def test_new_user_only_member(self):
"""
Existing user, valid project, no edit permissions.
Action should be invalid.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(
name="*****@*****.**", password="******", email="*****@*****.**"
)
setup_identity_cache(projects=[project], users=[user])
task = Task.objects.create(
keystone_user={
"roles": ["member"],
"project_id": project.id,
"project_domain_id": "default",
}
)
data = {
"email": "*****@*****.**",
"project_id": project.id,
"roles": ["member"],
"inherited_roles": [],
"domain_id": "default",
}
action = NewUserAction(data, task=task, order=1)
action.prepare()
self.assertFalse(action.valid)
def test_new_user_wrong_project(self):
"""
Existing user, valid project, project does not match keystone user.
Action should be invalid.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(
name="*****@*****.**", password="******", email="*****@*****.**"
)
setup_identity_cache(projects=[project], users=[user])
task = Task.objects.create(
keystone_user={
"roles": ["project_mod"],
"project_id": "test_project_id",
"project_domain_id": "default",
}
)
data = {
"email": "*****@*****.**",
"project_id": "test_project_id_1",
"roles": ["member"],
"inherited_roles": [],
"domain_id": "default",
}
action = NewUserAction(data, task=task, order=1)
action.prepare()
self.assertEqual(action.valid, False)
def test_new_user_only_member(self):
"""
Existing user, valid project, no edit permissions.
Action should be invalid.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(name="*****@*****.**",
password="******",
email="*****@*****.**")
setup_identity_cache(projects=[project], users=[user])
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['_member_'],
'project_id': project.id,
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': project.id,
'roles': ['_member_'],
'inherited_roles': [],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertFalse(action.valid)
def test_new_user_no_tenant(self):
"""
No user, no tenant.
"""
setup_identity_cache()
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': 'test_project_id',
'roles': ['_member_'],
'inherited_roles': [],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, False)
action.post_approve()
self.assertEqual(action.valid, False)
token_data = {}
action.submit(token_data)
self.assertEqual(action.valid, False)
def test_new_user_no_tenant(self):
"""
No user, no tenant.
"""
setup_identity_cache()
task = Task.objects.create(
keystone_user={
"roles": ["admin", "project_mod"],
"project_id": "test_project_id",
"project_domain_id": "default",
}
)
data = {
"email": "*****@*****.**",
"project_id": "test_project_id",
"roles": ["member"],
"inherited_roles": [],
"domain_id": "default",
}
action = NewUserAction(data, task=task, order=1)
action.prepare()
self.assertEqual(action.valid, False)
action.approve()
self.assertEqual(action.valid, False)
token_data = {}
action.submit(token_data)
self.assertEqual(action.valid, False)
def test_new_user_existing_role(self):
"""
Existing user, valid tenant, has role.
Should complete the action as if no role,
but actually do nothing.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(name="*****@*****.**",
password="******",
email="*****@*****.**")
assignment = fake_clients.FakeRoleAssignment(
scope={'project': {
'id': project.id
}},
role_name="_member_",
user={'id': user.id})
setup_identity_cache(projects=[project],
users=[user],
role_assignments=[assignment])
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': project.id,
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': project.id,
'roles': ['_member_'],
'inherited_roles': [],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
action.post_approve()
self.assertEqual(action.valid, True)
self.assertEqual(action.action.state, 'complete')
token_data = {}
action.submit(token_data)
self.assertEqual(action.valid, True)
fake_client = fake_clients.FakeManager()
roles = fake_client._get_roles_as_names(user, project)
self.assertEqual(roles, ['_member_'])
def test_new_user_existing_role(self):
"""
Existing user, valid tenant, has role.
