From 2e1558ebd2dba1d2adb89160d1bb1f4e2020f762 Mon Sep 17 00:00:00 2001 From: termie Date: Wed, 28 Dec 2011 13:58:49 -0800 Subject: clean up keystoneclient setup --- keystonelight/keystone_compat.py | 17 +++++++++----- keystonelight/test.py | 16 +++++++++++++- tests/test_backend_kvs.py | 4 ++-- tests/test_keystoneclient_compat.py | 44 ++++++++++++++----------------------- 4 files changed, 45 insertions(+), 36 deletions(-) diff --git a/keystonelight/keystone_compat.py b/keystonelight/keystone_compat.py index 85f947fa..0055955e 100644 --- a/keystonelight/keystone_compat.py +++ b/keystonelight/keystone_compat.py @@ -150,7 +150,14 @@ class KeystoneController(service.BaseApplication): tenant_id=tenant_ref['id'], extras=extras_ref) - return self._format_authenticate(token_ref, catalog_ref) + # TODO(termie): optimize this call at some point and put it into the + # the return for extras + # fill out the roles in the extras + roles_ref = [] + for role_id in extras_ref.get('roles', []): + roles_ref.append(self.identity_api.get_role(context, role_id)) + + return self._format_authenticate(token_ref, roles_ref, catalog_ref) #admin-only def validate_token(self, context, token_id, belongs_to=None): @@ -220,11 +227,9 @@ class KeystoneController(service.BaseApplication): context, tenant_id=tenant_id, data=tenant_ref) return {'tenant': tenant} - def _format_token(self, token_ref): + def _format_token(self, token_ref, roles_ref): user_ref = token_ref['user'] extras_ref = token_ref['extras'] - roles = extras_ref.get('roles', []) - roles_ref = [{'id': 1, 'name': x} for x in roles] o = {'access': {'token': {'id': token_ref['id'], 'expires': token_ref['expires'] }, @@ -242,8 +247,8 @@ class KeystoneController(service.BaseApplication): o['access']['token']['tenant'] = token_ref['tenant'] return o - def _format_authenticate(self, token_ref, catalog_ref): - o = self._format_token(token_ref) + def _format_authenticate(self, token_ref, roles_ref, catalog_ref): + o = self._format_token(token_ref, roles_ref) o['access']['serviceCatalog'] = self._format_catalog(catalog_ref) return o diff --git a/keystonelight/test.py b/keystonelight/test.py index bcfee343..a0efb40d 100644 --- a/keystonelight/test.py +++ b/keystonelight/test.py @@ -96,8 +96,22 @@ class TestCase(unittest.TestCase): sys.path.remove(path) super(TestCase, self).tearDown() + #TODO(termie): probably make this take an argument and use that for `options` + def load_backends(self): + """Hacky shortcut to load the backends for data manipulation. + + Expects self.options to have already been set. + + """ + self.identity_api = utils.import_object( + self.options['identity_driver'], options=self.options) + self.token_api = utils.import_object( + self.options['token_driver'], options=self.options) + self.catalog_api = utils.import_object( + self.options['catalog_driver'], options=self.options) + def load_fixtures(self, fixtures): - """Really quite basic and naive fixture loading based on a python module. + """Hacky basic and naive fixture loading based on a python module. Expects that the various APIs into the various services are already defined on `self`. diff --git a/tests/test_backend_kvs.py b/tests/test_backend_kvs.py index 8ec1e607..d23605b6 100644 --- a/tests/test_backend_kvs.py +++ b/tests/test_backend_kvs.py @@ -9,8 +9,8 @@ import default_fixtures class KvsIdentity(test.TestCase): def setUp(self): super(KvsIdentity, self).setUp() - options = self.appconfig('default') - self.identity_api = kvs.KvsIdentity(options=options, db={}) + self.options = self.appconfig('default') + self.identity_api = kvs.KvsIdentity(options=self.options, db={}) self.load_fixtures(default_fixtures) def test_authenticate_bad_user(self): diff --git a/tests/test_keystoneclient_compat.py b/tests/test_keystoneclient_compat.py index 1c64ddb3..e0eec5f4 100644 --- a/tests/test_keystoneclient_compat.py +++ b/tests/test_keystoneclient_compat.py @@ -2,6 +2,8 @@ from keystonelight import models from keystonelight import test from keystonelight import utils +import default_fixtures + KEYSTONECLIENT_REPO = 'git://github.com/openstack/python-keystoneclient.git' @@ -37,32 +39,18 @@ class MasterCompatTestCase(CompatTestCase): self.app = self.loadapp('keystoneclient_compat_master') self.options = self.appconfig('keystoneclient_compat_master') - - self.identity_backend = utils.import_object( - self.options['identity_driver'], options=self.options) - self.token_backend = utils.import_object( - self.options['token_driver'], options=self.options) - self.catalog_backend = utils.import_object( - self.options['catalog_driver'], options=self.options) + self.load_backends() + self.load_fixtures(default_fixtures) self.server = self.serveapp('keystoneclient_compat_master') - self.tenant_bar = self.identity_backend.create_tenant( - 'bar', - models.Tenant(id='bar', name='BAR')) - - self.user_foo = self.identity_backend.create_user( - 'foo', - models.User(id='foo', - name='FOO', - tenants=[self.tenant_bar['id']], - password='foo')) - - self.extras_bar_foo = self.identity_backend.create_extras( + # TODO(termie): is_admin is being deprecated once the policy stuff + # is all working + # TODO(termie): add an admin user to the fixtures and use that user + # override the fixtures, for now + self.extras_foobar = self.identity_api.update_extras( self.user_foo['id'], self.tenant_bar['id'], - dict(roles=[], - is_admin='1', - roles_links=[])) + dict(roles=['keystone_admin'], is_admin='1')) # def test_authenticate(self): # from keystoneclient.v2_0 import client as ks_client @@ -77,7 +65,7 @@ class MasterCompatTestCase(CompatTestCase): def test_authenticate_tenant_name_and_tenants(self): client = self._client(auth_url=self._url(), username='FOO', - password='foo', + password='foo2', tenant_name='BAR') tenants = client.tenants.list() self.assertEquals(tenants[0].id, self.tenant_bar['id']) @@ -85,7 +73,7 @@ class MasterCompatTestCase(CompatTestCase): def test_authenticate_tenant_id_and_tenants(self): client = self._client(auth_url=self._url(), username='FOO', - password='foo', + password='foo2', tenant_id='bar') tenants = client.tenants.list() self.assertEquals(tenants[0].id, self.tenant_bar['id']) @@ -93,11 +81,13 @@ class MasterCompatTestCase(CompatTestCase): # FIXME(ja): this test should require the "keystone:admin" roled # (probably the role set via --keystone_admin_role flag) # FIXME(ja): add a test that admin endpoint is only sent to admin user - # FIXME(ja): add a test that admin endpoint returns unauthorized if not admin + # FIXME(ja): add a test that admin endpoint returns unauthorized if not + # admin def test_tenant_create(self): client = self._client(auth_url=self._url(), username='FOO', - password='foo', + password='foo2', tenant_name='BAR') - client.tenants.create("hello", description="My new tenant!", enabled=True) + client.tenants.create( + "hello", description="My new tenant!", enabled=True) # FIXME(ja): assert tenant was created -- cgit