Merge "Update tests to not use token_api"
This commit is contained in:
commit
67d6ee7531
@ -996,7 +996,7 @@ class AuthWithTrust(AuthTest):
|
|||||||
" only get the two roles specified in the trust.")
|
" only get the two roles specified in the trust.")
|
||||||
|
|
||||||
def assert_token_count_for_trust(self, trust, expected_value):
|
def assert_token_count_for_trust(self, trust, expected_value):
|
||||||
tokens = self.token_api._list_tokens(
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
self.trustee['id'], trust_id=trust['id'])
|
self.trustee['id'], trust_id=trust['id'])
|
||||||
token_count = len(tokens)
|
token_count = len(tokens)
|
||||||
self.assertEqual(expected_value, token_count)
|
self.assertEqual(expected_value, token_count)
|
||||||
@ -1006,7 +1006,8 @@ class AuthWithTrust(AuthTest):
|
|||||||
self.assert_token_count_for_trust(new_trust, 0)
|
self.assert_token_count_for_trust(new_trust, 0)
|
||||||
self.fetch_v2_token_from_trust(new_trust)
|
self.fetch_v2_token_from_trust(new_trust)
|
||||||
self.assert_token_count_for_trust(new_trust, 1)
|
self.assert_token_count_for_trust(new_trust, 1)
|
||||||
self.token_api.delete_tokens_for_user(self.trustee['id'])
|
self.token_provider_api._persistence.delete_tokens_for_user(
|
||||||
|
self.trustee['id'])
|
||||||
self.assert_token_count_for_trust(new_trust, 0)
|
self.assert_token_count_for_trust(new_trust, 0)
|
||||||
|
|
||||||
def test_token_from_trust_cant_get_another_token(self):
|
def test_token_from_trust_cant_get_another_token(self):
|
||||||
@ -1026,12 +1027,14 @@ class AuthWithTrust(AuthTest):
|
|||||||
unscoped_token['access']['token']['id'])
|
unscoped_token['access']['token']['id'])
|
||||||
self.fetch_v2_token_from_trust(new_trust)
|
self.fetch_v2_token_from_trust(new_trust)
|
||||||
trust_id = new_trust['id']
|
trust_id = new_trust['id']
|
||||||
tokens = self.token_api._list_tokens(self.trustor['id'],
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
trust_id=trust_id)
|
self.trustor['id'],
|
||||||
|
trust_id=trust_id)
|
||||||
self.assertEqual(1, len(tokens))
|
self.assertEqual(1, len(tokens))
|
||||||
self.trust_controller.delete_trust(context, trust_id=trust_id)
|
self.trust_controller.delete_trust(context, trust_id=trust_id)
|
||||||
tokens = self.token_api._list_tokens(self.trustor['id'],
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
trust_id=trust_id)
|
self.trustor['id'],
|
||||||
|
trust_id=trust_id)
|
||||||
self.assertEqual(0, len(tokens))
|
self.assertEqual(0, len(tokens))
|
||||||
|
|
||||||
def test_token_from_trust_with_no_role_fails(self):
|
def test_token_from_trust_with_no_role_fails(self):
|
||||||
|
@ -2969,9 +2969,11 @@ class TokenTests(object):
|
|||||||
def _assert_revoked_token_list_matches_token_persistence(
|
def _assert_revoked_token_list_matches_token_persistence(
|
||||||
self, revoked_token_id_list):
|
self, revoked_token_id_list):
|
||||||
# Assert that the list passed in matches the list returned by the
|
# Assert that the list passed in matches the list returned by the
|
||||||
# token persistence service, token_api
|
# token persistence service
|
||||||
persistence_list = [x['id']
|
persistence_list = [
|
||||||
for x in self.token_api.list_revoked_tokens()]
|
x['id']
|
||||||
|
for x in self.token_provider_api.list_revoked_tokens()
|
||||||
|
]
|
||||||
self.assertEqual(persistence_list, revoked_token_id_list)
|
self.assertEqual(persistence_list, revoked_token_id_list)
|
||||||
|
|
||||||
def test_token_crud(self):
|
def test_token_crud(self):
|
||||||
@ -2979,7 +2981,8 @@ class TokenTests(object):
|
|||||||
data = {'id': token_id, 'a': 'b',
|
data = {'id': token_id, 'a': 'b',
|
||||||
'trust_id': None,
|
'trust_id': None,
|
||||||
'user': {'id': 'testuserid'}}
|
'user': {'id': 'testuserid'}}
|
||||||
data_ref = self.token_api.create_token(token_id, data)
|
data_ref = self.token_provider_api._persistence.create_token(token_id,
|
||||||
|
data)
|
||||||
expires = data_ref.pop('expires')
|
expires = data_ref.pop('expires')
|
||||||
data_ref.pop('user_id')
|
data_ref.pop('user_id')
|
||||||
self.assertIsInstance(expires, datetime.datetime)
|
self.assertIsInstance(expires, datetime.datetime)
|
||||||
@ -2987,7 +2990,7 @@ class TokenTests(object):
|
|||||||
data.pop('id')
|
data.pop('id')
|
||||||
self.assertDictEqual(data_ref, data)
|
self.assertDictEqual(data_ref, data)
|
||||||
|
|
||||||
new_data_ref = self.token_api.get_token(token_id)
|
new_data_ref = self.token_provider_api._persistence.get_token(token_id)
