"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_application_credential.py" between
keystone-16.0.1.tar.gz and keystone-16.0.2.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Train" series (maintained release).

test_application_credential.py  (keystone-16.0.1):test_application_credential.py  (keystone-16.0.2)
skipping to change at line 414 skipping to change at line 414
with self.test_client() as c: with self.test_client() as c:
c.post( c.post(
'/v3/users/%s/application_credentials' % self.user_id, '/v3/users/%s/application_credentials' % self.user_id,
json=app_cred_body, json=app_cred_body,
expected_status_code=http_client.CREATED, expected_status_code=http_client.CREATED,
headers=self.headers) headers=self.headers)
def test_owner_can_delete_application_credential(self): def test_owner_can_delete_application_credential(self):
self._test_delete_application_credential() self._test_delete_application_credential()
def test_user_cannot_lookup_application_credential_for_another_user(self):
# create another user
another_user = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
another_user_id = PROVIDERS.identity_api.create_user(
another_user
)['id']
auth = self.build_authentication_request(
user_id=another_user_id,
password=another_user['password']
)
# authenticate for a token as a completely different user with
# completely different authorization
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
another_user_token = r.headers['X-Subject-Token']
# create an application credential as the self.user_id user on a
# project that the user above doesn't have any authorization on
app_cred = self._create_application_credential()
# attempt to lookup the application credential as another user
with self.test_client() as c:
c.get(
'/v3/users/%s/application_credentials/%s' % (
another_user_id,
app_cred['id']),
expected_status_code=http_client.FORBIDDEN,
headers={'X-Auth-Token': another_user_token})
def test_user_cannot_delete_application_credential_for_another_user(self):
# create another user
another_user = unit.new_user_ref(
domain_id=CONF.identity.default_domain_id
)
another_user_id = PROVIDERS.identity_api.create_user(
another_user
)['id']
auth = self.build_authentication_request(
user_id=another_user_id,
password=another_user['password']
)
# authenticate for a token as a completely different user with
# completely different authorization
with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=auth)
another_user_token = r.headers['X-Subject-Token']
# create an application credential as the self.user_id user on a
# project that the user above doesn't have any authorization on
app_cred = self._create_application_credential()
# attempt to delete the application credential as another user
with self.test_client() as c:
c.delete(
'/v3/users/%s/application_credentials/%s' % (
another_user_id,
app_cred['id']),
expected_status_code=http_client.FORBIDDEN,
headers={'X-Auth-Token': another_user_token})
class DomainAdminTests(_TestAppCredBase, class DomainAdminTests(_TestAppCredBase,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_DomainAndProjectUserTests): _DomainAndProjectUserTests):
def setUp(self): def setUp(self):
super(DomainAdminTests, self).setUp() super(DomainAdminTests, self).setUp()
self.loadapp() self.loadapp()
self.policy_file = self.useFixture(temporaryfile.SecureTempFile()) self.policy_file = self.useFixture(temporaryfile.SecureTempFile())
self.policy_file_name = self.policy_file.file_name self.policy_file_name = self.policy_file.file_name
 End of changes. 1 change blocks. 
0 lines changed or deleted 66 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)