openstack/keystone
Code Issues Proposed changes
167a8b7a3e
keystone/tests/default_fixtures.py
Adam Young 601eeb50b6 Trusts 
Blueprint trusts

creates a trust.  Using a trust, one user (the trustee), can then
create tokens with a subset of another user's (the trustor) roles and
projects.
If the impersonate flag in the trust is set, the token user_id is set
to the trustor's user ID
If the impersonate flag is not set, the token's user_is is set to the
trustee's user ID

check that both trustor and trustee are enabled prior to creating
the trust token.

sql and kvs backends
sql upgrade scripts
unit tests for backends, auth and v3 api
modifications to the trust controller for creating tokens
Authenticates that only user can be trustor in create
Deleting a trust invalidates all tokens created from that trust
Adds the trust id and the id of the trustee to the header of the token
policy rules for trust

This version has a workaround for testing against the KVS version
of the Service catalog

Change-Id: I5745f4d9a4180b59671a143a55ed87019e98ec76
2013-03-05 19:35:38 +00:00

121 lines
2.8 KiB
Python
Raw Blame History

# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2012 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# NOTE(dolph): please try to avoid additional fixtures if possible; test suite
# performance may be negatively affected.
from keystone import config
CONF = config.CONF
DEFAULT_DOMAIN_ID = config.CONF.identity.default_domain_id
TENANTS = [
{
'id': 'bar',
'name': 'BAR',
'domain_id': DEFAULT_DOMAIN_ID,
'description': 'description',
'enabled': True,
}, {
'id': 'baz',
'name': 'BAZ',
'domain_id': DEFAULT_DOMAIN_ID,
'description': 'description',
'enabled': True,
}, {
'id': 'mtu',
'name': 'MTU',
'description': 'description',
'enabled': True,
'domain_id': DEFAULT_DOMAIN_ID
}
]
# NOTE(ja): a role of keystone_admin and attribute "is_admin" is done in setUp
USERS = [
{
'id': 'foo',
'name': 'FOO',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'foo2',
'tenants': ['bar'],
'enabled': True,
'email': 'foo@bar.com',
}, {
'id': 'two',
'name': 'TWO',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'two2',
'email': 'two@example.com',
'enabled': True,
'tenant_id': 'baz',
'tenants': ['baz'],
'email': 'two@three.com',
}, {
'id': 'badguy',
'name': 'BadGuy',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'bad',
'email': 'bad@guy.com',
'enabled': False,
'tenant_id': 'baz',
'tenants': ['baz'],
'email': 'badguy@goodguy.com',
}, {
'id': 'sna',
'name': 'SNA',
'domain_id': DEFAULT_DOMAIN_ID,
'password': 'snafu',
'enabled': True,
'tenants': ['bar'],
'email': 'sna@snl.coom',
}
]
METADATA = [
{
'user_id': 'sna',
'tenant_id': 'mtu',
}
]
ROLES = [
{
'id': 'admin',
'name': 'admin',
}, {
'id': 'member',
'name': 'Member',
}, {
'id': CONF.member_role_id,
'name': CONF.member_role_name,
}, {
'id': 'other',
'name': 'Other',
}, {
'id': 'browser',
'name': 'Browser',
}, {
'id': 'writer',
'name': 'Writer',
}
]
View Git Blame Copy Permalink