Merge "Don't call the Keystone client if the token is None"

2016-03-22 19:43:55 +00:00 · 2016-03-22 19:43:55 +00:00 · 27d9604ac0
commit 27d9604ac0
parent 9545694545 75a6b9721e
3 changed files with 27 additions and 2 deletions
--- a/openstack_auth/tests/data_v3.py
+++ b/openstack_auth/tests/data_v3.py
@ -17,6 +17,7 @@ import uuid
 from django.utils import datetime_safe
 from keystoneauth1.access import access
 from keystoneauth1.access import service_catalog
+from keystoneclient.common import cms
 from keystoneclient.v3 import domains
 from keystoneclient.v3 import projects
 from keystoneclient.v3 import roles
@ -54,7 +55,7 @@ class TestResponse(requests.Response):
        return self._text


-def generate_test_data():
+def generate_test_data(pki=False):
    '''Builds a set of test_data data as returned by Keystone V2.'''
    test_data = TestDataContainer()

@ -177,7 +178,13 @@ def generate_test_data():
    # Tokens
    tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
    expiration = datetime_safe.datetime.isoformat(tomorrow)
-    auth_token = uuid.uuid4().hex
+    if pki:
+        # We don't need a real PKI token, but just the prefix to make the
+        # keystone client treat it as a PKI token
+        auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex
+    else:
+        auth_token = uuid.uuid4().hex
+
    auth_response_headers = {
        'X-Subject-Token': auth_token
    }
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@ -29,7 +29,9 @@ from keystoneclient.v2_0 import client as client_v2
 from keystoneclient.v3 import client as client_v3
 import mock
 from mox3 import mox
+import sys
 from testscenarios import load_tests_apply_scenarios  # noqa
+import unittest

 from openstack_auth import policy
 from openstack_auth.tests import data_v2
@ -1156,3 +1158,17 @@ class UtilsTestCase(test.TestCase):
        ]
        for src, expected in test_urls:
            self.assertEqual(expected, utils.fix_auth_url_version(src))
+
+
+class UserTestCase(test.TestCase):
+
+    def setUp(self):
+        self.data = data_v3.generate_test_data(pki=True)
+
+    @unittest.skipIf(sys.version_info >= (3, 0), "Bug #1552443")
+    def test_unscoped_token_is_none(self):
+        created_token = user.Token(self.data.domain_scoped_access_info,
+                                   unscoped_token=None)
+        self.assertTrue(created_token._is_pki_token(
+                        self.data.domain_scoped_access_info.auth_token))
+        self.assertFalse(created_token._is_pki_token(None))
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@ -117,6 +117,8 @@ class Token(object):

    def _is_pki_token(self, token):
        """Determines if this is a pki-based token (pki or pkiz)"""
+        if token is None:
+            return False
        return (keystone_cms.is_ans1_token(token)
                or keystone_cms.is_pkiz(token))