def test_project_attribute_mapping(self):
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
CONF.ldap.tenant_name_attribute = 'ou'
CONF.ldap.tenant_desc_attribute = 'desc'
CONF.ldap.tenant_enabled_attribute = 'enabled'
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
tenant_ref = self.identity_api.get_project(self.tenant_baz['id'])
self.assertEqual(tenant_ref['id'], self.tenant_baz['id'])
self.assertEqual(tenant_ref['name'], self.tenant_baz['name'])
self.assertEqual(
tenant_ref['description'],
self.tenant_baz['description'])
self.assertEqual(tenant_ref['enabled'], self.tenant_baz['enabled'])
CONF.ldap.tenant_name_attribute = 'desc'
CONF.ldap.tenant_desc_attribute = 'ou'
self.identity_api = identity_ldap.Identity()
tenant_ref = self.identity_api.get_project(self.tenant_baz['id'])
self.assertEqual(tenant_ref['id'], self.tenant_baz['id'])
self.assertEqual(tenant_ref['name'], self.tenant_baz['description'])
self.assertEqual(tenant_ref['description'], self.tenant_baz['name'])
self.assertEqual(tenant_ref['enabled'], self.tenant_baz['enabled'])
def config(self, config_files):
super(KcMasterSqlTestCase, self).config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf'),
test.testsdir('backend_sql_disk.conf')])
sql_util.setup_test_database()
def setUp(self):
super(ImportLegacy, self).setUp()
CONF(config_files=[test.etcdir('keystone.conf'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
sql_util.setup_test_database()
self.identity_api = identity_sql.Identity()
def setUp(self):
super(RedisToken, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_redis.conf')])
self.token_api = token_redis.Token()
self.token_api.flush_all()
def test_configurable_forbidden_user_actions(self):
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
CONF.ldap.user_allow_create = False
CONF.ldap.user_allow_update = False
CONF.ldap.user_allow_delete = False
self.identity_api = identity_ldap.Identity()
user = {'id': 'fake1',
'name': 'fake1',
'password': '******',
'tenants': ['bar']}
self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_user,
'fake1',
user)
self.user_foo['password'] = '******'
self.assertRaises(exception.ForbiddenAction,
self.identity_api.update_user,
self.user_foo['id'],
self.user_foo)
self.assertRaises(exception.ForbiddenAction,
self.identity_api.delete_user,
self.user_foo['id'])
def test_tenant_attribute_mapping(self):
self.config(
[
test.etcdir("keystone.conf.sample"),
test.testsdir("test_overrides.conf"),
test.testsdir("backend_ldap.conf"),
]
)
CONF.ldap.tenant_name_attribute = "ou"
CONF.ldap.tenant_desc_attribute = "desc"
CONF.ldap.tenant_enabled_attribute = "enabled"
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
tenant_ref = self.identity_api.get_tenant(self.tenant_baz["id"])
self.assertEqual(tenant_ref["id"], self.tenant_baz["id"])
self.assertEqual(tenant_ref["name"], self.tenant_baz["name"])
self.assertEqual(tenant_ref["description"], self.tenant_baz["description"])
self.assertEqual(tenant_ref["enabled"], self.tenant_baz["enabled"])
CONF.ldap.tenant_name_attribute = "desc"
CONF.ldap.tenant_desc_attribute = "ou"
self.identity_api = identity_ldap.Identity()
tenant_ref = self.identity_api.get_tenant(self.tenant_baz["id"])
self.assertEqual(tenant_ref["id"], self.tenant_baz["id"])
self.assertEqual(tenant_ref["name"], self.tenant_baz["description"])
self.assertEqual(tenant_ref["description"], self.tenant_baz["name"])
self.assertEqual(tenant_ref["enabled"], self.tenant_baz["enabled"])
def test_user_attribute_mapping(self):
self.config(
[
test.etcdir("keystone.conf.sample"),
test.testsdir("test_overrides.conf"),
test.testsdir("backend_ldap.conf"),
]
)
CONF.ldap.user_name_attribute = "sn"
CONF.ldap.user_mail_attribute = "email"
CONF.ldap.user_enabled_attribute = "enabled"
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
user_ref = self.identity_api.get_user(self.user_two["id"])
self.assertEqual(user_ref["id"], self.user_two["id"])
self.assertEqual(user_ref["name"], self.user_two["name"])
self.assertEqual(user_ref["email"], self.user_two["email"])
self.assertEqual(user_ref["enabled"], self.user_two["enabled"])
