auth.py @@ -29,7 +29,7 @@ from keystone.common import authorization from keystone import config from keystone import exception from keystone.models import token_model -from keystone.tests import unit as tests +from keystone.tests import unit from keystone.tests.unit import default_fixtures from keystone.tests.unit.ksfixtures import database from keystone import token @@ -72,7 +72,7 @@ def _build_user_auth(token=None, user_id=None, username=None, return auth_json -class AuthTest(tests.TestCase): +class AuthTest(unit.TestCase): def setUp(self): self.useFixture(database.Database()) super(AuthTest, self).setUp() @@ -460,6 +460,37 @@ class AuthWithToken(AuthTest): dict(is_admin=True, query_string={}), token_id=token_id) + def test_deleting_role_assignment_does_not_revoke_unscoped_token(self): + no_context = {} + admin_context = dict(is_admin=True, query_string={}) + + project = { + 'id': uuid.uuid4().hex, + 'name': uuid.uuid4().hex, + 'domain_id': DEFAULT_DOMAIN_ID} + self.resource_api.create_project(project['id'], project) + role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} + self.role_api.create_role(role['id'], role) + self.assignment_api.add_role_to_user_and_project( + self.user_foo['id'], project['id'], role['id']) + + # Get an unscoped token. + token = self.controller.authenticate(no_context, _build_user_auth( + username=self.user_foo['name'], + password=self.user_foo['password'])) + token_id = token['access']['token']['id'] + + # Ensure it is valid + self.controller.validate_token(admin_context, token_id=token_id) + + # Delete the role assignment, which should not invalidate the token, + # because we're not consuming it with just an unscoped token. + self.assignment_api.remove_role_from_user_and_project( + self.user_foo['id'], project['id'], role['id']) + + # Ensure it is still valid + self.controller.validate_token(admin_context, token_id=token_id) + def test_only_original_audit_id_is_kept(self): context = {} @@ -1285,14 +1316,14 @@ class TokenExpirationTest(AuthTest): self._maintain_token_expiration() -class AuthCatalog(tests.SQLDriverOverrides, AuthTest): +class AuthCatalog(unit.SQLDriverOverrides, AuthTest): """Tests for the catalog provided in the auth response.""" def config_files(self): config_files = super(AuthCatalog, self).config_files() # We need to use a backend that supports disabled endpoints, like the # SQL backend. - config_files.append(tests.dirs.tests_conf('backend_sql.conf')) + config_files.append(unit.dirs.tests_conf('backend_sql.conf')) return config_files def _create_endpoints(self): @@ -1402,7 +1433,7 @@ class AuthCatalog(tests.SQLDriverOverrides, AuthTest): self.assertEqual(exp_endpoint, endpoint) -class NonDefaultAuthTest(tests.TestCase): +class NonDefaultAuthTest(unit.TestCase): def test_add_non_default_auth_method(self): self.config_fixture.config(group='auth', |