Correct revocation event test for domain_id
The revocation event test used "user_domain_id" and "project_domain_id" as token fields that the "domain_id" revocation event field maps to, but the token fields are actually "identity_domain_id" and "assignment_domain_id", as can be seen in keystone.contrib.revoke.model.build_token_values(). Change-Id: I208484da243403287eaa33893d57429c7e6d27c7 Partial-Bug: #1349597
This commit is contained in:
parent
a4c73e4382
commit
c4447f16da
@ -79,7 +79,7 @@ def _matches(event, token_values):
|
||||
|
||||
# The token has two attributes that can match the domain_id
|
||||
if event.domain_id is not None:
|
||||
for attribute_name in ['user_domain_id', 'project_domain_id']:
|
||||
for attribute_name in ['identity_domain_id', 'assignment_domain_id']:
|
||||
if event.domain_id == token_values[attribute_name]:
|
||||
break
|
||||
else:
|
||||
@ -293,6 +293,10 @@ class RevokeTreeTests(tests.TestCase):
|
||||
self.events.append(event)
|
||||
return event
|
||||
|
||||
def _revoke_by_domain(self, domain_id):
|
||||
event = self.tree.add_event(model.RevokeEvent(domain_id=domain_id))
|
||||
self.events.append(event)
|
||||
|
||||
def _user_field_test(self, field_name):
|
||||
user_id = _new_id()
|
||||
event = self._revoke_by_user(user_id)
|
||||
@ -403,6 +407,49 @@ class RevokeTreeTests(tests.TestCase):
|
||||
token_data['project_id'] = project_id
|
||||
self._assertTokenRevoked(token_data)
|
||||
|
||||
def test_by_domain_user(self):
|
||||
# If revoke a domain, then a token for a user in the domain is revoked
|
||||
|
||||
user_id = _new_id()
|
||||
domain_id = _new_id()
|
||||
|
||||
token_data = _sample_blank_token()
|
||||
token_data['user_id'] = user_id
|
||||
token_data['identity_domain_id'] = domain_id
|
||||
|
||||
self._revoke_by_domain(domain_id)
|
||||
|
||||
self._assertTokenRevoked(token_data)
|
||||
|
||||
def test_by_domain_project(self):
|
||||
# If revoke a domain, then a token scoped to a project in the domain
|
||||
# is revoked.
|
||||
|
||||
user_id = _new_id()
|
||||
user_domain_id = _new_id()
|
||||
|
||||
project_id = _new_id()
|
||||
project_domain_id = _new_id()
|
||||
|
||||
token_data = _sample_blank_token()
|
||||
token_data['user_id'] = user_id
|
||||
token_data['identity_domain_id'] = user_domain_id
|
||||
token_data['project_id'] = project_id
|
||||
token_data['assignment_domain_id'] = project_domain_id
|
||||
|
||||
self._revoke_by_domain(project_domain_id)
|
||||
|
||||
self._assertTokenRevoked(token_data)
|
||||
|
||||
def test_by_domain_domain(self):
|
||||
# If revoke a domain, then a token scoped to the domain is revoked.
|
||||
|
||||
# FIXME(blk-u): The token translation code doesn't handle domain-scoped
|
||||
# tokens at this point. See bug #1347318. Replace this with test code
|
||||
# similar to test_by_domain_project().
|
||||
|
||||
pass
|
||||
|
||||
def _assertEmpty(self, collection):
|
||||
return self.assertEqual(0, len(collection), "collection not empty")
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user