From 5784285e9fb90be73ce6055165656e4bf47e6aad Mon Sep 17 00:00:00 2001 From: Sean Perry Date: Tue, 10 Nov 2015 16:25:02 -0800 Subject: [PATCH] Use unit.new_user_ref consistently Replace all hand created user refs with calls to new_user_ref(). Note: LDAP live testing code will be updated in a follow on patch. They require more testing before submission. Change-Id: I73b1d869534ac3a1bcd2404ef1dd3a0d5b7ea518 --- .../tests/unit/common/test_notifications.py | 14 +- keystone/tests/unit/core.py | 21 +- keystone/tests/unit/test_auth.py | 14 +- keystone/tests/unit/test_backend.py | 301 ++++++------------ keystone/tests/unit/test_backend_ldap.py | 194 ++++------- keystone/tests/unit/test_backend_sql.py | 41 +-- keystone/tests/unit/test_cert_setup.py | 10 +- keystone/tests/unit/test_ldap_livetest.py | 1 + .../tests/unit/test_ldap_pool_livetest.py | 1 + keystone/tests/unit/test_ldap_tls_livetest.py | 4 + keystone/tests/unit/test_middleware.py | 40 +-- keystone/tests/unit/test_v2_keystoneclient.py | 1 + keystone/tests/unit/test_v3.py | 18 +- keystone/tests/unit/test_v3_assignment.py | 182 ++++------- keystone/tests/unit/test_v3_auth.py | 139 +++----- keystone/tests/unit/test_v3_credential.py | 3 +- keystone/tests/unit/test_v3_filters.py | 21 +- keystone/tests/unit/test_v3_identity.py | 157 ++++----- keystone/tests/unit/test_v3_oauth1.py | 3 +- keystone/tests/unit/test_v3_protection.py | 87 ++--- keystone/tests/unit/test_validation.py | 9 +- 21 files changed, 469 insertions(+), 792 deletions(-) diff --git a/keystone/tests/unit/common/test_notifications.py b/keystone/tests/unit/common/test_notifications.py index 5fc8026fa7..eead7cc1cd 100644 --- a/keystone/tests/unit/common/test_notifications.py +++ b/keystone/tests/unit/common/test_notifications.py @@ -338,16 +338,16 @@ class NotificationsForEntities(BaseNotificationTest): cadftaxonomy.SECURITY_ROLE) def test_create_user(self): - user_ref = self.new_user_ref(domain_id=self.domain_id) + user_ref = unit.new_user_ref(domain_id=self.domain_id) user_ref = self.identity_api.create_user(user_ref) self._assert_last_note(user_ref['id'], CREATED_OPERATION, 'user') self._assert_last_audit(user_ref['id'], CREATED_OPERATION, 'user', cadftaxonomy.SECURITY_ACCOUNT_USER) def test_create_trust(self): - trustor = self.new_user_ref(domain_id=self.domain_id) + trustor = unit.new_user_ref(domain_id=self.domain_id) trustor = self.identity_api.create_user(trustor) - trustee = self.new_user_ref(domain_id=self.domain_id) + trustee = unit.new_user_ref(domain_id=self.domain_id) trustee = self.identity_api.create_user(trustee) role_ref = unit.new_role_ref() self.role_api.create_role(role_ref['id'], role_ref) @@ -387,7 +387,7 @@ class NotificationsForEntities(BaseNotificationTest): cadftaxonomy.SECURITY_ROLE) def test_delete_user(self): - user_ref = self.new_user_ref(domain_id=self.domain_id) + user_ref = unit.new_user_ref(domain_id=self.domain_id) user_ref = self.identity_api.create_user(user_ref) self.identity_api.delete_user(user_ref['id']) self._assert_last_note(user_ref['id'], DELETED_OPERATION, 'user') @@ -421,9 +421,9 @@ class NotificationsForEntities(BaseNotificationTest): cadftaxonomy.SECURITY_DOMAIN) def test_delete_trust(self): - trustor = self.new_user_ref(domain_id=self.domain_id) + trustor = unit.new_user_ref(domain_id=self.domain_id) trustor = self.identity_api.create_user(trustor) - trustee = self.new_user_ref(domain_id=self.domain_id) + trustee = unit.new_user_ref(domain_id=self.domain_id) trustee = self.identity_api.create_user(trustee) role_ref = unit.new_role_ref() trust_ref = self.new_trust_ref(trustor['id'], trustee['id']) @@ -616,7 +616,7 @@ class NotificationsForEntities(BaseNotificationTest): cadftaxonomy.SECURITY_ROLE) def test_update_user(self): - user_ref = self.new_user_ref(domain_id=self.domain_id) + user_ref = unit.new_user_ref(domain_id=self.domain_id) user_ref = self.identity_api.create_user(user_ref) self.identity_api.update_user(user_ref['id'], user_ref) self._assert_last_note(user_ref['id'], UPDATED_OPERATION, 'user') diff --git a/keystone/tests/unit/core.py b/keystone/tests/unit/core.py index acf4763e8f..28b532de31 100644 --- a/keystone/tests/unit/core.py +++ b/keystone/tests/unit/core.py @@ -312,13 +312,18 @@ def new_project_ref(domain_id=None, parent_id=None, is_domain=False): return ref -def new_user_ref(domain_id, project_id=None): +def new_user_ref(domain_id, project_id=None, **kwargs): ref = new_ref() + + # do not include by default, allow user to add with kwargs + del ref['description'] + ref['domain_id'] = domain_id ref['email'] = uuid.uuid4().hex ref['password'] = uuid.uuid4().hex if project_id: ref['default_project_id'] = project_id + ref.update(**kwargs) return ref @@ -400,6 +405,20 @@ def new_trust_ref(trustor_user_id, trustee_user_id, project_id=None, return ref +def create_user(api, domain_id, **kwargs): + """Create a user via the API. Keep the created password. + + The password is saved and restored when api.create_user() is called. + Only use this routine if there is a requirement for the user object to + have a valid password after api.create_user() is called. + """ + user = new_user_ref(domain_id=domain_id, **kwargs) + password = user['password'] + user = api.create_user(user) + user['password'] = password + return user + + class BaseTestCase(oslotest.BaseTestCase): """Light weight base test class. diff --git a/keystone/tests/unit/test_auth.py b/keystone/tests/unit/test_auth.py index c1c3ed5745..d34054a4a8 100644 --- a/keystone/tests/unit/test_auth.py +++ b/keystone/tests/unit/test_auth.py @@ -715,15 +715,9 @@ class AuthWithPasswordCredentials(AuthTest): # 2) Create user "foo" in new domain with different password than # default-domain foo. - new_user_password = uuid.uuid4().hex - new_user = { - 'name': self.user_foo['name'], - 'domain_id': new_domain_id, - 'password': new_user_password, - 'email': 'foo@bar2.com', - } - - new_user = self.identity_api.create_user(new_user) + new_user = unit.create_user(self.identity_api, + name=self.user_foo['name'], + domain_id=new_domain_id) # 3) Update the default_domain_id config option to the new domain @@ -734,7 +728,7 @@ class AuthWithPasswordCredentials(AuthTest): body_dict = _build_user_auth( username=self.user_foo['name'], - password=new_user_password) + password=new_user['password']) # The test is successful if this doesn't raise, so no need to assert. self.controller.authenticate({}, body_dict) diff --git a/keystone/tests/unit/test_backend.py b/keystone/tests/unit/test_backend.py index 0d41dd73d8..273bd87f24 100644 --- a/keystone/tests/unit/test_backend.py +++ b/keystone/tests/unit/test_backend.py @@ -198,7 +198,7 @@ class AssignmentTestHelperMixin(object): def _create_entity_in_domain(entity_type, domain_id): """Create a user or group entity in the domain.""" if entity_type == 'users': - new_entity = {'name': uuid.uuid4().hex, 'domain_id': domain_id} + new_entity = unit.new_user_ref(domain_id=domain_id) new_entity = self.identity_api.create_user(new_entity) elif entity_type == 'groups': new_entity = unit.new_group_ref(domain_id=domain_id) @@ -479,11 +479,12 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertDictEqual(self.user_sna, user_ref) def test_authenticate_and_get_roles_no_metadata(self): - user = { - 'name': 'NO_META', - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': 'no_meta2', - } + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) + + # Remove user id. It is ignored by create_user() and will break the + # subset test below. + del user['id'] + new_user = self.identity_api.create_user(user) self.assignment_api.add_user_to_project(self.tenant_baz['id'], new_user['id']) @@ -504,10 +505,7 @@ class IdentityTests(AssignmentTestHelperMixin): def test_authenticate_if_no_password_set(self): id_ = uuid.uuid4().hex - user = { - 'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - } + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) self.identity_api.create_user(user) self.assertRaises(AssertionError, @@ -518,9 +516,8 @@ class IdentityTests(AssignmentTestHelperMixin): def test_create_unicode_user_name(self): unicode_name = u'name \u540d\u5b57' - user = {'name': unicode_name, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex} + user = unit.new_user_ref(name=unicode_name, + domain_id=DEFAULT_DOMAIN_ID) ref = self.identity_api.create_user(user) self.assertEqual(unicode_name, ref['name']) @@ -554,11 +551,7 @@ class IdentityTests(AssignmentTestHelperMixin): def test_list_user_ids_for_project_no_duplicates(self): # Create user - user_ref = { - 'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex, - 'enabled': True} + user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user_ref = self.identity_api.create_user(user_ref) # Create project project_ref = { @@ -596,10 +589,7 @@ class IdentityTests(AssignmentTestHelperMixin): @unit.skip_if_cache_disabled('identity') def test_cache_layer_get_user(self): - user = { - 'name': uuid.uuid4().hex.lower(), - 'domain_id': DEFAULT_DOMAIN_ID - } + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) self.identity_api.create_user(user) ref = self.identity_api.get_user_by_name(user['name'], user['domain_id']) @@ -614,11 +604,8 @@ class IdentityTests(AssignmentTestHelperMixin): self.identity_api.get_user.invalidate(self.identity_api, ref['id']) self.assertRaises(exception.UserNotFound, self.identity_api.get_user, ref['id']) - user = { - 'name': uuid.uuid4().hex.lower(), - 'domain_id': DEFAULT_DOMAIN_ID - } - self.identity_api.create_user(user) + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) + user = self.identity_api.create_user(user) ref = self.identity_api.get_user_by_name(user['name'], user['domain_id']) user['description'] = uuid.uuid4().hex @@ -648,10 +635,7 @@ class IdentityTests(AssignmentTestHelperMixin): @unit.skip_if_cache_disabled('identity') def test_cache_layer_get_user_by_name(self): - user = { - 'name': uuid.uuid4().hex.lower(), - 'domain_id': DEFAULT_DOMAIN_ID - } + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) self.identity_api.create_user(user) ref = self.identity_api.get_user_by_name(user['name'], user['domain_id']) @@ -667,11 +651,8 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertRaises(exception.UserNotFound, self.identity_api.get_user_by_name, user['name'], DEFAULT_DOMAIN_ID) - user = { - 'name': uuid.uuid4().hex.lower(), - 'domain_id': DEFAULT_DOMAIN_ID - } - self.identity_api.create_user(user) + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) + user = self.identity_api.create_user(user) ref = self.identity_api.get_user_by_name(user['name'], user['domain_id']) user['description'] = uuid.uuid4().hex @@ -689,10 +670,7 @@ class IdentityTests(AssignmentTestHelperMixin): DEFAULT_DOMAIN_ID) def test_create_duplicate_user_name_fails(self): - user = {'name': 'fake1', - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': 'fakepass', - 'tenants': ['bar']} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.assertRaises(exception.Conflict, self.identity_api.create_user, @@ -701,12 +679,11 @@ class IdentityTests(AssignmentTestHelperMixin): def test_create_duplicate_user_name_in_different_domains(self): new_domain = unit.new_domain_ref() self.resource_api.create_domain(new_domain['id'], new_domain) - user1 = {'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex} - user2 = {'name': user1['name'], - 'domain_id': new_domain['id'], - 'password': uuid.uuid4().hex} + user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) + + user2 = unit.new_user_ref(name=user1['name'], + domain_id=new_domain['id']) + self.identity_api.create_user(user1) self.identity_api.create_user(user2) @@ -715,9 +692,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.resource_api.create_domain(domain1['id'], domain1) domain2 = unit.new_domain_ref() self.resource_api.create_domain(domain2['id'], domain2) - user = {'name': uuid.uuid4().hex, - 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex} + user = unit.new_user_ref(domain_id=domain1['id']) user = self.identity_api.create_user(user) user['domain_id'] = domain2['id'] self.identity_api.update_user(user['id'], user) @@ -731,15 +706,12 @@ class IdentityTests(AssignmentTestHelperMixin): domain2 = unit.new_domain_ref() self.resource_api.create_domain(domain2['id'], domain2) # First, create a user in domain1 - user1 = {'name': uuid.uuid4().hex, - 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) # Now create a user in domain2 with a potentially clashing # name - which should work since we have domain separation - user2 = {'name': user1['name'], - 'domain_id': domain2['id'], - 'password': uuid.uuid4().hex} + user2 = unit.new_user_ref(name=user1['name'], + domain_id=domain2['id']) user2 = self.identity_api.create_user(user2) # Now try and move user1 into the 2nd domain - which should # fail since the names clash @@ -750,27 +722,18 @@ class IdentityTests(AssignmentTestHelperMixin): user1) def test_rename_duplicate_user_name_fails(self): - user1 = {'name': 'fake1', - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': 'fakepass', - 'tenants': ['bar']} - user2 = {'name': 'fake2', - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': 'fakepass', - 'tenants': ['bar']} + user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) + user2 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) self.identity_api.create_user(user1) user2 = self.identity_api.create_user(user2) - user2['name'] = 'fake1' + user2['name'] = user1['name'] self.assertRaises(exception.Conflict, self.identity_api.update_user, user2['id'], user2) def test_update_user_id_fails(self): - user = {'name': 'fake1', - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': 'fakepass', - 'tenants': ['bar']} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) original_id = user['id'] user['id'] = 'fake2' @@ -965,10 +928,7 @@ class IdentityTests(AssignmentTestHelperMixin): - Check the role list get by the user and project was as expected """ - user_ref = {'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex, - 'enabled': True} + user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user_ref = self.identity_api.create_user(user_ref) project_ref = {'id': uuid.uuid4().hex, @@ -1032,11 +992,9 @@ class IdentityTests(AssignmentTestHelperMixin): """ new_domain = unit.new_domain_ref() self.resource_api.create_domain(new_domain['id'], new_domain) - new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user1 = unit.new_user_ref(domain_id=new_domain['id']) new_user1 = self.identity_api.create_user(new_user1) - new_user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user2 = unit.new_user_ref(domain_id=new_domain['id']) new_user2 = self.identity_api.create_user(new_user2) roles_ref = self.assignment_api.list_grants( user_id=new_user1['id'], @@ -1081,8 +1039,7 @@ class IdentityTests(AssignmentTestHelperMixin): """ new_domain = self._get_domain_fixture() - new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user1 = unit.new_user_ref(domain_id=new_domain['id']) new_user1 = self.identity_api.create_user(new_user1) self.assertRaises(exception.UserNotFound, @@ -1247,8 +1204,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.resource_api.create_domain(new_domain['id'], new_domain) new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'password': 'secret', - 'enabled': True, 'domain_id': new_domain['id']} + new_user = unit.