openstack
/
keystone
Code Issues Proposed changes

Use unit.new_user_ref consistently 

Replace all hand created user refs with calls to new_user_ref().

Note: LDAP live testing code will be updated in a follow on patch.
They require more testing before submission.

Change-Id: I73b1d869534ac3a1bcd2404ef1dd3a0d5b7ea518
This commit is contained in:
Sean Perry 2015-11-10 16:25:02 -08:00
parent 7b6a5a7515
commit 5784285e9f
21 changed files with 469 additions and 792 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
keystone/tests/unit/common/test_notifications.py
View File

@ -338,16 +338,16 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_ROLE) cadftaxonomy.SECURITY_ROLE)
def test_create_user(self): def test_create_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id) user_ref = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(user_ref) user_ref = self.identity_api.create_user(user_ref)
self._assert_last_note(user_ref['id'], CREATED_OPERATION, 'user') self._assert_last_note(user_ref['id'], CREATED_OPERATION, 'user')
self._assert_last_audit(user_ref['id'], CREATED_OPERATION, 'user', self._assert_last_audit(user_ref['id'], CREATED_OPERATION, 'user',
cadftaxonomy.SECURITY_ACCOUNT_USER) cadftaxonomy.SECURITY_ACCOUNT_USER)
def test_create_trust(self): def test_create_trust(self):
trustor = self.new_user_ref(domain_id=self.domain_id) trustor = unit.new_user_ref(domain_id=self.domain_id)
trustor = self.identity_api.create_user(trustor) trustor = self.identity_api.create_user(trustor)
trustee = self.new_user_ref(domain_id=self.domain_id) trustee = unit.new_user_ref(domain_id=self.domain_id)
trustee = self.identity_api.create_user(trustee) trustee = self.identity_api.create_user(trustee)
role_ref = unit.new_role_ref() role_ref = unit.new_role_ref()
self.role_api.create_role(role_ref['id'], role_ref) self.role_api.create_role(role_ref['id'], role_ref)
@ -387,7 +387,7 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_ROLE) cadftaxonomy.SECURITY_ROLE)
def test_delete_user(self): def test_delete_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id) user_ref = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(user_ref) user_ref = self.identity_api.create_user(user_ref)
self.identity_api.delete_user(user_ref['id']) self.identity_api.delete_user(user_ref['id'])
self._assert_last_note(user_ref['id'], DELETED_OPERATION, 'user') self._assert_last_note(user_ref['id'], DELETED_OPERATION, 'user')
@ -421,9 +421,9 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_DOMAIN) cadftaxonomy.SECURITY_DOMAIN)
def test_delete_trust(self): def test_delete_trust(self):
trustor = self.new_user_ref(domain_id=self.domain_id) trustor = unit.new_user_ref(domain_id=self.domain_id)
trustor = self.identity_api.create_user(trustor) trustor = self.identity_api.create_user(trustor)
trustee = self.new_user_ref(domain_id=self.domain_id) trustee = unit.new_user_ref(domain_id=self.domain_id)
trustee = self.identity_api.create_user(trustee) trustee = self.identity_api.create_user(trustee)
role_ref = unit.new_role_ref() role_ref = unit.new_role_ref()
trust_ref = self.new_trust_ref(trustor['id'], trustee['id']) trust_ref = self.new_trust_ref(trustor['id'], trustee['id'])
@ -616,7 +616,7 @@ class NotificationsForEntities(BaseNotificationTest):
cadftaxonomy.SECURITY_ROLE) cadftaxonomy.SECURITY_ROLE)
def test_update_user(self): def test_update_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id) user_ref = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(user_ref) user_ref = self.identity_api.create_user(user_ref)
self.identity_api.update_user(user_ref['id'], user_ref) self.identity_api.update_user(user_ref['id'], user_ref)
self._assert_last_note(user_ref['id'], UPDATED_OPERATION, 'user') self._assert_last_note(user_ref['id'], UPDATED_OPERATION, 'user')

21
keystone/tests/unit/core.py
View File

@ -312,13 +312,18 @@ def new_project_ref(domain_id=None, parent_id=None, is_domain=False):
return ref return ref
def new_user_ref(domain_id, project_id=None): def new_user_ref(domain_id, project_id=None, **kwargs):
ref = new_ref() ref = new_ref()
# do not include by default, allow user to add with kwargs
del ref['description']
ref['domain_id'] = domain_id ref['domain_id'] = domain_id
ref['email'] = uuid.uuid4().hex ref['email'] = uuid.uuid4().hex
ref['password'] = uuid.uuid4().hex ref['password'] = uuid.uuid4().hex
if project_id: if project_id:
ref['default_project_id'] = project_id ref['default_project_id'] = project_id
ref.update(**kwargs)
return ref return ref
@ -400,6 +405,20 @@ def new_trust_ref(trustor_user_id, trustee_user_id, project_id=None,
return ref return ref
def create_user(api, domain_id, **kwargs):
"""Create a user via the API. Keep the created password.
The password is saved and restored when api.create_user() is called.
Only use this routine if there is a requirement for the user object to
have a valid password after api.create_user() is called.
"""
user = new_user_ref(domain_id=domain_id, **kwargs)
password = user['password']
user = api.create_user(user)
user['password'] = password
return user
class BaseTestCase(oslotest.BaseTestCase): class BaseTestCase(oslotest.BaseTestCase):
"""Light weight base test class. """Light weight base test class.

14
keystone/tests/unit/test_auth.py
View File

@ -715,15 +715,9 @@ class AuthWithPasswordCredentials(AuthTest):
# 2) Create user "foo" in new domain with different password than # 2) Create user "foo" in new domain with different password than
# default-domain foo. # default-domain foo.
new_user_password = uuid.uuid4().hex new_user = unit.create_user(self.identity_api,
new_user = { name=self.user_foo['name'],
'name': self.user_foo['name'], domain_id=new_domain_id)
'domain_id': new_domain_id,
'password': new_user_password,
'email': 'foo@bar2.com',
}
new_user = self.identity_api.create_user(new_user)
# 3) Update the default_domain_id config option to the new domain # 3) Update the default_domain_id config option to the new domain
@ -734,7 +728,7 @@ class AuthWithPasswordCredentials(AuthTest):
body_dict = _build_user_auth( body_dict = _build_user_auth(
username=self.user_foo['name'], username=self.user_foo['name'],
password=new_user_password) password=new_user['password'])
# The test is successful if this doesn't raise, so no need to assert. # The test is successful if this doesn't raise, so no need to assert.
self.controller.authenticate({}, body_dict) self.controller.authenticate({}, body_dict)

