Exemple #1
0
    def test_new_project_reapprove(self):
        """
        Project created at approve step,
        ensure reapprove does nothing.
        """

        setup_identity_cache()

        task = Task.objects.create(keystone_user={})

        data = {
            "domain_id": "default",
            "parent_id": None,
            "email": "*****@*****.**",
            "project_name": "test_project",
        }

        action = NewProjectWithUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, True)

        action.approve()
        self.assertEqual(action.valid, True)

        new_project = fake_clients.identity_cache["new_projects"][0]
        self.assertEqual(new_project.name, "test_project")

        new_user = fake_clients.identity_cache["new_users"][0]
        self.assertEqual(new_user.name, "*****@*****.**")
        self.assertEqual(new_user.email, "*****@*****.**")

        self.assertEqual(
            task.cache,
            {
                "project_id": new_project.id,
                "user_id": new_user.id,
                "user_state": "default",
            },
        )

        action.approve()
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache["new_projects"]), 1)
        self.assertEqual(len(fake_clients.identity_cache["new_users"]), 1)
        self.assertEqual(
            task.cache,
            {
                "project_id": new_project.id,
                "user_id": new_user.id,
                "user_state": "default",
            },
        )

        token_data = {"password": "******"}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        self.assertEqual(new_user.password, "123456")

        fake_client = fake_clients.FakeManager()
        roles = fake_client._get_roles_as_names(new_user, new_project)
        self.assertEqual(
            sorted(roles),
            sorted(
                ["member", "project_admin", "project_mod",
                 "heat_stack_owner"]),
        )
    def test_new_project_reapprove(self):
        """
        Project created at post_approve step,
        ensure reapprove does nothing.
        """

        setup_identity_cache()

        task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})

        data = {
            'domain_id': 'default',
            'parent_id': None,
            'email': '*****@*****.**',
            'project_name': 'test_project',
        }

        action = NewProjectWithUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)

        new_project = fake_clients.identity_cache['new_projects'][0]
        self.assertEqual(new_project.name, 'test_project')

        new_user = fake_clients.identity_cache['new_users'][0]
        self.assertEqual(new_user.name, '*****@*****.**')
        self.assertEqual(new_user.email, '*****@*****.**')

        self.assertEqual(
            task.cache, {
                'project_id': new_project.id,
                'user_id': new_user.id,
                'user_state': 'default'
            })

        action.post_approve()
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache['new_projects']), 1)
        self.assertEqual(len(fake_clients.identity_cache['new_users']), 1)
        self.assertEqual(
            task.cache, {
                'project_id': new_project.id,
                'user_id': new_user.id,
                'user_state': 'default'
            })

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        self.assertEqual(new_user.password, '123456')

        fake_client = fake_clients.FakeManager()
        roles = fake_client._get_roles_as_names(new_user, new_project)
        self.assertEqual(
            sorted(roles),
            sorted([
                '_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
            ]))
    def test_new_project_reapprove_failure(self):
        """
        Project created at post_approve step, failure at role grant.

        Ensure reapprove correctly finishes.
        """

        setup_temp_cache({}, {})

        task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})

        data = {
            'domain_id': 'default',
            'parent_id': None,
            'email': '*****@*****.**',
            'project_name': 'test_project',
        }

        action = NewProjectWithUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEquals(action.valid, True)

        # NOTE(adrian): We need the code to fail at the
        # grant roles step so we can attempt reapproving it
        class FakeException(Exception):
            pass

        def fail_grant(user, default_roles, project_id):
            raise FakeException

        # We swap out the old grant function and keep
        # it for later.
        old_grant_function = action.grant_roles
        action.grant_roles = fail_grant

        # Now we expect the failure
        self.assertRaises(FakeException, action.post_approve)

        # No roles_granted yet, but user created
        self.assertTrue("user_id" in action.action.cache)
        self.assertFalse("roles_granted" in action.action.cache)
        self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
                          '*****@*****.**')
        project = tests.temp_cache['projects']['test_project']
        self.assertFalse("user_id_1" in project.roles)

        # And then swap back the correct function
        action.grant_roles = old_grant_function
        # and try again, it should work this time
        action.post_approve()
        self.assertEquals(action.valid, True)
        # roles_granted in cache
        self.assertTrue("roles_granted" in action.action.cache)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEquals(action.valid, True)

        project = tests.temp_cache['projects']['test_project']
        self.assertEquals(
            sorted(project.roles["user_id_1"]),
            sorted([
                '_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
            ]))
    def test_new_project_user_disabled_during_signup(self):
        """
        Create a project for a user that is created and disabled during signup.