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -1282,8 +1238,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.resource_api.create_domain(new_domain['id'], new_domain) new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user = unit.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -1325,11 +1280,9 @@ class IdentityTests(AssignmentTestHelperMixin): new_group = self.identity_api.create_group(new_group) new_group2 = unit.new_group_ref(domain_id=new_domain['id']) new_group2 = self.identity_api.create_group(new_group2) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user = unit.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) - new_user2 = {'name': 'new_user2', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user2 = unit.new_user_ref(domain_id=new_domain['id']) new_user2 = self.identity_api.create_user(new_user2) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -1375,8 +1328,7 @@ class IdentityTests(AssignmentTestHelperMixin): def test_get_and_remove_role_grant_by_user_and_domain(self): new_domain = unit.new_domain_ref() self.resource_api.create_domain(new_domain['id'], new_domain) - new_user = {'name': 'new_user', 'password': 'secret', - 'enabled': True, 'domain_id': new_domain['id']} + new_user = unit.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) roles_ref = self.assignment_api.list_grants( user_id=new_user['id'], @@ -1461,8 +1413,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.resource_api.create_domain(domain1['id'], domain1) domain2 = unit.new_domain_ref() self.resource_api.create_domain(domain2['id'], domain2) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) roles_ref = self.assignment_api.list_grants( user_id=user1['id'], @@ -1552,8 +1503,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.resource_api.create_domain(domain1['id'], domain1) domain2 = unit.new_domain_ref() self.resource_api.create_domain(domain2['id'], domain2) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} @@ -1621,8 +1571,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertRaises(exception.RoleNotFound, f, role_id=uuid.uuid4().hex, **kwargs) - user = {'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex, 'enabled': True} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user_resp = self.identity_api.create_user(user) group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) group_resp = self.identity_api.create_group(group) @@ -1654,8 +1603,7 @@ class IdentityTests(AssignmentTestHelperMixin): role_list.append(role) domain1 = unit.new_domain_ref() self.resource_api.create_domain(domain1['id'], domain1) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = self.identity_api.create_group(group1) @@ -1761,8 +1709,7 @@ class IdentityTests(AssignmentTestHelperMixin): role_list.append(role) domain1 = unit.new_domain_ref() self.resource_api.create_domain(domain1['id'], domain1) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = self.identity_api.create_group(group1) @@ -1824,8 +1771,7 @@ class IdentityTests(AssignmentTestHelperMixin): project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} self.resource_api.create_project(project1['id'], project1) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = self.identity_api.create_group(group1) @@ -1883,8 +1829,7 @@ class IdentityTests(AssignmentTestHelperMixin): project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} self.resource_api.create_project(project1['id'], project1) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = self.identity_api.create_group(group1) @@ -1921,8 +1866,7 @@ class IdentityTests(AssignmentTestHelperMixin): project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} self.resource_api.create_project(project1['id'], project1) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = self.identity_api.create_group(group1) @@ -2132,9 +2076,7 @@ class IdentityTests(AssignmentTestHelperMixin): 'domain_id': DEFAULT_DOMAIN_ID}) def test_delete_user_with_project_association(self): - user = {'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.assignment_api.add_user_to_project(self.tenant_bar['id'], user['id']) @@ -2144,9 +2086,7 @@ class IdentityTests(AssignmentTestHelperMixin): user['id']) def test_delete_user_with_project_roles(self): - user = {'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.assignment_api.add_role_to_user_and_project( user['id'], @@ -2254,22 +2194,21 @@ class IdentityTests(AssignmentTestHelperMixin): tenant) def test_create_user_long_name_fails(self): - user = {'name': 'a' * 256, - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(name='a' * 256, + domain_id=DEFAULT_DOMAIN_ID) self.assertRaises(exception.ValidationError, self.identity_api.create_user, user) def test_create_user_blank_name_fails(self): - user = {'name': '', - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(name='', + domain_id=DEFAULT_DOMAIN_ID) self.assertRaises(exception.ValidationError, self.identity_api.create_user, user) def test_create_user_missed_password(self): - user = {'name': 'fake1', - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.identity_api.get_user(user['id']) # Make sure the user is not allowed to login @@ -2286,8 +2225,8 @@ class IdentityTests(AssignmentTestHelperMixin): password=None) def test_create_user_none_password(self): - user = {'name': 'fake1', 'password': None, - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(password=None, + domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.identity_api.get_user(user['id']) # Make sure the user is not allowed to login @@ -2304,14 +2243,14 @@ class IdentityTests(AssignmentTestHelperMixin): password=None) def test_create_user_invalid_name_fails(self): - user = {'name': None, - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(name=None, + domain_id=DEFAULT_DOMAIN_ID) self.assertRaises(exception.ValidationError, self.identity_api.create_user, user) - user = {'name': 123, - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(name=123, + domain_id=DEFAULT_DOMAIN_ID) self.assertRaises(exception.ValidationError, self.identity_api.create_user, user) @@ -2354,18 +2293,15 @@ class IdentityTests(AssignmentTestHelperMixin): project) def test_create_user_invalid_enabled_type_string(self): - user = {'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex, - # invalid string value - 'enabled': "true"} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID, + # invalid string value + enabled='true') self.assertRaises(exception.ValidationError, self.identity_api.create_user, user) def test_update_user_long_name_fails(self): - user = {'name': 'fake1', - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) user['name'] = 'a' * 256 self.assertRaises(exception.ValidationError, @@ -2374,8 +2310,7 @@ class IdentityTests(AssignmentTestHelperMixin): user) def test_update_user_blank_name_fails(self): - user = {'name': 'fake1', - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) user['name'] = '' self.assertRaises(exception.ValidationError, @@ -2384,8 +2319,7 @@ class IdentityTests(AssignmentTestHelperMixin): user) def test_update_user_invalid_name_fails(self): - user = {'name': 'fake1', - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) user['name'] = None @@ -2876,15 +2810,13 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertDictEqual(original_project, new_project) def test_create_user_doesnt_modify_passed_in_dict(self): - new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID} + new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) original_user = new_user.copy() self.identity_api.create_user(new_user) self.assertDictEqual(original_user, new_user) def test_update_user_enable(self): - user = {'name': 'fake1', 'enabled': True, - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) user_ref = self.identity_api.get_user(user['id']) self.assertTrue(user_ref['enabled']) @@ -2923,9 +2855,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertTrue(user_ref['enabled']) def test_update_user_name(self): - user = {'name': uuid.uuid4().hex, - 'enabled': True, - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) user_ref = self.identity_api.get_user(user['id']) self.assertEqual(user['name'], user_ref['name']) @@ -2946,14 +2876,13 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertEqual(changed_name, user_ref['name']) def test_update_user_enable_fails(self): - user = {'name': 'fake1', 'enabled': True, - 'domain_id': DEFAULT_DOMAIN_ID} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) user_ref = self.identity_api.get_user(user['id']) self.assertTrue(user_ref['enabled']) # Strings are not valid boolean values - user['enabled'] = "false" + user['enabled'] = 'false' self.assertRaises(exception.ValidationError, self.identity_api.update_user, user['id'], @@ -2991,8 +2920,7 @@ class IdentityTests(AssignmentTestHelperMixin): domain = self._get_domain_fixture() new_group = unit.new_group_ref(domain_id=domain['id']) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = unit.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -3006,8 +2934,7 @@ class IdentityTests(AssignmentTestHelperMixin): def test_add_user_to_group_returns_not_found(self): domain = self._get_domain_fixture() - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = unit.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) self.assertRaises(exception.GroupNotFound, self.identity_api.add_user_to_group, @@ -3030,8 +2957,7 @@ class IdentityTests(AssignmentTestHelperMixin): domain = self._get_domain_fixture() new_group = unit.new_group_ref(domain_id=domain['id']) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = unit.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -3042,8 +2968,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertRaises(exception.DomainNotFound, self.identity_api.create_group, new_group) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': "doesnotexist"} + new_user = unit.new_user_ref(domain_id="doesnotexist") self.assertRaises(exception.DomainNotFound, self.identity_api.create_user, new_user) @@ -3052,8 +2977,7 @@ class IdentityTests(AssignmentTestHelperMixin): new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID} + new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) new_user = self.identity_api.create_user(new_user) self.assertRaises(exception.NotFound, @@ -3062,8 +2986,7 @@ class IdentityTests(AssignmentTestHelperMixin): new_group['id']) def test_check_user_in_group_returns_not_found(self): - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID} + new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) new_user = self.identity_api.create_user(new_user) new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) @@ -3093,8 +3016,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertEqual([], user_refs) # Make sure we get the correct users back once they have been added # to the group. - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = unit.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -3119,8 +3041,7 @@ class IdentityTests(AssignmentTestHelperMixin): USER_COUNT = 2 for x in range(0, USER_COUNT): - new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = unit.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) test_users.append(new_user) positive_user = test_users[0] @@ -3179,8 +3100,7 @@ class IdentityTests(AssignmentTestHelperMixin): domain = self._get_domain_fixture() new_group = unit.new_group_ref(domain_id=domain['id']) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = unit.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -3193,8 +3113,7 @@ class IdentityTests(AssignmentTestHelperMixin): def test_remove_user_from_group_returns_not_found(self): domain = self._get_domain_fixture() - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = unit.