summaryrefslogtreecommitdiffstats
path: root/tests/test_keystoneclient.py
Commit message (Collapse)AuthorAgeFilesLines
* Move 'tests' directory into 'keystone' packageSascha Peilicke2013-08-141-1175/+0
| | | | | | | | | | | Similar to a range of other components (e.g. glance,nova,...) and recent reviews by Monty. Running individual tests can be done like this: ./run_tests.sh keystone.tests.test_drivers Change-Id: I2482a48322150e5eb09b703326a94d8283f1c75b
* Clean up use of token_provider manager in testsBrant Knudson2013-08-011-2/+0
| | | | | | | | | | | | | With 19081b834991d263d84c761dcf422a8c9faf40a1, the token_provider is created in load_backends() so it doesn't have to be created by the tests. This makes the tests using token_provider_api consistent with how other backends are used in the tests. This change only affects unit tests. Change-Id: I9c05c7876bd14fb28e77fe1e49dd509a2a1cb788
* Merge "Load backends before deploy app in client tests"Jenkins2013-07-311-6/+9
|\
| * Load backends before deploy app in client testsBrant Knudson2013-07-251-6/+9
| | | | | | | | | | | | | | | | | | | | The backends should be loaded before the app is deployed for the client tests, otherwise the wrong backends may be loaded when the app is deployed. Part of fix for bug 1204605 Change-Id: I70680c3daea3a863bcbde07b1ee7e062cd150e51
* | Scipped tests don't render as ERROR'sVictor Sergeyev2013-07-261-10/+8
|/ | | | | | | | | Replaced `raise nose.exc.SkipTest()` statement to self.skipTest(). Removed unused nose.exc imports. Fixes bug 1172794 Change-Id: Ieb353864acadef43508d185156c7fa1667baa845
* Load app before loading legacy client in tests.Jamie Lennox2013-07-191-3/+3
| | | | | | | | | | | | | | | | | | When you load an old version of keystoneclient doing legacy tests and then start the test app the ec2 work that depends on keystoneclient sees the recently loaded legacy one which doesn't have the required modules in it. If we load the app first the ec2 modules are resolved and finds the original keystone client. The ec2 module then uses 'from keystoneclient.contrib.ec2 import utils as ec2_utils' so the ec2_utils reference is kept in the file scope so isn't affected by the tests changing keystoneclient. It is not a long term fix for bug 1178532 but it solves the immediate symptoms when running client tests independently. Change-Id: I7267ca0d4740f037884fae95f8a6562ee86584b9
* Implements Pluggable V2 Token ProviderGuang Yee2013-07-151-0/+24
| | | | | | | | | | | | | | | | This patch implemented V2 token provider. Abstract token provider backend to make token provider pluggable. It enables deployers to customize token management to add their own capabilities. Token provider is responsible for issuing, checking, validating, and revoking tokens. Note the distinction between token 'driver' and 'provider'. Token 'driver' simply provides token CRUD. It does not issue or interpret tokens. Token provider is specified by the 'provider' property in the '[token]' section of the Keystone configuration file. Change-Id: Ic418ec433bd9e3f2f70fa31c90e570e32c1ca687
* Rationalize how we get roles after authentication in the controllersHenry Nash2013-07-101-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently there is a mixture of strategies in the v2 and v3 controllers for how to get the roles assigned for the scope of the requested authentication. This duplicates code, is hard to maintain and in at least once case (where your only roles on a project are due to a group membership) is not actually correct (for v2 tokens). This change does the following: - Standardizes on using the 'get_roles_for_user_and_project()', and its domain equivalent, for how roles are obtained to build a token. This was already the case for v3 tokens. The controllers no longer need to get metadata and extract the roles. - Removes the driver level function to 'authorize_for_project' - this is now handled wihin the controller. The driver simply supports the user authentication. A nice (and planned for) sideffect of the above is that we now hide the schema of how we store roles within the driver layer - i.e. nothing outside of the driver (other than any specific-to-implementation tests) have to know about how roles are stored in the metadata. This paves the way for a re-implementation of the grant tables in IceHouse. This change also fills in missing function definitons in the assignment driver. Implements bp authenticate-role-rationalization Change-Id: I75fc7f5f728649d40ab1c696b33bbcd88ea6edee