Should complete the action as if no role,
but actually do nothing.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(
name="*****@*****.**", password="******", email="*****@*****.**"
)
assignment = fake_clients.FakeRoleAssignment(
scope={"project": {"id": project.id}},
role_name="member",
user={"id": user.id},
)
setup_identity_cache(
projects=[project], users=[user], role_assignments=[assignment]
)
task = Task.objects.create(
keystone_user={
"roles": ["admin", "project_mod"],
"project_id": project.id,
"project_domain_id": "default",
}
)
data = {
"email": "*****@*****.**",
"project_id": project.id,
"roles": ["member"],
"inherited_roles": [],
"domain_id": "default",
}
action = NewUserAction(data, task=task, order=1)
action.prepare()
self.assertEqual(action.valid, True)
action.approve()
self.assertEqual(action.valid, True)
self.assertEqual(action.action.state, "complete")
token_data = {}
action.submit(token_data)
self.assertEqual(action.valid, True)
fake_client = fake_clients.FakeManager()
roles = fake_client._get_roles_as_names(user, project)
self.assertEqual(roles, ["member"])
def test_new_user_disabled(self):
"""
Disabled user, valid existing tenant, no role.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(
name="*****@*****.**",
password="******",
email="*****@*****.**",
enabled=False,
)
setup_identity_cache(projects=[project], users=[user])
task = Task.objects.create(
keystone_user={
"roles": ["admin", "project_mod"],
"project_id": project.id,
"project_domain_id": "default",
}
)
data = {
"email": "*****@*****.**",
"project_id": project.id,
"roles": ["member"],
"inherited_roles": [],
"domain_id": "default",
}
action = NewUserAction(data, task=task, order=1)
action.prepare()
self.assertEqual(action.valid, True)
action.approve()
self.assertEqual(action.valid, True)
token_data = {"password": "******"}
action.submit(token_data)
self.assertEqual(action.valid, True)
self.assertEqual(len(fake_clients.identity_cache["users"]), 2)
fake_client = fake_clients.FakeManager()
user = fake_client.find_user(name="*****@*****.**", domain="default")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(user.password, "123456")
self.assertTrue(user.enabled)
roles = fake_client._get_roles_as_names(user, project)
self.assertEqual(roles, ["member"])
def test_new_user_wrong_domain(self):
"""
Existing user, valid project, invalid domain.
Action should be invalid.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(name="*****@*****.**",
password="******",
email="*****@*****.**")
assignment = fake_clients.FakeRoleAssignment(
scope={'project': {
'id': project.id
}},
role_name="_member_",
user={'id': user.id})
setup_identity_cache(projects=[project],
users=[user],
role_assignments=[assignment])
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['project_admin'],
'project_id': project.id,
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': project.id,
'roles': ['_member_'],
'inherited_roles': [],
'domain_id': 'not_default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertFalse(action.valid)
def test_new_user_disabled(self):
"""
Disabled user, valid existing tenant, no role.
"""
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {}
user = mock.Mock()
user.id = 'user_id_1'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
user.enabled = False
setup_temp_cache({'test_project': project}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': 'test_project_id',
'roles': ['_member_'],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(len(tests.temp_cache['users']), 2)
# The new user id in this case will be "user_id_1"
self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
'*****@*****.**')
self.assertEquals(tests.temp_cache['users']["user_id_1"].password,
'123456')
self.assertEquals(tests.temp_cache['users']["user_id_1"].enabled, True)
self.assertEquals(project.roles["user_id_1"], ['_member_'])
def test_new_user_wrong_domain(self):
"""
Existing user, valid project, invalid domain.
Action should be invalid.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(
name="*****@*****.**", password="******", email="*****@*****.**"
)
assignment = fake_clients.FakeRoleAssignment(
scope={"project": {"id": project.id}},
role_name="member",
user={"id": user.id},
)
setup_identity_cache(
projects=[project], users=[user], role_assignments=[assignment]
)
task = Task.objects.create(
keystone_user={
"roles": ["project_admin"],
"project_id": project.id,
"project_domain_id": "default",
}
)
data = {
"email": "*****@*****.**",
"project_id": project.id,
"roles": ["member"],
"inherited_roles": [],
"domain_id": "not_default",
}
action = NewUserAction(data, task=task, order=1)
action.prepare()
self.assertFalse(action.valid)
def test_new_user_disabled(self):
"""
Disabled user, valid existing tenant, no role.
"""
project = fake_clients.FakeProject(name="test_project")
user = fake_clients.FakeUser(name="*****@*****.**",
password="******",
email="*****@*****.**",
enabled=False)
setup_identity_cache(projects=[project], users=[user])
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': project.id,
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': project.id,
'roles': ['_member_'],
'inherited_roles': [],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
action.post_approve()
self.assertEqual(action.valid, True)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEqual(action.valid, True)
self.assertEqual(len(fake_clients.identity_cache['users']), 2)
fake_client = fake_clients.FakeManager()
user = fake_client.find_user(name="*****@*****.**", domain="default")
self.assertEqual(user.email, '*****@*****.**')
self.assertEqual(user.password, '123456')
self.assertTrue(user.enabled)
roles = fake_client._get_roles_as_names(user, project)
self.assertEqual(roles, ['_member_'])
def test_create_user_email_not_username(self):
"""
Test the default case, all valid.
