openstack/keystone
Code Issues Proposed changes

Merge "add missing attributes for group/project tables (bug1126021)"

Browse Source
This commit is contained in:
Jenkins 2013-03-08 22:47:12 +00:00 committed by Gerrit Code Review
commit 43c4a393f3
8 changed files with 189 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
keystone/identity/backends/sql.py
View File

@ -40,7 +40,7 @@ class User(sql.ModelBase, sql.DictBase):
class Group(sql.ModelBase, sql.DictBase):
__tablename__ = 'group'
attributes = ['id', 'name', 'domain_id']
attributes = ['id', 'name', 'domain_id', 'description']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), nullable=False)
domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'),
@ -76,7 +76,7 @@ class Domain(sql.ModelBase, sql.DictBase):
class Project(sql.ModelBase, sql.DictBase):
__tablename__ = 'project'
attributes = ['id', 'name', 'domain_id']
attributes = ['id', 'name', 'domain_id', 'description', 'enabled']
id = sql.Column(sql.String(64), primary_key=True)
name = sql.Column(sql.String(64), nullable=False)
domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'),
@ -666,8 +666,6 @@ class Identity(sql.Base, identity.Driver):
@sql.handle_conflicts(type='user')
def create_user(self, user_id, user):
user['name'] = clean.user_name(user['name'])
if 'enabled' not in user:
user['enabled'] = True
user = utils.hash_user_password(user)
session = self.get_session()
with session.begin():

20
keystone/identity/core.py
View File

@ -61,6 +61,26 @@ class Manager(manager.Manager):
def __init__(self):
super(Manager, self).__init__(CONF.identity.driver)
def create_user(self, context, user_id, user_ref):
user = user_ref.copy()
if 'enabled' not in user:
user['enabled'] = True
return self.driver.create_user(user_id, user)
def create_group(self, context, group_id, group_ref):
group = group_ref.copy()
if 'description' not in group:
group['description'] = ''
return self.driver.create_group(group_id, group)
def create_project(self, context, tenant_id, tenant_ref):
tenant = tenant_ref.copy()
if 'enabled' not in tenant:
tenant['enabled'] = True
if 'description' not in tenant:
tenant['description'] = ''
return self.driver.create_project(tenant_id, tenant)
class Driver(object):
"""Interface description for an Identity driver."""

9
keystone/test.py
View File

@ -313,6 +313,15 @@ class TestCase(NoModule, unittest.TestCase):
"""
self.assertAlmostEqual(a, b, delta=datetime.timedelta(seconds=delta))
def assertDictContainsSubset(self, dict1, dict2):
if len(dict1) < len(dict2):
(subset, fullset) = dict1, dict2
else:
(subset, fullset) = dict2, dict1
for x in subset:
self.assertIn(x, fullset)
self.assertEquals(subset.get(x), fullset.get(x))
@staticmethod
def skip_if_no_ipv6():
try:

2
tests/backend_ldap.conf
View File

@ -5,7 +5,5 @@ password = password
backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role']
suffix = cn=example,cn=com
[identity]
driver = keystone.identity.backends.ldap.Identity

