diff options
-rw-r--r-- | keystone/identity/backends/sql.py | 6 | ||||
-rw-r--r-- | keystone/identity/core.py | 20 | ||||
-rw-r--r-- | keystone/test.py | 9 | ||||
-rw-r--r-- | tests/backend_ldap.conf | 2 | ||||
-rw-r--r-- | tests/test_backend.py | 216 | ||||
-rw-r--r-- | tests/test_backend_kvs.py | 12 | ||||
-rw-r--r-- | tests/test_backend_ldap.py | 64 | ||||
-rw-r--r-- | tests/test_backend_sql.py | 16 |
8 files changed, 189 insertions, 156 deletions
diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index f36002ce..b06e6f79 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -40,7 +40,7 @@ class User(sql.ModelBase, sql.DictBase): class Group(sql.ModelBase, sql.DictBase): __tablename__ = 'group' - attributes = ['id', 'name', 'domain_id'] + attributes = ['id', 'name', 'domain_id', 'description'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(64), nullable=False) domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'), @@ -76,7 +76,7 @@ class Domain(sql.ModelBase, sql.DictBase): class Project(sql.ModelBase, sql.DictBase): __tablename__ = 'project' - attributes = ['id', 'name', 'domain_id'] + attributes = ['id', 'name', 'domain_id', 'description', 'enabled'] id = sql.Column(sql.String(64), primary_key=True) name = sql.Column(sql.String(64), nullable=False) domain_id = sql.Column(sql.String(64), sql.ForeignKey('domain.id'), @@ -666,8 +666,6 @@ class Identity(sql.Base, identity.Driver): @sql.handle_conflicts(type='user') def create_user(self, user_id, user): user['name'] = clean.user_name(user['name']) - if 'enabled' not in user: - user['enabled'] = True user = utils.hash_user_password(user) session = self.get_session() with session.begin(): diff --git a/keystone/identity/core.py b/keystone/identity/core.py index 775bbdbd..22de41e7 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -61,6 +61,26 @@ class Manager(manager.Manager): def __init__(self): super(Manager, self).__init__(CONF.identity.driver) + def create_user(self, context, user_id, user_ref): + user = user_ref.copy() + if 'enabled' not in user: + user['enabled'] = True + return self.driver.create_user(user_id, user) + + def create_group(self, context, group_id, group_ref): + group = group_ref.copy() + if 'description' not in group: + group['description'] = '' + return self.driver.create_group(group_id, group) + + def create_project(self, context, tenant_id, tenant_ref): + tenant = tenant_ref.copy() + if 'enabled' not in tenant: + tenant['enabled'] = True + if 'description' not in tenant: + tenant['description'] = '' + return self.driver.create_project(tenant_id, tenant) + class Driver(object): """Interface description for an Identity driver.""" diff --git a/keystone/test.py b/keystone/test.py index 7386f552..f499cfa9 100644 --- a/keystone/test.py +++ b/keystone/test.py @@ -313,6 +313,15 @@ class TestCase(NoModule, unittest.TestCase): """ self.assertAlmostEqual(a, b, delta=datetime.timedelta(seconds=delta)) + def assertDictContainsSubset(self, dict1, dict2): + if len(dict1) < len(dict2): + (subset, fullset) = dict1, dict2 + else: + (subset, fullset) = dict2, dict1 + for x in subset: + self.assertIn(x, fullset) + self.assertEquals(subset.get(x), fullset.get(x)) + @staticmethod def skip_if_no_ipv6(): try: diff --git a/tests/backend_ldap.conf b/tests/backend_ldap.conf index e527105b..5afe80cb 100644 --- a/tests/backend_ldap.conf +++ b/tests/backend_ldap.conf @@ -5,7 +5,5 @@ password = password backend_entities = ['Tenant', 'User', 'UserRoleAssociation', 'Role'] suffix = cn=example,cn=com - - [identity] driver = keystone.identity.backends.ldap.Identity diff --git a/tests/test_backend.py b/tests/test_backend.py index 1af0822c..25cbd6cf 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -117,7 +117,7 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'no_meta2', } - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( @@ -130,7 +130,7 @@ class IdentityTests(object): user.pop('password') self.assertEquals(metadata_ref, {"roles": [CONF.member_role_id]}) - self.assertDictEqual(user_ref, user) + self.assertDictContainsSubset(user_ref, user) self.assertDictEqual(tenant_ref, self.tenant_baz) def test_password_hashed(self): @@ -266,10 +266,10 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user['name'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_api.create_user, + self.identity_man.create_user, {}, 'fake1', user) @@ -279,10 +279,10 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user['id'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_api.create_user, + self.identity_man.create_user, {}, 'fake2', user) @@ -297,8 +297,8 @@ class IdentityTests(object): 'name': user1['name'], 'domain_id': new_domain['id'], 