예제 #1
0
    def test_new_user_only_member(self):
        """
        Existing user, valid project, no edit permissions.

        Action should be invalid.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(
            name="*****@*****.**", password="******", email="*****@*****.**"
        )

        setup_identity_cache(projects=[project], users=[user])

        task = Task.objects.create(
            keystone_user={
                "roles": ["member"],
                "project_id": project.id,
                "project_domain_id": "default",
            }
        )

        data = {
            "email": "*****@*****.**",
            "project_id": project.id,
            "roles": ["member"],
            "inherited_roles": [],
            "domain_id": "default",
        }

        action = NewUserAction(data, task=task, order=1)

        action.prepare()
        self.assertFalse(action.valid)
예제 #2
0
    def test_new_user_wrong_project(self):
        """
        Existing user, valid project, project does not match keystone user.

        Action should be invalid.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(
            name="*****@*****.**", password="******", email="*****@*****.**"
        )

        setup_identity_cache(projects=[project], users=[user])

        task = Task.objects.create(
            keystone_user={
                "roles": ["project_mod"],
                "project_id": "test_project_id",
                "project_domain_id": "default",
            }
        )

        data = {
            "email": "*****@*****.**",
            "project_id": "test_project_id_1",
            "roles": ["member"],
            "inherited_roles": [],
            "domain_id": "default",
        }

        action = NewUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, False)
예제 #3
0
    def test_new_user_only_member(self):
        """
        Existing user, valid project, no edit permissions.

        Action should be invalid.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**")

        setup_identity_cache(projects=[project], users=[user])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['_member_'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertFalse(action.valid)
예제 #4
0
    def test_new_user_no_tenant(self):
        """
        No user, no tenant.
        """

        setup_identity_cache()

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, False)

        action.post_approve()
        self.assertEqual(action.valid, False)

        token_data = {}
        action.submit(token_data)
        self.assertEqual(action.valid, False)
예제 #5
0
    def test_new_user_no_tenant(self):
        """
        No user, no tenant.
        """

        setup_identity_cache()

        task = Task.objects.create(
            keystone_user={
                "roles": ["admin", "project_mod"],
                "project_id": "test_project_id",
                "project_domain_id": "default",
            }
        )

        data = {
            "email": "*****@*****.**",
            "project_id": "test_project_id",
            "roles": ["member"],
            "inherited_roles": [],
            "domain_id": "default",
        }

        action = NewUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, False)

        action.approve()
        self.assertEqual(action.valid, False)

        token_data = {}
        action.submit(token_data)
        self.assertEqual(action.valid, False)
예제 #6
0
    def test_new_user_existing_role(self):
        """
        Existing user, valid tenant, has role.

        Should complete the action as if no role,
        but actually do nothing.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**")

        assignment = fake_clients.FakeRoleAssignment(
            scope={'project': {
                'id': project.id
            }},
            role_name="_member_",
            user={'id': user.id})

        setup_identity_cache(projects=[project],
                             users=[user],
                             role_assignments=[assignment])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)
        self.assertEqual(action.action.state, 'complete')

        token_data = {}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        fake_client = fake_clients.FakeManager()

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ['_member_'])
예제 #7
0
    def test_new_user_existing_role(self):
        """
        Existing user, valid tenant, has role.

        Should complete the action as if no role,
        but actually do nothing.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(
            name="*****@*****.**", password="******", email="*****@*****.**"
        )

        assignment = fake_clients.FakeRoleAssignment(
            scope={"project": {"id": project.id}},
            role_name="member",
            user={"id": user.id},
        )

        setup_identity_cache(
            projects=[project], users=[user], role_assignments=[assignment]
        )

        task = Task.objects.create(
            keystone_user={
                "roles": ["admin", "project_mod"],
                "project_id": project.id,
                "project_domain_id": "default",
            }
        )

        data = {
            "email": "*****@*****.**",
            "project_id": project.id,
            "roles": ["member"],
            "inherited_roles": [],
            "domain_id": "default",
        }

        action = NewUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, True)

        action.approve()
        self.assertEqual(action.valid, True)
        self.assertEqual(action.action.state, "complete")

        token_data = {}
        action.submit(token_data)
        self.assertEqual(action.valid, True)

        fake_client = fake_clients.FakeManager()

