aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/tests/unit/test_v3_domain_config.py
diff options
context:
space:
mode:
authorRHE <rebirthmonkey@gmail.com>2017-11-24 13:54:26 +0100
committerRHE <rebirthmonkey@gmail.com>2017-11-24 13:54:26 +0100
commit920a49cfa055733d575282973e23558c33087a4a (patch)
treed371dab34efa5028600dad2e7ca58063626e7ba4 /keystone-moon/keystone/tests/unit/test_v3_domain_config.py
parentef3eefca70d8abb4a00dafb9419ad32738e934b2 (diff)
remove keystone-moon
Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd Signed-off-by: RHE <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/tests/unit/test_v3_domain_config.py')
-rw-r--r--keystone-moon/keystone/tests/unit/test_v3_domain_config.py459
1 files changed, 0 insertions, 459 deletions
diff --git a/keystone-moon/keystone/tests/unit/test_v3_domain_config.py b/keystone-moon/keystone/tests/unit/test_v3_domain_config.py
deleted file mode 100644
index ee716081..00000000
--- a/keystone-moon/keystone/tests/unit/test_v3_domain_config.py
+++ /dev/null
@@ -1,459 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import copy
-import uuid
-
-from oslo_config import cfg
-from six.moves import http_client
-
-from keystone import exception
-from keystone.tests import unit
-from keystone.tests.unit import test_v3
-
-
-CONF = cfg.CONF
-
-
-class DomainConfigTestCase(test_v3.RestfulTestCase):
- """Test domain config support."""
-
- def setUp(self):
- super(DomainConfigTestCase, self).setUp()
-
- self.domain = unit.new_domain_ref()
- self.resource_api.create_domain(self.domain['id'], self.domain)
- self.config = {'ldap': {'url': uuid.uuid4().hex,
- 'user_tree_dn': uuid.uuid4().hex},
- 'identity': {'driver': uuid.uuid4().hex}}
-
- def test_create_config(self):
- """Call ``PUT /domains/{domain_id}/config``."""
- url = '/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']}
- r = self.put(url, body={'config': self.config},
- expected_status=http_client.CREATED)
- res = self.domain_config_api.get_config(self.domain['id'])
- self.assertEqual(self.config, r.result['config'])
- self.assertEqual(self.config, res)
-
- def test_create_config_invalid_domain(self):
- """Call ``PUT /domains/{domain_id}/config``
-
- While creating Identity API-based domain config with an invalid domain
- id provided, the request shall be rejected with a response, 404 domain
- not found.
- """
- invalid_domain_id = uuid.uuid4().hex
- url = '/domains/%(domain_id)s/config' % {
- 'domain_id': invalid_domain_id}
- self.put(url, body={'config': self.config},
- expected_status=exception.DomainNotFound.code)
-
- def test_create_config_twice(self):
- """Check multiple creates don't throw error"""
- self.put('/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']},
- body={'config': self.config},
- expected_status=http_client.CREATED)
- self.put('/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']},
- body={'config': self.config},
- expected_status=http_client.OK)
-
- def test_delete_config(self):
- """Call ``DELETE /domains{domain_id}/config``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- self.delete('/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']})
- self.get('/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']},
- expected_status=exception.DomainConfigNotFound.code)
-
- def test_delete_config_invalid_domain(self):
- """Call ``DELETE /domains{domain_id}/config``
-
- While deleting Identity API-based domain config with an invalid domain
- id provided, the request shall be rejected with a response, 404 domain
- not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- invalid_domain_id = uuid.uuid4().hex
- self.delete('/domains/%(domain_id)s/config' % {
- 'domain_id': invalid_domain_id},
- expected_status=exception.DomainNotFound.code)
-
- def test_delete_config_by_group(self):
- """Call ``DELETE /domains{domain_id}/config/{group}``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- self.delete('/domains/%(domain_id)s/config/ldap' % {
- 'domain_id': self.domain['id']})
- res = self.domain_config_api.get_config(self.domain['id'])
