summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.opendev.org>2020-06-02 17:31:32 +0000
committerGerrit Code Review <review@openstack.org>2020-06-02 17:31:32 +0000
commitb2c236304f1969be84f5ec449bdf8df589c150c4 (patch)
tree41db6d1645fc84725291ede2a67442910cad483a
parent591fb3c8fc8b673deb7ec5d9ec7a36312da08501 (diff)
parent7653847a04e56555b8d172a3d5c76a95533cdec7 (diff)
downloadkeystone-b2c236304f1969be84f5ec449bdf8df589c150c4.tar.gz
Merge "Ensure OAuth1 authorized roles are respected" into stable/pike
Diffstat
-rw-r--r--keystone/tests/unit/test_v3_oauth1.py13
1 files changed, 13 insertions, 0 deletions
diff --git a/keystone/tests/unit/test_v3_oauth1.py b/keystone/tests/unit/test_v3_oauth1.py
index b5cb5025a..62c5c6458 100644
--- a/keystone/tests/unit/test_v3_oauth1.py
+++ b/keystone/tests/unit/test_v3_oauth1.py
@@ -309,6 +309,19 @@ class OAuthFlowTests(OAuth1Tests):
self.keystone_token = content.result['token']
self.assertIsNotNone(self.keystone_token_id)
+ # add a new role assignment to ensure it is ignored in the access token
+ new_role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
+ self.role_api.create_role(new_role['id'], new_role)
+ self.assignment_api.add_role_to_user_and_project(
+ user_id=self.user_id,
+ tenant_id=self.project_id,
+ role_id=new_role['id'])
+ content = self.post(url, headers=headers, body=body)
+ token = content.result['token']
+ token_roles = [r['id'] for r in token['roles']]
+ self.assertIn(self.role_id, token_roles)
+ self.assertNotIn(new_role['id'], token_roles)
+
class AccessTokenCRUDTests(OAuthFlowTests):
def test_delete_access_token_dne(self):
View Lorry Controller Status