diff options
Diffstat (limited to 'keystone-moon/keystone/tests/unit/test_v3_domain_config.py')
-rw-r--r-- | keystone-moon/keystone/tests/unit/test_v3_domain_config.py | 259 |
1 files changed, 252 insertions, 7 deletions
diff --git a/keystone-moon/keystone/tests/unit/test_v3_domain_config.py b/keystone-moon/keystone/tests/unit/test_v3_domain_config.py index 701cd3cf..ee716081 100644 --- a/keystone-moon/keystone/tests/unit/test_v3_domain_config.py +++ b/keystone-moon/keystone/tests/unit/test_v3_domain_config.py @@ -17,6 +17,7 @@ from oslo_config import cfg from six.moves import http_client from keystone import exception +from keystone.tests import unit from keystone.tests.unit import test_v3 @@ -29,7 +30,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): def setUp(self): super(DomainConfigTestCase, self).setUp() - self.domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} + self.domain = unit.new_domain_ref() self.resource_api.create_domain(self.domain['id'], self.domain) self.config = {'ldap': {'url': uuid.uuid4().hex, 'user_tree_dn': uuid.uuid4().hex}, @@ -40,21 +41,34 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): url = '/domains/%(domain_id)s/config' % { 'domain_id': self.domain['id']} r = self.put(url, body={'config': self.config}, - expected_status=201) + expected_status=http_client.CREATED) res = self.domain_config_api.get_config(self.domain['id']) self.assertEqual(self.config, r.result['config']) self.assertEqual(self.config, res) + def test_create_config_invalid_domain(self): + """Call ``PUT /domains/{domain_id}/config`` + + While creating Identity API-based domain config with an invalid domain + id provided, the request shall be rejected with a response, 404 domain + not found. + """ + invalid_domain_id = uuid.uuid4().hex + url = '/domains/%(domain_id)s/config' % { + 'domain_id': invalid_domain_id} + self.put(url, body={'config': self.config}, + expected_status=exception.DomainNotFound.code) + def test_create_config_twice(self): """Check multiple creates don't throw error""" self.put('/domains/%(domain_id)s/config' % { 'domain_id': self.domain['id']}, body={'config': self.config}, - expected_status=201) + expected_status=http_client.CREATED) self.put('/domains/%(domain_id)s/config' % { 'domain_id': self.domain['id']}, body={'config': self.config}, - expected_status=200) + expected_status=http_client.OK) def test_delete_config(self): """Call ``DELETE /domains{domain_id}/config``.""" @@ -65,6 +79,19 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']}, expected_status=exception.DomainConfigNotFound.code) + def test_delete_config_invalid_domain(self): + """Call ``DELETE /domains{domain_id}/config`` + + While deleting Identity API-based domain config with an invalid domain + id provided, the request shall be rejected with a response, 404 domain + not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + invalid_domain_id = uuid.uuid4().hex + self.delete('/domains/%(domain_id)s/config' % { + 'domain_id': invalid_domain_id}, + expected_status=exception.DomainNotFound.code) + def test_delete_config_by_group(self): """Call ``DELETE /domains{domain_id}/config/{group}``.""" self.domain_config_api.create_config(self.domain['id'], self.config) @@ -73,6 +100,19 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): res = self.domain_config_api.get_config(self.domain['id']) self.assertNotIn('ldap', res) + def test_delete_config_by_group_invalid_domain(self): + """Call ``DELETE /domains{domain_id}/config/{group}`` + + While deleting Identity API-based domain config by group with an + invalid domain id provided, the request shall be rejected with a + response 404 domain not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + invalid_domain_id = uuid.uuid4().hex + self.delete('/domains/%(domain_id)s/config/ldap' % { + 'domain_id': invalid_domain_id}, + expected_status=exception.DomainNotFound.code) + def test_get_head_config(self): """Call ``GET & HEAD for /domains{domain_id}/config``.""" self.domain_config_api.create_config(self.domain['id'], self.config) @@ -80,7 +120,7 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']} r = self.get(url) self.assertEqual(self.config, r.result['config']) - self.head(url, expected_status=200) + self.head(url, expected_status=http_client.OK) def test_get_config_by_group(self): """Call ``GET & HEAD /domains{domain_id}/config/{group}``.""" @@ -89,7 +129,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']} r = self.get(url) self.assertEqual({'ldap': self.config['ldap']}, r.result['config']) - self.head(url, expected_status=200) + self.head(url, expected_status=http_client.OK) + + def test_get_config_by_group_invalid_domain(self): + """Call ``GET & HEAD /domains{domain_id}/config/{group}`` + + While retrieving Identity API-based domain config by group with an + invalid domain id provided, the request shall be rejected with a + response 404 domain not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + invalid_domain_id = uuid.uuid4().hex + self.get('/domains/%(domain_id)s/config/ldap' % { + 'domain_id': invalid_domain_id}, + expected_status=exception.DomainNotFound.code) def test_get_config_by_option(self): """Call ``GET & HEAD /domains{domain_id}/config/{group}/{option}``.""" @@ -99,7 +152,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): r = self.get(url) self.assertEqual({'url': self.config['ldap']['url']}, r.result['config']) - self.head(url, expected_status=200) + self.head(url, expected_status=http_client.OK) + + def test_get_config_by_option_invalid_domain(self): + """Call ``GET & HEAD /domains{domain_id}/config/{group}/{option}`` + + While retrieving Identity API-based domain config by option with an + invalid domain id provided, the request shall be rejected with a + response 404 domain not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + invalid_domain_id = uuid.uuid4().hex + self.get('/domains/%(domain_id)s/config/ldap/url' % { + 'domain_id': invalid_domain_id}, + expected_status=exception.DomainNotFound.code) def test_get_non_existant_config(self): """Call ``GET /domains{domain_id}/config when no config defined``.""" @@ -107,6 +173,18 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']}, expected_status=http_client.NOT_FOUND) + def test_get_non_existant_config_invalid_domain(self): + """Call ``GET /domains{domain_id}/config when no config defined`` + + While retrieving non-existent Identity API-based domain config with an + invalid domain id provided, the request shall be rejected with a + response 404 domain not found. + """ + invalid_domain_id = uuid.uuid4().hex + self.get('/domains/%(domain_id)s/config' % { + 'domain_id': invalid_domain_id}, + expected_status=exception.DomainNotFound.code) + def test_get_non_existant_config_group(self): """Call ``GET /domains{domain_id}/config/{group_not_exist}``.""" config = {'ldap': {'url': uuid.uuid4().hex}} @@ -115,6 +193,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']}, expected_status=http_client.NOT_FOUND) + def test_get_non_existant_config_group_invalid_domain(self): + """Call ``GET /domains{domain_id}/config/{group_not_exist}`` + + While retrieving non-existent Identity API-based domain config group + with an invalid domain id provided, the request shall be rejected with + a response, 404 domain not found. + """ + config = {'ldap': {'url': uuid.uuid4().hex}} + self.domain_config_api.create_config(self.domain['id'], config) + invalid_domain_id = uuid.uuid4().hex + self.get('/domains/%(domain_id)s/config/identity' % { + 'domain_id': invalid_domain_id}, + expected_status=exception.DomainNotFound.code) + def test_get_non_existant_config_option(self): """Call ``GET /domains{domain_id}/config/group/{option_not_exist}``.""" config = {'ldap': {'url': uuid.uuid4().hex}} @@ -123,6 +215,20 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']}, expected_status=http_client.NOT_FOUND) + def test_get_non_existant_config_option_invalid_domain(self): + """Call ``GET /domains{domain_id}/config/group/{option_not_exist}`` + + While retrieving non-existent Identity API-based domain config option + with an invalid domain id provided, the request shall be rejected with + a response, 404 domain not found. + """ + config = {'ldap': {'url': uuid.uuid4().hex}} + self.domain_config_api.create_config(self.domain['id'], config) + invalid_domain_id = uuid.uuid4().hex + self.get('/domains/%(domain_id)s/config/ldap/user_tree_dn' % { + 'domain_id': invalid_domain_id}, + expected_status=exception.DomainNotFound.code) + def test_update_config(self): """Call ``PATCH /domains/{domain_id}/config``.""" self.domain_config_api.create_config(self.domain['id'], self.config) @@ -139,6 +245,22 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): self.assertEqual(expected_config, r.result['config']) self.assertEqual(expected_config, res) + def test_update_config_invalid_domain(self): + """Call ``PATCH /domains/{domain_id}/config`` + + While updating Identity API-based domain config with an invalid domain + id provided, the request shall be rejected with a response, 404 domain + not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + new_config = {'ldap': {'url': uuid.uuid4().hex}, + 'identity': {'driver': uuid.uuid4().hex}} + invalid_domain_id = uuid.uuid4().hex + self.patch('/domains/%(domain_id)s/config' % { + 'domain_id': invalid_domain_id}, + body={'config': new_config}, + expected_status=exception.DomainNotFound.code) + def test_update_config_group(self): """Call ``PATCH /domains/{domain_id}/config/{group}``.""" self.domain_config_api.create_config(self.domain['id'], self.config) @@ -155,6 +277,22 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): self.assertEqual(expected_config, r.result['config']) self.assertEqual(expected_config, res) + def test_update_config_group_invalid_domain(self): + """Call ``PATCH /domains/{domain_id}/config/{group}`` + + While updating Identity API-based domain config group with an invalid + domain id provided, the request shall be rejected with a response, + 404 domain not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + new_config = {'ldap': {'url': uuid.uuid4().hex, + 'user_filter': uuid.uuid4().hex}} + invalid_domain_id = uuid.uuid4().hex + self.patch('/domains/%(domain_id)s/config/ldap' % { + 'domain_id': invalid_domain_id}, + body={'config': new_config}, + expected_status=exception.DomainNotFound.code) + def test_update_config_invalid_group(self): """Call ``PATCH /domains/{domain_id}/config/{invalid_group}``.""" self.domain_config_api.create_config(self.domain['id'], self.config) @@ -178,6 +316,24 