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) new_group = unit.new_group_ref(domain_id=domain['id']) new_group = self.identity_api.create_group(new_group) @@ -3700,8 +3619,8 @@ class IdentityTests(AssignmentTestHelperMixin): assert_key_equals(value) def test_user_crud(self): - user_dict = {'domain_id': DEFAULT_DOMAIN_ID, - 'name': uuid.uuid4().hex, 'password': 'passw0rd'} + user_dict = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) + del user_dict['id'] user = self.identity_api.create_user(user_dict) user_ref = self.identity_api.get_user(user['id']) del user_dict['password'] @@ -3723,8 +3642,7 @@ class IdentityTests(AssignmentTestHelperMixin): def test_list_projects_for_user(self): domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain['id']) user1 = self.identity_api.create_user(user1) user_projects = self.assignment_api.list_projects_for_user(user1['id']) self.assertEqual(0, len(user_projects)) @@ -3743,8 +3661,7 @@ class IdentityTests(AssignmentTestHelperMixin): # should now be included, along with any direct user grants. domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain['id']) group1 = self.identity_api.create_group(group1) @@ -3912,16 +3829,10 @@ class IdentityTests(AssignmentTestHelperMixin): self.resource_api.get_project, project_id) - def create_user_dict(self, **attributes): - user_dict = {'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'enabled': True} - user_dict.update(attributes) - return user_dict - def test_arbitrary_attributes_are_returned_from_create_user(self): attr_value = uuid.uuid4().hex - user_data = self.create_user_dict(arbitrary_attr=attr_value) + user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID, + arbitrary_attr=attr_value) user = self.identity_api.create_user(user_data) @@ -3929,7 +3840,8 @@ class IdentityTests(AssignmentTestHelperMixin): def test_arbitrary_attributes_are_returned_from_get_user(self): attr_value = uuid.uuid4().hex - user_data = self.create_user_dict(arbitrary_attr=attr_value) + user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID, + arbitrary_attr=attr_value) user_data = self.identity_api.create_user(user_data) @@ -3937,7 +3849,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertEqual(attr_value, user['arbitrary_attr']) def test_new_arbitrary_attributes_are_returned_from_update_user(self): - user_data = self.create_user_dict() + user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user_data) attr_value = uuid.uuid4().hex @@ -3948,7 +3860,8 @@ class IdentityTests(AssignmentTestHelperMixin): def test_updated_arbitrary_attributes_are_returned_from_update_user(self): attr_value = uuid.uuid4().hex - user_data = self.create_user_dict(arbitrary_attr=attr_value) + user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID, + arbitrary_attr=attr_value) new_attr_value = uuid.uuid4().hex user = self.identity_api.create_user(user_data) @@ -4010,11 +3923,7 @@ class IdentityTests(AssignmentTestHelperMixin): self.assertDictEqual(updated_project_ref, project_ref) def test_user_update_and_user_get_return_same_response(self): - user = { - 'name': uuid.uuid4().hex, - 'domain_id': CONF.identity.default_domain_id, - 'description': uuid.uuid4().hex, - 'enabled': True} + user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id) user = self.identity_api.create_user(user) @@ -4784,9 +4693,7 @@ class TokenTests(object): class TokenCacheInvalidation(object): def _create_test_data(self): - self.user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, - 'password': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True} + self.user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) self.tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True} @@ -5826,8 +5733,7 @@ class InheritanceTests(AssignmentTestHelperMixin): role_list.append(role) domain1 = unit.new_domain_ref() self.resource_api.create_domain(domain1['id'], domain1) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} @@ -5936,8 +5842,7 @@ class InheritanceTests(AssignmentTestHelperMixin): role_list.append(role) domain1 = unit.new_domain_ref() self.resource_api.create_domain(domain1['id'], domain1) - user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain1['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = self.identity_api.create_group(group1) @@ -6042,8 +5947,7 @@ class InheritanceTests(AssignmentTestHelperMixin): self.config_fixture.config(group='os_inherit', enabled=True) domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain['id']) user1 = self.identity_api.create_user(user1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain['id']} @@ -6130,8 +6034,7 @@ class InheritanceTests(AssignmentTestHelperMixin): 'is_domain': False} self.resource_api.create_project(leaf_project['id'], leaf_project) - user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) # Grant inherited user role @@ -6234,8 +6137,7 @@ class InheritanceTests(AssignmentTestHelperMixin): project4 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} self.resource_api.create_project(project4['id'], project4) - user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user1 = unit.new_user_ref(domain_id=domain['id']) user1 = self.identity_api.create_user(user1) group1 = unit.new_group_ref(domain_id=domain['id']) group1 = self.identity_api.create_group(group1) @@ -6339,8 +6241,7 @@ class InheritanceTests(AssignmentTestHelperMixin): 'is_domain': False} self.resource_api.create_project(leaf_project['id'], leaf_project) - user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) diff --git a/keystone/tests/unit/test_backend_ldap.py b/keystone/tests/unit/test_backend_ldap.py index 952ba5a27a..30a9b09b4e 100644 --- a/keystone/tests/unit/test_backend_ldap.py +++ b/keystone/tests/unit/test_backend_ldap.py @@ -142,6 +142,13 @@ class BaseLDAPIdentity(test_backend.IdentityTests): config_files.append(unit.dirs.tests_conf('backend_ldap.conf')) return config_files + def new_user_ref(self, domain_id, project_id=None, **kwargs): + ref = unit.new_user_ref(domain_id=domain_id, project_id=project_id, + **kwargs) + if 'id' not in kwargs: + del ref['id'] + return ref + def get_user_enabled_vals(self, user): user_dn = ( self.identity_api.driver.user._id_to_dn_string(user['id'])) @@ -163,10 +170,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn) def test_configurable_allowed_user_actions(self): - user = {'name': u'fäké1', - 'password': u'fäképass1', - 'domain_id': CONF.identity.default_domain_id, - 'tenants': ['bar']} + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user = self.identity_api.create_user(user) self.identity_api.get_user(user['id']) @@ -185,10 +189,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): driver.user.allow_update = False driver.user.allow_delete = False - user = {'name': u'fäké1', - 'password': u'fäképass1', - 'domain_id': CONF.identity.default_domain_id, - 'tenants': ['bar']} + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id) self.assertRaises(exception.ForbiddenAction, self.identity_api.create_user, user) @@ -253,8 +254,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): new_domain = self._get_domain_fixture() new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'enabled': True, - 'domain_id': new_domain['id']} + new_user = self.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -328,8 +328,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): def test_list_projects_for_user(self): domain = self._get_domain_fixture() - user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user1 = self.new_user_ref(domain_id=domain['id']) user1 = self.identity_api.create_user(user1) user_projects = self.assignment_api.list_projects_for_user(user1['id']) self.assertThat(user_projects, matchers.HasLength(0)) @@ -346,8 +345,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): self.assertThat(user_projects, matchers.HasLength(2)) # Now, check number of projects through groups - user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user2 = self.new_user_ref(domain_id=domain['id']) user2 = self.identity_api.create_user(user2) group1 = unit.new_group_ref(domain_id=domain['id']) @@ -376,8 +374,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): def test_list_projects_for_user_and_groups(self): domain = self._get_domain_fixture() # Create user1 - user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user1 = self.new_user_ref(domain_id=domain['id']) user1 = self.identity_api.create_user(user1) # Create new group for user1 @@ -411,8 +408,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): def test_list_projects_for_user_with_grants(self): domain = self._get_domain_fixture() - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': domain['id']} + new_user = self.new_user_ref(domain_id=domain['id']) new_user = self.identity_api.create_user(new_user) group1 = unit.new_group_ref(domain_id=domain['id']) @@ -495,8 +491,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): def test_list_role_assignments_unfiltered(self): new_domain = self._get_domain_fixture() - new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user = self.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = self.identity_api.create_group(new_group) @@ -533,8 +528,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): self.load_fixtures(default_fixtures) new_domain = self._get_domain_fixture() - new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user = self.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) new_project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, @@ -557,8 +551,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): self.load_backends() self.load_fixtures(default_fixtures) - user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': test_backend.DEFAULT_DOMAIN_ID} + user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.assignment_api.add_user_to_project(self.tenant_baz['id'], @@ -662,12 +655,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): self.assertEqual(new_domain_id, domains[0]['id']) def test_authenticate_requires_simple_bind(self): - user = { - 'name': 'NO_META', - 'domain_id': test_backend.DEFAULT_DOMAIN_ID, - 'password': 'no_meta2', - 'enabled': True, - } + user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.assignment_api.add_user_to_project(self.tenant_baz['id'], user['id']) @@ -735,11 +723,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests): CONF.identity.default_domain_id) driver.user.attribute_ignore = ['enabled', 'email', 'tenants', 'tenantId'] - user = {'name': u'fäké1', - 'password': u'fäképass1', - 'domain_id': CONF.identity.default_domain_id, - 'default_project_id': 'maps_to_none', - } + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id, + project_id='maps_to_none') # If this doesn't raise, then the test is successful. user = self.identity_api.create_user(user) @@ -751,9 +736,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests): boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False', 'TrUe' 'FaLse'] for name in boolean_strings: - user = { - 'name': name, - 'domain_id': CONF.identity.default_domain_id} + user = self.new_user_ref(name=name, + domain_id=CONF.identity.default_domain_id) user_ref = self.identity_api.create_user(user) user_info = self.identity_api.get_user(user_ref['id']) self.assertEqual(name, user_info['name']) @@ -772,10 +756,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests): driver.user.attribute_ignore = ['enabled', 'email', 'tenants', 'tenantId'] - user = {'name': u'fäké1', - 'password': u'fäképass1', - 'domain_id': CONF.identity.default_domain_id, - } + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user_ref = self.identity_api.create_user(user) @@ -810,12 +791,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests): # Since we want to fake up this special ID, we'll squirt this # direct into the driver and bypass the manager layer. user_id = u'Doe, John' - user = { - 'id': user_id, - 'name': self.getUniqueString(), - 'password': self.getUniqueString(), - 'domain_id': CONF.identity.default_domain_id, - } + user = self.new_user_ref(id=user_id, + domain_id=CONF.identity.default_domain_id) user = self.identity_api.driver.create_user(user_id, user) # Now we'll use the manager to discover it, which will create a @@ -859,12 +836,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests): # Since we want to fake up this special ID, we'll squirt this # direct into the driver and bypass the manager layer user_id = u'Doe, John' - user = { - 'id': user_id, - 'name': self.getUniqueString(), - 'password': self.getUniqueString(), - 'domain_id': CONF.identity.default_domain_id, - } + user = self.new_user_ref(id=user_id, + domain_id=CONF.identity.default_domain_id) self.identity_api.driver.create_user(user_id, user) # Now we'll use the manager to discover it, which will create a @@ -1017,10 +990,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): role1 = unit.new_role_ref() self.role_api.create_role(role1['id'], role1) - user1 = {'name': uuid.uuid4().hex, - 'domain_id': CONF.identity.default_domain_id, - 'password': uuid.uuid4().hex, - 'enabled': True} + user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user1 = self.identity_api.create_user(user1) self.assignment_api.add_role_to_user_and_project( @@ -1168,8 +1138,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): self.load_backends() self.load_fixtures(default_fixtures) - user = {'name': u'fäké1', 'enabled': True, - 'domain_id': CONF.identity.default_domain_id} + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user_ref = self.identity_api.create_user(user) @@ -1216,14 +1185,12 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): self.load_backends() self.load_fixtures(default_fixtures) - user1 = {'name': u'fäké1', 'enabled': True, - 'domain_id': CONF.identity.default_domain_id} + user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) - user2 = {'name': u'fäké2', 'enabled': False, - 