Merge "Fix fernet token validate for disabled domains/trusts"
This commit is contained in:
commit
216000fd31
|
@ -2482,6 +2482,10 @@ class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests,
|
|||
# FIXME(lbragstad): Remove this test from this class and inherit the
|
||||
# version in TokenAPITest once bug 1532280 is fixed.
|
||||
def test_trust_token_is_invalid_when_trustee_domain_disabled(self):
|
||||
# Remove this once revocation for domains is handled properly
|
||||
self.config_fixture.config(
|
||||
group='cache',
|
||||
enabled=False)
|
||||
# create a new domain with new user in that domain
|
||||
new_domain_ref = unit.new_domain_ref()
|
||||
self.resource_api.create_domain(new_domain_ref['id'], new_domain_ref)
|
||||
|
@ -2525,8 +2529,9 @@ class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests,
|
|||
'/domains/%(domain_id)s' % {'domain_id': new_domain_ref['id']},
|
||||
body=disable_body)
|
||||
|
||||
# this should return Not Found once bug 1532280 is fixed!
|
||||
self._validate_token(trust_scoped_token)
|
||||
# ensure the project-scoped token from the trust is invalid
|
||||
self._validate_token(trust_scoped_token,
|
||||
expected_status=http_client.NOT_FOUND)
|
||||
|
||||
|
||||
class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
||||
|
|
|
@ -352,6 +352,19 @@ class V3TokenDataHelper(object):
|
|||
if CONF.trust.enabled and trust and 'OS-TRUST:trust' not in token_data:
|
||||
trustor_user_ref = (self.identity_api.get_user(
|
||||
trust['trustor_user_id']))
|
||||
trustee_user_ref = (self.identity_api.get_user(
|
||||
trust['trustee_user_id']))
|
||||
try:
|
||||
self.resource_api.assert_domain_enabled(
|
||||
trustor_user_ref['domain_id'])
|
||||
except AssertionError:
|
||||
raise exception.TokenNotFound(_('Trustor domain is disabled.'))
|
||||
try:
|
||||
self.resource_api.assert_domain_enabled(
|
||||
trustee_user_ref['domain_id'])
|
||||
except AssertionError:
|
||||
raise exception.TokenNotFound(_('Trustee domain is disabled.'))
|
||||
|
||||
try:
|
||||
self.identity_api.assert_user_enabled(trust['trustor_user_id'])
|
||||
except AssertionError:
|
||||
|
|
Loading…
Reference in New Issue