Fix multiple uuid warnings with pycadf
There are multiple pycadf warnings about invalid uuids when running keystone tests: To ensure interoperability, identifiersshould be a valid uuid. warnings.warn('Invalid uuid. To ensure interoperability, identifiers' This changes multiple fixtures within default_fixtures to use valid uuids for their 'id' values. Also changed load_fixtures to build the fixtures based on the default_fixtures' 'name' value, rather than 'id'. Replaced many instances of invalid hard-coded ids to use random uuids, default_fixture ids, or 'default'. Co-Authored-By: Tin Lam <tinlam@gmail.com> Change-Id: Ic4fff30c306561b71288712480f073aba1fccbde Closes-Bug: #1659053 Depends-On: I58bba04c21c2d24fd37850c9ecc6fac99deb3fc4
This commit is contained in:
parent
94ed3ae6e5
commit
2be615ea93
|
@ -19,6 +19,7 @@ from testtools import matchers
|
|||
import keystone.conf
|
||||
from keystone import exception
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import default_fixtures
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
|
@ -638,14 +639,16 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
roles_ref = self.assignment_api.get_roles_for_user_and_project(
|
||||
self.user_foo['id'], self.tenant_bar['id'])
|
||||
self.assertIn(self.role_admin['id'], roles_ref)
|
||||
self.assertNotIn('member', roles_ref)
|
||||
self.assertNotIn(default_fixtures.MEMBER_ROLE_ID, roles_ref)
|
||||
|
||||
self.assignment_api.add_role_to_user_and_project(
|
||||
self.user_foo['id'], self.tenant_bar['id'], 'member')
|
||||
self.user_foo['id'],
|
||||
self.tenant_bar['id'],
|
||||
default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.get_roles_for_user_and_project(
|
||||
self.user_foo['id'], self.tenant_bar['id'])
|
||||
self.assertIn(self.role_admin['id'], roles_ref)
|
||||
self.assertIn('member', roles_ref)
|
||||
self.assertIn(default_fixtures.MEMBER_ROLE_ID, roles_ref)
|
||||
|
||||
def test_get_roles_for_user_and_domain(self):
|
||||
"""Test for getting roles for user on a domain.
|
||||
|
@ -672,15 +675,18 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
domain_id=new_domain['id'])
|
||||
self.assertEqual(0, len(roles_ref))
|
||||
# Now create the grants (roles are defined in default_fixtures)
|
||||
self.assignment_api.create_grant(user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='other')
|
||||
self.assignment_api.create_grant(user_id=new_user2['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='admin')
|
||||
self.assignment_api.create_grant(
|
||||
user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
self.assignment_api.create_grant(
|
||||
user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.OTHER_ROLE_ID)
|
||||
self.assignment_api.create_grant(
|
||||
user_id=new_user2['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.ADMIN_ROLE_ID)
|
||||
# Read back the roles for user1 on domain
|
||||
roles_ids = self.assignment_api.get_roles_for_user_and_domain(
|
||||
new_user1['id'], new_domain['id'])
|
||||
|
@ -689,12 +695,14 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assertIn(self.role_other['id'], roles_ids)
|
||||
|
||||
# Now delete both grants for user1
|
||||
self.assignment_api.delete_grant(user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='other')
|
||||
self.assignment_api.delete_grant(
|
||||
user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
self.assignment_api.delete_grant(
|
||||
user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.OTHER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=new_user1['id'],
|
||||
domain_id=new_domain['id'])
|
||||
|
@ -756,18 +764,22 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
|
||||
def test_remove_role_from_user_and_project(self):
|
||||
self.assignment_api.add_role_to_user_and_project(
|
||||
self.user_foo['id'], self.tenant_bar['id'], 'member')
|
||||
self.user_foo['id'],
|
||||
self.tenant_bar['id'],
|
||||
default_fixtures.MEMBER_ROLE_ID)
|
||||
self.assignment_api.remove_role_from_user_and_project(
|
||||
self.user_foo['id'], self.tenant_bar['id'], 'member')
|
||||
self.user_foo['id'],
|
||||
self.tenant_bar['id'],
|
||||
default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.get_roles_for_user_and_project(
|
||||
self.user_foo['id'], self.tenant_bar['id'])
|
||||
self.assertNotIn('member', roles_ref)
|
||||
self.assertNotIn(default_fixtures.MEMBER_ROLE_ID, roles_ref)
|
||||
self.assertRaises(exception.NotFound,
|
||||
self.assignment_api.
