standardize ldap and related tests
ldap was accidentally supplying some of its own values rather than using the built-in fixtures, so it was providing the incorrect interface for a couple calls. also adds a test for get_user_by_name (skipped for ldap) and standardizes the kvs and ldap authenticate calls fix user authentication live ldap tests Change-Id: If1ccce1fd9c84622bb89344bc5d5c59b059d03ae
This commit is contained in:
parent
f8ba5af130
commit
dd35d2afbf
@ -49,7 +49,9 @@ class Identity(kvs.Base, identity.Driver):
|
||||
if (not user_ref
|
||||
or not utils.check_password(password, user_ref.get('password'))):
|
||||
raise AssertionError('Invalid user / password')
|
||||
if tenant_id and tenant_id not in user_ref['tenants']:
|
||||
|
||||
tenants = self.get_tenants_for_user(user_id)
|
||||
if tenant_id and tenant_id not in tenants:
|
||||
raise AssertionError('Invalid tenant')
|
||||
|
||||
tenant_ref = self.get_tenant(tenant_id)
|
||||
|
@ -74,17 +74,11 @@ class Identity(identity.Driver):
|
||||
except Exception:
|
||||
raise AssertionError('Invalid user / password')
|
||||
|
||||
if tenant_id:
|
||||
found = False
|
||||
for tenant in user_ref['tenants']:
|
||||
if tenant == tenant_id:
|
||||
found = True
|
||||
break
|
||||
|
||||
if not found:
|
||||
tenants = self.get_tenants_for_user(user_id)
|
||||
if tenant_id and tenant_id not in tenants:
|
||||
raise AssertionError('Invalid tenant')
|
||||
|
||||
tenant_ref = self.tenant.get(tenant_id)
|
||||
tenant_ref = self.get_tenant(tenant_id)
|
||||
metadata_ref = {}
|
||||
# TODO(termie): this should probably be made into a get roles call
|
||||
#if tenant_ref:
|
||||
@ -103,10 +97,6 @@ class Identity(identity.Driver):
|
||||
user_ref = self.user.get(user_id)
|
||||
if not user_ref:
|
||||
return None
|
||||
tenants = self.tenant.get_user_tenants(user_id)
|
||||
user_ref['tenants'] = []
|
||||
for tenant in tenants:
|
||||
user_ref['tenants'].append(tenant['id'])
|
||||
return user_ref
|
||||
|
||||
def get_user(self, user_id):
|
||||
|
@ -128,8 +128,6 @@ class Identity(sql.Base, identity.Driver):
|
||||
|
||||
"""
|
||||
user_ref = self._get_user(user_id)
|
||||
tenant_ref = None
|
||||
metadata_ref = None
|
||||
if (not user_ref
|
||||
or not utils.check_password(password, user_ref.get('password'))):
|
||||
raise AssertionError('Invalid user / password')
|
||||
|
@ -1,6 +1,7 @@
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
import subprocess
|
||||
import nose.exc
|
||||
|
||||
from keystone import config
|
||||
from keystone import test
|
||||
@ -27,20 +28,20 @@ def delete_object(name):
|
||||
|
||||
def clear_live_database():
|
||||
roles = ['keystone_admin']
|
||||
groups = ['baz', 'bar', 'tenent4add','fake1','fake2']
|
||||
users = ['foo', 'two','fake1','fake2']
|
||||
groups = ['baz', 'bar', 'tenent4add', 'fake1', 'fake2']
|
||||
users = ['foo', 'two', 'fake1', 'fake2']
|
||||
roles = ['keystone_admin', 'useless']
|
||||
|
||||
for group in groups:
|
||||
for role in roles:
|
||||
delete_object ('cn=%s,cn=%s,ou=Groups' % (role, group))
|
||||
delete_object('cn=%s,cn=%s,ou=Groups' % (role, group))
|
||||
delete_object('cn=%s,ou=Groups' % group)
|
||||
|
||||
for user in users:
|
||||
delete_object ('cn=%s,ou=Users' % user)
|
||||
delete_object('cn=%s,ou=Users' % user)
|
||||
|
||||
for role in roles:
|
||||
delete_object ('cn=%s,ou=Roles' % role)
|
||||
delete_object('cn=%s,ou=Roles' % role)
|
||||
|
||||
|
||||
class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
|
||||
@ -52,10 +53,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
|
||||
clear_live_database()
|
||||
self.identity_api = identity_ldap.Identity()
|
||||
self.load_fixtures(default_fixtures)
|
||||
self.user_foo = {'id': 'foo',
|
||||
'name': 'FOO',
|
||||
'password': 'foo2',
|
||||
'tenants': ['bar']}
|
||||
|
||||
def tearDown(self):
|
||||
test.TestCase.tearDown(self)
|
||||
|
||||
def test_get_user_by_name(self):
|
||||
raise nose.exc.SkipTest('not implemented in ldap yet')
|
||||
|
@ -71,7 +71,6 @@ class IdentityTests(object):
|
||||
user_ref = self.identity_api._get_user(self.user_foo['id'])
|
||||
self.assertNotEqual(user_ref['password'], self.user_foo['password'])
|
||||
|
||||
|
||||
def test_get_tenant_bad_tenant(self):
|
||||
tenant_ref = self.identity_api.get_tenant(
|
||||
tenant_id=self.tenant_bar['id'] + 'WRONG')
|
||||
@ -105,6 +104,15 @@ class IdentityTests(object):
|
||||
self.user_foo.pop('password')
|
||||
self.assertDictEquals(user_ref, self.user_foo)
|
||||
|
||||
def test_get_user_by_name(self):
|
||||
user_ref = self.identity_api.get_user_by_name(
|
||||
user_name=self.user_foo['name'])
|
||||
# NOTE(termie): the password field is left in user_foo to make it easier
|
||||
# to authenticate in tests, but should not be returned by
|
||||
# the api
|
||||
self.user_foo.pop('password')
|
||||
self.assertDictEquals(user_ref, self.user_foo)
|
||||
|
||||
def test_get_metadata_bad_user(self):
|
||||
metadata_ref = self.identity_api.get_metadata(
|
||||
user_id=self.user_foo['id'] + 'WRONG',
|
||||
|
@ -1,5 +1,7 @@
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
import nose.exc
|
||||
|
||||
from keystone import config
|
||||
from keystone import test
|
||||
from keystone.common.ldap import fakeldap
|
||||
@ -26,10 +28,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
|
||||
clear_database()
|
||||
self.identity_api = identity_ldap.Identity()
|
||||
self.load_fixtures(default_fixtures)
|
||||
self.user_foo = {'id': 'foo',
|
||||
'name': 'FOO',
|
||||
'password': 'foo2',
|
||||
'tenants': ['bar']}
|
||||
|
||||
def tearDown(self):
|
||||
test.TestCase.tearDown(self)
|
||||
|
||||
def test_get_user_by_name(self):
|
||||
raise nose.exc.SkipTest('not implemented in ldap yet')
|
||||
|
Loading…
Reference in New Issue
Block a user