openstack
/
keystone
Code Issues Proposed changes

Fix multiple uuid warnings with pycadf 

There are multiple pycadf warnings about invalid uuids when
running keystone tests:

To ensure interoperability, identifiersshould be a valid uuid.
  warnings.warn('Invalid uuid. To ensure interoperability, identifiers'

This changes multiple fixtures within default_fixtures to use valid
uuids for their 'id' values. Also changed load_fixtures to build
the fixtures based on the default_fixtures' 'name' value, rather
than 'id'. Replaced many instances of invalid hard-coded ids to use
random uuids, default_fixture ids, or 'default'.

Co-Authored-By: Tin Lam <tinlam@gmail.com>

Change-Id: Ic4fff30c306561b71288712480f073aba1fccbde
Closes-Bug: #1659053
Depends-On: I58bba04c21c2d24fd37850c9ecc6fac99deb3fc4
This commit is contained in:
Gage Hugo 2017-01-27 15:52:02 -06:00
parent 94ed3ae6e5
commit 2be615ea93
12 changed files with 234 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
keystone/tests/unit/assignment/test_backends.py
View File

@ -19,6 +19,7 @@ from testtools import matchers
import keystone.conf
from keystone import exception
from keystone.tests import unit
from keystone.tests.unit import default_fixtures
CONF = keystone.conf.CONF
@ -638,14 +639,16 @@ class AssignmentTests(AssignmentTestHelperMixin):
roles_ref = self.assignment_api.get_roles_for_user_and_project(
self.user_foo['id'], self.tenant_bar['id'])
self.assertIn(self.role_admin['id'], roles_ref)
self.assertNotIn('member', roles_ref)
self.assertNotIn(default_fixtures.MEMBER_ROLE_ID, roles_ref)
self.assignment_api.add_role_to_user_and_project(
self.user_foo['id'], self.tenant_bar['id'], 'member')
self.user_foo['id'],
self.tenant_bar['id'],
default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.get_roles_for_user_and_project(
self.user_foo['id'], self.tenant_bar['id'])
self.assertIn(self.role_admin['id'], roles_ref)
self.assertIn('member', roles_ref)
self.assertIn(default_fixtures.MEMBER_ROLE_ID, roles_ref)
def test_get_roles_for_user_and_domain(self):
"""Test for getting roles for user on a domain.
@ -672,15 +675,18 @@ class AssignmentTests(AssignmentTestHelperMixin):
domain_id=new_domain['id'])
self.assertEqual(0, len(roles_ref))
# Now create the grants (roles are defined in default_fixtures)
self.assignment_api.create_grant(user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.create_grant(user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id='other')
self.assignment_api.create_grant(user_id=new_user2['id'],
domain_id=new_domain['id'],
role_id='admin')
self.assignment_api.create_grant(
user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
self.assignment_api.create_grant(
user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.OTHER_ROLE_ID)
self.assignment_api.create_grant(
user_id=new_user2['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.ADMIN_ROLE_ID)
# Read back the roles for user1 on domain
roles_ids = self.assignment_api.get_roles_for_user_and_domain(
new_user1['id'], new_domain['id'])
@ -689,12 +695,14 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assertIn(self.role_other['id'], roles_ids)
# Now delete both grants for user1
self.assignment_api.delete_grant(user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.delete_grant(user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id='other')
self.assignment_api.delete_grant(
user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
self.assignment_api.delete_grant(
user_id=new_user1['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.OTHER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=new_user1['id'],
domain_id=new_domain['id'])
@ -756,18 +764,22 @@ class AssignmentTests(AssignmentTestHelperMixin):
def test_remove_role_from_user_and_project(self):
self.assignment_api.add_role_to_user_and_project(
self.user_foo['id'], self.tenant_bar['id'], 'member')
self.user_foo['id'],
self.tenant_bar['id'],
default_fixtures.MEMBER_ROLE_ID)
self.assignment_api.remove_role_from_user_and_project(
self.user_foo['id'], self.tenant_bar['id'], 'member')
self.user_foo['id'],
self.tenant_bar['id'],
default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.get_roles_for_user_and_project(
self.user_foo['id'], self.tenant_bar['id'])
self.assertNotIn('member', roles_ref)
self.assertNotIn(default_fixtures.MEMBER_ROLE_ID, roles_ref)
self.assertRaises(exception.NotFound,
self.assignment_api.
remove_role_from_user_and_project,
self.user_foo['id'],
self.tenant_bar['id'],
'member')
default_fixtures.MEMBER_ROLE_ID)
def test_get_role_grant_by_user_and_project(self):
roles_ref = self.assignment_api.list_grants(
@ -783,9 +795,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assertIn(self.role_admin['id'],
[role_ref['id'] for role_ref in roles_ref])
self.assignment_api.create_grant(user_id=self.user_foo['id'],
project_id=self.tenant_bar['id'],
role_id='member')
self.assignment_api.create_grant(
user_id=self.user_foo['id'],
project_id=self.tenant_bar['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=self.user_foo['id'],
project_id=self.tenant_bar['id'])
@ -794,20 +807,22 @@ class AssignmentTests(AssignmentTestHelperMixin):
for ref in roles_ref:
roles_ref_ids.append(ref['id'])
self.assertIn(self.role_admin['id'], roles_ref_ids)
self.assertIn('member', roles_ref_ids)
self.assertIn(default_fixtures.MEMBER_ROLE_ID, roles_ref_ids)
def test_remove_role_grant_from_user_and_project(self):
self.assignment_api.create_grant(user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
self.assignment_api.create_grant(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'])
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
self.assignment_api.delete_grant(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'])
@ -816,59 +831,59 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assignment_api.delete_grant,
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_role_assignment_by_project_not_found(self):
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.check_grant_role_id,
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.check_grant_role_id,
group_id=uuid.uuid4().hex,
project_id=self.tenant_baz['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_role_assignment_by_domain_not_found(self):
