openstack
/
keystone
Code Issues Proposed changes

Use unit.new_user_ref consistently 

Replace all hand created user refs with calls to new_user_ref().

Note: LDAP live testing code will be updated in a follow on patch.
They require more testing before submission.

Change-Id: I73b1d869534ac3a1bcd2404ef1dd3a0d5b7ea518
This commit is contained in:
Sean Perry 2015-11-10 16:25:02 -08:00
parent 7b6a5a7515
commit 5784285e9f
21 changed files with 469 additions and 792 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
keystone/tests/unit/common/test_notifications.py
View File

@ -338,16 +338,16 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_ROLE)
def test_create_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id)
user_ref = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(user_ref)
self._assert_last_note(user_ref['id'], CREATED_OPERATION, 'user')
self._assert_last_audit(user_ref['id'], CREATED_OPERATION, 'user',
cadftaxonomy.SECURITY_ACCOUNT_USER)
def test_create_trust(self):
trustor = self.new_user_ref(domain_id=self.domain_id)
trustor = unit.new_user_ref(domain_id=self.domain_id)
trustor = self.identity_api.create_user(trustor)
trustee = self.new_user_ref(domain_id=self.domain_id)
trustee = unit.new_user_ref(domain_id=self.domain_id)
trustee = self.identity_api.create_user(trustee)
role_ref = unit.new_role_ref()
self.role_api.create_role(role_ref['id'], role_ref)
@ -387,7 +387,7 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_ROLE)
def test_delete_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id)
user_ref = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(user_ref)
self.identity_api.delete_user(user_ref['id'])
self._assert_last_note(user_ref['id'], DELETED_OPERATION, 'user')
@ -421,9 +421,9 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_DOMAIN)
def test_delete_trust(self):
trustor = self.new_user_ref(domain_id=self.domain_id)
trustor = unit.new_user_ref(domain_id=self.domain_id)
trustor = self.identity_api.create_user(trustor)
trustee = self.new_user_ref(domain_id=self.domain_id)
trustee = unit.new_user_ref(domain_id=self.domain_id)
trustee = self.identity_api.create_user(trustee)
role_ref = unit.new_role_ref()
trust_ref = self.new_trust_ref(trustor['id'], trustee['id'])
@ -616,7 +616,7 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_ROLE)
def test_update_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id)
user_ref = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(user_ref)
self.identity_api.update_user(user_ref['id'], user_ref)
self._assert_last_note(user_ref['id'], UPDATED_OPERATION, 'user')

21
keystone/tests/unit/core.py
View File

@ -312,13 +312,18 @@ def new_project_ref(domain_id=None, parent_id=None, is_domain=False):
return ref
def new_user_ref(domain_id, project_id=None):
def new_user_ref(domain_id, project_id=None, **kwargs):
ref = new_ref()
# do not include by default, allow user to add with kwargs
del ref['description']
ref['domain_id'] = domain_id
ref['email'] = uuid.uuid4().hex
ref['password'] = uuid.uuid4().hex
if project_id:
ref['default_project_id'] = project_id
ref.update(**kwargs)
return ref
@ -400,6 +405,20 @@ def new_trust_ref(trustor_user_id, trustee_user_id, project_id=None,
return ref
def create_user(api, domain_id, **kwargs):
"""Create a user via the API. Keep the created password.
The password is saved and restored when api.create_user() is called.
Only use this routine if there is a requirement for the user object to
have a valid password after api.create_user() is called.
"""
user = new_user_ref(domain_id=domain_id, **kwargs)
password = user['password']
user = api.create_user(user)
user['password'] = password
return user
class BaseTestCase(oslotest.BaseTestCase):
"""Light weight base test class.

14
keystone/tests/unit/test_auth.py
View File

@ -715,15 +715,9 @@ class AuthWithPasswordCredentials(AuthTest):
# 2) Create user "foo" in new domain with different password than
# default-domain foo.
new_user_password = uuid.uuid4().hex
new_user = {
'name': self.user_foo['name'],
'domain_id': new_domain_id,
'password': new_user_password,
'email': 'foo@bar2.com',
}
new_user = self.identity_api.create_user(new_user)
new_user = unit.create_user(self.identity_api,
name=self.user_foo['name'],
domain_id=new_domain_id)
# 3) Update the default_domain_id config option to the new domain
@ -734,7 +728,7 @@ class AuthWithPasswordCredentials(AuthTest):
body_dict = _build_user_auth(
username=self.user_foo['name'],
password=new_user_password)
password=new_user['password'])
# The test is successful if this doesn't raise, so no need to assert.
self.controller.authenticate({}, body_dict)

