def test_service_provider_create_with_relay_state_prefix(self):
sp_id = data_utils.rand_uuid_hex()
sp_ref = fixtures.sp_ref(
enabled=True, relay_state_prefix=data_utils.rand_uuid_hex())
sp = self._create_sp(sp_id, sp_ref)
self._assert_service_provider_attributes(sp, sp_id, sp_ref)
def test_rand_uuid_hex(self):
actual = data_utils.rand_uuid_hex()
self.assertIsInstance(actual, str)
self.assertRegex(actual, "^[0-9a-f]{32}$")
actual2 = data_utils.rand_uuid_hex()
self.assertNotEqual(actual, actual2)
def test_identity_provider_create_with_remote_ids(self):
idp_id = data_utils.rand_uuid_hex()
remote_ids = [data_utils.rand_uuid_hex(), data_utils.rand_uuid_hex()]
idp_ref = fixtures.idp_ref(remote_ids=remote_ids)
idp = self._create_idp(idp_id, idp_ref)
self._assert_identity_provider_attributes(idp, idp_id, idp_ref)
def test_add_protocol_to_identity_provider_unknown_mapping(self):
# Create an identity provider
idp_id = data_utils.rand_uuid_hex()
self._create_idp(idp_id, fixtures.idp_ref(enabled=True))
# Now we try to add a protocol to the identity provider using
# a non existent mapping ID
mapping_id = data_utils.rand_uuid_hex()
protocol_id = data_utils.rand_uuid_hex()
protocol = self._create_protocol(idp_id, protocol_id, mapping_id)
self._assert_protocol_attributes(protocol, protocol_id, mapping_id)
def _create_identity_provider_and_mapping(self):
# Create an identity provider
idp_id = data_utils.rand_uuid_hex()
self._create_idp(idp_id, fixtures.idp_ref(enabled=True))
# Create a mapping rule
mapping_id = data_utils.rand_uuid_hex()
self.mappings_client.create_mapping_rule(
mapping_id, fixtures.mapping_ref())
self.addCleanup(self.mappings_client.delete_mapping_rule, mapping_id)
return idp_id, mapping_id
def test_update_protocol_from_identity_provider_unknown_mapping(self):
idp_id, mapping_id = self._create_identity_provider_and_mapping()
# Add a protocol to the identity provider
protocol_id = data_utils.rand_uuid_hex()
self._create_protocol(idp_id, protocol_id, mapping_id)
# Update the identity provider protocol using a non existent
# mapping_id
new_mapping_id = data_utils.rand_uuid_hex()
protocol = self.idps_client.update_protocol_mapping(
idp_id, protocol_id, new_mapping_id)['protocol']
self._assert_protocol_attributes(protocol, protocol_id, new_mapping_id)
def test_update_image_owner_param(self):
random_id_1 = data_utils.rand_uuid_hex()
image = self.admin_client.create_image(
container_format='bare', disk_format='raw', owner=random_id_1)
self.addCleanup(self.admin_client.delete_image, image['id'])
created_image_info = self.admin_client.show_image(image['id'])
random_id_2 = data_utils.rand_uuid_hex()
self.admin_client.update_image(
image['id'], [dict(replace="/owner", value=random_id_2)])
updated_image_info = self.admin_client.show_image(image['id'])
self.assertEqual(random_id_2, updated_image_info['owner'])
self.assertNotEqual(created_image_info['owner'],
updated_image_info['owner'])
def test_identity_provider_get(self):
idp_id = data_utils.rand_uuid_hex()
idp_create = self._create_idp(idp_id, fixtures.idp_ref())
idp_get = self.idps_client.show_identity_provider(
idp_id)['identity_provider']
self._assert_identity_provider_attributes(idp_get, idp_id, idp_create)
def test_update_protocol_from_identity_provider_unknown_mapping(self):
idp_id, mapping_id = self._create_identity_provider_and_mapping()
# Add a protocol to the identity provider
protocol_id = data_utils.rand_uuid_hex()
self._create_protocol(idp_id, protocol_id, mapping_id)
# Update the identity provider protocol using a non existent
# mapping_id
new_mapping_id = data_utils.rand_uuid_hex()
self.assertRaises(
lib_exc.BadRequest,
self.idps_client.update_protocol_mapping,
idp_id,
protocol_id,
new_mapping_id)
def _setup_mapping(self):
self.mapping_id = data_utils.rand_uuid_hex()
mapping_remote_type = CONF.fed_scenario.mapping_remote_type
mapping_user_name = CONF.fed_scenario.mapping_user_name
mapping_group_name = CONF.fed_scenario.mapping_group_name
mapping_group_domain_name = CONF.fed_scenario.mapping_group_domain_name
rules = [{
'local': [
{
'user': {'name': mapping_user_name}
},
{
'group': {
'domain': {'name': mapping_group_domain_name},
'name': mapping_group_name
}
}
],
'remote': [
{
'type': mapping_remote_type
}
]
}]
mapping_ref = {'rules': rules}
self.mappings_client.create_mapping_rule(self.mapping_id, mapping_ref)
self.addCleanup(
self.mappings_client.delete_mapping_rule, self.mapping_id)
def test_delete_member_with_non_existing_tenant(self):