301
keystone/tests/unit/test_backend.py
View File

@ -198,7 +198,7 @@ class AssignmentTestHelperMixin(object):
def _create_entity_in_domain(entity_type, domain_id): def _create_entity_in_domain(entity_type, domain_id):
"""Create a user or group entity in the domain.""" """Create a user or group entity in the domain."""
if entity_type == 'users': if entity_type == 'users':
new_entity = {'name': uuid.uuid4().hex, 'domain_id': domain_id} new_entity = unit.new_user_ref(domain_id=domain_id)
new_entity = self.identity_api.create_user(new_entity) new_entity = self.identity_api.create_user(new_entity)
elif entity_type == 'groups': elif entity_type == 'groups':
new_entity = unit.new_group_ref(domain_id=domain_id) new_entity = unit.new_group_ref(domain_id=domain_id)
@ -479,11 +479,12 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertDictEqual(self.user_sna, user_ref) self.assertDictEqual(self.user_sna, user_ref)
def test_authenticate_and_get_roles_no_metadata(self): def test_authenticate_and_get_roles_no_metadata(self):
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': 'NO_META',
'domain_id': DEFAULT_DOMAIN_ID, # Remove user id. It is ignored by create_user() and will break the
'password': 'no_meta2', # subset test below.
} del user['id']
new_user = self.identity_api.create_user(user) new_user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'], self.assignment_api.add_user_to_project(self.tenant_baz['id'],
new_user['id']) new_user['id'])
@ -504,10 +505,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_authenticate_if_no_password_set(self): def test_authenticate_if_no_password_set(self):
id_ = uuid.uuid4().hex id_ = uuid.uuid4().hex
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
}
self.identity_api.create_user(user) self.identity_api.create_user(user)
self.assertRaises(AssertionError, self.assertRaises(AssertionError,
@ -518,9 +516,8 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_create_unicode_user_name(self): def test_create_unicode_user_name(self):
unicode_name = u'name \u540d\u5b57' unicode_name = u'name \u540d\u5b57'
user = {'name': unicode_name, user = unit.new_user_ref(name=unicode_name,
'domain_id': DEFAULT_DOMAIN_ID, domain_id=DEFAULT_DOMAIN_ID)
'password': uuid.uuid4().hex}
ref = self.identity_api.create_user(user) ref = self.identity_api.create_user(user)
self.assertEqual(unicode_name, ref['name']) self.assertEqual(unicode_name, ref['name'])
@ -554,11 +551,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_list_user_ids_for_project_no_duplicates(self): def test_list_user_ids_for_project_no_duplicates(self):
# Create user # Create user
user_ref = { user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
'enabled': True}
user_ref = self.identity_api.create_user(user_ref) user_ref = self.identity_api.create_user(user_ref)
# Create project # Create project
project_ref = { project_ref = {
@ -596,10 +589,7 @@ class IdentityTests(AssignmentTestHelperMixin):
@unit.skip_if_cache_disabled('identity') @unit.skip_if_cache_disabled('identity')
def test_cache_layer_get_user(self): def test_cache_layer_get_user(self):
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex.lower(),
'domain_id': DEFAULT_DOMAIN_ID
}
self.identity_api.create_user(user) self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'], ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id']) user['domain_id'])
@ -614,11 +604,8 @@ class IdentityTests(AssignmentTestHelperMixin):
self.identity_api.get_user.invalidate(self.identity_api, ref['id']) self.identity_api.get_user.invalidate(self.identity_api, ref['id'])
self.assertRaises(exception.UserNotFound, self.assertRaises(exception.UserNotFound,
self.identity_api.get_user, ref['id']) self.identity_api.get_user, ref['id'])
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex.lower(), user = self.identity_api.create_user(user)
'domain_id': DEFAULT_DOMAIN_ID
}
self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'], ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id']) user['domain_id'])
user['description'] = uuid.uuid4().hex user['description'] = uuid.uuid4().hex
@ -648,10 +635,7 @@ class IdentityTests(AssignmentTestHelperMixin):
@unit.skip_if_cache_disabled('identity') @unit.skip_if_cache_disabled('identity')
def test_cache_layer_get_user_by_name(self): def test_cache_layer_get_user_by_name(self):
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex.lower(),
'domain_id': DEFAULT_DOMAIN_ID
}
self.identity_api.create_user(user) self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'], ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id']) user['domain_id'])
@ -667,11 +651,8 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertRaises(exception.UserNotFound, self.assertRaises(exception.UserNotFound,
self.identity_api.get_user_by_name, self.identity_api.get_user_by_name,
user['name'], DEFAULT_DOMAIN_ID) user['name'], DEFAULT_DOMAIN_ID)
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex.lower(), user = self.identity_api.create_user(user)
'domain_id': DEFAULT_DOMAIN_ID
}
self.identity_api.create_user(user)
ref = self.identity_api.get_user_by_name(user['name'], ref = self.identity_api.get_user_by_name(user['name'],
user['domain_id']) user['domain_id'])
user['description'] = uuid.uuid4().hex user['description'] = uuid.uuid4().hex
@ -689,10 +670,7 @@ class IdentityTests(AssignmentTestHelperMixin):
DEFAULT_DOMAIN_ID) DEFAULT_DOMAIN_ID)
def test_create_duplicate_user_name_fails(self): def test_create_duplicate_user_name_fails(self):
user = {'name': 'fake1', user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.assertRaises(exception.Conflict, self.assertRaises(exception.Conflict,
self.identity_api.create_user, self.identity_api.create_user,
@ -701,12 +679,11 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_create_duplicate_user_name_in_different_domains(self): def test_create_duplicate_user_name_in_different_domains(self):
new_domain = unit.new_domain_ref() new_domain = unit.new_domain_ref()
self.resource_api.create_domain(new_domain['id'], new_domain) self.resource_api.create_domain(new_domain['id'], new_domain)
user1 = {'name': uuid.uuid4().hex, user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex} user2 = unit.new_user_ref(name=user1['name'],
user2 = {'name': user1['name'], domain_id=new_domain['id'])
'domain_id': new_domain['id'],
'password': uuid.uuid4().hex}
self.identity_api.create_user(user1) self.identity_api.create_user(user1)
self.identity_api.create_user(user2) self.identity_api.create_user(user2)
@ -715,9 +692,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(domain1['id'], domain1) self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref() domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2) self.resource_api.create_domain(domain2['id'], domain2)
user = {'name': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=domain1['id'])
'domain_id': domain1['id'],
'password': uuid.uuid4().hex}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user['domain_id'] = domain2['id'] user['domain_id'] = domain2['id']
self.identity_api.update_user(user['id'], user) self.identity_api.update_user(user['id'], user)
@ -731,15 +706,12 @@ class IdentityTests(AssignmentTestHelperMixin):
domain2 = unit.new_domain_ref() domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2) self.resource_api.create_domain(domain2['id'], domain2)
# First, create a user in domain1 # First, create a user in domain1
user1 = {'name': uuid.uuid4().hex, user1 = unit.new_user_ref(domain_id=domain1['id'])
'domain_id': domain1['id'],
'password': uuid.uuid4().hex}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
# Now create a user in domain2 with a potentially clashing # Now create a user in domain2 with a potentially clashing
# name - which should work since we have domain separation # name - which should work since we have domain separation
user2 = {'name': user1['name'], user2 = unit.new_user_ref(name=user1['name'],
'domain_id': domain2['id'], domain_id=domain2['id'])
'password': uuid.uuid4().hex}
user2 = self.identity_api.create_user(user2) user2 = self.identity_api.create_user(user2)
# Now try and move user1 into the 2nd domain - which should # Now try and move user1 into the 2nd domain - which should
# fail since the names clash # fail since the names clash
@ -750,27 +722,18 @@ class IdentityTests(AssignmentTestHelperMixin):
user1) user1)
def test_rename_duplicate_user_name_fails(self): def test_rename_duplicate_user_name_fails(self):
user1 = {'name': 'fake1', user1 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID, user2 = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'password': 'fakepass',
'tenants': ['bar']}
user2 = {'name': 'fake2',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
self.identity_api.create_user(user1) self.identity_api.create_user(user1)
user2 = self.identity_api.create_user(user2) user2 = self.identity_api.create_user(user2)
user2['name'] = 'fake1' user2['name'] = user1['name']
self.assertRaises(exception.Conflict, self.assertRaises(exception.Conflict,
self.identity_api.update_user, self.identity_api.update_user,
user2['id'], user2['id'],
user2) user2)
def test_update_user_id_fails(self): def test_update_user_id_fails(self):
user = {'name': 'fake1', user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'fakepass',
'tenants': ['bar']}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
original_id = user['id'] original_id = user['id']
user['id'] = 'fake2' user['id'] = 'fake2'
@ -965,10 +928,7 @@ class IdentityTests(AssignmentTestHelperMixin):
- Check the role list get by the user and project was as expected - Check the role list get by the user and project was as expected
""" """
user_ref = {'name': uuid.uuid4().hex, user_ref = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
'enabled': True}
user_ref = self.identity_api.create_user(user_ref) user_ref = self.identity_api.create_user(user_ref)
project_ref = {'id': uuid.uuid4().hex, project_ref = {'id': uuid.uuid4().hex,
@ -1032,11 +992,9 @@ class IdentityTests(AssignmentTestHelperMixin):
""" """
new_domain = unit.new_domain_ref() new_domain = unit.new_domain_ref()
self.resource_api.create_domain(new_domain['id'], new_domain) self.resource_api.create_domain(new_domain['id'], new_domain)
new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user1 = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user1 = self.identity_api.create_user(new_user1) new_user1 = self.identity_api.create_user(new_user1)
new_user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user2 = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user2 = self.identity_api.create_user(new_user2) new_user2 = self.identity_api.create_user(new_user2)
roles_ref = self.assignment_api.list_grants( roles_ref = self.assignment_api.list_grants(
user_id=new_user1['id'], user_id=new_user1['id'],
@ -1081,8 +1039,7 @@ class IdentityTests(AssignmentTestHelperMixin):
""" """
new_domain = self._get_domain_fixture() new_domain = self._get_domain_fixture()
new_user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user1 = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user1 = self.identity_api.create_user(new_user1) new_user1 = self.identity_api.create_user(new_user1)
self.assertRaises(exception.UserNotFound, self.assertRaises(exception.UserNotFound,
@ -1247,8 +1204,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(new_domain['id'], new_domain) self.resource_api.create_domain(new_domain['id'], new_domain)
new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': 'secret', new_user = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -1282,8 +1238,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(new_domain['id'], new_domain) self.resource_api.create_domain(new_domain['id'], new_domain)
new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -1325,11 +1280,9 @@ class IdentityTests(AssignmentTestHelperMixin):
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_group2 = unit.new_group_ref(domain_id=new_domain['id']) new_group2 = unit.new_group_ref(domain_id=new_domain['id'])
new_group2 = self.identity_api.create_group(new_group2) new_group2 = self.identity_api.create_group(new_group2)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
new_user2 = {'name': 'new_user2', 'password': uuid.uuid4().hex, new_user2 = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user2 = self.identity_api.create_user(new_user2) new_user2 = self.identity_api.create_user(new_user2)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -1375,8 +1328,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_get_and_remove_role_grant_by_user_and_domain(self): def test_get_and_remove_role_grant_by_user_and_domain(self):
new_domain = unit.new_domain_ref() new_domain = unit.new_domain_ref()
self.resource_api.create_domain(new_domain['id'], new_domain) self.resource_api.create_domain(new_domain['id'], new_domain)
new_user = {'name': 'new_user', 'password': 'secret', new_user = unit.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
roles_ref = self.assignment_api.list_grants( roles_ref = self.assignment_api.list_grants(
user_id=new_user['id'], user_id=new_user['id'],
@ -1461,8 +1413,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(domain1['id'], domain1) self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref() domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2) self.resource_api.create_domain(domain2['id'], domain2)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
roles_ref = self.assignment_api.list_grants( roles_ref = self.assignment_api.list_grants(
user_id=user1['id'], user_id=user1['id'],
@ -1552,8 +1503,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.create_domain(domain1['id'], domain1) self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref() domain2 = unit.new_domain_ref()
self.resource_api.create_domain(domain2['id'], domain2) self.resource_api.create_domain(domain2['id'], domain2)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain2['id']} 'domain_id': domain2['id']}
@ -1621,8 +1571,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertRaises(exception.RoleNotFound, f, self.assertRaises(exception.RoleNotFound, f,
role_id=uuid.uuid4().hex, **kwargs) role_id=uuid.uuid4().hex, **kwargs)
user = {'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'password': uuid.uuid4().hex, 'enabled': True}
user_resp = self.identity_api.create_user(user) user_resp = self.identity_api.create_user(user)
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
group_resp = self.identity_api.create_group(group) group_resp = self.identity_api.create_group(group)
@ -1654,8 +1603,7 @@ class IdentityTests(AssignmentTestHelperMixin):
role_list.append(role) role_list.append(role)
domain1 = unit.new_domain_ref() domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1) self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -1761,8 +1709,7 @@ class IdentityTests(AssignmentTestHelperMixin):
role_list.append(role) role_list.append(role)
domain1 = unit.new_domain_ref() domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1) self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -1824,8 +1771,7 @@ class IdentityTests(AssignmentTestHelperMixin):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']} 'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1) self.resource_api.create_project(project1['id'], project1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -1883,8 +1829,7 @@ class IdentityTests(AssignmentTestHelperMixin):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']} 'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1) self.resource_api.create_project(project1['id'], project1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -1921,8 +1866,7 @@ class IdentityTests(AssignmentTestHelperMixin):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']} 'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1) self.resource_api.create_project(project1['id'], project1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -2132,9 +2076,7 @@ class IdentityTests(AssignmentTestHelperMixin):
'domain_id': DEFAULT_DOMAIN_ID}) 'domain_id': DEFAULT_DOMAIN_ID})
def test_delete_user_with_project_association(self): def test_delete_user_with_project_association(self):
user = {'name': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'], self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id']) user['id'])
@ -2144,9 +2086,7 @@ class IdentityTests(AssignmentTestHelperMixin):
user['id']) user['id'])
def test_delete_user_with_project_roles(self): def test_delete_user_with_project_roles(self):
user = {'name': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.assignment_api.add_role_to_user_and_project( self.assignment_api.add_role_to_user_and_project(
user['id'], user['id'],
@ -2254,22 +2194,21 @@ class IdentityTests(AssignmentTestHelperMixin):
tenant) tenant)
def test_create_user_long_name_fails(self): def test_create_user_long_name_fails(self):
user = {'name': 'a' * 256, user = unit.new_user_ref(name='a' * 256,
'domain_id': DEFAULT_DOMAIN_ID} domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.identity_api.create_user, self.identity_api.create_user,
user) user)
def test_create_user_blank_name_fails(self): def test_create_user_blank_name_fails(self):
user = {'name': '', user = unit.new_user_ref(name='',
'domain_id': DEFAULT_DOMAIN_ID} domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.identity_api.create_user, self.identity_api.create_user,
user) user)
def test_create_user_missed_password(self): def test_create_user_missed_password(self):
user = {'name': 'fake1', user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.identity_api.get_user(user['id']) self.identity_api.get_user(user['id'])
# Make sure the user is not allowed to login # Make sure the user is not allowed to login
@ -2286,8 +2225,8 @@ class IdentityTests(AssignmentTestHelperMixin):
password=None) password=None)
def test_create_user_none_password(self): def test_create_user_none_password(self):
user = {'name': 'fake1', 'password': None, user = unit.new_user_ref(password=None,
'domain_id': DEFAULT_DOMAIN_ID} domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.identity_api.get_user(user['id']) self.identity_api.get_user(user['id'])
# Make sure the user is not allowed to login # Make sure the user is not allowed to login
@ -2304,14 +2243,14 @@ class IdentityTests(AssignmentTestHelperMixin):
password=None) password=None)
def test_create_user_invalid_name_fails(self): def test_create_user_invalid_name_fails(self):
user = {'name': None, user = unit.new_user_ref(name=None,
'domain_id': DEFAULT_DOMAIN_ID} domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.identity_api.create_user, self.identity_api.create_user,
user) user)
user = {'name': 123, user = unit.new_user_ref(name=123,
'domain_id': DEFAULT_DOMAIN_ID} domain_id=DEFAULT_DOMAIN_ID)
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.identity_api.create_user, self.identity_api.create_user,
user) user)
@ -2354,18 +2293,15 @@ class IdentityTests(AssignmentTestHelperMixin):
project) project)
def test_create_user_invalid_enabled_type_string(self): def test_create_user_invalid_enabled_type_string(self):
user = {'name': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
'domain_id': DEFAULT_DOMAIN_ID, # invalid string value
'password': uuid.uuid4().hex, enabled='true')
# invalid string value
'enabled': "true"}
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.identity_api.create_user, self.identity_api.create_user,
user) user)
def test_update_user_long_name_fails(self): def test_update_user_long_name_fails(self):
user = {'name': 'fake1', user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user['name'] = 'a' * 256 user['name'] = 'a' * 256
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
@ -2374,8 +2310,7 @@ class IdentityTests(AssignmentTestHelperMixin):
user) user)
def test_update_user_blank_name_fails(self): def test_update_user_blank_name_fails(self):
user = {'name': 'fake1', user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user['name'] = '' user['name'] = ''
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
@ -2384,8 +2319,7 @@ class IdentityTests(AssignmentTestHelperMixin):
user) user)
def test_update_user_invalid_name_fails(self): def test_update_user_invalid_name_fails(self):
user = {'name': 'fake1', user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user['name'] = None user['name'] = None
@ -2876,15 +2810,13 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertDictEqual(original_project, new_project) self.assertDictEqual(original_project, new_project)
def test_create_user_doesnt_modify_passed_in_dict(self): def test_create_user_doesnt_modify_passed_in_dict(self):
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
original_user = new_user.copy() original_user = new_user.copy()
self.identity_api.create_user(new_user) self.identity_api.create_user(new_user)
self.assertDictEqual(original_user, new_user) self.assertDictEqual(original_user, new_user)
def test_update_user_enable(self): def test_update_user_enable(self):
user = {'name': 'fake1', 'enabled': True, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id']) user_ref = self.identity_api.get_user(user['id'])
self.assertTrue(user_ref['enabled']) self.assertTrue(user_ref['enabled'])
@ -2923,9 +2855,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertTrue(user_ref['enabled']) self.assertTrue(user_ref['enabled'])
def test_update_user_name(self): def test_update_user_name(self):
user = {'name': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'enabled': True,
'domain_id': DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id']) user_ref = self.identity_api.get_user(user['id'])
self.assertEqual(user['name'], user_ref['name']) self.assertEqual(user['name'], user_ref['name'])
@ -2946,14 +2876,13 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertEqual(changed_name, user_ref['name']) self.assertEqual(changed_name, user_ref['name'])
def test_update_user_enable_fails(self): def test_update_user_enable_fails(self):
user = {'name': 'fake1', 'enabled': True, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id']) user_ref = self.identity_api.get_user(user['id'])
self.assertTrue(user_ref['enabled']) self.assertTrue(user_ref['enabled'])
# Strings are not valid boolean values # Strings are not valid boolean values
user['enabled'] = "false" user['enabled'] = 'false'
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.identity_api.update_user, self.identity_api.update_user,
user['id'], user['id'],
@ -2991,8 +2920,7 @@ class IdentityTests(AssignmentTestHelperMixin):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=domain['id']) new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -3006,8 +2934,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_add_user_to_group_returns_not_found(self): def test_add_user_to_group_returns_not_found(self):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.assertRaises(exception.GroupNotFound, self.assertRaises(exception.GroupNotFound,
self.identity_api.add_user_to_group, self.identity_api.add_user_to_group,
@ -3030,8 +2957,7 @@ class IdentityTests(AssignmentTestHelperMixin):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=domain['id']) new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -3042,8 +2968,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertRaises(exception.DomainNotFound, self.assertRaises(exception.DomainNotFound,
self.identity_api.create_group, self.identity_api.create_group,
new_group) new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id="doesnotexist")
'enabled': True, 'domain_id': "doesnotexist"}
self.assertRaises(exception.DomainNotFound, self.assertRaises(exception.DomainNotFound,
self.identity_api.create_user, self.identity_api.create_user,
new_user) new_user)
@ -3052,8 +2977,7 @@ class IdentityTests(AssignmentTestHelperMixin):
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.assertRaises(exception.NotFound, self.assertRaises(exception.NotFound,
@ -3062,8 +2986,7 @@ class IdentityTests(AssignmentTestHelperMixin):
new_group['id']) new_group['id'])
def test_check_user_in_group_returns_not_found(self): def test_check_user_in_group_returns_not_found(self):
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) new_group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)
@ -3093,8 +3016,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertEqual([], user_refs) self.assertEqual([], user_refs)
# Make sure we get the correct users back once they have been added # Make sure we get the correct users back once they have been added
# to the group. # to the group.
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -3119,8 +3041,7 @@ class IdentityTests(AssignmentTestHelperMixin):
USER_COUNT = 2 USER_COUNT = 2
for x in range(0, USER_COUNT): for x in range(0, USER_COUNT):
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
test_users.append(new_user) test_users.append(new_user)
positive_user = test_users[0] positive_user = test_users[0]
@ -3179,8 +3100,7 @@ class IdentityTests(AssignmentTestHelperMixin):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=domain['id']) new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -3193,8 +3113,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_remove_user_from_group_returns_not_found(self): def test_remove_user_from_group_returns_not_found(self):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = unit.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
new_group = unit.new_group_ref(domain_id=domain['id']) new_group = unit.new_group_ref(domain_id=domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
@ -3700,8 +3619,8 @@ class IdentityTests(AssignmentTestHelperMixin):
assert_key_equals(value) assert_key_equals(value)
def test_user_crud(self): def test_user_crud(self):
user_dict = {'domain_id': DEFAULT_DOMAIN_ID, user_dict = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex, 'password': 'passw0rd'} del user_dict['id']
user = self.identity_api.create_user(user_dict) user = self.identity_api.create_user(user_dict)
user_ref = self.identity_api.get_user(user['id']) user_ref = self.identity_api.get_user(user['id'])
del user_dict['password'] del user_dict['password']
@ -3723,8 +3642,7 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_list_projects_for_user(self): def test_list_projects_for_user(self):
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user1 = unit.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
user_projects = self.assignment_api.list_projects_for_user(user1['id']) user_projects = self.assignment_api.list_projects_for_user(user1['id'])
self.assertEqual(0, len(user_projects)) self.assertEqual(0, len(user_projects))
@ -3743,8 +3661,7 @@ class IdentityTests(AssignmentTestHelperMixin):
# should now be included, along with any direct user grants. # should now be included, along with any direct user grants.
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user1 = unit.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -3912,16 +3829,10 @@ class IdentityTests(AssignmentTestHelperMixin):
self.resource_api.get_project, self.resource_api.get_project,
project_id) project_id)
def create_user_dict(self, **attributes):
user_dict = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'enabled': True}
user_dict.update(attributes)
return user_dict
def test_arbitrary_attributes_are_returned_from_create_user(self): def test_arbitrary_attributes_are_returned_from_create_user(self):
attr_value = uuid.uuid4().hex attr_value = uuid.uuid4().hex
user_data = self.create_user_dict(arbitrary_attr=attr_value) user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
arbitrary_attr=attr_value)
user = self.identity_api.create_user(user_data) user = self.identity_api.create_user(user_data)
@ -3929,7 +3840,8 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_arbitrary_attributes_are_returned_from_get_user(self): def test_arbitrary_attributes_are_returned_from_get_user(self):
attr_value = uuid.uuid4().hex attr_value = uuid.uuid4().hex
user_data = self.create_user_dict(arbitrary_attr=attr_value) user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
arbitrary_attr=attr_value)
user_data = self.identity_api.create_user(user_data) user_data = self.identity_api.create_user(user_data)
@ -3937,7 +3849,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertEqual(attr_value, user['arbitrary_attr']) self.assertEqual(attr_value, user['arbitrary_attr'])
def test_new_arbitrary_attributes_are_returned_from_update_user(self): def test_new_arbitrary_attributes_are_returned_from_update_user(self):
user_data = self.create_user_dict() user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
user = self.identity_api.create_user(user_data) user = self.identity_api.create_user(user_data)
attr_value = uuid.uuid4().hex attr_value = uuid.uuid4().hex
@ -3948,7 +3860,8 @@ class IdentityTests(AssignmentTestHelperMixin):
def test_updated_arbitrary_attributes_are_returned_from_update_user(self): def test_updated_arbitrary_attributes_are_returned_from_update_user(self):
attr_value = uuid.uuid4().hex attr_value = uuid.uuid4().hex
user_data = self.create_user_dict(arbitrary_attr=attr_value) user_data = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID,
arbitrary_attr=attr_value)
new_attr_value = uuid.uuid4().hex new_attr_value = uuid.uuid4().hex
user = self.identity_api.create_user(user_data) user = self.identity_api.create_user(user_data)
@ -4010,11 +3923,7 @@ class IdentityTests(AssignmentTestHelperMixin):
self.assertDictEqual(updated_project_ref, project_ref) self.assertDictEqual(updated_project_ref, project_ref)
def test_user_update_and_user_get_return_same_response(self): def test_user_update_and_user_get_return_same_response(self):
user = { user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'description': uuid.uuid4().hex,
'enabled': True}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
@ -4784,9 +4693,7 @@ class TokenTests(object):
class TokenCacheInvalidation(object): class TokenCacheInvalidation(object):
def _create_test_data(self): def _create_test_data(self):
self.user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, self.user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'password': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
self.tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, self.tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True} 'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
@ -5826,8 +5733,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
role_list.append(role) role_list.append(role)
domain1 = unit.new_domain_ref() domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1) self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']} 'domain_id': domain1['id']}
@ -5936,8 +5842,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
role_list.append(role) role_list.append(role)
domain1 = unit.new_domain_ref() domain1 = unit.new_domain_ref()
self.resource_api.create_domain(domain1['id'], domain1) self.resource_api.create_domain(domain1['id'], domain1)
user1 = {'name': uuid.uuid4().hex, 'domain_id': domain1['id'], user1 = unit.new_user_ref(domain_id=domain1['id'])
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain1['id']) group1 = unit.new_group_ref(domain_id=domain1['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -6042,8 +5947,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
self.config_fixture.config(group='os_inherit', enabled=True) self.config_fixture.config(group='os_inherit', enabled=True)
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user1 = unit.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']} 'domain_id': domain['id']}
@ -6130,8 +6034,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
'is_domain': False} 'is_domain': False}
self.resource_api.create_project(leaf_project['id'], leaf_project) self.resource_api.create_project(leaf_project['id'], leaf_project)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
# Grant inherited user role # Grant inherited user role
@ -6234,8 +6137,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
project4 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project4 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain2['id']} 'domain_id': domain2['id']}
self.resource_api.create_project(project4['id'], project4) self.resource_api.create_project(project4['id'], project4)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user1 = unit.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
group1 = unit.new_group_ref(domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -6339,8 +6241,7 @@ class InheritanceTests(AssignmentTestHelperMixin):
'is_domain': False} 'is_domain': False}
self.resource_api.create_project(leaf_project['id'], leaf_project) self.resource_api.create_project(leaf_project['id'], leaf_project)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID, 'enabled': True}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID) group = unit.new_group_ref(domain_id=DEFAULT_DOMAIN_ID)