CONF.ldap.user_name_attribute = "email"
CONF.ldap.user_mail_attribute = "sn"
self.identity_api = identity_ldap.Identity()
user_ref = self.identity_api.get_user(self.user_two["id"])
self.assertEqual(user_ref["id"], self.user_two["id"])
self.assertEqual(user_ref["name"], self.user_two["email"])
self.assertEqual(user_ref["email"], self.user_two["name"])
self.assertEqual(user_ref["enabled"], self.user_two["enabled"])
def setUp(self):
super(SqlTests, self).setUp()
self.config(
[
test.etcdir("keystone.conf.sample"),
test.testsdir("test_overrides.conf"),
test.testsdir("backend_sql.conf"),
]
)
# initialize managers and override drivers
self.catalog_man = catalog.Manager()
self.identity_man = identity.Manager()
self.token_man = token.Manager()
self.trust_man = trust.Manager()
self.policy_man = policy.Manager()
# create tables and keep an engine reference for cleanup.
# this must be done after the models are loaded by the managers.
self.engine = self.get_engine()
sql.ModelBase.metadata.create_all(bind=self.engine)
# create shortcut references to each driver
self.catalog_api = self.catalog_man.driver
self.identity_api = self.identity_man.driver
self.token_api = self.token_man.driver
self.policy_api = self.policy_man.driver
self.trust_api = self.trust_man.driver
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
# defaulted by the data load
self.user_foo["enabled"] = True
def test_user_enable_attribute_mask(self):
self.config(
[
test.etcdir("keystone.conf.sample"),
test.testsdir("test_overrides.conf"),
test.testsdir("backend_ldap.conf"),
]
)
CONF.ldap.user_enabled_attribute = "enabled"
CONF.ldap.user_enabled_mask = 2
CONF.ldap.user_enabled_default = 512
clear_database()
self.identity_api = identity_ldap.Identity()
user = {"id": "fake1", "name": "fake1", "enabled": True}
self.identity_api.create_user("fake1", user)
user_ref = self.identity_api.get_user("fake1")
self.assertEqual(user_ref["enabled"], True)
user["enabled"] = False
self.identity_api.update_user("fake1", user)
user_ref = self.identity_api.get_user("fake1")
self.assertEqual(user_ref["enabled"], False)
user["enabled"] = True
self.identity_api.update_user("fake1", user)
user_ref = self.identity_api.get_user("fake1")
self.assertEqual(user_ref["enabled"], True)
def setUp(self):
super(SqlToken, self).setUp()
CONF(config_files=[test.etcdir('keystone.conf'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
sql_util.setup_test_database()
self.token_api = token_sql.Token()
def setUp(self):
super(SqlTests, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
# initialize managers and override drivers
self.catalog_man = catalog.Manager()
self.identity_man = identity.Manager()
self.token_man = token.Manager()
# create shortcut references to each driver
self.catalog_api = self.catalog_man.driver
self.identity_api = self.identity_man.driver
self.token_api = self.token_man.driver
# create and share a single sqlalchemy engine for testing
engine = sql.Base().get_engine()
self.identity_api._engine = engine
self.catalog_api._engine = engine
self.token_api._engine = engine
# populate the engine with tables & fixtures
sql.ModelBase.metadata.bind = engine
sql.ModelBase.metadata.create_all(engine)
self.load_fixtures(default_fixtures)
def setUp(self):
super(MiddlewareVomsAuthn, self).setUp()
self.identity_api = kvs_identity.Identity()
self.load_fixtures(default_fixtures)
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('voms_authn.conf')])
def setUp(self):
super(LDAPIdentity, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_liveldap.conf')])
clear_live_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
def _set_config(self):
self.config(
[
test.etcdir("keystone.conf.sample"),
test.testsdir("test_overrides.conf"),
test.testsdir("backend_liveldap.conf"),
]
)
def setUp(self):
super(SqlIdentity, self).setUp()
CONF(config_files=[test.etcdir('keystone.conf'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
sql_util.setup_test_database()
self.identity_api = identity_sql.Identity()
self.load_fixtures(default_fixtures)
