openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/tests/unit
History
Colleen Murphy ba89d27793 Ensure OAuth1 authorized roles are respected 
Without this patch, when an OAuth1 request token is authorized with a
limited set of roles, the roles for the access token are ignored when
the user uses it to request a keystone token. This means that user of an
access token can use it to escallate their role assignments beyond what
was authorized by the creator. This patch fixes the issue by ensuring
the token model accounts for an OAuth1-scoped token and correctly
populating the roles for it.

Change-Id: I02f9836fbd4d7e629653977fc341476cfd89859e
Closes-bug: #1873290
(cherry picked from commit 6c73690f77)
 		2020-05-02 12:35:10 -07:00
..
application_credential Re-enable line-length linter 2019-10-21 08:48:47 -07:00
assignment Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
auth Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
backend Don't call .c from select() objects 2019-06-22 11:03:41 -04:00
catalog Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
common Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
config_files Revert "Add JSON driver for access rules config" 2019-05-28 08:38:42 -07:00
contrib Add openstack_groups to assertion 2020-03-19 20:14:41 +05:30
credential Remove six usage 2020-01-30 06:06:51 +00:00
endpoint_policy Fixes remaining nits in endpoint_policy tests 2016-11-15 20:03:47 +00:00
external Replace parse_strtime with datetime.strptime 2017-12-21 12:14:28 -06:00
federation Add new attribute to the federation protocol API 2019-07-19 10:46:23 -07:00
identity Merge "Stop adding entry in local_user while updating ephemerals" 2020-04-20 20:34:43 +00:00
ksfixtures Remove six usage 2020-01-30 06:06:51 +00:00
limit Add domain level limit support - Manager 2019-02-19 11:09:13 +08:00
policy Finish refactoring self.*_api out of tests 2018-02-05 23:26:08 +00:00
receipt Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
resource Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
saml2 Add openstack_groups to assertion 2020-03-19 20:14:41 +05:30
server Check if content-type contains http, not equals 2020-02-17 21:06:13 +00:00
tests Adds a skip method to identify useless skips 2016-06-29 19:48:12 +00:00
token Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
trust Remove six usage 2020-01-30 06:06:51 +00:00
__init__.py Remove i18n.enable_lazy() translation 2018-12-14 10:30:17 +00:00
base_classes.py Use immutable roles in tests 2019-09-23 13:24:52 -07:00
core.py Ignore SQLAlchemy RemovedIn20Warning 2020-03-03 13:32:19 -05:00
default_catalog.templates Remove/update v2 catalog endpoint tests 2017-10-21 16:45:12 -05:00
default_catalog_multi_region.templates Fixing multi-region support in templated v3 catalog 2018-03-13 11:10:08 -07:00
default_fixtures.py Implement resource options for roles and projects 2019-09-09 22:07:30 +00:00
fakeldap.py Remove six usage 2020-01-30 06:06:51 +00:00
federation_fixtures.py Move existing tests to unit 2015-02-13 15:54:29 -06:00
filtering.py Remove six usage 2020-01-30 06:06:51 +00:00
identity_mapping.py Use the new enginefacade from oslo.db 2016-02-24 08:20:12 -08:00
mapping_fixtures.py Merge "Add openstack_groups to assertion" 2020-03-23 19:24:38 +00:00
rest.py Remove six usage 2020-01-30 06:06:51 +00:00
test_app_config.py Cleanup test_wsgi 2018-10-11 15:27:46 -07:00
test_associate_project_endpoint_extension.py Remove six usage 2020-01-30 06:06:51 +00:00
test_auth_plugin.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_backend_endpoint_policy.py Remove six usage 2020-01-30 06:06:51 +00:00
test_backend_endpoint_policy_sql.py Enable foreign keys for unit test 2018-10-09 09:50:21 +08:00
test_backend_federation_sql.py Expiring User Group Membership Model 2020-04-07 11:04:38 -04:00
test_backend_id_mapping_sql.py Increase test coverage of entity_type id mapping query 2018-07-13 21:42:07 +00:00
test_backend_ldap.py Expiring Group Membership Driver - Add, List Groups 2020-04-07 19:25:01 -04:00
test_backend_ldap_pool.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_backend_rules.py Split policy backend tests 2016-03-04 15:32:42 -03:00
test_backend_sql.py Add expiring user group memberships on mapped authentication 2020-04-07 19:30:57 -04:00
test_backend_templated.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_cli.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_config.py Remove pastedeploy 2018-06-06 19:30:26 +00:00
test_contrib_ec2_core.py Check timestamp of signed EC2 token request 2020-04-30 20:25:13 +00:00
test_contrib_s3_core.py Remove six usage 2020-01-30 06:06:51 +00:00
test_contrib_simple_cert.py Remove six usage 2020-01-30 06:06:51 +00:00
test_driver_hints.py Use assertTrue/False instead of assertEqual(T/F) 2015-11-02 09:10:38 +00:00
test_entry_points.py Internally defined middleware don't use stevedore 2018-10-11 15:27:46 -07:00
test_exception.py Remove six usage 2020-01-30 06:06:51 +00:00
test_hacking_checks.py Use pycodestyle in place of pep8 2018-11-20 17:16:01 +00:00
test_healthcheck.py Remove six usage 2020-01-30 06:06:51 +00:00
test_ldap_livetest.py Remove six usage 2020-01-30 06:06:51 +00:00
test_ldap_pool_livetest.py Remove redundant parameter passed to assertTrue 2019-06-28 17:15:55 +08:00
test_ldap_tls_livetest.py Remove six usage 2020-01-30 06:06:51 +00:00
test_limits.py Remove six usage 2020-01-30 06:06:51 +00:00
test_middleware.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_policy.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_receipt_provider.py Implement auth receipts spec 2018-11-02 15:06:19 +01:00
test_revoke.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_shadow_users.py Add federated support for updating a user 2020-04-08 10:55:19 -04:00
test_sql_banned_operations.py Work around deprecations for opportunistic tests 2018-02-27 13:46:27 +00:00
test_sql_upgrade.py Expiring User Group Membership Model 2020-04-07 11:04:38 -04:00
test_token_provider.py Remove six usage 2020-01-30 06:06:51 +00:00
test_url_middleware.py Convert Normalizing filter to flask native Middleware 2018-10-11 15:27:46 -07:00
test_v3.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_application_credential.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_assignment.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_auth.py Change time faking for totp test 2020-03-18 15:06:38 +00:00
test_v3_catalog.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_credential.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_v3_domain_config.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_endpoint_policy.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_federation.py Merge "Expiring Group Memberships API - Allow set idp authorization_ttl" 2020-04-10 09:37:50 +00:00
test_v3_filters.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_identity.py Merge "Stop adding entry in local_user while updating ephemerals" 2020-04-20 20:34:43 +00:00
test_v3_oauth1.py Ensure OAuth1 authorized roles are respected 2020-05-02 12:35:10 -07:00
test_v3_os_revoke.py Switch from mock to unittest.mock use 2020-03-02 13:40:40 -06:00
test_v3_policy.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_resource.py Remove six usage 2020-01-30 06:06:51 +00:00
test_v3_trust.py Remove six usage 2020-01-30 06:06:51 +00:00
test_validation.py Add domain level limit support - API 2019-02-19 11:09:13 +08:00
test_versions.py Add expiring user group memberships on mapped authentication 2020-04-07 19:30:57 -04:00
utils.py Remove six usage 2020-01-30 06:06:51 +00:00