No existing user, valid tenant.
Different username from email address
"""
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {}
setup_temp_cache({'test_project': project}, {})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'username': '******',
'email': '*****@*****.**',
'project_id': 'test_project_id',
'roles': ['_member_'],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(len(tests.temp_cache['users']), 2)
# The new user id in this case will be "user_id_1"
self.assertEquals(tests.temp_cache['users']["user_id_1"].email,
'*****@*****.**')
self.assertEquals(tests.temp_cache['users']["user_id_1"].name,
'test_user')
self.assertEquals(tests.temp_cache['users']["user_id_1"].password,
'123456')
self.assertEquals(project.roles["user_id_1"], ['_member_'])
def test_create_user_email_not_username(self):
"""
Test the default case, all valid.
No existing user, valid tenant.
Different username from email address
"""
project = fake_clients.FakeProject(name="test_project")
setup_identity_cache(projects=[project])
task = Task.objects.create(
keystone_user={
"roles": ["admin", "project_mod"],
"project_id": project.id,
"project_domain_id": "default",
}
)
data = {
"username": "******",
"email": "*****@*****.**",
"project_id": project.id,
"roles": ["member"],
"inherited_roles": [],
"domain_id": "default",
}
action = NewUserAction(data, task=task, order=1)
action.prepare()
self.assertEqual(action.valid, True)
action.approve()
self.assertEqual(action.valid, True)
token_data = {"password": "******"}
action.submit(token_data)
self.assertEqual(action.valid, True)
self.assertEqual(len(fake_clients.identity_cache["users"]), 2)
fake_client = fake_clients.FakeManager()
user = fake_client.find_user(name="test_user", domain="default")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(user.password, "123456")
self.assertTrue(user.enabled)
roles = fake_client._get_roles_as_names(user, project)
self.assertEqual(roles, ["member"])
def test_new_user_existing_role(self):
"""
Existing user, valid tenant, has role.
Should complete the action as if no role,
but actually do nothing.
"""
user = mock.Mock()
user.id = 'user_id'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {user.id: ['_member_']}
setup_temp_cache({'test_project': project}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': 'test_project_id',
'roles': ['_member_'],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEquals(action.valid, True)
action.post_approve()
self.assertEquals(action.valid, True)
self.assertEquals(action.action.state, 'complete')
token_data = {}
action.submit(token_data)
self.assertEquals(action.valid, True)
self.assertEquals(project.roles[user.id], ['_member_'])
def test_create_user_email_not_username(self):
"""
Test the default case, all valid.
No existing user, valid tenant.
Different username from email address
"""
project = fake_clients.FakeProject(name="test_project")
setup_identity_cache(projects=[project])
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['admin', 'project_mod'],
'project_id': project.id,
'project_domain_id': 'default',
})
data = {
'username': '******',
'email': '*****@*****.**',
'project_id': project.id,
'roles': ['_member_'],
'inherited_roles': [],
'domain_id': 'default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertEqual(action.valid, True)
action.post_approve()
self.assertEqual(action.valid, True)
token_data = {'password': '******'}
action.submit(token_data)
self.assertEqual(action.valid, True)
self.assertEqual(len(fake_clients.identity_cache['users']), 2)
fake_client = fake_clients.FakeManager()
user = fake_client.find_user(name="test_user", domain="default")
self.assertEqual(user.email, '*****@*****.**')
self.assertEqual(user.password, '123456')
self.assertTrue(user.enabled)
roles = fake_client._get_roles_as_names(user, project)
self.assertEqual(roles, ['_member_'])
def test_new_user_wrong_domain(self):
"""
Existing user, valid project, invalid domain.
Action should be invalid.
"""
user = mock.Mock()
user.id = 'user_id'
user.name = "*****@*****.**"
user.email = "*****@*****.**"
user.domain = 'default'
project = mock.Mock()
project.id = 'test_project_id'
project.name = 'test_project'
project.domain = 'default'
project.roles = {user.id: ['_member_']}
setup_temp_cache({'test_project': project}, {user.id: user})
task = Task.objects.create(ip_address="0.0.0.0",
keystone_user={
'roles': ['_member_'],
'project_id': 'test_project_id',
'project_domain_id': 'default',
})
data = {
'email': '*****@*****.**',
'project_id': 'test_project_id',
'roles': ['_member_'],
'domain_id': 'not_default',
}
action = NewUserAction(data, task=task, order=1)
action.pre_approve()
self.assertFalse(action.valid)