Migrate ID generation for users/groups from controller to manager
The implementation of multi-backend unique IDs requires that the manager layer is in charge of ID generation. This patch lays that ground work. No functional change should be observed from this patch. Partially Implements: blueprint multi-backend-uuids Change-Id: I2253aa9872d1c9950ef35851bd3f11d7ab5e433b
This commit is contained in:
parent
95bc069519
commit
799758b5b7
@ -15,7 +15,6 @@
|
||||
"""Workflow Logic the Identity service."""
|
||||
|
||||
import functools
|
||||
import uuid
|
||||
|
||||
from keystone.common import controller
|
||||
from keystone.common import dependency
|
||||
@ -78,15 +77,14 @@ class User(controller.V2Controller):
|
||||
self.assignment_api.get_project(default_project_id)
|
||||
user['default_project_id'] = default_project_id
|
||||
|
||||
user_id = uuid.uuid4().hex
|
||||
# The manager layer will generate the unique ID for users
|
||||
user_ref = self._normalize_domain_id(context, user.copy())
|
||||
user_ref['id'] = user_id
|
||||
new_user_ref = self.v3_to_v2_user(
|
||||
self.identity_api.create_user(user_id, user_ref))
|
||||
self.identity_api.create_user(user_ref))
|
||||
|
||||
if default_project_id is not None:
|
||||
self.assignment_api.add_user_to_project(default_project_id,
|
||||
user_id)
|
||||
new_user_ref['id'])
|
||||
return {'user': new_user_ref}
|
||||
|
||||
@controller.v2_deprecated
|
||||
@ -209,9 +207,10 @@ class UserV3(controller.V3Controller):
|
||||
def create_user(self, context, user):
|
||||
self._require_attribute(user, 'name')
|
||||
|
||||
ref = self._assign_unique_id(self._normalize_dict(user))
|
||||
# The manager layer will generate the unique ID for users
|
||||
ref = self._normalize_dict(user)
|
||||
ref = self._normalize_domain_id(context, ref)
|
||||
ref = self.identity_api.create_user(ref['id'], ref)
|
||||
ref = self.identity_api.create_user(ref)
|
||||
return UserV3.wrap_member(context, ref)
|
||||
|
||||
@controller.filterprotected('domain_id', 'enabled', 'name')
|
||||
@ -313,9 +312,10 @@ class GroupV3(controller.V3Controller):
|
||||
def create_group(self, context, group):
|
||||
self._require_attribute(group, 'name')
|
||||
|
||||
ref = self._assign_unique_id(self._normalize_dict(group))
|
||||
# The manager layer will generate the unique ID for groups
|
||||
ref = self._normalize_dict(group)
|
||||
ref = self._normalize_domain_id(context, ref)
|
||||
ref = self.identity_api.create_group(ref['id'], ref)
|
||||
ref = self.identity_api.create_group(ref)
|
||||
return GroupV3.wrap_member(context, ref)
|
||||
|
||||
@controller.filterprotected('domain_id', 'name')
|
||||
|
@ -17,6 +17,7 @@
|
||||
import abc
|
||||
import functools
|
||||
import os
|
||||
import uuid
|
||||
|
||||
from oslo.config import cfg
|
||||
import six
|
||||
@ -278,9 +279,9 @@ class Manager(manager.Manager):
|
||||
ref = self._set_domain_id(ref, domain_id)
|
||||
return ref
|
||||
|
||||
@notifications.created(_USER)
|
||||
@notifications.created(_USER, result_id_arg_attr='id')
|
||||
@domains_configured
|
||||
def create_user(self, user_id, user_ref):
|
||||
def create_user(self, user_ref):
|
||||
user = user_ref.copy()
|
||||
user['name'] = clean.user_name(user['name'])
|
||||
user.setdefault('enabled', True)
|
||||
@ -291,7 +292,8 @@ class Manager(manager.Manager):
|
||||
driver = self._select_identity_driver(domain_id)
|
||||
if not driver.is_domain_aware():
|
||||
user = self._clear_domain_id(user)
|
||||
ref = driver.create_user(user_id, user)
|
||||
user['id'] = uuid.uuid4().hex
|
||||
ref = driver.create_user(user['id'], user)
|
||||
if not driver.is_domain_aware():
|
||||
ref = self._set_domain_id(ref, domain_id)
|
||||
return ref
|
||||
@ -354,9 +356,9 @@ class Manager(manager.Manager):
|
||||
self.credential_api.delete_credentials_for_user(user_id)
|
||||
self.token_api.delete_tokens_for_user(user_id)
|
||||
|
||||
@notifications.created(_GROUP)
|
||||
@notifications.created(_GROUP, result_id_arg_attr='id')
|
||||
@domains_configured
|
||||
def create_group(self, group_id, group_ref):
|
||||
def create_group(self, group_ref):
|
||||
group = group_ref.copy()
|
||||
group.setdefault('description', '')
|
||||
|
||||
@ -365,7 +367,8 @@ class Manager(manager.Manager):
|
||||
driver = self._select_identity_driver(domain_id)
|
||||
if not driver.is_domain_aware():
|
||||
group = self._clear_domain_id(group)
|
||||
ref = driver.create_group(group_id, group)
|
||||
group['id'] = uuid.uuid4().hex
|
||||
ref = driver.create_group(group['id'], group)
|
||||
if not driver.is_domain_aware():
|
||||
ref = self._set_domain_id(ref, domain_id)
|
||||
return ref
|
||||
|
@ -62,11 +62,12 @@ class ManagerNotificationWrapper(object):
|
||||
|
||||
"""
|
||||
def __init__(self, operation, resource_type, public=True,
|
||||
resource_id_arg_index=1):
|
||||
resource_id_arg_index=1, result_id_arg_attr=None):
|
||||
self.operation = operation
|
||||
self.resource_type = resource_type
|
||||
self.public = public
|
||||
self.resource_id_arg_index = resource_id_arg_index
|
||||
self.result_id_arg_attr = result_id_arg_attr
|
||||
|
||||
def __call__(self, f):
|
||||
def wrapper(*args, **kwargs):
|
||||
@ -76,7 +77,10 @@ class ManagerNotificationWrapper(object):
|
||||
except Exception:
|
||||
raise
|
||||
else:
|
||||
resource_id = args[self.resource_id_arg_index]
|
||||
if self.result_id_arg_attr is not None:
|
||||
resource_id = result[self.result_id_arg_attr]
|
||||
else:
|
||||
resource_id = args[self.resource_id_arg_index]
|
||||
_send_notification(
|
||||
self.operation,
|
||||
self.resource_type,
|
||||
|
@ -479,6 +479,7 @@ class TestCase(BaseTestCase):
|
||||
tenant['id'], tenant)
|
||||
except exception.Conflict:
|
||||
rv = self.assignment_api.get_project(tenant['id'])
|
||||
|
||||
attrname = 'tenant_%s' % tenant['id']
|
||||
setattr(self, attrname, rv)
|
||||
fixtures_to_cleanup.append(attrname)
|
||||
@ -496,15 +497,28 @@ class TestCase(BaseTestCase):
|
||||
user_copy = user.copy()
|
||||
tenants = user_copy.pop('tenants')
|
||||
try:
|
||||
self.identity_api.create_user(user['id'], user_copy)
|
||||
except exception.Conflict:
|
||||
existing_user = getattr(self, 'user_%s' % user['id'], None)
|
||||
if existing_user is not None:
|
||||
self.identity_api.delete_user(existing_user['id'])
|
||||
except exception.UserNotFound:
|
||||
pass
|
||||
|
||||
# For users, the manager layer will generate the ID
|
||||
user_copy = self.identity_api.create_user(user_copy)
|
||||
# Our tests expect that the password is still in the user
|
||||
# record so that they can reference it, so put it back into
|
||||
# the dict returned.
|
||||
user_copy['password'] = user['password']
|
||||
|
||||
for tenant_id in tenants:
|
||||
try:
|
||||
self.assignment_api.add_user_to_project(tenant_id,
|
||||
user['id'])
|
||||
self.assignment_api.add_user_to_project(
|
||||
tenant_id, user_copy['id'])
|
||||
except exception.Conflict:
