diff options
| author | sirish.bitra <sirish.bitra@gmail.com> | 2011-05-16 15:35:34 +0530 |
|---|---|---|
| committer | sirish.bitra <sirish.bitra@gmail.com> | 2011-05-16 15:35:34 +0530 |
| commit | 647d4bb99cb48789947d2840ca50f8af3dd07c6f (patch) | |
| tree | 974899b04b58f0340de7dc8ff3ff9c78a030f1ff | |
| parent | 61d7addeaf56867a4d1b124bd289e340e9a2e5c9 (diff) | |
multi token test cases and bug fixes
| -rw-r--r-- | keystone/db/sqlalchemy/api.py | 9 | ||||
| -rw-r--r-- | keystone/logic/service.py | 11 | ||||
| -rw-r--r-- | test/unit/test_authentication.py | 59 | ||||
| -rw-r--r-- | test/unit/test_common.py | 44 | ||||
| -rw-r--r-- | test/unit/test_token.py | 7 |
5 files changed, 97 insertions, 33 deletions
diff --git a/keystone/db/sqlalchemy/api.py b/keystone/db/sqlalchemy/api.py index 3f5ec52f..9e5fa6f8 100644 --- a/keystone/db/sqlalchemy/api.py +++ b/keystone/db/sqlalchemy/api.py @@ -274,13 +274,6 @@ def user_get(id, session=None): return result -def user_get_by_tenant(id, tenant_id, session=None): - if not session: - session = get_session() - user_tenant = session.query(models.UserTenantAssociation).filter_by(\ - tenant_id=tenant_id, user_id=id).first() - print '1' * 80 - return user_tenant def user_get_email(email, session=None): @@ -703,7 +696,7 @@ def user_delete_tenant(id, tenant_id, session=None): for group_user in group_users: session.delete(group_user) user_tenant_ref = session.query(models.UserTenantAssociation)\ - .filter_by(user_id=id, tenant_id=tenant_id).first() + .filter_by(user_id=id).first() if user_tenant_ref is None: user_ref = user_get(id, session) session.delete(user_ref) diff --git a/keystone/logic/service.py b/keystone/logic/service.py index fc66d8d6..6d07e386 100644 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -57,8 +57,7 @@ class IDMService(object): credentials.tenant_id) """ # added following code - dtoken = db_api.token_for_user_tenant(duser.id, - credentials.tenant_id) + dtoken = db_api.token_for_user_tenant(duser.id, credentials.tenant_id) #--- if not dtoken or dtoken.expires < datetime.now(): dtoken = db_models.Token() @@ -69,11 +68,13 @@ class IDMService(object): raise fault.IDMFault("Strange: user %s is not associated " "with a tenant!" % duser.id) user = db_api.user_get_by_tenant(duser.id, credentials.tenant_id) - if not credentials.tenant_id and user: - raise fault.IDMFault("Error: user %s is not associated " + + if not credentials.tenant_id or not user: + raise fault.ForbiddenFault("Error: user %s is " + "not associated " "with a tenant! %s" % (duser.id, credentials.tenant_id)) - dtoken.tenant_id = credentials.tenant_id + dtoken.tenant_id = credentials.tenant_id #removing following code for multi token """else: dtoken.tenant_id = duser.tenants[0].tenant_id""" diff --git a/test/unit/test_authentication.py b/test/unit/test_authentication.py index 6f7af0f7..3946f1f3 100644 --- a/test/unit/test_authentication.py +++ b/test/unit/test_authentication.py @@ -18,11 +18,11 @@ class AuthenticationTest(unittest.TestCase): self.tenant = utils.get_tenant() self.token = utils.get_token('joeuser', 'secrete', self.tenant, 'token') - self.user = utils.get_user() + #self.user = utils.get_user() self.userdisabled = utils.get_userdisabled() self.auth_token = utils.get_auth_token() - self.exp_auth_token = utils.get_exp_auth_token() - self.disabled_token = utils.get_disabled_token() + #self.exp_auth_token = utils.get_exp_auth_token() + #self.disabled_token = utils.get_disabled_token() def tearDown(self): utils.delete_token(self.token, self.auth_token) @@ -41,11 +41,12 @@ class AuthenticationTest(unittest.TestCase): def test_a_authorize_user_disabled(self): header = httplib2.Http(".cache") url = '%stoken' % utils.URL - body = {"passwordCredentials": {"username": "disabled", + body = {"passwordCredentials": {"username": self.userdisabled, "password": "secrete", "tenantId" : self.tenant}} resp, content = header.request(url, "POST", body=json.dumps(body), headers={"Content-Type": "application/json"}) + content = json.loads(content) if int(resp['status']) == 500: self.fail('IDM fault') @@ -60,11 +61,12 @@ class AuthenticationTest(unittest.TestCase): body = '<?xml version="1.0" encoding="UTF-8"?