|
||||
remove_role_from_user_and_project,
|
||||
self.user_foo['id'],
|
||||
self.tenant_bar['id'],
|
||||
'member')
|
||||
default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_role_grant_by_user_and_project(self):
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
|
@ -783,9 +795,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assertIn(self.role_admin['id'],
|
||||
[role_ref['id'] for role_ref in roles_ref])
|
||||
|
||||
self.assignment_api.create_grant(user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_bar['id'])
|
||||
|
@ -794,20 +807,22 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
for ref in roles_ref:
|
||||
roles_ref_ids.append(ref['id'])
|
||||
self.assertIn(self.role_admin['id'], roles_ref_ids)
|
||||
self.assertIn('member', roles_ref_ids)
|
||||
self.assertIn(default_fixtures.MEMBER_ROLE_ID, roles_ref_ids)
|
||||
|
||||
def test_remove_role_grant_from_user_and_project(self):
|
||||
self.assignment_api.create_grant(user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'])
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'])
|
||||
|
@ -816,59 +831,59 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assignment_api.delete_grant,
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_role_assignment_by_project_not_found(self):
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.check_grant_role_id,
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.check_grant_role_id,
|
||||
group_id=uuid.uuid4().hex,
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_role_assignment_by_domain_not_found(self):
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.check_grant_role_id,
|
||||
user_id=self.user_foo['id'],
|
||||
domain_id=self.domain_default['id'],
|
||||
role_id='member')
|
||||
domain_id=CONF.identity.default_domain_id,
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.check_grant_role_id,
|
||||
group_id=uuid.uuid4().hex,
|
||||
domain_id=self.domain_default['id'],
|
||||
role_id='member')
|
||||
domain_id=CONF.identity.default_domain_id,
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_del_role_assignment_by_project_not_found(self):
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.delete_grant,
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.delete_grant,
|
||||
group_id=uuid.uuid4().hex,
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_del_role_assignment_by_domain_not_found(self):
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.delete_grant,
|
||||
user_id=self.user_foo['id'],
|
||||
domain_id=self.domain_default['id'],
|
||||
role_id='member')
|
||||
domain_id=CONF.identity.default_domain_id,
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
self.assertRaises(exception.RoleAssignmentNotFound,
|
||||
self.assignment_api.delete_grant,
|
||||
group_id=uuid.uuid4().hex,
|
||||
domain_id=self.domain_default['id'],
|
||||
role_id='member')
|
||||
domain_id=CONF.identity.default_domain_id,
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_and_remove_role_grant_by_group_and_project(self):
|
||||
new_domain = unit.new_domain_ref()
|
||||
|
@ -883,17 +898,19 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'])
|
||||
self.assertEqual(0, len(roles_ref))
|
||||
self.assignment_api.create_grant(group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'])
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'])
|
||||
|
@ -902,7 +919,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assignment_api.delete_grant,
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_and_remove_role_grant_by_group_and_domain(self):
|
||||
new_domain = unit.new_domain_ref()
|
||||
|
@ -919,18 +936,20 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
domain_id=new_domain['id'])
|
||||
self.assertEqual(0, len(roles_ref))
|
||||
|
||||
self.assignment_api.create_grant(group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'])
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'])
|
||||
|
@ -939,7 +958,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assignment_api.delete_grant,
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_and_remove_correct_role_grant_from_a_mix(self):
|
||||
new_domain = unit.new_domain_ref()
|
||||
|
@ -963,9 +982,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assertEqual(0, len(roles_ref))
|
||||
# Now add the grant we are going to test for, and some others as
|
||||
# well just to make sure we get back the right one
|
||||
self.assignment_api.create_grant(group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
self.assignment_api.create_grant(group_id=new_group2['id'],
|
||||
domain_id=new_domain['id'],
|
||||
|
@ -982,9 +1002,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
domain_id=new_domain['id'])
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'])
|
||||
|
@ -993,7 +1014,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assignment_api.delete_grant,
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_and_remove_role_grant_by_user_and_domain(self):
|
||||
new_domain = unit.new_domain_ref()
|
||||
|
@ -1004,17 +1025,19 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
user_id=new_user['id'],
|
||||
domain_id=new_domain['id'])
|
||||
self.assertEqual(0, len(roles_ref))
|
||||
self.assignment_api.create_grant(user_id=new_user['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
user_id=new_user['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=new_user['id'],
|
||||
domain_id=new_domain['id'])
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(user_id=new_user['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
user_id=new_user['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=new_user['id'],
|
||||
domain_id=new_domain['id'])
|
||||
|
@ -1023,7 +1046,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
self.assignment_api.delete_grant,
|
||||
user_id=new_user['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_and_remove_role_grant_by_group_and_cross_domain(self):
|
||||
group1_domain1_role = unit.new_role_ref()
|
||||
|
@ -1764,7 +1787,9 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
domain_id=CONF.identity.default_domain_id)
|
||||
self.resource_api.create_project(project['id'], project)
|
||||
self.assignment_api.add_role_to_user_and_project(
|
||||
self.user_foo['id'], project['id'], 'member')
|
||||
self.user_foo['id'],
|
||||
project['id'],
|
||||
default_fixtures.MEMBER_ROLE_ID)
|
||||
self.resource_api.delete_project(project['id'])
|
||||
self.assertRaises(exception.ProjectNotFound,
|
||||
self.assignment_api.list_user_ids_for_project,
|
||||
|
@ -1851,11 +1876,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
# When a group is deleted any role assignments for the group are
|
||||
# removed.
|
||||
|
||||
MEMBER_ROLE_ID = 'member'
|
||||
|
||||
def get_member_assignments():
|
||||
assignments = self.assignment_api.list_role_assignments()
|
||||
return [x for x in assignments if x['role_id'] == MEMBER_ROLE_ID]
|
||||
return ([x for x in assignments if x['role_id'] ==
|
||||
default_fixtures.MEMBER_ROLE_ID])
|
||||
|
||||
orig_member_assignments = get_member_assignments()