'domain_id': CONF.identity.default_domain_id} + user2 = self.new_user_ref(enabled=False, + domain_id=CONF.identity.default_domain_id) - user3 = {'name': u'fäké3', - 'domain_id': CONF.identity.default_domain_id} + user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) # Ensure that the LDAP attribute is False for a newly created # enabled user. @@ -1452,11 +1419,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): group='ldap', user_additional_attribute_mapping=['description:name']) self.load_backends() - user = { - 'name': 'EXTRA_ATTRIBUTES', - 'password': 'extra', - 'domain_id': CONF.identity.default_domain_id - } + user = self.new_user_ref(name='EXTRA_ATTRIBUTES', + password='extra', + domain_id=CONF.identity.default_domain_id) user = self.identity_api.create_user(user) dn, attrs = self.identity_api.driver.user._ldap_get(user['id']) self.assertThat([user['name']], matchers.Equals(attrs['description'])) @@ -1470,13 +1435,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): user_additional_attribute_mapping=['description:description']) self.load_backends() - description = uuid.uuid4().hex - user = { - 'name': uuid.uuid4().hex, - 'description': description, - 'password': uuid.uuid4().hex, - 'domain_id': CONF.identity.default_domain_id - } + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id, + description=uuid.uuid4().hex) + description = user['description'] user = self.identity_api.create_user(user) res = self.identity_api.driver.user.get_all() @@ -1871,10 +1832,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): self.role_api.create_role(role['id'], role) role_list.append(role) - user1 = {'name': uuid.uuid4().hex, - 'domain_id': CONF.identity.default_domain_id, - 'password': uuid.uuid4().hex, - 'enabled': True} + user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user1 = self.identity_api.create_user(user1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': CONF.identity.default_domain_id} @@ -1975,9 +1933,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): def test_list_groups_for_user_no_dn(self): # Create a test user. - user = {'name': uuid.uuid4().hex, - 'domain_id': CONF.identity.default_domain_id, - 'password': uuid.uuid4().hex, 'enabled': True} + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user = self.identity_api.create_user(user) # Create some test groups and add the test user as a member. domain = self._get_domain_fixture() @@ -2002,9 +1958,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase): CONF.identity.default_domain_id) driver.user.id_attr = 'mail' - user = {'name': u'fäké1', - 'password': u'fäképass1', - 'domain_id': CONF.identity.default_domain_id} + user = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user = self.identity_api.create_user(user) user_ref = self.identity_api.get_user(user['id']) # 'email' attribute should've created because it is also being used @@ -2192,21 +2146,18 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): project['id']) def test_user_crud(self): - user_dict = { - 'domain_id': CONF.identity.default_domain_id, - 'name': uuid.uuid4().hex, - 'password': uuid.uuid4().hex} + user_dict = self.new_user_ref( + domain_id=CONF.identity.default_domain_id) user = self.identity_api.create_user(user_dict) - user_dict['enabled'] = True - user_ref = self.identity_api.get_user(user['id']) del user_dict['password'] + user_ref = self.identity_api.get_user(user['id']) user_ref_dict = {x: user_ref[x] for x in user_ref} self.assertDictContainsSubset(user_dict, user_ref_dict) user_dict['password'] = uuid.uuid4().hex - self.identity_api.update_user(user['id'], user) - user_ref = self.identity_api.get_user(user['id']) + self.identity_api.update_user(user['id'], user_dict) del user_dict['password'] + user_ref = self.identity_api.get_user(user['id']) user_ref_dict = {x: user_ref[x] for x in user_ref} self.assertDictContainsSubset(user_dict, user_ref_dict) @@ -2239,8 +2190,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): self.load_fixtures(default_fixtures) # Create a user and ensure they are enabled. - user1 = {'name': u'fäké1', 'enabled': True, - 'domain_id': CONF.identity.default_domain_id} + user1 = unit.new_user_ref(enabled=True, + domain_id=CONF.identity.default_domain_id) user_ref = self.identity_api.create_user(user1) self.assertIs(True, user_ref['enabled']) @@ -2255,14 +2206,12 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): self.load_backends() self.load_fixtures(default_fixtures) - user1 = {'name': u'fäké1', 'enabled': True, - 'domain_id': CONF.identity.default_domain_id} + user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) - user2 = {'name': u'fäké2', 'enabled': False, - 'domain_id': CONF.identity.default_domain_id} + user2 = self.new_user_ref(enabled=False, + domain_id=CONF.identity.default_domain_id) - user3 = {'name': u'fäké3', - 'domain_id': CONF.identity.default_domain_id} + user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) # Ensure that the enabled LDAP attribute is not set for a # newly created enabled user. @@ -2398,8 +2347,7 @@ class LdapIdentitySqlAssignment(BaseLDAPIdentity, unit.SQLDriverOverrides, new_domain = self._get_domain_fixture() new_group = unit.new_group_ref(domain_id=new_domain['id'],) new_group = self.identity_api.create_group(new_group) - new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, - 'enabled': True, 'domain_id': new_domain['id']} + new_user = self.new_user_ref(domain_id=new_domain['id']) new_user = self.identity_api.create_user(new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -2467,13 +2415,9 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment): """ initial_mappings = len(mapping_sql.list_id_mappings()) - user1 = {'name': uuid.uuid4().hex, - 'domain_id': CONF.identity.default_domain_id, - 'password': uuid.uuid4().hex, 'enabled': True} + user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user1 = self.identity_api.create_user(user1) - user2 = {'name': uuid.uuid4().hex, - 'domain_id': CONF.identity.default_domain_id, - 'password': uuid.uuid4().hex, 'enabled': True} + user2 = self.new_user_ref(domain_id=CONF.identity.default_domain_id) user2 = self.identity_api.create_user(user2) mappings = mapping_sql.list_id_mappings() self.assertEqual(initial_mappings + 2, len(mappings)) @@ -2504,30 +2448,21 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment): class BaseMultiLDAPandSQLIdentity(object): """Mixin class with support methods for domain-specific config testing.""" - def create_user(self, domain_id): - user = {'name': uuid.uuid4().hex, - 'domain_id': domain_id, - 'password': uuid.uuid4().hex, - 'enabled': True} - user_ref = self.identity_api.create_user(user) - # Put the password back in, since this is used later by tests to - # authenticate. - user_ref['password'] = user['password'] - return user_ref - def create_users_across_domains(self): """Create a set of users, each with a role on their own domain.""" # We also will check that the right number of id mappings get created initial_mappings = len(mapping_sql.list_id_mappings()) - self.users['user0'] = self.create_user( + self.users['user0'] = unit.create_user( + self.identity_api, self.domains['domain_default']['id']) self.assignment_api.create_grant( user_id=self.users['user0']['id'], domain_id=self.domains['domain_default']['id'], role_id=self.role_member['id']) for x in range(1, self.domain_count): - self.users['user%s' % x] = self.create_user( + self.users['user%s' % x] = unit.create_user( + self.identity_api, self.domains['domain%s' % x]['id']) self.assignment_api.create_grant( user_id=self.users['user%s' % x]['id'], @@ -2661,11 +2596,14 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides, # Create some identity entities BEFORE we switch to multi-backend, so # we can test that these are still accessible self.users = {} - self.users['userA'] = self.create_user( + self.users['userA'] = unit.create_user( + self.identity_api, self.domains['domain_default']['id']) - self.users['userB'] = self.create_user( + self.users['userB'] = unit.create_user( + self.identity_api, self.domains['domain1']['id']) - self.users['userC'] = self.create_user( + self.users['userC'] = unit.create_user( + self.identity_api, self.domains['domain3']['id']) def enable_multi_domain(self): diff --git a/keystone/tests/unit/test_backend_sql.py b/keystone/tests/unit/test_backend_sql.py index 4c7e79181a..23b4453737 100644 --- a/keystone/tests/unit/test_backend_sql.py +++ b/keystone/tests/unit/test_backend_sql.py @@ -179,9 +179,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): self.assertNotEqual(self.user_foo['password'], user_ref['password']) def test_delete_user_with_project_association(self): - user = {'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.assignment_api.add_user_to_project(self.tenant_bar['id'], user['id']) @@ -191,9 +189,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): user['id']) def test_create_null_user_name(self): - user = {'name': None, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex} + user = unit.new_user_ref(name=None, + domain_id=DEFAULT_DOMAIN_ID) self.assertRaises(exception.ValidationError, self.identity_api.create_user, user) @@ -208,9 +205,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): # LDAP. # create a ref with a lowercase name - ref = { - 'name': uuid.uuid4().hex.lower(), - 'domain_id': DEFAULT_DOMAIN_ID} + ref = unit.new_user_ref(name=uuid.uuid4().hex.lower(), + domain_id=DEFAULT_DOMAIN_ID) ref = self.identity_api.create_user(ref) # assign a new ID with the same name, but this time in uppercase @@ -251,9 +247,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): DEFAULT_DOMAIN_ID) def test_delete_project_with_user_association(self): - user = {'name': 'fakeuser', - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': 'passwd'} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) self.assignment_api.add_user_to_project(self.tenant_bar['id'], user['id']) @@ -300,11 +294,9 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): """ arbitrary_key = uuid.uuid4().hex arbitrary_value = uuid.uuid4().hex - user = { - 'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex, - arbitrary_key: arbitrary_value} + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) + user[arbitrary_key] = arbitrary_value + del user["id"] ref = self.identity_api.create_user(user) self.assertEqual(arbitrary_value, ref[arbitrary_key]) self.assertIsNone(ref.get('password')) @@ -319,11 +311,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key]) def test_sql_user_to_dict_null_default_project_id(self): - user = { - 'name': uuid.uuid4().hex, - 'domain_id': DEFAULT_DOMAIN_ID, - 'password': uuid.uuid4().hex} - + user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID) user = self.identity_api.create_user(user) session = sql.get_session() query = session.query(identity_sql.User) @@ -337,8 +325,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): def test_list_domains_for_user(self): domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user = unit.new_user_ref(domain_id=domain['id']) test_domain1 = unit.new_domain_ref() self.resource_api.create_domain(test_domain1['id'], test_domain1) @@ -363,8 +350,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): # should now be included, along with any direct user grants. domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain['id'], 'enabled': True} + user = unit.new_user_ref(domain_id=domain['id']) user = self.identity_api.create_user(user) group1 = unit.new_group_ref(domain_id=domain['id']) group1 = self.identity_api.create_group(group1) @@ -409,8 +395,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): domain1 = self.resource_api.create_domain(domain1['id'], domain1) domain2 = unit.new_domain_ref() domain2 = self.resource_api.create_domain(domain2['id'], domain2) - user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, - 'domain_id': domain1['id'], 'enabled': True} + user = unit.new_user_ref(domain_id=domain1['id']) user = self.identity_api.create_user(user) group = unit.new_group_ref(domain_id=domain1['id']) group = self.identity_api.create_group(group) diff --git a/keystone/tests/unit/test_cert_setup.py b/keystone/tests/unit/test_cert_setup.py index 47a99810ae..052b5808ad 100644 --- a/keystone/tests/unit/test_cert_setup.py +++ b/keystone/tests/unit/test_cert_setup.py @@ -75,17 +75,11 @@ class CertSetupTestCase(rest.RestfulTestCase): controller = token.controllers.Auth() self.config_fixture.config(group='signing', certfile='invalid') - password = 'fake1' - user = { - 'name': 'fake1', - 'password': password, - 'domain_id': DEFAULT_DOMAIN_ID - } - user = self.identity_api.create_user(user) + user = unit.create_user(self.identity_api, domain_id=DEFAULT_DOMAIN_ID) body_dict = { 'passwordCredentials': { 'userId': user['id'], - 'password': password, + 'password': user['password'], }, } self.assertRaises(exception.UnexpectedError, diff --git a/keystone/tests/unit/test_ldap_livetest.py b/keystone/tests/unit/test_ldap_livetest.py index 0b55c56c1b..8a9d8d35a2 100644 --- a/keystone/tests/unit/test_ldap_livetest.py +++ b/keystone/tests/unit/test_ldap_livetest.py @@ -133,6 +133,7 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity): USER_COUNT = 2 for x in range(0, USER_COUNT): + # TODO(shaleh): use unit.new_user_ref() new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} new_user = self.identity_api.create_user(new_user) diff --git a/keystone/tests/unit/test_ldap_pool_livetest.py b/keystone/tests/unit/test_ldap_pool_livetest.py index 5a5e92c6e2..a284114a85 100644 --- a/keystone/tests/unit/test_ldap_pool_livetest.py +++ b/keystone/tests/unit/test_ldap_pool_livetest.py @@ -105,6 +105,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin, password=old_password) def _create_user_and_authenticate(self, password): + # TODO(shaleh): port to new_user_ref() user_dict = { 'domain_id': CONF.identity.default_domain_id, 'name': uuid.uuid4().hex, diff --git a/keystone/tests/unit/test_ldap_tls_livetest.py b/keystone/tests/unit/test_ldap_tls_livetest.py index 6b47bfd9f7..98e2882d2f 100644 --- a/keystone/tests/unit/test_ldap_tls_livetest.py +++ b/keystone/tests/unit/test_ldap_tls_livetest.py @@ -50,6 +50,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity): tls_req_cert='demand') self.identity_api = identity.backends.ldap.Identity() + # TODO(shaleh): use new_user_ref() user = {'name': 'fake1', 'password': 'fakepass1', 'tenants': ['bar']} @@ -71,6 +72,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity): tls_req_cert='demand') self.identity_api = identity.backends.ldap.Identity() + # TODO(shaleh): use new_user_ref() user = {'id': 'fake1', 'name': 'fake1', 'password': 'fakepass1', @@ -95,6 +97,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity): tls_cacertdir=None) self.identity_api = identity.backends.ldap.Identity() + # TODO(shaleh): use new_user_ref() user = {'name': 'fake1', 'password': 'fakepass1', 'tenants': ['bar']} @@ -109,6 +112,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity): tls_cacertdir='/etc/keystone/ssl/mythicalcertdir') self.identity_api = identity.backends.ldap.Identity() + # TODO(shaleh): use new_user_ref() user = {'name': 'fake1', 'password': 'fakepass1', 'tenants': ['bar']} diff --git a/keystone/tests/unit/test_middleware.py b/keystone/tests/unit/test_middleware.py index 7adc09b192..b28744fff6 100644 --- a/keystone/tests/unit/test_middleware.py +++ b/keystone/tests/unit/test_middleware.py @@ -149,9 +149,6 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): def _load_sample_data(self): self.project_id = uuid.uuid4().hex self.project_name = uuid.uuid4().hex - self.user_name = uuid.uuid4().hex - self.user_password = uuid.uuid4().hex - self.user_email = uuid.uuid4().hex self.protocol_id = 'x509' # 1) Create a domain for the user. @@ -172,13 +169,8 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): self.resource_api.create_project(self.project_id, self.project) # 3) Create a user in new domain. - self.user = { - 'name': self.user_name, - 'domain_id': self.domain_id, - 'project_id': self.project_id, - 'password': self.user_password, - 'email': self.user_email, - } + self.user = unit.new_user_ref(domain_id=self.domain_id, + project_id=self.project_id) self.user = self.identity_api.create_user(self.user) @@ -384,7 +376,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): # SSL_CLIENT_USER_NAME and SSL_CLIENT_DOMAIN_NAME are the types # defined in the mapping that will map to the user name and # domain name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name req = make_request(environ=env) context = self._create_context( @@ -396,7 +388,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env = {} env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_ID'] = self.project_id - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name req = make_request(environ=env) context = self._create_context( @@ -409,7 +401,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name req = make_request(environ=env) context = self._create_context( @@ -422,7 +414,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name req = make_request(environ=env) context = self._create_context( @@ -434,7 +426,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env = {} env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_id - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name req = make_request(environ=env) context = self._create_context( @@ -476,7 +468,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id req = make_request(environ=env) context = self._create_context( @@ -519,7 +511,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_ID'] = self.project_id env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] req = make_request(environ=env) context = self._create_context( request=req, @@ -546,7 +538,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id req = make_request(environ=env) self.domain['enabled'] = False @@ -565,7 +557,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id req = make_request(environ=env) self.user['enabled'] = False @@ -599,7 +591,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] req = make_request(environ=env) self.config_fixture.config(group='tokenless_auth', protocol='ephemeral') @@ -616,7 +608,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] req = make_request(environ=env) self.config_fixture.config(group='tokenless_auth', protocol='ephemeral') @@ -657,7 +649,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = uuid.uuid4().hex env['HTTP_X_PROJECT_DOMAIN_NAME'] = uuid.uuid4().hex - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] req = make_request(environ=env) self.config_fixture.config(group='tokenless_auth', protocol='ephemeral') @@ -677,7 +669,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] req = make_request(environ=env) self.config_fixture.config(group='tokenless_auth', protocol='ephemeral') @@ -701,7 +693,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests): env['SSL_CLIENT_I_DN'] = self.client_issuer env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name - env['SSL_CLIENT_USER_NAME'] = self.user_name + env['SSL_CLIENT_USER_NAME'] = self.user['name'] req = make_request(environ=env) # This will pick up the incorrect mapping self.config_fixture.config(group='tokenless_auth', diff --git a/keystone/tests/unit/test_v2_keystoneclient.py b/keystone/tests/unit/test_v2_keystoneclient.py index d6830fce6f..fb03708101 100644 --- a/keystone/tests/unit/test_v2_keystoneclient.py +++ b/keystone/tests/unit/test_v2_keystoneclient.py @@ -209,6 +209,7 @@ class ClientDrivenTestCase(unit.TestCase): enabled=tenant['enabled']) tenant['id'] = tenant_ref.id + # v2 style, needs to be created by hand user = { 'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, diff --git a/keystone/tests/unit/test_v3.py b/keystone/tests/unit/test_v3.py index 293d296047..8b0934d519 100644 --- a/keystone/tests/unit/test_v3.py +++ b/keystone/tests/unit/test_v3.py @@ -202,10 +202,8 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, self.project['id'] = self.project_id self.resource_api.create_project(self.project_id, self.project) - self.user = self.new_user_ref(domain_id=self.domain_id) - password = self.user['password'] - self.user = self.identity_api.create_user(self.user) - self.user['password'] = password + self.user = unit.create_user(self.identity_api, + domain_id=self.domain_id) self.user_id = self.user['id'] self.default_domain_project_id = uuid.uuid4().hex @@ -215,12 +213,9 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, self.resource_api.create_project(self.default_domain_project_id, self.default_domain_project) - self.default_domain_user = self.new_user_ref( + self.default_domain_user = unit.create_user( + self.identity_api, domain_id=DEFAULT_DOMAIN_ID) - password = self.default_domain_user['password'] - self.default_domain_user = ( - self.identity_api.create_user(self.default_domain_user)) - self.default_domain_user['password'] = password self.default_domain_user_id = self.default_domain_user['id'] # create & grant policy.json's default role for admin_required @@ -261,9 +256,6 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, return unit.new_project_ref(domain_id=domain_id, parent_id=parent_id, is_domain=is_domain) - def new_user_ref(self, domain_id, project_id=None): - return unit.new_user_ref(domain_id, project_id=project_id) - def new_credential_ref(self, user_id, project_id=None, cred_type=None): return unit.new_credential_ref(user_id, project_id=project_id, cred_type=cred_type) @@ -845,6 +837,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, resp, 'users', self.assertValidUser, + keys_to_check=['name', 'enabled'], *args, **kwargs) @@ -853,6 +846,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase, resp, 'user', self.assertValidUser, + keys_to_check=['name', 'enabled'], *args, **kwargs) diff --git a/keystone/tests/unit/test_v3_assignment.py b/keystone/tests/unit/test_v3_assignment.py index 477d3d9455..80a4bdafe8 100644 --- a/keystone/tests/unit/test_v3_assignment.py +++ b/keystone/tests/unit/test_v3_assignment.py @@ -112,23 +112,20 @@ class AssignmentTestCase(test_v3.RestfulTestCase, domain_id=self.domain2['id']) self.resource_api.create_project(self.project2['id'], self.project2) - self.user2 = self.new_user_ref( - domain_id=self.domain2['id'], - project_id=self.project2['id']) - password = self.user2['password'] - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password + user2 = unit.create_user(self.identity_api, + domain_id=self.domain2['id'], + project_id=self.project2['id']) self.assignment_api.add_user_to_project(self.project2['id'], - self.user2['id']) + user2['id']) # First check a user in that domain can authenticate. The v2 user # cannot authenticate because they exist outside the default domain. body = { 'auth': { 'passwordCredentials': { - 'userId': self.user2['id'], - 'password': self.user2['password'] + 'userId': user2['id'], + 'password': user2['password'] }, 'tenantId': self.project2['id'] } @@ -138,8 +135,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, expected_status=http_client.UNAUTHORIZED) auth_data = self.build_authentication_request( - user_id=self.user2['id'], - password=self.user2['password'], + user_id=user2['id'], + password=user2['password'], project_id=self.project2['id']) self.v3_create_token(auth_data) @@ -155,8 +152,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, body = { 'auth': { 'passwordCredentials': { - 'userId': self.user2['id'], - 'password': self.user2['password'] + 'userId': user2['id'], + 'password': user2['password'] }, 'tenantId': self.project2['id'] } @@ -167,16 +164,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # Try looking up in v3 by name and id auth_data = self.build_authentication_request( - user_id=self.user2['id'], - password=self.user2['password'], + user_id=user2['id'], + password=user2['password'], project_id=self.project2['id']) self.v3_create_token(auth_data, expected_status=http_client.UNAUTHORIZED) auth_data = self.build_authentication_request( - username=self.user2['name'], + username=user2['name'], user_domain_id=self.domain2['id'], - password=self.user2['password'], + password=user2['password'], project_id=self.project2['id']) self.v3_create_token(auth_data, expected_status=http_client.UNAUTHORIZED) @@ -216,16 +213,15 @@ class AssignmentTestCase(test_v3.RestfulTestCase, domain_id=self.domain2['id']) self.resource_api.create_project(self.project2['id'], self.project2) - self.user2 = self.new_user_ref( - domain_id=self.domain2['id'], - project_id=self.project2['id']) - self.user2 = self.identity_api.create_user(self.user2) + user2 = unit.new_user_ref(domain_id=self.domain2['id'], + project_id=self.project2['id']) + user2 = self.identity_api.create_user(user2) self.group2 = unit.new_group_ref(domain_id=self.domain2['id']) self.group2 = self.identity_api.create_group(self.group2) self.credential2 = self.new_credential_ref( - user_id=self.user2['id'], + user_id=user2['id'], project_id=self.project2['id']) self.credential_api.create_credential( self.credential2['id'], @@ -252,7 +248,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.group2['id']) self.assertRaises(exception.UserNotFound, self.identity_api.get_user, - self.user2['id']) + user2['id']) self.assertRaises(exception.CredentialNotFound, self.credential_api.get_credential, self.credential2['id']) @@ -340,15 +336,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.domain = unit.new_domain_ref() self.resource_api.create_domain(self.domain['id'], self.domain) - self.user2 = self.new_user_ref(domain_id=self.domain['id']) - password = self.user2['password'] - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password + user2 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) # build a request body auth_body = self.build_authentication_request( - user_id=self.user2['id'], - password=self.user2['password']) + user_id=user2['id'], + password=user2['password']) # sends a request for the user's token token_resp = self.post('/auth/tokens', body=auth_body) @@ -1270,7 +1264,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, def _create_new_user_and_assign_role_on_project(self): """Create a new user and assign user a role on a project.""" # Create a new user - new_user = self.new_user_ref(domain_id=self.domain_id) + new_user = unit.new_user_ref(domain_id=self.domain_id) user_ref = self.identity_api.create_user(new_user) # Assign the user a role on the project collection_url = ( @@ -1378,9 +1372,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # Since the default fixtures already assign some roles to the # user it creates, we also need a new user that will not have any # existing assignments - self.user1 = self.new_user_ref( - domain_id=self.domain['id']) - self.user1 = self.identity_api.create_user(self.user1) + user1 = unit.new_user_ref(domain_id=self.domain['id']) + user1 = self.identity_api.create_user(user1) collection_url = '/role_assignments' r = self.get(collection_url) @@ -1402,7 +1395,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(r, gd_entity) ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id, - user_id=self.user1['id'], + user_id=user1['id'], role_id=self.role_id) self.put(ud_entity['links']['assignment']) r = self.get(collection_url) @@ -1424,7 +1417,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(r, gp_entity) up_entity = self.build_role_assignment_entity( - project_id=self.project_id, user_id=self.user1['id'], + project_id=self.project_id, user_id=user1['id'], role_id=self.role_id) self.put(up_entity['links']['assignment']) r = self.get(collection_url) @@ -1465,18 +1458,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase, for each of the group members. """ - self.user1 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user1['password'] - self.user1 = self.identity_api.create_user(self.user1) - self.user1['password'] = password - self.user2 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user2['password'] - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password - self.identity_api.add_user_to_group(self.user1['id'], self.group['id']) - self.identity_api.add_user_to_group(self.user2['id'], self.group['id']) + user1 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + user2 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + + self.identity_api.add_user_to_group(user1['id'], self.group['id']) + self.identity_api.add_user_to_group(user2['id'], self.group['id']) collection_url = '/role_assignments' r = self.get(collection_url) @@ -1506,11 +1494,11 @@ class AssignmentTestCase(test_v3.RestfulTestCase, resource_url=collection_url) ud_entity = self.build_role_assignment_entity( link=gd_entity['links']['assignment'], domain_id=self.domain_id, - user_id=self.user1['id'], role_id=self.role_id) + user_id=user1['id'], role_id=self.role_id) self.assertRoleAssignmentInListResponse(r, ud_entity) ud_entity = self.build_role_assignment_entity( link=gd_entity['links']['assignment'], domain_id=self.domain_id, - user_id=self.user2['id'], role_id=self.role_id) + user_id=user2['id'], role_id=self.role_id) self.assertRoleAssignmentInListResponse(r, ud_entity) def test_check_effective_values_for_role_assignments(self): @@ -1539,18 +1527,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase, know if we are getting effective roles or not """ - self.user1 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user1['password'] - self.user1 = self.identity_api.create_user(self.user1) - self.user1['password'] = password - self.user2 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user2['password'] - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password - self.identity_api.add_user_to_group(self.user1['id'], self.group['id']) - self.identity_api.add_user_to_group(self.user2['id'], self.group['id']) + user1 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + user2 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + + self.identity_api.add_user_to_group(user1['id'], self.group['id']) + self.identity_api.add_user_to_group(user2['id'], self.group['id']) collection_url = '/role_assignments' r = self.get(collection_url) @@ -1626,21 +1609,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # Since the default fixtures already assign some roles to the # user it creates, we also need a new user that will not have any # existing assignments - self.user1 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user1['password'] - self.user1 = self.identity_api.create_user(self.user1) - self.user1['password'] = password - self.user2 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user2['password'] - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password + user1 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + user2 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + self.group1 = unit.new_group_ref(domain_id=self.domain['id']) self.group1 = self.identity_api.create_group(self.group1) - self.identity_api.add_user_to_group(self.user1['id'], + self.identity_api.add_user_to_group(user1['id'], self.group1['id']) - self.identity_api.add_user_to_group(self.user2['id'], + self.identity_api.add_user_to_group(user2['id'], self.group1['id']) self.project1 = self.new_project_ref( domain_id=self.domain['id']) @@ -1658,7 +1636,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.put(gd_entity['links']['assignment']) ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id, - user_id=self.user1['id'], + user_id=user1['id'], role_id=self.role2['id']) self.put(ud_entity['links']['assignment']) @@ -1668,7 +1646,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.put(gp_entity['links']['assignment']) up_entity = self.build_role_assignment_entity( - project_id=self.project1['id'], user_id=self.user1['id'], + project_id=self.project1['id'], user_id=user1['id'], role_id=self.role2['id']) self.put(up_entity['links']['assignment']) @@ -1692,7 +1670,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(r, ud_entity) self.assertRoleAssignmentInListResponse(r, gd_entity) - collection_url = '/role_assignments?user.id=%s' % self.user1['id'] + collection_url = '/role_assignments?user.id=%s' % user1['id'] r = self.get(collection_url) self.assertValidRoleAssignmentListResponse(r, expected_length=2, @@ -1721,7 +1699,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, collection_url = ( '/role_assignments?user.id=%(user_id)s' '&scope.project.id=%(project_id)s' % { - 'user_id': self.user1['id'], + 'user_id': user1['id'], 'project_id': self.project1['id']}) r = self.get(collection_url) self.assertValidRoleAssignmentListResponse(r, @@ -1734,7 +1712,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, # assigned as well as by virtue of group membership collection_url = ('/role_assignments?effective&user.id=%s' % - self.user1['id']) + user1['id']) r = self.get(collection_url) self.assertValidRoleAssignmentListResponse(r, expected_length=4, @@ -1752,9 +1730,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase, up1_entity = self.build_role_assignment_entity( link=gp1_link, project_id=self.project1['id'], - user_id=self.user1['id'], role_id=self.role1['id']) + user_id=user1['id'], role_id=self.role1['id']) ud1_entity = self.build_role_assignment_entity( - link=gd1_link, domain_id=self.domain_id, user_id=self.user1['id'], + link=gd1_link, domain_id=self.domain_id, user_id=user1['id'], role_id=self.role1['id']) self.assertRoleAssignmentInListResponse(r, up1_entity) self.assertRoleAssignmentInListResponse(r, ud1_entity) @@ -1766,7 +1744,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase, collection_url = ( '/role_assignments?effective&user.id=%(user_id)s' '&scope.project.id=%(project_id)s' % { - 'user_id': self.user1['id'], + 'user_id': user1['id'], 'project_id': self.project1['id']}) r = self.get(collection_url) self.assertValidRoleAssignmentListResponse(r, @@ -1827,7 +1805,7 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase, # Create 3 users self.user_ids = [] for i in range(3): - user = self.new_user_ref(domain_id=self.domain_id) + user = unit.new_user_ref(domain_id=self.domain_id) user = self.identity_api.create_user(user) self.user_ids.append(user['id']) @@ -2174,10 +2152,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, def test_get_token_from_inherited_user_domain_role_grants(self): # Create a new user to ensure that no grant is loaded from sample data - user = self.new_user_ref(domain_id=self.domain_id) - password = user['password'] - user = self.identity_api.create_user(user) - user['password'] = password + user = unit.create_user(self.identity_api, domain_id=self.domain_id) # Define domain and project authentication data domain_auth_data = self.build_authentication_request( @@ -2237,10 +2212,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, def test_get_token_from_inherited_group_domain_role_grants(self): # Create a new group and put a new user in it to # ensure that no grant is loaded from sample data - user = self.new_user_ref(domain_id=self.domain_id) - password = user['password'] - user = self.identity_api.create_user(user) - user['password'] = password + user = unit.create_user(self.identity_api, domain_id=self.domain_id) group = unit.new_group_ref(domain_id=self.domain['id']) group = self.identity_api.create_group(group) @@ -2401,11 +2373,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user1 = self.new_user_ref( - domain_id=domain['id']) - password = user1['password'] - user1 = self.identity_api.create_user(user1) - user1['password'] = password + user1 = unit.create_user(self.identity_api, domain_id=domain['id']) project1 = self.new_project_ref( domain_id=domain['id']) self.resource_api.create_project(project1['id'], project1) @@ -2497,11 +2465,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user1 = self.new_user_ref( - domain_id=domain['id']) - password = user1['password'] - user1 = self.identity_api.create_user(user1) - user1['password'] = password + user1 = unit.create_user(self.identity_api, domain_id=domain['id']) project1 = self.new_project_ref( domain_id=domain['id']) self.resource_api.create_project(project1['id'], project1) @@ -2589,16 +2553,8 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user1 = self.new_user_ref( - domain_id=domain['id']) - password = user1['password'] - user1 = self.identity_api.create_user(user1) - user1['password'] = password - user2 = self.new_user_ref( - domain_id=domain['id']) - password = user2['password'] - user2 = self.identity_api.create_user(user2) - user2['password'] = password + user1 = unit.create_user(self.identity_api, domain_id=domain['id']) + user2 = unit.create_user(self.identity_api, domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id']) group1 = self.identity_api.create_group(group1) self.identity_api.add_user_to_group(user1['id'], @@ -2694,11 +2650,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user1 = self.new_user_ref( - domain_id=domain['id']) - password = user1['password'] - user1 = self.identity_api.create_user(user1) - user1['password'] = password + user1 = unit.create_user(self.identity_api, domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id']) group1 = self.identity_api.create_group(group1) project1 = self.new_project_ref( diff --git a/keystone/tests/unit/test_v3_auth.py b/keystone/tests/unit/test_v3_auth.py index 1834c66f7f..3d8e353a46 100644 --- a/keystone/tests/unit/test_v3_auth.py +++ b/keystone/tests/unit/test_v3_auth.py @@ -153,14 +153,8 @@ class TokenAPITests(object): self.resource_api.create_domain(new_domain['id'], new_domain) # 2) Create user in new domain. - new_user_password = uuid.uuid4().hex - new_user = { - 'name': uuid.uuid4().hex, - 'domain_id': new_domain['id'], - 'password': new_user_password, - 'email': uuid.uuid4().hex, - } - new_user = self.identity_api.create_user(new_user) + new_user = unit.create_user(self.identity_api, + domain_id=new_domain['id']) # 3) Update the default_domain_id config option to the new domain self.config_fixture.config( @@ -170,7 +164,7 @@ class TokenAPITests(object): # 4) Get a token using v3 API. v3_token = self.get_requested_token(self.build_authentication_request( user_id=new_user['id'], - password=new_user_password)) + password=new_user['password'])) # 5) Validate token using v2 API. self.admin_request( @@ -614,16 +608,11 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase): self.domainA = unit.new_domain_ref() self.resource_api.create_domain(self.domainA['id'], self.domainA) - self.userAdminA = self.new_user_ref(domain_id=self.domainA['id']) - password = self.userAdminA['password'] - self.userAdminA = self.identity_api.create_user(self.userAdminA) - self.userAdminA['password'] = password + self.userAdminA = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) - self.userNormalA = self.new_user_ref( - domain_id=self.domainA['id']) - password = self.userNormalA['password'] - self.userNormalA = self.identity_api.create_user(self.userNormalA) - self.userNormalA['password'] = password + self.userNormalA = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) self.assignment_api.create_grant(self.role['id'], user_id=self.userAdminA['id'], @@ -715,12 +704,10 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase): # DomainB setup self.domainB = unit.new_domain_ref() self.resource_api.create_domain(self.domainB['id'], self.domainB) - self.userAdminB = self.new_user_ref(domain_id=self.domainB['id']) - password = self.userAdminB['password'] - self.userAdminB = self.identity_api.create_user(self.userAdminB) - self.userAdminB['password'] = password + userAdminB = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) self.assignment_api.create_grant(self.role['id'], - user_id=self.userAdminB['id'], + user_id=userAdminB['id'], domain_id=self.domainB['id']) user_token = self.get_requested_token( @@ -732,8 +719,8 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase): adminB_token = self.get_requested_token( self.build_authentication_request( - user_id=self.userAdminB['id'], - password=self.userAdminB['password'], + user_id=userAdminB['id'], + password=userAdminB['password'], domain_name=self.domainB['name'])) self.head('/auth/tokens', headers=headers, @@ -791,23 +778,14 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): self.resource_api.create_project(self.projectB['id'], self.projectB) # Now create some users - self.user1 = self.new_user_ref( - domain_id=self.domainA['id']) - password = self.user1['password'] - self.user1 = self.identity_api.create_user(self.user1) - self.user1['password'] = password + self.user1 = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) - self.user2 = self.new_user_ref( - domain_id=self.domainB['id']) - password = self.user2['password'] - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password + self.user2 = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) - self.user3 = self.new_user_ref( - domain_id=self.domainB['id']) - password = self.user3['password'] - self.user3 = self.identity_api.create_user(self.user3) - self.user3['password'] = password + self.user3 = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) self.group1 = unit.new_group_ref(domain_id=self.domainA['id']) self.group1 = self.identity_api.create_group(self.group1) @@ -918,20 +896,12 @@ class TestTokenRevokeById(test_v3.RestfulTestCase): def role_data_fixtures(self): self.projectC = self.new_project_ref(domain_id=self.domainA['id']) self.resource_api.create_project(self.projectC['id'], self.projectC) - self.user4 = self.new_user_ref(domain_id=self.domainB['id']) - password = self.user4['password'] - self.user4 = self.identity_api.create_user(self.user4) - self.user4['password'] = password - self.user5 = self.new_user_ref( - domain_id=self.domainA['id']) - password = self.user5['password'] - self.user5 = self.identity_api.create_user(self.user5) - self.user5['password'] = password - self.user6 = self.new_user_ref( - domain_id=self.domainA['id']) - password = self.user6['password'] - self.user6 = self.identity_api.create_user(self.user6) - self.user6['password'] = password + self.user4 = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) + self.user5 = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) + self.user6 = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) self.identity_api.add_user_to_group(self.user5['id'], self.group1['id']) self.assignment_api.create_grant(self.role1['id'], @@ -2038,17 +2008,9 @@ class TestAuth(test_v3.RestfulTestCase): projectA = self.new_project_ref(domain_id=domainA['id']) self.resource_api.create_project(projectA['id'], projectA) - user1 = self.new_user_ref( - domain_id=domainA['id']) - password = user1['password'] - user1 = self.identity_api.create_user(user1) - user1['password'] = password + user1 = unit.create_user(self.identity_api, domain_id=domainA['id']) - user2 = self.new_user_ref( - domain_id=domainA['id']) - password = user2['password'] - user2 = self.identity_api.create_user(user2) - user2['password'] = password + user2 = unit.create_user(self.identity_api, domain_id=domainA['id']) group1 = unit.new_group_ref(domain_id=domainA['id']) group1 = self.identity_api.create_group(group1) @@ -2150,10 +2112,8 @@ class TestAuth(test_v3.RestfulTestCase): project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} self.resource_api.create_project(project1['id'], project1) - user_foo = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID) - password = user_foo['password'] - user_foo = self.identity_api.create_user(user_foo) - user_foo['password'] = password + user_foo = unit.create_user(self.identity_api, + domain_id=test_v3.DEFAULT_DOMAIN_ID) role_member = unit.new_role_ref() self.role_api.create_role(role_member['id'], role_member) role_admin = unit.new_role_ref() @@ -2577,8 +2537,8 @@ class TestAuth(test_v3.RestfulTestCase): token_data['token']['bind']) def test_authenticating_a_user_with_no_password(self): - user = self.new_user_ref(domain_id=self.domain['id']) - user.pop('password', None) # can't have a password for this test + user = unit.new_user_ref(domain_id=self.domain['id']) + del user['password'] # can't have a password for this test user = self.identity_api.create_user(user) auth_data = self.build_authentication_request( @@ -2764,9 +2724,8 @@ class TestTrustRedelegation(test_v3.RestfulTestCase): def setUp(self): super(TestTrustRedelegation, self).setUp() # Create a trustee to delegate stuff to - trustee_user_ref = self.new_user_ref(domain_id=self.domain_id) - self.trustee_user = self.identity_api.create_user(trustee_user_ref) - self.trustee_user['password'] = trustee_user_ref['password'] + self.trustee_user = unit.create_user(self.identity_api, + domain_id=self.domain_id) # trustor->trustee self.redelegated_trust_ref = self.new_trust_ref( @@ -3000,9 +2959,8 @@ class TestTrustChain(test_v3.RestfulTestCase): self.user_chain = list() self.trust_chain = list() for _ in range(3): - user_ref = self.new_user_ref(domain_id=self.domain_id) - user = self.identity_api.create_user(user_ref) - user['password'] = user_ref['password'] + user = unit.create_user(self.identity_api, + domain_id=self.domain_id) self.user_chain.append(user) # trustor->trustee @@ -3157,10 +3115,8 @@ class TestTrustAuth(test_v3.RestfulTestCase): super(TestTrustAuth, self).setUp() # create a trustee to delegate stuff to - self.trustee_user = self.new_user_ref(domain_id=self.domain_id) - password = self.trustee_user['password'] - self.trustee_user = self.identity_api.create_user(self.trustee_user) - self.trustee_user['password'] = password + self.trustee_user = unit.create_user(self.identity_api, + domain_id=self.domain_id) self.trustee_user_id = self.trustee_user['id'] def test_create_trust_bad_request(self): @@ -3461,10 +3417,8 @@ class TestTrustAuth(test_v3.RestfulTestCase): def test_v3_v2_intermix_project_not_in_default_domaini_failed(self): # create a trustee in default domain to delegate stuff to - trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID) - password = trustee_user['password'] - trustee_user = self.identity_api.create_user(trustee_user) - trustee_user['password'] = password + trustee_user = unit.create_user(self.identity_api, + domain_id=test_v3.DEFAULT_DOMAIN_ID) trustee_user_id = trustee_user['id'] ref = self.new_trust_ref( @@ -3501,10 +3455,8 @@ class TestTrustAuth(test_v3.RestfulTestCase): def test_v3_v2_intermix(self): # create a trustee in default domain to delegate stuff to - trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID) - password = trustee_user['password'] - trustee_user = self.identity_api.create_user(trustee_user) - trustee_user['password'] = password + trustee_user = unit.create_user(self.identity_api, + domain_id=test_v3.DEFAULT_DOMAIN_ID) trustee_user_id = trustee_user['id'] ref = self.new_trust_ref( @@ -3678,11 +3630,9 @@ class TestTrustAuth(test_v3.RestfulTestCase): """ # create a sub-trustee user - sub_trustee_user = self.new_user_ref( + sub_trustee_user = unit.create_user( + self.identity_api, domain_id=test_v3.DEFAULT_DOMAIN_ID) - password = sub_trustee_user['password'] - sub_trustee_user = self.identity_api.create_user(sub_trustee_user) - sub_trustee_user['password'] = password sub_trustee_user_id = sub_trustee_user['id'] # create a new role @@ -4167,9 +4117,8 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase): def _create_trust(self): # Create a trustee user - trustee_user_ref = self.new_user_ref(domain_id=self.domain_id) - trustee_user = self.identity_api.create_user(trustee_user_ref) - trustee_user['password'] = trustee_user_ref['password'] + trustee_user = unit.create_user(self.identity_api, + domain_id=self.domain_id) ref = self.new_trust_ref( trustor_user_id=self.user_id, trustee_user_id=trustee_user['id'], diff --git a/keystone/tests/unit/test_v3_credential.py b/keystone/tests/unit/test_v3_credential.py index a4e4421550..914944b39f 100644 --- a/keystone/tests/unit/test_v3_credential.py +++ b/keystone/tests/unit/test_v3_credential.py @@ -22,6 +22,7 @@ from six.moves import http_client from testtools import matchers from keystone import exception +from keystone.tests import unit from keystone.tests.unit import test_v3 @@ -289,7 +290,7 @@ class TestCredentialTrustScoped(test_v3.RestfulTestCase): def setUp(self): super(TestCredentialTrustScoped, self).setUp() - self.trustee_user = self.new_user_ref(domain_id=self.domain_id) + self.trustee_user = unit.new_user_ref(domain_id=self.domain_id) password = self.trustee_user['password'] self.trustee_user = self.identity_api.create_user(self.trustee_user) self.trustee_user['password'] = password diff --git a/keystone/tests/unit/test_v3_filters.py b/keystone/tests/unit/test_v3_filters.py index 73538c8ebf..d0372934c8 100644 --- a/keystone/tests/unit/test_v3_filters.py +++ b/keystone/tests/unit/test_v3_filters.py @@ -66,21 +66,12 @@ class IdentityTestFilteredCase(filtering.FilterTests, self.resource_api.create_domain(self.domainC['id'], self.domainC) # Now create some users, one in domainA and two of them in domainB - self.user1 = self.new_user_ref(domain_id=self.domainA['id']) - password = uuid.uuid4().hex - self.user1['password'] = password - self.user1 = self.identity_api.create_user(self.user1) - self.user1['password'] = password - - self.user2 = self.new_user_ref(domain_id=self.domainB['id']) - self.user2['password'] = password - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password - - self.user3 = self.new_user_ref(domain_id=self.domainB['id']) - self.user3['password'] = password - self.user3 = self.identity_api.create_user(self.user3) - self.user3['password'] = password + self.user1 = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) + self.user2 = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) + self.user3 = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) self.role = unit.new_role_ref() self.role_api.create_role(self.role['id'], self.role) diff --git a/keystone/tests/unit/test_v3_identity.py b/keystone/tests/unit/test_v3_identity.py index f06b8b95eb..87c5788ce2 100644 --- a/keystone/tests/unit/test_v3_identity.py +++ b/keystone/tests/unit/test_v3_identity.py @@ -53,7 +53,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_create_user(self): """Call ``POST /users``.""" - ref = self.new_user_ref(domain_id=self.domain_id) + ref = unit.new_user_ref(domain_id=self.domain_id) r = self.post( '/users', body={'user': ref}) @@ -71,15 +71,12 @@ class IdentityTestCase(test_v3.RestfulTestCase): # domain scoped token domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user = self.new_user_ref(domain_id=domain['id']) - password = user['password'] - user = self.identity_api.create_user(user) - user['password'] = password + user = unit.create_user(self.identity_api, domain_id=domain['id']) self.assignment_api.create_grant( role_id=self.role_id, user_id=user['id'], domain_id=domain['id']) - ref = self.new_user_ref(domain_id=domain['id']) + ref = unit.new_user_ref(domain_id=domain['id']) ref_nd = ref.copy() ref_nd.pop('domain_id') auth = self.build_authentication_request( @@ -90,7 +87,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): self.assertValidUserResponse(r, ref) # Now try the same thing without a domain token - which should fail - ref = self.new_user_ref(domain_id=domain['id']) + ref = unit.new_user_ref(domain_id=domain['id']) ref_nd = ref.copy() ref_nd.pop('domain_id') auth = self.build_authentication_request( @@ -137,15 +134,12 @@ class IdentityTestCase(test_v3.RestfulTestCase): # domain scoped token domain = unit.new_domain_ref() self.resource_api.create_domain(domain['id'], domain) - user = self.new_user_ref(domain_id=domain['id']) - password = user['password'] - user = self.identity_api.create_user(user) - user['password'] = password + user = unit.create_user(self.identity_api, domain_id=domain['id']) self.assignment_api.create_grant( role_id=self.role_id, user_id=user['id'], domain_id=domain['id']) - ref = self.new_user_ref(domain_id=domain['id']) + ref = unit.new_user_ref(domain_id=domain['id']) ref_nd = ref.copy() ref_nd.pop('domain_id') auth = self.build_authentication_request( @@ -180,7 +174,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_list_users_no_default_project(self): """Call ``GET /users`` making sure no default_project_id.""" - user = self.new_user_ref(self.domain_id) + user = unit.new_user_ref(self.domain_id) user = self.identity_api.create_user(user) resource_url = '/users' r = self.get(resource_url) @@ -195,7 +189,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_get_user_with_default_project(self): """Call ``GET /users/{user_id}`` making sure of default_project_id.""" - user = self.new_user_ref(domain_id=self.domain_id, + user = unit.new_user_ref(domain_id=self.domain_id, project_id=self.project_id) user = self.identity_api.create_user(user) r = self.get('/users/%(user_id)s' % {'user_id': user['id']}) @@ -208,44 +202,39 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_list_groups_for_user(self): """Call ``GET /users/{user_id}/groups``.""" - self.user1 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user1['password'] - self.user1 = self.identity_api.create_user(self.user1) - self.user1['password'] = password - self.user2 = self.new_user_ref( - domain_id=self.domain['id']) - password = self.user2['password'] - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password + user1 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + user2 = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + self.put('/groups/%(group_id)s/users/%(user_id)s' % { - 'group_id': self.group_id, 'user_id': self.user1['id']}) + 'group_id': self.group_id, 'user_id': user1['id']}) # Scenarios below are written to test the default policy configuration # One should be allowed to list one's own groups auth = self.build_authentication_request( - user_id=self.user1['id'], - password=self.user1['password']) + user_id=user1['id'], + password=user1['password']) resource_url = ('/users/%(user_id)s/groups' % - {'user_id': self.user1['id']}) + {'user_id': user1['id']}) r = self.get(resource_url, auth=auth) self.assertValidGroupListResponse(r, ref=self.group, resource_url=resource_url) # Administrator is allowed to list others' groups resource_url = ('/users/%(user_id)s/groups' % - {'user_id': self.user1['id']}) + {'user_id': user1['id']}) r = self.get(resource_url) self.assertValidGroupListResponse(r, ref=self.group, resource_url=resource_url) # Ordinary users should not be allowed to list other's groups auth = self.build_authentication_request( - user_id=self.user2['id'], - password=self.user2['password']) + user_id=user2['id'], + password=user2['password']) r = self.get('/users/%(user_id)s/groups' % { - 'user_id': self.user1['id']}, auth=auth, + 