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ["member"])
예제 #8
0
    def test_new_user_disabled(self):
        """
        Disabled user, valid existing tenant, no role.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(
            name="*****@*****.**",
            password="******",
            email="*****@*****.**",
            enabled=False,
        )

        setup_identity_cache(projects=[project], users=[user])

        task = Task.objects.create(
            keystone_user={
                "roles": ["admin", "project_mod"],
                "project_id": project.id,
                "project_domain_id": "default",
            }
        )

        data = {
            "email": "*****@*****.**",
            "project_id": project.id,
            "roles": ["member"],
            "inherited_roles": [],
            "domain_id": "default",
        }

        action = NewUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, True)

        action.approve()
        self.assertEqual(action.valid, True)

        token_data = {"password": "******"}
        action.submit(token_data)
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache["users"]), 2)

        fake_client = fake_clients.FakeManager()

        user = fake_client.find_user(name="*****@*****.**", domain="default")

        self.assertEqual(user.email, "*****@*****.**")
        self.assertEqual(user.password, "123456")
        self.assertTrue(user.enabled)

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ["member"])
예제 #9
0
    def test_new_user_wrong_domain(self):
        """
        Existing user, valid project, invalid domain.

        Action should be invalid.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**")

        assignment = fake_clients.FakeRoleAssignment(
            scope={'project': {
                'id': project.id
            }},
            role_name="_member_",
            user={'id': user.id})

        setup_identity_cache(projects=[project],
                             users=[user],
                             role_assignments=[assignment])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['project_admin'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'not_default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertFalse(action.valid)
예제 #10
0
    def test_new_user_disabled(self):
        """
        Disabled user, valid existing tenant, no role.
        """
        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {}

        user = mock.Mock()
        user.id = 'user_id_1'
        user.name = "*****@*****.**"
        user.email = "*****@*****.**"
        user.domain = 'default'
        user.enabled = False

        setup_temp_cache({'test_project': project}, {user.id: user})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEquals(action.valid, True)

        action.post_approve()
        self.assertEquals(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEquals(action.valid, True)
        self.assertEquals(len(tests.temp_cache['users']), 2)
        # The new user id in this case will be "user_id_1"
        self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
                          '*****@*****.**')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].password,
                          '123456')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].enabled, True)

        self.assertEquals(project.roles["user_id_1"], ['_member_'])
예제 #11
0
    def test_new_user_wrong_domain(self):
        """
        Existing user, valid project, invalid domain.

        Action should be invalid.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(
            name="*****@*****.**", password="******", email="*****@*****.**"
        )

        assignment = fake_clients.FakeRoleAssignment(
            scope={"project": {"id": project.id}},
            role_name="member",
            user={"id": user.id},
        )

        setup_identity_cache(
            projects=[project], users=[user], role_assignments=[assignment]
        )

        task = Task.objects.create(
            keystone_user={
                "roles": ["project_admin"],
                "project_id": project.id,
                "project_domain_id": "default",
            }
        )

        data = {
            "email": "*****@*****.**",
            "project_id": project.id,
            "roles": ["member"],
            "inherited_roles": [],
            "domain_id": "not_default",
        }

        action = NewUserAction(data, task=task, order=1)

        action.prepare()
        self.assertFalse(action.valid)
예제 #12
0
    def test_new_user_disabled(self):
        """
        Disabled user, valid existing tenant, no role.
        """

        project = fake_clients.FakeProject(name="test_project")

        user = fake_clients.FakeUser(name="*****@*****.**",
                                     password="******",
                                     email="*****@*****.**",
                                     enabled=False)

        setup_identity_cache(projects=[project], users=[user])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache['users']), 2)

        fake_client = fake_clients.FakeManager()

        user = fake_client.find_user(name="*****@*****.**", domain="default")

        self.assertEqual(user.email, '*****@*****.**')
        self.assertEqual(user.password, '123456')
        self.assertTrue(user.enabled)

