Merge "Cleanup keystone service parameters"
This commit is contained in:
commit
11de89dc71
|
@ -624,31 +624,6 @@ class ServiceParameterController(rest.RestController):
|
|||
pass
|
||||
raise wsme.exc.ClientSideError(str(e.value))
|
||||
|
||||
@staticmethod
|
||||
def _service_parameter_apply_semantic_check_identity():
|
||||
""" Perform checks for the Identity Service Type."""
|
||||
identity_driver = pecan.request.dbapi.service_parameter_get_one(
|
||||
service=constants.SERVICE_TYPE_IDENTITY,
|
||||
section=constants.SERVICE_PARAM_SECTION_IDENTITY_IDENTITY,
|
||||
name=constants.SERVICE_PARAM_IDENTITY_DRIVER)
|
||||
|
||||
# Check that the LDAP URL is specified if the identity backend is LDAP
|
||||
if (identity_driver.value ==
|
||||
constants.SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_LDAP):
|
||||
try:
|
||||
pecan.request.dbapi.service_parameter_get_one(
|
||||
service=constants.SERVICE_TYPE_IDENTITY,
|
||||
section=constants.SERVICE_PARAM_SECTION_IDENTITY_LDAP,
|
||||
name=service_parameter.SERVICE_PARAM_IDENTITY_LDAP_URL)
|
||||
except exception.NotFound:
|
||||
msg = _("Unable to apply service parameters. "
|
||||
"Missing service parameter '%s' for service '%s' "
|
||||
"in section '%s'." % (
|
||||
service_parameter.SERVICE_PARAM_IDENTITY_LDAP_URL,
|
||||
constants.SERVICE_TYPE_IDENTITY,
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_LDAP))
|
||||
raise wsme.exc.ClientSideError(msg)
|
||||
|
||||
@staticmethod
|
||||
def _service_parameter_apply_semantic_check_mtce():
|
||||
"""Semantic checks for the Platform Maintenance Service Type """
|
||||
|
@ -718,9 +693,6 @@ class ServiceParameterController(rest.RestController):
|
|||
raise wsme.exc.ClientSideError(msg)
|
||||
|
||||
# Apply service specific semantic checks
|
||||
if service == constants.SERVICE_TYPE_IDENTITY:
|
||||
self._service_parameter_apply_semantic_check_identity()
|
||||
|
||||
if service == constants.SERVICE_TYPE_PLATFORM:
|
||||
self._service_parameter_apply_semantic_check_mtce()
|
||||
|
||||
|
|
|
@ -909,9 +909,6 @@ SERVICE_TYPE_OPENSTACK = 'openstack'
|
|||
SERVICE_PARAM_SECTION_IRONIC_NEUTRON = 'neutron'
|
||||
SERVICE_PARAM_SECTION_IRONIC_PXE = 'pxe'
|
||||
|
||||
SERVICE_PARAM_SECTION_IDENTITY_ASSIGNMENT = 'assignment'
|
||||
SERVICE_PARAM_SECTION_IDENTITY_IDENTITY = 'identity'
|
||||
SERVICE_PARAM_SECTION_IDENTITY_LDAP = 'ldap'
|
||||
SERVICE_PARAM_SECTION_IDENTITY_CONFIG = 'config'
|
||||
|
||||
SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION = 'token_expiration'
|
||||
|
@ -931,17 +928,6 @@ SERVICE_PARAM_NAME_IRONIC_CONTROLLER_1_NIC = 'controller_1_if'
|
|||
SERVICE_PARAM_NAME_IRONIC_NETMASK = 'netmask'
|
||||
SERVICE_PARAM_NAME_IRONIC_PROVISIONING_NETWORK = 'provisioning_network'
|
||||
SERVICE_PARAM_SECTION_HORIZON_AUTH = 'auth'
|
||||
SERVICE_PARAM_ASSIGNMENT_DRIVER = 'driver'
|
||||
SERVICE_PARAM_IDENTITY_DRIVER = 'driver'
|
||||
|
||||
SERVICE_PARAM_IDENTITY_SERVICE_BACKEND_SQL = 'sql'
|
||||
SERVICE_PARAM_IDENTITY_SERVICE_BACKEND_LDAP = 'ldap'
|
||||
|
||||
SERVICE_PARAM_IDENTITY_ASSIGNMENT_DRIVER_SQL = 'sql'
|
||||
SERVICE_PARAM_IDENTITY_ASSIGNMENT_DRIVER_LDAP = 'ldap'
|
||||
