diff options
author | Adam Young <ayoung@redhat.com> | 2012-02-06 21:21:46 -0500 |
---|---|---|
committer | termie <github@anarkystic.com> | 2012-02-27 16:51:46 -0800 |
commit | 63437e9dca3b969c917fb138716aa4d3e5fabafa (patch) | |
tree | 1d0281f532e02dc10d608cd331fb3fd2c7d7ac7a /tests/_ldap_livetest.py | |
parent | 679fd363d8a44098cdf4fa2044b068e51016c02d (diff) | |
download | keystone-63437e9dca3b969c917fb138716aa4d3e5fabafa.tar.gz keystone-63437e9dca3b969c917fb138716aa4d3e5fabafa.tar.xz keystone-63437e9dca3b969c917fb138716aa4d3e5fabafa.zip |
LDAP Identity backend
Bug 933852
Merged over the code from the legacy keystone implementation, updated
style and streamlined the API a bit.
* Unit tests can be run against a live OpenLDAP server
* Password hashing done via passlib. Only does salted sha1, which is what simple_bind requires, but is not secure.
* Added pip dependencies
Change-Id: I5296d94f6b7d0a7c7dbc887cdae872171e34bb5f
Diffstat (limited to 'tests/_ldap_livetest.py')
-rw-r--r-- | tests/_ldap_livetest.py | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/tests/_ldap_livetest.py b/tests/_ldap_livetest.py new file mode 100644 index 00000000..76b2e7e1 --- /dev/null +++ b/tests/_ldap_livetest.py @@ -0,0 +1,61 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +import subprocess + +from keystone import config +from keystone import test +from keystone.identity.backends import ldap as identity_ldap + +import default_fixtures +import test_backend + + +CONF = config.CONF + + +def delete_object(name): + devnull = open('/dev/null', 'w') + dn = '%s,%s' % (name, CONF.ldap.suffix) + subprocess.call(['ldapdelete', + '-x', + '-D', CONF.ldap.user, + '-H', CONF.ldap.url, + '-w', CONF.ldap.password, + dn], + stderr=devnull) + + +def clear_live_database(): + roles = ['keystone_admin'] + groups = ['baz', 'bar', 'tenent4add','fake1','fake2'] + users = ['foo', 'two','fake1','fake2'] + roles = ['keystone_admin', 'useless'] + + for group in groups: + for role in roles: + delete_object ('cn=%s,cn=%s,ou=Groups' % (role, group)) + delete_object('cn=%s,ou=Groups' % group) + + for user in users: + delete_object ('cn=%s,ou=Users' % user) + + for role in roles: + delete_object ('cn=%s,ou=Roles' % role) + + +class LDAPIdentity(test.TestCase, test_backend.IdentityTests): + def setUp(self): + super(LDAPIdentity, self).setUp() + CONF(config_files=[test.etcdir('keystone.conf'), + test.testsdir('test_overrides.conf'), + test.testsdir('backend_liveldap.conf')]) + clear_live_database() + self.identity_api = identity_ldap.Identity() + self.load_fixtures(default_fixtures) + self.user_foo = {'id': 'foo', + 'name': 'FOO', + 'password': 'foo2', + 'tenants': ['bar']} + + def tearDown(self): + test.TestCase.tearDown(self) |