|
||||||
expires = new_data_ref.pop('expires')
|
expires = new_data_ref.pop('expires')
|
||||||
self.assertIsInstance(expires, datetime.datetime)
|
self.assertIsInstance(expires, datetime.datetime)
|
||||||
new_data_ref.pop('user_id')
|
new_data_ref.pop('user_id')
|
||||||
@ -2995,11 +2998,13 @@ class TokenTests(object):
|
|||||||
|
|
||||||
self.assertEqual(data, new_data_ref)
|
self.assertEqual(data, new_data_ref)
|
||||||
|
|
||||||
self.token_api.delete_token(token_id)
|
self.token_provider_api._persistence.delete_token(token_id)
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(
|
||||||
self.token_api.get_token, token_id)
|
exception.TokenNotFound,
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.token_provider_api._persistence.get_token, token_id)
|
||||||
self.token_api.delete_token, token_id)
|
self.assertRaises(
|
||||||
|
exception.TokenNotFound,
|
||||||
|
self.token_provider_api._persistence.delete_token, token_id)
|
||||||
|
|
||||||
def create_token_sample_data(self, token_id=None, tenant_id=None,
|
def create_token_sample_data(self, token_id=None, tenant_id=None,
|
||||||
trust_id=None, user_id=None, expires=None):
|
trust_id=None, user_id=None, expires=None):
|
||||||
@ -3008,10 +3013,7 @@ class TokenTests(object):
|
|||||||
if user_id is None:
|
if user_id is None:
|
||||||
user_id = 'testuserid'
|
user_id = 'testuserid'
|
||||||
# FIXME(morganfainberg): These tokens look nothing like "Real" tokens.
|
# FIXME(morganfainberg): These tokens look nothing like "Real" tokens.
|
||||||
# This should be updated when token_api is updated to merge in the
|
# This should be fixed when token issuance is cleaned up.
|
||||||
# issue_token logic from the providers (token issuance should be a
|
|
||||||
# pipeline). The fix should be in implementation of blueprint:
|
|
||||||
# token-issuance-pipeline
|
|
||||||
data = {'id': token_id, 'a': 'b',
|
data = {'id': token_id, 'a': 'b',
|
||||||
'user': {'id': user_id}}
|
'user': {'id': user_id}}
|
||||||
if tenant_id is not None:
|
if tenant_id is not None:
|
||||||
@ -3031,11 +3033,13 @@ class TokenTests(object):
|
|||||||
# Issue token stores a copy of all token data at token['token_data'].
|
# Issue token stores a copy of all token data at token['token_data'].
|
||||||
# This emulates that assumption as part of the test.
|
# This emulates that assumption as part of the test.
|
||||||
data['token_data'] = copy.deepcopy(data)
|
data['token_data'] = copy.deepcopy(data)
|
||||||
new_token = self.token_api.create_token(token_id, data)
|
new_token = self.token_provider_api._persistence.create_token(token_id,
|
||||||
|
data)
|
||||||
return new_token['id'], data
|
return new_token['id'], data
|
||||||
|
|
||||||
def test_delete_tokens(self):
|
def test_delete_tokens(self):
|
||||||
tokens = self.token_api._list_tokens('testuserid')
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
'testuserid')
|
||||||
self.assertEqual(0, len(tokens))
|
self.assertEqual(0, len(tokens))
|
||||||
token_id1, data = self.create_token_sample_data(
|
token_id1, data = self.create_token_sample_data(
|
||||||
tenant_id='testtenantid')
|
tenant_id='testtenantid')
|
||||||
@ -3044,23 +3048,29 @@ class TokenTests(object):
|
|||||||
token_id3, data = self.create_token_sample_data(
|
token_id3, data = self.create_token_sample_data(
|
||||||
tenant_id='testtenantid',
|
tenant_id='testtenantid',
|
||||||
user_id='testuserid1')
|
user_id='testuserid1')
|
||||||
tokens = self.token_api._list_tokens('testuserid')
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
'testuserid')
|
||||||
self.assertEqual(2, len(tokens))
|
self.assertEqual(2, len(tokens))
|
||||||
self.assertIn(token_id2, tokens)
|
self.assertIn(token_id2, tokens)
|
||||||
self.assertIn(token_id1, tokens)
|
self.assertIn(token_id1, tokens)
|
||||||
self.token_api.delete_tokens(user_id='testuserid',
|
self.token_provider_api._persistence.delete_tokens(
|
||||||
tenant_id='testtenantid')
|
user_id='testuserid',
|
||||||
tokens = self.token_api._list_tokens('testuserid')
|
tenant_id='testtenantid')
|
||||||
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
'testuserid')
|
||||||
self.assertEqual(0, len(tokens))
|
self.assertEqual(0, len(tokens))
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.get_token, token_id1)
|
self.token_provider_api._persistence.get_token,
|
||||||
|
token_id1)
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.get_token, token_id2)
|