* Isolate eventlet code into environment.Jamie Lennox2013-06-181-1/+2
| | | | | | | | | | | | | | | | | | The environment module will be configured once, during code initialization. Subsequently all other possibly-evented modules will retrieve from environment and transparently obtain either the eventlet or standard library modules. If eventlet, httplib, subprocess or other environment dependant module is referenced outside of the environment module it should be considered a bug. The changes to tests are required to ensure that test is imported first to setup the environment. Hopefully these can all be replaced with an __init__.py in a post-nose keystone. Implements: blueprint extract-eventlet Change-Id: Icacd6f2ee0906ac5d303777c1f87a184f38283bf
* Ignore conflict on v2 auto role assignment (bug 1161963)Dolph Mathews2013-06-031-0/+13
| | | | Change-Id: I10581a39325b4fcdb997ad704c3ee0de494b32e0
* Cleanup docstrings (flake8 H401, H402, H403, H404)Dolph Mathews2013-05-241-2/+1
| | | | | | | | | - docstring should not start with a space (flake8 H401) - one line docstring needs punctuation (flake8 H402) - multi line docstring end on new line (flake8 H403) - multi line docstring should start with a summary (flake8 H404) Change-Id: I69b414395930bda739aa01b785ac619fa8bb7d9b
* imports not in alphabetical order (flake8 H306)Dolph Mathews2013-05-241-1/+1
| | | | Change-Id: I0f6c5fc27b0bb2da553e9345a8ac4949ce46e685
* Use TODO(NAME) (flake8 H101)Dolph Mathews2013-05-231-3/+3
| | | | Change-Id: Ic47bdd61d9818f203a88ae16f97c2b61b1c1bd8c
* Revoke tokens on user delete (bug 1166670)Dolph Mathews2013-05-091-0/+24
| | | | Change-Id: Ieeb2246579ddc0608092eed5239258d2b4dbf42b
* Removed unused importsDolph Mathews2013-04-161-1/+0
| | | | Change-Id: Ief6534ee25a83027979d92c9ce3a92e0ea28c07c
* stop using time.sleep in teststermie2013-04-051-1/+2
| | | | | | | we use timeutils.utcnow so that we have an overridable clock just like in the big leagues, making tests literally sleep just slows us down Change-Id: I8522aef1fab39a3370448bce779ca69d8f5e07b5
* Revert "from tests import"Adam Young2013-03-111-1/+1
| | | | | | This reverts commit d8599dcda06514a9687af3f714e55ff7580af9db. Change-Id: Iddb881070a91b9761a567a7d3b6d906e228af9f6
* from tests importAdam Young2013-03-081-1/+1
| | | | | | | | | Makes the resolution of local imports work when running individual tests. Bug 1152326 Change-Id: I72f54bdbb60a6d7acf32bdbdc02d7bce69add84e
* v3 token APIGuang Yee2013-02-201-5/+5
| | | | | | | | | | | | | | Also implemented the following: blueprint pluggable-identity-authentication-handlers blueprint stop-ids-in-uris blueprint multi-factor-authn (just the plumbing) What's missing? * domain scoping (will be implemented by Henry?) Change-Id: I191c0b2cb3367b2a5f8a2dc674c284bb13ea97e3
* project membership to role conversionAdam Young2013-02-181-9/+12
| | | | | | | | | | | | | Changes the relationship between users and projects. There is no more direct membership in projects. Instead, all membership is now done via roles. A default role has been created called _member_ with a uuid (both configurable) that will be added in place of the group membership for databse upgrades. DocImpact: https://bugs.launchpad.net/openstack-manuals/+bug/1087483 Change-Id: I2482f9ef7b838e5dade5096d6d00e81db71604d1
* Merge "Fix spelling mistakes"Jenkins2013-02-131-1/+1
|\
| * Fix spelling mistakesJoe Gordon2013-02-121-1/+1
| | | | | | | | | | | | | | git ls-files | misspellings -f - Source: https://github.com/lyda/misspell-check Change-Id: Icbd2412aa65bc8135e5dcd83ee69e94f5a42f7a2
* | Keystone backend preparation for domain-scopingHenry Nash2013-02-121-3/+7
