Use unit.new_user_ref consistently
Replace all hand created user refs with calls to new_user_ref(). Note: LDAP live testing code will be updated in a follow on patch. They require more testing before submission. Change-Id: I73b1d869534ac3a1bcd2404ef1dd3a0d5b7ea518
This commit is contained in:
parent
7b6a5a7515
commit
5784285e9f
@ -338,16 +338,16 @@ class NotificationsForEntities(BaseNotificationTest):
|
|||||||
cadftaxonomy.SECURITY_ROLE)
|
cadftaxonomy.SECURITY_ROLE)
|
||||||
|
|
||||||
def test_create_user(self):
|
def test_create_user(self):
|
||||||
user_ref = self.new_user_ref(domain_id=self.domain_id)
|
user_ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
user_ref = self.identity_api.create_user(user_ref)
|
user_ref = self.identity_api.create_user(user_ref)
|
||||||
self._assert_last_note(user_ref['id'], CREATED_OPERATION, 'user')
|
self._assert_last_note(user_ref['id'], CREATED_OPERATION, 'user')
|
||||||
self._assert_last_audit(user_ref['id'], CREATED_OPERATION, 'user',
|
self._assert_last_audit(user_ref['id'], CREATED_OPERATION, 'user',
|
||||||
cadftaxonomy.SECURITY_ACCOUNT_USER)
|
cadftaxonomy.SECURITY_ACCOUNT_USER)
|
||||||
|
|
||||||
def test_create_trust(self):
|
def test_create_trust(self):
|
||||||
trustor = self.new_user_ref(domain_id=self.domain_id)
|
trustor = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
trustor = self.identity_api.create_user(trustor)
|
trustor = self.identity_api.create_user(trustor)
|
||||||
trustee = self.new_user_ref(domain_id=self.domain_id)
|
trustee = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
trustee = self.identity_api.create_user(trustee)
|
trustee = self.identity_api.create_user(trustee)
|
||||||
role_ref = unit.new_role_ref()
|
role_ref = unit.new_role_ref()
|
||||||
self.role_api.create_role(role_ref['id'], role_ref)
|
self.role_api.create_role(role_ref['id'], role_ref)
|
||||||
@ -387,7 +387,7 @@ class NotificationsForEntities(BaseNotificationTest):
|
|||||||
cadftaxonomy.SECURITY_ROLE)
|
cadftaxonomy.SECURITY_ROLE)
|
||||||
|
|
||||||
def test_delete_user(self):
|
def test_delete_user(self):
|
||||||
user_ref = self.new_user_ref(domain_id=self.domain_id)
|
user_ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
user_ref = self.identity_api.create_user(user_ref)
|
user_ref = self.identity_api.create_user(user_ref)
|
||||||
self.identity_api.delete_user(user_ref['id'])
|
self.identity_api.delete_user(user_ref['id'])
|
||||||
self._assert_last_note(user_ref['id'], DELETED_OPERATION, 'user')
|
self._assert_last_note(user_ref['id'], DELETED_OPERATION, 'user')
|
||||||
@ -421,9 +421,9 @@ class NotificationsForEntities(BaseNotificationTest):
|
|||||||
cadftaxonomy.SECURITY_DOMAIN)
|
cadftaxonomy.SECURITY_DOMAIN)
|
||||||
|
|
||||||
def test_delete_trust(self):
|
def test_delete_trust(self):
|
||||||
trustor = self.new_user_ref(domain_id=self.domain_id)
|
trustor = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
trustor = self.identity_api.create_user(trustor)
|
trustor = self.identity_api.create_user(trustor)
|
||||||
trustee = self.new_user_ref(domain_id=self.domain_id)
|
trustee = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
trustee = self.identity_api.create_user(trustee)
|
trustee = self.identity_api.create_user(trustee)
|
||||||
role_ref = unit.new_role_ref()
|
role_ref = unit.new_role_ref()
|
||||||
trust_ref = self.new_trust_ref(trustor['id'], trustee['id'])
|
trust_ref = self.new_trust_ref(trustor['id'], trustee['id'])
|
||||||
@ -616,7 +616,7 @@ class NotificationsForEntities(BaseNotificationTest):
|
|||||||
cadftaxonomy.SECURITY_ROLE)
|
cadftaxonomy.SECURITY_ROLE)
|
||||||
|
|
||||||
def test_update_user(self):
|
def test_update_user(self):
|
||||||
user_ref = self.new_user_ref(domain_id=self.domain_id)
|
user_ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
user_ref = self.identity_api.create_user(user_ref)
|
user_ref = self.identity_api.create_user(user_ref)
|
||||||
self.identity_api.update_user(user_ref['id'], user_ref)
|
self.identity_api.update_user(user_ref['id'], user_ref)
|
||||||
self._assert_last_note(user_ref['id'], UPDATED_OPERATION, 'user')
|
self._assert_last_note(user_ref['id'], UPDATED_OPERATION, 'user')
|
||||||
|
@ -312,13 +312,18 @@ def new_project_ref(domain_id=None, parent_id=None, is_domain=False):
|
|||||||
return ref
|
return ref
|
||||||
|
|
||||||
|
|
||||||
def new_user_ref(domain_id, project_id=None):
|
def new_user_ref(domain_id, project_id=None, **kwargs):
|
||||||
ref = new_ref()
|
ref = new_ref()
|
||||||
|
|
||||||
|
# do not include by default, allow user to add with kwargs
|
||||||
|
del ref['description']
|
||||||
|
|
||||||
ref['domain_id'] = domain_id
|
ref['domain_id'] = domain_id
|
||||||
ref['email'] = uuid.uuid4().hex
|
ref['email'] = uuid.uuid4().hex
|
||||||
ref['password'] = uuid.uuid4().hex
|
ref['password'] = uuid.uuid4().hex
|
||||||
if project_id:
|
if project_id:
|
||||||
ref['default_project_id'] = project_id
|
ref['default_project_id'] = project_id
|
||||||
|
ref.update(**kwargs)
|
||||||
return ref
|
return ref
|
||||||
|
|
||||||
|
|
||||||
@ -400,6 +405,20 @@ def new_trust_ref(trustor_user_id, trustee_user_id, project_id=None,
|
|||||||
return ref
|
return ref
|
||||||
|
|
||||||
|
|
||||||
|
def create_user(api, domain_id, **kwargs):
|
||||||
|
"""Create a user via the API. Keep the created password.
|
||||||
|
|
||||||
|
The password is saved and restored when api.create_user() is called.
|
||||||
|
Only use this routine if there is a requirement for the user object to
|
||||||
|
have a valid password after api.create_user() is called.
|
||||||
|
"""
|
||||||
|
user = new_user_ref(domain_id=domain_id, **kwargs)
|
||||||
|
password = user['password']
|
||||||
|
user = api.create_user(user)
|
||||||
|
user['password'] = password
|
||||||
|
return user
|
||||||
|
|
||||||
|
|
||||||
class BaseTestCase(oslotest.BaseTestCase):
|
class BaseTestCase(oslotest.BaseTestCase):
|
||||||
"""Light weight base test class.
|
"""Light weight base test class.
|
||||||
|
|
||||||
|
@ -715,15 +715,9 @@ class AuthWithPasswordCredentials(AuthTest):
|
|||||||
|
|
||||||
# 2) Create user "foo" in new domain with different password than
|
# 2) Create user "foo" in new domain with different password than
|
||||||
# default-domain foo.
|
# default-domain foo.
|
||||||
new_user_password = uuid.uuid4().hex
|
new_user = unit.create_user(self.identity_api,
|
||||||
new_user = {
|
name=self.user_foo['name'],
|
||||||
'name': self.user_foo['name'],
|
domain_id=new_domain_id)
|
||||||
'domain_id': new_domain_id,
|
|
||||||
'password': new_user_password,
|
|
||||||
'email': 'foo@bar2.com',
|
|
||||||
}
|
|
||||||
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
|
||||||
|
|
||||||
# 3) Update the default_domain_id config option to the new domain
|
# 3) Update the default_domain_id config option to the new domain
|
||||||
|
|
||||||
@ -734,7 +728,7 @@ class AuthWithPasswordCredentials(AuthTest):
|
|||||||
|
|
||||||
body_dict = _build_user_auth(
|
body_dict = _build_user_auth(
|
||||||
username=self.user_foo['name'],
|
username=self.user_foo['name'],
|
||||||
password=new_user_password)
|
password=new_user['password'])
|
||||||
|
|
||||||
# The test is successful if this doesn't raise, so no need to assert.
|
# The test is successful if this doesn't raise, so no need to assert.
|
||||||
self.controller.authenticate({}, body_dict)
|
self.controller.authenticate({}, body_dict)
|
||||||
|
@ -198,7 +198,7 @@ class AssignmentTestHelperMixin(object):
|
|||||||
def _create_entity_in_domain(entity_type, domain_id):
|
def _create_entity_in_domain(entity_type, domain_id):
|
||||||
"""Create a user or group entity in the domain."""
|
"""Create a user or group entity in the domain."""
|
||||||
if entity_type == 'users':
|
if entity_type == 'users':
|
||||||
new_entity = {'name': uuid.uuid4().hex, 'domain_id': domain_id}
|
new_entity = unit.new_user_ref(domain_id=domain_id)
|
||||||
new_entity = self.identity_api.create_user(new_entity)
|
new_entity = self.identity_api.create_user(new_entity)
|
||||||
elif entity_type == 'groups':
|
elif entity_type == 'groups':
|
||||||
new_entity = unit.new_group_ref(domain_id=domain_id)
|
new_entity = unit.new_group_ref(domain_id=domain_id)
|
||||||
@ -479,11 +479,12 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertDictEqual(self.user_sna, user_ref)
|
self.assertDictEqual(self.user_sna, user_ref)
|
||||||
|
|
||||||
def test_authenticate_and_get_roles_no_metadata(self):
|
def test_authenticate_and_get_roles_no_metadata(self):
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': 'NO_META',
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
# Remove user id. It is ignored by create_user() and will break the
|
||||||
'password': 'no_meta2',
|
# subset test below.
|
||||||
}
|
del user['id']
|
||||||
|
|
||||||
new_user = self.identity_api.create_user(user)
|
new_user = self.identity_api.create_user(user)
|
||||||
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
||||||
new_user['id'])
|
new_user['id'])
|
||||||
@ -504,10 +505,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_authenticate_if_no_password_set(self):
|
def test_authenticate_if_no_password_set(self):
|
||||||
id_ = uuid.uuid4().hex
|
id_ = uuid.uuid4().hex
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex,
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
}
|
|
||||||
self.identity_api.create_user(user)
|
self.identity_api.create_user(user)
|
||||||
|
|
||||||
self.assertRaises(AssertionError,
|
self.assertRaises(AssertionError,
|
||||||
@ -518,9 +516,8 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_create_unicode_user_name(self):
|
def test_create_unicode_user_name(self):
|
||||||
unicode_name = u'name \u540d\u5b57'
|
unicode_name = u'name \u540d\u5b57'
|
||||||
user = {'name': unicode_name,
|
user = unit.new_user_ref(name=unicode_name,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
ref = self.identity_api.create_user(user)
|
ref = self.identity_api.create_user(user)
|
||||||
self.assertEqual(unicode_name, ref['name'])
|
self.assertEqual(unicode_name, ref['name'])
|
||||||
|
|
||||||
@ -554,11 +551,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_list_user_ids_for_project_no_duplicates(self):
|
def test_list_user_ids_for_project_no_duplicates(self):
|
||||||
# Create user
|
# Create user
|
||||||
user_ref = {
|
user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex,
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
'enabled': True}
|
|
||||||
user_ref = self.identity_api.create_user(user_ref)
|
user_ref = self.identity_api.create_user(user_ref)
|
||||||
# Create project
|
# Create project
|
||||||
project_ref = {
|
project_ref = {
|
||||||
@ -596,10 +589,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
@unit.skip_if_cache_disabled('identity')
|
@unit.skip_if_cache_disabled('identity')
|
||||||
def test_cache_layer_get_user(self):
|
def test_cache_layer_get_user(self):
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex.lower(),
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID
|
|
||||||
}
|
|
||||||
self.identity_api.create_user(user)
|
self.identity_api.create_user(user)
|
||||||
ref = self.identity_api.get_user_by_name(user['name'],
|
ref = self.identity_api.get_user_by_name(user['name'],
|
||||||
user['domain_id'])
|
user['domain_id'])
|
||||||
@ -614,11 +604,8 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.identity_api.get_user.invalidate(self.identity_api, ref['id'])
|
self.identity_api.get_user.invalidate(self.identity_api, ref['id'])
|
||||||
self.assertRaises(exception.UserNotFound,
|
self.assertRaises(exception.UserNotFound,
|
||||||
self.identity_api.get_user, ref['id'])
|
self.identity_api.get_user, ref['id'])
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex.lower(),
|
user = self.identity_api.create_user(user)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID
|
|
||||||
}
|
|
||||||
self.identity_api.create_user(user)
|
|
||||||
ref = self.identity_api.get_user_by_name(user['name'],
|
ref = self.identity_api.get_user_by_name(user['name'],
|
||||||
user['domain_id'])
|
user['domain_id'])
|
||||||
user['description'] = uuid.uuid4().hex
|
user['description'] = uuid.uuid4().hex
|
||||||
@ -648,10 +635,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
@unit.skip_if_cache_disabled('identity')
|
@unit.skip_if_cache_disabled('identity')
|
||||||
def test_cache_layer_get_user_by_name(self):
|
def test_cache_layer_get_user_by_name(self):
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex.lower(),
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID
|
|
||||||
}
|
|
||||||
self.identity_api.create_user(user)
|
self.identity_api.create_user(user)
|
||||||
ref = self.identity_api.get_user_by_name(user['name'],
|
ref = self.identity_api.get_user_by_name(user['name'],
|
||||||
user['domain_id'])
|
user['domain_id'])
|
||||||
@ -667,11 +651,8 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertRaises(exception.UserNotFound,
|
self.assertRaises(exception.UserNotFound,
|
||||||
self.identity_api.get_user_by_name,
|
self.identity_api.get_user_by_name,
|
||||||
user['name'], DEFAULT_DOMAIN_ID)
|
user['name'], DEFAULT_DOMAIN_ID)
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex.lower(),
|
user = self.identity_api.create_user(user)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID
|
|
||||||
}
|
|
||||||
self.identity_api.create_user(user)
|
|
||||||
ref = self.identity_api.get_user_by_name(user['name'],
|
ref = self.identity_api.get_user_by_name(user['name'],
|
||||||
user['domain_id'])
|
user['domain_id'])
|
||||||
user['description'] = uuid.uuid4().hex
|
user['description'] = uuid.uuid4().hex
|
||||||
@ -689,10 +670,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
DEFAULT_DOMAIN_ID)
|
DEFAULT_DOMAIN_ID)
|
||||||
|
|
||||||
def test_create_duplicate_user_name_fails(self):
|
def test_create_duplicate_user_name_fails(self):
|
||||||
user = {'name': 'fake1',
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': 'fakepass',
|
|
||||||
'tenants': ['bar']}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.assertRaises(exception.Conflict,
|
self.assertRaises(exception.Conflict,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
@ -701,12 +679,11 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
def test_create_duplicate_user_name_in_different_domains(self):
|
def test_create_duplicate_user_name_in_different_domains(self):
|
||||||
new_domain = unit.new_domain_ref()
|
new_domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(new_domain['id'], new_domain)
|
self.resource_api.create_domain(new_domain['id'], new_domain)
|
||||||
user1 = {'name': uuid.uuid4().hex,
|
user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex}
|
user2 = unit.new_user_ref(name=user1['name'],
|
||||||
user2 = {'name': user1['name'],
|
domain_id=new_domain['id'])
|
||||||
'domain_id': new_domain['id'],
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
self.identity_api.create_user(user1)
|
self.identity_api.create_user(user1)
|
||||||
self.identity_api.create_user(user2)
|
self.identity_api.create_user(user2)
|
||||||
|
|
||||||
@ -715,9 +692,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.resource_api.create_domain(domain1['id'], domain1)
|
self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
domain2 = unit.new_domain_ref()
|
domain2 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain2['id'], domain2)
|
self.resource_api.create_domain(domain2['id'], domain2)
|
||||||
user = {'name': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'domain_id': domain1['id'],
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user['domain_id'] = domain2['id']
|
user['domain_id'] = domain2['id']
|
||||||
self.identity_api.update_user(user['id'], user)
|
self.identity_api.update_user(user['id'], user)
|
||||||
@ -731,15 +706,12 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
domain2 = unit.new_domain_ref()
|
domain2 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain2['id'], domain2)
|
self.resource_api.create_domain(domain2['id'], domain2)
|
||||||
# First, create a user in domain1
|
# First, create a user in domain1
|
||||||
user1 = {'name': uuid.uuid4().hex,
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'domain_id': domain1['id'],
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
# Now create a user in domain2 with a potentially clashing
|
# Now create a user in domain2 with a potentially clashing
|
||||||
# name - which should work since we have domain separation
|
# name - which should work since we have domain separation
|
||||||
user2 = {'name': user1['name'],
|
user2 = unit.new_user_ref(name=user1['name'],
|
||||||
'domain_id': domain2['id'],
|
domain_id=domain2['id'])
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
user2 = self.identity_api.create_user(user2)
|
user2 = self.identity_api.create_user(user2)
|
||||||
# Now try and move user1 into the 2nd domain - which should
|
# Now try and move user1 into the 2nd domain - which should
|
||||||
# fail since the names clash
|
# fail since the names clash
|
||||||
@ -750,27 +722,18 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
user1)
|
user1)
|
||||||
|
|
||||||
def test_rename_duplicate_user_name_fails(self):
|
def test_rename_duplicate_user_name_fails(self):
|
||||||
user1 = {'name': 'fake1',
|
user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
user2 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'password': 'fakepass',
|
|
||||||
'tenants': ['bar']}
|
|
||||||
user2 = {'name': 'fake2',
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': 'fakepass',
|
|
||||||
'tenants': ['bar']}
|
|
||||||
self.identity_api.create_user(user1)
|
self.identity_api.create_user(user1)
|
||||||
user2 = self.identity_api.create_user(user2)
|
user2 = self.identity_api.create_user(user2)
|
||||||
user2['name'] = 'fake1'
|
user2['name'] = user1['name']
|
||||||
self.assertRaises(exception.Conflict,
|
self.assertRaises(exception.Conflict,
|
||||||
self.identity_api.update_user,
|
self.identity_api.update_user,
|
||||||
user2['id'],
|
user2['id'],
|
||||||
user2)
|
user2)
|
||||||
|
|
||||||
def test_update_user_id_fails(self):
|
def test_update_user_id_fails(self):
|
||||||
user = {'name': 'fake1',
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': 'fakepass',
|
|
||||||
'tenants': ['bar']}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
