aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/tests/unit/test_v3_domain_config.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/tests/unit/test_v3_domain_config.py')
-rw-r--r--keystone-moon/keystone/tests/unit/test_v3_domain_config.py259
1 files changed, 252 insertions, 7 deletions
diff --git a/keystone-moon/keystone/tests/unit/test_v3_domain_config.py b/keystone-moon/keystone/tests/unit/test_v3_domain_config.py
index 701cd3cf..ee716081 100644
--- a/keystone-moon/keystone/tests/unit/test_v3_domain_config.py
+++ b/keystone-moon/keystone/tests/unit/test_v3_domain_config.py
@@ -17,6 +17,7 @@ from oslo_config import cfg
from six.moves import http_client
from keystone import exception
+from keystone.tests import unit
from keystone.tests.unit import test_v3
@@ -29,7 +30,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
def setUp(self):
super(DomainConfigTestCase, self).setUp()
- self.domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
+ self.domain = unit.new_domain_ref()
self.resource_api.create_domain(self.domain['id'], self.domain)
self.config = {'ldap': {'url': uuid.uuid4().hex,
'user_tree_dn': uuid.uuid4().hex},
@@ -40,21 +41,34 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
url = '/domains/%(domain_id)s/config' % {
'domain_id': self.domain['id']}
r = self.put(url, body={'config': self.config},
- expected_status=201)
+ expected_status=http_client.CREATED)
res = self.domain_config_api.get_config(self.domain['id'])
self.assertEqual(self.config, r.result['config'])
self.assertEqual(self.config, res)
+ def test_create_config_invalid_domain(self):
+ """Call ``PUT /domains/{domain_id}/config``
+
+ While creating Identity API-based domain config with an invalid domain
+ id provided, the request shall be rejected with a response, 404 domain
+ not found.
+ """
+ invalid_domain_id = uuid.uuid4().hex
+ url = '/domains/%(domain_id)s/config' % {
+ 'domain_id': invalid_domain_id}
+ self.put(url, body={'config': self.config},
+ expected_status=exception.DomainNotFound.code)
+
def test_create_config_twice(self):
"""Check multiple creates don't throw error"""
self.put('/domains/%(domain_id)s/config' % {
'domain_id': self.domain['id']},
body={'config': self.config},
- expected_status=201)
+ expected_status=http_client.CREATED)
self.put('/domains/%(domain_id)s/config' % {
'domain_id': self.domain['id']},
body={'config': self.config},
- expected_status=200)
+ expected_status=http_client.OK)
def test_delete_config(self):
"""Call ``DELETE /domains{domain_id}/config``."""
@@ -65,6 +79,19 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
'domain_id': self.domain['id']},
expected_status=exception.DomainConfigNotFound.code)
+ def test_delete_config_invalid_domain(self):
+ """Call ``DELETE /domains{domain_id}/config``
+
+ While deleting Identity API-based domain config with an invalid domain
+ id provided, the request shall be rejected with a response, 404 domain
+ not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ invalid_domain_id = uuid.uuid4().hex
+ self.delete('/domains/%(domain_id)s/config' % {
+ 'domain_id': invalid_domain_id},
+ expected_status=exception.DomainNotFound.code)
+
def test_delete_config_by_group(self):
"""Call ``DELETE /domains{domain_id}/config/{group}``."""
self.domain_config_api.create_config(self.domain['id'], self.config)
@@ -73,6 +100,19 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
res = self.domain_config_api.get_config(self.domain['id'])
self.assertNotIn('ldap', res)
+ def test_delete_config_by_group_invalid_domain(self):
+ """Call ``DELETE /domains{domain_id}/config/{group}``
+
+ While deleting Identity API-based domain config by group with an
+ invalid domain id provided, the request shall be rejected with a
+ response 404 domain not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ invalid_domain_id = uuid.uuid4().hex
+ self.delete('/domains/%(domain_id)s/config/ldap' % {
+ 'domain_id': invalid_domain_id},
+ expected_status=exception.DomainNotFound.code)
+
def test_get_head_config(self):
"""Call ``GET & HEAD for /domains{domain_id}/config``."""
self.domain_config_api.create_config(self.domain['id'], self.config)
@@ -80,7 +120,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
'domain_id': self.domain['id']}
r = self.get(url)
self.assertEqual(self.config, r.result['config'])
- self.head(url, expected_status=200)
+ self.head(url, expected_status=http_client.OK)
def test_get_config_by_group(self):
"""Call ``GET & HEAD /domains{domain_id}/config/{group}``."""
