diff options
author | Brant Knudson <bknudson@us.ibm.com> | 2013-08-16 12:42:17 -0500 |
---|---|---|
committer | Brant Knudson <bknudson@us.ibm.com> | 2013-08-16 12:42:17 -0500 |
commit | 54178b735dea4dfee4578caa95cb3ae704afef07 (patch) | |
tree | 0dc0c120e3d190f3c73bb6db67f339118d3dbafa | |
parent | 81534a182a4986d838591395aee8590ef61c599d (diff) | |
download | keystone-54178b735dea4dfee4578caa95cb3ae704afef07.tar.gz keystone-54178b735dea4dfee4578caa95cb3ae704afef07.tar.xz keystone-54178b735dea4dfee4578caa95cb3ae704afef07.zip |
More validation in test_user_enable_attribute_mask
Validate the enabled attribute returned by create_user, update_user.
Also, validate that the enabled attribute in the LDAP server is
set.
Change-Id: I78d194528ad4fd67fc35ca4d124f2e031d02d9cc
Related-Bug: #1210175
-rw-r--r-- | keystone/tests/test_backend_ldap.py | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py index e40e0565..442ec8d9 100644 --- a/keystone/tests/test_backend_ldap.py +++ b/keystone/tests/test_backend_ldap.py @@ -17,6 +17,8 @@ import uuid +import ldap + from keystone import assignment from keystone.common.ldap import fakeldap from keystone.common import sql @@ -480,21 +482,50 @@ class LDAPIdentity(test.TestCase, BaseLDAPIdentity): self.load_backends() self.load_fixtures(default_fixtures) + ldap_ = self.identity_api.driver.user.get_connection() + + def get_enabled_vals(): + user_dn = self.identity_api.driver.user._id_to_dn_string('fake1') + enabled_attr_name = CONF.ldap.user_enabled_attribute + + res = ldap_.search_s(user_dn, + ldap.SCOPE_BASE, + query='(sn=fake1)') + return res[0][1][enabled_attr_name] + user = {'id': 'fake1', 'name': 'fake1', 'enabled': True, 'domain_id': CONF.identity.default_domain_id} - self.identity_api.create_user('fake1', user) + + user_ref = self.identity_api.create_user('fake1', user) + + self.assertEqual(user_ref['enabled'], 512) + # TODO(blk-u): 512 seems wrong, should it be True? + + enabled_vals = get_enabled_vals() + self.assertEqual(enabled_vals, [512]) + user_ref = self.identity_api.get_user('fake1') - self.assertEqual(user_ref['enabled'], True) + self.assertIs(user_ref['enabled'], True) user['enabled'] = False - self.identity_api.update_user('fake1', user) + user_ref = self.identity_api.update_user('fake1', user) + self.assertIs(user_ref['enabled'], False) + + enabled_vals = get_enabled_vals() + self.assertEqual(enabled_vals, [514]) + user_ref = self.identity_api.get_user('fake1') - self.assertEqual(user_ref['enabled'], False) + self.assertIs(user_ref['enabled'], False) user['enabled'] = True - self.identity_api.update_user('fake1', user) + user_ref = self.identity_api.update_user('fake1', user) + self.assertIs(user_ref['enabled'], True) + + enabled_vals = get_enabled_vals() + self.assertEqual(enabled_vals, [512]) + user_ref = self.identity_api.get_user('fake1') - self.assertEqual(user_ref['enabled'], True) + self.assertIs(user_ref['enabled'], True) def test_user_api_get_connection_no_user_password(self): """Don't bind in case the user and password are blank.""" |