def test_new_project_existing_user(self): """ Create a project for a user that already exists. """ user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") setup_identity_cache(users=[user]) task = Task.objects.create(keystone_user={}) data = { "domain_id": "default", "parent_id": None, "email": "*****@*****.**", "project_name": "test_project", } action = NewProjectWithUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache["new_projects"][0] self.assertEqual(new_project.name, "test_project") self.assertEqual(len(fake_clients.identity_cache["new_users"]), 0) self.assertEqual( task.cache, { "project_id": new_project.id, "user_id": user.id, "user_state": "existing", }, ) # submit does nothing for existing action.submit({}) self.assertEqual(action.valid, True) self.assertEqual(user.password, "123") fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted( ["member", "project_admin", "project_mod", "heat_stack_owner"]), )
def test_new_project_signup(self): """ Base case, no project, no user. Organisation, and primary is billing. Project and user created at post_approve step, user password at submit step. """ setup_identity_cache() task = Task.objects.create(ip_address="0.0.0.0", keystone_user={}) task.cache = { 'project_name': 'test_project', 'partner_id': 1, 'primary_id': 2, 'billing_id': 2, } data = { 'domain_id': 'default', 'parent_id': None, 'email': '*****@*****.**', 'signup_type': 'organisation', } action = NewProjectSignUpAction(data, task=task, order=1) action.pre_approve() self.assertEquals(action.valid, True) action.post_approve() self.assertEquals(len(odoo_cache['projects']), 1) self.assertEquals(len(odoo_cache['project_rels']), 3) self.assertEquals(action.valid, True) self.assertEquals(fake_clients.identity_cache['new_projects'][0].name, 'test_project') token_data = {'password': '******'} action.submit(token_data) self.assertEquals(action.valid, True) new_project = fake_clients.identity_cache['new_projects'][0] new_user = fake_clients.identity_cache['new_users'][0] self.assertEquals(new_user.email, '*****@*****.**') fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(new_user, new_project) self.assertEquals( sorted(roles), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ]))
def test_new_user_disabled(self): """ Disabled user, valid existing tenant, no role. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**", enabled=False, ) setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "email": "*****@*****.**", "project_id": project.id, "roles": ["member"], "inherited_roles": [], "domain_id": "default", } action = NewUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache["users"]), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="*****@*****.**", domain="default") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(user.password, "123456") self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["member"])
def test_new_project_email_not_username(self): """ Base case, no project, no user. Project and user created at post_approve step, user password at submit step. """ setup_identity_cache() task = Task.objects.create(ip_address="0.0.0.0", keystone_user={}) data = { 'domain_id': 'default', 'parent_id': None, 'email': '*****@*****.**', 'username': '******', 'project_name': 'test_project', } action = NewProjectWithUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache['new_projects'][0] self.assertEqual(new_project.name, 'test_project') new_user = fake_clients.identity_cache['new_users'][0] self.assertEqual(new_user.name, 'test_user') self.assertEqual(new_user.email, '*****@*****.**') self.assertEqual( task.cache, { 'project_id': new_project.id, 'user_id': new_user.id, 'user_state': 'default' }) token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(new_user.password, '123456') fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(new_user, new_project) self.assertEqual( sorted(roles), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ]))
def test_edit_user_roles_can_manage_all(self): """ Confirm that you cannot edit a user unless all their roles can be managed by you. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") assignments = [ fake_clients.FakeRoleAssignment( scope={'project': { 'id': project.id }}, role_name="_member_", user={'id': user.id}), fake_clients.FakeRoleAssignment( scope={'project': { 'id': project.id }}, role_name="project_admin", user={'id': user.id}), ] setup_identity_cache(projects=[project], users=[user], role_assignments=assignments) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'domain_id': 'default', 'user_id': user.id, 'project_id': project.id, 'roles': ['project_mod'], 'inherited_roles': [], 'remove': False } action = EditUserRolesAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, False) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['_member_', 'project_admin'])
def test_edit_user_roles_remove_complete(self): """ Remove roles from user that does not have them. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") assignment = fake_clients.FakeRoleAssignment( scope={'project': { 'id': project.id }}, role_name="_member_", user={'id': user.id}) setup_identity_cache(projects=[project], users=[user], role_assignments=[assignment]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'domain_id': 'default', 'user_id': user.id, 'project_id': project.id, 'roles': ['project_mod'], 'inherited_roles': [], 'remove': True } action = EditUserRolesAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) self.assertEqual(action.action.state, "complete") action.post_approve() self.assertEqual(action.valid, True) token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['_member_'])
