"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/protection/v3/test_tokens.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_tokens.py  (keystone-16.0.1):test_tokens.py  (keystone-17.0.0)
skipping to change at line 15 skipping to change at line 15
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import uuid import uuid
from six.moves import http_client import http.client
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone.tests.common import auth as common_auth from keystone.tests.common import auth as common_auth
from keystone.tests import unit from keystone.tests import unit
from keystone.tests.unit import base_classes from keystone.tests.unit import base_classes
from keystone.tests.unit import ksfixtures from keystone.tests.unit import ksfixtures
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs PROVIDERS = provider_api.ProviderAPIs
skipping to change at line 126 skipping to change at line 126
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=system_auth) r = c.post('/v3/auth/tokens', json=system_auth)
system_token = r.headers['X-Subject-Token'] system_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = system_token self.headers['X-Subject-Token'] = system_token
c.delete( c.delete(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_a_domain_scoped_token(self): def test_user_cannot_revoke_a_domain_scoped_token(self):
domain = PROVIDERS.resource_api.create_domain( domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref() uuid.uuid4().hex, unit.new_domain_ref()
) )
user = unit.new_user_ref(domain_id=domain['id']) user = unit.new_user_ref(domain_id=domain['id'])
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
skipping to change at line 155 skipping to change at line 155
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=domain_auth) r = c.post('/v3/auth/tokens', json=domain_auth)
domain_token = r.headers['X-Subject-Token'] domain_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = domain_token self.headers['X-Subject-Token'] = domain_token
c.delete( c.delete(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_a_project_scoped_token(self): def test_user_cannot_revoke_a_project_scoped_token(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
skipping to change at line 185 skipping to change at line 185
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=project_auth) r = c.post('/v3/auth/tokens', json=project_auth)
project_token = r.headers['X-Subject-Token'] project_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = project_token self.headers['X-Subject-Token'] = project_token
c.delete( c.delete(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class SystemReaderTests(base_classes.TestCaseWithBootstrap, class SystemReaderTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_SystemUserTokenTests, _SystemUserTokenTests,
_SystemMemberAndReaderTokenTests): _SystemMemberAndReaderTokenTests):
def setUp(self): def setUp(self):
super(SystemReaderTests, self).setUp() super(SystemReaderTests, self).setUp()
self.loadapp() self.loadapp()
skipping to change at line 385 skipping to change at line 385
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=system_auth) r = c.post('/v3/auth/tokens', json=system_auth)
system_token = r.headers['X-Subject-Token'] system_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = system_token self.headers['X-Subject-Token'] = system_token
c.get( c.get(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_system_scoped_token(self): def test_user_cannot_revoke_system_scoped_token(self):
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
PROVIDERS.assignment_api.create_system_grant_for_user( PROVIDERS.assignment_api.create_system_grant_for_user(
user['id'], self.bootstrapper.reader_role_id user['id'], self.bootstrapper.reader_role_id
) )
skipping to change at line 409 skipping to change at line 409
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=system_auth) r = c.post('/v3/auth/tokens', json=system_auth)
system_token = r.headers['X-Subject-Token'] system_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = system_token self.headers['X-Subject-Token'] = system_token
c.delete( c.delete(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_validate_domain_scoped_token(self): def test_user_cannot_validate_domain_scoped_token(self):
domain = PROVIDERS.resource_api.create_domain( domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref() uuid.uuid4().hex, unit.new_domain_ref()
) )
user = unit.new_user_ref(domain_id=domain['id']) user = unit.new_user_ref(domain_id=domain['id'])
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
skipping to change at line 438 skipping to change at line 438
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=domain_auth) r = c.post('/v3/auth/tokens', json=domain_auth)
domain_token = r.headers['X-Subject-Token'] domain_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = domain_token self.headers['X-Subject-Token'] = domain_token
c.get( c.get(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_domain_scoped_token(self): def test_user_cannot_revoke_domain_scoped_token(self):
domain = PROVIDERS.resource_api.create_domain( domain = PROVIDERS.resource_api.create_domain(
uuid.uuid4().hex, unit.new_domain_ref() uuid.uuid4().hex, unit.new_domain_ref()
) )
user = unit.new_user_ref(domain_id=domain['id']) user = unit.new_user_ref(domain_id=domain['id'])
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
skipping to change at line 467 skipping to change at line 467
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=domain_auth) r = c.post('/v3/auth/tokens', json=domain_auth)
domain_token = r.headers['X-Subject-Token'] domain_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = domain_token self.headers['X-Subject-Token'] = domain_token
c.delete( c.delete(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_validate_project_scoped_token(self): def test_user_cannot_validate_project_scoped_token(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
skipping to change at line 497 skipping to change at line 497
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=project_auth) r = c.post('/v3/auth/tokens', json=project_auth)
project_token = r.headers['X-Subject-Token'] project_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = project_token self.headers['X-Subject-Token'] = project_token
c.get( c.get(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
def test_user_cannot_revoke_project_scoped_token(self): def test_user_cannot_revoke_project_scoped_token(self):
project = PROVIDERS.resource_api.create_project( project = PROVIDERS.resource_api.create_project(
uuid.uuid4().hex, uuid.uuid4().hex,
unit.new_project_ref(domain_id=CONF.identity.default_domain_id) unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
) )
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user['id'] = PROVIDERS.identity_api.create_user(user)['id'] user['id'] = PROVIDERS.identity_api.create_user(user)['id']
skipping to change at line 527 skipping to change at line 527
) )
with self.test_client() as c: with self.test_client() as c:
r = c.post('/v3/auth/tokens', json=project_auth) r = c.post('/v3/auth/tokens', json=project_auth)
project_token = r.headers['X-Subject-Token'] project_token = r.headers['X-Subject-Token']
with self.test_client() as c: with self.test_client() as c:
self.headers['X-Subject-Token'] = project_token self.headers['X-Subject-Token'] = project_token
c.delete( c.delete(
'/v3/auth/tokens', headers=self.headers, '/v3/auth/tokens', headers=self.headers,
expected_status_code=http_client.FORBIDDEN expected_status_code=http.client.FORBIDDEN
) )
class DomainUserTests(base_classes.TestCaseWithBootstrap, class DomainUserTests(base_classes.TestCaseWithBootstrap,
common_auth.AuthTestMixin, common_auth.AuthTestMixin,
_DomainAndProjectUserTests): _DomainAndProjectUserTests):
def setUp(self): def setUp(self):
super(DomainUserTests, self).setUp() super(DomainUserTests, self).setUp()
self.loadapp() self.loadapp()
self.useFixture(ksfixtures.Policy(self.config_fixture)) self.useFixture(ksfixtures.Policy(self.config_fixture))
 End of changes. 10 change blocks. 
10 lines changed or deleted 10 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)