openstack
/
keystone
Code Issues Proposed changes

Migrate ID generation for users/groups from controller to manager 

The implementation of multi-backend unique IDs requires that the
manager layer is in charge of ID generation.  This patch lays that
ground work.  No functional change should be observed from this patch.

Partially Implements: blueprint multi-backend-uuids

Change-Id: I2253aa9872d1c9950ef35851bd3f11d7ab5e433b
This commit is contained in:
Henry Nash 2014-06-18 10:54:33 +01:00 committed by Morgan Fainberg
parent 95bc069519
commit 799758b5b7
21 changed files with 679 additions and 786 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
keystone/identity/controllers.py
View File

@ -15,7 +15,6 @@
"""Workflow Logic the Identity service."""
import functools
import uuid
from keystone.common import controller
from keystone.common import dependency
@ -78,15 +77,14 @@ class User(controller.V2Controller):
self.assignment_api.get_project(default_project_id)
user['default_project_id'] = default_project_id
user_id = uuid.uuid4().hex
# The manager layer will generate the unique ID for users
user_ref = self._normalize_domain_id(context, user.copy())
user_ref['id'] = user_id
new_user_ref = self.v3_to_v2_user(
self.identity_api.create_user(user_id, user_ref))
self.identity_api.create_user(user_ref))
if default_project_id is not None:
self.assignment_api.add_user_to_project(default_project_id,
user_id)
new_user_ref['id'])
return {'user': new_user_ref}
@controller.v2_deprecated
@ -209,9 +207,10 @@ class UserV3(controller.V3Controller):
def create_user(self, context, user):
self._require_attribute(user, 'name')
ref = self._assign_unique_id(self._normalize_dict(user))
# The manager layer will generate the unique ID for users
ref = self._normalize_dict(user)
ref = self._normalize_domain_id(context, ref)
ref = self.identity_api.create_user(ref['id'], ref)
ref = self.identity_api.create_user(ref)
return UserV3.wrap_member(context, ref)
@controller.filterprotected('domain_id', 'enabled', 'name')
@ -313,9 +312,10 @@ class GroupV3(controller.V3Controller):
def create_group(self, context, group):
self._require_attribute(group, 'name')
ref = self._assign_unique_id(self._normalize_dict(group))
# The manager layer will generate the unique ID for groups
ref = self._normalize_dict(group)
ref = self._normalize_domain_id(context, ref)
ref = self.identity_api.create_group(ref['id'], ref)
ref = self.identity_api.create_group(ref)
return GroupV3.wrap_member(context, ref)
@controller.filterprotected('domain_id', 'name')

15
keystone/identity/core.py
View File

@ -17,6 +17,7 @@
import abc
import functools
import os
import uuid
from oslo.config import cfg
import six
@ -278,9 +279,9 @@ class Manager(manager.Manager):
ref = self._set_domain_id(ref, domain_id)
return ref
@notifications.created(_USER)
@notifications.created(_USER, result_id_arg_attr='id')
@domains_configured
def create_user(self, user_id, user_ref):
def create_user(self, user_ref):
user = user_ref.copy()
user['name'] = clean.user_name(user['name'])
user.setdefault('enabled', True)
@ -291,7 +292,8 @@ class Manager(manager.Manager):
driver = self._select_identity_driver(domain_id)
if not driver.is_domain_aware():
user = self._clear_domain_id(user)
ref = driver.create_user(user_id, user)
user['id'] = uuid.uuid4().hex
ref = driver.create_user(user['id'], user)
if not driver.is_domain_aware():
ref = self._set_domain_id(ref, domain_id)
return ref
@ -354,9 +356,9 @@ class Manager(manager.Manager):
self.credential_api.delete_credentials_for_user(user_id)
self.token_api.delete_tokens_for_user(user_id)
@notifications.created(_GROUP)
@notifications.created(_GROUP, result_id_arg_attr='id')
@domains_configured
def create_group(self, group_id, group_ref):
def create_group(self, group_ref):
group = group_ref.copy()
group.setdefault('description', '')
@ -365,7 +367,8 @@ class Manager(manager.Manager):
driver = self._select_identity_driver(domain_id)
if not driver.is_domain_aware():
group = self._clear_domain_id(group)
ref = driver.create_group(group_id, group)
group['id'] = uuid.uuid4().hex
ref = driver.create_group(group['id'], group)
if not driver.is_domain_aware():
ref = self._set_domain_id(ref, domain_id)
return ref

8
keystone/notifications.py
View File

@ -62,11 +62,12 @@ class ManagerNotificationWrapper(object):
"""
def __init__(self, operation, resource_type, public=True,
resource_id_arg_index=1):
resource_id_arg_index=1, result_id_arg_attr=None):
self.operation = operation
self.resource_type = resource_type
self.public = public
self.resource_id_arg_index = resource_id_arg_index
self.result_id_arg_attr = result_id_arg_attr
def __call__(self, f):
def wrapper(*args, **kwargs):
@ -76,7 +77,10 @@ class ManagerNotificationWrapper(object):
except Exception:
raise
else:
resource_id = args[self.resource_id_arg_index]
if self.result_id_arg_attr is not None:
resource_id = result[self.result_id_arg_attr]
else:
resource_id = args[self.resource_id_arg_index]
_send_notification(
self.operation,
self.resource_type,

22
keystone/tests/core.py
View File

@ -479,6 +479,7 @@ class TestCase(BaseTestCase):
tenant['id'], tenant)
except exception.Conflict:
rv = self.assignment_api.get_project(tenant['id'])
attrname = 'tenant_%s' % tenant['id']
setattr(self, attrname, rv)
fixtures_to_cleanup.append(attrname)
@ -496,15 +497,28 @@ class TestCase(BaseTestCase):
user_copy = user.copy()
tenants = user_copy.pop('tenants')
try:
self.identity_api.create_user(user['id'], user_copy)
except exception.Conflict:
existing_user = getattr(self, 'user_%s' % user['id'], None)
if existing_user is not None:
self.identity_api.delete_user(existing_user['id'])
except exception.UserNotFound:
pass
# For users, the manager layer will generate the ID
user_copy = self.identity_api.create_user(user_copy)
# Our tests expect that the password is still in the user
# record so that they can reference it, so put it back into
# the dict returned.
user_copy['password'] = user['password']
for tenant_id in tenants:
try:
self.assignment_api.add_user_to_project(tenant_id,
user['id'])
self.assignment_api.add_user_to_project(
tenant_id, user_copy['id'])
except exception.Conflict:
pass
# Use the ID from the fixture as the attribute name, so
# that our tests can easily reference each user dict, while
# the ID in the dict will be the real public ID.
attrname = 'user_%s' % user['id']
setattr(self, attrname, user_copy)
fixtures_to_cleanup.append(attrname)

10
keystone/tests/filtering.py
View File

@ -58,10 +58,14 @@ class FilterTests(object):
return f
def _create_one_entity(self, entity_type, domain_id):
new_entity = {'id': '0000' + uuid.uuid4().hex,
'name': uuid.uuid4().hex,
new_entity = {'name': uuid.uuid4().hex,
'domain_id': domain_id}
self._create_entity(entity_type)(new_entity['id'], new_entity)
if entity_type in ['user', 'group']:
# The manager layer creates the ID for users and groups
new_entity = self._create_entity(entity_type)(new_entity)
else:
new_entity['id'] = '0000' + uuid.uuid4().hex
self._create_entity(entity_type)(new_entity['id'], new_entity)
return new_entity
def _create_test_data(self, entity_type, number, domain_id=None):