|
||||
pass
|
||||
# Use the ID from the fixture as the attribute name, so
|
||||
# that our tests can easily reference each user dict, while
|
||||
# the ID in the dict will be the real public ID.
|
||||
attrname = 'user_%s' % user['id']
|
||||
setattr(self, attrname, user_copy)
|
||||
fixtures_to_cleanup.append(attrname)
|
||||
|
@ -58,10 +58,14 @@ class FilterTests(object):
|
||||
return f
|
||||
|
||||
def _create_one_entity(self, entity_type, domain_id):
|
||||
new_entity = {'id': '0000' + uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex,
|
||||
new_entity = {'name': uuid.uuid4().hex,
|
||||
'domain_id': domain_id}
|
||||
self._create_entity(entity_type)(new_entity['id'], new_entity)
|
||||
if entity_type in ['user', 'group']:
|
||||
# The manager layer creates the ID for users and groups
|
||||
new_entity = self._create_entity(entity_type)(new_entity)
|
||||
else:
|
||||
new_entity['id'] = '0000' + uuid.uuid4().hex
|
||||
self._create_entity(entity_type)(new_entity['id'], new_entity)
|
||||
return new_entity
|
||||
|
||||
def _create_test_data(self, entity_type, number, domain_id=None):
|
||||
|
@ -266,9 +266,8 @@ class AuthWithToken(AuthTest):
|
||||
# Now create a group role for this user as well
|
||||
domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_domain(domain1['id'], domain1)
|
||||
new_group = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
||||
'name': uuid.uuid4().hex}
|
||||
self.identity_api.create_group(new_group['id'], new_group)
|
||||
new_group = {'domain_id': domain1['id'], 'name': uuid.uuid4().hex}
|
||||
new_group = self.identity_api.create_group(new_group)
|
||||
self.identity_api.add_user_to_group(self.user_foo['id'],
|
||||
new_group['id'])
|
||||
self.assignment_api.create_grant(
|
||||
@ -308,9 +307,8 @@ class AuthWithToken(AuthTest):
|
||||
role_group_domain1)
|
||||
self.assignment_api.add_user_to_project(project1['id'],
|
||||
self.user_foo['id'])
|
||||
new_group = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
||||
'name': uuid.uuid4().hex}
|
||||
self.identity_api.create_group(new_group['id'], new_group)
|
||||
new_group = {'domain_id': domain1['id'], 'name': uuid.uuid4().hex}
|
||||
new_group = self.identity_api.create_group(new_group)
|
||||
self.identity_api.add_user_to_group(self.user_foo['id'],
|
||||
new_group['id'])
|
||||
self.assignment_api.create_grant(
|
||||
@ -523,17 +521,15 @@ class AuthWithPasswordCredentials(AuthTest):
|
||||
|
||||
# 2) Create user "foo" in new domain with different password than
|
||||
# default-domain foo.
|
||||
new_user_id = uuid.uuid4().hex
|
||||
new_user_password = uuid.uuid4().hex
|
||||
new_user = {
|
||||
'id': new_user_id,
|
||||
'name': self.user_foo['name'],
|
||||
'domain_id': new_domain_id,
|
||||
'password': new_user_password,
|
||||
'email': 'foo@bar2.com',
|
||||
}
|
||||
|
||||
self.identity_api.create_user(new_user_id, new_user)
|
||||
new_user = self.identity_api.create_user(new_user)
|
||||
|
||||
# 3) Update the default_domain_id config option to the new domain
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -86,22 +86,20 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn)
|
||||
|
||||
def test_configurable_allowed_user_actions(self):
|
||||
user = {'id': u'fäké1',
|
||||
'name': u'fäké1',
|
||||
user = {'name': u'fäké1',
|
||||
'password': u'fäképass1',
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'tenants': ['bar']}
|
||||
self.identity_api.create_user(u'fäké1', user)
|
||||
user_ref = self.identity_api.get_user(u'fäké1')
|
||||
self.assertEqual(u'fäké1', user_ref['id'])
|
||||
user = self.identity_api.create_user(user)
|
||||
self.identity_api.get_user(user['id'])
|
||||
|
||||
user['password'] = u'fäképass2'
|
||||
self.identity_api.update_user(u'fäké1', user)
|
||||
self.identity_api.update_user(user['id'], user)
|
||||
|
||||
self.identity_api.delete_user(u'fäké1')
|
||||
self.identity_api.delete_user(user['id'])
|
||||
self.assertRaises(exception.UserNotFound,
|
||||
self.identity_api.get_user,
|
||||
u'fäké1')
|
||||
user['id'])
|
||||
|
||||
def test_configurable_forbidden_user_actions(self):
|
||||
conf = self.get_config(CONF.identity.default_domain_id)
|
||||
@ -110,14 +108,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
conf.ldap.user_allow_delete = False
|
||||
self.reload_backends(CONF.identity.default_domain_id)
|
||||
|
||||
user = {'id': u'fäké1',
|
||||
'name': u'fäké1',
|
||||
user = {'name': u'fäké1',
|
||||
'password': u'fäképass1',
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'tenants': ['bar']}
|
||||
self.assertRaises(exception.ForbiddenAction,
|
||||
self.identity_api.create_user,
|
||||
u'fäké1',
|
||||
user)
|
||||
|
||||
self.user_foo['password'] = u'fäképass2'
|
||||
@ -137,7 +133,6 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
self.assertRaises(exception.ForbiddenAction,
|
||||
self.identity_api.create_user,
|
||||
self.user_foo['id'],
|
||||
self.user_foo)
|
||||
|
||||
def test_user_filter(self):
|
||||
@ -176,13 +171,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
def test_get_and_remove_role_grant_by_group_and_project(self):
|
||||
new_domain = self._get_domain_fixture()
|
||||
new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
|
||||
new_group = {'domain_id': new_domain['id'],
|
||||
'name': uuid.uuid4().hex}
|
||||
self.identity_api.create_group(new_group['id'], new_group)
|
||||
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
|
||||
'enabled': True,
|
||||
new_group = self.identity_api.create_group(new_group)
|
||||
new_user = {'name': 'new_user', 'enabled': True,
|
||||
'domain_id': new_domain['id']}
|
||||
self.identity_api.create_user(new_user['id'], new_user)
|
||||
new_user = self.identity_api.create_user(new_user)
|
||||
self.identity_api.add_user_to_group(new_user['id'],
|
||||
new_group['id'])
|
||||
|
||||
@ -255,10 +249,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
def test_list_projects_for_user(self):
|
||||
domain = self._get_domain_fixture()
|
||||
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex, 'domain_id': domain['id'],
|
||||
'enabled': True}
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||
'domain_id': domain['id'], 'enabled': True}
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
|
||||
self.assertThat(user_projects, matchers.HasLength(0))
|
||||
|
||||
@ -274,14 +267,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
self.assertThat(user_projects, matchers.HasLength(2))
|
||||
|
||||
# Now, check number of projects through groups
|
||||
user2 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex, 'domain_id': domain['id'],
|
||||
'enabled': True}
|
||||
self.identity_api.create_user(user2['id'], user2)
|
||||
user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||
'domain_id': domain['id'], 'enabled': True}
|
||||
user2 = self.identity_api.create_user(user2)
|
||||
|
||||
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain['id']}
|
||||
self.identity_api.create_group(group1['id'], group1)
|
||||
group1 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
|
||||
group1 = self.identity_api.create_group(group1)
|
||||
|
||||
self.identity_api.add_user_to_group(user2['id'], group1['id'])
|
||||
|
||||
@ -306,15 +297,13 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
def test_list_projects_for_user_and_groups(self):
|
||||
domain = self._get_domain_fixture()
|
||||
# Create user1
|
||||
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex, 'domain_id': domain['id'],
|
||||
'enabled': True}
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||
'domain_id': domain['id'], 'enabled': True}
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
|
||||
# Create new group for user1
|
||||
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain['id']}
|
||||
self.identity_api.create_group(group1['id'], group1)
|
||||
group1 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
|
||||
group1 = self.identity_api.create_group(group1)
|
||||
|
||||
# Add user1 to group1
|
||||
self.identity_api.add_user_to_group(user1['id'], group1['id'])
|
||||
@ -343,17 +332,14 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
def test_list_projects_for_user_with_grants(self):
|
||||
domain = self._get_domain_fixture()
|
||||
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
|
||||
'password': uuid.uuid4().hex, 'enabled': True,
|
||||
'domain_id': domain['id']}
|
||||
self.identity_api.create_user(new_user['id'], new_user)
|
||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
||||
'enabled': True, 'domain_id': domain['id']}
|
||||
new_user = self.identity_api.create_user(new_user)
|
||||
|
||||
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain['id']}
|
||||
self.identity_api.create_group(group1['id'], group1)
|
||||
group2 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain['id']}
|
||||
self.identity_api.create_group(group2['id'], group2)
|
||||
group1 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
|
||||
group1 = self.identity_api.create_group(group1)
|
||||
group2 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
|
||||
group2 = self.identity_api.create_group(group2)
|
||||
|
||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain['id']}
|
||||
@ -415,14 +401,11 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
def test_list_role_assignments_unfiltered(self):
|
||||
new_domain = self._get_domain_fixture()
|
||||
new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex, 'enabled': True,
|
||||
'domain_id': new_domain['id']}
|
||||
self.identity_api.create_user(new_user['id'],
|
||||
new_user)
|
||||
new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
|
||||
'name': uuid.uuid4().hex}
|
||||
self.identity_api.create_group(new_group['id'], new_group)
|
||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||
'enabled': True, 'domain_id': new_domain['id']}
|
||||
new_user = self.identity_api.create_user(new_user)
|
||||
new_group = {'domain_id': new_domain['id'], 'name': uuid.uuid4().hex}
|
||||
new_group = self.identity_api.create_group(new_group)
|
||||
new_project = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex,
|
||||
'domain_id': new_domain['id']}
|
||||
@ -449,11 +432,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
new_domain = self._get_domain_fixture()
|
||||
new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex, 'enabled': True,
|
||||
'domain_id': new_domain['id']}
|
||||
self.identity_api.create_user(new_user['id'],
|
||||
new_user)
|
||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||
'enabled': True, 'domain_id': new_domain['id']}
|
||||
new_user = self.identity_api.create_user(new_user)
|
||||
new_project = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex,
|
||||
'domain_id': new_domain['id']}
|
||||
@ -475,11 +456,10 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
self.load_backends()
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex, 'enabled': True,
|
||||
'domain_id': test_backend.DEFAULT_DOMAIN_ID}
|
||||
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||
'enabled': True, 'domain_id': test_backend.DEFAULT_DOMAIN_ID}
|
||||
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
||||
user['id'])
|
||||
user_ids = self.assignment_api.list_user_ids_for_project(
|
||||
@ -505,23 +485,20 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
"""
|
||||
|
||||
# Create a group
|
||||
group_id = None
|
||||
group = dict(name=uuid.uuid4().hex,
|
||||
domain_id=CONF.identity.default_domain_id)
|
||||
group_id = self.identity_api.create_group(group_id, group)['id']
|
||||
group_id = self.identity_api.create_group(group)['id']
