Merge "standardize ldap and related tests"

author: Jenkins <jenkins@review.openstack.org> 2012-03-02 19:08:55 +0000
committer: Gerrit Code Review <review@openstack.org> 2012-03-02 19:08:55 +0000
commit: ca97ac85513853b50fcac73f77ceadc9cf36df7e (patch)
tree: d1b0fbd6089aa65aa75131a961777a29715f2d3a
parent: ea4999d22e325ccb915a9f59d6dd5b996cfed319 (diff)
parent: dd35d2afbfc7bcd41cd5c68b440f5c502d32d656 (diff)
download: keystone-ca97ac85513853b50fcac73f77ceadc9cf36df7e.tar.gz
keystone-ca97ac85513853b50fcac73f77ceadc9cf36df7e.tar.xz
keystone-ca97ac85513853b50fcac73f77ceadc9cf36df7e.zip
6 files changed, 30 insertions, 31 deletions
diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py
index 35ac476d..1e1c6ad6 100644
--- a/keystone/identity/backends/kvs.py
+++ b/keystone/identity/backends/kvs.py
@@ -49,7 +49,9 @@ class Identity(kvs.Base, identity.Driver):
         if (not user_ref
             or not utils.check_password(password, user_ref.get('password'))):
             raise AssertionError('Invalid user / password')
-        if tenant_id and tenant_id not in user_ref['tenants']:
+
+        tenants = self.get_tenants_for_user(user_id)
+        if tenant_id and tenant_id not in tenants:
             raise AssertionError('Invalid tenant')
 
         tenant_ref = self.get_tenant(tenant_id)
diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py
index 409a384a..3138720f 100644
--- a/keystone/identity/backends/ldap/core.py
+++ b/keystone/identity/backends/ldap/core.py
@@ -74,17 +74,11 @@ class Identity(identity.Driver):
         except Exception:
             raise AssertionError('Invalid user / password')
 
-        if tenant_id:
-            found = False
-            for tenant in user_ref['tenants']:
-                if tenant == tenant_id:
-                    found = True
-                    break
+        tenants = self.get_tenants_for_user(user_id)
+        if tenant_id and tenant_id not in tenants:
+            raise AssertionError('Invalid tenant')
 
-            if not found:
-                raise AssertionError('Invalid tenant')
-
-        tenant_ref = self.tenant.get(tenant_id)
+        tenant_ref = self.get_tenant(tenant_id)
         metadata_ref = {}
         # TODO(termie): this should probably be made into a get roles call
         #if tenant_ref:
@@ -103,10 +97,6 @@ class Identity(identity.Driver):
         user_ref = self.user.get(user_id)
         if not user_ref:
             return None
-        tenants = self.tenant.get_user_tenants(user_id)
-        user_ref['tenants'] = []
-        for tenant in tenants:
-            user_ref['tenants'].append(tenant['id'])
         return user_ref
 
     def get_user(self, user_id):
diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py
index adc33b12..cf1f70e2 100644
--- a/keystone/identity/backends/sql.py
+++ b/keystone/identity/backends/sql.py
@@ -128,8 +128,6 @@ class Identity(sql.Base, identity.Driver):
 
         """
         user_ref = self._get_user(user_id)
-        tenant_ref = None
-        metadata_ref = None
         if (not user_ref
             or not utils.check_password(password, user_ref.get('password'))):
             raise AssertionError('Invalid user / password')
diff --git a/tests/_ldap_livetest.py b/tests/_ldap_livetest.py
index 76b2e7e1..167e0e51 100644
--- a/tests/_ldap_livetest.py
+++ b/tests/_ldap_livetest.py
@@ -1,6 +1,7 @@
 # vim: tabstop=4 shiftwidth=4 softtabstop=4
 
 import subprocess
+import nose.exc
 
 from keystone import config
 from keystone import test
@@ -27,20 +28,20 @@ def delete_object(name):
 
 def clear_live_database():
     roles = ['keystone_admin']
-    groups = ['baz', 'bar', 'tenent4add','fake1','fake2']
-    users = ['foo', 'two','fake1','fake2']
+    groups = ['baz', 'bar', 'tenent4add', 'fake1', 'fake2']
+    users = ['foo', 'two', 'fake1', 'fake2']
     roles = ['keystone_admin', 'useless']
 
