diff options
author | Dolph Mathews <dolph.mathews@gmail.com> | 2013-06-03 14:46:53 -0500 |
---|---|---|
committer | Dolph Mathews <dolph.mathews@gmail.com> | 2013-06-03 14:48:06 -0500 |
commit | 3d5b6ddce97c53fdafba1f51159e8243723a026f (patch) | |
tree | 85e3dabf27cea8b0e50e53b3e568060783c2a566 /tests/test_v3_auth.py | |
parent | cd349711bc6210bf35952c5f71bb92ab7676bd2d (diff) | |
download | keystone-3d5b6ddce97c53fdafba1f51159e8243723a026f.tar.gz keystone-3d5b6ddce97c53fdafba1f51159e8243723a026f.tar.xz keystone-3d5b6ddce97c53fdafba1f51159e8243723a026f.zip |
remove_role_from_user_and_project affecting all users (bug 1170649)
Change-Id: I2333404991114e6985f3f2c4de4fb30dc3195b2d
Diffstat (limited to 'tests/test_v3_auth.py')
-rw-r--r-- | tests/test_v3_auth.py | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/tests/test_v3_auth.py b/tests/test_v3_auth.py index 1ee3719d..c9d1edfb 100644 --- a/tests/test_v3_auth.py +++ b/tests/test_v3_auth.py @@ -697,6 +697,59 @@ class TestTokenRevoking(test_v3.RestfulTestCase): headers={'X-Subject-Token': token2}, expected_status=401) + def test_removing_role_assignment_does_not_affect_other_users(self): + """Revoking a role from one user should not affect other users.""" + r = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user1['id'], + password=self.user1['password'], + project_id=self.projectA['id'])) + user1_token = r.headers.get('X-Subject-Token') + + r = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id'])) + user3_token = r.headers.get('X-Subject-Token') + + # delete relationships between user1 and projectA from setUp + self.delete( + '/projects/%(project_id)s/users/%(user_id)s/roles/%(role_id)s' % { + 'project_id': self.projectA['id'], + 'user_id': self.user1['id'], + 'role_id': self.role1['id']}) + self.delete( + '/projects/%(project_id)s/groups/%(group_id)s/roles/%(role_id)s' % + {'project_id': self.projectA['id'], + 'group_id': self.group1['id'], + 'role_id': self.role1['id']}) + + # authorization for the first user should now fail + self.head('/auth/tokens', + headers={'X-Subject-Token': user1_token}, + expected_status=401) + self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user1['id'], + password=self.user1['password'], + project_id=self.projectA['id']), + expected_status=401) + + # authorization for the second user should still succeed + self.head('/auth/tokens', + headers={'X-Subject-Token': user3_token}, + expected_status=204) + self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id'])) + class TestAuthJSON(test_v3.RestfulTestCase): content_type = 'json' |