194
keystone/tests/unit/test_backend_ldap.py
View File

@ -142,6 +142,13 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
config_files.append(unit.dirs.tests_conf('backend_ldap.conf')) config_files.append(unit.dirs.tests_conf('backend_ldap.conf'))
return config_files return config_files
def new_user_ref(self, domain_id, project_id=None, **kwargs):
ref = unit.new_user_ref(domain_id=domain_id, project_id=project_id,
**kwargs)
if 'id' not in kwargs:
del ref['id']
return ref
def get_user_enabled_vals(self, user): def get_user_enabled_vals(self, user):
user_dn = ( user_dn = (
self.identity_api.driver.user._id_to_dn_string(user['id'])) self.identity_api.driver.user._id_to_dn_string(user['id']))
@ -163,10 +170,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn) self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn)
def test_configurable_allowed_user_actions(self): def test_configurable_allowed_user_actions(self):
user = {'name': u'fäké1', user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'tenants': ['bar']}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.identity_api.get_user(user['id']) self.identity_api.get_user(user['id'])
@ -185,10 +189,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
driver.user.allow_update = False driver.user.allow_update = False
driver.user.allow_delete = False driver.user.allow_delete = False
user = {'name': u'fäké1', user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'tenants': ['bar']}
self.assertRaises(exception.ForbiddenAction, self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_user, self.identity_api.create_user,
user) user)
@ -253,8 +254,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
new_domain = self._get_domain_fixture() new_domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'enabled': True, new_user = self.new_user_ref(domain_id=new_domain['id'])
'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -328,8 +328,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user(self): def test_list_projects_for_user(self):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user1 = self.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
user_projects = self.assignment_api.list_projects_for_user(user1['id']) user_projects = self.assignment_api.list_projects_for_user(user1['id'])
self.assertThat(user_projects, matchers.HasLength(0)) self.assertThat(user_projects, matchers.HasLength(0))
@ -346,8 +345,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertThat(user_projects, matchers.HasLength(2)) self.assertThat(user_projects, matchers.HasLength(2))
# Now, check number of projects through groups # Now, check number of projects through groups
user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user2 = self.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user2 = self.identity_api.create_user(user2) user2 = self.identity_api.create_user(user2)
group1 = unit.new_group_ref(domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id'])
@ -376,8 +374,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user_and_groups(self): def test_list_projects_for_user_and_groups(self):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
# Create user1 # Create user1
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user1 = self.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
# Create new group for user1 # Create new group for user1
@ -411,8 +408,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user_with_grants(self): def test_list_projects_for_user_with_grants(self):
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = self.new_user_ref(domain_id=domain['id'])
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
group1 = unit.new_group_ref(domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id'])
@ -495,8 +491,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_role_assignments_unfiltered(self): def test_list_role_assignments_unfiltered(self):
new_domain = self._get_domain_fixture() new_domain = self._get_domain_fixture()
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user = self.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
new_group = unit.new_group_ref(domain_id=new_domain['id']) new_group = unit.new_group_ref(domain_id=new_domain['id'])
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
@ -533,8 +528,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.load_fixtures(default_fixtures) self.load_fixtures(default_fixtures)
new_domain = self._get_domain_fixture() new_domain = self._get_domain_fixture()
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user = self.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
new_project = {'id': uuid.uuid4().hex, new_project = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
@ -557,8 +551,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.load_backends() self.load_backends()
self.load_fixtures(default_fixtures) self.load_fixtures(default_fixtures)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID)
'enabled': True, 'domain_id': test_backend.DEFAULT_DOMAIN_ID}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'], self.assignment_api.add_user_to_project(self.tenant_baz['id'],
@ -662,12 +655,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertEqual(new_domain_id, domains[0]['id']) self.assertEqual(new_domain_id, domains[0]['id'])
def test_authenticate_requires_simple_bind(self): def test_authenticate_requires_simple_bind(self):
user = { user = self.new_user_ref(domain_id=test_backend.DEFAULT_DOMAIN_ID)
'name': 'NO_META',
'domain_id': test_backend.DEFAULT_DOMAIN_ID,
'password': 'no_meta2',
'enabled': True,
}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'], self.assignment_api.add_user_to_project(self.tenant_baz['id'],
user['id']) user['id'])
@ -735,11 +723,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
CONF.identity.default_domain_id) CONF.identity.default_domain_id)
driver.user.attribute_ignore = ['enabled', 'email', driver.user.attribute_ignore = ['enabled', 'email',
'tenants', 'tenantId'] 'tenants', 'tenantId']
user = {'name': u'fäké1', user = self.new_user_ref(domain_id=CONF.identity.default_domain_id,
'password': u'fäképass1', project_id='maps_to_none')
'domain_id': CONF.identity.default_domain_id,
'default_project_id': 'maps_to_none',
}
# If this doesn't raise, then the test is successful. # If this doesn't raise, then the test is successful.
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
@ -751,9 +736,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False', boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False',
'TrUe' 'FaLse'] 'TrUe' 'FaLse']
for name in boolean_strings: for name in boolean_strings:
user = { user = self.new_user_ref(name=name,
'name': name, domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id}
user_ref = self.identity_api.create_user(user) user_ref = self.identity_api.create_user(user)
user_info = self.identity_api.get_user(user_ref['id']) user_info = self.identity_api.get_user(user_ref['id'])
self.assertEqual(name, user_info['name']) self.assertEqual(name, user_info['name'])
@ -772,10 +756,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
driver.user.attribute_ignore = ['enabled', 'email', driver.user.attribute_ignore = ['enabled', 'email',
'tenants', 'tenantId'] 'tenants', 'tenantId']
user = {'name': u'fäké1', user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
}
user_ref = self.identity_api.create_user(user) user_ref = self.identity_api.create_user(user)
@ -810,12 +791,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# Since we want to fake up this special ID, we'll squirt this # Since we want to fake up this special ID, we'll squirt this
# direct into the driver and bypass the manager layer. # direct into the driver and bypass the manager layer.
user_id = u'Doe, John' user_id = u'Doe, John'
user = { user = self.new_user_ref(id=user_id,
'id': user_id, domain_id=CONF.identity.default_domain_id)
'name': self.getUniqueString(),
'password': self.getUniqueString(),
'domain_id': CONF.identity.default_domain_id,
}
user = self.identity_api.driver.create_user(user_id, user) user = self.identity_api.driver.create_user(user_id, user)
# Now we'll use the manager to discover it, which will create a # Now we'll use the manager to discover it, which will create a
@ -859,12 +836,8 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# Since we want to fake up this special ID, we'll squirt this # Since we want to fake up this special ID, we'll squirt this
# direct into the driver and bypass the manager layer # direct into the driver and bypass the manager layer
user_id = u'Doe, John' user_id = u'Doe, John'
user = { user = self.new_user_ref(id=user_id,
'id': user_id, domain_id=CONF.identity.default_domain_id)
'name': self.getUniqueString(),
'password': self.getUniqueString(),
'domain_id': CONF.identity.default_domain_id,
}
self.identity_api.driver.create_user(user_id, user) self.identity_api.driver.create_user(user_id, user)
# Now we'll use the manager to discover it, which will create a # Now we'll use the manager to discover it, which will create a
@ -1017,10 +990,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
role1 = unit.new_role_ref() role1 = unit.new_role_ref()
self.role_api.create_role(role1['id'], role1) self.role_api.create_role(role1['id'], role1)
user1 = {'name': uuid.uuid4().hex, user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
self.assignment_api.add_role_to_user_and_project( self.assignment_api.add_role_to_user_and_project(
@ -1168,8 +1138,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
self.load_backends() self.load_backends()
self.load_fixtures(default_fixtures) self.load_fixtures(default_fixtures)
user = {'name': u'fäké1', 'enabled': True, user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id}
user_ref = self.identity_api.create_user(user) user_ref = self.identity_api.create_user(user)
@ -1216,14 +1185,12 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
self.load_backends() self.load_backends()
self.load_fixtures(default_fixtures) self.load_fixtures(default_fixtures)
user1 = {'name': u'fäké1', 'enabled': True, user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id}
user2 = {'name': u'fäké2', 'enabled': False, user2 = self.new_user_ref(enabled=False,
'domain_id': CONF.identity.default_domain_id} domain_id=CONF.identity.default_domain_id)
user3 = {'name': u'fäké3', user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id}
# Ensure that the LDAP attribute is False for a newly created # Ensure that the LDAP attribute is False for a newly created
# enabled user. # enabled user.
@ -1452,11 +1419,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
group='ldap', group='ldap',
user_additional_attribute_mapping=['description:name']) user_additional_attribute_mapping=['description:name'])
self.load_backends() self.load_backends()
user = { user = self.new_user_ref(name='EXTRA_ATTRIBUTES',
'name': 'EXTRA_ATTRIBUTES', password='extra',
'password': 'extra', domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id
}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
dn, attrs = self.identity_api.driver.user._ldap_get(user['id']) dn, attrs = self.identity_api.driver.user._ldap_get(user['id'])
self.assertThat([user['name']], matchers.Equals(attrs['description'])) self.assertThat([user['name']], matchers.Equals(attrs['description']))
@ -1470,13 +1435,9 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
user_additional_attribute_mapping=['description:description']) user_additional_attribute_mapping=['description:description'])
self.load_backends() self.load_backends()
description = uuid.uuid4().hex user = self.new_user_ref(domain_id=CONF.identity.default_domain_id,
user = { description=uuid.uuid4().hex)
'name': uuid.uuid4().hex, description = user['description']
'description': description,
'password': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id
}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
res = self.identity_api.driver.user.get_all() res = self.identity_api.driver.user.get_all()
@ -1871,10 +1832,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
self.role_api.create_role(role['id'], role) self.role_api.create_role(role['id'], role)
role_list.append(role) role_list.append(role)
user1 = {'name': uuid.uuid4().hex, user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id} 'domain_id': CONF.identity.default_domain_id}
@ -1975,9 +1933,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
def test_list_groups_for_user_no_dn(self): def test_list_groups_for_user_no_dn(self):
# Create a test user. # Create a test user.
user = {'name': uuid.uuid4().hex, user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex, 'enabled': True}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
# Create some test groups and add the test user as a member. # Create some test groups and add the test user as a member.
domain = self._get_domain_fixture() domain = self._get_domain_fixture()
@ -2002,9 +1958,7 @@ class LDAPIdentity(BaseLDAPIdentity, unit.TestCase):
CONF.identity.default_domain_id) CONF.identity.default_domain_id)
driver.user.id_attr = 'mail' driver.user.id_attr = 'mail'
user = {'name': u'fäké1', user = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user_ref = self.identity_api.get_user(user['id']) user_ref = self.identity_api.get_user(user['id'])
# 'email' attribute should've created because it is also being used # 'email' attribute should've created because it is also being used
@ -2192,21 +2146,18 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
project['id']) project['id'])
def test_user_crud(self): def test_user_crud(self):
user_dict = { user_dict = self.new_user_ref(
'domain_id': CONF.identity.default_domain_id, domain_id=CONF.identity.default_domain_id)
'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex}
user = self.identity_api.create_user(user_dict) user = self.identity_api.create_user(user_dict)
user_dict['enabled'] = True
user_ref = self.identity_api.get_user(user['id'])
del user_dict['password'] del user_dict['password']
user_ref = self.identity_api.get_user(user['id'])
user_ref_dict = {x: user_ref[x] for x in user_ref} user_ref_dict = {x: user_ref[x] for x in user_ref}
self.assertDictContainsSubset(user_dict, user_ref_dict) self.assertDictContainsSubset(user_dict, user_ref_dict)
user_dict['password'] = uuid.uuid4().hex user_dict['password'] = uuid.uuid4().hex
self.identity_api.update_user(user['id'], user) self.identity_api.update_user(user['id'], user_dict)
user_ref = self.identity_api.get_user(user['id'])
del user_dict['password'] del user_dict['password']
user_ref = self.identity_api.get_user(user['id'])
user_ref_dict = {x: user_ref[x] for x in user_ref} user_ref_dict = {x: user_ref[x] for x in user_ref}
self.assertDictContainsSubset(user_dict, user_ref_dict) self.assertDictContainsSubset(user_dict, user_ref_dict)
@ -2239,8 +2190,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
self.load_fixtures(default_fixtures) self.load_fixtures(default_fixtures)
# Create a user and ensure they are enabled. # Create a user and ensure they are enabled.
user1 = {'name': u'fäké1', 'enabled': True, user1 = unit.new_user_ref(enabled=True,
'domain_id': CONF.identity.default_domain_id} domain_id=CONF.identity.default_domain_id)
user_ref = self.identity_api.create_user(user1) user_ref = self.identity_api.create_user(user1)
self.assertIs(True, user_ref['enabled']) self.assertIs(True, user_ref['enabled'])
@ -2255,14 +2206,12 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
self.load_backends() self.load_backends()
self.load_fixtures(default_fixtures) self.load_fixtures(default_fixtures)
user1 = {'name': u'fäké1', 'enabled': True, user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id}
user2 = {'name': u'fäké2', 'enabled': False, user2 = self.new_user_ref(enabled=False,
'domain_id': CONF.identity.default_domain_id} domain_id=CONF.identity.default_domain_id)
user3 = {'name': u'fäké3', user3 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id}
# Ensure that the enabled LDAP attribute is not set for a # Ensure that the enabled LDAP attribute is not set for a
# newly created enabled user. # newly created enabled user.
@ -2398,8 +2347,7 @@ class LdapIdentitySqlAssignment(BaseLDAPIdentity, unit.SQLDriverOverrides,
new_domain = self._get_domain_fixture() new_domain = self._get_domain_fixture()
new_group = unit.new_group_ref(domain_id=new_domain['id'],) new_group = unit.new_group_ref(domain_id=new_domain['id'],)
new_group = self.identity_api.create_group(new_group) new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex, new_user = self.new_user_ref(domain_id=new_domain['id'])
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'], self.identity_api.add_user_to_group(new_user['id'],
new_group['id']) new_group['id'])
@ -2467,13 +2415,9 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment):
""" """
initial_mappings = len(mapping_sql.list_id_mappings()) initial_mappings = len(mapping_sql.list_id_mappings())
user1 = {'name': uuid.uuid4().hex, user1 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex, 'enabled': True}
user1 = self.identity_api.create_user(user1) user1 = self.identity_api.create_user(user1)
user2 = {'name': uuid.uuid4().hex, user2 = self.new_user_ref(domain_id=CONF.identity.default_domain_id)
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex, 'enabled': True}
user2 = self.identity_api.create_user(user2) user2 = self.identity_api.create_user(user2)
mappings = mapping_sql.list_id_mappings() mappings = mapping_sql.list_id_mappings()
self.assertEqual(initial_mappings + 2, len(mappings)) self.assertEqual(initial_mappings + 2, len(mappings))
@ -2504,30 +2448,21 @@ class LdapIdentitySqlAssignmentWithMapping(LdapIdentitySqlAssignment):
class BaseMultiLDAPandSQLIdentity(object): class BaseMultiLDAPandSQLIdentity(object):
"""Mixin class with support methods for domain-specific config testing.""" """Mixin class with support methods for domain-specific config testing."""
def create_user(self, domain_id):
user = {'name': uuid.uuid4().hex,
'domain_id': domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
user_ref = self.identity_api.create_user(user)
# Put the password back in, since this is used later by tests to
# authenticate.
user_ref['password'] = user['password']
return user_ref
def create_users_across_domains(self): def create_users_across_domains(self):
"""Create a set of users, each with a role on their own domain.""" """Create a set of users, each with a role on their own domain."""
# We also will check that the right number of id mappings get created # We also will check that the right number of id mappings get created
initial_mappings = len(mapping_sql.list_id_mappings()) initial_mappings = len(mapping_sql.list_id_mappings())
self.users['user0'] = self.create_user( self.users['user0'] = unit.create_user(
self.identity_api,
self.domains['domain_default']['id']) self.domains['domain_default']['id'])
self.assignment_api.create_grant( self.assignment_api.create_grant(
user_id=self.users['user0']['id'], user_id=self.users['user0']['id'],
domain_id=self.domains['domain_default']['id'], domain_id=self.domains['domain_default']['id'],
role_id=self.role_member['id']) role_id=self.role_member['id'])
for x in range(1, self.domain_count): for x in range(1, self.domain_count):
self.users['user%s' % x] = self.create_user( self.users['user%s' % x] = unit.create_user(
self.identity_api,
self.domains['domain%s' % x]['id']) self.domains['domain%s' % x]['id'])
self.assignment_api.create_grant( self.assignment_api.create_grant(
user_id=self.users['user%s' % x]['id'], user_id=self.users['user%s' % x]['id'],
@ -2661,11 +2596,14 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
# Create some identity entities BEFORE we switch to multi-backend, so # Create some identity entities BEFORE we switch to multi-backend, so
# we can test that these are still accessible # we can test that these are still accessible
self.users = {} self.users = {}
self.users['userA'] = self.create_user( self.users['userA'] = unit.create_user(
self.identity_api,
self.domains['domain_default']['id']) self.domains['domain_default']['id'])
self.users['userB'] = self.create_user( self.users['userB'] = unit.create_user(
self.identity_api,
self.domains['domain1']['id']) self.domains['domain1']['id'])
self.users['userC'] = self.create_user( self.users['userC'] = unit.create_user(
self.identity_api,
self.domains['domain3']['id']) self.domains['domain3']['id'])
def enable_multi_domain(self): def enable_multi_domain(self):