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.check_grant_role_id,
user_id=self.user_foo['id'],
domain_id=self.domain_default['id'],
role_id='member')
domain_id=CONF.identity.default_domain_id,
role_id=default_fixtures.MEMBER_ROLE_ID)
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.check_grant_role_id,
group_id=uuid.uuid4().hex,
domain_id=self.domain_default['id'],
role_id='member')
domain_id=CONF.identity.default_domain_id,
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_del_role_assignment_by_project_not_found(self):
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.delete_grant,
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.delete_grant,
group_id=uuid.uuid4().hex,
project_id=self.tenant_baz['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_del_role_assignment_by_domain_not_found(self):
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.delete_grant,
user_id=self.user_foo['id'],
domain_id=self.domain_default['id'],
role_id='member')
domain_id=CONF.identity.default_domain_id,
role_id=default_fixtures.MEMBER_ROLE_ID)
self.assertRaises(exception.RoleAssignmentNotFound,
self.assignment_api.delete_grant,
group_id=uuid.uuid4().hex,
domain_id=self.domain_default['id'],
role_id='member')
domain_id=CONF.identity.default_domain_id,
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_and_remove_role_grant_by_group_and_project(self):
new_domain = unit.new_domain_ref()
@ -883,17 +898,19 @@ class AssignmentTests(AssignmentTestHelperMixin):
group_id=new_group['id'],
project_id=self.tenant_bar['id'])
self.assertEqual(0, len(roles_ref))
self.assignment_api.create_grant(group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id='member')
self.assignment_api.create_grant(
group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
project_id=self.tenant_bar['id'])
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id='member')
self.assignment_api.delete_grant(
group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
project_id=self.tenant_bar['id'])
@ -902,7 +919,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assignment_api.delete_grant,
group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_and_remove_role_grant_by_group_and_domain(self):
new_domain = unit.new_domain_ref()
@ -919,18 +936,20 @@ class AssignmentTests(AssignmentTestHelperMixin):
domain_id=new_domain['id'])
self.assertEqual(0, len(roles_ref))
self.assignment_api.create_grant(group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.create_grant(
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
domain_id=new_domain['id'])
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.delete_grant(
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
domain_id=new_domain['id'])
@ -939,7 +958,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assignment_api.delete_grant,
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_and_remove_correct_role_grant_from_a_mix(self):
new_domain = unit.new_domain_ref()
@ -963,9 +982,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assertEqual(0, len(roles_ref))
# Now add the grant we are going to test for, and some others as
# well just to make sure we get back the right one
self.assignment_api.create_grant(group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.create_grant(
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
self.assignment_api.create_grant(group_id=new_group2['id'],
domain_id=new_domain['id'],
@ -982,9 +1002,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
domain_id=new_domain['id'])
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.delete_grant(
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
domain_id=new_domain['id'])
@ -993,7 +1014,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assignment_api.delete_grant,
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_and_remove_role_grant_by_user_and_domain(self):
new_domain = unit.new_domain_ref()
@ -1004,17 +1025,19 @@ class AssignmentTests(AssignmentTestHelperMixin):
user_id=new_user['id'],
domain_id=new_domain['id'])
self.assertEqual(0, len(roles_ref))
self.assignment_api.create_grant(user_id=new_user['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.create_grant(
user_id=new_user['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=new_user['id'],
domain_id=new_domain['id'])
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(user_id=new_user['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.delete_grant(
user_id=new_user['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=new_user['id'],
domain_id=new_domain['id'])
@ -1023,7 +1046,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
self.assignment_api.delete_grant,
user_id=new_user['id'],
domain_id=new_domain['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_and_remove_role_grant_by_group_and_cross_domain(self):
group1_domain1_role = unit.new_role_ref()
@ -1764,7 +1787,9 @@ class AssignmentTests(AssignmentTestHelperMixin):
domain_id=CONF.identity.default_domain_id)
self.resource_api.create_project(project['id'], project)
self.assignment_api.add_role_to_user_and_project(
self.user_foo['id'], project['id'], 'member')
self.user_foo['id'],
project['id'],
default_fixtures.MEMBER_ROLE_ID)
self.resource_api.delete_project(project['id'])
self.assertRaises(exception.ProjectNotFound,
self.assignment_api.list_user_ids_for_project,
@ -1851,11 +1876,10 @@ class AssignmentTests(AssignmentTestHelperMixin):
# When a group is deleted any role assignments for the group are
# removed.
MEMBER_ROLE_ID = 'member'
def get_member_assignments():
assignments = self.assignment_api.list_role_assignments()
return [x for x in assignments if x['role_id'] == MEMBER_ROLE_ID]
return ([x for x in assignments if x['role_id'] ==
default_fixtures.MEMBER_ROLE_ID])
orig_member_assignments = get_member_assignments()
@ -1872,7 +1896,7 @@ class AssignmentTests(AssignmentTestHelperMixin):
# Assign a role to the group.
self.assignment_api.create_grant(
group_id=new_group['id'], project_id=new_project['id'],
role_id=MEMBER_ROLE_ID)
role_id=default_fixtures.MEMBER_ROLE_ID)
# Delete the group.
self.identity_api.delete_group(new_group['id'])

