keystone/tests/test_backend_ldap.py

# vim: tabstop=4 shiftwidth=4 softtabstop=4

# Copyright 2012 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import uuid

from keystone.common.ldap import fakeldap
from keystone import config
from keystone import exception
from keystone.identity.backends import ldap as identity_ldap
from keystone import test

import default_fixtures
import test_backend


CONF = config.CONF


def clear_database():
    db = fakeldap.FakeShelve().get_instance()
    db.clear()


class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
    def setUp(self):
        super(LDAPIdentity, self).setUp()
        self.config([test.etcdir('keystone.conf.sample'),
                     test.testsdir('test_overrides.conf'),
                     test.testsdir('backend_ldap.conf')])
        clear_database()
        self.identity_api = identity_ldap.Identity()
        self.load_fixtures(default_fixtures)

    def test_role_crud(self):
        role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
        self.identity_api.create_role(role['id'], role)
        role_ref = self.identity_api.get_role(role['id'])
        role_ref_dict = dict((x, role_ref[x]) for x in role_ref)
        self.assertDictEqual(role_ref_dict, role)
        self.identity_api.delete_role(role['id'])
        self.assertRaises(exception.RoleNotFound,
                          self.identity_api.get_role,
                          role['id'])

    def test_build_tree(self):
        """Regression test for building the tree names
        """
        self.config([test.etcdir('keystone.conf.sample'),
                     test.testsdir('test_overrides.conf'),
                     test.testsdir('backend_ldap.conf')])

        user_api = identity_ldap.UserApi(CONF)
        self.assertTrue(user_api)
        self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)
LDAP Identity backend Bug 933852 Merged over the code from the legacy keystone implementation, updated style and streamlined the API a bit. * Unit tests can be run against a live OpenLDAP server * Password hashing done via passlib. Only does salted sha1, which is what simple_bind requires, but is not secure. * Added pip dependencies Change-Id: I5296d94f6b7d0a7c7dbc887cdae872171e34bb5f 2012-02-06 21:21:46 -05:00			`# vim: tabstop=4 shiftwidth=4 softtabstop=4`

Added license header (bug 929663) Change-Id: Ia36a22f2d6bba411e4fad81ea2d6fa1f0465a733 2012-03-02 13:38:39 -06:00			`# Copyright 2012 OpenStack LLC`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License"); you may`
			`# not use this file except in compliance with the License. You may obtain`
			`# a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the`
			`# License for the specific language governing permissions and limitations`
			`# under the License.`

Refactor 404's into managers & drivers (bug 968519) The goal is to move the responsibility of reference checks away from controllers and into the underlying managers & drivers, which can handle the task with equal or greater efficiency. - Tenant references from create_user/update_user are NOT tested due to inconsistencies between backends - Additional test coverage improvements Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287, bug 1006334, and bug 1006344. Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537 2012-03-28 10:37:16 -07:00			`import uuid`

