diff options
| author | Allan Feid <allanfeid@gmail.com> | 2013-03-12 15:47:45 -0400 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2013-03-19 14:40:53 -0400 |
| commit | a066b69fbe1ad2e3f577a3a21487d2eaebe22a15 (patch) | |
| tree | 5a92adae69a5070d0adbad649e79d697ac9571f1 | |
| parent | aa6ec45fc01c71729a7db9f2f86e0335247629e4 (diff) | |
Fix live ldap tests
Clean up clear_live_database so that all fixture data is removed. Make sure we
use the configured trees for each ldap object in tests. Ensure all live tests
pass or are skipped where appropriate.
Fixes: bug #1154277
Change-Id: I2eb4efe78e2c9d2a18bce339765b3ab5d20ac8f5
| -rw-r--r-- | keystone/identity/backends/ldap/core.py | 4 | ||||
| -rw-r--r-- | tests/_ldap_livetest.py | 93 | ||||
| -rw-r--r-- | tests/backend_liveldap.conf | 21 | ||||
| -rw-r--r-- | tests/test_backend.py | 22 | ||||
| -rw-r--r-- | tests/test_backend_ldap.py | 59 |
5 files changed, 121 insertions, 78 deletions
diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index cc60d0b9..72446ce3 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -176,7 +176,9 @@ class Identity(identity.Driver): data = tenant.copy() if 'id' not in data or data['id'] is None: data['id'] = str(uuid.uuid4().hex) - return self.project.create(tenant) + if 'description' in data and data['description'] in ['', None]: + data.pop('description') + return self.project.create(data) def update_project(self, tenant_id, tenant): if 'name' in tenant: diff --git a/tests/_ldap_livetest.py b/tests/_ldap_livetest.py index f74bf16c..7eb343e6 100644 --- a/tests/_ldap_livetest.py +++ b/tests/_ldap_livetest.py @@ -14,6 +14,9 @@ # License for the specific language governing permissions and limitations # under the License. +import ldap +import ldap.modlist +import nose.exc import subprocess from keystone import config @@ -27,44 +30,70 @@ import test_backend_ldap CONF = config.CONF -def delete_object(name): - devnull = open('/dev/null', 'w') - dn = '%s,%s' % (name, CONF.ldap.suffix) - subprocess.call(['ldapdelete', - '-x', - '-D', CONF.ldap.user, - '-H', CONF.ldap.url, - '-w', CONF.ldap.password, - dn], - stderr=devnull) - - -def clear_live_database(): - roles = ['keystone_admin', 'fake1', 'fake2', 'useless'] - groups = ['baz', 'bar', 'tenent4add', 'fake1', 'fake2'] - users = ['foo', 'two', 'fake1', 'fake2', 'no_meta'] - - for group in groups: - for role in roles: - delete_object('cn=%s,cn=%s,ou=Groups' % (role, group)) - delete_object('cn=%s,ou=Groups' % group) - - for user in users: - delete_object('cn=%s,ou=Users' % user) - - for role in roles: - delete_object('cn=%s,ou=Roles' % role) +def create_object(dn, attrs): + conn = ldap.initialize(CONF.ldap.url) + conn.simple_bind_s(CONF.ldap.user, CONF.ldap.password) + ldif = ldap.modlist.addModlist(attrs) + conn.add_s(dn, ldif) + conn.unbind_s() class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity): - def setUp(self): - super(LiveLDAPIdentity, self).setUp() + + def clear_database(self): + devnull = open('/dev/null', 'w') + subprocess.call(['ldapdelete', + '-x', + '-D', CONF.ldap.user, + '-H', CONF.ldap.url, + '-w', CONF.ldap.password, + '-r', CONF.ldap.suffix], + stderr=devnull) + + if CONF.ldap.suffix.startswith('ou='): + tree_dn_attrs = {'objectclass': 'organizationalUnit', + 'ou': 'openstack'} + else: + tree_dn_attrs = {'objectclass': ['dcObject', 'organizationalUnit'], + 'dc': 'openstack', + 'ou': 'openstack'} + create_object(CONF.ldap.suffix, tree_dn_attrs) + create_object(CONF.ldap.user_tree_dn, + {'objectclass': 'organizationalUnit', + 'ou': 'Users'}) + create_object(CONF.ldap.role_tree_dn, + {'objectclass': 'organizationalUnit', + 'ou': 'Roles'}) + create_object(CONF.ldap.tenant_tree_dn, + {'objectclass': 'organizationalUnit', + 'ou': 'Projects'}) + + # NOTE(crazed): This feature is currently being added + create_object("ou=Groups,%s" % CONF.ldap.suffix, + {'objectclass': 'organizationalUnit', + 'ou': 'Groups'}) + + def _set_config(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_liveldap.conf')]) - clear_live_database() - self.identity_api = identity_ldap.Identity() - self.load_fixtures(default_fixtures) + + def test_build_tree(self): + """Regression test for building the tree names + """ + #logic is different from the fake backend. + user_api = identity_ldap.UserApi(CONF) + self.assertTrue(user_api) + self.assertEquals(user_api.tree_dn, CONF.ldap.user_tree_dn) def tearDown(self): test.TestCase.tearDown(self) + + def test_user_enable_attribute_mask(self): + raise nose.exc.SkipTest('Test is for Active Directory Only') + + def test_configurable_allowed_project_actions(self): + raise nose.exc.SkipTest('Blocked by bug 1155234') + + def test_project_crud(self): + raise nose.exc.SkipTest('Blocked by bug 1155234') diff --git a/tests/backend_liveldap.conf b/tests/backend_liveldap.conf