41
keystone/tests/unit/test_backend_sql.py
View File

@ -179,9 +179,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
self.assertNotEqual(self.user_foo['password'], user_ref['password']) self.assertNotEqual(self.user_foo['password'], user_ref['password'])
def test_delete_user_with_project_association(self): def test_delete_user_with_project_association(self):
user = {'name': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'], self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id']) user['id'])
@ -191,9 +189,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
user['id']) user['id'])
def test_create_null_user_name(self): def test_create_null_user_name(self):
user = {'name': None, user = unit.new_user_ref(name=None,
'domain_id': DEFAULT_DOMAIN_ID, domain_id=DEFAULT_DOMAIN_ID)
'password': uuid.uuid4().hex}
self.assertRaises(exception.ValidationError, self.assertRaises(exception.ValidationError,
self.identity_api.create_user, self.identity_api.create_user,
user) user)
@ -208,9 +205,8 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
# LDAP. # LDAP.
# create a ref with a lowercase name # create a ref with a lowercase name
ref = { ref = unit.new_user_ref(name=uuid.uuid4().hex.lower(),
'name': uuid.uuid4().hex.lower(), domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID}
ref = self.identity_api.create_user(ref) ref = self.identity_api.create_user(ref)
# assign a new ID with the same name, but this time in uppercase # assign a new ID with the same name, but this time in uppercase
@ -251,9 +247,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
DEFAULT_DOMAIN_ID) DEFAULT_DOMAIN_ID)
def test_delete_project_with_user_association(self): def test_delete_project_with_user_association(self):
user = {'name': 'fakeuser', user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'], self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id']) user['id'])
@ -300,11 +294,9 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
""" """
arbitrary_key = uuid.uuid4().hex arbitrary_key = uuid.uuid4().hex
arbitrary_value = uuid.uuid4().hex arbitrary_value = uuid.uuid4().hex
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex, user[arbitrary_key] = arbitrary_value
'domain_id': DEFAULT_DOMAIN_ID, del user["id"]
'password': uuid.uuid4().hex,
arbitrary_key: arbitrary_value}
ref = self.identity_api.create_user(user) ref = self.identity_api.create_user(user)
self.assertEqual(arbitrary_value, ref[arbitrary_key]) self.assertEqual(arbitrary_value, ref[arbitrary_key])
self.assertIsNone(ref.get('password')) self.assertIsNone(ref.get('password'))
@ -319,11 +311,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key]) self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
def test_sql_user_to_dict_null_default_project_id(self): def test_sql_user_to_dict_null_default_project_id(self):
user = { user = unit.new_user_ref(domain_id=DEFAULT_DOMAIN_ID)
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
session = sql.get_session() session = sql.get_session()
query = session.query(identity_sql.User) query = session.query(identity_sql.User)
@ -337,8 +325,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
def test_list_domains_for_user(self): def test_list_domains_for_user(self):
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
test_domain1 = unit.new_domain_ref() test_domain1 = unit.new_domain_ref()
self.resource_api.create_domain(test_domain1['id'], test_domain1) self.resource_api.create_domain(test_domain1['id'], test_domain1)
@ -363,8 +350,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
# should now be included, along with any direct user grants. # should now be included, along with any direct user grants.
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=domain['id'])
'domain_id': domain['id'], 'enabled': True}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
group1 = unit.new_group_ref(domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -409,8 +395,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
domain1 = self.resource_api.create_domain(domain1['id'], domain1) domain1 = self.resource_api.create_domain(domain1['id'], domain1)
domain2 = unit.new_domain_ref() domain2 = unit.new_domain_ref()
domain2 = self.resource_api.create_domain(domain2['id'], domain2) domain2 = self.resource_api.create_domain(domain2['id'], domain2)
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, user = unit.new_user_ref(domain_id=domain1['id'])
'domain_id': domain1['id'], 'enabled': True}
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
group = unit.new_group_ref(domain_id=domain1['id']) group = unit.new_group_ref(domain_id=domain1['id'])
group = self.identity_api.create_group(group) group = self.identity_api.create_group(group)

10
keystone/tests/unit/test_cert_setup.py
View File

@ -75,17 +75,11 @@ class CertSetupTestCase(rest.RestfulTestCase):
controller = token.controllers.Auth() controller = token.controllers.Auth()
self.config_fixture.config(group='signing', certfile='invalid') self.config_fixture.config(group='signing', certfile='invalid')
password = 'fake1' user = unit.create_user(self.identity_api, domain_id=DEFAULT_DOMAIN_ID)
user = {
'name': 'fake1',
'password': password,
'domain_id': DEFAULT_DOMAIN_ID
}
user = self.identity_api.create_user(user)
body_dict = { body_dict = {
'passwordCredentials': { 'passwordCredentials': {
'userId': user['id'], 'userId': user['id'],
'password': password, 'password': user['password'],
}, },
} }
self.assertRaises(exception.UnexpectedError, self.assertRaises(exception.UnexpectedError,

1
keystone/tests/unit/test_ldap_livetest.py
View File

@ -133,6 +133,7 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
USER_COUNT = 2 USER_COUNT = 2
for x in range(0, USER_COUNT): for x in range(0, USER_COUNT):
# TODO(shaleh): use unit.new_user_ref()
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']} 'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user) new_user = self.identity_api.create_user(new_user)

1
keystone/tests/unit/test_ldap_pool_livetest.py
View File

@ -105,6 +105,7 @@ class LiveLDAPPoolIdentity(test_backend_ldap_pool.LdapPoolCommonTestMixin,
password=old_password) password=old_password)
def _create_user_and_authenticate(self, password): def _create_user_and_authenticate(self, password):
# TODO(shaleh): port to new_user_ref()
user_dict = { user_dict = {
'domain_id': CONF.identity.default_domain_id, 'domain_id': CONF.identity.default_domain_id,
'name': uuid.uuid4().hex, 'name': uuid.uuid4().hex,

4
keystone/tests/unit/test_ldap_tls_livetest.py
View File

@ -50,6 +50,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_req_cert='demand') tls_req_cert='demand')
self.identity_api = identity.backends.ldap.Identity() self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'name': 'fake1', user = {'name': 'fake1',
'password': 'fakepass1', 'password': 'fakepass1',
'tenants': ['bar']} 'tenants': ['bar']}
@ -71,6 +72,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_req_cert='demand') tls_req_cert='demand')
self.identity_api = identity.backends.ldap.Identity() self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'id': 'fake1', user = {'id': 'fake1',
'name': 'fake1', 'name': 'fake1',
'password': 'fakepass1', 'password': 'fakepass1',
@ -95,6 +97,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_cacertdir=None) tls_cacertdir=None)
self.identity_api = identity.backends.ldap.Identity() self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'name': 'fake1', user = {'name': 'fake1',
'password': 'fakepass1', 'password': 'fakepass1',
'tenants': ['bar']} 'tenants': ['bar']}
@ -109,6 +112,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_cacertdir='/etc/keystone/ssl/mythicalcertdir') tls_cacertdir='/etc/keystone/ssl/mythicalcertdir')
self.identity_api = identity.backends.ldap.Identity() self.identity_api = identity.backends.ldap.Identity()
# TODO(shaleh): use new_user_ref()
user = {'name': 'fake1', user = {'name': 'fake1',
'password': 'fakepass1', 'password': 'fakepass1',
'tenants': ['bar']} 'tenants': ['bar']}