- self.assertNotIn('ldap', res)
-
- def test_delete_config_by_group_invalid_domain(self):
- """Call ``DELETE /domains{domain_id}/config/{group}``
-
- While deleting Identity API-based domain config by group with an
- invalid domain id provided, the request shall be rejected with a
- response 404 domain not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- invalid_domain_id = uuid.uuid4().hex
- self.delete('/domains/%(domain_id)s/config/ldap' % {
- 'domain_id': invalid_domain_id},
- expected_status=exception.DomainNotFound.code)
-
- def test_get_head_config(self):
- """Call ``GET & HEAD for /domains{domain_id}/config``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- url = '/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']}
- r = self.get(url)
- self.assertEqual(self.config, r.result['config'])
- self.head(url, expected_status=http_client.OK)
-
- def test_get_config_by_group(self):
- """Call ``GET & HEAD /domains{domain_id}/config/{group}``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- url = '/domains/%(domain_id)s/config/ldap' % {
- 'domain_id': self.domain['id']}
- r = self.get(url)
- self.assertEqual({'ldap': self.config['ldap']}, r.result['config'])
- self.head(url, expected_status=http_client.OK)
-
- def test_get_config_by_group_invalid_domain(self):
- """Call ``GET & HEAD /domains{domain_id}/config/{group}``
-
- While retrieving Identity API-based domain config by group with an
- invalid domain id provided, the request shall be rejected with a
- response 404 domain not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- invalid_domain_id = uuid.uuid4().hex
- self.get('/domains/%(domain_id)s/config/ldap' % {
- 'domain_id': invalid_domain_id},
- expected_status=exception.DomainNotFound.code)
-
- def test_get_config_by_option(self):
- """Call ``GET & HEAD /domains{domain_id}/config/{group}/{option}``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- url = '/domains/%(domain_id)s/config/ldap/url' % {
- 'domain_id': self.domain['id']}
- r = self.get(url)
- self.assertEqual({'url': self.config['ldap']['url']},
- r.result['config'])
- self.head(url, expected_status=http_client.OK)
-
- def test_get_config_by_option_invalid_domain(self):
- """Call ``GET & HEAD /domains{domain_id}/config/{group}/{option}``
-
- While retrieving Identity API-based domain config by option with an
- invalid domain id provided, the request shall be rejected with a
- response 404 domain not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- invalid_domain_id = uuid.uuid4().hex
- self.get('/domains/%(domain_id)s/config/ldap/url' % {
- 'domain_id': invalid_domain_id},
- expected_status=exception.DomainNotFound.code)
-
- def test_get_non_existant_config(self):
- """Call ``GET /domains{domain_id}/config when no config defined``."""
- self.get('/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']},
- expected_status=http_client.NOT_FOUND)
-
- def test_get_non_existant_config_invalid_domain(self):
- """Call ``GET /domains{domain_id}/config when no config defined``
-
- While retrieving non-existent Identity API-based domain config with an
- invalid domain id provided, the request shall be rejected with a
- response 404 domain not found.
- """
- invalid_domain_id = uuid.uuid4().hex
- self.get('/domains/%(domain_id)s/config' % {
- 'domain_id': invalid_domain_id},
- expected_status=exception.DomainNotFound.code)
-
- def test_get_non_existant_config_group(self):
- """Call ``GET /domains{domain_id}/config/{group_not_exist}``."""
- config = {'ldap': {'url': uuid.uuid4().hex}}
- self.domain_config_api.create_config(self.domain['id'], config)
- self.get('/domains/%(domain_id)s/config/identity' % {
- 'domain_id': self.domain['id']},
- expected_status=http_client.NOT_FOUND)
-
- def test_get_non_existant_config_group_invalid_domain(self):
- """Call ``GET /domains{domain_id}/config/{group_not_exist}``
-
- While retrieving non-existent Identity API-based domain config group
- with an invalid domain id provided, the request shall be rejected with
- a response, 404 domain not found.