|
||||
|
||||
|
@ -1872,7 +1896,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
|
|||
# Assign a role to the group.
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'], project_id=new_project['id'],
|
||||
role_id=MEMBER_ROLE_ID)
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
# Delete the group.
|
||||
self.identity_api.delete_group(new_group['id'])
|
||||
|
|
|
@ -28,23 +28,27 @@ class RoleTests(object):
|
|||
uuid.uuid4().hex)
|
||||
|
||||
def test_create_duplicate_role_name_fails(self):
|
||||
role = unit.new_role_ref(id='fake1', name='fake1name')
|
||||
self.role_api.create_role('fake1', role)
|
||||
role['id'] = 'fake2'
|
||||
role_id = uuid.uuid4().hex
|
||||
role = unit.new_role_ref(id=role_id, name='fake1name')
|
||||
self.role_api.create_role(role_id, role)
|
||||
new_role_id = uuid.uuid4().hex
|
||||
role['id'] = new_role_id
|
||||
self.assertRaises(exception.Conflict,
|
||||
self.role_api.create_role,
|
||||
'fake2',
|
||||
new_role_id,
|
||||
role)
|
||||
|
||||
def test_rename_duplicate_role_name_fails(self):
|
||||
role1 = unit.new_role_ref(id='fake1', name='fake1name')
|
||||
role2 = unit.new_role_ref(id='fake2', name='fake2name')
|
||||
self.role_api.create_role('fake1', role1)
|
||||
self.role_api.create_role('fake2', role2)
|
||||
role_id1 = uuid.uuid4().hex
|
||||
role_id2 = uuid.uuid4().hex
|
||||
role1 = unit.new_role_ref(id=role_id1, name='fake1name')
|
||||
role2 = unit.new_role_ref(id=role_id2, name='fake2name')
|
||||
self.role_api.create_role(role_id1, role1)
|
||||
self.role_api.create_role(role_id2, role2)
|
||||
role1['name'] = 'fake2name'
|
||||
self.assertRaises(exception.Conflict,
|
||||
self.role_api.update_role,
|
||||
'fake1',
|
||||
role_id1,
|
||||
role1)
|
||||
|
||||
def test_role_crud(self):
|
||||
|
|
|
@ -30,7 +30,7 @@ class CatalogTests(object):
|
|||
|
||||
def test_region_crud(self):
|
||||
# create
|
||||
region_id = '0' * 255
|
||||
region_id = 'default'
|
||||
new_region = unit.new_region_ref(id=region_id)
|
||||
res = self.catalog_api.create_region(new_region)
|
||||
|
||||
|
@ -158,7 +158,7 @@ class CatalogTests(object):
|
|||
uuid.uuid4().hex)
|
||||
|
||||
def test_create_region_invalid_parent_region_returns_not_found(self):
|
||||
new_region = unit.new_region_ref(parent_region_id='nonexisting')
|
||||
new_region = unit.new_region_ref(parent_region_id=uuid.uuid4().hex)
|
||||
self.assertRaises(exception.RegionNotFound,
|
||||
self.catalog_api.create_region,
|
||||
new_region)
|
||||
|
|
|
@ -730,7 +730,7 @@ class TestCase(BaseTestCase):
|
|||
rv = self.role_api.create_role(role['id'], role)
|
||||
except exception.Conflict:
|
||||
rv = self.role_api.get_role(role['id'])
|
||||
attrname = 'role_%s' % role['id']
|
||||
attrname = 'role_%s' % role['name']
|
||||
setattr(self, attrname, rv)
|
||||
fixtures_to_cleanup.append(attrname)
|
||||
|
||||
|
@ -738,7 +738,9 @@ class TestCase(BaseTestCase):
|
|||
user_copy = user.copy()
|
||||
tenants = user_copy.pop('tenants')
|
||||
try:
|
||||
existing_user = getattr(self, 'user_%s' % user['id'], None)
|
||||
existing_user = getattr(self,
|
||||
'user_%s' % user['name'],
|
||||
None)
|
||||
if existing_user is not None:
|
||||
self.identity_api.delete_user(existing_user['id'])
|
||||
except exception.UserNotFound:
|
||||
|
@ -760,7 +762,7 @@ class TestCase(BaseTestCase):