|
||||
|
||||
# Create a couple of users and add them to the group.
|
||||
user_id = None
|
||||
user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex,
|
||||
domain_id=CONF.identity.default_domain_id)
|
||||
user_1_id = self.identity_api.create_user(user_id, user)['id']
|
||||
user_1_id = self.identity_api.create_user(user)['id']
|
||||
|
||||
self.identity_api.add_user_to_group(user_1_id, group_id)
|
||||
|
||||
user_id = None
|
||||
user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex,
|
||||
domain_id=CONF.identity.default_domain_id)
|
||||
user_2_id = self.identity_api.create_user(user_id, user)['id']
|
||||
user_2_id = self.identity_api.create_user(user)['id']
|
||||
|
||||
self.identity_api.add_user_to_group(user_2_id, group_id)
|
||||
|
||||
@ -542,11 +519,10 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
# List group members when there is no member in the group.
|
||||
# No exception should be raised.
|
||||
group = {
|
||||
'id': uuid.uuid4().hex,
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'name': uuid.uuid4().hex,
|
||||
'description': uuid.uuid4().hex}
|
||||
self.identity_api.create_group(group['id'], group)
|
||||
group = self.identity_api.create_group(group)
|
||||
|
||||
# If this doesn't raise, then the test is successful.
|
||||
self.identity_api.list_users_in_group(group['id'])
|
||||
@ -558,16 +534,14 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
# Create a group
|
||||
group_id = None
|
||||
group = dict(name=uuid.uuid4().hex,
|
||||
domain_id=CONF.identity.default_domain_id)
|
||||
group_id = self.identity_api.create_group(group_id, group)['id']
|
||||
group_id = self.identity_api.create_group(group)['id']
|
||||
|
||||
# Create a user
|
||||
user_id = None
|
||||
user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex,
|
||||
user = dict(name=uuid.uuid4().hex,
|
||||
domain_id=CONF.identity.default_domain_id)
|
||||
user_id = self.identity_api.create_user(user_id, user)['id']
|
||||
user_id = self.identity_api.create_user(user)['id']
|
||||
|
||||
# Add user to the group
|
||||
self.identity_api.add_user_to_group(user_id, group_id)
|
||||
@ -597,13 +571,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
def test_authenticate_requires_simple_bind(self):
|
||||
user = {
|
||||
'id': 'no_meta',
|
||||
'name': 'NO_META',
|
||||
'domain_id': test_backend.DEFAULT_DOMAIN_ID,
|
||||
'password': 'no_meta2',
|
||||
'enabled': True,
|
||||
}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
||||
user['id'])
|
||||
driver = self.identity_api._select_identity_driver(
|
||||
@ -625,11 +598,10 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
# Refer to bug 1136403 for more detail.
|
||||
def test_group_crud(self):
|
||||
group = {
|
||||
'id': uuid.uuid4().hex,
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'name': uuid.uuid4().hex,
|
||||
'description': uuid.uuid4().hex}
|
||||
self.identity_api.create_group(group['id'], group)
|
||||
group = self.identity_api.create_group(group)
|
||||
group_ref = self.identity_api.get_group(group['id'])
|
||||
self.assertDictEqual(group_ref, group)
|
||||
group['description'] = uuid.uuid4().hex
|
||||
@ -650,15 +622,14 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
'tenants', 'tenantId']
|
||||
self.reload_backends(CONF.identity.default_domain_id)
|
||||
|
||||
user = {'id': u'fäké1',
|
||||
'name': u'fäké1',
|
||||
user = {'name': u'fäké1',
|
||||
'password': u'fäképass1',
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'default_project_id': 'maps_to_none',
|
||||
}
|
||||
|
||||
# If this doesn't raise, then the test is successful.
|
||||
self.identity_api.create_user(u'fäké1', user)
|
||||
user = self.identity_api.create_user(user)
|
||||
|
||||
def test_update_user_name(self):
|
||||
"""A user's name cannot be changed through the LDAP driver."""
|
||||
@ -685,6 +656,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
# Create a user with a , in their ID
|
||||
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
|
||||
|
||||
# Since we want to fake up this special ID, we'll squirt this
|
||||
# direct into the driver and bypass the manager layer.
|
||||
user_id = u'Doe, John'
|
||||
user = {
|
||||
'id': user_id,
|
||||
@ -692,7 +666,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
'password': self.getUniqueString(),
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
}
|
||||
self.identity_api.create_user(user_id, user)
|
||||
user = self.identity_api.driver.create_user(user_id, user)
|
||||
|
||||
# Create a group
|
||||
group_id = uuid.uuid4().hex
|
||||
@ -702,7 +676,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
'description': self.getUniqueString(),
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
}
|
||||
self.identity_api.create_group(group_id, group)
|
||||
self.identity_api.driver.create_group(group_id, group)
|
||||
|
||||
# Put the user in the group
|
||||
self.identity_api.add_user_to_group(user_id, group_id)
|
||||
@ -718,6 +692,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
|
||||
# Create a user with a , in their ID
|
||||
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
|
||||
|
||||
# Since we want to fake up this special ID, we'll squirt this
|
||||
# direct into the driver and bypass the manager layer
|
||||
user_id = u'Doe, John'
|
||||
user = {
|
||||
'id': user_id,
|
||||
@ -725,7 +702,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
||||
'password': self.getUniqueString(),
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
}
|
||||
self.identity_api.create_user(user_id, user)
|
||||
self.identity_api.driver.create_user(user_id, user)
|
||||
|
||||
# Grant the user a role on a project.
|
||||
|
||||
@ -798,11 +775,11 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
role1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role1['id'], role1)
|
||||
|
||||
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
user1 = {'name': uuid.uuid4().hex,
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'password': uuid.uuid4().hex,
|
||||
'enabled': True}
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
|
||||
self.assignment_api.add_role_to_user_and_project(
|
||||
user_id=user1['id'],
|
||||
@ -1054,8 +1031,9 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
|
||||
ldap_ = self.identity_api.driver.user.get_connection()
|
||||
|
||||
def get_enabled_vals():
|
||||
user_dn = self.identity_api.driver.user._id_to_dn_string(u'fäké1')
|
||||
def get_enabled_vals(user):
|
||||
user_dn = (
|
||||
self.identity_api.driver.user._id_to_dn_string(user['id']))
|
||||
enabled_attr_name = CONF.ldap.user_enabled_attribute
|
||||
|
||||
res = ldap_.search_s(user_dn,
|
||||
@ -1063,44 +1041,44 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
u'(sn=fäké1)')
|
||||
return res[0][1][enabled_attr_name]
|
||||
|
||||
user = {'id': u'fäké1', 'name': u'fäké1', 'enabled': True,
|
||||
user = {'name': u'fäké1', 'enabled': True,
|
||||
'domain_id': CONF.identity.default_domain_id}
|
||||
|
||||
user_ref = self.identity_api.create_user(u'fäké1', user)
|
||||
user_ref = self.identity_api.create_user(user)