@@ -89,7 +129,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
'domain_id': self.domain['id']}
r = self.get(url)
self.assertEqual({'ldap': self.config['ldap']}, r.result['config'])
- self.head(url, expected_status=200)
+ self.head(url, expected_status=http_client.OK)
+
+ def test_get_config_by_group_invalid_domain(self):
+ """Call ``GET & HEAD /domains{domain_id}/config/{group}``
+
+ While retrieving Identity API-based domain config by group with an
+ invalid domain id provided, the request shall be rejected with a
+ response 404 domain not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ invalid_domain_id = uuid.uuid4().hex
+ self.get('/domains/%(domain_id)s/config/ldap' % {
+ 'domain_id': invalid_domain_id},
+ expected_status=exception.DomainNotFound.code)
def test_get_config_by_option(self):
"""Call ``GET & HEAD /domains{domain_id}/config/{group}/{option}``."""
@@ -99,7 +152,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
r = self.get(url)
self.assertEqual({'url': self.config['ldap']['url']},
r.result['config'])
- self.head(url, expected_status=200)
+ self.head(url, expected_status=http_client.OK)
+
+ def test_get_config_by_option_invalid_domain(self):
+ """Call ``GET & HEAD /domains{domain_id}/config/{group}/{option}``
+
+ While retrieving Identity API-based domain config by option with an
+ invalid domain id provided, the request shall be rejected with a
+ response 404 domain not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ invalid_domain_id = uuid.uuid4().hex
+ self.get('/domains/%(domain_id)s/config/ldap/url' % {
+ 'domain_id': invalid_domain_id},
+ expected_status=exception.DomainNotFound.code)
def test_get_non_existant_config(self):
"""Call ``GET /domains{domain_id}/config when no config defined``."""
@@ -107,6 +173,18 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
'domain_id': self.domain['id']},
expected_status=http_client.NOT_FOUND)
+ def test_get_non_existant_config_invalid_domain(self):
+ """Call ``GET /domains{domain_id}/config when no config defined``
+
+ While retrieving non-existent Identity API-based domain config with an
+ invalid domain id provided, the request shall be rejected with a
+ response 404 domain not found.
+ """
+ invalid_domain_id = uuid.uuid4().hex
+ self.get('/domains/%(domain_id)s/config' % {
+ 'domain_id': invalid_domain_id},
+ expected_status=exception.DomainNotFound.code)
+
def test_get_non_existant_config_group(self):
"""Call ``GET /domains{domain_id}/config/{group_not_exist}``."""
config = {'ldap': {'url': uuid.uuid4().hex}}
@@ -115,6 +193,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
'domain_id': self.domain['id']},
expected_status=http_client.NOT_FOUND)
+ def test_get_non_existant_config_group_invalid_domain(self):
+ """Call ``GET /domains{domain_id}/config/{group_not_exist}``
+
+ While retrieving non-existent Identity API-based domain config group
+ with an invalid domain id provided, the request shall be rejected with
+ a response, 404 domain not found.
+ """
+ config = {'ldap': {'url': uuid.uuid4().hex}}
+ self.domain_config_api.create_config(self.domain['id'], config)
+ invalid_domain_id = uuid.uuid4().hex
+ self.get('/domains/%(domain_id)s/config/identity' % {
+ 'domain_id': invalid_domain_id},
+ expected_status=exception.DomainNotFound.code)
+
def test_get_non_existant_config_option(self):
"""Call ``GET /domains{domain_id}/config/group/{option_not_exist}``."""
config = {'ldap': {'url': uuid.uuid4().hex}}
@@ -123,6 +215,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
'domain_id': self.domain['id']},
expected_status=http_client.NOT_FOUND)
+ def test_get_non_existant_config_option_invalid_domain(self):
+ """Call ``GET /domains{domain_id}/config/group/{option_not_exist}``
+
+ While retrieving non-existent Identity API-based domain config option
+ with an invalid domain id provided, the request shall be rejected with
+ a response, 404 domain not found.