original_id = user['id']
|
original_id = user['id']
|
||||||
user['id'] = 'fake2'
|
user['id'] = 'fake2'
|
||||||
@ -965,10 +928,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
- Check the role list get by the user and project was as expected
|
- Check the role list get by the user and project was as expected
|
||||||
|
|
||||||
"""
|
"""
|
||||||
user_ref = {'name': uuid.uuid4().hex,
|
user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
'enabled': True}
|
|
||||||
user_ref = self.identity_api.create_user(user_ref)
|
user_ref = self.identity_api.create_user(user_ref)
|
||||||
|
|
||||||
project_ref = {'id': uuid.uuid4().hex,
|
project_ref = {'id': uuid.uuid4().hex,
|
||||||
@ -1032,11 +992,9 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
"""
|
"""
|
||||||
new_domain = unit.new_domain_ref()
|
new_domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(new_domain['id'], new_domain)
|
self.resource_api.create_domain(new_domain['id'], new_domain)
|
||||||
new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user1 = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user1 = self.identity_api.create_user(new_user1)
|
new_user1 = self.identity_api.create_user(new_user1)
|
||||||
new_user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user2 = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user2 = self.identity_api.create_user(new_user2)
|
new_user2 = self.identity_api.create_user(new_user2)
|
||||||
roles_ref = self.assignment_api.list_grants(
|
roles_ref = self.assignment_api.list_grants(
|
||||||
user_id=new_user1['id'],
|
user_id=new_user1['id'],
|
||||||
@ -1081,8 +1039,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
new_domain = self._get_domain_fixture()
|
new_domain = self._get_domain_fixture()
|
||||||
new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user1 = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user1 = self.identity_api.create_user(new_user1)
|
new_user1 = self.identity_api.create_user(new_user1)
|
||||||
|
|
||||||
self.assertRaises(exception.UserNotFound,
|
self.assertRaises(exception.UserNotFound,
|
||||||
@ -1247,8 +1204,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.resource_api.create_domain(new_domain['id'], new_domain)
|
self.resource_api.create_domain(new_domain['id'], new_domain)
|
||||||
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_user = {'name': 'new_user', 'password': 'secret',
|
new_user = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -1282,8 +1238,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.resource_api.create_domain(new_domain['id'], new_domain)
|
self.resource_api.create_domain(new_domain['id'], new_domain)
|
||||||
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -1325,11 +1280,9 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_group2 = unit.new_group_ref(domain_id=new_domain['id'])
|
new_group2 = unit.new_group_ref(domain_id=new_domain['id'])
|
||||||
new_group2 = self.identity_api.create_group(new_group2)
|
new_group2 = self.identity_api.create_group(new_group2)
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
new_user2 = {'name': 'new_user2', 'password': uuid.uuid4().hex,
|
new_user2 = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user2 = self.identity_api.create_user(new_user2)
|
new_user2 = self.identity_api.create_user(new_user2)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -1375,8 +1328,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
def test_get_and_remove_role_grant_by_user_and_domain(self):
|
def test_get_and_remove_role_grant_by_user_and_domain(self):
|
||||||
new_domain = unit.new_domain_ref()
|
new_domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(new_domain['id'], new_domain)
|
self.resource_api.create_domain(new_domain['id'], new_domain)
|
||||||
new_user = {'name': 'new_user', 'password': 'secret',
|
new_user = unit.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
roles_ref = self.assignment_api.list_grants(
|
roles_ref = self.assignment_api.list_grants(
|
||||||
user_id=new_user['id'],
|
user_id=new_user['id'],
|
||||||
@ -1461,8 +1413,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.resource_api.create_domain(domain1['id'], domain1)
|
self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
domain2 = unit.new_domain_ref()
|
domain2 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain2['id'], domain2)
|
self.resource_api.create_domain(domain2['id'], domain2)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
roles_ref = self.assignment_api.list_grants(
|
roles_ref = self.assignment_api.list_grants(
|
||||||
user_id=user1['id'],
|
user_id=user1['id'],
|
||||||
@ -1552,8 +1503,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.resource_api.create_domain(domain1['id'], domain1)
|
self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
domain2 = unit.new_domain_ref()
|
domain2 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain2['id'], domain2)
|
self.resource_api.create_domain(domain2['id'], domain2)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain2['id']}
|
'domain_id': domain2['id']}
|
||||||
@ -1621,8 +1571,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertRaises(exception.RoleNotFound, f,
|
self.assertRaises(exception.RoleNotFound, f,
|
||||||
role_id=uuid.uuid4().hex, **kwargs)
|
role_id=uuid.uuid4().hex, **kwargs)
|
||||||
|
|
||||||
user = {'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user_resp = self.identity_api.create_user(user)
|
user_resp = self.identity_api.create_user(user)
|
||||||
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
group_resp = self.identity_api.create_group(group)
|
group_resp = self.identity_api.create_group(group)
|
||||||
@ -1654,8 +1603,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
role_list.append(role)
|
role_list.append(role)
|
||||||
domain1 = unit.new_domain_ref()
|
domain1 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain1['id'], domain1)
|
self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -1761,8 +1709,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
role_list.append(role)
|
role_list.append(role)
|
||||||
domain1 = unit.new_domain_ref()
|
domain1 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain1['id'], domain1)
|
self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -1824,8 +1771,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain1['id']}
|
'domain_id': domain1['id']}
|
||||||
self.resource_api.create_project(project1['id'], project1)
|
self.resource_api.create_project(project1['id'], project1)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -1883,8 +1829,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain1['id']}
|
'domain_id': domain1['id']}
|
||||||
self.resource_api.create_project(project1['id'], project1)
|
self.resource_api.create_project(project1['id'], project1)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -1921,8 +1866,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain1['id']}
|
'domain_id': domain1['id']}
|
||||||
self.resource_api.create_project(project1['id'], project1)
|
self.resource_api.create_project(project1['id'], project1)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -2132,9 +2076,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
'domain_id': DEFAULT_DOMAIN_ID})
|
'domain_id': DEFAULT_DOMAIN_ID})
|
||||||
|
|
||||||
def test_delete_user_with_project_association(self):
|
def test_delete_user_with_project_association(self):
|
||||||
user = {'name': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
||||||
user['id'])
|
user['id'])
|
||||||
@ -2144,9 +2086,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
user['id'])
|
user['id'])
|
||||||
|
|
||||||
def test_delete_user_with_project_roles(self):
|
def test_delete_user_with_project_roles(self):
|
||||||
user = {'name': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.assignment_api.add_role_to_user_and_project(
|
self.assignment_api.add_role_to_user_and_project(
|
||||||
user['id'],
|
user['id'],
|
||||||
@ -2254,22 +2194,21 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
tenant)
|
tenant)
|
||||||
|
|
||||||
def test_create_user_long_name_fails(self):
|
def test_create_user_long_name_fails(self):
|
||||||
user = {'name': 'a' * 256,
|
user = unit.new_user_ref(name='a' * 256,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
user)
|
user)
|
||||||
|
|
||||||
def test_create_user_blank_name_fails(self):
|
def test_create_user_blank_name_fails(self):
|
||||||
user = {'name': '',
|
user = unit.new_user_ref(name='',
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
user)
|
user)
|
||||||
|
|
||||||
def test_create_user_missed_password(self):
|
def test_create_user_missed_password(self):
|
||||||
user = {'name': 'fake1',
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.identity_api.get_user(user['id'])
|
self.identity_api.get_user(user['id'])
|
||||||
# Make sure the user is not allowed to login
|
# Make sure the user is not allowed to login
|
||||||
@ -2286,8 +2225,8 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
password=None)
|
password=None)
|
||||||
|
|
||||||
def test_create_user_none_password(self):
|
def test_create_user_none_password(self):
|
||||||
user = {'name': 'fake1', 'password': None,
|
user = unit.new_user_ref(password=None,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.identity_api.get_user(user['id'])
|
self.identity_api.get_user(user['id'])
|
||||||
# Make sure the user is not allowed to login
|
# Make sure the user is not allowed to login
|
||||||
@ -2304,14 +2243,14 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
password=None)
|
password=None)
|
||||||
|
|
||||||
def test_create_user_invalid_name_fails(self):
|
def test_create_user_invalid_name_fails(self):
|
||||||
user = {'name': None,
|
user = unit.new_user_ref(name=None,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
user)
|
user)
|
||||||
|
|
||||||
user = {'name': 123,
|
user = unit.new_user_ref(name=123,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
user)
|
user)
|
||||||
@ -2354,18 +2293,15 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
project)
|
project)
|
||||||
|
|
||||||
def test_create_user_invalid_enabled_type_string(self):
|
def test_create_user_invalid_enabled_type_string(self):
|
||||||
user = {'name': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
# invalid string value
|
# invalid string value
|
||||||
'enabled': "true"}
|
enabled='true')
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
user)
|
user)
|
||||||
|
|
||||||
def test_update_user_long_name_fails(self):
|
def test_update_user_long_name_fails(self):
|
||||||
user = {'name': 'fake1',
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user['name'] = 'a' * 256
|
user['name'] = 'a' * 256
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
@ -2374,8 +2310,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
user)
|
user)
|
||||||
|
|
||||||
def test_update_user_blank_name_fails(self):
|
def test_update_user_blank_name_fails(self):
|
||||||
user = {'name': 'fake1',
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user['name'] = ''
|
user['name'] = ''
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
@ -2384,8 +2319,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
user)
|
user)
|
||||||
|
|
||||||
def test_update_user_invalid_name_fails(self):
|
def test_update_user_invalid_name_fails(self):
|
||||||
user = {'name': 'fake1',
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
|
|
||||||
user['name'] = None
|
user['name'] = None
|
||||||
@ -2876,15 +2810,13 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertDictEqual(original_project, new_project)
|
self.assertDictEqual(original_project, new_project)
|
||||||
|
|
||||||
def test_create_user_doesnt_modify_passed_in_dict(self):
|
def test_create_user_doesnt_modify_passed_in_dict(self):
|
||||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
original_user = new_user.copy()
|
original_user = new_user.copy()
|
||||||
self.identity_api.create_user(new_user)
|
self.identity_api.create_user(new_user)
|
||||||
self.assertDictEqual(original_user, new_user)
|
self.assertDictEqual(original_user, new_user)
|
||||||
|
|
||||||
def test_update_user_enable(self):
|
def test_update_user_enable(self):
|
||||||
user = {'name': 'fake1', 'enabled': True,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user_ref = self.identity_api.get_user(user['id'])
|
user_ref = self.identity_api.get_user(user['id'])
|
||||||
self.assertTrue(user_ref['enabled'])
|
self.assertTrue(user_ref['enabled'])
|
||||||
@ -2923,9 +2855,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertTrue(user_ref['enabled'])
|
self.assertTrue(user_ref['enabled'])
|
||||||
|
|
||||||
def test_update_user_name(self):
|
def test_update_user_name(self):
|
||||||
user = {'name': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'enabled': True,
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user_ref = self.identity_api.get_user(user['id'])
|
user_ref = self.identity_api.get_user(user['id'])
|
||||||
self.assertEqual(user['name'], user_ref['name'])
|
self.assertEqual(user['name'], user_ref['name'])
|
||||||
@ -2946,14 +2876,13 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertEqual(changed_name, user_ref['name'])
|
self.assertEqual(changed_name, user_ref['name'])
|
||||||
|
|
||||||
def test_update_user_enable_fails(self):
|
def test_update_user_enable_fails(self):
|
||||||
user = {'name': 'fake1', 'enabled': True,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user_ref = self.identity_api.get_user(user['id'])
|
user_ref = self.identity_api.get_user(user['id'])
|
||||||
self.assertTrue(user_ref['enabled'])
|
self.assertTrue(user_ref['enabled'])
|
||||||
|
|
||||||
# Strings are not valid boolean values
|
# Strings are not valid boolean values
|
||||||
user['enabled'] = "false"
|
user['enabled'] = 'false'
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.identity_api.update_user,
|
self.identity_api.update_user,
|
||||||
user['id'],
|
user['id'],
|
||||||
@ -2991,8 +2920,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
new_group = unit.new_group_ref(domain_id=domain['id'])
|
new_group = unit.new_group_ref(domain_id=domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -3006,8 +2934,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_add_user_to_group_returns_not_found(self):
|
def test_add_user_to_group_returns_not_found(self):
|
||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.assertRaises(exception.GroupNotFound,
|
self.assertRaises(exception.GroupNotFound,
|
||||||
self.identity_api.add_user_to_group,
|
self.identity_api.add_user_to_group,
|
||||||
@ -3030,8 +2957,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
new_group = unit.new_group_ref(domain_id=domain['id'])
|
new_group = unit.new_group_ref(domain_id=domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -3042,8 +2968,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertRaises(exception.DomainNotFound,
|
self.assertRaises(exception.DomainNotFound,
|
||||||
self.identity_api.create_group,
|
self.identity_api.create_group,
|
||||||
new_group)
|
new_group)
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id="doesnotexist")
|
||||||
'enabled': True, 'domain_id': "doesnotexist"}
|
|
||||||
self.assertRaises(exception.DomainNotFound,
|
self.assertRaises(exception.DomainNotFound,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
new_user)
|
new_user)
|
||||||
@ -3052,8 +2977,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
|
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
|
|
||||||
self.assertRaises(exception.NotFound,
|
self.assertRaises(exception.NotFound,
|
||||||
@ -3062,8 +2986,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
new_group['id'])
|
new_group['id'])
|
||||||
|
|
||||||
def test_check_user_in_group_returns_not_found(self):
|
def test_check_user_in_group_returns_not_found(self):
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
|
|
||||||
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
@ -3093,8 +3016,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertEqual([], user_refs)
|
self.assertEqual([], user_refs)
|
||||||
# Make sure we get the correct users back once they have been added
|
# Make sure we get the correct users back once they have been added
|
||||||
# to the group.
|
# to the group.
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -3119,8 +3041,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
USER_COUNT = 2
|
USER_COUNT = 2
|
||||||
|
|
||||||
for x in range(0, USER_COUNT):
|
for x in range(0, USER_COUNT):
|
||||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
test_users.append(new_user)
|
test_users.append(new_user)
|
||||||
positive_user = test_users[0]
|
positive_user = test_users[0]
|
||||||
@ -3179,8 +3100,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
new_group = unit.new_group_ref(domain_id=domain['id'])
|
new_group = unit.new_group_ref(domain_id=domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -3193,8 +3113,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_remove_user_from_group_returns_not_found(self):
|
def test_remove_user_from_group_returns_not_found(self):
|
||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
new_group = unit.new_group_ref(domain_id=domain['id'])
|
new_group = unit.new_group_ref(domain_id=domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
@ -3700,8 +3619,8 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
assert_key_equals(value)
|
assert_key_equals(value)
|
||||||
|
|
||||||
def test_user_crud(self):
|
def test_user_crud(self):
|
||||||
user_dict = {'domain_id': DEFAULT_DOMAIN_ID,
|
user_dict = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex, 'password': 'passw0rd'}
|
del user_dict['id']
|
||||||
user = self.identity_api.create_user(user_dict)
|
user = self.identity_api.create_user(user_dict)
|
||||||
user_ref = self.identity_api.get_user(user['id'])
|
user_ref = self.identity_api.get_user(user['id'])
|
||||||
del user_dict['password']
|
del user_dict['password']
|
||||||
@ -3723,8 +3642,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
def test_list_projects_for_user(self):
|
def test_list_projects_for_user(self):
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user1 = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
|
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
|
||||||
self.assertEqual(0, len(user_projects))
|
self.assertEqual(0, len(user_projects))
