"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_tokens.py" between
keystone-16.0.0.tar.gz and keystone-16.0.1.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Train" series (latest release).

test_tokens.py  (keystone-16.0.0):test_tokens.py  (keystone-16.0.1)
skipping to change at line 359 skipping to change at line 359
self.headers['X-Subject-Token'] = project_token self.headers['X-Subject-Token'] = project_token
c.delete('/v3/auth/tokens', headers=self.headers) c.delete('/v3/auth/tokens', headers=self.headers)
class _DomainAndProjectUserTests(object): class _DomainAndProjectUserTests(object):
def test_user_can_validate_their_own_tokens(self): def test_user_can_validate_their_own_tokens(self):
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = self.token_id self.headers['X-Subject-Token'] = self.token_id
c.get('/v3/auth/tokens', headers=self.headers) c.get('/v3/auth/tokens', headers=self.headers)
def test_user_can_revoke_their_own_tokens(self):
with self.test_client() as c:
self.headers['X-Subject-Token'] = self.token_id
c.delete('/v3/auth/tokens', headers=self.headers)
def test_user_cannot_validate_system_scoped_token(self): def test_user_cannot_validate_system_scoped_token(self):
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
PROVIDERS.assignment_api.create_system_grant_for_user( PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.reader_role_id user['id'], self.bootstrapper.reader_role_id
) )
system_auth = self.build_authentication_request( system_auth = self.build_authentication_request(
user_id=user['id'], password=user['password'], user_id=user['id'], password=user['password'],
skipping to change at line 383 skipping to change at line 388
r = c.post('/v3/auth/tokens', json=system_auth) r = c.post('/v3/auth/tokens', json=system_auth)
system_token = r.headers['X-Subject-Token'] system_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = system_token self.headers['X-Subject-Token'] = system_token
c.get( c.get(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http_client.FORBIDDEN
) )
def test_user_cannot_revoke_system_scoped_token(self):
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id']
PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.reader_role_id
)
system_auth = self.build_authentication_request(
user_id=user['id'], password=user['password'],
system=True
)
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=system_auth)
system_token = r.headers['X-Subject-Token']
with self.test_client() as c:
self.headers['X-Subject-Token'] = system_token
c.delete(
'/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_validate_domain_scoped_token(self): def test_user_cannot_validate_domain_scoped_token(self):
domain = PROVIDERS.resource_api.create_domain( domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref() uuid.uuid4().hex, unit.new_domain_ref()
) )
user = unit.new_user_ref(domain_id=domain['id']) user = unit.new_user_ref(domain_id=domain['id'])
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
PROVIDERS.assignment_api.create_grant( PROVIDERS.assignment_api.create_grant(
self.bootstrapper.reader_role_id, user_id=user['id'], self.bootstrapper.reader_role_id, user_id=user['id'],
skipping to change at line 411 skipping to change at line 440
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=domain_auth) r = c.post('/v3/auth/tokens', json=domain_auth)
domain_token = r.headers['X-Subject-Token'] domain_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = domain_token self.headers['X-Subject-Token'] = domain_token
c.get( c.get(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http_client.FORBIDDEN
) )
pass
def test_user_cannot_revoke_domain_scoped_token(self):
domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref()
)
user = unit.new_user_ref(domain_id=domain['id'])
user['id'] = PROVIDERS.identity_api.create_user(user)['id']
PROVIDERS.assignment_api.create_grant(
self.bootstrapper.reader_role_id, user_id=user['id'],
domain_id=domain['id']
)
domain_auth = self.build_authentication_request(
user_id=user['id'], password=user['password'],
domain_id=domain['id']
)
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=domain_auth)
domain_token = r.headers['X-Subject-Token']
with self.test_client() as c:
self.headers['X-Subject-Token'] = domain_token
c.delete(
'/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
def test_user_cannot_validate_project_scoped_token(self): def test_user_cannot_validate_project_scoped_token(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
skipping to change at line 443 skipping to change at line 500
r = c.post('/v3/auth/tokens', json=project_auth) r = c.post('/v3/auth/tokens', json=project_auth)
project_token = r.headers['X-Subject-Token'] project_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = project_token self.headers['X-Subject-Token'] = project_token
c.get( c.get(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http_client.FORBIDDEN
) )
def test_user_cannot_revoke_project_scoped_token(self):
project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
)
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id']
PROVIDERS.assignment_api.create_grant(
self.bootstrapper.reader_role_id, user_id=user['id'],
project_id=project['id']
)
project_auth = self.build_authentication_request(
user_id=user['id'], password=user['password'],
project_id=project['id']
)
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=project_auth)
project_token = r.headers['X-Subject-Token']
with self.test_client() as c:
self.headers['X-Subject-Token'] = project_token
c.delete(
'/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN
)
class DomainUserTests(base_classes.TestCaseWithBootstrap, class DomainUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_DomainAndProjectUserTests): _DomainAndProjectUserTests):
def setUp(self): def setUp(self):
super(DomainUserTests, self).setUp() super(DomainUserTests, self).setUp()
self.loadapp() self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture)) self.useFixture(ksfixtures.Policy(self.config_fixture))
self.config_fixture.config(group='oslo_policy', enforce_scope=True) self.config_fixture.config(group='oslo_policy', enforce_scope=True)
 End of changes. 4 change blocks. 
1 lines changed or deleted 88 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)