def test_new_project_user_removed(self):
"""
Tests when the user is removed after the post approve step.
"""
setup_identity_cache()
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
action.post_approve()
self.assertEqual(action.valid, True)
new_user = fake_clients.identity_cache['new_users'][0]
self.assertEqual(new_user.name, '*****@*****.**')
self.assertEqual(new_user.email, '*****@*****.**')
fake_clients.identity_cache['users'] = {}
token_data = {'password': '******'}
action.submit(token_data)
self.assertEqual(action.valid, False)
def test_new_project_existing_project(self):
"""
Create a project that already exists.
"""
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {}
setup_temp_cache({project.name: project}, {})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, False)
action.post_approve()
self.assertEquals(action.valid, False)
def test_new_project_existing_project(self):
"""
Create a project that already exists.
"""
project = fake_clients.FakeProject(name="test_project")
setup_identity_cache(projects=[project])
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, False)
action.post_approve()
self.assertEqual(action.valid, False)
def test_new_project_invalid_domain_id(self):
""" Create a project using an invalid domain """
setup_temp_cache({}, {})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'not_default_id',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, False)
action.post_approve()
self.assertEquals(action.valid, False)
def test_new_project_disabled_user(self):
"""
Create a project for a user that is disabled.
"""
user = mock.Mock()
user.id = 'user_id_1'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
user.enabled = False
# create disabled user
setup_temp_cache({}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
# Sign up, approve
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['projects']['test_project'].name,
'test_project')
self.assertEquals(
task.cache, {
'user_id': 'user_id_1',
'project_id': 'project_id_1',
'user_state': 'disabled'
})
self.assertEquals(action.action.cache["token_fields"], ['password'])
# submit password reset
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
# check that user has been created correctly
self.assertEquals(tests.temp_cache['users'][user.id].email,
'*****@*****.**')
self.assertEquals(tests.temp_cache['users'][user.id].enabled, True)
# Check user has correct roles in new project
project = tests.temp_cache['projects']['test_project']
self.assertEquals(
sorted(project.roles[user.id]),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_user_disabled_during_signup(self):
"""
Create a project for a user that is created and disabled during signup.
This exercises the tasks ability to correctly act based on changed
circumstances between two states.
"""
# Start with nothing created
setup_temp_cache({}, {})
# Sign up for the project+user, validate.
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
# Sign up
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
# Create the disabled user directly with the Identity Manager.
fm = FakeManager()
user = fm.create_user(name="*****@*****.**",
password='******',
email="*****@*****.**",
created_on=None,
domain='default',
default_project=None)
fm.disable_user(user.id)
# approve previous signup
action.post_approve()
self.assertEquals(action.valid, True)
project = tests.temp_cache['projects']['test_project']
self.assertEquals(project.name, 'test_project')
self.assertEquals(task.cache, {
'user_id': user.id,
'project_id': project.id,
'user_state': 'disabled'
})
# check that user has been re-enabled with a generated password.
self.assertEquals(user.enabled, True)
self.assertNotEquals(user.password, 'origpass')
# submit password reset
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
# Ensure user has new password:
self.assertEquals(user.password, '123456')
def test_new_project_reapprove(self):
"""
Project created at post_approve step,
ensure reapprove does nothing.
"""
setup_temp_cache({}, {})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['projects']['test_project'].name,
'test_project')
self.assertEquals(
task.cache, {
'project_id': 'project_id_1',
'user_id': 'user_id_1',
'user_state': 'default'
})
action.post_approve()
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['projects']['test_project'].name,
'test_project')
self.assertEquals(
task.cache, {
'project_id': 'project_id_1',
'user_id': 'user_id_1',
'user_state': 'default'
})
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
'*****@*****.**')
project = tests.temp_cache['projects']['test_project']
self.assertEquals(
sorted(project.roles["user_id_1"]),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_email_not_username(self):
"""
Base case, no project, no user.
Project and user created at post_approve step,
user password at submit step.