|
||||||
@ -3743,8 +3661,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
# should now be included, along with any direct user grants.
|
# should now be included, along with any direct user grants.
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user1 = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain['id'])
|
group1 = unit.new_group_ref(domain_id=domain['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -3912,16 +3829,10 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.resource_api.get_project,
|
self.resource_api.get_project,
|
||||||
project_id)
|
project_id)
|
||||||
|
|
||||||
def create_user_dict(self, **attributes):
|
|
||||||
user_dict = {'name': uuid.uuid4().hex,
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'enabled': True}
|
|
||||||
user_dict.update(attributes)
|
|
||||||
return user_dict
|
|
||||||
|
|
||||||
def test_arbitrary_attributes_are_returned_from_create_user(self):
|
def test_arbitrary_attributes_are_returned_from_create_user(self):
|
||||||
attr_value = uuid.uuid4().hex
|
attr_value = uuid.uuid4().hex
|
||||||
user_data = self.create_user_dict(arbitrary_attr=attr_value)
|
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
|
||||||
|
arbitrary_attr=attr_value)
|
||||||
|
|
||||||
user = self.identity_api.create_user(user_data)
|
user = self.identity_api.create_user(user_data)
|
||||||
|
|
||||||
@ -3929,7 +3840,8 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_arbitrary_attributes_are_returned_from_get_user(self):
|
def test_arbitrary_attributes_are_returned_from_get_user(self):
|
||||||
attr_value = uuid.uuid4().hex
|
attr_value = uuid.uuid4().hex
|
||||||
user_data = self.create_user_dict(arbitrary_attr=attr_value)
|
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
|
||||||
|
arbitrary_attr=attr_value)
|
||||||
|
|
||||||
user_data = self.identity_api.create_user(user_data)
|
user_data = self.identity_api.create_user(user_data)
|
||||||
|
|
||||||
@ -3937,7 +3849,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertEqual(attr_value, user['arbitrary_attr'])
|
self.assertEqual(attr_value, user['arbitrary_attr'])
|
||||||
|
|
||||||
def test_new_arbitrary_attributes_are_returned_from_update_user(self):
|
def test_new_arbitrary_attributes_are_returned_from_update_user(self):
|
||||||
user_data = self.create_user_dict()
|
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
|
|
||||||
user = self.identity_api.create_user(user_data)
|
user = self.identity_api.create_user(user_data)
|
||||||
attr_value = uuid.uuid4().hex
|
attr_value = uuid.uuid4().hex
|
||||||
@ -3948,7 +3860,8 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
|
|
||||||
def test_updated_arbitrary_attributes_are_returned_from_update_user(self):
|
def test_updated_arbitrary_attributes_are_returned_from_update_user(self):
|
||||||
attr_value = uuid.uuid4().hex
|
attr_value = uuid.uuid4().hex
|
||||||
user_data = self.create_user_dict(arbitrary_attr=attr_value)
|
user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
|
||||||
|
arbitrary_attr=attr_value)
|
||||||
|
|
||||||
new_attr_value = uuid.uuid4().hex
|
new_attr_value = uuid.uuid4().hex
|
||||||
user = self.identity_api.create_user(user_data)
|
user = self.identity_api.create_user(user_data)
|
||||||
@ -4010,11 +3923,7 @@ class IdentityTests(AssignmentTestHelperMixin):
|
|||||||
self.assertDictEqual(updated_project_ref, project_ref)
|
self.assertDictEqual(updated_project_ref, project_ref)
|
||||||
|
|
||||||
def test_user_update_and_user_get_return_same_response(self):
|
def test_user_update_and_user_get_return_same_response(self):
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'name': uuid.uuid4().hex,
|
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'description': uuid.uuid4().hex,
|
|
||||||
'enabled': True}
|
|
||||||
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
|
|
||||||
@ -4784,9 +4693,7 @@ class TokenTests(object):
|
|||||||
|
|
||||||
class TokenCacheInvalidation(object):
|
class TokenCacheInvalidation(object):
|
||||||
def _create_test_data(self):
|
def _create_test_data(self):
|
||||||
self.user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
self.user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
|
|
||||||
self.tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
self.tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
|
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
|
||||||
|
|
||||||
@ -5826,8 +5733,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
role_list.append(role)
|
role_list.append(role)
|
||||||
domain1 = unit.new_domain_ref()
|
domain1 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain1['id'], domain1)
|
self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain1['id']}
|
'domain_id': domain1['id']}
|
||||||
@ -5936,8 +5842,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
role_list.append(role)
|
role_list.append(role)
|
||||||
domain1 = unit.new_domain_ref()
|
domain1 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain1['id'], domain1)
|
self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'],
|
user1 = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
group1 = unit.new_group_ref(domain_id=domain1['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -6042,8 +5947,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
self.config_fixture.config(group='os_inherit', enabled=True)
|
self.config_fixture.config(group='os_inherit', enabled=True)
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user1 = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain['id']}
|
'domain_id': domain['id']}
|
||||||
@ -6130,8 +6034,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
'is_domain': False}
|
'is_domain': False}
|
||||||
self.resource_api.create_project(leaf_project['id'], leaf_project)
|
self.resource_api.create_project(leaf_project['id'], leaf_project)
|
||||||
|
|
||||||
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
|
|
||||||
# Grant inherited user role
|
# Grant inherited user role
|
||||||
@ -6234,8 +6137,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
project4 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project4 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain2['id']}
|
'domain_id': domain2['id']}
|
||||||
self.resource_api.create_project(project4['id'], project4)
|
self.resource_api.create_project(project4['id'], project4)
|
||||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user1 = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
group1 = unit.new_group_ref(domain_id=domain['id'])
|
group1 = unit.new_group_ref(domain_id=domain['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -6339,8 +6241,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
|
|||||||
'is_domain': False}
|
'is_domain': False}
|
||||||
self.resource_api.create_project(leaf_project['id'], leaf_project)
|
self.resource_api.create_project(leaf_project['id'], leaf_project)
|
||||||
|
|
||||||
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
|
|
||||||
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
|
@ -142,6 +142,13 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
config_files.append(unit.dirs.tests_conf('backend_ldap.conf'))
|
config_files.append(unit.dirs.tests_conf('backend_ldap.conf'))
|
||||||
return config_files
|
return config_files
|
||||||
|
|
||||||
|
def new_user_ref(self, domain_id, project_id=None, **kwargs):
|
||||||
|
ref = unit.new_user_ref(domain_id=domain_id, project_id=project_id,
|
||||||
|
**kwargs)
|
||||||
|
if 'id' not in kwargs:
|
||||||
|
del ref['id']
|
||||||
|
return ref
|
||||||
|
|
||||||
def get_user_enabled_vals(self, user):
|
def get_user_enabled_vals(self, user):
|
||||||
user_dn = (
|
user_dn = (
|
||||||
self.identity_api.driver.user._id_to_dn_string(user['id']))
|
self.identity_api.driver.user._id_to_dn_string(user['id']))
|
||||||
@ -163,10 +170,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn)
|
self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn)
|
||||||
|
|
||||||
def test_configurable_allowed_user_actions(self):
|
def test_configurable_allowed_user_actions(self):
|
||||||
user = {'name': u'fäké1',
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'password': u'fäképass1',
|
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'tenants': ['bar']}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.identity_api.get_user(user['id'])
|
self.identity_api.get_user(user['id'])
|
||||||
|
|
||||||
@ -185,10 +189,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
driver.user.allow_update = False
|
driver.user.allow_update = False
|
||||||
driver.user.allow_delete = False
|
driver.user.allow_delete = False
|
||||||
|
|
||||||
user = {'name': u'fäké1',
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'password': u'fäképass1',
|
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'tenants': ['bar']}
|
|
||||||
self.assertRaises(exception.ForbiddenAction,
|
self.assertRaises(exception.ForbiddenAction,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
user)
|
user)
|
||||||
@ -253,8 +254,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
new_domain = self._get_domain_fixture()
|
new_domain = self._get_domain_fixture()
|
||||||
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_user = {'name': 'new_user', 'enabled': True,
|
new_user = self.new_user_ref(domain_id=new_domain['id'])
|
||||||
'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -328,8 +328,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
|
|
||||||
def test_list_projects_for_user(self):
|
def test_list_projects_for_user(self):
|
||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user1 = self.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
|
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
|
||||||
self.assertThat(user_projects, matchers.HasLength(0))
|
self.assertThat(user_projects, matchers.HasLength(0))
|
||||||
@ -346,8 +345,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
self.assertThat(user_projects, matchers.HasLength(2))
|
self.assertThat(user_projects, matchers.HasLength(2))
|
||||||
|
|
||||||
# Now, check number of projects through groups
|
# Now, check number of projects through groups
|
||||||
user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user2 = self.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user2 = self.identity_api.create_user(user2)
|
user2 = self.identity_api.create_user(user2)
|
||||||
|
|
||||||
group1 = unit.new_group_ref(domain_id=domain['id'])
|
group1 = unit.new_group_ref(domain_id=domain['id'])
|
||||||
@ -376,8 +374,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
def test_list_projects_for_user_and_groups(self):
|
def test_list_projects_for_user_and_groups(self):
|
||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
# Create user1
|
# Create user1
|
||||||
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user1 = self.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
|
|
||||||
# Create new group for user1
|
# Create new group for user1
|
||||||
@ -411,8 +408,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
|
|
||||||
def test_list_projects_for_user_with_grants(self):
|
def test_list_projects_for_user_with_grants(self):
|
||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = self.new_user_ref(domain_id=domain['id'])
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
|
|
||||||
group1 = unit.new_group_ref(domain_id=domain['id'])
|
group1 = unit.new_group_ref(domain_id=domain['id'])
|
||||||
@ -495,8 +491,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
|
|
||||||
def test_list_role_assignments_unfiltered(self):
|
def test_list_role_assignments_unfiltered(self):
|
||||||
new_domain = self._get_domain_fixture()
|
new_domain = self._get_domain_fixture()
|
||||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user = self.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
new_group = unit.new_group_ref(domain_id=new_domain['id'])
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
@ -533,8 +528,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
self.load_fixtures(default_fixtures)
|
self.load_fixtures(default_fixtures)
|
||||||
|
|
||||||
new_domain = self._get_domain_fixture()
|
new_domain = self._get_domain_fixture()
|
||||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user = self.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
new_project = {'id': uuid.uuid4().hex,
|
new_project = {'id': uuid.uuid4().hex,
|
||||||
'name': uuid.uuid4().hex,
|
'name': uuid.uuid4().hex,
|
||||||
@ -557,8 +551,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
self.load_backends()
|
self.load_backends()
|
||||||
self.load_fixtures(default_fixtures)
|
self.load_fixtures(default_fixtures)
|
||||||
|
|
||||||
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID)
|
||||||
'enabled': True, 'domain_id': test_backend.DEFAULT_DOMAIN_ID}
|
|
||||||
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
||||||
@ -662,12 +655,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
self.assertEqual(new_domain_id, domains[0]['id'])
|
self.assertEqual(new_domain_id, domains[0]['id'])
|
||||||
|
|
||||||
def test_authenticate_requires_simple_bind(self):
|
def test_authenticate_requires_simple_bind(self):
|
||||||
user = {
|
user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID)
|
||||||
'name': 'NO_META',
|
|
||||||
'domain_id': test_backend.DEFAULT_DOMAIN_ID,
|
|
||||||
'password': 'no_meta2',
|
|
||||||
'enabled': True,
|
|
||||||
}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
|
||||||
user['id'])
|
user['id'])
|
||||||
@ -735,11 +723,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
CONF.identity.default_domain_id)
|
CONF.identity.default_domain_id)
|
||||||
driver.user.attribute_ignore = ['enabled', 'email',
|
driver.user.attribute_ignore = ['enabled', 'email',
|
||||||
'tenants', 'tenantId']
|
'tenants', 'tenantId']
|
||||||
user = {'name': u'fäké1',
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id,
|
||||||
'password': u'fäképass1',
|
project_id='maps_to_none')
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'default_project_id': 'maps_to_none',
|
|
||||||
}
|
|
||||||
|
|
||||||
# If this doesn't raise, then the test is successful.
|
# If this doesn't raise, then the test is successful.
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
@ -751,9 +736,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False',
|
boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False',
|
||||||
'TrUe' 'FaLse']
|
'TrUe' 'FaLse']
|
||||||
for name in boolean_strings:
|
for name in boolean_strings:
|
||||||
user = {
|
user = self.new_user_ref(name=name,
|
||||||
'name': name,
|
domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
|
||||||
user_ref = self.identity_api.create_user(user)
|
user_ref = self.identity_api.create_user(user)
|
||||||
user_info = self.identity_api.get_user(user_ref['id'])
|
user_info = self.identity_api.get_user(user_ref['id'])
|
||||||
self.assertEqual(name, user_info['name'])
|
self.assertEqual(name, user_info['name'])
|
||||||
@ -772,10 +756,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
driver.user.attribute_ignore = ['enabled', 'email',
|
driver.user.attribute_ignore = ['enabled', 'email',
|
||||||
'tenants', 'tenantId']
|
'tenants', 'tenantId']
|
||||||
|
|
||||||
user = {'name': u'fäké1',
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'password': u'fäképass1',
|
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
}
|
|
||||||
|
|
||||||
user_ref = self.identity_api.create_user(user)
|
user_ref = self.identity_api.create_user(user)
|
||||||
|
|
||||||
@ -810,12 +791,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
# Since we want to fake up this special ID, we'll squirt this
|
# Since we want to fake up this special ID, we'll squirt this
|
||||||
# direct into the driver and bypass the manager layer.
|
# direct into the driver and bypass the manager layer.
|
||||||
user_id = u'Doe, John'
|
user_id = u'Doe, John'
|
||||||
user = {
|
user = self.new_user_ref(id=user_id,
|
||||||
'id': user_id,
|
domain_id=CONF.identity.default_domain_id)
|
||||||
'name': self.getUniqueString(),
|
|
||||||
'password': self.getUniqueString(),
|
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
}
|
|
||||||
user = self.identity_api.driver.create_user(user_id, user)
|
user = self.identity_api.driver.create_user(user_id, user)
|
||||||
|
|
||||||
# Now we'll use the manager to discover it, which will create a
|
# Now we'll use the manager to discover it, which will create a
|
||||||
@ -859,12 +836,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
|
|||||||
# Since we want to fake up this special ID, we'll squirt this
|
# Since we want to fake up this special ID, we'll squirt this
|
||||||
# direct into the driver and bypass the manager layer
|
# direct into the driver and bypass the manager layer
|
||||||
user_id = u'Doe, John'
|
user_id = u'Doe, John'
|
||||||
user = {
|
user = self.new_user_ref(id=user_id,
|
||||||
'id': user_id,
|
domain_id=CONF.identity.default_domain_id)
|
||||||
'name': self.getUniqueString(),
|
|
||||||
'password': self.getUniqueString(),
|
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
}
|
|
||||||
self.identity_api.driver.create_user(user_id, user)
|
self.identity_api.driver.create_user(user_id, user)
|
||||||
|
|
||||||
# Now we'll use the manager to discover it, which will create a
|
# Now we'll use the manager to discover it, which will create a
|
||||||
@ -1017,10 +990,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
role1 = unit.new_role_ref()
|
role1 = unit.new_role_ref()
|
||||||
self.role_api.create_role(role1['id'], role1)
|
self.role_api.create_role(role1['id'], role1)
|
||||||
|
|
||||||
user1 = {'name': uuid.uuid4().hex,
|
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
|
|
||||||
self.assignment_api.add_role_to_user_and_project(
|
self.assignment_api.add_role_to_user_and_project(
|
||||||
@ -1168,8 +1138,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
self.load_backends()
|
self.load_backends()
|
||||||
self.load_fixtures(default_fixtures)
|
self.load_fixtures(default_fixtures)
|
||||||
|
|
||||||
user = {'name': u'fäké1', 'enabled': True,
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
|
||||||
|
|
||||||
user_ref = self.identity_api.create_user(user)
|
user_ref = self.identity_api.create_user(user)
|
||||||
|
|
||||||
@ -1216,14 +1185,12 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
self.load_backends()
|
self.load_backends()
|
||||||
self.load_fixtures(default_fixtures)
|
self.load_fixtures(default_fixtures)
|
||||||
|
|
||||||
user1 = {'name': u'fäké1', 'enabled': True,
|
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
|
||||||
|
|
||||||
user2 = {'name': u'fäké2', 'enabled': False,
|
user2 = self.new_user_ref(enabled=False,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
domain_id=CONF.identity.default_domain_id)
|
||||||
|
|
||||||
user3 = {'name': u'fäké3',
|
user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
|
||||||
|
|
||||||
# Ensure that the LDAP attribute is False for a newly created
|
# Ensure that the LDAP attribute is False for a newly created
|
||||||
# enabled user.
|
# enabled user.
|
||||||
@ -1452,11 +1419,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
group='ldap',
|
group='ldap',
|
||||||
user_additional_attribute_mapping=['description:name'])
|
user_additional_attribute_mapping=['description:name'])
|
||||||
self.load_backends()
|
self.load_backends()
|
||||||
user = {
|
user = self.new_user_ref(name='EXTRA_ATTRIBUTES',
|
||||||
'name': 'EXTRA_ATTRIBUTES',
|
password='extra',
|
||||||
'password': 'extra',
|
domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id
|
|
||||||
}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
dn, attrs = self.identity_api.driver.user._ldap_get(user['id'])
|
dn, attrs = self.identity_api.driver.user._ldap_get(user['id'])
|
||||||
self.assertThat([user['name']], matchers.Equals(attrs['description']))
|
self.assertThat([user['name']], matchers.Equals(attrs['description']))
|
||||||
@ -1470,13 +1435,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
user_additional_attribute_mapping=['description:description'])
|
user_additional_attribute_mapping=['description:description'])
|
||||||
self.load_backends()
|
self.load_backends()
|
||||||
|
|
||||||
description = uuid.uuid4().hex
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id,
|
||||||
user = {
|
description=uuid.uuid4().hex)
|
||||||
'name': uuid.uuid4().hex,
|
description = user['description']
|
||||||
'description': description,
|
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
'domain_id': CONF.identity.default_domain_id
|
|
||||||
}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
res = self.identity_api.driver.user.get_all()
|
res = self.identity_api.driver.user.get_all()
|
||||||
|
|
||||||
@ -1871,10 +1832,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
self.role_api.create_role(role['id'], role)
|
self.role_api.create_role(role['id'], role)
|
||||||
role_list.append(role)
|
role_list.append(role)
|
||||||
|
|
||||||
user1 = {'name': uuid.uuid4().hex,
|
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
'domain_id': CONF.identity.default_domain_id}
|
||||||
@ -1975,9 +1933,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
|
|
||||||
def test_list_groups_for_user_no_dn(self):
|
def test_list_groups_for_user_no_dn(self):
|
||||||
# Create a test user.
|
# Create a test user.
|
||||||
user = {'name': uuid.uuid4().hex,
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
# Create some test groups and add the test user as a member.
|
# Create some test groups and add the test user as a member.
|
||||||
domain = self._get_domain_fixture()
|
domain = self._get_domain_fixture()
|
||||||
@ -2002,9 +1958,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
|
|||||||
CONF.identity.default_domain_id)
|
CONF.identity.default_domain_id)
|
||||||
driver.user.id_attr = 'mail'
|
driver.user.id_attr = 'mail'
|
||||||
|
|
||||||
user = {'name': u'fäké1',
|
user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'password': u'fäképass1',
|
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user_ref = self.identity_api.get_user(user['id'])
|
user_ref = self.identity_api.get_user(user['id'])
|
||||||
# 'email' attribute should've created because it is also being used
|
# 'email' attribute should've created because it is also being used
|
||||||
@ -2192,21 +2146,18 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
|||||||
project['id'])
|
project['id'])
|
||||||
|
|
||||||
def test_user_crud(self):
|
def test_user_crud(self):
|
||||||
user_dict = {
|
user_dict = self.new_user_ref(
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
domain_id=CONF.identity.default_domain_id)
|
||||||
'name': uuid.uuid4().hex,
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
user = self.identity_api.create_user(user_dict)
|
user = self.identity_api.create_user(user_dict)
|
||||||
user_dict['enabled'] = True
|
|
||||||
user_ref = self.identity_api.get_user(user['id'])
|
|
||||||
del user_dict['password']
|
del user_dict['password']
|
||||||
|
user_ref = self.identity_api.get_user(user['id'])
|
||||||
user_ref_dict = {x: user_ref[x] for x in user_ref}
|
user_ref_dict = {x: user_ref[x] for x in user_ref}
|
||||||
self.assertDictContainsSubset(user_dict, user_ref_dict)
|
self.assertDictContainsSubset(user_dict, user_ref_dict)
|
||||||
|
|
||||||
user_dict['password'] = uuid.uuid4().hex
|
user_dict['password'] = uuid.uuid4().hex
|
||||||
self.identity_api.update_user(user['id'], user)
|
self.identity_api.update_user(user['id'], user_dict)
|
||||||
user_ref = self.identity_api.get_user(user['id'])
|
|
||||||
del user_dict['password']
|
del user_dict['password']
|
||||||
|
user_ref = self.identity_api.get_user(user['id'])
|
||||||
user_ref_dict = {x: user_ref[x] for x in user_ref}
|
user_ref_dict = {x: user_ref[x] for x in user_ref}
|
||||||
self.assertDictContainsSubset(user_dict, user_ref_dict)
|
self.assertDictContainsSubset(user_dict, user_ref_dict)
|
||||||
|
|
||||||
@ -2239,8 +2190,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
|||||||
self.load_fixtures(default_fixtures)
|
self.load_fixtures(default_fixtures)
