diff options
| author | Jenkins <jenkins@review.openstack.org> | 2013-06-05 00:13:54 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-06-05 00:13:54 +0000 |
| commit | 99717a8fc8f5dc0f5cc310a8113ade5536657cfa (patch) | |
| tree | b1c4a596fa74412a0fbedd807d1df8f1de35b0af | |
| parent | e183b93481de61d909abb9569841bd553e1ea489 (diff) | |
| parent | db0370d2d30de086e5b973e14cd6a8790a555ee9 (diff) | |
| download | keystone-99717a8fc8f5dc0f5cc310a8113ade5536657cfa.tar.gz keystone-99717a8fc8f5dc0f5cc310a8113ade5536657cfa.tar.xz keystone-99717a8fc8f5dc0f5cc310a8113ade5536657cfa.zip | |
Merge "split authenticate call"
| -rw-r--r-- | keystone/identity/backends/kvs.py | 19 | ||||
| -rw-r--r-- | keystone/identity/backends/ldap/core.py | 16 | ||||
| -rw-r--r-- | keystone/identity/backends/pam.py | 22 | ||||
| -rw-r--r-- | keystone/identity/backends/sql.py | 18 | ||||
| -rw-r--r-- | keystone/identity/core.py | 21 | ||||
| -rw-r--r-- | tests/test_backend.py | 265 | ||||
| -rw-r--r-- | tests/test_backend_ldap.py | 3 | ||||
| -rw-r--r-- | tests/test_import_legacy.py | 14 | ||||
| -rw-r--r-- | tests/test_migrate_nova_auth.py | 5 |
9 files changed, 215 insertions, 168 deletions
diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py index 101ceb9e..339d2e75 100644 --- a/keystone/identity/backends/kvs.py +++ b/keystone/identity/backends/kvs.py @@ -23,29 +23,23 @@ from keystone import identity class Identity(kvs.Base, identity.Driver): # Public interface - def authenticate(self, user_id=None, tenant_id=None, password=None): - """Authenticate based on a user, tenant and password. - - Expects the user object to have a password field and the tenant to be - in the list of tenants on the user. - - """ + def authenticate_user(self, user_id=None, password=None): user_ref = None - tenant_ref = None - metadata_ref = {} - try: user_ref = self._get_user(user_id) except exception.UserNotFound: raise AssertionError('Invalid user / password') - if not utils.check_password(password, user_ref.get('password')): raise AssertionError('Invalid user / password') + return user_ref + def authorize_for_project(self, user_ref, tenant_id=None): + user_id = user_ref['id'] + tenant_ref = None + metadata_ref = {} if tenant_id is not None: if tenant_id not in self.get_projects_for_user(user_id): raise AssertionError('Invalid tenant') - try: tenant_ref = self.get_project(tenant_id) metadata_ref = self.get_metadata(user_id, tenant_id) @@ -54,7 +48,6 @@ class Identity(kvs.Base, identity.Driver): metadata_ref = {} except exception.MetadataNotFound: metadata_ref = {} - return (identity.filter_user(user_ref), tenant_ref, metadata_ref) def get_project(self, tenant_id): diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index 65330149..4493e49c 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -95,20 +95,12 @@ class Identity(identity.Driver): raise ValueError(_('Expected dict or list: %s') % type(ref)) # Identity interface - def authenticate(self, user_id=None, tenant_id=None, password=None): - """Authenticate based on a user, tenant and password. - - Expects the user object to have a password field and the tenant to be - in the list of tenants on the user. - """ - tenant_ref = None - metadata_ref = {} + def authenticate_user(self, user_id=None, password=None): try: user_ref = self._get_user(user_id) except exception.UserNotFound: raise AssertionError('Invalid user / password') - try: conn = self.user.get_connection(self.user._id_to_dn(user_id), password) @@ -116,6 +108,12 @@ class Identity(identity.Driver): raise AssertionError('Invalid user / password') except Exception: raise AssertionError('Invalid user / password') + return user_ref + + def authorize_for_project(self, user_ref, tenant_id=None): + user_id = user_ref['id'] + tenant_ref = None + metadata_ref = {} if tenant_id is not None: if tenant_id not in self.get_projects_for_user(user_id): diff --git a/keystone/identity/backends/pam.py b/keystone/identity/backends/pam.py index 1a312a27..9c4bbf38 100644 --- a/keystone/identity/backends/pam.py +++ b/keystone/identity/backends/pam.py @@ -58,18 +58,20 @@ class PamIdentity(identity.Driver): Tenant is always the same as User, root user has admin role. """ - def authenticate(self, user_id, tenant_id, password): + def authenticate_user(self, user_id=None, password=None): auth = pam.authenticate if pam else PAM_authenticate - if auth(user_id, password): - metadata = {} - if user_id == 