Merge lp:~zulcss/keystone/keystone-saucy-ftbfs into lp:~openstack-ubuntu-testing/keystone/grizzly

Proposed by Chuck Short
Status: Rejected
Rejected by: Adam Gandelman
Proposed branch: lp:~zulcss/keystone/keystone-saucy-ftbfs
Merge into: lp:~openstack-ubuntu-testing/keystone/grizzly
Diff against target: 1176 lines (+1143/-14)
2 files modified
debian/changelog (+7/-0)
debian/patches/fix-ubuntu-tests.patch (+1136/-14)
To merge this branch: bzr merge lp:~zulcss/keystone/keystone-saucy-ftbfs
Reviewer Review Type Date Requested Status
Yolanda Robla (community) Approve
Review via email: mp+161606@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Yolanda Robla (yolanda.robla) wrote :

Looks good to me

review: Approve
Revision history for this message
Adam Gandelman (gandelman-a) wrote :

This needs to be targeted at the havana/saucy branches, not grizzly.

Unmerged revisions

194. By Chuck Short

* New upstream version.
* debian/patches/fix-ubuntu-tests.patch: Refreshed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-04-06 03:32:20 +0000
3+++ debian/changelog 2013-04-30 13:56:30 +0000
4@@ -1,3 +1,10 @@
5+keystone (1:2013.2.a87.ga78bc2e-0ubuntu1) UNRELEASED; urgency=low
6+
7+ * New upstream version.
8+ * debian/patches/fix-ubuntu-tests.patch: Refreshed.
9+
10+ -- Chuck Short <zulcss@ubuntu.com> Tue, 30 Apr 2013 08:37:09 -0500
11+
12 keystone (1:2013.1-0ubuntu1) raring; urgency=low
13
14 [ Adam Gandelman ]
15
16=== modified file 'debian/patches/fix-ubuntu-tests.patch'
17--- debian/patches/fix-ubuntu-tests.patch 2013-02-19 15:50:46 +0000
18+++ debian/patches/fix-ubuntu-tests.patch 2013-04-30 13:56:30 +0000
19@@ -1,17 +1,19 @@
20-Description: Fix test execution during package build
21- The keystoneclient testsuite includes a number of tests
22- for older version of keystone which are retrieved from
23- the upstream source repo during testing.
24- .
25- This is not possible during an offline package build so
26- the checkout and tests are disabled/skipped.
27-Author: Chuck Short <zulcss@ubuntu.com>
28-Author: James Page <james.page@ubuntu.com>
29-Forwarded: not-needed
30-
31---- a/tests/test_keystoneclient.py
32-+++ b/tests/test_keystoneclient.py
33-@@ -37,10 +37,6 @@ class CompatTestCase(test.TestCase):
34+diff -Naurp keystone-2013.2.a87.ga78bc2e.orig/run_tests.sh keystone-2013.2.a87.ga78bc2e/run_tests.sh
35+--- keystone-2013.2.a87.ga78bc2e.orig/run_tests.sh 2013-04-30 08:21:15.000000000 -0500
36++++ keystone-2013.2.a87.ga78bc2e/run_tests.sh 2013-04-30 08:36:18.269681785 -0500
37+@@ -69,7 +69,7 @@ always_venv=0
38+ never_venv=0
39+ force=0
40+ noseargs=
41+-noseopts="--with-openstack --openstack-color"
42++noseopts=""
43+ wrapper=""
44+ just_pep8=0
45+ short_pep8=0
46+diff -Naurp keystone-2013.2.a87.ga78bc2e.orig/tests/test_keystoneclient.py keystone-2013.2.a87.ga78bc2e/tests/test_keystoneclient.py
47+--- keystone-2013.2.a87.ga78bc2e.orig/tests/test_keystoneclient.py 2013-04-30 08:21:15.000000000 -0500
48++++ keystone-2013.2.a87.ga78bc2e/tests/test_keystoneclient.py 2013-04-30 08:35:56.829681775 -0500
49+@@ -36,10 +36,6 @@ class CompatTestCase(test.TestCase):
50 def setUp(self):
51 super(CompatTestCase, self).setUp()
52
53@@ -57,3 +59,1123 @@
54 from keystoneclient import exceptions as client_exceptions
55
56 test_username = 'new_user'
57+diff -Naurp keystone-2013.2.a87.ga78bc2e.orig/tests/test_keystoneclient.py.orig keystone-2013.2.a87.ga78bc2e/tests/test_keystoneclient.py.orig
58+--- keystone-2013.2.a87.ga78bc2e.orig/tests/test_keystoneclient.py.orig 1969-12-31 18:00:00.000000000 -0600
59++++ keystone-2013.2.a87.ga78bc2e/tests/test_keystoneclient.py.orig 2013-04-30 08:21:15.000000000 -0500
60+@@ -0,0 +1,1116 @@
61++# vim: tabstop=4 shiftwidth=4 softtabstop=4
62++
63++# Copyright 2012 OpenStack LLC
64++#
65++# Licensed under the Apache License, Version 2.0 (the "License"); you may
66++# not use this file except in compliance with the License. You may obtain
67++# a copy of the License at
68++#
69++# http://www.apache.org/licenses/LICENSE-2.0
70++#
71++# Unless required by applicable law or agreed to in writing, software
72++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
73++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
74++# License for the specific language governing permissions and limitations
75++# under the License.