def test_edit_user_roles_remove_complete(self): """ Remove roles from user that does not have them. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**" ) assignment = fake_clients.FakeRoleAssignment( scope={"project": {"id": project.id}}, role_name="member", user={"id": user.id}, ) setup_identity_cache( projects=[project], users=[user], role_assignments=[assignment] ) task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "domain_id": "default", "user_id": user.id, "project_id": project.id, "roles": ["project_mod"], "inherited_roles": [], "remove": True, } action = EditUserRolesAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) self.assertEqual(action.action.state, "complete") action.approve() self.assertEqual(action.valid, True) token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["member"])
def test_edit_user_roles_can_manage_all(self): """ Confirm that you cannot edit a user unless all their roles can be managed by you. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**" ) assignments = [ fake_clients.FakeRoleAssignment( scope={"project": {"id": project.id}}, role_name="member", user={"id": user.id}, ), fake_clients.FakeRoleAssignment( scope={"project": {"id": project.id}}, role_name="project_admin", user={"id": user.id}, ), ] setup_identity_cache( projects=[project], users=[user], role_assignments=assignments ) task = Task.objects.create( keystone_user={ "roles": ["project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "domain_id": "default", "user_id": user.id, "project_id": project.id, "roles": ["project_mod"], "inherited_roles": [], "remove": False, } action = EditUserRolesAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, False) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["member", "project_admin"])
def test_new_project_existing_user(self): """ Create a project for a user that already exists. """ user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") setup_identity_cache(users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={}) data = { 'domain_id': 'default', 'parent_id': None, 'email': '*****@*****.**', 'project_name': 'test_project', } action = NewProjectWithUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache['new_projects'][0] self.assertEqual(new_project.name, 'test_project') self.assertEqual(len(fake_clients.identity_cache['new_users']), 0) self.assertEqual( task.cache, { 'project_id': new_project.id, 'user_id': user.id, 'user_state': 'existing' }) # submit does nothing for existing action.submit({}) self.assertEqual(action.valid, True) self.assertEqual(user.password, '123') fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ]))
def test_new_user_disabled(self): """ Disabled user, valid existing tenant, no role. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**", enabled=False) setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'email': '*****@*****.**', 'project_id': project.id, 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache['users']), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="*****@*****.**", domain="default") self.assertEqual(user.email, '*****@*****.**') self.assertEqual(user.password, '123456') self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['_member_'])
def test_create_user_email_not_username(self): """ Test the default case, all valid. No existing user, valid tenant. Different username from email address """ project = fake_clients.FakeProject(name="test_project") setup_identity_cache(projects=[project]) task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "username": "******", "email": "*****@*****.**", "project_id": project.id, "roles": ["member"], "inherited_roles": [], "domain_id": "default", } action = NewUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache["users"]), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="test_user", domain="default") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(user.password, "123456") self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["member"])
def test_new_project_action(self): """ Tests the new project action for an existing user. """ project = fake_clients.FakeProject(name="parent_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create( keystone_user={ "user_id": user.id, "project_id": project.id, "project_domain_id": "default", }) data = { "domain_id": "default", "parent_id": project.id, "project_name": "test_project", "description": "", } action = NewProjectAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache["new_projects"][0] self.assertEqual(new_project.name, "test_project") self.assertEqual(new_project.parent_id, project.id) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted( ["member", "project_admin", "project_mod", "heat_stack_owner"]), ) action.submit({}) self.assertEqual(action.valid, True)
def test_create_user_email_not_username(self): """ Test the default case, all valid. No existing user, valid tenant. Different username from email address """ project = fake_clients.FakeProject(name="test_project") setup_identity_cache(projects=[project]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'username': '******', 'email': '*****@*****.**', 'project_id': project.id, 'roles': ['_member_'], 'inherited_roles': [], 'domain_id': 'default', } action = NewUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache['users']), 2) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="test_user", domain="default") self.assertEqual(user.email, '*****@*****.**') self.assertEqual(user.password, '123456') self.assertTrue(user.enabled) roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['_member_'])
