Remove unnecessary revocation events revoke grant
With [1], we no longer need revoke_by_grant callback. It isn't being used anywhere and token providers rebuild tokens at validation time. [1]: https://review.openstack.org/#/c/447562/ Change-Id: I4e7e2f29d3db0eb8486173d4fb9134d61aab6dab partial-bug: 1671887
This commit is contained in:
parent
890b1d4325
commit
07966bbee4
|
@ -150,14 +150,6 @@ class Manager(manager.Manager):
|
|||
domain_id=domain_id,
|
||||
project_id=project_id))
|
||||
|
||||
def revoke_by_grant(self, role_id, user_id=None,
|
||||
domain_id=None, project_id=None):
|
||||
self.revoke(
|
||||
revoke_model.RevokeEvent(user_id=user_id,
|
||||
role_id=role_id,
|
||||
domain_id=domain_id,
|
||||
project_id=project_id))
|
||||
|
||||
def revoke_by_user_and_project(self, user_id, project_id):
|
||||
self.revoke(
|
||||
revoke_model.RevokeEvent(project_id=project_id, user_id=user_id))
|
||||
|
|
|
@ -417,76 +417,6 @@ class RevokeTests(object):
|
|||
token2['audit_chain_id'] = token2['audit_id']
|
||||
self._assertTokenNotRevoked(None, token2)
|
||||
|
||||
def test_by_project_grant(self):
|
||||
user_ids, project_ids, role_ids, project_tokens = _sample_data()
|
||||
token1 = _sample_blank_token()
|
||||
token1['roles'] = role_ids[0]
|
||||
token1['user_id'] = user_ids[0]
|
||||
token1['project_id'] = project_ids[0]
|
||||
|
||||
token2 = _sample_blank_token()
|
||||
token2['roles'] = role_ids[1]
|
||||
token2['user_id'] = user_ids[1]
|
||||
token2['project_id'] = project_ids[1]
|
||||
|
||||
token3 = _sample_blank_token()
|
||||
token3['roles'] = [role_ids[0],
|
||||
role_ids[1],
|
||||
role_ids[2]]
|
||||
token3['user_id'] = user_ids[2]
|
||||
token3['project_id'] = project_ids[2]
|
||||
|
||||
# Check that all tokens are revoked at the start
|
||||
self._assertTokenNotRevoked(None, token1)
|
||||
self._assertTokenNotRevoked(None, token2)
|
||||
self._assertTokenNotRevoked(None, token3)
|
||||
for token in project_tokens:
|
||||
self._assertTokenNotRevoked(None, token)
|
||||
|
||||
self.revoke_api.revoke_by_grant(role_id=role_ids[0],
|
||||
user_id=user_ids[0],
|
||||
project_id=project_ids[0])
|
||||
|
||||
# Only the first token should be revoked
|
||||
self._assertTokenRevoked(None, token1)
|
||||
self._assertTokenNotRevoked(None, token2)
|
||||
self._assertTokenNotRevoked(None, token3)
|
||||
for token in project_tokens:
|
||||
self._assertTokenNotRevoked(None, token)
|
||||
|
||||
self.revoke_api.revoke_by_grant(role_id=role_ids[1],
|
||||
user_id=user_ids[1],
|
||||
project_id=project_ids[1])
|
||||
|
||||
# Tokens 1 and 2 should be revoked now
|
||||
self._assertTokenRevoked(None, token1)
|
||||
self._assertTokenRevoked(None, token2)
|
||||
self._assertTokenNotRevoked(None, token3)
|
||||
for token in project_tokens:
|
||||
self._assertTokenNotRevoked(None, token)
|
||||
|
||||
# test that multiple roles with a single user and project get revoked
|
||||
# and invalidate token3
|
||||
self.revoke_api.revoke_by_grant(role_id=role_ids[0],
|
||||
user_id=user_ids[2],
|
||||
project_id=project_ids[2])
|
||||
|
||||
self.revoke_api.revoke_by_grant(role_id=role_ids[1],
|
||||
user_id=user_ids[2],
|
||||
project_id=project_ids[2])
|
||||
|
||||
self.revoke_api.revoke_by_grant(role_id=role_ids[2],
|
||||
user_id=user_ids[2],
|
||||
project_id=project_ids[2])
|
||||
|
||||
# Tokens 1, 2, and 3 should now be revoked leaving project_tokens
|
||||
# unrevoked.
|
||||
self._assertTokenRevoked(None, token1)
|
||||
self._assertTokenRevoked(None, token2)
|
||||
self._assertTokenRevoked(None, token3)
|
||||
for token in project_tokens:
|
||||
self._assertTokenNotRevoked(None, token)
|
||||
|
||||
@mock.patch.object(timeutils, 'utcnow')
|
||||
def test_expired_events_are_removed(self, mock_utcnow):
|
||||
def _sample_token_values():
|
||||
|
|
Loading…
Reference in New Issue