+ """
+ config = {'ldap': {'url': uuid.uuid4().hex}}
+ self.domain_config_api.create_config(self.domain['id'], config)
+ invalid_domain_id = uuid.uuid4().hex
+ self.get('/domains/%(domain_id)s/config/ldap/user_tree_dn' % {
+ 'domain_id': invalid_domain_id},
+ expected_status=exception.DomainNotFound.code)
+
def test_update_config(self):
"""Call ``PATCH /domains/{domain_id}/config``."""
self.domain_config_api.create_config(self.domain['id'], self.config)
@@ -139,6 +245,22 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
self.assertEqual(expected_config, r.result['config'])
self.assertEqual(expected_config, res)
+ def test_update_config_invalid_domain(self):
+ """Call ``PATCH /domains/{domain_id}/config``
+
+ While updating Identity API-based domain config with an invalid domain
+ id provided, the request shall be rejected with a response, 404 domain
+ not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ new_config = {'ldap': {'url': uuid.uuid4().hex},
+ 'identity': {'driver': uuid.uuid4().hex}}
+ invalid_domain_id = uuid.uuid4().hex
+ self.patch('/domains/%(domain_id)s/config' % {
+ 'domain_id': invalid_domain_id},
+ body={'config': new_config},
+ expected_status=exception.DomainNotFound.code)
+
def test_update_config_group(self):
"""Call ``PATCH /domains/{domain_id}/config/{group}``."""
self.domain_config_api.create_config(self.domain['id'], self.config)
@@ -155,6 +277,22 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
self.assertEqual(expected_config, r.result['config'])
self.assertEqual(expected_config, res)
+ def test_update_config_group_invalid_domain(self):
+ """Call ``PATCH /domains/{domain_id}/config/{group}``
+
+ While updating Identity API-based domain config group with an invalid
+ domain id provided, the request shall be rejected with a response,
+ 404 domain not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ new_config = {'ldap': {'url': uuid.uuid4().hex,
+ 'user_filter': uuid.uuid4().hex}}
+ invalid_domain_id = uuid.uuid4().hex
+ self.patch('/domains/%(domain_id)s/config/ldap' % {
+ 'domain_id': invalid_domain_id},
+ body={'config': new_config},
+ expected_status=exception.DomainNotFound.code)
+
def test_update_config_invalid_group(self):
"""Call ``PATCH /domains/{domain_id}/config/{invalid_group}``."""
self.domain_config_api.create_config(self.domain['id'], self.config)
@@ -178,6 +316,24 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
body={'config': new_config},
expected_status=http_client.NOT_FOUND)
+ def test_update_config_invalid_group_invalid_domain(self):
+ """Call ``PATCH /domains/{domain_id}/config/{invalid_group}``
+
+ While updating Identity API-based domain config with an invalid group
+ and an invalid domain id provided, the request shall be rejected
+ with a response, 404 domain not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ invalid_group = uuid.uuid4().hex
+ new_config = {invalid_group: {'url': uuid.uuid4().hex,
+ 'user_filter': uuid.uuid4().hex}}
+ invalid_domain_id = uuid.uuid4().hex
+ self.patch('/domains/%(domain_id)s/config/%(invalid_group)s' % {
+ 'domain_id': invalid_domain_id,
+ 'invalid_group': invalid_group},
+ body={'config': new_config},
+ expected_status=exception.DomainNotFound.code)
+
def test_update_config_option(self):
"""Call ``PATCH /domains/{domain_id}/config/{group}/{option}``."""