216
tests/test_backend.py
View File

@ -117,7 +117,7 @@ class IdentityTests(object):
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'no_meta2',
}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
self.identity_api.add_user_to_project(self.tenant_baz['id'],
user['id'])
user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
@ -130,7 +130,7 @@ class IdentityTests(object):
user.pop('password')
self.assertEquals(metadata_ref, {"roles":
[CONF.member_role_id]})
self.assertDictEqual(user_ref, user)
self.assertDictContainsSubset(user_ref, user)
self.assertDictEqual(tenant_ref, self.tenant_baz)
def test_password_hashed(self):
@ -266,10 +266,10 @@ class IdentityTests(object):
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user['name'] = 'fake2'
self.assertRaises(exception.Conflict,
self.identity_api.create_user,
self.identity_man.create_user, {},
'fake1',
user)
@ -279,10 +279,10 @@ class IdentityTests(object):
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user['id'] = 'fake2'
self.assertRaises(exception.Conflict,
self.identity_api.create_user,
self.identity_man.create_user, {},
'fake2',
user)
@ -297,8 +297,8 @@ class IdentityTests(object):
'name': user1['name'],
'domain_id': new_domain['id'],
'password': uuid.uuid4().hex}
self.identity_api.create_user(user1['id'], user1)
self.identity_api.create_user(user2['id'], user2)
self.identity_man.create_user({}, user1['id'], user1)
self.identity_man.create_user({}, user2['id'], user2)
def test_move_user_between_domains(self):
domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
@ -309,7 +309,7 @@ class IdentityTests(object):
'name': uuid.uuid4().hex,
'domain_id': domain1['id'],
'password': uuid.uuid4().hex}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
user['domain_id'] = domain2['id']
self.identity_api.update_user(user['id'], user)
@ -323,14 +323,14 @@ class IdentityTests(object):
'name': uuid.uuid4().hex,
'domain_id': domain1['id'],
'password': uuid.uuid4().hex}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
# Now create a user in domain2 with a potentially clashing
# name - which should work since we have domain separation
user2 = {'id': uuid.uuid4().hex,
'name': user1['name'],
'domain_id': domain2['id'],
'password': uuid.uuid4().hex}
self.identity_api.create_user(user2['id'], user2)
self.identity_man.create_user({}, user2['id'], user2)
# Now try and move user1 into the 2nd domain - which should
# fail since the names clash
user1['domain_id'] = domain2['id']
@ -350,8 +350,8 @@ class IdentityTests(object):
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
self.identity_api.create_user('fake1', user1)
self.identity_api.create_user('fake2', user2)
self.identity_man.create_user({}, 'fake1', user1)
self.identity_man.create_user({}, 'fake2', user2)
user2['name'] = 'fake1'
self.assertRaises(exception.Conflict,
self.identity_api.update_user,
@ -364,7 +364,7 @@ class IdentityTests(object):
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user['id'] = 'fake2'
self.assertRaises(exception.ValidationError,
self.identity_api.update_user,
@ -379,20 +379,20 @@ class IdentityTests(object):
def test_create_duplicate_project_id_fails(self):
tenant = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant['name'] = 'fake2'
self.assertRaises(exception.Conflict,
self.identity_api.create_project,
self.identity_man.create_project, {},
'fake1',
tenant)
def test_create_duplicate_project_name_fails(self):
tenant = {'id': 'fake1', 'name': 'fake',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant['id'] = 'fake2'
self.assertRaises(exception.Conflict,
self.identity_api.create_project,
self.identity_man.create_project, {},
'fake1',
tenant)
@ -403,8 +403,8 @@ class IdentityTests(object):
'domain_id': DEFAULT_DOMAIN_ID}
tenant2 = {'id': uuid.uuid4().hex, 'name': tenant1['name'],
'domain_id': new_domain['id']}
self.identity_api.create_project(tenant1['id'], tenant1)
self.identity_api.create_project(tenant2['id'], tenant2)
self.identity_man.create_project({}, tenant1['id'], tenant1)
self.identity_man.create_project({}, tenant2['id'], tenant2)
def test_move_project_between_domains(self):
domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
@ -414,7 +414,7 @@ class IdentityTests(object):
project = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_project(project['id'], project)
self.identity_man.create_project({}, project['id'], project)
project['domain_id'] = domain2['id']
self.identity_api.update_project(project['id'], project)
@ -427,13 +427,13 @@ class IdentityTests(object):
project1 = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_project(project1['id'], project1)
self.identity_man.create_project({}, project1['id'], project1)
# Now create a project in domain2 with a potentially clashing
# name - which should work since we have domain separation
project2 = {'id': uuid.uuid4().hex,
'name': project1['name'],
'domain_id': domain2['id']}
self.identity_api.create_project(project2['id'], project2)
self.identity_man.create_project({}, project2['id'], project2)
# Now try and move project1 into the 2nd domain - which should
# fail since the names clash
project1['domain_id'] = domain2['id']
@ -447,8 +447,8 @@ class IdentityTests(object):
'domain_id': DEFAULT_DOMAIN_ID}
tenant2 = {'id': 'fake2', 'name': 'fake2',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant1)
self.identity_api.create_project('fake2', tenant2)
self.identity_man.create_project({}, 'fake1', tenant1)
self.identity_man.create_project({}, 'fake2', tenant2)
tenant2['name'] = 'fake1'
self.assertRaises(exception.Error,
self.identity_api.update_project,
