diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_backend.py | 265 | ||||
-rw-r--r-- | tests/test_backend_ldap.py | 3 | ||||
-rw-r--r-- | tests/test_content_types.py | 36 | ||||
-rw-r--r-- | tests/test_import_legacy.py | 14 | ||||
-rw-r--r-- | tests/test_keystoneclient.py | 13 | ||||
-rw-r--r-- | tests/test_migrate_nova_auth.py | 5 | ||||
-rw-r--r-- | tests/test_v3_auth.py | 60 |
7 files changed, 254 insertions, 142 deletions
diff --git a/tests/test_backend.py b/tests/test_backend.py index 8f87e4e1..57f3315c 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -29,6 +29,7 @@ CONF = config.CONF DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id TIME_FORMAT = '%Y-%m-%dT%H:%M:%S.%fZ' NULL_OBJECT = object() +EMPTY_CONTEXT = {} class IdentityTests(object): @@ -58,27 +59,31 @@ class IdentityTests(object): def test_authenticate_bad_user(self): self.assertRaises(AssertionError, - self.identity_api.authenticate, + self.identity_man.authenticate, + EMPTY_CONTEXT, user_id=uuid.uuid4().hex, tenant_id=self.tenant_bar['id'], password=self.user_foo['password']) def test_authenticate_bad_password(self): self.assertRaises(AssertionError, - self.identity_api.authenticate, + self.identity_man.authenticate, + EMPTY_CONTEXT, user_id=self.user_foo['id'], tenant_id=self.tenant_bar['id'], password=uuid.uuid4().hex) def test_authenticate_bad_project(self): self.assertRaises(AssertionError, - self.identity_api.authenticate, + self.identity_man.authenticate, + EMPTY_CONTEXT, user_id=self.user_foo['id'], tenant_id=uuid.uuid4().hex, password=self.user_foo['password']) def test_authenticate_no_project(self): - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=self.user_foo['id'], password=self.user_foo['password']) # NOTE(termie): the password field is left in user_foo to make @@ -90,7 +95,8 @@ class IdentityTests(object): self.assert_(not metadata_ref) def test_authenticate(self): - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=self.user_sna['id'], tenant_id=self.tenant_bar['id'], password=self.user_sna['password']) @@ -107,7 +113,8 @@ class IdentityTests(object): def test_authenticate_role_return(self): self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_baz['id'], self.role_admin['id']) - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=self.user_foo['id'], tenant_id=self.tenant_baz['id'], password=self.user_foo['password']) @@ -124,7 +131,8 @@ class IdentityTests(object): self.identity_api.create_user(user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=user['id'], tenant_id=self.tenant_baz['id'], password=user['password']) @@ -279,10 +287,10 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -292,10 +300,10 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['id'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake2', user) @@ -310,8 +318,8 @@ class IdentityTests(object): 'name': user1['name'], 'domain_id': new_domain['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user1['id'], user1) - self.identity_man.create_user({}, user2['id'], user2) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user2['id'], user2) def test_move_user_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -322,7 +330,7 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user['id'], user) + self.identity_man.create_user(EMPTY_CONTEXT, user['id'], user) user['domain_id'] = domain2['id'] self.identity_api.update_user(user['id'], user) @@ -336,14 +344,14 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) # Now create a user in domain2 with a potentially clashing # name - which should work since we have domain separation user2 = {'id': uuid.uuid4().hex, 'name': user1['name'], 'domain_id': domain2['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user2['id'], user2) + self.identity_man.create_user(EMPTY_CONTEXT, user2['id'], user2) # Now try and move user1 into the 2nd domain - which should # fail since the names clash user1['domain_id'] = domain2['id'] @@ -392,20 +400,20 @@ class IdentityTests(object): def test_create_duplicate_project_id_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, 'fake1', tenant) def test_create_duplicate_project_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['id'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, 'fake1', tenant) @@ -416,8 +424,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID} tenant2 = {'id': uuid.uuid4().hex, 'name': tenant1['name'], 'domain_id': new_domain['id']} - self.identity_man.create_project({}, tenant1['id'], tenant1) - self.identity_man.create_project({}, tenant2['id'], tenant2) + self.identity_man.create_project(EMPTY_CONTEXT, tenant1['id'], tenant1) + self.identity_man.create_project(EMPTY_CONTEXT, tenant2['id'], tenant2) def test_move_project_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -427,7 +435,7 @@ class IdentityTests(object): project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project['id'], project) + self.identity_man.create_project(EMPTY_CONTEXT, project['id'], project) project['domain_id'] = domain2['id'] self.identity_api.update_project(project['id'], project) @@ -440,13 +448,15 @@ class IdentityTests(object): project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) # Now create a project in domain2 with a potentially clashing # name - which should work since we have domain separation project2 = {'id': uuid.uuid4().hex, 'name': project1['name'], 'domain_id': domain2['id']} - self.identity_man.create_project({}, project2['id'], project2) + self.identity_man.create_project(EMPTY_CONTEXT, + project2['id'], project2) # Now try and move project1 into the 2nd domain - which should # fail since the names clash project1['domain_id'] = domain2['id'] @@ -460,8 +470,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID} tenant2 = {'id': 'fake2', 'name': 'fake2', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant1) - self.identity_man.create_project({}, 'fake2', tenant2) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant1) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake2', tenant2) tenant2['name'] = 'fake1' self.assertRaises(exception.Error, self.identity_api.update_project, @@ -718,11 +728,12 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': 'secret', 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) roles_ref = self.identity_api.list_grants( @@ -755,11 +766,12 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -795,21 +807,25 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': new_domain['id']} - self.identity_man.create_project({}, new_project['id'], new_project) + self.identity_man.create_project(EMPTY_CONTEXT, + new_project['id'], new_project) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group2['id'], new_group2) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group2['id'], new_group2) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) new_user2 = {'id': uuid.uuid4().hex, 'name': 'new_user2', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user2['id'], new_user2) + self.identity_man.create_user(EMPTY_CONTEXT, + new_user2['id'], new_user2) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) # First check we have no grants @@ -857,7 +873,7 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': 'secret', 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) roles_ref = self.identity_api.list_grants( user_id=new_user['id'], domain_id=new_domain['id']) @@ -898,7 +914,7 @@ class IdentityTests(object): self.identity_api.create_domain(domain2['id'], domain2) group1 = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) roles_ref = self.identity_api.list_grants( group_id=group1['id'], domain_id=domain1['id']) @@ -951,7 +967,7 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) roles_ref = self.identity_api.list_grants( user_id=user1['id'], domain_id=domain1['id']) @@ -999,10 +1015,11 @@ class IdentityTests(object): self.identity_api.create_domain(domain2['id'], domain2) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) roles_ref = self.identity_api.list_grants( group_id=group1['id'], project_id=project1['id']) @@ -1044,10 +1061,11 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) roles_ref = self.identity_api.list_grants( user_id=user1['id'], project_id=project1['id']) @@ -1088,13 +1106,15 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, + group1['id'], group1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) self.identity_api.add_user_to_group(user1['id'], group1['id']) @@ -1155,14 +1175,15 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.identity_api.create_grant(user_id=user1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1216,14 +1237,15 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.identity_api.create_grant(user_id=user1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1264,14 +1286,15 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.identity_api.create_grant(group_id=group1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1437,7 +1460,7 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': 'a' * 65, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) @@ -1445,7 +1468,7 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': '', 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) @@ -1453,20 +1476,20 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': None, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) tenant = {'id': 'fake1', 'name': 123, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) def test_update_project_blank_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = '' self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1476,7 +1499,7 @@ class IdentityTests(object): def test_update_project_long_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = 'a' * 65 self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1486,7 +1509,7 @@ class IdentityTests(object): def test_update_project_invalid_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = None self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1503,7 +1526,7 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': 'a' * 65, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -1511,7 +1534,7 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': '', 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -1519,14 +1542,14 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': None, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) user = {'id': 'fake1', 'name': 123, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -1538,14 +1561,14 @@ class IdentityTests(object): # invalid string value 'enabled': "true"} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, user['id'], user) def test_update_user_long_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = 'a' * 65 self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -1555,7 +1578,7 @@ class IdentityTests(object): def test_update_user_blank_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = '' self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -1565,7 +1588,7 @@ class IdentityTests(object): def test_update_user_invalid_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = None self.assertRaises(exception.ValidationError, @@ -1593,8 +1616,8 @@ class IdentityTests(object): 'id': uuid.uuid4().hex, 'domain_id': CONF.identity.default_domain_id, 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, group1['id'], group1) - self.identity_man.create_group({}, group2['id'], group2) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group2['id'], group2) groups = self.identity_api.list_groups() self.assertEquals(len(groups), 2) group_ids = [] @@ -1661,7 +1684,8 @@ class IdentityTests(object): new_project = {'id': 'tenant_id', 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} original_project = new_project.copy() - self.identity_man.create_project({}, 'tenant_id', new_project) + self.identity_man.create_project(EMPTY_CONTEXT, + 'tenant_id', new_project) self.assertDictEqual(original_project, new_project) def test_create_user_doesnt_modify_passed_in_dict(self): @@ -1669,7 +1693,7 @@ class IdentityTests(object): 'password': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} original_user = new_user.copy() - self.identity_man.create_user({}, 'user_id', new_user) + self.identity_man.create_user(EMPTY_CONTEXT, 'user_id', new_user) self.assertDictEqual(original_user, new_user) def test_update_user_enable(self): @@ -1745,11 +1769,12 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) groups = self.identity_api.list_groups_for_user(new_user['id']) @@ -1765,7 +1790,8 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, + new_user['id'], new_user) self.assertRaises(exception.GroupNotFound, self.identity_api.add_user_to_group, new_user['id'], @@ -1773,7 +1799,8 @@ class IdentityTests(object): new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) self.assertRaises(exception.UserNotFound, self.identity_api.add_user_to_group, uuid.uuid4().hex, @@ -1783,11 +1810,12 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) self.identity_api.check_user_in_group(new_user['id'], new_group['id']) @@ -1797,7 +1825,8 @@ class IdentityTests(object): 'id': uuid.uuid4().hex, 'domain_id': CONF.identity.default_domain_id, 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) self.assertRaises(exception.UserNotFound, self.identity_api.check_user_in_group, uuid.uuid4().hex, @@ -1807,11 +1836,13 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, + new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) user_refs = self.identity_api.list_users_in_group(new_group['id']) @@ -1825,11 +1856,12 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) groups = self.identity_api.list_groups_for_user(new_user['id']) @@ -1844,10 +1876,11 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) self.assertRaises(exception.NotFound, self.identity_api.remove_user_from_group, new_user['id'], @@ -1868,7 +1901,7 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, group['id'], group) + self.identity_man.create_group(EMPTY_CONTEXT, group['id'], group) group_ref = self.identity_api.get_group(group['id']) self.assertDictContainsSubset(group, group_ref) @@ -1887,9 +1920,9 @@ class IdentityTests(object): 'name': uuid.uuid4().hex} group2 = {'id': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'name': group1['name']} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.assertRaises(exception.Conflict, - self.identity_man.create_group, {}, + self.identity_man.create_group, EMPTY_CONTEXT, group2['id'], group2) def