diff options
author | Zuul <zuul@review.opendev.org> | 2020-06-02 17:31:32 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2020-06-02 17:31:32 +0000 |
commit | b2c236304f1969be84f5ec449bdf8df589c150c4 (patch) | |
tree | 41db6d1645fc84725291ede2a67442910cad483a | |
parent | 591fb3c8fc8b673deb7ec5d9ec7a36312da08501 (diff) | |
parent | 7653847a04e56555b8d172a3d5c76a95533cdec7 (diff) | |
download | keystone-b2c236304f1969be84f5ec449bdf8df589c150c4.tar.gz |
Merge "Ensure OAuth1 authorized roles are respected" into stable/pike
-rw-r--r-- | keystone/tests/unit/test_v3_oauth1.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/keystone/tests/unit/test_v3_oauth1.py b/keystone/tests/unit/test_v3_oauth1.py index b5cb5025a..62c5c6458 100644 --- a/keystone/tests/unit/test_v3_oauth1.py +++ b/keystone/tests/unit/test_v3_oauth1.py @@ -309,6 +309,19 @@ class OAuthFlowTests(OAuth1Tests): self.keystone_token = content.result['token'] self.assertIsNotNone(self.keystone_token_id) + # add a new role assignment to ensure it is ignored in the access token + new_role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} + self.role_api.create_role(new_role['id'], new_role) + self.assignment_api.add_role_to_user_and_project( + user_id=self.user_id, + tenant_id=self.project_id, + role_id=new_role['id']) + content = self.post(url, headers=headers, body=body) + token = content.result['token'] + token_roles = [r['id'] for r in token['roles']] + self.assertIn(self.role_id, token_roles) + self.assertNotIn(new_role['id'], token_roles) + class AccessTokenCRUDTests(OAuthFlowTests): def test_delete_access_token_dne(self): |