Add test for authentication when project and domain name clash

Now that we store domains as a top level project, it is allowable to have a project name within than domain to clash with the domain name itself. This patch adds tests to ensure we can get a project scoped token to such a project, but not to the project acting as a domain. Change-Id: Ib7151633b3a09ab85daba85b0f9853f8c76b1cbf
2016-04-27 22:11:39 +01:00 · 2016-04-27 22:11:39 +01:00 · 37afc8e2dc
commit 37afc8e2dc
parent 5cd8356b7c
1 changed files with 41 additions and 0 deletions
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -3543,6 +3543,47 @@ class TestAuth(test_v3.RestfulTestCase):
        self.v3_create_token(auth_data,
                             expected_status=http_client.UNAUTHORIZED)
    def test_project_scope_if_domain_and_project_name_clash(self):
        """Authenticate to a project with the same name as its domain."""
        domain = unit.new_project_ref(is_domain=True)
        domain = self.resource_api.create_project(domain['id'], domain)
        project = unit.new_project_ref(domain_id=domain['id'],
                                       name=domain['name'])
        self.resource_api.create_project(project['id'], project)
        role_member = unit.new_role_ref()
        self.role_api.create_role(role_member['id'], role_member)
        self.assignment_api.add_role_to_user_and_project(
            self.user['id'], project['id'], role_member['id'])
        auth_data = self.build_authentication_request(
            user_id=self.user['id'],
            password=self.user['password'],
            project_name=project['name'],
            project_domain_name=domain['name'])
        r = self.v3_create_token(auth_data)
        self.assertEqual(project['id'], r.result['token']['project']['id'])
    def test_project_scope_fails_if_domain_name_only_matches_request(self):
        """Authenticate fails to a project when only domain name matches."""
        domain = unit.new_project_ref(is_domain=True)
        domain = self.resource_api.create_project(domain['id'], domain)
        role_member = unit.new_role_ref()
        self.role_api.create_role(role_member['id'], role_member)
        self.assignment_api.create_grant(
            role_member['id'],
            user_id=self.user['id'],
            domain_id=domain['id'])
        auth_data = self.build_authentication_request(
            user_id=self.user['id'],
            password=self.user['password'],
            project_name=domain['name'],
            project_domain_name=domain['name'])
        self.v3_create_token(auth_data,
                             expected_status=http_client.UNAUTHORIZED)
 class TestAuthJSONExternal(test_v3.RestfulTestCase):
    content_type = 'json'