def test_new_project_action(self): """ Tests the new project action for an existing user. """ project = fake_clients.FakeProject(name="parent_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ "user_id": user.id, "project_id": project.id, "project_domain_id": 'default' }) data = { 'domain_id': 'default', 'parent_id': project.id, 'project_name': 'test_project', 'description': '', } action = NewProjectAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache['new_projects'][0] self.assertEqual(new_project.name, 'test_project') self.assertEqual(new_project.parent_id, project.id) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ])) action.submit({}) self.assertEqual(action.valid, True)
def test_edit_user_roles_add(self): """ Add roles to existing user. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**" ) setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create( keystone_user={ "roles": ["admin", "project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "domain_id": "default", "user_id": user.id, "project_id": project.id, "roles": ["member", "project_mod"], "inherited_roles": [], "remove": False, } action = EditUserRolesAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(sorted(roles), sorted(["member", "project_mod"]))
def test_edit_user_roles_add(self): """ Add roles to existing user. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") setup_identity_cache(projects=[project], users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['admin', 'project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'domain_id': 'default', 'user_id': user.id, 'project_id': project.id, 'roles': ['_member_', 'project_mod'], 'inherited_roles': [], 'remove': False } action = EditUserRolesAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(sorted(roles), sorted(['_member_', 'project_mod']))
def test_reset_user_email_not_username(self): """ Base case, existing user. Username not email address """ user = fake_clients.FakeUser( name="test_user", password="******", email="*****@*****.**" ) setup_identity_cache(users=[user]) task = Task.objects.create( keystone_user={ "roles": ["project_mod"], "project_id": "test_project_id", "project_domain_id": "default", } ) data = { "username": "******", "domain_name": "Default", "email": "*****@*****.**", } action = ResetUserPasswordAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="test_user", domain="default") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(user.password, "123456")
def test_reset_user_email_not_username(self): """ Base case, existing user. Username not email address """ user = fake_clients.FakeUser(name="test_user", password="******", email="*****@*****.**") setup_identity_cache(users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['project_mod'], 'project_id': 'test_project_id', 'project_domain_id': 'default', }) data = { 'username': "******", 'domain_name': 'Default', 'email': '*****@*****.**', } action = ResetUserPasswordAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() user = fake_client.find_user(name="test_user", domain="default") self.assertEqual(user.email, '*****@*****.**') self.assertEqual(user.password, '123456')
def test_new_project_disabled_user(self): """ Create a project for a user that is disabled. """ user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**", enabled=False, ) setup_identity_cache(users=[user]) task = Task.objects.create(keystone_user={}) data = { "domain_id": "default", "parent_id": None, "email": "*****@*****.**", "project_name": "test_project", } # Sign up, approve action = NewProjectWithUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache["new_projects"][0] self.assertEqual(new_project.name, "test_project") self.assertEqual(len(fake_clients.identity_cache["new_users"]), 0) self.assertEqual( task.cache, { "user_id": user.id, "project_id": new_project.id, "user_state": "disabled", }, ) self.assertEqual(action.action.cache["token_fields"], ["password"]) # submit password reset token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(user.password, "123456") # check that user has been enabled correctly self.assertEqual(user.email, "*****@*****.**") self.assertEqual(user.enabled, True) # Check user has correct roles in new project fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted( ["member", "project_admin", "project_mod", "heat_stack_owner"]), )
def test_new_project_user_disabled_during_signup(self): """ Create a project for a user that is created and disabled during signup. This exercises the tasks ability to correctly act based on changed circumstances between two states. """ # Start with nothing created setup_identity_cache() # Sign up for the project+user, validate. task = Task.objects.create(keystone_user={}) data = { "domain_id": "default", "parent_id": None, "email": "*****@*****.**", "project_name": "test_project", } # Sign up action = NewProjectWithUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) # Create the disabled user directly with the Identity Manager. fake_client = fake_clients.FakeManager() user = fake_client.create_user( name="*****@*****.**", password="******", email="*****@*****.**", created_on=None, domain="default", default_project=None, ) fake_client.disable_user(user.id) # approve previous signup action.approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache["new_projects"][0] self.assertEqual(new_project.name, "test_project") self.assertEqual(len(fake_clients.identity_cache["new_users"]), 1) self.assertEqual( task.cache, { "user_id": user.id, "project_id": new_project.id, "user_state": "disabled", }, ) # check that user has been re-enabled with a generated password. self.assertEqual(user.enabled, True) self.assertNotEqual(user.password, "origpass") # submit password reset token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) # Ensure user has new password: self.assertEqual(user.password, "123456") fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted( ["member", "project_admin", "project_mod", "heat_stack_owner"]), )