self.token_provider_api._persistence.get_token,
|
||||||
|
token_id2)
|
||||||
|
|
||||||
self.token_api.get_token(token_id3)
|
self.token_provider_api._persistence.get_token(token_id3)
|
||||||
|
|
||||||
def test_delete_tokens_trust(self):
|
def test_delete_tokens_trust(self):
|
||||||
tokens = self.token_api._list_tokens(user_id='testuserid')
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
user_id='testuserid')
|
||||||
self.assertEqual(0, len(tokens))
|
self.assertEqual(0, len(tokens))
|
||||||
token_id1, data = self.create_token_sample_data(
|
token_id1, data = self.create_token_sample_data(
|
||||||
tenant_id='testtenantid',
|
tenant_id='testtenantid',
|
||||||
@ -3069,15 +3079,18 @@ class TokenTests(object):
|
|||||||
tenant_id='testtenantid',
|
tenant_id='testtenantid',
|
||||||
user_id='testuserid1',
|
user_id='testuserid1',
|
||||||
trust_id='testtrustid1')
|
trust_id='testtrustid1')
|
||||||
tokens = self.token_api._list_tokens('testuserid')
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
'testuserid')
|
||||||
self.assertEqual(1, len(tokens))
|
self.assertEqual(1, len(tokens))
|
||||||
self.assertIn(token_id1, tokens)
|
self.assertIn(token_id1, tokens)
|
||||||
self.token_api.delete_tokens(user_id='testuserid',
|
self.token_provider_api._persistence.delete_tokens(
|
||||||
tenant_id='testtenantid',
|
user_id='testuserid',
|
||||||
trust_id='testtrustid')
|
tenant_id='testtenantid',
|
||||||
|
trust_id='testtrustid')
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.get_token, token_id1)
|
self.token_provider_api._persistence.get_token,
|
||||||
self.token_api.get_token(token_id2)
|
token_id1)
|
||||||
|
self.token_provider_api._persistence.get_token(token_id2)
|
||||||
|
|
||||||
def _test_token_list(self, token_list_fn):
|
def _test_token_list(self, token_list_fn):
|
||||||
tokens = token_list_fn('testuserid')
|
tokens = token_list_fn('testuserid')
|
||||||
@ -3091,11 +3104,11 @@ class TokenTests(object):
|
|||||||
self.assertEqual(2, len(tokens))
|
self.assertEqual(2, len(tokens))
|
||||||
self.assertIn(token_id2, tokens)
|
self.assertIn(token_id2, tokens)
|
||||||
self.assertIn(token_id1, tokens)
|
self.assertIn(token_id1, tokens)
|
||||||
self.token_api.delete_token(token_id1)
|
self.token_provider_api._persistence.delete_token(token_id1)
|
||||||
tokens = token_list_fn('testuserid')
|
tokens = token_list_fn('testuserid')
|
||||||
self.assertIn(token_id2, tokens)
|
self.assertIn(token_id2, tokens)
|
||||||
self.assertNotIn(token_id1, tokens)
|
self.assertNotIn(token_id1, tokens)
|
||||||
self.token_api.delete_token(token_id2)
|
self.token_provider_api._persistence.delete_token(token_id2)
|
||||||
tokens = token_list_fn('testuserid')
|
tokens = token_list_fn('testuserid')
|
||||||
self.assertNotIn(token_id2, tokens)
|
self.assertNotIn(token_id2, tokens)
|
||||||
self.assertNotIn(token_id1, tokens)
|
self.assertNotIn(token_id1, tokens)
|
||||||
@ -3122,26 +3135,28 @@ class TokenTests(object):
|
|||||||
self.assertIn(token_id4, tokens)
|
self.assertIn(token_id4, tokens)
|
||||||
|
|
||||||
def test_token_list(self):
|
def test_token_list(self):
|
||||||
self._test_token_list(self.token_api._list_tokens)
|
self._test_token_list(
|
||||||
|
self.token_provider_api._persistence._list_tokens)
|
||||||
|
|
||||||
def test_token_list_trust(self):
|
def test_token_list_trust(self):
|
||||||
trust_id = uuid.uuid4().hex
|
trust_id = uuid.uuid4().hex
|
||||||
token_id5, data = self.create_token_sample_data(trust_id=trust_id)
|
token_id5, data = self.create_token_sample_data(trust_id=trust_id)
|
||||||
tokens = self.token_api._list_tokens('testuserid', trust_id=trust_id)
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
'testuserid', trust_id=trust_id)
|
||||||
self.assertEqual(1, len(tokens))
|
self.assertEqual(1, len(tokens))
|
||||||
self.assertIn(token_id5, tokens)
|
self.assertIn(token_id5, tokens)
|
||||||
|
|
||||||
def test_get_token_404(self):
|
def test_get_token_404(self):
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.get_token,
|
self.token_provider_api._persistence.get_token,
|
||||||
uuid.uuid4().hex)
|
uuid.uuid4().hex)
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.get_token,
|
self.token_provider_api._persistence.get_token,
|
||||||
None)
|
None)
|
||||||
|
|
||||||
def test_delete_token_404(self):
|
def test_delete_token_404(self):
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.delete_token,
|
self.token_provider_api._persistence.delete_token,
|
||||||
