Correct revocation event test for domain_id

The revocation event test used "user_domain_id" and "project_domain_id" as token fields that the "domain_id" revocation event field maps to, but the token fields are actually "identity_domain_id" and "assignment_domain_id", as can be seen in keystone.contrib.revoke.model.build_token_values(). Change-Id: I208484da243403287eaa33893d57429c7e6d27c7 Partial-Bug: #1349597
2014-07-26 11:21:45 -05:00 · 2014-07-26 11:21:45 -05:00 · c4447f16da
parent a4c73e4382
commit c4447f16da
1 changed files with 48 additions and 1 deletions
--- a/keystone/tests/test_revoke.py
+++ b/keystone/tests/test_revoke.py
@ -79,7 +79,7 @@ def _matches(event, token_values):

    # The token has two attributes that can match the domain_id
    if event.domain_id is not None:
-        for attribute_name in ['user_domain_id', 'project_domain_id']:
+        for attribute_name in ['identity_domain_id', 'assignment_domain_id']:
            if event.domain_id == token_values[attribute_name]:
                break
        else:
@ -293,6 +293,10 @@ class RevokeTreeTests(tests.TestCase):
        self.events.append(event)
        return event

+    def _revoke_by_domain(self, domain_id):
+        event = self.tree.add_event(model.RevokeEvent(domain_id=domain_id))
+        self.events.append(event)
+
    def _user_field_test(self, field_name):
        user_id = _new_id()
        event = self._revoke_by_user(user_id)
@ -403,6 +407,49 @@ class RevokeTreeTests(tests.TestCase):
        token_data['project_id'] = project_id
        self._assertTokenRevoked(token_data)

+    def test_by_domain_user(self):
+        # If revoke a domain, then a token for a user in the domain is revoked
+
+        user_id = _new_id()
+        domain_id = _new_id()
+
+        token_data = _sample_blank_token()
+        token_data['user_id'] = user_id
+        token_data['identity_domain_id'] = domain_id
+
+        self._revoke_by_domain(domain_id)
+
+        self._assertTokenRevoked(token_data)
+
+    def test_by_domain_project(self):
+        # If revoke a domain, then a token scoped to a project in the domain
+        # is revoked.
+
+        user_id = _new_id()
+        user_domain_id = _new_id()
+
+        project_id = _new_id()
+        project_domain_id = _new_id()
+
+        token_data = _sample_blank_token()
+        token_data['user_id'] = user_id
+        token_data['identity_domain_id'] = user_domain_id
+        token_data['project_id'] = project_id
+        token_data['assignment_domain_id'] = project_domain_id
+
+        self._revoke_by_domain(project_domain_id)
+
+        self._assertTokenRevoked(token_data)
+
+    def test_by_domain_domain(self):
+        # If revoke a domain, then a token scoped to the domain is revoked.
+
+        # FIXME(blk-u): The token translation code doesn't handle domain-scoped
+        # tokens at this point. See bug #1347318. Replace this with test code
+        # similar to test_by_domain_project().
+
+        pass
+
    def _assertEmpty(self, collection):
        return self.assertEqual(0, len(collection), "collection not empty")