14
keystone/tests/test_auth.py
View File

@ -266,9 +266,8 @@ class AuthWithToken(AuthTest):
# Now create a group role for this user as well
domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
self.assignment_api.create_domain(domain1['id'], domain1)
new_group = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
new_group = {'domain_id': domain1['id'], 'name': uuid.uuid4().hex}
new_group = self.identity_api.create_group(new_group)
self.identity_api.add_user_to_group(self.user_foo['id'],
new_group['id'])
self.assignment_api.create_grant(
@ -308,9 +307,8 @@ class AuthWithToken(AuthTest):
role_group_domain1)
self.assignment_api.add_user_to_project(project1['id'],
self.user_foo['id'])
new_group = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
new_group = {'domain_id': domain1['id'], 'name': uuid.uuid4().hex}
new_group = self.identity_api.create_group(new_group)
self.identity_api.add_user_to_group(self.user_foo['id'],
new_group['id'])
self.assignment_api.create_grant(
@ -523,17 +521,15 @@ class AuthWithPasswordCredentials(AuthTest):
# 2) Create user "foo" in new domain with different password than
# default-domain foo.
new_user_id = uuid.uuid4().hex
new_user_password = uuid.uuid4().hex
new_user = {
'id': new_user_id,
'name': self.user_foo['name'],
'domain_id': new_domain_id,
'password': new_user_password,
'email': 'foo@bar2.com',
}
self.identity_api.create_user(new_user_id, new_user)
new_user = self.identity_api.create_user(new_user)
# 3) Update the default_domain_id config option to the new domain