|
||||
|
||||
# Use assertIs rather than assertTrue because assertIs will assert the
|
||||
# value is a Boolean as expected.
|
||||
self.assertIs(user_ref['enabled'], True)
|
||||
self.assertNotIn('enabled_nomask', user_ref)
|
||||
|
||||
enabled_vals = get_enabled_vals()
|
||||
enabled_vals = get_enabled_vals(user_ref)
|
||||
self.assertEqual([512], enabled_vals)
|
||||
|
||||
user_ref = self.identity_api.get_user(u'fäké1')
|
||||
user_ref = self.identity_api.get_user(user_ref['id'])
|
||||
self.assertIs(user_ref['enabled'], True)
|
||||
self.assertNotIn('enabled_nomask', user_ref)
|
||||
|
||||
user['enabled'] = False
|
||||
user_ref = self.identity_api.update_user(u'fäké1', user)
|
||||
user_ref = self.identity_api.update_user(user_ref['id'], user)
|
||||
self.assertIs(user_ref['enabled'], False)
|
||||
self.assertNotIn('enabled_nomask', user_ref)
|
||||
|
||||
enabled_vals = get_enabled_vals()
|
||||
enabled_vals = get_enabled_vals(user_ref)
|
||||
self.assertEqual([514], enabled_vals)
|
||||
|
||||
user_ref = self.identity_api.get_user(u'fäké1')
|
||||
user_ref = self.identity_api.get_user(user_ref['id'])
|
||||
self.assertIs(user_ref['enabled'], False)
|
||||
self.assertNotIn('enabled_nomask', user_ref)
|
||||
|
||||
user['enabled'] = True
|
||||
user_ref = self.identity_api.update_user(u'fäké1', user)
|
||||
user_ref = self.identity_api.update_user(user_ref['id'], user)
|
||||
self.assertIs(user_ref['enabled'], True)
|
||||
self.assertNotIn('enabled_nomask', user_ref)
|
||||
|
||||
enabled_vals = get_enabled_vals()
|
||||
enabled_vals = get_enabled_vals(user_ref)
|
||||
self.assertEqual([512], enabled_vals)
|
||||
|
||||
user_ref = self.identity_api.get_user(u'fäké1')
|
||||
user_ref = self.identity_api.get_user(user_ref['id'])
|
||||
self.assertIs(user_ref['enabled'], True)
|
||||
self.assertNotIn('enabled_nomask', user_ref)
|
||||
|
||||
@ -1208,12 +1186,11 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
user_additional_attribute_mapping=['description:name'])
|
||||
self.load_backends()
|
||||
user = {
|
||||
'id': 'extra_attributes',
|
||||
'name': 'EXTRA_ATTRIBUTES',
|
||||
'password': 'extra',
|
||||
'domain_id': CONF.identity.default_domain_id
|
||||
}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
dn, attrs = self.identity_api.driver.user._ldap_get(user['id'])
|
||||
self.assertThat([user['name']], matchers.Equals(attrs['description']))
|
||||
|
||||
@ -1228,13 +1205,12 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
|
||||
description = uuid.uuid4().hex
|
||||
user = {
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex,
|
||||
'description': description,
|
||||
'password': uuid.uuid4().hex,
|
||||
'domain_id': CONF.identity.default_domain_id
|
||||
}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
res = self.identity_api.driver.user.get_all()
|
||||
|
||||
new_user = [u for u in res if u['id'] == user['id']][0]
|
||||
@ -1423,11 +1399,11 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
self.assignment_api.create_role(role['id'], role)
|
||||
role_list.append(role)
|
||||
|
||||
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
user1 = {'name': uuid.uuid4().hex,
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'password': uuid.uuid4().hex,
|
||||
'enabled': True}
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': CONF.identity.default_domain_id}
|
||||
self.assignment_api.create_project(project1['id'], project1)
|
||||
@ -1508,7 +1484,8 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
users = self.identity_api.list_users()
|
||||
self.assertEqual(len(default_fixtures.USERS), len(users))
|
||||
user_ids = set(user['id'] for user in users)
|
||||
expected_user_ids = set(user['id'] for user in default_fixtures.USERS)
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
|
||||
for user in default_fixtures.USERS)
|
||||
for user_ref in users:
|
||||
self.assertNotIn('dn', user_ref)
|
||||
self.assertEqual(expected_user_ids, user_ids)
|
||||
@ -1519,9 +1496,8 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
expected_group_ids = []
|
||||
numgroups = 3
|
||||
for _ in range(numgroups):
|
||||
group = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain['id']}
|
||||
self.identity_api.create_group(group['id'], group)
|
||||
group = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
|
||||
group = self.identity_api.create_group(group)
|
||||
expected_group_ids.append(group['id'])
|
||||
# Fetch the test groups and ensure that they don't contain a dn.
|
||||
groups = self.identity_api.list_groups()
|
||||
@ -1533,19 +1509,17 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
||||
|
||||
def test_list_groups_for_user_no_dn(self):
|
||||
# Create a test user.
|
||||
user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
user = {'name': uuid.uuid4().hex,
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'password': uuid.uuid4().hex,
|
||||
'enabled': True}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
'password': uuid.uuid4().hex, 'enabled': True}
|
||||
user = self.identity_api.create_user(user)
|
||||
# Create some test groups and add the test user as a member.
|
||||
domain = self._get_domain_fixture()
|
||||
expected_group_ids = []
|
||||
numgroups = 3
|
||||
for _ in range(numgroups):
|
||||
group = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain['id']}
|
||||
self.identity_api.create_group(group['id'], group)
|
||||
group = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
|
||||
group = self.identity_api.create_group(group)
|
||||
expected_group_ids.append(group['id'])
|
||||
self.identity_api.add_user_to_group(user['id'], group['id'])
|
||||
# Fetch the groups for the test user
|
||||
@ -1609,24 +1583,23 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
||||
project['id'])
|
||||
|
||||
def test_user_crud(self):
|
||||
user = {
|
||||
'id': uuid.uuid4().hex,
|
||||
user_dict = {
|
||||
'domain_id': CONF.identity.default_domain_id,
|
||||
'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user['enabled'] = True
|
||||
user = self.identity_api.create_user(user_dict)
|
||||
user_dict['enabled'] = True
|
||||
user_ref = self.identity_api.get_user(user['id'])
|
||||
del user['password']
|
||||
del user_dict['password']
|
||||
user_ref_dict = dict((x, user_ref[x]) for x in user_ref)
|
||||
self.assertDictEqual(user_ref_dict, user)
|
||||
self.assertDictContainsSubset(user_dict, user_ref_dict)
|
||||
|
||||
user['password'] = uuid.uuid4().hex
|
||||
user_dict['password'] = uuid.uuid4().hex
|
||||
self.identity_api.update_user(user['id'], user)
|
||||
user_ref = self.identity_api.get_user(user['id'])
|
||||
del user['password']
|
||||
del user_dict['password']
|
||||
user_ref_dict = dict((x, user_ref[x]) for x in user_ref)
|
||||
self.assertDictEqual(user_ref_dict, user)
|
||||
self.assertDictContainsSubset(user_dict, user_ref_dict)
|
||||
|
||||
self.identity_api.delete_user(user['id'])
|
||||
self.assertRaises(exception.UserNotFound,
|
||||
@ -1836,12 +1809,13 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, tests.SQLDriverOverrides,
|
||||
|
||||
"""
|
||||
def create_user(domain_id):
|
||||
user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
user = {'name': uuid.uuid4().hex,
|
||||
'domain_id': domain_id,
|
||||
'password': uuid.uuid4().hex,
|
||||
'enabled': True}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
return user
|
||||
user_ref = self.identity_api.create_user(user)
|
||||
user_ref['password'] = user['password']
|
||||
return user_ref
|
||||
|
||||
userd = create_user(CONF.identity.default_domain_id)
|
||||
user1 = create_user(self.domain1['id'])
|
||||
@ -1940,3 +1914,11 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, tests.SQLDriverOverrides,
|
||||
|
||||
def test_list_projects_for_user_with_grants(self):
|
||||
self.skipTest('Blocked by bug 1221805')
|
||||
|
||||
def test_user_id_comma(self):
|
||||
self.skipTest('Only valid if it is guaranteed to be taling to '
|
||||
'the fakeldap backend')
|
||||
|
||||
def test_user_id_comma_grants(self):
|
||||
self.skipTest('Only valid if it is guaranteed to be taling to '
|
||||
'the fakeldap backend')
|
||||
|
@ -127,11 +127,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
||||
self.assertNotEqual(user_ref['password'], self.user_foo['password'])
|
||||
|
||||
def test_delete_user_with_project_association(self):
|
||||
user = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex,
|
||||
user = {'name': uuid.uuid4().hex,
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': uuid.uuid4().hex}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
||||
user['id'])
|
||||
self.identity_api.delete_user(user['id'])
|
||||
@ -140,17 +139,12 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
||||
user['id'])
|
||||
|
||||
def test_create_null_user_name(self):
|
||||
user = {'id': uuid.uuid4().hex,
|
||||
'name': None,
|
||||
user = {'name': None,
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': uuid.uuid4().hex}
|
||||
self.assertRaises(exception.ValidationError,
|
||||
self.identity_api.create_user,
|
||||
user['id'],
|
||||
user)
|
||||
self.assertRaises(exception.UserNotFound,
|
||||
self.identity_api.get_user,
|
||||
user['id'])
|
||||
self.assertRaises(exception.UserNotFound,
|
||||
self.identity_api.get_user_by_name,
|
||||
user['name'],
|
||||
@ -184,11 +178,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
||||
role['id'])
|
||||
|
||||
def test_delete_project_with_user_association(self):
|
||||
user = {'id': 'fake',
|
||||
'name': 'fakeuser',
|
||||
user = {'name': 'fakeuser',
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'passwd'}
|
||||
self.identity_api.create_user('fake', user)
|
||||
user = self.identity_api.create_user(user)
|
||||
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
||||
user['id'])
|
||||
self.assignment_api.delete_project(self.tenant_bar['id'])
|
||||
@ -198,11 +191,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
||||
def test_metadata_removed_on_delete_user(self):
|
||||
# A test to check that the internal representation
|
||||
# or roles is correctly updated when a user is deleted
|
||||
user = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex,
|
||||
user = {'name': uuid.uuid4().hex,
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'passwd'}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
role = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role['id'], role)
|
||||
@ -222,11 +214,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
||||
def test_metadata_removed_on_delete_project(self):
|
||||
# A test to check that the internal representation
|
||||
# or roles is correctly updated when a project is deleted
|
||||
user = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex,
|
||||
user = {'name': uuid.uuid4().hex,
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'passwd'}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
role = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role['id'], role)
|
||||
@ -280,40 +271,36 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
||||
This behavior is specific to the SQL driver.