22
keystone/tests/unit/assignment/test_core.py
View File

@ -28,23 +28,27 @@ class RoleTests(object):
uuid.uuid4().hex)
def test_create_duplicate_role_name_fails(self):
role = unit.new_role_ref(id='fake1', name='fake1name')
self.role_api.create_role('fake1', role)
role['id'] = 'fake2'
role_id = uuid.uuid4().hex
role = unit.new_role_ref(id=role_id, name='fake1name')
self.role_api.create_role(role_id, role)
new_role_id = uuid.uuid4().hex
role['id'] = new_role_id
self.assertRaises(exception.Conflict,
self.role_api.create_role,
'fake2',
new_role_id,
role)
def test_rename_duplicate_role_name_fails(self):
role1 = unit.new_role_ref(id='fake1', name='fake1name')
role2 = unit.new_role_ref(id='fake2', name='fake2name')
self.role_api.create_role('fake1', role1)
self.role_api.create_role('fake2', role2)
role_id1 = uuid.uuid4().hex
role_id2 = uuid.uuid4().hex
role1 = unit.new_role_ref(id=role_id1, name='fake1name')
role2 = unit.new_role_ref(id=role_id2, name='fake2name')
self.role_api.create_role(role_id1, role1)
self.role_api.create_role(role_id2, role2)
role1['name'] = 'fake2name'
self.assertRaises(exception.Conflict,
self.role_api.update_role,
'fake1',
role_id1,
role1)
def test_role_crud(self):

4
keystone/tests/unit/catalog/test_backends.py
View File

@ -30,7 +30,7 @@ class CatalogTests(object):
def test_region_crud(self):
# create
region_id = '0' * 255
region_id = 'default'
new_region = unit.new_region_ref(id=region_id)
res = self.catalog_api.create_region(new_region)
@ -158,7 +158,7 @@ class CatalogTests(object):
uuid.uuid4().hex)
def test_create_region_invalid_parent_region_returns_not_found(self):
new_region = unit.new_region_ref(parent_region_id='nonexisting')
new_region = unit.new_region_ref(parent_region_id=uuid.uuid4().hex)
self.assertRaises(exception.RegionNotFound,
self.catalog_api.create_region,
new_region)

8
keystone/tests/unit/core.py
View File

@ -730,7 +730,7 @@ class TestCase(BaseTestCase):
rv = self.role_api.create_role(role['id'], role)
except exception.Conflict:
rv = self.role_api.get_role(role['id'])
attrname = 'role_%s' % role['id']
attrname = 'role_%s' % role['name']
setattr(self, attrname, rv)
fixtures_to_cleanup.append(attrname)
@ -738,7 +738,9 @@ class TestCase(BaseTestCase):
user_copy = user.copy()
tenants = user_copy.pop('tenants')
try:
existing_user = getattr(self, 'user_%s' % user['id'], None)
existing_user = getattr(self,
'user_%s' % user['name'],
None)
if existing_user is not None:
self.identity_api.delete_user(existing_user['id'])
except exception.UserNotFound:
@ -760,7 +762,7 @@ class TestCase(BaseTestCase):
# Use the ID from the fixture as the attribute name, so
# that our tests can easily reference each user dict, while
# the ID in the dict will be the real public ID.
attrname = 'user_%s' % user['id']
attrname = 'user_%s' % user['name']
setattr(self, attrname, user_copy)
fixtures_to_cleanup.append(attrname)