test_create_duplicate_group_name_in_different_domains(self): @@ -1899,8 +1932,8 @@ class IdentityTests(object): 'name': uuid.uuid4().hex} group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': group1['name']} - self.identity_man.create_group({}, group1['id'], group1) - self.identity_man.create_group({}, group2['id'], group2) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group2['id'], group2) def test_move_group_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -1910,7 +1943,7 @@ class IdentityTests(object): group = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_group({}, group['id'], group) + self.identity_man.create_group(EMPTY_CONTEXT, group['id'], group) group['domain_id'] = domain2['id'] self.identity_api.update_group(group['id'], group) @@ -1923,13 +1956,13 @@ class IdentityTests(object): group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) # Now create a group in domain2 with a potentially clashing # name - which should work since we have domain separation group2 = {'id': uuid.uuid4().hex, 'name': group1['name'], 'domain_id': domain2['id']} - self.identity_man.create_group({}, group2['id'], group2) + self.identity_man.create_group(EMPTY_CONTEXT, group2['id'], group2) # Now try and move group1 into the 2nd domain - which should # fail since the names clash group1['domain_id'] = domain2['id'] @@ -1944,7 +1977,7 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain['id']} - self.identity_man.create_project({}, project['id'], project) + self.identity_man.create_project(EMPTY_CONTEXT, project['id'], project) project_ref = self.identity_api.get_project(project['id']) self.assertDictContainsSubset(project, project_ref) @@ -2003,7 +2036,7 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, 'domain_id': domain['id'], 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) user_projects = self.identity_api.list_user_projects(user1['id']) self.assertEquals(len(user_projects), 0) self.identity_api.create_grant(user_id=user1['id'], @@ -2371,9 +2404,11 @@ class CatalogTests(object): # delete self.catalog_api.delete_service(service_id) self.assertRaises(exception.ServiceNotFound, - self.catalog_man.delete_service, {}, service_id) + self.catalog_man.delete_service, + EMPTY_CONTEXT, service_id) self.assertRaises(exception.ServiceNotFound, - self.catalog_man.get_service, {}, service_id) + self.catalog_man.get_service, + EMPTY_CONTEXT, service_id) def test_delete_service_with_endpoint(self): # create a service @@ -2398,20 +2433,22 @@ class CatalogTests(object): # deleting the service should also delete the endpoint self.catalog_api.delete_service(service['id']) self.assertRaises(exception.EndpointNotFound, - self.catalog_man.get_endpoint, {}, endpoint['id']) + self.catalog_man.get_endpoint, + EMPTY_CONTEXT, endpoint['id']) self.assertRaises(exception.EndpointNotFound, - self.catalog_man.delete_endpoint, {}, endpoint['id']) + self.catalog_man.delete_endpoint, + EMPTY_CONTEXT, endpoint['id']) def test_get_service_404(self): self.assertRaises(exception.ServiceNotFound, self.catalog_man.get_service, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_delete_service_404(self): self.assertRaises(exception.ServiceNotFound, self.catalog_man.delete_service, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_create_endpoint_404(self): @@ -2421,20 +2458,20 @@ class CatalogTests(object): } self.assertRaises(exception.ServiceNotFound, self.catalog_man.create_endpoint, - {}, + EMPTY_CONTEXT, endpoint['id'], endpoint) def test_get_endpoint_404(self): self.assertRaises(exception.EndpointNotFound, self.catalog_man.get_endpoint, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_delete_endpoint_404(self): self.assertRaises(exception.EndpointNotFound, self.catalog_man.delete_endpoint, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_create_endpoint(self): @@ -2501,7 +2538,7 @@ class PolicyTests(object): # (cannot change policy ID) self.assertRaises(exception.ValidationError, self.policy_man.update_policy, - {}, + EMPTY_CONTEXT, orig['id'], ref) @@ -2515,27 +2552,29 @@ class PolicyTests(object): self.policy_api.delete_policy(ref['id']) self.assertRaises(exception.PolicyNotFound, - self.policy_man.delete_policy, {}, ref['id']) + self.policy_man.delete_policy, + EMPTY_CONTEXT, ref['id']) self.assertRaises(exception.PolicyNotFound, - self.policy_man.get_policy, {}, ref['id']) + self.policy_man.get_policy, + EMPTY_CONTEXT, ref['id']) res = self.policy_api.list_policies() self.assertFalse(len([x for x in res if x['id'] == ref['id']])) def