Merge "Parameter to return audit ids only in revocation list"
This commit is contained in:
commit
e943768088
|
@ -559,13 +559,23 @@ class Auth(controller.V3Controller):
|
|||
def revocation_list(self, context, auth=None):
|
||||
if not CONF.token.revoke_by_id:
|
||||
raise exception.Gone()
|
||||
|
||||
audit_id_only = ('audit_id_only' in context['query_string'])
|
||||
|
||||
tokens = self.token_provider_api.list_revoked_tokens()
|
||||
|
||||
for t in tokens:
|
||||
expires = t['expires']
|
||||
if not (expires and isinstance(expires, six.text_type)):
|
||||
t['expires'] = utils.isotime(expires)
|
||||
if audit_id_only:
|
||||
t.pop('id', None)
|
||||
data = {'revoked': tokens}
|
||||
|
||||
if audit_id_only:
|
||||
# No need to obfuscate if no token IDs.
|
||||
return data
|
||||
|
||||
json_data = jsonutils.dumps(data)
|
||||
signed_text = cms.cms_sign_text(json_data,
|
||||
CONF.signing.certfile,
|
||||
|
|
|
@ -4857,3 +4857,35 @@ class TestFetchRevocationList(test_v3.RestfulTestCase):
|
|||
}
|
||||
|
||||
self.assertEqual({'revoked': [exp_token_revoke_data]}, payload)
|
||||
|
||||
def test_audit_id_only_no_tokens(self):
|
||||
# When there's no revoked tokens and ?audit_id_only is used, the
|
||||
# response is an empty list and is not signed.
|
||||
res = self.get('/auth/tokens/OS-PKI/revoked?audit_id_only')
|
||||
self.assertEqual({'revoked': []}, res.json)
|
||||
|
||||
def test_audit_id_only_token(self):
|
||||
# When there's a revoked token and ?audit_id_only is used, the
|
||||
# response contains the audit_id of the token and is not signed.
|
||||
token_res = self.v3_create_token(
|
||||
self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
password=self.user['password'],
|
||||
project_id=self.project['id']))
|
||||
|
||||
token_id = token_res.headers.get('X-Subject-Token')
|
||||
token_data = token_res.json['token']
|
||||
|
||||
self.delete('/auth/tokens', headers={'X-Subject-Token': token_id})
|
||||
|
||||
res = self.get('/auth/tokens/OS-PKI/revoked?audit_id_only')
|
||||
|
||||
def truncate(ts_str):
|
||||
return ts_str[:19] + 'Z' # 2016-01-21T15:53:52 == 19 chars.
|
||||
|
||||
exp_token_revoke_data = {
|
||||
'audit_id': token_data['audit_ids'][0],
|
||||
'expires': truncate(token_data['expires_at']),
|
||||
}
|
||||
|
||||
self.assertEqual({'revoked': [exp_token_revoke_data]}, res.json)
|
||||
|
|
Loading…
Reference in New Issue