diff options
Diffstat (limited to 'keystone/tests/unit/test_v3_application_credential.py')
-rw-r--r-- | keystone/tests/unit/test_v3_application_credential.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/keystone/tests/unit/test_v3_application_credential.py b/keystone/tests/unit/test_v3_application_credential.py index 4e8899e56..017031873 100644 --- a/keystone/tests/unit/test_v3_application_credential.py +++ b/keystone/tests/unit/test_v3_application_credential.py @@ -166,6 +166,37 @@ class ApplicationCredentialTestCase(test_v3.RestfulTestCase): expected_status_code=http_client.FORBIDDEN, headers={'X-Auth-Token': token}) + def test_create_application_credential_with_trust(self): + second_role = unit.new_role_ref(name='reader') + PROVIDERS.role_api.create_role(second_role['id'], second_role) + PROVIDERS.assignment_api.add_role_to_user_and_project( + self.user_id, self.project_id, second_role['id']) + with self.test_client() as c: + pw_token = self.get_scoped_token() + # create a self-trust - only the roles are important for this test + trust_ref = unit.new_trust_ref( + trustor_user_id=self.user_id, + trustee_user_id=self.user_id, + project_id=self.project_id, + role_ids=[second_role['id']]) + resp = c.post('/v3/OS-TRUST/trusts', + headers={'X-Auth-Token': pw_token}, + json={'trust': trust_ref}) + trust_id = resp.json['trust']['id'] + trust_auth = self.build_authentication_request( + user_id=self.user_id, + password=self.user['password'], + trust_id=trust_id) + trust_token = self.v3_create_token( + trust_auth).headers['X-Subject-Token'] + app_cred = self._app_cred_body(roles=[{'id': self.role_id}]) + # only the roles from the trust token should be allowed, even if + # the user has the role assigned on the project + c.post('/v3/users/%s/application_credentials' % self.user_id, + headers={'X-Auth-Token': trust_token}, + json=app_cred, + expected_status_code=http_client.BAD_REQUEST) + def test_create_application_credential_allow_recursion(self): with self.test_client() as c: roles = [{'id': self.role_id}] |