40
keystone/tests/unit/test_middleware.py
View File

@ -149,9 +149,6 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
def _load_sample_data(self): def _load_sample_data(self):
self.project_id = uuid.uuid4().hex self.project_id = uuid.uuid4().hex
self.project_name = uuid.uuid4().hex self.project_name = uuid.uuid4().hex
self.user_name = uuid.uuid4().hex
self.user_password = uuid.uuid4().hex
self.user_email = uuid.uuid4().hex
self.protocol_id = 'x509' self.protocol_id = 'x509'
# 1) Create a domain for the user. # 1) Create a domain for the user.
@ -172,13 +169,8 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
self.resource_api.create_project(self.project_id, self.project) self.resource_api.create_project(self.project_id, self.project)
# 3) Create a user in new domain. # 3) Create a user in new domain.
self.user = { self.user = unit.new_user_ref(domain_id=self.domain_id,
'name': self.user_name, project_id=self.project_id)
'domain_id': self.domain_id,
'project_id': self.project_id,
'password': self.user_password,
'email': self.user_email,
}
self.user = self.identity_api.create_user(self.user) self.user = self.identity_api.create_user(self.user)
@ -384,7 +376,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
# SSL_CLIENT_USER_NAME and SSL_CLIENT_DOMAIN_NAME are the types # SSL_CLIENT_USER_NAME and SSL_CLIENT_DOMAIN_NAME are the types
# defined in the mapping that will map to the user name and # defined in the mapping that will map to the user name and
# domain name # domain name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env) req = make_request(environ=env)
context = self._create_context( context = self._create_context(
@ -396,7 +388,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env = {} env = {}
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_ID'] = self.project_id env['HTTP_X_PROJECT_ID'] = self.project_id
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env) req = make_request(environ=env)
context = self._create_context( context = self._create_context(
@ -409,7 +401,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env) req = make_request(environ=env)
context = self._create_context( context = self._create_context(
@ -422,7 +414,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env) req = make_request(environ=env)
context = self._create_context( context = self._create_context(
@ -434,7 +426,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env = {} env = {}
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_id env['HTTP_X_PROJECT_NAME'] = self.project_id
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name env['SSL_CLIENT_DOMAIN_NAME'] = self.domain_name
req = make_request(environ=env) req = make_request(environ=env)
context = self._create_context( context = self._create_context(
@ -476,7 +468,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
req = make_request(environ=env) req = make_request(environ=env)
context = self._create_context( context = self._create_context(
@ -519,7 +511,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_ID'] = self.project_id env['HTTP_X_PROJECT_ID'] = self.project_id
env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id env['HTTP_X_PROJECT_DOMAIN_ID'] = self.domain_id
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env) req = make_request(environ=env)
context = self._create_context( context = self._create_context(
request=req, request=req,
@ -546,7 +538,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
req = make_request(environ=env) req = make_request(environ=env)
self.domain['enabled'] = False self.domain['enabled'] = False
@ -565,7 +557,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id env['SSL_CLIENT_DOMAIN_ID'] = self.domain_id
req = make_request(environ=env) req = make_request(environ=env)
self.user['enabled'] = False self.user['enabled'] = False
@ -599,7 +591,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env) req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth', self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral') protocol='ephemeral')
@ -616,7 +608,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env) req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth', self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral') protocol='ephemeral')
@ -657,7 +649,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = uuid.uuid4().hex env['HTTP_X_PROJECT_NAME'] = uuid.uuid4().hex
env['HTTP_X_PROJECT_DOMAIN_NAME'] = uuid.uuid4().hex env['HTTP_X_PROJECT_DOMAIN_NAME'] = uuid.uuid4().hex
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env) req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth', self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral') protocol='ephemeral')
@ -677,7 +669,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env) req = make_request(environ=env)
self.config_fixture.config(group='tokenless_auth', self.config_fixture.config(group='tokenless_auth',
protocol='ephemeral') protocol='ephemeral')
@ -701,7 +693,7 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests):
env['SSL_CLIENT_I_DN'] = self.client_issuer env['SSL_CLIENT_I_DN'] = self.client_issuer
env['HTTP_X_PROJECT_NAME'] = self.project_name env['HTTP_X_PROJECT_NAME'] = self.project_name
env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
env['SSL_CLIENT_USER_NAME'] = self.user_name env['SSL_CLIENT_USER_NAME'] = self.user['name']
req = make_request(environ=env) req = make_request(environ=env)
# This will pick up the incorrect mapping # This will pick up the incorrect mapping
self.config_fixture.config(group='tokenless_auth', self.config_fixture.config(group='tokenless_auth',

1
keystone/tests/unit/test_v2_keystoneclient.py
View File

@ -209,6 +209,7 @@ class ClientDrivenTestCase(unit.TestCase):
enabled=tenant['enabled']) enabled=tenant['enabled'])
tenant['id'] = tenant_ref.id tenant['id'] = tenant_ref.id
# v2 style, needs to be created by hand
user = { user = {
'name': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'password': uuid.uuid4().hex,

18
keystone/tests/unit/test_v3.py
View File

@ -202,10 +202,8 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
self.project['id'] = self.project_id self.project['id'] = self.project_id
self.resource_api.create_project(self.project_id, self.project) self.resource_api.create_project(self.project_id, self.project)
self.user = self.new_user_ref(domain_id=self.domain_id) self.user = unit.create_user(self.identity_api,
password = self.user['password'] domain_id=self.domain_id)
self.user = self.identity_api.create_user(self.user)
self.user['password'] = password
self.user_id = self.user['id'] self.user_id = self.user['id']
self.default_domain_project_id = uuid.uuid4().hex self.default_domain_project_id = uuid.uuid4().hex
@ -215,12 +213,9 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
self.resource_api.create_project(self.default_domain_project_id, self.resource_api.create_project(self.default_domain_project_id,
self.default_domain_project) self.default_domain_project)
self.default_domain_user = self.new_user_ref( self.default_domain_user = unit.create_user(
self.identity_api,
domain_id=DEFAULT_DOMAIN_ID) domain_id=DEFAULT_DOMAIN_ID)
password = self.default_domain_user['password']
self.default_domain_user = (
self.identity_api.create_user(self.default_domain_user))
self.default_domain_user['password'] = password
self.default_domain_user_id = self.default_domain_user['id'] self.default_domain_user_id = self.default_domain_user['id']
# create & grant policy.json's default role for admin_required # create & grant policy.json's default role for admin_required
@ -261,9 +256,6 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
return unit.new_project_ref(domain_id=domain_id, parent_id=parent_id, return unit.new_project_ref(domain_id=domain_id, parent_id=parent_id,
is_domain=is_domain) is_domain=is_domain)
def new_user_ref(self, domain_id, project_id=None):
return unit.new_user_ref(domain_id, project_id=project_id)
def new_credential_ref(self, user_id, project_id=None, cred_type=None): def new_credential_ref(self, user_id, project_id=None, cred_type=None):
return unit.new_credential_ref(user_id, project_id=project_id, return unit.new_credential_ref(user_id, project_id=project_id,
cred_type=cred_type) cred_type=cred_type)
@ -845,6 +837,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
resp, resp,
'users', 'users',
self.assertValidUser, self.assertValidUser,
keys_to_check=['name', 'enabled'],
*args, *args,
**kwargs) **kwargs)
@ -853,6 +846,7 @@ class RestfulTestCase(unit.SQLDriverOverrides, rest.RestfulTestCase,
resp, resp,
'user', 'user',
self.assertValidUser, self.assertValidUser,
keys_to_check=['name', 'enabled'],
*args, *args,
**kwargs) **kwargs)

182
keystone/tests/unit/test_v3_assignment.py
View File

@ -112,23 +112,20 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
domain_id=self.domain2['id']) domain_id=self.domain2['id'])
self.resource_api.create_project(self.project2['id'], self.project2) self.resource_api.create_project(self.project2['id'], self.project2)
self.user2 = self.new_user_ref( user2 = unit.create_user(self.identity_api,
domain_id=self.domain2['id'], domain_id=self.domain2['id'],
project_id=self.project2['id']) project_id=self.project2['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.assignment_api.add_user_to_project(self.project2['id'], self.assignment_api.add_user_to_project(self.project2['id'],
self.user2['id']) user2['id'])
# First check a user in that domain can authenticate. The v2 user # First check a user in that domain can authenticate. The v2 user
# cannot authenticate because they exist outside the default domain. # cannot authenticate because they exist outside the default domain.
body = { body = {
'auth': { 'auth': {
'passwordCredentials': { 'passwordCredentials': {
'userId': self.user2['id'], 'userId': user2['id'],
'password': self.user2['password'] 'password': user2['password']
}, },
'tenantId': self.project2['id'] 'tenantId': self.project2['id']
} }
@ -138,8 +135,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
expected_status=http_client.UNAUTHORIZED) expected_status=http_client.UNAUTHORIZED)
auth_data = self.build_authentication_request( auth_data = self.build_authentication_request(
user_id=self.user2['id'], user_id=user2['id'],
password=self.user2['password'], password=user2['password'],
project_id=self.project2['id']) project_id=self.project2['id'])
self.v3_create_token(auth_data) self.v3_create_token(auth_data)
@ -155,8 +152,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
body = { body = {
'auth': { 'auth': {
'passwordCredentials': { 'passwordCredentials': {
'userId': self.user2['id'], 'userId': user2['id'],
'password': self.user2['password'] 'password': user2['password']
}, },
'tenantId': self.project2['id'] 'tenantId': self.project2['id']
} }
@ -167,16 +164,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# Try looking up in v3 by name and id # Try looking up in v3 by name and id
auth_data = self.build_authentication_request( auth_data = self.build_authentication_request(
user_id=self.user2['id'], user_id=user2['id'],
password=self.user2['password'], password=user2['password'],
project_id=self.project2['id']) project_id=self.project2['id'])
self.v3_create_token(auth_data, self.v3_create_token(auth_data,
expected_status=http_client.UNAUTHORIZED) expected_status=http_client.UNAUTHORIZED)
auth_data = self.build_authentication_request( auth_data = self.build_authentication_request(
username=self.user2['name'], username=user2['name'],
user_domain_id=self.domain2['id'], user_domain_id=self.domain2['id'],
password=self.user2['password'], password=user2['password'],
project_id=self.project2['id']) project_id=self.project2['id'])
self.v3_create_token(auth_data, self.v3_create_token(auth_data,
expected_status=http_client.UNAUTHORIZED) expected_status=http_client.UNAUTHORIZED)
@ -216,16 +213,15 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
domain_id=self.domain2['id']) domain_id=self.domain2['id'])
self.resource_api.create_project(self.project2['id'], self.project2) self.resource_api.create_project(self.project2['id'], self.project2)
self.user2 = self.new_user_ref( user2 = unit.new_user_ref(domain_id=self.domain2['id'],
domain_id=self.domain2['id'], project_id=self.project2['id'])
project_id=self.project2['id']) user2 = self.identity_api.create_user(user2)
self.user2 = self.identity_api.create_user(self.user2)
self.group2 = unit.new_group_ref(domain_id=self.domain2['id']) self.group2 = unit.new_group_ref(domain_id=self.domain2['id'])
self.group2 = self.identity_api.create_group(self.group2) self.group2 = self.identity_api.create_group(self.group2)
self.credential2 = self.new_credential_ref( self.credential2 = self.new_credential_ref(
user_id=self.user2['id'], user_id=user2['id'],
project_id=self.project2['id']) project_id=self.project2['id'])
self.credential_api.create_credential( self.credential_api.create_credential(
self.credential2['id'], self.credential2['id'],
@ -252,7 +248,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.group2['id']) self.group2['id'])
self.assertRaises(exception.UserNotFound, self.assertRaises(exception.UserNotFound,
self.identity_api.get_user, self.identity_api.get_user,
self.user2['id']) user2['id'])
self.assertRaises(exception.CredentialNotFound, self.assertRaises(exception.CredentialNotFound,
self.credential_api.get_credential, self.credential_api.get_credential,
self.credential2['id']) self.credential2['id'])
@ -340,15 +336,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.domain = unit.new_domain_ref() self.domain = unit.new_domain_ref()
self.resource_api.create_domain(self.domain['id'], self.domain) self.resource_api.create_domain(self.domain['id'], self.domain)
self.user2 = self.new_user_ref(domain_id=self.domain['id']) user2 = unit.create_user(self.identity_api,
password = self.user2['password'] domain_id=self.domain['id'])
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
# build a request body # build a request body
auth_body = self.build_authentication_request( auth_body = self.build_authentication_request(
user_id=self.user2['id'], user_id=user2['id'],
password=self.user2['password']) password=user2['password'])
# sends a request for the user's token # sends a request for the user's token
token_resp = self.post('/auth/tokens', body=auth_body) token_resp = self.post('/auth/tokens', body=auth_body)
@ -1270,7 +1264,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
def _create_new_user_and_assign_role_on_project(self): def _create_new_user_and_assign_role_on_project(self):
"""Create a new user and assign user a role on a project.""" """Create a new user and assign user a role on a project."""
# Create a new user # Create a new user
new_user = self.new_user_ref(domain_id=self.domain_id) new_user = unit.new_user_ref(domain_id=self.domain_id)
user_ref = self.identity_api.create_user(new_user) user_ref = self.identity_api.create_user(new_user)
# Assign the user a role on the project # Assign the user a role on the project
collection_url = ( collection_url = (
@ -1378,9 +1372,8 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# Since the default fixtures already assign some roles to the # Since the default fixtures already assign some roles to the
# user it creates, we also need a new user that will not have any # user it creates, we also need a new user that will not have any
# existing assignments # existing assignments
self.user1 = self.new_user_ref( user1 = unit.new_user_ref(domain_id=self.domain['id'])
domain_id=self.domain['id']) user1 = self.identity_api.create_user(user1)
self.user1 = self.identity_api.create_user(self.user1)
collection_url = '/role_assignments' collection_url = '/role_assignments'
r = self.get(collection_url) r = self.get(collection_url)
@ -1402,7 +1395,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.assertRoleAssignmentInListResponse(r, gd_entity) self.assertRoleAssignmentInListResponse(r, gd_entity)
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id, ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
user_id=self.user1['id'], user_id=user1['id'],
role_id=self.role_id) role_id=self.role_id)
self.put(ud_entity['links']['assignment']) self.put(ud_entity['links']['assignment'])
r = self.get(collection_url) r = self.get(collection_url)
@ -1424,7 +1417,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.assertRoleAssignmentInListResponse(r, gp_entity) self.assertRoleAssignmentInListResponse(r, gp_entity)
up_entity = self.build_role_assignment_entity( up_entity = self.build_role_assignment_entity(
project_id=self.project_id, user_id=self.user1['id'], project_id=self.project_id, user_id=user1['id'],
role_id=self.role_id) role_id=self.role_id)
self.put(up_entity['links']['assignment']) self.put(up_entity['links']['assignment'])
r = self.get(collection_url) r = self.get(collection_url)
@ -1465,18 +1458,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
for each of the group members. for each of the group members.
""" """
self.user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id']) domain_id=self.domain['id'])
password = self.user1['password'] user2 = unit.create_user(self.identity_api,
self.user1 = self.identity_api.create_user(self.user1) domain_id=self.domain['id'])
self.user1['password'] = password
self.user2 = self.new_user_ref( self.identity_api.add_user_to_group(user1['id'], self.group['id'])
domain_id=self.domain['id']) self.identity_api.add_user_to_group(user2['id'], self.group['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
collection_url = '/role_assignments' collection_url = '/role_assignments'
r = self.get(collection_url) r = self.get(collection_url)
@ -1506,11 +1494,11 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
resource_url=collection_url) resource_url=collection_url)
ud_entity = self.build_role_assignment_entity( ud_entity = self.build_role_assignment_entity(
link=gd_entity['links']['assignment'], domain_id=self.domain_id, link=gd_entity['links']['assignment'], domain_id=self.domain_id,
user_id=self.user1['id'], role_id=self.role_id) user_id=user1['id'], role_id=self.role_id)
self.assertRoleAssignmentInListResponse(r, ud_entity) self.assertRoleAssignmentInListResponse(r, ud_entity)
ud_entity = self.build_role_assignment_entity( ud_entity = self.build_role_assignment_entity(
link=gd_entity['links']['assignment'], domain_id=self.domain_id, link=gd_entity['links']['assignment'], domain_id=self.domain_id,
user_id=self.user2['id'], role_id=self.role_id) user_id=user2['id'], role_id=self.role_id)
self.assertRoleAssignmentInListResponse(r, ud_entity) self.assertRoleAssignmentInListResponse(r, ud_entity)
def test_check_effective_values_for_role_assignments(self): def test_check_effective_values_for_role_assignments(self):
@ -1539,18 +1527,13 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
know if we are getting effective roles or not know if we are getting effective roles or not
""" """
self.user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id']) domain_id=self.domain['id'])
password = self.user1['password'] user2 = unit.create_user(self.identity_api,
self.user1 = self.identity_api.create_user(self.user1) domain_id=self.domain['id'])
self.user1['password'] = password
self.user2 = self.new_user_ref( self.identity_api.add_user_to_group(user1['id'], self.group['id'])
domain_id=self.domain['id']) self.identity_api.add_user_to_group(user2['id'], self.group['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
collection_url = '/role_assignments' collection_url = '/role_assignments'
r = self.get(collection_url) r = self.get(collection_url)
@ -1626,21 +1609,16 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# Since the default fixtures already assign some roles to the # Since the default fixtures already assign some roles to the
# user it creates, we also need a new user that will not have any # user it creates, we also need a new user that will not have any
# existing assignments # existing assignments
self.user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id']) domain_id=self.domain['id'])
password = self.user1['password'] user2 = unit.create_user(self.identity_api,
self.user1 = self.identity_api.create_user(self.user1) domain_id=self.domain['id'])
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.group1 = unit.new_group_ref(domain_id=self.domain['id']) self.group1 = unit.new_group_ref(domain_id=self.domain['id'])
self.group1 = self.identity_api.create_group(self.group1) self.group1 = self.identity_api.create_group(self.group1)
self.identity_api.add_user_to_group(self.user1['id'], self.identity_api.add_user_to_group(user1['id'],
self.group1['id']) self.group1['id'])
self.identity_api.add_user_to_group(self.user2['id'], self.identity_api.add_user_to_group(user2['id'],
self.group1['id']) self.group1['id'])
self.project1 = self.new_project_ref( self.project1 = self.new_project_ref(
domain_id=self.domain['id']) domain_id=self.domain['id'])
@ -1658,7 +1636,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.put(gd_entity['links']['assignment']) self.put(gd_entity['links']['assignment'])
ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id, ud_entity = self.build_role_assignment_entity(domain_id=self.domain_id,
user_id=self.user1['id'], user_id=user1['id'],
role_id=self.role2['id']) role_id=self.role2['id'])
self.put(ud_entity['links']['assignment']) self.put(ud_entity['links']['assignment'])
@ -1668,7 +1646,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.put(gp_entity['links']['assignment']) self.put(gp_entity['links']['assignment'])
up_entity = self.build_role_assignment_entity( up_entity = self.build_role_assignment_entity(
project_id=self.project1['id'], user_id=self.user1['id'], project_id=self.project1['id'], user_id=user1['id'],
role_id=self.role2['id']) role_id=self.role2['id'])
self.put(up_entity['links']['assignment']) self.put(up_entity['links']['assignment'])
@ -1692,7 +1670,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.assertRoleAssignmentInListResponse(r, ud_entity) self.assertRoleAssignmentInListResponse(r, ud_entity)
self.assertRoleAssignmentInListResponse(r, gd_entity) self.assertRoleAssignmentInListResponse(r, gd_entity)
collection_url = '/role_assignments?user.id=%s' % self.user1['id'] collection_url = '/role_assignments?user.id=%s' % user1['id']
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r, self.assertValidRoleAssignmentListResponse(r,
expected_length=2, expected_length=2,
@ -1721,7 +1699,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
collection_url = ( collection_url = (
'/role_assignments?user.id=%(user_id)s' '/role_assignments?user.id=%(user_id)s'
'&scope.project.id=%(project_id)s' % { '&scope.project.id=%(project_id)s' % {
'user_id': self.user1['id'], 'user_id': user1['id'],
'project_id': self.project1['id']}) 'project_id': self.project1['id']})
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r, self.assertValidRoleAssignmentListResponse(r,
@ -1734,7 +1712,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# assigned as well as by virtue of group membership # assigned as well as by virtue of group membership
collection_url = ('/role_assignments?effective&user.id=%s' % collection_url = ('/role_assignments?effective&user.id=%s' %
self.user1['id']) user1['id'])
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r, self.assertValidRoleAssignmentListResponse(r,
expected_length=4, expected_length=4,
@ -1752,9 +1730,9 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
up1_entity = self.build_role_assignment_entity( up1_entity = self.build_role_assignment_entity(
link=gp1_link, project_id=self.project1['id'], link=gp1_link, project_id=self.project1['id'],
user_id=self.user1['id'], role_id=self.role1['id']) user_id=user1['id'], role_id=self.role1['id'])
ud1_entity = self.build_role_assignment_entity( ud1_entity = self.build_role_assignment_entity(
link=gd1_link, domain_id=self.domain_id, user_id=self.user1['id'], link=gd1_link, domain_id=self.domain_id, user_id=user1['id'],
role_id=self.role1['id']) role_id=self.role1['id'])
self.assertRoleAssignmentInListResponse(r, up1_entity) self.assertRoleAssignmentInListResponse(r, up1_entity)
self.assertRoleAssignmentInListResponse(r, ud1_entity) self.assertRoleAssignmentInListResponse(r, ud1_entity)
@ -1766,7 +1744,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
collection_url = ( collection_url = (
'/role_assignments?effective&user.id=%(user_id)s' '/role_assignments?effective&user.id=%(user_id)s'
'&scope.project.id=%(project_id)s' % { '&scope.project.id=%(project_id)s' % {
'user_id': self.user1['id'], 'user_id': user1['id'],
'project_id': self.project1['id']}) 'project_id': self.project1['id']})
r = self.get(collection_url) r = self.get(collection_url)
self.assertValidRoleAssignmentListResponse(r, self.assertValidRoleAssignmentListResponse(r,
@ -1827,7 +1805,7 @@ class RoleAssignmentBaseTestCase(test_v3.RestfulTestCase,
# Create 3 users # Create 3 users
self.user_ids = [] self.user_ids = []
for i in range(3): for i in range(3):
user = self.new_user_ref(domain_id=self.domain_id) user = unit.new_user_ref(domain_id=self.domain_id)
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
self.user_ids.append(user['id']) self.user_ids.append(user['id'])
@ -2174,10 +2152,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
def test_get_token_from_inherited_user_domain_role_grants(self): def test_get_token_from_inherited_user_domain_role_grants(self):
# Create a new user to ensure that no grant is loaded from sample data # Create a new user to ensure that no grant is loaded from sample data
user = self.new_user_ref(domain_id=self.domain_id) user = unit.create_user(self.identity_api, domain_id=self.domain_id)
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
# Define domain and project authentication data # Define domain and project authentication data
domain_auth_data = self.build_authentication_request( domain_auth_data = self.build_authentication_request(
@ -2237,10 +2212,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
def test_get_token_from_inherited_group_domain_role_grants(self): def test_get_token_from_inherited_group_domain_role_grants(self):
# Create a new group and put a new user in it to # Create a new group and put a new user in it to
# ensure that no grant is loaded from sample data # ensure that no grant is loaded from sample data
user = self.new_user_ref(domain_id=self.domain_id) user = unit.create_user(self.identity_api, domain_id=self.domain_id)
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
group = unit.new_group_ref(domain_id=self.domain['id']) group = unit.new_group_ref(domain_id=self.domain['id'])
group = self.identity_api.create_group(group) group = self.identity_api.create_group(group)
@ -2401,11 +2373,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
project1 = self.new_project_ref( project1 = self.new_project_ref(
domain_id=domain['id']) domain_id=domain['id'])
self.resource_api.create_project(project1['id'], project1) self.resource_api.create_project(project1['id'], project1)
@ -2497,11 +2465,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
project1 = self.new_project_ref( project1 = self.new_project_ref(
domain_id=domain['id']) domain_id=domain['id'])
self.resource_api.create_project(project1['id'], project1) self.resource_api.create_project(project1['id'], project1)
@ -2589,16 +2553,8 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
domain_id=domain['id']) user2 = unit.create_user(self.identity_api, domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user2 = self.new_user_ref(
domain_id=domain['id'])
password = user2['password']
user2 = self.identity_api.create_user(user2)
user2['password'] = password
group1 = unit.new_group_ref(domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
self.identity_api.add_user_to_group(user1['id'], self.identity_api.add_user_to_group(user1['id'],
@ -2694,11 +2650,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase,
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api, domain_id=domain['id'])
domain_id=domain['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
group1 = unit.new_group_ref(domain_id=domain['id']) group1 = unit.new_group_ref(domain_id=domain['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
project1 = self.new_project_ref( project1 = self.new_project_ref(