@ -458,7 +458,7 @@ class IdentityTests(object):
def test_update_project_id_does_nothing(self):
tenant = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant['id'] = 'fake2'
self.identity_api.update_project('fake1', tenant)
tenant_ref = self.identity_api.get_project('fake1')
@ -625,11 +625,11 @@ class IdentityTests(object):
self.identity_api.create_domain(new_domain['id'], new_domain)
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': 'secret', 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
roles_ref = self.identity_api.list_grants(
@ -662,11 +662,11 @@ class IdentityTests(object):
self.identity_api.create_domain(new_domain['id'], new_domain)
new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -702,21 +702,21 @@ class IdentityTests(object):
self.identity_api.create_domain(new_domain['id'], new_domain)
new_project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': new_domain['id']}
self.identity_api.create_project(new_project['id'], new_project)
self.identity_man.create_project({}, new_project['id'], new_project)
new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
new_group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group2['id'], new_group2)
self.identity_man.create_group({}, new_group2['id'], new_group2)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
new_user2 = {'id': uuid.uuid4().hex, 'name': 'new_user2',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user2['id'], new_user2)
self.identity_man.create_user({}, new_user2['id'], new_user2)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
# First check we have no grants
@ -764,7 +764,7 @@ class IdentityTests(object):
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': 'secret', 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
roles_ref = self.identity_api.list_grants(
user_id=new_user['id'],
domain_id=new_domain['id'])
@ -805,7 +805,7 @@ class IdentityTests(object):
self.identity_api.create_domain(domain2['id'], domain2)
group1 = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
roles_ref = self.identity_api.list_grants(
group_id=group1['id'],
domain_id=domain1['id'])
@ -858,7 +858,7 @@ class IdentityTests(object):
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
roles_ref = self.identity_api.list_grants(
user_id=user1['id'],
domain_id=domain1['id'])
@ -906,10 +906,10 @@ class IdentityTests(object):
self.identity_api.create_domain(domain2['id'], domain2)
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'enabled': True}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain2['id']}
self.identity_api.create_project(project1['id'], project1)
self.identity_man.create_project({}, project1['id'], project1)
roles_ref = self.identity_api.list_grants(
group_id=group1['id'],
project_id=project1['id'])
@ -951,10 +951,10 @@ class IdentityTests(object):
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain2['id']}
self.identity_api.create_project(project1['id'], project1)
self.identity_man.create_project({}, project1['id'], project1)
roles_ref = self.identity_api.list_grants(
user_id=user1['id'],
project_id=project1['id'])
@ -995,13 +995,13 @@ class IdentityTests(object):
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'enabled': True}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_project(project1['id'], project1)
self.identity_man.create_project({}, project1['id'], project1)
self.identity_api.add_user_to_group(user1['id'],
group1['id'])
@ -1063,14 +1063,14 @@ class IdentityTests(object):
self.identity_api.create_domain(domain1['id'], domain1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_project(project1['id'], project1)
self.identity_man.create_project({}, project1['id'], project1)
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'enabled': True}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
self.identity_api.create_grant(user_id=user1['id'],
project_id=project1['id'],
role_id=role1['id'])
@ -1124,14 +1124,14 @@ class IdentityTests(object):
self.identity_api.create_domain(domain1['id'], domain1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_project(project1['id'], project1)
self.identity_man.create_project({}, project1['id'], project1)
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'enabled': True}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
self.identity_api.create_grant(user_id=user1['id'],
project_id=project1['id'],
role_id=role1['id'])
@ -1172,14 +1172,14 @@ class IdentityTests(object):
self.identity_api.create_domain(domain1['id'], domain1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_project(project1['id'], project1)
self.identity_man.create_project({}, project1['id'], project1)
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id'], 'enabled': True}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
self.identity_api.create_grant(group_id=group1['id'],
project_id=project1['id'],
role_id=role1['id'])
@ -1308,7 +1308,7 @@ class IdentityTests(object):
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
self.identity_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
self.identity_api.delete_user(user['id'])
@ -1321,7 +1321,7 @@ class IdentityTests(object):
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
self.identity_api.add_role_to_user_and_project(
user['id'],
self.tenant_bar['id'],
@ -1345,7 +1345,7 @@ class IdentityTests(object):
tenant = {'id': 'fake1', 'name': 'a' * 65,
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_project,
self.identity_man.create_project, {},
tenant['id'],
tenant)
@ -1353,7 +1353,7 @@ class IdentityTests(object):
tenant = {'id': 'fake1', 'name': '',