|
||||||
|
|
||||||
# Create a user and ensure they are enabled.
|
# Create a user and ensure they are enabled.
|
||||||
user1 = {'name': u'fäké1', 'enabled': True,
|
user1 = unit.new_user_ref(enabled=True,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
domain_id=CONF.identity.default_domain_id)
|
||||||
user_ref = self.identity_api.create_user(user1)
|
user_ref = self.identity_api.create_user(user1)
|
||||||
self.assertIs(True, user_ref['enabled'])
|
self.assertIs(True, user_ref['enabled'])
|
||||||
|
|
||||||
@ -2255,14 +2206,12 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
|||||||
self.load_backends()
|
self.load_backends()
|
||||||
self.load_fixtures(default_fixtures)
|
self.load_fixtures(default_fixtures)
|
||||||
|
|
||||||
user1 = {'name': u'fäké1', 'enabled': True,
|
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
|
||||||
|
|
||||||
user2 = {'name': u'fäké2', 'enabled': False,
|
user2 = self.new_user_ref(enabled=False,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
domain_id=CONF.identity.default_domain_id)
|
||||||
|
|
||||||
user3 = {'name': u'fäké3',
|
user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
|
||||||
|
|
||||||
# Ensure that the enabled LDAP attribute is not set for a
|
# Ensure that the enabled LDAP attribute is not set for a
|
||||||
# newly created enabled user.
|
# newly created enabled user.
|
||||||
@ -2398,8 +2347,7 @@ class LdapIdentitySqlAssignment(BaseLDAPIdentity, unit.SQLDriverOverrides,
|
|||||||
new_domain = self._get_domain_fixture()
|
new_domain = self._get_domain_fixture()
|
||||||
new_group = unit.new_group_ref(domain_id=new_domain['id'],)
|
new_group = unit.new_group_ref(domain_id=new_domain['id'],)
|
||||||
new_group = self.identity_api.create_group(new_group)
|
new_group = self.identity_api.create_group(new_group)
|
||||||
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
|
new_user = self.new_user_ref(domain_id=new_domain['id'])
|
||||||
'enabled': True, 'domain_id': new_domain['id']}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
self.identity_api.add_user_to_group(new_user['id'],
|
self.identity_api.add_user_to_group(new_user['id'],
|
||||||
new_group['id'])
|
new_group['id'])
|
||||||
@ -2467,13 +2415,9 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
initial_mappings = len(mapping_sql.list_id_mappings())
|
initial_mappings = len(mapping_sql.list_id_mappings())
|
||||||
user1 = {'name': uuid.uuid4().hex,
|
user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
user1 = self.identity_api.create_user(user1)
|
||||||
user2 = {'name': uuid.uuid4().hex,
|
user2 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
|
||||||
'password': uuid.uuid4().hex, 'enabled': True}
|
|
||||||
user2 = self.identity_api.create_user(user2)
|
user2 = self.identity_api.create_user(user2)
|
||||||
mappings = mapping_sql.list_id_mappings()
|
mappings = mapping_sql.list_id_mappings()
|
||||||
self.assertEqual(initial_mappings + 2, len(mappings))
|
self.assertEqual(initial_mappings + 2, len(mappings))
|
||||||
@ -2504,30 +2448,21 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment):
|
|||||||
class BaseMultiLDAPandSQLIdentity(object):
|
class BaseMultiLDAPandSQLIdentity(object):
|
||||||
"""Mixin class with support methods for domain-specific config testing."""
|
"""Mixin class with support methods for domain-specific config testing."""
|
||||||
|
|
||||||
def create_user(self, domain_id):
|
|
||||||
user = {'name': uuid.uuid4().hex,
|
|
||||||
'domain_id': domain_id,
|
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
'enabled': True}
|
|
||||||
user_ref = self.identity_api.create_user(user)
|
|
||||||
# Put the password back in, since this is used later by tests to
|
|
||||||
# authenticate.
|
|
||||||
user_ref['password'] = user['password']
|
|
||||||
return user_ref
|
|
||||||
|
|
||||||
def create_users_across_domains(self):
|
def create_users_across_domains(self):
|
||||||
"""Create a set of users, each with a role on their own domain."""
|
"""Create a set of users, each with a role on their own domain."""
|
||||||
# We also will check that the right number of id mappings get created
|
# We also will check that the right number of id mappings get created
|
||||||
initial_mappings = len(mapping_sql.list_id_mappings())
|
initial_mappings = len(mapping_sql.list_id_mappings())
|
||||||
|
|
||||||
self.users['user0'] = self.create_user(
|
self.users['user0'] = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
self.domains['domain_default']['id'])
|
self.domains['domain_default']['id'])
|
||||||
self.assignment_api.create_grant(
|
self.assignment_api.create_grant(
|
||||||
user_id=self.users['user0']['id'],
|
user_id=self.users['user0']['id'],
|
||||||
domain_id=self.domains['domain_default']['id'],
|
domain_id=self.domains['domain_default']['id'],
|
||||||
role_id=self.role_member['id'])
|
role_id=self.role_member['id'])
|
||||||
for x in range(1, self.domain_count):
|
for x in range(1, self.domain_count):
|
||||||
self.users['user%s' % x] = self.create_user(
|
self.users['user%s' % x] = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
self.domains['domain%s' % x]['id'])
|
self.domains['domain%s' % x]['id'])
|
||||||
self.assignment_api.create_grant(
|
self.assignment_api.create_grant(
|
||||||
user_id=self.users['user%s' % x]['id'],
|
user_id=self.users['user%s' % x]['id'],
|
||||||
@ -2661,11 +2596,14 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
|
|||||||
# Create some identity entities BEFORE we switch to multi-backend, so
|
# Create some identity entities BEFORE we switch to multi-backend, so
|
||||||
# we can test that these are still accessible
|
# we can test that these are still accessible
|
||||||
self.users = {}
|
self.users = {}
|
||||||
self.users['userA'] = self.create_user(
|
self.users['userA'] = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
self.domains['domain_default']['id'])
|
self.domains['domain_default']['id'])
|
||||||
self.users['userB'] = self.create_user(
|
self.users['userB'] = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
self.domains['domain1']['id'])
|
self.domains['domain1']['id'])
|
||||||
self.users['userC'] = self.create_user(
|
self.users['userC'] = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
self.domains['domain3']['id'])
|
self.domains['domain3']['id'])
|
||||||
|
|
||||||
def enable_multi_domain(self):
|
def enable_multi_domain(self):
|
||||||
|
@ -179,9 +179,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
self.assertNotEqual(self.user_foo['password'], user_ref['password'])
|
self.assertNotEqual(self.user_foo['password'], user_ref['password'])
|
||||||
|
|
||||||
def test_delete_user_with_project_association(self):
|
def test_delete_user_with_project_association(self):
|
||||||
user = {'name': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
||||||
user['id'])
|
user['id'])
|
||||||
@ -191,9 +189,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
user['id'])
|
user['id'])
|
||||||
|
|
||||||
def test_create_null_user_name(self):
|
def test_create_null_user_name(self):
|
||||||
user = {'name': None,
|
user = unit.new_user_ref(name=None,
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.identity_api.create_user,
|
self.identity_api.create_user,
|
||||||
user)
|
user)
|
||||||
@ -208,9 +205,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
# LDAP.
|
# LDAP.
|
||||||
|
|
||||||
# create a ref with a lowercase name
|
# create a ref with a lowercase name
|
||||||
ref = {
|
ref = unit.new_user_ref(name=uuid.uuid4().hex.lower(),
|
||||||
'name': uuid.uuid4().hex.lower(),
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID}
|
|
||||||
ref = self.identity_api.create_user(ref)
|
ref = self.identity_api.create_user(ref)
|
||||||
|
|
||||||
# assign a new ID with the same name, but this time in uppercase
|
# assign a new ID with the same name, but this time in uppercase
|
||||||
@ -251,9 +247,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
DEFAULT_DOMAIN_ID)
|
DEFAULT_DOMAIN_ID)
|
||||||
|
|
||||||
def test_delete_project_with_user_association(self):
|
def test_delete_project_with_user_association(self):
|
||||||
user = {'name': 'fakeuser',
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': 'passwd'}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
|
||||||
user['id'])
|
user['id'])
|
||||||
@ -300,11 +294,9 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
"""
|
"""
|
||||||
arbitrary_key = uuid.uuid4().hex
|
arbitrary_key = uuid.uuid4().hex
|
||||||
arbitrary_value = uuid.uuid4().hex
|
arbitrary_value = uuid.uuid4().hex
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex,
|
user[arbitrary_key] = arbitrary_value
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
del user["id"]
|
||||||
'password': uuid.uuid4().hex,
|
|
||||||
arbitrary_key: arbitrary_value}
|
|
||||||
ref = self.identity_api.create_user(user)
|
ref = self.identity_api.create_user(user)
|
||||||
self.assertEqual(arbitrary_value, ref[arbitrary_key])
|
self.assertEqual(arbitrary_value, ref[arbitrary_key])
|
||||||
self.assertIsNone(ref.get('password'))
|
self.assertIsNone(ref.get('password'))
|
||||||
@ -319,11 +311,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
|
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
|
||||||
|
|
||||||
def test_sql_user_to_dict_null_default_project_id(self):
|
def test_sql_user_to_dict_null_default_project_id(self):
|
||||||
user = {
|
user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
|
||||||
'name': uuid.uuid4().hex,
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID,
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
session = sql.get_session()
|
session = sql.get_session()
|
||||||
query = session.query(identity_sql.User)
|
query = session.query(identity_sql.User)
|
||||||
@ -337,8 +325,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
def test_list_domains_for_user(self):
|
def test_list_domains_for_user(self):
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
|
|
||||||
test_domain1 = unit.new_domain_ref()
|
test_domain1 = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(test_domain1['id'], test_domain1)
|
self.resource_api.create_domain(test_domain1['id'], test_domain1)
|
||||||
@ -363,8 +350,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
# should now be included, along with any direct user grants.
|
# should now be included, along with any direct user grants.
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=domain['id'])
|
||||||
'domain_id': domain['id'], 'enabled': True}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
group1 = unit.new_group_ref(domain_id=domain['id'])
|
group1 = unit.new_group_ref(domain_id=domain['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -409,8 +395,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
|
|||||||
domain1 = self.resource_api.create_domain(domain1['id'], domain1)
|
domain1 = self.resource_api.create_domain(domain1['id'], domain1)
|
||||||
domain2 = unit.new_domain_ref()
|
domain2 = unit.new_domain_ref()
|
||||||
domain2 = self.resource_api.create_domain(domain2['id'], domain2)
|
domain2 = self.resource_api.create_domain(domain2['id'], domain2)
|
||||||
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
user = unit.new_user_ref(domain_id=domain1['id'])
|
||||||
'domain_id': domain1['id'], 'enabled': True}
|
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
group = unit.new_group_ref(domain_id=domain1['id'])
|
group = unit.new_group_ref(domain_id=domain1['id'])
|
||||||
group = self.identity_api.create_group(group)
|
group = self.identity_api.create_group(group)
|
||||||
|
@ -75,17 +75,11 @@ class CertSetupTestCase(rest.RestfulTestCase):
|
|||||||
controller = token.controllers.Auth()
|
controller = token.controllers.Auth()
|
||||||
|
|
||||||
self.config_fixture.config(group='signing', certfile='invalid')
|
self.config_fixture.config(group='signing', certfile='invalid')
|
||||||
password = 'fake1'
|
user = unit.create_user(self.identity_api, domain_id=DEFAULT_DOMAIN_ID)
|
||||||
user = {
|
|
||||||
'name': 'fake1',
|
|
||||||
'password': password,
|
|
||||||
'domain_id': DEFAULT_DOMAIN_ID
|
|
||||||
}
|
|
||||||
user = self.identity_api.create_user(user)
|
|
||||||
body_dict = {
|
body_dict = {
|
||||||
'passwordCredentials': {
|
'passwordCredentials': {
|
||||||
'userId': user['id'],
|
'userId': user['id'],
|
||||||
'password': password,
|
'password': user['password'],
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
self.assertRaises(exception.UnexpectedError,
|
self.assertRaises(exception.UnexpectedError,
|
||||||
|
@ -133,6 +133,7 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
|
|||||||
USER_COUNT = 2
|
USER_COUNT = 2
|
||||||
|
|
||||||
for x in range(0, USER_COUNT):
|
for x in range(0, USER_COUNT):
|
||||||
|
# TODO(shaleh): use unit.new_user_ref()
|
||||||
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
|
||||||
'enabled': True, 'domain_id': domain['id']}
|
'enabled': True, 'domain_id': domain['id']}
|
||||||
new_user = self.identity_api.create_user(new_user)
|
new_user = self.identity_api.create_user(new_user)
|
||||||
|
@ -105,6 +105,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin,
|
|||||||
password=old_password)
|
password=old_password)
|
||||||
|
|
||||||
def _create_user_and_authenticate(self, password):
|
def _create_user_and_authenticate(self, password):
|
||||||
|
# TODO(shaleh): port to new_user_ref()
|
||||||
user_dict = {
|
user_dict = {
|
||||||
'domain_id': CONF.identity.default_domain_id,
|
'domain_id': CONF.identity.default_domain_id,
|
||||||
'name': uuid.uuid4().hex,
|
'name': uuid.uuid4().hex,
|
||||||
|
@ -50,6 +50,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
|
|||||||
tls_req_cert='demand')
|
tls_req_cert='demand')
|
||||||
self.identity_api = identity.backends.ldap.Identity()
|
self.identity_api = identity.backends.ldap.Identity()
|
||||||
|
|
||||||
|
# TODO(shaleh): use new_user_ref()
|
||||||
user = {'name': 'fake1',
|
user = {'name': 'fake1',
|
||||||
'password': 'fakepass1',
|
'password': 'fakepass1',
|
||||||
'tenants': ['bar']}
|
'tenants': ['bar']}
|
||||||
@ -71,6 +72,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
|
|||||||
tls_req_cert='demand')
|
tls_req_cert='demand')
|
||||||
self.identity_api = identity.backends.ldap.Identity()
|
self.identity_api = identity.backends.ldap.Identity()
|
||||||
|
|
||||||
|
# TODO(shaleh): use new_user_ref()
|
||||||
user = {'id': 'fake1',
|
user = {'id': 'fake1',
|
||||||
'name': 'fake1',
|
'name': 'fake1',
|
||||||
'password': 'fakepass1',
|
'password': 'fakepass1',
|
||||||
@ -95,6 +97,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
|
|||||||
tls_cacertdir=None)
|
tls_cacertdir=None)
|
||||||
self.identity_api = identity.backends.ldap.Identity()
|
self.identity_api = identity.backends.ldap.Identity()
|
||||||
|
|
||||||
|
# TODO(shaleh): use new_user_ref()
|
||||||
user = {'name': 'fake1',
|
user = {'name': 'fake1',
|
||||||
'password': 'fakepass1',
|
'password': 'fakepass1',
|
||||||
'tenants': ['bar']}
|
'tenants': ['bar']}
|
||||||
@ -109,6 +112,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
|
|||||||
tls_cacertdir='/etc/keystone/ssl/mythicalcertdir')
|
tls_cacertdir='/etc/keystone/ssl/mythicalcertdir')
|
||||||
self.identity_api = identity.backends.ldap.Identity()
|
self.identity_api = identity.backends.ldap.Identity()
|
||||||
|
|
||||||
|
# TODO(shaleh): use new_user_ref()
|
||||||
user = {'name': 'fake1',
|
user = {'name': 'fake1',
|
||||||
'password': 'fakepass1',
|
'password': 'fakepass1',
|
||||||
'tenants': ['bar']}
|
'tenants': ['bar']}
|
||||||
|
@ -149,9 +149,6 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
def _load_sample_data(self):
|
def _load_sample_data(self):
|
||||||
self.project_id = uuid.uuid4().hex
|
self.project_id = uuid.uuid4().hex
|
||||||
self.project_name = uuid.uuid4().hex
|
self.project_name = uuid.uuid4().hex
|
||||||
self.user_name = uuid.uuid4().hex
|
|
||||||
self.user_password = uuid.uuid4().hex
|
|
||||||
self.user_email = uuid.uuid4().hex
|
|
||||||
self.protocol_id = 'x509'
|
self.protocol_id = 'x509'
|
||||||
|
|
||||||
# 1) Create a domain for the user.
|
# 1) Create a domain for the user.
|
||||||
@ -172,13 +169,8 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
self.resource_api.create_project(self.project_id, self.project)
|
self.resource_api.create_project(self.project_id, self.project)