- """
- config = {'ldap': {'url': uuid.uuid4().hex}}
- self.domain_config_api.create_config(self.domain['id'], config)
- invalid_domain_id = uuid.uuid4().hex
- self.get('/domains/%(domain_id)s/config/identity' % {
- 'domain_id': invalid_domain_id},
- expected_status=exception.DomainNotFound.code)
-
- def test_get_non_existant_config_option(self):
- """Call ``GET /domains{domain_id}/config/group/{option_not_exist}``."""
- config = {'ldap': {'url': uuid.uuid4().hex}}
- self.domain_config_api.create_config(self.domain['id'], config)
- self.get('/domains/%(domain_id)s/config/ldap/user_tree_dn' % {
- 'domain_id': self.domain['id']},
- expected_status=http_client.NOT_FOUND)
-
- def test_get_non_existant_config_option_invalid_domain(self):
- """Call ``GET /domains{domain_id}/config/group/{option_not_exist}``
-
- While retrieving non-existent Identity API-based domain config option
- with an invalid domain id provided, the request shall be rejected with
- a response, 404 domain not found.
- """
- config = {'ldap': {'url': uuid.uuid4().hex}}
- self.domain_config_api.create_config(self.domain['id'], config)
- invalid_domain_id = uuid.uuid4().hex
- self.get('/domains/%(domain_id)s/config/ldap/user_tree_dn' % {
- 'domain_id': invalid_domain_id},
- expected_status=exception.DomainNotFound.code)
-
- def test_update_config(self):
- """Call ``PATCH /domains/{domain_id}/config``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- new_config = {'ldap': {'url': uuid.uuid4().hex},
- 'identity': {'driver': uuid.uuid4().hex}}
- r = self.patch('/domains/%(domain_id)s/config' % {
- 'domain_id': self.domain['id']},
- body={'config': new_config})
- res = self.domain_config_api.get_config(self.domain['id'])
- expected_config = copy.deepcopy(self.config)
- expected_config['ldap']['url'] = new_config['ldap']['url']
- expected_config['identity']['driver'] = (
- new_config['identity']['driver'])
- self.assertEqual(expected_config, r.result['config'])
- self.assertEqual(expected_config, res)
-
- def test_update_config_invalid_domain(self):
- """Call ``PATCH /domains/{domain_id}/config``
-
- While updating Identity API-based domain config with an invalid domain
- id provided, the request shall be rejected with a response, 404 domain
- not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- new_config = {'ldap': {'url': uuid.uuid4().hex},
- 'identity': {'driver': uuid.uuid4().hex}}
- invalid_domain_id = uuid.uuid4().hex
- self.patch('/domains/%(domain_id)s/config' % {
- 'domain_id': invalid_domain_id},
- body={'config': new_config},
- expected_status=exception.DomainNotFound.code)
-
- def test_update_config_group(self):
- """Call ``PATCH /domains/{domain_id}/config/{group}``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- new_config = {'ldap': {'url': uuid.uuid4().hex,
- 'user_filter': uuid.uuid4().hex}}
- r = self.patch('/domains/%(domain_id)s/config/ldap' % {
- 'domain_id': self.domain['id']},
- body={'config': new_config})
- res = self.domain_config_api.get_config(self.domain['id'])
- expected_config = copy.deepcopy(self.config)
- expected_config['ldap']['url'] = new_config['ldap']['url']
- expected_config['ldap']['user_filter'] = (
- new_config['ldap']['user_filter'])
- self.assertEqual(expected_config, r.result['config'])
- self.assertEqual(expected_config, res)
-
- def test_update_config_group_invalid_domain(self):
- """Call ``PATCH /domains/{domain_id}/config/{group}``
-
- While updating Identity API-based domain config group with an invalid
- domain id provided, the request shall be rejected with a response,
- 404 domain not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- new_config = {'ldap': {'url': uuid.uuid4().hex,
- 'user_filter': uuid.uuid4().hex}}
- invalid_domain_id = uuid.uuid4().hex
- self.patch('/domains/%(domain_id)s/config/ldap' % {
- 'domain_id': invalid_domain_id},
- body={'config': new_config},
- expected_status=exception.DomainNotFound.code)
-
- def test_update_config_invalid_group(self):
- """Call ``PATCH /domains/{domain_id}/config/{invalid_group}``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
-
- # Trying to update a group that is neither whitelisted or sensitive
- # should result in Forbidden.
