standardize ldap and related tests

ldap was accidentally supplying some of its own values rather than using
the built-in fixtures, so it was providing the incorrect interface for a
couple calls.

also adds a test for get_user_by_name (skipped for ldap) and
standardizes the kvs and ldap authenticate calls

fix user authentication live ldap tests
Change-Id: If1ccce1fd9c84622bb89344bc5d5c59b059d03ae
This commit is contained in:
termie 2012-03-01 11:27:06 -08:00 committed by Adam Young
parent f8ba5af130
commit dd35d2afbf
6 changed files with 30 additions and 31 deletions

View File

@ -49,7 +49,9 @@ class Identity(kvs.Base, identity.Driver):
if (not user_ref
or not utils.check_password(password, user_ref.get('password'))):
raise AssertionError('Invalid user / password')
if tenant_id and tenant_id not in user_ref['tenants']:
tenants = self.get_tenants_for_user(user_id)
if tenant_id and tenant_id not in tenants:
raise AssertionError('Invalid tenant')
tenant_ref = self.get_tenant(tenant_id)

View File

@ -74,17 +74,11 @@ class Identity(identity.Driver):
except Exception:
raise AssertionError('Invalid user / password')
if tenant_id:
found = False
for tenant in user_ref['tenants']:
if tenant == tenant_id:
found = True
break
if not found:
tenants = self.get_tenants_for_user(user_id)
if tenant_id and tenant_id not in tenants:
raise AssertionError('Invalid tenant')
tenant_ref = self.tenant.get(tenant_id)
tenant_ref = self.get_tenant(tenant_id)
metadata_ref = {}
# TODO(termie): this should probably be made into a get roles call
#if tenant_ref:
@ -103,10 +97,6 @@ class Identity(identity.Driver):
user_ref = self.user.get(user_id)
if not user_ref:
return None
tenants = self.tenant.get_user_tenants(user_id)
user_ref['tenants'] = []
for tenant in tenants:
user_ref['tenants'].append(tenant['id'])
return user_ref
def get_user(self, user_id):

View File

@ -128,8 +128,6 @@ class Identity(sql.Base, identity.Driver):
"""
user_ref = self._get_user(user_id)
tenant_ref = None
metadata_ref = None
if (not user_ref
or not utils.check_password(password, user_ref.get('password'))):
raise AssertionError('Invalid user / password')

View File

@ -1,6 +1,7 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
import subprocess
import nose.exc
from keystone import config
from keystone import test
@ -27,20 +28,20 @@ def delete_object(name):
def clear_live_database():
roles = ['keystone_admin']
groups = ['baz', 'bar', 'tenent4add','fake1','fake2']
users = ['foo', 'two','fake1','fake2']
groups = ['baz', 'bar', 'tenent4add', 'fake1', 'fake2']
users = ['foo', 'two', 'fake1', 'fake2']
roles = ['keystone_admin', 'useless']
for group in groups:
for role in roles:
delete_object ('cn=%s,cn=%s,ou=Groups' % (role, group))
delete_object('cn=%s,cn=%s,ou=Groups' % (role, group))
delete_object('cn=%s,ou=Groups' % group)
for user in users:
delete_object ('cn=%s,ou=Users' % user)
delete_object('cn=%s,ou=Users' % user)
for role in roles:
delete_object ('cn=%s,ou=Roles' % role)
delete_object('cn=%s,ou=Roles' % role)
class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
@ -52,10 +53,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
clear_live_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
self.user_foo = {'id': 'foo',
'name': 'FOO',
'password': 'foo2',
'tenants': ['bar']}
def tearDown(self):
test.TestCase.tearDown(self)
def test_get_user_by_name(self):
raise nose.exc.SkipTest('not implemented in ldap yet')

View File

@ -71,7 +71,6 @@ class IdentityTests(object):
user_ref = self.identity_api._get_user(self.user_foo['id'])
self.assertNotEqual(user_ref['password'], self.user_foo['password'])
def test_get_tenant_bad_tenant(self):
tenant_ref = self.identity_api.get_tenant(
tenant_id=self.tenant_bar['id'] + 'WRONG')
@ -105,6 +104,15 @@ class IdentityTests(object):
self.user_foo.pop('password')
self.assertDictEquals(user_ref, self.user_foo)
def test_get_user_by_name(self):
user_ref = self.identity_api.get_user_by_name(
user_name=self.user_foo['name'])
# NOTE(termie): the password field is left in user_foo to make it easier
# to authenticate in tests, but should not be returned by
# the api
self.user_foo.pop('password')
self.assertDictEquals(user_ref, self.user_foo)
def test_get_metadata_bad_user(self):
metadata_ref = self.identity_api.get_metadata(
user_id=self.user_foo['id'] + 'WRONG',

View File

@ -1,5 +1,7 @@
# vim: tabstop=4 shiftwidth=4 softtabstop=4
import nose.exc
from keystone import config
from keystone import test
from keystone.common.ldap import fakeldap
@ -26,10 +28,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
self.user_foo = {'id': 'foo',
'name': 'FOO',
'password': 'foo2',
'tenants': ['bar']}
def tearDown(self):
test.TestCase.tearDown(self)
def test_get_user_by_name(self):
raise nose.exc.SkipTest('not implemented in ldap yet')