76++
77++import uuid
78++import webob
79++
80++import nose.exc
81++
82++from keystone.openstack.common import jsonutils
83++from keystone.openstack.common import timeutils
84++from keystone import config
85++from keystone import test
86++
87++import default_fixtures
88++
89++CONF = config.CONF
90++DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id
91++OPENSTACK_REPO = 'https://review.openstack.org/p/openstack'
92++KEYSTONECLIENT_REPO = '%s/python-keystoneclient.git' % OPENSTACK_REPO
93++
94++
95++class CompatTestCase(test.TestCase):
96++ def setUp(self):
97++ super(CompatTestCase, self).setUp()
98++
99++ revdir = test.checkout_vendor(*self.get_checkout())
100++ self.add_path(revdir)
101++ self.clear_module('keystoneclient')
102++
103++ self.load_backends()
104++ self.load_fixtures(default_fixtures)
105++
106++ self.public_server = self.serveapp('keystone', name='main')
107++ self.admin_server = self.serveapp('keystone', name='admin')
108++
109++ # TODO(termie): is_admin is being deprecated once the policy stuff
110++ # is all working
111++ # TODO(termie): add an admin user to the fixtures and use that user
112++ # override the fixtures, for now
113++ self.metadata_foobar = self.identity_api.update_metadata(
114++ self.user_foo['id'], self.tenant_bar['id'],
115++ dict(roles=[self.role_admin['id']], is_admin='1'))
116++
117++ def tearDown(self):
118++ self.public_server.kill()
119++ self.admin_server.kill()
120++ self.public_server = None
121++ self.admin_server = None
122++ super(CompatTestCase, self).tearDown()
123++
124++ def _public_url(self):
125++ public_port = self.public_server.socket_info['socket'][1]
126++ return "http://localhost:%s/v2.0" % public_port
127++
128++ def _admin_url(self):
129++ admin_port = self.admin_server.socket_info['socket'][1]
130++ return "http://localhost:%s/v2.0" % admin_port
131++
132++ def _client(self, admin=False, **kwargs):
133++ from keystoneclient.v2_0 import client as ks_client
134++
135++ url = self._admin_url() if admin else self._public_url()
136++ kc = ks_client.Client(endpoint=url,
137++ auth_url=self._public_url(),
138++ **kwargs)
139++ kc.authenticate()
140++ # have to manually overwrite the management url after authentication
141++ kc.management_url = url
142++ return kc
143++
144++ def get_client(self, user_ref=None, tenant_ref=None, admin=False):
145++ if user_ref is None:
146++ user_ref = self.user_foo
147++ if tenant_ref is None:
148++ for user in default_fixtures.USERS:
149++ if user['id'] == user_ref['id']:
150++ tenant_id = user['tenants'][0]
151++ else:
152++ tenant_id = tenant_ref['id']
153++
154++ return self._client(username=user_ref['name'],
155++ password=user_ref['password'],
156++ tenant_id=tenant_id,
157++ admin=admin)
158++
159++
160++class KeystoneClientTests(object):
161++ """Tests for all versions of keystoneclient."""
162++
163++ def test_authenticate_tenant_name_and_tenants(self):
164++ client = self.get_client()
165++ tenants = client.tenants.list()
166++ self.assertEquals(tenants[0].id, self.tenant_bar['id'])
167++
168++ def test_authenticate_tenant_id_and_tenants(self):
169++ client = self._client(username=self.user_foo['name'],
170++ password=self.user_foo['password'],
171++ tenant_id='bar')
172++ tenants = client.tenants.list()
173++ self.assertEquals(tenants[0].id, self.tenant_bar['id'])
174++
175++ def test_authenticate_invalid_tenant_id(self):
176++ from keystoneclient import exceptions as client_exceptions
177++ self.assertRaises(client_exceptions.Unauthorized,
178++ self._client,
179++ username=self.user_foo['name'],
180++ password=self.user_foo['password'],
181++ tenant_id='baz')
182++
183++ def test_authenticate_token_no_tenant(self):
184++ client = self.get_client()
185++ token = client.auth_token
186++ token_client = self._client(token=token)
187++ tenants = token_client.tenants.list()
188++ self.assertEquals(tenants[0].id, self.tenant_bar['id'])
189++
190++ def test_authenticate_token_tenant_id(self):
191++ client = self.get_client()
192++ token = client.auth_token
193++ token_client = self._client(token=token, tenant_id='bar')
194++ tenants = token_client.tenants.list()
195++ self.assertEquals(tenants[0].id, self.tenant_bar['id'])
196++
197++ def test_authenticate_token_invalid_tenant_id(self):
198++ from keystoneclient import exceptions as client_exceptions
199++ client = self.get_client()
200++ token = client.auth_token
201++ self.assertRaises(client_exceptions.Unauthorized,
202++ self._client, token=token,
203++ tenant_id=uuid.uuid4().hex)
204++
205++ def test_authenticate_token_invalid_tenant_name(self):
