diff options
| author | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-14 17:13:21 -0500 |
|---|---|---|
| committer | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-14 17:13:21 -0500 |
| commit | 56162f3ecc6efa7e2aaf70ef0de5dfb2f62a3102 (patch) | |
| tree | 40fc7da26d39841d520a007267b146e3fbb347bd | |
| parent | 29819a9caaf6de7a024a1ff62148ad035e2eaef4 (diff) | |
| download | keystone-56162f3ecc6efa7e2aaf70ef0de5dfb2f62a3102.tar.gz keystone-56162f3ecc6efa7e2aaf70ef0de5dfb2f62a3102.tar.xz keystone-56162f3ecc6efa7e2aaf70ef0de5dfb2f62a3102.zip | |
Adding call to modify tenant.Adding more tests and fixing minor issue.
| -rwxr-xr-x | bin/sampledata.sh | 2 | ||||
| -rwxr-xr-x | keystone/logic/service.py | 22 | ||||
| -rwxr-xr-x[-rw-r--r--] | keystone/logic/types/user.py | 2 | ||||
| -rwxr-xr-x | keystone/server.py | 4 | ||||
| -rwxr-xr-x | keystone/test/unit/test_common.py | 22 | ||||
| -rwxr-xr-x | keystone/test/unit/test_users.py | 212 |
6 files changed, 198 insertions, 66 deletions
diff --git a/bin/sampledata.sh b/bin/sampledata.sh index 46135dd2..661c940e 100755 --- a/bin/sampledata.sh +++ b/bin/sampledata.sh @@ -58,7 +58,7 @@ ./keystone-manage $* token add 000999 admin 1234 2010-02-05T00:00 ./keystone-manage $* token add 999888777 disabled 1234 2015-02-05T00:00 -#Tenant Role +#Tenant base urls ./keystone-manage $*tenant_baseURL add 1234 1 ./keystone-manage $*tenant_baseURL add 1234 2 ./keystone-manage $*tenant_baseURL add 1234 3
\ No newline at end of file diff --git a/keystone/logic/service.py b/keystone/logic/service.py index 2061e386..8b2f0ba4 100755 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -433,6 +433,7 @@ class IdentityService(object): dtenant = db_api.tenant_get(user.tenant_id) if dtenant == None: raise fault.UnauthorizedFault("Unauthorized") + if not dtenant.enabled: raise fault.TenantDisabledFault("Your account has been disabled") @@ -518,9 +519,6 @@ class IdentityService(object): dtenant = db_api.tenant_get(duser.tenant_id) - if dtenant != None and not dtenant.enabled: - raise fault.TenantDisabledFault("Your account has been disabled") - ts = [] dusergroups = db_api.user_groups_get_all(user_id) @@ -541,10 +539,6 @@ class IdentityService(object): if not duser.enabled: raise fault.UserDisabledFault("User has been disabled") - dtenant = db_api.tenant_get(user.tenant_id) - if dtenant != None and not dtenant.enabled: - raise fault.TenantDisabledFault("Your account has been disabled") - if not isinstance(user, users.User): raise fault.BadRequestFault("Expecting a User") @@ -612,10 +606,18 @@ class IdentityService(object): if duser == None: raise fault.ItemNotFoundFault("The user could not be found") - values = {'tenant_id': user.tenant_id} + + dtenant = db_api.tenant_get(user.tenant_id) - db_api.user_update(user_id, values) + #Check if tenant exists.If user has passed a tenant that does not exist throw error. + #If user is trying to update to a tenant that is disabled throw an error. + if dtenant == None and len(user.tenant_id) > 0: + raise fault.ItemNotFoundFault("The tenant not found") + elif not dtenant.enabled: + raise fault.TenantDisabledFault("Your account has been disabled") + values = {'tenant_id': user.tenant_id} + db_api.user_update(user_id, values) return users.User_Update(None, None, user.tenant_id, None, None, None) def delete_user(self, admin_token, user_id): @@ -625,8 +627,6 @@ class IdentityService(object): raise fault.ItemNotFoundFault("The user could not be found") dtenant = db_api.tenant_get(duser.tenant_id) - if dtenant != None and not dtenant.enabled: - raise fault.TenantDisabledFault("Your account has been disabled") db_api.user_delete_tenant(user_id, dtenant.id) return None diff --git a/keystone/logic/types/user.py b/keystone/logic/types/user.py index 43e7e986..795eb21e 100644..100755 --- a/keystone/logic/types/user.py +++ b/keystone/logic/types/user.py @@ -226,7 +226,7 @@ class User_Update(object): if self.user_id: user["id"] = self.user_id - if self.user_id: + if self.tenant_id: user["tenantId"] = self.tenant_id if self.password: user["password"] = self.password diff --git a/keystone/server.py b/keystone/server.py index a56ee593..a4d83713 100755 --- a/keystone/server.py +++ b/keystone/server.py @@ -325,7 +325,7 @@ class UserController(wsgi.Controller): @utils.wrap_error