Fix a bug that issue token with project-scope gets error

Make sure the project ref contains domain info before
looking up domain.

Change-Id: Iea82898c213bf833b6d2fdbf7cca694a4e0afd33
Closes-bug: #1784536
This commit is contained in:
biwei 2018-07-31 08:04:16 -04:00 committed by Bi wei
parent 68b2293fd9
commit ec3fbf34e3
3 changed files with 10 additions and 5 deletions

View File

@ -198,10 +198,13 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
project_name, domain_ref['id'])
else:
project_ref = PROVIDERS.resource_api.get_project(project_id)
domain_id = project_ref['domain_id']
if not domain_id:
raise exception.ProjectNotFound(project_id=project_id)
# NOTE(morganfainberg): The _lookup_domain method will raise
# exception.Unauthorized if the domain isn't found or is
# disabled.
self._lookup_domain({'id': project_ref['domain_id']})
self._lookup_domain({'id': domain_id})
except exception.ProjectNotFound as e:
LOG.warning(six.text_type(e))
raise exception.Unauthorized(e)

View File

@ -45,7 +45,6 @@ from keystone.tests.common import auth as common_auth
from keystone.tests import unit
from keystone.tests.unit import ksfixtures
from keystone.tests.unit import test_v3
from keystone.tests.unit import utils as test_utils
CONF = keystone.conf.CONF
@ -1415,9 +1414,6 @@ class TokenAPITests(object):
self.v3_create_token(auth_data,
expected_status=http_client.UNAUTHORIZED)
@test_utils.wip('issue token with project-scope get "NoneType has '
'no len()" error',
bug='#1784536')
def test_create_project_token_with_default_domain_as_project(self):
# Authenticate to a project with the default domain as project
auth_data = self.build_authentication_request(

View File

@ -0,0 +1,6 @@
---
fixes:
- >
[`bug 1784536 <https://bugs.launchpad.net/keystone/+bug/1784536>`_]
Keystone now return `401 Unauthorized` correctly when issuing a
project-scoped token but the input project id is a domain id.