206++ from keystoneclient import exceptions as client_exceptions
207++ client = self.get_client()
208++ token = client.auth_token
209++ self.assertRaises(client_exceptions.Unauthorized,
210++ self._client, token=token,
211++ tenant_name=uuid.uuid4().hex)
212++
213++ def test_authenticate_token_tenant_name(self):
214++ client = self.get_client()
215++ token = client.auth_token
216++ token_client = self._client(token=token, tenant_name='BAR')
217++ tenants = token_client.tenants.list()
218++ self.assertEquals(tenants[0].id, self.tenant_bar['id'])
219++ self.assertEquals(tenants[0].id, self.tenant_bar['id'])
220++
221++ def test_authenticate_and_delete_token(self):
222++ from keystoneclient import exceptions as client_exceptions
223++
224++ client = self.get_client(admin=True)
225++ token = client.auth_token
226++ token_client = self._client(token=token)
227++ tenants = token_client.tenants.list()
228++ self.assertEquals(tenants[0].id, self.tenant_bar['id'])
229++
230++ client.tokens.delete(token_client.auth_token)
231++
232++ self.assertRaises(client_exceptions.Unauthorized,
233++ token_client.tenants.list)
234++
235++ def test_authenticate_no_password(self):
236++ from keystoneclient import exceptions as client_exceptions
237++
238++ user_ref = self.user_foo.copy()
239++ user_ref['password'] = None
240++ self.assertRaises(client_exceptions.AuthorizationFailure,
241++ self.get_client,
242++ user_ref)
243++
244++ def test_authenticate_no_username(self):
245++ from keystoneclient import exceptions as client_exceptions
246++
247++ user_ref = self.user_foo.copy()
248++ user_ref['name'] = None
249++ self.assertRaises(client_exceptions.AuthorizationFailure,
250++ self.get_client,
251++ user_ref)
252++
253++ def test_authenticate_disabled_tenant(self):
254++ from keystoneclient import exceptions as client_exceptions
255++
256++ admin_client = self.get_client(admin=True)
257++
258++ tenant = {
259++ 'name': uuid.uuid4().hex,
260++ 'description': uuid.uuid4().hex,
261++ 'enabled': False,
262++ }
263++ tenant_ref = admin_client.tenants.create(
264++ tenant_name=tenant['name'],
265++ description=tenant['description'],
266++ enabled=tenant['enabled'])
267++ tenant['id'] = tenant_ref.id
268++
269++ user = {
270++ 'name': uuid.uuid4().hex,
271++ 'password': uuid.uuid4().hex,
272++ 'email': uuid.uuid4().hex,
273++ 'tenant_id': tenant['id'],
274++ }
275++ user_ref = admin_client.users.create(
276++ name=user['name'],
277++ password=user['password'],
278++ email=user['email'],
279++ tenant_id=user['tenant_id'])
280++ user['id'] = user_ref.id
281++
282++ # password authentication
283++ self.assertRaises(
284++ client_exceptions.Unauthorized,
285++ self._client,
286++ username=user['name'],
287++ password=user['password'],
288++ tenant_id=tenant['id'])
289++
290++ # token authentication
291++ client = self._client(
292++ username=user['name'],
293++ password=user['password'])
294++ self.assertRaises(
295++ client_exceptions.Unauthorized,
296++ self._client,
297++ token=client.auth_token,
298++ tenant_id=tenant['id'])
299++
300++ # FIXME(ja): this test should require the "keystone:admin" roled
301++ # (probably the role set via --keystone_admin_role flag)
302++ # FIXME(ja): add a test that admin endpoint is only sent to admin user
303++ # FIXME(ja): add a test that admin endpoint returns unauthorized if not
304++ # admin
305++ def test_tenant_create_update_and_delete(self):
306++ from keystoneclient import exceptions as client_exceptions
307++
308++ tenant_name = 'original_tenant'
309++ tenant_description = 'My original tenant!'
310++ tenant_enabled = True
311++ client = self.get_client(admin=True)
312++
313++ # create, get, and list a tenant
314++ tenant = client.tenants.create(tenant_name=tenant_name,
315++ description=tenant_description,
316++ enabled=tenant_enabled)
317++ self.assertEquals(tenant.name, tenant_name)
318++ self.assertEquals(tenant.description, tenant_description)
319++ self.assertEquals(tenant.enabled, tenant_enabled)
320++
321++ tenant = client.tenants.get(tenant_id=tenant.id)
322++ self.assertEquals(tenant.name, tenant_name)
323++ self.assertEquals(tenant.description, tenant_description)
324++ self.assertEquals(tenant.enabled, tenant_enabled)
325++
326++ tenant = [t for t in client.tenants.list() if t.id == tenant.id].pop()
327++ self.assertEquals(tenant.name, tenant_name)
328++ self.assertEquals(tenant.description, tenant_description)
329++ self.assertEquals(tenant.enabled, tenant_enabled)
330++
331++ # update, get, and list a tenant
332++ tenant_name = 'updated_tenant'
333++ tenant_description = 'Updated tenant!'