719
keystone/tests/test_backend.py
View File

File diff suppressed because it is too large Load Diff

238
keystone/tests/test_backend_ldap.py
View File

@ -86,22 +86,20 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertEqual("ou=Users,%s" % CONF.ldap.suffix, user_api.tree_dn)
def test_configurable_allowed_user_actions(self):
user = {'id': u'fäké1',
'name': u'fäké1',
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'tenants': ['bar']}
self.identity_api.create_user(u'fäké1', user)
user_ref = self.identity_api.get_user(u'fäké1')
self.assertEqual(u'fäké1', user_ref['id'])
user = self.identity_api.create_user(user)
self.identity_api.get_user(user['id'])
user['password'] = u'fäképass2'
self.identity_api.update_user(u'fäké1', user)
self.identity_api.update_user(user['id'], user)
self.identity_api.delete_user(u'fäké1')
self.identity_api.delete_user(user['id'])
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user,
u'fäké1')
user['id'])
def test_configurable_forbidden_user_actions(self):
conf = self.get_config(CONF.identity.default_domain_id)
@ -110,14 +108,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
conf.ldap.user_allow_delete = False
self.reload_backends(CONF.identity.default_domain_id)
user = {'id': u'fäké1',
'name': u'fäké1',
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'tenants': ['bar']}
self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_user,
u'fäké1',
user)
self.user_foo['password'] = u'fäképass2'
@ -137,7 +133,6 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_user,
self.user_foo['id'],
self.user_foo)
def test_user_filter(self):
@ -176,13 +171,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_get_and_remove_role_grant_by_group_and_project(self):
new_domain = self._get_domain_fixture()
new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
new_group = {'domain_id': new_domain['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'enabled': True,
new_group = self.identity_api.create_group(new_group)
new_user = {'name': 'new_user', 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
new_user = self.identity_api.create_user(new_user)
self.identity_api.add_user_to_group(new_user['id'],
new_group['id'])
@ -255,10 +249,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user(self):
domain = self._get_domain_fixture()
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'domain_id': domain['id'],
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1)
user_projects = self.assignment_api.list_projects_for_user(user1['id'])
self.assertThat(user_projects, matchers.HasLength(0))
@ -274,14 +267,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.assertThat(user_projects, matchers.HasLength(2))
# Now, check number of projects through groups
user2 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'domain_id': domain['id'],
'enabled': True}
self.identity_api.create_user(user2['id'], user2)
user2 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user2 = self.identity_api.create_user(user2)
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
self.identity_api.create_group(group1['id'], group1)
group1 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
group1 = self.identity_api.create_group(group1)
self.identity_api.add_user_to_group(user2['id'], group1['id'])
@ -306,15 +297,13 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user_and_groups(self):
domain = self._get_domain_fixture()
# Create user1
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'domain_id': domain['id'],
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
user1 = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'domain_id': domain['id'], 'enabled': True}
user1 = self.identity_api.create_user(user1)
# Create new group for user1
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
self.identity_api.create_group(group1['id'], group1)
group1 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
group1 = self.identity_api.create_group(group1)
# Add user1 to group1
self.identity_api.add_user_to_group(user1['id'], group1['id'])
@ -343,17 +332,14 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_projects_for_user_with_grants(self):
domain = self._get_domain_fixture()
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
self.identity_api.create_user(new_user['id'], new_user)
new_user = {'name': 'new_user', 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user)
group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
self.identity_api.create_group(group1['id'], group1)
group2 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
self.identity_api.create_group(group2['id'], group2)
group1 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
group1 = self.identity_api.create_group(group1)
group2 = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
group2 = self.identity_api.create_group(group2)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
@ -415,14 +401,11 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_list_role_assignments_unfiltered(self):
new_domain = self._get_domain_fixture()
new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user['id'],
new_user)
new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user)
new_group = {'domain_id': new_domain['id'], 'name': uuid.uuid4().hex}
new_group = self.identity_api.create_group(new_group)
new_project = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
'domain_id': new_domain['id']}
@ -449,11 +432,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.load_fixtures(default_fixtures)
new_domain = self._get_domain_fixture()
new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': new_domain['id']}
self.identity_api.create_user(new_user['id'],
new_user)
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': new_domain['id']}
new_user = self.identity_api.create_user(new_user)
new_project = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
'domain_id': new_domain['id']}
@ -475,11 +456,10 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.load_backends()
self.load_fixtures(default_fixtures)
user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': test_backend.DEFAULT_DOMAIN_ID}
user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': test_backend.DEFAULT_DOMAIN_ID}
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
user['id'])
user_ids = self.assignment_api.list_user_ids_for_project(
@ -505,23 +485,20 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
"""
# Create a group
group_id = None
group = dict(name=uuid.uuid4().hex,
domain_id=CONF.identity.default_domain_id)
group_id = self.identity_api.create_group(group_id, group)['id']
group_id = self.identity_api.create_group(group)['id']
# Create a couple of users and add them to the group.
user_id = None
user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex,
domain_id=CONF.identity.default_domain_id)
user_1_id = self.identity_api.create_user(user_id, user)['id']
user_1_id = self.identity_api.create_user(user)['id']
self.identity_api.add_user_to_group(user_1_id, group_id)
user_id = None
user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex,
domain_id=CONF.identity.default_domain_id)
user_2_id = self.identity_api.create_user(user_id, user)['id']
user_2_id = self.identity_api.create_user(user)['id']
self.identity_api.add_user_to_group(user_2_id, group_id)
@ -542,11 +519,10 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# List group members when there is no member in the group.
# No exception should be raised.
group = {
'id': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'name': uuid.uuid4().hex,
'description': uuid.uuid4().hex}
self.identity_api.create_group(group['id'], group)
group = self.identity_api.create_group(group)
# If this doesn't raise, then the test is successful.
self.identity_api.list_users_in_group(group['id'])
@ -558,16 +534,14 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
self.load_fixtures(default_fixtures)
# Create a group
group_id = None
group = dict(name=uuid.uuid4().hex,
domain_id=CONF.identity.default_domain_id)
group_id = self.identity_api.create_group(group_id, group)['id']
group_id = self.identity_api.create_group(group)['id']
# Create a user
user_id = None
user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex,
user = dict(name=uuid.uuid4().hex,
domain_id=CONF.identity.default_domain_id)
user_id = self.identity_api.create_user(user_id, user)['id']
user_id = self.identity_api.create_user(user)['id']
# Add user to the group
self.identity_api.add_user_to_group(user_id, group_id)
@ -597,13 +571,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
def test_authenticate_requires_simple_bind(self):
user = {
'id': 'no_meta',
'name': 'NO_META',
'domain_id': test_backend.DEFAULT_DOMAIN_ID,
'password': 'no_meta2',
'enabled': True,
}
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_baz['id'],
user['id'])
driver = self.identity_api._select_identity_driver(
@ -625,11 +598,10 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# Refer to bug 1136403 for more detail.
def test_group_crud(self):
group = {
'id': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'name': uuid.uuid4().hex,
'description': uuid.uuid4().hex}
self.identity_api.create_group(group['id'], group)
group = self.identity_api.create_group(group)
group_ref = self.identity_api.get_group(group['id'])
self.assertDictEqual(group_ref, group)
group['description'] = uuid.uuid4().hex
@ -650,15 +622,14 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
'tenants', 'tenantId']
self.reload_backends(CONF.identity.default_domain_id)
user = {'id': u'fäké1',
'name': u'fäké1',
user = {'name': u'fäké1',
'password': u'fäképass1',
'domain_id': CONF.identity.default_domain_id,
'default_project_id': 'maps_to_none',
}
# If this doesn't raise, then the test is successful.
self.identity_api.create_user(u'fäké1', user)
user = self.identity_api.create_user(user)
def test_update_user_name(self):
"""A user's name cannot be changed through the LDAP driver."""
@ -685,6 +656,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# Create a user with a , in their ID
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
# Since we want to fake up this special ID, we'll squirt this
# direct into the driver and bypass the manager layer.
user_id = u'Doe, John'
user = {
'id': user_id,
@ -692,7 +666,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
'password': self.getUniqueString(),
'domain_id': CONF.identity.default_domain_id,
}
self.identity_api.create_user(user_id, user)
user = self.identity_api.driver.create_user(user_id, user)
# Create a group
group_id = uuid.uuid4().hex
@ -702,7 +676,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
'description': self.getUniqueString(),
'domain_id': CONF.identity.default_domain_id,
}
self.identity_api.create_group(group_id, group)
self.identity_api.driver.create_group(group_id, group)
# Put the user in the group
self.identity_api.add_user_to_group(user_id, group_id)
@ -718,6 +692,9 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
# Create a user with a , in their ID
# NOTE(blk-u): the DN for this user is hard-coded in fakeldap!
# Since we want to fake up this special ID, we'll squirt this
# direct into the driver and bypass the manager layer
user_id = u'Doe, John'
user = {
'id': user_id,
@ -725,7 +702,7 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
'password': self.getUniqueString(),
'domain_id': CONF.identity.default_domain_id,
}
self.identity_api.create_user(user_id, user)
self.identity_api.driver.create_user(user_id, user)
# Grant the user a role on a project.
@ -798,11 +775,11 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
role1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
self.assignment_api.create_role(role1['id'], role1)
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
user1 = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
user1 = self.identity_api.create_user(user1)
self.assignment_api.add_role_to_user_and_project(
user_id=user1['id'],
@ -1054,8 +1031,9 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
ldap_ = self.identity_api.driver.user.get_connection()
def get_enabled_vals():
user_dn = self.identity_api.driver.user._id_to_dn_string(u'fäké1')
def get_enabled_vals(user):
user_dn = (
self.identity_api.driver.user._id_to_dn_string(user['id']))
enabled_attr_name = CONF.ldap.user_enabled_attribute
res = ldap_.search_s(user_dn,
@ -1063,44 +1041,44 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
u'(sn=fäké1)')
return res[0][1][enabled_attr_name]
user = {'id': u'fäké1', 'name': u'fäké1', 'enabled': True,
user = {'name': u'fäké1', 'enabled': True,
'domain_id': CONF.identity.default_domain_id}
user_ref = self.identity_api.create_user(u'fäké1', user)
user_ref = self.identity_api.create_user(user)
# Use assertIs rather than assertTrue because assertIs will assert the
# value is a Boolean as expected.
self.assertIs(user_ref['enabled'], True)
self.assertNotIn('enabled_nomask', user_ref)
enabled_vals = get_enabled_vals()
enabled_vals = get_enabled_vals(user_ref)
self.assertEqual([512], enabled_vals)
user_ref = self.identity_api.get_user(u'fäké1')
user_ref = self.identity_api.get_user(user_ref['id'])
self.assertIs(user_ref['enabled'], True)
self.assertNotIn('enabled_nomask', user_ref)
user['enabled'] = False
user_ref = self.identity_api.update_user(u'fäké1', user)
user_ref = self.identity_api.update_user(user_ref['id'], user)
self.assertIs(user_ref['enabled'], False)
self.assertNotIn('enabled_nomask', user_ref)
enabled_vals = get_enabled_vals()
enabled_vals = get_enabled_vals(user_ref)
self.assertEqual([514], enabled_vals)
user_ref = self.identity_api.get_user(u'fäké1')
user_ref = self.identity_api.get_user(user_ref['id'])
self.assertIs(user_ref['enabled'], False)
self.assertNotIn('enabled_nomask', user_ref)
user['enabled'] = True
user_ref = self.identity_api.update_user(u'fäké1', user)
user_ref = self.identity_api.update_user(user_ref['id'], user)
self.assertIs(user_ref['enabled'], True)
self.assertNotIn('enabled_nomask', user_ref)
enabled_vals = get_enabled_vals()
enabled_vals = get_enabled_vals(user_ref)
self.assertEqual([512], enabled_vals)
user_ref = self.identity_api.get_user(u'fäké1')
user_ref = self.identity_api.get_user(user_ref['id'])
self.assertIs(user_ref['enabled'], True)
self.assertNotIn('enabled_nomask', user_ref)
@ -1208,12 +1186,11 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
user_additional_attribute_mapping=['description:name'])
self.load_backends()
user = {
'id': 'extra_attributes',
'name': 'EXTRA_ATTRIBUTES',
'password': 'extra',
'domain_id': CONF.identity.default_domain_id
}
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
dn, attrs = self.identity_api.driver.user._ldap_get(user['id'])
self.assertThat([user['name']], matchers.Equals(attrs['description']))
@ -1228,13 +1205,12 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
description = uuid.uuid4().hex
user = {
'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
'description': description,
'password': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id
}
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
res = self.identity_api.driver.user.get_all()
new_user = [u for u in res if u['id'] == user['id']][0]
@ -1423,11 +1399,11 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
self.assignment_api.create_role(role['id'], role)
role_list.append(role)
user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
user1 = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user1['id'], user1)
user1 = self.identity_api.create_user(user1)
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id}
self.assignment_api.create_project(project1['id'], project1)
@ -1508,7 +1484,8 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
users = self.identity_api.list_users()
self.assertEqual(len(default_fixtures.USERS), len(users))
user_ids = set(user['id'] for user in users)
expected_user_ids = set(user['id'] for user in default_fixtures.USERS)
expected_user_ids = set(getattr(self, 'user_%s' % user['id'])['id']
for user in default_fixtures.USERS)
for user_ref in users:
self.assertNotIn('dn', user_ref)
self.assertEqual(expected_user_ids, user_ids)
@ -1519,9 +1496,8 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
expected_group_ids = []
numgroups = 3
for _ in range(numgroups):
group = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
self.identity_api.create_group(group['id'], group)
group = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
group = self.identity_api.create_group(group)
expected_group_ids.append(group['id'])
# Fetch the test groups and ensure that they don't contain a dn.
groups = self.identity_api.list_groups()
@ -1533,19 +1509,17 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
def test_list_groups_for_user_no_dn(self):
# Create a test user.
user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
user = {'name': uuid.uuid4().hex,
'domain_id': CONF.identity.default_domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user['id'], user)
'password': uuid.uuid4().hex, 'enabled': True}
user = self.identity_api.create_user(user)
# Create some test groups and add the test user as a member.
domain = self._get_domain_fixture()
expected_group_ids = []
numgroups = 3
for _ in range(numgroups):
group = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'domain_id': domain['id']}
self.identity_api.create_group(group['id'], group)
group = {'name': uuid.uuid4().hex, 'domain_id': domain['id']}
group = self.identity_api.create_group(group)
expected_group_ids.append(group['id'])
self.identity_api.add_user_to_group(user['id'], group['id'])
# Fetch the groups for the test user
@ -1609,24 +1583,23 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
project['id'])
def test_user_crud(self):
user = {
'id': uuid.uuid4().hex,
user_dict = {
'domain_id': CONF.identity.default_domain_id,
'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex}
self.identity_api.create_user(user['id'], user)
user['enabled'] = True
user = self.identity_api.create_user(user_dict)
user_dict['enabled'] = True
user_ref = self.identity_api.get_user(user['id'])
del user['password']
del user_dict['password']
user_ref_dict = dict((x, user_ref[x]) for x in user_ref)
self.assertDictEqual(user_ref_dict, user)
self.assertDictContainsSubset(user_dict, user_ref_dict)
user['password'] = uuid.uuid4().hex
user_dict['password'] = uuid.uuid4().hex
self.identity_api.update_user(user['id'], user)
user_ref = self.identity_api.get_user(user['id'])
del user['password']
del user_dict['password']
user_ref_dict = dict((x, user_ref[x]) for x in user_ref)
self.assertDictEqual(user_ref_dict, user)
self.assertDictContainsSubset(user_dict, user_ref_dict)
self.identity_api.delete_user(user['id'])
self.assertRaises(exception.UserNotFound,
@ -1836,12 +1809,13 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, tests.SQLDriverOverrides,
"""
def create_user(domain_id):
user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
user = {'name': uuid.uuid4().hex,
'domain_id': domain_id,
'password': uuid.uuid4().hex,
'enabled': True}
self.identity_api.create_user(user['id'], user)
return user
user_ref = self.identity_api.create_user(user)
user_ref['password'] = user['password']
return user_ref
userd = create_user(CONF.identity.default_domain_id)
user1 = create_user(self.domain1['id'])
@ -1940,3 +1914,11 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, tests.SQLDriverOverrides,
def test_list_projects_for_user_with_grants(self):
self.skipTest('Blocked by bug 1221805')
def test_user_id_comma(self):
self.skipTest('Only valid if it is guaranteed to be taling to '
'the fakeldap backend')
def test_user_id_comma_grants(self):
self.skipTest('Only valid if it is guaranteed to be taling to '
'the fakeldap backend')

