From 9df02bfb551b81e99ee4cc81f11e3881cd4ed80a Mon Sep 17 00:00:00 2001
From: Dave Chen <wei.d.chen@intel.com>
Date: Thu, 14 Jul 2016 16:06:18 +0800
Subject: [PATCH] Fix the wrong check condition

Keystone has the code to prevent `None` value to be returned in the
revoke event, but there is wrong check condition that leads to
the `access_token_id` with None will be returned to end user.

Closes-Bug: #1603861
Change-Id: Ifc2908ffb6b8353d24a6416338d8fadb0e0b2a21
---
 keystone/models/revoke_model.py          |  2 +-
 keystone/tests/unit/test_v3_os_revoke.py | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/keystone/models/revoke_model.py b/keystone/models/revoke_model.py
index 79f008d0fe..53b0fd234a 100644
--- a/keystone/models/revoke_model.py
+++ b/keystone/models/revoke_model.py
@@ -111,7 +111,7 @@ class RevokeEvent(object):
             event['OS-TRUST:trust_id'] = self.trust_id
         if self.consumer_id is not None:
             event['OS-OAUTH1:consumer_id'] = self.consumer_id
-        if self.consumer_id is not None:
+        if self.access_token_id is not None:
             event['OS-OAUTH1:access_token_id'] = self.access_token_id
         if self.expires_at is not None:
             event['expires_at'] = utils.isotime(self.expires_at)
diff --git a/keystone/tests/unit/test_v3_os_revoke.py b/keystone/tests/unit/test_v3_os_revoke.py
index 502fe1c9e1..b9aad2ddb4 100644
--- a/keystone/tests/unit/test_v3_os_revoke.py
+++ b/keystone/tests/unit/test_v3_os_revoke.py
@@ -145,3 +145,18 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin):
         # Strip off the microseconds from `revoked_at`.
         self.assertTimestampEqual(utils.isotime(revoked_at),
                                   events[0]['revoked_at'])
+
+    def test_access_token_id_not_in_event(self):
+        ref = {'description': uuid.uuid4().hex}
+        resp = self.post('/OS-OAUTH1/consumers', body={'consumer': ref})
+        consumer_id = resp.result['consumer']['id']
+        self.oauth_api.delete_consumer(consumer_id)
+
+        resp = self.get('/OS-REVOKE/events')
+        events = resp.json_body['events']
+        self.assertThat(events, matchers.HasLength(1))
+        event = events[0]
+        self.assertEqual(consumer_id, event['OS-OAUTH1:consumer_id'])
+        # `OS-OAUTH1:access_token_id` is None and won't be returned to
+        # end user.
+        self.assertNotIn('OS-OAUTH1:access_token_id', event)