diff options
Diffstat (limited to 'keystone-moon/keystone/tests/unit/backend')
23 files changed, 0 insertions, 1420 deletions
diff --git a/keystone-moon/keystone/tests/unit/backend/__init__.py b/keystone-moon/keystone/tests/unit/backend/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/core_ldap.py b/keystone-moon/keystone/tests/unit/backend/core_ldap.py deleted file mode 100644 index 8b72c62a..00000000 --- a/keystone-moon/keystone/tests/unit/backend/core_ldap.py +++ /dev/null @@ -1,146 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import ldap - -from oslo_config import cfg - -from keystone.common import cache -from keystone.common import ldap as common_ldap -from keystone.common.ldap import core as common_ldap_core -from keystone.tests import unit -from keystone.tests.unit import default_fixtures -from keystone.tests.unit import fakeldap -from keystone.tests.unit.ksfixtures import database - - -CONF = cfg.CONF - - -def create_group_container(identity_api): - # Create the groups base entry (ou=Groups,cn=example,cn=com) - group_api = identity_api.driver.group - conn = group_api.get_connection() - dn = 'ou=Groups,cn=example,cn=com' - conn.add_s(dn, [('objectclass', ['organizationalUnit']), - ('ou', ['Groups'])]) - - -class BaseBackendLdapCommon(object): - """Mixin class to set up generic LDAP backends.""" - - def setUp(self): - super(BaseBackendLdapCommon, self).setUp() - - common_ldap.register_handler('fake://', fakeldap.FakeLdap) - self.load_backends() - self.load_fixtures(default_fixtures) - - self.addCleanup(common_ldap_core._HANDLERS.clear) - self.addCleanup(self.clear_database) - - def _get_domain_fixture(self): - """Domains in LDAP are read-only, so just return the static one.""" - return self.resource_api.get_domain(CONF.identity.default_domain_id) - - def clear_database(self): - for shelf in fakeldap.FakeShelves: - fakeldap.FakeShelves[shelf].clear() - - def get_config(self, domain_id): - # Only one conf structure unless we are using separate domain backends - return CONF - - def config_overrides(self): - super(BaseBackendLdapCommon, self).config_overrides() - self.config_fixture.config(group='identity', driver='ldap') - - def config_files(self): - config_files = super(BaseBackendLdapCommon, self).config_files() - config_files.append(unit.dirs.tests_conf('backend_ldap.conf')) - return config_files - - def get_user_enabled_vals(self, user): - user_dn = ( - self.identity_api.driver.user._id_to_dn_string(user['id'])) - enabled_attr_name = CONF.ldap.user_enabled_attribute - - ldap_ = self.identity_api.driver.user.get_connection() - res = ldap_.search_s(user_dn, - ldap.SCOPE_BASE, - u'(sn=%s)' % user['name']) - if enabled_attr_name in res[0][1]: - return res[0][1][enabled_attr_name] - else: - return None - - -class BaseBackendLdap(object): - """Mixin class to set up an all-LDAP configuration.""" - - def setUp(self): - # NOTE(dstanek): The database must be setup prior to calling the - # parent's setUp. The parent's setUp uses services (like - # credentials) that require a database. - self.useFixture(database.Database()) - super(BaseBackendLdap, self).setUp() - - def load_fixtures(self, fixtures): - # Override super impl since need to create group container. - create_group_container(self.identity_api) - super(BaseBackendLdap, self).load_fixtures(fixtures) - - -class BaseBackendLdapIdentitySqlEverythingElse(unit.SQLDriverOverrides): - """Mixin base for Identity LDAP, everything else SQL backend tests.""" - - def config_files(self): - config_files = super(BaseBackendLdapIdentitySqlEverythingElse, - self).config_files() - config_files.append(unit.dirs.tests_conf('backend_ldap_sql.conf')) - return config_files - - def setUp(self): - sqldb = self.useFixture(database.Database()) - super(BaseBackendLdapIdentitySqlEverythingElse, self).setUp() - self.clear_database() - self.load_backends() - cache.configure_cache() - - sqldb.recreate() - self.load_fixtures(default_fixtures) - # defaulted by the data load - self.user_foo['enabled'] = True - - def config_overrides(self): - super(BaseBackendLdapIdentitySqlEverythingElse, - self).config_overrides() - self.config_fixture.config(group='identity', driver='ldap') - self.config_fixture.config(group='resource', driver='sql') - self.config_fixture.config(group='assignment', driver='sql') - - -class BaseBackendLdapIdentitySqlEverythingElseWithMapping(object): - """Mixin base class to test mapping of default LDAP backend. - - The default configuration is not to enable mapping when using a single - backend LDAP driver. However, a cloud provider might want to enable - the mapping, hence hiding the LDAP IDs from any clients of keystone. - Setting backward_compatible_ids to False will enable this mapping. - - """ - - def config_overrides(self): - super(BaseBackendLdapIdentitySqlEverythingElseWithMapping, - self).config_overrides() - self.config_fixture.config(group='identity_mapping', - backward_compatible_ids=False) diff --git a/keystone-moon/keystone/tests/unit/backend/core_sql.py b/keystone-moon/keystone/tests/unit/backend/core_sql.py deleted file mode 100644 index 8c9f4957..00000000 --- a/keystone-moon/keystone/tests/unit/backend/core_sql.py +++ /dev/null @@ -1,53 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import sqlalchemy - -from keystone.common import sql -from keystone.tests import unit -from keystone.tests.unit import default_fixtures -from keystone.tests.unit.ksfixtures import database - - -class BaseBackendSqlTests(unit.SQLDriverOverrides, unit.TestCase): - - def setUp(self): - super(BaseBackendSqlTests, self).setUp() - self.useFixture(database.Database()) - self.load_backends() - - # populate the engine with tables & fixtures - self.load_fixtures(default_fixtures) - # defaulted by the data load - self.user_foo['enabled'] = True - - def config_files(self): - config_files = super(BaseBackendSqlTests, self).config_files() - config_files.append(unit.dirs.tests_conf('backend_sql.conf')) - return config_files - - -class BaseBackendSqlModels(BaseBackendSqlTests): - - def