From a066b69fbe1ad2e3f577a3a21487d2eaebe22a15 Mon Sep 17 00:00:00 2001 From: Allan Feid Date: Tue, 12 Mar 2013 15:47:45 -0400 Subject: Fix live ldap tests Clean up clear_live_database so that all fixture data is removed. Make sure we use the configured trees for each ldap object in tests. Ensure all live tests pass or are skipped where appropriate. Fixes: bug #1154277 Change-Id: I2eb4efe78e2c9d2a18bce339765b3ab5d20ac8f5 --- tests/_ldap_livetest.py | 93 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 61 insertions(+), 32 deletions(-) (limited to 'tests/_ldap_livetest.py') diff --git a/tests/_ldap_livetest.py b/tests/_ldap_livetest.py index f74bf16c..7eb343e6 100644 --- a/tests/_ldap_livetest.py +++ b/tests/_ldap_livetest.py @@ -14,6 +14,9 @@ # License for the specific language governing permissions and limitations # under the License. +import ldap +import ldap.modlist +import nose.exc import subprocess from keystone import config @@ -27,44 +30,70 @@ import test_backend_ldap CONF = config.CONF -def delete_object(name): - devnull = open('/dev/null', 'w') - dn = '%s,%s' % (name, CONF.ldap.suffix) - subprocess.call(['ldapdelete', - '-x', - '-D', CONF.ldap.user, - '-H', CONF.ldap.url, - '-w', CONF.ldap.password, - dn], - stderr=devnull) - - -def clear_live_database(): - roles = ['keystone_admin', 'fake1', 'fake2', 'useless'] - groups = ['baz', 'bar', 'tenent4add', 'fake1', 'fake2'] - users = ['foo', 'two', 'fake1', 'fake2', 'no_meta'] - - for group in groups: - for role in roles: - delete_object('cn=%s,cn=%s,ou=Groups' % (role, group)) - delete_object('cn=%s,ou=Groups' % group) - - for user in users: - delete_object('cn=%s,ou=Users' % user) - - for role in roles: - delete_object('cn=%s,ou=Roles' % role) +def create_object(dn, attrs): + conn = ldap.initialize(CONF.ldap.url) + conn.simple_bind_s(CONF.ldap.user, CONF.ldap.password) + ldif = ldap.modlist.addModlist(attrs) + conn.add_s(dn, ldif) + conn.unbind_s() class LiveLDAPIdentity(test_backend_ldap.LDAPIdentity): - def setUp(self): - super(LiveLDAPIdentity, self).setUp() + + def clear_database(self): + devnull = open('/dev/null', 'w') + subprocess.call(['ldapdelete', + '-x', + '-D', CONF.ldap.user, + '-H', CONF.ldap.url, + '-w', CONF.ldap.password, + '-r', CONF.ldap.suffix], + stderr=devnull) + + if CONF.ldap.suffix.startswith('ou='): + tree_dn_attrs = {'objectclass': 'organizationalUnit', + 'ou': 'openstack'} + else: + tree_dn_attrs = {'objectclass': ['dcObject', 'organizationalUnit'], + 'dc': 'openstack', + 'ou': 'openstack'} + create_object(CONF.ldap.suffix, tree_dn_attrs) + create_object(CONF.ldap.user_tree_dn, + {'objectclass': 'organizationalUnit', + 'ou': 'Users'}) + create_object(CONF.ldap.role_tree_dn, + {'objectclass': 'organizationalUnit', + 'ou': 'Roles'}) + create_object(CONF.ldap.tenant_tree_dn, + {'objectclass': 'organizationalUnit', + 'ou': 'Projects'}) + + # NOTE(crazed): This feature is currently being added + create_object("ou=Groups,%s" % CONF.ldap.suffix, + {'objectclass': 'organizationalUnit', + 'ou': 'Groups'}) + + def _set_config(self): self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_liveldap.conf')]) - clear_live_database() - self.identity_api = identity_ldap.Identity() - self.load_fixtures(default_fixtures) + + def test_build_tree(self): + """Regression test for building the tree names + """ + #logic is different from the fake backend. + user_api = identity_ldap.UserApi(CONF) + self.assertTrue(user_api) + self.assertEquals(user_api.tree_dn, CONF.ldap.user_tree_dn) def tearDown(self): test.TestCase.tearDown(self) + + def test_user_enable_attribute_mask(self): + raise nose.exc.SkipTest('Test is for Active Directory Only') + + def test_configurable_allowed_project_actions(self): + raise nose.exc.SkipTest('Blocked by bug 1155234') + + def test_project_crud(self): + raise nose.exc.SkipTest('Blocked by bug 1155234') -- cgit