def setUp(self):
super(UserFederatedAttributesTests, self).setUp()
self.useFixture(database.Database())
self.load_backends()
# Create the federated object
idp, protocol = self._create_federated_attributes()
self.fed_dict = unit.new_federated_user_ref()
self.fed_dict['idp_id'] = idp['id']
self.fed_dict['protocol_id'] = protocol['id']
self.fed_dict['unique_id'] = "jdoe"
# Create the domain_id, user, and federated_user relationship
self.domain = unit.new_domain_ref()
self.resource_api.create_domain(self.domain['id'], self.domain)
self.fed_user = unit.new_user_ref(domain_id=self.domain['id'])
self.fed_user = self._create_user_with_federated_user(
self.fed_user, self.fed_dict)
# Create two new fed_users which will have the same idp and protocol
# but be completely different from the first fed_user
# Create a new idp and protocol for fed_user2 and 3
idp, protocol = self._create_federated_attributes()
self.fed_dict2 = unit.new_federated_user_ref()
self.fed_dict2['idp_id'] = idp['id']
self.fed_dict2['protocol_id'] = protocol['id']
self.fed_dict2['unique_id'] = "ravelar"
self.fed_user2 = unit.new_user_ref(domain_id=self.domain['id'])
self.fed_user2 = self._create_user_with_federated_user(
self.fed_user2, self.fed_dict2)
self.fed_dict3 = unit.new_federated_user_ref()
self.fed_dict3['idp_id'] = idp['id']
self.fed_dict3['protocol_id'] = protocol['id']
self.fed_dict3['unique_id'] = "jsmith"
self.fed_user3 = unit.new_user_ref(domain_id=self.domain['id'])
self.fed_user3 = self._create_user_with_federated_user(
self.fed_user3, self.fed_dict3)
def test_shadow_existing_federated_user(self):
fed_user = unit.new_federated_user_ref()
# introduce the user to keystone for the first time
shadow_user1 = self.identity_api.shadow_federated_user(
fed_user['idp_id'],
fed_user['protocol_id'],
fed_user['unique_id'],
fed_user['display_name'])
self.assertEqual(fed_user['display_name'], shadow_user1['name'])
# shadow the user again, with another name to invalidate the cache
# internally, this operation causes request to the driver. It should
# not fail.
fed_user['display_name'] = uuid.uuid4().hex
shadow_user2 = self.identity_api.shadow_federated_user(
fed_user['idp_id'],
fed_user['protocol_id'],
fed_user['unique_id'],
fed_user['display_name'])
self.assertEqual(fed_user['display_name'], shadow_user2['name'])
self.assertNotEqual(shadow_user1['name'], shadow_user2['name'])
# The shadowed users still share the same unique ID.
self.assertEqual(shadow_user1['id'], shadow_user2['id'])
def test_shadow_existing_federated_user(self):
fed_user = unit.new_federated_user_ref()
# introduce the user to keystone for the first time
shadow_user1 = self.identity_api.shadow_federated_user(
fed_user["idp_id"],
fed_user["protocol_id"],
fed_user["unique_id"],
fed_user["display_name"])
self.assertEqual(fed_user['display_name'], shadow_user1['name'])
# shadow the user again, with another name to invalidate the cache
# internally, this operation causes request to the driver. It should
# not fail.
fed_user['display_name'] = uuid.uuid4().hex
shadow_user2 = self.identity_api.shadow_federated_user(
fed_user["idp_id"],
fed_user["protocol_id"],
fed_user["unique_id"],
fed_user["display_name"])
# FIXME(dolph): These assertEqual / assertNotEqual should be reversed,
# to illustrate that the display name has been updated as expected.
self.assertNotEqual(fed_user['display_name'], shadow_user2['name'])
self.assertEqual(shadow_user1['name'], shadow_user2['name'])