# Delete member with non existing tenant.
image_id = self._create_image()
non_exist_tenant = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound,
self.image_member_client.delete_image_member,
image_id, non_exist_tenant)
def test_mapping_rules_create_without_mandatory_attributes_fails(self):
mapping_id = data_utils.rand_uuid_hex()
self.assertRaises(
lib_exc.BadRequest,
self.mappings_client.create_mapping_rule,
mapping_id,
{})
def test_assign_user_role_for_non_existent_tenant(self):
# Attempt to assign a role on a non existent tenant should fail
(user, _, role) = self._get_role_params()
non_existent_tenant = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound,
self.roles_client.create_user_role_on_project,
non_existent_tenant, user['id'], role['id'])
def test_identity_get_project_tag(self):
# user can get tag for project in own domain
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.own_project_id, tag=tag)
self.do_request('check_project_tag_existence',
expected_status=204,
project_id=self.own_project_id,
tag=tag)
# user cannot get tag for project in other domain
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.other_project_id, tag=tag)
self.do_request('check_project_tag_existence',
expected_status=exceptions.Forbidden,
project_id=self.other_project_id,
tag=tag)
def test_add_protocol_to_identity_provider(self):
idp_id, mapping_id = self._create_identity_provider_and_mapping()
# Now we try to add a protocol to the identity provider
protocol_id = data_utils.rand_uuid_hex()
protocol = self._create_protocol(idp_id, protocol_id, mapping_id)
self._assert_protocol_attributes(protocol, protocol_id, mapping_id)
def test_update_mapping_from_identity_provider_protocol(self):
idp_id, mapping_id = self._create_identity_provider_and_mapping()
# Add a protocol to the identity provider
protocol_id = data_utils.rand_uuid_hex()
protocol = self._create_protocol(idp_id, protocol_id, mapping_id)
# Create another mapping
new_mapping_id = data_utils.rand_uuid_hex()
self.mappings_client.create_mapping_rule(
new_mapping_id, fixtures.mapping_ref())
# Update the identity provider protocol
protocol = self.idps_client.update_protocol_mapping(
idp_id, protocol_id, new_mapping_id)['protocol']
self._assert_protocol_attributes(protocol, protocol_id, new_mapping_id)
def test_identity_delete_policy(self):
policy_id = self.admin_policies_client.create_policy(
**self.policy())['policy']['id']
self.do_request('delete_policy', expected_status=204,
policy_id=policy_id)
# user gets a 404 for nonexistent policy
self.do_request('delete_policy', expected_status=exceptions.NotFound,
policy_id=data_utils.rand_uuid_hex())
def test_identity_delete_project_tag(self):
# user can delete tag for own project
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.own_project_id, tag=tag)
self.do_request('delete_project_tag',
expected_status=204,
project_id=self.own_project_id,
tag=tag)
# user cannot delete tag for arbitrary project
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.other_project_id, tag=tag)
self.do_request('delete_project_tag',
expected_status=exceptions.Forbidden,
project_id=self.other_project_id,
tag=tag)
def test_service_provider_get(self):
sp_id = data_utils.rand_uuid_hex()
sp_create = self._create_sp(sp_id, fixtures.sp_ref())
sp_get = self.sps_client.show_service_provider(
sp_id)['service_provider']
self._assert_service_provider_attributes(sp_get, sp_id, sp_create)
def test_update_mapping_from_identity_provider_protocol(self):
idp_id, mapping_id = self._create_identity_provider_and_mapping()
# Add a protocol to the identity provider
protocol_id = data_utils.rand_uuid_hex()
protocol = self._create_protocol(idp_id, protocol_id, mapping_id)
# Create another mapping
new_mapping_id = data_utils.rand_uuid_hex()
self.mappings_client.create_mapping_rule(new_mapping_id,
fixtures.mapping_ref())
# Update the identity provider protocol
protocol = self.idps_client.update_protocol_mapping(
idp_id, protocol_id, new_mapping_id)['protocol']
self._assert_protocol_attributes(protocol, protocol_id, new_mapping_id)
def test_add_protocol_to_identity_provider(self):
idp_id, mapping_id = self._create_identity_provider_and_mapping()
# Now we try to add a protocol to the identity provider
protocol_id = data_utils.rand_uuid_hex()