'password': uuid.uuid4().hex} - self.identity_api.create_user(user1['id'], user1) - self.identity_api.create_user(user2['id'], user2) + self.identity_man.create_user({}, user1['id'], user1) + self.identity_man.create_user({}, user2['id'], user2) def test_move_user_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -309,7 +309,7 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex} - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) user['domain_id'] = domain2['id'] self.identity_api.update_user(user['id'], user) @@ -323,14 +323,14 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) # Now create a user in domain2 with a potentially clashing # name - which should work since we have domain separation user2 = {'id': uuid.uuid4().hex, 'name': user1['name'], 'domain_id': domain2['id'], 'password': uuid.uuid4().hex} - self.identity_api.create_user(user2['id'], user2) + self.identity_man.create_user({}, user2['id'], user2) # Now try and move user1 into the 2nd domain - which should # fail since the names clash user1['domain_id'] = domain2['id'] @@ -350,8 +350,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_api.create_user('fake1', user1) - self.identity_api.create_user('fake2', user2) + self.identity_man.create_user({}, 'fake1', user1) + self.identity_man.create_user({}, 'fake2', user2) user2['name'] = 'fake1' self.assertRaises(exception.Conflict, self.identity_api.update_user, @@ -364,7 +364,7 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'fakepass', 'tenants': ['bar']} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user['id'] = 'fake2' self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -379,20 +379,20 @@ class IdentityTests(object): def test_create_duplicate_project_id_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant['name'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_api.create_project, + self.identity_man.create_project, {}, 'fake1', tenant) def test_create_duplicate_project_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant['id'] = 'fake2' self.assertRaises(exception.Conflict, - self.identity_api.create_project, + self.identity_man.create_project, {}, 'fake1', tenant) @@ -403,8 +403,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID} tenant2 = {'id': uuid.uuid4().hex, 'name': tenant1['name'], 'domain_id': new_domain['id']} - self.identity_api.create_project(tenant1['id'], tenant1) - self.identity_api.create_project(tenant2['id'], tenant2) + self.identity_man.create_project({}, tenant1['id'], tenant1) + self.identity_man.create_project({}, tenant2['id'], tenant2) def test_move_project_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -414,7 +414,7 @@ class IdentityTests(object): project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_project(project['id'], project) + self.identity_man.create_project({}, project['id'], project) project['domain_id'] = domain2['id'] self.identity_api.update_project(project['id'], project) @@ -427,13 +427,13 @@ class IdentityTests(object): project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_project(project1['id'], project1) + self.identity_man.create_project({}, project1['id'], project1) # Now create a project in domain2 with a potentially clashing # name - which should work since we have domain separation project2 = {'id': uuid.uuid4().hex, 'name': project1['name'], 'domain_id': domain2['id']} - self.identity_api.create_project(project2['id'], project2) + self.identity_man.create_project({}, project2['id'], project2) # Now try and move project1 into the 2nd domain - which should # fail since the names clash project1['domain_id'] = domain2['id'] @@ -447,8 +447,8 @@ class IdentityTests(object): 'domain_id': DEFAULT_DOMAIN_ID} tenant2 = {'id': 'fake2', 'name': 'fake2', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant1) - self.identity_api.create_project('fake2', tenant2) + self.identity_man.create_project({}, 'fake1', tenant1) + self.identity_man.create_project({}, 'fake2', tenant2) tenant2['name'] = 'fake1' self.assertRaises(exception.Error, self.identity_api.update_project, @@ -458,7 +458,7 @@ class IdentityTests(object): def test_update_project_id_does_nothing(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant['id'] = 'fake2' self.identity_api.update_project('fake1', tenant) tenant_ref = self.identity_api.get_project('fake1') @@ -625,11 +625,11 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': 'secret', 'enabled': True, 'domain_id': new_domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) roles_ref = self.identity_api.list_grants( @@ -662,11 +662,11 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) @@ -702,21 +702,21 @@ class