clean up keystoneclient setup
This commit is contained in:
parent
32aa1dedb7
commit
2e1558ebd2
|
@ -150,7 +150,14 @@ class KeystoneController(service.BaseApplication):
|
|||
tenant_id=tenant_ref['id'],
|
||||
extras=extras_ref)
|
||||
|
||||
return self._format_authenticate(token_ref, catalog_ref)
|
||||
# TODO(termie): optimize this call at some point and put it into the
|
||||
# the return for extras
|
||||
# fill out the roles in the extras
|
||||
roles_ref = []
|
||||
for role_id in extras_ref.get('roles', []):
|
||||
roles_ref.append(self.identity_api.get_role(context, role_id))
|
||||
|
||||
return self._format_authenticate(token_ref, roles_ref, catalog_ref)
|
||||
|
||||
#admin-only
|
||||
def validate_token(self, context, token_id, belongs_to=None):
|
||||
|
@ -220,11 +227,9 @@ class KeystoneController(service.BaseApplication):
|
|||
context, tenant_id=tenant_id, data=tenant_ref)
|
||||
return {'tenant': tenant}
|
||||
|
||||
def _format_token(self, token_ref):
|
||||
def _format_token(self, token_ref, roles_ref):
|
||||
user_ref = token_ref['user']
|
||||
extras_ref = token_ref['extras']
|
||||
roles = extras_ref.get('roles', [])
|
||||
roles_ref = [{'id': 1, 'name': x} for x in roles]
|
||||
o = {'access': {'token': {'id': token_ref['id'],
|
||||
'expires': token_ref['expires']
|
||||
},
|
||||
|
@ -242,8 +247,8 @@ class KeystoneController(service.BaseApplication):
|
|||
o['access']['token']['tenant'] = token_ref['tenant']
|
||||
return o
|
||||
|
||||
def _format_authenticate(self, token_ref, catalog_ref):
|
||||
o = self._format_token(token_ref)
|
||||
def _format_authenticate(self, token_ref, roles_ref, catalog_ref):
|
||||
o = self._format_token(token_ref, roles_ref)
|
||||
o['access']['serviceCatalog'] = self._format_catalog(catalog_ref)
|
||||
return o
|
||||
|
||||
|
|
|
@ -96,8 +96,22 @@ class TestCase(unittest.TestCase):
|
|||
sys.path.remove(path)
|
||||
super(TestCase, self).tearDown()
|
||||
|
||||
#TODO(termie): probably make this take an argument and use that for `options`
|
||||
def load_backends(self):
|
||||
"""Hacky shortcut to load the backends for data manipulation.
|
||||
|
||||
Expects self.options to have already been set.
|
||||
|
||||
"""
|
||||
self.identity_api = utils.import_object(
|
||||
self.options['identity_driver'], options=self.options)
|
||||
self.token_api = utils.import_object(
|
||||
self.options['token_driver'], options=self.options)
|
||||
self.catalog_api = utils.import_object(
|
||||
self.options['catalog_driver'], options=self.options)
|
||||
|
||||
def load_fixtures(self, fixtures):
|
||||
"""Really quite basic and naive fixture loading based on a python module.
|
||||
"""Hacky basic and naive fixture loading based on a python module.
|
||||
|
||||
Expects that the various APIs into the various services are already
|
||||
defined on `self`.