protocol = self._create_protocol(idp_id, protocol_id, mapping_id)
self._assert_protocol_attributes(protocol, protocol_id, mapping_id)
def test_service_provider_get(self):
sp_id = data_utils.rand_uuid_hex()
sp_create = self._create_sp(sp_id, fixtures.sp_ref())
sp_get = self.sps_client.show_service_provider(sp_id)[
'service_provider']
self._assert_service_provider_attributes(sp_get, sp_id, sp_create)
def test_service_provider_update_with_bad_attributes_fails(self):
sp_id = data_utils.rand_uuid_hex()
self._create_sp(sp_id, fixtures.sp_ref())
# The auth_url must follow a URL regex
self.assertRaises(
lib_exc.BadRequest,
self.sps_client.update_service_provider,
sp_id,
auth_url=data_utils.rand_uuid_hex())
# The sp_url must follow a URL regex
self.assertRaises(
lib_exc.BadRequest,
self.sps_client.update_service_provider,
sp_id,
auth_url=data_utils.rand_uuid_hex())
def test_update_image_owner_param(self):
"""Test updating image owner"""
random_id_1 = data_utils.rand_uuid_hex()
image = self.admin_client.create_image(container_format='bare',
disk_format='raw',
owner=random_id_1)
self.addCleanup(self.admin_client.delete_image, image['id'])
created_image_info = self.admin_client.show_image(image['id'])
random_id_2 = data_utils.rand_uuid_hex()
self.admin_client.update_image(
image['id'], [dict(replace="/owner", value=random_id_2)])
updated_image_info = self.admin_client.show_image(image['id'])
self.assertEqual(random_id_2, updated_image_info['owner'])
self.assertNotEqual(created_image_info['owner'],
updated_image_info['owner'])
def test_service_provider_create_with_bad_attributes(self):
sp_id = data_utils.rand_uuid_hex()
sp_ref = fixtures.sp_ref()
# The auth_url must follow a URL regex
sp_ref['auth_url'] = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.BadRequest,
self.sps_client.create_service_provider, sp_id,
**sp_ref)
sp_ref = fixtures.sp_ref()
# The sp_url must follow a URL regex
sp_ref['sp_url'] = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.BadRequest,
self.sps_client.create_service_provider, sp_id,
**sp_ref)
def test_identity_get_project_tag(self):
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.project_id, tag=tag)
self.do_request('check_project_tag_existence',
expected_status=204,
project_id=self.project_id,
tag=tag)
def test_identity_delete_project_tag(self):
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.project_id, tag=tag)
self.do_request('delete_project_tag',
expected_status=exceptions.Forbidden,
project_id=self.project_id,
tag=tag)
def test_mapping_rule_update(self):
mapping_id = data_utils.rand_uuid_hex()
mapping_ref = fixtures.mapping_ref()
mapping = self._create_mapping_rule(mapping_id, mapping_ref)
new_local = [{'group': {'id': data_utils.rand_uuid_hex()}}]
mapping_ref['rules'][0]['local'] = new_local
mapping = self.mappings_client.update_mapping_rule(
mapping_id, mapping_ref)['mapping']
self._assert_mapping_rules_attributes(
mapping, mapping_id, mapping_ref)
mapping_get = self.mappings_client.show_mapping_rule(mapping_id)[
'mapping']
self._assert_mapping_rules_attributes(
mapping_get, mapping_id, mapping)
def test_identity_get_project(self):
project_id = self.admin_projects_client.create_project(
name=data_utils.rand_name())['project']['id']
self.addCleanup(self.admin_projects_client.delete_project, project_id)
self.do_request('show_project', project_id=project_id)
# user gets a 404 for nonexistent project
self.do_request('show_project',
expected_status=exceptions.NotFound,
project_id=data_utils.rand_uuid_hex())
def test_identity_list_project_tags(self):
# user can list tags for own project
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.own_project_id, tag=tag)
self.addCleanup(self.admin_project_tags_client.delete_project_tag,
project_id=self.own_project_id,
tag=tag)
resp = self.do_request('list_project_tags',
project_id=self.own_project_id)
self.assertIn(tag, resp['tags'])
# user cannot list tags for arbitrary project
tag = data_utils.rand_uuid_hex()
self.admin_project_tags_client.update_project_tag(
project_id=self.other_project_id, tag=tag)
self.do_request('list_project_tags',
expected_status=exceptions.Forbidden,
project_id=self.other_project_id)
def test_create_image_owner_param(self):