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_project,
self.identity_man.create_project, {},
tenant['id'],
tenant)
@ -1361,20 +1361,20 @@ class IdentityTests(object):
tenant = {'id': 'fake1', 'name': None,
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_project,
self.identity_man.create_project, {},
tenant['id'],
tenant)
tenant = {'id': 'fake1', 'name': 123,
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_project,
self.identity_man.create_project, {},
tenant['id'],
tenant)
def test_update_project_blank_name_fails(self):
tenant = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant['name'] = ''
self.assertRaises(exception.ValidationError,
self.identity_api.update_project,
@ -1384,7 +1384,7 @@ class IdentityTests(object):
def test_update_project_long_name_fails(self):
tenant = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant['name'] = 'a' * 65
self.assertRaises(exception.ValidationError,
self.identity_api.update_project,
@ -1394,7 +1394,7 @@ class IdentityTests(object):
def test_update_project_invalid_name_fails(self):
tenant = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant['name'] = None
self.assertRaises(exception.ValidationError,
self.identity_api.update_project,
@ -1411,7 +1411,7 @@ class IdentityTests(object):
user = {'id': 'fake1', 'name': 'a' * 65,
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
self.identity_man.create_user, {},
'fake1',
user)
@ -1419,7 +1419,7 @@ class IdentityTests(object):
user = {'id': 'fake1', 'name': '',
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
self.identity_man.create_user, {},
'fake1',
user)
@ -1427,21 +1427,21 @@ class IdentityTests(object):
user = {'id': 'fake1', 'name': None,
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
self.identity_man.create_user, {},
'fake1',
user)
user = {'id': 'fake1', 'name': 123,
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
self.identity_man.create_user, {},
'fake1',
user)
def test_update_user_long_name_fails(self):
user = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user['name'] = 'a' * 65
self.assertRaises(exception.ValidationError,
self.identity_api.update_user,
@ -1451,7 +1451,7 @@ class IdentityTests(object):
def test_update_user_blank_name_fails(self):
user = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user['name'] = ''
self.assertRaises(exception.ValidationError,
self.identity_api.update_user,
@ -1461,7 +1461,7 @@ class IdentityTests(object):
def test_update_user_invalid_name_fails(self):
user = {'id': 'fake1', 'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user['name'] = None
self.assertRaises(exception.ValidationError,
@ -1485,8 +1485,8 @@ class IdentityTests(object):
'name': uuid.uuid4().hex}
group2 = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(group1['id'], group1)
self.identity_api.create_group(group2['id'], group2)
self.identity_man.create_group({}, group1['id'], group1)
self.identity_man.create_group({}, group2['id'], group2)
groups = self.identity_api.list_groups()
self.assertEquals(len(groups), 2)
group_ids = []
@ -1525,7 +1525,7 @@ class IdentityTests(object):
def test_delete_project_with_role_assignments(self):
tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project(tenant['id'], tenant)
self.identity_man.create_project({}, tenant['id'], tenant)
self.identity_api.add_role_to_user_and_project(
self.user_foo['id'], tenant['id'], 'member')
self.identity_api.delete_project(tenant['id'])
@ -1552,21 +1552,21 @@ class IdentityTests(object):
new_project = {'id': 'tenant_id', 'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID}
original_project = new_project.copy()
self.identity_api.create_project('tenant_id', new_project)
self.identity_man.create_project({}, 'tenant_id', new_project)
self.assertDictEqual(original_project, new_project)
def test_create_user_doesnt_modify_passed_in_dict(self):
new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'enabled': True,
'password': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID}
original_user = new_user.copy()
self.identity_api.create_user('user_id', new_user)
self.identity_man.create_user({}, 'user_id', new_user)
self.assertDictEqual(original_user, new_user)
def test_update_user_enable(self):
user = {'id': 'fake1', 'name': 'fake1', 'enabled': True,
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user_ref = self.identity_api.get_user('fake1')
self.assertEqual(user_ref['enabled'], True)
@ -1583,7 +1583,7 @@ class IdentityTests(object):
def test_update_project_enable(self):
tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True,
'domain_id': DEFAULT_DOMAIN_ID}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant_ref = self.identity_api.get_project('fake1')
self.assertEqual(tenant_ref['enabled'], True)
@ -1602,11 +1602,11 @@ class IdentityTests(object):
self.identity_api.create_domain(domain['id'], domain)
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
groups = self.identity_api.list_groups_for_user(new_user['id'])
@ -1623,7 +1623,7 @@ class IdentityTests(object):
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
self.assertRaises(exception.GroupNotFound,
self.identity_api.add_user_to_group,
new_user['id'],
@ -1631,7 +1631,7 @@ class IdentityTests(object):
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
self.assertRaises(exception.UserNotFound,
self.identity_api.add_user_to_group,
uuid.uuid4().hex,
@ -1642,11 +1642,11 @@ class IdentityTests(object):
self.identity_api.create_domain(domain['id'], domain)
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
self.identity_api.check_user_in_group(new_user['id'], new_group['id'])