- invalid_group = uuid.uuid4().hex
- new_config = {invalid_group: {'url': uuid.uuid4().hex,
- 'user_filter': uuid.uuid4().hex}}
- self.patch('/domains/%(domain_id)s/config/%(invalid_group)s' % {
- 'domain_id': self.domain['id'], 'invalid_group': invalid_group},
- body={'config': new_config},
- expected_status=http_client.FORBIDDEN)
- # Trying to update a valid group, but one that is not in the current
- # config should result in NotFound
- config = {'ldap': {'suffix': uuid.uuid4().hex}}
- self.domain_config_api.create_config(self.domain['id'], config)
- new_config = {'identity': {'driver': uuid.uuid4().hex}}
- self.patch('/domains/%(domain_id)s/config/identity' % {
- 'domain_id': self.domain['id']},
- body={'config': new_config},
- expected_status=http_client.NOT_FOUND)
-
- def test_update_config_invalid_group_invalid_domain(self):
- """Call ``PATCH /domains/{domain_id}/config/{invalid_group}``
-
- While updating Identity API-based domain config with an invalid group
- and an invalid domain id provided, the request shall be rejected
- with a response, 404 domain not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- invalid_group = uuid.uuid4().hex
- new_config = {invalid_group: {'url': uuid.uuid4().hex,
- 'user_filter': uuid.uuid4().hex}}
- invalid_domain_id = uuid.uuid4().hex
- self.patch('/domains/%(domain_id)s/config/%(invalid_group)s' % {
- 'domain_id': invalid_domain_id,
- 'invalid_group': invalid_group},
- body={'config': new_config},
- expected_status=exception.DomainNotFound.code)
-
- def test_update_config_option(self):
- """Call ``PATCH /domains/{domain_id}/config/{group}/{option}``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- new_config = {'url': uuid.uuid4().hex}
- r = self.patch('/domains/%(domain_id)s/config/ldap/url' % {
- 'domain_id': self.domain['id']},
- body={'config': new_config})
- res = self.domain_config_api.get_config(self.domain['id'])
- expected_config = copy.deepcopy(self.config)
- expected_config['ldap']['url'] = new_config['url']
- self.assertEqual(expected_config, r.result['config'])
- self.assertEqual(expected_config, res)
-
- def test_update_config_option_invalid_domain(self):
- """Call ``PATCH /domains/{domain_id}/config/{group}/{option}``
-
- While updating Identity API-based domain config option with an invalid
- domain id provided, the request shall be rejected with a response, 404
- domain not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- new_config = {'url': uuid.uuid4().hex}
- invalid_domain_id = uuid.uuid4().hex
- self.patch('/domains/%(domain_id)s/config/ldap/url' % {
- 'domain_id': invalid_domain_id},
- body={'config': new_config},
- expected_status=exception.DomainNotFound.code)
-
- def test_update_config_invalid_option(self):
- """Call ``PATCH /domains/{domain_id}/config/{group}/{invalid}``."""
- self.domain_config_api.create_config(self.domain['id'], self.config)
- invalid_option = uuid.uuid4().hex
- new_config = {'ldap': {invalid_option: uuid.uuid4().hex}}
- # Trying to update an option that is neither whitelisted or sensitive
- # should result in Forbidden.