self.domain_config_api.create_config(self.domain['id'], self.config)
@@ -191,6 +347,21 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
self.assertEqual(expected_config, r.result['config'])
self.assertEqual(expected_config, res)
+ def test_update_config_option_invalid_domain(self):
+ """Call ``PATCH /domains/{domain_id}/config/{group}/{option}``
+
+ While updating Identity API-based domain config option with an invalid
+ domain id provided, the request shall be rejected with a response, 404
+ domain not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ new_config = {'url': uuid.uuid4().hex}
+ invalid_domain_id = uuid.uuid4().hex
+ self.patch('/domains/%(domain_id)s/config/ldap/url' % {
+ 'domain_id': invalid_domain_id},
+ body={'config': new_config},
+ expected_status=exception.DomainNotFound.code)
+
def test_update_config_invalid_option(self):
"""Call ``PATCH /domains/{domain_id}/config/{group}/{invalid}``."""
self.domain_config_api.create_config(self.domain['id'], self.config)
@@ -212,3 +383,77 @@ class DomainConfigTestCase(test_v3.RestfulTestCase):
'domain_id': self.domain['id']},
body={'config': new_config},
expected_status=http_client.NOT_FOUND)
+
+ def test_update_config_invalid_option_invalid_domain(self):
+ """Call ``PATCH /domains/{domain_id}/config/{group}/{invalid}``
+
+ While updating Identity API-based domain config with an invalid option
+ and an invalid domain id provided, the request shall be rejected
+ with a response, 404 domain not found.
+ """
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ invalid_option = uuid.uuid4().hex
+ new_config = {'ldap': {invalid_option: uuid.uuid4().hex}}
+ invalid_domain_id = uuid.uuid4().hex
+ self.patch(
+ '/domains/%(domain_id)s/config/ldap/%(invalid_option)s' % {
+ 'domain_id': invalid_domain_id,
+ 'invalid_option': invalid_option},
+ body={'config': new_config},
+ expected_status=exception.DomainNotFound.code)
+
+ def test_get_config_default(self):
+ """Call ``GET /domains/config/default``."""
+ # Create a config that overrides a few of the options so that we can
+ # check that only the defaults are returned.
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ url = '/domains/config/default'
+ r = self.get(url)
+ default_config = r.result['config']
+ for group in default_config:
+ for option in default_config[group]:
+ self.assertEqual(getattr(getattr(CONF, group), option),
+ default_config[group][option])
+
+ def test_get_config_default_by_group(self):
+ """Call ``GET /domains/config/{group}/default``."""
+ # Create a config that overrides a few of the options so that we can
+ # check that only the defaults are returned.
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ url = '/domains/config/ldap/default'
+ r = self.get(url)
+ default_config = r.result['config']
+ for option in default_config['ldap']:
+ self.assertEqual(getattr(CONF.ldap, option),
+ default_config['ldap'][option])
+
+ def test_get_config_default_by_option(self):
+ """Call ``GET /domains/config/{group}/{option}/default``."""
+ # Create a config that overrides a few of the options so that we can
+ # check that only the defaults are returned.
+ self.domain_config_api.create_config(self.domain['id'], self.config)
+ url = '/domains/config/ldap/url/default'
+ r = self.get(url)
+ default_config = r.result['config']
+ self.assertEqual(CONF.ldap.url, default_config['url'])
+
+ def test_get_config_default_by_invalid_group(self):
+ """Call ``GET for /domains/config/{bad-group}/default``."""
+ # First try a valid group, but one we don't support for domain config
+ self.get('/domains/config/resouce/default',
+ expected_status=http_client.FORBIDDEN)
+
+ # Now try a totally invalid group
+ url = '/domains/config/%s/default' % uuid.uuid4().hex
+ self.get(url, expected_status=http_client.FORBIDDEN)
+
+ def test_get_config_default_by_invalid_option(self):
+ """Call ``GET for /domains/config/{group}/{bad-option}/default``."""
+ # First try a valid option, but one we don't support for domain config,
+ # i.e. one that is in the sensitive options list
+ self.get('/domains/config/ldap/password/default',
+ expected_status=http_client.FORBIDDEN)
+
+ # Now try a totally invalid option
+ url = '/domains/config/ldap/%s/default' % uuid.uuid4().hex
+ self.get(url, expected_status=http_client.FORBIDDEN)