def setUp(self):
super(MigrateNovaAuth, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
sql_util.setup_test_database()
self.identity_api = identity_sql.Identity()
self.ec2_api = ec2_sql.Ec2()
def config(self):
CONF(
config_files=[
test.etcdir("keystone.conf"),
test.testsdir("test_overrides.conf"),
test.testsdir("backend_sql.conf"),
]
)
sql_util.setup_test_database()
def setUp(self):
super(SqlCatalog, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
sql_util.setup_test_database()
self.catalog_api = catalog_sql.Catalog()
self.catalog_man = catalog.Manager()
self.load_fixtures(default_fixtures)
def setUp(self):
super(PamIdentity, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_pam.conf')])
self.identity_api = identity_pam.PamIdentity()
id = uuid.uuid4().hex
self.tenant_in = {'id': id, 'name': id}
self.user_in = {'id': CONF.pam.userid, 'name': CONF.pam.userid}
def setUp(self):
super(ImportLegacy, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf'),
test.testsdir('backend_sql_disk.conf')])
test.setup_test_database()
self.identity_man = identity.Manager()
self.identity_api = identity_sql.Identity()
def config(self, config_files):
super(KcMasterSqlTestCase, self).config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
self.load_backends()
self.engine = self.get_engine()
sql.ModelBase.metadata.create_all(bind=self.engine)
def test_build_tree(self):
"""Regression test for building the tree names
"""
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
user_api = identity_ldap.UserApi(CONF)
self.assertTrue(user_api)
self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)
def setUp(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf'),
test.testsdir('backend_sql_disk.conf')])
sql_util.setup_test_database()
self.load_backends()
self.public_server = self.serveapp('keystone', name='main')
self.admin_server = self.serveapp('keystone', name='admin')
def setUp(self):
super(MigrateNovaAuth, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf'),
test.testsdir('backend_sql_disk.conf')
])
sql_util.setup_test_database()
self.identity_api = identity_sql.Identity()
self.ec2_api = ec2_sql.Ec2()
def setUp(self):
super(PamIdentity, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_pam.conf')
])
self.identity_api = identity_pam.PamIdentity()
id = uuid.uuid4().hex
self.tenant_in = {'id': id, 'name': id}
self.user_in = {'id': CONF.pam.userid, 'name': CONF.pam.userid}
def test_role_attribute_ignore(self):
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
CONF.ldap.role_attribute_ignore = ['name']
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
role_ref = self.identity_api.get_role(self.role_member['id'])
self.assertEqual(role_ref['id'], self.role_member['id'])
self.assertNotIn('name', role_ref)
def setUp(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf'),
test.testsdir('backend_sql_disk.conf')
])
sql_util.setup_test_database()
self.load_backends()
self.public_server = self.serveapp('keystone', name='main')
self.admin_server = self.serveapp('keystone', name='admin')
def setUp(self):
super(ImportLegacy, self).setUp()
self.config(
[
test.etcdir("keystone.conf.sample"),
test.testsdir("test_overrides.conf"),
test.testsdir("backend_sql.conf"),
]
)
sql_util.setup_test_database()
self.identity_api = identity_sql.Identity()
def setUp(self):
super(SqlCatalog, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
sql_util.setup_test_database()
self.catalog_api = catalog_sql.Catalog()
self.catalog_man = catalog.Manager()
self.load_fixtures(default_fixtures)
def setUp(self):
super(TestAuthPlugin, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf'),
test.testsdir('backend_sql_disk.conf'),
test.testsdir('test_auth_plugin.conf')])
self.load_backends()
auth.controllers.AUTH_METHODS[METHOD_NAME] = SimpleChallengeResponse()
self.api = auth.controllers.Auth()
def setup_old_database(self, sql_dump):
sql_path = test.testsdir(sql_dump)
db_path = test.testsdir('%s.db' % sql_dump)
try:
os.unlink(db_path)
except OSError:
pass
script_str = open(sql_path).read().strip()
conn = sqlite3.connect(db_path)