# The shadowed users still share the same unique ID.
self.assertEqual(shadow_user1['id'], shadow_user2['id'])
def test_create_federated_user_unique_constraint(self):
federated_dict = unit.new_federated_user_ref()
user_dict = self.shadow_users_api.create_federated_user(federated_dict)
user_dict = self.identity_api.get_user(user_dict["id"])
self.assertIsNotNone(user_dict["id"])
self.assertRaises(exception.Conflict,
self.shadow_users_api.create_federated_user,
federated_dict)
def test_get_federated_user(self):
federated_dict = unit.new_federated_user_ref()
user_dict_create = self.shadow_users_api.create_federated_user(
federated_dict)
user_dict_get = self.shadow_users_api.get_federated_user(
federated_dict["idp_id"], federated_dict["protocol_id"],
federated_dict["unique_id"])
self.assertItemsEqual(user_dict_create, user_dict_get)
self.assertEqual(user_dict_create["id"], user_dict_get["id"])
def test_get_federated_user(self):
federated_dict = unit.new_federated_user_ref()
user_dict_create = self.shadow_users_api.create_federated_user(
federated_dict)
user_dict_get = self.shadow_users_api.get_federated_user(
federated_dict["idp_id"],
federated_dict["protocol_id"],
federated_dict["unique_id"])
self.assertItemsEqual(user_dict_create, user_dict_get)
self.assertEqual(user_dict_create["id"], user_dict_get["id"])
def test_shadow_federated_user(self):
fed_user = unit.new_federated_user_ref()
user = (self.identity_api.shadow_federated_user(
fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'],
fed_user['display_name']))
self.assertIsNotNone(user['id'])
self.assertEqual(len(user.keys()), 4)
self.assertIsNotNone(user['name'])
self.assertIsNone(user['domain_id'])
self.assertEqual(user['enabled'], True)
def test_shadow_federated_user(self):
fed_user = unit.new_federated_user_ref()
user = (
self.identity_api.shadow_federated_user(fed_user['idp_id'],
fed_user['protocol_id'],
fed_user['unique_id'],
fed_user['display_name'])
)
self.assertIsNotNone(user['id'])
self.assertEqual(len(user.keys()), 4)
self.assertIsNotNone(user['name'])
self.assertIsNone(user['domain_id'])
self.assertEqual(user['enabled'], True)
def test_get_user_when_user_has_federated_object(self):
fed_dict = unit.new_federated_user_ref(idp_id=self.idp['id'],
protocol_id=self.protocol['id'])
user = self.shadow_users_api.create_federated_user(
self.domain_id, fed_dict)
# test that the user returns a federated object and that there is only
# one returned
user_ref = self.identity_api.get_user(user['id'])
self.assertIn('federated', user_ref)
self.assertEqual(1, len(user_ref['federated']))
self.assertFederatedDictsEqual(fed_dict, user_ref['federated'][0])
def test_update_federated_user_display_name(self):
federated_dict = unit.new_federated_user_ref()
user_dict_create = self.shadow_users_api.create_federated_user(
federated_dict)
new_display_name = uuid.uuid4().hex
self.shadow_users_api.update_federated_user_display_name(
federated_dict["idp_id"], federated_dict["protocol_id"],
federated_dict["unique_id"], new_display_name)
user_ref = self.shadow_users_api._get_federated_user(
federated_dict["idp_id"], federated_dict["protocol_id"],
federated_dict["unique_id"])
self.assertEqual(user_ref.federated_users[0].display_name,
new_display_name)
self.assertEqual(user_dict_create["id"], user_ref.id)
def test_shadow_federated_user(self):
fed_user = unit.new_federated_user_ref()
user = (self.identity_api.shadow_federated_user(
fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'],
fed_user['display_name']))
self.assertIsNotNone(user['id'])
self.assertEqual(5, len(user.keys()))
self.assertIsNotNone(user['name'])
self.assertIsNone(user['password_expires_at'])
self.assertIsNone(user['domain_id'])
# NOTE(breton): below, attribute `enabled` is explicitly tested to be
# equal True. assertTrue should not be used, because it converts
# the passed value to bool().
self.assertEqual(True, user['enabled'])
def test_update_federated_user_display_name(self):
federated_dict = unit.new_federated_user_ref()
user_dict_create = self.shadow_users_api.create_federated_user(
federated_dict)
new_display_name = uuid.uuid4().hex
self.shadow_users_api.update_federated_user_display_name(
federated_dict["idp_id"],
federated_dict["protocol_id"],
federated_dict["unique_id"],
new_display_name)
user_ref = self.shadow_users_api._get_federated_user(
federated_dict["idp_id"],
federated_dict["protocol_id"],
federated_dict["unique_id"])
self.assertEqual(user_ref.federated_users[0].display_name,
new_display_name)
self.assertEqual(user_dict_create["id"], user_ref.id)
def test_shadow_federated_user(self):
fed_user = unit.new_federated_user_ref()
user = (
self.identity_api.shadow_federated_user(fed_user['idp_id'],
fed_user['protocol_id'],
fed_user['unique_id'],
fed_user['display_name'])
)
self.assertIsNotNone(user['id'])
self.assertEqual(5, len(user.keys()))
self.assertIsNotNone(user['name'])
self.assertIsNone(user['password_expires_at'])
self.assertIsNone(user['domain_id'])
# NOTE(breton): below, attribute `enabled` is explicitly tested to be
# equal True. assertTrue should not be used, because it converts
# the passed value to bool().
self.assertEqual(True, user['enabled'])
def test_shadow_existing_federated_user(self):
fed_user = unit.new_federated_user_ref()
# introduce the user to keystone for the first time
shadow_user1 = self.identity_api.shadow_federated_user(
fed_user["idp_id"], fed_user["protocol_id"], fed_user["unique_id"],
fed_user["display_name"])
self.assertEqual(fed_user['display_name'], shadow_user1['name'])
# shadow the user again, with another name to invalidate the cache
# internally, this operation causes request to the driver. It should
# not fail.
fed_user['display_name'] = uuid.uuid4().hex
shadow_user2 = self.identity_api.shadow_federated_user(
fed_user["idp_id"], fed_user["protocol_id"], fed_user["unique_id"],
fed_user["display_name"])
# FIXME(dolph): These assertEqual / assertNotEqual should be reversed,
# to illustrate that the display name has been updated as expected.
self.assertNotEqual(fed_user['display_name'], shadow_user2['name'])
self.assertEqual(shadow_user1['name'], shadow_user2['name'])
# The shadowed users still share the same unique ID.
self.assertEqual(shadow_user1['id'], shadow_user2['id'])