301
keystone/tests/unit/test_backend.py
View File

@ -198,7 +198,7 @@ class AssignmentTestHelperMixin(object):
def _create_entity_in_domain(entity_type, domain_id):
"""Create a user or group entity in the domain."""
if entity_type == 'users':
new_entity = {'name': uuid.uuid4().hex, 'domain_id': domain_id}
new_entity = unit.new_user_ref(domain_id=domain_id)
new_entity = self.identity_api.create_user(new_entity)
elif entity_type == 'groups':
new_entity = unit.new_group_ref(domain_id=domain_id)
@ -479,11 +479,12 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertDictEqual(self.user_sna, user_ref)
def test_authenticate_and_get_roles_no_metadata(self):
user = {
'name': 'NO_META',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'no_meta2',
}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
# Remove user id. It is ignored by create_user() and will break the
# subset test below.
del user['id']
new_user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
new_user['id'])
@ -504,10 +505,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_authenticate_if_no_password_set(self):
id_ = uuid.uuid4().hex
user = {
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
self.identity_api.create_user(user)
self.assertRaises(AssertionError,
@ -518,9 +516,8 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_create_unicode_user_name(self):
unicode_name = u'name \u540d\u5b57'
user = {'name': unicode_name,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = unit.new_user_ref(name=unicode_name,
domain_id=DEFAULT_DOMAIN_ID)
ref = self.identity_api.create_user(user)
self.assertEqual(unicode_name, ref['name'])
@ -554,11 +551,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_list_user_ids_for_project_no_duplicates(self):
# Create user
user_ref = {
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
'enabled': True}
user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user_ref = self.identity_api.create_user(user_ref)
# Create project
project_ref = {
@ -596,10 +589,7 @@ class IdentityTests(AssignmentTestHelperMixin):
@unit.skip_if_cache_disabled('identity')
def test_cache_layer_get_user(self):
user = {
'name': uuid.uuid4().hex.lower(),
'domain_id': DEFAULT_DOMAIN_ID
}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id'])
@ -614,11 +604,8 @@ class IdentityTests(AssignmentTestHelperMixin):
self.identity_api.get_user.invalidate(self.identity_api, ref['id'])
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user, ref['id'])
user = {
'name': uuid.uuid4().hex.lower(),
'domain_id': DEFAULT_DOMAIN_ID
}
self.identity_api.create_user(user)
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id'])
user['description'] = uuid.uuid4().hex
@ -648,10 +635,7 @@ class IdentityTests(AssignmentTestHelperMixin):
@unit.skip_if_cache_disabled('identity')
def test_cache_layer_get_user_by_name(self):
user = {
'name': uuid.uuid4().hex.lower(),
'domain_id': DEFAULT_DOMAIN_ID
}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id'])
@ -667,11 +651,8 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user_by_name,
user['name'], DEFAULT_DOMAIN_ID)
user = {
'name': uuid.uuid4().hex.lower(),
'domain_id': DEFAULT_DOMAIN_ID
}
self.identity_api.create_user(user)
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id'])
user['description'] = uuid.uuid4().hex
@ -689,10 +670,7 @@ class IdentityTests(AssignmentTestHelperMixin):
DEFAULT_DOMAIN_ID)
def test_create_duplicate_user_name_fails(self):
user = {'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.assertRaises(exception.Conflict,
self.identity_api.create_user,
@ -701,12 +679,11 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_create_duplicate_user_name_in_different_domains(self):
new_domain = unit.new_domain_ref()
self.resource_api.create_domain(new_domain['id'], new_domain)
user1 = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user2 = {'name': user1['name'],
'domain_id': new_domain['id'],
'password': uuid.uuid4().hex}
user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user2 = unit.new_user_ref(name=user1['name'],
domain_id=new_domain['id'])
self.identity_api.create_user(user1)
self.identity_api.create_user(user2)
@ -715,9 +692,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2)
user = {'name': uuid.uuid4().hex,
'domain_id': domain1['id'],
'password': uuid.uuid4().hex}
user = unit.new_user_ref(domain_id=domain1['id'])
user = self.identity_api.create_user(user)
user['domain_id'] = domain2['id']
self.identity_api.update_user(user['id'], user)
@ -731,15 +706,12 @@ class IdentityTests(AssignmentTestHelperMixin):
domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2)
# First, create a user in domain1
user1 = {'name': uuid.uuid4().hex,
'domain_id': domain1['id'],
'password': uuid.uuid4().hex}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
# Now create a user in domain2 with a potentially clashing
# name - which should work since we have domain separation
user2 = {'name': user1['name'],
'domain_id': domain2['id'],
'password': uuid.uuid4().hex}
user2 = unit.new_user_ref(name=user1['name'],
domain_id=domain2['id'])
user2 = self.identity_api.create_user(user2)
# Now try and move user1 into the 2nd domain - which should
# fail since the names clash
@ -750,27 +722,18 @@ class IdentityTests(AssignmentTestHelperMixin):
user1)
def test_rename_duplicate_user_name_fails(self):
user1 = {'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
user2 = {'name': 'fake2',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user2 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
self.identity_api.create_user(user1)
user2 = self.identity_api.create_user(user2)
user2['name'] = 'fake1'
user2['name'] = user1['name']
self.assertRaises(exception.Conflict,
self.identity_api.update_user,
user2['id'],
user2)
def test_update_user_id_fails(self):
user = {'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
original_id = user['id']
user['id'] = 'fake2'
@ -965,10 +928,7 @@ class IdentityTests(AssignmentTestHelperMixin):
- Check the role list get by the user and project was as expected
"""
user_ref = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
'enabled': True}
user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user_ref = self.identity_api.create_user(user_ref)
project_ref = {'id': uuid.uuid4().hex,
@ -1032,11 +992,9 @@ class IdentityTests(AssignmentTestHelperMixin):
"""
new_domain = unit.new_domain_ref()
self.resource_api.create_domain(new_domain['id'], new_domain)
new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user1 = unit.new_user_ref(domain_id=new_domain['id'])
new_user1 = self.identity_api.create_user(new_user1)
new_user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user2 = unit.new_user_ref(domain_id=new_domain['id'])
new_user2 = self.identity_api.create_user(new_user2)
roles_ref = self.assignment_api.list_grants(
user_id=new_user1['id'],
@ -1081,8 +1039,7 @@ class IdentityTests(AssignmentTestHelperMixin):
"""
new_domain = self._get_domain_fixture()
new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user1 = unit.new_user_ref(domain_id=new_domain['id'])
new_user1 = self.identity_api.create_user(new_user1)
self.assertRaises(exception.UserNotFound,
@ -1247,8 +1204,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(new_domain['id'], new_domain)
new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': 'secret',
'enabled': True, 'domain_id': new_domain['id']}
new_user = unit.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -1282,8 +1238,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(new_domain['id'], new_domain)
new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user = unit.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -1325,11 +1280,9 @@ class IdentityTests(AssignmentTestHelperMixin):
new_group = self.identity_api.create_group(new_group)
new_group2 = unit.new_group_ref(domain_id=new_domain['id'])
new_group2 = self.identity_api.create_group(new_group2)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user = unit.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
new_user2 = {'name': 'new_user2', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user2 = unit.new_user_ref(domain_id=new_domain['id'])
new_user2 = self.identity_api.create_user(new_user2)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -1375,8 +1328,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_get_and_remove_role_grant_by_user_and_domain(self):
new_domain = unit.new_domain_ref()
self.resource_api.create_domain(new_domain['id'], new_domain)
new_user = {'name': 'new_user', 'password': 'secret',
'enabled': True, 'domain_id': new_domain['id']}
new_user = unit.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
roles_ref = self.assignment_api.list_grants(
user_id=new_user['id'],
@ -1461,8 +1413,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
roles_ref = self.assignment_api.list_grants(
user_id=user1['id'],
@ -1552,8 +1503,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain2['id']}
@ -1621,8 +1571,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertRaises(exception.RoleNotFound, f,
role_id=uuid.uuid4().hex, **kwargs)
user = {'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex, 'enabled': True}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user_resp = self.identity_api.create_user(user)
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
group_resp = self.identity_api.create_group(group)
@ -1654,8 +1603,7 @@ class IdentityTests(AssignmentTestHelperMixin):
role_list.append(role)
domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1)
@ -1761,8 +1709,7 @@ class IdentityTests(AssignmentTestHelperMixin):
role_list.append(role)
domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1)
@ -1824,8 +1771,7 @@ class IdentityTests(AssignmentTestHelperMixin):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1)
@ -1883,8 +1829,7 @@ class IdentityTests(AssignmentTestHelperMixin):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1)
@ -1921,8 +1866,7 @@ class IdentityTests(AssignmentTestHelperMixin):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1)
@ -2132,9 +2076,7 @@ class IdentityTests(AssignmentTestHelperMixin):
'domain_id': DEFAULT_DOMAIN_ID})
def test_delete_user_with_project_association(self):
user = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
@ -2144,9 +2086,7 @@ class IdentityTests(AssignmentTestHelperMixin):
user['id'])
def test_delete_user_with_project_roles(self):
user = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.assignment_api.add_role_to_user_and_project(
user['id'],
@ -2254,22 +2194,21 @@ class IdentityTests(AssignmentTestHelperMixin):
tenant)
def test_create_user_long_name_fails(self):
user = {'name': 'a' * 256,
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(name='a' * 256,
domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
user)
def test_create_user_blank_name_fails(self):
user = {'name': '',
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(name='',
domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
user)
def test_create_user_missed_password(self):
user = {'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.identity_api.get_user(user['id'])
# Make sure the user is not allowed to login
@ -2286,8 +2225,8 @@ class IdentityTests(AssignmentTestHelperMixin):
password=None)
def test_create_user_none_password(self):
user = {'name': 'fake1', 'password': None,
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(password=None,
domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.identity_api.get_user(user['id'])
# Make sure the user is not allowed to login
@ -2304,14 +2243,14 @@ class IdentityTests(AssignmentTestHelperMixin):
password=None)
def test_create_user_invalid_name_fails(self):
user = {'name': None,
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(name=None,
domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
user)
user = {'name': 123,
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(name=123,
domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
user)
@ -2354,18 +2293,15 @@ class IdentityTests(AssignmentTestHelperMixin):
project)
def test_create_user_invalid_enabled_type_string(self):
user = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
# invalid string value
'enabled': "true"}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
# invalid string value
enabled='true')
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
user)
def test_update_user_long_name_fails(self):
user = {'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
user['name'] = 'a' * 256
self.assertRaises(exception.ValidationError,
@ -2374,8 +2310,7 @@ class IdentityTests(AssignmentTestHelperMixin):
user)
def test_update_user_blank_name_fails(self):
user = {'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
user['name'] = ''
self.assertRaises(exception.ValidationError,
@ -2384,8 +2319,7 @@ class IdentityTests(AssignmentTestHelperMixin):
user)
def test_update_user_invalid_name_fails(self):
user = {'name': 'fake1',
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
user['name'] = None
@ -2876,15 +2810,13 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertDictEqual(original_project, new_project)
def test_create_user_doesnt_modify_passed_in_dict(self):
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID}
new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
original_user = new_user.copy()
self.identity_api.create_user(new_user)
self.assertDictEqual(original_user, new_user)
def test_update_user_enable(self):
user = {'name': 'fake1', 'enabled': True,
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id'])
self.assertTrue(user_ref['enabled'])
@ -2923,9 +2855,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertTrue(user_ref['enabled'])
def test_update_user_name(self):
user = {'name': uuid.uuid4().hex,
'enabled': True,
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id'])
self.assertEqual(user['name'], user_ref['name'])
@ -2946,14 +2876,13 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertEqual(changed_name, user_ref['name'])
def test_update_user_enable_fails(self):
user = {'name': 'fake1', 'enabled': True,
'domain_id': DEFAULT_DOMAIN_ID}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id'])
self.assertTrue(user_ref['enabled'])
# Strings are not valid boolean values
user['enabled'] = "false"
user['enabled'] = 'false'
self.assertRaises(exception.ValidationError,
self.identity_api.update_user,
user['id'],
@ -2991,8 +2920,7 @@ class IdentityTests(AssignmentTestHelperMixin):
domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = unit.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -3006,8 +2934,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_add_user_to_group_returns_not_found(self):
domain = self._get_domain_fixture()
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = unit.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
self.assertRaises(exception.GroupNotFound,
self.identity_api.add_user_to_group,
@ -3030,8 +2957,7 @@ class IdentityTests(AssignmentTestHelperMixin):
domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = unit.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -3042,8 +2968,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertRaises(exception.DomainNotFound,
self.identity_api.create_group,
new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': "doesnotexist"}
new_user = unit.new_user_ref(domain_id="doesnotexist")
self.assertRaises(exception.DomainNotFound,
self.identity_api.create_user,
new_user)
@ -3052,8 +2977,7 @@ class IdentityTests(AssignmentTestHelperMixin):
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID}
new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
new_user = self.identity_api.create_user(new_user)
self.assertRaises(exception.NotFound,
@ -3062,8 +2986,7 @@ class IdentityTests(AssignmentTestHelperMixin):
new_group['id'])
def test_check_user_in_group_returns_not_found(self):
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID}
new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
new_user = self.identity_api.create_user(new_user)
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
@ -3093,8 +3016,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertEqual([], user_refs)
# Make sure we get the correct users back once they have been added
# to the group.
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = unit.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -3119,8 +3041,7 @@ class IdentityTests(AssignmentTestHelperMixin):
USER_COUNT = 2
for x in range(0, USER_COUNT):
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = unit.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
test_users.append(new_user)
positive_user = test_users[0]
@ -3179,8 +3100,7 @@ class IdentityTests(AssignmentTestHelperMixin):
domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = unit.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -3193,8 +3113,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_remove_user_from_group_returns_not_found(self):
domain = self._get_domain_fixture()
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = unit.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group)
@ -3700,8 +3619,8 @@ class IdentityTests(AssignmentTestHelperMixin):
assert_key_equals(value)
def test_user_crud(self):
user_dict = {'domain_id': DEFAULT_DOMAIN_ID,
'name': uuid.uuid4().hex, 'password': 'passw0rd'}
user_dict = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
del user_dict['id']
user = self.identity_api.create_user(user_dict)
user_ref = self.identity_api.get_user(user['id'])
del user_dict['password']
@ -3723,8 +3642,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_list_projects_for_user(self):
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain['id'])
user1 = self.identity_api.create_user(user1)
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
self.assertEqual(0, len(user_projects))
@ -3743,8 +3661,7 @@ class IdentityTests(AssignmentTestHelperMixin):
# should now be included, along with any direct user grants.
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1)
@ -3912,16 +3829,10 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.get_project,
project_id)
def create_user_dict(self, **attributes):
user_dict = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'enabled': True}
user_dict.update(attributes)
return user_dict
def test_arbitrary_attributes_are_returned_from_create_user(self):
attr_value = uuid.uuid4().hex
user_data = self.create_user_dict(arbitrary_attr=attr_value)
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
arbitrary_attr=attr_value)
user = self.identity_api.create_user(user_data)
@ -3929,7 +3840,8 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_arbitrary_attributes_are_returned_from_get_user(self):
attr_value = uuid.uuid4().hex
user_data = self.create_user_dict(arbitrary_attr=attr_value)
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
arbitrary_attr=attr_value)
user_data = self.identity_api.create_user(user_data)
@ -3937,7 +3849,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertEqual(attr_value, user['arbitrary_attr'])
def test_new_arbitrary_attributes_are_returned_from_update_user(self):
user_data = self.create_user_dict()
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user_data)
attr_value = uuid.uuid4().hex
@ -3948,7 +3860,8 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_updated_arbitrary_attributes_are_returned_from_update_user(self):
attr_value = uuid.uuid4().hex
user_data = self.create_user_dict(arbitrary_attr=attr_value)
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
arbitrary_attr=attr_value)
new_attr_value = uuid.uuid4().hex
user = self.identity_api.create_user(user_data)
@ -4010,11 +3923,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertDictEqual(updated_project_ref, project_ref)
def test_user_update_and_user_get_return_same_response(self):
user = {
'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'description': uuid.uuid4().hex,
'enabled': True}
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
user = self.identity_api.create_user(user)
@ -4784,9 +4693,7 @@ class TokenTests(object):
class TokenCacheInvalidation(object):
def _create_test_data(self):
self.user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
self.user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
self.tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
@ -5826,8 +5733,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
role_list.append(role)
domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
@ -5936,8 +5842,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
role_list.append(role)
domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
'password': uuid.uuid4().hex, 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain1['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1)
@ -6042,8 +5947,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
self.config_fixture.config(group='os_inherit', enabled=True)
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain['id'])
user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
@ -6130,8 +6034,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
'is_domain': False}
self.resource_api.create_project(leaf_project['id'], leaf_project)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
# Grant inherited user role
@ -6234,8 +6137,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
project4 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain2['id']}
self.resource_api.create_project(project4['id'], project4)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = unit.new_user_ref(domain_id=domain['id'])
user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1)
@ -6339,8 +6241,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
'is_domain': False}
self.resource_api.create_project(leaf_project['id'], leaf_project)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)