conn.executescript(script_str)
conn.commit()
return db_path
def test_project_filter(self):
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
tenant_ref = self.identity_api.get_project(self.tenant_bar['id'])
self.assertDictEqual(tenant_ref, self.tenant_bar)
CONF.ldap.tenant_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.assertRaises(exception.ProjectNotFound,
self.identity_api.get_project,
self.tenant_bar['id'])
def test_role_filter(self):
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
role_ref = self.identity_api.get_role(self.role_member['id'])
self.assertDictEqual(role_ref, self.role_member)
CONF.ldap.role_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.assertRaises(exception.RoleNotFound,
self.identity_api.get_role,
self.role_member['id'])
def test_dumb_member(self):
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
CONF.ldap.use_dumb_member = True
CONF.ldap.dumb_member = 'cn=dumb,cn=example,cn=com'
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
self.assertRaises(exception.UserNotFound,
self.identity_api.get_user,
'dumb')
def test_build_tree(self):
"""Regression test for building the tree names
"""
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
user_api = identity_ldap.UserApi(CONF)
self.assertTrue(user_api)
self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)
def setUp(self):
super(SqlIdentity, self).setUp()
try:
os.unlink('bla.db')
except Exception:
pass
CONF(config_files=[test.etcdir('keystone.conf'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
sql_util.setup_test_database()
self.identity_api = identity_sql.Identity()
self.load_fixtures(default_fixtures)
def setup_old_database(self, sql_dump):
sql_path = test.testsdir(sql_dump)
db_path = test.testsdir('%s.db' % sql_dump)
try:
os.unlink(db_path)
except OSError:
pass
script_str = open(sql_path).read().strip()
conn = sqlite3.connect(db_path)
conn.executescript(script_str)
conn.commit()
return db_path
def test_role_filter(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
role_ref = self.identity_api.get_role(self.role_member['id'])
self.assertDictEqual(role_ref, self.role_member)
CONF.ldap.role_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.assertRaises(exception.RoleNotFound, self.identity_api.get_role,
self.role_member['id'])
def test_tenant_filter(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
tenant_ref = self.identity_api.get_tenant(self.tenant_bar['id'])
self.assertDictEqual(tenant_ref, self.tenant_bar)
CONF.ldap.tenant_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.assertRaises(exception.TenantNotFound,
self.identity_api.get_tenant, self.tenant_bar['id'])
def setUp(self):
super(LDAPIdentityEnabledEmulation, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')])
CONF.ldap.user_enabled_emulation = True
CONF.ldap.tenant_enabled_emulation = True
self.clear_database()
self.load_backends()
self.load_fixtures(default_fixtures)
for obj in [self.tenant_bar, self.tenant_baz, self.user_foo,
self.user_two, self.user_badguy]:
obj.setdefault('enabled', True)
def test_role_attribute_ignore(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
CONF.ldap.role_attribute_ignore = ['name']
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
role_ref = self.identity_api.get_role(self.role_member['id'])
self.assertEqual(role_ref['id'], self.role_member['id'])
self.assertNotIn('name', role_ref)
def test_dumb_member(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
CONF.ldap.use_dumb_member = True
CONF.ldap.dumb_member = 'cn=dumb,cn=example,cn=com'
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
self.assertRaises(exception.UserNotFound, self.identity_api.get_user,
'dumb')
def test_user_filter(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
user_ref = self.identity_api.get_user(self.user_foo['id'])
self.user_foo.pop('password')
self.assertDictEqual(user_ref, self.user_foo)
CONF.ldap.user_filter = '(CN=DOES_NOT_MATCH)'
self.identity_api = identity_ldap.Identity()
self.assertRaises(exception.UserNotFound, self.identity_api.get_user,
self.user_foo['id'])
