Merge "Make system tokens work with domain-specific drivers"

This commit is contained in:
Zuul 2019-09-18 10:22:23 +00:00 committed by Gerrit Code Review
commit 0c8965eed6
3 changed files with 27 additions and 0 deletions

View File

@ -935,6 +935,8 @@ class ResourceBase(flask_restful.Resource):
return token_ref.domain_id
elif token_ref.project_scoped:
return token_ref.project_domain['id']
elif token_ref.system_scoped:
return
else:
msg = 'No domain information specified as part of list request'
tr_msg = _('No domain information specified as part of list '

View File

@ -2614,6 +2614,22 @@ class TokenAPITests(object):
allow_expired=True,
expected_status=http_client.NOT_FOUND)
def test_system_scoped_token_works_with_domain_specific_drivers(self):
self.config_fixture.config(
group='identity', domain_specific_drivers_enabled=True
)
PROVIDERS.assignment_api.create_system_grant_for_user(
self.user['id'], self.role['id']
)
token_id = self.get_system_scoped_token()
headers = {'X-Auth-Token': token_id}
app = self.loadapp()
with app.test_client() as c:
c.get('/v3/users', headers=headers)
class TokenDataTests(object):
"""Test the data in specific token types."""

View File

@ -0,0 +1,9 @@
---
fixes:
- |
[`bug 1843609 <https://bugs.launchpad.net/keystone/+bug/1843609>`]
Fixed an issue where system-scoped tokens couldn't be used to list users
and groups (e.g., GET /v3/users or GET /v3/groups) if ``keystone.conf
[identity] domain_specific_drivers_enabled=True`` and the API would
return an ``HTTP 401 Unauthorized``. These APIs now recognize
system-scoped tokens when using domain-specific drivers.