334++ tenant_enabled = False
335++ tenant = client.tenants.update(tenant_id=tenant.id,
336++ tenant_name=tenant_name,
337++ enabled=tenant_enabled,
338++ description=tenant_description)
339++ self.assertEquals(tenant.name, tenant_name)
340++ self.assertEquals(tenant.description, tenant_description)
341++ self.assertEquals(tenant.enabled, tenant_enabled)
342++
343++ tenant = client.tenants.get(tenant_id=tenant.id)
344++ self.assertEquals(tenant.name, tenant_name)
345++ self.assertEquals(tenant.description, tenant_description)
346++ self.assertEquals(tenant.enabled, tenant_enabled)
347++
348++ tenant = [t for t in client.tenants.list() if t.id == tenant.id].pop()
349++ self.assertEquals(tenant.name, tenant_name)
350++ self.assertEquals(tenant.description, tenant_description)
351++ self.assertEquals(tenant.enabled, tenant_enabled)
352++
353++ # delete, get, and list a tenant
354++ client.tenants.delete(tenant=tenant.id)
355++ self.assertRaises(client_exceptions.NotFound, client.tenants.get,
356++ tenant.id)
357++ self.assertFalse([t for t in client.tenants.list()
358++ if t.id == tenant.id])
359++
360++ def test_tenant_create_no_name(self):
361++ from keystoneclient import exceptions as client_exceptions
362++ client = self.get_client(admin=True)
363++ self.assertRaises(client_exceptions.BadRequest,
364++ client.tenants.create,
365++ tenant_name="")
366++
367++ def test_tenant_delete_404(self):
368++ from keystoneclient import exceptions as client_exceptions
369++ client = self.get_client(admin=True)
370++ self.assertRaises(client_exceptions.NotFound,
371++ client.tenants.delete,
372++ tenant=uuid.uuid4().hex)
373++
374++ def test_tenant_get_404(self):
375++ from keystoneclient import exceptions as client_exceptions
376++ client = self.get_client(admin=True)
377++ self.assertRaises(client_exceptions.NotFound,
378++ client.tenants.get,
379++ tenant_id=uuid.uuid4().hex)
380++
381++ def test_tenant_update_404(self):
382++ from keystoneclient import exceptions as client_exceptions
383++ client = self.get_client(admin=True)
384++ self.assertRaises(client_exceptions.NotFound,
385++ client.tenants.update,
386++ tenant_id=uuid.uuid4().hex)
387++
388++ def test_tenant_list(self):
389++ client = self.get_client()
390++ tenants = client.tenants.list()
391++ self.assertEquals(len(tenants), 1)
392++
393++ # Admin endpoint should return *all* tenants
394++ client = self.get_client(admin=True)
395++ tenants = client.tenants.list()
396++ self.assertEquals(len(tenants), len(default_fixtures.TENANTS))
397++
398++ def test_invalid_password(self):
399++ from keystoneclient import exceptions as client_exceptions
400++
401++ good_client = self._client(username=self.user_foo['name'],
402++ password=self.user_foo['password'])
403++ good_client.tenants.list()
404++
405++ self.assertRaises(client_exceptions.Unauthorized,
406++ self._client,
407++ username=self.user_foo['name'],
408++ password=uuid.uuid4().hex)
409++
410++ def test_invalid_user_and_password(self):
411++ from keystoneclient import exceptions as client_exceptions
412++
413++ self.assertRaises(client_exceptions.Unauthorized,
414++ self._client,
415++ username=uuid.uuid4().hex,
416++ password=uuid.uuid4().hex)
417++
418++ def test_change_password_invalidates_token(self):
419++ from keystoneclient import exceptions as client_exceptions
420++
421++ client = self.get_client(admin=True)
422++
423++ username = uuid.uuid4().hex
424++ passwd = uuid.uuid4().hex
425++ user = client.users.create(name=username, password=passwd,
426++ email=uuid.uuid4().hex)
427++
428++ token_id = client.tokens.authenticate(username=username,
429++ password=passwd).id
430++
431++ # authenticate with a token should work before a password change
432++ client.tokens.authenticate(token=token_id)
433++
434++ client.users.update_password(user=user.id, password=uuid.uuid4().hex)
435++
436++ # authenticate with a token should not work after a password change
437++ self.assertRaises(client_exceptions.Unauthorized,
438++ client.tokens.authenticate,
439++ token=token_id)
440++
441++ def test_disable_user_invalidates_token(self):
442++ from keystoneclient import exceptions as client_exceptions
443++
444++ admin_client = self.get_client(admin=True)
445++ foo_client = self.get_client(self.user_foo)
446++
447++ admin_client.users.update_enabled(user=self.user_foo['id'],
448++ enabled=False)
449++
450++ self.assertRaises(client_exceptions.Unauthorized,
451++ foo_client.tokens.authenticate,
452++ token=foo_client.auth_token)
453++
454++ self.assertRaises(client_exceptions.Unauthorized,
455++ self.get_client,
456++ self.user_foo)
457++
458++ def test_token_expiry_maintained(self):
459++ timeutils.set_time_override()
460++ foo_client = self.get_client(self.user_foo)
461++
462++ orig_token = foo_client.service_catalog.catalog['token']
463++ timeutils.advance_time_seconds(1)
464++ reauthenticated_token = foo_client.tokens.authenticate(
465++ token=foo_client.auth_token)
466++
467++ self.assertCloseEnoughForGovernmentWork(
468++ timeutils.parse_isotime(orig_token['expires']),
469++ timeutils.parse_isotime(reauthenticated_token.expires))
470++
471++ def test_user_create_update_delete(self):
472++ from keystoneclient import exceptions as client_exceptions
473++
474++ test_username = 'new_user'
475++ client = self.get_client(admin=True)
476++ user = client.users.create(name=test_username,
477++ password='password',
478++ email='user1@test.com')
479++ self.assertEquals(user.name, test_username)
480++
481++ user = client.users.get(user=user.id)
482++ self.assertEquals(user.name, test_username)
483++
484++ user = client.users.update(user=user,
485++ name=test_username,
486++ email='user2@test.com')
487++ self.assertEquals(user.email, 'user2@test.com')
488++
489++ # NOTE(termie): update_enabled doesn't return anything, probably a bug
490++ client.users.update_enabled(user=user, enabled=False)
491++ user = client.users.get(user.id)
492++ self.assertFalse(user.enabled)
493++
494++ self.assertRaises(client_exceptions.Unauthorized,
495++ self._client,