|
||||
SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_SQL = 'sql'
|
||||
SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_LDAP = 'ldap'
|
||||
|
||||
SERVICE_PARAM_HORIZON_AUTH_LOCKOUT_PERIOD_SEC = \
|
||||
'lockout_seconds'
|
||||
|
|
|
@ -7,8 +7,6 @@
|
|||
# coding=utf-8
|
||||
#
|
||||
|
||||
import ldap
|
||||
import ldapurl
|
||||
import netaddr
|
||||
import pecan
|
||||
import re
|
||||
|
@ -99,54 +97,6 @@ def _validate_zero_or_range(name, value, min, max):
|
|||
"Parameter '%s' must be an integer value." % name))
|
||||
|
||||
|
||||
def _validate_ldap_url(name, value):
|
||||
|
||||
url = urlparse(value)
|
||||
|
||||
if cutils.is_valid_ip(url.hostname):
|
||||
try:
|
||||
ip_addr = netaddr.IPNetwork(url.hostname)
|
||||
except netaddr.core.AddrFormatError:
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"Invalid IP address for LDAP url"))
|
||||
if ip_addr.is_loopback():
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"LDAP server must not be loopback."))
|
||||
elif url.hostname:
|
||||
if constants.LOCALHOST_HOSTNAME in url.hostname.lower():
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"LDAP server must not be localhost."))
|
||||
|
||||
try:
|
||||
ldapurl.LDAPUrl(value)
|
||||
except ValueError as ve:
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"Invalid LDAP url format: %s" % str(ve)))
|
||||
|
||||
|
||||
def _validate_ldap_dn(name, value):
|
||||
try:
|
||||
ldap.dn.str2dn(value)
|
||||
except ldap.DECODING_ERROR:
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"Parameter '%s' must be a valid LDAP DN value" % name))
|
||||
|
||||
|
||||
def _validate_assignment_driver(name, value):
|
||||
values = [constants.SERVICE_PARAM_IDENTITY_ASSIGNMENT_DRIVER_SQL]
|
||||
if value not in values:
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"Identity assignment driver must be one of: %s" % values))
|
||||
|
||||
|
||||
def _validate_identity_driver(name, value):
|
||||
values = [constants.SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_SQL,
|
||||
constants.SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_LDAP]
|
||||
if value not in values:
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"Identity identity driver must be one of: %s" % values))
|
||||
|
||||
|
||||
def _validate_neutron_ml2_mech(name, value):
|
||||
allowed = constants.SERVICE_PARAM_NETWORK_ML2_MECH_DRIVERS
|
||||
# can accept multiple comma separated values
|
||||
|
@ -467,65 +417,8 @@ def _validate_domain(name, value):
|
|||
(name, value)))
|
||||
|
||||
|
||||
# LDAP Identity Service Parameters (mandatory)
|
||||
SERVICE_PARAM_IDENTITY_LDAP_URL = 'url'
|
||||
|
||||
IDENTITY_ASSIGNMENT_PARAMETER_MANDATORY = [
|
||||
'driver'
|
||||
]
|
||||
|
||||
IDENTITY_IDENTITY_PARAMETER_MANDATORY = [
|
||||
'driver'
|
||||
]
|
||||
|
||||
# LDAP Identity Service Parameters (optional)
|
||||
IDENTITY_LDAP_PARAMETER_OPTIONAL = [
|
||||
'url', 'user', 'password', 'suffix',
|
||||
'user_tree_dn', 'user_objectclass',
|
||||
'use_dumb_member', 'dumb_member',
|
||||
'query_scope', 'page_size', 'debug_level',
|
||||
|
||||
'user_filter', 'user_id_attribute',
|
||||