|
||||
|
||||
"""
|
||||
user_id = uuid.uuid4().hex
|
||||
arbitrary_key = uuid.uuid4().hex
|
||||
arbitrary_value = uuid.uuid4().hex
|
||||
user = {
|
||||
'id': user_id,
|
||||
'name': uuid.uuid4().hex,
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': uuid.uuid4().hex,
|
||||
arbitrary_key: arbitrary_value}
|
||||
ref = self.identity_api.create_user(user_id, user)
|
||||
ref = self.identity_api.create_user(user)
|
||||
self.assertEqual(arbitrary_value, ref[arbitrary_key])
|
||||
self.assertIsNone(ref.get('password'))
|
||||
self.assertIsNone(ref.get('extra'))
|
||||
|
||||
user['name'] = uuid.uuid4().hex
|
||||
user['password'] = uuid.uuid4().hex
|
||||
ref = self.identity_api.update_user(user_id, user)
|
||||
ref = self.identity_api.update_user(ref['id'], user)
|
||||
self.assertIsNone(ref.get('password'))
|
||||
self.assertIsNone(ref['extra'].get('password'))
|
||||
self.assertEqual(arbitrary_value, ref[arbitrary_key])
|
||||
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
|
||||
|
||||
def test_sql_user_to_dict_null_default_project_id(self):
|
||||
user_id = uuid.uuid4().hex
|
||||
user = {
|
||||
'id': user_id,
|
||||
'name': uuid.uuid4().hex,
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': uuid.uuid4().hex}
|
||||
|
||||
self.identity_api.create_user(user_id, user)
|
||||
user = self.identity_api.create_user(user)
|
||||
session = sql.get_session()
|
||||
query = session.query(identity_sql.User)
|
||||
query = query.filter_by(id=user_id)
|
||||
query = query.filter_by(id=user['id'])
|
||||
raw_user_ref = query.one()
|
||||
self.assertIsNone(raw_user_ref.default_project_id)
|
||||
user_ref = raw_user_ref.to_dict()
|
||||
|
@ -67,19 +67,19 @@ class CertSetupTestCase(rest.RestfulTestCase):
|
||||
controller = token.controllers.Auth()
|
||||
|
||||
self.config_fixture.config(group='signing', certfile='invalid')
|
||||
password = 'fake1'
|
||||
user = {
|
||||
'id': 'fake1',
|
||||
'name': 'fake1',
|
||||
'password': 'fake1',
|
||||
'password': password,
|
||||
'domain_id': DEFAULT_DOMAIN_ID
|
||||
}
|
||||
user = self.identity_api.create_user(user)
|
||||
body_dict = {
|
||||
'passwordCredentials': {
|
||||
'userId': user['id'],
|
||||
'password': user['password'],
|
||||
'password': password,
|
||||
},
|
||||
}
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
self.assertRaises(exception.UnexpectedError,
|
||||
controller.authenticate,
|
||||
{}, body_dict)
|
||||
|
@ -96,7 +96,14 @@ class CompatTestCase(tests.NoModule, tests.TestCase):
|
||||
user_ref = self.user_foo
|
||||
if tenant_ref is None:
|
||||
for user in default_fixtures.USERS:
|
||||
if user['id'] == user_ref['id']:
|
||||
# The fixture ID is no longer used as the ID in the database
|
||||
# The fixture ID, however, is still used as part of the
|
||||
# attribute name when storing the created object on the test
|
||||
# case. This means that we need to use the fixture ID below to
|
||||
# find the actial object so that we can get the ID as stored
|
||||
# in the database to compare against.
|
||||
if (getattr(self, 'user_%s' % user['id'])['id'] ==
|
||||
user_ref['id']):
|
||||
tenant_id = user['tenants'][0]
|
||||
else:
|
||||
tenant_id = tenant_ref['id']
|
||||
|
@ -142,11 +142,10 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
|
||||
USER_COUNT = 2
|
||||
|
||||
for x in range(0, USER_COUNT):
|
||||
new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'password': uuid.uuid4().hex, 'enabled': True,
|
||||
'domain_id': domain['id']}
|
||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||
'enabled': True, 'domain_id': domain['id']}
|
||||
new_user = self.identity_api.create_user(new_user)
|
||||
test_users.append(new_user)
|
||||
self.identity_api.create_user(new_user['id'], new_user)
|
||||
positive_user = test_users[0]
|
||||
negative_user = test_users[1]
|
||||
|
||||
@ -156,10 +155,9 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
|
||||
self.assertEqual(len(group_refs), 0)
|
||||
|
||||
for x in range(0, GROUP_COUNT):
|
||||
new_group = {'id': uuid.uuid4().hex,
|
||||
'domain_id': domain['id'],
|
||||
new_group = {'domain_id': domain['id'],
|
||||
'name': uuid.uuid4().hex}
|
||||
self.identity_api.create_group(new_group['id'], new_group)
|
||||
new_group = self.identity_api.create_group(new_group)
|
||||
test_groups.append(new_group)
|
||||
|
||||
group_refs = self.identity_api.list_groups_for_user(
|
||||
|
@ -57,20 +57,19 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
|
||||
tls_req_cert='demand')
|
||||
self.identity_api = identity.backends.ldap.Identity()
|
||||
|
||||
user = {'id': 'fake1',
|
||||
'name': 'fake1',
|
||||
user = {'name': 'fake1',
|
||||
'password': 'fakepass1',
|
||||
'tenants': ['bar']}
|
||||
self.identity_api.create_user('fake1', user)
|
||||
user_ref = self.identity_api.get_user('fake1')
|
||||
self.assertEqual('fake1', user_ref['id'])
|
||||
user = self.identity_api.create_user('user')
|
||||
user_ref = self.identity_api.get_user(user['id'])
|
||||
self.assertEqual(user['id'], user_ref['id'])
|
||||
|
||||
user['password'] = 'fakepass2'
|
||||
self.identity_api.update_user('fake1', user)
|
||||
self.identity_api.update_user(user['id'], user)
|
||||
|
||||
self.identity_api.delete_user('fake1')
|
||||
self.identity_api.delete_user(user['id'])
|
||||
self.assertRaises(exception.UserNotFound, self.identity_api.get_user,
|
||||
'fake1')
|
||||
user['id'])
|
||||
|
||||
def test_tls_certdir_demand_option(self):
|
||||
self.config_fixture.config(group='ldap',
|
||||
@ -103,11 +102,10 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
|
||||
tls_cacertdir=None)
|
||||
self.identity_api = identity.backends.ldap.Identity()
|
||||
|
||||
user = {'id': 'fake1',
|
||||
'name': 'fake1',
|
||||
user = {'name': 'fake1',
|
||||
'password': 'fakepass1',
|
||||
'tenants': ['bar']}
|
||||
self.assertRaises(IOError, self.identity_api.create_user, 'fake', user)
|
||||
self.assertRaises(IOError, self.identity_api.create_user, user)
|
||||
|
||||
def test_tls_bad_certdir(self):
|
||||
self.config_fixture.config(
|
||||
@ -118,8 +116,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
|
||||
tls_cacertdir='/etc/keystone/ssl/mythicalcertdir')
|
||||
self.identity_api = identity.backends.ldap.Identity()
|
||||
|
||||
user = {'id': 'fake1',
|
||||
'name': 'fake1',
|
||||
user = {'name': 'fake1',
|
||||
'password': 'fakepass1',
|
||||
'tenants': ['bar']}
|
||||
self.assertRaises(IOError, self.identity_api.create_user, 'fake', user)
|
||||
self.assertRaises(IOError, self.identity_api.create_user, user)
|
||||
|
@ -220,7 +220,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
|
||||
|
||||
def test_create_group(self):
|
||||
group_ref = self.new_group_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_group(group_ref['id'], group_ref)
|
||||
group_ref = self.identity_api.create_group(group_ref)
|
||||
self._assertLastNotify(group_ref['id'], CREATED_OPERATION, 'group')
|
||||
|
||||
def test_create_project(self):
|
||||
@ -236,14 +236,14 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
|
||||
|
||||
def test_create_user(self):
|
||||
user_ref = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_user(user_ref['id'], user_ref)
|
||||
user_ref = self.identity_api.create_user(user_ref)
|
||||
self._assertLastNotify(user_ref['id'], CREATED_OPERATION, 'user')
|
||||
|
||||
def test_create_trust(self):
|
||||
trustor = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_user(trustor['id'], trustor)
|
||||
trustor = self.identity_api.create_user(trustor)
|
||||
trustee = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_user(trustee['id'], trustee)
|
||||
trustee = self.identity_api.create_user(trustee)
|
||||
role_ref = self.new_role_ref()
|
||||
self.assignment_api.create_role(role_ref['id'], role_ref)
|
||||
trust_ref = self.new_trust_ref(trustor['id'],
|
||||
@ -256,7 +256,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
|
||||
|
||||
def test_delete_group(self):
|
||||
group_ref = self.new_group_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_group(group_ref['id'], group_ref)
|
||||
group_ref = self.identity_api.create_group(group_ref)
|
||||
self.identity_api.delete_group(group_ref['id'])
|
||||
self._assertLastNotify(group_ref['id'], DELETED_OPERATION, 'group')
|
||||
|
||||
@ -275,7 +275,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
|
||||
|
||||
def test_delete_user(self):
|
||||
user_ref = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_user(user_ref['id'], user_ref)
|
||||
user_ref = self.identity_api.create_user(user_ref)
|
||||
self.identity_api.delete_user(user_ref['id'])
|
||||
self._assertLastNotify(user_ref['id'], DELETED_OPERATION, 'user')
|
||||
|
||||
@ -288,9 +288,9 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
|
||||
|
||||
def test_delete_trust(self):
|
||||
trustor = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_user(trustor['id'], trustor)
|
||||
trustor = self.identity_api.create_user(trustor)
|
||||
trustee = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_user(trustee['id'], trustee)
|
||||
trustee = self.identity_api.create_user(trustee)
|
||||
role_ref = self.new_role_ref()
|
||||
trust_ref = self.new_trust_ref(trustor['id'], trustee['id'])
|
||||
self.trust_api.create_trust(trust_ref['id'],
|
||||
@ -318,7 +318,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
|
||||
|
||||