39
keystone/tests/test_backend_sql.py
View File

@ -127,11 +127,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
self.assertNotEqual(user_ref['password'], self.user_foo['password'])
def test_delete_user_with_project_association(self):
user = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
user = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
self.identity_api.delete_user(user['id'])
@ -140,17 +139,12 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
user['id'])
def test_create_null_user_name(self):
user = {'id': uuid.uuid4().hex,
'name': None,
user = {'name': None,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
self.assertRaises(exception.ValidationError,
self.identity_api.create_user,
user['id'],
user)
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user,
user['id'])
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user_by_name,
user['name'],
@ -184,11 +178,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
role['id'])
def test_delete_project_with_user_association(self):
user = {'id': 'fake',
'name': 'fakeuser',
user = {'name': 'fakeuser',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
self.identity_api.create_user('fake', user)
user = self.identity_api.create_user(user)
self.assignment_api.add_user_to_project(self.tenant_bar['id'],
user['id'])
self.assignment_api.delete_project(self.tenant_bar['id'])
@ -198,11 +191,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
def test_metadata_removed_on_delete_user(self):
# A test to check that the internal representation
# or roles is correctly updated when a user is deleted
user = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
user = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
role = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.assignment_api.create_role(role['id'], role)
@ -222,11 +214,10 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
def test_metadata_removed_on_delete_project(self):
# A test to check that the internal representation
# or roles is correctly updated when a project is deleted
user = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex,
user = {'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'passwd'}
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
role = {'id': uuid.uuid4().hex,
'name': uuid.uuid4().hex}
self.assignment_api.create_role(role['id'], role)
@ -280,40 +271,36 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests):
This behavior is specific to the SQL driver.
"""
user_id = uuid.uuid4().hex
arbitrary_key = uuid.uuid4().hex
arbitrary_value = uuid.uuid4().hex
user = {
'id': user_id,
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex,
arbitrary_key: arbitrary_value}
ref = self.identity_api.create_user(user_id, user)
ref = self.identity_api.create_user(user)
self.assertEqual(arbitrary_value, ref[arbitrary_key])
self.assertIsNone(ref.get('password'))
self.assertIsNone(ref.get('extra'))
user['name'] = uuid.uuid4().hex
user['password'] = uuid.uuid4().hex
ref = self.identity_api.update_user(user_id, user)
ref = self.identity_api.update_user(ref['id'], user)
self.assertIsNone(ref.get('password'))
self.assertIsNone(ref['extra'].get('password'))
self.assertEqual(arbitrary_value, ref[arbitrary_key])
self.assertEqual(arbitrary_value, ref['extra'][arbitrary_key])
def test_sql_user_to_dict_null_default_project_id(self):
user_id = uuid.uuid4().hex
user = {
'id': user_id,
'name': uuid.uuid4().hex,
'domain_id': DEFAULT_DOMAIN_ID,
'password': uuid.uuid4().hex}
self.identity_api.create_user(user_id, user)
user = self.identity_api.create_user(user)
session = sql.get_session()
query = session.query(identity_sql.User)
query = query.filter_by(id=user_id)
query = query.filter_by(id=user['id'])
raw_user_ref = query.one()
self.assertIsNone(raw_user_ref.default_project_id)
user_ref = raw_user_ref.to_dict()

8
keystone/tests/test_cert_setup.py
View File

@ -67,19 +67,19 @@ class CertSetupTestCase(rest.RestfulTestCase):
controller = token.controllers.Auth()
self.config_fixture.config(group='signing', certfile='invalid')
password = 'fake1'
user = {
'id': 'fake1',
'name': 'fake1',
'password': 'fake1',
'password': password,
'domain_id': DEFAULT_DOMAIN_ID
}
user = self.identity_api.create_user(user)
body_dict = {
'passwordCredentials': {
'userId': user['id'],
'password': user['password'],
'password': password,
},
}
self.identity_api.create_user(user['id'], user)
self.assertRaises(exception.UnexpectedError,
controller.authenticate,
{}, body_dict)