select_table(self, name): - table = sqlalchemy.Table(name, - sql.ModelBase.metadata, - autoload=True) - s = sqlalchemy.select([table]) - return s - - def assertExpectedSchema(self, table, cols): - table = self.select_table(table) - for col, type_, length in cols: - self.assertIsInstance(table.c[col].type, type_) - if length: - self.assertEqual(length, table.c[col].type.length) diff --git a/keystone-moon/keystone/tests/unit/backend/domain_config/__init__.py b/keystone-moon/keystone/tests/unit/backend/domain_config/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/domain_config/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/domain_config/core.py b/keystone-moon/keystone/tests/unit/backend/domain_config/core.py deleted file mode 100644 index 7bbbf313..00000000 --- a/keystone-moon/keystone/tests/unit/backend/domain_config/core.py +++ /dev/null @@ -1,601 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy -import uuid - -import mock -from testtools import matchers - -from keystone import exception -from keystone.tests import unit - - -class DomainConfigTests(object): - - def setUp(self): - self.domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.resource_api.create_domain(self.domain['id'], self.domain) - self.addCleanup(self.clean_up_domain) - - def clean_up_domain(self): - # NOTE(henry-nash): Deleting the domain will also delete any domain - # configs for this domain. - self.domain['enabled'] = False - self.resource_api.update_domain(self.domain['id'], self.domain) - self.resource_api.delete_domain(self.domain['id']) - del self.domain - - def _domain_config_crud(self, sensitive): - group = uuid.uuid4().hex - option = uuid.uuid4().hex - value = uuid.uuid4().hex - self.domain_config_api.create_config_option( - self.domain['id'], group, option, value, sensitive) - res = self.domain_config_api.get_config_option( - self.domain['id'], group, option, sensitive) - config = {'group': group, 'option': option, 'value': value} - self.assertEqual(config, res) - - value = uuid.uuid4().hex - self.domain_config_api.update_config_option( - self.domain['id'], group, option, value, sensitive) - res = self.domain_config_api.get_config_option( - self.domain['id'], group, option, sensitive) - config = {'group': group, 'option': option, 'value': value} - self.assertEqual(config, res) - - self.domain_config_api.delete_config_options( - self.domain['id'], group, option, sensitive) - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.get_config_option, - self.domain['id'], group, option, sensitive) - # ...and silent if we try to delete it again - self.domain_config_api.delete_config_options( - self.domain['id'], group, option, sensitive) - - def test_whitelisted_domain_config_crud(self): - self._domain_config_crud(sensitive=False) - - def test_sensitive_domain_config_crud(self): - self._domain_config_crud(sensitive=True) - - def _list_domain_config(self, sensitive): - """Test listing by combination of domain, group & option.""" - - config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - # Put config2 in the same group as config1 - config2 = {'group': config1['group'], 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - config3 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex, - 'value': 100} - for config in [config1, config2, config3]: - self.domain_config_api.create_config_option( - self.domain['id'], config['group'], config['option'], - config['value'], sensitive) - - # Try listing all items from a domain - res = self.domain_config_api.list_config_options( - self.domain['id'], sensitive=sensitive) - self.assertThat(res, matchers.HasLength(3)) - for res_entry in res: - self.assertIn(res_entry, [config1, config2, config3]) - - # Try listing by domain and group - res = self.domain_config_api.list_config_options( - self.domain['id'], group=config1['group'], sensitive=sensitive) - self.assertThat(res, matchers.HasLength(2)) - for res_entry in res: - self.assertIn(res_entry, [config1, config2]) - - # Try listing by domain, group and option - res = self.domain_config_api.list_config_options( - self.domain['id'], group=config2['group'], - option=config2['option'], sensitive=sensitive) - self.assertThat(res, matchers.HasLength(1)) - self.assertEqual(config2, res[0]) - - def test_list_whitelisted_domain_config_crud(self): - self._list_domain_config(False) - - def test_list_sensitive_domain_config_crud(self): - self._list_domain_config(True) - - def _delete_domain_configs(self, sensitive): - """Test deleting by combination of domain, group & option.""" - - config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - # Put config2 and config3 in the same group as config1 - config2 = {'group': config1['group'], 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - config3 = {'group': config1['group'], 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - config4 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - for config in [config1, config2, config3, config4]: - self.domain_config_api.create_config_option( - self.domain['id'], config['group'], config['option'], - config['value'], sensitive) - - # Try deleting by domain, group and option - res = self.domain_config_api.delete_config_options( - self.domain['id'], group=config2['group'], - option=config2['option'], sensitive=sensitive) - res = self.domain_config_api.list_config_options( - self.domain['id'], sensitive=sensitive) - self.assertThat(res, matchers.HasLength(3)) - for res_entry in res: - self.assertIn(res_entry, [config1, config3, config4]) - - # Try deleting by domain and group - res = self.domain_config_api.delete_config_options( - self.domain['id'], group=config4['group'], sensitive=sensitive) - res = self.domain_config_api.list_config_options( - self.domain['id'], sensitive=sensitive) - self.assertThat(res, matchers.HasLength(2)) - for res_entry in res: - self.assertIn(res_entry, [config1, config3]) - - # Try deleting all items from a domain - res = self.domain_config_api.delete_config_options( - self.domain['id'], sensitive=sensitive) - res = self.domain_config_api.list_config_options( - self.domain['id'], sensitive=sensitive) - self.assertThat(res, matchers.HasLength(0)) - - def test_delete_whitelisted_domain_configs(self): - self._delete_domain_configs(False) - - def test_delete_sensitive_domain_configs(self): - self._delete_domain_configs(True) - - def _create_domain_config_twice(self, sensitive): - """Test conflict error thrown if create the same option twice.""" - - config = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - - self.domain_config_api.create_config_option( - self.domain['id'], config['group'], config['option'], - config['value'], sensitive=sensitive) - self.assertRaises(exception.Conflict, - self.domain_config_api.create_config_option, - self.domain['id'], config['group'], config['option'], - config['value'], sensitive=sensitive) - - def test_create_whitelisted_domain_config_twice(self): - self._create_domain_config_twice(False) - - def test_create_sensitive_domain_config_twice(self): - self._create_domain_config_twice(True) - - def test_delete_domain_deletes_configs(self): - """Test domain deletion clears the domain configs.""" - - domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.resource_api.create_domain(domain['id'], domain) - config1 = {'group': uuid.uuid4().hex, 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - # Put config2 in the same group as config1 - config2 = {'group': config1['group'], 'option': uuid.uuid4().hex, - 'value': uuid.uuid4().hex} - self.domain_config_api.create_config_option( - domain['id'], config1['group'], config1['option'], - config1['value']) - self.domain_config_api.create_config_option( - domain['id'], config2['group'], config2['option'], - config2['value'], sensitive=True) - res = self.domain_config_api.list_config_options( - domain['id']) - self.assertThat(res, matchers.HasLength(1)) - res = self.domain_config_api.list_config_options( - domain['id'], sensitive=True) - self.assertThat(res, matchers.HasLength(1)) - - # Now delete the domain - domain['enabled'] = False - self.resource_api.update_domain(domain['id'], domain) - self.resource_api.delete_domain(domain['id']) - - # Check domain configs have also been deleted - res = self.domain_config_api.list_config_options( - domain['id']) - self.assertThat(res, matchers.HasLength(0)) - res = self.domain_config_api.list_config_options( - domain['id'], sensitive=True) - self.assertThat(res, matchers.HasLength(0)) - - def test_create_domain_config_including_sensitive_option(self): - config = {'ldap': {'url': uuid.uuid4().hex, - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - - # password is sensitive, so check that the whitelisted portion and - # the sensitive piece have been stored in the appropriate locations. - res = self.domain_config_api.get_config(self.domain['id']) - config_whitelisted = copy.deepcopy(config) - config_whitelisted['ldap'].pop('password') - self.assertEqual(config_whitelisted, res) - res = self.domain_config_api.get_config_option( - self.domain['id'], 'ldap', 'password', sensitive=True) - self.assertEqual(config['ldap']['password'], res['value']) - - # Finally, use the non-public API to get back the whole config - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - self.assertEqual(config, res) - - def test_get_partial_domain_config(self): - config = {'ldap': {'url': uuid.uuid4().hex, - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - - res = self.domain_config_api.get_config(self.domain['id'], - group='identity') - config_partial = copy.deepcopy(config) - config_partial.pop('ldap') - self.assertEqual(config_partial, res) - res = self.domain_config_api.get_config( - self.domain['id'], group='ldap', option='user_tree_dn') - self.assertEqual({'user_tree_dn': config['ldap']['user_tree_dn']}, res) - # ...but we should fail to get a sensitive option - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.get_config, self.domain['id'], - group='ldap', option='password') - - def test_delete_partial_domain_config(self): - config = {'ldap': {'url': uuid.uuid4().hex, - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - - self.domain_config_api.delete_config( - self.domain['id'], group='identity') - config_partial = copy.deepcopy(config) - config_partial.pop('identity') - config_partial['ldap'].pop('password') - res = self.domain_config_api.get_config(self.domain['id']) - self.assertEqual(config_partial, res) - - self.domain_config_api.delete_config( - self.domain['id'], group='ldap', option='url') - config_partial = copy.deepcopy(config_partial) - config_partial['ldap'].pop('url') - res = self.domain_config_api.get_config(self.domain['id']) - self.assertEqual(config_partial, res) - - def test_get_options_not_in_domain_config(self): - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.get_config, self.domain['id']) - config = {'ldap': {'url': uuid.uuid4().hex}} - - self.domain_config_api.create_config(self.domain['id'], config) - - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.get_config, self.domain['id'], - group='identity') - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.get_config, self.domain['id'], - group='ldap', option='user_tree_dn') - - def test_get_sensitive_config(self): - config = {'ldap': {'url': uuid.uuid4().hex, - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - self.assertEqual({}, res) - self.domain_config_api.create_config(self.domain['id'], config) - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - self.assertEqual(config, res) - - def test_update_partial_domain_config(self): - config = {'ldap': {'url': uuid.uuid4().hex, - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - - # Try updating a group - new_config = {'ldap': {'url': uuid.uuid4().hex, - 'user_filter': uuid.uuid4().hex}} - res = self.domain_config_api.update_config( - self.domain['id'], new_config, group='ldap') - expected_config = copy.deepcopy(config) - expected_config['ldap']['url'] = new_config['ldap']['url'] - expected_config['ldap']['user_filter'] = ( - new_config['ldap']['user_filter']) - expected_full_config = copy.deepcopy(expected_config) - expected_config['ldap'].pop('password') - res = self.domain_config_api.get_config(self.domain['id']) - self.assertEqual(expected_config, res) - # The sensitive option should still existsss - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - self.assertEqual(expected_full_config, res) - - # Try updating a single whitelisted option - self.domain_config_api.delete_config(self.domain['id']) - self.domain_config_api.create_config(self.domain['id'], config) - new_config = {'url': uuid.uuid4().hex} - res = self.domain_config_api.update_config( - self.domain['id'], new_config, group='ldap', option='url') - - # Make sure whitelisted and full config is updated - expected_whitelisted_config = copy.deepcopy(config) - expected_whitelisted_config['ldap']['url'] = new_config['url'] - expected_full_config = copy.deepcopy(expected_whitelisted_config) - expected_whitelisted_config['ldap'].pop('password') - self.assertEqual(expected_whitelisted_config, res) - res = self.domain_config_api.get_config(self.domain['id']) - self.assertEqual(expected_whitelisted_config, res) - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - self.assertEqual(expected_full_config, res) - - # Try updating a single sensitive option - self.domain_config_api.delete_config(self.domain['id']) - self.domain_config_api.create_config(self.domain['id'], config) - new_config = {'password': uuid.uuid4().hex} - res = self.domain_config_api.update_config( - self.domain['id'], new_config, group='ldap', option='password') - # The whitelisted config should not have changed... - expected_whitelisted_config = copy.deepcopy(config) - expected_full_config = copy.deepcopy(config) - expected_whitelisted_config['ldap'].pop('password') - self.assertEqual(expected_whitelisted_config, res) - res = self.domain_config_api.get_config(self.domain['id']) - self.assertEqual(expected_whitelisted_config, res) - expected_full_config['ldap']['password'] = new_config['password'] - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - # ...but the sensitive piece should have. - self.assertEqual(expected_full_config, res) - - def test_update_invalid_partial_domain_config(self): - config = {'ldap': {'url': uuid.uuid4().hex, - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - # An extra group, when specifying one group should fail - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.update_config, - self.domain['id'], config, group='ldap') - # An extra option, when specifying one option should fail - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.update_config, - self.domain['id'], config['ldap'], - group='ldap', option='url') - - # Now try the right number of groups/options, but just not - # ones that are in the config provided - config = {'ldap': {'user_tree_dn': uuid.uuid4().hex}} - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.update_config, - self.domain['id'], config, group='identity') - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.update_config, - self.domain['id'], config['ldap'], group='ldap', - option='url') - - # Now some valid groups/options, but just not ones that are in the - # existing config - config = {'ldap': {'user_tree_dn': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - config_wrong_group = {'identity': {'driver': uuid.uuid4().hex}} - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.update_config, - self.domain['id'], config_wrong_group, - group='identity') - config_wrong_option = {'url': uuid.uuid4().hex} - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.update_config, - self.domain['id'], config_wrong_option, - group='ldap', option='url') - - # And finally just some bad groups/options - bad_group = uuid.uuid4().hex - config = {bad_group: {'user': uuid.uuid4().hex}} - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.update_config, - self.domain['id'], config, group=bad_group, - option='user') - bad_option = uuid.uuid4().hex - config = {'ldap': {bad_option: uuid.uuid4().hex}} - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.update_config, - self.domain['id'], config, group='ldap', - option=bad_option) - - def test_create_invalid_domain_config(self): - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.create_config, - self.domain['id'], {}) - config = {uuid.uuid4().hex: uuid.uuid4().hex} - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.create_config, - self.domain['id'], config) - config = {uuid.uuid4().hex: {uuid.uuid4().hex: uuid.uuid4().hex}} - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.create_config, - self.domain['id'], config) - config = {'ldap': {uuid.uuid4().hex: uuid.uuid4().hex}} - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.create_config, - self.domain['id'], config) - # Try an option that IS in the standard conf, but neither whitelisted - # or marked as sensitive - config = {'ldap': {'role_tree_dn': uuid.uuid4().hex}} - self.assertRaises(exception.InvalidDomainConfig, - self.domain_config_api.create_config, - self.domain['id'], config) - - def test_delete_invalid_partial_domain_config(self): - config = {'ldap': {'url': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - # Try deleting a group not in the config - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.delete_config, - self.domain['id'], group='identity') - # Try deleting an option not in the config - self.assertRaises(exception.DomainConfigNotFound, - self.domain_config_api.delete_config, - self.domain['id'], - group='ldap', option='user_tree_dn') - - def test_sensitive_substitution_in_domain_config(self): - # Create a config that contains a whitelisted option that requires - # substitution of a sensitive option. - config = {'ldap': {'url': 'my_url/%(password)s', - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - - # Read back the config with the internal method and ensure that the - # substitution has taken place. - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - expected_url = ( - config['ldap']['url'] % {'password': config['ldap']['password']}) - self.assertEqual(expected_url, res['ldap']['url']) - - def test_invalid_sensitive_substitution_in_domain_config(self): - """Check that invalid substitutions raise warnings.""" - - mock_log = mock.Mock() - - invalid_option_config = { - 'ldap': {'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - - for invalid_option in ['my_url/%(passssword)s', - 'my_url/%(password', - 'my_url/%(password)', - 'my_url/%(password)d']: - invalid_option_config['ldap']['url'] = invalid_option - self.domain_config_api.create_config( - self.domain['id'], invalid_option_config) - - with mock.patch('keystone.resource.core.LOG', mock_log): - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - mock_log.warn.assert_any_call(mock.ANY) - self.assertEqual( - invalid_option_config['ldap']['url'], res['ldap']['url']) - - def test_escaped_sequence_in_domain_config(self): - """Check that escaped '%(' doesn't get interpreted.""" - - mock_log = mock.Mock() - - escaped_option_config = { - 'ldap': {'url': 'my_url/%%(password)s', - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - - self.domain_config_api.create_config( - self.domain['id'], escaped_option_config) - - with mock.patch('keystone.resource.core.LOG', mock_log): - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - self.assertFalse(mock_log.warn.called) - # The escaping '%' should have been removed - self.assertEqual('my_url/%(password)s', res['ldap']['url']) - - @unit.skip_if_cache_disabled('domain_config') - def test_cache_layer_get_sensitive_config(self): - config = {'ldap': {'url': uuid.uuid4().hex, - 'user_tree_dn': uuid.uuid4().hex, - 'password': uuid.uuid4().hex}, - 'identity': {'driver': uuid.uuid4().hex}} - self.domain_config_api.create_config(self.domain['id'], config) - # cache the result - res = self.domain_config_api.get_config_with_sensitive_info( - self.domain['id']) - self.assertEqual(config, res) - - # delete, bypassing domain config manager api - self.domain_config_api.delete_config_options(self.domain['id']) - self.domain_config_api.delete_config_options(self.domain['id'], - sensitive=True) - - self.assertDictEqual( - res, self.domain_config_api.get_config_with_sensitive_info( - self.domain['id'])) - self.domain_config_api.get_config_with_sensitive_info.invalidate( - self.domain_config_api, self.domain['id']) - self.assertDictEqual( - {}, - self.domain_config_api.get_config_with_sensitive_info( - self.domain['id'])) - - def test_config_registration(self): - type = uuid.uuid4().hex - self.domain_config_api.obtain_registration( - self.domain['id'], type) - self.domain_config_api.release_registration( - self.domain['id'], type=type) - - # Make sure that once someone has it, nobody else can get it. - # This includes the domain who already has it. - self.domain_config_api.obtain_registration( - self.domain['id'], type) - self.assertFalse( - self.domain_config_api.obtain_registration( - self.domain['id'], type)) - - # Make sure we can read who does have it - self.assertEqual( - self.domain['id'], - self.domain_config_api.read_registration(type)) - - # Make sure releasing it is silent if the domain specified doesn't - # have the registration - domain2 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.resource_api.create_domain(domain2['id'], domain2) - self.domain_config_api.release_registration( - domain2['id'], type=type) - - # If nobody has the type registered, then trying to read it should - # raise ConfigRegistrationNotFound - self.domain_config_api.release_registration( - self.domain['id'], type=type) - self.assertRaises(exception.ConfigRegistrationNotFound, - self.domain_config_api.read_registration, - type) - - # Finally check multiple registrations are cleared if you free the - # registration without specifying the type - type2 = uuid.uuid4().hex - self.domain_config_api.obtain_registration( - self.domain['id'], type) - self.domain_config_api.obtain_registration( - self.domain['id'], type2) - self.domain_config_api.release_registration(self.domain['id']) - self.assertRaises(exception.ConfigRegistrationNotFound, - self.domain_config_api.read_registration, - type) - self.assertRaises(exception.ConfigRegistrationNotFound, - self.domain_config_api.read_registration, - type2) diff --git a/keystone-moon/keystone/tests/unit/backend/domain_config/test_sql.py b/keystone-moon/keystone/tests/unit/backend/domain_config/test_sql.py deleted file mode 100644 index 6459ede1..00000000 --- a/keystone-moon/keystone/tests/unit/backend/domain_config/test_sql.py +++ /dev/null @@ -1,41 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -from keystone.common import sql -from keystone.tests.unit.backend import core_sql -from keystone.tests.unit.backend.domain_config import core - - -class SqlDomainConfigModels(core_sql.BaseBackendSqlModels): - - def test_whitelisted_model(self): - cols = (('domain_id', sql.String, 64), - ('group', sql.String, 255), - ('option', sql.String, 255), - ('value', sql.JsonBlob, None)) - self.assertExpectedSchema('whitelisted_config', cols) - - def test_sensitive_model(self): - cols = (('domain_id', sql.String, 64), - ('group', sql.String, 255), - ('option', sql.String, 255), - ('value', sql.JsonBlob, None)) - self.assertExpectedSchema('sensitive_config', cols) - - -class SqlDomainConfig(core_sql.BaseBackendSqlTests, core.DomainConfigTests): - def setUp(self): - super(SqlDomainConfig, self).setUp() - # core.DomainConfigTests is effectively a mixin class, so make sure we - # call its setup - core.DomainConfigTests.setUp(self) diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/V8/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/V8/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/V8/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/V8/sql.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/V8/sql.py deleted file mode 100644 index da1490a7..