def setUp(self): super(UserFederatedAttributesTests, self).setUp() self.useFixture(database.Database()) self.load_backends() # Create the federated object idp, protocol = self._create_federated_attributes() self.fed_dict = unit.new_federated_user_ref() self.fed_dict['idp_id'] = idp['id'] self.fed_dict['protocol_id'] = protocol['id'] self.fed_dict['unique_id'] = "jdoe" # Create the domain_id, user, and federated_user relationship self.domain = unit.new_domain_ref() self.resource_api.create_domain(self.domain['id'], self.domain) self.fed_user = unit.new_user_ref(domain_id=self.domain['id']) self.fed_user = self._create_user_with_federated_user( self.fed_user, self.fed_dict) # Create two new fed_users which will have the same idp and protocol # but be completely different from the first fed_user # Create a new idp and protocol for fed_user2 and 3 idp, protocol = self._create_federated_attributes() self.fed_dict2 = unit.new_federated_user_ref() self.fed_dict2['idp_id'] = idp['id'] self.fed_dict2['protocol_id'] = protocol['id'] self.fed_dict2['unique_id'] = "ravelar" self.fed_user2 = unit.new_user_ref(domain_id=self.domain['id']) self.fed_user2 = self._create_user_with_federated_user( self.fed_user2, self.fed_dict2) self.fed_dict3 = unit.new_federated_user_ref() self.fed_dict3['idp_id'] = idp['id'] self.fed_dict3['protocol_id'] = protocol['id'] self.fed_dict3['unique_id'] = "jsmith" self.fed_user3 = unit.new_user_ref(domain_id=self.domain['id']) self.fed_user3 = self._create_user_with_federated_user( self.fed_user3, self.fed_dict3)
def test_shadow_existing_federated_user(self): fed_user = unit.new_federated_user_ref() # introduce the user to keystone for the first time shadow_user1 = self.identity_api.shadow_federated_user( fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'], fed_user['display_name']) self.assertEqual(fed_user['display_name'], shadow_user1['name']) # shadow the user again, with another name to invalidate the cache # internally, this operation causes request to the driver. It should # not fail. fed_user['display_name'] = uuid.uuid4().hex shadow_user2 = self.identity_api.shadow_federated_user( fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'], fed_user['display_name']) self.assertEqual(fed_user['display_name'], shadow_user2['name']) self.assertNotEqual(shadow_user1['name'], shadow_user2['name']) # The shadowed users still share the same unique ID. self.assertEqual(shadow_user1['id'], shadow_user2['id'])
def test_shadow_existing_federated_user(self): fed_user = unit.new_federated_user_ref() # introduce the user to keystone for the first time shadow_user1 = self.identity_api.shadow_federated_user( fed_user["idp_id"], fed_user["protocol_id"], fed_user["unique_id"], fed_user["display_name"]) self.assertEqual(fed_user['display_name'], shadow_user1['name']) # shadow the user again, with another name to invalidate the cache # internally, this operation causes request to the driver. It should # not fail. fed_user['display_name'] = uuid.uuid4().hex shadow_user2 = self.identity_api.shadow_federated_user( fed_user["idp_id"], fed_user["protocol_id"], fed_user["unique_id"], fed_user["display_name"]) # FIXME(dolph): These assertEqual / assertNotEqual should be reversed, # to illustrate that the display name has been updated as expected. self.assertNotEqual(fed_user['display_name'], shadow_user2['name']) self.assertEqual(shadow_user1['name'], shadow_user2['name']) # The shadowed users still share the same unique ID. self.assertEqual(shadow_user1['id'], shadow_user2['id'])
def test_create_federated_user_unique_constraint(self): federated_dict = unit.new_federated_user_ref() user_dict = self.shadow_users_api.create_federated_user(federated_dict) user_dict = self.identity_api.get_user(user_dict["id"]) self.assertIsNotNone(user_dict["id"]) self.assertRaises(exception.Conflict, self.shadow_users_api.create_federated_user, federated_dict)
def test_get_federated_user(self): federated_dict = unit.new_federated_user_ref() user_dict_create = self.shadow_users_api.create_federated_user( federated_dict) user_dict_get = self.shadow_users_api.get_federated_user( federated_dict["idp_id"], federated_dict["protocol_id"], federated_dict["unique_id"]) self.assertItemsEqual(user_dict_create, user_dict_get) self.assertEqual(user_dict_create["id"], user_dict_get["id"])
def test_shadow_federated_user(self): fed_user = unit.new_federated_user_ref() user = (self.identity_api.shadow_federated_user( fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'], fed_user['display_name'])) self.assertIsNotNone(user['id']) self.assertEqual(len(user.keys()), 4) self.assertIsNotNone(user['name']) self.assertIsNone(user['domain_id']) self.assertEqual(user['enabled'], True)
def test_shadow_federated_user(self): fed_user = unit.new_federated_user_ref() user = ( self.identity_api.shadow_federated_user(fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'], fed_user['display_name']) ) self.assertIsNotNone(user['id']) self.assertEqual(len(user.keys()), 4) self.assertIsNotNone(user['name']) self.assertIsNone(user['domain_id']) self.assertEqual(user['enabled'], True)
def test_get_user_when_user_has_federated_object(self): fed_dict = unit.new_federated_user_ref(idp_id=self.idp['id'], protocol_id=self.protocol['id']) user = self.shadow_users_api.create_federated_user( self.domain_id, fed_dict) # test that the user returns a federated object and that there is only # one returned user_ref = self.identity_api.get_user(user['id']) self.assertIn('federated', user_ref) self.assertEqual(1, len(user_ref['federated'])) self.assertFederatedDictsEqual(fed_dict, user_ref['federated'][0])
def test_update_federated_user_display_name(self): federated_dict = unit.new_federated_user_ref() user_dict_create = self.shadow_users_api.create_federated_user( federated_dict) new_display_name = uuid.uuid4().hex self.shadow_users_api.update_federated_user_display_name( federated_dict["idp_id"], federated_dict["protocol_id"], federated_dict["unique_id"], new_display_name) user_ref = self.shadow_users_api._get_federated_user( federated_dict["idp_id"], federated_dict["protocol_id"], federated_dict["unique_id"]) self.assertEqual(user_ref.federated_users[0].display_name, new_display_name) self.assertEqual(user_dict_create["id"], user_ref.id)
def test_shadow_federated_user(self): fed_user = unit.new_federated_user_ref() user = (self.identity_api.shadow_federated_user( fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'], fed_user['display_name'])) self.assertIsNotNone(user['id']) self.assertEqual(5, len(user.keys())) self.assertIsNotNone(user['name']) self.assertIsNone(user['password_expires_at']) self.assertIsNone(user['domain_id']) # NOTE(breton): below, attribute `enabled` is explicitly tested to be # equal True. assertTrue should not be used, because it converts # the passed value to bool(). self.assertEqual(True, user['enabled'])
def test_shadow_federated_user(self): fed_user = unit.new_federated_user_ref() user = ( self.identity_api.shadow_federated_user(fed_user['idp_id'], fed_user['protocol_id'], fed_user['unique_id'], fed_user['display_name']) ) self.assertIsNotNone(user['id']) self.assertEqual(5, len(user.keys())) self.assertIsNotNone(user['name']) self.assertIsNone(user['password_expires_at']) self.assertIsNone(user['domain_id']) # NOTE(breton): below, attribute `enabled` is explicitly tested to be # equal True. assertTrue should not be used, because it converts # the passed value to bool(). self.assertEqual(True, user['enabled'])