uuid.uuid4().hex)
|
uuid.uuid4().hex)
|
||||||
|
|
||||||
def test_expired_token(self):
|
def test_expired_token(self):
|
||||||
@ -3151,19 +3166,22 @@ class TokenTests(object):
|
|||||||
'expires': expire_time,
|
'expires': expire_time,
|
||||||
'trust_id': None,
|
'trust_id': None,
|
||||||
'user': {'id': 'testuserid'}}
|
'user': {'id': 'testuserid'}}
|
||||||
data_ref = self.token_api.create_token(token_id, data)
|
data_ref = self.token_provider_api._persistence.create_token(token_id,
|
||||||
|
data)
|
||||||
data_ref.pop('user_id')
|
data_ref.pop('user_id')
|
||||||
self.assertDictEqual(data_ref, data)
|
self.assertDictEqual(data_ref, data)
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.get_token, token_id)
|
self.token_provider_api._persistence.get_token,
|
||||||
|
token_id)
|
||||||
|
|
||||||
def test_null_expires_token(self):
|
def test_null_expires_token(self):
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
data = {'id': token_id, 'id_hash': token_id, 'a': 'b', 'expires': None,
|
data = {'id': token_id, 'id_hash': token_id, 'a': 'b', 'expires': None,
|
||||||
'user': {'id': 'testuserid'}}
|
'user': {'id': 'testuserid'}}
|
||||||
data_ref = self.token_api.create_token(token_id, data)
|
data_ref = self.token_provider_api._persistence.create_token(token_id,
|
||||||
|
data)
|
||||||
self.assertIsNotNone(data_ref['expires'])
|
self.assertIsNotNone(data_ref['expires'])
|
||||||
new_data_ref = self.token_api.get_token(token_id)
|
new_data_ref = self.token_provider_api._persistence.get_token(token_id)
|
||||||
|
|
||||||
# MySQL doesn't store microseconds, so discard them before testing
|
# MySQL doesn't store microseconds, so discard them before testing
|
||||||
data_ref['expires'] = data_ref['expires'].replace(microsecond=0)
|
data_ref['expires'] = data_ref['expires'].replace(microsecond=0)
|
||||||
@ -3183,15 +3201,16 @@ class TokenTests(object):
|
|||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
data = {'id_hash': token_id, 'id': token_id, 'a': 'b',
|
data = {'id_hash': token_id, 'id': token_id, 'a': 'b',
|
||||||
'user': {'id': 'testuserid'}}
|
'user': {'id': 'testuserid'}}
|
||||||
data_ref = self.token_api.create_token(token_id, data)
|
data_ref = self.token_provider_api._persistence.create_token(token_id,
|
||||||
self.token_api.delete_token(token_id)
|
data)
|
||||||
|
self.token_provider_api._persistence.delete_token(token_id)
|
||||||
self.assertRaises(
|
self.assertRaises(
|
||||||
exception.TokenNotFound,
|
exception.TokenNotFound,
|
||||||
self.token_api.get_token,
|
self.token_provider_api._persistence.get_token,
|
||||||
data_ref['id'])
|
data_ref['id'])
|
||||||
self.assertRaises(
|
self.assertRaises(
|
||||||
exception.TokenNotFound,
|
exception.TokenNotFound,
|
||||||
self.token_api.delete_token,
|
self.token_provider_api._persistence.delete_token,
|
||||||
data_ref['id'])
|
data_ref['id'])
|
||||||
return token_id
|
return token_id
|
||||||
|
|
||||||
@ -3215,7 +3234,8 @@ class TokenTests(object):
|
|||||||
'expires': expire_time,
|
'expires': expire_time,
|
||||||
'trust_id': None,
|
'trust_id': None,
|
||||||
'user': {'id': 'testuserid'}}
|
'user': {'id': 'testuserid'}}
|
||||||
data_ref = self.token_api.create_token(token_id, data)
|
data_ref = self.token_provider_api._persistence.create_token(token_id,
|
||||||
|
data)
|
||||||
data_ref.pop('user_id')
|
data_ref.pop('user_id')
|
||||||
self.assertDictEqual(data_ref, data)
|
self.assertDictEqual(data_ref, data)
|
||||||
|
|
||||||
@ -3225,12 +3245,14 @@ class TokenTests(object):
|
|||||||
'expires': expire_time,
|
'expires': expire_time,
|
||||||
'trust_id': None,
|
'trust_id': None,
|
||||||
'user': {'id': 'testuserid'}}
|
'user': {'id': 'testuserid'}}
|
||||||
data_ref = self.token_api.create_token(token_id, data)
|
data_ref = self.token_provider_api._persistence.create_token(token_id,
|
||||||
|
data)
|
||||||
data_ref.pop('user_id')
|
data_ref.pop('user_id')
|
||||||
self.assertDictEqual(data_ref, data)
|
self.assertDictEqual(data_ref, data)
|
||||||
|
|
||||||
self.token_api.flush_expired_tokens()
|
self.token_provider_api._persistence.flush_expired_tokens()
|
||||||
tokens = self.token_api._list_tokens('testuserid')
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
'testuserid')
|
||||||
self.assertEqual(1, len(tokens))
|
self.assertEqual(1, len(tokens))
|
||||||
self.assertIn(token_id, tokens)
|
self.assertIn(token_id, tokens)
|
||||||
|
|
||||||
@ -3248,25 +3270,29 @@ class TokenTests(object):