194
keystone/tests/unit/test_backend_ldap.py
View File

@ -142,6 +142,13 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
config_files.append(unit.dirs.tests_conf('backend_ldap.conf'))
return config_files
def new_user_ref(self, domain_id, project_id=None, **kwargs):
ref = unit.new_user_ref(domain_id=domain_id, project_id=project_id,
**kwargs)
if 'id' not in kwargs:
del ref['id']
return ref
def get_user_enabled_vals(self, user):
user_dn = (
self.identity_api.driver.user._id_to_dn_string(user['id']))
@ -163,10 +170,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn)
def test_configurable_allowed_user_actions(self):
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'tenants': ['bar']}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user = self.identity_api.create_user(user)
self.identity_api.get_user(user['id'])
@ -185,10 +189,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
driver.user.allow_update = False
driver.user.allow_delete = False
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'tenants': ['bar']}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_user,
user)
@ -253,8 +254,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
new_domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'enabled': True,
'domain_id': new_domain['id']}
new_user = self.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -328,8 +328,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user(self):
domain = self._get_domain_fixture()
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = self.new_user_ref(domain_id=domain['id'])
user1 = self.identity_api.create_user(user1)
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
self.assertThat(user_projects, matchers.HasLength(0))
@ -346,8 +345,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertThat(user_projects, matchers.HasLength(2))
# Now, check number of projects through groups
user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user2 = self.new_user_ref(domain_id=domain['id'])
user2 = self.identity_api.create_user(user2)
group1 = unit.new_group_ref(domain_id=domain['id'])
@ -376,8 +374,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user_and_groups(self):
domain = self._get_domain_fixture()
# Create user1
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = self.new_user_ref(domain_id=domain['id'])
user1 = self.identity_api.create_user(user1)
# Create new group for user1
@ -411,8 +408,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user_with_grants(self):
domain = self._get_domain_fixture()
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = self.new_user_ref(domain_id=domain['id'])
new_user = self.identity_api.create_user(new_user)
group1 = unit.new_group_ref(domain_id=domain['id'])
@ -495,8 +491,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_role_assignments_unfiltered(self):
new_domain = self._get_domain_fixture()
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group)
@ -533,8 +528,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.load_fixtures(default_fixtures)
new_domain = self._get_domain_fixture()
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
new_project = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
@ -557,8 +551,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.load_backends()
self.load_fixtures(default_fixtures)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': test_backend.DEFAULT_DOMAIN_ID}
user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
@ -662,12 +655,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertEqual(new_domain_id, domains[0]['id'])
def test_authenticate_requires_simple_bind(self):
user = {
'name': 'NO_META',
'domain_id': test_backend.DEFAULT_DOMAIN_ID,
'password': 'no_meta2',
'enabled': True,
}
user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
user['id'])
@ -735,11 +723,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
CONF.identity.default_domain_id)
driver.user.attribute_ignore = ['enabled', 'email',
'tenants', 'tenantId']
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'default_project_id': 'maps_to_none',
}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id,
project_id='maps_to_none')
# If this doesn't raise, then the test is successful.
user = self.identity_api.create_user(user)
@ -751,9 +736,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False',
'TrUe' 'FaLse']
for name in boolean_strings:
user = {
'name': name,
'domain_id': CONF.identity.default_domain_id}
user = self.new_user_ref(name=name,
domain_id=CONF.identity.default_domain_id)
user_ref = self.identity_api.create_user(user)
user_info = self.identity_api.get_user(user_ref['id'])
self.assertEqual(name, user_info['name'])
@ -772,10 +756,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
driver.user.attribute_ignore = ['enabled', 'email',
'tenants', 'tenantId']
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user_ref = self.identity_api.create_user(user)
@ -810,12 +791,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# Since we want to fake up this special ID, we'll squirt this
# direct into the driver and bypass the manager layer.
user_id = u'Doe, John'
user = {
'id': user_id,
'name': self.getUniqueString(),
'password': self.getUniqueString(),
'domain_id': CONF.identity.default_domain_id,
}
user = self.new_user_ref(id=user_id,
domain_id=CONF.identity.default_domain_id)
user = self.identity_api.driver.create_user(user_id, user)
# Now we'll use the manager to discover it, which will create a
@ -859,12 +836,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# Since we want to fake up this special ID, we'll squirt this
# direct into the driver and bypass the manager layer
user_id = u'Doe, John'
user = {
'id': user_id,
'name': self.getUniqueString(),
'password': self.getUniqueString(),
'domain_id': CONF.identity.default_domain_id,
}
user = self.new_user_ref(id=user_id,
domain_id=CONF.identity.default_domain_id)
self.identity_api.driver.create_user(user_id, user)
# Now we'll use the manager to discover it, which will create a
@ -1017,10 +990,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
role1 = unit.new_role_ref()
self.role_api.create_role(role1['id'], role1)
user1 = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user1 = self.identity_api.create_user(user1)
self.assignment_api.add_role_to_user_and_project(
@ -1168,8 +1138,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
self.load_backends()
self.load_fixtures(default_fixtures)
user = {'name': u'fäké1', 'enabled': True,
'domain_id': CONF.identity.default_domain_id}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user_ref = self.identity_api.create_user(user)
@ -1216,14 +1185,12 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
self.load_backends()
self.load_fixtures(default_fixtures)
user1 = {'name': u'fäké1', 'enabled': True,
'domain_id': CONF.identity.default_domain_id}
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user2 = {'name': u'fäké2', 'enabled': False,
'domain_id': CONF.identity.default_domain_id}
user2 = self.new_user_ref(enabled=False,
domain_id=CONF.identity.default_domain_id)
user3 = {'name': u'fäké3',
'domain_id': CONF.identity.default_domain_id}
user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
# Ensure that the LDAP attribute is False for a newly created
# enabled user.
@ -1452,11 +1419,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
group='ldap',
user_additional_attribute_mapping=['description:name'])
self.load_backends()
user = {
'name': 'EXTRA_ATTRIBUTES',
'password': 'extra',
'domain_id': CONF.identity.default_domain_id
}
user = self.new_user_ref(name='EXTRA_ATTRIBUTES',
password='extra',
domain_id=CONF.identity.default_domain_id)
user = self.identity_api.create_user(user)
dn, attrs = self.identity_api.driver.user._ldap_get(user['id'])
self.assertThat([user['name']], matchers.Equals(attrs['description']))
@ -1470,13 +1435,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
user_additional_attribute_mapping=['description:description'])
self.load_backends()
description = uuid.uuid4().hex
user = {
'name': uuid.uuid4().hex,
'description': description,
'password': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id
}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id,
description=uuid.uuid4().hex)
description = user['description']
user = self.identity_api.create_user(user)
res = self.identity_api.driver.user.get_all()
@ -1871,10 +1832,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
self.role_api.create_role(role['id'], role)
role_list.append(role)
user1 = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id}
@ -1975,9 +1933,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
def test_list_groups_for_user_no_dn(self):
# Create a test user.
user = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex, 'enabled': True}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user = self.identity_api.create_user(user)
# Create some test groups and add the test user as a member.
domain = self._get_domain_fixture()
@ -2002,9 +1958,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
CONF.identity.default_domain_id)
driver.user.id_attr = 'mail'
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id}
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id'])
# 'email' attribute should've created because it is also being used
@ -2192,21 +2146,18 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
project['id'])
def test_user_crud(self):
user_dict = {
'domain_id': CONF.identity.default_domain_id,
'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex}
user_dict = self.new_user_ref(
domain_id=CONF.identity.default_domain_id)
user = self.identity_api.create_user(user_dict)
user_dict['enabled'] = True
user_ref = self.identity_api.get_user(user['id'])
del user_dict['password']
user_ref = self.identity_api.get_user(user['id'])
user_ref_dict = {x: user_ref[x] for x in user_ref}
self.assertDictContainsSubset(user_dict, user_ref_dict)
user_dict['password'] = uuid.uuid4().hex
self.identity_api.update_user(user['id'], user)
user_ref = self.identity_api.get_user(user['id'])
self.identity_api.update_user(user['id'], user_dict)
del user_dict['password']
user_ref = self.identity_api.get_user(user['id'])
user_ref_dict = {x: user_ref[x] for x in user_ref}
self.assertDictContainsSubset(user_dict, user_ref_dict)
@ -2239,8 +2190,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
self.load_fixtures(default_fixtures)
# Create a user and ensure they are enabled.
user1 = {'name': u'fäké1', 'enabled': True,
'domain_id': CONF.identity.default_domain_id}
user1 = unit.new_user_ref(enabled=True,
domain_id=CONF.identity.default_domain_id)
user_ref = self.identity_api.create_user(user1)
self.assertIs(True, user_ref['enabled'])
@ -2255,14 +2206,12 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
self.load_backends()
self.load_fixtures(default_fixtures)
user1 = {'name': u'fäké1', 'enabled': True,
'domain_id': CONF.identity.default_domain_id}
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user2 = {'name': u'fäké2', 'enabled': False,
'domain_id': CONF.identity.default_domain_id}
user2 = self.new_user_ref(enabled=False,
domain_id=CONF.identity.default_domain_id)
user3 = {'name': u'fäké3',
'domain_id': CONF.identity.default_domain_id}
user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
# Ensure that the enabled LDAP attribute is not set for a
# newly created enabled user.
@ -2398,8 +2347,7 @@ class LdapIdentitySqlAssignment(BaseLDAPIdentity, unit.SQLDriverOverrides,
new_domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=new_domain['id'],)
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.new_user_ref(domain_id=new_domain['id'])
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -2467,13 +2415,9 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment):
"""
initial_mappings = len(mapping_sql.list_id_mappings())
user1 = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user1 = self.identity_api.create_user(user1)
user2 = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex, 'enabled': True}
user2 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
user2 = self.identity_api.create_user(user2)
mappings = mapping_sql.list_id_mappings()
self.assertEqual(initial_mappings + 2, len(mappings))
@ -2504,30 +2448,21 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment):
class BaseMultiLDAPandSQLIdentity(object):
"""Mixin class with support methods for domain-specific config testing."""
def create_user(self, domain_id):
user = {'name': uuid.uuid4().hex,
'domain_id': domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
user_ref = self.identity_api.create_user(user)
# Put the password back in, since this is used later by tests to
# authenticate.
user_ref['password'] = user['password']
return user_ref
def create_users_across_domains(self):
"""Create a set of users, each with a role on their own domain."""
# We also will check that the right number of id mappings get created
initial_mappings = len(mapping_sql.list_id_mappings())
self.users['user0'] = self.create_user(
self.users['user0'] = unit.create_user(
self.identity_api,
self.domains['domain_default']['id'])
self.assignment_api.create_grant(
user_id=self.users['user0']['id'],
domain_id=self.domains['domain_default']['id'],
role_id=self.role_member['id'])
for x in range(1, self.domain_count):
self.users['user%s' % x] = self.create_user(
self.users['user%s' % x] = unit.create_user(
self.identity_api,
self.domains['domain%s' % x]['id'])
self.assignment_api.create_grant(
user_id=self.users['user%s' % x]['id'],
@ -2661,11 +2596,14 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
# Create some identity entities BEFORE we switch to multi-backend, so
# we can test that these are still accessible
self.users = {}
self.users['userA'] = self.create_user(
self.users['userA'] = unit.create_user(
self.identity_api,
self.domains['domain_default']['id'])
self.users['userB'] = self.create_user(
self.users['userB'] = unit.create_user(
self.identity_api,
self.domains['domain1']['id'])
self.users['userC'] = self.create_user(
self.users['userC'] = unit.create_user(
self.identity_api,
self.domains['domain3']['id'])
def enable_multi_domain(self):