9
keystone/tests/test_keystoneclient.py
View File

@ -96,7 +96,14 @@ class CompatTestCase(tests.NoModule, tests.TestCase):
user_ref = self.user_foo
if tenant_ref is None:
for user in default_fixtures.USERS:
if user['id'] == user_ref['id']:
# The fixture ID is no longer used as the ID in the database
# The fixture ID, however, is still used as part of the
# attribute name when storing the created object on the test
# case. This means that we need to use the fixture ID below to
# find the actial object so that we can get the ID as stored
# in the database to compare against.
if (getattr(self, 'user_%s' % user['id'])['id'] ==
user_ref['id']):
tenant_id = user['tenants'][0]
else:
tenant_id = tenant_ref['id']

12
keystone/tests/test_ldap_livetest.py
View File

@ -142,11 +142,10 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
USER_COUNT = 2
for x in range(0, USER_COUNT):
new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
'password': uuid.uuid4().hex, 'enabled': True,
'domain_id': domain['id']}
new_user = {'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex,
'enabled': True, 'domain_id': domain['id']}
new_user = self.identity_api.create_user(new_user)
test_users.append(new_user)
self.identity_api.create_user(new_user['id'], new_user)
positive_user = test_users[0]
negative_user = test_users[1]
@ -156,10 +155,9 @@ class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
self.assertEqual(len(group_refs), 0)
for x in range(0, GROUP_COUNT):
new_group = {'id': uuid.uuid4().hex,
'domain_id': domain['id'],
new_group = {'domain_id': domain['id'],
'name': uuid.uuid4().hex}
self.identity_api.create_group(new_group['id'], new_group)
new_group = self.identity_api.create_group(new_group)
test_groups.append(new_group)
group_refs = self.identity_api.list_groups_for_user(

25
keystone/tests/test_ldap_tls_livetest.py
View File

@ -57,20 +57,19 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_req_cert='demand')
self.identity_api = identity.backends.ldap.Identity()
user = {'id': 'fake1',
'name': 'fake1',
user = {'name': 'fake1',
'password': 'fakepass1',
'tenants': ['bar']}
self.identity_api.create_user('fake1', user)
user_ref = self.identity_api.get_user('fake1')
self.assertEqual('fake1', user_ref['id'])
user = self.identity_api.create_user('user')
user_ref = self.identity_api.get_user(user['id'])
self.assertEqual(user['id'], user_ref['id'])
user['password'] = 'fakepass2'
self.identity_api.update_user('fake1', user)
self.identity_api.update_user(user['id'], user)
self.identity_api.delete_user('fake1')
self.identity_api.delete_user(user['id'])
self.assertRaises(exception.UserNotFound, self.identity_api.get_user,
'fake1')
user['id'])
def test_tls_certdir_demand_option(self):
self.config_fixture.config(group='ldap',
@ -103,11 +102,10 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_cacertdir=None)
self.identity_api = identity.backends.ldap.Identity()
user = {'id': 'fake1',
'name': 'fake1',
user = {'name': 'fake1',
'password': 'fakepass1',
'tenants': ['bar']}
self.assertRaises(IOError, self.identity_api.create_user, 'fake', user)
self.assertRaises(IOError, self.identity_api.create_user, user)
def test_tls_bad_certdir(self):
self.config_fixture.config(
@ -118,8 +116,7 @@ class LiveTLSLDAPIdentity(test_ldap_livetest.LiveLDAPIdentity):
tls_cacertdir='/etc/keystone/ssl/mythicalcertdir')
self.identity_api = identity.backends.ldap.Identity()
user = {'id': 'fake1',
'name': 'fake1',
user = {'name': 'fake1',
'password': 'fakepass1',
'tenants': ['bar']}
self.assertRaises(IOError, self.identity_api.create_user, 'fake', user)
self.assertRaises(IOError, self.identity_api.create_user, user)

20
keystone/tests/test_notifications.py
View File

@ -220,7 +220,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
def test_create_group(self):
group_ref = self.new_group_ref(domain_id=self.domain_id)
self.identity_api.create_group(group_ref['id'], group_ref)
group_ref = self.identity_api.create_group(group_ref)
self._assertLastNotify(group_ref['id'], CREATED_OPERATION, 'group')
def test_create_project(self):
@ -236,14 +236,14 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
def test_create_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id)
self.identity_api.create_user(user_ref['id'], user_ref)
user_ref = self.identity_api.create_user(user_ref)
self._assertLastNotify(user_ref['id'], CREATED_OPERATION, 'user')
def test_create_trust(self):
trustor = self.new_user_ref(domain_id=self.domain_id)
self.identity_api.create_user(trustor['id'], trustor)
trustor = self.identity_api.create_user(trustor)
trustee = self.new_user_ref(domain_id=self.domain_id)
self.identity_api.create_user(trustee['id'], trustee)
trustee = self.identity_api.create_user(trustee)
role_ref = self.new_role_ref()
self.assignment_api.create_role(role_ref['id'], role_ref)
trust_ref = self.new_trust_ref(trustor['id'],
@ -256,7 +256,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
def test_delete_group(self):
group_ref = self.new_group_ref(domain_id=self.domain_id)
self.identity_api.create_group(group_ref['id'], group_ref)
group_ref = self.identity_api.create_group(group_ref)
self.identity_api.delete_group(group_ref['id'])
self._assertLastNotify(group_ref['id'], DELETED_OPERATION, 'group')
@ -275,7 +275,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
def test_delete_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id)
self.identity_api.create_user(user_ref['id'], user_ref)
user_ref = self.identity_api.create_user(user_ref)
self.identity_api.delete_user(user_ref['id'])
self._assertLastNotify(user_ref['id'], DELETED_OPERATION, 'user')
@ -288,9 +288,9 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
def test_delete_trust(self):
trustor = self.new_user_ref(domain_id=self.domain_id)
self.identity_api.create_user(trustor['id'], trustor)
trustor = self.identity_api.create_user(trustor)
trustee = self.new_user_ref(domain_id=self.domain_id)
self.identity_api.create_user(trustee['id'], trustee)
trustee = self.identity_api.create_user(trustee)
role_ref = self.new_role_ref()
trust_ref = self.new_trust_ref(trustor['id'], trustee['id'])
self.trust_api.create_trust(trust_ref['id'],
@ -318,7 +318,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
def test_update_group(self):
group_ref = self.new_group_ref(domain_id=self.domain_id)
self.identity_api.create_group(group_ref['id'], group_ref)
group_ref = self.identity_api.create_group(group_ref)
self.identity_api.update_group(group_ref['id'], group_ref)
self._assertLastNotify(group_ref['id'], UPDATED_OPERATION, 'group')
@ -354,7 +354,7 @@ class NotificationsForEntities(test_v3.RestfulTestCase):
def test_update_user(self):
user_ref = self.new_user_ref(domain_id=self.domain_id)
self.identity_api.create_user(user_ref['id'], user_ref)
user_ref = self.identity_api.create_user(user_ref)
self.identity_api.update_user(user_ref['id'], user_ref)
self._assertLastNotify(user_ref['id'], UPDATED_OPERATION, 'user')