|
|||||||
'trust_id': None,
|
'trust_id': None,
|
||||||
'user': {'id': 'testuserid'}}
|
'user': {'id': 'testuserid'}}
|
||||||
# Create 2 Tokens.
|
# Create 2 Tokens.
|
||||||
self.token_api.create_token(token_id, token_data)
|
self.token_provider_api._persistence.create_token(token_id,
|
||||||
self.token_api.create_token(token2_id, token2_data)
|
token_data)
|
||||||
|
self.token_provider_api._persistence.create_token(token2_id,
|
||||||
|
token2_data)
|
||||||
# Verify the revocation list is empty.
|
# Verify the revocation list is empty.
|
||||||
self.assertEqual([], self.token_api.list_revoked_tokens())
|
self.assertEqual(
|
||||||
|
[], self.token_provider_api._persistence.list_revoked_tokens())
|
||||||
self.assertEqual([], self.token_provider_api.list_revoked_tokens())
|
self.assertEqual([], self.token_provider_api.list_revoked_tokens())
|
||||||
# Delete a token directly, bypassing the manager.
|
# Delete a token directly, bypassing the manager.
|
||||||
self.token_api.driver.delete_token(token_id)
|
self.token_provider_api._persistence.driver.delete_token(token_id)
|
||||||
# Verify the revocation list is still empty.
|
# Verify the revocation list is still empty.
|
||||||
self.assertEqual([], self.token_api.list_revoked_tokens())
|
self.assertEqual(
|
||||||
|
[], self.token_provider_api._persistence.list_revoked_tokens())
|
||||||
self.assertEqual([], self.token_provider_api.list_revoked_tokens())
|
self.assertEqual([], self.token_provider_api.list_revoked_tokens())
|
||||||
# Invalidate the revocation list.
|
# Invalidate the revocation list.
|
||||||
self.token_api.invalidate_revocation_list()
|
self.token_provider_api._persistence.invalidate_revocation_list()
|
||||||
# Verify the deleted token is in the revocation list.
|
# Verify the deleted token is in the revocation list.
|
||||||
revoked_ids = [x['id']
|
revoked_ids = [x['id']
|
||||||
for x in self.token_provider_api.list_revoked_tokens()]
|
for x in self.token_provider_api.list_revoked_tokens()]
|
||||||
self._assert_revoked_token_list_matches_token_persistence(revoked_ids)
|
self._assert_revoked_token_list_matches_token_persistence(revoked_ids)
|
||||||
self.assertIn(token_id, revoked_ids)
|
self.assertIn(token_id, revoked_ids)
|
||||||
# Delete the second token, through the manager
|
# Delete the second token, through the manager
|
||||||
self.token_api.delete_token(token2_id)
|
self.token_provider_api._persistence.delete_token(token2_id)
|
||||||
revoked_ids = [x['id']
|
revoked_ids = [x['id']
|
||||||
for x in self.token_provider_api.list_revoked_tokens()]
|
for x in self.token_provider_api.list_revoked_tokens()]
|
||||||
self._assert_revoked_token_list_matches_token_persistence(revoked_ids)
|
self._assert_revoked_token_list_matches_token_persistence(revoked_ids)
|
||||||
@ -3279,15 +3305,15 @@ class TokenTests(object):
|
|||||||
token_id_hash = hash_fn(token_id).hexdigest()
|
token_id_hash = hash_fn(token_id).hexdigest()
|
||||||
token = {'user': {'id': uuid.uuid4().hex}}
|
token = {'user': {'id': uuid.uuid4().hex}}
|
||||||
|
|
||||||
self.token_api.create_token(token_id, token)
|
self.token_provider_api._persistence.create_token(token_id, token)
|
||||||
self.token_api.delete_token(token_id)
|
self.token_provider_api._persistence.delete_token(token_id)
|
||||||
|
|
||||||
revoked_ids = [x['id']
|
revoked_ids = [x['id']
|
||||||
for x in self.token_provider_api.list_revoked_tokens()]
|
for x in self.token_provider_api.list_revoked_tokens()]
|
||||||
self._assert_revoked_token_list_matches_token_persistence(revoked_ids)
|
self._assert_revoked_token_list_matches_token_persistence(revoked_ids)
|
||||||
self.assertIn(token_id_hash, revoked_ids)
|
self.assertIn(token_id_hash, revoked_ids)
|
||||||
self.assertNotIn(token_id, revoked_ids)
|
self.assertNotIn(token_id, revoked_ids)
|
||||||
for t in self.token_api.list_revoked_tokens():
|
for t in self.token_provider_api._persistence.list_revoked_tokens():
|
||||||
self.assertIn('expires', t)
|
self.assertIn('expires', t)
|
||||||
|
|
||||||
def test_predictable_revoked_pki_token_id_default(self):
|
def test_predictable_revoked_pki_token_id_default(self):
|
||||||
@ -3301,8 +3327,8 @@ class TokenTests(object):
|