49
keystone/tests/unit/default_fixtures.py
View File

@ -21,6 +21,9 @@ BAZ_TENANT_ID = uuid.uuid4().hex
MTU_TENANT_ID = uuid.uuid4().hex
SERVICE_TENANT_ID = uuid.uuid4().hex
DEFAULT_DOMAIN_ID = 'default'
ADMIN_ROLE_ID = uuid.uuid4().hex
MEMBER_ROLE_ID = uuid.uuid4().hex
OTHER_ROLE_ID = uuid.uuid4().hex
TENANTS = [
{
@ -62,24 +65,24 @@ TENANTS = [
USERS = [
# NOTE(morganfainberg): Admin user for replacing admin_token_auth
{
'id': 'reqadmin',
'name': 'REQ_ADMIN',
'id': uuid.uuid4().hex,
'name': 'req_admin',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'password',
'tenants': [],
'enabled': True
},
{
'id': 'foo',
'name': 'FOO',
'id': uuid.uuid4().hex,
'name': 'foo',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'foo2',
'tenants': [BAR_TENANT_ID],
'enabled': True,
'email': 'foo@bar.com',
}, {
'id': 'two',
'name': 'TWO',
'id': uuid.uuid4().hex,
'name': 'two',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'two2',
'enabled': True,
@ -87,8 +90,8 @@ USERS = [
'tenants': [BAZ_TENANT_ID],
'email': 'two@three.com',
}, {
'id': 'badguy',
'name': 'BadGuy',
'id': uuid.uuid4().hex,
'name': 'badguy',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'bad',
'enabled': False,
@ -96,8 +99,8 @@ USERS = [
'tenants': [BAZ_TENANT_ID],
'email': 'bad@guy.com',
}, {
'id': 'sna',
'name': 'SNA',
'id': uuid.uuid4().hex,
'name': 'sna',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'snafu',
'enabled': True,
@ -108,32 +111,32 @@ USERS = [
ROLES = [
{
'id': 'admin',
'id': ADMIN_ROLE_ID,
'name': 'admin',
'domain_id': None,
}, {
'id': 'member',
'name': 'Member',
'id': MEMBER_ROLE_ID,
'name': 'member',
'domain_id': None,
}, {
'id': '9fe2ff9ee4384b1894a90878d3e92bab',
'name': '_member_',
'domain_id': None,
}, {
'id': 'other',
'name': 'Other',
'id': OTHER_ROLE_ID,
'name': 'other',
'domain_id': None,
}, {
'id': 'browser',
'name': 'Browser',
'id': uuid.uuid4().hex,
'name': 'browser',
'domain_id': None,
}, {
'id': 'writer',
'name': 'Writer',
'id': uuid.uuid4().hex,
'name': 'writer',
'domain_id': None,
}, {
'id': 'service',
'name': 'Service',
'id': uuid.uuid4().hex,
'name': 'service',
'domain_id': None,
}
]
@ -141,9 +144,9 @@ ROLES = [
# NOTE(morganfainberg): Admin assignment for replacing admin_token_auth
ROLE_ASSIGNMENTS = [
{
'user': 'reqadmin',
'user': 'req_admin',
'tenant_id': SERVICE_TENANT_ID,
'role_id': 'admin'
'role_id': ADMIN_ROLE_ID
},
]

2
keystone/tests/unit/filtering.py
View File

@ -94,7 +94,7 @@ class FilterTests(object):
# The manager layer creates the ID for users and groups
new_entity = self._create_entity(entity_type)(new_entity)
else:
new_entity['id'] = '0000' + uuid.uuid4().hex
new_entity['id'] = uuid.uuid4().hex
self._create_entity(entity_type)(new_entity['id'], new_entity)
return new_entity

2
keystone/tests/unit/identity/test_backends.py
View File

@ -429,7 +429,7 @@ class IdentityTests(object):
CONF.identity.default_domain_id))
self.assertEqual(len(default_fixtures.USERS), len(users))
user_ids = set(user['id'] for user in users)
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
for user in default_fixtures.USERS)
for user_ref in users:
self.assertNotIn('password', user_ref)

