Merge "Move auth_token middleware from admin user to an RBAC policy"

1 files changed, 16 insertions, 2 deletions

diff --git a/tests/test_content_types.py b/tests/test_content_types.py
index 95a78ab0..e5bdc56a 100644
--- a/tests/test_content_types.py
+++ b/tests/test_content_types.py
@@ -214,8 +214,10 @@ class RestfulTestCase(test.TestCase):
     def admin_request(self, **kwargs):
         return self._request(app=self.admin_app, **kwargs)
 
-    def get_scoped_token(self):
+    def get_scoped_token(self, tenant_id=None):
         """Convenience method so that we can test authenticated requests."""
+        if not tenant_id:
+            tenant_id = self.tenant_bar['id']
         r = self.public_request(
             method='POST',
             path='/v2.0/tokens',
@@ -225,7 +227,7 @@ class RestfulTestCase(test.TestCase):
                         'username': self.user_foo['name'],
                         'password': self.user_foo['password'],
                     },
-                    'tenantId': self.tenant_bar['id'],
+                    'tenantId': tenant_id,
                 },
             })
         return self._get_token_id(r)
@@ -387,6 +389,18 @@ class CoreApiTests(object):
             token=token)
         self.assertValidAuthenticationResponse(r)
 
+    def test_validate_token_service_role(self):
+        self.metadata_foobar = self.identity_api.update_metadata(
+            self.user_foo['id'],
+            self.tenant_service['id'],
+            dict(roles=[self.role_service['id']]))
+
+        token = self.get_scoped_token(tenant_id='service')
+        r = self.admin_request(
+            path='/v2.0/tokens/%s' % token,
+            token=token)
+        self.assertValidAuthenticationResponse(r)
+
     def test_validate_token_belongs_to(self):
         token = self.get_scoped_token()
         path = ('/v2.0/tokens/%s?belongsTo=%s' % (token,