From cd612aeb90f364d437bfbda363b303b30c1c0224 Mon Sep 17 00:00:00 2001 From: Morgan Fainberg Date: Tue, 26 Aug 2014 10:25:07 -0700 Subject: [PATCH] Update tests to not use token_api Update tests to use token_provider_api._persistence instead of token_api (as token_api is deprecated). Change-Id: Ie465dd2f15a5ac9695de230fd430ad511642682f bp: non-persistent-tokens --- keystone/tests/test_auth.py | 15 ++- keystone/tests/test_backend.py | 169 +++++++++++++++++------------ keystone/tests/test_backend_kvs.py | 30 ++--- keystone/tests/test_v3_identity.py | 3 +- keystone/tests/test_v3_oauth1.py | 10 +- 5 files changed, 133 insertions(+), 94 deletions(-) diff --git a/keystone/tests/test_auth.py b/keystone/tests/test_auth.py index 603ff8bf9..790f2a348 100644 --- a/keystone/tests/test_auth.py +++ b/keystone/tests/test_auth.py @@ -1050,7 +1050,7 @@ class AuthWithTrust(AuthTest): " only get the two roles specified in the trust.") def assert_token_count_for_trust(self, trust, expected_value): - tokens = self.token_api._list_tokens( + tokens = self.token_provider_api._persistence._list_tokens( self.trustee['id'], trust_id=trust['id']) token_count = len(tokens) self.assertEqual(expected_value, token_count) @@ -1060,7 +1060,8 @@ class AuthWithTrust(AuthTest): self.assert_token_count_for_trust(new_trust, 0) self.fetch_v2_token_from_trust(new_trust) self.assert_token_count_for_trust(new_trust, 1) - self.token_api.delete_tokens_for_user(self.trustee['id']) + self.token_provider_api._persistence.delete_tokens_for_user( + self.trustee['id']) self.assert_token_count_for_trust(new_trust, 0) def test_token_from_trust_cant_get_another_token(self): @@ -1080,12 +1081,14 @@ class AuthWithTrust(AuthTest): unscoped_token['access']['token']['id']) self.fetch_v2_token_from_trust(new_trust) trust_id = new_trust['id'] - tokens = self.token_api._list_tokens(self.trustor['id'], - trust_id=trust_id) + tokens = self.token_provider_api._persistence._list_tokens( + self.trustor['id'], + trust_id=trust_id) self.assertEqual(1, len(tokens)) self.trust_controller.delete_trust(context, trust_id=trust_id) - tokens = self.token_api._list_tokens(self.trustor['id'], - trust_id=trust_id) + tokens = self.token_provider_api._persistence._list_tokens( + self.trustor['id'], + trust_id=trust_id) self.assertEqual(0, len(tokens)) def test_token_from_trust_with_no_role_fails(self): diff --git a/keystone/tests/test_backend.py b/keystone/tests/test_backend.py index 7fedb9844..7a004b55e 100644 --- a/keystone/tests/test_backend.py +++ b/keystone/tests/test_backend.py @@ -2969,9 +2969,11 @@ class TokenTests(object): def _assert_revoked_token_list_matches_token_persistence( self, revoked_token_id_list): # Assert that the list passed in matches the list returned by the - # token persistence service, token_api - persistence_list = [x['id'] - for x in self.token_api.list_revoked_tokens()] + # token persistence service + persistence_list = [ + x['id'] + for x in self.token_provider_api.list_revoked_tokens() + ] self.assertEqual(persistence_list, revoked_token_id_list) def test_token_crud(self): @@ -2979,7 +2981,8 @@ class TokenTests(object): data = {'id': token_id, 'a': 'b', 'trust_id': None, 'user': {'id': 'testuserid'}} - data_ref = self.token_api.create_token(token_id, data) + data_ref = self.token_provider_api._persistence.create_token(token_id, + data) expires = data_ref.pop('expires') data_ref.pop('user_id') self.assertIsInstance(expires, datetime.datetime) @@ -2987,7 +2990,7 @@ class TokenTests(object): data.pop('id') self.assertDictEqual(data_ref, data) - new_data_ref = self.token_api.get_token(token_id) + new_data_ref = self.token_provider_api._persistence.get_token(token_id) expires = new_data_ref.pop('expires') self.assertIsInstance(expires, datetime.datetime) new_data_ref.pop('user_id') @@ -2995,11 +2998,13 @@ class TokenTests(object): self.assertEqual(data, new_data_ref) - self.token_api.delete_token(token_id) - self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, token_id) - self.assertRaises(exception.TokenNotFound, - self.token_api.delete_token, token_id) + self.token_provider_api._persistence.delete_token(token_id) + self.assertRaises( + exception.TokenNotFound, + self.token_provider_api._persistence.get_token, token_id) + self.assertRaises( + exception.TokenNotFound, + self.token_provider_api._persistence.delete_token, token_id) def create_token_sample_data(self, token_id=None, tenant_id=None, trust_id=None, user_id=None, expires=None): @@ -3008,10 +3013,7 @@ class TokenTests(object): if user_id is None: user_id = 'testuserid' # FIXME(morganfainberg): These tokens look nothing like "Real" tokens. - # This should be updated when token_api is updated to merge in the - # issue_token logic from the providers (token issuance should be a - # pipeline). The fix should be in implementation of blueprint: - # token-issuance-pipeline + # This should be fixed when token issuance is cleaned up. data = {'id': token_id, 'a': 'b', 'user': {'id': user_id}} if tenant_id is not None: @@ -3031,11 +3033,13 @@ class TokenTests(object): # Issue token stores a copy of all token data at token['token_data']. # This emulates that assumption as part of the test. data['token_data'] = copy.deepcopy(data) - new_token = self.token_api.create_token(token_id, data) + new_token = self.token_provider_api._persistence.create_token(token_id, + data) return new_token['id'], data def test_delete_tokens(self): - tokens = self.token_api._list_tokens('testuserid') + tokens = self.token_provider_api._persistence._list_tokens( + 'testuserid') self.assertEqual(0, len(tokens)) token_id1, data = self.create_token_sample_data( tenant_id='testtenantid') @@ -3044,23 +3048,29 @@ class TokenTests(object): token_id3, data = self.create_token_sample_data( tenant_id='testtenantid', user_id='testuserid1') - tokens = self.token_api._list_tokens('testuserid') + tokens = self.token_provider_api._persistence._list_tokens( + 'testuserid') self.assertEqual(2, len(tokens)) self.assertIn(token_id2, tokens) self.assertIn(token_id1, tokens) - self.token_api.delete_tokens(user_id='testuserid', - tenant_id='testtenantid') - tokens = self.token_api._list_tokens('testuserid') + self.token_provider_api._persistence.delete_tokens( + user_id='testuserid', + tenant_id='testtenantid') + tokens = self.token_provider_api._persistence._list_tokens( + 'testuserid') self.assertEqual(0, len(tokens)) self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, token_id1) + self.token_provider_api._persistence.get_token, + token_id1) self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, token_id2) + self.token_provider_api._persistence.get_token, + token_id2) - self.token_api.get_token(token_id3) + self.token_provider_api._persistence.get_token(token_id3) def test_delete_tokens_trust(self): - tokens = self.token_api._list_tokens(user_id='testuserid') + tokens = self.token_provider_api._persistence._list_tokens( + user_id='testuserid') self.assertEqual(0, len(tokens)) token_id1, data = self.create_token_sample_data( tenant_id='testtenantid', @@ -3069,15 +3079,18 @@ class TokenTests(object): tenant_id='testtenantid', user_id='testuserid1', trust_id='testtrustid1') - tokens = self.token_api._list_tokens('testuserid') + tokens = self.token_provider_api._persistence._list_tokens( + 'testuserid') self.assertEqual(1, len(tokens)) self.assertIn(token_id1, tokens) - self.token_api.delete_tokens(user_id='testuserid', - tenant_id='testtenantid', - trust_id='testtrustid') + self.token_provider_api._persistence.delete_tokens( + user_id='testuserid', + tenant_id='testtenantid', + trust_id='testtrustid') self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, token_id1) - self.token_api.get_token(token_id2) + self.token_provider_api._persistence.get_token, + token_id1) + self.token_provider_api._persistence.get_token(token_id2) def _test_token_list(self, token_list_fn): tokens = token_list_fn('testuserid') @@ -3091,11 +3104,11 @@ class TokenTests(object): self.assertEqual(2, len(tokens)) self.assertIn(token_id2, tokens) self.assertIn(token_id1, tokens) - self.token_api.delete_token(token_id1) + self.token_provider_api._persistence.delete_token(token_id1) tokens = token_list_fn('testuserid') self.assertIn(token_id2, tokens) self.assertNotIn(token_id1, tokens) - self.token_api.delete_token(token_id2) + self.token_provider_api._persistence.delete_token(token_id2) tokens = token_list_fn('testuserid') self.assertNotIn(token_id2, tokens) self.assertNotIn(token_id1, tokens) @@ -3122,26 +3135,28 @@ class TokenTests(object): self.assertIn(token_id4, tokens) def test_token_list(self): - self._test_token_list(self.token_api._list_tokens) + self._test_token_list( + self.token_provider_api._persistence._list_tokens) def test_token_list_trust(self): trust_id = uuid.uuid4().hex token_id5, data = self.create_token_sample_data(trust_id=trust_id) - tokens = self.token_api._list_tokens('testuserid', trust_id=trust_id) + tokens = self.token_provider_api._persistence._list_tokens( + 'testuserid', trust_id=trust_id) self.assertEqual(1, len(tokens)) self.assertIn(token_id5, tokens) def test_get_token_404(self): self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, + self.token_provider_api._persistence.get_token, uuid.uuid4().hex) self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, + self.token_provider_api._persistence.get_token, None) def test_delete_token_404(self): self.assertRaises(exception.TokenNotFound, - self.token_api.delete_token, + self.token_provider_api._persistence.delete_token, uuid.uuid4().hex) def test_expired_token(self): @@ -3151,19 +3166,22 @@ class TokenTests(object): 'expires': expire_time, 'trust_id': None, 'user': {'id': 'testuserid'}} - data_ref = self.token_api.create_token(token_id, data) + data_ref = self.token_provider_api._persistence.create_token(token_id, + data) data_ref.pop('user_id') self.assertDictEqual(data_ref, data) self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, token_id) + self.token_provider_api._persistence.get_token, + token_id) def test_null_expires_token(self): token_id = uuid.uuid4().hex data = {'id': token_id, 'id_hash': token_id, 'a': 'b', 'expires': None, 'user': {'id': 'testuserid'}} - data_ref = self.token_api.create_token(token_id, data) + data_ref = self.token_provider_api._persistence.create_token(token_id, + data) self.assertIsNotNone(data_ref['expires']) - new_data_ref = self.token_api.get_token(token_id) + new_data_ref = self.token_provider_api._persistence.get_token(token_id) # MySQL doesn't store microseconds, so discard them before testing data_ref['expires'] = data_ref['expires'].replace(microsecond=0) @@ -3183,15 +3201,16 @@ class TokenTests(object): token_id = uuid.uuid4().hex data = {'id_hash': token_id, 'id': token_id, 'a': 'b', 'user': {'id': 'testuserid'}} - data_ref = self.token_api.create_token(token_id, data) - self.token_api.delete_token(token_id) + data_ref = self.token_provider_api._persistence.create_token(token_id, + data) + self.token_provider_api._persistence.delete_token(token_id) self.assertRaises( exception.TokenNotFound, - self.token_api.get_token, + self.token_provider_api._persistence.get_token, data_ref['id']) self.assertRaises( exception.TokenNotFound, - self.token_api.delete_token, + self.token_provider_api._persistence.delete_token, data_ref['id']) return token_id @@ -3215,7 +3234,8 @@ class TokenTests(object): 'expires': expire_time, 'trust_id': None, 'user': {'id': 'testuserid'}} - data_ref = self.token_api.create_token(token_id, data) + data_ref = self.token_provider_api._persistence.create_token(token_id, + data) data_ref.pop('user_id') self.assertDictEqual(data_ref, data) @@ -3225,12 +3245,14 @@ class TokenTests(object): 'expires': expire_time, 'trust_id': None, 'user': {'id': 'testuserid'}} - data_ref = self.token_api.create_token(token_id, data) + data_ref = self.token_provider_api._persistence.create_token(token_id, + data) data_ref.pop('user_id') self.assertDictEqual(data_ref, data) - self.token_api.flush_expired_tokens() - tokens = self.token_api._list_tokens('testuserid') + self.token_provider_api._persistence.flush_expired_tokens() + tokens = self.token_provider_api._persistence._list_tokens( + 'testuserid') self.assertEqual(1, len(tokens)) self.assertIn(token_id, tokens) @@ -3248,25 +3270,29 @@ class TokenTests(object): 'trust_id': None, 'user': {'id': 'testuserid'}} # Create 2 Tokens. - self.token_api.create_token(token_id, token_data) - self.token_api.create_token(token2_id, token2_data) + self.token_provider_api._persistence.create_token(token_id, + token_data) + self.token_provider_api._persistence.create_token(token2_id, + token2_data) # Verify the revocation list is empty. - self.assertEqual([], self.token_api.list_revoked_tokens()) + self.assertEqual( + [], self.token_provider_api._persistence.list_revoked_tokens()) self.assertEqual([], self.token_provider_api.list_revoked_tokens()) # Delete a token directly, bypassing the manager. - self.token_api.driver.delete_token(token_id) + self.token_provider_api._persistence.driver.delete_token(token_id) # Verify the revocation list is still empty. - self.assertEqual([], self.token_api.list_revoked_tokens()) + self.assertEqual( + [], self.token_provider_api._persistence.list_revoked_tokens()) self.assertEqual([], self.token_provider_api.list_revoked_tokens()) # Invalidate the revocation list. - self.token_api.invalidate_revocation_list() + self.token_provider_api._persistence.invalidate_revocation_list() # Verify the deleted token is in the revocation list. revoked_ids = [x['id'] for x in self.token_provider_api.list_revoked_tokens()] self._assert_revoked_token_list_matches_token_persistence(revoked_ids) self.assertIn(token_id, revoked_ids) # Delete the second token, through the manager - self.token_api.delete_token(token2_id) + self.token_provider_api._persistence.delete_token(token2_id) revoked_ids = [x['id'] for x in self.token_provider_api.list_revoked_tokens()] self._assert_revoked_token_list_matches_token_persistence(revoked_ids) @@ -3279,15 +3305,15 @@ class TokenTests(object): token_id_hash = hash_fn(token_id).hexdigest() token = {'user': {'id': uuid.uuid4().hex}} - self.token_api.create_token(token_id, token) - self.token_api.delete_token(token_id) + self.token_provider_api._persistence.create_token(token_id, token) + self.token_provider_api._persistence.delete_token(token_id) revoked_ids = [x['id'] for x in self.token_provider_api.list_revoked_tokens()] self._assert_revoked_token_list_matches_token_persistence(revoked_ids) self.assertIn(token_id_hash, revoked_ids) self.assertNotIn(token_id, revoked_ids) - for t in self.token_api.list_revoked_tokens(): + for t in self.token_provider_api._persistence.list_revoked_tokens(): self.assertIn('expires', t) def test_predictable_revoked_pki_token_id_default(self): @@ -3301,8 +3327,8 @@ class TokenTests(object): token_id = uuid.uuid4().hex token = {'user': {'id': uuid.uuid4().hex}} - self.token_api.create_token(token_id, token) - self.token_api.delete_token(token_id) + self.token_provider_api._persistence.create_token(token_id, token) + self.token_provider_api._persistence.delete_token(token_id) revoked_tokens = self.token_provider_api.list_revoked_tokens() revoked_ids = [x['id'] for x in revoked_tokens] @@ -3314,12 +3340,12 @@ class TokenTests(object): def