diff options
author | Jenkins <jenkins@review.openstack.org> | 2013-06-05 07:24:40 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2013-06-05 07:24:40 +0000 |
commit | e6d551d97a7f21a3517cf8bc716ae997c7ebb567 (patch) | |
tree | 69f05e3d81e75fb947ad40776e4ca5e4e47a4228 /tests/test_v3_auth.py | |
parent | 99717a8fc8f5dc0f5cc310a8113ade5536657cfa (diff) | |
parent | 3d5b6ddce97c53fdafba1f51159e8243723a026f (diff) | |
download | keystone-e6d551d97a7f21a3517cf8bc716ae997c7ebb567.tar.gz keystone-e6d551d97a7f21a3517cf8bc716ae997c7ebb567.tar.xz keystone-e6d551d97a7f21a3517cf8bc716ae997c7ebb567.zip |
Merge "remove_role_from_user_and_project affecting all users (bug 1170649)"
Diffstat (limited to 'tests/test_v3_auth.py')
-rw-r--r-- | tests/test_v3_auth.py | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/tests/test_v3_auth.py b/tests/test_v3_auth.py index dd39f96a..a2bee8b8 100644 --- a/tests/test_v3_auth.py +++ b/tests/test_v3_auth.py @@ -739,6 +739,59 @@ class TestTokenRevoking(test_v3.RestfulTestCase): headers={'X-Subject-Token': token2}, expected_status=401) + def test_removing_role_assignment_does_not_affect_other_users(self): + """Revoking a role from one user should not affect other users.""" + r = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user1['id'], + password=self.user1['password'], + project_id=self.projectA['id'])) + user1_token = r.headers.get('X-Subject-Token') + + r = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id'])) + user3_token = r.headers.get('X-Subject-Token') + + # delete relationships between user1 and projectA from setUp + self.delete( + '/projects/%(project_id)s/users/%(user_id)s/roles/%(role_id)s' % { + 'project_id': self.projectA['id'], + 'user_id': self.user1['id'], + 'role_id': self.role1['id']}) + self.delete( + '/projects/%(project_id)s/groups/%(group_id)s/roles/%(role_id)s' % + {'project_id': self.projectA['id'], + 'group_id': self.group1['id'], + 'role_id': self.role1['id']}) + + # authorization for the first user should now fail + self.head('/auth/tokens', + headers={'X-Subject-Token': user1_token}, + expected_status=401) + self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user1['id'], + password=self.user1['password'], + project_id=self.projectA['id']), + expected_status=401) + + # authorization for the second user should still succeed + self.head('/auth/tokens', + headers={'X-Subject-Token': user3_token}, + expected_status=204) + self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user3['id'], + password=self.user3['password'], + project_id=self.projectA['id'])) + class TestAuthJSON(test_v3.RestfulTestCase): content_type = 'json' |