     for group in groups:
         for role in roles:
-            delete_object ('cn=%s,cn=%s,ou=Groups' % (role, group))
+            delete_object('cn=%s,cn=%s,ou=Groups' % (role, group))
         delete_object('cn=%s,ou=Groups' % group)
 
     for user in users:
-        delete_object ('cn=%s,ou=Users' % user)
+        delete_object('cn=%s,ou=Users' % user)
 
     for role in roles:
-        delete_object ('cn=%s,ou=Roles' % role)
+        delete_object('cn=%s,ou=Roles' % role)
 
 
 class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
@@ -52,10 +53,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
         clear_live_database()
         self.identity_api = identity_ldap.Identity()
         self.load_fixtures(default_fixtures)
-        self.user_foo = {'id': 'foo',
-                         'name': 'FOO',
-                         'password': 'foo2',
-                         'tenants': ['bar']}
 
     def tearDown(self):
         test.TestCase.tearDown(self)
+
+    def test_get_user_by_name(self):
+        raise nose.exc.SkipTest('not implemented in ldap yet')
diff --git a/tests/test_backend.py b/tests/test_backend.py
index 01ac73ea..dc566252 100644
--- a/tests/test_backend.py
+++ b/tests/test_backend.py
@@ -71,7 +71,6 @@ class IdentityTests(object):
         user_ref = self.identity_api._get_user(self.user_foo['id'])
         self.assertNotEqual(user_ref['password'], self.user_foo['password'])
 
-
     def test_get_tenant_bad_tenant(self):
         tenant_ref = self.identity_api.get_tenant(
                 tenant_id=self.tenant_bar['id'] + 'WRONG')
@@ -105,6 +104,15 @@ class IdentityTests(object):
         self.user_foo.pop('password')
         self.assertDictEquals(user_ref, self.user_foo)
 
+    def test_get_user_by_name(self):
+        user_ref = self.identity_api.get_user_by_name(
+                user_name=self.user_foo['name'])
+        # NOTE(termie): the password field is left in user_foo to make it easier
+        #               to authenticate in tests, but should not be returned by
+        #               the api
+        self.user_foo.pop('password')
+        self.assertDictEquals(user_ref, self.user_foo)
+
     def test_get_metadata_bad_user(self):
         metadata_ref = self.identity_api.get_metadata(
                 user_id=self.user_foo['id'] + 'WRONG',
diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py
index 06bf0735..b989bcef 100644
--- a/tests/test_backend_ldap.py
+++ b/tests/test_backend_ldap.py
@@ -1,5 +1,7 @@
 # vim: tabstop=4 shiftwidth=4 softtabstop=4
 
+import nose.exc
+
 from keystone import config
 from keystone import test
 from keystone.common.ldap import fakeldap
@@ -26,10 +28,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests):
         clear_database()
         self.identity_api = identity_ldap.Identity()
         self.load_fixtures(default_fixtures)
-        self.user_foo = {'id': 'foo',
-                         'name': 'FOO',
-                         'password': 'foo2',
-                         'tenants': ['bar']}
 
     def tearDown(self):
         test.TestCase.tearDown(self)
+
+    def test_get_user_by_name(self):
+        raise nose.exc.SkipTest('not implemented in ldap yet')
author	Jenkins <jenkins@review.openstack.org>	2012-03-02 19:08:55 +0000
committer	Gerrit Code Review <review@openstack.org>	2012-03-02 19:08:55 +0000
commit	ca97ac85513853b50fcac73f77ceadc9cf36df7e (patch)
tree	d1b0fbd6089aa65aa75131a961777a29715f2d3a
parent	ea4999d22e325ccb915a9f59d6dd5b996cfed319 (diff)
parent	dd35d2afbfc7bcd41cd5c68b440f5c502d32d656 (diff)
download	keystone-ca97ac85513853b50fcac73f77ceadc9cf36df7e.tar.gz keystone-ca97ac85513853b50fcac73f77ceadc9cf36df7e.tar.xz keystone-ca97ac85513853b50fcac73f77ceadc9cf36df7e.zip