496++ username=test_username,
497++ password='password')
498++ client.users.update_enabled(user, True)
499++
500++ user = client.users.update_password(user=user, password='password2')
501++
502++ self._client(username=test_username,
503++ password='password2')
504++
505++ user = client.users.update_tenant(user=user, tenant='bar')
506++ # TODO(ja): once keystonelight supports default tenant
507++ # when you login without specifying tenant, the
508++ # token should be scoped to tenant 'bar'
509++
510++ client.users.delete(user.id)
511++ self.assertRaises(client_exceptions.NotFound, client.users.get,
512++ user.id)
513++
514++ # Test creating a user with a tenant (auto-add to tenant)
515++ user2 = client.users.create(name=test_username,
516++ password='password',
517++ email='user1@test.com',
518++ tenant_id='bar')
519++ self.assertEquals(user2.name, test_username)
520++
521++ def test_user_create_no_name(self):
522++ from keystoneclient import exceptions as client_exceptions
523++ client = self.get_client(admin=True)
524++ self.assertRaises(client_exceptions.BadRequest,
525++ client.users.create,
526++ name="",
527++ password=uuid.uuid4().hex,
528++ email=uuid.uuid4().hex)
529++
530++ def test_user_create_404(self):
531++ from keystoneclient import exceptions as client_exceptions
532++ client = self.get_client(admin=True)
533++ self.assertRaises(client_exceptions.NotFound,
534++ client.users.create,
535++ name=uuid.uuid4().hex,
536++ password=uuid.uuid4().hex,
537++ email=uuid.uuid4().hex,
538++ tenant_id=uuid.uuid4().hex)
539++
540++ def test_user_get_404(self):
541++ from keystoneclient import exceptions as client_exceptions
542++ client = self.get_client(admin=True)
543++ self.assertRaises(client_exceptions.NotFound,
544++ client.users.get,
545++ user=uuid.uuid4().hex)
546++
547++ def test_user_list_404(self):
548++ from keystoneclient import exceptions as client_exceptions
549++ client = self.get_client(admin=True)
550++ self.assertRaises(client_exceptions.NotFound,
551++ client.users.list,
552++ tenant_id=uuid.uuid4().hex)
553++
554++ def test_user_update_404(self):
555++ from keystoneclient import exceptions as client_exceptions
556++ client = self.get_client(admin=True)
557++ self.assertRaises(client_exceptions.NotFound,
558++ client.users.update,
559++ user=uuid.uuid4().hex)
560++
561++ def test_user_update_tenant_404(self):
562++ raise nose.exc.SkipTest('N/A')
563++ from keystoneclient import exceptions as client_exceptions
564++ client = self.get_client(admin=True)
565++ self.assertRaises(client_exceptions.NotFound,
566++ client.users.update,
567++ user=self.user_foo['id'],
568++ tenant_id=uuid.uuid4().hex)
569++
570++ def test_user_update_password_404(self):
571++ from keystoneclient import exceptions as client_exceptions
572++ client = self.get_client(admin=True)
573++ self.assertRaises(client_exceptions.NotFound,
574++ client.users.update_password,
575++ user=uuid.uuid4().hex,
576++ password=uuid.uuid4().hex)
577++
578++ def test_user_delete_404(self):
579++ from keystoneclient import exceptions as client_exceptions
580++ client = self.get_client(admin=True)
581++ self.assertRaises(client_exceptions.NotFound,
582++ client.users.delete,
583++ user=uuid.uuid4().hex)
584++
585++ def test_user_list(self):
586++ client = self.get_client(admin=True)
587++ users = client.users.list()
588++ self.assertTrue(len(users) > 0)
589++ user = users[0]
590++ self.assertRaises(AttributeError, lambda: user.password)
591++
592++ def test_user_get(self):
593++ client = self.get_client(admin=True)
594++ user = client.users.get(user=self.user_foo['id'])
595++ self.assertRaises(AttributeError, lambda: user.password)
596++
597++ def test_role_get(self):
598++ client = self.get_client(admin=True)
599++ role = client.roles.get(role=self.role_admin['id'])
600++ self.assertEquals(role.id, self.role_admin['id'])
601++
602++ def test_role_crud(self):
603++ from keystoneclient import exceptions as client_exceptions
604++
605++ test_role = 'new_role'
606++ client = self.get_client(admin=True)
607++ role = client.roles.create(name=test_role)
608++ self.assertEquals(role.name, test_role)
609++
610++ role = client.roles.get(role=role.id)
611++ self.assertEquals(role.name, test_role)
612++
613++ client.roles.delete(role=role.id)
614++
615++ self.assertRaises(client_exceptions.NotFound,
616++ client.roles.delete,
617++ role=role.id)
618++ self.assertRaises(client_exceptions.NotFound,
619++ client.roles.get,
620++ role=role.id)
621++
622++ def test_role_create_no_name(self):
623++ from keystoneclient import exceptions as client_exceptions
624++ client = self.get_client(admin=True)
625++ self.assertRaises(client_exceptions.BadRequest,
626++ client.roles.create,
627++ name="")
628++
629++ def test_role_get_404(self):
630++ from keystoneclient import exceptions as client_exceptions
631++ client = self.get_client(admin=True)
632++ self.assertRaises(client_exceptions.NotFound,
633++ client.roles.get,
634++ role=uuid.uuid4().hex)
635++
636++ def test_role_delete_404(self):
637++ from keystoneclient import exceptions as client_exceptions
638++ client = self.get_client(admin=True)
639++ self.assertRaises(client_exceptions.NotFound,
640++ client.roles.delete,
641++ role=uuid.uuid4().hex)
642++
643++ def test_role_list_404(self):
644++ from keystoneclient import exceptions as client_exceptions
645++ client = self.get_client(admin=True)
646++ self.assertRaises(client_exceptions.NotFound,
647++ client.roles.roles_for_user,
648++ user=uuid.uuid4().hex,
649++ tenant=uuid.uuid4().hex)
650++ self.assertRaises(client_exceptions.NotFound,
651++ client.roles.roles_for_user,
652++ user=self.user_foo['id'],
653++ tenant=uuid.uuid4().hex)
654++ self.assertRaises(client_exceptions.NotFound,
655++ client.roles.roles_for_user,
656++ user=uuid.uuid4().hex,
657++ tenant=self.tenant_bar['id'])
658++
659++ def test_role_list(self):
660++ client = self.get_client(admin=True)
661++ roles = client.roles.list()
662++ # TODO(devcamcar): This assert should be more specific.