        This exercises the tasks ability to correctly act based on changed
        circumstances between two states.
        """

        # Start with nothing created
        setup_identity_cache()

        # Sign up for the project+user, validate.
        task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})

        data = {
            'domain_id': 'default',
            'parent_id': None,
            'email': '*****@*****.**',
            'project_name': 'test_project',
        }

        # Sign up
        action = NewProjectWithUserAction(data, task=task, order=1)
        action.pre_approve()
        self.assertEqual(action.valid, True)

        # Create the disabled user directly with the Identity Manager.
        fake_client = fake_clients.FakeManager()
        user = fake_client.create_user(name="*****@*****.**",
                                       password='******',
                                       email="*****@*****.**",
                                       created_on=None,
                                       domain='default',
                                       default_project=None)
        fake_client.disable_user(user.id)

        # approve previous signup
        action.post_approve()
        self.assertEqual(action.valid, True)

        new_project = fake_clients.identity_cache['new_projects'][0]
        self.assertEqual(new_project.name, 'test_project')

        self.assertEqual(len(fake_clients.identity_cache['new_users']), 1)

        self.assertEqual(
            task.cache, {
                'user_id': user.id,
                'project_id': new_project.id,
                'user_state': 'disabled'
            })

        # check that user has been re-enabled with a generated password.
        self.assertEqual(user.enabled, True)
        self.assertNotEqual(user.password, 'origpass')

        # submit password reset
        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        # Ensure user has new password:
        self.assertEqual(user.password, '123456')

        fake_client = fake_clients.FakeManager()
        roles = fake_client._get_roles_as_names(user, new_project)
        self.assertEqual(
            sorted(roles),
            sorted([
                '_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
            ]))
    def test_new_project_disabled_user(self):
        """
        Create a project for a user that is disabled.
        """

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**",
                                     enabled=False)

        setup_identity_cache(users=[user])

        task = Task.objects.create(ip_address="0.0.0.0", keystone_user={})

        data = {
            'domain_id': 'default',
            'parent_id': None,
            'email': '*****@*****.**',
            'project_name': 'test_project',
        }

        # Sign up, approve
        action = NewProjectWithUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)

        new_project = fake_clients.identity_cache['new_projects'][0]
        self.assertEqual(new_project.name, 'test_project')

        self.assertEqual(len(fake_clients.identity_cache['new_users']), 0)

        self.assertEqual(
            task.cache, {
                'user_id': user.id,
                'project_id': new_project.id,
                'user_state': 'disabled'
            })
        self.assertEqual(action.action.cache["token_fields"], ['password'])

        # submit password reset
        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        self.assertEqual(user.password, '123456')

        # check that user has been enabled correctly
        self.assertEqual(user.email, '*****@*****.**')
        self.assertEqual(user.enabled, True)

        # Check user has correct roles in new project
        fake_client = fake_clients.FakeManager()
        roles = fake_client._get_roles_as_names(user, new_project)
        self.assertEqual(
            sorted(roles),
            sorted([
                '_member_', 'project_admin', 'project_mod', 'heat_stack_owner'
            ]))
    def test_new_project_user_disabled_during_signup(self):
        """
        Create a project for a user that is created and disabled during signup.

        This exercises the tasks ability to correctly act based on changed
        circumstances between two states.
        """

        # Start with nothing created
        setup_identity_cache()

        # Sign up for the project+user, validate.
        task = Task.objects.create(keystone_user={})

        data = {
            "domain_id": "default",
            "parent_id": None,
            "email": "*****@*****.**",
            "project_name": "test_project",
        }

        # Sign up
        action = NewProjectWithUserAction(data, task=task, order=1)
        action.prepare()
        self.assertEqual(action.valid, True)

        # Create the disabled user directly with the Identity Manager.
        fake_client = fake_clients.FakeManager()
        user = fake_client.create_user(
            name="*****@*****.**",
            password="******",
            email="*****@*****.**",
            created_on=None,
            domain="default",
            default_project=None,
        )
        fake_client.disable_user(user.id)

