diff options
author | WuKong <rebirthmonkey@gmail.com> | 2015-06-30 18:47:29 +0200 |
---|---|---|
committer | WuKong <rebirthmonkey@gmail.com> | 2015-06-30 18:47:29 +0200 |
commit | b8c756ecdd7cced1db4300935484e8c83701c82e (patch) | |
tree | 87e51107d82b217ede145de9d9d59e2100725bd7 /keystone-moon/keystone/tests/unit/backend/role | |
parent | c304c773bae68fb854ed9eab8fb35c4ef17cf136 (diff) |
migrate moon code from github to opnfv
Change-Id: Ice53e368fd1114d56a75271aa9f2e598e3eba604
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/tests/unit/backend/role')
4 files changed, 331 insertions, 0 deletions
diff --git a/keystone-moon/keystone/tests/unit/backend/role/__init__.py b/keystone-moon/keystone/tests/unit/backend/role/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/keystone-moon/keystone/tests/unit/backend/role/__init__.py diff --git a/keystone-moon/keystone/tests/unit/backend/role/core.py b/keystone-moon/keystone/tests/unit/backend/role/core.py new file mode 100644 index 00000000..f6e47fe9 --- /dev/null +++ b/keystone-moon/keystone/tests/unit/backend/role/core.py @@ -0,0 +1,130 @@ +# Copyright 2012 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import copy +import uuid + +from keystone import exception +from keystone.tests import unit as tests +from keystone.tests.unit import default_fixtures + + +class RoleTests(object): + + def test_get_role_404(self): + self.assertRaises(exception.RoleNotFound, + self.role_api.get_role, + uuid.uuid4().hex) + + def test_create_duplicate_role_name_fails(self): + role = {'id': 'fake1', + 'name': 'fake1name'} + self.role_api.create_role('fake1', role) + role['id'] = 'fake2' + self.assertRaises(exception.Conflict, + self.role_api.create_role, + 'fake2', + role) + + def test_rename_duplicate_role_name_fails(self): + role1 = { + 'id': 'fake1', + 'name': 'fake1name' + } + role2 = { + 'id': 'fake2', + 'name': 'fake2name' + } + self.role_api.create_role('fake1', role1) + self.role_api.create_role('fake2', role2) + role1['name'] = 'fake2name' + self.assertRaises(exception.Conflict, + self.role_api.update_role, + 'fake1', + role1) + + def test_role_crud(self): + role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} + self.role_api.create_role(role['id'], role) + role_ref = self.role_api.get_role(role['id']) + role_ref_dict = {x: role_ref[x] for x in role_ref} + self.assertDictEqual(role_ref_dict, role) + + role['name'] = uuid.uuid4().hex + updated_role_ref = self.role_api.update_role(role['id'], role) + role_ref = self.role_api.get_role(role['id']) + role_ref_dict = {x: role_ref[x] for x in role_ref} + self.assertDictEqual(role_ref_dict, role) + self.assertDictEqual(role_ref_dict, updated_role_ref) + + self.role_api.delete_role(role['id']) + self.assertRaises(exception.RoleNotFound, + self.role_api.get_role, + role['id']) + + def test_update_role_404(self): + role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} + self.assertRaises(exception.RoleNotFound, + self.role_api.update_role, + role['id'], + role) + + def test_list_roles(self): + roles = self.role_api.list_roles() + self.assertEqual(len(default_fixtures.ROLES), len(roles)) + role_ids = set(role['id'] for role in roles) + expected_role_ids = set(role['id'] for role in default_fixtures.ROLES) + self.assertEqual(expected_role_ids, role_ids) + + @tests.skip_if_cache_disabled('role') + def test_cache_layer_role_crud(self): + role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} + role_id = role['id'] + # Create role + self.role_api.create_role(role_id, role) + role_ref = self.role_api.get_role(role_id) + updated_role_ref = copy.deepcopy(role_ref) + updated_role_ref['name'] = uuid.uuid4().hex + # Update role, bypassing the role api manager + self.role_api.driver.update_role(role_id, updated_role_ref) + # Verify get_role still returns old ref + self.assertDictEqual(role_ref, self.role_api.get_role(role_id)) + # Invalidate Cache + self.role_api.get_role.invalidate(self.role_api, role_id) + # Verify