index d1075664..60a71cc8 100644 --- a/tests/backend_liveldap.conf +++ b/tests/backend_liveldap.conf @@ -1,9 +1,16 @@ [ldap] url = ldap://localhost -suffix = dc=younglogic,dc=com -user_tree_dn = ou=Users,dc=younglogic,dc=com -role_tree_dn = ou=Roles,dc=younglogic,dc=com -tenant_tree_dn = ou=Groups,dc=younglogic,dc=com -user = dc=Manager,dc=younglogic,dc=com -password = freeipa4all -backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role'] +user = dc=Manager,dc=openstack,dc=org +password = test +suffix = dc=openstack,dc=org +role_tree_dn = ou=Roles,dc=openstack,dc=org +tenant_tree_dn = ou=Projects,dc=openstack,dc=org +user_tree_dn = ou=Users,dc=openstack,dc=org +tenant_enabled_emulation = True +user_enabled_emulation = True +user_mail_attribute = mail +use_dumb_member = True + +[identity] +driver = keystone.identity.backends.ldap.Identity + diff --git a/tests/test_backend.py b/tests/test_backend.py index ce5ca258..ac54aba4 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -117,7 +117,7 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'no_meta2', } - self.identity_man.create_user({}, user['id'], user) + self.identity_api.create_user(user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( @@ -350,8 +350,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_man.create_user({}, 'fake1', user1) - self.identity_man.create_user({}, 'fake2', user2) + self.identity_api.create_user('fake1', user1) + self.identity_api.create_user('fake2', user2) user2['name'] = 'fake1' self.assertRaises(exception.Conflict, self.identity_api.update_user, @@ -364,7 +364,7 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_man.create_user({}, 'fake1', user) + self.identity_api.create_user('fake1', user) user['id'] = 'fake2' self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -458,7 +458,7 @@ class IdentityTests(object): def test_update_project_id_does_nothing(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant['id'] = 'fake2' self.identity_api.update_project('fake1', tenant) tenant_ref = self.identity_api.get_project('fake1') @@ -1389,7 +1389,7 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user['id'], user) + self.identity_api.create_user(user['id'], user) self.identity_api.add_user_to_project(self.tenant_bar['id'], user['id']) self.identity_api.delete_user(user['id']) @@ -1402,7 +1402,7 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'password': uuid.uuid4().hex} - self.identity_man.create_user({}, user['id'], user) + self.identity_api.create_user(user['id'], user) self.identity_api.add_role_to_user_and_project( user['id'], self.tenant_bar['id'], @@ -1606,7 +1606,7 @@ class IdentityTests(object): def test_delete_project_with_role_assignments(self): tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, tenant['id'], tenant) + self.identity_api.create_project(tenant['id'], tenant) self.identity_api.add_role_to_user_and_project( self.user_foo['id'], tenant['id'], 'member') self.identity_api.delete_project(tenant['id']) @@ -1647,7 +1647,7 @@ class IdentityTests(object): def test_update_user_enable(self): user = {'id': 'fake1', 'name': 'fake1', 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_user({}, 'fake1', user) + self.identity_api.create_user('fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], True) @@ -1664,7 +1664,7 @@ class IdentityTests(object): def test_update_project_enable(self): tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['enabled'], True) @@ -1914,7 +1914,7 @@ class IdentityTests(object): def test_user_crud(self): user = {'domain_id': uuid.uuid4().hex, 'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': 'passw0rd'} - self.identity_man.create_user({}, user['id'], user) + self.identity_api.create_user(user['id'], user) user_ref = self.identity_api.get_user(user['id']) del user['password'] user_ref_dict = dict((x, user_ref[x]) for x in user_ref) diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index c93749a7..8ea514bc 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -32,18 +32,21 @@ import test_backend CONF = config.CONF -def clear_database(): - db = fakeldap.FakeShelve().get_instance() - db.clear() +class LDAPIdentity(test.TestCase, test_backend.IdentityTests): + def clear_database(self): + db = fakeldap.FakeShelve().get_instance() + db.clear() -class LDAPIdentity(test.TestCase, test_backend.IdentityTests): - def setUp(self): - super(LDAPIdentity, self).setUp() + def _set_config(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) - clear_database() + + def setUp(self): + super(LDAPIdentity, self).setUp() + self._set_config() + self.clear_database() self.identity_man = identity.Manager() self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) @@ -62,7 +65,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): 'name': 'fake1', 'password': 'fakepass1', 