139
keystone/tests/unit/test_v3_auth.py
View File

@ -153,14 +153,8 @@ class TokenAPITests(object):
self.resource_api.create_domain(new_domain['id'], new_domain) self.resource_api.create_domain(new_domain['id'], new_domain)
# 2) Create user in new domain. # 2) Create user in new domain.
new_user_password = uuid.uuid4().hex new_user = unit.create_user(self.identity_api,
new_user = { domain_id=new_domain['id'])
'name': uuid.uuid4().hex,
'domain_id': new_domain['id'],
'password': new_user_password,
'email': uuid.uuid4().hex,
}
new_user = self.identity_api.create_user(new_user)
# 3) Update the default_domain_id config option to the new domain # 3) Update the default_domain_id config option to the new domain
self.config_fixture.config( self.config_fixture.config(
@ -170,7 +164,7 @@ class TokenAPITests(object):
# 4) Get a token using v3 API. # 4) Get a token using v3 API.
v3_token = self.get_requested_token(self.build_authentication_request( v3_token = self.get_requested_token(self.build_authentication_request(
user_id=new_user['id'], user_id=new_user['id'],
password=new_user_password)) password=new_user['password']))
# 5) Validate token using v2 API. # 5) Validate token using v2 API.
self.admin_request( self.admin_request(
@ -614,16 +608,11 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
self.domainA = unit.new_domain_ref() self.domainA = unit.new_domain_ref()
self.resource_api.create_domain(self.domainA['id'], self.domainA) self.resource_api.create_domain(self.domainA['id'], self.domainA)
self.userAdminA = self.new_user_ref(domain_id=self.domainA['id']) self.userAdminA = unit.create_user(self.identity_api,
password = self.userAdminA['password'] domain_id=self.domainA['id'])
self.userAdminA = self.identity_api.create_user(self.userAdminA)
self.userAdminA['password'] = password
self.userNormalA = self.new_user_ref( self.userNormalA = unit.create_user(self.identity_api,
domain_id=self.domainA['id']) domain_id=self.domainA['id'])
password = self.userNormalA['password']
self.userNormalA = self.identity_api.create_user(self.userNormalA)
self.userNormalA['password'] = password
self.assignment_api.create_grant(self.role['id'], self.assignment_api.create_grant(self.role['id'],
user_id=self.userAdminA['id'], user_id=self.userAdminA['id'],
@ -715,12 +704,10 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
# DomainB setup # DomainB setup
self.domainB = unit.new_domain_ref() self.domainB = unit.new_domain_ref()
self.resource_api.create_domain(self.domainB['id'], self.domainB) self.resource_api.create_domain(self.domainB['id'], self.domainB)
self.userAdminB = self.new_user_ref(domain_id=self.domainB['id']) userAdminB = unit.create_user(self.identity_api,
password = self.userAdminB['password'] domain_id=self.domainB['id'])
self.userAdminB = self.identity_api.create_user(self.userAdminB)
self.userAdminB['password'] = password
self.assignment_api.create_grant(self.role['id'], self.assignment_api.create_grant(self.role['id'],
user_id=self.userAdminB['id'], user_id=userAdminB['id'],
domain_id=self.domainB['id']) domain_id=self.domainB['id'])
user_token = self.get_requested_token( user_token = self.get_requested_token(
@ -732,8 +719,8 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
adminB_token = self.get_requested_token( adminB_token = self.get_requested_token(
self.build_authentication_request( self.build_authentication_request(
user_id=self.userAdminB['id'], user_id=userAdminB['id'],
password=self.userAdminB['password'], password=userAdminB['password'],
domain_name=self.domainB['name'])) domain_name=self.domainB['name']))
self.head('/auth/tokens', headers=headers, self.head('/auth/tokens', headers=headers,
@ -791,23 +778,14 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
self.resource_api.create_project(self.projectB['id'], self.projectB) self.resource_api.create_project(self.projectB['id'], self.projectB)
# Now create some users # Now create some users
self.user1 = self.new_user_ref( self.user1 = unit.create_user(self.identity_api,
domain_id=self.domainA['id']) domain_id=self.domainA['id'])
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref( self.user2 = unit.create_user(self.identity_api,
domain_id=self.domainB['id']) domain_id=self.domainB['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref( self.user3 = unit.create_user(self.identity_api,
domain_id=self.domainB['id']) domain_id=self.domainB['id'])
password = self.user3['password']
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.group1 = unit.new_group_ref(domain_id=self.domainA['id']) self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
self.group1 = self.identity_api.create_group(self.group1) self.group1 = self.identity_api.create_group(self.group1)
@ -918,20 +896,12 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
def role_data_fixtures(self): def role_data_fixtures(self):
self.projectC = self.new_project_ref(domain_id=self.domainA['id']) self.projectC = self.new_project_ref(domain_id=self.domainA['id'])
self.resource_api.create_project(self.projectC['id'], self.projectC) self.resource_api.create_project(self.projectC['id'], self.projectC)
self.user4 = self.new_user_ref(domain_id=self.domainB['id']) self.user4 = unit.create_user(self.identity_api,
password = self.user4['password'] domain_id=self.domainB['id'])
self.user4 = self.identity_api.create_user(self.user4) self.user5 = unit.create_user(self.identity_api,
self.user4['password'] = password domain_id=self.domainA['id'])
self.user5 = self.new_user_ref( self.user6 = unit.create_user(self.identity_api,
domain_id=self.domainA['id']) domain_id=self.domainA['id'])
password = self.user5['password']
self.user5 = self.identity_api.create_user(self.user5)
self.user5['password'] = password
self.user6 = self.new_user_ref(
domain_id=self.domainA['id'])
password = self.user6['password']
self.user6 = self.identity_api.create_user(self.user6)
self.user6['password'] = password
self.identity_api.add_user_to_group(self.user5['id'], self.identity_api.add_user_to_group(self.user5['id'],
self.group1['id']) self.group1['id'])
self.assignment_api.create_grant(self.role1['id'], self.assignment_api.create_grant(self.role1['id'],
@ -2038,17 +2008,9 @@ class TestAuth(test_v3.RestfulTestCase):
projectA = self.new_project_ref(domain_id=domainA['id']) projectA = self.new_project_ref(domain_id=domainA['id'])
self.resource_api.create_project(projectA['id'], projectA) self.resource_api.create_project(projectA['id'], projectA)
user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api, domain_id=domainA['id'])
domain_id=domainA['id'])
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user2 = self.new_user_ref( user2 = unit.create_user(self.identity_api, domain_id=domainA['id'])
domain_id=domainA['id'])
password = user2['password']
user2 = self.identity_api.create_user(user2)
user2['password'] = password
group1 = unit.new_group_ref(domain_id=domainA['id']) group1 = unit.new_group_ref(domain_id=domainA['id'])
group1 = self.identity_api.create_group(group1) group1 = self.identity_api.create_group(group1)
@ -2150,10 +2112,8 @@ class TestAuth(test_v3.RestfulTestCase):
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain1['id']} 'domain_id': domain1['id']}
self.resource_api.create_project(project1['id'], project1) self.resource_api.create_project(project1['id'], project1)
user_foo = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID) user_foo = unit.create_user(self.identity_api,
password = user_foo['password'] domain_id=test_v3.DEFAULT_DOMAIN_ID)
user_foo = self.identity_api.create_user(user_foo)
user_foo['password'] = password
role_member = unit.new_role_ref() role_member = unit.new_role_ref()
self.role_api.create_role(role_member['id'], role_member) self.role_api.create_role(role_member['id'], role_member)
role_admin = unit.new_role_ref() role_admin = unit.new_role_ref()
@ -2577,8 +2537,8 @@ class TestAuth(test_v3.RestfulTestCase):
token_data['token']['bind']) token_data['token']['bind'])
def test_authenticating_a_user_with_no_password(self): def test_authenticating_a_user_with_no_password(self):
user = self.new_user_ref(domain_id=self.domain['id']) user = unit.new_user_ref(domain_id=self.domain['id'])
user.pop('password', None) # can't have a password for this test del user['password'] # can't have a password for this test
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
auth_data = self.build_authentication_request( auth_data = self.build_authentication_request(
@ -2764,9 +2724,8 @@ class TestTrustRedelegation(test_v3.RestfulTestCase):
def setUp(self): def setUp(self):
super(TestTrustRedelegation, self).setUp() super(TestTrustRedelegation, self).setUp()
# Create a trustee to delegate stuff to # Create a trustee to delegate stuff to
trustee_user_ref = self.new_user_ref(domain_id=self.domain_id) self.trustee_user = unit.create_user(self.identity_api,
self.trustee_user = self.identity_api.create_user(trustee_user_ref) domain_id=self.domain_id)
self.trustee_user['password'] = trustee_user_ref['password']
# trustor->trustee # trustor->trustee
self.redelegated_trust_ref = self.new_trust_ref( self.redelegated_trust_ref = self.new_trust_ref(
@ -3000,9 +2959,8 @@ class TestTrustChain(test_v3.RestfulTestCase):
self.user_chain = list() self.user_chain = list()
self.trust_chain = list() self.trust_chain = list()
for _ in range(3): for _ in range(3):
user_ref = self.new_user_ref(domain_id=self.domain_id) user = unit.create_user(self.identity_api,
user = self.identity_api.create_user(user_ref) domain_id=self.domain_id)
user['password'] = user_ref['password']
self.user_chain.append(user) self.user_chain.append(user)
# trustor->trustee # trustor->trustee
@ -3157,10 +3115,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
super(TestTrustAuth, self).setUp() super(TestTrustAuth, self).setUp()
# create a trustee to delegate stuff to # create a trustee to delegate stuff to
self.trustee_user = self.new_user_ref(domain_id=self.domain_id) self.trustee_user = unit.create_user(self.identity_api,
password = self.trustee_user['password'] domain_id=self.domain_id)
self.trustee_user = self.identity_api.create_user(self.trustee_user)
self.trustee_user['password'] = password
self.trustee_user_id = self.trustee_user['id'] self.trustee_user_id = self.trustee_user['id']
def test_create_trust_bad_request(self): def test_create_trust_bad_request(self):
@ -3461,10 +3417,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
def test_v3_v2_intermix_project_not_in_default_domaini_failed(self): def test_v3_v2_intermix_project_not_in_default_domaini_failed(self):
# create a trustee in default domain to delegate stuff to # create a trustee in default domain to delegate stuff to
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID) trustee_user = unit.create_user(self.identity_api,
password = trustee_user['password'] domain_id=test_v3.DEFAULT_DOMAIN_ID)
trustee_user = self.identity_api.create_user(trustee_user)
trustee_user['password'] = password
trustee_user_id = trustee_user['id'] trustee_user_id = trustee_user['id']
ref = self.new_trust_ref( ref = self.new_trust_ref(
@ -3501,10 +3455,8 @@ class TestTrustAuth(test_v3.RestfulTestCase):
def test_v3_v2_intermix(self): def test_v3_v2_intermix(self):
# create a trustee in default domain to delegate stuff to # create a trustee in default domain to delegate stuff to
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID) trustee_user = unit.create_user(self.identity_api,
password = trustee_user['password'] domain_id=test_v3.DEFAULT_DOMAIN_ID)
trustee_user = self.identity_api.create_user(trustee_user)
trustee_user['password'] = password
trustee_user_id = trustee_user['id'] trustee_user_id = trustee_user['id']
ref = self.new_trust_ref( ref = self.new_trust_ref(
@ -3678,11 +3630,9 @@ class TestTrustAuth(test_v3.RestfulTestCase):
""" """
# create a sub-trustee user # create a sub-trustee user
sub_trustee_user = self.new_user_ref( sub_trustee_user = unit.create_user(
self.identity_api,
domain_id=test_v3.DEFAULT_DOMAIN_ID) domain_id=test_v3.DEFAULT_DOMAIN_ID)
password = sub_trustee_user['password']
sub_trustee_user = self.identity_api.create_user(sub_trustee_user)
sub_trustee_user['password'] = password
sub_trustee_user_id = sub_trustee_user['id'] sub_trustee_user_id = sub_trustee_user['id']
# create a new role # create a new role
@ -4167,9 +4117,8 @@ class TestFernetTokenProvider(test_v3.RestfulTestCase):
def _create_trust(self): def _create_trust(self):
# Create a trustee user # Create a trustee user
trustee_user_ref = self.new_user_ref(domain_id=self.domain_id) trustee_user = unit.create_user(self.identity_api,
trustee_user = self.identity_api.create_user(trustee_user_ref) domain_id=self.domain_id)
trustee_user['password'] = trustee_user_ref['password']
ref = self.new_trust_ref( ref = self.new_trust_ref(
trustor_user_id=self.user_id, trustor_user_id=self.user_id,
trustee_user_id=trustee_user['id'], trustee_user_id=trustee_user['id'],