41
keystone/tests/unit/test_backend_sql.py
View File

@ -179,9 +179,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
self.assertNotEqual(self.user_foo['password'], user_ref['password'])
def test_delete_user_with_project_association(self):
user = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
@ -191,9 +189,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
user['id'])
def test_create_null_user_name(self):
user = {'name': None,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = unit.new_user_ref(name=None,
domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
user)
@ -208,9 +205,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
# LDAP.
# create a ref with a lowercase name
ref = {
'name': uuid.uuid4().hex.lower(),
'domain_id': DEFAULT_DOMAIN_ID}
ref = unit.new_user_ref(name=uuid.uuid4().hex.lower(),
domain_id=DEFAULT_DOMAIN_ID)
ref = self.identity_api.create_user(ref)
# assign a new ID with the same name, but this time in uppercase
@ -251,9 +247,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
DEFAULT_DOMAIN_ID)
def test_delete_project_with_user_association(self):
user = {'name': 'fakeuser',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
@ -300,11 +294,9 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
"""
arbitrary_key = uuid.uuid4().hex
arbitrary_value = uuid.uuid4().hex
user = {
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
arbitrary_key: arbitrary_value}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user[arbitrary_key] = arbitrary_value
del user["id"]
ref = self.identity_api.create_user(user)
self.assertEqual(arbitrary_value, ref[arbitrary_key])
self.assertIsNone(ref.get('password'))
@ -319,11 +311,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
def test_sql_user_to_dict_null_default_project_id(self):
user = {
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user)
session = sql.get_session()
query = session.query(identity_sql.User)
@ -337,8 +325,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
def test_list_domains_for_user(self):
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user = unit.new_user_ref(domain_id=domain['id'])
test_domain1 = unit.new_domain_ref()
self.resource_api.create_domain(test_domain1['id'], test_domain1)
@ -363,8 +350,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
# should now be included, along with any direct user grants.
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user = unit.new_user_ref(domain_id=domain['id'])
user = self.identity_api.create_user(user)
group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1)
@ -409,8 +395,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
domain1 = self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref()
domain2 = self.resource_api.create_domain(domain2['id'], domain2)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain1['id'], 'enabled': True}
user = unit.new_user_ref(domain_id=domain1['id'])
user = self.identity_api.create_user(user)
group = unit.new_group_ref(domain_id=domain1['id'])
group = self.identity_api.create_group(group)

10
keystone/tests/unit/test_cert_setup.py
View File

@ -75,17 +75,11 @@ class CertSetupTestCase(rest.RestfulTestCase):
controller = token.controllers.Auth()
self.config_fixture.config(group='signing', certfile='invalid')
password = 'fake1'
user = {
'name': 'fake1',
'password': password,
'domain_id': DEFAULT_DOMAIN_ID
}
user = self.identity_api.create_user(user)
user = unit.create_user(self.identity_api, domain_id=DEFAULT_DOMAIN_ID)
body_dict = {
'passwordCredentials': {
'userId': user['id'],
'password': password,
'password': user['password'],
},
}
self.assertRaises(exception.UnexpectedError,

1
keystone/tests/unit/test_ldap_livetest.py
View File

@ -133,6 +133,7 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
USER_COUNT = 2
for x in range(0, USER_COUNT):
# TODO(shaleh): use unit.new_user_ref()
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user)

1
keystone/tests/unit/test_ldap_pool_livetest.py
View File

@ -105,6 +105,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin,
password=old_password)
def _create_user_and_authenticate(self, password):
# TODO(shaleh): port to new_user_ref()
user_dict = {
'domain_id': CONF.identity.default_domain_id,
'name': uuid.uuid4().hex,

4
keystone/tests/unit/test_ldap_tls_livetest.py
View File

@ -50,6 +50,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_req_cert='demand')
self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'name': 'fake1',
'password': 'fakepass1',
'tenants': ['bar']}
@ -71,6 +72,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_req_cert='demand')
self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'id': 'fake1',
'name': 'fake1',
'password': 'fakepass1',
@ -95,6 +97,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_cacertdir=None)
self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'name': 'fake1',
'password': 'fakepass1',
'tenants': ['bar']}
@ -109,6 +112,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_cacertdir='/etc/keystone/ssl/mythicalcertdir')
self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'name': 'fake1',
'password': 'fakepass1',
'tenants': ['bar']}

40
keystone/tests/unit/test_middleware.py
View File

@ -149,9 +149,6 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
def _load_sample_data(self):
self.project_id = uuid.uuid4().hex
self.project_name = uuid.uuid4().hex
self.user_name = uuid.uuid4().hex
self.user_password = uuid.uuid4().hex
self.user_email = uuid.uuid4().hex
self.protocol_id = 'x509'
# 1) Create a domain for the user.
@ -172,13 +169,8 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
self.resource_api.create_project(self.project_id, self.project)
# 3) Create a user in new domain.
self.user = {
'name': self.user_name,
'domain_id': self.domain_id,
'project_id': self.project_id,
'password': self.user_password,
'email': self.user_email,
}
self.user = unit.new_user_ref(domain_id=self.domain_id,
project_id=self.project_id)
self.user = self.identity_api.create_user(self.user)
@ -384,7 +376,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
# SSL_CLIENT_USER_NAME and SSL_CLIENT_DOMAIN_NAME are the types
# defined in the mapping that will map to the user name and
# domain name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env)
context = self._create_context(
@ -396,7 +388,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env = {}
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_ID'] = self.project_id
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env)
context = self._create_context(
@ -409,7 +401,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env)
context = self._create_context(
@ -422,7 +414,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env)
context = self._create_context(
@ -434,7 +426,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env = {}
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_id
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env)
context = self._create_context(
@ -476,7 +468,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
req = make_request(environ=env)
context = self._create_context(
@ -519,7 +511,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_ID'] = self.project_id
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env)
context = self._create_context(
request=req,
@ -546,7 +538,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
req = make_request(environ=env)
self.domain['enabled'] = False
@ -565,7 +557,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
req = make_request(environ=env)
self.user['enabled'] = False
@ -599,7 +591,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral')
@ -616,7 +608,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral')
@ -657,7 +649,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = uuid.uuid4().hex
env['HTTP_X_PROJECT_DOMAIN_NAME'] = uuid.uuid4().hex
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral')
@ -677,7 +669,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral')
@ -701,7 +693,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name
env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env)
# This will pick up the incorrect mapping
self.config_fixture.config(group='tokenless_auth',

