From 630342aba32a8f94205e2fa1565138696715322c Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Tue, 13 Jun 2017 15:56:50 +0000
Subject: [PATCH] Ensure oauth API supports HEAD

This commit makes it so all oauth GET APIs also support HEAD.

Change-Id: Ie0eebfa662de850856ecb92c2aba61af41b6c8f6
Partial-Bug: 1696574
---
 keystone/oauth1/routers.py            | 12 ++---
 keystone/tests/unit/test_v3_oauth1.py | 66 +++++++++++++++++++--------
 2 files changed, 54 insertions(+), 24 deletions(-)

diff --git a/keystone/oauth1/routers.py b/keystone/oauth1/routers.py
index 0575b1076b..c7e1f55c41 100644
--- a/keystone/oauth1/routers.py
+++ b/keystone/oauth1/routers.py
@@ -73,13 +73,13 @@ class Routers(wsgi.RoutersBase):
         self._add_resource(
             mapper, consumer_controller,
             path='/OS-OAUTH1/consumers',
-            get_action='list_consumers',
+            get_head_action='list_consumers',
             post_action='create_consumer',
             rel=build_resource_relation(resource_name='consumers'))
         self._add_resource(
             mapper, consumer_controller,
             path='/OS-OAUTH1/consumers/{consumer_id}',
-            get_action='get_consumer',
+            get_head_action='get_consumer',
             patch_action='update_consumer',
             delete_action='delete_consumer',
             rel=build_resource_relation(resource_name='consumer'),
@@ -92,7 +92,7 @@ class Routers(wsgi.RoutersBase):
         self._add_resource(
             mapper, access_token_controller,
             path='/users/{user_id}/OS-OAUTH1/access_tokens',
-            get_action='list_access_tokens',
+            get_head_action='list_access_tokens',
             rel=build_resource_relation(resource_name='user_access_tokens'),
             path_vars={
                 'user_id': json_home.Parameters.USER_ID,
@@ -100,7 +100,7 @@ class Routers(wsgi.RoutersBase):
         self._add_resource(
             mapper, access_token_controller,
             path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}',
-            get_action='get_access_token',
+            get_head_action='get_access_token',
             delete_action='delete_access_token',
             rel=build_resource_relation(resource_name='user_access_token'),
             path_vars={
@@ -111,7 +111,7 @@ class Routers(wsgi.RoutersBase):
             mapper, access_token_roles_controller,
             path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
             'roles',
-            get_action='list_access_token_roles',
+            get_head_action='list_access_token_roles',
             rel=build_resource_relation(
                 resource_name='user_access_token_roles'),
             path_vars={
@@ -122,7 +122,7 @@ class Routers(wsgi.RoutersBase):
             mapper, access_token_roles_controller,
             path='/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/'
             'roles/{role_id}',
-            get_action='get_access_token_role',
+            get_head_action='get_access_token_role',
             rel=build_resource_relation(
                 resource_name='user_access_token_role'),
             path_vars={
diff --git a/keystone/tests/unit/test_v3_oauth1.py b/keystone/tests/unit/test_v3_oauth1.py
index a33789e038..b5cb5025ae 100644
--- a/keystone/tests/unit/test_v3_oauth1.py
+++ b/keystone/tests/unit/test_v3_oauth1.py
@@ -157,16 +157,19 @@ class ConsumerCRUDTests(OAuth1Tests):
         resp = self.delete(self.CONSUMER_URL + '/%s' % consumer_id)
         self.assertResponseStatus(resp, http_client.NO_CONTENT)
 
-    def test_consumer_get(self):
+    def test_consumer_get_head(self):
         consumer = self._create_single_consumer()
         consumer_id = consumer['id']
-        resp = self.get(self.CONSUMER_URL + '/%s' % consumer_id)
+        url = self.CONSUMER_URL + '/%s' % consumer_id
+        resp = self.get(url)
         self_url = ['http://localhost/v3', self.CONSUMER_URL,
                     '/', consumer_id]
         self_url = ''.join(self_url)
         self.assertEqual(self_url, resp.result['consumer']['links']['self'])
         self.assertEqual(consumer_id, resp.result['consumer']['id'])
 
+        self.head(url, expected_status=http_client.OK)
+
     def test_consumer_list(self):
         self._consumer_create()
         resp = self.get(self.CONSUMER_URL)
@@ -177,6 +180,8 @@ class ConsumerCRUDTests(OAuth1Tests):
         self.assertEqual(self_url, resp.result['links']['self'])
         self.assertValidListLinks(resp.result['links'])
 