'root': - metadata['is_admin'] = True + if not auth(user_id, password): + raise AssertionError('Invalid user / password') + user = {'id': user_id, 'name': user_id} + return user - tenant = {'id': user_id, 'name': user_id} - - user = {'id': user_id, 'name': user_id} - - return (user, tenant, metadata) + def authorize_for_project(self, user_ref, tenant_id=None): + user_id = user_ref['id'] + metadata = {} + if user_id == 'root': + metadata['is_admin'] = True + tenant = {'id': user_id, 'name': user_id} + return (user_ref, tenant, metadata) def get_project(self, tenant_id): return {'id': tenant_id, 'name': tenant_id} diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 71cab057..41285579 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -156,27 +156,21 @@ class Identity(sql.Base, identity.Driver): return utils.check_password(password, user_ref.password) # Identity interface - def authenticate(self, user_id=None, tenant_id=None, password=None): - """Authenticate based on a user, tenant and password. - - Expects the user object to have a password field and the tenant to be - in the list of tenants on the user. - - """ + def authenticate_user(self, user_id=None, password=None): session = self.get_session() - user_ref = None - tenant_ref = None - metadata_ref = {} - try: user_ref = self._get_user(session, user_id) except exception.UserNotFound: raise AssertionError('Invalid user / password') - if not self._check_password(password, user_ref): raise AssertionError('Invalid user / password') + return user_ref + def authorize_for_project(self, user_ref, tenant_id=None): + user_id = user_ref['id'] + tenant_ref = None + metadata_ref = {} if tenant_id is not None: # FIXME(gyee): this should really be # get_roles_for_user_and_project() after the dusts settle diff --git a/keystone/identity/core.py b/keystone/identity/core.py index fde7ac8d..6f30c744 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -62,6 +62,16 @@ class Manager(manager.Manager): def __init__(self): super(Manager, self).__init__(CONF.identity.driver) + def authenticate(self, context, user_id=None, + tenant_id=None, password=None): + """Authenticate a given user and password and + authorize them for a tenant. + :returns: (user_ref, tenant_ref, metadata_ref) + :raises: AssertionError + """ + user_ref = self.driver.authenticate_user(user_id, password) + return self.driver.authorize_for_project(user_ref, tenant_id) + def create_user(self, context, user_id, user_ref): user = user_ref.copy() if 'enabled' not in user: @@ -86,12 +96,17 @@ class Manager(manager.Manager): class Driver(object): """Interface description for an Identity driver.""" - def authenticate(self, user_id=None, tenant_id=None, password=None): - """Authenticate a given user, tenant and password. + def authenticate_user(self, user_id, password): + """Authenticate a given user and password. + :returns: user_ref + :raises: AssertionError + """ + raise exception.NotImplemented() + def authorize_for_project(self, tenant_id, user_ref): + """Authenticate a given user for a tenant. :returns: (user_ref, tenant_ref, metadata_ref) :raises: AssertionError - """ raise exception.NotImplemented() diff --git a/tests/test_backend.py b/tests/test_backend.py index 8f87e4e1..57f3315c 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -29,6 +29,7 @@ CONF = config.CONF DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id TIME_FORMAT = '%Y-%m-%dT%H:%M:%S.%fZ' NULL_OBJECT = object() +EMPTY_CONTEXT = {} class IdentityTests(object): @@ -58,27 +59,31 @@ class IdentityTests(object): def test_authenticate_bad_user(self): self.assertRaises(AssertionError, - self.identity_api.authenticate, + self.identity_man.authenticate, + EMPTY_CONTEXT, user_id=uuid.uuid4().hex, tenant_id=self.tenant_bar['id'], password=self.user_foo['password']) def test_authenticate_bad_password(self): self.assertRaises(AssertionError, - self.identity_api.authenticate, + self.identity_man.authenticate, + EMPTY_CONTEXT, user_id=self.user_foo['id'], tenant_id=self.tenant_bar['id'], password=uuid.uuid4().hex) def test_authenticate_bad_project(self): self.assertRaises(AssertionError, - self.identity_api.authenticate, + self.identity_man.authenticate, + EMPTY_CONTEXT, user_id=self.user_foo['id'], tenant_id=uuid.uuid4().hex, password=self.user_foo['password']) def test_authenticate_no_project(self): - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=self.user_foo['id'], password=self.user_foo['password']) # NOTE(termie): the