'user_name_attribute', 'user_mail_attribute',
|
||||
'user_enabled_attribute', 'user_enabled_mask',
|
||||
'user_enabled_default', 'user_enabled_invert',
|
||||
'user_attribute_ignore',
|
||||
'user_default_project_id_attribute',
|
||||
'user_allow_create', 'user_allow_update', 'user_allow_delete',
|
||||
'user_pass_attribute', 'user_enabled_emulation',
|
||||
'user_enabled_emulation_dn',
|
||||
'user_additional_attribute_mapping',
|
||||
|
||||
'group_tree_dn', 'group_filter',
|
||||
'group_objectclass', 'group_id_attribute',
|
||||
'group_name_attribute', 'group_member_attribute',
|
||||
'group_desc_attribute', 'group_attribute_ignore',
|
||||
'group_allow_create', 'group_allow_update', 'group_allow_delete',
|
||||
'group_additional_attribute_mapping',
|
||||
|
||||
'use_tls', 'tls_cacertdir',
|
||||
'tls_cacertfile', 'tls_req_cert',
|
||||
|
||||
'use_pool', 'pool_size',
|
||||
'pool_retry_max', 'pool_retry_delay',
|
||||
'pool_connection_timeout', 'pool_connection_lifetime',
|
||||
'use_auth_pool', 'auth_pool_size',
|
||||
'auth_pool_connection_lifetime',
|
||||
]
|
||||
|
||||
# obfuscate these fields on list/show operations
|
||||
IDENTITY_LDAP_PROTECTED_PARAMETERS = ['password']
|
||||
|
||||
IDENTITY_IDENTITY_PARAMETER_DATA_FORMAT = {
|
||||
constants.SERVICE_PARAM_IDENTITY_DRIVER: SERVICE_PARAMETER_DATA_FORMAT_SKIP,
|
||||
}
|
||||
|
||||
NETWORK_ODL_PROTECTED_PARAMETERS = [constants.SERVICE_PARAM_NAME_ML2_ODL_PASSWORD]
|
||||
|
||||
IDENTITY_ADMIN_ENDPOINT_TYPE_PARAMETER_OPTIONAL = [
|
||||
constants.SERVICE_PARAM_PARAMETER_NAME_EXTERNAL_ADMINURL,
|
||||
]
|
||||
|
||||
IRONIC_NEUTRON_PARAMETER_OPTIONAL = [
|
||||
constants.SERVICE_PARAM_NAME_IRONIC_PROVISIONING_NETWORK,
|
||||
]
|
||||
|
@ -612,88 +505,6 @@ IDENTITY_CONFIG_PARAMETER_OPTIONAL = [
|
|||
constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION,
|
||||
]
|
||||
|
||||
|
||||
# LDAP Identity Service Parameters Validator
|
||||
IDENTITY_LDAP_PARAMETER_VALIDATOR = {
|
||||
'url': _validate_ldap_url,
|
||||
'use_dumb_member': _validate_boolean,
|
||||
'user_enabled_invert': _validate_boolean,
|
||||
'user_enabled_emulation': _validate_boolean,
|
||||
'user_allow_create': _validate_boolean,
|
||||
'user_allow_update': _validate_boolean,
|
||||
'user_allow_delete': _validate_boolean,
|
||||
'group_allow_create': _validate_boolean,
|
||||
'group_allow_update': _validate_boolean,
|
||||
'group_allow_delete': _validate_boolean,
|
||||
'use_tls': _validate_boolean,
|
||||
'use_pool': _validate_boolean,
|
||||
'pool_size': _validate_integer,
|
||||
'pool_retry_max': _validate_integer,
|
||||
'pool_retry_delay': _validate_float,
|
||||
'pool_connection_timeout': _validate_integer,
|
||||
'pool_connection_lifetime': _validate_integer,
|
||||
'use_auth_pool': _validate_boolean,
|
||||
'auth_pool_size': _validate_integer,
|
||||
'auth_pool_connection_lifetime': _validate_integer,
|
||||
'user': _validate_ldap_dn,
|
||||
'suffix': _validate_ldap_dn,
|
||||
'dumb_member': _validate_ldap_dn,
|
||||
'user_tree_dn': _validate_ldap_dn,
|
||||
'user_enabled_emulation_dn': _validate_ldap_dn,
|
||||
}
|
||||
|
||||
IDENTITY_LDAP_PARAMETER_RESOURCE = {
|
||||