663++ self.assertTrue(len(roles) > 0)
664++
665++ def test_ec2_credential_crud(self):
666++ client = self.get_client()
667++ creds = client.ec2.list(user_id=self.user_foo['id'])
668++ self.assertEquals(creds, [])
669++
670++ cred = client.ec2.create(user_id=self.user_foo['id'],
671++ tenant_id=self.tenant_bar['id'])
672++ creds = client.ec2.list(user_id=self.user_foo['id'])
673++ self.assertEquals(creds, [cred])
674++
675++ got = client.ec2.get(user_id=self.user_foo['id'], access=cred.access)
676++ self.assertEquals(cred, got)
677++
678++ client.ec2.delete(user_id=self.user_foo['id'], access=cred.access)
679++ creds = client.ec2.list(user_id=self.user_foo['id'])
680++ self.assertEquals(creds, [])
681++
682++ def test_ec2_credentials_create_404(self):
683++ from keystoneclient import exceptions as client_exceptions
684++ client = self.get_client()
685++ self.assertRaises(client_exceptions.NotFound,
686++ client.ec2.create,
687++ user_id=uuid.uuid4().hex,
688++ tenant_id=self.tenant_bar['id'])
689++ self.assertRaises(client_exceptions.NotFound,
690++ client.ec2.create,
691++ user_id=self.user_foo['id'],
692++ tenant_id=uuid.uuid4().hex)
693++
694++ def test_ec2_credentials_delete_404(self):
695++ from keystoneclient import exceptions as client_exceptions
696++ client = self.get_client()
697++ self.assertRaises(client_exceptions.NotFound,
698++ client.ec2.delete,
699++ user_id=uuid.uuid4().hex,
700++ access=uuid.uuid4().hex)
701++
702++ def test_ec2_credentials_get_404(self):
703++ from keystoneclient import exceptions as client_exceptions
704++ client = self.get_client()
705++ self.assertRaises(client_exceptions.NotFound,
706++ client.ec2.get,
707++ user_id=uuid.uuid4().hex,
708++ access=uuid.uuid4().hex)
709++
710++ def test_ec2_credentials_list_404(self):
711++ from keystoneclient import exceptions as client_exceptions
712++ client = self.get_client()
713++ self.assertRaises(client_exceptions.NotFound,
714++ client.ec2.list,
715++ user_id=uuid.uuid4().hex)
716++
717++ def test_ec2_credentials_list_user_forbidden(self):
718++ from keystoneclient import exceptions as client_exceptions
719++
720++ two = self.get_client(self.user_two)
721++ self.assertRaises(client_exceptions.Forbidden, two.ec2.list,
722++ user_id=self.user_foo['id'])
723++
724++ def test_ec2_credentials_get_user_forbidden(self):
725++ from keystoneclient import exceptions as client_exceptions
726++
727++ foo = self.get_client()
728++ cred = foo.ec2.create(user_id=self.user_foo['id'],
729++ tenant_id=self.tenant_bar['id'])
730++
731++ two = self.get_client(self.user_two)
732++ self.assertRaises(client_exceptions.Forbidden, two.ec2.get,
733++ user_id=self.user_foo['id'], access=cred.access)
734++
735++ foo.ec2.delete(user_id=self.user_foo['id'], access=cred.access)
736++
737++ def test_ec2_credentials_delete_user_forbidden(self):
738++ from keystoneclient import exceptions as client_exceptions
739++
740++ foo = self.get_client()
741++ cred = foo.ec2.create(user_id=self.user_foo['id'],
742++ tenant_id=self.tenant_bar['id'])
743++
744++ two = self.get_client(self.user_two)
745++ self.assertRaises(client_exceptions.Forbidden, two.ec2.delete,
746++ user_id=self.user_foo['id'], access=cred.access)
747++
748++ foo.ec2.delete(user_id=self.user_foo['id'], access=cred.access)
749++
750++ def test_service_crud(self):
751++ from keystoneclient import exceptions as client_exceptions
752++ client = self.get_client(admin=True)
753++
754++ service_name = uuid.uuid4().hex
755++ service_type = uuid.uuid4().hex
756++ service_desc = uuid.uuid4().hex
757++
758++ # create & read
759++ service = client.services.create(name=service_name,
760++ service_type=service_type,
761++ description=service_desc)
762++ self.assertEquals(service_name, service.name)
763++ self.assertEquals(service_type, service.type)
764++ self.assertEquals(service_desc, service.description)
765++
766++ service = client.services.get(id=service.id)
767++ self.assertEquals(service_name, service.name)
768++ self.assertEquals(service_type, service.type)
769++ self.assertEquals(service_desc, service.description)
770++
771++ service = [x for x in client.services.list() if x.id == service.id][0]
772++ self.assertEquals(service_name, service.name)
773++ self.assertEquals(service_type, service.type)
774++ self.assertEquals(service_desc, service.description)
775++
776++ # update is not supported in API v2...