|
||||||
|
|
||||||
# 3) Create a user in new domain.
|
# 3) Create a user in new domain.
|
||||||
self.user = {
|
self.user = unit.new_user_ref(domain_id=self.domain_id,
|
||||||
'name': self.user_name,
|
project_id=self.project_id)
|
||||||
'domain_id': self.domain_id,
|
|
||||||
'project_id': self.project_id,
|
|
||||||
'password': self.user_password,
|
|
||||||
'email': self.user_email,
|
|
||||||
}
|
|
||||||
|
|
||||||
self.user = self.identity_api.create_user(self.user)
|
self.user = self.identity_api.create_user(self.user)
|
||||||
|
|
||||||
@ -384,7 +376,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
# SSL_CLIENT_USER_NAME and SSL_CLIENT_DOMAIN_NAME are the types
|
# SSL_CLIENT_USER_NAME and SSL_CLIENT_DOMAIN_NAME are the types
|
||||||
# defined in the mapping that will map to the user name and
|
# defined in the mapping that will map to the user name and
|
||||||
# domain name
|
# domain name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
context = self._create_context(
|
context = self._create_context(
|
||||||
@ -396,7 +388,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env = {}
|
env = {}
|
||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_ID'] = self.project_id
|
env['HTTP_X_PROJECT_ID'] = self.project_id
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
context = self._create_context(
|
context = self._create_context(
|
||||||
@ -409,7 +401,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
|
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
context = self._create_context(
|
context = self._create_context(
|
||||||
@ -422,7 +414,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
context = self._create_context(
|
context = self._create_context(
|
||||||
@ -434,7 +426,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env = {}
|
env = {}
|
||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_id
|
env['HTTP_X_PROJECT_NAME'] = self.project_id
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
context = self._create_context(
|
context = self._create_context(
|
||||||
@ -476,7 +468,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
|
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
context = self._create_context(
|
context = self._create_context(
|
||||||
@ -519,7 +511,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_ID'] = self.project_id
|
env['HTTP_X_PROJECT_ID'] = self.project_id
|
||||||
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
|
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
context = self._create_context(
|
context = self._create_context(
|
||||||
request=req,
|
request=req,
|
||||||
@ -546,7 +538,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
|
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
self.domain['enabled'] = False
|
self.domain['enabled'] = False
|
||||||
@ -565,7 +557,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
|
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
self.user['enabled'] = False
|
self.user['enabled'] = False
|
||||||
@ -599,7 +591,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
self.config_fixture.config(group='tokenless_auth',
|
self.config_fixture.config(group='tokenless_auth',
|
||||||
protocol='ephemeral')
|
protocol='ephemeral')
|
||||||
@ -616,7 +608,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
self.config_fixture.config(group='tokenless_auth',
|
self.config_fixture.config(group='tokenless_auth',
|
||||||
protocol='ephemeral')
|
protocol='ephemeral')
|
||||||
@ -657,7 +649,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = uuid.uuid4().hex
|
env['HTTP_X_PROJECT_NAME'] = uuid.uuid4().hex
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = uuid.uuid4().hex
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = uuid.uuid4().hex
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
self.config_fixture.config(group='tokenless_auth',
|
self.config_fixture.config(group='tokenless_auth',
|
||||||
protocol='ephemeral')
|
protocol='ephemeral')
|
||||||
@ -677,7 +669,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
self.config_fixture.config(group='tokenless_auth',
|
self.config_fixture.config(group='tokenless_auth',
|
||||||
protocol='ephemeral')
|
protocol='ephemeral')
|
||||||
@ -701,7 +693,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
|
|||||||
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
env['SSL_CLIENT_I_DN'] = self.client_issuer
|
||||||
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
env['HTTP_X_PROJECT_NAME'] = self.project_name
|
||||||
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
|
||||||
env['SSL_CLIENT_USER_NAME'] = self.user_name
|
env['SSL_CLIENT_USER_NAME'] = self.user['name']
|
||||||
req = make_request(environ=env)
|
req = make_request(environ=env)
|
||||||
# This will pick up the incorrect mapping
|
# This will pick up the incorrect mapping
|
||||||
self.config_fixture.config(group='tokenless_auth',
|
self.config_fixture.config(group='tokenless_auth',
|
||||||
|
@ -209,6 +209,7 @@ class ClientDrivenTestCase(unit.TestCase):
|
|||||||
enabled=tenant['enabled'])
|
enabled=tenant['enabled'])
|
||||||
tenant['id'] = tenant_ref.id
|
tenant['id'] = tenant_ref.id
|
||||||
|
|
||||||
|
# v2 style, needs to be created by hand
|
||||||
user = {
|
user = {
|
||||||
'name': uuid.uuid4().hex,
|
'name': uuid.uuid4().hex,
|
||||||
'password': uuid.uuid4().hex,
|
'password': uuid.uuid4().hex,
|
||||||
|
@ -202,10 +202,8 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
|
|||||||
self.project['id'] = self.project_id
|
self.project['id'] = self.project_id
|
||||||
self.resource_api.create_project(self.project_id, self.project)
|
self.resource_api.create_project(self.project_id, self.project)
|
||||||
|
|
||||||
self.user = self.new_user_ref(domain_id=self.domain_id)
|
self.user = unit.create_user(self.identity_api,
|
||||||
password = self.user['password']
|
domain_id=self.domain_id)
|
||||||
self.user = self.identity_api.create_user(self.user)
|
|
||||||
self.user['password'] = password
|
|
||||||
self.user_id = self.user['id']
|
self.user_id = self.user['id']
|
||||||
|
|
||||||
self.default_domain_project_id = uuid.uuid4().hex
|
self.default_domain_project_id = uuid.uuid4().hex
|
||||||
@ -215,12 +213,9 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
|
|||||||
self.resource_api.create_project(self.default_domain_project_id,
|
self.resource_api.create_project(self.default_domain_project_id,
|
||||||
self.default_domain_project)
|
self.default_domain_project)
|
||||||
|
|
||||||
self.default_domain_user = self.new_user_ref(
|
self.default_domain_user = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
domain_id=DEFAULT_DOMAIN_ID)
|
domain_id=DEFAULT_DOMAIN_ID)
|
||||||
password = self.default_domain_user['password']
|
|
||||||
self.default_domain_user = (
|
|
||||||
self.identity_api.create_user(self.default_domain_user))
|
|
||||||
self.default_domain_user['password'] = password
|
|
||||||
self.default_domain_user_id = self.default_domain_user['id']
|
self.default_domain_user_id = self.default_domain_user['id']
|
||||||
|
|
||||||
# create & grant policy.json's default role for admin_required
|
# create & grant policy.json's default role for admin_required
|
||||||
@ -261,9 +256,6 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
|
|||||||
return unit.new_project_ref(domain_id=domain_id, parent_id=parent_id,
|
return unit.new_project_ref(domain_id=domain_id, parent_id=parent_id,
|
||||||
is_domain=is_domain)
|
is_domain=is_domain)
|
||||||
|
|
||||||
def new_user_ref(self, domain_id, project_id=None):
|
|
||||||
return unit.new_user_ref(domain_id, project_id=project_id)
|
|
||||||
|
|
||||||
def new_credential_ref(self, user_id, project_id=None, cred_type=None):
|
def new_credential_ref(self, user_id, project_id=None, cred_type=None):
|
||||||
return unit.new_credential_ref(user_id, project_id=project_id,
|
return unit.new_credential_ref(user_id, project_id=project_id,
|
||||||
cred_type=cred_type)
|
cred_type=cred_type)
|
||||||
@ -845,6 +837,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
|
|||||||
resp,
|
resp,
|
||||||
'users',
|
'users',
|
||||||
self.assertValidUser,
|
self.assertValidUser,
|
||||||
|
keys_to_check=['name', 'enabled'],
|
||||||
*args,
|
*args,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
|
||||||
@ -853,6 +846,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
|
|||||||
resp,
|
resp,
|
||||||
'user',
|
'user',
|
||||||
self.assertValidUser,
|
self.assertValidUser,
|
||||||
|
keys_to_check=['name', 'enabled'],
|
||||||
*args,
|
*args,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
|
||||||
|
@ -112,23 +112,20 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
domain_id=self.domain2['id'])
|
domain_id=self.domain2['id'])
|
||||||
self.resource_api.create_project(self.project2['id'], self.project2)
|
self.resource_api.create_project(self.project2['id'], self.project2)
|
||||||
|
|
||||||
self.user2 = self.new_user_ref(
|
user2 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domain2['id'],
|
domain_id=self.domain2['id'],
|
||||||
project_id=self.project2['id'])
|
project_id=self.project2['id'])
|
||||||
password = self.user2['password']
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
|
||||||
self.user2['password'] = password
|
|
||||||
|
|
||||||
self.assignment_api.add_user_to_project(self.project2['id'],
|
self.assignment_api.add_user_to_project(self.project2['id'],
|
||||||
self.user2['id'])
|
user2['id'])
|
||||||
|
|
||||||
# First check a user in that domain can authenticate. The v2 user
|
# First check a user in that domain can authenticate. The v2 user
|
||||||
# cannot authenticate because they exist outside the default domain.
|
# cannot authenticate because they exist outside the default domain.
|
||||||
body = {
|
body = {
|
||||||
'auth': {
|
'auth': {
|
||||||
'passwordCredentials': {
|
'passwordCredentials': {
|
||||||
'userId': self.user2['id'],
|
'userId': user2['id'],
|
||||||
'password': self.user2['password']
|
'password': user2['password']
|
||||||
},
|
},
|
||||||
'tenantId': self.project2['id']
|
'tenantId': self.project2['id']
|
||||||
}
|
}
|
||||||
@ -138,8 +135,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
expected_status=http_client.UNAUTHORIZED)
|
expected_status=http_client.UNAUTHORIZED)
|
||||||
|
|
||||||
auth_data = self.build_authentication_request(
|
auth_data = self.build_authentication_request(
|
||||||
user_id=self.user2['id'],
|
user_id=user2['id'],
|
||||||
password=self.user2['password'],
|
password=user2['password'],
|
||||||
project_id=self.project2['id'])
|
project_id=self.project2['id'])
|
||||||
self.v3_create_token(auth_data)
|
self.v3_create_token(auth_data)
|
||||||
|
|
||||||
@ -155,8 +152,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
body = {
|
body = {
|
||||||
'auth': {
|
'auth': {
|
||||||
'passwordCredentials': {
|
'passwordCredentials': {
|
||||||
'userId': self.user2['id'],
|
'userId': user2['id'],
|
||||||
'password': self.user2['password']
|
'password': user2['password']
|
||||||
},
|
},
|
||||||
'tenantId': self.project2['id']
|
'tenantId': self.project2['id']
|
||||||
}
|
}
|
||||||
@ -167,16 +164,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
# Try looking up in v3 by name and id
|
# Try looking up in v3 by name and id
|
||||||
auth_data = self.build_authentication_request(
|
auth_data = self.build_authentication_request(
|
||||||
user_id=self.user2['id'],
|
user_id=user2['id'],
|
||||||
password=self.user2['password'],
|
password=user2['password'],
|
||||||
project_id=self.project2['id'])
|
project_id=self.project2['id'])
|
||||||
self.v3_create_token(auth_data,
|
self.v3_create_token(auth_data,
|
||||||
expected_status=http_client.UNAUTHORIZED)
|
expected_status=http_client.UNAUTHORIZED)
|
||||||
|
|
||||||
auth_data = self.build_authentication_request(
|
auth_data = self.build_authentication_request(
|
||||||
username=self.user2['name'],
|
username=user2['name'],
|
||||||
user_domain_id=self.domain2['id'],
|
user_domain_id=self.domain2['id'],
|
||||||
password=self.user2['password'],
|
password=user2['password'],
|
||||||
project_id=self.project2['id'])
|
project_id=self.project2['id'])
|
||||||
self.v3_create_token(auth_data,
|
self.v3_create_token(auth_data,
|
||||||
expected_status=http_client.UNAUTHORIZED)
|
expected_status=http_client.UNAUTHORIZED)
|
||||||
@ -216,16 +213,15 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
domain_id=self.domain2['id'])
|
domain_id=self.domain2['id'])
|
||||||
self.resource_api.create_project(self.project2['id'], self.project2)
|
self.resource_api.create_project(self.project2['id'], self.project2)
|
||||||
|
|
||||||
self.user2 = self.new_user_ref(
|
user2 = unit.new_user_ref(domain_id=self.domain2['id'],
|
||||||
domain_id=self.domain2['id'],
|
|
||||||
project_id=self.project2['id'])
|
project_id=self.project2['id'])
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
user2 = self.identity_api.create_user(user2)
|
||||||
|
|
||||||
self.group2 = unit.new_group_ref(domain_id=self.domain2['id'])
|
self.group2 = unit.new_group_ref(domain_id=self.domain2['id'])
|
||||||
self.group2 = self.identity_api.create_group(self.group2)
|
self.group2 = self.identity_api.create_group(self.group2)
|
||||||
|
|
||||||
self.credential2 = self.new_credential_ref(
|
self.credential2 = self.new_credential_ref(
|
||||||
user_id=self.user2['id'],
|
user_id=user2['id'],
|
||||||
project_id=self.project2['id'])
|
project_id=self.project2['id'])
|
||||||
self.credential_api.create_credential(
|
self.credential_api.create_credential(
|
||||||
self.credential2['id'],
|
self.credential2['id'],
|
||||||
@ -252,7 +248,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
self.group2['id'])
|
self.group2['id'])
|
||||||
self.assertRaises(exception.UserNotFound,
|
self.assertRaises(exception.UserNotFound,
|
||||||
self.identity_api.get_user,
|
self.identity_api.get_user,
|
||||||
self.user2['id'])
|
user2['id'])
|
||||||
self.assertRaises(exception.CredentialNotFound,
|
self.assertRaises(exception.CredentialNotFound,
|
||||||
self.credential_api.get_credential,
|
self.credential_api.get_credential,
|
||||||
self.credential2['id'])
|
self.credential2['id'])
|
||||||
@ -340,15 +336,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
self.domain = unit.new_domain_ref()
|
self.domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(self.domain['id'], self.domain)
|
self.resource_api.create_domain(self.domain['id'], self.domain)
|
||||||
|
|
||||||
self.user2 = self.new_user_ref(domain_id=self.domain['id'])
|
user2 = unit.create_user(self.identity_api,
|
||||||
password = self.user2['password']
|
domain_id=self.domain['id'])
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
|
||||||
self.user2['password'] = password
|
|
||||||
|
|
||||||
# build a request body
|
# build a request body
|
||||||
auth_body = self.build_authentication_request(
|
auth_body = self.build_authentication_request(
|
||||||
user_id=self.user2['id'],
|
user_id=user2['id'],
|
||||||
password=self.user2['password'])
|
password=user2['password'])
|
||||||
|
|
||||||
# sends a request for the user's token
|
# sends a request for the user's token
|
||||||
token_resp = self.post('/auth/tokens', body=auth_body)
|
token_resp = self.post('/auth/tokens', body=auth_body)
|
||||||
@ -1270,7 +1264,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
def _create_new_user_and_assign_role_on_project(self):
|
def _create_new_user_and_assign_role_on_project(self):
|
||||||
"""Create a new user and assign user a role on a project."""
|
"""Create a new user and assign user a role on a project."""
|
||||||
# Create a new user
|
# Create a new user
|
||||||
new_user = self.new_user_ref(domain_id=self.domain_id)
|
new_user = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
user_ref = self.identity_api.create_user(new_user)
|
user_ref = self.identity_api.create_user(new_user)
|
||||||
# Assign the user a role on the project
|
# Assign the user a role on the project
|
||||||
collection_url = (
|
collection_url = (
|
||||||
@ -1378,9 +1372,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
# Since the default fixtures already assign some roles to the
|
# Since the default fixtures already assign some roles to the
|
||||||
# user it creates, we also need a new user that will not have any
|
# user it creates, we also need a new user that will not have any
|
||||||
# existing assignments
|
# existing assignments
|
||||||
self.user1 = self.new_user_ref(
|
user1 = unit.new_user_ref(domain_id=self.domain['id'])
|
||||||
domain_id=self.domain['id'])
|
user1 = self.identity_api.create_user(user1)
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
|
||||||
|
|
||||||
collection_url = '/role_assignments'
|
collection_url = '/role_assignments'
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
@ -1402,7 +1395,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
||||||
|
|
||||||
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
|
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
|
||||||
user_id=self.user1['id'],
|
user_id=user1['id'],
|
||||||
role_id=self.role_id)
|
role_id=self.role_id)
|
||||||
self.put(ud_entity['links']['assignment'])
|
self.put(ud_entity['links']['assignment'])
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
@ -1424,7 +1417,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
self.assertRoleAssignmentInListResponse(r, gp_entity)
|
self.assertRoleAssignmentInListResponse(r, gp_entity)
|
||||||
|
|
||||||
up_entity = self.build_role_assignment_entity(
|
up_entity = self.build_role_assignment_entity(
|
||||||
project_id=self.project_id, user_id=self.user1['id'],
|
project_id=self.project_id, user_id=user1['id'],
|
||||||
role_id=self.role_id)
|
role_id=self.role_id)
|
||||||
self.put(up_entity['links']['assignment'])
|
self.put(up_entity['links']['assignment'])
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
@ -1465,18 +1458,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
for each of the group members.