16
keystone/tests/test_v3.py
View File

@ -125,10 +125,11 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
self.project['id'] = self.project_id
self.assignment_api.create_project(self.project_id, self.project)
self.user_id = uuid.uuid4().hex
self.user = self.new_user_ref(domain_id=self.domain_id)
self.user['id'] = self.user_id
self.identity_api.create_user(self.user_id, self.user)
password = self.user['password']
self.user = self.identity_api.create_user(self.user)
self.user['password'] = password
self.user_id = self.user['id']
self.default_domain_project_id = uuid.uuid4().hex
self.default_domain_project = self.new_project_ref(
@ -137,12 +138,13 @@ class RestfulTestCase(tests.SQLDriverOverrides, rest.RestfulTestCase):
self.assignment_api.create_project(self.default_domain_project_id,
self.default_domain_project)
self.default_domain_user_id = uuid.uuid4().hex
self.default_domain_user = self.new_user_ref(
domain_id=DEFAULT_DOMAIN_ID)
self.default_domain_user['id'] = self.default_domain_user_id
self.identity_api.create_user(self.default_domain_user_id,
self.default_domain_user)
password = self.default_domain_user['password']
self.default_domain_user = (
self.identity_api.create_user(self.default_domain_user))
self.default_domain_user['password'] = password
self.default_domain_user_id = self.default_domain_user['id']
# create & grant policy.json's default role for admin_required
self.role_id = uuid.uuid4().hex

98
keystone/tests/test_v3_auth.py
View File

@ -181,17 +181,15 @@ class TokenAPITests(object):
self.assignment_api.create_domain(new_domain_id, new_domain)
# 2) Create user in new domain.
new_user_id = uuid.uuid4().hex
new_user_password = uuid.uuid4().hex
new_user = {
'id': new_user_id,
'name': uuid.uuid4().hex,
'domain_id': new_domain_id,
'password': new_user_password,
'email': uuid.uuid4().hex,
}
self.identity_api.create_user(new_user_id, new_user)
new_user = self.identity_api.create_user(new_user)
# 3) Update the default_domain_id config option to the new domain
@ -201,7 +199,7 @@ class TokenAPITests(object):
# 4) Get a token using v3 api.
auth_data = self.build_authentication_request(
user_id=new_user_id,
user_id=new_user['id'],
password=new_user_password)
resp = self.post('/auth/tokens', body=auth_data)
token = resp.headers.get('X-Subject-Token')
@ -468,13 +466,15 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
self.assignment_api.create_domain(self.domainA['id'], self.domainA)
self.userAdminA = self.new_user_ref(domain_id=self.domainA['id'])
self.userAdminA['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.userAdminA['id'], self.userAdminA)
password = self.userAdminA['password']
self.userAdminA = self.identity_api.create_user(self.userAdminA)
self.userAdminA['password'] = password
self.userNormalA = self.new_user_ref(
domain_id=self.domainA['id'])
self.userNormalA['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.userNormalA['id'], self.userNormalA)
password = self.userNormalA['password']
self.userNormalA = self.identity_api.create_user(self.userNormalA)
self.userNormalA['password'] = password
self.assignment_api.create_grant(self.role['id'],
user_id=self.userAdminA['id'],
@ -570,8 +570,9 @@ class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
self.domainB = self.new_domain_ref()
self.assignment_api.create_domain(self.domainB['id'], self.domainB)
self.userAdminB = self.new_user_ref(domain_id=self.domainB['id'])
self.userAdminB['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.userAdminB['id'], self.userAdminB)
password = self.userAdminB['password']
self.userAdminB = self.identity_api.create_user(self.userAdminB)
self.userAdminB['password'] = password
self.assignment_api.create_grant(self.role['id'],
user_id=self.userAdminB['id'],
domain_id=self.domainB['id'])
@ -651,30 +652,33 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
# Now create some users
self.user1 = self.new_user_ref(
domain_id=self.domainA['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domainB['id'])
self.user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user2['id'], self.user2)
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref(
domain_id=self.domainB['id'])
self.user3['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user3['id'], self.user3)
password = self.user3['password']
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.group1 = self.new_group_ref(
domain_id=self.domainA['id'])
self.identity_api.create_group(self.group1['id'], self.group1)
self.group1 = self.identity_api.create_group(self.group1)
self.group2 = self.new_group_ref(
domain_id=self.domainA['id'])
self.identity_api.create_group(self.group2['id'], self.group2)
self.group2 = self.identity_api.create_group(self.group2)
self.group3 = self.new_group_ref(
domain_id=self.domainB['id'])
self.identity_api.create_group(self.group3['id'], self.group3)
self.group3 = self.identity_api.create_group(self.group3)
self.identity_api.add_user_to_group(self.user1['id'],
self.group1['id'])
@ -782,16 +786,19 @@ class TestTokenRevokeById(test_v3.RestfulTestCase):
self.projectC = self.new_project_ref(domain_id=self.domainA['id'])
self.assignment_api.create_project(self.projectC['id'], self.projectC)
self.user4 = self.new_user_ref(domain_id=self.domainB['id'])
self.user4['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user4['id'], self.user4)
password = self.user4['password']
self.user4 = self.identity_api.create_user(self.user4)
self.user4['password'] = password
self.user5 = self.new_user_ref(
domain_id=self.domainA['id'])
self.user5['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user5['id'], self.user5)
password = self.user5['password']
self.user5 = self.identity_api.create_user(self.user5)
self.user5['password'] = password
self.user6 = self.new_user_ref(
domain_id=self.domainA['id'])
self.user6['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user6['id'], self.user6)
password = self.user6['password']
self.user6 = self.identity_api.create_user(self.user6)
self.user6['password'] = password
self.identity_api.add_user_to_group(self.user5['id'],
self.group1['id'])
self.assignment_api.create_grant(self.role1['id'],
@ -1805,21 +1812,23 @@ class TestAuthJSON(test_v3.RestfulTestCase):
user1 = self.new_user_ref(
domain_id=domainA['id'])
user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(user1['id'], user1)
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user2 = self.new_user_ref(
domain_id=domainA['id'])
user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(user2['id'], user2)
password = user2['password']
user2 = self.identity_api.create_user(user2)
user2['password'] = password
group1 = self.new_group_ref(
domain_id=domainA['id'])
self.identity_api.create_group(group1['id'], group1)
group1 = self.identity_api.create_group(group1)
group2 = self.new_group_ref(
domain_id=domainA['id'])
self.identity_api.create_group(group2['id'], group2)
group2 = self.identity_api.create_group(group2)
self.identity_api.add_user_to_group(user1['id'],
group1['id'])
@ -2002,11 +2011,9 @@ class TestAuthJSON(test_v3.RestfulTestCase):
self.assertValidDomainScopedTokenResponse(r)
def test_domain_scope_token_with_group_role(self):
group_id = uuid.uuid4().hex
group = self.new_group_ref(
domain_id=self.domain_id)
group['id'] = group_id
self.identity_api.create_group(group_id, group)
group = self.identity_api.create_group(group)
# add user to group
self.identity_api.add_user_to_group(self.user['id'], group['id'])
@ -2281,7 +2288,7 @@ class TestAuthJSON(test_v3.RestfulTestCase):
def test_authenticating_a_user_with_no_password(self):
user = self.new_user_ref(domain_id=self.domain['id'])
user.pop('password', None) # can't have a password for this test
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
auth_data = self.build_authentication_request(
user_id=user['id'],
@ -2454,10 +2461,11 @@ class TestTrustAuth(TestAuthInfo):
super(TestTrustAuth, self).setUp()
# create a trustee to delegate stuff to
self.trustee_user_id = uuid.uuid4().hex
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
self.trustee_user['id'] = self.trustee_user_id
self.identity_api.create_user(self.trustee_user_id, self.trustee_user)
password = self.trustee_user['password']
self.trustee_user = self.identity_api.create_user(self.trustee_user)
self.trustee_user['password'] = password
self.trustee_user_id = self.trustee_user['id']
def test_create_trust_400(self):
# The server returns a 403 Forbidden rather than a 400, see bug 1133435
@ -2791,10 +2799,11 @@ class TestTrustAuth(TestAuthInfo):
def test_v3_v2_intermix_project_not_in_default_domaini_failed(self):
# create a trustee in default domain to delegate stuff to
trustee_user_id = uuid.uuid4().hex
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
trustee_user['id'] = trustee_user_id
self.identity_api.create_user(trustee_user_id, trustee_user)
password = trustee_user['password']
trustee_user = self.identity_api.create_user(trustee_user)
trustee_user['password'] = password
trustee_user_id = trustee_user['id']
ref = self.new_trust_ref(
trustor_user_id=self.default_domain_user_id,
@ -2831,10 +2840,11 @@ class TestTrustAuth(TestAuthInfo):
def test_v3_v2_intermix(self):
# create a trustee in default domain to delegate stuff to
trustee_user_id = uuid.uuid4().hex
trustee_user = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
trustee_user['id'] = trustee_user_id
self.identity_api.create_user(trustee_user_id, trustee_user)
password = trustee_user['password']
trustee_user = self.identity_api.create_user(trustee_user)
trustee_user['password'] = password
trustee_user_id = trustee_user['id']
ref = self.new_trust_ref(
trustor_user_id=self.default_domain_user_id,