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/V8/sql.py +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.tests.unit import test_backend_sql - - -class SqlIdentityV8(test_backend_sql.SqlIdentity): - """Test that a V8 driver still passes the same tests. - - We use the SQL driver as an example of a V8 legacy driver. - - """ - - def config_overrides(self): - super(SqlIdentityV8, self).config_overrides() - # V8 SQL specific driver overrides - self.config_fixture.config( - group='assignment', - driver='keystone.assignment.V8_backends.sql.Assignment') - self.use_specific_sql_driver_version( - 'keystone.assignment', 'backends', 'V8_') - - def test_delete_project_assignments_same_id_as_domain(self): - self.skipTest("V8 doesn't support project acting as a domain.") - - def test_delete_user_assignments_user_same_id_as_group(self): - self.skipTest("Groups and users with the same ID are not supported.") - - def test_delete_group_assignments_group_same_id_as_user(self): - self.skipTest("Groups and users with the same ID are not supported.") diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/assignment/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/V8/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/V8/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/V8/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/V8/api_v3.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/V8/api_v3.py deleted file mode 100644 index d5469768..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/V8/api_v3.py +++ /dev/null @@ -1,108 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import uuid - -from six.moves import http_client - -from keystone.tests.unit import test_v3_federation - - -class FederatedSetupMixinV8(object): - def useV8driver(self): - # We use the SQL driver as an example V8 driver, so override - # the current driver with that version. - self.config_fixture.config( - group='federation', - driver='keystone.federation.V8_backends.sql.Federation') - self.use_specific_sql_driver_version( - 'keystone.federation', 'backends', 'V8_') - - -class FederatedIdentityProviderTestsV8( - test_v3_federation.FederatedIdentityProviderTests, - FederatedSetupMixinV8): - """Test that a V8 driver still passes the same tests.""" - - def config_overrides(self): - super(FederatedIdentityProviderTestsV8, self).config_overrides() - self.useV8driver() - - def test_create_idp_remote_repeated(self): - """Creates two IdentityProvider entities with some remote_ids - - A remote_id is the same for both so the second IdP is not - created because of the uniqueness of the remote_ids - - Expect HTTP 409 Conflict code for the latter call. - - Note: V9 drivers and later augment the conflict message with - additional information, which won't be present if we are running - a V8 driver - so override the newer tests to just ensure a - conflict message is raised. - """ - body = self.default_body.copy() - repeated_remote_id = uuid.uuid4().hex - body['remote_ids'] = [uuid.uuid4().hex, - uuid.uuid4().hex, - uuid.uuid4().hex, - repeated_remote_id] - self._create_default_idp(body=body) - - url = self.base_url(suffix=uuid.uuid4().hex) - body['remote_ids'] = [uuid.uuid4().hex, - repeated_remote_id] - self.put(url, body={'identity_provider': body}, - expected_status=http_client.CONFLICT) - - def test_check_idp_uniqueness(self): - """Add same IdP twice. - - Expect HTTP 409 Conflict code for the latter call. - - Note: V9 drivers and later augment the conflict message with - additional information, which won't be present if we are running - a V8 driver - so override the newer tests to just ensure a - conflict message is raised. - """ - url = self.base_url(suffix=uuid.uuid4().hex) - body = self._http_idp_input() - self.put(url, body={'identity_provider': body}, - expected_status=http_client.CREATED) - self.put(url, body={'identity_provider': body}, - expected_status=http_client.CONFLICT) - - -class MappingCRUDTestsV8( - test_v3_federation.MappingCRUDTests, - FederatedSetupMixinV8): - """Test that a V8 driver still passes the same tests.""" - - def config_overrides(self): - super(MappingCRUDTestsV8, self).config_overrides() - self.useV8driver() - - -class ServiceProviderTestsV8( - test_v3_federation.ServiceProviderTests, - FederatedSetupMixinV8): - """Test that a V8 driver still passes the same tests.""" - - def config_overrides(self): - super(ServiceProviderTestsV8, self).config_overrides() - self.useV8driver() - - def test_filter_list_sp_by_id(self): - self.skipTest('Operation not supported in v8 and earlier drivers') - - def test_filter_list_sp_by_enabled(self): - self.skipTest('Operation not supported in v8 and earlier drivers') diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/federation/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/V8/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/V8/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/V8/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/V8/sql.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/V8/sql.py deleted file mode 100644 index 16acbdc3..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/V8/sql.py +++ /dev/null @@ -1,71 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import unittest - -from keystone.resource.V8_backends import sql -from keystone.tests import unit -from keystone.tests.unit.ksfixtures import database -from keystone.tests.unit.resource import test_backends -from keystone.tests.unit import test_backend_sql - - -class SqlIdentityV8(test_backend_sql.SqlIdentity): - """Test that a V8 driver still passes the same tests. - - We use the SQL driver as an example of a V8 legacy driver. - - """ - - def config_overrides(self): - super(SqlIdentityV8, self).config_overrides() - # V8 SQL specific driver overrides - self.config_fixture.config( - group='resource', - driver='keystone.resource.V8_backends.sql.Resource') - self.use_specific_sql_driver_version( - 'keystone.resource', 'backends', 'V8_') - - def test_delete_projects_from_ids(self): - self.skipTest('Operation not supported in v8 and earlier drivers') - - def test_delete_projects_from_ids_with_no_existing_project_id(self): - self.skipTest('Operation