|
|||
# Use the ID from the fixture as the attribute name, so
|
||||
# that our tests can easily reference each user dict, while
|
||||
# the ID in the dict will be the real public ID.
|
||||
attrname = 'user_%s' % user['id']
|
||||
attrname = 'user_%s' % user['name']
|
||||
setattr(self, attrname, user_copy)
|
||||
fixtures_to_cleanup.append(attrname)
|
||||
|
||||
|
|
|
@ -21,6 +21,9 @@ BAZ_TENANT_ID = uuid.uuid4().hex
|
|||
MTU_TENANT_ID = uuid.uuid4().hex
|
||||
SERVICE_TENANT_ID = uuid.uuid4().hex
|
||||
DEFAULT_DOMAIN_ID = 'default'
|
||||
ADMIN_ROLE_ID = uuid.uuid4().hex
|
||||
MEMBER_ROLE_ID = uuid.uuid4().hex
|
||||
OTHER_ROLE_ID = uuid.uuid4().hex
|
||||
|
||||
TENANTS = [
|
||||
{
|
||||
|
@ -62,24 +65,24 @@ TENANTS = [
|
|||
USERS = [
|
||||
# NOTE(morganfainberg): Admin user for replacing admin_token_auth
|
||||
{
|
||||
'id': 'reqadmin',
|
||||
'name': 'REQ_ADMIN',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'req_admin',
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'password',
|
||||
'tenants': [],
|
||||
'enabled': True
|
||||
},
|
||||
{
|
||||
'id': 'foo',
|
||||
'name': 'FOO',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'foo',
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'foo2',
|
||||
'tenants': [BAR_TENANT_ID],
|
||||
'enabled': True,
|
||||
'email': 'foo@bar.com',
|
||||
}, {
|
||||
'id': 'two',
|
||||
'name': 'TWO',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'two',
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'two2',
|
||||
'enabled': True,
|
||||
|
@ -87,8 +90,8 @@ USERS = [
|
|||
'tenants': [BAZ_TENANT_ID],
|
||||
'email': 'two@three.com',
|
||||
}, {
|
||||
'id': 'badguy',
|
||||
'name': 'BadGuy',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'badguy',
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'bad',
|
||||
'enabled': False,
|
||||
|
@ -96,8 +99,8 @@ USERS = [
|
|||
'tenants': [BAZ_TENANT_ID],
|
||||
'email': 'bad@guy.com',
|
||||
}, {
|
||||
'id': 'sna',
|
||||
'name': 'SNA',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'sna',
|
||||
'domain_id': DEFAULT_DOMAIN_ID,
|
||||
'password': 'snafu',
|
||||
'enabled': True,
|
||||
|
@ -108,32 +111,32 @@ USERS = [
|
|||
|
||||
ROLES = [
|
||||
{
|
||||
'id': 'admin',
|
||||
'id': ADMIN_ROLE_ID,
|
||||
'name': 'admin',
|
||||
'domain_id': None,
|
||||
}, {
|
||||
'id': 'member',
|
||||
'name': 'Member',
|
||||
'id': MEMBER_ROLE_ID,
|
||||
'name': 'member',
|
||||
'domain_id': None,
|
||||
}, {
|
||||
'id': '9fe2ff9ee4384b1894a90878d3e92bab',
|
||||
'name': '_member_',
|
||||
'domain_id': None,
|
||||
}, {
|
||||
'id': 'other',
|
||||
'name': 'Other',
|
||||
'id': OTHER_ROLE_ID,
|
||||
'name': 'other',
|
||||
'domain_id': None,
|
||||
}, {
|
||||
'id': 'browser',
|
||||
'name': 'Browser',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'browser',
|
||||
'domain_id': None,
|
||||
}, {
|
||||
'id': 'writer',
|
||||
'name': 'Writer',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'writer',
|
||||
'domain_id': None,
|
||||
}, {
|
||||
'id': 'service',
|
||||
'name': 'Service',
|
||||
'id': uuid.uuid4().hex,
|
||||
'name': 'service',
|
||||
'domain_id': None,
|
||||
}
|
||||
]
|
||||
|
@ -141,9 +144,9 @@ ROLES = [
|
|||
# NOTE(morganfainberg): Admin assignment for replacing admin_token_auth
|
||||
ROLE_ASSIGNMENTS = [
|
||||
{
|
||||
'user': 'reqadmin',
|
||||
'user': 'req_admin',
|
||||
'tenant_id': SERVICE_TENANT_ID,
|
||||
'role_id': 'admin'
|
||||
'role_id': ADMIN_ROLE_ID
|
||||
},
|
||||
]
|
||||
|
||||
|
|
|
@ -94,7 +94,7 @@ class FilterTests(object):
|
|||
# The manager layer creates the ID for users and groups
|
||||
new_entity = self._create_entity(entity_type)(new_entity)
|
||||
else:
|
||||
new_entity['id'] = '0000' + uuid.uuid4().hex
|
||||
new_entity['id'] = uuid.uuid4().hex
|
||||
self._create_entity(entity_type)(new_entity['id'], new_entity)
|
||||
return new_entity
|
||||
|
||||
|
|
|
@ -429,7 +429,7 @@ class IdentityTests(object):
|
|||
CONF.identity.default_domain_id))
|
||||
self.assertEqual(len(default_fixtures.USERS), len(users))
|
||||
user_ids = set(user['id'] for user in users)
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
|
||||
for user in default_fixtures.USERS)
|
||||
for user_ref in users:
|
||||
self.assertNotIn('password', user_ref)
|
||||
|
|
|
@ -222,8 +222,8 @@ class RestfulTestCase(unit.TestCase):
|
|||
return self._get_token({
|
||||
'auth': {
|
||||
'passwordCredentials': {
|
||||
'username': self.user_reqadmin['name'],
|
||||
'password': self.user_reqadmin['password']
|
||||
'username': self.user_req_admin['name'],
|
||||
'password': self.user_req_admin['password']
|
||||
},
|
||||
'tenantId': default_fixtures.SERVICE_TENANT_ID
|
||||
}
|
||||
|
|
|
@ -85,7 +85,7 @@ class AuthTest(unit.TestCase):
|
|||
self.load_backends()
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
environ = {'REMOTE_USER': 'FOO', 'AUTH_TYPE': 'Negotiate'}
|
||||
environ = {'REMOTE_USER': 'foo', 'AUTH_TYPE': 'Negotiate'}
|
||||
self.request_with_remote_user = self.make_request(environ=environ)
|
||||
|
||||
self.empty_request = self.make_request()
|
||||
|
@ -188,7 +188,7 @@ class AuthBadRequests(AuthTest):
|
|||
|
||||
def test_authenticate_user_id_too_large(self):
|
||||
"""Verify sending large 'userId' raises the right exception."""