def update_user_tenant(self, req, user_id): user = utils.get_normalized_request_content(users.User_Update, req) - service.set_user_tenant(utils.get_auth_token(req), user_id, + rval = service.set_user_tenant(utils.get_auth_token(req), user_id, user) return utils.send_result(200, req, rval) @@ -681,7 +681,7 @@ class KeystoneAdminAPI(wsgi.Router): controller=user_controller, action="set_user_password", conditions=dict(method=["PUT"])) - mapper.connect("/v2.0/{tenant_id}/users/{user_id}", + mapper.connect("/v2.0/users/{user_id}/tenant", controller=user_controller, action="update_user_tenant", conditions=dict(method=["PUT"])) diff --git a/keystone/test/unit/test_common.py b/keystone/test/unit/test_common.py index c7656e94..4d2d6796 100755 --- a/keystone/test/unit/test_common.py +++ b/keystone/test/unit/test_common.py @@ -441,6 +441,28 @@ def user_enabled_xml(user_id, auth_token): "ACCEPT": "application/xml"}) return (resp, content) +def user_tenant_update_json(user_id, tenant_id, auth_token): + h = httplib2.Http(".cache") + url = '%susers/%s/tenant' % (URL, user_id) + data = {"user": {"tenantId": tenant_id}} + resp, content = h.request(url, "PUT", body=json.dumps(data), + headers={"Content-Type": "application/json", + "X-Auth-Token": auth_token}) + return (resp, content) + + +def user_tenant_update_xml(user_id, tenant_id, auth_token): + h = httplib2.Http(".cache") + url = '%susers/%s/tenant' % (URL, user_id) + data = '<?xml version="1.0" encoding="UTF-8"?> \ + <user xmlns="http://docs.openstack.org/identity/api/v2.0" \ + tenantId="%s" />' % (tenant_id) + resp, content = h.request(url, "PUT", body=data, + headers={"Content-Type": "application/xml", + "X-Auth-Token": auth_token, + "ACCEPT": "application/xml"}) + return (resp, content) + def user_get_xml(user_id, auth_token): h = httplib2.Http(".cache") diff --git a/keystone/test/unit/test_users.py b/keystone/test/unit/test_users.py index 28c8f995..13c9875a 100755 --- a/keystone/test/unit/test_users.py +++ b/keystone/test/unit/test_users.py @@ -798,30 +798,6 @@ class GetUsersGroupTest(UserTest): self.fail('Service Not Available') self.assertEqual(404, resp_val) self.assertEqual('application/xml', utils.content_type(resp)) -''' - def test_users_group_get_disabled_tenant(self): - resp, content = utils.users_group_get_json('0000', - self.user, - self.auth_token) - resp_val = int(resp['status']) - if resp_val == 500: - self.fail('Identity Fault') - elif resp_val == 503: - self.fail('Service Not Available') - self.assertEqual(403, resp_val) - - def test_users_group_get_disabled_tenant_xml(self): - resp, content = utils.users_group_get_xml('0000', - self.user, - self.auth_token) - resp_val = int(resp['status']) - if resp_val == 500: - self.fail('Identity Fault') - elif resp_val == 503: - self.fail('Service Not Available') - self.assertEqual(403, resp_val) - self.assertEqual('application/xml', utils.content_type(resp)) -''' class UpdateUserTest(UserTest): @@ -1313,33 +1289,6 @@ class SetEnabledTest(UserTest): utils.delete_user(self.user, str(self.auth_token)) self.assertEqual(400, resp_val) self.assertEqual('application/xml', utils.content_type(resp)) - ''' - TODO: Right now the very first call to create a user fails.This prevents from executing test.Need to find a way. - def test_user_enabled_disabled_tenant(self): - utils.create_user(self.tenant, self.user, str(self.auth_token)) - resp, content = utils.user_enabled_json(self.user, - str(self.auth_token)) - resp_val = int(resp['status']) - content = json.loads(content) - if resp_val == 500: - self.fail('Identity Fault') - elif resp_val == 503: - self.fail('Service Not Available') - self.assertEqual(403, resp_val) - - def test_user_enabled_disabled_tenant_xml(self): - utils.create_user(self.tenant, self.user, str(self.auth_token)) - resp, content = utils.user_enabled_xml(self.user, - str(self.auth_token)) - resp_val = int(resp['status']) - content = etree.fromstring(content) - if resp_val == 500: - self.fail('Identity Fault') - elif resp_val == 503: - self.fail('Service Not Available') - self.assertEqual(403, resp_val) - self.assertEqual('application/xml', utils.content_type(resp)) - ''' def test_user_enabled_expired_token(self): utils.create_user(self.tenant, self.user, str(self.auth_token)) @@ -1441,6 +1390,167 @@ class