not supported in v8 and earlier drivers') - - def test_delete_project_cascade(self): - self.skipTest('Operation not supported in v8 and earlier drivers') - - def test_delete_large_project_cascade(self): - self.skipTest('Operation not supported in v8 and earlier drivers') - - def test_hidden_project_domain_root_is_really_hidden(self): - self.skipTest('Operation not supported in v8 and earlier drivers') - - -class TestSqlResourceDriverV8(unit.BaseTestCase, - test_backends.ResourceDriverTests): - def setUp(self): - super(TestSqlResourceDriverV8, self).setUp() - - version_specifiers = { - 'keystone.resource': { - 'versionless_backend': 'backends', - 'versioned_backend': 'V8_backends' - } - } - self.useFixture(database.Database(version_specifiers)) - - self.driver = sql.Resource() - - @unittest.skip('Null domain not allowed.') - def test_create_project_null_domain(self): - pass diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/resource/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/V8/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/V8/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/V8/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/V8/sql.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/V8/sql.py deleted file mode 100644 index d9378c30..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/V8/sql.py +++ /dev/null @@ -1,30 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.tests.unit import test_backend_sql - - -class SqlIdentityV8(test_backend_sql.SqlIdentity): - """Test that a V8 driver still passes the same tests. - - We use the SQL driver as an example of a V8 legacy driver. - - """ - - def config_overrides(self): - super(SqlIdentityV8, self).config_overrides() - # V8 SQL specific driver overrides - self.config_fixture.config( - group='role', - driver='keystone.assignment.V8_role_backends.sql.Role') - self.use_specific_sql_driver_version( - 'keystone.assignment', 'role_backends', 'V8_') diff --git a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/__init__.py b/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/legacy_drivers/role/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/role/__init__.py b/keystone-moon/keystone/tests/unit/backend/role/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystone-moon/keystone/tests/unit/backend/role/__init__.py +++ /dev/null diff --git a/keystone-moon/keystone/tests/unit/backend/role/core.py b/keystone-moon/keystone/tests/unit/backend/role/core.py deleted file mode 100644 index d6e0d65c..00000000 --- a/keystone-moon/keystone/tests/unit/backend/role/core.py +++ /dev/null @@ -1,130 +0,0 @@ -# Copyright 2012 OpenStack Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import copy -import uuid - -from keystone import exception -from keystone.tests import unit -from keystone.tests.unit import default_fixtures - - -class RoleTests(object): - - def test_get_role_404(self): - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - uuid.uuid4().hex) - - def test_create_duplicate_role_name_fails(self): - role = {'id': 'fake1', - 'name': 'fake1name'} - self.role_api.create_role('fake1', role) - role['id'] = 'fake2' - self.assertRaises(exception.Conflict, - self.role_api.create_role, - 'fake2', - role) - - def test_rename_duplicate_role_name_fails(self): - role1 = { - 'id': 'fake1', - 'name': 'fake1name' - } - role2 = { - 'id': 'fake2', - 'name': 'fake2name' - } - self.role_api.create_role('fake1', role1) - self.role_api.create_role('fake2', role2) - role1['name'] = 'fake2name' - self.assertRaises(exception.Conflict, - self.role_api.update_role, - 'fake1', - role1) - - def test_role_crud(self): - role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.role_api.create_role(role['id'], role) - role_ref = self.role_api.get_role(role['id']) - role_ref_dict = {x: role_ref[x] for x in role_ref} - self.assertDictEqual(role_ref_dict, role) - - role['name'] = uuid.uuid4().hex - updated_role_ref = self.role_api.update_role(role['id'], role) - role_ref = self.role_api.get_role(role['id']) - role_ref_dict = {x: role_ref[x] for x in role_ref} - self.assertDictEqual(role_ref_dict, role) - self.assertDictEqual(role_ref_dict, updated_role_ref) - - self.role_api.delete_role(role['id']) - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - role['id']) - - def test_update_role_404(self): - role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.assertRaises(exception.RoleNotFound, - self.role_api.update_role, - role['id'], - role) - - def test_list_roles(self): - roles = self.role_api.list_roles() - self.assertEqual(len(default_fixtures.ROLES), len(roles)) - role_ids = set(role['id'] for role in roles) - expected_role_ids = set(role['id'] for role in default_fixtures.ROLES) - self.assertEqual(expected_role_ids, role_ids) - - @unit.skip_if_cache_disabled('role') - def test_cache_layer_role_crud(self): - role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - role_id = role['id'] - # Create role - self.role_api.create_role(role_id, role) - role_ref = self.role_api.get_role(role_id) - updated_role_ref = copy.deepcopy(role_ref) - updated_role_ref['name'] = uuid.uuid4().hex - # Update role, bypassing the role api manager - self.role_api.driver.update_role(role_id, updated_role_ref) - # Verify get_role still returns old ref - self.assertDictEqual(role_ref, self.role_api.get_role(role_id)) - # Invalidate Cache - self.role_api.get_role.invalidate(self.role_api, role_id) - # Verify get_role returns the new role_ref - self.assertDictEqual(updated_role_ref, - self.role_api.get_role(role_id)) - # Update role back to original via the assignment api manager - self.role_api.update_role(role_id, role_ref) - # Verify get_role returns the original role ref - self.assertDictEqual(role_ref, self.role_api.get_role(role_id)) - # Delete role bypassing the role api manager - self.role_api.driver.delete_role(role_id) - # Verify get_role still returns the role_ref - self.assertDictEqual(role_ref, self.role_api.get_role(role_id)) - # Invalidate