get_role returns the new role_ref + self.assertDictEqual(updated_role_ref, + self.role_api.get_role(role_id)) + # Update role back to original via the assignment api manager + self.role_api.update_role(role_id, role_ref) + # Verify get_role returns the original role ref + self.assertDictEqual(role_ref, self.role_api.get_role(role_id)) + # Delete role bypassing the role api manager + self.role_api.driver.delete_role(role_id) + # Verify get_role still returns the role_ref + self.assertDictEqual(role_ref, self.role_api.get_role(role_id)) + # Invalidate cache + self.role_api.get_role.invalidate(self.role_api, role_id) + # Verify RoleNotFound is now raised + self.assertRaises(exception.RoleNotFound, + self.role_api.get_role, + role_id) + # recreate role + self.role_api.create_role(role_id, role) + self.role_api.get_role(role_id) + # delete role via the assignment api manager + self.role_api.delete_role(role_id) + # verity RoleNotFound is now raised + self.assertRaises(exception.RoleNotFound, + self.role_api.get_role, + role_id) diff --git a/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py b/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py new file mode 100644 index 00000000..ba4b7c6e --- /dev/null +++ b/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py @@ -0,0 +1,161 @@ +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import uuid + +from oslo_config import cfg + +from keystone import exception +from keystone.tests import unit as tests +from keystone.tests.unit.backend import core_ldap +from keystone.tests.unit.backend.role import core as core_role +from keystone.tests.unit import default_fixtures + + +CONF = cfg.CONF + + +class LdapRoleCommon(core_ldap.BaseBackendLdapCommon, core_role.RoleTests): + """Tests that should be run in every LDAP configuration. + + Include additional tests that are unique to LDAP (or need to be overridden) + which should be run for all the various LDAP configurations we test. + + """ + pass + + +class LdapRole(LdapRoleCommon, core_ldap.BaseBackendLdap, tests.TestCase): + """Test in an all-LDAP configuration. + + Include additional tests that are unique to LDAP (or need to be overridden) + which only need to be run in a basic LDAP configurations. + + """ + def test_configurable_allowed_role_actions(self): + role = {'id': u'fäké1', 'name': u'fäké1'} + self.role_api.create_role(u'fäké1', role) + role_ref = self.role_api.get_role(u'fäké1') + self.assertEqual(u'fäké1', role_ref['id']) + + role['name'] = u'fäké2' + self.role_api.update_role(u'fäké1', role) + + self.role_api.delete_role(u'fäké1') + self.assertRaises(exception.RoleNotFound, + self.role_api.get_role, + u'fäké1') + + def test_configurable_forbidden_role_actions(self): + self.config_fixture.config( + group='ldap', role_allow_create=False, role_allow_update=False, + role_allow_delete=False) + self.load_backends() + + role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} + self.assertRaises(exception.ForbiddenAction, + self.role_api.create_role, + role['id'], + role) + + self.role_member['name'] = uuid.uuid4().hex + self.assertRaises(exception.ForbiddenAction, + self.role_api.update_role, + self.role_member['id'], + self.role_member) + + self.assertRaises(exception.ForbiddenAction, + self.role_api.delete_role, + self.role_member['id']) + + def test_role_filter(self): + role_ref = self.role_api.get_role(self.role_member['id']) + self.assertDictEqual(role_ref, self.role_member) + + self.config_fixture.config(group='ldap', + role_filter='(CN=DOES_NOT_MATCH)') + self.load_backends() + # NOTE(morganfainberg): CONF.ldap.role_filter will not be + # dynamically changed at runtime. This invalidate is a work-around for + # the expectation that it is safe to change config values in tests that + # could affect what the drivers would return up to the manager. This + # solves this assumption when working with aggressive (on-create) + # cache