def test_update_group(self):
|
||||
group_ref = self.new_group_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_group(group_ref['id'], group_ref)
|
||||
group_ref = self.identity_api.create_group(group_ref)
|
||||
self.identity_api.update_group(group_ref['id'], group_ref)
|
||||
self._assertLastNotify(group_ref['id'], UPDATED_OPERATION, 'group')
|
||||
|
||||
@ -354,7 +354,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
|
||||
|
||||
def test_update_user(self):
|
||||
user_ref = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.identity_api.create_user(user_ref['id'], user_ref)
|
||||
user_ref = self.identity_api.create_user(user_ref)
|
||||
self.identity_api.update_user(user_ref['id'], user_ref)
|
||||
self._assertLastNotify(user_ref['id'], UPDATED_OPERATION, 'user')
|
||||
|
||||
|
@ -125,10 +125,11 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
|
||||
self.project['id'] = self.project_id
|
||||
self.assignment_api.create_project(self.project_id, self.project)
|
||||
|
||||
self.user_id = uuid.uuid4().hex
|
||||
self.user = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.user['id'] = self.user_id
|
||||
self.identity_api.create_user(self.user_id, self.user)
|
||||
password = self.user['password']
|
||||
self.user = self.identity_api.create_user(self.user)
|
||||
self.user['password'] = password
|
||||
self.user_id = self.user['id']
|
||||
|
||||
self.default_domain_project_id = uuid.uuid4().hex
|
||||
self.default_domain_project = self.new_project_ref(
|
||||
@ -137,12 +138,13 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
|
||||
self.assignment_api.create_project(self.default_domain_project_id,
|
||||
self.default_domain_project)
|
||||
|
||||
self.default_domain_user_id = uuid.uuid4().hex
|
||||
self.default_domain_user = self.new_user_ref(
|
||||
domain_id=DEFAULT_DOMAIN_ID)
|
||||
self.default_domain_user['id'] = self.default_domain_user_id
|
||||
self.identity_api.create_user(self.default_domain_user_id,
|
||||
self.default_domain_user)
|
||||
password = self.default_domain_user['password']
|
||||
self.default_domain_user = (
|
||||
self.identity_api.create_user(self.default_domain_user))
|
||||
self.default_domain_user['password'] = password
|
||||
self.default_domain_user_id = self.default_domain_user['id']
|
||||
|
||||
# create & grant policy.json's default role for admin_required
|
||||
self.role_id = uuid.uuid4().hex
|
||||
|
@ -181,17 +181,15 @@ class TokenAPITests(object):
|
||||
self.assignment_api.create_domain(new_domain_id, new_domain)
|
||||
|
||||
# 2) Create user in new domain.
|
||||
new_user_id = uuid.uuid4().hex
|
||||
new_user_password = uuid.uuid4().hex
|
||||
new_user = {
|
||||
'id': new_user_id,
|
||||
'name': uuid.uuid4().hex,
|
||||
'domain_id': new_domain_id,
|
||||
'password': new_user_password,
|
||||
'email': uuid.uuid4().hex,
|
||||
}
|
||||
|
||||
self.identity_api.create_user(new_user_id, new_user)
|
||||
new_user = self.identity_api.create_user(new_user)
|
||||
|
||||
# 3) Update the default_domain_id config option to the new domain
|
||||
|
||||
@ -201,7 +199,7 @@ class TokenAPITests(object):
|
||||
# 4) Get a token using v3 api.
|
||||
|
||||
auth_data = self.build_authentication_request(
|
||||
user_id=new_user_id,
|
||||
user_id=new_user['id'],
|
||||
password=new_user_password)
|
||||
resp = self.post('/auth/tokens', body=auth_data)
|
||||
token = resp.headers.get('X-Subject-Token')
|
||||
@ -468,13 +466,15 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
||||
self.assignment_api.create_domain(self.domainA['id'], self.domainA)
|
||||
|
||||
self.userAdminA = self.new_user_ref(domain_id=self.domainA['id'])
|
||||
self.userAdminA['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.userAdminA['id'], self.userAdminA)
|
||||
password = self.userAdminA['password']
|
||||
self.userAdminA = self.identity_api.create_user(self.userAdminA)
|
||||
self.userAdminA['password'] = password
|
||||
|
||||
self.userNormalA = self.new_user_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.userNormalA['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.userNormalA['id'], self.userNormalA)
|
||||
password = self.userNormalA['password']
|
||||
self.userNormalA = self.identity_api.create_user(self.userNormalA)
|
||||
self.userNormalA['password'] = password
|
||||
|
||||
self.assignment_api.create_grant(self.role['id'],
|
||||
user_id=self.userAdminA['id'],
|
||||
@ -570,8 +570,9 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
||||
self.domainB = self.new_domain_ref()
|
||||
self.assignment_api.create_domain(self.domainB['id'], self.domainB)
|
||||
self.userAdminB = self.new_user_ref(domain_id=self.domainB['id'])
|
||||
self.userAdminB['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.userAdminB['id'], self.userAdminB)
|
||||
password = self.userAdminB['password']
|
||||
self.userAdminB = self.identity_api.create_user(self.userAdminB)
|
||||
self.userAdminB['password'] = password
|
||||
self.assignment_api.create_grant(self.role['id'],
|
||||
user_id=self.userAdminB['id'],
|
||||
domain_id=self.domainB['id'])
|
||||
@ -651,30 +652,33 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
|
||||
# Now create some users
|
||||
self.user1 = self.new_user_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
password = self.user1['password']
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
self.user1['password'] = password
|
||||
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domainB['id'])
|
||||
self.user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
password = self.user2['password']
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
|
||||
self.user3 = self.new_user_ref(
|
||||
domain_id=self.domainB['id'])
|
||||
self.user3['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user3['id'], self.user3)
|
||||
password = self.user3['password']
|
||||
self.user3 = self.identity_api.create_user(self.user3)
|
||||
self.user3['password'] = password
|
||||
|
||||
self.group1 = self.new_group_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(self.group1['id'], self.group1)
|
||||
self.group1 = self.identity_api.create_group(self.group1)
|
||||
|
||||
self.group2 = self.new_group_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(self.group2['id'], self.group2)
|
||||
self.group2 = self.identity_api.create_group(self.group2)
|
||||
|
||||
self.group3 = self.new_group_ref(
|
||||
domain_id=self.domainB['id'])
|
||||
self.identity_api.create_group(self.group3['id'], self.group3)
|
||||
self.group3 = self.identity_api.create_group(self.group3)
|
||||
|
||||
self.identity_api.add_user_to_group(self.user1['id'],
|
||||
self.group1['id'])
|
||||
@ -782,16 +786,19 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
|
||||
self.projectC = self.new_project_ref(domain_id=self.domainA['id'])
|
||||
self.assignment_api.create_project(self.projectC['id'], self.projectC)
|
||||
self.user4 = self.new_user_ref(domain_id=self.domainB['id'])
|
||||
self.user4['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user4['id'], self.user4)
|
||||
password = self.user4['password']
|
||||
self.user4 = self.identity_api.create_user(self.user4)
|
||||
self.user4['password'] = password
|
||||
self.user5 = self.new_user_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.user5['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user5['id'], self.user5)
|
||||
password = self.user5['password']
|
||||
self.user5 = self.identity_api.create_user(self.user5)
|
||||
self.user5['password'] = password
|
||||
self.user6 = self.new_user_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.user6['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user6['id'], self.user6)
|
||||
password = self.user6['password']
|
||||
self.user6 = self.identity_api.create_user(self.user6)
|
||||
self.user6['password'] = password
|
||||
self.identity_api.add_user_to_group(self.user5['id'],
|
||||
self.group1['id'])
|
||||
self.assignment_api.create_grant(self.role1['id'],
|
||||
@ -1805,21 +1812,23 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
||||
|
||||
user1 = self.new_user_ref(
|
||||
domain_id=domainA['id'])
|
||||
user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
password = user1['password']
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
user1['password'] = password
|
||||
|
||||
user2 = self.new_user_ref(
|
||||
domain_id=domainA['id'])
|
||||
user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(user2['id'], user2)
|
||||
password = user2['password']
|
||||
user2 = self.identity_api.create_user(user2)
|
||||
user2['password'] = password
|
||||
|
||||
group1 = self.new_group_ref(
|
||||
domain_id=domainA['id'])
|
||||
self.identity_api.create_group(group1['id'], group1)
|
||||
group1 = self.identity_api.create_group(group1)
|
||||
|
||||
group2 = self.new_group_ref(
|
||||
domain_id=domainA['id'])
|
||||
self.identity_api.create_group(group2['id'], group2)
|
||||
group2 = self.identity_api.create_group(group2)
|
||||
|
||||
self.identity_api.add_user_to_group(user1['id'],
|
||||
group1['id'])
|
||||
@ -2002,11 +2011,9 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
||||
self.assertValidDomainScopedTokenResponse(r)
|
||||
|
||||
def test_domain_scope_token_with_group_role(self):
|
||||
group_id = uuid.uuid4().hex
|
||||
group = self.new_group_ref(
|
||||
domain_id=self.domain_id)
|
||||
group['id'] = group_id
|