'tenants': ['bar']} - self.identity_man.create_user({}, 'fake1', user) + self.identity_api.create_user('fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['id'], 'fake1') @@ -103,7 +106,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.identity_api = identity.backends.ldap.Identity() tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_man.create_project({}, 'fake1', tenant) + self.identity_api.create_project('fake1', tenant) tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['id'], 'fake1') @@ -208,7 +211,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_dumb_member(self): CONF.ldap.use_dumb_member = True CONF.ldap.dumb_member = 'cn=dumb,cn=example,cn=com' - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) self.assertRaises(exception.UserNotFound, @@ -217,35 +220,32 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_user_attribute_mapping(self): CONF.ldap.user_name_attribute = 'sn' - CONF.ldap.user_mail_attribute = 'email' + CONF.ldap.user_mail_attribute = 'mail' CONF.ldap.user_enabled_attribute = 'enabled' - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) self.assertEqual(user_ref['name'], self.user_two['name']) self.assertEqual(user_ref['email'], self.user_two['email']) - self.assertEqual(user_ref['enabled'], self.user_two['enabled']) - CONF.ldap.user_name_attribute = 'email' + CONF.ldap.user_name_attribute = 'mail' CONF.ldap.user_mail_attribute = 'sn' self.identity_api = identity.backends.ldap.Identity() user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) self.assertEqual(user_ref['name'], self.user_two['email']) self.assertEqual(user_ref['email'], self.user_two['name']) - self.assertEqual(user_ref['enabled'], self.user_two['enabled']) def test_user_attribute_ignore(self): - CONF.ldap.user_attribute_ignore = ['name', 'email', 'password', + CONF.ldap.user_attribute_ignore = ['email', 'password', 'tenant_id', 'enabled', 'tenants'] - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) - self.assertNotIn('name', user_ref) self.assertNotIn('email', user_ref) self.assertNotIn('password', user_ref) self.assertNotIn('tenant_id', user_ref) @@ -254,9 +254,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_project_attribute_mapping(self): CONF.ldap.tenant_name_attribute = 'ou' - CONF.ldap.tenant_desc_attribute = 'desc' + CONF.ldap.tenant_desc_attribute = 'description' CONF.ldap.tenant_enabled_attribute = 'enabled' - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) @@ -267,7 +267,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.tenant_baz['description']) self.assertEqual(tenant_ref['enabled'], self.tenant_baz['enabled']) - CONF.ldap.tenant_name_attribute = 'desc' + CONF.ldap.tenant_name_attribute = 'description' CONF.ldap.tenant_desc_attribute = 'ou' self.identity_api = identity.backends.ldap.Identity() tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) @@ -280,7 +280,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_attribute_ignore = ['name', 'description', 'enabled'] - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) @@ -291,7 +291,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_role_attribute_mapping(self): CONF.ldap.role_name_attribute = 'ou' - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) role_ref = self.identity_api.get_role(self.role_member['id']) @@ -306,7 +306,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_role_attribute_ignore(self): CONF.ldap.role_attribute_ignore = ['name'] - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) role_ref = self.identity_api.get_role(self.role_member['id']) @@ -317,10 +317,10 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_enabled_attribute = 'enabled' CONF.ldap.user_enabled_mask = 2 CONF.ldap.user_enabled_default = 512 - clear_database() + self.clear_database() self.identity_api = identity.backends.ldap.Identity() user = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_man.create_user({}, 'fake1', user) + self.identity_api.create_user('fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], True) @@ -426,6 +426,11 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): } self.identity_api.create_project(project['id'], project) project_ref = self.identity_api.get_project(project['id']) + + # NOTE(crazed): If running live test with emulation, there will be + # an enabled key in the project_ref. + if self.identity_api.project.enabled_emulation: + project['enabled'] = True self.assertDictEqual(project_ref, project) project['description'] = uuid.uuid4().hex @@ -513,7 +518,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): test.testsdir('backend_ldap.conf')]) CONF.ldap.user_enabled_emulation = True CONF.ldap.tenant_enabled_emulation = True - clear_database() + self.clear_database() self.identity_man = identity.Manager() self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) |