4
keystone/tests/unit/rest.py
View File

@ -222,8 +222,8 @@ class RestfulTestCase(unit.TestCase):
return self._get_token({
'auth': {
'passwordCredentials': {
'username': self.user_reqadmin['name'],
'password': self.user_reqadmin['password']
'username': self.user_req_admin['name'],
'password': self.user_req_admin['password']
},
'tenantId': default_fixtures.SERVICE_TENANT_ID
}

70
keystone/tests/unit/test_auth.py
View File

@ -85,7 +85,7 @@ class AuthTest(unit.TestCase):
self.load_backends()
self.load_fixtures(default_fixtures)
environ = {'REMOTE_USER': 'FOO', 'AUTH_TYPE': 'Negotiate'}
environ = {'REMOTE_USER': 'foo', 'AUTH_TYPE': 'Negotiate'}
self.request_with_remote_user = self.make_request(environ=environ)
self.empty_request = self.make_request()
@ -188,7 +188,7 @@ class AuthBadRequests(AuthTest):
def test_authenticate_user_id_too_large(self):
"""Verify sending large 'userId' raises the right exception."""
body_dict = _build_user_auth(user_id='0' * 65, username='FOO',
body_dict = _build_user_auth(user_id='0' * 65, username='foo',
password='foo2')
self.assertRaises(exception.ValidationSizeError,
self.controller.authenticate,
@ -203,7 +203,7 @@ class AuthBadRequests(AuthTest):
def test_authenticate_tenant_id_too_large(self):
"""Verify sending large 'tenantId' raises the right exception."""
body_dict = _build_user_auth(username='FOO', password='foo2',
body_dict = _build_user_auth(username='foo', password='foo2',
tenant_id='0' * 65)
self.assertRaises(exception.ValidationSizeError,
self.controller.authenticate,
@ -211,7 +211,7 @@ class AuthBadRequests(AuthTest):
def test_authenticate_tenant_name_too_large(self):
"""Verify sending large 'tenantName' raises the right exception."""
body_dict = _build_user_auth(username='FOO', password='foo2',
body_dict = _build_user_auth(username='foo', password='foo2',
tenant_name='0' * 65)
self.assertRaises(exception.ValidationSizeError,
self.controller.authenticate,
@ -227,7 +227,7 @@ class AuthBadRequests(AuthTest):
def test_authenticate_password_too_large(self):
"""Verify sending large 'password' raises the right exception."""
length = CONF.identity.max_password_length + 1
body_dict = _build_user_auth(username='FOO', password='0' * length)
body_dict = _build_user_auth(username='foo', password='0' * length)
self.assertRaises(exception.ValidationSizeError,
self.controller.authenticate,
self.make_request(), body_dict)
@ -266,7 +266,7 @@ class AuthBadRequests(AuthTest):
class AuthWithToken(object):
def test_unscoped_token(self):
"""Verify getting an unscoped token with password creds."""
body_dict = _build_user_auth(username='FOO',
body_dict = _build_user_auth(username='foo',
password='foo2')
unscoped_token = self.controller.authenticate(self.make_request(),
body_dict)
@ -291,7 +291,7 @@ class AuthWithToken(object):
def test_auth_unscoped_token_no_project(self):
"""Verify getting an unscoped token with an unscoped token."""
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2')
unscoped_token = self.controller.authenticate(self.make_request(),
body_dict)
@ -312,7 +312,7 @@ class AuthWithToken(object):
self.role_member['id'])
# Get an unscoped token
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2')
unscoped_token = self.controller.authenticate(self.make_request(),
body_dict)
@ -393,7 +393,7 @@ class AuthWithToken(object):
# Get a scoped token for the tenant
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2',
tenant_name="BAR")
@ -431,7 +431,7 @@ class AuthWithToken(object):
def test_belongs_to(self):
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2',
tenant_name=self.tenant_bar['name'])
@ -471,7 +471,7 @@ class AuthWithToken(object):
# the token should have bind information in it
bind = unscoped_token['access']['token']['bind']
self.assertEqual('FOO', bind['kerberos'])
self.assertEqual('foo', bind['kerberos'])
body_dict = _build_user_auth(
token=unscoped_token['access']['token'],
@ -489,14 +489,14 @@ class AuthWithToken(object):