3
keystone/tests/unit/test_v3_credential.py
View File

@ -22,6 +22,7 @@ from six.moves import http_client
from testtools import matchers from testtools import matchers
from keystone import exception from keystone import exception
from keystone.tests import unit
from keystone.tests.unit import test_v3 from keystone.tests.unit import test_v3
@ -289,7 +290,7 @@ class TestCredentialTrustScoped(test_v3.RestfulTestCase):
def setUp(self): def setUp(self):
super(TestCredentialTrustScoped, self).setUp() super(TestCredentialTrustScoped, self).setUp()
self.trustee_user = self.new_user_ref(domain_id=self.domain_id) self.trustee_user = unit.new_user_ref(domain_id=self.domain_id)
password = self.trustee_user['password'] password = self.trustee_user['password']
self.trustee_user = self.identity_api.create_user(self.trustee_user) self.trustee_user = self.identity_api.create_user(self.trustee_user)
self.trustee_user['password'] = password self.trustee_user['password'] = password

21
keystone/tests/unit/test_v3_filters.py
View File

@ -66,21 +66,12 @@ class IdentityTestFilteredCase(filtering.FilterTests,
self.resource_api.create_domain(self.domainC['id'], self.domainC) self.resource_api.create_domain(self.domainC['id'], self.domainC)
# Now create some users, one in domainA and two of them in domainB # Now create some users, one in domainA and two of them in domainB
self.user1 = self.new_user_ref(domain_id=self.domainA['id']) self.user1 = unit.create_user(self.identity_api,
password = uuid.uuid4().hex domain_id=self.domainA['id'])
self.user1['password'] = password self.user2 = unit.create_user(self.identity_api,
self.user1 = self.identity_api.create_user(self.user1) domain_id=self.domainB['id'])
self.user1['password'] = password self.user3 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
self.user2['password'] = password
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
self.user3['password'] = password
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.role = unit.new_role_ref() self.role = unit.new_role_ref()
self.role_api.create_role(self.role['id'], self.role) self.role_api.create_role(self.role['id'], self.role)

157
keystone/tests/unit/test_v3_identity.py
View File

@ -53,7 +53,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_create_user(self): def test_create_user(self):
"""Call ``POST /users``.""" """Call ``POST /users``."""
ref = self.new_user_ref(domain_id=self.domain_id) ref = unit.new_user_ref(domain_id=self.domain_id)
r = self.post( r = self.post(
'/users', '/users',
body={'user': ref}) body={'user': ref})
@ -71,15 +71,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
# domain scoped token # domain scoped token
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user = self.new_user_ref(domain_id=domain['id']) user = unit.create_user(self.identity_api, domain_id=domain['id'])
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
self.assignment_api.create_grant( self.assignment_api.create_grant(
role_id=self.role_id, user_id=user['id'], role_id=self.role_id, user_id=user['id'],
domain_id=domain['id']) domain_id=domain['id'])
ref = self.new_user_ref(domain_id=domain['id']) ref = unit.new_user_ref(domain_id=domain['id'])
ref_nd = ref.copy() ref_nd = ref.copy()
ref_nd.pop('domain_id') ref_nd.pop('domain_id')
auth = self.build_authentication_request( auth = self.build_authentication_request(
@ -90,7 +87,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.assertValidUserResponse(r, ref) self.assertValidUserResponse(r, ref)
# Now try the same thing without a domain token - which should fail # Now try the same thing without a domain token - which should fail
ref = self.new_user_ref(domain_id=domain['id']) ref = unit.new_user_ref(domain_id=domain['id'])
ref_nd = ref.copy() ref_nd = ref.copy()
ref_nd.pop('domain_id') ref_nd.pop('domain_id')
auth = self.build_authentication_request( auth = self.build_authentication_request(
@ -137,15 +134,12 @@ class IdentityTestCase(test_v3.RestfulTestCase):
# domain scoped token # domain scoped token
domain = unit.new_domain_ref() domain = unit.new_domain_ref()
self.resource_api.create_domain(domain['id'], domain) self.resource_api.create_domain(domain['id'], domain)
user = self.new_user_ref(domain_id=domain['id']) user = unit.create_user(self.identity_api, domain_id=domain['id'])
password = user['password']
user = self.identity_api.create_user(user)
user['password'] = password
self.assignment_api.create_grant( self.assignment_api.create_grant(
role_id=self.role_id, user_id=user['id'], role_id=self.role_id, user_id=user['id'],
domain_id=domain['id']) domain_id=domain['id'])
ref = self.new_user_ref(domain_id=domain['id']) ref = unit.new_user_ref(domain_id=domain['id'])
ref_nd = ref.copy() ref_nd = ref.copy()
ref_nd.pop('domain_id') ref_nd.pop('domain_id')
auth = self.build_authentication_request( auth = self.build_authentication_request(
@ -180,7 +174,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_users_no_default_project(self): def test_list_users_no_default_project(self):
"""Call ``GET /users`` making sure no default_project_id.""" """Call ``GET /users`` making sure no default_project_id."""
user = self.new_user_ref(self.domain_id) user = unit.new_user_ref(self.domain_id)
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
resource_url = '/users' resource_url = '/users'
r = self.get(resource_url) r = self.get(resource_url)
@ -195,7 +189,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_get_user_with_default_project(self): def test_get_user_with_default_project(self):
"""Call ``GET /users/{user_id}`` making sure of default_project_id.""" """Call ``GET /users/{user_id}`` making sure of default_project_id."""
user = self.new_user_ref(domain_id=self.domain_id, user = unit.new_user_ref(domain_id=self.domain_id,
project_id=self.project_id) project_id=self.project_id)
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
r = self.get('/users/%(user_id)s' % {'user_id': user['id']}) r = self.get('/users/%(user_id)s' % {'user_id': user['id']})
@ -208,44 +202,39 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_groups_for_user(self): def test_list_groups_for_user(self):
"""Call ``GET /users/{user_id}/groups``.""" """Call ``GET /users/{user_id}/groups``."""
self.user1 = self.new_user_ref( user1 = unit.create_user(self.identity_api,
domain_id=self.domain['id']) domain_id=self.domain['id'])
password = self.user1['password'] user2 = unit.create_user(self.identity_api,
self.user1 = self.identity_api.create_user(self.user1) domain_id=self.domain['id'])
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.put('/groups/%(group_id)s/users/%(user_id)s' % { self.put('/groups/%(group_id)s/users/%(user_id)s' % {
'group_id': self.group_id, 'user_id': self.user1['id']}) 'group_id': self.group_id, 'user_id': user1['id']})
# Scenarios below are written to test the default policy configuration # Scenarios below are written to test the default policy configuration
# One should be allowed to list one's own groups # One should be allowed to list one's own groups
auth = self.build_authentication_request( auth = self.build_authentication_request(
user_id=self.user1['id'], user_id=user1['id'],
password=self.user1['password']) password=user1['password'])
resource_url = ('/users/%(user_id)s/groups' % resource_url = ('/users/%(user_id)s/groups' %
{'user_id': self.user1['id']}) {'user_id': user1['id']})
r = self.get(resource_url, auth=auth) r = self.get(resource_url, auth=auth)
self.assertValidGroupListResponse(r, ref=self.group, self.assertValidGroupListResponse(r, ref=self.group,
resource_url=resource_url) resource_url=resource_url)
# Administrator is allowed to list others' groups # Administrator is allowed to list others' groups
resource_url = ('/users/%(user_id)s/groups' % resource_url = ('/users/%(user_id)s/groups' %
{'user_id': self.user1['id']}) {'user_id': user1['id']})
r = self.get(resource_url) r = self.get(resource_url)
self.assertValidGroupListResponse(r, ref=self.group, self.assertValidGroupListResponse(r, ref=self.group,
resource_url=resource_url) resource_url=resource_url)
# Ordinary users should not be allowed to list other's groups # Ordinary users should not be allowed to list other's groups
auth = self.build_authentication_request( auth = self.build_authentication_request(
user_id=self.user2['id'], user_id=user2['id'],
password=self.user2['password']) password=user2['password'])
r = self.get('/users/%(user_id)s/groups' % { r = self.get('/users/%(user_id)s/groups' % {
'user_id': self.user1['id']}, auth=auth, 'user_id': user1['id']}, auth=auth,
expected_status=exception.ForbiddenAction.code) expected_status=exception.ForbiddenAction.code)
def test_check_user_in_group(self): def test_check_user_in_group(self):
@ -276,7 +265,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_update_user(self): def test_update_user(self):
"""Call ``PATCH /users/{user_id}``.""" """Call ``PATCH /users/{user_id}``."""
user = self.new_user_ref(domain_id=self.domain_id) user = unit.new_user_ref(domain_id=self.domain_id)
del user['id'] del user['id']
r = self.patch('/users/%(user_id)s' % { r = self.patch('/users/%(user_id)s' % {
'user_id': self.user['id']}, 'user_id': self.user['id']},
@ -285,14 +274,13 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_admin_password_reset(self): def test_admin_password_reset(self):
# bootstrap a user as admin # bootstrap a user as admin
user_ref = self.new_user_ref(domain_id=self.domain['id']) user_ref = unit.create_user(self.identity_api,
password = user_ref['password'] domain_id=self.domain['id'])
user_ref = self.identity_api.create_user(user_ref)
# auth as user should work before a password change # auth as user should work before a password change
old_password_auth = self.build_authentication_request( old_password_auth = self.build_authentication_request(
user_id=user_ref['id'], user_id=user_ref['id'],
password=password) password=user_ref['password'])
r = self.v3_create_token(old_password_auth) r = self.v3_create_token(old_password_auth)
old_token = r.headers.get('X-Subject-Token') old_token = r.headers.get('X-Subject-Token')
@ -321,7 +309,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_update_user_domain_id(self): def test_update_user_domain_id(self):
"""Call ``PATCH /users/{user_id}`` with domain_id.""" """Call ``PATCH /users/{user_id}`` with domain_id."""
user = self.new_user_ref(domain_id=self.domain['id']) user = unit.new_user_ref(domain_id=self.domain['id'])
user = self.identity_api.create_user(user) user = self.identity_api.create_user(user)
user['domain_id'] = CONF.identity.default_domain_id user['domain_id'] = CONF.identity.default_domain_id
r = self.patch('/users/%(user_id)s' % { r = self.patch('/users/%(user_id)s' % {
@ -348,12 +336,11 @@ class IdentityTestCase(test_v3.RestfulTestCase):
r = self.credential_api.get_credential(self.credential['id']) r = self.credential_api.get_credential(self.credential['id'])
self.assertDictEqual(self.credential, r) self.assertDictEqual(self.credential, r)
# Create a second credential with a different user # Create a second credential with a different user
self.user2 = self.new_user_ref( user2 = unit.new_user_ref(domain_id=self.domain['id'],
domain_id=self.domain['id'], project_id=self.project['id'])
project_id=self.project['id']) user2 = self.identity_api.create_user(user2)
self.user2 = self.identity_api.create_user(self.user2)
self.credential2 = self.new_credential_ref( self.credential2 = self.new_credential_ref(
user_id=self.user2['id'], user_id=user2['id'],
project_id=self.project['id']) project_id=self.project['id'])
self.credential_api.create_credential( self.credential_api.create_credential(
self.credential2['id'], self.credential2['id'],
@ -449,7 +436,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
ref = self.new_user_ref(domain_id=self.domain_id) ref = unit.new_user_ref(domain_id=self.domain_id)
self.post( self.post(
'/users', '/users',
body={'user': ref}) body={'user': ref})
@ -463,59 +450,75 @@ class IdentityTestCase(test_v3.RestfulTestCase):
log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG)) log_fix = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
# bootstrap a user as admin # bootstrap a user as admin
user_ref = self.new_user_ref(domain_id=self.domain['id']) user_ref = unit.create_user(self.identity_api,
password = user_ref['password'] domain_id=self.domain['id'])
user_ref = self.identity_api.create_user(user_ref)
self.assertNotIn(user_ref['password'], log_fix.output)
# administrative password reset # administrative password reset
new_password = uuid.uuid4().hex new_password = uuid.uuid4().hex
self.patch('/users/%s' % user_ref['id'], self.patch('/users/%s' % user_ref['id'],
body={'user': {'password': new_password}}) body={'user': {'password': new_password}})
self.assertNotIn(password, log_fix.output)
self.assertNotIn(new_password, log_fix.output) self.assertNotIn(new_password, log_fix.output)
class IdentityV3toV2MethodsTestCase(unit.TestCase): class IdentityV3toV2MethodsTestCase(unit.TestCase):
"""Test users V3 to V2 conversion methods.""" """Test users V3 to V2 conversion methods."""
def new_user_ref(self, **kwargs):
"""Construct a bare bones user ref.
Omits all optional components.
"""
ref = unit.new_user_ref(**kwargs)
# description is already omitted
del ref['email']
del ref['enabled']
del ref['password']
return ref
def setUp(self): def setUp(self):
super(IdentityV3toV2MethodsTestCase, self).setUp() super(IdentityV3toV2MethodsTestCase, self).setUp()
self.load_backends() self.load_backends()
self.user_id = uuid.uuid4().hex user_id = uuid.uuid4().hex
self.default_project_id = uuid.uuid4().hex project_id = uuid.uuid4().hex
self.tenant_id = uuid.uuid4().hex
# User with only default_project_id in ref # User with only default_project_id in ref
self.user1 = {'id': self.user_id, self.user1 = self.new_user_ref(
'name': self.user_id, id=user_id,
'default_project_id': self.default_project_id, name=user_id,
'domain_id': CONF.identity.default_domain_id} project_id=project_id,
domain_id=CONF.identity.default_domain_id)
# User without default_project_id or tenantId in ref # User without default_project_id or tenantId in ref
self.user2 = {'id': self.user_id, self.user2 = self.new_user_ref(
'name': self.user_id, id=user_id,
'domain_id': CONF.identity.default_domain_id} name=user_id,
domain_id=CONF.identity.default_domain_id)
# User with both tenantId and default_project_id in ref # User with both tenantId and default_project_id in ref
self.user3 = {'id': self.user_id, self.user3 = self.new_user_ref(
'name': self.user_id, id=user_id,
'default_project_id': self.default_project_id, name=user_id,
'tenantId': self.tenant_id, project_id=project_id,
'domain_id': CONF.identity.default_domain_id} tenantId=project_id,
domain_id=CONF.identity.default_domain_id)
# User with only tenantId in ref # User with only tenantId in ref
self.user4 = {'id': self.user_id, self.user4 = self.new_user_ref(
'name': self.user_id, id=user_id,
'tenantId': self.tenant_id, name=user_id,
'domain_id': CONF.identity.default_domain_id} tenantId=project_id,
domain_id=CONF.identity.default_domain_id)
# Expected result if the user is meant to have a tenantId element # Expected result if the user is meant to have a tenantId element
self.expected_user = {'id': self.user_id, self.expected_user = {'id': user_id,
'name': self.user_id, 'name': user_id,
'username': self.user_id, 'username': user_id,
'tenantId': self.default_project_id} 'tenantId': project_id}
# Expected result if the user is not meant to have a tenantId element # Expected result if the user is not meant to have a tenantId element
self.expected_user_no_tenant_id = {'id': self.user_id, self.expected_user_no_tenant_id = {'id': user_id,
'name': self.user_id, 'name': user_id,
'username': self.user_id} 'username': user_id}
def test_v3_to_v2_user_method(self): def test_v3_to_v2_user_method(self):
@ -552,10 +555,8 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
def setUp(self): def setUp(self):
super(UserSelfServiceChangingPasswordsTestCase, self).setUp() super(UserSelfServiceChangingPasswordsTestCase, self).setUp()
self.user_ref = self.new_user_ref(domain_id=self.domain['id']) self.user_ref = unit.create_user(self.identity_api,
password = self.user_ref['password'] domain_id=self.domain['id'])
self.user_ref = self.identity_api.create_user(self.user_ref)
self.user_ref['password'] = password
self.token = self.get_request_token(self.user_ref['password'], self.token = self.get_request_token(self.user_ref['password'],
http_client.CREATED) http_client.CREATED)

