diff options
Diffstat (limited to 'keystone-moon/keystone/tests/unit/backend/role/test_ldap.py')
-rw-r--r-- | keystone-moon/keystone/tests/unit/backend/role/test_ldap.py | 161 |
1 files changed, 0 insertions, 161 deletions
diff --git a/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py b/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py deleted file mode 100644 index 44f2b612..00000000 --- a/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py +++ /dev/null @@ -1,161 +0,0 @@ -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import uuid - -from oslo_config import cfg - -from keystone import exception -from keystone.tests import unit -from keystone.tests.unit.backend import core_ldap -from keystone.tests.unit.backend.role import core as core_role -from keystone.tests.unit import default_fixtures - - -CONF = cfg.CONF - - -class LdapRoleCommon(core_ldap.BaseBackendLdapCommon, core_role.RoleTests): - """Tests that should be run in every LDAP configuration. - - Include additional tests that are unique to LDAP (or need to be overridden) - which should be run for all the various LDAP configurations we test. - - """ - pass - - -class LdapRole(LdapRoleCommon, core_ldap.BaseBackendLdap, unit.TestCase): - """Test in an all-LDAP configuration. - - Include additional tests that are unique to LDAP (or need to be overridden) - which only need to be run in a basic LDAP configurations. - - """ - def test_configurable_allowed_role_actions(self): - role = {'id': u'fäké1', 'name': u'fäké1'} - self.role_api.create_role(u'fäké1', role) - role_ref = self.role_api.get_role(u'fäké1') - self.assertEqual(u'fäké1', role_ref['id']) - - role['name'] = u'fäké2' - self.role_api.update_role(u'fäké1', role) - - self.role_api.delete_role(u'fäké1') - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - u'fäké1') - - def test_configurable_forbidden_role_actions(self): - self.config_fixture.config( - group='ldap', role_allow_create=False, role_allow_update=False, - role_allow_delete=False) - self.load_backends() - - role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.assertRaises(exception.ForbiddenAction, - self.role_api.create_role, - role['id'], - role) - - self.role_member['name'] = uuid.uuid4().hex - self.assertRaises(exception.ForbiddenAction, - self.role_api.update_role, - self.role_member['id'], - self.role_member) - - self.assertRaises(exception.ForbiddenAction, - self.role_api.delete_role, - self.role_member['id']) - - def test_role_filter(self): - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertDictEqual(role_ref, self.role_member) - - self.config_fixture.config(group='ldap', - role_filter='(CN=DOES_NOT_MATCH)') - self.load_backends() - # NOTE(morganfainberg): CONF.ldap.role_filter will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - self.role_member['id']) - - def test_role_attribute_mapping(self): - self.config_fixture.config(group='ldap', role_name_attribute='ou') - self.clear_database() - self.load_backends() - self.load_fixtures(default_fixtures) - # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertEqual(self.role_member['id'], role_ref['id']) - self.assertEqual(self.role_member['name'], role_ref['name']) - - self.config_fixture.config(group='ldap', role_name_attribute='sn') - self.load_backends() - # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertEqual(self.role_member['id'], role_ref['id']) - self.assertNotIn('name', role_ref) - - def test_role_attribute_ignore(self): - self.config_fixture.config(group='ldap', - role_attribute_ignore=['name']) - self.clear_database() - self.load_backends() - self.load_fixtures(default_fixtures) - # NOTE(morganfainberg): CONF.ldap.role_attribute_ignore will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertEqual(self.role_member['id'], role_ref['id']) - self.assertNotIn('name', role_ref) - - -class LdapIdentitySqlEverythingElseRole( - core_ldap.BaseBackendLdapIdentitySqlEverythingElse, LdapRoleCommon, - unit.TestCase): - """Test Identity in LDAP, Everything else in SQL.""" - pass - - -class LdapIdentitySqlEverythingElseWithMappingRole( - LdapIdentitySqlEverythingElseRole, - core_ldap.BaseBackendLdapIdentitySqlEverythingElseWithMapping): - """Test ID mapping of default LDAP backend.""" - pass |