1
keystone/tests/unit/test_v2_keystoneclient.py
View File

@ -209,6 +209,7 @@ class ClientDrivenTestCase(unit.TestCase):
enabled=tenant['enabled'])
tenant['id'] = tenant_ref.id
# v2 style, needs to be created by hand
user = {
'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex,

18
keystone/tests/unit/test_v3.py
View File

@ -202,10 +202,8 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
self.project['id'] = self.project_id
self.resource_api.create_project(self.project_id, self.project)
self.user = self.new_user_ref(domain_id=self.domain_id)
password = self.user['password']
self.user = self.identity_api.create_user(self.user)
self.user['password'] = password
self.user = unit.create_user(self.identity_api,
domain_id=self.domain_id)
self.user_id = self.user['id']
self.default_domain_project_id = uuid.uuid4().hex
@ -215,12 +213,9 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
self.resource_api.create_project(self.default_domain_project_id,
self.default_domain_project)
self.default_domain_user = self.new_user_ref(
self.default_domain_user = unit.create_user(
self.identity_api,
domain_id=DEFAULT_DOMAIN_ID)
password = self.default_domain_user['password']
self.default_domain_user = (
self.identity_api.create_user(self.default_domain_user))
self.default_domain_user['password'] = password
self.default_domain_user_id = self.default_domain_user['id']
# create & grant policy.json's default role for admin_required
@ -261,9 +256,6 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
return unit.new_project_ref(domain_id=domain_id, parent_id=parent_id,
is_domain=is_domain)
def new_user_ref(self, domain_id, project_id=None):
return unit.new_user_ref(domain_id, project_id=project_id)
def new_credential_ref(self, user_id, project_id=None, cred_type=None):
return unit.new_credential_ref(user_id, project_id=project_id,
cred_type=cred_type)
@ -845,6 +837,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
resp,
'users',
self.assertValidUser,
keys_to_check=['name', 'enabled'],
*args,
**kwargs)
@ -853,6 +846,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
resp,
'user',
self.assertValidUser,
keys_to_check=['name', 'enabled'],
*args,
**kwargs)

182
keystone/tests/unit/test_v3_assignment.py
View File

@ -112,23 +112,20 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
domain_id=self.domain2['id'])
self.resource_api.create_project(self.project2['id'], self.project2)
self.user2 = self.new_user_ref(
domain_id=self.domain2['id'],
project_id=self.project2['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
user2 = unit.create_user(self.identity_api,
domain_id=self.domain2['id'],
project_id=self.project2['id'])
self.assignment_api.add_user_to_project(self.project2['id'],
self.user2['id'])
user2['id'])
# First check a user in that domain can authenticate. The v2 user
# cannot authenticate because they exist outside the default domain.
body = {
'auth': {
'passwordCredentials': {
'userId': self.user2['id'],
'password': self.user2['password']
'userId': user2['id'],
'password': user2['password']
},
'tenantId': self.project2['id']
}
@ -138,8 +135,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
expected_status=http_client.UNAUTHORIZED)
auth_data = self.build_authentication_request(
user_id=self.user2['id'],
password=self.user2['password'],
user_id=user2['id'],
password=user2['password'],
project_id=self.project2['id'])
self.v3_create_token(auth_data)
@ -155,8 +152,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
body = {
'auth': {
'passwordCredentials': {
'userId': self.user2['id'],
'password': self.user2['password']
'userId': user2['id'],
'password': user2['password']
},
'tenantId': self.project2['id']
}
@ -167,16 +164,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# Try looking up in v3 by name and id
auth_data = self.build_authentication_request(
user_id=self.user2['id'],
password=self.user2['password'],
user_id=user2['id'],
password=user2['password'],
project_id=self.project2['id'])
self.v3_create_token(auth_data,
expected_status=http_client.UNAUTHORIZED)
auth_data = self.build_authentication_request(
username=self.user2['name'],
username=user2['name'],
user_domain_id=self.domain2['id'],
password=self.user2['password'],
password=user2['password'],
project_id=self.project2['id'])
self.v3_create_token(auth_data,
expected_status=http_client.UNAUTHORIZED)
@ -216,16 +213,15 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
domain_id=self.domain2['id'])
self.resource_api.create_project(self.project2['id'], self.project2)
self.user2 = self.new_user_ref(
domain_id=self.domain2['id'],
project_id=self.project2['id'])
self.user2 = self.identity_api.create_user(self.user2)
user2 = unit.new_user_ref(domain_id=self.domain2['id'],
project_id=self.project2['id'])
user2 = self.identity_api.create_user(user2)
self.group2 = unit.new_group_ref(domain_id=self.domain2['id'])
self.group2 = self.identity_api.create_group(self.group2)
self.credential2 = self.new_credential_ref(
user_id=self.user2['id'],
user_id=user2['id'],
project_id=self.project2['id'])
self.credential_api.create_credential(
self.credential2['id'],
@ -252,7 +248,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.group2['id'])
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user,
self.user2['id'])
user2['id'])
self.assertRaises(exception.CredentialNotFound,
self.credential_api.get_credential,
self.credential2['id'])
@ -340,15 +336,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.domain = unit.new_domain_ref()
self.resource_api.create_domain(self.domain['id'], self.domain)
self.user2 = self.new_user_ref(domain_id=self.domain['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
user2 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
# build a request body
auth_body = self.build_authentication_request(
user_id=self.user2['id'],
password=self.user2['password'])
user_id=user2['id'],
password=user2['password'])
# sends a request for the user's token
token_resp = self.post('/auth/tokens', body=auth_body)
@ -1270,7 +1264,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
def _create_new_user_and_assign_role_on_project(self):
"""Create a new user and assign user a role on a project."""
# Create a new user
new_user = self.new_user_ref(domain_id=self.domain_id)
new_user = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(new_user)
# Assign the user a role on the project
collection_url = (
@ -1378,9 +1372,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# Since the default fixtures already assign some roles to the
# user it creates, we also need a new user that will not have any
# existing assignments
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
self.user1 = self.identity_api.create_user(self.user1)
user1 = unit.new_user_ref(domain_id=self.domain['id'])
user1 = self.identity_api.create_user(user1)
collection_url = '/role_assignments'
r = self.get(collection_url)
@ -1402,7 +1395,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.assertRoleAssignmentInListResponse(r, gd_entity)
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
user_id=self.user1['id'],
user_id=user1['id'],
role_id=self.role_id)
self.put(ud_entity['links']['assignment'])
r = self.get(collection_url)
@ -1424,7 +1417,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.assertRoleAssignmentInListResponse(r, gp_entity)
up_entity = self.build_role_assignment_entity(
project_id=self.project_id, user_id=self.user1['id'],
project_id=self.project_id, user_id=user1['id'],
role_id=self.role_id)
self.put(up_entity['links']['assignment'])
r = self.get(collection_url)
@ -1465,18 +1458,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
for each of the group members.
"""
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
user2 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
self.identity_api.add_user_to_group(user1['id'], self.group['id'])
self.identity_api.add_user_to_group(user2['id'], self.group['id'])
collection_url = '/role_assignments'
r = self.get(collection_url)
@ -1506,11 +1494,11 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
resource_url=collection_url)
ud_entity = self.build_role_assignment_entity(
link=gd_entity['links']['assignment'], domain_id=self.domain_id,
user_id=self.user1['id'], role_id=self.role_id)
user_id=user1['id'], role_id=self.role_id)
self.assertRoleAssignmentInListResponse(r, ud_entity)
ud_entity = self.build_role_assignment_entity(
link=gd_entity['links']['assignment'], domain_id=self.domain_id,
user_id=self.user2['id'], role_id=self.role_id)
user_id=user2['id'], role_id=self.role_id)
self.assertRoleAssignmentInListResponse(r, ud_entity)
def test_check_effective_values_for_role_assignments(self):
@ -1539,18 +1527,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
know if we are getting effective roles or not
"""
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
user2 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
self.identity_api.add_user_to_group(user1['id'], self.group['id'])
self.identity_api.add_user_to_group(user2['id'], self.group['id'])
collection_url = '/role_assignments'
r = self.get(collection_url)
@ -1626,21 +1609,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# Since the default fixtures already assign some roles to the
# user it creates, we also need a new user that will not have any
# existing assignments
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
user2 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
self.group1 = unit.new_group_ref(domain_id=self.domain['id'])
self.group1 = self.identity_api.create_group(self.group1)
self.identity_api.add_user_to_group(self.user1['id'],
self.identity_api.add_user_to_group(user1['id'],
self.group1['id'])
self.identity_api.add_user_to_group(self.user2['id'],
self.identity_api.add_user_to_group(user2['id'],
self.group1['id'])
self.project1 = self.new_project_ref(
domain_id=self.domain['id'])
@ -1658,7 +1636,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.put(gd_entity['links']['assignment'])
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
user_id=self.user1['id'],
user_id=user1['id'],
role_id=self.role2['id'])
self.put(ud_entity['links']['assignment'])
@ -1668,7 +1646,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.put(gp_entity['links']['assignment'])
up_entity = self.build_role_assignment_entity(
project_id=self.project1['id'], user_id=self.user1['id'],
project_id=self.project1['id'], user_id=user1['id'],
role_id=self.role2['id'])
self.put(up_entity['links']['assignment'])
@ -1692,7 +1670,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.assertRoleAssignmentInListResponse(r, ud_entity)
self.assertRoleAssignmentInListResponse(r, gd_entity)
collection_url = '/role_assignments?user.id=%s' % self.user1['id']
collection_url = '/role_assignments?user.id=%s' % user1['id']
r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r,
expected_length=2,
@ -1721,7 +1699,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
collection_url = (
'/role_assignments?user.id=%(user_id)s'
'&scope.project.id=%(project_id)s' % {
'user_id': self.user1['id'],
'user_id': user1['id'],
'project_id': self.project1['id']})
r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r,
@ -1734,7 +1712,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# assigned as well as by virtue of group membership
collection_url = ('/role_assignments?effective&user.id=%s' %
self.user1['id'])
user1['id'])
r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r,
expected_length=4,
@ -1752,9 +1730,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
up1_entity = self.build_role_assignment_entity(
link=gp1_link, project_id=self.project1['id'],
user_id=self.user1['id'], role_id=self.role1['id'])
user_id=user1['id'], role_id=self.role1['id'])
ud1_entity = self.build_role_assignment_entity(
link=gd1_link, domain_id=self.domain_id, user_id=self.user1['id'],
link=gd1_link, domain_id=self.domain_id, user_id=user1['id'],
role_id=self.role1['id'])
self.assertRoleAssignmentInListResponse(r, up1_entity)
self.assertRoleAssignmentInListResponse(r, ud1_entity)
@ -1766,7 +1744,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
collection_url = (
'/role_assignments?effective&user.id=%(user_id)s'
'&scope.project.id=%(project_id)s' % {
'user_id': self.user1['id'],
'user_id': user1['id'],
'project_id': self.project1['id']})
r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r,
@ -1827,7 +1805,7 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase,
# Create 3 users
self.user_ids = []
for i in range(3):
user = self.new_user_ref(domain_id=self.domain_id)
user = unit.new_user_ref(domain_id=self.domain_id)
user = self.identity_api.create_user(user)
self.user_ids.append(user['id'])
@ -2174,10 +2152,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
def test_get_token_from_inherited_user_domain_role_grants(self):
# Create a new user to ensure that no grant is loaded from sample data
user = self.new_user_ref(domain_id=self.domain_id)
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
user = unit.create_user(self.identity_api, domain_id=self.domain_id)
# Define domain and project authentication data
domain_auth_data = self.build_authentication_request(
@ -2237,10 +2212,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
def test_get_token_from_inherited_group_domain_role_grants(self):
# Create a new group and put a new user in it to
# ensure that no grant is loaded from sample data
user = self.new_user_ref(domain_id=self.domain_id)
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
user = unit.create_user(self.identity_api, domain_id=self.domain_id)
group = unit.new_group_ref(domain_id=self.domain['id'])
group = self.identity_api.create_group(group)
@ -2401,11 +2373,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
project1 = self.new_project_ref(
domain_id=domain['id'])
self.resource_api.create_project(project1['id'], project1)
@ -2497,11 +2465,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
project1 = self.new_project_ref(
domain_id=domain['id'])
self.resource_api.create_project(project1['id'], project1)
@ -2589,16 +2553,8 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user2 = self.new_user_ref(
domain_id=domain['id'])
password = user2['password']
user2 = self.identity_api.create_user(user2)
user2['password'] = password
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
user2 = unit.create_user(self.identity_api, domain_id=domain['id'])
group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1)
self.identity_api.add_user_to_group(user1['id'],
@ -2694,11 +2650,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1)
project1 = self.new_project_ref(