        # approve previous signup
        action.approve()
        self.assertEqual(action.valid, True)

        new_project = fake_clients.identity_cache["new_projects"][0]
        self.assertEqual(new_project.name, "test_project")

        self.assertEqual(len(fake_clients.identity_cache["new_users"]), 1)

        self.assertEqual(
            task.cache,
            {
                "user_id": user.id,
                "project_id": new_project.id,
                "user_state": "disabled",
            },
        )

        # check that user has been re-enabled with a generated password.
        self.assertEqual(user.enabled, True)
        self.assertNotEqual(user.password, "origpass")

        # submit password reset
        token_data = {"password": "******"}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        # Ensure user has new password:
        self.assertEqual(user.password, "123456")

        fake_client = fake_clients.FakeManager()
        roles = fake_client._get_roles_as_names(user, new_project)
        self.assertEqual(
            sorted(roles),
            sorted(
                ["member", "project_admin", "project_mod",
                 "heat_stack_owner"]),
        )
    def test_new_project_disabled_user(self):
        """
        Create a project for a user that is disabled.
        """

        user = fake_clients.FakeUser(
            name="*****@*****.**",
            password="******",
            email="*****@*****.**",
            enabled=False,
        )

        setup_identity_cache(users=[user])

        task = Task.objects.create(keystone_user={})

        data = {
            "domain_id": "default",
            "parent_id": None,
            "email": "*****@*****.**",
            "project_name": "test_project",
        }

        # Sign up, approve
        action = NewProjectWithUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, True)

        action.approve()
        self.assertEqual(action.valid, True)

        new_project = fake_clients.identity_cache["new_projects"][0]
        self.assertEqual(new_project.name, "test_project")

        self.assertEqual(len(fake_clients.identity_cache["new_users"]), 0)

        self.assertEqual(
            task.cache,
            {
                "user_id": user.id,
                "project_id": new_project.id,
                "user_state": "disabled",
            },
        )
        self.assertEqual(action.action.cache["token_fields"], ["password"])

        # submit password reset
        token_data = {"password": "******"}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        self.assertEqual(user.password, "123456")

        # check that user has been enabled correctly
        self.assertEqual(user.email, "*****@*****.**")
        self.assertEqual(user.enabled, True)

        # Check user has correct roles in new project
        fake_client = fake_clients.FakeManager()
        roles = fake_client._get_roles_as_names(user, new_project)
        self.assertEqual(
            sorted(roles),
            sorted(
                ["member", "project_admin", "project_mod",
                 "heat_stack_owner"]),
        )
    def test_new_project_reapprove_failure(self):
        """
        Project created at approve step, failure at role grant.

        Ensure reapprove correctly finishes.
        """

        setup_identity_cache()

        task = Task.objects.create(keystone_user={})

        data = {
            "domain_id": "default",
            "parent_id": None,
            "email": "*****@*****.**",
            "project_name": "test_project",
        }

        action = NewProjectWithUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, True)

        # NOTE(adrian): We need the code to fail at the
        # grant roles step so we can attempt reapproving it
        class FakeException(Exception):
            pass

        def fail_grant(user, default_roles, project_id):
            raise FakeException

        # We swap out the old grant function and keep
        # it for later.
        old_grant_function = action.grant_roles
        action.grant_roles = fail_grant

        # Now we expect the failure
        self.assertRaises(FakeException, action.approve)

        # No roles_granted yet, but user created
        self.assertTrue("user_id" in action.action.cache)
        self.assertFalse("roles_granted" in action.action.cache)
        new_project = fake_clients.identity_cache["new_projects"][0]
        self.assertEqual(new_project.name, "test_project")

        new_user = fake_clients.identity_cache["new_users"][0]
        self.assertEqual(new_user.name, "*****@*****.**")
        self.assertEqual(new_user.email, "*****@*****.**")
        self.assertEqual(len(fake_clients.identity_cache["role_assignments"]),
                         0)

        # And then swap back the correct function
        action.grant_roles = old_grant_function
        # and try again, it should work this time
        action.approve()
        self.assertEqual(action.valid, True)
        # roles_granted in cache
        self.assertTrue("roles_granted" in action.action.cache)

        token_data = {"password": "******"}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        self.assertEqual(new_user.password, "123456")

        fake_client = fake_clients.FakeManager()
        roles = fake_client._get_roles_as_names(new_user, new_project)
        self.assertEqual(
            sorted(roles),
            sorted(
                ["member", "project_admin", "project_mod",
                 "heat_stack_owner"]),
        )