777++
778++ # delete & read
779++ client.services.delete(id=service.id)
780++ self.assertRaises(client_exceptions.NotFound,
781++ client.services.get,
782++ id=service.id)
783++ services = [x for x in client.services.list() if x.id == service.id]
784++ self.assertEquals(len(services), 0)
785++
786++ def test_service_delete_404(self):
787++ from keystoneclient import exceptions as client_exceptions
788++ client = self.get_client(admin=True)
789++ self.assertRaises(client_exceptions.NotFound,
790++ client.services.delete,
791++ id=uuid.uuid4().hex)
792++
793++ def test_service_get_404(self):
794++ from keystoneclient import exceptions as client_exceptions
795++ client = self.get_client(admin=True)
796++ self.assertRaises(client_exceptions.NotFound,
797++ client.services.get,
798++ id=uuid.uuid4().hex)
799++
800++ def test_endpoint_delete_404(self):
801++ from keystoneclient import exceptions as client_exceptions
802++ client = self.get_client(admin=True)
803++ self.assertRaises(client_exceptions.NotFound,
804++ client.endpoints.delete,
805++ id=uuid.uuid4().hex)
806++
807++ def test_admin_requires_adminness(self):
808++ from keystoneclient import exceptions as client_exceptions
809++ # FIXME(ja): this should be Unauthorized
810++ exception = client_exceptions.ClientException
811++
812++ two = self.get_client(self.user_two, admin=True) # non-admin user
813++
814++ # USER CRUD
815++ self.assertRaises(exception,
816++ two.users.list)
817++ self.assertRaises(exception,
818++ two.users.get,
819++ user=self.user_two['id'])
820++ self.assertRaises(exception,
821++ two.users.create,
822++ name='oops',
823++ password='password',
824++ email='oops@test.com')
825++ self.assertRaises(exception,
826++ two.users.delete,
827++ user=self.user_foo['id'])
828++
829++ # TENANT CRUD
830++ self.assertRaises(exception,
831++ two.tenants.list)
832++ self.assertRaises(exception,
833++ two.tenants.get,
834++ tenant_id=self.tenant_bar['id'])
835++ self.assertRaises(exception,
836++ two.tenants.create,
837++ tenant_name='oops',
838++ description="shouldn't work!",
839++ enabled=True)
840++ self.assertRaises(exception,
841++ two.tenants.delete,
842++ tenant=self.tenant_baz['id'])
843++
844++ # ROLE CRUD
845++ self.assertRaises(exception,
846++ two.roles.get,
847++ role=self.role_admin['id'])
848++ self.assertRaises(exception,
849++ two.roles.list)
850++ self.assertRaises(exception,
851++ two.roles.create,
852++ name='oops')
853++ self.assertRaises(exception,
854++ two.roles.delete,
855++ role=self.role_admin['id'])
856++
857++ # TODO(ja): MEMBERSHIP CRUD
858++ # TODO(ja): determine what else todo
859++
860++
861++class KcMasterTestCase(CompatTestCase, KeystoneClientTests):
862++ def get_checkout(self):
863++ return KEYSTONECLIENT_REPO, 'master'
864++
865++ def test_tenant_add_and_remove_user(self):
866++ client = self.get_client(admin=True)
867++ client.roles.add_user_role(tenant=self.tenant_bar['id'],
868++ user=self.user_two['id'],
869++ role=self.role_other['id'])
870++ user_refs = client.tenants.list_users(tenant=self.tenant_bar['id'])
871++ self.assert_(self.user_two['id'] in [x.id for x in user_refs])
872++ client.roles.remove_user_role(tenant=self.tenant_bar['id'],
873++ user=self.user_two['id'],
874++ role=self.role_other['id'])
875++ roles = client.roles.roles_for_user(user=self.user_foo['id'],
876++ tenant=self.tenant_bar['id'])
877++ self.assertNotIn(self.role_other['id'], roles)
878++ user_refs = client.tenants.list_users(tenant=self.tenant_bar['id'])
879++ self.assertNotIn(self.user_two['id'], [x.id for x in user_refs])
880++
881++ def test_user_role_add_404(self):
882++ from keystoneclient import exceptions as client_exceptions
883++ client = self.get_client(admin=True)
884++ self.assertRaises(client_exceptions.NotFound,
885++ client.roles.add_user_role,
886++ tenant=uuid.uuid4().hex,
887++ user=self.user_foo['id'],
888++ role=self.role_member['id'])
889++ self.assertRaises(client_exceptions.NotFound,
890++ client.roles.add_user_role,
891++ tenant=self.tenant_baz['id'],
892++ user=uuid.uuid4().hex,
893++ role=self.role_member['id'])
894++ self.assertRaises(client_exceptions.NotFound,
895++ client.roles.add_user_role,
896++ tenant=self.tenant_baz['id'],
897++ user=self.user_foo['id'],
898++ role=uuid.uuid4().hex)
899++
900++ def test_user_role_remove_404(self):
901++ from keystoneclient import exceptions as client_exceptions
902++ client = self.get_client(admin=True)
903++ self.assertRaises(client_exceptions.NotFound,
904++ client.roles.remove_user_role,
905++ tenant=uuid.uuid4().hex,
906++ user=self.user_foo['id'],
907++ role=self.role_member['id'])
908++ self.assertRaises(client_exceptions.NotFound,
909++ client.roles.remove_user_role,
910++ tenant=self.tenant_baz['id'],
911++ user=uuid.uuid4().hex,
912++ role=self.role_member['id'])
913++ self.assertRaises(client_exceptions.NotFound,
914++ client.roles.remove_user_role,
915++ tenant=self.tenant_baz['id'],
916++ user=self.user_foo['id'],
917++ role=uuid.uuid4().hex)
