diff options
| author | Gordon Chung <chungg@ca.ibm.com> | 2013-02-15 10:15:05 -0500 |
|---|---|---|
| committer | Gordon Chung <chungg@ca.ibm.com> | 2013-03-07 15:42:38 -0500 |
| commit | 0297f6fd56123441fc273ae7a8f68d0e2149a1ad (patch) | |
| tree | 85403755d0620390c6669d20815da3458e47b14a /tests/test_backend_ldap.py | |
| parent | 2b49a0ad13a4aca086474f101b104ac562e1f2f0 (diff) | |
| download | keystone-0297f6fd56123441fc273ae7a8f68d0e2149a1ad.tar.gz keystone-0297f6fd56123441fc273ae7a8f68d0e2149a1ad.tar.xz keystone-0297f6fd56123441fc273ae7a8f68d0e2149a1ad.zip | |
add missing attributes for group/project tables (bug1126021)
add and assign default values for optional attributes to all backends
Change-Id: I54fe234b919162c3056c14f1f06c4de876080fb9
Diffstat (limited to 'tests/test_backend_ldap.py')
| -rw-r--r-- | tests/test_backend_ldap.py | 64 |
1 files changed, 33 insertions, 31 deletions
diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index 72bc09a1..965e2eed 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -22,7 +22,7 @@ from keystone.common import ldap as ldap_common from keystone.common.ldap import fakeldap from keystone import config from keystone import exception -from keystone.identity.backends import ldap as identity_ldap +from keystone import identity from keystone import test import default_fixtures @@ -44,24 +44,25 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_man = identity.Manager() + self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) def test_build_tree(self): """Regression test for building the tree names """ - user_api = identity_ldap.UserApi(CONF) + user_api = identity.backends.ldap.UserApi(CONF) self.assertTrue(user_api) self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix) def test_configurable_allowed_user_actions(self): - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user = {'id': 'fake1', 'name': 'fake1', 'password': 'fakepass1', 'tenants': ['bar']} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['id'], 'fake1') @@ -77,7 +78,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_allow_create = False CONF.ldap.user_allow_update = False CONF.ldap.user_allow_delete = False - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user = {'id': 'fake1', 'name': 'fake1', @@ -99,10 +100,10 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.user_foo['id']) def test_configurable_allowed_project_actions(self): - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['id'], 'fake1') @@ -118,7 +119,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_allow_create = False CONF.ldap.tenant_allow_update = False CONF.ldap.tenant_allow_delete = False - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() tenant = {'id': 'fake1', 'name': 'fake1'} self.assertRaises(exception.ForbiddenAction, @@ -136,7 +137,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.tenant_bar['id']) def test_configurable_allowed_role_actions(self): - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() role = {'id': 'fake1', 'name': 'fake1'} self.identity_api.create_role('fake1', role) @@ -155,7 +156,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.role_allow_create = False CONF.ldap.role_allow_update = False CONF.ldap.role_allow_delete = False - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} self.assertRaises(exception.ForbiddenAction, @@ -179,7 +180,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertDictEqual(user_ref, self.user_foo) CONF.ldap.user_filter = '(CN=DOES_NOT_MATCH)' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.assertRaises(exception.UserNotFound, self.identity_api.get_user, self.user_foo['id']) @@ -189,7 +190,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertDictEqual(tenant_ref, self.tenant_bar) CONF.ldap.tenant_filter = '(CN=DOES_NOT_MATCH)' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.assertRaises(exception.ProjectNotFound, self.identity_api.get_project, self.tenant_bar['id']) @@ -199,7 +200,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertDictEqual(role_ref, self.role_member) CONF.ldap.role_filter = '(CN=DOES_NOT_MATCH)' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.assertRaises(exception.RoleNotFound, self.identity_api.get_role, self.role_member['id']) @@ -208,7 +209,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.use_dumb_member = True CONF.ldap.dumb_member = 'cn=dumb,cn=example,cn=com' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) self.assertRaises(exception.UserNotFound, self.identity_api.get_user, @@ -219,7 +220,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_mail_attribute = 'email' CONF.ldap.user_enabled_attribute = 'enabled' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) @@ -229,7 +230,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_name_attribute = 'email' CONF.ldap.user_mail_attribute = 'sn' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) self.assertEqual(user_ref['name'], self.user_two['email']) @@ -240,7 +241,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_attribute_ignore = ['name', 'email', 'password', 'tenant_id', 'enabled', 'tenants'] clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) @@ -256,7 +257,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_desc_attribute = 'desc' CONF.ldap.tenant_enabled_attribute = 'enabled' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) @@ -268,7 +269,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_name_attribute = 'desc' CONF.ldap.tenant_desc_attribute = 'ou' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) self.assertEqual(tenant_ref['name'], self.tenant_baz['description']) @@ -280,7 +281,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): 'description', 'enabled'] clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) @@ -291,14 +292,14 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_role_attribute_mapping(self): CONF.ldap.role_name_attribute = 'ou' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) role_ref = self.identity_api.get_role(self.role_member['id']) self.assertEqual(role_ref['id'], self.role_member['id']) self.assertEqual(role_ref['name'], self.role_member['name']) CONF.ldap.role_name_attribute = 'sn' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() role_ref = self.identity_api.get_role(self.role_member['id']) self.assertEqual(role_ref['id'], self.role_member['id']) self.assertNotIn('name', role_ref) @@ -306,7 +307,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_role_attribute_ignore(self): CONF.ldap.role_attribute_ignore = ['name'] clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) role_ref = self.identity_api.get_role(self.role_member['id']) self.assertEqual(role_ref['id'], self.role_member['id']) @@ -317,9 +318,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_enabled_mask = 2 CONF.ldap.user_enabled_default = 512 clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], True) @@ -338,7 +339,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf')]) CONF.ldap.url = "fake://memory" - user_api = identity_ldap.UserApi(CONF) + user_api = identity.backends.ldap.UserApi(CONF) self.stubs.Set(fakeldap, 'FakeLdap', self.mox.CreateMock(fakeldap.FakeLdap)) # we have to track all calls on 'conn' to make sure that @@ -354,7 +355,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertRaisesRegexp( ValueError, 'Invalid LDAP scope: %s. *' % CONF.ldap.query_scope, - identity_ldap.Identity) + identity.backends.ldap.Identity) # TODO (henry-nash) These need to be removed when the full LDAP implementation # is submitted - see Bugs 1092187, 1101287, 1101276, 1101289 @@ -488,7 +489,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): CONF.ldap.user_enabled_emulation = True CONF.ldap.tenant_enabled_emulation = True clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_man = identity.Manager() + self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) for obj in [self.tenant_bar, self.tenant_baz, self.user_foo, self.user_two, self.user_badguy]: @@ -502,7 +504,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): 'password': 'no_meta2', 'enabled': True, } - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( @@ -521,7 +523,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): def test_user_crud(self): user = {'domain_id': uuid.uuid4().hex, 'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': 'passw0rd'} - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) user['enabled'] = True user_ref = self.identity_api.get_user(user['id']) del user['password'] |