Make SQL the default backend for Identity & Assignment unit tests.
We have a goal to deprecate the kvs backends for Identity and Assignment. Before we can do this, we need to ensure our unit tests are not dependant on them. This patch sets the Identity backend for unit tests to SQL. Since, by default, the Assignment backend will pick the same backend type as Identity, this also means that it will follow suit. As well as ensuring correct database initialization, this patch moves a test that was erronously in v2_auth testing to v3. The test was passing before due to the fact that the kvs assignment driver does not correctly honor the domain boundary for all project APIs. Change-Id: I7b6e753b379a43d09ad8ea077ed6796d1f2e9a26 Partially-Closes: bug 1077282
This commit is contained in:
Henry Nash
parent
e372aafb85
commit
a2b0f8a3ea
|
|
@ -350,7 +350,7 @@ class TestCase(BaseTestCase):
|
|||
template_file=dirs.tests('default_catalog.templates'))
|
||||
self.config_fixture.config(
|
||||
group='identity',
|
||||
driver='keystone.identity.backends.kvs.Identity')
|
||||
driver='keystone.identity.backends.sql.Identity')
|
||||
self.config_fixture.config(
|
||||
group='kvs',
|
||||
backends=[
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ from keystone.common import serializer
|
|||
from keystone.openstack.common import jsonutils
|
||||
from keystone import tests
|
||||
from keystone.tests import default_fixtures
|
||||
from keystone.tests.ksfixtures import database
|
||||
|
||||
|
||||
class RestfulTestCase(tests.TestCase):
|
||||
|
|
@ -61,6 +62,7 @@ class RestfulTestCase(tests.TestCase):
|
|||
# Will need to reset the plug-ins
|
||||
self.addCleanup(setattr, auth_controllers, 'AUTH_METHODS', {})
|
||||
|
||||
self.useFixture(database.Database())
|
||||
self.load_backends()
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
|
|
|
|||
|
|
@ -309,60 +309,6 @@ class AuthWithToken(AuthTest):
|
|||
self.assertIn(self.role_member['id'], roles)
|
||||
self.assertIn(self.role_admin['id'], roles)
|
||||
|
||||
def test_auth_token_cross_domain_group_and_project(self):
|
||||
"""Verify getting a token in cross domain group/project roles."""
|
||||
# create domain, project and group and grant roles to user
|
||||
domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_domain(domain1['id'], domain1)
|
||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain1['id']}
|
||||
self.assignment_api.create_project(project1['id'], project1)
|
||||
role_foo_domain1 = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role_foo_domain1['id'],
|
||||
role_foo_domain1)
|
||||
role_group_domain1 = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role_group_domain1['id'],
|
||||
role_group_domain1)
|
||||
self.assignment_api.add_user_to_project(project1['id'],
|
||||
self.user_foo['id'])
|
||||
new_group = {'domain_id': domain1['id'], 'name': uuid.uuid4().hex}
|
||||
new_group = self.identity_api.create_group(new_group)
|
||||
self.identity_api.add_user_to_group(self.user_foo['id'],
|
||||
new_group['id'])
|
||||
self.assignment_api.create_grant(
|
||||
user_id=self.user_foo['id'],
|
||||
project_id=project1['id'],
|
||||
role_id=self.role_member['id'])
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
project_id=project1['id'],
|
||||
role_id=self.role_admin['id'])
|
||||
self.assignment_api.create_grant(
|
||||
user_id=self.user_foo['id'],
|
||||
domain_id=domain1['id'],
|
||||
role_id=role_foo_domain1['id'])
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=domain1['id'],
|
||||
role_id=role_group_domain1['id'])
|
||||
|
||||
# Get a scoped token for the tenant
|
||||
body_dict = _build_user_auth(
|
||||
username=self.user_foo['name'],
|
||||
password=self.user_foo['password'],
|
||||
tenant_name=project1['name'])
|
||||
|
||||
scoped_token = self.controller.authenticate({}, body_dict)
|
||||
tenant = scoped_token["access"]["token"]["tenant"]
|
||||
roles = scoped_token["access"]["metadata"]["roles"]
|
||||
self.assertEqual(project1['id'], tenant["id"])
|
||||
self.assertIn(self.role_member['id'], roles)
|
||||
self.assertIn(self.role_admin['id'], roles)
|
||||
self.assertNotIn(role_foo_domain1['id'], roles)
|
||||
self.assertNotIn(role_group_domain1['id'], roles)
|
||||
|
||||
def test_belongs_to_no_tenant(self):
|
||||
r = self.controller.authenticate(
|
||||
{},
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import uuid
|
|||
|
||||
from keystone import tests
|
||||
from keystone.tests import default_fixtures
|
||||
from keystone.tests.ksfixtures import database
|
||||
from keystone.tests import test_backend
|
||||
|
||||
|
||||
|
|
@ -48,6 +49,7 @@ class TestTemplatedCatalog(tests.TestCase, test_backend.CatalogTests):
|
|||
|
||||
def setUp(self):
|
||||
super(TestTemplatedCatalog, self).setUp()
|
||||
self.useFixture(database.Database())
|
||||
self.load_backends()
|
||||
self.load_fixtures(default_fixtures)
