From 1efee11f587a73969c68a6c77fc97d786a1903e6 Mon Sep 17 00:00:00 2001
From: Jesse Andrews <anotherjesse@gmail.com>
Date: Wed, 25 Jan 2012 19:33:43 -0600
Subject: [PATCH] add tests that auth with tenant user isn't member of

---
 tests/default_fixtures.py    |  1 +
 tests/test_keystoneclient.py | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/tests/default_fixtures.py b/tests/default_fixtures.py
index 22ac95f0bf..6d455bdf66 100644
--- a/tests/default_fixtures.py
+++ b/tests/default_fixtures.py
@@ -3,6 +3,7 @@ TENANTS = [
     {'id': 'baz', 'name': 'BAZ'},
     ]
 
+# NOTE(ja): a role of keystone_admin and attribute "is_admin" is done in setUp
 USERS = [
     {'id': 'foo', 'name': 'FOO', 'password': 'foo2', 'tenants': ['bar',]},
     {'id': 'two', 'name': 'TWO', 'password': 'two2', 'tenants': ['baz',]},
diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py
index 6265c17510..477aa3046e 100644
--- a/tests/test_keystoneclient.py
+++ b/tests/test_keystoneclient.py
@@ -88,6 +88,14 @@ class KcMasterTestCase(CompatTestCase):
         tenants = client.tenants.list()
         self.assertEquals(tenants[0].id, self.tenant_bar['id'])
 
+    def test_authenticate_invalid_tenant_id(self):
+        from keystoneclient import exceptions as client_exceptions
+        self.assertRaises(client_exceptions.AuthorizationFailure,
+                          self._client,
+                          username=self.user_foo['name'],
+                          password=self.user_foo['password'],
+                          tenant_id='baz')
+
     def test_authenticate_token_no_tenant(self):
         client = self.get_client()
         token = client.auth_token
@@ -102,6 +110,13 @@ class KcMasterTestCase(CompatTestCase):
         tenants = token_client.tenants.list()
         self.assertEquals(tenants[0].id, self.tenant_bar['id'])
 
+    def test_authenticate_token_invalid_tenant_id(self):
+        from keystoneclient import exceptions as client_exceptions
+        client = self.get_client()
+        token = client.auth_token
+        self.assertRaises(client_exceptions.AuthorizationFailure,
+                          self._client, token=token, tenant_id='baz')
+
     def test_authenticate_token_tenant_name(self):
         client = self.get_client()
         token = client.auth_token
@@ -219,8 +234,8 @@ class KcMasterTestCase(CompatTestCase):
 
         user = client.users.update_password(user=user, password='password2')
 
-        test_client = self._client(username=test_username,
-                                   password='password2')
+        self._client(username=test_username,
+                     password='password2')
 
         user = client.users.update_tenant(user=user, tenant='bar')
         # TODO(ja): once keystonelight supports default tenant