# NOTE: Create image with owner different from tenant owner by
# using "owner" parameter requires an admin privileges.
random_id = data_utils.rand_uuid_hex()
image = self.admin_client.create_image(
container_format='bare', disk_format='raw', owner=random_id)
self.addCleanup(self.admin_client.delete_image, image['id'])
image_info = self.admin_client.show_image(image['id'])
self.assertEqual(random_id, image_info['owner'])
def test_mapping_rules_get(self):
mapping_id = data_utils.rand_uuid_hex()
mapping_create = self._create_mapping_rule(
mapping_id, self._MAPPING_REF)
mapping_get = self.mappings_client.show_mapping_rule(mapping_id)[
'mapping']
self._assert_mapping_rules_attributes(
mapping_get, mapping_id, mapping_create)
def test_remove_user_role_non_existent_tenant(self):
# Attempt to remove a role from a non existent tenant should fail
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'], user['id'],
role['id'])
non_existent_tenant = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound,
self.roles_client.delete_role_from_user_on_project,
non_existent_tenant, user['id'], role['id'])
def test_mapping_rules_get(self):
mapping_id = data_utils.rand_uuid_hex()
mapping_create = self._create_mapping_rule(mapping_id,
self._MAPPING_REF)
mapping_get = self.mappings_client.show_mapping_rule(
mapping_id)['mapping']
self._assert_mapping_rules_attributes(mapping_get, mapping_id,
mapping_create)
def test_identity_get_role(self):
# user can get role
role = self.admin_roles_client.create_role(**self.role())['role']
self.addCleanup(self.admin_roles_client.delete_role, role['id'])
self.do_request('show_role', role_id=role['id'])
# user gets a 404 for nonexistent role
self.do_request('show_role',
expected_status=exceptions.NotFound,
role_id=data_utils.rand_uuid_hex())
def test_create_user_for_non_existent_domain(self):
# Attempt to create a user in a non-existent domain should fail
u_name = data_utils.rand_name('user')
u_email = u_name + '@testmail.tm'
u_password = data_utils.rand_password()
self.assertRaises(lib_exc.NotFound, self.users_client.create_user,
name=u_name, password=u_password,
email=u_email,
domain_id=data_utils.rand_uuid_hex())
def test_identity_delete_domain_role(self):
# user can delete role in other domain
role = self.admin_roles_client.create_role(**self.role(
domain_id=self.domain_id))['role']
self.do_request('delete_role', expected_status=204, role_id=role['id'])
# user gets a 404 for nonexistent role
self.do_request('delete_role',
expected_status=exceptions.NotFound,
role_id=data_utils.rand_uuid_hex())
def test_create_image_owner_param(self):