IdentityTests(object): self.identity_api.create_domain(new_domain['id'], new_domain) new_project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': new_domain['id']} - self.identity_api.create_project(new_project['id'], new_project) + self.identity_man.create_project({}, new_project['id'], new_project) new_group = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) new_group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group2['id'], new_group2) + self.identity_man.create_group({}, new_group2['id'], new_group2) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) new_user2 = {'id': uuid.uuid4().hex, 'name': 'new_user2', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': new_domain['id']} - self.identity_api.create_user(new_user2['id'], new_user2) + self.identity_man.create_user({}, new_user2['id'], new_user2) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) # First check we have no grants @@ -764,7 +764,7 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': 'secret', 'enabled': True, 'domain_id': new_domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) roles_ref = self.identity_api.list_grants( user_id=new_user['id'], domain_id=new_domain['id']) @@ -805,7 +805,7 @@ class IdentityTests(object): self.identity_api.create_domain(domain2['id'], domain2) group1 = {'id': uuid.uuid4().hex, 'domain_id': domain1['id'], 'name': uuid.uuid4().hex} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) roles_ref = self.identity_api.list_grants( group_id=group1['id'], domain_id=domain1['id']) @@ -858,7 +858,7 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) roles_ref = self.identity_api.list_grants( user_id=user1['id'], domain_id=domain1['id']) @@ -906,10 +906,10 @@ class IdentityTests(object): self.identity_api.create_domain(domain2['id'], domain2) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} - self.identity_api.create_project(project1['id'], project1) + self.identity_man.create_project({}, project1['id'], project1) roles_ref = self.identity_api.list_grants( group_id=group1['id'], project_id=project1['id']) @@ -951,10 +951,10 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain2['id']} - self.identity_api.create_project(project1['id'], project1) + self.identity_man.create_project({}, project1['id'], project1) roles_ref = self.identity_api.list_grants( user_id=user1['id'], project_id=project1['id']) @@ -995,13 +995,13 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_project(project1['id'], project1) + self.identity_man.create_project({}, project1['id'], project1) self.identity_api.add_user_to_group(user1['id'], group1['id']) @@ -1063,14 +1063,14 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_project(project1['id'], project1) + self.identity_man.create_project({}, project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) self.identity_api.create_grant(user_id=user1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1124,14 +1124,14 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_project(project1['id'], project1) + self.identity_man.create_project({}, project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) self.identity_api.create_grant(user_id=user1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1172,14 +1172,14 @@ class IdentityTests(object): self.identity_api.create_domain(domain1['id'], domain1) project1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_project(project1['id'], project1) + self.identity_man.create_project({}, project1['id'], project1) user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'password': uuid.uuid4().hex, 'enabled': True} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id'], 'enabled': True} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) self.identity_api.create_grant(group_id=group1['id'], project_id=project1['id'], role_id=role1['id']) @@ -1308,7 +1308,7 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'password': uuid.uuid4().hex} - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) self.identity_api.add_user_to_project(self.tenant_bar['id'], user['id']) self.identity_api.delete_user(user['id']) @@ -1321,7 +1321,7 @@ class IdentityTests(object): 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'password': uuid.uuid4().hex} - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) self.identity_api.add_role_to_user_and_project( user['id'], self.tenant_bar['id'], @@ -1345,7 +1345,7 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': 'a' * 65, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_project, + self.identity_man.create_project, {}, tenant['id'], tenant) @@ -1353,7 +1353,7 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': '', 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_project, + self.identity_man.create_project, {}, tenant['id'], tenant) @@ -1361,20 +1361,20 