diff options
| author | Andy Smith <github@anarkystic.com> | 2012-02-06 12:40:29 -0800 |
|---|---|---|
| committer | Andy Smith <github@anarkystic.com> | 2012-02-06 12:40:29 -0800 |
| commit | 63573fe88cc1e6e7ce7cceeeb76e6ad527c8af85 (patch) | |
| tree | 83a8b657c3ef5a614aa48a8a21a8a890222b0dec | |
| parent | 446b26850d1afa1bd239c3048a23fc818b86c8f0 (diff) | |
| parent | e0afc0dc327030d34c1fbd7806f555f69e406144 (diff) | |
Merge pull request #37 from dolph/master
Add support for invalidate token: DELETE /tokens/{token_id}
| -rw-r--r-- | keystone/service.py | 11 | ||||
| -rw-r--r-- | tests/test_cli.py | 3 | ||||
| -rw-r--r-- | tests/test_keystoneclient.py | 19 |
3 files changed, 33 insertions, 0 deletions
diff --git a/keystone/service.py b/keystone/service.py index 05cca4e6..eae882d0 100644 --- a/keystone/service.py +++ b/keystone/service.py @@ -32,6 +32,10 @@ class AdminRouter(wsgi.ComposingRouter): controller=auth_controller, action='validate_token', conditions=dict(method=['GET'])) + mapper.connect('/tokens/{token_id}', + controller=auth_controller, + action='delete_token', + conditions=dict(method=['DELETE'])) mapper.connect('/tokens/{token_id}/endpoints', controller=auth_controller, action='endpoints', @@ -255,6 +259,13 @@ class TokenController(wsgi.Application): roles_ref.append(self.identity_api.get_role(context, role_id)) return self._format_token(token_ref, roles_ref) + def delete_token(self, context, token_id): + """Delete a token, effectively invalidating it for authz.""" + # TODO(termie): this stuff should probably be moved to middleware + self.assert_admin(context) + + self.token_api.delete_token(context=context, token_id=token_id) + def endpoints(self, context, token_id): """Return service catalog endpoints.""" token_ref = self.token_api.get_token(context=context, diff --git a/tests/test_cli.py b/tests/test_cli.py index 5d06d491..bd4ead73 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -59,6 +59,9 @@ class CliMasterTestCase(test_keystoneclient.KcMasterTestCase): def test_authenticate_token_tenant_name(self): raise nose.exc.SkipTest('N/A') + def test_authenticate_and_delete_token(self): + raise nose.exc.SkipTest('N/A') + def test_tenant_create_update_and_delete(self): raise nose.exc.SkipTest('cli does not support booleans yet') diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py index 1cda1bc6..a32a3b14 100644 --- a/tests/test_keystoneclient.py +++ b/tests/test_keystoneclient.py @@ -122,6 +122,22 @@ class KeystoneClientTests(object): token_client = self._client(token=token, tenant_name='BAR') tenants = token_client.tenants.list() self.assertEquals(tenants[0].id, self.tenant_bar['id']) + self.assertEquals(tenants[0].id, self.tenant_bar['id']) + + def test_authenticate_and_delete_token(self): + client = self.get_client() + token = client.auth_token + token_client = self._client(token=token) + tenants = token_client.tenants.list() + self.assertEquals(tenants[0].id, self.tenant_bar['id']) + + client.tokens.delete(token_client.auth_token) + + # FIXME(dolph): this should raise unauthorized + # from keystoneclient import exceptions as client_exceptions + # with self.assertRaises(client_exceptions.Unauthorized): + with self.assertRaises(Exception): + token_client.tenants.list() # TODO(termie): I'm not really sure that this is testing much def test_endpoints(self): @@ -460,3 +476,6 @@ class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): client = self.get_client() roles = client.roles.get_user_role_refs(user_id='foo') self.assertTrue(len(roles) > 0) + + def test_authenticate_and_delete_token(self): + raise nose.exc.SkipTest('N/A') |