|
for each of the group members.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
self.user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user1['password']
|
user2 = unit.create_user(self.identity_api,
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
|
||||||
self.user1['password'] = password
|
|
||||||
self.user2 = self.new_user_ref(
|
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user2['password']
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
self.identity_api.add_user_to_group(user1['id'], self.group['id'])
|
||||||
self.user2['password'] = password
|
self.identity_api.add_user_to_group(user2['id'], self.group['id'])
|
||||||
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
|
|
||||||
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
|
|
||||||
|
|
||||||
collection_url = '/role_assignments'
|
collection_url = '/role_assignments'
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
@ -1506,11 +1494,11 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
resource_url=collection_url)
|
resource_url=collection_url)
|
||||||
ud_entity = self.build_role_assignment_entity(
|
ud_entity = self.build_role_assignment_entity(
|
||||||
link=gd_entity['links']['assignment'], domain_id=self.domain_id,
|
link=gd_entity['links']['assignment'], domain_id=self.domain_id,
|
||||||
user_id=self.user1['id'], role_id=self.role_id)
|
user_id=user1['id'], role_id=self.role_id)
|
||||||
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
||||||
ud_entity = self.build_role_assignment_entity(
|
ud_entity = self.build_role_assignment_entity(
|
||||||
link=gd_entity['links']['assignment'], domain_id=self.domain_id,
|
link=gd_entity['links']['assignment'], domain_id=self.domain_id,
|
||||||
user_id=self.user2['id'], role_id=self.role_id)
|
user_id=user2['id'], role_id=self.role_id)
|
||||||
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
||||||
|
|
||||||
def test_check_effective_values_for_role_assignments(self):
|
def test_check_effective_values_for_role_assignments(self):
|
||||||
@ -1539,18 +1527,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
know if we are getting effective roles or not
|
know if we are getting effective roles or not
|
||||||
|
|
||||||
"""
|
"""
|
||||||
self.user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user1['password']
|
user2 = unit.create_user(self.identity_api,
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
|
||||||
self.user1['password'] = password
|
|
||||||
self.user2 = self.new_user_ref(
|
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user2['password']
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
self.identity_api.add_user_to_group(user1['id'], self.group['id'])
|
||||||
self.user2['password'] = password
|
self.identity_api.add_user_to_group(user2['id'], self.group['id'])
|
||||||
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
|
|
||||||
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
|
|
||||||
|
|
||||||
collection_url = '/role_assignments'
|
collection_url = '/role_assignments'
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
@ -1626,21 +1609,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
# Since the default fixtures already assign some roles to the
|
# Since the default fixtures already assign some roles to the
|
||||||
# user it creates, we also need a new user that will not have any
|
# user it creates, we also need a new user that will not have any
|
||||||
# existing assignments
|
# existing assignments
|
||||||
self.user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user1['password']
|
user2 = unit.create_user(self.identity_api,
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
|
||||||
self.user1['password'] = password
|
|
||||||
self.user2 = self.new_user_ref(
|
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user2['password']
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
|
||||||
self.user2['password'] = password
|
|
||||||
self.group1 = unit.new_group_ref(domain_id=self.domain['id'])
|
self.group1 = unit.new_group_ref(domain_id=self.domain['id'])
|
||||||
self.group1 = self.identity_api.create_group(self.group1)
|
self.group1 = self.identity_api.create_group(self.group1)
|
||||||
self.identity_api.add_user_to_group(self.user1['id'],
|
self.identity_api.add_user_to_group(user1['id'],
|
||||||
self.group1['id'])
|
self.group1['id'])
|
||||||
self.identity_api.add_user_to_group(self.user2['id'],
|
self.identity_api.add_user_to_group(user2['id'],
|
||||||
self.group1['id'])
|
self.group1['id'])
|
||||||
self.project1 = self.new_project_ref(
|
self.project1 = self.new_project_ref(
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
@ -1658,7 +1636,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
self.put(gd_entity['links']['assignment'])
|
self.put(gd_entity['links']['assignment'])
|
||||||
|
|
||||||
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
|
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
|
||||||
user_id=self.user1['id'],
|
user_id=user1['id'],
|
||||||
role_id=self.role2['id'])
|
role_id=self.role2['id'])
|
||||||
self.put(ud_entity['links']['assignment'])
|
self.put(ud_entity['links']['assignment'])
|
||||||
|
|
||||||
@ -1668,7 +1646,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
self.put(gp_entity['links']['assignment'])
|
self.put(gp_entity['links']['assignment'])
|
||||||
|
|
||||||
up_entity = self.build_role_assignment_entity(
|
up_entity = self.build_role_assignment_entity(
|
||||||
project_id=self.project1['id'], user_id=self.user1['id'],
|
project_id=self.project1['id'], user_id=user1['id'],
|
||||||
role_id=self.role2['id'])
|
role_id=self.role2['id'])
|
||||||
self.put(up_entity['links']['assignment'])
|
self.put(up_entity['links']['assignment'])
|
||||||
|
|
||||||
@ -1692,7 +1670,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
||||||
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
||||||
|
|
||||||
collection_url = '/role_assignments?user.id=%s' % self.user1['id']
|
collection_url = '/role_assignments?user.id=%s' % user1['id']
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
self.assertValidRoleAssignmentListResponse(r,
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
expected_length=2,
|
expected_length=2,
|
||||||
@ -1721,7 +1699,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
collection_url = (
|
collection_url = (
|
||||||
'/role_assignments?user.id=%(user_id)s'
|
'/role_assignments?user.id=%(user_id)s'
|
||||||
'&scope.project.id=%(project_id)s' % {
|
'&scope.project.id=%(project_id)s' % {
|
||||||
'user_id': self.user1['id'],
|
'user_id': user1['id'],
|
||||||
'project_id': self.project1['id']})
|
'project_id': self.project1['id']})
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
self.assertValidRoleAssignmentListResponse(r,
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
@ -1734,7 +1712,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
# assigned as well as by virtue of group membership
|
# assigned as well as by virtue of group membership
|
||||||
|
|
||||||
collection_url = ('/role_assignments?effective&user.id=%s' %
|
collection_url = ('/role_assignments?effective&user.id=%s' %
|
||||||
self.user1['id'])
|
user1['id'])
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
self.assertValidRoleAssignmentListResponse(r,
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
expected_length=4,
|
expected_length=4,
|
||||||
@ -1752,9 +1730,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
up1_entity = self.build_role_assignment_entity(
|
up1_entity = self.build_role_assignment_entity(
|
||||||
link=gp1_link, project_id=self.project1['id'],
|
link=gp1_link, project_id=self.project1['id'],
|
||||||
user_id=self.user1['id'], role_id=self.role1['id'])
|
user_id=user1['id'], role_id=self.role1['id'])
|
||||||
ud1_entity = self.build_role_assignment_entity(
|
ud1_entity = self.build_role_assignment_entity(
|
||||||
link=gd1_link, domain_id=self.domain_id, user_id=self.user1['id'],
|
link=gd1_link, domain_id=self.domain_id, user_id=user1['id'],
|
||||||
role_id=self.role1['id'])
|
role_id=self.role1['id'])
|
||||||
self.assertRoleAssignmentInListResponse(r, up1_entity)
|
self.assertRoleAssignmentInListResponse(r, up1_entity)
|
||||||
self.assertRoleAssignmentInListResponse(r, ud1_entity)
|
self.assertRoleAssignmentInListResponse(r, ud1_entity)
|
||||||
@ -1766,7 +1744,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||||||
collection_url = (
|
collection_url = (
|
||||||
'/role_assignments?effective&user.id=%(user_id)s'
|
'/role_assignments?effective&user.id=%(user_id)s'
|
||||||
'&scope.project.id=%(project_id)s' % {
|
'&scope.project.id=%(project_id)s' % {
|
||||||
'user_id': self.user1['id'],
|
'user_id': user1['id'],
|
||||||
'project_id': self.project1['id']})
|
'project_id': self.project1['id']})
|
||||||
r = self.get(collection_url)
|
r = self.get(collection_url)
|
||||||
self.assertValidRoleAssignmentListResponse(r,
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
@ -1827,7 +1805,7 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase,
|
|||||||
# Create 3 users
|
# Create 3 users
|
||||||
self.user_ids = []
|
self.user_ids = []
|
||||||
for i in range(3):
|
for i in range(3):
|
||||||
user = self.new_user_ref(domain_id=self.domain_id)
|
user = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
self.user_ids.append(user['id'])
|
self.user_ids.append(user['id'])
|
||||||
|
|
||||||
@ -2174,10 +2152,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
def test_get_token_from_inherited_user_domain_role_grants(self):
|
def test_get_token_from_inherited_user_domain_role_grants(self):
|
||||||
# Create a new user to ensure that no grant is loaded from sample data
|
# Create a new user to ensure that no grant is loaded from sample data
|
||||||
user = self.new_user_ref(domain_id=self.domain_id)
|
user = unit.create_user(self.identity_api, domain_id=self.domain_id)
|
||||||
password = user['password']
|
|
||||||
user = self.identity_api.create_user(user)
|
|
||||||
user['password'] = password
|
|
||||||
|
|
||||||
# Define domain and project authentication data
|
# Define domain and project authentication data
|
||||||
domain_auth_data = self.build_authentication_request(
|
domain_auth_data = self.build_authentication_request(
|
||||||
@ -2237,10 +2212,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
def test_get_token_from_inherited_group_domain_role_grants(self):
|
def test_get_token_from_inherited_group_domain_role_grants(self):
|
||||||
# Create a new group and put a new user in it to
|
# Create a new group and put a new user in it to
|
||||||
# ensure that no grant is loaded from sample data
|
# ensure that no grant is loaded from sample data
|
||||||
user = self.new_user_ref(domain_id=self.domain_id)
|
user = unit.create_user(self.identity_api, domain_id=self.domain_id)
|
||||||
password = user['password']
|
|
||||||
user = self.identity_api.create_user(user)
|
|
||||||
user['password'] = password
|
|
||||||
|
|
||||||
group = unit.new_group_ref(domain_id=self.domain['id'])
|
group = unit.new_group_ref(domain_id=self.domain['id'])
|
||||||
group = self.identity_api.create_group(group)
|
group = self.identity_api.create_group(group)
|
||||||
@ -2401,11 +2373,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
|
||||||
domain_id=domain['id'])
|
|
||||||
password = user1['password']
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
|
||||||
user1['password'] = password
|
|
||||||
project1 = self.new_project_ref(
|
project1 = self.new_project_ref(
|
||||||
domain_id=domain['id'])
|
domain_id=domain['id'])
|
||||||
self.resource_api.create_project(project1['id'], project1)
|
self.resource_api.create_project(project1['id'], project1)
|
||||||
@ -2497,11 +2465,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
|
||||||
domain_id=domain['id'])
|
|
||||||
password = user1['password']
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
|
||||||
user1['password'] = password
|
|
||||||
project1 = self.new_project_ref(
|
project1 = self.new_project_ref(
|
||||||
domain_id=domain['id'])
|
domain_id=domain['id'])
|
||||||
self.resource_api.create_project(project1['id'], project1)
|
self.resource_api.create_project(project1['id'], project1)
|
||||||
@ -2589,16 +2553,8 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
|
||||||
domain_id=domain['id'])
|
user2 = unit.create_user(self.identity_api, domain_id=domain['id'])
|
||||||
password = user1['password']
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
|
||||||
user1['password'] = password
|
|
||||||
user2 = self.new_user_ref(
|
|
||||||
domain_id=domain['id'])
|
|
||||||
password = user2['password']
|
|
||||||
user2 = self.identity_api.create_user(user2)
|
|
||||||
user2['password'] = password
|
|
||||||
group1 = unit.new_group_ref(domain_id=domain['id'])
|
group1 = unit.new_group_ref(domain_id=domain['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
self.identity_api.add_user_to_group(user1['id'],
|
self.identity_api.add_user_to_group(user1['id'],
|
||||||
@ -2694,11 +2650,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
|
||||||
domain_id=domain['id'])
|
|
||||||
password = user1['password']
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
|
||||||
user1['password'] = password
|
|
||||||
group1 = unit.new_group_ref(domain_id=domain['id'])
|
group1 = unit.new_group_ref(domain_id=domain['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
project1 = self.new_project_ref(
|
project1 = self.new_project_ref(
|
||||||
|
@ -153,14 +153,8 @@ class TokenAPITests(object):
|
|||||||
self.resource_api.create_domain(new_domain['id'], new_domain)
|
self.resource_api.create_domain(new_domain['id'], new_domain)
|
||||||
|
|
||||||
# 2) Create user in new domain.
|
# 2) Create user in new domain.
|
||||||
new_user_password = uuid.uuid4().hex
|
new_user = unit.create_user(self.identity_api,
|
||||||
new_user = {
|
domain_id=new_domain['id'])
|
||||||
'name': uuid.uuid4().hex,
|
|
||||||
'domain_id': new_domain['id'],
|
|
||||||
'password': new_user_password,
|
|
||||||
'email': uuid.uuid4().hex,
|
|
||||||
}
|
|
||||||
new_user = self.identity_api.create_user(new_user)
|
|
||||||
|
|
||||||
# 3) Update the default_domain_id config option to the new domain
|
# 3) Update the default_domain_id config option to the new domain
|
||||||
self.config_fixture.config(
|
self.config_fixture.config(
|
||||||
@ -170,7 +164,7 @@ class TokenAPITests(object):
|
|||||||
# 4) Get a token using v3 API.
|
# 4) Get a token using v3 API.
|
||||||
v3_token = self.get_requested_token(self.build_authentication_request(
|
v3_token = self.get_requested_token(self.build_authentication_request(
|
||||||
user_id=new_user['id'],
|
user_id=new_user['id'],
|
||||||
password=new_user_password))
|
password=new_user['password']))
|
||||||
|
|
||||||
# 5) Validate token using v2 API.
|
# 5) Validate token using v2 API.
|
||||||
self.admin_request(
|
self.admin_request(
|
||||||
@ -614,16 +608,11 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
|||||||
self.domainA = unit.new_domain_ref()
|
self.domainA = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(self.domainA['id'], self.domainA)
|
self.resource_api.create_domain(self.domainA['id'], self.domainA)
|
||||||
|
|
||||||
self.userAdminA = self.new_user_ref(domain_id=self.domainA['id'])
|
self.userAdminA = unit.create_user(self.identity_api,
|
||||||
password = self.userAdminA['password']
|
domain_id=self.domainA['id'])
|
||||||
self.userAdminA = self.identity_api.create_user(self.userAdminA)
|
|
||||||
self.userAdminA['password'] = password
|
self.userNormalA = unit.create_user(self.identity_api,
|
||||||
|
|
||||||
self.userNormalA = self.new_user_ref(
|
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
password = self.userNormalA['password']
|
|
||||||
self.userNormalA = self.identity_api.create_user(self.userNormalA)
|
|
||||||
self.userNormalA['password'] = password
|
|
||||||
|
|
||||||
self.assignment_api.create_grant(self.role['id'],
|
self.assignment_api.create_grant(self.role['id'],
|
||||||
user_id=self.userAdminA['id'],
|
user_id=self.userAdminA['id'],
|
||||||
@ -715,12 +704,10 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
|||||||
# DomainB setup
|
# DomainB setup
|
||||||
self.domainB = unit.new_domain_ref()
|
self.domainB = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(self.domainB['id'], self.domainB)
|
self.resource_api.create_domain(self.domainB['id'], self.domainB)
|
||||||
self.userAdminB = self.new_user_ref(domain_id=self.domainB['id'])
|
userAdminB = unit.create_user(self.identity_api,
|
||||||
password = self.userAdminB['password']
|
domain_id=self.domainB['id'])
|
||||||
self.userAdminB = self.identity_api.create_user(self.userAdminB)
|
|
||||||
self.userAdminB['password'] = password
|
|
||||||
self.assignment_api.create_grant(self.role['id'],
|
self.assignment_api.create_grant(self.role['id'],
|
||||||
user_id=self.userAdminB['id'],
|
user_id=userAdminB['id'],
|
||||||
domain_id=self.domainB['id'])
|
domain_id=self.domainB['id'])
|
||||||
|
|
||||||
user_token = self.get_requested_token(
|
user_token = self.get_requested_token(
|
||||||
@ -732,8 +719,8 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
adminB_token = self.get_requested_token(
|
adminB_token = self.get_requested_token(
|
||||||
self.build_authentication_request(
|
self.build_authentication_request(
|
||||||
user_id=self.userAdminB['id'],
|
user_id=userAdminB['id'],
|
||||||
password=self.userAdminB['password'],
|
password=userAdminB['password'],
|
||||||
domain_name=self.domainB['name']))
|
domain_name=self.domainB['name']))
|
||||||
|
|
||||||
self.head('/auth/tokens', headers=headers,
|
self.head('/auth/tokens', headers=headers,
|
||||||
@ -791,23 +778,14 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
|
|||||||
self.resource_api.create_project(self.projectB['id'], self.projectB)
|
self.resource_api.create_project(self.projectB['id'], self.projectB)
|
||||||
|
|
||||||
# Now create some users
|
# Now create some users
|
||||||
self.user1 = self.new_user_ref(
|
self.user1 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
password = self.user1['password']
|
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
|
||||||
self.user1['password'] = password
|
|
||||||
|
|
||||||
self.user2 = self.new_user_ref(
|
self.user2 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domainB['id'])
|
domain_id=self.domainB['id'])
|
||||||
password = self.user2['password']
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
|
||||||
self.user2['password'] = password
|
|
||||||
|
|
||||||
self.user3 = self.new_user_ref(
|
self.user3 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domainB['id'])
|
domain_id=self.domainB['id'])
|
||||||
password = self.user3['password']
|
|
||||||
self.user3 = self.identity_api.create_user(self.user3)
|
|
||||||
self.user3['password'] = password
|
|
||||||
|
|
||||||
self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
|
self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
|
||||||
self.group1 = self.identity_api.create_group(self.group1)
|
self.group1 = self.identity_api.create_group(self.group1)
|
||||||
@ -918,20 +896,12 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
|
|||||||
def role_data_fixtures(self):
|
def role_data_fixtures(self):
|
||||||
self.projectC = self.new_project_ref(domain_id=self.domainA['id'])
|
self.projectC = self.new_project_ref(domain_id=self.domainA['id'])
|
||||||
self.resource_api.create_project(self.projectC['id'], self.projectC)
|
self.resource_api.create_project(self.projectC['id'], self.projectC)
|
||||||
self.user4 = self.new_user_ref(domain_id=self.domainB['id'])
|
self.user4 = unit.create_user(self.identity_api,
|
||||||
password = self.user4['password']
|
domain_id=self.domainB['id'])
|
||||||
self.user4 = self.identity_api.create_user(self.user4)
|
self.user5 = unit.create_user(self.identity_api,
|
||||||
self.user4['password'] = password
|
|
||||||
self.user5 = self.new_user_ref(
|
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
password = self.user5['password']
|
self.user6 = unit.create_user(self.identity_api,
|
||||||
self.user5 = self.identity_api.create_user(self.user5)
|
|
||||||
self.user5['password'] = password
|
|
||||||
self.user6 = self.new_user_ref(
|
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
password = self.user6['password']
