aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/tests/unit/backend/role
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/tests/unit/backend/role')
-rw-r--r--keystone-moon/keystone/tests/unit/backend/role/__init__.py0
-rw-r--r--keystone-moon/keystone/tests/unit/backend/role/core.py130
-rw-r--r--keystone-moon/keystone/tests/unit/backend/role/test_ldap.py161
-rw-r--r--keystone-moon/keystone/tests/unit/backend/role/test_sql.py40
4 files changed, 0 insertions, 331 deletions
diff --git a/keystone-moon/keystone/tests/unit/backend/role/__init__.py b/keystone-moon/keystone/tests/unit/backend/role/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/keystone/tests/unit/backend/role/__init__.py
+++ /dev/null
diff --git a/keystone-moon/keystone/tests/unit/backend/role/core.py b/keystone-moon/keystone/tests/unit/backend/role/core.py
deleted file mode 100644
index d6e0d65c..00000000
--- a/keystone-moon/keystone/tests/unit/backend/role/core.py
+++ /dev/null
@@ -1,130 +0,0 @@
-# Copyright 2012 OpenStack Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import copy
-import uuid
-
-from keystone import exception
-from keystone.tests import unit
-from keystone.tests.unit import default_fixtures
-
-
-class RoleTests(object):
-
- def test_get_role_404(self):
- self.assertRaises(exception.RoleNotFound,
- self.role_api.get_role,
- uuid.uuid4().hex)
-
- def test_create_duplicate_role_name_fails(self):
- role = {'id': 'fake1',
- 'name': 'fake1name'}
- self.role_api.create_role('fake1', role)
- role['id'] = 'fake2'
- self.assertRaises(exception.Conflict,
- self.role_api.create_role,
- 'fake2',
- role)
-
- def test_rename_duplicate_role_name_fails(self):
- role1 = {
- 'id': 'fake1',
- 'name': 'fake1name'
- }
- role2 = {
- 'id': 'fake2',
- 'name': 'fake2name'
- }
- self.role_api.create_role('fake1', role1)
- self.role_api.create_role('fake2', role2)
- role1['name'] = 'fake2name'
- self.assertRaises(exception.Conflict,
- self.role_api.update_role,
- 'fake1',
- role1)
-
- def test_role_crud(self):
- role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
- self.role_api.create_role(role['id'], role)
- role_ref = self.role_api.get_role(role['id'])
- role_ref_dict = {x: role_ref[x] for x in role_ref}
- self.assertDictEqual(role_ref_dict, role)
-
- role['name'] = uuid.uuid4().hex
- updated_role_ref = self.role_api.update_role(role['id'], role)
- role_ref = self.role_api.get_role(role['id'])
- role_ref_dict = {x: role_ref[x] for x in role_ref}
- self.assertDictEqual(role_ref_dict, role)
- self.assertDictEqual(role_ref_dict, updated_role_ref)
-
- self.role_api.delete_role(role['id'])
- self.assertRaises(exception.RoleNotFound,
- self.role_api.get_role,
- role['id'])
-
- def test_update_role_404(self):
- role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
- self.assertRaises(exception.RoleNotFound,
- self.role_api.update_role,
- role['id'],
- role)
-
- def test_list_roles(self):
- roles = self.role_api.list_roles()
- self.assertEqual(len(default_fixtures.ROLES), len(roles))
- role_ids = set(role['id'] for role in roles)
- expected_role_ids = set(role['id'] for role in default_fixtures.ROLES)
- self.assertEqual(expected_role_ids, role_ids)
-
- @unit.skip_if_cache_disabled('role')
- def test_cache_layer_role_crud(self):
- role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
- role_id = role['id']
- # Create role
- self.role_api.create_role(role_id, role)
- role_ref = self.role_api.get_role(role_id)
- updated_role_ref = copy.deepcopy(role_ref)
- updated_role_ref['name'] = uuid.uuid4().hex
- # Update role, bypassing the role api manager
- self.role_api.driver.update_role(role_id, updated_role_ref)
- # Verify get_role still returns old ref
- self.assertDictEqual(role_ref, self.role_api.get_role(role_id))
- # Invalidate Cache
- self.role_api.get_role.invalidate(self.role_api, role_id)
- # Verify get_role returns the new role_ref