Reorder test imports by full import path Fixes bug #1020182 Reorder imports of modules in keystone/tests. Change-Id: I2ff61dd3d9486281b4a2a889e4dc8b9105c87d49 2012-07-03 00:11:57 +08:00			`from keystone.common.ldap import fakeldap`
LDAP Identity backend Bug 933852 Merged over the code from the legacy keystone implementation, updated style and streamlined the API a bit. * Unit tests can be run against a live OpenLDAP server * Password hashing done via passlib. Only does salted sha1, which is what simple_bind requires, but is not secure. * Added pip dependencies Change-Id: I5296d94f6b7d0a7c7dbc887cdae872171e34bb5f 2012-02-06 21:21:46 -05:00			`from keystone import config`
Refactor 404's into managers & drivers (bug 968519) The goal is to move the responsibility of reference checks away from controllers and into the underlying managers & drivers, which can handle the task with equal or greater efficiency. - Tenant references from create_user/update_user are NOT tested due to inconsistencies between backends - Additional test coverage improvements Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287, bug 1006334, and bug 1006344. Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537 2012-03-28 10:37:16 -07:00			`from keystone import exception`
LDAP Identity backend Bug 933852 Merged over the code from the legacy keystone implementation, updated style and streamlined the API a bit. * Unit tests can be run against a live OpenLDAP server * Password hashing done via passlib. Only does salted sha1, which is what simple_bind requires, but is not secure. * Added pip dependencies Change-Id: I5296d94f6b7d0a7c7dbc887cdae872171e34bb5f 2012-02-06 21:21:46 -05:00			`from keystone.identity.backends import ldap as identity_ldap`
Reorder test imports by full import path Fixes bug #1020182 Reorder imports of modules in keystone/tests. Change-Id: I2ff61dd3d9486281b4a2a889e4dc8b9105c87d49 2012-07-03 00:11:57 +08:00			`from keystone import test`
LDAP Identity backend Bug 933852 Merged over the code from the legacy keystone implementation, updated style and streamlined the API a bit. * Unit tests can be run against a live OpenLDAP server * Password hashing done via passlib. Only does salted sha1, which is what simple_bind requires, but is not secure. * Added pip dependencies Change-Id: I5296d94f6b7d0a7c7dbc887cdae872171e34bb5f 2012-02-06 21:21:46 -05:00
			`import default_fixtures`
			`import test_backend`


			`CONF = config.CONF`


			`def clear_database():`
			`db = fakeldap.FakeShelve().get_instance()`
			`db.clear()`


			`class LDAPIdentity(test.TestCase, test_backend.IdentityTests):`
			`def setUp(self):`
			`super(LDAPIdentity, self).setUp()`
Use cfg's new global CONF object Implements blueprint cfg-global-object Change-Id: Ic53b41dafa8666ce21f33697f7e8697f1e5cb0fd 2012-05-29 08:59:47 +01:00			`self.config([test.etcdir('keystone.conf.sample'),`
			`test.testsdir('test_overrides.conf'),`
			`test.testsdir('backend_ldap.conf')])`
LDAP Identity backend Bug 933852 Merged over the code from the legacy keystone implementation, updated style and streamlined the API a bit. * Unit tests can be run against a live OpenLDAP server * Password hashing done via passlib. Only does salted sha1, which is what simple_bind requires, but is not secure. * Added pip dependencies Change-Id: I5296d94f6b7d0a7c7dbc887cdae872171e34bb5f 2012-02-06 21:21:46 -05:00			`clear_database()`
			`self.identity_api = identity_ldap.Identity()`
			`self.load_fixtures(default_fixtures)`

Refactor 404's into managers & drivers (bug 968519) The goal is to move the responsibility of reference checks away from controllers and into the underlying managers & drivers, which can handle the task with equal or greater efficiency. - Tenant references from create_user/update_user are NOT tested due to inconsistencies between backends - Additional test coverage improvements Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287, bug 1006334, and bug 1006344. Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537 2012-03-28 10:37:16 -07:00			`def test_role_crud(self):`
			`role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}`
			`self.identity_api.create_role(role['id'], role)`
			`role_ref = self.identity_api.get_role(role['id'])`
			`role_ref_dict = dict((x, role_ref[x]) for x in role_ref)`
			`self.assertDictEqual(role_ref_dict, role)`
			`self.identity_api.delete_role(role['id'])`
			`self.assertRaises(exception.RoleNotFound,`
			`self.identity_api.get_role,`
			`role['id'])`

Correct Tree DN instead of cn=example,cn=com,ou=Users code now generates ou=Users,cn=example,cn=com Getting stricter in testing and adding some regression testing Fixes Bug 980209 Change-Id: Ib97e6cb00848ea183c7e1f2b2589b25924a08caa 2012-06-27 18:20:16 -04:00			`def test_build_tree(self):`
			`"""Regression test for building the tree names`
			`"""`
			`self.config([test.etcdir('keystone.conf.sample'),`
			`test.testsdir('test_overrides.conf'),`
			`test.testsdir('backend_ldap.conf')])`

			`user_api = identity_ldap.UserApi(CONF)`
			`self.assertTrue(user_api)`
			`self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)`