password field is left in user_foo to make @@ -90,7 +95,8 @@ class IdentityTests(object): self.assert_(not metadata_ref) def test_authenticate(self): - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=self.user_sna['id'], tenant_id=self.tenant_bar['id'], password=self.user_sna['password']) @@ -107,7 +113,8 @@ class IdentityTests(object): def test_authenticate_role_return(self): self.identity_api.add_role_to_user_and_project( self.user_foo['id'], self.tenant_baz['id'], self.role_admin['id']) - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=self.user_foo['id'], tenant_id=self.tenant_baz['id'], password=self.user_foo['password']) @@ -124,7 +131,8 @@ class IdentityTests(object): self.identity_api.create_user(user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + EMPTY_CONTEXT, user_id=user['id'], tenant_id=self.tenant_baz['id'], password=user['password']) @@ -279,10 +287,10 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -292,10 +300,10 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['id'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake2', user) @@ -310,8 +318,8 @@ class IdentityTests(object): 'name': user1['name'], 'domain_id': new_domain['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user1['id'], user1) - self.identity_man.create_user({}, user2['id'], user2) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user2['id'], user2) def test_move_user_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -322,7 +330,7 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user['id'], user) + self.identity_man.create_user(EMPTY_CONTEXT, user['id'], user) user['domain_id'] = domain2['id'] self.identity_api.update_user(user['id'], user) @@ -336,14 +344,14 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) # Now create a user in domain2 with a potentially clashing # name - which should work since we have domain separation user2 = {'id': uuid.uuid4().hex, 'name': user1['name'], 'domain_id': domain2['id'], 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user2['id'], user2) + self.identity_man.create_user(EMPTY_CONTEXT, user2['id'], user2) # Now try and move user1 into the 2nd domain - which should # fail since the names clash user1['domain_id'] = domain2['id'] @@ -392,20 +400,20 @@ class IdentityTests(object): def test_create_duplicate_project_id_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, 'fake1', tenant) def test_create_duplicate_project_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['id'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, 'fake1', tenant) @@ -416,8 +424,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID} tenant2 = {'id': uuid.uuid4().hex, 'name': tenant1['name'], 'domain_id': new_domain['id']} - self.identity_man.create_project({}, tenant1['id'], tenant1) - self.identity_man.create_project({}, tenant2['id'], tenant2) + self.identity_man.create_project(EMPTY_CONTEXT, tenant1['id'], tenant1) + self.identity_man.create_project(EMPTY_CONTEXT, tenant2['id'], tenant2) def test_move_project_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -427,7 +435,7 @@ class IdentityTests(object): project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project['id'], project) + self.identity_man.create_project(EMPTY_CONTEXT, project['id'], project) project['domain_id'] = domain2['id'] self.identity_api.update_project(project['id'], project) @@ -440,13 +448,15 @@ class IdentityTests(object): project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) # Now create a project in domain2 with a potentially clashing # name - which should work since we have domain separation project2 = {'id': uuid.uuid4().hex, 'name': project1['name'], 'domain_id': domain2['id']} - self.identity_man.create_project({}, project2['id'], project2) + self.identity_man.create_project(EMPTY_CONTEXT, + project2['id'], project2) # Now try and move project1 into the 2nd domain - which should # fail since the names clash project1['domain_id'] = domain2['id'] @@ -460,8 +470,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID} tenant2 = {'id': 'fake2', 'name': 'fake2', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant1) - self.identity_man.create_project({}, 'fake2', tenant2) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant1) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake2', tenant2) tenant2['name'] = 'fake1' self.assertRaises(exception.Error, self.identity_api.update_project, @@ -718,11 +728,12 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': 'secret', 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) roles_ref = self.identity_api.list_grants( @@ -755,11 +766,12 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -795,21 +807,25 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': new_domain['id']} - self.identity_man.create_project({}, new_project['id'], new_project) + self.identity_man.create_project(EMPTY_CONTEXT, + new_project['id'], new_project) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group2['id'], new_group2) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group2['id'], new_group2) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) new_user2 = {'id': uuid.uuid4().hex, 'name': 'new_user2', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user2['id'], new_user2) + self.identity_man.create_user(EMPTY_CONTEXT, + new_user2['id'], new_user2) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) # First check we have no grants @@ -857,7 +873,7 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': 'secret', 'enabled': True, 'domain_id': new_domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) roles_ref = self.identity_api.list_grants( user_id=new_user['id'], domain_id=new_domain['id']) @@ -898,7 +914,7 @@ class IdentityTests(object): self.identity_api.create_domain(domain2['id'], domain2) group1 = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) roles_ref = self.identity_api.list_grants( group_id=group1['id'], domain_id=domain1['id']) @@ -951,7 +967,7 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) roles_ref = self.identity_api.list_grants( user_id=user1['id'], domain_id=domain1['id']) @@ -999,10 +1015,11 @@ class IdentityTests(object): self.identity_api.create_domain(domain2['id'], domain2) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) roles_ref = self.identity_api.list_grants( group_id=group1['id'], project_id=project1['id']) @@ -1044,10 +1061,11 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) roles_ref = self.identity_api.list_grants( user_id=user1['id'], project_id=project1['id']) @@ -1088,13 +1106,15 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, + group1['id'], group1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) self.identity_api.add_user_to_group(user1['id'], group1['id']) @@ -1155,14 +1175,15 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.identity_api.create_grant(user_id=user1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1216,14 +1237,15 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.identity_api.create_grant(user_id=user1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1264,14 +1286,15 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_project({}, project1['id'], project1) + self.identity_man.create_project(EMPTY_CONTEXT, + project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.identity_api.create_grant(group_id=group1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1437,7 +1460,7 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': 'a' * 65, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) @@ -1445,7 +1468,7 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': '', 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) @@ -1453,20 +1476,20 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': None, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) tenant = {'id': 'fake1', 'name': 123, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_project, {}, + self.identity_man.create_project, EMPTY_CONTEXT, tenant['id'], tenant) def test_update_project_blank_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = '' self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1476,7 +1499,7 @@ class IdentityTests(object): def test_update_project_long_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = 'a' * 65 self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1486,7 +1509,7 @@ class IdentityTests(object): def test_update_project_invalid_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_man.create_project(EMPTY_CONTEXT, 'fake1', tenant) tenant['name'] = None self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1503,7 +1526,7 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': 'a' * 65, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -1511,7 +1534,7 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': '', 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -1519,14 +1542,14 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': None, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) user = {'id': 'fake1', 'name': 123, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, 'fake1', user) @@ -1538,14 +1561,14 @@ class IdentityTests(object): # invalid string value 'enabled': "true"} self.assertRaises(exception.ValidationError, - self.identity_man.create_user, {}, + self.identity_man.create_user, EMPTY_CONTEXT, user['id'], user) def test_update_user_long_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = 'a' * 65 self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -1555,7 +1578,7 @@ class IdentityTests(object): def test_update_user_blank_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = '' self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -1565,7 +1588,7 @@ class IdentityTests(object): def test_update_user_invalid_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_user({}, 'fake1', user) + self.identity_man.create_user(EMPTY_CONTEXT, 'fake1', user) user['name'] = None self.assertRaises(exception.ValidationError, @@ -1593,8 +1616,8 @@ class IdentityTests(object): 'id': uuid.uuid4().hex, 'domain_id': CONF.identity.default_domain_id, 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, group1['id'], group1) - self.identity_man.create_group({}, group2['id'], group2) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group2['id'], group2) groups = self.identity_api.list_groups() self.assertEquals(len(groups), 2) group_ids = [] @@ -1661,7 +1684,8 @@ class IdentityTests(object): new_project = {'id': 'tenant_id', 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} original_project = new_project.copy() - self.identity_man.create_project({}, 'tenant_id', new_project) + self.identity_man.create_project(EMPTY_CONTEXT, + 'tenant_id', new_project) self.assertDictEqual(original_project, new_project) def test_create_user_doesnt_modify_passed_in_dict(self): @@ -1669,7 +1693,7 @@ class IdentityTests(object): 'password': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} original_user = new_user.copy() - self.identity_man.create_user({}, 'user_id', new_user) + self.identity_man.create_user(EMPTY_CONTEXT, 'user_id', new_user) self.assertDictEqual(original_user, new_user) def test_update_user_enable(self): @@ -1745,11 +1769,12 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) groups = self.identity_api.list_groups_for_user(new_user['id']) @@ -1765,7 +1790,8 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, + new_user['id'], new_user) self.assertRaises(exception.GroupNotFound, self.identity_api.add_user_to_group, new_user['id'], @@ -1773,7 +1799,8 @@ class IdentityTests(object): new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) self.assertRaises(exception.UserNotFound, self.identity_api.add_user_to_group, uuid.uuid4().hex, @@ -1783,11 +1810,12 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) self.identity_api.check_user_in_group(new_user['id'], new_group['id']) @@ -1797,7 +1825,8 @@ class IdentityTests(object): 'id': uuid.uuid4().hex, 'domain_id': CONF.identity.default_domain_id, 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) self.assertRaises(exception.UserNotFound, self.identity_api.check_user_in_group, uuid.uuid4().hex, @@ -1807,11 +1836,13 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, + new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) user_refs = self.identity_api.list_users_in_group(new_group['id']) @@ -1825,11 +1856,12 @@ class IdentityTests(object): domain = self._get_domain_fixture() new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) groups = self.identity_api.list_groups_for_user(new_user['id']) @@ -1844,10 +1876,11 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_man.create_user({}, new_user['id'], new_user) + self.identity_man.create_user(EMPTY_CONTEXT, new_user['id'], new_user) new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, new_group['id'], new_group) + self.identity_man.create_group(EMPTY_CONTEXT, + new_group['id'], new_group) self.assertRaises(exception.NotFound, self.identity_api.remove_user_from_group, new_user['id'], @@ -1868,7 +1901,7 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} - self.identity_man.create_group({}, group['id'], group) + self.identity_man.create_group(EMPTY_CONTEXT, group['id'], group) group_ref = self.identity_api.get_group(group['id']) self.assertDictContainsSubset(group, group_ref) @@ -1887,9 +1920,9 @@ class IdentityTests(object): 'name': uuid.uuid4().hex} group2 = {'id': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'name': group1['name']} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) self.assertRaises(exception.Conflict, - self.identity_man.create_group, {}, + self.identity_man.create_group, EMPTY_CONTEXT, group2['id'], group2) def test_create_duplicate_group_name_in_different_domains(self): @@ -1899,8 +1932,8 @@ class IdentityTests(object): 'name': uuid.uuid4().hex} group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': group1['name']} - self.identity_man.create_group({}, group1['id'], group1) - self.identity_man.create_group({}, group2['id'], group2) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group2['id'], group2) def test_move_group_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -1910,7 +1943,7 @@ class IdentityTests(object): group = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_group({}, group['id'], group) + self.identity_man.create_group(EMPTY_CONTEXT, group['id'], group) group['domain_id'] = domain2['id'] self.identity_api.update_group(group['id'], group) @@ -1923,13 +1956,13 @@ class IdentityTests(object): group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group(EMPTY_CONTEXT, group1['id'], group1) # Now create a group in domain2 with a potentially clashing # name - which should work since we have domain separation group2 = {'id': uuid.uuid4().hex, 'name': group1['name'], 'domain_id': domain2['id']} - self.identity_man.create_group({}, group2['id'], group2) + self.identity_man.create_group(EMPTY_CONTEXT, group2['id'], group2) # Now try and move group1 into the 2nd domain - which should # fail since the names clash group1['domain_id'] = domain2['id'] @@ -1944,7 +1977,7 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain['id']} - self.identity_man.create_project({}, project['id'], project) + self.identity_man.create_project(EMPTY_CONTEXT, project['id'], project) project_ref = self.identity_api.get_project(project['id']) self.assertDictContainsSubset(project, project_ref) @@ -2003,7 +2036,7 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, 'domain_id': domain['id'], 'enabled': True} - self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user(EMPTY_CONTEXT, user1['id'], user1) user_projects = self.identity_api.list_user_projects(user1['id']) self.assertEquals(len(user_projects), 0) self.identity_api.create_grant(user_id=user1['id'], @@ -2371,9 +2404,11 @@ class CatalogTests(object): # delete self.catalog_api.delete_service(service_id) self.assertRaises(exception.ServiceNotFound, - self.catalog_man.delete_service, {}, service_id) + self.catalog_man.delete_service, + EMPTY_CONTEXT, service_id) self.assertRaises(exception.ServiceNotFound, - self.catalog_man.get_service, {}, service_id) + self.catalog_man.get_service, + EMPTY_CONTEXT, service_id) def test_delete_service_with_endpoint(self): # create a service @@ -2398,20 +2433,22 @@ class CatalogTests(object): # deleting the service should also delete the endpoint self.catalog_api.delete_service(service['id']) self.assertRaises(exception.EndpointNotFound, - self.catalog_man.get_endpoint, {}, endpoint['id']) + self.catalog_man.get_endpoint, + EMPTY_CONTEXT, endpoint['id']) self.assertRaises(exception.EndpointNotFound, - self.catalog_man.delete_endpoint, {}, endpoint['id']) + self.catalog_man.delete_endpoint, + EMPTY_CONTEXT, endpoint['id']) def test_get_service_404(self): self.assertRaises(exception.ServiceNotFound, self.catalog_man.get_service, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_delete_service_404(self): self.assertRaises(exception.ServiceNotFound, self.catalog_man.delete_service, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_create_endpoint_404(self): @@ -2421,20 +2458,20 @@ class CatalogTests(object): } self.assertRaises(exception.ServiceNotFound, self.catalog_man.create_endpoint, - {}, + EMPTY_CONTEXT, endpoint['id'], endpoint) def test_get_endpoint_404(self): self.assertRaises(exception.EndpointNotFound, self.catalog_man.get_endpoint, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_delete_endpoint_404(self): self.assertRaises(exception.EndpointNotFound, self.catalog_man.delete_endpoint, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_create_endpoint(self): @@ -2501,7 +2538,7 @@ class PolicyTests(object): # (cannot change policy