- self.assertDictEqual(updated_role_ref,
- self.role_api.get_role(role_id))
- # Update role back to original via the assignment api manager
- self.role_api.update_role(role_id, role_ref)
- # Verify get_role returns the original role ref
- self.assertDictEqual(role_ref, self.role_api.get_role(role_id))
- # Delete role bypassing the role api manager
- self.role_api.driver.delete_role(role_id)
- # Verify get_role still returns the role_ref
- self.assertDictEqual(role_ref, self.role_api.get_role(role_id))
- # Invalidate cache
- self.role_api.get_role.invalidate(self.role_api, role_id)
- # Verify RoleNotFound is now raised
- self.assertRaises(exception.RoleNotFound,
- self.role_api.get_role,
- role_id)
- # recreate role
- self.role_api.create_role(role_id, role)
- self.role_api.get_role(role_id)
- # delete role via the assignment api manager
- self.role_api.delete_role(role_id)
- # verity RoleNotFound is now raised
- self.assertRaises(exception.RoleNotFound,
- self.role_api.get_role,
- role_id)
diff --git a/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py b/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py
deleted file mode 100644
index 44f2b612..00000000
--- a/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py
+++ /dev/null
@@ -1,161 +0,0 @@
-# -*- coding: utf-8 -*-
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import uuid
-
-from oslo_config import cfg
-
-from keystone import exception
-from keystone.tests import unit
-from keystone.tests.unit.backend import core_ldap
-from keystone.tests.unit.backend.role import core as core_role
-from keystone.tests.unit import default_fixtures
-
-
-CONF = cfg.CONF
-
-
-class LdapRoleCommon(core_ldap.BaseBackendLdapCommon, core_role.RoleTests):
- """Tests that should be run in every LDAP configuration.
-
- Include additional tests that are unique to LDAP (or need to be overridden)
- which should be run for all the various LDAP configurations we test.
-
- """
- pass
-
-
-class LdapRole(LdapRoleCommon, core_ldap.BaseBackendLdap, unit.TestCase):
- """Test in an all-LDAP configuration.
-
- Include additional tests that are unique to LDAP (or need to be overridden)
- which only need to be run in a basic LDAP configurations.
-
- """
- def test_configurable_allowed_role_actions(self):
- role = {'id': u'fäké1', 'name': u'fäké1'}
- self.role_api.create_role(u'fäké1', role)
- role_ref = self.role_api.get_role(u'fäké1')
- self.assertEqual(u'fäké1', role_ref['id'])
-
- role['name'] = u'fäké2'
- self.role_api.update_role(u'fäké1', role)
-
- self.role_api.delete_role(u'fäké1')
- self.assertRaises(exception.RoleNotFound,
- self.role_api.get_role,
- u'fäké1')
-
- def test_configurable_forbidden_role_actions(self):
- self.config_fixture.config(
- group='ldap', role_allow_create=False, role_allow_update=False,
- role_allow_delete=False)
- self.load_backends()
-
- role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
- self.assertRaises(exception.ForbiddenAction,
- self.role_api.create_role,
- role['id'],
- role)
-
- self.role_member['name'] = uuid.uuid4().hex
- self.assertRaises(exception.ForbiddenAction,
- self.role_api.update_role,
- self.role_member['id'],
- self.role_member)
-
- self.assertRaises(exception.ForbiddenAction,
- self.role_api.delete_role,
- self.role_member['id'])
-
- def test_role_filter(self):
- role_ref = self.role_api.get_role(self.role_member['id'])
- self.assertDictEqual(role_ref, self.role_member)
-
- self.config_fixture.config(group='ldap',
- role_filter='(CN=DOES_NOT_MATCH)')
- self.load_backends()
- # NOTE(morganfainberg): CONF.ldap.role_filter will not be
- # dynamically changed at runtime. This invalidate is a work-around for
- # the expectation that it is safe to change config values in tests that
- # could affect what the drivers would return up to the manager. This
- # solves this assumption when working with aggressive (on-create)
- # cache population.