139
keystone/tests/unit/test_v3_auth.py
View File

@ -153,14 +153,8 @@ class TokenAPITests(object):
self.resource_api.create_domain(new_domain['id'], new_domain)
# 2) Create user in new domain.
new_user_password = uuid.uuid4().hex
new_user = {
'name': uuid.uuid4().hex,
'domain_id': new_domain['id'],
'password': new_user_password,
'email': uuid.uuid4().hex,
}
new_user = self.identity_api.create_user(new_user)
new_user = unit.create_user(self.identity_api,
domain_id=new_domain['id'])
# 3) Update the default_domain_id config option to the new domain
self.config_fixture.config(
@ -170,7 +164,7 @@ class TokenAPITests(object):
# 4) Get a token using v3 API.
v3_token = self.get_requested_token(self.build_authentication_request(
user_id=new_user['id'],
password=new_user_password))
password=new_user['password']))
# 5) Validate token using v2 API.
self.admin_request(
@ -614,16 +608,11 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
self.domainA = unit.new_domain_ref()
self.resource_api.create_domain(self.domainA['id'], self.domainA)
self.userAdminA = self.new_user_ref(domain_id=self.domainA['id'])
password = self.userAdminA['password']
self.userAdminA = self.identity_api.create_user(self.userAdminA)
self.userAdminA['password'] = password
self.userAdminA = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
self.userNormalA = self.new_user_ref(
domain_id=self.domainA['id'])
password = self.userNormalA['password']
self.userNormalA = self.identity_api.create_user(self.userNormalA)
self.userNormalA['password'] = password
self.userNormalA = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
self.assignment_api.create_grant(self.role['id'],
user_id=self.userAdminA['id'],
@ -715,12 +704,10 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
# DomainB setup
self.domainB = unit.new_domain_ref()
self.resource_api.create_domain(self.domainB['id'], self.domainB)
self.userAdminB = self.new_user_ref(domain_id=self.domainB['id'])
password = self.userAdminB['password']
self.userAdminB = self.identity_api.create_user(self.userAdminB)
self.userAdminB['password'] = password
userAdminB = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.assignment_api.create_grant(self.role['id'],
user_id=self.userAdminB['id'],
user_id=userAdminB['id'],
domain_id=self.domainB['id'])
user_token = self.get_requested_token(
@ -732,8 +719,8 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
adminB_token = self.get_requested_token(
self.build_authentication_request(
user_id=self.userAdminB['id'],
password=self.userAdminB['password'],
user_id=userAdminB['id'],
password=userAdminB['password'],
domain_name=self.domainB['name']))
self.head('/auth/tokens', headers=headers,
@ -791,23 +778,14 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
self.resource_api.create_project(self.projectB['id'], self.projectB)
# Now create some users
self.user1 = self.new_user_ref(
domain_id=self.domainA['id'])
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user1 = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
self.user2 = self.new_user_ref(
domain_id=self.domainB['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user2 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.user3 = self.new_user_ref(
domain_id=self.domainB['id'])
password = self.user3['password']
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.user3 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
self.group1 = self.identity_api.create_group(self.group1)
@ -918,20 +896,12 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
def role_data_fixtures(self):
self.projectC = self.new_project_ref(domain_id=self.domainA['id'])
self.resource_api.create_project(self.projectC['id'], self.projectC)
self.user4 = self.new_user_ref(domain_id=self.domainB['id'])
password = self.user4['password']
self.user4 = self.identity_api.create_user(self.user4)
self.user4['password'] = password
self.user5 = self.new_user_ref(
domain_id=self.domainA['id'])
password = self.user5['password']
self.user5 = self.identity_api.create_user(self.user5)
self.user5['password'] = password
self.user6 = self.new_user_ref(
domain_id=self.domainA['id'])
password = self.user6['password']
self.user6 = self.identity_api.create_user(self.user6)
self.user6['password'] = password
self.user4 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.user5 = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
self.user6 = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
self.identity_api.add_user_to_group(self.user5['id'],
self.group1['id'])
self.assignment_api.create_grant(self.role1['id'],
@ -2038,17 +2008,9 @@ class TestAuth(test_v3.RestfulTestCase):
projectA = self.new_project_ref(domain_id=domainA['id'])
self.resource_api.create_project(projectA['id'], projectA)
user1 = self.new_user_ref(
domain_id=domainA['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user1 = unit.create_user(self.identity_api, domain_id=domainA['id'])
user2 = self.new_user_ref(
domain_id=domainA['id'])
password = user2['password']
user2 = self.identity_api.create_user(user2)
user2['password'] = password
user2 = unit.create_user(self.identity_api, domain_id=domainA['id'])
group1 = unit.new_group_ref(domain_id=domainA['id'])
group1 = self.identity_api.create_group(group1)
@ -2150,10 +2112,8 @@ class TestAuth(test_v3.RestfulTestCase):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1)
user_foo = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
password = user_foo['password']
user_foo = self.identity_api.create_user(user_foo)
user_foo['password'] = password
user_foo = unit.create_user(self.identity_api,
domain_id=test_v3.DEFAULT_DOMAIN_ID)
role_member = unit.new_role_ref()
self.role_api.create_role(role_member['id'], role_member)
role_admin = unit.new_role_ref()
@ -2577,8 +2537,8 @@ class TestAuth(test_v3.RestfulTestCase):
token_data['token']['bind'])
def test_authenticating_a_user_with_no_password(self):
user = self.new_user_ref(domain_id=self.domain['id'])
user.pop('password', None) # can't have a password for this test
user = unit.new_user_ref(domain_id=self.domain['id'])
del user['password'] # can't have a password for this test
user = self.identity_api.create_user(user)
auth_data = self.build_authentication_request(
@ -2764,9 +2724,8 @@ class TestTrustRedelegation(test_v3.RestfulTestCase):
def setUp(self):
super(TestTrustRedelegation, self).setUp()
# Create a trustee to delegate stuff to
trustee_user_ref = self.new_user_ref(domain_id=self.domain_id)
self.trustee_user = self.identity_api.create_user(trustee_user_ref)
self.trustee_user['password'] = trustee_user_ref['password']
self.trustee_user = unit.create_user(self.identity_api,
domain_id=self.domain_id)
# trustor->trustee
self.redelegated_trust_ref = self.new_trust_ref(
@ -3000,9 +2959,8 @@ class TestTrustChain(test_v3.RestfulTestCase):
self.user_chain = list()
self.trust_chain = list()
for _ in range(3):
user_ref = self.new_user_ref(domain_id=self.domain_id)
user = self.identity_api.create_user(user_ref)
user['password'] = user_ref['password']
user = unit.create_user(self.identity_api,
domain_id=self.domain_id)
self.user_chain.append(user)
# trustor->trustee
@ -3157,10 +3115,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
super(TestTrustAuth, self).setUp()
# create a trustee to delegate stuff to
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
password = self.trustee_user['password']
self.trustee_user = self.identity_api.create_user(self.trustee_user)
self.trustee_user['password'] = password
self.trustee_user = unit.create_user(self.identity_api,
domain_id=self.domain_id)
self.trustee_user_id = self.trustee_user['id']
def test_create_trust_bad_request(self):
@ -3461,10 +3417,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
def test_v3_v2_intermix_project_not_in_default_domaini_failed(self):
# create a trustee in default domain to delegate stuff to
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
password = trustee_user['password']
trustee_user = self.identity_api.create_user(trustee_user)
trustee_user['password'] = password
trustee_user = unit.create_user(self.identity_api,
domain_id=test_v3.DEFAULT_DOMAIN_ID)
trustee_user_id = trustee_user['id']
ref = self.new_trust_ref(
@ -3501,10 +3455,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
def test_v3_v2_intermix(self):
# create a trustee in default domain to delegate stuff to
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
password = trustee_user['password']
trustee_user = self.identity_api.create_user(trustee_user)
trustee_user['password'] = password
trustee_user = unit.create_user(self.identity_api,
domain_id=test_v3.DEFAULT_DOMAIN_ID)
trustee_user_id = trustee_user['id']
ref = self.new_trust_ref(
@ -3678,11 +3630,9 @@ class TestTrustAuth(test_v3.RestfulTestCase):
"""
# create a sub-trustee user
sub_trustee_user = self.new_user_ref(
sub_trustee_user = unit.create_user(
self.identity_api,
domain_id=test_v3.DEFAULT_DOMAIN_ID)
password = sub_trustee_user['password']
sub_trustee_user = self.identity_api.create_user(sub_trustee_user)
sub_trustee_user['password'] = password
sub_trustee_user_id = sub_trustee_user['id']
# create a new role
@ -4167,9 +4117,8 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase):
def _create_trust(self):
# Create a trustee user
trustee_user_ref = self.new_user_ref(domain_id=self.domain_id)
trustee_user = self.identity_api.create_user(trustee_user_ref)
trustee_user['password'] = trustee_user_ref['password']
trustee_user = unit.create_user(self.identity_api,
domain_id=self.domain_id)
ref = self.new_trust_ref(
trustor_user_id=self.user_id,
trustee_user_id=trustee_user['id'],