'url': None,
|
||||
'use_dumb_member': None,
|
||||
'user_enabled_invert': None,
|
||||
'user_enabled_emulation': None,
|
||||
'user_allow_create': None,
|
||||
'user_allow_update': None,
|
||||
'user_allow_delete': None,
|
||||
'group_allow_create': None,
|
||||
'group_allow_update': None,
|
||||
'group_allow_delete': None,
|
||||
'use_tls': None,
|
||||
'use_pool': None,
|
||||
'pool_size': None,
|
||||
'pool_retry_max': None,
|
||||
'pool_retry_delay': None,
|
||||
'pool_connection_timeout': None,
|
||||
'pool_connection_lifetime': None,
|
||||
'use_auth_pool': None,
|
||||
'auth_pool_size': None,
|
||||
'auth_pool_connection_lifetime': None,
|
||||
'user': None,
|
||||
'suffix': None,
|
||||
'dumb_member': None,
|
||||
'user_tree_dn': None,
|
||||
'user_enabled_emulation_dn': None,
|
||||
}
|
||||
|
||||
IDENTITY_ASSIGNMENT_PARAMETER_VALIDATOR = {
|
||||
constants.SERVICE_PARAM_ASSIGNMENT_DRIVER: _validate_assignment_driver,
|
||||
}
|
||||
|
||||
IDENTITY_ASSIGNMENT_PARAMETER_RESOURCE = {
|
||||
constants.SERVICE_PARAM_ASSIGNMENT_DRIVER: None,
|
||||
}
|
||||
|
||||
IDENTITY_IDENTITY_PARAMETER_VALIDATOR = {
|
||||
constants.SERVICE_PARAM_IDENTITY_DRIVER: _validate_identity_driver,
|
||||
}
|
||||
|
||||
IDENTITY_IDENTITY_PARAMETER_RESOURCE = {
|
||||
constants.SERVICE_PARAM_IDENTITY_DRIVER: 'keystone::ldap::identity_driver',
|
||||
}
|
||||
|
||||
IDENTITY_ADMIN_ENDPOINT_TYPE_PARAMETER_VALIDATOR = {
|
||||
constants.SERVICE_PARAM_PARAMETER_NAME_EXTERNAL_ADMINURL: cutils.validate_yes_no,
|
||||
}
|
||||
|
||||
IDENTITY_ADMIN_ENDPOINT_TYPE_PARAMETER_RESOURCE = {
|
||||
constants.SERVICE_PARAM_PARAMETER_NAME_EXTERNAL_ADMINURL: None,
|
||||
}
|
||||
|
||||
IDENTITY_CONFIG_PARAMETER_VALIDATOR = {
|
||||
constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION:
|
||||
_validate_token_expiry_time,
|
||||
|
@ -1047,23 +858,6 @@ SERVICE_VALUE_PROTECTION_MASK = "****"
|
|||
|
||||
SERVICE_PARAMETER_SCHEMA = {
|
||||
constants.SERVICE_TYPE_IDENTITY: {
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_ASSIGNMENT: {
|
||||
SERVICE_PARAM_MANDATORY: IDENTITY_ASSIGNMENT_PARAMETER_MANDATORY,
|
||||
SERVICE_PARAM_VALIDATOR: IDENTITY_ASSIGNMENT_PARAMETER_VALIDATOR,
|
||||
SERVICE_PARAM_RESOURCE: IDENTITY_ASSIGNMENT_PARAMETER_RESOURCE,
|
||||
},
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_IDENTITY: {
|
||||
SERVICE_PARAM_MANDATORY: IDENTITY_IDENTITY_PARAMETER_MANDATORY,
|
||||
SERVICE_PARAM_VALIDATOR: IDENTITY_IDENTITY_PARAMETER_VALIDATOR,
|
||||
SERVICE_PARAM_RESOURCE: IDENTITY_IDENTITY_PARAMETER_RESOURCE,
|
||||
SERVICE_PARAM_DATA_FORMAT: IDENTITY_IDENTITY_PARAMETER_DATA_FORMAT,
|
||||
},
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_LDAP: {
|
||||
SERVICE_PARAM_OPTIONAL: IDENTITY_LDAP_PARAMETER_OPTIONAL,
|
||||
SERVICE_PARAM_VALIDATOR: IDENTITY_LDAP_PARAMETER_VALIDATOR,
|
||||
SERVICE_PARAM_RESOURCE: IDENTITY_LDAP_PARAMETER_RESOURCE,
|
||||
SERVICE_PARAM_PROTECTED: IDENTITY_LDAP_PROTECTED_PARAMETERS,
|
||||
},
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_CONFIG: {
|
||||
SERVICE_PARAM_OPTIONAL: IDENTITY_CONFIG_PARAMETER_OPTIONAL,
|
||||
SERVICE_PARAM_VALIDATOR: IDENTITY_CONFIG_PARAMETER_VALIDATOR,