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': None, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_project, + self.identity_man.create_project, {}, tenant['id'], tenant) tenant = {'id': 'fake1', 'name': 123, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_project, + self.identity_man.create_project, {}, tenant['id'], tenant) def test_update_project_blank_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant['name'] = '' self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1384,7 +1384,7 @@ class IdentityTests(object): def test_update_project_long_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant['name'] = 'a' * 65 self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1394,7 +1394,7 @@ class IdentityTests(object): def test_update_project_invalid_name_fails(self): tenant = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant['name'] = None self.assertRaises(exception.ValidationError, self.identity_api.update_project, @@ -1411,7 +1411,7 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': 'a' * 65, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_user, + self.identity_man.create_user, {}, 'fake1', user) @@ -1419,7 +1419,7 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': '', 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_user, + self.identity_man.create_user, {}, 'fake1', user) @@ -1427,21 +1427,21 @@ class IdentityTests(object): user = {'id': 'fake1', 'name': None, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_user, + self.identity_man.create_user, {}, 'fake1', user) user = {'id': 'fake1', 'name': 123, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_user, + self.identity_man.create_user, {}, 'fake1', user) def test_update_user_long_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user['name'] = 'a' * 65 self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -1451,7 +1451,7 @@ class IdentityTests(object): def test_update_user_blank_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user['name'] = '' self.assertRaises(exception.ValidationError, self.identity_api.update_user, @@ -1461,7 +1461,7 @@ class IdentityTests(object): def test_update_user_invalid_name_fails(self): user = {'id': 'fake1', 'name': 'fake1', 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user['name'] = None self.assertRaises(exception.ValidationError, @@ -1485,8 +1485,8 @@ class IdentityTests(object): 'name': uuid.uuid4().hex} group2 = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(group1['id'], group1) - self.identity_api.create_group(group2['id'], group2) + self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group({}, group2['id'], group2) groups = self.identity_api.list_groups() self.assertEquals(len(groups), 2) group_ids = [] @@ -1525,7 +1525,7 @@ class IdentityTests(object): def test_delete_project_with_role_assignments(self): tenant = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project(tenant['id'], tenant) + self.identity_man.create_project({}, tenant['id'], tenant) self.identity_api.add_role_to_user_and_project( self.user_foo['id'], tenant['id'], 'member') self.identity_api.delete_project(tenant['id']) @@ -1552,21 +1552,21 @@ class IdentityTests(object): new_project = {'id': 'tenant_id', 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} original_project = new_project.copy() - self.identity_api.create_project('tenant_id', new_project) + self.identity_man.create_project({}, 'tenant_id', new_project) self.assertDictEqual(original_project, new_project) def test_create_user_doesnt_modify_passed_in_dict(self): new_user = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, - 'password': uuid.uuid4().hex, 'enabled': True, + 'password': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID} original_user = new_user.copy() - self.identity_api.create_user('user_id', new_user) + self.identity_man.create_user({}, 'user_id', new_user) self.assertDictEqual(original_user, new_user) def test_update_user_enable(self): user = {'id': 'fake1', 'name': 'fake1', 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], True) @@ -1583,7 +1583,7 @@ class IdentityTests(object): def test_update_project_enable(self): tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True, 'domain_id': DEFAULT_DOMAIN_ID} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['enabled'], True) @@ -1602,11 +1602,11 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) groups = self.identity_api.list_groups_for_user(new_user['id']) @@ -1623,7 +1623,7 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) self.assertRaises(exception.GroupNotFound, self.identity_api.add_user_to_group, new_user['id'], @@ -1631,7 +1631,7 @@ class IdentityTests(object): new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) self.assertRaises(exception.UserNotFound, self.identity_api.add_user_to_group, uuid.uuid4().hex, @@ -1642,11 +1642,11 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) self.identity_api.check_user_in_group(new_user['id'], new_group['id']) @@ -1654,7 +1654,7 @@ class IdentityTests(object): def test_check_user_not_in_group(self): new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) self.assertRaises(exception.UserNotFound, self.identity_api.check_user_in_group, uuid.uuid4().hex, @@ -1665,11 +1665,11 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) user_refs = self.identity_api.list_users_in_group(new_group['id']) @@ -1684,11 +1684,11 @@ class IdentityTests(object): self.identity_api.create_domain(domain['id'], domain) new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) self.identity_api.add_user_to_group(new_user['id'], new_group['id']) agroups = self.identity_api.list_groups_for_user(new_user['id']) @@ -1704,10 +1704,10 @@ class IdentityTests(object): new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} - self.identity_api.create_user(new_user['id'], new_user) + self.identity_man.create_user({}, new_user['id'], new_user) new_group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(new_group['id'], new_group) + self.identity_man.create_group({}, new_group['id'], new_group) self.assertRaises(exception.NotFound, self.identity_api.remove_user_from_group, new_user['id'], @@ -1726,14 +1726,14 @@ class IdentityTests(object): def test_group_crud(self): group = {'id': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.identity_api.create_group(group['id'], group) + self.identity_man.create_group({}, group['id'], group) group_ref = self.identity_api.get_group(group['id']) - self.assertDictEqual(group_ref, group) + self.assertDictContainsSubset(group_ref, group) group['name'] = uuid.uuid4().hex self.identity_api.update_group(group['id'], group) group_ref = self.identity_api.get_group(group['id']) - self.assertDictEqual(group_ref, group) + self.assertDictContainsSubset(group_ref, group) self.identity_api.delete_group(group['id']) self.assertRaises(exception.GroupNotFound, @@ -1745,9 +1745,9 @@ class IdentityTests(object): 'name': uuid.uuid4().hex} group2 = {'id': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'name': group1['name']} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) self.assertRaises(exception.Conflict, - self.identity_api.create_group, + self.identity_man.create_group, {}, group2['id'], group2) def test_create_duplicate_group_name_in_different_domains(self): @@ -1757,8 +1757,8 @@ class IdentityTests(object): 'name': uuid.uuid4().hex} group2 = {'id': uuid.uuid4().hex, 'domain_id': new_domain['id'], 'name': group1['name']} - self.identity_api.create_group(group1['id'], group1) - self.identity_api.create_group(group2['id'], group2) + self.identity_man.create_group({}, group1['id'], group1) + self.identity_man.create_group({}, group2['id'], group2) def test_move_group_between_domains(self): domain1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -1768,7 +1768,7 @@ class IdentityTests(object): group = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_group(group['id'], group) + self.identity_man.create_group({}, group['id'], group) group['domain_id'] = domain2['id'] self.identity_api.update_group(group['id'], group) @@ -1781,13 +1781,13 @@ class IdentityTests(object): group1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': domain1['id']} - self.identity_api.create_group(group1['id'], group1) + self.identity_man.create_group({}, group1['id'], group1) # Now create a group in domain2 with a potentially clashing # name - which should work since we have domain separation group2 = {'id': uuid.uuid4().hex, 'name': group1['name'], 'domain_id': domain2['id']} - self.identity_api.create_group(group2['id'], group2) + self.identity_man.create_group({}, group2['id'], group2) # Now try and move group1 into the 2nd domain - which should # fail since the names clash group1['domain_id'] = domain2['id'] @@ -1799,14 +1799,14 @@ class IdentityTests(object): def test_project_crud(self): project = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex} - self.identity_api.create_project(project['id'], project) + self.identity_man.create_project({}, project['id'], project) project_ref = self.identity_api.get_project(project['id']) - self.assertDictEqual(project_ref, project) + self.assertDictContainsSubset(project_ref, project) project['name'] = uuid.uuid4().hex self.identity_api.update_project(project['id'], project) project_ref = self.identity_api.get_project(project['id']) - self.assertDictEqual(project_ref, project) + self.assertDictContainsSubset(project_ref, project) self.identity_api.delete_project(project['id']) self.assertRaises(exception.ProjectNotFound, @@ -1833,18 +1833,18 @@ class