@ -1654,7 +1654,7 @@ class IdentityTests(object):
def test_check_user_not_in_group(self):
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
self.assertRaises(exception.UserNotFound,
self.identity_api.check_user_in_group,
uuid.uuid4().hex,
@ -1665,11 +1665,11 @@ class IdentityTests(object):
self.identity_api.create_domain(domain['id'], domain)
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
user_refs = self.identity_api.list_users_in_group(new_group['id'])
@ -1684,11 +1684,11 @@ class IdentityTests(object):
self.identity_api.create_domain(domain['id'], domain)
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
agroups = self.identity_api.list_groups_for_user(new_user['id'])
@ -1704,10 +1704,10 @@ class IdentityTests(object):
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
self.identity_man.create_user({}, new_user['id'], new_user)
new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
self.identity_man.create_group({}, new_group['id'], new_group)
self.assertRaises(exception.NotFound,
self.identity_api.remove_user_from_group,
new_user['id'],
@ -1726,14 +1726,14 @@ class IdentityTests(object):
def test_group_crud(self):
group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.identity_api.create_group(group['id'], group)
self.identity_man.create_group({}, group['id'], group)
group_ref = self.identity_api.get_group(group['id'])
self.assertDictEqual(group_ref, group)
self.assertDictContainsSubset(group_ref, group)
group['name'] = uuid.uuid4().hex
self.identity_api.update_group(group['id'], group)
group_ref = self.identity_api.get_group(group['id'])
self.assertDictEqual(group_ref, group)
self.assertDictContainsSubset(group_ref, group)
self.identity_api.delete_group(group['id'])
self.assertRaises(exception.GroupNotFound,
@ -1745,9 +1745,9 @@ class IdentityTests(object):
'name': uuid.uuid4().hex}
group2 = {'id': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID,
'name': group1['name']}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
self.assertRaises(exception.Conflict,
self.identity_api.create_group,
self.identity_man.create_group, {},
group2['id'], group2)
def test_create_duplicate_group_name_in_different_domains(self):
@ -1757,8 +1757,8 @@ class IdentityTests(object):
'name': uuid.uuid4().hex}
group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
'name': group1['name']}
self.identity_api.create_group(group1['id'], group1)
self.identity_api.create_group(group2['id'], group2)
self.identity_man.create_group({}, group1['id'], group1)
self.identity_man.create_group({}, group2['id'], group2)
def test_move_group_between_domains(self):
domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
@ -1768,7 +1768,7 @@ class IdentityTests(object):
group = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_group(group['id'], group)
self.identity_man.create_group({}, group['id'], group)
group['domain_id'] = domain2['id']
self.identity_api.update_group(group['id'], group)
@ -1781,13 +1781,13 @@ class IdentityTests(object):
group1 = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.identity_api.create_group(group1['id'], group1)
self.identity_man.create_group({}, group1['id'], group1)
# Now create a group in domain2 with a potentially clashing
# name - which should work since we have domain separation
group2 = {'id': uuid.uuid4().hex,
'name': group1['name'],
'domain_id': domain2['id']}
self.identity_api.create_group(group2['id'], group2)
self.identity_man.create_group({}, group2['id'], group2)
# Now try and move group1 into the 2nd domain - which should
# fail since the names clash
group1['domain_id'] = domain2['id']
@ -1799,14 +1799,14 @@ class IdentityTests(object):
def test_project_crud(self):
project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': uuid.uuid4().hex}
self.identity_api.create_project(project['id'], project)
self.identity_man.create_project({}, project['id'], project)
project_ref = self.identity_api.get_project(project['id'])
self.assertDictEqual(project_ref, project)
self.assertDictContainsSubset(project_ref, project)
project['name'] = uuid.uuid4().hex
self.identity_api.update_project(project['id'], project)
project_ref = self.identity_api.get_project(project['id'])
self.assertDictEqual(project_ref, project)
self.assertDictContainsSubset(project_ref, project)
self.identity_api.delete_project(project['id'])
self.assertRaises(exception.ProjectNotFound,
@ -1833,18 +1833,18 @@ class IdentityTests(object):
def test_user_crud(self):
user = {'domain_id': uuid.uuid4().hex, 'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex, 'password': 'passw0rd'}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
user_ref = self.identity_api.get_user(user['id'])
del user['password']
user_ref_dict = dict((x, user_ref[x]) for x in user_ref)
self.assertDictEqual(user_ref_dict, user)
self.assertDictContainsSubset(user_ref_dict, user)
user['password'] = uuid.uuid4().hex
self.identity_api.update_user(user['id'], user)
user_ref = self.identity_api.get_user(user['id'])
del user['password']
user_ref_dict = dict((x, user_ref[x]) for x in user_ref)
self.assertDictEqual(user_ref_dict, user)
self.assertDictContainsSubset(user_ref_dict, user)
self.identity_api.delete_user(user['id'])
self.assertRaises(exception.UserNotFound,
@ -1855,7 +1855,7 @@ class IdentityTests(object):
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
self.identity_man.create_user({}, user1['id'], user1)
user_projects = self.identity_api.list_user_projects(user1['id'])
self.assertEquals(len(user_projects), 0)
self.identity_api.create_grant(user_id=user1['id'],