3
keystone/tests/unit/test_v3_oauth1.py
View File

@ -25,6 +25,7 @@ from keystone.contrib import oauth1
from keystone.contrib.oauth1 import controllers from keystone.contrib.oauth1 import controllers
from keystone.contrib.oauth1 import core from keystone.contrib.oauth1 import core
from keystone import exception from keystone import exception
from keystone.tests import unit
from keystone.tests.unit.common import test_notifications from keystone.tests.unit.common import test_notifications
from keystone.tests.unit.ksfixtures import temporaryfile from keystone.tests.unit.ksfixtures import temporaryfile
from keystone.tests.unit import test_v3 from keystone.tests.unit import test_v3
@ -388,7 +389,7 @@ class AuthTokenTests(OAuthFlowTests):
self.assertEqual(self.role_id, roles_list[0]['id']) self.assertEqual(self.role_id, roles_list[0]['id'])
# verify that the token can perform delegated tasks # verify that the token can perform delegated tasks
ref = self.new_user_ref(domain_id=self.domain_id) ref = unit.new_user_ref(domain_id=self.domain_id)
r = self.admin_request(path='/v3/users', headers=headers, r = self.admin_request(path='/v3/users', headers=headers,
method='POST', body={'user': ref}) method='POST', body={'user': ref})
self.assertValidUserResponse(r, ref) self.assertValidUserResponse(r, ref)

87
keystone/tests/unit/test_v3_protection.py
View File

@ -74,23 +74,12 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
self.resource_api.create_domain(self.domainC['id'], self.domainC) self.resource_api.create_domain(self.domainC['id'], self.domainC)
# Now create some users, one in domainA and two of them in domainB # Now create some users, one in domainA and two of them in domainB
self.user1 = self.new_user_ref(domain_id=self.domainA['id']) self.user1 = unit.create_user(self.identity_api,
password = uuid.uuid4().hex domain_id=self.domainA['id'])
self.user1['password'] = password self.user2 = unit.create_user(self.identity_api,
self.user1 = self.identity_api.create_user(self.user1) domain_id=self.domainB['id'])
self.user1['password'] = password self.user3 = unit.create_user(self.identity_api,
domain_id=self.domainB['id'])
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
password = uuid.uuid4().hex
self.user2['password'] = password
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
password = uuid.uuid4().hex
self.user3['password'] = password
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.group1 = unit.new_group_ref(domain_id=self.domainA['id']) self.group1 = unit.new_group_ref(domain_id=self.domainA['id'])
self.group1 = self.identity_api.create_group(self.group1) self.group1 = self.identity_api.create_group(self.group1)
@ -347,26 +336,15 @@ class IdentityTestPolicySample(test_v3.RestfulTestCase):
def load_sample_data(self): def load_sample_data(self):
self._populate_default_domain() self._populate_default_domain()
self.just_a_user = self.new_user_ref( self.just_a_user = unit.create_user(
self.identity_api,
domain_id=CONF.identity.default_domain_id) domain_id=CONF.identity.default_domain_id)
password = uuid.uuid4().hex self.another_user = unit.create_user(
self.just_a_user['password'] = password self.identity_api,
self.just_a_user = self.identity_api.create_user(self.just_a_user)
self.just_a_user['password'] = password
self.another_user = self.new_user_ref(
domain_id=CONF.identity.default_domain_id) domain_id=CONF.identity.default_domain_id)
password = uuid.uuid4().hex self.admin_user = unit.create_user(
self.another_user['password'] = password self.identity_api,
self.another_user = self.identity_api.create_user(self.another_user)
self.another_user['password'] = password
self.admin_user = self.new_user_ref(
domain_id=CONF.identity.default_domain_id) domain_id=CONF.identity.default_domain_id)
password = uuid.uuid4().hex
self.admin_user['password'] = password
self.admin_user = self.identity_api.create_user(self.admin_user)
self.admin_user['password'] = password
self.role = unit.new_role_ref() self.role = unit.new_role_ref()
self.role_api.create_role(self.role['id'], self.role) self.role_api.create_role(self.role['id'], self.role)
@ -626,32 +604,18 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
self.admin_domain) self.admin_domain)
# And our users # And our users
self.cloud_admin_user = self.new_user_ref( self.cloud_admin_user = unit.create_user(
self.identity_api,
domain_id=self.admin_domain['id']) domain_id=self.admin_domain['id'])
password = uuid.uuid4().hex self.just_a_user = unit.create_user(
self.cloud_admin_user['password'] = password self.identity_api,
self.cloud_admin_user = (
self.identity_api.create_user(self.cloud_admin_user))
self.cloud_admin_user['password'] = password
self.just_a_user = self.new_user_ref(domain_id=self.domainA['id'])
password = uuid.uuid4().hex
self.just_a_user['password'] = password
self.just_a_user = self.identity_api.create_user(self.just_a_user)
self.just_a_user['password'] = password
self.domain_admin_user = self.new_user_ref(
domain_id=self.domainA['id']) domain_id=self.domainA['id'])
password = uuid.uuid4().hex self.domain_admin_user = unit.create_user(
self.domain_admin_user['password'] = password self.identity_api,
self.domain_admin_user = ( domain_id=self.domainA['id'])
self.identity_api.create_user(self.domain_admin_user)) self.project_admin_user = unit.create_user(
self.domain_admin_user['password'] = password self.identity_api,
self.project_admin_user = self.new_user_ref(
domain_id=self.domainA['id']) domain_id=self.domainA['id'])
password = uuid.uuid4().hex
self.project_admin_user['password'] = password
self.project_admin_user = (
self.identity_api.create_user(self.project_admin_user))
self.project_admin_user['password'] = password
# The admin role and another plain role # The admin role and another plain role
self.admin_role = unit.new_role_ref(name='admin') self.admin_role = unit.new_role_ref(name='admin')
@ -706,7 +670,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
self.delete(entity_url, auth=self.auth, self.delete(entity_url, auth=self.auth,
expected_status=status_no_data) expected_status=status_no_data)
user_ref = self.new_user_ref(domain_id=domain_id) user_ref = unit.new_user_ref(domain_id=domain_id)
self.post('/users', auth=self.auth, body={'user': user_ref}, self.post('/users', auth=self.auth, body={'user': user_ref},
expected_status=status_created) expected_status=status_created)
@ -1079,9 +1043,8 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
def test_get_and_delete_ec2_credentials(self): def test_get_and_delete_ec2_credentials(self):
"""Tests getting and deleting ec2 credentials through the ec2 API.""" """Tests getting and deleting ec2 credentials through the ec2 API."""
another_user = self.new_user_ref(domain_id=self.domainA['id']) another_user = unit.create_user(self.identity_api,
password = another_user['password'] domain_id=self.domainA['id'])
another_user = self.identity_api.create_user(another_user)
# create a credential for just_a_user # create a credential for just_a_user
just_user_auth = self.build_authentication_request( just_user_auth = self.build_authentication_request(
@ -1095,7 +1058,7 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
# another normal user can't get the credential # another normal user can't get the credential
another_user_auth = self.build_authentication_request( another_user_auth = self.build_authentication_request(
user_id=another_user['id'], user_id=another_user['id'],
password=password) password=another_user['password'])
another_user_url = '/users/%s/credentials/OS-EC2/%s' % ( another_user_url = '/users/%s/credentials/OS-EC2/%s' % (
another_user['id'], r.result['credential']['access']) another_user['id'], r.result['credential']['access'])
self.get(another_user_url, auth=another_user_auth, self.get(another_user_url, auth=another_user_auth,

9
keystone/tests/unit/test_validation.py
View File

@ -1717,13 +1717,8 @@ class UserValidationTestCase(unit.BaseTestCase):
def test_validate_user_create_with_all_valid_parameters_succeeds(self): def test_validate_user_create_with_all_valid_parameters_succeeds(self):
"""Test that validating a user create request succeeds.""" """Test that validating a user create request succeeds."""
request_to_validate = {'name': self.user_name, request_to_validate = unit.new_user_ref(domain_id=uuid.uuid4().hex,
'default_project_id': uuid.uuid4().hex, name=self.user_name)
'domain_id': uuid.uuid4().hex,
'description': uuid.uuid4().hex,
'enabled': True,
'email': uuid.uuid4().hex,
'password': uuid.uuid4().hex}
self.create_user_validator.validate(request_to_validate) self.create_user_validator.validate(request_to_validate)
def test_validate_user_create_fails_without_name(self): def test_validate_user_create_fails_without_name(self):