|
||||
|
|
|
@ -408,16 +408,6 @@ class ConductorManager(service.PeriodicService):
|
|||
self._generate_dnsmasq_hosts_file()
|
||||
|
||||
DEFAULT_PARAMETERS = [
|
||||
{'service': constants.SERVICE_TYPE_IDENTITY,
|
||||
'section': constants.SERVICE_PARAM_SECTION_IDENTITY_ASSIGNMENT,
|
||||
'name': constants.SERVICE_PARAM_ASSIGNMENT_DRIVER,
|
||||
'value': constants.SERVICE_PARAM_IDENTITY_ASSIGNMENT_DRIVER_SQL
|
||||
},
|
||||
{'service': constants.SERVICE_TYPE_IDENTITY,
|
||||
'section': constants.SERVICE_PARAM_SECTION_IDENTITY_IDENTITY,
|
||||
'name': constants.SERVICE_PARAM_IDENTITY_DRIVER,
|
||||
'value': constants.SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_SQL
|
||||
},
|
||||
{'service': constants.SERVICE_TYPE_IDENTITY,
|
||||
'section': constants.SERVICE_PARAM_SECTION_IDENTITY_CONFIG,
|
||||
'name': constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION,
|
||||
|
|
|
@ -156,13 +156,7 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
|
|||
if service_parameters is None:
|
||||
return {}
|
||||
|
||||
identity_backend = self._service_parameter_lookup_one(
|
||||
service_parameters,
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_IDENTITY,
|
||||
constants.SERVICE_PARAM_IDENTITY_DRIVER,
|
||||
constants.SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_SQL)
|
||||
config = {
|
||||
'keystone::ldap::identity_driver': identity_backend,
|
||||
'openstack::keystone::params::token_expiration':
|
||||
self._service_parameter_lookup_one(
|
||||
service_parameters,
|
||||
|
@ -171,64 +165,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
|
|||
constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION_DEFAULT),
|
||||
}
|
||||
|
||||
if identity_backend == constants.SERVICE_PARAM_IDENTITY_IDENTITY_DRIVER_LDAP:
|
||||
# If Keystone's Identity backend has been specified as
|
||||
# LDAP, then redirect that to Titanium's Hybrid driver
|
||||
# which is an abstraction over both the SQL and LDAP backends,
|
||||
# since we still need to support SQL backend operations, without
|
||||
# necessarily moving it into a separate domain
|
||||
config['keystone::ldap::identity_driver'] = 'hybrid'
|
||||
|
||||
basic_options = ['url', 'suffix', 'user', 'password',
|
||||
'user_tree_dn', 'user_objectclass',
|
||||
'query_scope',
|
||||
'page_size', 'debug_level']
|
||||
use_tls = self._service_parameter_lookup_one(
|
||||
service_parameters,
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_LDAP,
|
||||
'use_tls', False)
|
||||
if use_tls:
|
||||
tls_options = ['use_tls', 'tls_cacertdir', 'tls_cacertfile',
|
||||
'tls_req_cert']
|
||||
basic_options.extend(tls_options)
|
||||
|
||||
user_options = ['user_filter', 'user_id_attribute',
|
||||
'user_name_attribute', 'user_mail_attribute',
|
||||
'user_enabled_attribute', 'user_enabled_mask',
|
||||
'user_enabled_default', 'user_enabled_invert',
|
||||
'user_attribute_ignore',
|
||||
'user_default_project_id_attribute',
|
||||
'user_pass_attribute',
|
||||
'user_enabled_emulation',
|
||||
'user_enabled_emulation_dn',
|
||||
'user_additional_attribute_mapping']
|
||||
basic_options.extend(user_options)
|
||||
|
||||