||||
self.identity_api.create_group(group_id, group)
|
||||
group = self.identity_api.create_group(group)
|
||||
|
||||
# add user to group
|
||||
self.identity_api.add_user_to_group(self.user['id'], group['id'])
|
||||
@ -2281,7 +2288,7 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
||||
def test_authenticating_a_user_with_no_password(self):
|
||||
user = self.new_user_ref(domain_id=self.domain['id'])
|
||||
user.pop('password', None) # can't have a password for this test
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
|
||||
auth_data = self.build_authentication_request(
|
||||
user_id=user['id'],
|
||||
@ -2454,10 +2461,11 @@ class TestTrustAuth(TestAuthInfo):
|
||||
super(TestTrustAuth, self).setUp()
|
||||
|
||||
# create a trustee to delegate stuff to
|
||||
self.trustee_user_id = uuid.uuid4().hex
|
||||
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.trustee_user['id'] = self.trustee_user_id
|
||||
self.identity_api.create_user(self.trustee_user_id, self.trustee_user)
|
||||
password = self.trustee_user['password']
|
||||
self.trustee_user = self.identity_api.create_user(self.trustee_user)
|
||||
self.trustee_user['password'] = password
|
||||
self.trustee_user_id = self.trustee_user['id']
|
||||
|
||||
def test_create_trust_400(self):
|
||||
# The server returns a 403 Forbidden rather than a 400, see bug 1133435
|
||||
@ -2791,10 +2799,11 @@ class TestTrustAuth(TestAuthInfo):
|
||||
|
||||
def test_v3_v2_intermix_project_not_in_default_domaini_failed(self):
|
||||
# create a trustee in default domain to delegate stuff to
|
||||
trustee_user_id = uuid.uuid4().hex
|
||||
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
||||
trustee_user['id'] = trustee_user_id
|
||||
self.identity_api.create_user(trustee_user_id, trustee_user)
|
||||
password = trustee_user['password']
|
||||
trustee_user = self.identity_api.create_user(trustee_user)
|
||||
trustee_user['password'] = password
|
||||
trustee_user_id = trustee_user['id']
|
||||
|
||||
ref = self.new_trust_ref(
|
||||
trustor_user_id=self.default_domain_user_id,
|
||||
@ -2831,10 +2840,11 @@ class TestTrustAuth(TestAuthInfo):
|
||||
|
||||
def test_v3_v2_intermix(self):
|
||||
# create a trustee in default domain to delegate stuff to
|
||||
trustee_user_id = uuid.uuid4().hex
|
||||
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
||||
trustee_user['id'] = trustee_user_id
|
||||
self.identity_api.create_user(trustee_user_id, trustee_user)
|
||||
password = trustee_user['password']
|
||||
trustee_user = self.identity_api.create_user(trustee_user)
|
||||
trustee_user['password'] = password
|
||||
trustee_user_id = trustee_user['id']
|
||||
|
||||
ref = self.new_trust_ref(
|
||||
trustor_user_id=self.default_domain_user_id,
|
||||
|
@ -209,10 +209,11 @@ class TestCredentialTrustScoped(test_v3.RestfulTestCase):
|
||||
def setUp(self):
|
||||
super(TestCredentialTrustScoped, self).setUp()
|
||||
|
||||
self.trustee_user_id = uuid.uuid4().hex
|
||||
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
|
||||
self.trustee_user['id'] = self.trustee_user_id
|
||||
self.identity_api.create_user(self.trustee_user_id, self.trustee_user)
|
||||
password = self.trustee_user['password']
|
||||
self.trustee_user = self.identity_api.create_user(self.trustee_user)
|
||||
self.trustee_user['password'] = password
|
||||
self.trustee_user_id = self.trustee_user['id']
|
||||
|
||||
def config_overrides(self):
|
||||
super(TestCredentialTrustScoped, self).config_overrides()
|
||||
|
@ -1094,8 +1094,7 @@ class FederatedTokenTests(FederationTests):
|
||||
# create group and role
|
||||
group = self.new_group_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(group['id'],
|
||||
group)
|
||||
group = self.identity_api.create_group(group)
|
||||
role = self.new_role_ref()
|
||||
self.assignment_api.create_role(role['id'],
|
||||
role)
|
||||
@ -1217,18 +1216,17 @@ class FederatedTokenTests(FederationTests):
|
||||
# Create and add groups
|
||||
self.group_employees = self.new_group_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(self.group_employees['id'],
|
||||
self.group_employees)
|
||||
self.group_employees = (
|
||||
self.identity_api.create_group(self.group_employees))
|
||||
|
||||
self.group_customers = self.new_group_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(self.group_customers['id'],
|
||||
self.group_customers)
|
||||
self.group_customers = (
|
||||
self.identity_api.create_group(self.group_customers))
|
||||
|
||||
self.group_admins = self.new_group_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(self.group_admins['id'],
|
||||
self.group_admins)
|
||||
self.group_admins = self.identity_api.create_group(self.group_admins)
|
||||
|
||||
# Create and add roles
|
||||
self.role_employee = self.new_role_ref()
|
||||
|
@ -73,16 +73,20 @@ class IdentityTestFilteredCase(filtering.FilterTests,
|
||||
|
||||
# Now create some users, one in domainA and two of them in domainB
|
||||
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
password = uuid.uuid4().hex
|
||||
self.user1['password'] = password
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
self.user1['password'] = password
|
||||
|
||||
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
|
||||
self.user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
self.user2['password'] = password
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
|
||||
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
|
||||
self.user3['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user3['id'], self.user3)
|
||||
self.user3['password'] = password
|
||||
self.user3 = self.identity_api.create_user(self.user3)
|
||||
self.user3['password'] = password
|
||||
|
||||
self.role = self.new_role_ref()
|
||||
self.assignment_api.create_role(self.role['id'], self.role)
|
||||
@ -290,7 +294,7 @@ class IdentityTestFilteredCase(filtering.FilterTests,
|
||||
# See if we can add a SQL command...use the group table instead of the
|
||||
# user table since 'user' is reserved word for SQLAlchemy.
|
||||
group = self.new_group_ref(domain_id=self.domainB['id'])
|
||||
self.identity_api.create_group(group['id'], group)
|
||||
group = self.identity_api.create_group(group)
|
||||
|
||||
url_by_name = "/users?name=x'; drop table group"
|
||||
r = self.get(url_by_name, auth=self.auth)
|
||||
|
@ -84,11 +84,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
def setUp(self):
|
||||
super(IdentityTestCase, self).setUp()
|
||||
|
||||
self.group_id = uuid.uuid4().hex
|
||||
self.group = self.new_group_ref(
|
||||
domain_id=self.domain_id)
|
||||
self.group['id'] = self.group_id
|
||||
self.identity_api.create_group(self.group_id, self.group)
|
||||
self.group = self.identity_api.create_group(self.group)
|
||||
self.group_id = self.group['id']
|
||||
|
||||
self.credential_id = uuid.uuid4().hex
|
||||
self.credential = self.new_credential_ref(
|
||||
@ -169,7 +168,9 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domain2['id'],
|
||||
project_id=self.project2['id'])
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
password = self.user2['password']
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
|
||||
self.assignment_api.add_user_to_project(self.project2['id'],
|
||||
self.user2['id'])
|
||||
@ -268,11 +269,11 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domain2['id'],
|
||||
project_id=self.project2['id'])
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
|
||||
self.group2 = self.new_group_ref(
|
||||
domain_id=self.domain2['id'])
|
||||
self.identity_api.create_group(self.group2['id'], self.group2)
|
||||
self.group2 = self.identity_api.create_group(self.group2)
|
||||
|
||||
self.credential2 = self.new_credential_ref(
|
||||
user_id=self.user2['id'],
|
||||
@ -495,7 +496,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
def test_list_users_no_default_project(self):
|
||||
"""Call ``GET /users`` making sure no default_project_id."""
|
||||
user = self.new_user_ref(self.domain_id)
|
||||
self.identity_api.create_user(self.user_id, user)
|
||||
user = self.identity_api.create_user(user)
|
||||
r = self.get('/users')
|
||||
self.assertValidUserListResponse(r, ref=user)
|
||||
|
||||
@ -514,7 +515,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
"""Call ``GET /users/{user_id}`` making sure of default_project_id."""
|
||||
user = self.new_user_ref(domain_id=self.domain_id,
|
||||
project_id=self.project_id)
|
||||
self.identity_api.create_user(self.user_id, user)
|
||||
user = self.identity_api.create_user(user)
|
||||
r = self.get('/users/%(user_id)s' % {'user_id': user['id']})
|
||||
self.assertValidUserResponse(r, user)
|
||||
|
||||
@ -528,12 +529,14 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
|
||||
self.user1 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
password = self.user1['password']
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
self.user1['password'] = password
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user2)
|
||||
password = self.user2['password']
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
self.put('/groups/%(group_id)s/users/%(user_id)s' % {
|
||||
'group_id': self.group_id, 'user_id': self.user1['id']})
|
||||
|
||||
@ -596,7 +599,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
def test_update_user_domain_id(self):
|
||||
"""Call ``PATCH /users/{user_id}`` with domain_id."""