test_get_policy_404(self): self.assertRaises(exception.PolicyNotFound, self.policy_man.get_policy, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_update_policy_404(self): self.assertRaises(exception.PolicyNotFound, self.policy_man.update_policy, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex, - {}) + EMPTY_CONTEXT) def test_delete_policy_404(self): self.assertRaises(exception.PolicyNotFound, self.policy_man.delete_policy, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index 61214002..5845dda7 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -624,7 +624,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): self.identity_man.create_user({}, user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=user['id'], tenant_id=self.tenant_baz['id'], password=user['password']) diff --git a/tests/test_content_types.py b/tests/test_content_types.py index e5bdc56a..d4cc1d81 100644 --- a/tests/test_content_types.py +++ b/tests/test_content_types.py @@ -214,23 +214,35 @@ class RestfulTestCase(test.TestCase): def admin_request(self, **kwargs): return self._request(app=self.admin_app, **kwargs) + def _get_token(self, body): + """Convenience method so that we can test authenticated requests.""" + r = self.public_request(method='POST', path='/v2.0/tokens', body=body) + return self._get_token_id(r) + + def get_unscoped_token(self): + """Convenience method so that we can test authenticated requests.""" + return self._get_token({ + 'auth': { + 'passwordCredentials': { + 'username': self.user_foo['name'], + 'password': self.user_foo['password'], + }, + }, + }) + def get_scoped_token(self, tenant_id=None): """Convenience method so that we can test authenticated requests.""" if not tenant_id: tenant_id = self.tenant_bar['id'] - r = self.public_request( - method='POST', - path='/v2.0/tokens', - body={ - 'auth': { - 'passwordCredentials': { - 'username': self.user_foo['name'], - 'password': self.user_foo['password'], - }, - 'tenantId': tenant_id, + return self._get_token({ + 'auth': { + 'passwordCredentials': { + 'username': self.user_foo['name'], + 'password': self.user_foo['password'], }, - }) - return self._get_token_id(r) + 'tenantId': tenant_id, + }, + }) def _get_token_id(self, r): """Helper method to return a token ID from a response. diff --git a/tests/test_import_legacy.py b/tests/test_import_legacy.py index 0c37e808..50bf22f9 100644 --- a/tests/test_import_legacy.py +++ b/tests/test_import_legacy.py @@ -25,6 +25,7 @@ from keystone.catalog.backends import templated as catalog_templated from keystone.common.sql import legacy from keystone.common.sql import util as sql_util from keystone import config +from keystone import identity from keystone.identity.backends import sql as identity_sql from keystone import test @@ -40,6 +41,7 @@ class ImportLegacy(test.TestCase): test.testsdir('backend_sql.conf'), test.testsdir('backend_sql_disk.conf')]) sql_util.setup_test_database() + self.identity_man = identity.Manager() self.identity_api = identity_sql.Identity() def tearDown(self): @@ -70,8 +72,8 @@ class ImportLegacy(test.TestCase): self.assertEquals(user_ref['enabled'], True) # check password hashing - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( - user_id=admin_id, password='secrete') + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=admin_id, password='secrete') # check catalog self._check_catalog(migration) @@ -87,8 +89,8 @@ class ImportLegacy(test.TestCase): self.assertEquals(user_ref['enabled'], True) # check password hashing - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( - user_id=admin_id, password='secrete') + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=admin_id, password='secrete') # check catalog self._check_catalog(migration) @@ -104,8 +106,8 @@ class ImportLegacy(test.TestCase): self.assertEquals(user_ref['enabled'], True) # check password hashing - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( - user_id=admin_id, password='secrete') + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=admin_id, password='secrete') # check catalog self._check_catalog(migration) diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py index 49e3bfc9..bd538700 100644 --- a/tests/test_keystoneclient.py +++ b/tests/test_keystoneclient.py @@ -482,6 +482,19 @@ class KeystoneClientTests(object): tenant_id='bar') self.assertEquals(user2.name, test_username) + def test_update_default_tenant_to_existing_value(self): + client = self.get_client(admin=True) + + user = client.users.create( + name=uuid.uuid4().hex, + password=uuid.uuid4().hex, + email=uuid.uuid4().hex, + tenant_id=self.tenant_bar['id']) + + # attempting to update the tenant with the existing value should work + user = client.users.update_tenant( + user=user, tenant=self.tenant_bar['id']) + def test_user_create_no_name(self): from keystoneclient import exceptions as client_exceptions client = self.get_client(admin=True) diff --git