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): body={'config': new_config}, expected_status=http_client.NOT_FOUND) + def test_update_config_invalid_group_invalid_domain(self): + """Call ``PATCH /domains/{domain_id}/config/{invalid_group}`` + + While updating Identity API-based domain config with an invalid group + and an invalid domain id provided, the request shall be rejected + with a response, 404 domain not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + invalid_group = uuid.uuid4().hex + new_config = {invalid_group: {'url': uuid.uuid4().hex, + 'user_filter': uuid.uuid4().hex}} + invalid_domain_id = uuid.uuid4().hex + self.patch('/domains/%(domain_id)s/config/%(invalid_group)s' % { + 'domain_id': invalid_domain_id, + 'invalid_group': invalid_group}, + body={'config': new_config}, + expected_status=exception.DomainNotFound.code) + def test_update_config_option(self): """Call ``PATCH /domains/{domain_id}/config/{group}/{option}``.""" self.domain_config_api.create_config(self.domain['id'], self.config) @@ -191,6 +347,21 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): self.assertEqual(expected_config, r.result['config']) self.assertEqual(expected_config, res) + def test_update_config_option_invalid_domain(self): + """Call ``PATCH /domains/{domain_id}/config/{group}/{option}`` + + While updating Identity API-based domain config option with an invalid + domain id provided, the request shall be rejected with a response, 404 + domain not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + new_config = {'url': uuid.uuid4().hex} + invalid_domain_id = uuid.uuid4().hex + self.patch('/domains/%(domain_id)s/config/ldap/url' % { + 'domain_id': invalid_domain_id}, + body={'config': new_config}, + expected_status=exception.DomainNotFound.code) + def test_update_config_invalid_option(self): """Call ``PATCH /domains/{domain_id}/config/{group}/{invalid}``.""" self.domain_config_api.create_config(self.domain['id'], self.config) @@ -212,3 +383,77 @@ class DomainConfigTestCase(test_v3.RestfulTestCase): 'domain_id': self.domain['id']}, body={'config': new_config}, expected_status=http_client.NOT_FOUND) + + def test_update_config_invalid_option_invalid_domain(self): + """Call ``PATCH /domains/{domain_id}/config/{group}/{invalid}`` + + While updating Identity API-based domain config with an invalid option + and an invalid domain id provided, the request shall be rejected + with a response, 404 domain not found. + """ + self.domain_config_api.create_config(self.domain['id'], self.config) + invalid_option = uuid.uuid4().hex + new_config = {'ldap': {invalid_option: uuid.uuid4().hex}} + invalid_domain_id = uuid.uuid4().hex + self.patch( + '/domains/%(domain_id)s/config/ldap/%(invalid_option)s' % { + 'domain_id': invalid_domain_id, + 'invalid_option': invalid_option}, + body={'config': new_config}, + expected_status=exception.DomainNotFound.code) + + def test_get_config_default(self): + """Call ``GET /domains/config/default``.""" + # Create a config that overrides a few of the options so that we can + # check that only the defaults are returned. + self.domain_config_api.create_config(self.domain['id'], self.config) + url = '/domains/config/default' + r = self.get(url) + default_config = r.result['config'] + for group in default_config: + for option in default_config[group]: + self.assertEqual(getattr(getattr(CONF, group), option), + default_config[group][option]) + + def test_get_config_default_by_group(self): + """Call ``GET /domains/config/{group}/default``.""" + # Create a config that overrides a few of the options so that we can + # check that only the defaults are returned. + self.domain_config_api.create_config(self.domain['id'], self.config) + url = '/domains/config/ldap/default' + r = self.get(url) + default_config = r.result['config'] + for option in default_config['ldap']: + self.assertEqual(getattr(CONF.ldap, option), + default_config['ldap'][option]) + + def test_get_config_default_by_option(self): + """Call ``GET /domains/config/{group}/{option}/default``.""" + # Create a config that overrides a few of the options so that we can + # check that only the defaults are returned. + self.domain_config_api.create_config(self.domain['id'], self.config) + url = '/domains/config/ldap/url/default' + r = self.get(url) + default_config = r.result['config'] + self.assertEqual(CONF.ldap.url, default_config['url']) + + def test_get_config_default_by_invalid_group(self): + """Call ``GET for /domains/config/{bad-group}/default``.""" + # First try a valid group, but one we don't support for domain config + self.get('/domains/config/resouce/default', + expected_status=http_client.FORBIDDEN) + + # Now try a totally invalid group + url = '/domains/config/%s/default' % uuid.uuid4().hex + self.get(url, expected_status=http_client.FORBIDDEN) + + def test_get_config_default_by_invalid_option(self): + """Call ``GET for /domains/config/{group}/{bad-option}/default``.""" + # First try a valid option, but one we don't support for domain config, + # i.e. one that is in the sensitive options list + self.get('/domains/config/ldap/password/default', + expected_status=http_client.FORBIDDEN) + + # Now try a totally invalid option + url = '/domains/config/ldap/%s/default' % uuid.uuid4().hex + self.get(url, expected_status=http_client.FORBIDDEN) |