Fix a bug that issue token with project-scope gets error

Make sure the project ref contains domain info before looking up domain. Change-Id: Iea82898c213bf833b6d2fdbf7cca694a4e0afd33 Closes-bug: #1784536
2018-07-31 08:04:16 -04:00 · 2018-07-31 08:04:16 -04:00 · ec3fbf34e3
commit ec3fbf34e3
parent 68b2293fd9
3 changed files with 10 additions and 5 deletions
--- a/keystone/auth/core.py
+++ b/keystone/auth/core.py
@ -198,10 +198,13 @@ class AuthInfo(provider_api.ProviderAPIMixin, object):
                    project_name, domain_ref['id'])
            else:
                project_ref = PROVIDERS.resource_api.get_project(project_id)
+                domain_id = project_ref['domain_id']
+                if not domain_id:
+                    raise exception.ProjectNotFound(project_id=project_id)
                # NOTE(morganfainberg): The _lookup_domain method will raise
                # exception.Unauthorized if the domain isn't found or is
                # disabled.
-                self._lookup_domain({'id': project_ref['domain_id']})
+                self._lookup_domain({'id': domain_id})
        except exception.ProjectNotFound as e:
            LOG.warning(six.text_type(e))
            raise exception.Unauthorized(e)
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -45,7 +45,6 @@ from keystone.tests.common import auth as common_auth
 from keystone.tests import unit
 from keystone.tests.unit import ksfixtures
 from keystone.tests.unit import test_v3
-from keystone.tests.unit import utils as test_utils


 CONF = keystone.conf.CONF
@ -1415,9 +1414,6 @@ class TokenAPITests(object):
        self.v3_create_token(auth_data,
                             expected_status=http_client.UNAUTHORIZED)

-    @test_utils.wip('issue token with project-scope get "NoneType has '
-                    'no len()" error',
-                    bug='#1784536')
    def test_create_project_token_with_default_domain_as_project(self):
        # Authenticate to a project with the default domain as project
        auth_data = self.build_authentication_request(
--- a/releasenotes/notes/bug-1784536-9d1d1e149c605a1d.yaml
+++ b/releasenotes/notes/bug-1784536-9d1d1e149c605a1d.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - >
+    [`bug 1784536 <https://bugs.launchpad.net/keystone/+bug/1784536>`_]
+    Keystone now return `401 Unauthorized` correctly when issuing a
+    project-scoped token but the input project id is a domain id.