7
keystone/tests/test_v3_credential.py
View File

@ -209,10 +209,11 @@ class TestCredentialTrustScoped(test_v3.RestfulTestCase):
def setUp(self):
super(TestCredentialTrustScoped, self).setUp()
self.trustee_user_id = uuid.uuid4().hex
self.trustee_user = self.new_user_ref(domain_id=self.domain_id)
self.trustee_user['id'] = self.trustee_user_id
self.identity_api.create_user(self.trustee_user_id, self.trustee_user)
password = self.trustee_user['password']
self.trustee_user = self.identity_api.create_user(self.trustee_user)
self.trustee_user['password'] = password
self.trustee_user_id = self.trustee_user['id']
def config_overrides(self):
super(TestCredentialTrustScoped, self).config_overrides()

14
keystone/tests/test_v3_federation.py
View File

@ -1094,8 +1094,7 @@ class FederatedTokenTests(FederationTests):
# create group and role
group = self.new_group_ref(
domain_id=self.domainA['id'])
self.identity_api.create_group(group['id'],
group)
group = self.identity_api.create_group(group)
role = self.new_role_ref()
self.assignment_api.create_role(role['id'],
role)
@ -1217,18 +1216,17 @@ class FederatedTokenTests(FederationTests):
# Create and add groups
self.group_employees = self.new_group_ref(
domain_id=self.domainA['id'])
self.identity_api.create_group(self.group_employees['id'],
self.group_employees)
self.group_employees = (
self.identity_api.create_group(self.group_employees))
self.group_customers = self.new_group_ref(
domain_id=self.domainA['id'])
self.identity_api.create_group(self.group_customers['id'],
self.group_customers)
self.group_customers = (
self.identity_api.create_group(self.group_customers))
self.group_admins = self.new_group_ref(
domain_id=self.domainA['id'])
self.identity_api.create_group(self.group_admins['id'],
self.group_admins)
self.group_admins = self.identity_api.create_group(self.group_admins)
# Create and add roles
self.role_employee = self.new_role_ref()

18
keystone/tests/test_v3_filters.py
View File

@ -73,16 +73,20 @@ class IdentityTestFilteredCase(filtering.FilterTests,
# Now create some users, one in domainA and two of them in domainB
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
password = uuid.uuid4().hex
self.user1['password'] = password
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
self.user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user2['id'], self.user2)
self.user2['password'] = password
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
self.user3['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user3['id'], self.user3)
self.user3['password'] = password
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.role = self.new_role_ref()
self.assignment_api.create_role(self.role['id'], self.role)
@ -290,7 +294,7 @@ class IdentityTestFilteredCase(filtering.FilterTests,
# See if we can add a SQL command...use the group table instead of the
# user table since 'user' is reserved word for SQLAlchemy.
group = self.new_group_ref(domain_id=self.domainB['id'])
self.identity_api.create_group(group['id'], group)
group = self.identity_api.create_group(group)
url_by_name = "/users?name=x'; drop table group"
r = self.get(url_by_name, auth=self.auth)