|
|
||||||
self.user6 = self.identity_api.create_user(self.user6)
|
|
||||||
self.user6['password'] = password
|
|
||||||
self.identity_api.add_user_to_group(self.user5['id'],
|
self.identity_api.add_user_to_group(self.user5['id'],
|
||||||
self.group1['id'])
|
self.group1['id'])
|
||||||
self.assignment_api.create_grant(self.role1['id'],
|
self.assignment_api.create_grant(self.role1['id'],
|
||||||
@ -2038,17 +2008,9 @@ class TestAuth(test_v3.RestfulTestCase):
|
|||||||
projectA = self.new_project_ref(domain_id=domainA['id'])
|
projectA = self.new_project_ref(domain_id=domainA['id'])
|
||||||
self.resource_api.create_project(projectA['id'], projectA)
|
self.resource_api.create_project(projectA['id'], projectA)
|
||||||
|
|
||||||
user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api, domain_id=domainA['id'])
|
||||||
domain_id=domainA['id'])
|
|
||||||
password = user1['password']
|
|
||||||
user1 = self.identity_api.create_user(user1)
|
|
||||||
user1['password'] = password
|
|
||||||
|
|
||||||
user2 = self.new_user_ref(
|
user2 = unit.create_user(self.identity_api, domain_id=domainA['id'])
|
||||||
domain_id=domainA['id'])
|
|
||||||
password = user2['password']
|
|
||||||
user2 = self.identity_api.create_user(user2)
|
|
||||||
user2['password'] = password
|
|
||||||
|
|
||||||
group1 = unit.new_group_ref(domain_id=domainA['id'])
|
group1 = unit.new_group_ref(domain_id=domainA['id'])
|
||||||
group1 = self.identity_api.create_group(group1)
|
group1 = self.identity_api.create_group(group1)
|
||||||
@ -2150,10 +2112,8 @@ class TestAuth(test_v3.RestfulTestCase):
|
|||||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||||
'domain_id': domain1['id']}
|
'domain_id': domain1['id']}
|
||||||
self.resource_api.create_project(project1['id'], project1)
|
self.resource_api.create_project(project1['id'], project1)
|
||||||
user_foo = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
user_foo = unit.create_user(self.identity_api,
|
||||||
password = user_foo['password']
|
domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
||||||
user_foo = self.identity_api.create_user(user_foo)
|
|
||||||
user_foo['password'] = password
|
|
||||||
role_member = unit.new_role_ref()
|
role_member = unit.new_role_ref()
|
||||||
self.role_api.create_role(role_member['id'], role_member)
|
self.role_api.create_role(role_member['id'], role_member)
|
||||||
role_admin = unit.new_role_ref()
|
role_admin = unit.new_role_ref()
|
||||||
@ -2577,8 +2537,8 @@ class TestAuth(test_v3.RestfulTestCase):
|
|||||||
token_data['token']['bind'])
|
token_data['token']['bind'])
|
||||||
|
|
||||||
def test_authenticating_a_user_with_no_password(self):
|
def test_authenticating_a_user_with_no_password(self):
|
||||||
user = self.new_user_ref(domain_id=self.domain['id'])
|
user = unit.new_user_ref(domain_id=self.domain['id'])
|
||||||
user.pop('password', None) # can't have a password for this test
|
del user['password'] # can't have a password for this test
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
|
|
||||||
auth_data = self.build_authentication_request(
|
auth_data = self.build_authentication_request(
|
||||||
@ -2764,9 +2724,8 @@ class TestTrustRedelegation(test_v3.RestfulTestCase):
|
|||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestTrustRedelegation, self).setUp()
|
super(TestTrustRedelegation, self).setUp()
|
||||||
# Create a trustee to delegate stuff to
|
# Create a trustee to delegate stuff to
|
||||||
trustee_user_ref = self.new_user_ref(domain_id=self.domain_id)
|
self.trustee_user = unit.create_user(self.identity_api,
|
||||||
self.trustee_user = self.identity_api.create_user(trustee_user_ref)
|
domain_id=self.domain_id)
|
||||||
self.trustee_user['password'] = trustee_user_ref['password']
|
|
||||||
|
|
||||||
# trustor->trustee
|
# trustor->trustee
|
||||||
self.redelegated_trust_ref = self.new_trust_ref(
|
self.redelegated_trust_ref = self.new_trust_ref(
|
||||||
@ -3000,9 +2959,8 @@ class TestTrustChain(test_v3.RestfulTestCase):
|
|||||||
self.user_chain = list()
|
self.user_chain = list()
|
||||||
self.trust_chain = list()
|
self.trust_chain = list()
|
||||||
for _ in range(3):
|
for _ in range(3):
|
||||||
user_ref = self.new_user_ref(domain_id=self.domain_id)
|
user = unit.create_user(self.identity_api,
|
||||||
user = self.identity_api.create_user(user_ref)
|
domain_id=self.domain_id)
|
||||||
user['password'] = user_ref['password']
|
|
||||||
self.user_chain.append(user)
|
self.user_chain.append(user)
|
||||||
|
|
||||||
# trustor->trustee
|
# trustor->trustee
|
||||||
@ -3157,10 +3115,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
|
|||||||
super(TestTrustAuth, self).setUp()
|
super(TestTrustAuth, self).setUp()
|
||||||
|
|
||||||
# create a trustee to delegate stuff to
|
# create a trustee to delegate stuff to
|
||||||
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
|
self.trustee_user = unit.create_user(self.identity_api,
|
||||||
password = self.trustee_user['password']
|
domain_id=self.domain_id)
|
||||||
self.trustee_user = self.identity_api.create_user(self.trustee_user)
|
|
||||||
self.trustee_user['password'] = password
|
|
||||||
self.trustee_user_id = self.trustee_user['id']
|
self.trustee_user_id = self.trustee_user['id']
|
||||||
|
|
||||||
def test_create_trust_bad_request(self):
|
def test_create_trust_bad_request(self):
|
||||||
@ -3461,10 +3417,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_v3_v2_intermix_project_not_in_default_domaini_failed(self):
|
def test_v3_v2_intermix_project_not_in_default_domaini_failed(self):
|
||||||
# create a trustee in default domain to delegate stuff to
|
# create a trustee in default domain to delegate stuff to
|
||||||
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
trustee_user = unit.create_user(self.identity_api,
|
||||||
password = trustee_user['password']
|
domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
||||||
trustee_user = self.identity_api.create_user(trustee_user)
|
|
||||||
trustee_user['password'] = password
|
|
||||||
trustee_user_id = trustee_user['id']
|
trustee_user_id = trustee_user['id']
|
||||||
|
|
||||||
ref = self.new_trust_ref(
|
ref = self.new_trust_ref(
|
||||||
@ -3501,10 +3455,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_v3_v2_intermix(self):
|
def test_v3_v2_intermix(self):
|
||||||
# create a trustee in default domain to delegate stuff to
|
# create a trustee in default domain to delegate stuff to
|
||||||
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
trustee_user = unit.create_user(self.identity_api,
|
||||||
password = trustee_user['password']
|
domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
||||||
trustee_user = self.identity_api.create_user(trustee_user)
|
|
||||||
trustee_user['password'] = password
|
|
||||||
trustee_user_id = trustee_user['id']
|
trustee_user_id = trustee_user['id']
|
||||||
|
|
||||||
ref = self.new_trust_ref(
|
ref = self.new_trust_ref(
|
||||||
@ -3678,11 +3630,9 @@ class TestTrustAuth(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
# create a sub-trustee user
|
# create a sub-trustee user
|
||||||
sub_trustee_user = self.new_user_ref(
|
sub_trustee_user = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
||||||
password = sub_trustee_user['password']
|
|
||||||
sub_trustee_user = self.identity_api.create_user(sub_trustee_user)
|
|
||||||
sub_trustee_user['password'] = password
|
|
||||||
sub_trustee_user_id = sub_trustee_user['id']
|
sub_trustee_user_id = sub_trustee_user['id']
|
||||||
|
|
||||||
# create a new role
|
# create a new role
|
||||||
@ -4167,9 +4117,8 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def _create_trust(self):
|
def _create_trust(self):
|
||||||
# Create a trustee user
|
# Create a trustee user
|
||||||
trustee_user_ref = self.new_user_ref(domain_id=self.domain_id)
|
trustee_user = unit.create_user(self.identity_api,
|
||||||
trustee_user = self.identity_api.create_user(trustee_user_ref)
|
domain_id=self.domain_id)
|
||||||
trustee_user['password'] = trustee_user_ref['password']
|
|
||||||
ref = self.new_trust_ref(
|
ref = self.new_trust_ref(
|
||||||
trustor_user_id=self.user_id,
|
trustor_user_id=self.user_id,
|
||||||
trustee_user_id=trustee_user['id'],
|
trustee_user_id=trustee_user['id'],
|
||||||
|
@ -22,6 +22,7 @@ from six.moves import http_client
|
|||||||
from testtools import matchers
|
from testtools import matchers
|
||||||
|
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
|
from keystone.tests import unit
|
||||||
from keystone.tests.unit import test_v3
|
from keystone.tests.unit import test_v3
|
||||||
|
|
||||||
|
|
||||||
@ -289,7 +290,7 @@ class TestCredentialTrustScoped(test_v3.RestfulTestCase):
|
|||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestCredentialTrustScoped, self).setUp()
|
super(TestCredentialTrustScoped, self).setUp()
|
||||||
|
|
||||||
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
|
self.trustee_user = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
password = self.trustee_user['password']
|
password = self.trustee_user['password']
|
||||||
self.trustee_user = self.identity_api.create_user(self.trustee_user)
|
self.trustee_user = self.identity_api.create_user(self.trustee_user)
|
||||||
self.trustee_user['password'] = password
|
self.trustee_user['password'] = password
|
||||||
|
@ -66,21 +66,12 @@ class IdentityTestFilteredCase(filtering.FilterTests,
|
|||||||
self.resource_api.create_domain(self.domainC['id'], self.domainC)
|
self.resource_api.create_domain(self.domainC['id'], self.domainC)
|
||||||
|
|
||||||
# Now create some users, one in domainA and two of them in domainB
|
# Now create some users, one in domainA and two of them in domainB
|
||||||
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
|
self.user1 = unit.create_user(self.identity_api,
|
||||||
password = uuid.uuid4().hex
|
domain_id=self.domainA['id'])
|
||||||
self.user1['password'] = password
|
self.user2 = unit.create_user(self.identity_api,
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
domain_id=self.domainB['id'])
|
||||||
self.user1['password'] = password
|
self.user3 = unit.create_user(self.identity_api,
|
||||||
|
domain_id=self.domainB['id'])
|
||||||
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
|
|
||||||
self.user2['password'] = password
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
|
||||||
self.user2['password'] = password
|
|
||||||
|
|
||||||
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
|
|
||||||
self.user3['password'] = password
|
|
||||||
self.user3 = self.identity_api.create_user(self.user3)
|
|
||||||
self.user3['password'] = password
|
|
||||||
|
|
||||||
self.role = unit.new_role_ref()
|
self.role = unit.new_role_ref()
|
||||||
self.role_api.create_role(self.role['id'], self.role)
|
self.role_api.create_role(self.role['id'], self.role)
|
||||||
|
@ -53,7 +53,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_create_user(self):
|
def test_create_user(self):
|
||||||
"""Call ``POST /users``."""
|
"""Call ``POST /users``."""
|
||||||
ref = self.new_user_ref(domain_id=self.domain_id)
|
ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
r = self.post(
|
r = self.post(
|
||||||
'/users',
|
'/users',
|
||||||
body={'user': ref})
|
body={'user': ref})
|
||||||
@ -71,15 +71,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
# domain scoped token
|
# domain scoped token
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user = self.new_user_ref(domain_id=domain['id'])
|
user = unit.create_user(self.identity_api, domain_id=domain['id'])
|
||||||
password = user['password']
|
|
||||||
user = self.identity_api.create_user(user)
|
|
||||||
user['password'] = password
|
|
||||||
self.assignment_api.create_grant(
|
self.assignment_api.create_grant(
|
||||||
role_id=self.role_id, user_id=user['id'],
|
role_id=self.role_id, user_id=user['id'],
|
||||||
domain_id=domain['id'])
|
domain_id=domain['id'])
|
||||||
|
|
||||||
ref = self.new_user_ref(domain_id=domain['id'])
|
ref = unit.new_user_ref(domain_id=domain['id'])
|
||||||
ref_nd = ref.copy()
|
ref_nd = ref.copy()
|
||||||
ref_nd.pop('domain_id')
|
ref_nd.pop('domain_id')
|
||||||
auth = self.build_authentication_request(
|
auth = self.build_authentication_request(
|
||||||
@ -90,7 +87,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
self.assertValidUserResponse(r, ref)
|
self.assertValidUserResponse(r, ref)
|
||||||
|
|
||||||
# Now try the same thing without a domain token - which should fail
|
# Now try the same thing without a domain token - which should fail
|
||||||
ref = self.new_user_ref(domain_id=domain['id'])
|
ref = unit.new_user_ref(domain_id=domain['id'])
|
||||||
ref_nd = ref.copy()
|
ref_nd = ref.copy()
|
||||||
ref_nd.pop('domain_id')
|
ref_nd.pop('domain_id')
|
||||||
auth = self.build_authentication_request(
|
auth = self.build_authentication_request(
|
||||||
@ -137,15 +134,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
# domain scoped token
|
# domain scoped token
|
||||||
domain = unit.new_domain_ref()
|
domain = unit.new_domain_ref()
|
||||||
self.resource_api.create_domain(domain['id'], domain)
|
self.resource_api.create_domain(domain['id'], domain)
|
||||||
user = self.new_user_ref(domain_id=domain['id'])
|
user = unit.create_user(self.identity_api, domain_id=domain['id'])
|
||||||
password = user['password']
|
|
||||||
user = self.identity_api.create_user(user)
|
|
||||||
user['password'] = password
|
|
||||||
self.assignment_api.create_grant(
|
self.assignment_api.create_grant(
|
||||||
role_id=self.role_id, user_id=user['id'],
|
role_id=self.role_id, user_id=user['id'],
|
||||||
domain_id=domain['id'])
|
domain_id=domain['id'])
|
||||||
|
|
||||||
ref = self.new_user_ref(domain_id=domain['id'])
|
ref = unit.new_user_ref(domain_id=domain['id'])
|
||||||
ref_nd = ref.copy()
|
ref_nd = ref.copy()
|
||||||
ref_nd.pop('domain_id')
|
ref_nd.pop('domain_id')
|
||||||
auth = self.build_authentication_request(
|
auth = self.build_authentication_request(
|
||||||
@ -180,7 +174,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_list_users_no_default_project(self):
|
def test_list_users_no_default_project(self):
|
||||||
"""Call ``GET /users`` making sure no default_project_id."""
|
"""Call ``GET /users`` making sure no default_project_id."""
|
||||||
user = self.new_user_ref(self.domain_id)
|
user = unit.new_user_ref(self.domain_id)
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
resource_url = '/users'
|
resource_url = '/users'
|
||||||
r = self.get(resource_url)
|
r = self.get(resource_url)
|
||||||
@ -195,7 +189,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_get_user_with_default_project(self):
|
def test_get_user_with_default_project(self):
|
||||||
"""Call ``GET /users/{user_id}`` making sure of default_project_id."""
|
"""Call ``GET /users/{user_id}`` making sure of default_project_id."""
|
||||||
user = self.new_user_ref(domain_id=self.domain_id,
|
user = unit.new_user_ref(domain_id=self.domain_id,
|
||||||
project_id=self.project_id)
|
project_id=self.project_id)
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
r = self.get('/users/%(user_id)s' % {'user_id': user['id']})
|
r = self.get('/users/%(user_id)s' % {'user_id': user['id']})
|
||||||
@ -208,44 +202,39 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_list_groups_for_user(self):
|
def test_list_groups_for_user(self):
|
||||||
"""Call ``GET /users/{user_id}/groups``."""
|
"""Call ``GET /users/{user_id}/groups``."""
|
||||||
self.user1 = self.new_user_ref(
|
user1 = unit.create_user(self.identity_api,
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user1['password']
|
user2 = unit.create_user(self.identity_api,
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
|
||||||
self.user1['password'] = password
|
|
||||||
self.user2 = self.new_user_ref(
|
|
||||||
domain_id=self.domain['id'])
|
domain_id=self.domain['id'])
|
||||||
password = self.user2['password']
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
|
||||||
self.user2['password'] = password
|
|
||||||
self.put('/groups/%(group_id)s/users/%(user_id)s' % {
|
self.put('/groups/%(group_id)s/users/%(user_id)s' % {
|
||||||
'group_id': self.group_id, 'user_id': self.user1['id']})
|
'group_id': self.group_id, 'user_id': user1['id']})
|
||||||
|
|
||||||
# Scenarios below are written to test the default policy configuration
|
# Scenarios below are written to test the default policy configuration
|
||||||
|
|
||||||
# One should be allowed to list one's own groups
|
# One should be allowed to list one's own groups
|
||||||
auth = self.build_authentication_request(
|
auth = self.build_authentication_request(
|
||||||
user_id=self.user1['id'],
|
user_id=user1['id'],
|
||||||
password=self.user1['password'])
|
password=user1['password'])
|
||||||
resource_url = ('/users/%(user_id)s/groups' %
|
resource_url = ('/users/%(user_id)s/groups' %
|
||||||
{'user_id': self.user1['id']})
|
{'user_id': user1['id']})
|
||||||
r = self.get(resource_url, auth=auth)
|
r = self.get(resource_url, auth=auth)
|
||||||
self.assertValidGroupListResponse(r, ref=self.group,
|
self.assertValidGroupListResponse(r, ref=self.group,
|
||||||
resource_url=resource_url)
|
resource_url=resource_url)
|
||||||
|
|
||||||
# Administrator is allowed to list others' groups
|
# Administrator is allowed to list others' groups
|
||||||
resource_url = ('/users/%(user_id)s/groups' %
|
resource_url = ('/users/%(user_id)s/groups' %
|
||||||
{'user_id': self.user1['id']})
|
{'user_id': user1['id']})
|
||||||
r = self.get(resource_url)
|
r = self.get(resource_url)
|
||||||
self.assertValidGroupListResponse(r, ref=self.group,
|
self.assertValidGroupListResponse(r, ref=self.group,
|
||||||
resource_url=resource_url)
|
resource_url=resource_url)
|
||||||
|
|
||||||
# Ordinary users should not be allowed to list other's groups
|
# Ordinary users should not be allowed to list other's groups
|
||||||
auth = self.build_authentication_request(
|
auth = self.build_authentication_request(
|
||||||
user_id=self.user2['id'],
|
user_id=user2['id'],
|
||||||
password=self.user2['password'])
|
password=user2['password'])
|
||||||
r = self.get('/users/%(user_id)s/groups' % {
|
r = self.get('/users/%(user_id)s/groups' % {
|
||||||
'user_id': self.user1['id']}, auth=auth,
|
'user_id': user1['id']}, auth=auth,
|
||||||
expected_status=exception.ForbiddenAction.code)
|
expected_status=exception.ForbiddenAction.code)
|
||||||
|
|
||||||
def test_check_user_in_group(self):
|
def test_check_user_in_group(self):
|
||||||
@ -276,7 +265,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_update_user(self):
|
def test_update_user(self):
|
||||||
"""Call ``PATCH /users/{user_id}``."""
|
"""Call ``PATCH /users/{user_id}``."""
|
||||||
user = self.new_user_ref(domain_id=self.domain_id)
|
user = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
del user['id']
|
del user['id']
|
||||||
r = self.patch('/users/%(user_id)s' % {
|
r = self.patch('/users/%(user_id)s' % {
|
||||||
'user_id': self.user['id']},
|
'user_id': self.user['id']},
|
||||||
@ -285,14 +274,13 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_admin_password_reset(self):
|
def test_admin_password_reset(self):
|
||||||
# bootstrap a user as admin
|
# bootstrap a user as admin
|
||||||
user_ref = self.new_user_ref(domain_id=self.domain['id'])
|
user_ref = unit.create_user(self.identity_api,
|
||||||
password = user_ref['password']
|
domain_id=self.domain['id'])
|
||||||
user_ref = self.identity_api.create_user(user_ref)
|
|
||||||
|
|
||||||
# auth as user should work before a password change
|
# auth as user should work before a password change
|
||||||
old_password_auth = self.build_authentication_request(
|
old_password_auth = self.build_authentication_request(
|
||||||
user_id=user_ref['id'],
|
user_id=user_ref['id'],
|
||||||
password=password)
|
password=user_ref['password'])
|
||||||
r = self.v3_create_token(old_password_auth)
|
r = self.v3_create_token(old_password_auth)
|
||||||
old_token = r.headers.get('X-Subject-Token')
|
old_token = r.headers.get('X-Subject-Token')
|
||||||
|
|
||||||
@ -321,7 +309,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def test_update_user_domain_id(self):
|
def test_update_user_domain_id(self):
|
||||||
"""Call ``PATCH /users/{user_id}`` with domain_id."""
|
"""Call ``PATCH /users/{user_id}`` with domain_id."""