12
tests/test_backend_kvs.py
View File

@ -19,7 +19,7 @@ import nose.exc
from keystone import catalog
from keystone.catalog.backends import kvs as catalog_kvs
from keystone import exception
from keystone.identity.backends import kvs as identity_kvs
from keystone import identity
from keystone import test
from keystone.token.backends import kvs as token_kvs
from keystone.trust.backends import kvs as trust_kvs
@ -31,7 +31,10 @@ import test_backend
class KvsIdentity(test.TestCase, test_backend.IdentityTests):
def setUp(self):
super(KvsIdentity, self).setUp()
self.identity_api = identity_kvs.Identity(db={})
identity.CONF.identity.driver = \
'keystone.identity.backends.kvs.Identity'
self.identity_man = identity.Manager()
self.identity_api = self.identity_man.driver
self.load_fixtures(default_fixtures)
def test_list_user_projects(self):
@ -75,8 +78,11 @@ class KvsToken(test.TestCase, test_backend.TokenTests):
class KvsTrust(test.TestCase, test_backend.TrustTests):
def setUp(self):
super(KvsTrust, self).setUp()
identity.CONF.identity.driver = \
'keystone.identity.backends.kvs.Identity'
self.identity_man = identity.Manager()
self.identity_api = self.identity_man.driver
self.trust_api = trust_kvs.Trust(db={})
self.identity_api = identity_kvs.Identity(db={})
self.catalog_api = catalog_kvs.Catalog(db={})
self.load_fixtures(default_fixtures)