def test_tenant_attribute_ignore(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
CONF.ldap.tenant_attribute_ignore = ['name', 'description', 'enabled']
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
tenant_ref = self.identity_api.get_tenant(self.tenant_baz['id'])
self.assertEqual(tenant_ref['id'], self.tenant_baz['id'])
self.assertNotIn('name', tenant_ref)
self.assertNotIn('description', tenant_ref)
self.assertNotIn('enabled', tenant_ref)
def setUp(self):
super(TestAuthPlugin, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf'),
test.testsdir('backend_sql_disk.conf'),
test.testsdir('test_auth_plugin.conf')
])
self.load_backends()
auth.controllers.AUTH_METHODS[METHOD_NAME] = SimpleChallengeResponse()
# need to register the token provider first because auth controller
# depends on it
token.provider.Manager()
self.api = auth.controllers.Auth()
def setUp(self):
super(SqlUpgradeTests, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
# create and share a single sqlalchemy engine for testing
self.engine = sql.Base().get_engine(allow_global_engine=False)
self.metadata = sqlalchemy.MetaData()
# populate the engine with tables & fixtures
self.metadata.bind = self.engine
self.repo_path = migration._find_migrate_repo()
self.schema = versioning_api.ControlledSchema.create(
self.engine, self.repo_path, 0)
def setUp(self):
super(SqlTests, self).setUp()
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')])
self.load_backends()
# create tables and keep an engine reference for cleanup.
# this must be done after the models are loaded by the managers.
self.engine = self.get_engine()
sql.ModelBase.metadata.create_all(bind=self.engine)
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
#defaulted by the data load
self.user_foo['enabled'] = True
def test_configurable_allowed_role_actions(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
self.identity_api = identity_ldap.Identity()
role = {'id': 'fake1', 'name': 'fake1'}
self.identity_api.create_role('fake1', role)
role_ref = self.identity_api.get_role('fake1')
self.assertEqual(role_ref['id'], 'fake1')
role['name'] = 'fake2'
self.identity_api.update_role('fake1', role)
self.identity_api.delete_role('fake1')
self.assertRaises(exception.RoleNotFound, self.identity_api.get_role,
'fake1')
def test_configurable_allowed_tenant_actions(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
self.identity_api = identity_ldap.Identity()
tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True}
self.identity_api.create_tenant('fake1', tenant)
tenant_ref = self.identity_api.get_tenant('fake1')
self.assertEqual(tenant_ref['id'], 'fake1')
tenant['enabled'] = 'False'
self.identity_api.update_tenant('fake1', tenant)
self.identity_api.delete_tenant('fake1')
self.assertRaises(exception.TenantNotFound,
self.identity_api.get_tenant, 'fake1')
def test_user_attribute_ignore(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
CONF.ldap.user_attribute_ignore = [
'name', 'email', 'password', 'tenant_id', 'enabled', 'tenants'
]
clear_database()
self.identity_api = identity_ldap.Identity()
self.load_fixtures(default_fixtures)
user_ref = self.identity_api.get_user(self.user_two['id'])
self.assertEqual(user_ref['id'], self.user_two['id'])
self.assertNotIn('name', user_ref)
self.assertNotIn('email', user_ref)
self.assertNotIn('password', user_ref)
self.assertNotIn('tenant_id', user_ref)
self.assertNotIn('enabled', user_ref)
self.assertNotIn('tenants', user_ref)
def setUp(self):
super(SqlTests, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
# initialize managers and override drivers
self.catalog_man = catalog.Manager()
self.identity_man = identity.Manager()
self.token_man = token.Manager()
# create shortcut references to each driver
self.catalog_api = self.catalog_man.driver
self.identity_api = self.identity_man.driver
self.token_api = self.token_man.driver
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
def setUp(self):
super(SqlUpgradeTests, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
self.base = sql.Base()