|||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
token = {'user': {'id': uuid.uuid4().hex}}
|
token = {'user': {'id': uuid.uuid4().hex}}
|
||||||
|
|
||||||
self.token_api.create_token(token_id, token)
|
self.token_provider_api._persistence.create_token(token_id, token)
|
||||||
self.token_api.delete_token(token_id)
|
self.token_provider_api._persistence.delete_token(token_id)
|
||||||
|
|
||||||
revoked_tokens = self.token_provider_api.list_revoked_tokens()
|
revoked_tokens = self.token_provider_api.list_revoked_tokens()
|
||||||
revoked_ids = [x['id'] for x in revoked_tokens]
|
revoked_ids = [x['id'] for x in revoked_tokens]
|
||||||
@ -3314,12 +3340,12 @@ class TokenTests(object):
|
|||||||
def test_create_unicode_token_id(self):
|
def test_create_unicode_token_id(self):
|
||||||
token_id = six.text_type(self._create_token_id())
|
token_id = six.text_type(self._create_token_id())
|
||||||
self.create_token_sample_data(token_id=token_id)
|
self.create_token_sample_data(token_id=token_id)
|
||||||
self.token_api.get_token(token_id)
|
self.token_provider_api._persistence.get_token(token_id)
|
||||||
|
|
||||||
def test_create_unicode_user_id(self):
|
def test_create_unicode_user_id(self):
|
||||||
user_id = six.text_type(uuid.uuid4().hex)
|
user_id = six.text_type(uuid.uuid4().hex)
|
||||||
token_id, data = self.create_token_sample_data(user_id=user_id)
|
token_id, data = self.create_token_sample_data(user_id=user_id)
|
||||||
self.token_api.get_token(token_id)
|
self.token_provider_api._persistence.get_token(token_id)
|
||||||
|
|
||||||
def test_token_expire_timezone(self):
|
def test_token_expire_timezone(self):
|
||||||
|
|
||||||
@ -3335,7 +3361,7 @@ class TokenTests(object):
|
|||||||
test_utils.TZ = 'UTC' + d
|
test_utils.TZ = 'UTC' + d
|
||||||
expire_time = timeutils.utcnow() + datetime.timedelta(minutes=1)
|
expire_time = timeutils.utcnow() + datetime.timedelta(minutes=1)
|
||||||
token_id, data_in = _create_token(expire_time)
|
token_id, data_in = _create_token(expire_time)
|
||||||
data_get = self.token_api.get_token(token_id)
|
data_get = self.token_provider_api._persistence.get_token(token_id)
|
||||||
|
|
||||||
self.assertEqual(data_in['id'], data_get['id'],
|
self.assertEqual(data_in['id'], data_get['id'],
|
||||||
'TZ=%s' % test_utils.TZ)
|
'TZ=%s' % test_utils.TZ)
|
||||||
@ -3344,7 +3370,8 @@ class TokenTests(object):
|
|||||||
timeutils.utcnow() + datetime.timedelta(minutes=-1))
|
timeutils.utcnow() + datetime.timedelta(minutes=-1))
|
||||||
token_id, data_in = _create_token(expire_time_expired)
|
token_id, data_in = _create_token(expire_time_expired)
|
||||||
self.assertRaises(exception.TokenNotFound,
|
self.assertRaises(exception.TokenNotFound,
|
||||||
self.token_api.get_token, data_in['id'])
|
self.token_provider_api._persistence.get_token,
|
||||||
|
data_in['id'])
|
||||||
|
|
||||||
|
|
||||||
class TokenCacheInvalidation(object):
|
class TokenCacheInvalidation(object):
|
||||||
@ -3415,25 +3442,27 @@ class TokenCacheInvalidation(object):
|
|||||||
self.token_provider_api.validate_v2_token(self.unscoped_token_id)
|
self.token_provider_api.validate_v2_token(self.unscoped_token_id)
|
||||||
|
|
||||||
def test_delete_unscoped_token(self):
|
def test_delete_unscoped_token(self):
|
||||||
self.token_api.delete_token(self.unscoped_token_id)
|
self.token_provider_api._persistence.delete_token(
|
||||||
|
self.unscoped_token_id)
|
||||||
self._check_unscoped_tokens_are_invalid()
|
self._check_unscoped_tokens_are_invalid()
|
||||||
self._check_scoped_tokens_are_valid()
|
self._check_scoped_tokens_are_valid()
|
||||||
|
|
||||||
def test_delete_scoped_token_by_id(self):
|
def test_delete_scoped_token_by_id(self):
|
||||||
self.token_api.delete_token(self.scoped_token_id)
|
self.token_provider_api._persistence.delete_token(self.scoped_token_id)
|
||||||
self._check_scoped_tokens_are_invalid()
|
self._check_scoped_tokens_are_invalid()
|
||||||
self._check_unscoped_tokens_are_valid()
|
self._check_unscoped_tokens_are_valid()
|
||||||
|
|
||||||
def test_delete_scoped_token_by_user(self):
|
def test_delete_scoped_token_by_user(self):
|
||||||
self.token_api.delete_tokens(self.user['id'])
|
self.token_provider_api._persistence.delete_tokens(self.user['id'])
