Raise unauthorized if tenant disabled (bug 988920)

If the client attempts to explicitly authenticate against a disabled tenant, keystone should return HTTP 401 Unauthorized. Change-Id: I49fe56b6ef8d9f2fc6b9357472dae8964bb9cb9c
author: Dolph Mathews <dolph.mathews@gmail.com> 2012-07-16 16:08:32 -0500
committer: Dolph Mathews <dolph.mathews@gmail.com> 2012-07-16 16:08:34 -0500
commit: 4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685 (patch)
tree: 75b35e2985cdd4855e218c4582386f159ed67443 /tests/test_keystoneclient.py
parent: 4b97716e4a68cb55652fe2bfd62373adf2b417c5 (diff)
download: keystone-4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685.tar.gz
keystone-4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685.tar.xz
keystone-4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685.zip
1 files changed, 47 insertions, 0 deletions
diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py
index 69d4ffc2..944ca790 100644
--- a/tests/test_keystoneclient.py
+++ b/tests/test_keystoneclient.py
@@ -180,6 +180,53 @@ class KeystoneClientTests(object):
                           self.get_client,
                           user_ref)
 
+    def test_authenticate_disabled_tenant(self):
+        from keystoneclient import exceptions as client_exceptions
+
+        admin_client = self.get_client(admin=True)
+
+        tenant = {
+            'name': uuid.uuid4().hex,
+            'description': uuid.uuid4().hex,
+            'enabled': False,
+        }
+        tenant_ref = admin_client.tenants.create(
+            tenant_name=tenant['name'],
+            description=tenant['description'],
+            enabled=tenant['enabled'])
+        tenant['id'] = tenant_ref.id
+
+        user = {
+            'name': uuid.uuid4().hex,
+            'password': uuid.uuid4().hex,
+            'email': uuid.uuid4().hex,
+            'tenant_id': tenant['id'],
+        }
+        user_ref = admin_client.users.create(
+            name=user['name'],
+            password=user['password'],
+            email=user['email'],
+            tenant_id=user['tenant_id'])
+        user['id'] = user_ref.id
+
+        # password authentication
+        self.assertRaises(
+            client_exceptions.Unauthorized,
+            self._client,
+            username=user['name'],
+            password=user['password'],
+            tenant_id=tenant['id'])
+
+        # token authentication
+        client = self._client(
+            username=user['name'],
+            password=user['password'])
+        self.assertRaises(
+            client_exceptions.Unauthorized,
+            self._client,
+            token=client.auth_token,
+            tenant_id=tenant['id'])
+
     # FIXME(ja): this test should require the "keystone:admin" roled
     #            (probably the role set via --keystone_admin_role flag)
     # FIXME(ja): add a test that admin endpoint is only sent to admin user
author	Dolph Mathews <dolph.mathews@gmail.com>	2012-07-16 16:08:32 -0500
committer	Dolph Mathews <dolph.mathews@gmail.com>	2012-07-16 16:08:34 -0500
commit	4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685 (patch)
tree	75b35e2985cdd4855e218c4582386f159ed67443 /tests/test_keystoneclient.py
parent	4b97716e4a68cb55652fe2bfd62373adf2b417c5 (diff)
download	keystone-4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685.tar.gz keystone-4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685.tar.xz keystone-4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685.zip