# the bind information should be carried over from the original token
bind = scoped_token['access']['token']['bind']
self.assertEqual('FOO', bind['kerberos'])
self.assertEqual('foo', bind['kerberos'])
def test_deleting_role_revokes_token(self):
role_controller = assignment.controllers.Role()
project1 = unit.new_project_ref(
domain_id=CONF.identity.default_domain_id)
self.resource_api.create_project(project1['id'], project1)
role_one = unit.new_role_ref(id='role_one')
role_one = unit.new_role_ref(id=uuid.uuid4().hex)
self.role_api.create_role(role_one['id'], role_one)
self.assignment_api.add_role_to_user_and_project(
self.user_foo['id'], project1['id'], role_one['id'])
@ -557,7 +557,7 @@ class AuthWithToken(object):
return token['access']['token']['audit_ids']
# get a token
body_dict = _build_user_auth(username='FOO', password='foo2')
body_dict = _build_user_auth(username='foo', password='foo2')
unscoped_token = self.controller.authenticate(self.make_request(),
body_dict)
starting_audit_id = get_audit_ids(unscoped_token)[0]
@ -584,7 +584,7 @@ class AuthWithToken(object):
self.config_fixture.config(group='token', revoke_by_id=False)
# get a token
body_dict = _build_user_auth(username='FOO', password='foo2')
body_dict = _build_user_auth(username='foo', password='foo2')
unscoped_token = self.controller.authenticate(self.make_request(),
body_dict)
token_id = unscoped_token['access']['token']['id']
@ -610,7 +610,7 @@ class AuthWithToken(object):
self.config_fixture.config(group='token', revoke_by_id=False)
# get a token
body_dict = _build_user_auth(username='FOO', password='foo2')
body_dict = _build_user_auth(username='foo', password='foo2')
unscoped_token = self.controller.authenticate(self.make_request(),
body_dict)
token_id = unscoped_token['access']['token']['id']
@ -684,7 +684,7 @@ class AuthWithPasswordCredentials(AuthTest):
def test_auth_valid_user_invalid_password(self):
"""Verify exception is raised if invalid password."""
body_dict = _build_user_auth(
username="FOO",
username="foo",
password=uuid.uuid4().hex)
self.assertRaises(
exception.Unauthorized,
@ -694,7 +694,7 @@ class AuthWithPasswordCredentials(AuthTest):
def test_auth_empty_password(self):
"""Verify exception is raised if empty password."""
body_dict = _build_user_auth(
username="FOO",
username="foo",
password="")
self.assertRaises(
exception.Unauthorized,
@ -703,7 +703,7 @@ class AuthWithPasswordCredentials(AuthTest):
def test_auth_no_password(self):
"""Verify exception is raised if empty password."""
body_dict = _build_user_auth(username="FOO")
body_dict = _build_user_auth(username="foo")
self.assertRaises(
exception.ValidationError,
self.controller.authenticate,
@ -726,7 +726,7 @@ class AuthWithPasswordCredentials(AuthTest):
def test_bind_without_remote_user(self):
self.config_fixture.config(group='token', bind=['kerberos'])
body_dict = _build_user_auth(username='FOO', password='foo2',
body_dict = _build_user_auth(username='foo', password='foo2',
tenant_name='BAR')
token = self.controller.authenticate(self.make_request(), body_dict)
self.assertNotIn('bind', token['access']['token'])
@ -766,7 +766,7 @@ class AuthWithRemoteUser(object):
def test_unscoped_remote_authn(self):
"""Verify getting an unscoped token with external authn."""
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2')
local_token = self.controller.authenticate(
self.make_request(), body_dict)
@ -783,13 +783,13 @@ class AuthWithRemoteUser(object):
self.assertRaises(
exception.ValidationError,
self.controller.authenticate,
self.make_request(environ={'REMOTE_USER': 'FOO'}),
self.make_request(environ={'REMOTE_USER': 'foo'}),
None)
def test_scoped_remote_authn(self):
"""Verify getting a token with external authn."""
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2',
tenant_name='BAR')
local_token = self.controller.authenticate(
@ -806,7 +806,7 @@ class AuthWithRemoteUser(object):
def test_scoped_nometa_remote_authn(self):
"""Verify getting a token with external authn and no metadata."""