group_options = ['group_tree_dn', 'group_filter',
|
||||
'group_objectclass', 'group_id_attribute',
|
||||
'group_name_attribute', 'group_member_attribute',
|
||||
'group_desc_attribute', 'group_attribute_ignore',
|
||||
'group_additional_attribute_mapping']
|
||||
basic_options.extend(group_options)
|
||||
|
||||
use_pool = self._service_parameter_lookup_one(
|
||||
service_parameters,
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_LDAP,
|
||||
'use_pool', False)
|
||||
if use_pool:
|
||||
pool_options = ['use_pool', 'pool_size', 'pool_retry_max',
|
||||
'pool_retry_delay', 'pool_connection_timeout',
|
||||
'pool_connection_lifetime', 'use_auth_pool',
|
||||
'auth_pool_size',
|
||||
'auth_pool_connection_lifetime']
|
||||
basic_options.extend(pool_options)
|
||||
|
||||
for opt in basic_options:
|
||||
config.update(self._format_service_parameter(
|
||||
service_parameters,
|
||||
constants.SERVICE_PARAM_SECTION_IDENTITY_LDAP,
|
||||
'keystone::ldap::', opt))
|
||||
|
||||
return config
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -20,7 +20,6 @@ import mock
|
|||
import os
|
||||
import os.path
|
||||
import tempfile
|
||||
import wsme
|
||||
|
||||
import netaddr
|
||||
from oslo_config import cfg
|
||||
|
@ -28,7 +27,6 @@ from oslo_config import cfg
|
|||
from mox3 import mox
|
||||
from six.moves import builtins
|
||||
from sysinv.common import exception
|
||||
from sysinv.common import service_parameter
|
||||
from sysinv.common import utils
|
||||
from sysinv.tests import base
|
||||
|
||||
|
@ -360,44 +358,3 @@ class IntLikeTestCase(base.TestCase):
|
|||
self.assertFalse(
|
||||
utils.is_int_like("0cc3346e-9fef-4445-abe6-5d2b2690ec64"))
|
||||
self.assertFalse(utils.is_int_like("a1"))
|
||||
|
||||
|
||||
class LDAPTestCase(base.TestCase):
|
||||
|
||||
def test_ldapurl(self):
|
||||
# Bad Network address is not acceptable as ldap url
|
||||
ldap_url = 'ldap://127'
|
||||
self.assertRaises(wsme.exc.ClientSideError,
|
||||
service_parameter._validate_ldap_url,
|
||||
'foo',
|
||||
ldap_url)
|
||||
|
||||
# loopback is not acceptable as ldap url
|
||||
ldap_url = 'ldap://127.0.0.1'
|
||||
self.assertRaises(wsme.exc.ClientSideError,
|
||||
service_parameter._validate_ldap_url,
|
||||
'foo',
|
||||
ldap_url)
|
||||
|
||||
# localhost is not acceptable as ldap url
|
||||
ldap_url = 'ldap://localhost:1234'
|
||||
self.assertRaises(wsme.exc.ClientSideError,
|
||||
service_parameter._validate_ldap_url,
|
||||
'foo',
|
||||
ldap_url)
|
||||
|
||||
# A valid ldap URL should not raise an exception
|
||||
ldap_url = 'ldap://dns.example.com:389'
|
||||
service_parameter._validate_ldap_url('foo', ldap_url)
|
||||
|
||||
def test_ldap_dn(self):
|
||||
# A poorly formatted ldap DN will raise a ClientSideError
|
||||
ldap_dn = 'this is not a valid ldap dn'
|
||||
self.assertRaises(wsme.exc.ClientSideError,
|
||||
service_parameter._validate_ldap_dn,
|
||||
'foo',
|
||||
ldap_dn)
|
||||
|
||||
# A valid DN will not raise a ClientSideError
|
||||
ldap_dn = 'uid=john.doe,ou=People,dc=example,dc=com'
|
||||
service_parameter._validate_ldap_dn('foo', ldap_dn)
|
||||
|
|
Loading…
Reference in New Issue