population. + self.role_api.get_role.invalidate(self.role_api, + self.role_member['id']) + self.assertRaises(exception.RoleNotFound, + self.role_api.get_role, + self.role_member['id']) + + def test_role_attribute_mapping(self): + self.config_fixture.config(group='ldap', role_name_attribute='ou') + self.clear_database() + self.load_backends() + self.load_fixtures(default_fixtures) + # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be + # dynamically changed at runtime. This invalidate is a work-around for + # the expectation that it is safe to change config values in tests that + # could affect what the drivers would return up to the manager. This + # solves this assumption when working with aggressive (on-create) + # cache population. + self.role_api.get_role.invalidate(self.role_api, + self.role_member['id']) + role_ref = self.role_api.get_role(self.role_member['id']) + self.assertEqual(self.role_member['id'], role_ref['id']) + self.assertEqual(self.role_member['name'], role_ref['name']) + + self.config_fixture.config(group='ldap', role_name_attribute='sn') + self.load_backends() + # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be + # dynamically changed at runtime. This invalidate is a work-around for + # the expectation that it is safe to change config values in tests that + # could affect what the drivers would return up to the manager. This + # solves this assumption when working with aggressive (on-create) + # cache population. + self.role_api.get_role.invalidate(self.role_api, + self.role_member['id']) + role_ref = self.role_api.get_role(self.role_member['id']) + self.assertEqual(self.role_member['id'], role_ref['id']) + self.assertNotIn('name', role_ref) + + def test_role_attribute_ignore(self): + self.config_fixture.config(group='ldap', + role_attribute_ignore=['name']) + self.clear_database() + self.load_backends() + self.load_fixtures(default_fixtures) + # NOTE(morganfainberg): CONF.ldap.role_attribute_ignore will not be + # dynamically changed at runtime. This invalidate is a work-around for + # the expectation that it is safe to change config values in tests that + # could affect what the drivers would return up to the manager. This + # solves this assumption when working with aggressive (on-create) + # cache population. + self.role_api.get_role.invalidate(self.role_api, + self.role_member['id']) + role_ref = self.role_api.get_role(self.role_member['id']) + self.assertEqual(self.role_member['id'], role_ref['id']) + self.assertNotIn('name', role_ref) + + +class LdapIdentitySqlEverythingElseRole( + core_ldap.BaseBackendLdapIdentitySqlEverythingElse, LdapRoleCommon, + tests.TestCase): + """Test Identity in LDAP, Everything else in SQL.""" + pass + + +class LdapIdentitySqlEverythingElseWithMappingRole( + LdapIdentitySqlEverythingElseRole, + core_ldap.BaseBackendLdapIdentitySqlEverythingElseWithMapping): + """Test ID mapping of default LDAP backend.""" + pass diff --git a/keystone-moon/keystone/tests/unit/backend/role/test_sql.py b/keystone-moon/keystone/tests/unit/backend/role/test_sql.py new file mode 100644 index 00000000..79ff148a --- /dev/null +++ b/keystone-moon/keystone/tests/unit/backend/role/test_sql.py @@ -0,0 +1,40 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import uuid + +from keystone.common import sql +from keystone import exception +from keystone.tests.unit.backend import core_sql +from keystone.tests.unit.backend.role import core + + +class SqlRoleModels(core_sql.BaseBackendSqlModels): + + def test_role_model(self): + cols = (('id', sql.String, 64), + ('name', sql.String, 255)) + self.assertExpectedSchema('role', cols) + + +class SqlRole(core_sql.BaseBackendSqlTests, core.RoleTests): + + def test_create_null_role_name(self): + role = {'id': uuid.uuid4().hex, + 'name': None} + self.assertRaises(exception.UnexpectedError, + self.role_api.create_role, + role['id'], + role) + self.assertRaises(exception.RoleNotFound, + self.role_api.get_role, + role['id']) |