# create and share a single sqlalchemy engine for testing
self.engine = self.base.get_engine(allow_global_engine=False)
self.Session = self.base.get_sessionmaker(engine=self.engine,
autocommit=False)
self.initialize_sql()
self.repo_path = migration._find_migrate_repo()
self.schema = versioning_api.ControlledSchema.create(
self.engine, self.repo_path, 0)
# auto-detect the highest available schema version in the migrate_repo
self.max_version = self.schema.repository.version().version
def test_configurable_forbidden_tenant_actions(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
CONF.ldap.tenant_allow_create = False
CONF.ldap.tenant_allow_update = False
CONF.ldap.tenant_allow_delete = False
self.identity_api = identity_ldap.Identity()
tenant = {'id': 'fake1', 'name': 'fake1'}
self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_tenant, 'fake1', tenant)
self.tenant_bar['enabled'] = 'False'
self.assertRaises(exception.ForbiddenAction,
self.identity_api.update_tenant,
self.tenant_bar['id'], self.tenant_bar)
self.assertRaises(exception.ForbiddenAction,
self.identity_api.delete_tenant,
self.tenant_bar['id'])
def test_configurable_forbidden_role_actions(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
CONF.ldap.role_allow_create = False
CONF.ldap.role_allow_update = False
CONF.ldap.role_allow_delete = False
self.identity_api = identity_ldap.Identity()
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_role, role['id'], role)
self.role_member['name'] = uuid.uuid4().hex
self.assertRaises(exception.ForbiddenAction,
self.identity_api.update_role,
self.role_member['id'], self.role_member)
self.assertRaises(exception.ForbiddenAction,
self.identity_api.delete_role,
self.role_member['id'])
def test_configurable_forbidden_role_actions(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
CONF.ldap.role_allow_create = False
CONF.ldap.role_allow_update = False
CONF.ldap.role_allow_delete = False
self.identity_api = identity_ldap.Identity()
role = {'id': 'fake1', 'name': 'fake1'}
self.assertRaises(exception.ForbiddenAction,
self.identity_api.create_role, 'fake1', role)
self.role_useless['name'] = 'useful'
self.assertRaises(exception.ForbiddenAction,
self.identity_api.update_role,
self.role_useless['id'], self.role_useless)
self.assertRaises(exception.ForbiddenAction,
self.identity_api.delete_role,
self.role_useless['id'])
def test_configurable_allowed_user_actions(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
self.identity_api = identity_ldap.Identity()
user = {
'id': 'fake1',
'name': 'fake1',
'password': '******',
'tenants': ['bar']
}
self.identity_api.create_user('fake1', user)
user_ref = self.identity_api.get_user('fake1')
self.assertEqual(user_ref['id'], 'fake1')
user['password'] = '******'
self.identity_api.update_user('fake1', user)
self.identity_api.delete_user('fake1')
self.assertRaises(exception.UserNotFound, self.identity_api.get_user,
'fake1')
def test_user_api_get_connection_no_user_password(self):
"""Don't bind in case the user and password are blank"""
self.config([test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf')])
CONF.ldap.url = "fake://memory"
user_api = identity.backends.ldap.UserApi(CONF)
self.stubs.Set(fakeldap, 'FakeLdap',
self.mox.CreateMock(fakeldap.FakeLdap))
# we have to track all calls on 'conn' to make sure that
# conn.simple_bind_s is not called
conn = self.mox.CreateMockAnything()
conn = fakeldap.FakeLdap(CONF.ldap.url).AndReturn(conn)
self.mox.ReplayAll()
user_api.get_connection(user=None, password=None)
def setUp(self):
super(NovaClientCompatMasterTestCase, self).setUp()
revdir = test.checkout_vendor(NOVACLIENT_REPO, 'master')
self.add_path(revdir)
from novaclient.keystone import client as ks_client
from novaclient import client as base_client
reload(ks_client)
reload(base_client)
CONF(config_files=[test.etcdir('keystone.conf'),
test.testsdir('test_overrides.conf')])
self.app = self.loadapp('keystone')
self.load_backends()
self.load_fixtures(default_fixtures)
self.server = self.serveapp('keystone')
def _set_config(self):
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_ldap.conf')
])
