diff options
| -rw-r--r-- | keystone/test.py | 5 | ||||
| -rw-r--r-- | tests/default_fixtures.py | 83 | ||||
| -rw-r--r-- | tests/test_backend.py | 45 | ||||
| -rw-r--r-- | tests/test_backend_ldap.py | 83 | ||||
| -rw-r--r-- | tests/test_keystoneclient.py | 18 |
5 files changed, 115 insertions, 119 deletions
diff --git a/keystone/test.py b/keystone/test.py index 68631ee4..46056095 100644 --- a/keystone/test.py +++ b/keystone/test.py @@ -216,11 +216,6 @@ class TestCase(NoModule, unittest.TestCase): """ # TODO(termie): doing something from json, probably based on Django's # loaddata will be much preferred. - if hasattr(self, 'catalog_api'): - for service in fixtures.SERVICES: - rv = self.catalog_api.create_service(service['id'], service) - setattr(self, 'service_%s' % service['id'], rv) - if hasattr(self, 'identity_api'): for tenant in fixtures.TENANTS: rv = self.identity_api.create_tenant(tenant['id'], tenant) diff --git a/tests/default_fixtures.py b/tests/default_fixtures.py index 8b5020ff..3601290a 100644 --- a/tests/default_fixtures.py +++ b/tests/default_fixtures.py @@ -14,61 +14,54 @@ # License for the specific language governing permissions and limitations # under the License. +# NOTE(dolph): please try to avoid additional fixtures if possible; test suite +# performance may be negatively affected. + TENANTS = [ - {'id': 'bar', 'name': 'BAR'}, - {'id': 'baz', 'name': 'BAZ'}, - {'id': 'tenent4add', 'name': 'tenant4add'}, - {'id': 'attr', - 'name': 'attr_name', - 'description': 'description', - 'enabled': True}, + { + 'id': 'bar', + 'name': 'BAR', + }, { + 'id': 'baz', + 'name': 'BAZ', + 'description': 'description', + 'enabled': True, + } ] # NOTE(ja): a role of keystone_admin and attribute "is_admin" is done in setUp USERS = [ - {'id': 'foo', 'name': 'FOO', 'password': 'foo2', 'tenants': ['bar']}, - {'id': 'two', 'name': 'TWO', 'password': 'two2', 'tenants': ['baz']}, - {'id': 'no_meta', - 'name': 'NO_META', - 'password': 'no_meta2', - 'tenants': ['baz']}, - {'id': 'attr', - 'name': 'attr', - 'email': 'attr@example.com', - 'enabled': True, - 'tenant_id': 'baz', - 'password': 'attr_passwd', - 'tenants': ['baz']}, + { + 'id': 'foo', + 'name': 'FOO', + 'password': 'foo2', + 'tenants': ['bar'] + }, { + 'id': 'two', + 'name': 'TWO', + 'password': 'two2', + 'email': 'attr@example.com', + 'enabled': True, + 'tenant_id': 'baz', + 'password': 'attr_passwd', + 'tenants': ['baz'], + } ] METADATA = [ - {'user_id': 'foo', 'tenant_id': 'bar', 'extra': 'extra'}, - {'user_id': 'two', 'tenant_id': 'baz', 'extra': 'extra'}, + { + 'user_id': 'foo', + 'tenant_id': 'bar', + 'extra': 'extra', + } ] ROLES = [ - {'id': 'keystone_admin', 'name': 'Keystone Admin'}, - {'id': 'useless', 'name': 'Useless'}, - {'id': 'attr', 'name': 'attr'}, -] - -SERVICES = [ - { - 'id': 'COMPUTE_ID', - 'type': 'compute', - 'name': 'Nova', - 'description': 'OpenStack Compute service' - }, - { - 'id': 'IDENTITY_ID', - 'type': 'identity', - 'name': 'Keystone', - 'description': 'OpenStack Identity service' - }, { - 'id': 'IMAGE_ID', - 'type': 'image', - 'name': 'Glance', - 'description': 'OpenStack Image service' - }, + 'id': 'keystone_admin', + 'name': 'Keystone Admin', + }, { + 'id': 'member', + 'name': 'Member', + } ] diff --git a/tests/test_backend.py b/tests/test_backend.py index 82e608e1..76e76780 100644 --- a/tests/test_backend.py +++ b/tests/test_backend.py @@ -82,11 +82,16 @@ class IdentityTests(object): self.assertIn('keystone_admin', metadata_ref['roles']) def test_authenticate_no_metadata(self): - user = self.user_no_meta - tenant = self.tenant_baz + user = { + 'id': 'no_meta', + 'name': 'NO_META', + 'password': 'no_meta2', + } + self.identity_api.create_user(user['id'], user) + self.identity_api.add_user_to_tenant(self.tenant_baz['id'], user['id']) user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate( user_id=user['id'], - tenant_id=tenant['id'], + tenant_id=self.tenant_baz['id'], password=user['password']) # NOTE(termie): the password field is left in user_foo to make # it easier to authenticate in tests, but should @@ -94,7 +99,7 @@ class IdentityTests(object): user.pop('password') self.assertEquals(metadata_ref, {}) self.assertDictEqual(user_ref, user) - self.assertDictEqual(tenant_ref, tenant) + self.assertDictEqual(tenant_ref, self.tenant_baz) def