|
||||
user = self.new_user_ref(domain_id=self.domain['id'])
|
||||
self.identity_api.create_user(user['id'], user)
|
||||
user = self.identity_api.create_user(user)
|
||||
user['domain_id'] = CONF.identity.default_domain_id
|
||||
r = self.patch('/users/%(user_id)s' % {
|
||||
'user_id': user['id']},
|
||||
@ -625,7 +628,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domain['id'],
|
||||
project_id=self.project['id'])
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.credential2 = self.new_credential_ref(
|
||||
user_id=self.user2['id'],
|
||||
project_id=self.project['id'])
|
||||
@ -703,7 +706,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
def test_update_group_domain_id(self):
|
||||
"""Call ``PATCH /groups/{group_id}`` with domain_id."""
|
||||
group = self.new_group_ref(domain_id=self.domain['id'])
|
||||
self.identity_api.create_group(group['id'], group)
|
||||
group = self.identity_api.create_group(group)
|
||||
group['domain_id'] = CONF.identity.default_domain_id
|
||||
r = self.patch('/groups/%(group_id)s' % {
|
||||
'group_id': group['id']},
|
||||
@ -957,8 +960,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
# existing assignments
|
||||
self.user1 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
|
||||
collection_url = '/role_assignments'
|
||||
r = self.get(collection_url)
|
||||
@ -1040,12 +1042,14 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
"""
|
||||
self.user1 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
password = self.user1['password']
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
self.user1['password'] = password
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
password = self.user2['password']
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
|
||||
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
|
||||
|
||||
@ -1113,12 +1117,14 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
"""
|
||||
self.user1 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
password = self.user1['password']
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
self.user1['password'] = password
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
password = self.user2['password']
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
|
||||
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
|
||||
|
||||
@ -1193,15 +1199,17 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
||||
# existing assignments
|
||||
self.user1 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
password = self.user1['password']
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
self.user1['password'] = password
|
||||
self.user2 = self.new_user_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
password = self.user2['password']
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
self.group1 = self.new_group_ref(
|
||||
domain_id=self.domain['id'])
|
||||
self.identity_api.create_group(self.group1['id'], self.group1)
|
||||
self.group1 = self.identity_api.create_group(self.group1)
|
||||
self.identity_api.add_user_to_group(self.user1['id'],
|
||||
self.group1['id'])
|
||||
self.identity_api.add_user_to_group(self.user2['id'],
|
||||
@ -1402,8 +1410,9 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
|
||||
self.assignment_api.create_domain(domain['id'], domain)
|
||||
user1 = self.new_user_ref(
|
||||
domain_id=domain['id'])
|
||||
user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
password = user1['password']
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
user1['password'] = password
|
||||
project1 = self.new_project_ref(
|
||||
domain_id=domain['id'])
|
||||
self.assignment_api.create_project(project1['id'], project1)
|
||||
@ -1495,8 +1504,9 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
|
||||
self.assignment_api.create_domain(domain['id'], domain)
|
||||
user1 = self.new_user_ref(
|
||||
domain_id=domain['id'])
|
||||
user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
password = user1['password']
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
user1['password'] = password
|
||||
project1 = self.new_project_ref(
|
||||
domain_id=domain['id'])
|
||||
self.assignment_api.create_project(project1['id'], project1)
|
||||
@ -1589,15 +1599,17 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
|
||||
self.assignment_api.create_domain(domain['id'], domain)
|
||||
user1 = self.new_user_ref(
|
||||
domain_id=domain['id'])
|
||||
user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
password = user1['password']
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
user1['password'] = password
|
||||
user2 = self.new_user_ref(
|
||||
domain_id=domain['id'])
|
||||
user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(user2['id'], user2)
|
||||
password = user2['password']
|
||||
user2 = self.identity_api.create_user(user2)
|
||||
user2['password'] = password
|
||||
group1 = self.new_group_ref(
|
||||
domain_id=domain['id'])
|
||||
self.identity_api.create_group(group1['id'], group1)
|
||||
group1 = self.identity_api.create_group(group1)
|
||||
self.identity_api.add_user_to_group(user1['id'],
|
||||
group1['id'])
|
||||
self.identity_api.add_user_to_group(user2['id'],
|
||||
@ -1693,11 +1705,12 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
|
||||
self.assignment_api.create_domain(domain['id'], domain)
|
||||
user1 = self.new_user_ref(
|
||||
domain_id=domain['id'])
|
||||
user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(user1['id'], user1)
|
||||
password = user1['password']
|
||||
user1 = self.identity_api.create_user(user1)
|
||||
user1['password'] = password
|
||||
group1 = self.new_group_ref(
|
||||
domain_id=domain['id'])
|
||||
self.identity_api.create_group(group1['id'], group1)
|
||||
group1 = self.identity_api.create_group(group1)
|
||||
project1 = self.new_project_ref(
|
||||
domain_id=domain['id'])
|
||||
self.assignment_api.create_project(project1['id'], project1)
|
||||
@ -1896,7 +1909,9 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
|
||||
def setUp(self):
|
||||
super(UserSelfServiceChangingPasswordsTestCase, self).setUp()
|
||||
self.user_ref = self.new_user_ref(domain_id=self.domain['id'])
|
||||
self.identity_api.create_user(self.user_ref['id'], self.user_ref)
|
||||
password = self.user_ref['password']
|
||||
self.user_ref = self.identity_api.create_user(self.user_ref)
|
||||
self.user_ref['password'] = password
|
||||
self.token = self.get_request_token(self.user_ref['password'], 201)
|
||||
|
||||
def get_request_token(self, password, expected_status):
|
||||
|
@ -77,25 +77,31 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
|
||||
|
||||
# Now create some users, one in domainA and two of them in domainB
|
||||
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
|
||||
self.user1['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user1['id'], self.user1)
|
||||
password = uuid.uuid4().hex
|
||||
self.user1['password'] = password
|
||||
self.user1 = self.identity_api.create_user(self.user1)
|
||||
self.user1['password'] = password
|
||||
|
||||
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
|
||||
self.user2['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user2['id'], self.user2)
|
||||
password = uuid.uuid4().hex
|
||||
self.user2['password'] = password
|
||||
self.user2 = self.identity_api.create_user(self.user2)
|
||||
self.user2['password'] = password
|
||||
|
||||
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
|
||||
self.user3['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.user3['id'], self.user3)
|
||||
password = uuid.uuid4().hex
|
||||
self.user3['password'] = password
|
||||
self.user3 = self.identity_api.create_user(self.user3)
|
||||
self.user3['password'] = password
|
||||
|
||||
self.group1 = self.new_group_ref(domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(self.group1['id'], self.group1)
|
||||
self.group1 = self.identity_api.create_group(self.group1)
|
||||
|
||||
self.group2 = self.new_group_ref(domain_id=self.domainA['id'])
|
||||
self.identity_api.create_group(self.group2['id'], self.group2)
|
||||
self.group2 = self.identity_api.create_group(self.group2)
|
||||
|
||||
self.group3 = self.new_group_ref(domain_id=self.domainB['id'])
|
||||
self.identity_api.create_group(self.group3['id'], self.group3)
|
||||
self.group3 = self.identity_api.create_group(self.group3)
|
||||
|
||||
self.role = self.new_role_ref()
|
||||
self.assignment_api.create_role(self.role['id'], self.role)
|
||||
@ -385,22 +391,30 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase):
|
||||
# And our users
|
||||
self.cloud_admin_user = self.new_user_ref(
|
||||
domain_id=self.admin_domain['id'])
|
||||
self.cloud_admin_user['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.cloud_admin_user['id'],
|
||||
self.cloud_admin_user)
|
||||
password = uuid.uuid4().hex
|
||||
self.cloud_admin_user['password'] = password
|
||||
self.cloud_admin_user = (
|
||||
self.identity_api.create_user(self.cloud_admin_user))
|
||||
self.cloud_admin_user['password'] = password
|
||||
self.just_a_user = self.new_user_ref(domain_id=self.domainA['id'])
|
||||
self.just_a_user['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.just_a_user['id'], self.just_a_user)
|
||||
password = uuid.uuid4().hex
|
||||
self.just_a_user['password'] = password
|
||||
self.just_a_user = self.identity_api.create_user(self.just_a_user)
|
||||
self.just_a_user['password'] = password
|
||||
self.domain_admin_user = self.new_user_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.domain_admin_user['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.domain_admin_user['id'],
|
||||
self.domain_admin_user)
|
||||
password = uuid.uuid4().hex
|
||||
self.domain_admin_user['password'] = password
|
||||
self.domain_admin_user = (
|
||||
self.identity_api.create_user(self.domain_admin_user))
|
||||
self.domain_admin_user['password'] = password
|
||||
self.project_admin_user = self.new_user_ref(
|
||||
domain_id=self.domainA['id'])
|
||||
self.project_admin_user['password'] = uuid.uuid4().hex
|
||||
self.identity_api.create_user(self.project_admin_user['id'],
|
||||
self.project_admin_user)
|
||||
password = uuid.uuid4().hex
|
||||
self.project_admin_user['password'] = password
|
||||
self.project_admin_user = (
|
||||
self.identity_api.create_user(self.project_admin_user))
|
||||
self.project_admin_user['password'] = password
|
||||
|
||||
# The admin role and another plain role
|
||||
self.admin_role = {'id': uuid.uuid4().hex, 'name': 'admin'}
|
||||
|
Loading…
Reference in New Issue
Block a user