def test_new_project_reapprove(self): """ Project created at approve step, ensure reapprove does nothing. """ setup_identity_cache() task = Task.objects.create(keystone_user={}) data = { "domain_id": "default", "parent_id": None, "email": "*****@*****.**", "project_name": "test_project", } action = NewProjectWithUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) action.approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache["new_projects"][0] self.assertEqual(new_project.name, "test_project") new_user = fake_clients.identity_cache["new_users"][0] self.assertEqual(new_user.name, "*****@*****.**") self.assertEqual(new_user.email, "*****@*****.**") self.assertEqual( task.cache, { "project_id": new_project.id, "user_id": new_user.id, "user_state": "default", }, ) action.approve() self.assertEqual(action.valid, True) self.assertEqual(len(fake_clients.identity_cache["new_projects"]), 1) self.assertEqual(len(fake_clients.identity_cache["new_users"]), 1) self.assertEqual( task.cache, { "project_id": new_project.id, "user_id": new_user.id, "user_state": "default", }, ) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(new_user.password, "123456") fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(new_user, new_project) self.assertEqual( sorted(roles), sorted( ["member", "project_admin", "project_mod", "heat_stack_owner"]), )
def test_new_project_reapprove_failure(self): """ Project created at approve step, failure at role grant. Ensure reapprove correctly finishes. """ setup_identity_cache() task = Task.objects.create(keystone_user={}) data = { "domain_id": "default", "parent_id": None, "email": "*****@*****.**", "project_name": "test_project", } action = NewProjectWithUserAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) # NOTE(adrian): We need the code to fail at the # grant roles step so we can attempt reapproving it class FakeException(Exception): pass def fail_grant(user, default_roles, project_id): raise FakeException # We swap out the old grant function and keep # it for later. old_grant_function = action.grant_roles action.grant_roles = fail_grant # Now we expect the failure self.assertRaises(FakeException, action.approve) # No roles_granted yet, but user created self.assertTrue("user_id" in action.action.cache) self.assertFalse("roles_granted" in action.action.cache) new_project = fake_clients.identity_cache["new_projects"][0] self.assertEqual(new_project.name, "test_project") new_user = fake_clients.identity_cache["new_users"][0] self.assertEqual(new_user.name, "*****@*****.**") self.assertEqual(new_user.email, "*****@*****.**") self.assertEqual(len(fake_clients.identity_cache["role_assignments"]), 0) # And then swap back the correct function action.grant_roles = old_grant_function # and try again, it should work this time action.approve() self.assertEqual(action.valid, True) # roles_granted in cache self.assertTrue("roles_granted" in action.action.cache) token_data = {"password": "******"} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(new_user.password, "123456") fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(new_user, new_project) self.assertEqual( sorted(roles), sorted( ["member", "project_admin", "project_mod", "heat_stack_owner"]), )
def test_edit_user_roles_modified_config(self): """ Tests that the role mappings do come from config and that they are enforced. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser( name="*****@*****.**", password="******", email="*****@*****.**" ) assignment = fake_clients.FakeRoleAssignment( scope={"project": {"id": project.id}}, role_name="project_mod", user={"id": user.id}, ) setup_identity_cache( projects=[project], users=[user], role_assignments=[assignment] ) task = Task.objects.create( keystone_user={ "roles": ["project_mod"], "project_id": project.id, "project_domain_id": "default", } ) data = { "domain_id": "default", "user_id": user.id, "project_id": project.id, "roles": ["heat_stack_owner"], "inherited_roles": [], "remove": False, } action = EditUserRolesAction(data, task=task, order=1) action.prepare() self.assertEqual(action.valid, True) # Change config with conf_utils.modify_conf( CONF, operations={ "adjutant.identity.role_mapping": [ { "operation": "update", "value": { "project_mod": [ "member", "project_mod", ], }, }, ], }, ): action.approve() self.assertEqual(action.valid, False) token_data = {} action.submit(token_data) self.assertEqual(action.valid, False) # After Settings Reset action.approve() self.assertEqual(action.valid, True) token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ["project_mod", "heat_stack_owner"])