body_dict = _build_user_auth(
username='TWO',
username='two',
password='two2',
tenant_name='BAZ')
local_token = self.controller.authenticate(
@ -814,7 +814,7 @@ class AuthWithRemoteUser(object):
body_dict = _build_user_auth(tenant_name='BAZ')
remote_token = self.controller.authenticate(
self.make_request(environ={'REMOTE_USER': 'TWO'}), body_dict)
self.make_request(environ={'REMOTE_USER': 'two'}), body_dict)
self.assertEqualTokens(local_token, remote_token,
enforce_audit_ids=False)
@ -833,7 +833,7 @@ class AuthWithRemoteUser(object):
body_dict = _build_user_auth(tenant_name="BAR")
token = self.controller.authenticate(self.request_with_remote_user,
body_dict)
self.assertEqual('FOO', token['access']['token']['bind']['kerberos'])
self.assertEqual('foo', token['access']['token']['bind']['kerberos'])
def test_bind_without_config_opt(self):
self.config_fixture.config(group='token', bind=['x509'])
@ -1074,7 +1074,7 @@ class AuthWithTrust(object):
def test_token_from_trust_wrong_user_fails(self):
new_trust = self.create_trust(self.sample_data, self.trustor['name'])
request_body = self.build_v2_token_request('FOO', 'foo2', new_trust)
request_body = self.build_v2_token_request('foo', 'foo2', new_trust)
self.assertRaises(exception.Forbidden, self.controller.authenticate,
self.make_request(), request_body)
@ -1083,13 +1083,13 @@ class AuthWithTrust(object):
self.assignment_api.add_role_to_user_and_project(
self.trustor['id'], self.tenant_baz['id'], assigned_role)
new_trust = self.create_trust(self.sample_data, self.trustor['name'])
request_body = self.build_v2_token_request('TWO', 'two2', new_trust,
request_body = self.build_v2_token_request('two', 'two2', new_trust,
self.tenant_baz['id'])
self.assertRaises(exception.Forbidden, self.controller.authenticate,
self.make_request(), request_body)
def fetch_v2_token_from_trust(self, trust):
request_body = self.build_v2_token_request('TWO', 'two2', trust)
request_body = self.build_v2_token_request('two', 'two2', trust)
auth_response = self.controller.authenticate(self.make_request(),
request_body)
return auth_response
@ -1223,7 +1223,7 @@ class AuthWithTrust(object):
for assigned_role in self.assigned_roles:
self.assignment_api.remove_role_from_user_and_project(
self.trustor['id'], self.tenant_bar['id'], assigned_role)
request_body = self.build_v2_token_request('TWO', 'two2', new_trust)
request_body = self.build_v2_token_request('two', 'two2', new_trust)
self.assertRaises(
exception.Forbidden,
self.controller.authenticate, self.make_request(), request_body)
@ -1236,7 +1236,7 @@ class AuthWithTrust(object):
expires_at)
with mock.patch.object(timeutils, 'utcnow') as mock_now:
mock_now.return_value = time_expired
request_body = self.build_v2_token_request('TWO', 'two2',
request_body = self.build_v2_token_request('two', 'two2',
new_trust)
self.assertRaises(
exception.Forbidden,
@ -1253,7 +1253,7 @@ class AuthWithTrust(object):
self.assignment_api.remove_role_from_user_and_project(
self.trustor['id'], self.tenant_bar['id'], assigned_role)
request_body = self.build_v2_token_request('TWO', 'two2', new_trust)
request_body = self.build_v2_token_request('two', 'two2', new_trust)
self.assertRaises(
exception.Forbidden,
@ -1268,7 +1268,7 @@ class AuthWithTrust(object):
self.assignment_api.remove_role_from_user_and_project(
self.trustor['id'], self.tenant_bar['id'], assigned_role)
request_body = self.build_v2_token_request('TWO', 'two2', new_trust)
request_body = self.build_v2_token_request('two', 'two2', new_trust)
self.assertRaises(exception.Forbidden,
self.controller.authenticate,
self.make_request(),
@ -1524,7 +1524,7 @@ class AuthCatalog(unit.SQLDriverOverrides, AuthTest):
# Authenticate
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2',
tenant_name="BAR")
@ -1550,7 +1550,7 @@ class AuthCatalog(unit.SQLDriverOverrides, AuthTest):
# Authenticate
body_dict = _build_user_auth(
username='FOO',
username='foo',
password='foo2',
tenant_name="BAR")