|
||||||
user = self.new_user_ref(domain_id=self.domain['id'])
|
user = unit.new_user_ref(domain_id=self.domain['id'])
|
||||||
user = self.identity_api.create_user(user)
|
user = self.identity_api.create_user(user)
|
||||||
user['domain_id'] = CONF.identity.default_domain_id
|
user['domain_id'] = CONF.identity.default_domain_id
|
||||||
r = self.patch('/users/%(user_id)s' % {
|
r = self.patch('/users/%(user_id)s' % {
|
||||||
@ -348,12 +336,11 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
r = self.credential_api.get_credential(self.credential['id'])
|
r = self.credential_api.get_credential(self.credential['id'])
|
||||||
self.assertDictEqual(self.credential, r)
|
self.assertDictEqual(self.credential, r)
|
||||||
# Create a second credential with a different user
|
# Create a second credential with a different user
|
||||||
self.user2 = self.new_user_ref(
|
user2 = unit.new_user_ref(domain_id=self.domain['id'],
|
||||||
domain_id=self.domain['id'],
|
|
||||||
project_id=self.project['id'])
|
project_id=self.project['id'])
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
user2 = self.identity_api.create_user(user2)
|
||||||
self.credential2 = self.new_credential_ref(
|
self.credential2 = self.new_credential_ref(
|
||||||
user_id=self.user2['id'],
|
user_id=user2['id'],
|
||||||
project_id=self.project['id'])
|
project_id=self.project['id'])
|
||||||
self.credential_api.create_credential(
|
self.credential_api.create_credential(
|
||||||
self.credential2['id'],
|
self.credential2['id'],
|
||||||
@ -449,7 +436,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
|
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
|
||||||
|
|
||||||
ref = self.new_user_ref(domain_id=self.domain_id)
|
ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
self.post(
|
self.post(
|
||||||
'/users',
|
'/users',
|
||||||
body={'user': ref})
|
body={'user': ref})
|
||||||
@ -463,59 +450,75 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||||||
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
|
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
|
||||||
|
|
||||||
# bootstrap a user as admin
|
# bootstrap a user as admin
|
||||||
user_ref = self.new_user_ref(domain_id=self.domain['id'])
|
user_ref = unit.create_user(self.identity_api,
|
||||||
password = user_ref['password']
|
domain_id=self.domain['id'])
|
||||||
user_ref = self.identity_api.create_user(user_ref)
|
|
||||||
|
self.assertNotIn(user_ref['password'], log_fix.output)
|
||||||
|
|
||||||
# administrative password reset
|
# administrative password reset
|
||||||
new_password = uuid.uuid4().hex
|
new_password = uuid.uuid4().hex
|
||||||
self.patch('/users/%s' % user_ref['id'],
|
self.patch('/users/%s' % user_ref['id'],
|
||||||
body={'user': {'password': new_password}})
|
body={'user': {'password': new_password}})
|
||||||
|
|
||||||
self.assertNotIn(password, log_fix.output)
|
|
||||||
self.assertNotIn(new_password, log_fix.output)
|
self.assertNotIn(new_password, log_fix.output)
|
||||||
|
|
||||||
|
|
||||||
class IdentityV3toV2MethodsTestCase(unit.TestCase):
|
class IdentityV3toV2MethodsTestCase(unit.TestCase):
|
||||||
"""Test users V3 to V2 conversion methods."""
|
"""Test users V3 to V2 conversion methods."""
|
||||||
|
|
||||||
|
def new_user_ref(self, **kwargs):
|
||||||
|
"""Construct a bare bones user ref.
|
||||||
|
|
||||||
|
Omits all optional components.
|
||||||
|
"""
|
||||||
|
ref = unit.new_user_ref(**kwargs)
|
||||||
|
# description is already omitted
|
||||||
|
del ref['email']
|
||||||
|
del ref['enabled']
|
||||||
|
del ref['password']
|
||||||
|
return ref
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(IdentityV3toV2MethodsTestCase, self).setUp()
|
super(IdentityV3toV2MethodsTestCase, self).setUp()
|
||||||
self.load_backends()
|
self.load_backends()
|
||||||
self.user_id = uuid.uuid4().hex
|
user_id = uuid.uuid4().hex
|
||||||
self.default_project_id = uuid.uuid4().hex
|
project_id = uuid.uuid4().hex
|
||||||
self.tenant_id = uuid.uuid4().hex
|
|
||||||
# User with only default_project_id in ref
|
# User with only default_project_id in ref
|
||||||
self.user1 = {'id': self.user_id,
|
self.user1 = self.new_user_ref(
|
||||||
'name': self.user_id,
|
id=user_id,
|
||||||
'default_project_id': self.default_project_id,
|
name=user_id,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
project_id=project_id,
|
||||||
|
domain_id=CONF.identity.default_domain_id)
|
||||||
# User without default_project_id or tenantId in ref
|
# User without default_project_id or tenantId in ref
|
||||||
self.user2 = {'id': self.user_id,
|
self.user2 = self.new_user_ref(
|
||||||
'name': self.user_id,
|
id=user_id,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
name=user_id,
|
||||||
|
domain_id=CONF.identity.default_domain_id)
|
||||||
# User with both tenantId and default_project_id in ref
|
# User with both tenantId and default_project_id in ref
|
||||||
self.user3 = {'id': self.user_id,
|
self.user3 = self.new_user_ref(
|
||||||
'name': self.user_id,
|
id=user_id,
|
||||||
'default_project_id': self.default_project_id,
|
name=user_id,
|
||||||
'tenantId': self.tenant_id,
|
project_id=project_id,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
tenantId=project_id,
|
||||||
|
domain_id=CONF.identity.default_domain_id)
|
||||||
# User with only tenantId in ref
|
# User with only tenantId in ref
|
||||||
self.user4 = {'id': self.user_id,
|
self.user4 = self.new_user_ref(
|
||||||
'name': self.user_id,
|
id=user_id,
|
||||||
'tenantId': self.tenant_id,
|
name=user_id,
|
||||||
'domain_id': CONF.identity.default_domain_id}
|
tenantId=project_id,
|
||||||
|
domain_id=CONF.identity.default_domain_id)
|
||||||
|
|
||||||
# Expected result if the user is meant to have a tenantId element
|
# Expected result if the user is meant to have a tenantId element
|
||||||
self.expected_user = {'id': self.user_id,
|
self.expected_user = {'id': user_id,
|
||||||
'name': self.user_id,
|
'name': user_id,
|
||||||
'username': self.user_id,
|
'username': user_id,
|
||||||
'tenantId': self.default_project_id}
|
'tenantId': project_id}
|
||||||
|
|
||||||
# Expected result if the user is not meant to have a tenantId element
|
# Expected result if the user is not meant to have a tenantId element
|
||||||
self.expected_user_no_tenant_id = {'id': self.user_id,
|
self.expected_user_no_tenant_id = {'id': user_id,
|
||||||
'name': self.user_id,
|
'name': user_id,
|
||||||
'username': self.user_id}
|
'username': user_id}
|
||||||
|
|
||||||
def test_v3_to_v2_user_method(self):
|
def test_v3_to_v2_user_method(self):
|
||||||
|
|
||||||
@ -552,10 +555,8 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
|
|||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(UserSelfServiceChangingPasswordsTestCase, self).setUp()
|
super(UserSelfServiceChangingPasswordsTestCase, self).setUp()
|
||||||
self.user_ref = self.new_user_ref(domain_id=self.domain['id'])
|
self.user_ref = unit.create_user(self.identity_api,
|
||||||
password = self.user_ref['password']
|
domain_id=self.domain['id'])
|
||||||
self.user_ref = self.identity_api.create_user(self.user_ref)
|
|
||||||
self.user_ref['password'] = password
|
|
||||||
self.token = self.get_request_token(self.user_ref['password'],
|
self.token = self.get_request_token(self.user_ref['password'],
|
||||||
http_client.CREATED)
|
http_client.CREATED)
|
||||||
|
|
||||||
|
@ -25,6 +25,7 @@ from keystone.contrib import oauth1
|
|||||||
from keystone.contrib.oauth1 import controllers
|
from keystone.contrib.oauth1 import controllers
|
||||||
from keystone.contrib.oauth1 import core
|
from keystone.contrib.oauth1 import core
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
|
from keystone.tests import unit
|
||||||
from keystone.tests.unit.common import test_notifications
|
from keystone.tests.unit.common import test_notifications
|
||||||
from keystone.tests.unit.ksfixtures import temporaryfile
|
from keystone.tests.unit.ksfixtures import temporaryfile
|
||||||
from keystone.tests.unit import test_v3
|
from keystone.tests.unit import test_v3
|
||||||
@ -388,7 +389,7 @@ class AuthTokenTests(OAuthFlowTests):
|
|||||||
self.assertEqual(self.role_id, roles_list[0]['id'])
|
self.assertEqual(self.role_id, roles_list[0]['id'])
|
||||||
|
|
||||||
# verify that the token can perform delegated tasks
|
# verify that the token can perform delegated tasks
|
||||||
ref = self.new_user_ref(domain_id=self.domain_id)
|
ref = unit.new_user_ref(domain_id=self.domain_id)
|
||||||
r = self.admin_request(path='/v3/users', headers=headers,
|
r = self.admin_request(path='/v3/users', headers=headers,
|
||||||
method='POST', body={'user': ref})
|
method='POST', body={'user': ref})
|
||||||
self.assertValidUserResponse(r, ref)
|
self.assertValidUserResponse(r, ref)
|
||||||
|
@ -74,23 +74,12 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
|
|||||||
self.resource_api.create_domain(self.domainC['id'], self.domainC)
|
self.resource_api.create_domain(self.domainC['id'], self.domainC)
|
||||||
|
|
||||||
# Now create some users, one in domainA and two of them in domainB
|
# Now create some users, one in domainA and two of them in domainB
|
||||||
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
|
self.user1 = unit.create_user(self.identity_api,
|
||||||
password = uuid.uuid4().hex
|
domain_id=self.domainA['id'])
|
||||||
self.user1['password'] = password
|
self.user2 = unit.create_user(self.identity_api,
|
||||||
self.user1 = self.identity_api.create_user(self.user1)
|
domain_id=self.domainB['id'])
|
||||||
self.user1['password'] = password
|
self.user3 = unit.create_user(self.identity_api,
|
||||||
|
domain_id=self.domainB['id'])
|
||||||
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
|
|
||||||
password = uuid.uuid4().hex
|
|
||||||
self.user2['password'] = password
|
|
||||||
self.user2 = self.identity_api.create_user(self.user2)
|
|
||||||
self.user2['password'] = password
|
|
||||||
|
|
||||||
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
|
|
||||||
password = uuid.uuid4().hex
|
|
||||||
self.user3['password'] = password
|
|
||||||
self.user3 = self.identity_api.create_user(self.user3)
|
|
||||||
self.user3['password'] = password
|
|
||||||
|
|
||||||
self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
|
self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
|
||||||
self.group1 = self.identity_api.create_group(self.group1)
|
self.group1 = self.identity_api.create_group(self.group1)
|
||||||
@ -347,26 +336,15 @@ class IdentityTestPolicySample(test_v3.RestfulTestCase):
|
|||||||
def load_sample_data(self):
|
def load_sample_data(self):
|
||||||
self._populate_default_domain()
|
self._populate_default_domain()
|
||||||
|
|
||||||
self.just_a_user = self.new_user_ref(
|
self.just_a_user = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
domain_id=CONF.identity.default_domain_id)
|
domain_id=CONF.identity.default_domain_id)
|
||||||
password = uuid.uuid4().hex
|
self.another_user = unit.create_user(
|
||||||
self.just_a_user['password'] = password
|
self.identity_api,
|
||||||
self.just_a_user = self.identity_api.create_user(self.just_a_user)
|
|
||||||
self.just_a_user['password'] = password
|
|
||||||
|
|
||||||
self.another_user = self.new_user_ref(
|
|
||||||
domain_id=CONF.identity.default_domain_id)
|
domain_id=CONF.identity.default_domain_id)
|
||||||
password = uuid.uuid4().hex
|
self.admin_user = unit.create_user(
|
||||||
self.another_user['password'] = password
|
self.identity_api,
|
||||||
self.another_user = self.identity_api.create_user(self.another_user)
|
|
||||||
self.another_user['password'] = password
|
|
||||||
|
|
||||||
self.admin_user = self.new_user_ref(
|
|
||||||
domain_id=CONF.identity.default_domain_id)
|
domain_id=CONF.identity.default_domain_id)
|
||||||
password = uuid.uuid4().hex
|
|
||||||
self.admin_user['password'] = password
|
|
||||||
self.admin_user = self.identity_api.create_user(self.admin_user)
|
|
||||||
self.admin_user['password'] = password
|
|
||||||
|
|
||||||
self.role = unit.new_role_ref()
|
self.role = unit.new_role_ref()
|
||||||
self.role_api.create_role(self.role['id'], self.role)
|
self.role_api.create_role(self.role['id'], self.role)
|
||||||
@ -626,32 +604,18 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
|
|||||||
self.admin_domain)
|
self.admin_domain)
|
||||||
|
|
||||||
# And our users
|
# And our users
|
||||||
self.cloud_admin_user = self.new_user_ref(
|
self.cloud_admin_user = unit.create_user(
|
||||||
|
self.identity_api,
|
||||||
domain_id=self.admin_domain['id'])
|
domain_id=self.admin_domain['id'])
|
||||||
password = uuid.uuid4().hex
|
self.just_a_user = unit.create_user(
|
||||||
self.cloud_admin_user['password'] = password
|
self.identity_api,
|
||||||
self.cloud_admin_user = (
|
|
||||||
self.identity_api.create_user(self.cloud_admin_user))
|
|
||||||
self.cloud_admin_user['password'] = password
|
|
||||||
self.just_a_user = self.new_user_ref(domain_id=self.domainA['id'])
|
|
||||||
password = uuid.uuid4().hex
|
|
||||||
self.just_a_user['password'] = password
|
|
||||||
self.just_a_user = self.identity_api.create_user(self.just_a_user)
|
|
||||||
self.just_a_user['password'] = password
|
|
||||||
self.domain_admin_user = self.new_user_ref(
|
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
password = uuid.uuid4().hex
|
self.domain_admin_user = unit.create_user(
|
||||||
self.domain_admin_user['password'] = password
|
self.identity_api,
|
||||||
self.domain_admin_user = (
|
domain_id=self.domainA['id'])
|
||||||
self.identity_api.create_user(self.domain_admin_user))
|
self.project_admin_user = unit.create_user(
|
||||||
self.domain_admin_user['password'] = password
|
self.identity_api,
|
||||||
self.project_admin_user = self.new_user_ref(
|
|
||||||
domain_id=self.domainA['id'])
|
domain_id=self.domainA['id'])
|
||||||
password = uuid.uuid4().hex
|
|
||||||
self.project_admin_user['password'] = password
|
|
||||||
self.project_admin_user = (
|
|
||||||
self.identity_api.create_user(self.project_admin_user))
|
|
||||||
self.project_admin_user['password'] = password
|
|
||||||
|
|
||||||
# The admin role and another plain role
|
# The admin role and another plain role
|
||||||
self.admin_role = unit.new_role_ref(name='admin')
|
self.admin_role = unit.new_role_ref(name='admin')
|
||||||
@ -706,7 +670,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
|
|||||||
self.delete(entity_url, auth=self.auth,
|
self.delete(entity_url, auth=self.auth,
|
||||||
expected_status=status_no_data)
|
expected_status=status_no_data)
|
||||||
|
|
||||||
user_ref = self.new_user_ref(domain_id=domain_id)
|
user_ref = unit.new_user_ref(domain_id=domain_id)
|
||||||
self.post('/users', auth=self.auth, body={'user': user_ref},
|
self.post('/users', auth=self.auth, body={'user': user_ref},
|
||||||
expected_status=status_created)
|
expected_status=status_created)
|
||||||
|
|
||||||
@ -1079,9 +1043,8 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
|
|||||||
|
|
||||||
def test_get_and_delete_ec2_credentials(self):
|
def test_get_and_delete_ec2_credentials(self):
|
||||||
"""Tests getting and deleting ec2 credentials through the ec2 API."""
|
"""Tests getting and deleting ec2 credentials through the ec2 API."""
|
||||||
another_user = self.new_user_ref(domain_id=self.domainA['id'])
|
another_user = unit.create_user(self.identity_api,
|
||||||
password = another_user['password']
|
domain_id=self.domainA['id'])
|
||||||
another_user = self.identity_api.create_user(another_user)
|
|
||||||
|
|
||||||
# create a credential for just_a_user
|
# create a credential for just_a_user
|
||||||
just_user_auth = self.build_authentication_request(
|
just_user_auth = self.build_authentication_request(
|
||||||
@ -1095,7 +1058,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
|
|||||||
# another normal user can't get the credential
|
# another normal user can't get the credential
|
||||||
another_user_auth = self.build_authentication_request(
|
another_user_auth = self.build_authentication_request(
|
||||||
user_id=another_user['id'],
|
user_id=another_user['id'],
|
||||||
password=password)
|
password=another_user['password'])
|
||||||
another_user_url = '/users/%s/credentials/OS-EC2/%s' % (
|
another_user_url = '/users/%s/credentials/OS-EC2/%s' % (
|
||||||
another_user['id'], r.result['credential']['access'])
|
another_user['id'], r.result['credential']['access'])
|
||||||
self.get(another_user_url, auth=another_user_auth,
|
self.get(another_user_url, auth=another_user_auth,
|
||||||
|
@ -1717,13 +1717,8 @@ class UserValidationTestCase(unit.BaseTestCase):
|
|||||||
|
|
||||||
def test_validate_user_create_with_all_valid_parameters_succeeds(self):
|
def test_validate_user_create_with_all_valid_parameters_succeeds(self):
|
||||||
"""Test that validating a user create request succeeds."""
|
"""Test that validating a user create request succeeds."""
|
||||||
request_to_validate = {'name': self.user_name,
|
request_to_validate = unit.new_user_ref(domain_id=uuid.uuid4().hex,
|
||||||
'default_project_id': uuid.uuid4().hex,
|
name=self.user_name)
|
||||||
'domain_id': uuid.uuid4().hex,
|
|
||||||
'description': uuid.uuid4().hex,
|
|
||||||
'enabled': True,
|
|
||||||
'email': uuid.uuid4().hex,
|
|
||||||
'password': uuid.uuid4().hex}
|
|
||||||
self.create_user_validator.validate(request_to_validate)
|
self.create_user_validator.validate(request_to_validate)
|
||||||
|
|
||||||
def test_validate_user_create_fails_without_name(self):
|
def test_validate_user_create_fails_without_name(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user