# NOTE: Create image with owner different from tenant owner by
# using "owner" parameter requires an admin privileges.
random_id = data_utils.rand_uuid_hex()
image = self.admin_client.create_image(container_format='bare',
disk_format='raw',
owner=random_id)
self.addCleanup(self.admin_client.delete_image, image['id'])
image_info = self.admin_client.show_image(image['id'])
self.assertEqual(random_id, image_info['owner'])
def test_identity_get_domain(self):
domain_id = self.admin_domains_client.create_domain(
name=data_utils.rand_name())['domain']['id']
self.addCleanup(self.admin_domains_client.delete_domain, domain_id)
self.addCleanup(self.admin_domains_client.update_domain,
domain_id=domain_id, enabled=False)
self.do_request('show_domain', domain_id=domain_id)
# user gets a 404 for nonexistent domain
self.do_request('show_domain', expected_status=exceptions.NotFound,
domain_id=data_utils.rand_uuid_hex())
def test_identity_update_credential(self):
# domain admins cannot update credentials
user_id = self.persona.credentials.user_id
for u in [user_id, self.test_user_1, self.test_user_2]:
cred = self.credential(user_id=u)
resp = self.admin_credentials_client.create_credential(
**cred)['credential']
self.addCleanup(self.admin_credentials_client.delete_credential,
resp['id'])
cred['blob'] = data_utils.rand_uuid_hex()
self.do_request('update_credential',
expected_status=exceptions.Forbidden,
credential_id=resp['id'],
**cred)
# non-existent credential is Forbidden
self.do_request('update_credential',
expected_status=exceptions.Forbidden,
credential_id=data_utils.rand_uuid_hex(),
**self.credential(user_id=user_id))
def test_remove_user_role_non_existent_tenant(self):
# Attempt to remove a role from a non existent tenant should fail
(user, tenant, role) = self._get_role_params()
self.roles_client.create_user_role_on_project(tenant['id'],
user['id'],
role['id'])
non_existent_tenant = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound,
self.roles_client.delete_role_from_user_on_project,
non_existent_tenant, user['id'], role['id'])
def test_identity_get_service(self):
service_id = self.admin_services_client.create_service(
**self.service())['service']['id']
self.addCleanup(self.admin_services_client.delete_service,
service_id=service_id)
self.do_request('show_service', service_id=service_id)
# user gets a 404 for nonexistent service
self.do_request('show_service',
expected_status=exceptions.NotFound,
service_id=data_utils.rand_uuid_hex())
def test_service_providers_in_token(self):
# Create some enabled service providers
enabled_sps = []
for _ in range(2):
sp_id = data_utils.rand_uuid_hex()
self._create_sp(sp_id, fixtures.sp_ref(enabled=True))
enabled_sps.append(sp_id)
# Create some disabled service providers
for _ in range(2):
sp_id = data_utils.rand_uuid_hex()
self._create_sp(sp_id, fixtures.sp_ref(enabled=False))
sps_in_token_ids = [
sp['id'] for sp in
self.sps_client.get_service_providers_in_token()]
# Should be equal to the enabled_sps list
self.assertItemsEqual(enabled_sps, sps_in_token_ids)
def test_identity_delete_service(self):
service_id = self.admin_services_client.create_service(
**self.service())['service']['id']
self.do_request('delete_service',
expected_status=exceptions.Forbidden,
service_id=service_id)
# user gets a 403 for nonexistent service
self.do_request('delete_service',
expected_status=exceptions.Forbidden,
service_id=data_utils.rand_uuid_hex())
def test_assign_user_role_for_non_existent_tenant(self):
"""Test assigning a role on a non existent tenant via v2 API
Assigning a role on a non existent tenant via v2 API should fail.
"""
(user, _, role) = self._get_role_params()
non_existent_tenant = data_utils.rand_uuid_hex()
self.assertRaises(lib_exc.NotFound,
self.roles_client.create_user_role_on_project,
non_existent_tenant, user['id'], role['id'])
def test_identity_get_region(self):
region_id = self.admin_regions_client.create_region(
**self.region())['region']['id']
self.addCleanup(self.admin_regions_client.delete_region,
region_id=region_id)
self.do_request('show_region', region_id=region_id)
# user gets a 404 for nonexistent region
self.do_request('show_region',
expected_status=exceptions.NotFound,
region_id=data_utils.rand_uuid_hex())
def test_identity_delete_region(self):
region_id = self.admin_regions_client.create_region(
**self.region())['region']['id']
self.do_request('delete_region',
expected_status=exceptions.Forbidden,
region_id=region_id)
# user gets a 403 for nonexistent region
self.do_request('delete_region',
expected_status=exceptions.Forbidden,
region_id=data_utils.rand_uuid_hex())
def test_identity_get_application_credential(self):
# user can retrieve their own app cred
user_id = self.persona.credentials.user_id
app_cred = self.client.create_application_credential(
user_id=user_id, **self.app_cred())['application_credential']