|
||||
body_dict = _build_user_auth(user_id='0' * 65, username='FOO',
|
||||
body_dict = _build_user_auth(user_id='0' * 65, username='foo',
|
||||
password='foo2')
|
||||
self.assertRaises(exception.ValidationSizeError,
|
||||
self.controller.authenticate,
|
||||
|
@ -203,7 +203,7 @@ class AuthBadRequests(AuthTest):
|
|||
|
||||
def test_authenticate_tenant_id_too_large(self):
|
||||
"""Verify sending large 'tenantId' raises the right exception."""
|
||||
body_dict = _build_user_auth(username='FOO', password='foo2',
|
||||
body_dict = _build_user_auth(username='foo', password='foo2',
|
||||
tenant_id='0' * 65)
|
||||
self.assertRaises(exception.ValidationSizeError,
|
||||
self.controller.authenticate,
|
||||
|
@ -211,7 +211,7 @@ class AuthBadRequests(AuthTest):
|
|||
|
||||
def test_authenticate_tenant_name_too_large(self):
|
||||
"""Verify sending large 'tenantName' raises the right exception."""
|
||||
body_dict = _build_user_auth(username='FOO', password='foo2',
|
||||
body_dict = _build_user_auth(username='foo', password='foo2',
|
||||
tenant_name='0' * 65)
|
||||
self.assertRaises(exception.ValidationSizeError,
|
||||
self.controller.authenticate,
|
||||
|
@ -227,7 +227,7 @@ class AuthBadRequests(AuthTest):
|
|||
def test_authenticate_password_too_large(self):
|
||||
"""Verify sending large 'password' raises the right exception."""
|
||||
length = CONF.identity.max_password_length + 1
|
||||
body_dict = _build_user_auth(username='FOO', password='0' * length)
|
||||
body_dict = _build_user_auth(username='foo', password='0' * length)
|
||||
self.assertRaises(exception.ValidationSizeError,
|
||||
self.controller.authenticate,
|
||||
self.make_request(), body_dict)
|
||||
|
@ -266,7 +266,7 @@ class AuthBadRequests(AuthTest):
|
|||
class AuthWithToken(object):
|
||||
def test_unscoped_token(self):
|
||||
"""Verify getting an unscoped token with password creds."""
|
||||
body_dict = _build_user_auth(username='FOO',
|
||||
body_dict = _build_user_auth(username='foo',
|
||||
password='foo2')
|
||||
unscoped_token = self.controller.authenticate(self.make_request(),
|
||||
body_dict)
|
||||
|
@ -291,7 +291,7 @@ class AuthWithToken(object):
|
|||
def test_auth_unscoped_token_no_project(self):
|
||||
"""Verify getting an unscoped token with an unscoped token."""
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2')
|
||||
unscoped_token = self.controller.authenticate(self.make_request(),
|
||||
body_dict)
|
||||
|
@ -312,7 +312,7 @@ class AuthWithToken(object):
|
|||
self.role_member['id'])
|
||||
# Get an unscoped token
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2')
|
||||
unscoped_token = self.controller.authenticate(self.make_request(),
|
||||
body_dict)
|
||||
|
@ -393,7 +393,7 @@ class AuthWithToken(object):
|
|||
|
||||
# Get a scoped token for the tenant
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2',
|
||||
tenant_name="BAR")
|
||||
|
||||
|
@ -431,7 +431,7 @@ class AuthWithToken(object):
|
|||
|
||||
def test_belongs_to(self):
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2',
|
||||
tenant_name=self.tenant_bar['name'])
|
||||
|
||||
|
@ -471,7 +471,7 @@ class AuthWithToken(object):
|
|||
|
||||
# the token should have bind information in it
|
||||
bind = unscoped_token['access']['token']['bind']
|
||||
self.assertEqual('FOO', bind['kerberos'])
|
||||
self.assertEqual('foo', bind['kerberos'])
|
||||
|
||||
body_dict = _build_user_auth(
|
||||
token=unscoped_token['access']['token'],
|
||||
|
@ -489,14 +489,14 @@ class AuthWithToken(object):
|
|||
|
||||
# the bind information should be carried over from the original token
|
||||
bind = scoped_token['access']['token']['bind']
|
||||
self.assertEqual('FOO', bind['kerberos'])
|
||||
self.assertEqual('foo', bind['kerberos'])
|
||||
|
||||
def test_deleting_role_revokes_token(self):
|
||||
role_controller = assignment.controllers.Role()
|
||||
project1 = unit.new_project_ref(
|
||||
domain_id=CONF.identity.default_domain_id)
|
||||
self.resource_api.create_project(project1['id'], project1)
|
||||
role_one = unit.new_role_ref(id='role_one')
|
||||
role_one = unit.new_role_ref(id=uuid.uuid4().hex)
|
||||
self.role_api.create_role(role_one['id'], role_one)
|
||||
self.assignment_api.add_role_to_user_and_project(
|
||||
self.user_foo['id'], project1['id'], role_one['id'])
|
||||
|
@ -557,7 +557,7 @@ class AuthWithToken(object):
|
|||
return token['access']['token']['audit_ids']
|
||||
|
||||
# get a token
|
||||
body_dict = _build_user_auth(username='FOO', password='foo2')
|
||||
body_dict = _build_user_auth(username='foo', password='foo2')
|
||||
unscoped_token = self.controller.authenticate(self.make_request(),
|
||||
body_dict)
|
||||
starting_audit_id = get_audit_ids(unscoped_token)[0]
|
||||
|
@ -584,7 +584,7 @@ class AuthWithToken(object):
|
|||
self.config_fixture.config(group='token', revoke_by_id=False)
|
||||
|
||||
# get a token
|
||||
body_dict = _build_user_auth(username='FOO', password='foo2')
|
||||
body_dict = _build_user_auth(username='foo', password='foo2')
|
||||
unscoped_token = self.controller.authenticate(self.make_request(),
|
||||
body_dict)
|
||||
token_id = unscoped_token['access']['token']['id']
|
||||
|
@ -610,7 +610,7 @@ class AuthWithToken(object):
|
|||
self.config_fixture.config(group='token', revoke_by_id=False)
|
||||
|
||||
# get a token
|
||||
body_dict = _build_user_auth(username='FOO', password='foo2')
|
||||
body_dict = _build_user_auth(username='foo', password='foo2')
|
||||
unscoped_token = self.controller.authenticate(self.make_request(),
|
||||
body_dict)
|
||||
token_id = unscoped_token['access']['token']['id']
|
||||
|
@ -684,7 +684,7 @@ class AuthWithPasswordCredentials(AuthTest):
|
|||
def test_auth_valid_user_invalid_password(self):
|
||||
"""Verify exception is raised if invalid password."""