test_password_hashed(self): user_ref = self.identity_api._get_user(self.user_foo['id']) @@ -327,14 +332,14 @@ class IdentityTests(object): roles_ref = self.identity_api.get_roles_for_user_and_tenant( self.user_foo['id'], self.tenant_bar['id']) self.assertIn('keystone_admin', roles_ref) - self.assertNotIn('useless', roles_ref) + self.assertNotIn('member', roles_ref) self.identity_api.add_role_to_user_and_tenant( - self.user_foo['id'], self.tenant_bar['id'], 'useless') + self.user_foo['id'], self.tenant_bar['id'], 'member') roles_ref = self.identity_api.get_roles_for_user_and_tenant( self.user_foo['id'], self.tenant_bar['id']) self.assertIn('keystone_admin', roles_ref) - self.assertIn('useless', roles_ref) + self.assertIn('member', roles_ref) def test_get_roles_for_user_and_tenant_404(self): self.assertRaises(exception.UserNotFound, @@ -368,17 +373,17 @@ class IdentityTests(object): def test_remove_role_from_user_and_tenant(self): self.identity_api.add_role_to_user_and_tenant( - self.user_foo['id'], self.tenant_bar['id'], 'useless') + self.user_foo['id'], self.tenant_bar['id'], 'member') self.identity_api.remove_role_from_user_and_tenant( - self.user_foo['id'], self.tenant_bar['id'], 'useless') + self.user_foo['id'], self.tenant_bar['id'], 'member') roles_ref = self.identity_api.get_roles_for_user_and_tenant( self.user_foo['id'], self.tenant_bar['id']) - self.assertNotIn('useless', roles_ref) + self.assertNotIn('member', roles_ref) self.assertRaises(exception.NotFound, self.identity_api.remove_role_from_user_and_tenant, self.user_foo['id'], self.tenant_bar['id'], - 'useless') + 'member') def test_role_crud(self): role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} @@ -630,7 +635,7 @@ class IdentityTests(object): tenant = {'id': 'fake1', 'name': 'fake1'} self.identity_api.create_tenant('fake1', tenant) self.identity_api.add_role_to_user_and_tenant( - self.user_foo['id'], tenant['id'], 'useless') + self.user_foo['id'], tenant['id'], 'member') self.identity_api.delete_tenant(tenant['id']) self.assertRaises(exception.NotFound, self.identity_api.get_tenant, @@ -843,18 +848,24 @@ class CommonHelperTests(test.TestCase): class CatalogTests(object): def test_service_crud(self): + # create + service_id = uuid.uuid4().hex new_service = { - 'id': uuid.uuid4().hex, + 'id': service_id, 'type': uuid.uuid4().hex, 'name': uuid.uuid4().hex, 'description': uuid.uuid4().hex, } res = self.catalog_api.create_service( - new_service['id'], + service_id, new_service.copy()) self.assertDictEqual(res, new_service) - service_id = new_service['id'] + # list + services = self.catalog_api.list_services() + self.assertIn(service_id, services) + + # delete self.catalog_api.delete_service(service_id) self.assertRaises(exception.ServiceNotFound, self.catalog_man.delete_service, {}, service_id) @@ -892,7 +903,3 @@ class CatalogTests(object): self.assertRaises(exception.EndpointNotFound, self.catalog_api.delete_endpoint, uuid.uuid4().hex) - - def test_service_list(self): - services = self.catalog_api.list_services() - self.assertEqual(3, len(services)) diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index 2d9d35aa..d2edd47f 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -187,21 +187,21 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): CONF.ldap.role_allow_delete = False self.identity_api = identity_ldap.Identity() - role = {'id': 'fake1', 'name': 'fake1'} + role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} self.assertRaises(exception.ForbiddenAction, self.identity_api.create_role, - 'fake1', + role['id'], role) - self.role_useless['name'] = 'useful' + self.role_member['name'] = uuid.uuid4().hex self.assertRaises(exception.ForbiddenAction, self.identity_api.update_role, - self.role_useless['id'], - self.role_useless) + self.role_member['id'], + self.role_member) self.assertRaises(exception.ForbiddenAction, self.identity_api.delete_role, - self.role_useless['id']) + self.role_member['id']) def test_user_filter(self): self.config([test.etcdir('keystone.conf.sample'), @@ -234,14 +234,14 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) - role_ref = self.identity_api.get_role(self.role_useless['id']) - self.assertDictEqual(role_ref, self.role_useless) + role_ref = self.identity_api.get_role(self.role_member['id']) + self.assertDictEqual(role_ref, self.role_member) CONF.ldap.role_filter = '(CN=DOES_NOT_MATCH)' self.identity_api = identity_ldap.Identity() self.assertRaises(exception.RoleNotFound, self.identity_api.get_role, - self.role_useless['id']) + self.role_member['id']) def test_dumb_member(self): self.config([test.etcdir('keystone.conf.sample'), @@ -266,20 +266,20 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - user_ref = self.identity_api.get_user(self.user_attr['id']) - self.assertEqual(user_ref['id'], self.user_attr['id']) - self.assertEqual(user_ref['name'], self.user_attr['name']) - self.assertEqual(user_ref['email'], self.user_attr['email']) - self.assertEqual(user_ref['enabled'], self.user_attr['enabled']) + user_ref = self.identity_api.get_user(self.user_two['id']) + self.assertEqual(user_ref['id'], self.user_two['id']) + self.assertEqual(user_ref['name'], self.user_two['name']) + self.assertEqual(user_ref['email'], self.user_two['email']) + self.assertEqual(user_ref['enabled'], self.user_two['enabled']) CONF.ldap.user_name_attribute = 'email' CONF.ldap.user_mail_attribute = 'sn' self.identity_api = identity_ldap.Identity() - user_ref = self.identity_api.get_user(self.user_attr['id']) - self.assertEqual(user_ref['id'], self.user_attr['id']) - self.assertEqual(user_ref['name'], self.user_attr['email']) - self.assertEqual(user_ref['email'], self.user_attr['name']) - self.assertEqual(user_ref['enabled'], self.user_attr['enabled']) + user_ref = self.identity_api.get_user(self.user_two['id']) + self.assertEqual(user_ref['id'], self.user_two['id']) + self.assertEqual(user_ref['name'], self.user_two['email']) + self.assertEqual(user_ref['email'], self.user_two['name']) + self.assertEqual(user_ref['enabled'], self.user_two['enabled']) def test_user_attribute_ignore(self): self.config([test.etcdir('keystone.conf.sample'), @@ -290,8 +290,8 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - user_ref = self.identity_api.get_user(self.user_attr['id']) - self.assertEqual(user_ref['id'], self.user_attr['id']) + user_ref = self.identity_api.get_user(self.user_two['id']) + self.assertEqual(user_ref['id'], self.user_two['id']) self.assertNotIn('name', user_ref) self.assertNotIn('email', user_ref) self.assertNotIn('password', user_ref) @@ -309,21 +309,22 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - tenant_ref = self.identity_api.get_tenant(self.tenant_attr['id']) - self.assertEqual(tenant_ref['id'], self.tenant_attr['id']) - self.assertEqual(tenant_ref['name'], self.tenant_attr['name']) - self.assertEqual(tenant_ref['description'], - self.tenant_attr['description']) - self.assertEqual(tenant_ref['enabled'], self.tenant_attr['enabled']) + tenant_ref = self.identity_api.get_tenant(self.tenant_baz['id']) + self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) + self.assertEqual(tenant_ref['name'], self.tenant_baz['name']) + self.assertEqual( + tenant_ref['description'], + self.tenant_baz['description']) + self.assertEqual(tenant_ref['enabled'], self.tenant_baz['enabled']) CONF.ldap.tenant_name_attribute = 'desc' CONF.ldap.tenant_desc_attribute = 'ou' self.identity_api = identity_ldap.Identity() - tenant_ref = self.identity_api.get_tenant(self.tenant_attr['id']) - self.assertEqual(tenant_ref['id'], self.tenant_attr['id']) - self.assertEqual(tenant_ref['name'], self.tenant_attr['description']) - self.assertEqual(tenant_ref['description'], self.tenant_attr['name']) - self.assertEqual(tenant_ref['enabled'], self.tenant_attr['enabled']) + tenant_ref = self.identity_api.get_tenant(self.tenant_baz['id']) + self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) + self.assertEqual(tenant_ref['name'], self.tenant_baz['description']) + self.assertEqual(tenant_ref['description'], self.tenant_baz['name']) + self.assertEqual(tenant_ref['enabled'], self.tenant_baz['enabled']) def test_tenant_attribute_ignore(self): self.config([test.etcdir('keystone.conf.sample'), @@ -335,8 +336,8 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - tenant_ref = self.identity_api.get_tenant(self.tenant_attr['id']) - self.assertEqual(tenant_ref['id'], self.tenant_attr['id']) + tenant_ref = self.identity_api.get_tenant(self.tenant_baz['id']) + self.assertEqual(tenant_ref['id'], self.tenant_baz['id']) self.assertNotIn('name', tenant_ref) self.assertNotIn('description', tenant_ref) self.assertNotIn('enabled', tenant_ref) @@ -349,14 +350,14 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - role_ref = self.identity_api.get_role(self.role_attr['id']) - self.assertEqual(role_ref['id'], self.role_attr['id']) - self.assertEqual(role_ref['name'], self.role_attr['name']) + role_ref = self.identity_api.get_role(self.role_member['id']) + self.assertEqual(role_ref['id'], self.role_member['id']) + self.assertEqual(role_ref['name'], self.role_member['name']) CONF.ldap.role_name_attribute = 'sn' self.identity_api = identity_ldap.Identity() - role_ref = self.identity_api.get_role(self.role_attr['id']) - self.assertEqual(role_ref['id'], self.role_attr['id']) + role_ref = self.identity_api.get_role(self.role_member['id']) + self.assertEqual(role_ref['id'], self.role_member['id']) self.assertNotIn('name', role_ref) def test_role_attribute_ignore(self): @@ -367,8 +368,8 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) - role_ref = self.identity_api.get_role(self.role_attr['id']) - self.assertEqual(role_ref['id'], self.role_attr['id']) + role_ref = self.identity_api.get_role(self.role_member['id']) + self.assertEqual(role_ref['id'], self.role_member['id']) self.assertNotIn('name', role_ref) def test_user_enable_attribute_mask(self): diff --git a/tests/test_keystoneclient.py b/tests/test_keystoneclient.py index ce329972..9c2c41e9 100644 --- a/tests/test_keystoneclient.py +++ b/tests/test_keystoneclient.py @@ -797,12 +797,12 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): client = self.get_client(admin=True) client.roles.add_user_role(tenant=self.tenant_baz['id'], user=self.user_two['id'], - role=self.role_useless['id']) + role=self.role_member['id']) user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) self.assert_(self.user_two['id'] in [x.id for x in user_refs]) client.roles.remove_user_role(tenant=self.tenant_baz['id'], user=self.user_two['id'], - role=self.role_useless['id']) + role=self.role_member['id']) user_refs = client.tenants.list_users(tenant=self.tenant_baz['id']) self.assert_(self.user_two['id'] not in [x.id for x in user_refs]) @@ -813,12 +813,12 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): client.roles.add_user_role, tenant=uuid.uuid4().hex, user=self.user_foo['id'], - role=self.role_useless['id']) + role=self.role_member['id']) self.assertRaises(client_exceptions.NotFound, client.roles.add_user_role, tenant=self.tenant_baz['id'], user=uuid.uuid4().hex, - role=self.role_useless['id']) + role=self.role_member['id']) self.assertRaises(client_exceptions.NotFound, client.roles.add_user_role, tenant=self.tenant_baz['id'], @@ -832,12 +832,12 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): client.roles.remove_user_role, tenant=uuid.uuid4().hex, user=self.user_foo['id'], - role=self.role_useless['id']) + role=self.role_member['id']) self.assertRaises(client_exceptions.NotFound, client.roles.remove_user_role, tenant=self.tenant_baz['id'], user=uuid.uuid4().hex, - role=self.role_useless['id']) + role=self.role_member['id']) self.assertRaises(client_exceptions.NotFound, client.roles.remove_user_role, tenant=self.tenant_baz['id'], @@ -847,7 +847,7 @@ class KcMasterTestCase(CompatTestCase, KeystoneClientTests): client.roles.remove_user_role, tenant=self.tenant_baz['id'], user=self.user_foo['id'], - role=self.role_useless['id']) + role=self.role_member['id']) def test_tenant_list_marker(self): client = self.get_client() @@ -1004,7 +1004,7 @@ class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): client = self.get_client(admin=True) client.roles.add_user_to_tenant(tenant_id=self.tenant_baz['id'], user_id=self.user_two['id'], - role_id=self.role_useless['id']) + role_id=self.role_member['id']) role_refs = client.roles.get_user_role_refs( user_id=self.user_two['id']) self.assert_(self.tenant_baz['id'] in [x.tenantId for x in role_refs]) @@ -1014,7 +1014,7 @@ class KcEssex3TestCase(CompatTestCase, KeystoneClientTests): roleref_refs = client.roles.get_user_role_refs( user_id=self.user_two['id']) for roleref_ref in roleref_refs: - if (roleref_ref.roleId == self.role_useless['id'] + if (roleref_ref.roleId == self.role_member['id'] and roleref_ref.tenantId == self.tenant_baz['id']): # use python's scope fall through to leave roleref_ref set break |