Merge "Revoke user tokens when disabling/delete a project"

author: Jenkins <jenkins@review.openstack.org> 2013-08-15 20:45:50 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-08-15 20:45:50 +0000
commit: 1b4f0a5ec848af94e322a8f55deb52223c94b62a (patch)
tree: b7ba6edd958027060980f3c05a79eda01bc43bdd /keystone/tests/test_keystoneclient.py
parent: 116897786dbb8473154ec85a01b019af8106a1f4 (diff)
parent: 74f788aa9da0dabf54bd1f4718f9c0e0b9726757 (diff)
download: keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.tar.gz
keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.tar.xz
keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.zip
1 files changed, 46 insertions, 0 deletions
diff --git a/keystone/tests/test_keystoneclient.py b/keystone/tests/test_keystoneclient.py
index 7e59885d..0c323ddd 100644
--- a/keystone/tests/test_keystoneclient.py
+++ b/keystone/tests/test_keystoneclient.py
@@ -378,6 +378,46 @@ class KeystoneClientTests(object):
                           client.tokens.authenticate,
                           token=token_id)
 
+    def test_disable_tenant_invalidates_token(self):
+        from keystoneclient import exceptions as client_exceptions
+
+        admin_client = self.get_client(admin=True)
+        foo_client = self.get_client(self.user_foo)
+        tenant_bar = admin_client.tenants.get(self.tenant_bar['id'])
+
+        # Disable the tenant.
+        tenant_bar.update(enabled=False)
+
+        # Test that the token has been removed.
+        self.assertRaises(client_exceptions.Unauthorized,
+                          foo_client.tokens.authenticate,
+                          token=foo_client.auth_token)
+
+        # Test that the user access has been disabled.
+        self.assertRaises(client_exceptions.Unauthorized,
+                          self.get_client,
+                          self.user_foo)
+
+    def test_delete_tenant_invalidates_token(self):
+        from keystoneclient import exceptions as client_exceptions
+
+        admin_client = self.get_client(admin=True)
+        foo_client = self.get_client(self.user_foo)
+        tenant_bar = admin_client.tenants.get(self.tenant_bar['id'])
+
+        # Delete the tenant.
+        tenant_bar.delete()
+
+        # Test that the token has been removed.
+        self.assertRaises(client_exceptions.Unauthorized,
+                          foo_client.tokens.authenticate,
+                          token=foo_client.auth_token)
+
+        # Test that the user access has been disabled.
+        self.assertRaises(client_exceptions.Unauthorized,
+                          self.get_client,
+                          self.user_foo)
+
     def test_disable_user_invalidates_token(self):
         from keystoneclient import exceptions as client_exceptions
 
@@ -1165,6 +1205,12 @@ class KcEssex3TestCase(CompatTestCase, KeystoneClientTests):
     def test_policy_crud(self):
         self.skipTest('N/A due to lack of endpoint CRUD')
 
+    def test_disable_tenant_invalidates_token(self):
+        self.skipTest('N/A')
+
+    def test_delete_tenant_invalidates_token(self):
+        self.skipTest('N/A')
+
 
 class Kc11TestCase(CompatTestCase, KeystoneClientTests):
     def get_checkout(self):
author	Jenkins <jenkins@review.openstack.org>	2013-08-15 20:45:50 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-08-15 20:45:50 +0000
commit	1b4f0a5ec848af94e322a8f55deb52223c94b62a (patch)
tree	b7ba6edd958027060980f3c05a79eda01bc43bdd /keystone/tests/test_keystoneclient.py
parent	116897786dbb8473154ec85a01b019af8106a1f4 (diff)
parent	74f788aa9da0dabf54bd1f4718f9c0e0b9726757 (diff)
download	keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.tar.gz keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.tar.xz keystone-1b4f0a5ec848af94e322a8f55deb52223c94b62a.zip