a/tests/test_migrate_nova_auth.py b/tests/test_migrate_nova_auth.py index 4e3e37b8..a4ad0fb4 100644 --- a/tests/test_migrate_nova_auth.py +++ b/tests/test_migrate_nova_auth.py @@ -20,6 +20,7 @@ from keystone.common.sql import nova from keystone.common.sql import util as sql_util from keystone import config from keystone.contrib.ec2.backends import sql as ec2_sql +from keystone import identity from keystone.identity.backends import sql as identity_sql from keystone import test @@ -74,6 +75,7 @@ class MigrateNovaAuth(test.TestCase): test.testsdir('backend_sql.conf'), test.testsdir('backend_sql_disk.conf')]) sql_util.setup_test_database() + self.identity_man = identity.Manager() self.identity_api = identity_sql.Identity() self.ec2_api = ec2_sql.Ec2() @@ -118,7 +120,8 @@ class MigrateNovaAuth(test.TestCase): for _user in FIXTURE['users']: if _user['id'] == old_user: password = _user['password'] - self.identity_api.authenticate(user['id'], tenant_id, password) + self.identity_man.authenticate({}, user['id'], + tenant_id, password) for ec2_cred in FIXTURE['ec2_credentials']: user_id = users[ec2_cred['user_id']]['id'] diff --git a/tests/test_v3_auth.py b/tests/test_v3_auth.py index c9d1edfb..a2bee8b8 100644 --- a/tests/test_v3_auth.py +++ b/tests/test_v3_auth.py @@ -490,6 +490,48 @@ class TestTokenRevoking(test_v3.RestfulTestCase): group_id=self.group1['id'], project_id=self.projectA['id']) + def test_unscoped_token_remains_valid_after_role_assignment(self): + r = self.post( + '/auth/tokens', + body=self.build_authentication_request( + user_id=self.user1['id'], + password=self.user1['password'])) + unscoped_token = r.headers.get('X-Subject-Token') + + r = self.post( + '/auth/tokens', + body=self.build_authentication_request( + token=unscoped_token, + project_id=self.projectA['id'])) + scoped_token = r.headers.get('X-Subject-Token') + + # confirm both tokens are valid + self.head('/auth/tokens', + headers={'X-Subject-Token': unscoped_token}, + expected_status=204) + self.head('/auth/tokens', + headers={'X-Subject-Token': scoped_token}, + expected_status=204) + + # create a new role + role = self.new_role_ref() + self.identity_api.create_role(role['id'], role) + + # assign a new role + self.put( + '/projects/%(project_id)s/users/%(user_id)s/roles/%(role_id)s' % { + 'project_id': self.projectA['id'], + 'user_id': self.user1['id'], + 'role_id': role['id']}) + + # both tokens should remain valid + self.head('/auth/tokens', + headers={'X-Subject-Token': unscoped_token}, + expected_status=204) + self.head('/auth/tokens', + headers={'X-Subject-Token': scoped_token}, + expected_status=204) + def test_deleting_user_grant_revokes_token(self): """Test deleting a user grant revokes token. @@ -521,13 +563,13 @@ class TestTokenRevoking(test_v3.RestfulTestCase): headers={'X-Subject-Token': token}, expected_status=401) - def test_creating_user_grant_revokes_token(self): - """Test creating a user grant revokes token. + def test_domain_user_role_assignment_maintains_token(self): + """Test user-domain role assignment maintains existing token. Test Plan: - Get a token for user1, scoped to ProjectA - Create a grant for user1 on DomainB - - Check token is no longer valid + - Check token is still valid """ auth_data = self.build_authentication_request( @@ -540,7 +582,7 @@ class TestTokenRevoking(test_v3.RestfulTestCase): self.head('/auth/tokens', headers={'X-Subject-Token': token}, expected_status=204) - # Delete the grant, which should invalidate the token + # Assign a role, which should not affect the token grant_url = ( '/domains/%(domain_id)s/users/%(user_id)s/' 'roles/%(role_id)s' % { @@ -550,7 +592,7 @@ class TestTokenRevoking(test_v3.RestfulTestCase): self.put(grant_url) self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=401) + expected_status=204) def test_deleting_group_grant_revokes_tokens(self): """Test deleting a group grant revokes tokens. @@ -613,13 +655,13 @@ class TestTokenRevoking(test_v3.RestfulTestCase): headers={'X-Subject-Token': token3}, expected_status=204) - def test_creating_group_grant_revokes_token(self): - """Test creating a group grant revokes token. + def test_domain_group_role_assignment_maintains_token(self): + """Test domain-group role assignment maintains existing token. Test Plan: - Get a token for user1, scoped to ProjectA - Create a grant for group1 on DomainB - - Check token is no longer valid + - Check token is still longer valid """ auth_data = self.build_authentication_request( @@ -642,7 +684,7 @@ class TestTokenRevoking(test_v3.RestfulTestCase): self.put(grant_url) self.head('/auth/tokens', headers={'X-Subject-Token': token}, - expected_status=401) + expected_status=204) def test_group_membership_changes_revokes_token(self): """Test add/removal to/from group revokes token. |