def test_edit_user_roles_modified_settings(self): """ Tests that the role mappings do come from settings and that they are enforced. """ project = fake_clients.FakeProject(name="test_project") user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**") assignment = fake_clients.FakeRoleAssignment( scope={'project': { 'id': project.id }}, role_name="project_mod", user={'id': user.id}) setup_identity_cache(projects=[project], users=[user], role_assignments=[assignment]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={ 'roles': ['project_mod'], 'project_id': project.id, 'project_domain_id': 'default', }) data = { 'domain_id': 'default', 'user_id': user.id, 'project_id': project.id, 'roles': ['heat_stack_owner'], 'inherited_roles': [], 'remove': False } action = EditUserRolesAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) # Change settings with self.modify_dict_settings( ROLES_MAPPING={ 'key_list': ['project_mod'], 'operation': "remove", 'value': 'heat_stack_owner' }): action.post_approve() self.assertEqual(action.valid, False) token_data = {} action.submit(token_data) self.assertEqual(action.valid, False) # After Settings Reset action.post_approve() self.assertEqual(action.valid, True) token_data = {} action.submit(token_data) self.assertEqual(action.valid, True) fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, project) self.assertEqual(roles, ['project_mod', 'heat_stack_owner'])
def test_new_project_user_disabled_during_signup(self): """ Create a project for a user that is created and disabled during signup. This exercises the tasks ability to correctly act based on changed circumstances between two states. """ # Start with nothing created setup_identity_cache() # Sign up for the project+user, validate. task = Task.objects.create(ip_address="0.0.0.0", keystone_user={}) data = { 'domain_id': 'default', 'parent_id': None, 'email': '*****@*****.**', 'project_name': 'test_project', } # Sign up action = NewProjectWithUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) # Create the disabled user directly with the Identity Manager. fake_client = fake_clients.FakeManager() user = fake_client.create_user(name="*****@*****.**", password='******', email="*****@*****.**", created_on=None, domain='default', default_project=None) fake_client.disable_user(user.id) # approve previous signup action.post_approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache['new_projects'][0] self.assertEqual(new_project.name, 'test_project') self.assertEqual(len(fake_clients.identity_cache['new_users']), 1) self.assertEqual( task.cache, { 'user_id': user.id, 'project_id': new_project.id, 'user_state': 'disabled' }) # check that user has been re-enabled with a generated password. self.assertEqual(user.enabled, True) self.assertNotEqual(user.password, 'origpass') # submit password reset token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) # Ensure user has new password: self.assertEqual(user.password, '123456') fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ]))
def test_new_project_disabled_user(self): """ Create a project for a user that is disabled. """ user = fake_clients.FakeUser(name="*****@*****.**", password="******", email="*****@*****.**", enabled=False) setup_identity_cache(users=[user]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={}) data = { 'domain_id': 'default', 'parent_id': None, 'email': '*****@*****.**', 'project_name': 'test_project', } # Sign up, approve action = NewProjectWithUserAction(data, task=task, order=1) action.pre_approve() self.assertEqual(action.valid, True) action.post_approve() self.assertEqual(action.valid, True) new_project = fake_clients.identity_cache['new_projects'][0] self.assertEqual(new_project.name, 'test_project') self.assertEqual(len(fake_clients.identity_cache['new_users']), 0) self.assertEqual( task.cache, { 'user_id': user.id, 'project_id': new_project.id, 'user_state': 'disabled' }) self.assertEqual(action.action.cache["token_fields"], ['password']) # submit password reset token_data = {'password': '******'} action.submit(token_data) self.assertEqual(action.valid, True) self.assertEqual(user.password, '123456') # check that user has been enabled correctly self.assertEqual(user.email, '*****@*****.**') self.assertEqual(user.enabled, True) # Check user has correct roles in new project fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(user, new_project) self.assertEqual( sorted(roles), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ]))
def test_new_project_signup_existing(self): """ Existing project case, existing project, no user. Organisation, and primary is billing. Project and user created at post_approve step, user password at submit step. The only difference here to the default case is that we find/create a new unique project name and thus avoid the conflict entirely. """ project = fake_clients.FakeProject(name="test_project") setup_identity_cache(projects=[project]) task = Task.objects.create(ip_address="0.0.0.0", keystone_user={}) task.cache = { 'project_name': 'test_project', 'partner_id': 1, 'primary_id': 2, 'billing_id': 2, } data = { 'domain_id': 'default', 'parent_id': None, 'email': '*****@*****.**', 'signup_type': 'organisation', } action = NewProjectSignUpAction(data, task=task, order=1) action.pre_approve() self.assertEquals(action.valid, True) action.post_approve() self.assertEquals(len(odoo_cache['projects']), 1) self.assertEquals(len(odoo_cache['project_rels']), 3) self.assertEquals(action.valid, True) self.assertEquals(len(fake_clients.identity_cache['new_projects']), 1) self.assertNotEquals(action.project_name, 'test_project') token_data = {'password': '******'} action.submit(token_data) self.assertEquals(action.valid, True) new_project = fake_clients.identity_cache['new_projects'][0] new_user = fake_clients.identity_cache['new_users'][0] self.assertEquals(new_user.email, '*****@*****.**') fake_client = fake_clients.FakeManager() roles = fake_client._get_roles_as_names(new_user, new_project) self.assertEquals( sorted(roles), sorted([ '_member_', 'project_admin', 'project_mod', 'heat_stack_owner' ]))