|
||||||
# Since we are deleting all tokens for this user, they should all
|
# Since we are deleting all tokens for this user, they should all
|
||||||
# now be invalid.
|
# now be invalid.
|
||||||
self._check_scoped_tokens_are_invalid()
|
self._check_scoped_tokens_are_invalid()
|
||||||
self._check_unscoped_tokens_are_invalid()
|
self._check_unscoped_tokens_are_invalid()
|
||||||
|
|
||||||
def test_delete_scoped_token_by_user_and_tenant(self):
|
def test_delete_scoped_token_by_user_and_tenant(self):
|
||||||
self.token_api.delete_tokens(self.user['id'],
|
self.token_provider_api._persistence.delete_tokens(
|
||||||
tenant_id=self.tenant['id'])
|
self.user['id'],
|
||||||
|
tenant_id=self.tenant['id'])
|
||||||
self._check_scoped_tokens_are_invalid()
|
self._check_scoped_tokens_are_invalid()
|
||||||
self._check_unscoped_tokens_are_valid()
|
self._check_unscoped_tokens_are_valid()
|
||||||
|
|
||||||
|
@ -89,11 +89,13 @@ class KvsToken(tests.TestCase, test_backend.TokenTests):
|
|||||||
driver='keystone.identity.backends.kvs.Identity')
|
driver='keystone.identity.backends.kvs.Identity')
|
||||||
|
|
||||||
def test_flush_expired_token(self):
|
def test_flush_expired_token(self):
|
||||||
self.assertRaises(exception.NotImplemented,
|
self.assertRaises(
|
||||||
self.token_api.flush_expired_tokens)
|
exception.NotImplemented,
|
||||||
|
self.token_provider_api._persistence.flush_expired_tokens)
|
||||||
|
|
||||||
def _update_user_token_index_direct(self, user_key, token_id, new_data):
|
def _update_user_token_index_direct(self, user_key, token_id, new_data):
|
||||||
token_list = self.token_api.driver._get_user_token_list_with_expiry(
|
persistence = self.token_provider_api._persistence
|
||||||
|
token_list = persistence.driver._get_user_token_list_with_expiry(
|
||||||
user_key)
|
user_key)
|
||||||
# Update the user-index so that the expires time is _actually_ expired
|
# Update the user-index so that the expires time is _actually_ expired
|
||||||
# since we do not do an explicit get on the token, we only reference
|
# since we do not do an explicit get on the token, we only reference
|
||||||
@ -103,7 +105,8 @@ class KvsToken(tests.TestCase, test_backend.TokenTests):
|
|||||||
if data[0] == token_id:
|
if data[0] == token_id:
|
||||||
token_list[i] = new_data
|
token_list[i] = new_data
|
||||||
break
|
break
|
||||||
self.token_api.driver._store.set(user_key, token_list)
|
self.token_provider_api._persistence.driver._store.set(user_key,
|
||||||
|
token_list)
|
||||||
|
|
||||||
def test_cleanup_user_index_on_create(self):
|
def test_cleanup_user_index_on_create(self):
|
||||||
user_id = six.text_type(uuid.uuid4().hex)
|
user_id = six.text_type(uuid.uuid4().hex)
|
||||||
@ -115,10 +118,11 @@ class KvsToken(tests.TestCase, test_backend.TokenTests):