101
keystone/tests/test_v3_identity.py
View File

@ -84,11 +84,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def setUp(self):
super(IdentityTestCase, self).setUp()
self.group_id = uuid.uuid4().hex
self.group = self.new_group_ref(
domain_id=self.domain_id)
self.group['id'] = self.group_id
self.identity_api.create_group(self.group_id, self.group)
self.group = self.identity_api.create_group(self.group)
self.group_id = self.group['id']
self.credential_id = uuid.uuid4().hex
self.credential = self.new_credential_ref(
@ -169,7 +168,9 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.user2 = self.new_user_ref(
domain_id=self.domain2['id'],
project_id=self.project2['id'])
self.identity_api.create_user(self.user2['id'], self.user2)
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.assignment_api.add_user_to_project(self.project2['id'],
self.user2['id'])
@ -268,11 +269,11 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.user2 = self.new_user_ref(
domain_id=self.domain2['id'],
project_id=self.project2['id'])
self.identity_api.create_user(self.user2['id'], self.user2)
self.user2 = self.identity_api.create_user(self.user2)
self.group2 = self.new_group_ref(
domain_id=self.domain2['id'])
self.identity_api.create_group(self.group2['id'], self.group2)
self.group2 = self.identity_api.create_group(self.group2)
self.credential2 = self.new_credential_ref(
user_id=self.user2['id'],
@ -495,7 +496,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_list_users_no_default_project(self):
"""Call ``GET /users`` making sure no default_project_id."""
user = self.new_user_ref(self.domain_id)
self.identity_api.create_user(self.user_id, user)
user = self.identity_api.create_user(user)
r = self.get('/users')
self.assertValidUserListResponse(r, ref=user)
@ -514,7 +515,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
"""Call ``GET /users/{user_id}`` making sure of default_project_id."""
user = self.new_user_ref(domain_id=self.domain_id,
project_id=self.project_id)
self.identity_api.create_user(self.user_id, user)
user = self.identity_api.create_user(user)
r = self.get('/users/%(user_id)s' % {'user_id': user['id']})
self.assertValidUserResponse(r, user)
@ -528,12 +529,14 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
self.user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user2)
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.put('/groups/%(group_id)s/users/%(user_id)s' % {
'group_id': self.group_id, 'user_id': self.user1['id']})
@ -596,7 +599,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_update_user_domain_id(self):
"""Call ``PATCH /users/{user_id}`` with domain_id."""
user = self.new_user_ref(domain_id=self.domain['id'])
self.identity_api.create_user(user['id'], user)
user = self.identity_api.create_user(user)
user['domain_id'] = CONF.identity.default_domain_id
r = self.patch('/users/%(user_id)s' % {
'user_id': user['id']},
@ -625,7 +628,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
self.user2 = self.new_user_ref(
domain_id=self.domain['id'],
project_id=self.project['id'])
self.identity_api.create_user(self.user2['id'], self.user2)
self.user2 = self.identity_api.create_user(self.user2)
self.credential2 = self.new_credential_ref(
user_id=self.user2['id'],
project_id=self.project['id'])
@ -703,7 +706,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
def test_update_group_domain_id(self):
"""Call ``PATCH /groups/{group_id}`` with domain_id."""
group = self.new_group_ref(domain_id=self.domain['id'])
self.identity_api.create_group(group['id'], group)
group = self.identity_api.create_group(group)
group['domain_id'] = CONF.identity.default_domain_id
r = self.patch('/groups/%(group_id)s' % {
'group_id': group['id']},
@ -957,8 +960,7 @@ class IdentityTestCase(test_v3.RestfulTestCase):
# existing assignments
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
self.user1 = self.identity_api.create_user(self.user1)
collection_url = '/role_assignments'
r = self.get(collection_url)
@ -1040,12 +1042,14 @@ class IdentityTestCase(test_v3.RestfulTestCase):
"""
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
self.user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user2['id'], self.user2)
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
@ -1113,12 +1117,14 @@ class IdentityTestCase(test_v3.RestfulTestCase):
"""
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
self.user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user2['id'], self.user2)
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.identity_api.add_user_to_group(self.user1['id'], self.group['id'])
self.identity_api.add_user_to_group(self.user2['id'], self.group['id'])
@ -1193,15 +1199,17 @@ class IdentityTestCase(test_v3.RestfulTestCase):
# existing assignments
self.user1 = self.new_user_ref(
domain_id=self.domain['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
password = self.user1['password']
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(
domain_id=self.domain['id'])
self.user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user2['id'], self.user2)
password = self.user2['password']
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.group1 = self.new_group_ref(
domain_id=self.domain['id'])
self.identity_api.create_group(self.group1['id'], self.group1)
self.group1 = self.identity_api.create_group(self.group1)
self.identity_api.add_user_to_group(self.user1['id'],
self.group1['id'])
self.identity_api.add_user_to_group(self.user2['id'],
@ -1402,8 +1410,9 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.assignment_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(user1['id'], user1)
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
project1 = self.new_project_ref(
domain_id=domain['id'])
self.assignment_api.create_project(project1['id'], project1)
@ -1495,8 +1504,9 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.assignment_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(user1['id'], user1)
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
project1 = self.new_project_ref(
domain_id=domain['id'])
self.assignment_api.create_project(project1['id'], project1)
@ -1589,15 +1599,17 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.assignment_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(user1['id'], user1)
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
user2 = self.new_user_ref(
domain_id=domain['id'])
user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(user2['id'], user2)
password = user2['password']
user2 = self.identity_api.create_user(user2)
user2['password'] = password
group1 = self.new_group_ref(
domain_id=domain['id'])
self.identity_api.create_group(group1['id'], group1)
group1 = self.identity_api.create_group(group1)
self.identity_api.add_user_to_group(user1['id'],
group1['id'])
self.identity_api.add_user_to_group(user2['id'],
@ -1693,11 +1705,12 @@ class IdentityInheritanceTestCase(test_v3.RestfulTestCase):
self.assignment_api.create_domain(domain['id'], domain)
user1 = self.new_user_ref(
domain_id=domain['id'])
user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(user1['id'], user1)
password = user1['password']
user1 = self.identity_api.create_user(user1)
user1['password'] = password
group1 = self.new_group_ref(
domain_id=domain['id'])
self.identity_api.create_group(group1['id'], group1)
group1 = self.identity_api.create_group(group1)
project1 = self.new_project_ref(
domain_id=domain['id'])
self.assignment_api.create_project(project1['id'], project1)
@ -1896,7 +1909,9 @@ class UserSelfServiceChangingPasswordsTestCase(test_v3.RestfulTestCase):
def setUp(self):
super(UserSelfServiceChangingPasswordsTestCase, self).setUp()
self.user_ref = self.new_user_ref(domain_id=self.domain['id'])
self.identity_api.create_user(self.user_ref['id'], self.user_ref)
password = self.user_ref['password']
self.user_ref = self.identity_api.create_user(self.user_ref)
self.user_ref['password'] = password
self.token = self.get_request_token(self.user_ref['password'], 201)
def get_request_token(self, password, expected_status):

54
keystone/tests/test_v3_protection.py
View File

@ -77,25 +77,31 @@ class IdentityTestProtectedCase(test_v3.RestfulTestCase):
# Now create some users, one in domainA and two of them in domainB
self.user1 = self.new_user_ref(domain_id=self.domainA['id'])
self.user1['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user1['id'], self.user1)
password = uuid.uuid4().hex
self.user1['password'] = password
self.user1 = self.identity_api.create_user(self.user1)
self.user1['password'] = password
self.user2 = self.new_user_ref(domain_id=self.domainB['id'])
self.user2['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user2['id'], self.user2)
password = uuid.uuid4().hex
self.user2['password'] = password
self.user2 = self.identity_api.create_user(self.user2)
self.user2['password'] = password
self.user3 = self.new_user_ref(domain_id=self.domainB['id'])
self.user3['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.user3['id'], self.user3)
password = uuid.uuid4().hex
self.user3['password'] = password
self.user3 = self.identity_api.create_user(self.user3)
self.user3['password'] = password
self.group1 = self.new_group_ref(domain_id=self.domainA['id'])
self.identity_api.create_group(self.group1['id'], self.group1)
self.group1 = self.identity_api.create_group(self.group1)
self.group2 = self.new_group_ref(domain_id=self.domainA['id'])
self.identity_api.create_group(self.group2['id'], self.group2)
self.group2 = self.identity_api.create_group(self.group2)
self.group3 = self.new_group_ref(domain_id=self.domainB['id'])
self.identity_api.create_group(self.group3['id'], self.group3)
self.group3 = self.identity_api.create_group(self.group3)
self.role = self.new_role_ref()
self.assignment_api.create_role(self.role['id'], self.role)
@ -385,22 +391,30 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase):
# And our users
self.cloud_admin_user = self.new_user_ref(
domain_id=self.admin_domain['id'])
self.cloud_admin_user['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.cloud_admin_user['id'],
self.cloud_admin_user)
password = uuid.uuid4().hex
self.cloud_admin_user['password'] = password
self.cloud_admin_user = (
self.identity_api.create_user(self.cloud_admin_user))
self.cloud_admin_user['password'] = password
self.just_a_user = self.new_user_ref(domain_id=self.domainA['id'])
self.just_a_user['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.just_a_user['id'], self.just_a_user)
password = uuid.uuid4().hex
self.just_a_user['password'] = password
self.just_a_user = self.identity_api.create_user(self.just_a_user)
self.just_a_user['password'] = password
self.domain_admin_user = self.new_user_ref(
domain_id=self.domainA['id'])
self.domain_admin_user['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.domain_admin_user['id'],
self.domain_admin_user)
password = uuid.uuid4().hex
self.domain_admin_user['password'] = password
self.domain_admin_user = (
self.identity_api.create_user(self.domain_admin_user))
self.domain_admin_user['password'] = password
self.project_admin_user = self.new_user_ref(
domain_id=self.domainA['id'])
self.project_admin_user['password'] = uuid.uuid4().hex
self.identity_api.create_user(self.project_admin_user['id'],
self.project_admin_user)
password = uuid.uuid4().hex
self.project_admin_user['password'] = password
self.project_admin_user = (
self.identity_api.create_user(self.project_admin_user))
self.project_admin_user['password'] = password
# The admin role and another plain role
self.admin_role = {'id': uuid.uuid4().hex, 'name': 'admin'}