|
||||
body_dict = _build_user_auth(
|
||||
username="FOO",
|
||||
username="foo",
|
||||
password=uuid.uuid4().hex)
|
||||
self.assertRaises(
|
||||
exception.Unauthorized,
|
||||
|
@ -694,7 +694,7 @@ class AuthWithPasswordCredentials(AuthTest):
|
|||
def test_auth_empty_password(self):
|
||||
"""Verify exception is raised if empty password."""
|
||||
body_dict = _build_user_auth(
|
||||
username="FOO",
|
||||
username="foo",
|
||||
password="")
|
||||
self.assertRaises(
|
||||
exception.Unauthorized,
|
||||
|
@ -703,7 +703,7 @@ class AuthWithPasswordCredentials(AuthTest):
|
|||
|
||||
def test_auth_no_password(self):
|
||||
"""Verify exception is raised if empty password."""
|
||||
body_dict = _build_user_auth(username="FOO")
|
||||
body_dict = _build_user_auth(username="foo")
|
||||
self.assertRaises(
|
||||
exception.ValidationError,
|
||||
self.controller.authenticate,
|
||||
|
@ -726,7 +726,7 @@ class AuthWithPasswordCredentials(AuthTest):
|
|||
|
||||
def test_bind_without_remote_user(self):
|
||||
self.config_fixture.config(group='token', bind=['kerberos'])
|
||||
body_dict = _build_user_auth(username='FOO', password='foo2',
|
||||
body_dict = _build_user_auth(username='foo', password='foo2',
|
||||
tenant_name='BAR')
|
||||
token = self.controller.authenticate(self.make_request(), body_dict)
|
||||
self.assertNotIn('bind', token['access']['token'])
|
||||
|
@ -766,7 +766,7 @@ class AuthWithRemoteUser(object):
|
|||
def test_unscoped_remote_authn(self):
|
||||
"""Verify getting an unscoped token with external authn."""
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2')
|
||||
local_token = self.controller.authenticate(
|
||||
self.make_request(), body_dict)
|
||||
|
@ -783,13 +783,13 @@ class AuthWithRemoteUser(object):
|
|||
self.assertRaises(
|
||||
exception.ValidationError,
|
||||
self.controller.authenticate,
|
||||
self.make_request(environ={'REMOTE_USER': 'FOO'}),
|
||||
self.make_request(environ={'REMOTE_USER': 'foo'}),
|
||||
None)
|
||||
|
||||
def test_scoped_remote_authn(self):
|
||||
"""Verify getting a token with external authn."""
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2',
|
||||
tenant_name='BAR')
|
||||
local_token = self.controller.authenticate(
|
||||
|
@ -806,7 +806,7 @@ class AuthWithRemoteUser(object):
|
|||
def test_scoped_nometa_remote_authn(self):
|
||||
"""Verify getting a token with external authn and no metadata."""