64
tests/test_backend_ldap.py
View File

@ -22,7 +22,7 @@ from keystone.common import ldap as ldap_common
from keystone.common.ldap import fakeldap
from keystone import config
from keystone import exception
from keystone.identity.backends import ldap as identity_ldap
from keystone import identity
from keystone import test
import default_fixtures
@ -44,24 +44,25 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_man = identity.Manager()
self.identity_api = self.identity_man.driver
self.load_fixtures(default_fixtures)
def test_build_tree(self):
"""Regression test for building the tree names
"""
user_api = identity_ldap.UserApi(CONF)
user_api = identity.backends.ldap.UserApi(CONF)
self.assertTrue(user_api)
self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)
def test_configurable_allowed_user_actions(self):
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
user = {'id': 'fake1',
'name': 'fake1',
'password': 'fakepass1',
'tenants': ['bar']}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user_ref = self.identity_api.get_user('fake1')
self.assertEqual(user_ref['id'], 'fake1')
@ -77,7 +78,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.user_allow_create = False
CONF.ldap.user_allow_update = False
CONF.ldap.user_allow_delete = False
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
user = {'id': 'fake1',
'name': 'fake1',
@ -99,10 +100,10 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.user_foo['id'])
def test_configurable_allowed_project_actions(self):
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True}
self.identity_api.create_project('fake1', tenant)
self.identity_man.create_project({}, 'fake1', tenant)
tenant_ref = self.identity_api.get_project('fake1')
self.assertEqual(tenant_ref['id'], 'fake1')
@ -118,7 +119,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.tenant_allow_create = False
CONF.ldap.tenant_allow_update = False
CONF.ldap.tenant_allow_delete = False
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
tenant = {'id': 'fake1', 'name': 'fake1'}
self.assertRaises(exception.ForbiddenAction,
@ -136,7 +137,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.tenant_bar['id'])
def test_configurable_allowed_role_actions(self):
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
role = {'id': 'fake1', 'name': 'fake1'}
self.identity_api.create_role('fake1', role)
@ -155,7 +156,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.role_allow_create = False
CONF.ldap.role_allow_update = False
CONF.ldap.role_allow_delete = False
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
self.assertRaises(exception.ForbiddenAction,
@ -179,7 +180,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.assertDictEqual(user_ref, self.user_foo)
CONF.ldap.user_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user,
self.user_foo['id'])
@ -189,7 +190,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.assertDictEqual(tenant_ref, self.tenant_bar)
CONF.ldap.tenant_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.assertRaises(exception.ProjectNotFound,
self.identity_api.get_project,
self.tenant_bar['id'])
@ -199,7 +200,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.assertDictEqual(role_ref, self.role_member)
CONF.ldap.role_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.assertRaises(exception.RoleNotFound,
self.identity_api.get_role,
self.role_member['id'])
@ -208,7 +209,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.use_dumb_member = True
CONF.ldap.dumb_member = 'cn=dumb,cn=example,cn=com'
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user,
@ -219,7 +220,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.user_mail_attribute = 'email'
CONF.ldap.user_enabled_attribute = 'enabled'
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
user_ref = self.identity_api.get_user(self.user_two['id'])
self.assertEqual(user_ref['id'], self.user_two['id'])
@ -229,7 +230,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.user_name_attribute = 'email'
CONF.ldap.user_mail_attribute = 'sn'
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
user_ref = self.identity_api.get_user(self.user_two['id'])
self.assertEqual(user_ref['id'], self.user_two['id'])
self.assertEqual(user_ref['name'], self.user_two['email'])
@ -240,7 +241,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.user_attribute_ignore = ['name', 'email', 'password',
'tenant_id', 'enabled', 'tenants']
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
user_ref = self.identity_api.get_user(self.user_two['id'])
self.assertEqual(user_ref['id'], self.user_two['id'])
@ -256,7 +257,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.tenant_desc_attribute = 'desc'
CONF.ldap.tenant_enabled_attribute = 'enabled'
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
tenant_ref = self.identity_api.get_project(self.tenant_baz['id'])
self.assertEqual(tenant_ref['id'], self.tenant_baz['id'])
@ -268,7 +269,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.tenant_name_attribute = 'desc'
CONF.ldap.tenant_desc_attribute = 'ou'
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
tenant_ref = self.identity_api.get_project(self.tenant_baz['id'])
self.assertEqual(tenant_ref['id'], self.tenant_baz['id'])
self.assertEqual(tenant_ref['name'], self.tenant_baz['description'])
@ -280,7 +281,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
'description',
'enabled']
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
tenant_ref = self.identity_api.get_project(self.tenant_baz['id'])
self.assertEqual(tenant_ref['id'], self.tenant_baz['id'])
@ -291,14 +292,14 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
def test_role_attribute_mapping(self):
CONF.ldap.role_name_attribute = 'ou'
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
role_ref = self.identity_api.get_role(self.role_member['id'])
self.assertEqual(role_ref['id'], self.role_member['id'])
self.assertEqual(role_ref['name'], self.role_member['name'])
CONF.ldap.role_name_attribute = 'sn'
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
role_ref = self.identity_api.get_role(self.role_member['id'])
self.assertEqual(role_ref['id'], self.role_member['id'])
self.assertNotIn('name', role_ref)
@ -306,7 +307,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
def test_role_attribute_ignore(self):
CONF.ldap.role_attribute_ignore = ['name']
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
self.load_fixtures(default_fixtures)
role_ref = self.identity_api.get_role(self.role_member['id'])
self.assertEqual(role_ref['id'], self.role_member['id'])
@ -317,9 +318,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
CONF.ldap.user_enabled_mask = 2
CONF.ldap.user_enabled_default = 512
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_api = identity.backends.ldap.Identity()
user = {'id': 'fake1', 'name': 'fake1', 'enabled': True}
self.identity_api.create_user('fake1', user)
self.identity_man.create_user({}, 'fake1', user)
user_ref = self.identity_api.get_user('fake1')
self.assertEqual(user_ref['enabled'], True)
@ -338,7 +339,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf')])
CONF.ldap.url = "fake://memory"
user_api = identity_ldap.UserApi(CONF)
user_api = identity.backends.ldap.UserApi(CONF)
self.stubs.Set(fakeldap, 'FakeLdap',
self.mox.CreateMock(fakeldap.FakeLdap))
# we have to track all calls on 'conn' to make sure that
@ -354,7 +355,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
self.assertRaisesRegexp(
ValueError,
'Invalid LDAP scope: %s. *' % CONF.ldap.query_scope,
identity_ldap.Identity)
identity.backends.ldap.Identity)
# TODO (henry-nash) These need to be removed when the full LDAP implementation
# is submitted - see Bugs 1092187, 1101287, 1101276, 1101289
@ -488,7 +489,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
CONF.ldap.user_enabled_emulation = True
CONF.ldap.tenant_enabled_emulation = True
clear_database()
self.identity_api = identity_ldap.Identity()
self.identity_man = identity.Manager()
self.identity_api = self.identity_man.driver
self.load_fixtures(default_fixtures)
for obj in [self.tenant_bar, self.tenant_baz, self.user_foo,
self.user_two, self.user_badguy]:
@ -502,7 +504,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
'password': 'no_meta2',
'enabled': True,
}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
self.identity_api.add_user_to_project(self.tenant_baz['id'],
user['id'])
user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
@ -521,7 +523,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
def test_user_crud(self):
user = {'domain_id': uuid.uuid4().hex, 'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex, 'password': 'passw0rd'}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
user['enabled'] = True
user_ref = self.identity_api.get_user(user['id'])
del user['password']