SetEnabledTest(UserTest): self.assertEqual(401, resp_val) self.assertEqual('application/xml', utils.content_type(resp)) +class TenantUpdateTest(UserTest): + + def test_update_user_tenant(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_json(self.user, utils.get_another_tenant(), + str(self.auth_token)) + resp_val = int(resp['status']) + content = json.loads(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(200, resp_val) + self.assertEqual(utils.get_another_tenant(), content['user']['tenantId']) + + def test_update_user_tenant_xml(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_xml(self.user, utils.get_another_tenant(), + str(self.auth_token)) + resp_val = int(resp['status']) + content = etree.fromstring(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(200, resp_val) + self.assertEqual(utils.get_another_tenant(), content.get("tenantId")) + self.assertEqual('application/xml', utils.content_type(resp)) + + def test_update_user_tenant_using_invalid_tenant(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_json(self.user, "unknown", + str(self.auth_token)) + resp_val = int(resp['status']) + content = json.loads(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + self.assertEqual(404, resp_val) + utils.delete_user(self.user, str(self.auth_token)) + + def test_update_user_tenant_using_disabled_tenant(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_json(self.user, "disable", + str(self.auth_token)) + resp_val = int(resp['status']) + content = json.loads(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + self.assertEqual(404, resp_val) + utils.delete_user(self.user, str(self.auth_token)) + + def test_update_user_tenant_using_missing_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_json(self.user, utils.get_another_tenant(), + str(self.missing_token)) + resp_val = int(resp['status']) + content = json.loads(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(401, resp_val) + + def test_update_user_tenant_using_invalid_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_json(self.user, utils.get_another_tenant(), + str(self.invalid_token)) + resp_val = int(resp['status']) + content = json.loads(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(404, resp_val) + + def test_update_user_tenant_using_disabled_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_json(self.user, utils.get_another_tenant(), + str(self.disabled_token)) + resp_val = int(resp['status']) + content = json.loads(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(403, resp_val) + + def test_update_user_tenant_using_exp_auth_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_json(self.user, utils.get_another_tenant(), + str(self.exp_auth_token)) + resp_val = int(resp['status']) + content = json.loads(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(403, resp_val) + + def test_update_user_tenant_xml_using_missing_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_xml(self.user, utils.get_another_tenant(), + str(self.missing_token)) + resp_val = int(resp['status']) + content = etree.fromstring(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(401, resp_val) + + def test_update_user_tenant_xml_using_invalid_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_xml(self.user, utils.get_another_tenant(), + str(self.invalid_token)) + resp_val = int(resp['status']) + content = etree.fromstring(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(404, resp_val) + + def test_update_user_tenant_xml_using_disabled_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_xml(self.user, utils.get_another_tenant(), + str(self.disabled_token)) + resp_val = int(resp['status']) + content = etree.fromstring(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(403, resp_val) + + def test_update_user_tenant_xml_using_exp_auth_token(self): + utils.create_user(self.tenant, self.user, str(self.auth_token)) + resp, content = utils.user_tenant_update_xml(self.user, utils.get_another_tenant(), + str(self.exp_auth_token)) + resp_val = int(resp['status']) + content = etree.fromstring(content) + if resp_val == 500: + self.fail('Identity Fault') + elif resp_val == 503: + self.fail('Service Not Available') + utils.delete_user(self.user, str(self.auth_token)) + self.assertEqual(403, resp_val) + class AddUserTest(UserTest): |