IdentityTests(object): def test_user_crud(self): user = {'domain_id': uuid.uuid4().hex, 'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': 'passw0rd'} - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) user_ref = self.identity_api.get_user(user['id']) del user['password'] user_ref_dict = dict((x, user_ref[x]) for x in user_ref) - self.assertDictEqual(user_ref_dict, user) + self.assertDictContainsSubset(user_ref_dict, user) user['password'] = uuid.uuid4().hex self.identity_api.update_user(user['id'], user) user_ref = self.identity_api.get_user(user['id']) del user['password'] user_ref_dict = dict((x, user_ref[x]) for x in user_ref) - self.assertDictEqual(user_ref_dict, user) + self.assertDictContainsSubset(user_ref_dict, user) self.identity_api.delete_user(user['id']) self.assertRaises(exception.UserNotFound, @@ -1855,7 +1855,7 @@ class IdentityTests(object): user1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': uuid.uuid4().hex, 'domain_id': uuid.uuid4().hex, 'enabled': True} - self.identity_api.create_user(user1['id'], user1) + self.identity_man.create_user({}, user1['id'], user1) user_projects = self.identity_api.list_user_projects(user1['id']) self.assertEquals(len(user_projects), 0) self.identity_api.create_grant(user_id=user1['id'], diff --git a/tests/test_backend_kvs.py b/tests/test_backend_kvs.py index 74b5e4eb..f3a8ece0 100644 --- a/tests/test_backend_kvs.py +++ b/tests/test_backend_kvs.py @@ -19,7 +19,7 @@ import nose.exc from keystone import catalog from keystone.catalog.backends import kvs as catalog_kvs from keystone import exception -from keystone.identity.backends import kvs as identity_kvs +from keystone import identity from keystone import test from keystone.token.backends import kvs as token_kvs from keystone.trust.backends import kvs as trust_kvs @@ -31,7 +31,10 @@ import test_backend class KvsIdentity(test.TestCase, test_backend.IdentityTests): def setUp(self): super(KvsIdentity, self).setUp() - self.identity_api = identity_kvs.Identity(db={}) + identity.CONF.identity.driver = \ + 'keystone.identity.backends.kvs.Identity' + self.identity_man = identity.Manager() + self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) def test_list_user_projects(self): @@ -75,8 +78,11 @@ class KvsToken(test.TestCase, test_backend.TokenTests): class KvsTrust(test.TestCase, test_backend.TrustTests): def setUp(self): super(KvsTrust, self).setUp() + identity.CONF.identity.driver = \ + 'keystone.identity.backends.kvs.Identity' + self.identity_man = identity.Manager() + self.identity_api = self.identity_man.driver self.trust_api = trust_kvs.Trust(db={}) - self.identity_api = identity_kvs.Identity(db={}) self.catalog_api = catalog_kvs.Catalog(db={}) self.load_fixtures(default_fixtures) diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index 72bc09a1..965e2eed 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -22,7 +22,7 @@ from keystone.common import ldap as ldap_common from keystone.common.ldap import fakeldap from keystone import config from keystone import exception -from keystone.identity.backends import ldap as identity_ldap +from keystone import identity from keystone import test import default_fixtures @@ -44,24 +44,25 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_man = identity.Manager() + self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) def test_build_tree(self): """Regression test for building the tree names """ - user_api = identity_ldap.UserApi(CONF) + user_api = identity.backends.ldap.UserApi(CONF) self.assertTrue(user_api) self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix) def test_configurable_allowed_user_actions(self): - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user = {'id': 'fake1', 'name': 'fake1', 'password': 'fakepass1', 'tenants': ['bar']} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['id'], 'fake1') @@ -77,7 +78,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_allow_create = False CONF.ldap.user_allow_update = False CONF.ldap.user_allow_delete = False - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user = {'id': 'fake1', 'name': 'fake1', @@ -99,10 +100,10 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.user_foo['id']) def test_configurable_allowed_project_actions(self): - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() tenant = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_api.create_project('fake1', tenant) + self.identity_man.create_project({}, 'fake1', tenant) tenant_ref = self.identity_api.get_project('fake1') self.assertEqual(tenant_ref['id'], 'fake1') @@ -118,7 +119,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_allow_create = False CONF.ldap.tenant_allow_update = False CONF.ldap.tenant_allow_delete = False - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() tenant = {'id': 'fake1', 'name': 'fake1'} self.assertRaises(exception.ForbiddenAction, @@ -136,7 +137,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.tenant_bar['id']) def test_configurable_allowed_role_actions(self): - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() role = {'id': 'fake1', 'name': 'fake1'} self.identity_api.create_role('fake1', role) @@ -155,7 +156,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.role_allow_create = False CONF.ldap.role_allow_update = False CONF.ldap.role_allow_delete = False - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} self.assertRaises(exception.ForbiddenAction, @@ -179,7 +180,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertDictEqual(user_ref, self.user_foo) CONF.ldap.user_filter = '(CN=DOES_NOT_MATCH)' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.assertRaises(exception.UserNotFound, self.identity_api.get_user, self.user_foo['id']) @@ -189,7 +190,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertDictEqual(tenant_ref, self.tenant_bar) CONF.ldap.tenant_filter = '(CN=DOES_NOT_MATCH)' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.assertRaises(exception.ProjectNotFound, self.identity_api.get_project, self.tenant_bar['id']) @@ -199,7 +200,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertDictEqual(role_ref, self.role_member) CONF.ldap.role_filter = '(CN=DOES_NOT_MATCH)' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.assertRaises(exception.RoleNotFound, self.identity_api.get_role, self.role_member['id']) @@ -208,7 +209,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.use_dumb_member = True CONF.ldap.dumb_member = 'cn=dumb,cn=example,cn=com' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) self.assertRaises(exception.UserNotFound, self.identity_api.get_user, @@ -219,7 +220,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_mail_attribute = 'email' CONF.ldap.user_enabled_attribute = 'enabled' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) @@ -229,7 +230,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_name_attribute = 'email' CONF.ldap.user_mail_attribute = 'sn' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) self.assertEqual(user_ref['name'], self.user_two['email']) @@ -240,7 +241,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_attribute_ignore = ['name', 'email', 'password', 'tenant_id', 'enabled', 'tenants'] clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) user_ref = self.identity_api.get_user(self.user_two['id']) self.assertEqual(user_ref['id'], self.user_two['id']) @@ -256,7 +257,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_desc_attribute = 'desc' CONF.ldap.tenant_enabled_attribute = 'enabled' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) @@ -268,7 +269,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.tenant_name_attribute = 'desc' CONF.ldap.tenant_desc_attribute = 'ou' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) self.assertEqual(tenant_ref['name'], self.tenant_baz['description']) @@ -280,7 +281,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): 'description', 'enabled'] clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) tenant_ref = self.identity_api.get_project(self.tenant_baz['id']) self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) @@ -291,14 +292,14 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_role_attribute_mapping(self): CONF.ldap.role_name_attribute = 'ou' clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) role_ref = self.identity_api.get_role(self.role_member['id']) self.assertEqual(role_ref['id'], self.role_member['id']) self.assertEqual(role_ref['name'], self.role_member['name']) CONF.ldap.role_name_attribute = 'sn' - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() role_ref = self.identity_api.get_role(self.role_member['id']) self.assertEqual(role_ref['id'], self.role_member['id']) self.assertNotIn('name', role_ref) @@ -306,7 +307,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_role_attribute_ignore(self): CONF.ldap.role_attribute_ignore = ['name'] clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() self.load_fixtures(default_fixtures) role_ref = self.identity_api.get_role(self.role_member['id']) self.assertEqual(role_ref['id'], self.role_member['id']) @@ -317,9 +318,9 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.user_enabled_mask = 2 CONF.ldap.user_enabled_default = 512 clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_api = identity.backends.ldap.Identity() user = {'id': 'fake1', 'name': 'fake1', 'enabled': True} - self.identity_api.create_user('fake1', user) + self.identity_man.create_user({}, 'fake1', user) user_ref = self.identity_api.get_user('fake1') self.assertEqual(user_ref['enabled'], True) @@ -338,7 +339,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf')]) CONF.ldap.url = "fake://memory" - user_api = identity_ldap.UserApi(CONF) + user_api = identity.backends.ldap.UserApi(CONF) self.stubs.Set(fakeldap, 'FakeLdap', self.mox.CreateMock(fakeldap.FakeLdap)) # we have to track all calls on 'conn' to make sure that @@ -354,7 +355,7 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.assertRaisesRegexp( ValueError, 'Invalid LDAP scope: %s. *' % CONF.ldap.query_scope, - identity_ldap.Identity) + identity.backends.ldap.Identity) # TODO (henry-nash) These need to be removed when the full LDAP implementation # is submitted - see Bugs 1092187, 1101287, 1101276, 1101289 @@ -488,7 +489,8 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): CONF.ldap.user_enabled_emulation = True CONF.ldap.tenant_enabled_emulation = True clear_database() - self.identity_api = identity_ldap.Identity() + self.identity_man = identity.Manager() + self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) for obj in [self.tenant_bar, self.tenant_baz, self.user_foo, self.user_two, self.user_badguy]: @@ -502,7 +504,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): 'password': 'no_meta2', 'enabled': True, } - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) self.identity_api.add_user_to_project(self.tenant_baz['id'], user['id']) user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( @@ -521,7 +523,7 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): def test_user_crud(self): user = {'domain_id': uuid.uuid4().hex, 'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'password': 'passw0rd'} - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) user['enabled'] = True user_ref = self.identity_api.get_user(user['id']) del user['password'] diff --git a/tests/test_backend_sql.py b/tests/test_backend_sql.py index 04310307..1e7867bd 100644 --- a/tests/test_backend_sql.py +++ b/tests/test_backend_sql.py @@ -71,7 +71,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, 'password': uuid.uuid4().hex} - self.identity_api.create_user(user['id'], user) + self.identity_man.create_user({}, user['id'], user) self.identity_api.add_user_to_project(self.tenant_bar['id'], user['id']) self.identity_api.delete_user(user['id']) @@ -85,7 +85,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'domain_id': DEFAULT_DOMAIN_ID, 'password': uuid.uuid4().hex} self.assertRaises(exception.ValidationError, - self.identity_api.create_user, + self.identity_man.create_user, {}, user['id'], user) self.assertRaises(exception.UserNotFound, @@ -101,7 +101,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'name': None, 'domain_id': DEFAULT_DOMAIN_ID} self.assertRaises(exception.ValidationError, - self.identity_api.create_project, + self.identity_man.create_project, {}, tenant['id'], tenant) self.assertRaises(exception.ProjectNotFound, @@ -128,7 +128,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'name': 'fakeuser', 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'passwd'} - self.identity_api.create_user('fake', user) + self.identity_man.create_user({}, 'fake', user) self.identity_api.add_user_to_project(self.tenant_bar['id'], user['id']) self.identity_api.delete_project(self.tenant_bar['id']) @@ -140,7 +140,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'name': 'fakeuser', 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'passwd'} - self.identity_api.create_user('fake', user) + self.identity_man.create_user({}, 'fake', user) self.identity_api.create_metadata(user['id'], self.tenant_bar['id'], {'extra': 'extra'}) @@ -155,7 +155,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'name': 'fakeuser', 'domain_id': DEFAULT_DOMAIN_ID, 'password': 'passwd'} - self.identity_api.create_user('fake', user) + self.identity_man.create_user({}, 'fake', user) self.identity_api.create_metadata(user['id'], self.tenant_bar['id'], {'extra': 'extra'}) @@ -183,7 +183,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'name': uuid.uuid4().hex, 'domain_id': DEFAULT_DOMAIN_ID, arbitrary_key: arbitrary_value} - ref = self.identity_api.create_project(tenant_id, tenant) + ref = self.identity_man.create_project({}, tenant_id, tenant) self.assertEqual(arbitrary_value, ref[arbitrary_key]) self.assertIsNone(ref.get('extra')) @@ -211,7 +211,7 @@ class SqlIdentity(SqlTests, test_backend.IdentityTests): 'domain_id': DEFAULT_DOMAIN_ID, 'password': uuid.uuid4().hex, arbitrary_key: arbitrary_value} - ref = self.identity_api.create_user(user_id, user) + ref = self.identity_man.create_user({}, user_id, user) self.assertEqual(arbitrary_value, ref[arbitrary_key]) self.assertIsNone(ref.get('password')) self.assertIsNone(ref.get('extra')) |