70
keystone/tests/unit/test_backend_ldap.py
View File

@ -433,17 +433,19 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
self.assertEqual(0, len(groups))
def test_remove_role_grant_from_user_and_project(self):
self.assignment_api.create_grant(user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
self.assignment_api.create_grant(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'])
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
self.assignment_api.delete_grant(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'])
@ -452,7 +454,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
self.assignment_api.delete_grant,
user_id=self.user_foo['id'],
project_id=self.tenant_baz['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_and_remove_role_grant_by_group_and_project(self):
new_domain = self._get_domain_fixture()
@ -469,18 +471,20 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
self.assertEqual([], roles_ref)
self.assertEqual(0, len(roles_ref))
self.assignment_api.create_grant(group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id='member')
self.assignment_api.create_grant(
group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
project_id=self.tenant_bar['id'])
self.assertNotEmpty(roles_ref)
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id='member')
self.assignment_api.delete_grant(
group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
project_id=self.tenant_bar['id'])
@ -489,7 +493,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
self.assignment_api.delete_grant,
group_id=new_group['id'],
project_id=self.tenant_bar['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_get_and_remove_role_grant_by_group_and_domain(self):
# TODO(henry-nash): We should really rewrite the tests in
@ -509,18 +513,20 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
domain_id=new_domain['id'])
self.assertEqual(0, len(roles_ref))
self.assignment_api.create_grant(group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.create_grant(
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
domain_id=new_domain['id'])
self.assertDictEqual(self.role_member, roles_ref[0])
self.assignment_api.delete_grant(group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
self.assignment_api.delete_grant(
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id=default_fixtures.MEMBER_ROLE_ID)
roles_ref = self.assignment_api.list_grants(
group_id=new_group['id'],
domain_id=new_domain['id'])
@ -529,7 +535,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
self.assignment_api.delete_grant,
group_id=new_group['id'],
domain_id=new_domain['id'],
role_id='member')
role_id=default_fixtures.MEMBER_ROLE_ID)
def test_list_projects_for_user(self):
domain = self._get_domain_fixture()
@ -657,12 +663,14 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
# First check how many role grant already exist
existing_assignments = len(self.assignment_api.list_role_assignments())
self.assignment_api.create_grant(user_id=new_user['id'],
project_id=new_project['id'],
role_id='other')
self.assignment_api.create_grant(group_id=new_group['id'],
project_id=new_project['id'],
role_id='admin')
self.assignment_api.create_grant(
user_id=new_user['id'],
project_id=new_project['id'],
role_id=default_fixtures.OTHER_ROLE_ID)
self.assignment_api.create_grant(
group_id=new_group['id'],
project_id=new_project['id'],
role_id=default_fixtures.ADMIN_ROLE_ID)
# Read back the list of assignments - check it is gone up by 2
after_assignments = len(self.assignment_api.list_role_assignments())
@ -935,7 +943,7 @@ class BaseLDAPIdentity(IdentityTests, AssignmentTests, ResourceTests):
# Grant the user a role on a project.
role_id = 'member'
role_id = default_fixtures.MEMBER_ROLE_ID
project_id = self.tenant_baz['id']
self.assignment_api.create_grant(role_id, user_id=public_user_id,
@ -1622,7 +1630,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
users = self.identity_api.list_users()
self.assertEqual(len(default_fixtures.USERS), len(users))
user_ids = set(user['id'] for user in users)
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
for user in default_fixtures.USERS)
for user_ref in users:
self.assertNotIn('dn', user_ref)
@ -2368,7 +2376,7 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
CONF.identity.default_domain_id))
self.assertEqual(len(default_fixtures.USERS) + 1, len(users))
user_ids = set(user['id'] for user in users)
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
for user in default_fixtures.USERS)
expected_user_ids.add(self.users['user0']['id'])
for user_ref in users:
@ -2900,7 +2908,7 @@ class DomainSpecificLDAPandSQLIdentity(
CONF.identity.default_domain_id))
self.assertEqual(len(default_fixtures.USERS) + 1, len(users))
user_ids = set(user['id'] for user in users)
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
expected_user_ids = set(getattr(self, 'user_%s' % user['name'])['id']
for user in default_fixtures.USERS)
expected_user_ids.add(self.users['user0']['id'])
for user_ref in users:

8
keystone/tests/unit/test_catalog.py
View File

@ -23,7 +23,7 @@ from keystone.tests.unit import rest
BASE_URL = 'http://127.0.0.1:35357/v2'
SERVICE_FIXTURE = object()
SERVICE_ID = uuid.uuid4().hex
class V2CatalogTestCase(rest.RestfulTestCase):
@ -51,12 +51,12 @@ class V2CatalogTestCase(rest.RestfulTestCase):
return r.result['access']['token']['id']
def _endpoint_create(self, expected_status=http_client.OK,
service_id=SERVICE_FIXTURE,
service_id=SERVICE_ID,
publicurl='http://localhost:8080',
internalurl='http://localhost:8080',
adminurl='http://localhost:8080',
region='RegionOne'):
if service_id is SERVICE_FIXTURE:
region=uuid.uuid4().hex):
if service_id is SERVICE_ID:
service_id = self.service_id
path = '/v2.0/endpoints'

7
keystone/tests/unit/test_v3_catalog.py
View File

@ -56,13 +56,14 @@ class CatalogTestCase(test_v3.RestfulTestCase):
def test_create_region_with_duplicate_id(self):
"""Call ``PUT /regions/{region_id}``."""
ref = dict(description="my region")
ref = unit.new_region_ref()
region_id = ref['id']
self.put(
'/regions/myregion',
'/regions/%s' % region_id,
body={'region': ref}, expected_status=http_client.CREATED)
# Create region again with duplicate id
self.put(
'/regions/myregion',
'/regions/%s' % region_id,
body={'region': ref}, expected_status=http_client.CONFLICT)
def test_create_region(self):