Build domain scope for Fernet tokens

This commit makes sure we pass domain_id to get_token_data() for the V3TokenDataHelper object. Previously, we weren't passing domain_id which caused missing data in validation responses for domain-scoped tokens. Change-Id: Ie810ba5d778c2186f699aae5f87ea0ff783e0bf9 Closes-Bug: 1430433
2015-03-13 19:29:25 +00:00 · 2015-03-13 19:29:25 +00:00 · d1773114ee
parent 55d940c70b
commit d1773114ee
2 changed files with 13 additions and 0 deletions
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -4200,6 +4200,18 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase,
        project_scoped_token = self._get_project_scoped_token()
        self._validate_token(project_scoped_token)

+    def test_validate_domain_scoped_token(self):
+        # Grant user access to domain
+        self.assignment_api.create_grant(self.role['id'],
+                                         user_id=self.user['id'],
+                                         domain_id=self.domain['id'])
+        domain_scoped_token = self._get_domain_scoped_token()
+        resp = self._validate_token(domain_scoped_token)
+        resp_json = json.loads(resp.body)
+        self.assertIsNotNone(resp_json['token']['catalog'])
+        self.assertIsNotNone(resp_json['token']['roles'])
+        self.assertIsNotNone(resp_json['token']['domain'])
+
    def test_validate_tampered_project_scoped_token_fails(self):
        project_scoped_token = self._get_project_scoped_token()
        tampered_token = (project_scoped_token[:50] + uuid.uuid4().hex +
--- a/keystone/token/providers/fernet/core.py
+++ b/keystone/token/providers/fernet/core.py
@ -175,6 +175,7 @@ class Provider(common.BaseProvider):
        return self.v3_token_data_helper.get_token_data(
            user_id,
            method_names=methods,
+            domain_id=domain_id,
            project_id=project_id,
            issued_at=created_at,
            expires=expires_at,