self.addCleanup(self.client.delete_application_credential,
user_id=user_id,
application_credential_id=app_cred['id'])
self.do_request('show_application_credential',
user_id=user_id,
application_credential_id=app_cred['id'])
# retrieving non-existent app cred for self should return 404
self.do_request('show_application_credential',
expected_status=exceptions.NotFound,
user_id=user_id,
application_credential_id=data_utils.rand_uuid_hex())
# user cannot retrieve another user's app cred by using the victim's
# user ID in the request or by trying to bypass the user ownership
# check by crafting a path the the attacker's user ID
user_id = self.test_user_id
client = self.test_user_client.application_credentials_client
app_cred = client.create_application_credential(
user_id=user_id, **self.app_cred())['application_credential']
self.addCleanup(client.delete_application_credential,
user_id=user_id,
application_credential_id=app_cred['id'])
self.do_request('show_application_credential',
expected_status=exceptions.Forbidden,
user_id=self.persona.credentials.user_id,
application_credential_id=app_cred['id'])
self.do_request('show_application_credential',
expected_status=exceptions.Forbidden,
user_id=user_id,
application_credential_id=app_cred['id'])
# retrieving non-existent app cred for another user should return 403
self.do_request('show_application_credential',
expected_status=exceptions.Forbidden,
user_id=user_id,
application_credential_id=data_utils.rand_uuid_hex())
def test_get_protocol_from_identity_provider(self):
idp_id, mapping_id = self._create_identity_provider_and_mapping()
# Add a protocol to the identity provider
protocol_id = data_utils.rand_uuid_hex()
self._create_protocol(idp_id, protocol_id, mapping_id)
# Try to get the protocol
protocol = self.idps_client.get_protocol_and_mapping(
idp_id, protocol_id)['protocol']
self._assert_protocol_attributes(protocol, protocol_id, mapping_id)
def idp_ref(enabled=None, remote_ids=None):
ref = {
'description': data_utils.rand_uuid_hex(),
}
if enabled is not None:
ref['enabled'] = enabled
if remote_ids:
ref['remote_ids'] = remote_ids
return ref
def test_identity_get_service_provider(self):
sp_id = self.admin_sp_client.create_service_provider(
sp_id=data_utils.rand_name(),
auth_url=data_utils.rand_url(),
sp_url=data_utils.rand_url())['service_provider']['id']
self.addCleanup(self.admin_sp_client.delete_service_provider, sp_id)
self.do_request('show_service_provider', sp_id=sp_id)
# user gets a 404 for nonexistent sp
self.do_request('show_service_provider',
expected_status=exceptions.NotFound,
sp_id=data_utils.rand_uuid_hex())
def test_identity_provider_update(self):
idp_id = data_utils.rand_uuid_hex()
idp = self._create_idp(idp_id, fixtures.idp_ref(enabled=True))
# The identity provider should be enabled
self.assertTrue(idp['enabled'])
idp = self.idps_client.update_identity_provider(
idp_id, enabled=False)['identity_provider']
# The identity provider should be disabled
self.assertFalse(idp['enabled'])
def test_service_provider_create_with_bad_attributes(self):
sp_id = data_utils.rand_uuid_hex()
sp_ref = fixtures.sp_ref()
# The auth_url must follow a URL regex
sp_ref['auth_url'] = data_utils.rand_uuid_hex()
self.assertRaises(
lib_exc.BadRequest,
self.sps_client.create_service_provider,
sp_id,
**sp_ref)
sp_ref = fixtures.sp_ref()
# The sp_url must follow a URL regex
sp_ref['sp_url'] = data_utils.rand_uuid_hex()
self.assertRaises(
lib_exc.BadRequest,
self.sps_client.create_service_provider,
sp_id,
**sp_ref)
def test_identity_provider_create(self):
idp_id = data_utils.rand_uuid_hex()
idp_ref = fixtures.idp_ref()
idp = self._create_idp(idp_id, idp_ref)
# The identity provider is disabled by default
idp_ref['enabled'] = False
# The remote_ids attribute should be set to an empty list by default
idp_ref['remote_ids'] = []
self._assert_identity_provider_attributes(idp, idp_id, idp_ref)
def test_mapping_rules_list(self):
mapping_ids = []
for _ in range(3):
mapping_id = data_utils.rand_uuid_hex()
self._create_mapping_rule(mapping_id, self._MAPPING_REF)
mapping_ids.append(mapping_id)
mappings_list = self.mappings_client.list_mapping_rules()['mappings']
fetched_ids = [mapping['id'] for mapping in mappings_list]
for mapping_id in mapping_ids:
self.assertIn(mapping_id, fetched_ids)
def test_remove_version_project(self):
f = verify_tempest_config._remove_version_project
self.assertEqual('/', f('/v2.1/%s/' % data_utils.rand_uuid_hex()))
self.assertEqual('', f('/v2.1/tenant_id'))
self.assertEqual('', f('/v3'))
self.assertEqual('/', f('/v3/'))
self.assertEqual('/something/', f('/something/v2.1/tenant_id/'))
self.assertEqual('/something', f('/something/v2.1/tenant_id'))
self.assertEqual('/something', f('/something/v3'))
self.assertEqual('/something/', f('/something/v3/'))
self.assertEqual('/', f('/')) # http://localhost/
self.assertEqual('', f('')) # http://localhost
