# vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2012 OpenStack LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import uuid from keystone.common.ldap import fakeldap from keystone import config from keystone import exception from keystone.identity.backends import ldap as identity_ldap from keystone import test import default_fixtures import test_backend CONF = config.CONF def clear_database(): db = fakeldap.FakeShelve().get_instance() db.clear() class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def setUp(self): super(LDAPIdentity, self).setUp() self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) clear_database() self.identity_api = identity_ldap.Identity() self.load_fixtures(default_fixtures) def test_delete_tenant_404(self): self.assertRaises(exception.NotImplemented, self.identity_api.delete_tenant, uuid.uuid4().hex) def test_delete_user_404(self): self.assertRaises(exception.NotImplemented, self.identity_api.delete_user, uuid.uuid4().hex) def test_rename_duplicate_role_name_fails(self): role1 = {'id': 'fake1', 'name': 'fake1name'} role2 = {'id': 'fake2', 'name': 'fake2name'} self.identity_api.create_role('fake1', role1) self.identity_api.create_role('fake2', role2) role1['name'] = 'fake2name' self.assertRaises(exception.NotImplemented, self.identity_api.update_role, 'fake1', role1) def test_rename_duplicate_user_name_fails(self): user1 = {'id': 'fake1', 'name': 'fake1', 'password': 'fakepass', 'tenants': ['bar']} user2 = {'id': 'fake2', 'name': 'fake2', 'password': 'fakepass', 'tenants': ['bar']} self.identity_api.create_user('fake1', user1) self.identity_api.create_user('fake2', user2) user2['name'] = 'fake1' self.assertRaises(exception.ValidationError, self.identity_api.update_user, 'fake2', user2) def test_delete_user_with_tenant_association(self): self.assertRaises(exception.NotImplemented, self.identity_api.delete_user, uuid.uuid4().hex) def test_remove_user_from_tenant(self): self.assertRaises(exception.NotImplemented, self.identity_api.remove_user_from_tenant, self.tenant_bar['id'], self.user_foo['id']) def test_remove_user_from_tenant_404(self): self.assertRaises(exception.NotImplemented, self.identity_api.remove_user_from_tenant, self.tenant_bar['id'], self.user_foo['id']) def test_remove_role_from_user_and_tenant(self): self.assertRaises(exception.NotImplemented, self.identity_api.remove_role_from_user_and_tenant, self.tenant_bar['id'], self.user_foo['id'], 'useless') def test_role_crud(self): role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} self.identity_api.create_role(role['id'], role) role_ref = self.identity_api.get_role(role['id']) role_ref_dict = dict((x, role_ref[x]) for x in role_ref) self.assertDictEqual(role_ref_dict, role) self.assertRaises(exception.NotImplemented, self.identity_api.update_role, role['id'], role) self.identity_api.delete_role(role['id']) self.assertRaises(exception.RoleNotFound, self.identity_api.get_role, role['id']) def test_update_role_404(self): self.assertRaises(exception.NotImplemented, self.identity_api.update_role, uuid.uuid4().hex, {}) def test_get_tenant_users_404(self): self.assertRaises(exception.NotImplemented, self.identity_api.get_tenant_users, tenant_id=uuid.uuid4().hex) def test_build_tree(self): """Regression test for building the tree names """ self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) user_api = identity_ldap.UserApi(CONF) self.assertTrue(user_api) self.assertEquals(user_api.tree_dn, "ou=Users,%s" % CONF.ldap.suffix)