> \ <passwordCredentials \ xmlns="http://docs.openstack.org/idm/api/v1.0" \ - password="secrete" username="disabled" \ - tenantId="%s"/>' % self.tenant + password="secrete" username="%s" \ + tenantId="%s"/>' % (self.userdisabled, self.tenant) resp, content = header.request(url, "POST", body=body, headers={"Content-Type": "application/xml", "ACCEPT": "application/xml"}) + content = etree.fromstring(content) if int(resp['status']) == 500: self.fail('IDM fault') @@ -94,7 +96,7 @@ class AuthenticationTest(unittest.TestCase): url = '%stoken' % utils.URL body = '<?xml version="1.0" encoding="UTF-8"?> \ <passwordCredentials \ - xmlns="http://docs.openstack.org/idm/api/v1.0" \ + xmlns="http://docs.openstack.org/1idm/api/v1.0" \ password="secrete" username-w="disabled" \ tenantId="%s"/>' % self.tenant resp, content = header.request(url, "POST", body=body, @@ -108,5 +110,48 @@ class AuthenticationTest(unittest.TestCase): self.assertEqual(400, int(resp['status'])) self.assertEqual('application/xml', utils.content_type(resp)) +class MultiToken(unittest.TestCase): + def setUp(self): + self.auth_token = utils.get_auth_token() + self.userdisabled = utils.get_userdisabled() + resp1, content1 = utils.create_tenant('test_tenant1', self.auth_token) + #create tenant2 + resp2, content2 = utils.create_tenant('test_tenant2', self.auth_token) + #create user1 with tenant1 + resp3, content3 = utils.create_user('test_tenant1', 'test_user1', + self.auth_token) + resp3, content3 = utils.create_user('test_tenant1', 'test_user2', + self.auth_token) + #add user1 to tenant2 + resp4, content4 = utils.add_user_json('test_tenant2', 'test_user1', + self.auth_token) + #self.exp_auth_token = utils.get_exp_auth_token() + #self.disabled_token = utils.get_disabled_token() + + def tearDown(self): + utils.delete_user('test_tenant1', 'test_user1', self.auth_token) + utils.delete_user('test_tenant1', 'test_user2', self.auth_token) + utils.delete_user('test_tenant2', 'test_user1', self.auth_token) + utils.delete_tenant('test_tenant1', self.auth_token) + utils.delete_tenant('test_tenant2', self.auth_token) + + def test_multi_token(self): + #get token for user1 with tenant1 + token1 = utils.get_token('test_user1', 'secrete', 'test_tenant1', 'token') + #get token for user 1 with tenant2 + token2 = utils.get_token('test_user1', 'secrete', 'test_tenant2', 'token') + #test result :: both token should be different + self.assertNotEqual(token1, None) + self.assertNotEqual(token2, None) + self.assertNotEqual(token1, token2) + + resp = utils.delete_token(token1, self.auth_token) + resp = utils.delete_token(token2, self.auth_token) + + def test_unassigned_user(self): + resp, content = utils.get_token('test_user2', 'secrete', 'test_tenant2') + + self.assertEqual(403, int(resp['status'])) + if __name__ == '__main__': unittest.main() diff --git a/test/unit/test_common.py b/test/unit/test_common.py index 86088ed4..51452a19 100644 --- a/test/unit/test_common.py +++ b/test/unit/test_common.py @@ -14,7 +14,7 @@ from lxml import etree URL = 'http://localhost:8080/v1.0/' -def get_token(user, pswd, tenant_id, kind='',): +def get_token(user, pswd, tenant_id, kind=''): header = httplib2.Http(".cache") url = '%stoken' % URL # to test multi token, removing below code @@ -33,12 +33,17 @@ def get_token(user, pswd, tenant_id, kind='',): #--- resp, content = header.request(url, "POST", body=json.dumps(body), headers={"Content-Type": "application/json"}) - content = json.loads(content) - token = str(content['auth']['token']['id']) + + if int(resp['status']) == 200: + content = json.loads(content) + token = str(content['auth']['token']['id']) + else: + token = None if kind == 'token': return token else: return (resp, content) + def delete_token(token, auth_token): @@ -81,7 +86,7 @@ def delete_tenant(tenantid, auth_token): resp, content = header.request(url, "DELETE", body='{}', headers={"Content-Type": "application/json", "X-Auth-Token": auth_token}) - return (resp, content) + return resp def delete_tenant_group(groupid, tenantid, auth_token): @@ -164,10 +169,13 @@ def get_token_xml(user, pswd, tenant_id, type=''): headers={"Content-Type": "application/xml", "ACCEPT": "application/xml"}) - dom = etree.fromstring(content) - root = dom.find("{http://docs.openstack.org/idm/api/v1.0}token") - token_root = root.attrib - token = str(token_root['id']) + if int(resp['status']) == 200: + dom = etree.fromstring(content) + root = dom.find("{http://docs.openstack.org/idm/api/v1.0}token") + token_root = root.attrib + token = str(token_root['id']) + else: + token = None if type == 'token': return token else: @@ -221,7 +229,7 @@ def delete_tenant_xml(tenantid, auth_token): headers={"Content-Type": "application/xml", "X-Auth-Token": auth_token, "ACCEPT": "application/xml"}) - return (resp, content) + return resp def delete_tenant_group_xml(groupid, tenantid, auth_token): @@ -254,7 +262,7 @@ def delete_user(tenant, userid, auth_token): resp, content = header.request(url, "DELETE", body='{}', headers={"Content-Type": "application/json", "X-Auth-Token": auth_token}) - + print content return resp @@ -292,6 +300,22 @@ def delete_user_xml(tenantid, userid, auth_token): "ACCEPT": "application/xml"}) return resp +def add_user_json(tenantid, userid, auth_token): + header = httplib2.Http(".cache") + url = '%stenants/%s/users/%s/add' % (URL, tenantid, userid) + resp, content = header.request(url, "PUT", body='{}', + headers={"Content-Type": "application/json", + "X-Auth-Token": auth_token}) + return (resp, content) + +def add_user_xml(tenantid, userid, auth_token): + header = httplib2.Http(".cache") + url = '%stenants/%s/users/%s/add' % (URL, tenantid, userid) + resp, content = header.request(url, "PUT", body='{}', + headers={"Content-Type": "application/xml", + "X-Auth-Token": auth_token, + "ACCEPT": "application/xml"}) + return (resp, content) def user_update_json(tenant_id, user_id, auth_token, email=None): h = httplib2.Http(".cache") diff --git a/test/unit/test_token.py b/test/unit/test_token.py index 9eee2391..ee72a521 100644 --- a/test/unit/test_token.py +++ b/test/unit/test_token.py @@ -1,5 +1,6 @@ import os import sys + # Need to access identity module sys.path.append(os.path.abspath(os.path.join(os.path.abspath(__file__), '..', '..', '..', '..', 'keystone'))) @@ -13,11 +14,11 @@ class ValidateToken(unittest.TestCase): def setUp(self): self.tenant = utils.get_tenant() self.token = utils.get_token('joeuser', 'secrete', self.tenant, 'token') - self.user = utils.get_user() - self.userdisabled = utils.get_userdisabled() + #self.user = utils.get_user() + #self.userdisabled = utils.get_userdisabled() self.auth_token = utils.get_auth_token() self.exp_auth_token = utils.get_exp_auth_token() - self.disabled_token = utils.get_disabled_token() + #self.disabled_token = utils.get_disabled_token() def tearDown(self): utils.delete_token(self.token, self.auth_token) |