Correct revocation event test for domain_id

The revocation event test used "user_domain_id" and
"project_domain_id" as token fields that the "domain_id"
revocation event field maps to, but the token fields are
actually "identity_domain_id" and "assignment_domain_id", as
can be seen in
keystone.contrib.revoke.model.build_token_values().

Change-Id: I208484da243403287eaa33893d57429c7e6d27c7
Partial-Bug: #1349597
changes/19/109819/4
Brant Knudson 8 years ago
parent a4c73e4382
commit c4447f16da
  1. 49
      keystone/tests/test_revoke.py

@ -79,7 +79,7 @@ def _matches(event, token_values):
# The token has two attributes that can match the domain_id
if event.domain_id is not None:
for attribute_name in ['user_domain_id', 'project_domain_id']:
for attribute_name in ['identity_domain_id', 'assignment_domain_id']:
if event.domain_id == token_values[attribute_name]:
break
else:
@ -293,6 +293,10 @@ class RevokeTreeTests(tests.TestCase):
self.events.append(event)
return event
def _revoke_by_domain(self, domain_id):
event = self.tree.add_event(model.RevokeEvent(domain_id=domain_id))
self.events.append(event)
def _user_field_test(self, field_name):
user_id = _new_id()
event = self._revoke_by_user(user_id)
@ -403,6 +407,49 @@ class RevokeTreeTests(tests.TestCase):
token_data['project_id'] = project_id
self._assertTokenRevoked(token_data)
def test_by_domain_user(self):
# If revoke a domain, then a token for a user in the domain is revoked
user_id = _new_id()
domain_id = _new_id()
token_data = _sample_blank_token()
token_data['user_id'] = user_id
token_data['identity_domain_id'] = domain_id
self._revoke_by_domain(domain_id)
self._assertTokenRevoked(token_data)
def test_by_domain_project(self):
# If revoke a domain, then a token scoped to a project in the domain
# is revoked.
user_id = _new_id()
user_domain_id = _new_id()
project_id = _new_id()
project_domain_id = _new_id()
token_data = _sample_blank_token()
token_data['user_id'] = user_id
token_data['identity_domain_id'] = user_domain_id
token_data['project_id'] = project_id
token_data['assignment_domain_id'] = project_domain_id
self._revoke_by_domain(project_domain_id)
self._assertTokenRevoked(token_data)
def test_by_domain_domain(self):
# If revoke a domain, then a token scoped to the domain is revoked.
# FIXME(blk-u): The token translation code doesn't handle domain-scoped
# tokens at this point. See bug #1347318. Replace this with test code
# similar to test_by_domain_project().
pass
def _assertEmpty(self, collection):
return self.assertEqual(0, len(collection), "collection not empty")

Loading…
Cancel
Save