cache - self.role_api.get_role.invalidate(self.role_api, role_id) - # Verify RoleNotFound is now raised - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - role_id) - # recreate role - self.role_api.create_role(role_id, role) - self.role_api.get_role(role_id) - # delete role via the assignment api manager - self.role_api.delete_role(role_id) - # verity RoleNotFound is now raised - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - role_id) diff --git a/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py b/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py deleted file mode 100644 index 44f2b612..00000000 --- a/keystone-moon/keystone/tests/unit/backend/role/test_ldap.py +++ /dev/null @@ -1,161 +0,0 @@ -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import uuid - -from oslo_config import cfg - -from keystone import exception -from keystone.tests import unit -from keystone.tests.unit.backend import core_ldap -from keystone.tests.unit.backend.role import core as core_role -from keystone.tests.unit import default_fixtures - - -CONF = cfg.CONF - - -class LdapRoleCommon(core_ldap.BaseBackendLdapCommon, core_role.RoleTests): - """Tests that should be run in every LDAP configuration. - - Include additional tests that are unique to LDAP (or need to be overridden) - which should be run for all the various LDAP configurations we test. - - """ - pass - - -class LdapRole(LdapRoleCommon, core_ldap.BaseBackendLdap, unit.TestCase): - """Test in an all-LDAP configuration. - - Include additional tests that are unique to LDAP (or need to be overridden) - which only need to be run in a basic LDAP configurations. - - """ - def test_configurable_allowed_role_actions(self): - role = {'id': u'fäké1', 'name': u'fäké1'} - self.role_api.create_role(u'fäké1', role) - role_ref = self.role_api.get_role(u'fäké1') - self.assertEqual(u'fäké1', role_ref['id']) - - role['name'] = u'fäké2' - self.role_api.update_role(u'fäké1', role) - - self.role_api.delete_role(u'fäké1') - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - u'fäké1') - - def test_configurable_forbidden_role_actions(self): - self.config_fixture.config( - group='ldap', role_allow_create=False, role_allow_update=False, - role_allow_delete=False) - self.load_backends() - - role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} - self.assertRaises(exception.ForbiddenAction, - self.role_api.create_role, - role['id'], - role) - - self.role_member['name'] = uuid.uuid4().hex - self.assertRaises(exception.ForbiddenAction, - self.role_api.update_role, - self.role_member['id'], - self.role_member) - - self.assertRaises(exception.ForbiddenAction, - self.role_api.delete_role, - self.role_member['id']) - - def test_role_filter(self): - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertDictEqual(role_ref, self.role_member) - - self.config_fixture.config(group='ldap', - role_filter='(CN=DOES_NOT_MATCH)') - self.load_backends() - # NOTE(morganfainberg): CONF.ldap.role_filter will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - self.role_member['id']) - - def test_role_attribute_mapping(self): - self.config_fixture.config(group='ldap', role_name_attribute='ou') - self.clear_database() - self.load_backends() - self.load_fixtures(default_fixtures) - # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertEqual(self.role_member['id'], role_ref['id']) - self.assertEqual(self.role_member['name'], role_ref['name']) - - self.config_fixture.config(group='ldap', role_name_attribute='sn') - self.load_backends() - # NOTE(morganfainberg): CONF.ldap.role_name_attribute will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertEqual(self.role_member['id'], role_ref['id']) - self.assertNotIn('name', role_ref) - - def test_role_attribute_ignore(self): - self.config_fixture.config(group='ldap', - role_attribute_ignore=['name']) - self.clear_database() - self.load_backends() - self.load_fixtures(default_fixtures) - # NOTE(morganfainberg): CONF.ldap.role_attribute_ignore will not be - # dynamically changed at runtime. This invalidate is a work-around for - # the expectation that it is safe to change config values in tests that - # could affect what the drivers would return up to the manager. This - # solves this assumption when working with aggressive (on-create) - # cache population. - self.role_api.get_role.invalidate(self.role_api, - self.role_member['id']) - role_ref = self.role_api.get_role(self.role_member['id']) - self.assertEqual(self.role_member['id'], role_ref['id']) - self.assertNotIn('name', role_ref) - - -class LdapIdentitySqlEverythingElseRole( - core_ldap.BaseBackendLdapIdentitySqlEverythingElse, LdapRoleCommon, - unit.TestCase): - """Test Identity in LDAP, Everything else in SQL.""" - pass - - -class LdapIdentitySqlEverythingElseWithMappingRole( - LdapIdentitySqlEverythingElseRole, - core_ldap.BaseBackendLdapIdentitySqlEverythingElseWithMapping): - """Test ID mapping of default LDAP backend.""" - pass diff --git a/keystone-moon/keystone/tests/unit/backend/role/test_sql.py b/keystone-moon/keystone/tests/unit/backend/role/test_sql.py deleted file mode 100644 index 79ff148a..00000000 --- a/keystone-moon/keystone/tests/unit/backend/role/test_sql.py +++ /dev/null @@ -1,40 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import uuid - -from keystone.common import sql -from keystone import exception -from keystone.tests.unit.backend import core_sql -from keystone.tests.unit.backend.role import core - - -class SqlRoleModels(core_sql.BaseBackendSqlModels): - - def test_role_model(self): - cols = (('id', sql.String, 64), - ('name', sql.String, 255)) - self.assertExpectedSchema('role', cols) - - -class SqlRole(core_sql.BaseBackendSqlTests, core.RoleTests): - - def test_create_null_role_name(self): - role = {'id': uuid.uuid4().hex, - 'name': None} - self.assertRaises(exception.UnexpectedError, - self.role_api.create_role, - role['id'], - role) - self.assertRaises(exception.RoleNotFound, - self.role_api.get_role, - role['id']) |