Fix live ldap tests

Clean up clear_live_database so that all fixture data is removed. Make sure we use the configured trees for each ldap object in tests. Ensure all live tests pass or are skipped where appropriate. Fixes: bug #1154277 Change-Id: I2eb4efe78e2c9d2a18bce339765b3ab5d20ac8f5
author: Allan Feid <allanfeid@gmail.com> 2013-03-12 15:47:45 -0400
committer: Adam Young <ayoung@redhat.com> 2013-03-19 14:40:53 -0400
commit: a066b69fbe1ad2e3f577a3a21487d2eaebe22a15 (patch)
tree: 5a92adae69a5070d0adbad649e79d697ac9571f1 /tests/_ldap_livetest.py
parent: aa6ec45fc01c71729a7db9f2f86e0335247629e4 (diff)
download: keystone-a066b69fbe1ad2e3f577a3a21487d2eaebe22a15.tar.gz
keystone-a066b69fbe1ad2e3f577a3a21487d2eaebe22a15.tar.xz
keystone-a066b69fbe1ad2e3f577a3a21487d2eaebe22a15.zip
1 files changed, 61 insertions, 32 deletions
diff --git a/tests/_ldap_livetest.py b/tests/_ldap_livetest.py
index f74bf16c..7eb343e6 100644
--- a/tests/_ldap_livetest.py
+++ b/tests/_ldap_livetest.py
@@ -14,6 +14,9 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import ldap
+import ldap.modlist
+import nose.exc
 import subprocess
 
 from keystone import config
@@ -27,44 +30,70 @@ import test_backend_ldap
 CONF = config.CONF
 
 
-def delete_object(name):
-    devnull = open('/dev/null', 'w')
-    dn = '%s,%s' % (name, CONF.ldap.suffix)
-    subprocess.call(['ldapdelete',
-                     '-x',
-                     '-D', CONF.ldap.user,
-                     '-H', CONF.ldap.url,
-                     '-w', CONF.ldap.password,
-                     dn],
-                    stderr=devnull)
-
-
-def clear_live_database():
-    roles = ['keystone_admin', 'fake1', 'fake2', 'useless']
-    groups = ['baz', 'bar', 'tenent4add', 'fake1', 'fake2']
-    users = ['foo', 'two', 'fake1', 'fake2', 'no_meta']
-
-    for group in groups:
-        for role in roles:
-            delete_object('cn=%s,cn=%s,ou=Groups' % (role, group))
-        delete_object('cn=%s,ou=Groups' % group)
-
-    for user in users:
-        delete_object('cn=%s,ou=Users' % user)
-
-    for role in roles:
-        delete_object('cn=%s,ou=Roles' % role)
+def create_object(dn, attrs):
+    conn = ldap.initialize(CONF.ldap.url)
+    conn.simple_bind_s(CONF.ldap.user, CONF.ldap.password)
+    ldif = ldap.modlist.addModlist(attrs)
+    conn.add_s(dn, ldif)
+    conn.unbind_s()
 
 
 class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity):
-    def setUp(self):
-        super(LiveLDAPIdentity, self).setUp()
+
+    def clear_database(self):
+        devnull = open('/dev/null', 'w')
+        subprocess.call(['ldapdelete',
+                         '-x',
+                         '-D', CONF.ldap.user,
+                         '-H', CONF.ldap.url,
+                         '-w', CONF.ldap.password,
+                         '-r', CONF.ldap.suffix],
+                        stderr=devnull)
+
+        if CONF.ldap.suffix.startswith('ou='):
+            tree_dn_attrs = {'objectclass': 'organizationalUnit',
+                             'ou': 'openstack'}
+        else:
+            tree_dn_attrs = {'objectclass': ['dcObject', 'organizationalUnit'],
+                             'dc': 'openstack',
+                             'ou': 'openstack'}
+        create_object(CONF.ldap.suffix, tree_dn_attrs)
+        create_object(CONF.ldap.user_tree_dn,
+                      {'objectclass': 'organizationalUnit',
+                      'ou': 'Users'})
+        create_object(CONF.ldap.role_tree_dn,
+                      {'objectclass': 'organizationalUnit',
+                      'ou': 'Roles'})
+        create_object(CONF.ldap.tenant_tree_dn,
+                      {'objectclass': 'organizationalUnit',
+                      'ou': 'Projects'})
+
+        # NOTE(crazed): This feature is currently being added
+        create_object("ou=Groups,%s" % CONF.ldap.suffix,
+                      {'objectclass': 'organizationalUnit',
+                      'ou': 'Groups'})
+
+    def _set_config(self):
         self.config([test.etcdir('keystone.conf.sample'),
                      test.testsdir('test_overrides.conf'),
                      test.testsdir('backend_liveldap.conf')])
-        clear_live_database()
-        self.identity_api = identity_ldap.Identity()
-        self.load_fixtures(default_fixtures)
+
+    def test_build_tree(self):
+        """Regression test for building the tree names
+        """
+        #logic is different from the fake backend.
+        user_api = identity_ldap.UserApi(CONF)
+        self.assertTrue(user_api)
+        self.assertEquals(user_api.tree_dn, CONF.ldap.user_tree_dn)
 
     def tearDown(self):
         test.TestCase.tearDown(self)
+
+    def test_user_enable_attribute_mask(self):
+        raise nose.exc.SkipTest('Test is for Active Directory Only')
+
+    def test_configurable_allowed_project_actions(self):
+        raise nose.exc.SkipTest('Blocked by bug 1155234')
+
+    def test_project_crud(self):
+        raise nose.exc.SkipTest('Blocked by bug 1155234')
author	Allan Feid <allanfeid@gmail.com>	2013-03-12 15:47:45 -0400
committer	Adam Young <ayoung@redhat.com>	2013-03-19 14:40:53 -0400
commit	a066b69fbe1ad2e3f577a3a21487d2eaebe22a15 (patch)
tree	5a92adae69a5070d0adbad649e79d697ac9571f1 /tests/_ldap_livetest.py
parent	aa6ec45fc01c71729a7db9f2f86e0335247629e4 (diff)
download	keystone-a066b69fbe1ad2e3f577a3a21487d2eaebe22a15.tar.gz keystone-a066b69fbe1ad2e3f577a3a21487d2eaebe22a15.tar.xz keystone-a066b69fbe1ad2e3f577a3a21487d2eaebe22a15.zip