3
keystone/tests/unit/test_v3_credential.py
View File

@ -22,6 +22,7 @@ from six.moves import http_client
from testtools import matchers
from keystone import exception
from keystone.tests import unit
from keystone.tests.unit import test_v3
@ -289,7 +290,7 @@ class TestCredentialTrustScoped(test_v3.RestfulTestCase):
def setUp(self):
super(TestCredentialTrustScoped, self).setUp()
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
self.trustee_user = unit.new_user_ref(domain_id=self.domain_id)
password = self.trustee_user['password']
self.trustee_user = self.identity_api.create_user(self.trustee_user)
self.trustee_user['password'] = password

21
keystone/tests/unit/test_v3_filters.py
View File

@ -66,21 +66,12 @@ class IdentityTestFilteredCase(filtering.FilterTests,
self.resource_api.create_domain(self.domainC['id'], self.domainC)
# Now create some users, one in domainA and two of them in domainB
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
password = uuid.uuid4().hex
self.user1['password'] = password
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
self.user2['password'] = password
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
self.user3['password'] = password
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.user1 = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
self.user2 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.user3 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.role = unit.new_role_ref()
self.role_api.create_role(self.role['id'], self.role)

157
keystone/tests/unit/test_v3_identity.py
View File

@ -53,7 +53,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_create_user(self):
"""Call ``POST /users``."""
ref = self.new_user_ref(domain_id=self.domain_id)
ref = unit.new_user_ref(domain_id=self.domain_id)
r = self.post(
'/users',
body={'user': ref})
@ -71,15 +71,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
# domain scoped token
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user = self.new_user_ref(domain_id=domain['id'])
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
user = unit.create_user(self.identity_api, domain_id=domain['id'])
self.assignment_api.create_grant(
role_id=self.role_id, user_id=user['id'],
domain_id=domain['id'])
ref = self.new_user_ref(domain_id=domain['id'])
ref = unit.new_user_ref(domain_id=domain['id'])
ref_nd = ref.copy()
ref_nd.pop('domain_id')
auth = self.build_authentication_request(
@ -90,7 +87,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.assertValidUserResponse(r, ref)
# Now try the same thing without a domain token - which should fail
ref = self.new_user_ref(domain_id=domain['id'])
ref = unit.new_user_ref(domain_id=domain['id'])
ref_nd = ref.copy()
ref_nd.pop('domain_id')
auth = self.build_authentication_request(
@ -137,15 +134,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
# domain scoped token
domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain)
user = self.new_user_ref(domain_id=domain['id'])
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
user = unit.create_user(self.identity_api, domain_id=domain['id'])
self.assignment_api.create_grant(
role_id=self.role_id, user_id=user['id'],
domain_id=domain['id'])
ref = self.new_user_ref(domain_id=domain['id'])
ref = unit.new_user_ref(domain_id=domain['id'])
ref_nd = ref.copy()
ref_nd.pop('domain_id')
auth = self.build_authentication_request(
@ -180,7 +174,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_users_no_default_project(self):
"""Call ``GET /users`` making sure no default_project_id."""
user = self.new_user_ref(self.domain_id)
user = unit.new_user_ref(self.domain_id)
user = self.identity_api.create_user(user)
resource_url = '/users'
r = self.get(resource_url)
@ -195,7 +189,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_get_user_with_default_project(self):
"""Call ``GET /users/{user_id}`` making sure of default_project_id."""
user = self.new_user_ref(domain_id=self.domain_id,
user = unit.new_user_ref(domain_id=self.domain_id,
project_id=self.project_id)
user = self.identity_api.create_user(user)
r = self.get('/users/%(user_id)s' % {'user_id': user['id']})
@ -208,44 +202,39 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_groups_for_user(self):
"""Call ``GET /users/{user_id}/groups``."""
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
user2 = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
self.put('/groups/%(group_id)s/users/%(user_id)s' % {
'group_id': self.group_id, 'user_id': self.user1['id']})
'group_id': self.group_id, 'user_id': user1['id']})
# Scenarios below are written to test the default policy configuration
# One should be allowed to list one's own groups
auth = self.build_authentication_request(
user_id=self.user1['id'],
password=self.user1['password'])
user_id=user1['id'],
password=user1['password'])
resource_url = ('/users/%(user_id)s/groups' %
{'user_id': self.user1['id']})
{'user_id': user1['id']})
r = self.get(resource_url, auth=auth)
self.assertValidGroupListResponse(r, ref=self.group,
resource_url=resource_url)
# Administrator is allowed to list others' groups
resource_url = ('/users/%(user_id)s/groups' %
{'user_id': self.user1['id']})
{'user_id': user1['id']})
r = self.get(resource_url)
self.assertValidGroupListResponse(r, ref=self.group,
resource_url=resource_url)
# Ordinary users should not be allowed to list other's groups
auth = self.build_authentication_request(
user_id=self.user2['id'],
password=self.user2['password'])
user_id=user2['id'],
password=user2['password'])
r = self.get('/users/%(user_id)s/groups' % {
'user_id': self.user1['id']}, auth=auth,
'user_id': user1['id']}, auth=auth,
expected_status=exception.ForbiddenAction.code)
def test_check_user_in_group(self):
@ -276,7 +265,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_update_user(self):
"""Call ``PATCH /users/{user_id}``."""
user = self.new_user_ref(domain_id=self.domain_id)
user = unit.new_user_ref(domain_id=self.domain_id)
del user['id']
r = self.patch('/users/%(user_id)s' % {
'user_id': self.user['id']},
@ -285,14 +274,13 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_admin_password_reset(self):
# bootstrap a user as admin
user_ref = self.new_user_ref(domain_id=self.domain['id'])
password = user_ref['password']
user_ref = self.identity_api.create_user(user_ref)
user_ref = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
# auth as user should work before a password change
old_password_auth = self.build_authentication_request(
user_id=user_ref['id'],
password=password)
password=user_ref['password'])
r = self.v3_create_token(old_password_auth)
old_token = r.headers.get('X-Subject-Token')
@ -321,7 +309,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_update_user_domain_id(self):
"""Call ``PATCH /users/{user_id}`` with domain_id."""
user = self.new_user_ref(domain_id=self.domain['id'])
user = unit.new_user_ref(domain_id=self.domain['id'])
user = self.identity_api.create_user(user)
user['domain_id'] = CONF.identity.default_domain_id
r = self.patch('/users/%(user_id)s' % {
@ -348,12 +336,11 @@ class IdentityTestCase(test_v3.RestfulTestCase):
r = self.credential_api.get_credential(self.credential['id'])
self.assertDictEqual(self.credential, r)
# Create a second credential with a different user
self.user2 = self.new_user_ref(
domain_id=self.domain['id'],
project_id=self.project['id'])
self.user2 = self.identity_api.create_user(self.user2)
user2 = unit.new_user_ref(domain_id=self.domain['id'],
project_id=self.project['id'])
user2 = self.identity_api.create_user(user2)
self.credential2 = self.new_credential_ref(
user_id=self.user2['id'],
user_id=user2['id'],
project_id=self.project['id'])
self.credential_api.create_credential(
self.credential2['id'],
@ -449,7 +436,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
ref = self.new_user_ref(domain_id=self.domain_id)
ref = unit.new_user_ref(domain_id=self.domain_id)
self.post(
'/users',
body={'user': ref})
@ -463,59 +450,75 @@ class IdentityTestCase(test_v3.RestfulTestCase):
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
# bootstrap a user as admin
user_ref = self.new_user_ref(domain_id=self.domain['id'])
password = user_ref['password']
user_ref = self.identity_api.create_user(user_ref)
user_ref = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
self.assertNotIn(user_ref['password'], log_fix.output)
# administrative password reset
new_password = uuid.uuid4().hex
self.patch('/users/%s' % user_ref['id'],
body={'user': {'password': new_password}})
self.assertNotIn(password, log_fix.output)
self.assertNotIn(new_password, log_fix.output)
class IdentityV3toV2MethodsTestCase(unit.TestCase):
"""Test users V3 to V2 conversion methods."""
def new_user_ref(self, **kwargs):
"""Construct a bare bones user ref.
Omits all optional components.
"""
ref = unit.new_user_ref(**kwargs)
# description is already omitted
del ref['email']
del ref['enabled']
del ref['password']
return ref
def setUp(self):
super(IdentityV3toV2MethodsTestCase, self).setUp()
self.load_backends()
self.user_id = uuid.uuid4().hex
self.default_project_id = uuid.uuid4().hex
self.tenant_id = uuid.uuid4().hex
user_id = uuid.uuid4().hex
project_id = uuid.uuid4().hex
# User with only default_project_id in ref
self.user1 = {'id': self.user_id,
'name': self.user_id,
'default_project_id': self.default_project_id,
'domain_id': CONF.identity.default_domain_id}
self.user1 = self.new_user_ref(
id=user_id,
name=user_id,
project_id=project_id,
domain_id=CONF.identity.default_domain_id)
# User without default_project_id or tenantId in ref
self.user2 = {'id': self.user_id,
'name': self.user_id,
'domain_id': CONF.identity.default_domain_id}
self.user2 = self.new_user_ref(
id=user_id,
name=user_id,
domain_id=CONF.identity.default_domain_id)
# User with both tenantId and default_project_id in ref
self.user3 = {'id': self.user_id,
'name': self.user_id,
'default_project_id': self.default_project_id,
'tenantId': self.tenant_id,
'domain_id': CONF.identity.default_domain_id}
self.user3 = self.new_user_ref(
id=user_id,
name=user_id,
project_id=project_id,
tenantId=project_id,
domain_id=CONF.identity.default_domain_id)
# User with only tenantId in ref
self.user4 = {'id': self.user_id,
'name': self.user_id,
'tenantId': self.tenant_id,
'domain_id': CONF.identity.default_domain_id}
self.user4 = self.new_user_ref(
id=user_id,
name=user_id,
tenantId=project_id,
domain_id=CONF.identity.default_domain_id)
# Expected result if the user is meant to have a tenantId element
self.expected_user = {'id': self.user_id,
'name': self.user_id,
'username': self.user_id,
'tenantId': self.default_project_id}
self.expected_user = {'id': user_id,
'name': user_id,
'username': user_id,
'tenantId': project_id}
# Expected result if the user is not meant to have a tenantId element
self.expected_user_no_tenant_id = {'id': self.user_id,
'name': self.user_id,
'username': self.user_id}
self.expected_user_no_tenant_id = {'id': user_id,
'name': user_id,
'username': user_id}
def test_v3_to_v2_user_method(self):
@ -552,10 +555,8 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
def setUp(self):
super(UserSelfServiceChangingPasswordsTestCase, self).setUp()
self.user_ref = self.new_user_ref(domain_id=self.domain['id'])
password = self.user_ref['password']
self.user_ref = self.identity_api.create_user(self.user_ref)
self.user_ref['password'] = password
self.user_ref = unit.create_user(self.identity_api,
domain_id=self.domain['id'])
self.token = self.get_request_token(self.user_ref['password'],
http_client.CREATED)

