diff options
author | WuKong <rebirthmonkey@gmail.com> | 2015-07-01 08:54:55 +0200 |
---|---|---|
committer | WuKong <rebirthmonkey@gmail.com> | 2015-07-01 08:54:55 +0200 |
commit | 03bf0c32a0c656d4b91bebedc87a005e6d7563bb (patch) | |
tree | 7ab486ea98c8255bd28b345e9fd5b54d1b31c802 /keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_revocations.py | |
parent | 53d12675bc07feb552492df2d01fcd298167c363 (diff) |
migrate openstack hook to opnfv
Change-Id: I1e828dae38820fdff93966e57691b344af01140f
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_revocations.py')
-rw-r--r-- | keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_revocations.py | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_revocations.py b/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_revocations.py new file mode 100644 index 00000000..d144bb6c --- /dev/null +++ b/keystonemiddleware-moon/keystonemiddleware/tests/unit/auth_token/test_revocations.py @@ -0,0 +1,65 @@ +# Copyright 2014 IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import datetime +import json +import shutil +import uuid + +import mock +import testtools + +from keystonemiddleware.auth_token import _exceptions as exc +from keystonemiddleware.auth_token import _revocations +from keystonemiddleware.auth_token import _signing_dir + + +class RevocationsTests(testtools.TestCase): + + def _check_with_list(self, revoked_list, token_ids): + directory_name = '/tmp/%s' % uuid.uuid4().hex + signing_directory = _signing_dir.SigningDirectory(directory_name) + self.addCleanup(shutil.rmtree, directory_name) + + identity_server = mock.Mock() + + verify_result_obj = { + 'revoked': list({'id': r} for r in revoked_list) + } + cms_verify = mock.Mock(return_value=json.dumps(verify_result_obj)) + + revocations = _revocations.Revocations( + timeout=datetime.timedelta(1), signing_directory=signing_directory, + identity_server=identity_server, cms_verify=cms_verify) + + revocations.check(token_ids) + + def test_check_empty_list(self): + # When the identity server returns an empty list, a token isn't + # revoked. + + revoked_tokens = [] + token_ids = [uuid.uuid4().hex] + # No assert because this would raise + self._check_with_list(revoked_tokens, token_ids) + + def test_check_revoked(self): + # When the identity server returns a list with a token in it, that + # token is revoked. + + token_id = uuid.uuid4().hex + revoked_tokens = [token_id] + token_ids = [token_id] + self.assertRaises(exc.InvalidToken, + self._check_with_list, revoked_tokens, token_ids) |