|/ | | | | | | | | | | | | | | | | | These changes lay the ground work for the implmentation of domain-scoping, but are benign in that they don't change the token. They include making domain_id a first-class attribute in the user and project entity (i.e. move it out of the 'extra' attribute), filling in domain grant and project support for the kvs backend and fixing a series of issues in the mirgation to make it work for both MySQL, Postgresql and sqlite. A further, separate, commit will actually provide the code to update the actual tokens once the v3 token support has been added. blueprint domain-scoping blueprint default-domain Change-Id: I55ab7947a6a1efbab003bd234856bd3805bb4a63
* Merge "Generate apache-style common access logs"Jenkins2013-02-121-2/+2
|\
| * Generate apache-style common access logsDolph Mathews2013-01-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Taking advantage of this middleware either requires enabling verbose/debug or utilizing an external logging.conf which configures an 'access' logger. Example output: 127.0.0.1 - - [2013-01-29T17:15:02.752214] "GET http://localhost:5000/v3/projects HTTP/1.0" 200 16 This patch also revises etc/logging.conf.sample with some more practical defaults (e.g. supporting externally-managed log rotations) in addition to illustrating how to generate an 'access.log' file. DocImpact Change-Id: I2a6048fa5fbf8661a6859d9e3a259d4cfa5fc589
* | tenant to project in the apisAdam Young2013-01-281-6/+6
|/ | | | Change-Id: I1f6fdf304ca3ff0b6e0e05a71fd944189105c5b6
* Fixes import order nitsZhongyue Luo2013-01-111-1/+1
| | | | Change-Id: I5a527e0f5010171a202de5894d124d213d22a073
* v3 CatalogDolph Mathews2012-11-201-3/+2
| | | | | | | - v3 catalog tests (bug 1023933) - v3 catalog implementation (bug 1023938) Change-Id: Ie118819d25afbff62327ffc8be5b5fda2ef7f4ed
* v3 PoliciesDolph Mathews2012-11-191-0/+7
| | | | | | | | - v3 policy (bp rbac-keystone-api) - v3 policy tests (bug 1023935) - v3 policy implementation (bug 1023939) Change-Id: I163fbb67726c295fe9ed09b68cd18d2273345d29
* Refactor TokenController.authenticate() method.Alvaro Lopez Garcia2012-11-151-0/+8
| | | | Change-Id: I29710f749c67cf83ccad12deee54fe6b71dd53b8
* Reduce total number of fixturesDolph Mathews2012-11-131-9/+9
| | | | | | | | | | | Fixtures are created before every test, so each fixture adds a considerable amount of overhead to the overall test suite. This patch attempts to eliminate fixtures utilized by only a few tests in favor of re-cycling as many fixtures as possible. As a result, a few tests are refactored to depend on different fixtures. Change-Id: Idd4dcef5e38e304d19110c61886887fb64b4d658
* Fix transient test failures (bug 1077065, bug 1045962)Dolph Mathews2012-11-091-6/+6
| | | | Change-Id: I45a1167a473df02a4461286b8a09723315018fcb
* Compare token expiry without secondsAdam Young2012-10-231-2/+4
| | | | | | | | | There is a rounding problem that occurs periodically. Token expiration Does not need to be confirmed to this level of granularity. Bug 1045962 Change-Id: I361c5cf309c47b142c35c4359234fd0e44005e5a
* Backslash continuation cleanupZhongyue Luo2012-09-191-6/+6
| | | | | | | Removed unnecessary backslash continuations Added backslash continuation rules to HACKING.rst Change-Id: Id91da5b7e9be4d4587dded95fe7a0415240213ec
* Delete user tokens after role grant/revokeDolph Mathews2012-09-121-9/+9
| | | | | | | | | | | Delete user tokens when a new role is granted or revoked, in order to prevent old tokens to continue to be valid for the original set of roles for the remainder of the token's lifespan. Addresses CVE-2012-4413. Fixes bug 1041396. Change-Id: Iecf891f274b67408f568b949a7028362c4c30312
* Raise unauthorized if tenant disabled (bug 988920)Dolph Mathews2012-07-161-0/+47
| | | | | | | If the client attempts to explicitly authenticate against a disabled tenant, keystone should return HTTP 401 Unauthorized. Change-Id: I49fe56b6ef8d9f2fc6b9357472dae8964bb9cb9c
* adding keystoneclient testJoe Heck2012-07-121-0/+5
| | | | | | | adding a test for version 0.1.1 with the new tagging scheme (released with/just post Essex) Change-Id: Ic6900717c616feee0bce8253fae1e51ac837b811