- self.role_api.get_role.invalidate(self.role_api,
- self.role_member['id'])
- self.assertRaises(exception.RoleNotFound,
- self.role_api.get_role,
- self.role_member['id'])
-
- def test_role_attribute_mapping(self):
- self.config_fixture.config(group='ldap', role_name_attribute='ou')
- self.clear_database()
- self.load_backends()
- self.load_fixtures(default_fixtures)
- # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be
- # dynamically changed at runtime. This invalidate is a work-around for
- # the expectation that it is safe to change config values in tests that
- # could affect what the drivers would return up to the manager. This
- # solves this assumption when working with aggressive (on-create)
- # cache population.
- self.role_api.get_role.invalidate(self.role_api,
- self.role_member['id'])
- role_ref = self.role_api.get_role(self.role_member['id'])
- self.assertEqual(self.role_member['id'], role_ref['id'])
- self.assertEqual(self.role_member['name'], role_ref['name'])
-
- self.config_fixture.config(group='ldap', role_name_attribute='sn')
- self.load_backends()
- # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be
- # dynamically changed at runtime. This invalidate is a work-around for
- # the expectation that it is safe to change config values in tests that
- # could affect what the drivers would return up to the manager. This
- # solves this assumption when working with aggressive (on-create)
- # cache population.
- self.role_api.get_role.invalidate(self.role_api,
- self.role_member['id'])
- role_ref = self.role_api.get_role(self.role_member['id'])
- self.assertEqual(self.role_member['id'], role_ref['id'])
- self.assertNotIn('name', role_ref)
-
- def test_role_attribute_ignore(self):
- self.config_fixture.config(group='ldap',
- role_attribute_ignore=['name'])
- self.clear_database()
- self.load_backends()
- self.load_fixtures(default_fixtures)
- # NOTE(morganfainberg): CONF.ldap.role_attribute_ignore will not be
- # dynamically changed at runtime. This invalidate is a work-around for
- # the expectation that it is safe to change config values in tests that
- # could affect what the drivers would return up to the manager. This
- # solves this assumption when working with aggressive (on-create)
- # cache population.
- self.role_api.get_role.invalidate(self.role_api,
- self.role_member['id'])
- role_ref = self.role_api.get_role(self.role_member['id'])
- self.assertEqual(self.role_member['id'], role_ref['id'])
- self.assertNotIn('name', role_ref)
-
-
-class LdapIdentitySqlEverythingElseRole(
- core_ldap.BaseBackendLdapIdentitySqlEverythingElse, LdapRoleCommon,
- unit.TestCase):
- """Test Identity in LDAP, Everything else in SQL."""
- pass
-
-
-class LdapIdentitySqlEverythingElseWithMappingRole(
- LdapIdentitySqlEverythingElseRole,
- core_ldap.BaseBackendLdapIdentitySqlEverythingElseWithMapping):
- """Test ID mapping of default LDAP backend."""
- pass
diff --git a/keystone-moon/keystone/tests/unit/backend/role/test_sql.py b/keystone-moon/keystone/tests/unit/backend/role/test_sql.py
deleted file mode 100644
index 79ff148a..00000000
--- a/keystone-moon/keystone/tests/unit/backend/role/test_sql.py
+++ /dev/null
@@ -1,40 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import uuid
-
-from keystone.common import sql
-from keystone import exception
-from keystone.tests.unit.backend import core_sql
-from keystone.tests.unit.backend.role import core
-
-
-class SqlRoleModels(core_sql.BaseBackendSqlModels):
-
- def test_role_model(self):
- cols = (('id', sql.String, 64),
- ('name', sql.String, 255))
- self.assertExpectedSchema('role', cols)
-
-
-class SqlRole(core_sql.BaseBackendSqlTests, core.RoleTests):
-
- def test_create_null_role_name(self):
- role = {'id': uuid.uuid4().hex,
- 'name': None}
- self.assertRaises(exception.UnexpectedError,
- self.role_api.create_role,
- role['id'],
- role)
- self.assertRaises(exception.RoleNotFound,
- self.role_api.get_role,
- role['id'])