|
||||
|
|
|
@ -9,8 +9,8 @@ import default_fixtures
|
|||
class KvsIdentity(test.TestCase):
|
||||
def setUp(self):
|
||||
super(KvsIdentity, self).setUp()
|
||||
options = self.appconfig('default')
|
||||
self.identity_api = kvs.KvsIdentity(options=options, db={})
|
||||
self.options = self.appconfig('default')
|
||||
self.identity_api = kvs.KvsIdentity(options=self.options, db={})
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
def test_authenticate_bad_user(self):
|
||||
|
|
|
@ -2,6 +2,8 @@ from keystonelight import models
|
|||
from keystonelight import test
|
||||
from keystonelight import utils
|
||||
|
||||
import default_fixtures
|
||||
|
||||
|
||||
KEYSTONECLIENT_REPO = 'git://github.com/openstack/python-keystoneclient.git'
|
||||
|
||||
|
@ -37,32 +39,18 @@ class MasterCompatTestCase(CompatTestCase):
|
|||
|
||||
self.app = self.loadapp('keystoneclient_compat_master')
|
||||
self.options = self.appconfig('keystoneclient_compat_master')
|
||||
|
||||
self.identity_backend = utils.import_object(
|
||||
self.options['identity_driver'], options=self.options)
|
||||
self.token_backend = utils.import_object(
|
||||
self.options['token_driver'], options=self.options)
|
||||
self.catalog_backend = utils.import_object(
|
||||
self.options['catalog_driver'], options=self.options)
|
||||
self.load_backends()
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
self.server = self.serveapp('keystoneclient_compat_master')
|
||||
|
||||
self.tenant_bar = self.identity_backend.create_tenant(
|
||||
'bar',
|
||||
models.Tenant(id='bar', name='BAR'))
|
||||
|
||||
self.user_foo = self.identity_backend.create_user(
|
||||
'foo',
|
||||
models.User(id='foo',
|
||||
name='FOO',
|
||||
tenants=[self.tenant_bar['id']],
|
||||
password='foo'))
|
||||
|
||||
self.extras_bar_foo = self.identity_backend.create_extras(
|
||||
# TODO(termie): is_admin is being deprecated once the policy stuff
|
||||
# is all working
|
||||
# TODO(termie): add an admin user to the fixtures and use that user
|
||||
# override the fixtures, for now
|
||||
self.extras_foobar = self.identity_api.update_extras(
|
||||
self.user_foo['id'], self.tenant_bar['id'],
|
||||
dict(roles=[],
|
||||
is_admin='1',
|
||||
roles_links=[]))
|
||||
dict(roles=['keystone_admin'], is_admin='1'))
|
||||
|
||||
# def test_authenticate(self):
|
||||
# from keystoneclient.v2_0 import client as ks_client
|
||||
|
@ -77,7 +65,7 @@ class MasterCompatTestCase(CompatTestCase):
|
|||
def test_authenticate_tenant_name_and_tenants(self):
|
||||
client = self._client(auth_url=self._url(),
|
||||
username='FOO',
|
||||
password='foo',
|
||||
password='foo2',
|
||||
tenant_name='BAR')
|
||||
tenants = client.tenants.list()
|
||||
self.assertEquals(tenants[0].id, self.tenant_bar['id'])
|
||||
|
@ -85,7 +73,7 @@ class MasterCompatTestCase(CompatTestCase):
|
|||
def test_authenticate_tenant_id_and_tenants(self):
|
||||
client = self._client(auth_url=self._url(),
|
||||
username='FOO',
|
||||
password='foo',
|
||||
password='foo2',
|
||||
tenant_id='bar')
|
||||
tenants = client.tenants.list()
|
||||
self.assertEquals(tenants[0].id, self.tenant_bar['id'])
|
||||
|
@ -93,11 +81,13 @@ class MasterCompatTestCase(CompatTestCase):
|
|||
# FIXME(ja): this test should require the "keystone:admin" roled
|
||||
# (probably the role set via --keystone_admin_role flag)
|
||||
# FIXME(ja): add a test that admin endpoint is only sent to admin user
|
||||
# FIXME(ja): add a test that admin endpoint returns unauthorized if not admin
|
||||
# FIXME(ja): add a test that admin endpoint returns unauthorized if not
|
||||
# admin
|
||||
def test_tenant_create(self):
|
||||
client = self._client(auth_url=self._url(),
|
||||
username='FOO',
|
||||
password='foo',
|
||||
password='foo2',
|
||||
tenant_name='BAR')
|
||||
client.tenants.create("hello", description="My new tenant!", enabled=True)
|
||||
client.tenants.create(
|
||||
"hello", description="My new tenant!", enabled=True)
|
||||
# FIXME(ja): assert tenant was created
|
||||
|
|
Loading…
Reference in New Issue