|
|||||||
|
|
||||||
# NOTE(morganfainberg): Directly access the data cache since we need to
|
# NOTE(morganfainberg): Directly access the data cache since we need to
|
||||||
# get expired tokens as well as valid tokens.
|
# get expired tokens as well as valid tokens.
|
||||||
user_key = self.token_api.driver._prefix_user_id(user_id)
|
token_persistence = self.token_provider_api._persistence
|
||||||
user_token_list = self.token_api.driver._store.get(user_key)
|
user_key = token_persistence.driver._prefix_user_id(user_id)
|
||||||
valid_token_ref = self.token_api.get_token(valid_token_id)
|
user_token_list = token_persistence.driver._store.get(user_key)
|
||||||
expired_token_ref = self.token_api.get_token(expired_token_id)
|
valid_token_ref = token_persistence.get_token(valid_token_id)
|
||||||
|
expired_token_ref = token_persistence.get_token(expired_token_id)
|
||||||
expected_user_token_list = [
|
expected_user_token_list = [
|
||||||
(valid_token_id, timeutils.isotime(valid_token_ref['expires'],
|
(valid_token_id, timeutils.isotime(valid_token_ref['expires'],
|
||||||
subsecond=True)),
|
subsecond=True)),
|
||||||
@ -133,25 +137,25 @@ class KvsToken(tests.TestCase, test_backend.TokenTests):
|
|||||||
new_expired_data)
|
new_expired_data)
|
||||||
valid_token_id_2, valid_data_2 = self.create_token_sample_data(
|
valid_token_id_2, valid_data_2 = self.create_token_sample_data(
|
||||||
user_id=user_id)
|
user_id=user_id)
|
||||||
valid_token_ref_2 = self.token_api.get_token(valid_token_id_2)
|
valid_token_ref_2 = token_persistence.get_token(valid_token_id_2)
|
||||||
expected_user_token_list = [
|
expected_user_token_list = [
|
||||||
(valid_token_id, timeutils.isotime(valid_token_ref['expires'],
|
(valid_token_id, timeutils.isotime(valid_token_ref['expires'],
|
||||||
subsecond=True)),
|
subsecond=True)),
|
||||||
(valid_token_id_2, timeutils.isotime(valid_token_ref_2['expires'],
|
(valid_token_id_2, timeutils.isotime(valid_token_ref_2['expires'],
|
||||||
subsecond=True))]
|
subsecond=True))]
|
||||||
user_token_list = self.token_api.driver._store.get(user_key)
|
user_token_list = token_persistence.driver._store.get(user_key)
|
||||||
self.assertEqual(expected_user_token_list, user_token_list)
|
self.assertEqual(expected_user_token_list, user_token_list)
|
||||||
|
|
||||||
# Test that revoked tokens are removed from the list on create.
|
# Test that revoked tokens are removed from the list on create.
|
||||||
self.token_api.delete_token(valid_token_id_2)
|
token_persistence.delete_token(valid_token_id_2)
|
||||||
new_token_id, data = self.create_token_sample_data(user_id=user_id)
|
new_token_id, data = self.create_token_sample_data(user_id=user_id)
|
||||||
new_token_ref = self.token_api.get_token(new_token_id)
|
new_token_ref = token_persistence.get_token(new_token_id)
|
||||||
expected_user_token_list = [
|
expected_user_token_list = [
|
||||||
(valid_token_id, timeutils.isotime(valid_token_ref['expires'],
|
(valid_token_id, timeutils.isotime(valid_token_ref['expires'],
|
||||||
subsecond=True)),
|
subsecond=True)),
|
||||||
(new_token_id, timeutils.isotime(new_token_ref['expires'],
|
(new_token_id, timeutils.isotime(new_token_ref['expires'],
|
||||||
subsecond=True))]
|
subsecond=True))]
|
||||||
user_token_list = self.token_api.driver._store.get(user_key)
|
user_token_list = token_persistence.driver._store.get(user_key)
|
||||||
self.assertEqual(expected_user_token_list, user_token_list)
|
self.assertEqual(expected_user_token_list, user_token_list)
|
||||||
|
|
||||||
|
|
||||||
|
@ -822,7 +822,8 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
self.credential_api.get_credential,
|
self.credential_api.get_credential,
|
||||||
self.credential['id'])
|
self.credential['id'])
|
||||||
# And the no tokens we remain valid
|
# And the no tokens we remain valid
|
||||||
tokens = self.token_api._list_tokens(self.user['id'])
|
tokens = self.token_provider_api._persistence._list_tokens(
|
||||||
|
self.user['id'])
|
||||||
self.assertEqual(0, len(tokens))
|
self.assertEqual(0, len(tokens))
|
||||||
# But the credential for user2 is unaffected
|
# But the credential for user2 is unaffected
|
||||||
r = self.credential_api.get_credential(self.credential2['id'])
|
r = self.credential_api.get_credential(self.credential2['id'])
|
||||||
|
@ -480,10 +480,12 @@ class AuthTokenTests(OAuthFlowTests):
|
|||||||
|
|
||||||
def test_delete_keystone_tokens_by_consumer_id(self):
|
def test_delete_keystone_tokens_by_consumer_id(self):
|
||||||
self.test_oauth_flow()
|
self.test_oauth_flow()
|
||||||
self.token_api.get_token(self.keystone_token_id)
|
self.token_provider_api._persistence.get_token(self.keystone_token_id)
|
||||||
self.token_api.delete_tokens(self.user_id,
|
self.token_provider_api._persistence.delete_tokens(
|
||||||
consumer_id=self.consumer['key'])
|
self.user_id,
|
||||||
self.assertRaises(exception.TokenNotFound, self.token_api.get_token,
|
consumer_id=self.consumer['key'])
|
||||||
|
self.assertRaises(exception.TokenNotFound,
|
||||||
|
self.token_provider_api._persistence.get_token,
|
||||||
self.keystone_token_id)
|
self.keystone_token_id)
|
||||||
|
|
||||||
def _create_trust_get_token(self):
|
def _create_trust_get_token(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user