|
||||
body_dict = _build_user_auth(
|
||||
username='TWO',
|
||||
username='two',
|
||||
password='two2',
|
||||
tenant_name='BAZ')
|
||||
local_token = self.controller.authenticate(
|
||||
|
@ -814,7 +814,7 @@ class AuthWithRemoteUser(object):
|
|||
|
||||
body_dict = _build_user_auth(tenant_name='BAZ')
|
||||
remote_token = self.controller.authenticate(
|
||||
self.make_request(environ={'REMOTE_USER': 'TWO'}), body_dict)
|
||||
self.make_request(environ={'REMOTE_USER': 'two'}), body_dict)
|
||||
|
||||
self.assertEqualTokens(local_token, remote_token,
|
||||
enforce_audit_ids=False)
|
||||
|
@ -833,7 +833,7 @@ class AuthWithRemoteUser(object):
|
|||
body_dict = _build_user_auth(tenant_name="BAR")
|
||||
token = self.controller.authenticate(self.request_with_remote_user,
|
||||
body_dict)
|
||||
self.assertEqual('FOO', token['access']['token']['bind']['kerberos'])
|
||||
self.assertEqual('foo', token['access']['token']['bind']['kerberos'])
|
||||
|
||||
def test_bind_without_config_opt(self):
|
||||
self.config_fixture.config(group='token', bind=['x509'])
|
||||
|
@ -1074,7 +1074,7 @@ class AuthWithTrust(object):
|
|||
|
||||
def test_token_from_trust_wrong_user_fails(self):
|
||||
new_trust = self.create_trust(self.sample_data, self.trustor['name'])
|
||||
request_body = self.build_v2_token_request('FOO', 'foo2', new_trust)
|
||||
request_body = self.build_v2_token_request('foo', 'foo2', new_trust)
|
||||
self.assertRaises(exception.Forbidden, self.controller.authenticate,
|
||||
self.make_request(), request_body)
|
||||
|
||||
|
@ -1083,13 +1083,13 @@ class AuthWithTrust(object):
|
|||
self.assignment_api.add_role_to_user_and_project(
|
||||
self.trustor['id'], self.tenant_baz['id'], assigned_role)
|
||||
new_trust = self.create_trust(self.sample_data, self.trustor['name'])
|
||||
request_body = self.build_v2_token_request('TWO', 'two2', new_trust,
|
||||
request_body = self.build_v2_token_request('two', 'two2', new_trust,
|
||||
self.tenant_baz['id'])
|
||||
self.assertRaises(exception.Forbidden, self.controller.authenticate,
|
||||
self.make_request(), request_body)
|
||||
|
||||
def fetch_v2_token_from_trust(self, trust):
|
||||
request_body = self.build_v2_token_request('TWO', 'two2', trust)
|
||||
request_body = self.build_v2_token_request('two', 'two2', trust)
|
||||
auth_response = self.controller.authenticate(self.make_request(),
|
||||
request_body)
|
||||
return auth_response
|
||||
|
@ -1223,7 +1223,7 @@ class AuthWithTrust(object):
|
|||
for assigned_role in self.assigned_roles:
|
||||
self.assignment_api.remove_role_from_user_and_project(
|
||||
self.trustor['id'], self.tenant_bar['id'], assigned_role)
|
||||
request_body = self.build_v2_token_request('TWO', 'two2', new_trust)
|
||||
request_body = self.build_v2_token_request('two', 'two2', new_trust)
|
||||
self.assertRaises(
|
||||
exception.Forbidden,
|
||||
self.controller.authenticate, self.make_request(), request_body)
|
||||
|
@ -1236,7 +1236,7 @@ class AuthWithTrust(object):
|
|||
expires_at)
|
||||
with mock.patch.object(timeutils, 'utcnow') as mock_now:
|
||||
mock_now.return_value = time_expired
|
||||
request_body = self.build_v2_token_request('TWO', 'two2',
|
||||
request_body = self.build_v2_token_request('two', 'two2',
|
||||
new_trust)
|
||||
self.assertRaises(
|
||||
exception.Forbidden,
|
||||
|
@ -1253,7 +1253,7 @@ class AuthWithTrust(object):
|
|||
self.assignment_api.remove_role_from_user_and_project(
|
||||
self.trustor['id'], self.tenant_bar['id'], assigned_role)
|
||||
|
||||
request_body = self.build_v2_token_request('TWO', 'two2', new_trust)
|
||||
request_body = self.build_v2_token_request('two', 'two2', new_trust)
|
||||
|
||||
self.assertRaises(
|
||||
exception.Forbidden,
|
||||
|
@ -1268,7 +1268,7 @@ class AuthWithTrust(object):
|
|||
self.assignment_api.remove_role_from_user_and_project(
|
||||
self.trustor['id'], self.tenant_bar['id'], assigned_role)
|
||||
|
||||
request_body = self.build_v2_token_request('TWO', 'two2', new_trust)
|
||||
request_body = self.build_v2_token_request('two', 'two2', new_trust)
|
||||
self.assertRaises(exception.Forbidden,
|
||||
self.controller.authenticate,
|
||||
self.make_request(),
|
||||
|
@ -1524,7 +1524,7 @@ class AuthCatalog(unit.SQLDriverOverrides, AuthTest):
|
|||
|
||||
# Authenticate
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2',
|
||||
tenant_name="BAR")
|
||||
|
||||
|
@ -1550,7 +1550,7 @@ class AuthCatalog(unit.SQLDriverOverrides, AuthTest):
|
|||
|
||||
# Authenticate
|
||||
body_dict = _build_user_auth(
|
||||
username='FOO',
|
||||
username='foo',
|
||||
password='foo2',
|
||||
tenant_name="BAR")
|
||||
|
||||
|
|
|
@ -433,17 +433,19 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
self.assertEqual(0, len(groups))
|
||||
|
||||
def test_remove_role_grant_from_user_and_project(self):
|
||||
self.assignment_api.create_grant(user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'])
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'])
|
||||
|
@ -452,7 +454,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
self.assignment_api.delete_grant,
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=self.tenant_baz['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_and_remove_role_grant_by_group_and_project(self):
|
||||
new_domain = self._get_domain_fixture()
|
||||
|
@ -469,18 +471,20 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
self.assertEqual([], roles_ref)
|
||||
self.assertEqual(0, len(roles_ref))
|
||||
|
||||
self.assignment_api.create_grant(group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'])