16
tests/test_backend_sql.py
View File

@ -71,7 +71,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
self.identity_api.create_user(user['id'], user)
self.identity_man.create_user({}, user['id'], user)
self.identity_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
self.identity_api.delete_user(user['id'])
@ -85,7 +85,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
self.identity_man.create_user, {},
user['id'],
user)
self.assertRaises(exception.UserNotFound,
@ -101,7 +101,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'name': None,
'domain_id': DEFAULT_DOMAIN_ID}
self.assertRaises(exception.ValidationError,
self.identity_api.create_project,
self.identity_man.create_project, {},
tenant['id'],
tenant)
self.assertRaises(exception.ProjectNotFound,
@ -128,7 +128,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'name': 'fakeuser',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
self.identity_api.create_user('fake', user)
self.identity_man.create_user({}, 'fake', user)
self.identity_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
self.identity_api.delete_project(self.tenant_bar['id'])
@ -140,7 +140,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'name': 'fakeuser',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
self.identity_api.create_user('fake', user)
self.identity_man.create_user({}, 'fake', user)
self.identity_api.create_metadata(user['id'],
self.tenant_bar['id'],
{'extra': 'extra'})
@ -155,7 +155,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'name': 'fakeuser',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
self.identity_api.create_user('fake', user)
self.identity_man.create_user({}, 'fake', user)
self.identity_api.create_metadata(user['id'],
self.tenant_bar['id'],
{'extra': 'extra'})
@ -183,7 +183,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
arbitrary_key: arbitrary_value}
ref = self.identity_api.create_project(tenant_id, tenant)
ref = self.identity_man.create_project({}, tenant_id, tenant)
self.assertEqual(arbitrary_value, ref[arbitrary_key])
self.assertIsNone(ref.get('extra'))
@ -211,7 +211,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
arbitrary_key: arbitrary_value}
ref = self.identity_api.create_user(user_id, user)
ref = self.identity_man.create_user({}, user_id, user)
self.assertEqual(arbitrary_value, ref[arbitrary_key])
self.assertIsNone(ref.get('password'))
self.assertIsNone(ref.get('extra'))