+        self.head(self.CONSUMER_URL, expected_status=http_client.OK)
+
     def test_consumer_update(self):
         consumer = self._create_single_consumer()
         original_id = consumer['id']
@@ -250,9 +255,12 @@ class ConsumerCRUDTests(OAuth1Tests):
         self.assertIsNotNone(consumer['secret'])
 
     def test_consumer_get_bad_id(self):
-        self.get(self.CONSUMER_URL + '/%(consumer_id)s'
-                 % {'consumer_id': uuid.uuid4().hex},
-                 expected_status=http_client.NOT_FOUND)
+        url = (
+            self.CONSUMER_URL + '/%(consumer_id)s' %
+            {'consumer_id': uuid.uuid4().hex}
+        )
+        self.get(url, expected_status=http_client.NOT_FOUND)
+        self.head(url, expected_status=http_client.NOT_FOUND)
 
 
 class OAuthFlowTests(OAuth1Tests):
@@ -310,12 +318,17 @@ class AccessTokenCRUDTests(OAuthFlowTests):
                     expected_status=http_client.NOT_FOUND)
 
     def test_list_no_access_tokens(self):
-        resp = self.get('/users/%(user_id)s/OS-OAUTH1/access_tokens'
-                        % {'user_id': self.user_id})
+        url = (
+            '/users/%(user_id)s/OS-OAUTH1/access_tokens'
+            % {'user_id': self.user_id}
+        )
+        resp = self.get(url)
         entities = resp.result['access_tokens']
         self.assertEqual([], entities)
         self.assertValidListLinks(resp.result['links'])
 
+        self.head(url, expected_status=http_client.OK)
+
     def test_get_single_access_token(self):
         self.test_oauth_flow()
         access_token_key_string = self.access_token.key.decode()
@@ -330,21 +343,31 @@ class AccessTokenCRUDTests(OAuthFlowTests):
         self.assertEqual(self.consumer['key'], entity['consumer_id'])
         self.assertEqual('http://localhost/v3' + url, entity['links']['self'])
 
+        self.head(url, expected_status=http_client.OK)
+
     def test_get_access_token_dne(self):
-        self.get('/users/%(user_id)s/OS-OAUTH1/access_tokens/%(key)s'
-                 % {'user_id': self.user_id,
-                    'key': uuid.uuid4().hex},
-                 expected_status=http_client.NOT_FOUND)
+        url = (
+            '/users/%(user_id)s/OS-OAUTH1/access_tokens/%(key)s'
+            % {'user_id': self.user_id,
+               'key': uuid.uuid4().hex}
+        )
+        self.get(url, expected_status=http_client.NOT_FOUND)
+        self.head(url, expected_status=http_client.NOT_FOUND)
 
     def test_list_all_roles_in_access_token(self):
         self.test_oauth_flow()
-        resp = self.get('/users/%(id)s/OS-OAUTH1/access_tokens/%(key)s/roles'
-                        % {'id': self.user_id,
-                           'key': self.access_token.key.decode()})
+        url = (
+            '/users/%(id)s/OS-OAUTH1/access_tokens/%(key)s/roles'
+            % {'id': self.user_id,
+               'key': self.access_token.key.decode()}
+        )
+        resp = self.get(url)
         entities = resp.result['roles']
         self.assertTrue(entities)
         self.assertValidListLinks(resp.result['links'])
 
+        self.head(url, expected_status=http_client.OK)
+
     def test_get_role_in_access_token(self):
         self.test_oauth_flow()
 
@@ -356,6 +379,8 @@ class AccessTokenCRUDTests(OAuthFlowTests):
         entity = resp.result['role']
         self.assertEqual(self.role_id, entity['id'])
 
+        self.head(url, expected_status=http_client.OK)
+
     def test_get_role_in_access_token_dne(self):
         self.test_oauth_flow()
 
@@ -364,12 +389,17 @@ class AccessTokenCRUDTests(OAuthFlowTests):
                % {'id': self.user_id, 'key': access_token_key,
                   'role': uuid.uuid4().hex})
         self.get(url, expected_status=http_client.NOT_FOUND)
+        self.head(url, expected_status=http_client.NOT_FOUND)
 
     def test_list_and_delete_access_tokens(self):
         self.test_oauth_flow()
         # List access_tokens should be > 0
-        resp = self.get('/users/%(user_id)s/OS-OAUTH1/access_tokens'
-                        % {'user_id': self.user_id})
+        url = (
+            '/users/%(user_id)s/OS-OAUTH1/access_tokens'
+            % {'user_id': self.user_id}
+        )
+        resp = self.get(url)
+        self.head(url, expected_status=http_client.OK)
         entities = resp.result['access_tokens']
         self.assertTrue(entities)
         self.assertValidListLinks(resp.result['links'])
@@ -382,8 +412,8 @@ class AccessTokenCRUDTests(OAuthFlowTests):
         self.assertResponseStatus(resp, http_client.NO_CONTENT)
 
         # List access_token should be 0
-        resp = self.get('/users/%(user_id)s/OS-OAUTH1/access_tokens'
-                        % {'user_id': self.user_id})
+        resp = self.get(url)
+        self.head(url, expected_status=http_client.OK)
         entities = resp.result['access_tokens']
         self.assertEqual([], entities)
         self.assertValidListLinks(resp.result['links'])