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ['_member_'])
예제 #13
0
    def test_create_user_email_not_username(self):
        """
        Test the default case, all valid.
        No existing user, valid tenant.
        Different username from email address
        """
        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {}

        setup_temp_cache({'test_project': project}, {})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'username': '******',
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEquals(action.valid, True)

        action.post_approve()
        self.assertEquals(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEquals(action.valid, True)
        self.assertEquals(len(tests.temp_cache['users']), 2)
        # The new user id in this case will be "user_id_1"
        self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
                          '*****@*****.**')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].name,
                          'test_user')
        self.assertEquals(tests.temp_cache['users']["user_id_1"].password,
                          '123456')

        self.assertEquals(project.roles["user_id_1"], ['_member_'])
예제 #14
0
    def test_create_user_email_not_username(self):
        """
        Test the default case, all valid.
        No existing user, valid tenant.
        Different username from email address
        """
        project = fake_clients.FakeProject(name="test_project")

        setup_identity_cache(projects=[project])

        task = Task.objects.create(
            keystone_user={
                "roles": ["admin", "project_mod"],
                "project_id": project.id,
                "project_domain_id": "default",
            }
        )

        data = {
            "username": "******",
            "email": "*****@*****.**",
            "project_id": project.id,
            "roles": ["member"],
            "inherited_roles": [],
            "domain_id": "default",
        }

        action = NewUserAction(data, task=task, order=1)

        action.prepare()
        self.assertEqual(action.valid, True)

        action.approve()
        self.assertEqual(action.valid, True)

        token_data = {"password": "******"}
        action.submit(token_data)
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache["users"]), 2)

        fake_client = fake_clients.FakeManager()

        user = fake_client.find_user(name="test_user", domain="default")

        self.assertEqual(user.email, "*****@*****.**")
        self.assertEqual(user.password, "123456")
        self.assertTrue(user.enabled)

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ["member"])
예제 #15
0
    def test_new_user_existing_role(self):
        """
        Existing user, valid tenant, has role.

        Should complete the action as if no role,
        but actually do nothing.
        """

        user = mock.Mock()
        user.id = 'user_id'
        user.name = "*****@*****.**"
        user.email = "*****@*****.**"
        user.domain = 'default'

        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {user.id: ['_member_']}

        setup_temp_cache({'test_project': project}, {user.id: user})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEquals(action.valid, True)

        action.post_approve()
        self.assertEquals(action.valid, True)
        self.assertEquals(action.action.state, 'complete')

        token_data = {}
        action.submit(token_data)
        self.assertEquals(action.valid, True)

        self.assertEquals(project.roles[user.id], ['_member_'])
예제 #16
0
    def test_create_user_email_not_username(self):
        """
        Test the default case, all valid.
        No existing user, valid tenant.
        Different username from email address
        """
        project = fake_clients.FakeProject(name="test_project")

        setup_identity_cache(projects=[project])

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['admin', 'project_mod'],
                                       'project_id': project.id,
                                       'project_domain_id': 'default',
                                   })

        data = {
            'username': '******',
            'email': '*****@*****.**',
            'project_id': project.id,
            'roles': ['_member_'],
            'inherited_roles': [],
            'domain_id': 'default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertEqual(action.valid, True)

        action.post_approve()
        self.assertEqual(action.valid, True)

        token_data = {'password': '******'}
        action.submit(token_data)
        self.assertEqual(action.valid, True)
        self.assertEqual(len(fake_clients.identity_cache['users']), 2)

        fake_client = fake_clients.FakeManager()

        user = fake_client.find_user(name="test_user", domain="default")

        self.assertEqual(user.email, '*****@*****.**')
        self.assertEqual(user.password, '123456')
        self.assertTrue(user.enabled)

        roles = fake_client._get_roles_as_names(user, project)
        self.assertEqual(roles, ['_member_'])
예제 #17
0
    def test_new_user_wrong_domain(self):
        """
        Existing user, valid project, invalid domain.

        Action should be invalid.
        """

        user = mock.Mock()
        user.id = 'user_id'
        user.name = "*****@*****.**"
        user.email = "*****@*****.**"
        user.domain = 'default'

        project = mock.Mock()
        project.id = 'test_project_id'
        project.name = 'test_project'
        project.domain = 'default'
        project.roles = {user.id: ['_member_']}

        setup_temp_cache({'test_project': project}, {user.id: user})

        task = Task.objects.create(ip_address="0.0.0.0",
                                   keystone_user={
                                       'roles': ['_member_'],
                                       'project_id': 'test_project_id',
                                       'project_domain_id': 'default',
                                   })

        data = {
            'email': '*****@*****.**',
            'project_id': 'test_project_id',
            'roles': ['_member_'],
            'domain_id': 'not_default',
        }

        action = NewUserAction(data, task=task, order=1)

        action.pre_approve()
        self.assertFalse(action.valid)