3
keystone/tests/unit/test_v3_oauth1.py
View File

@ -25,6 +25,7 @@ from keystone.contrib import oauth1
from keystone.contrib.oauth1 import controllers
from keystone.contrib.oauth1 import core
from keystone import exception
from keystone.tests import unit
from keystone.tests.unit.common import test_notifications
from keystone.tests.unit.ksfixtures import temporaryfile
from keystone.tests.unit import test_v3
@ -388,7 +389,7 @@ class AuthTokenTests(OAuthFlowTests):
self.assertEqual(self.role_id, roles_list[0]['id'])
# verify that the token can perform delegated tasks
ref = self.new_user_ref(domain_id=self.domain_id)
ref = unit.new_user_ref(domain_id=self.domain_id)
r = self.admin_request(path='/v3/users', headers=headers,
method='POST', body={'user': ref})
self.assertValidUserResponse(r, ref)

87
keystone/tests/unit/test_v3_protection.py
View File

@ -74,23 +74,12 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
self.resource_api.create_domain(self.domainC['id'], self.domainC)
# Now create some users, one in domainA and two of them in domainB
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
password = uuid.uuid4().hex
self.user1['password'] = password
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
password = uuid.uuid4().hex
self.user2['password'] = password
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
password = uuid.uuid4().hex
self.user3['password'] = password
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.user1 = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
self.user2 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.user3 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
self.group1 = self.identity_api.create_group(self.group1)
@ -347,26 +336,15 @@ class IdentityTestPolicySample(test_v3.RestfulTestCase):
def load_sample_data(self):
self._populate_default_domain()
self.just_a_user = self.new_user_ref(
self.just_a_user = unit.create_user(
self.identity_api,
domain_id=CONF.identity.default_domain_id)
password = uuid.uuid4().hex
self.just_a_user['password'] = password
self.just_a_user = self.identity_api.create_user(self.just_a_user)
self.just_a_user['password'] = password
self.another_user = self.new_user_ref(
self.another_user = unit.create_user(
self.identity_api,
domain_id=CONF.identity.default_domain_id)
password = uuid.uuid4().hex
self.another_user['password'] = password
self.another_user = self.identity_api.create_user(self.another_user)
self.another_user['password'] = password
self.admin_user = self.new_user_ref(
self.admin_user = unit.create_user(
self.identity_api,
domain_id=CONF.identity.default_domain_id)
password = uuid.uuid4().hex
self.admin_user['password'] = password
self.admin_user = self.identity_api.create_user(self.admin_user)
self.admin_user['password'] = password
self.role = unit.new_role_ref()
self.role_api.create_role(self.role['id'], self.role)
@ -626,32 +604,18 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
self.admin_domain)
# And our users
self.cloud_admin_user = self.new_user_ref(
self.cloud_admin_user = unit.create_user(
self.identity_api,
domain_id=self.admin_domain['id'])
password = uuid.uuid4().hex
self.cloud_admin_user['password'] = password
self.cloud_admin_user = (
self.identity_api.create_user(self.cloud_admin_user))
self.cloud_admin_user['password'] = password
self.just_a_user = self.new_user_ref(domain_id=self.domainA['id'])
password = uuid.uuid4().hex
self.just_a_user['password'] = password
self.just_a_user = self.identity_api.create_user(self.just_a_user)
self.just_a_user['password'] = password
self.domain_admin_user = self.new_user_ref(
self.just_a_user = unit.create_user(
self.identity_api,
domain_id=self.domainA['id'])
password = uuid.uuid4().hex
self.domain_admin_user['password'] = password
self.domain_admin_user = (
self.identity_api.create_user(self.domain_admin_user))
self.domain_admin_user['password'] = password
self.project_admin_user = self.new_user_ref(
self.domain_admin_user = unit.create_user(
self.identity_api,
domain_id=self.domainA['id'])
self.project_admin_user = unit.create_user(
self.identity_api,
domain_id=self.domainA['id'])
password = uuid.uuid4().hex
self.project_admin_user['password'] = password
self.project_admin_user = (
self.identity_api.create_user(self.project_admin_user))
self.project_admin_user['password'] = password
# The admin role and another plain role
self.admin_role = unit.new_role_ref(name='admin')
@ -706,7 +670,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
self.delete(entity_url, auth=self.auth,
expected_status=status_no_data)
user_ref = self.new_user_ref(domain_id=domain_id)
user_ref = unit.new_user_ref(domain_id=domain_id)
self.post('/users', auth=self.auth, body={'user': user_ref},
expected_status=status_created)
@ -1079,9 +1043,8 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
def test_get_and_delete_ec2_credentials(self):
"""Tests getting and deleting ec2 credentials through the ec2 API."""
another_user = self.new_user_ref(domain_id=self.domainA['id'])
password = another_user['password']
another_user = self.identity_api.create_user(another_user)
another_user = unit.create_user(self.identity_api,
domain_id=self.domainA['id'])
# create a credential for just_a_user
just_user_auth = self.build_authentication_request(
@ -1095,7 +1058,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
# another normal user can't get the credential
another_user_auth = self.build_authentication_request(
user_id=another_user['id'],
password=password)
password=another_user['password'])
another_user_url = '/users/%s/credentials/OS-EC2/%s' % (
another_user['id'], r.result['credential']['access'])
self.get(another_user_url, auth=another_user_auth,

9
keystone/tests/unit/test_validation.py
View File

@ -1717,13 +1717,8 @@ class UserValidationTestCase(unit.BaseTestCase):
def test_validate_user_create_with_all_valid_parameters_succeeds(self):
"""Test that validating a user create request succeeds."""
request_to_validate = {'name': self.user_name,
'default_project_id': uuid.uuid4().hex,
'domain_id': uuid.uuid4().hex,
'description': uuid.uuid4().hex,
'enabled': True,
'email': uuid.uuid4().hex,
'password': uuid.uuid4().hex}
request_to_validate = unit.new_user_ref(domain_id=uuid.uuid4().hex,
name=self.user_name)
self.create_user_validator.validate(request_to_validate)
def test_validate_user_create_fails_without_name(self):