|
||||
self.assertNotEmpty(roles_ref)
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'])
|
||||
|
@ -489,7 +493,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
self.assignment_api.delete_grant,
|
||||
group_id=new_group['id'],
|
||||
project_id=self.tenant_bar['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_get_and_remove_role_grant_by_group_and_domain(self):
|
||||
# TODO(henry-nash): We should really rewrite the tests in
|
||||
|
@ -509,18 +513,20 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
domain_id=new_domain['id'])
|
||||
self.assertEqual(0, len(roles_ref))
|
||||
|
||||
self.assignment_api.create_grant(group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'])
|
||||
self.assertDictEqual(self.role_member, roles_ref[0])
|
||||
|
||||
self.assignment_api.delete_grant(group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
self.assignment_api.delete_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
roles_ref = self.assignment_api.list_grants(
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'])
|
||||
|
@ -529,7 +535,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
self.assignment_api.delete_grant,
|
||||
group_id=new_group['id'],
|
||||
domain_id=new_domain['id'],
|
||||
role_id='member')
|
||||
role_id=default_fixtures.MEMBER_ROLE_ID)
|
||||
|
||||
def test_list_projects_for_user(self):
|
||||
domain = self._get_domain_fixture()
|
||||
|
@ -657,12 +663,14 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
# First check how many role grant already exist
|
||||
existing_assignments = len(self.assignment_api.list_role_assignments())
|
||||
|
||||
self.assignment_api.create_grant(user_id=new_user['id'],
|
||||
project_id=new_project['id'],
|
||||
role_id='other')
|
||||
self.assignment_api.create_grant(group_id=new_group['id'],
|
||||
project_id=new_project['id'],
|
||||
role_id='admin')
|
||||
self.assignment_api.create_grant(
|
||||
user_id=new_user['id'],
|
||||
project_id=new_project['id'],
|
||||
role_id=default_fixtures.OTHER_ROLE_ID)
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
project_id=new_project['id'],
|
||||
role_id=default_fixtures.ADMIN_ROLE_ID)
|
||||
|
||||
# Read back the list of assignments - check it is gone up by 2
|
||||
after_assignments = len(self.assignment_api.list_role_assignments())
|
||||
|
@ -935,7 +943,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
|
|||
|
||||
# Grant the user a role on a project.
|
||||
|
||||
role_id = 'member'
|
||||
role_id = default_fixtures.MEMBER_ROLE_ID
|
||||
project_id = self.tenant_baz['id']
|
||||
|
||||
self.assignment_api.create_grant(role_id, user_id=public_user_id,
|
||||
|
@ -1622,7 +1630,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||
users = self.identity_api.list_users()
|
||||
self.assertEqual(len(default_fixtures.USERS), len(users))
|
||||
user_ids = set(user['id'] for user in users)
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
|
||||
for user in default_fixtures.USERS)
|
||||
for user_ref in users:
|
||||
self.assertNotIn('dn', user_ref)
|
||||
|
@ -2368,7 +2376,7 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
|
|||
CONF.identity.default_domain_id))
|
||||
self.assertEqual(len(default_fixtures.USERS) + 1, len(users))
|
||||
user_ids = set(user['id'] for user in users)
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
|
||||
for user in default_fixtures.USERS)
|
||||
expected_user_ids.add(self.users['user0']['id'])
|
||||
for user_ref in users:
|
||||
|
@ -2900,7 +2908,7 @@ class DomainSpecificLDAPandSQLIdentity(
|
|||
CONF.identity.default_domain_id))
|
||||
self.assertEqual(len(default_fixtures.USERS) + 1, len(users))
|
||||
user_ids = set(user['id'] for user in users)
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
|
||||
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
|
||||
for user in default_fixtures.USERS)
|
||||
expected_user_ids.add(self.users['user0']['id'])
|
||||
for user_ref in users:
|
||||
|
|
|
@ -23,7 +23,7 @@ from keystone.tests.unit import rest
|
|||
|
||||
|
||||
BASE_URL = 'http://127.0.0.1:35357/v2'
|
||||
SERVICE_FIXTURE = object()
|
||||
SERVICE_ID = uuid.uuid4().hex
|
||||
|
||||
|
||||
class V2CatalogTestCase(rest.RestfulTestCase):
|
||||
|
@ -51,12 +51,12 @@ class V2CatalogTestCase(rest.RestfulTestCase):
|
|||
return r.result['access']['token']['id']
|
||||
|
||||
def _endpoint_create(self, expected_status=http_client.OK,
|
||||
service_id=SERVICE_FIXTURE,
|
||||
service_id=SERVICE_ID,
|
||||
publicurl='http://localhost:8080',
|
||||
internalurl='http://localhost:8080',
|
||||
adminurl='http://localhost:8080',
|
||||
region='RegionOne'):
|
||||
if service_id is SERVICE_FIXTURE:
|
||||
region=uuid.uuid4().hex):
|
||||
if service_id is SERVICE_ID:
|
||||
service_id = self.service_id
|
||||
|
||||
path = '/v2.0/endpoints'
|
||||
|
|
|
@ -56,13 +56,14 @@ class CatalogTestCase(test_v3.RestfulTestCase):
|
|||
|
||||
def test_create_region_with_duplicate_id(self):
|
||||
"""Call ``PUT /regions/{region_id}``."""
|
||||
ref = dict(description="my region")
|
||||
ref = unit.new_region_ref()
|
||||
region_id = ref['id']
|
||||
self.put(
|
||||
'/regions/myregion',
|
||||
'/regions/%s' % region_id,
|
||||
body={'region': ref}, expected_status=http_client.CREATED)
|
||||
# Create region again with duplicate id
|
||||
self.put(
|
||||
'/regions/myregion',
|
||||
'/regions/%s' % region_id,
|
||||
body={'region': ref}, expected_status=http_client.CONFLICT)
|
||||
|
||||
def test_create_region(self):
|
||||
|
|
Loading…
Reference in New Issue