"""
setup_identity_cache()
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'username': '******',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
action.post_approve()
self.assertEqual(action.valid, True)
new_project = fake_clients.identity_cache['new_projects'][0]
self.assertEqual(new_project.name, 'test_project')
new_user = fake_clients.identity_cache['new_users'][0]
self.assertEqual(new_user.name, 'test_user')
self.assertEqual(new_user.email, '*****@*****.**')
self.assertEqual(
task.cache, {
'project_id': new_project.id,
'user_id': new_user.id,
'user_state': 'default'
})
token_data = {'password': '******'}
action.submit(token_data)
self.assertEqual(action.valid, True)
self.assertEqual(new_user.password, '123456')
fake_client = fake_clients.FakeManager()
roles = fake_client._get_roles_as_names(new_user, new_project)
self.assertEqual(
sorted(roles),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_existing_user(self):
"""
Create a project for a user that already exists.
"""
user = fake_clients.FakeUser(name="*****@*****.**",
password="******",
email="*****@*****.**")
setup_identity_cache(users=[user])
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
action.post_approve()
self.assertEqual(action.valid, True)
new_project = fake_clients.identity_cache['new_projects'][0]
self.assertEqual(new_project.name, 'test_project')
self.assertEqual(len(fake_clients.identity_cache['new_users']), 0)
self.assertEqual(
task.cache, {
'project_id': new_project.id,
'user_id': user.id,
'user_state': 'existing'
})
# submit does nothing for existing
action.submit({})
self.assertEqual(action.valid, True)
self.assertEqual(user.password, '123')
fake_client = fake_clients.FakeManager()
roles = fake_client._get_roles_as_names(user, new_project)
self.assertEqual(
sorted(roles),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_existing_user(self):
"""
Create a project for a user that already exists.
"""
user = mock.Mock()
user.id = 'user_id_1'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
setup_temp_cache({}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['projects']['test_project'].name,
'test_project')
self.assertEquals(
task.cache, {
'user_id': 'user_id_1',
'project_id': 'project_id_1',
'user_state': 'existing'
})
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['users'][user.id].email,
'*****@*****.**')
project = tests.temp_cache['projects']['test_project']
self.assertEquals(
sorted(project.roles[user.id]),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_user_nonmatching_email(self):
"""
Attempts to create a new project and a new user, where there is
a user with the same name but different email address
"""
user = mock.Mock()
user.id = "test_id"
user.name = "test_user"
user.email = "*****@*****.**"
user.domain = 'default'
setup_temp_cache({}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'username': '******',
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, False)
action.post_approve()
self.assertEquals(action.valid, False)
self.assertEquals(tests.temp_cache['projects'].get('test_project'),
None)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, False)
def test_new_project_user_removed(self):
"""
Tests when the user is removed after the post approve step.
"""
setup_temp_cache({}, {})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['projects']['test_project'].name,
'test_project')
self.assertEquals(
task.cache, {
'project_id': 'project_id_1',
'user_id': 'user_id_1',
'user_state': 'default'
})
tests.temp_cache['users'] = {}
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, False)
def test_new_project_user_nonmatching_email(self):
"""
Attempts to create a new project and a new user, where there is
a user with the same name but different email address
"""
user = fake_clients.FakeUser(name="test_user",
password="******",
email="*****@*****.**")
setup_identity_cache(users=[user])
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'username': '******',
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, False)
action.post_approve()
self.assertEqual(action.valid, False)
self.assertEqual(
fake_clients.identity_cache['projects'].get('test_project'), None)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEqual(action.valid, False)
def test_new_project_user_disabled_during_signup(self):
"""
Create a project for a user that is created and disabled during signup.
This exercises the tasks ability to correctly act based on changed
circumstances between two states.
"""
# Start with nothing created
setup_identity_cache()
# Sign up for the project+user, validate.
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
# Sign up
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
# Create the disabled user directly with the Identity Manager.
fake_client = fake_clients.FakeManager()
user = fake_client.create_user(name="*****@*****.**",
password='******',
email="*****@*****.**",
created_on=None,
domain='default',
default_project=None)
fake_client.disable_user(user.id)
# approve previous signup
action.post_approve()
self.assertEqual(action.valid, True)
new_project = fake_clients.identity_cache['new_projects'][0]
self.assertEqual(new_project.name, 'test_project')
self.assertEqual(len(fake_clients.identity_cache['new_users']), 1)
self.assertEqual(
task.cache, {
'user_id': user.id,
'project_id': new_project.id,
'user_state': 'disabled'
})
# check that user has been re-enabled with a generated password.
self.assertEqual(user.enabled, True)
self.assertNotEqual(user.password, 'origpass')
# submit password reset
token_data = {'password': '******'}
action.submit(token_data)
self.assertEqual(action.valid, True)
# Ensure user has new password:
self.assertEqual(user.password, '123456')
fake_client = fake_clients.FakeManager()
roles = fake_client._get_roles_as_names(user, new_project)
self.assertEqual(
sorted(roles),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_disabled_user(self):
"""
Create a project for a user that is disabled.