* Adding user password setting api callDerek Higgins2012-07-101-0/+89
| | | | | | | | | | | | | | | | | | | Fixes bug 996922 This commit adds a user_crud module that can be used in the public wsgi pipeline, currently the only operation included allows a user to update their own password. In order to change their password a user should make a HTTP PATCH to /v2.0/OS-KSCRUD/users/<userid> with the json data fomated like this {"user": {"password": "DCBA", "original_password": "ABCD"}} in addition to changing the users password, all current tokens will be cleared (for token backends that support listing) and a new token id will be returned. Change-Id: I0cbdafbb29a5b6531ad192f240efb9379f0efd2d
* Fixing pep8 errors in tests/*pyDerek Higgins2012-07-091-12/+12
| | | | | | | | | | | Fixes bug 1022575 Making change to tests/*py to pass pep8 tests. pep8 tests started failing following 39b20acc933cb0fdf73075ddb9a9d82665b84b23 update pep8 to 1.3.3 04df79b64e5f2296df03579700535774e158f623 include tests dir in pep8 tests Change-Id: I2d7dec0a87f1ae9b5f828d7f321b65bf8c06a421
* Refactor 404's into managers & drivers (bug 968519)Dolph Mathews2012-06-271-17/+7
| | | | | | | | | | | | | | | The goal is to move the responsibility of reference checks away from controllers and into the underlying managers & drivers, which can handle the task with equal or greater efficiency. - Tenant references from create_user/update_user are NOT tested due to inconsistencies between backends - Additional test coverage improvements Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287, bug 1006334, and bug 1006344. Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537
* Carrying over token expiry time when token chainingDerek Higgins2012-06-051-0/+12
| | | | | | | | | Fixes bug #998185 This commit causes the token expiry time to be maintained when one token is being created from another Change-Id: I7b61692a60d9227423b93c267864a5abe939ca33
* Merge "Invalidate user tokens when a user is disabled"Jenkins2012-05-191-2/+19
|\
| * Invalidate user tokens when a user is disabledDerek Higgins2012-05-161-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes Bug 997194 Delete valid tokens for a user when they have been disabled Moved logic to delete tokens into update_user, as this can be called directly form the REST API. Also checks if a user is enabled when creating a token from another token, this helps in cases there the backend didn't support listing of tokens (and as a result weren't deleted) Change-Id: Ib5ed73a7873bfa66ef31bf6d0f0322f50e677688
* | Add validations of 'name' field for roles, users and tenants.Mohammed Naser2012-05-151-0/+23
|/ | | | | | Fixes LP Bug #997725 Change-Id: I2759d21bed3c0e42642de96184844e1b9e795bb6
* Invalidate user tokens when password is changedDerek Higgins2012-05-111-0/+23
| | | | | | | | | Fixes bug 996595 This commit will cause all valid tokens to be deleted for a user who's password is changed (implemented for the sql and kvs backends) Change-Id: I6ad7da8957b7041983a3fc91d9ba9368667d06ac
* endpoint-crud 404 (bug 963056)Dolph Mathews2012-03-271-0/+25
| | | | | | | endpoint-create endpoint-delete Change-Id: I70ae14ca385a0ed2d3438b8dc2f7ba93b91f400b
* user-role-crud 404 (bug 963056)Dolph Mathews2012-03-271-0/+43
| | | | | | | user-role-add user-role-remove Change-Id: I1b3cd019d0d110b01ed175822cdd6c9ddb486412
* ec2-credential-crud 404 (bug 963056)Dolph Mathews2012-03-271-0/+35
| | | | | | | | | ec2-credential-create ec2-credential-delete ec2-credential-get ec2-credential-list Change-Id: If8bfb77017f55c24738baf18b937c78b179831e5
* service-crud 404 (bug 963056)Dolph Mathews2012-03-271-0/+14
| | | | | | | service-delete service-get Change-Id: Ifecf4c74abf408b009a783a9d7be0e98219e0fe4
* user-crud 404 (bug 963056)Dolph Mathews2012-03-271-0/+58
| | | | | | | | | | | user-create user-get user-list user-update user-update-password user-delete Change-Id: I7762aaaae9817ea7426039e4700e16b59e18cba1
generated by cgit (git 2.34.1) at 2024-06-09 20:56:58 +0000