'user_id': user1['id']}, auth=auth, expected_status=exception.ForbiddenAction.code) def test_check_user_in_group(self): @@ -276,7 +265,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_update_user(self): """Call ``PATCH /users/{user_id}``.""" - user = self.new_user_ref(domain_id=self.domain_id) + user = unit.new_user_ref(domain_id=self.domain_id) del user['id'] r = self.patch('/users/%(user_id)s' % { 'user_id': self.user['id']}, @@ -285,14 +274,13 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_admin_password_reset(self): # bootstrap a user as admin - user_ref = self.new_user_ref(domain_id=self.domain['id']) - password = user_ref['password'] - user_ref = self.identity_api.create_user(user_ref) + user_ref = unit.create_user(self.identity_api, + domain_id=self.domain['id']) # auth as user should work before a password change old_password_auth = self.build_authentication_request( user_id=user_ref['id'], - password=password) + password=user_ref['password']) r = self.v3_create_token(old_password_auth) old_token = r.headers.get('X-Subject-Token') @@ -321,7 +309,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): def test_update_user_domain_id(self): """Call ``PATCH /users/{user_id}`` with domain_id.""" - user = self.new_user_ref(domain_id=self.domain['id']) + user = unit.new_user_ref(domain_id=self.domain['id']) user = self.identity_api.create_user(user) user['domain_id'] = CONF.identity.default_domain_id r = self.patch('/users/%(user_id)s' % { @@ -348,12 +336,11 @@ class IdentityTestCase(test_v3.RestfulTestCase): r = self.credential_api.get_credential(self.credential['id']) self.assertDictEqual(self.credential, r) # Create a second credential with a different user - self.user2 = self.new_user_ref( - domain_id=self.domain['id'], - project_id=self.project['id']) - self.user2 = self.identity_api.create_user(self.user2) + user2 = unit.new_user_ref(domain_id=self.domain['id'], + project_id=self.project['id']) + user2 = self.identity_api.create_user(user2) self.credential2 = self.new_credential_ref( - user_id=self.user2['id'], + user_id=user2['id'], project_id=self.project['id']) self.credential_api.create_credential( self.credential2['id'], @@ -449,7 +436,7 @@ class IdentityTestCase(test_v3.RestfulTestCase): log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) - ref = self.new_user_ref(domain_id=self.domain_id) + ref = unit.new_user_ref(domain_id=self.domain_id) self.post( '/users', body={'user': ref}) @@ -463,59 +450,75 @@ class IdentityTestCase(test_v3.RestfulTestCase): log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) # bootstrap a user as admin - user_ref = self.new_user_ref(domain_id=self.domain['id']) - password = user_ref['password'] - user_ref = self.identity_api.create_user(user_ref) + user_ref = unit.create_user(self.identity_api, + domain_id=self.domain['id']) + + self.assertNotIn(user_ref['password'], log_fix.output) # administrative password reset new_password = uuid.uuid4().hex self.patch('/users/%s' % user_ref['id'], body={'user': {'password': new_password}}) - self.assertNotIn(password, log_fix.output) self.assertNotIn(new_password, log_fix.output) class IdentityV3toV2MethodsTestCase(unit.TestCase): """Test users V3 to V2 conversion methods.""" + def new_user_ref(self, **kwargs): + """Construct a bare bones user ref. + + Omits all optional components. + """ + ref = unit.new_user_ref(**kwargs) + # description is already omitted + del ref['email'] + del ref['enabled'] + del ref['password'] + return ref + def setUp(self): super(IdentityV3toV2MethodsTestCase, self).setUp() self.load_backends() - self.user_id = uuid.uuid4().hex - self.default_project_id = uuid.uuid4().hex - self.tenant_id = uuid.uuid4().hex + user_id = uuid.uuid4().hex + project_id = uuid.uuid4().hex + # User with only default_project_id in ref - self.user1 = {'id': self.user_id, - 'name': self.user_id, - 'default_project_id': self.default_project_id, - 'domain_id': CONF.identity.default_domain_id} + self.user1 = self.new_user_ref( + id=user_id, + name=user_id, + project_id=project_id, + domain_id=CONF.identity.default_domain_id) # User without default_project_id or tenantId in ref - self.user2 = {'id': self.user_id, - 'name': self.user_id, - 'domain_id': CONF.identity.default_domain_id} + self.user2 = self.new_user_ref( + id=user_id, + name=user_id, + domain_id=CONF.identity.default_domain_id) # User with both tenantId and default_project_id in ref - self.user3 = {'id': self.user_id, - 'name': self.user_id, - 'default_project_id': self.default_project_id, - 'tenantId': self.tenant_id, - 'domain_id': CONF.identity.default_domain_id} + self.user3 = self.new_user_ref( + id=user_id, + name=user_id, + project_id=project_id, + tenantId=project_id, + domain_id=CONF.identity.default_domain_id) # User with only tenantId in ref - self.user4 = {'id': self.user_id, - 'name': self.user_id, - 'tenantId': self.tenant_id, - 'domain_id': CONF.identity.default_domain_id} + self.user4 = self.new_user_ref( + id=user_id, + name=user_id, + tenantId=project_id, + domain_id=CONF.identity.default_domain_id) # Expected result if the user is meant to have a tenantId element - self.expected_user = {'id': self.user_id, - 'name': self.user_id, - 'username': self.user_id, - 'tenantId': self.default_project_id} + self.expected_user = {'id': user_id, + 'name': user_id, + 'username': user_id, + 'tenantId': project_id} # Expected result if the user is not meant to have a tenantId element - self.expected_user_no_tenant_id = {'id': self.user_id, - 'name': self.user_id, - 'username': self.user_id} + self.expected_user_no_tenant_id = {'id': user_id, + 'name': user_id, + 'username': user_id} def test_v3_to_v2_user_method(self): @@ -552,10 +555,8 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase): def setUp(self): super(UserSelfServiceChangingPasswordsTestCase, self).setUp() - self.user_ref = self.new_user_ref(domain_id=self.domain['id']) - password = self.user_ref['password'] - self.user_ref = self.identity_api.create_user(self.user_ref) - self.user_ref['password'] = password + self.user_ref = unit.create_user(self.identity_api, + domain_id=self.domain['id']) self.token = self.get_request_token(self.user_ref['password'], http_client.CREATED) diff --git a/keystone/tests/unit/test_v3_oauth1.py b/keystone/tests/unit/test_v3_oauth1.py index c7d317a1c7..a73b116d72 100644 --- a/keystone/tests/unit/test_v3_oauth1.py +++ b/keystone/tests/unit/test_v3_oauth1.py @@ -25,6 +25,7 @@ from keystone.contrib import oauth1 from keystone.contrib.oauth1 import controllers from keystone.contrib.oauth1 import core from keystone import exception +from keystone.tests import unit from keystone.tests.unit.common import test_notifications from keystone.tests.unit.ksfixtures import temporaryfile from keystone.tests.unit import test_v3 @@ -388,7 +389,7 @@ class AuthTokenTests(OAuthFlowTests): self.assertEqual(self.role_id, roles_list[0]['id']) # verify that the token can perform delegated tasks - ref = self.new_user_ref(domain_id=self.domain_id) + ref = unit.new_user_ref(domain_id=self.domain_id) r = self.admin_request(path='/v3/users', headers=headers, method='POST', body={'user': ref}) self.assertValidUserResponse(r, ref) diff --git a/keystone/tests/unit/test_v3_protection.py b/keystone/tests/unit/test_v3_protection.py index 1bdfe42bea..b4de2d699e 100644 --- a/keystone/tests/unit/test_v3_protection.py +++ b/keystone/tests/unit/test_v3_protection.py @@ -74,23 +74,12 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase): self.resource_api.create_domain(self.domainC['id'], self.domainC) # Now create some users, one in domainA and two of them in domainB - self.user1 = self.new_user_ref(domain_id=self.domainA['id']) - password = uuid.uuid4().hex - self.user1['password'] = password - self.user1 = self.identity_api.create_user(self.user1) - self.user1['password'] = password - - self.user2 = self.new_user_ref(domain_id=self.domainB['id']) - password = uuid.uuid4().hex - self.user2['password'] = password - self.user2 = self.identity_api.create_user(self.user2) - self.user2['password'] = password - - self.user3 = self.new_user_ref(domain_id=self.domainB['id']) - password = uuid.uuid4().hex - self.user3['password'] = password - self.user3 = self.identity_api.create_user(self.user3) - self.user3['password'] = password + self.user1 = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) + self.user2 = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) + self.user3 = unit.create_user(self.identity_api, + domain_id=self.domainB['id']) self.group1 = unit.new_group_ref(domain_id=self.domainA['id']) self.group1 = self.identity_api.create_group(self.group1) @@ -347,26 +336,15 @@ class IdentityTestPolicySample(test_v3.RestfulTestCase): def load_sample_data(self): self._populate_default_domain() - self.just_a_user = self.new_user_ref( + self.just_a_user = unit.create_user( + self.identity_api, domain_id=CONF.identity.default_domain_id) - password = uuid.uuid4().hex - self.just_a_user['password'] = password - self.just_a_user = self.identity_api.create_user(self.just_a_user) - self.just_a_user['password'] = password - - self.another_user = self.new_user_ref( + self.another_user = unit.create_user( + self.identity_api, domain_id=CONF.identity.default_domain_id) - password = uuid.uuid4().hex - self.another_user['password'] = password - self.another_user = self.identity_api.create_user(self.another_user) - self.another_user['password'] = password - - self.admin_user = self.new_user_ref( + self.admin_user = unit.create_user( + self.identity_api, domain_id=CONF.identity.default_domain_id) - password = uuid.uuid4().hex - self.admin_user['password'] = password - self.admin_user = self.identity_api.create_user(self.admin_user) - self.admin_user['password'] = password self.role = unit.new_role_ref() self.role_api.create_role(self.role['id'], self.role) @@ -626,32 +604,18 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase, self.admin_domain) # And our users - self.cloud_admin_user = self.new_user_ref( + self.cloud_admin_user = unit.create_user( + self.identity_api, domain_id=self.admin_domain['id']) - password = uuid.uuid4().hex - self.cloud_admin_user['password'] = password - self.cloud_admin_user = ( - self.identity_api.create_user(self.cloud_admin_user)) - self.cloud_admin_user['password'] = password - self.just_a_user = self.new_user_ref(domain_id=self.domainA['id']) - password = uuid.uuid4().hex - self.just_a_user['password'] = password - self.just_a_user = self.identity_api.create_user(self.just_a_user) - self.just_a_user['password'] = password - self.domain_admin_user = self.new_user_ref( + self.just_a_user = unit.create_user( + self.identity_api, domain_id=self.domainA['id']) - password = uuid.uuid4().hex - self.domain_admin_user['password'] = password - self.domain_admin_user = ( - self.identity_api.create_user(self.domain_admin_user)) - self.domain_admin_user['password'] = password - self.project_admin_user = self.new_user_ref( + self.domain_admin_user = unit.create_user( + self.identity_api, + domain_id=self.domainA['id']) + self.project_admin_user = unit.create_user( + self.identity_api, domain_id=self.domainA['id']) - password = uuid.uuid4().hex - self.project_admin_user['password'] = password - self.project_admin_user = ( - self.identity_api.create_user(self.project_admin_user)) - self.project_admin_user['password'] = password # The admin role and another plain role self.admin_role = unit.new_role_ref(name='admin') @@ -706,7 +670,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase, self.delete(entity_url, auth=self.auth, expected_status=status_no_data) - user_ref = self.new_user_ref(domain_id=domain_id) + user_ref = unit.new_user_ref(domain_id=domain_id) self.post('/users', auth=self.auth, body={'user': user_ref}, expected_status=status_created) @@ -1079,9 +1043,8 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase, def test_get_and_delete_ec2_credentials(self): """Tests getting and deleting ec2 credentials through the ec2 API.""" - another_user = self.new_user_ref(domain_id=self.domainA['id']) - password = another_user['password'] - another_user = self.identity_api.create_user(another_user) + another_user = unit.create_user(self.identity_api, + domain_id=self.domainA['id']) # create a credential for just_a_user just_user_auth = self.build_authentication_request( @@ -1095,7 +1058,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase, # another normal user can't get the credential another_user_auth = self.build_authentication_request( user_id=another_user['id'], - password=password) + password=another_user['password']) another_user_url = '/users/%s/credentials/OS-EC2/%s' % ( another_user['id'], r.result['credential']['access']) self.get(another_user_url, auth=another_user_auth, diff --git a/keystone/tests/unit/test_validation.py b/keystone/tests/unit/test_validation.py index ed0f291a0b..93d20fd007 100644 --- a/keystone/tests/unit/test_validation.py +++ b/keystone/tests/unit/test_validation.py @@ -1717,13 +1717,8 @@ class UserValidationTestCase(unit.BaseTestCase): def test_validate_user_create_with_all_valid_parameters_succeeds(self): """Test that validating a user create request succeeds.""" - request_to_validate = {'name': self.user_name, - 'default_project_id': uuid.uuid4().hex, - 'domain_id': uuid.uuid4().hex, - 'description': uuid.uuid4().hex, - 'enabled': True, - 'email': uuid.uuid4().hex, - 'password': uuid.uuid4().hex} + request_to_validate = unit.new_user_ref(domain_id=uuid.uuid4().hex, + name=self.user_name) self.create_user_validator.validate(request_to_validate) def test_validate_user_create_fails_without_name(self):