- self.patch(
- '/domains/%(domain_id)s/config/ldap/%(invalid_option)s' % {
- 'domain_id': self.domain['id'],
- 'invalid_option': invalid_option},
- body={'config': new_config},
- expected_status=http_client.FORBIDDEN)
- # Trying to update a valid option, but one that is not in the current
- # config should result in NotFound
- new_config = {'suffix': uuid.uuid4().hex}
- self.patch(
- '/domains/%(domain_id)s/config/ldap/suffix' % {
- 'domain_id': self.domain['id']},
- body={'config': new_config},
- expected_status=http_client.NOT_FOUND)
-
- def test_update_config_invalid_option_invalid_domain(self):
- """Call ``PATCH /domains/{domain_id}/config/{group}/{invalid}``
-
- While updating Identity API-based domain config with an invalid option
- and an invalid domain id provided, the request shall be rejected
- with a response, 404 domain not found.
- """
- self.domain_config_api.create_config(self.domain['id'], self.config)
- invalid_option = uuid.uuid4().hex
- new_config = {'ldap': {invalid_option: uuid.uuid4().hex}}
- invalid_domain_id = uuid.uuid4().hex
- self.patch(
- '/domains/%(domain_id)s/config/ldap/%(invalid_option)s' % {
- 'domain_id': invalid_domain_id,
- 'invalid_option': invalid_option},
- body={'config': new_config},
- expected_status=exception.DomainNotFound.code)
-
- def test_get_config_default(self):
- """Call ``GET /domains/config/default``."""
- # Create a config that overrides a few of the options so that we can
- # check that only the defaults are returned.
- self.domain_config_api.create_config(self.domain['id'], self.config)
- url = '/domains/config/default'
- r = self.get(url)
- default_config = r.result['config']
- for group in default_config:
- for option in default_config[group]:
- self.assertEqual(getattr(getattr(CONF, group), option),
- default_config[group][option])
-
- def test_get_config_default_by_group(self):
- """Call ``GET /domains/config/{group}/default``."""
- # Create a config that overrides a few of the options so that we can
- # check that only the defaults are returned.
- self.domain_config_api.create_config(self.domain['id'], self.config)
- url = '/domains/config/ldap/default'
- r = self.get(url)
- default_config = r.result['config']
- for option in default_config['ldap']:
- self.assertEqual(getattr(CONF.ldap, option),
- default_config['ldap'][option])
-
- def test_get_config_default_by_option(self):
- """Call ``GET /domains/config/{group}/{option}/default``."""
- # Create a config that overrides a few of the options so that we can
- # check that only the defaults are returned.
- self.domain_config_api.create_config(self.domain['id'], self.config)
- url = '/domains/config/ldap/url/default'
- r = self.get(url)
- default_config = r.result['config']
- self.assertEqual(CONF.ldap.url, default_config['url'])
-
- def test_get_config_default_by_invalid_group(self):
- """Call ``GET for /domains/config/{bad-group}/default``."""
- # First try a valid group, but one we don't support for domain config
- self.get('/domains/config/resouce/default',
- expected_status=http_client.FORBIDDEN)
-
- # Now try a totally invalid group
- url = '/domains/config/%s/default' % uuid.uuid4().hex
- self.get(url, expected_status=http_client.FORBIDDEN)
-
- def test_get_config_default_by_invalid_option(self):
- """Call ``GET for /domains/config/{group}/{bad-option}/default``."""
- # First try a valid option, but one we don't support for domain config,
- # i.e. one that is in the sensitive options list
- self.get('/domains/config/ldap/password/default',
- expected_status=http_client.FORBIDDEN)
-
- # Now try a totally invalid option
- url = '/domains/config/ldap/%s/default' % uuid.uuid4().hex
- self.get(url, expected_status=http_client.FORBIDDEN)