ID) self.assertRaises(exception.ValidationError, self.policy_man.update_policy, - {}, + EMPTY_CONTEXT, orig['id'], ref) @@ -2515,27 +2552,29 @@ class PolicyTests(object): self.policy_api.delete_policy(ref['id']) self.assertRaises(exception.PolicyNotFound, - self.policy_man.delete_policy, {}, ref['id']) + self.policy_man.delete_policy, + EMPTY_CONTEXT, ref['id']) self.assertRaises(exception.PolicyNotFound, - self.policy_man.get_policy, {}, ref['id']) + self.policy_man.get_policy, + EMPTY_CONTEXT, ref['id']) res = self.policy_api.list_policies() self.assertFalse(len([x for x in res if x['id'] == ref['id']])) def test_get_policy_404(self): self.assertRaises(exception.PolicyNotFound, self.policy_man.get_policy, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) def test_update_policy_404(self): self.assertRaises(exception.PolicyNotFound, self.policy_man.update_policy, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex, - {}) + EMPTY_CONTEXT) def test_delete_policy_404(self): self.assertRaises(exception.PolicyNotFound, self.policy_man.delete_policy, - {}, + EMPTY_CONTEXT, uuid.uuid4().hex) diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index 61214002..5845dda7 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -624,7 +624,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): self.identity_man.create_user({}, user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=user['id'], tenant_id=self.tenant_baz['id'], password=user['password']) diff --git a/tests/test_import_legacy.py b/tests/test_import_legacy.py index 0c37e808..50bf22f9 100644 --- a/tests/test_import_legacy.py +++ b/tests/test_import_legacy.py @@ -25,6 +25,7 @@ from keystone.catalog.backends import templated as catalog_templated from keystone.common.sql import legacy from keystone.common.sql import util as sql_util from keystone import config +from keystone import identity from keystone.identity.backends import sql as identity_sql from keystone import test @@ -40,6 +41,7 @@ class ImportLegacy(test.TestCase): test.testsdir('backend_sql.conf'), test.testsdir('backend_sql_disk.conf')]) sql_util.setup_test_database() + self.identity_man = identity.Manager() self.identity_api = identity_sql.Identity() def tearDown(self): @@ -70,8 +72,8 @@ class ImportLegacy(test.TestCase): self.assertEquals(user_ref['enabled'], True) # check password hashing - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( - user_id=admin_id, password='secrete') + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=admin_id, password='secrete') # check catalog self._check_catalog(migration) @@ -87,8 +89,8 @@ class ImportLegacy(test.TestCase): self.assertEquals(user_ref['enabled'], True) # check password hashing - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( - user_id=admin_id, password='secrete') + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=admin_id, password='secrete') # check catalog self._check_catalog(migration) @@ -104,8 +106,8 @@ class ImportLegacy(test.TestCase): self.assertEquals(user_ref['enabled'], True) # check password hashing - user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( - user_id=admin_id, password='secrete') + user_ref, tenant_ref, metadata_ref = self.identity_man.authenticate( + {}, user_id=admin_id, password='secrete') # check catalog self._check_catalog(migration) diff --git a/tests/test_migrate_nova_auth.py b/tests/test_migrate_nova_auth.py index 4e3e37b8..a4ad0fb4 100644 --- a/tests/test_migrate_nova_auth.py +++ b/tests/test_migrate_nova_auth.py @@ -20,6 +20,7 @@ from keystone.common.sql import nova from keystone.common.sql import util as sql_util from keystone import config from keystone.contrib.ec2.backends import sql as ec2_sql +from keystone import identity from keystone.identity.backends import sql as identity_sql from keystone import test @@ -74,6 +75,7 @@ class MigrateNovaAuth(test.TestCase): test.testsdir('backend_sql.conf'), test.testsdir('backend_sql_disk.conf')]) sql_util.setup_test_database() + self.identity_man = identity.Manager() self.identity_api = identity_sql.Identity() self.ec2_api = ec2_sql.Ec2() @@ -118,7 +120,8 @@ class MigrateNovaAuth(test.TestCase): for _user in FIXTURE['users']: if _user['id'] == old_user: password = _user['password'] - self.identity_api.authenticate(user['id'], tenant_id, password) + self.identity_man.authenticate({}, user['id'], + tenant_id, password) for ec2_cred in FIXTURE['ec2_credentials']: user_id = users[ec2_cred['user_id']]['id'] |