"""
user = fake_clients.FakeUser(name="*****@*****.**",
password="******",
email="*****@*****.**",
enabled=False)
setup_identity_cache(users=[user])
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
# Sign up, approve
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
action.post_approve()
self.assertEqual(action.valid, True)
new_project = fake_clients.identity_cache['new_projects'][0]
self.assertEqual(new_project.name, 'test_project')
self.assertEqual(len(fake_clients.identity_cache['new_users']), 0)
self.assertEqual(
task.cache, {
'user_id': user.id,
'project_id': new_project.id,
'user_state': 'disabled'
})
self.assertEqual(action.action.cache["token_fields"], ['password'])
# submit password reset
token_data = {'password': '******'}
action.submit(token_data)
self.assertEqual(action.valid, True)
self.assertEqual(user.password, '123456')
# check that user has been enabled correctly
self.assertEqual(user.email, '*****@*****.**')
self.assertEqual(user.enabled, True)
# Check user has correct roles in new project
fake_client = fake_clients.FakeManager()
roles = fake_client._get_roles_as_names(user, new_project)
self.assertEqual(
sorted(roles),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_reapprove_failure(self):
"""
Project created at post_approve step, failure at role grant.
Ensure reapprove correctly finishes.
"""
setup_temp_cache({}, {})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
# NOTE(adrian): We need the code to fail at the
# grant roles step so we can attempt reapproving it
class FakeException(Exception):
pass
def fail_grant(user, default_roles, project_id):
raise FakeException
# We swap out the old grant function and keep
# it for later.
old_grant_function = action.grant_roles
action.grant_roles = fail_grant
# Now we expect the failure
self.assertRaises(FakeException, action.post_approve)
# No roles_granted yet, but user created
self.assertTrue("user_id" in action.action.cache)
self.assertFalse("roles_granted" in action.action.cache)
self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
'*****@*****.**')
project = tests.temp_cache['projects']['test_project']
self.assertFalse("user_id_1" in project.roles)
# And then swap back the correct function
action.grant_roles = old_grant_function
# and try again, it should work this time
action.post_approve()
self.assertEquals(action.valid, True)
# roles_granted in cache
self.assertTrue("roles_granted" in action.action.cache)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
project = tests.temp_cache['projects']['test_project']
self.assertEquals(
sorted(project.roles["user_id_1"]),
sorted([
'_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
]))
def test_new_project_invalid_domain_id(self):
""" Create a project using an invalid domain """
setup_temp_cache({}, {})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'domain_id': 'not_default_id',
'parent_id': None,
'email': '*****@*****.**',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, False)
action.post_approve()
self.assertEquals(action.valid, False)
@override_settings(USERNAME_IS_EMAIL=False)
def test_new_project_email_not_username(self):
"""
Base case, no project, no user.
Project and user created at post_approve step,
user password at submit step.
"""
setup_temp_cache({}, {})
task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})
data = {
'domain_id': 'default',
'parent_id': None,
'email': '*****@*****.**',
'username': '******',
'project_name': 'test_project',
}
action = NewProjectWithUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
self.assertEquals(
tests.temp_cache['projects']['test_project'].name,
'test_project')
self.assertEquals(
task.cache, {
'project_id': 'project_id_1',
'user_id': 'user_id_1',
'user_state': 'default'
})
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
'*****@*****.**')
self.assertEquals(tests.temp_cache['users']["user_id_1"].name,
'test_user')
project = tests.temp_cache['projects']['test_project']
self.assertEquals(
sorted(project.roles["user_id_1"]),
sorted([
'_member_', 'project_admin', 'project_mod',
'heat_stack_owner'
]))