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ from keystone import config
|
|||
from keystone import exception
|
||||
from keystone import tests
|
||||
from keystone.tests import default_fixtures
|
||||
from keystone.tests.ksfixtures import database
|
||||
from keystone import token
|
||||
from keystone.token.providers import pki
|
||||
|
||||
|
|
@ -706,6 +707,7 @@ SAMPLE_MALFORMED_TOKEN = {
|
|||
class TestTokenProvider(tests.TestCase):
|
||||
def setUp(self):
|
||||
super(TestTokenProvider, self).setUp()
|
||||
self.useFixture(database.Database())
|
||||
self.load_backends()
|
||||
|
||||
def test_get_token_version(self):
|
||||
|
|
@ -804,6 +806,7 @@ class TestTokenProvider(tests.TestCase):
|
|||
class TestTokenProviderOAuth1(tests.TestCase):
|
||||
def setUp(self):
|
||||
super(TestTokenProviderOAuth1, self).setUp()
|
||||
self.useFixture(database.Database())
|
||||
self.load_backends()
|
||||
|
||||
def config_overrides(self):
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import uuid
|
|||
from keystone.assignment import controllers
|
||||
from keystone import tests
|
||||
from keystone.tests import default_fixtures
|
||||
from keystone.tests.ksfixtures import database
|
||||
|
||||
|
||||
_ADMIN_CONTEXT = {'is_admin': True, 'query_string': {}}
|
||||
|
|
@ -31,6 +32,7 @@ class TenantTestCase(tests.TestCase):
|
|||
"""
|
||||
def setUp(self):
|
||||
super(TenantTestCase, self).setUp()
|
||||
self.useFixture(database.Database())
|
||||
self.load_backends()
|
||||
self.load_fixtures(default_fixtures)
|
||||
self.tenant_controller = controllers.Tenant()
|
||||
|
|
|
|||
|
|
@ -1987,6 +1987,77 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
|||
self.assertIn(role_list[5]['id'], roles_ids)
|
||||
self.assertIn(role_list[7]['id'], roles_ids)
|
||||
|
||||
def test_auth_token_cross_domain_group_and_project(self):
|
||||
"""Verify getting a token in cross domain group/project roles."""
|
||||
# create domain, project and group and grant roles to user
|
||||
domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_domain(domain1['id'], domain1)
|
||||
project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex,
|
||||
'domain_id': domain1['id']}
|
||||
self.assignment_api.create_project(project1['id'], project1)
|
||||
user_foo = self.new_user_ref(domain_id=test_v3.DEFAULT_DOMAIN_ID)
|
||||
password = user_foo['password']
|
||||
user_foo = self.identity_api.create_user(user_foo)
|
||||
user_foo['password'] = password
|
||||
role_member = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role_member['id'],
|
||||
role_member)
|
||||
role_admin = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role_admin['id'],
|
||||
role_admin)
|
||||
role_foo_domain1 = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role_foo_domain1['id'],
|
||||
role_foo_domain1)
|
||||
role_group_domain1 = {'id': uuid.uuid4().hex,
|
||||
'name': uuid.uuid4().hex}
|
||||
self.assignment_api.create_role(role_group_domain1['id'],
|
||||
role_group_domain1)
|
||||
self.assignment_api.add_user_to_project(project1['id'],
|
||||
user_foo['id'])
|
||||
new_group = {'domain_id': domain1['id'], 'name': uuid.uuid4().hex}
|
||||
new_group = self.identity_api.create_group(new_group)
|
||||
self.identity_api.add_user_to_group(user_foo['id'],
|
||||
new_group['id'])
|
||||
self.assignment_api.create_grant(
|
||||
user_id=user_foo['id'],
|
||||
project_id=project1['id'],
|
||||
role_id=role_member['id'])
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
project_id=project1['id'],
|
||||
role_id=role_admin['id'])
|
||||
self.assignment_api.create_grant(
|
||||
user_id=user_foo['id'],
|
||||
domain_id=domain1['id'],
|
||||
role_id=role_foo_domain1['id'])
|
||||
self.assignment_api.create_grant(
|
||||
group_id=new_group['id'],
|
||||
domain_id=domain1['id'],
|
||||
role_id=role_group_domain1['id'])
|
||||
|
||||
# Get a scoped token for the project
|
||||
auth_data = self.build_authentication_request(
|
||||
username=user_foo['name'],
|
||||
user_domain_id=test_v3.DEFAULT_DOMAIN_ID,
|
||||
password=user_foo['password'],
|
||||
project_name=project1['name'],
|
||||
project_domain_id=domain1['id'])
|
||||
|
||||
r = self.v3_authenticate_token(auth_data)
|
||||
scoped_token = self.assertValidScopedTokenResponse(r)
|
||||
project = scoped_token["project"]
|
||||
roles_ids = []
|
||||
for ref in scoped_token['roles']:
|
||||
roles_ids.append(ref['id'])
|
||||
self.assertEqual(project1['id'], project["id"])
|
||||
self.assertIn(role_member['id'], roles_ids)
|
||||
self.assertIn(role_admin['id'], roles_ids)
|
||||
self.assertNotIn(role_foo_domain1['id'], roles_ids)
|
||||
self.assertNotIn(role_group_domain1['id'], roles_ids)
|
||||
|
||||
def test_project_id_scoped_token_with_user_domain_id(self):
|
||||
auth_data = self.build_authentication_request(
|
||||
username=self.user['name'],
|
||||
|
|
|
|||
Loading…
Reference in New Issue