test_create_unicode_token_id(self): token_id = six.text_type(self._create_token_id()) self.create_token_sample_data(token_id=token_id) - self.token_api.get_token(token_id) + self.token_provider_api._persistence.get_token(token_id) def test_create_unicode_user_id(self): user_id = six.text_type(uuid.uuid4().hex) token_id, data = self.create_token_sample_data(user_id=user_id) - self.token_api.get_token(token_id) + self.token_provider_api._persistence.get_token(token_id) def test_token_expire_timezone(self): @@ -3335,7 +3361,7 @@ class TokenTests(object): test_utils.TZ = 'UTC' + d expire_time = timeutils.utcnow() + datetime.timedelta(minutes=1) token_id, data_in = _create_token(expire_time) - data_get = self.token_api.get_token(token_id) + data_get = self.token_provider_api._persistence.get_token(token_id) self.assertEqual(data_in['id'], data_get['id'], 'TZ=%s' % test_utils.TZ) @@ -3344,7 +3370,8 @@ class TokenTests(object): timeutils.utcnow() + datetime.timedelta(minutes=-1)) token_id, data_in = _create_token(expire_time_expired) self.assertRaises(exception.TokenNotFound, - self.token_api.get_token, data_in['id']) + self.token_provider_api._persistence.get_token, + data_in['id']) class TokenCacheInvalidation(object): @@ -3415,25 +3442,27 @@ class TokenCacheInvalidation(object): self.token_provider_api.validate_v2_token(self.unscoped_token_id) def test_delete_unscoped_token(self): - self.token_api.delete_token(self.unscoped_token_id) + self.token_provider_api._persistence.delete_token( + self.unscoped_token_id) self._check_unscoped_tokens_are_invalid() self._check_scoped_tokens_are_valid() def test_delete_scoped_token_by_id(self): - self.token_api.delete_token(self.scoped_token_id) + self.token_provider_api._persistence.delete_token(self.scoped_token_id) self._check_scoped_tokens_are_invalid() self._check_unscoped_tokens_are_valid() def test_delete_scoped_token_by_user(self): - self.token_api.delete_tokens(self.user['id']) + self.token_provider_api._persistence.delete_tokens(self.user['id']) # Since we are deleting all tokens for this user, they should all # now be invalid. self._check_scoped_tokens_are_invalid() self._check_unscoped_tokens_are_invalid() def test_delete_scoped_token_by_user_and_tenant(self): - self.token_api.delete_tokens(self.user['id'], - tenant_id=self.tenant['id']) + self.token_provider_api._persistence.delete_tokens( + self.user['id'], + tenant_id=self.tenant['id']) self._check_scoped_tokens_are_invalid() self._check_unscoped_tokens_are_valid() diff --git a/keystone/tests/test_backend_kvs.py b/keystone/tests/test_backend_kvs.py index 212cd3bf0..7ad61de3b 100644 --- a/keystone/tests/test_backend_kvs.py +++ b/keystone/tests/test_backend_kvs.py @@ -89,11 +89,13 @@ class KvsToken(tests.TestCase, test_backend.TokenTests): driver='keystone.identity.backends.kvs.Identity') def test_flush_expired_token(self): - self.assertRaises(exception.NotImplemented, - self.token_api.flush_expired_tokens) + self.assertRaises( + exception.NotImplemented, + self.token_provider_api._persistence.flush_expired_tokens) def _update_user_token_index_direct(self, user_key, token_id, new_data): - token_list = self.token_api.driver._get_user_token_list_with_expiry( + persistence = self.token_provider_api._persistence + token_list = persistence.driver._get_user_token_list_with_expiry( user_key) # Update the user-index so that the expires time is _actually_ expired # since we do not do an explicit get on the token, we only reference @@ -103,7 +105,8 @@ class KvsToken(tests.TestCase, test_backend.TokenTests): if data[0] == token_id: token_list[i] = new_data break - self.token_api.driver._store.set(user_key, token_list) + self.token_provider_api._persistence.driver._store.set(user_key, + token_list) def test_cleanup_user_index_on_create(self): user_id = six.text_type(uuid.uuid4().hex) @@ -115,10 +118,11 @@ class KvsToken(tests.TestCase, test_backend.TokenTests): # NOTE(morganfainberg): Directly access the data cache since we need to # get expired tokens as well as valid tokens. - user_key = self.token_api.driver._prefix_user_id(user_id) - user_token_list = self.token_api.driver._store.get(user_key) - valid_token_ref = self.token_api.get_token(valid_token_id) - expired_token_ref = self.token_api.get_token(expired_token_id) + token_persistence = self.token_provider_api._persistence + user_key = token_persistence.driver._prefix_user_id(user_id) + user_token_list = token_persistence.driver._store.get(user_key) + valid_token_ref = token_persistence.get_token(valid_token_id) + expired_token_ref = token_persistence.get_token(expired_token_id) expected_user_token_list = [ (valid_token_id, timeutils.isotime(valid_token_ref['expires'], subsecond=True)), @@ -133,25 +137,25 @@ class KvsToken(tests.TestCase, test_backend.TokenTests): new_expired_data) valid_token_id_2, valid_data_2 = self.create_token_sample_data( user_id=user_id) - valid_token_ref_2 = self.token_api.get_token(valid_token_id_2) + valid_token_ref_2 = token_persistence.get_token(valid_token_id_2) expected_user_token_list = [ (valid_token_id, timeutils.isotime(valid_token_ref['expires'], subsecond=True)), (valid_token_id_2, timeutils.isotime(valid_token_ref_2['expires'], subsecond=True))] - user_token_list = self.token_api.driver._store.get(user_key) + user_token_list = token_persistence.driver._store.get(user_key) self.assertEqual(expected_user_token_list, user_token_list) # Test that revoked tokens are removed from the list on create. - self.token_api.delete_token(valid_token_id_2) + token_persistence.delete_token(valid_token_id_2) new_token_id, data = self.create_token_sample_data(user_id=user_id) - new_token_ref = self.token_api.get_token(new_token_id) + new_token_ref = token_persistence.get_token(new_token_id) expected_user_token_list = [ (valid_token_id, timeutils.isotime(valid_token_ref['expires'], subsecond=True)), (new_token_id, timeutils.isotime(new_token_ref['expires'], subsecond=True))] - user_token_list = self.token_api.driver._store.get(user_key) + user_token_list = token_persistence.driver._store.get(user_key) self.assertEqual(expected_user_token_list, user_token_list) diff --git a/keystone/tests/test_v3_identity.py b/keystone/tests/test_v3_identity.py index 6c7cafd47..f9352224f 100644 --- a/keystone/tests/test_v3_identity.py +++ b/keystone/tests/test_v3_identity.py @@ -822,7 +822,8 @@ class IdentityTestCase(test_v3.RestfulTestCase): self.credential_api.get_credential, self.credential['id']) # And the no tokens we remain valid - tokens = self.token_api._list_tokens(self.user['id']) + tokens = self.token_provider_api._persistence._list_tokens( + self.user['id']) self.assertEqual(0, len(tokens)) # But the credential for user2 is unaffected r = self.credential_api.get_credential(self.credential2['id']) diff --git a/keystone/tests/test_v3_oauth1.py b/keystone/tests/test_v3_oauth1.py index 22324bba2..0fb133672 100644 --- a/keystone/tests/test_v3_oauth1.py +++ b/keystone/tests/test_v3_oauth1.py @@ -480,10 +480,12 @@ class AuthTokenTests(OAuthFlowTests): def test_delete_keystone_tokens_by_consumer_id(self): self.test_oauth_flow() - self.token_api.get_token(self.keystone_token_id) - self.token_api.delete_tokens(self.user_id, - consumer_id=self.consumer['key']) - self.assertRaises(exception.TokenNotFound, self.token_api.get_token, + self.token_provider_api._persistence.get_token(self.keystone_token_id) + self.token_provider_api._persistence.delete_tokens( + self.user_id, + consumer_id=self.consumer['key']) + self.assertRaises(exception.TokenNotFound, + self.token_provider_api._persistence.get_token, self.keystone_token_id) def _create_trust_get_token(self):