918++ self.assertRaises(client_exceptions.NotFound,
919++ client.roles.remove_user_role,
920++ tenant=self.tenant_baz['id'],
921++ user=self.user_foo['id'],
922++ role=self.role_member['id'])
923++
924++ def test_tenant_list_marker(self):
925++ client = self.get_client()
926++
927++ # Add two arbitrary tenants to user for testing purposes
928++ for i in range(2):
929++ tenant_id = uuid.uuid4().hex
930++ tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id,
931++ 'domain_id': DEFAULT_DOMAIN_ID}
932++ self.identity_api.create_project(tenant_id, tenant)
933++ self.identity_api.add_user_to_project(tenant_id,
934++ self.user_foo['id'])
935++
936++ tenants = client.tenants.list()
937++ self.assertEqual(len(tenants), 3)
938++
939++ tenants_marker = client.tenants.list(marker=tenants[0].id)
940++ self.assertEqual(len(tenants_marker), 2)
941++ self.assertEqual(tenants[1].name, tenants_marker[0].name)
942++ self.assertEqual(tenants[2].name, tenants_marker[1].name)
943++
944++ def test_tenant_list_marker_not_found(self):
945++ from keystoneclient import exceptions as client_exceptions
946++
947++ client = self.get_client()
948++ self.assertRaises(client_exceptions.BadRequest,
949++ client.tenants.list, marker=uuid.uuid4().hex)
950++
951++ def test_tenant_list_limit(self):
952++ client = self.get_client()
953++
954++ # Add two arbitrary tenants to user for testing purposes
955++ for i in range(2):
956++ tenant_id = uuid.uuid4().hex
957++ tenant = {'name': 'tenant-%s' % tenant_id, 'id': tenant_id,
958++ 'domain_id': DEFAULT_DOMAIN_ID}
959++ self.identity_api.create_project(tenant_id, tenant)
960++ self.identity_api.add_user_to_project(tenant_id,
961++ self.user_foo['id'])
962++
963++ tenants = client.tenants.list()
964++ self.assertEqual(len(tenants), 3)
965++
966++ tenants_limited = client.tenants.list(limit=2)
967++ self.assertEqual(len(tenants_limited), 2)
968++ self.assertEqual(tenants[0].name, tenants_limited[0].name)
969++ self.assertEqual(tenants[1].name, tenants_limited[1].name)
970++
971++ def test_tenant_list_limit_bad_value(self):
972++ from keystoneclient import exceptions as client_exceptions
973++
974++ client = self.get_client()
975++ self.assertRaises(client_exceptions.BadRequest,
976++ client.tenants.list, limit='a')
977++ self.assertRaises(client_exceptions.BadRequest,
978++ client.tenants.list, limit=-1)
979++
980++ def test_roles_get_by_user(self):
981++ client = self.get_client(admin=True)
982++ roles = client.roles.roles_for_user(user=self.user_foo['id'],
983++ tenant=self.tenant_bar['id'])
984++ self.assertTrue(len(roles) > 0)
985++
986++ def test_user_can_update_passwd(self):
987++ client = self.get_client(self.user_two)
988++
989++ token_id = client.auth_token
990++ new_password = uuid.uuid4().hex
991++
992++ # TODO(derekh) : Update to use keystoneclient when available
993++ class FakeResponse(object):
994++ def start_fake_response(self, status, headers):
995++ self.response_status = int(status.split(' ', 1)[0])
996++ self.response_headers = dict(headers)
997++ responseobject = FakeResponse()
998++
999++ req = webob.Request.blank(
1000++ '/v2.0/OS-KSCRUD/users/%s' % self.user_two['id'],
1001++ headers={'X-Auth-Token': token_id})
1002++ req.method = 'PATCH'
1003++ req.body = ('{"user":{"password":"%s","original_password":"%s"}}' %
1004++ (new_password, self.user_two['password']))
1005++ self.public_server.application(req.environ,
1006++ responseobject.start_fake_response)
1007++
1008++ self.user_two['password'] = new_password
1009++ self.get_client(self.user_two)
1010++
1011++ def test_user_cannot_update_other_users_passwd(self):
1012++ from keystoneclient import exceptions as client_exceptions
1013++
1014++ client = self.get_client(self.user_two)
1015++
1016++ token_id = client.auth_token
1017++ new_password = uuid.uuid4().hex
1018++
1019++ # TODO(derekh) : Update to use keystoneclient when available
1020++ class FakeResponse(object):
1021++ def start_fake_response(self, status, headers):
1022++ self.response_status = int(status.split(' ', 1)[0])
1023++ self.response_headers = dict(headers)
1024++ responseobject = FakeResponse()
1025++
1026++ req = webob.Request.blank(
1027++ '/v2.0/OS-KSCRUD/users/%s' % self.user_foo['id'],
1028++ headers={'X-Auth-Token': token_id})
1029++ req.method = 'PATCH'
1030++ req.body = ('{"user":{"password":"%s","original_password":"%s"}}' %
1031++ (new_password, self.user_two['password']))
1032++ self.public_server.application(req.environ,
1033++ responseobject.start_fake_response)
1034++ self.assertEquals(403, responseobject.response_status)
1035++
1036++ self.user_two['password'] = new_password
1037++ self.assertRaises(client_exceptions.Unauthorized,
1038++ self.get_client, self.user_two)
1039++
1040++ def test_tokens_after_user_update_passwd(self):
1041++ from keystoneclient import exceptions as client_exceptions
1042++
1043++ client = self.get_client(self.user_two)
1044++
1045++ token_id = client.auth_token
1046++ new_password = uuid.uuid4().hex
1047++
1048++ # TODO(derekh) : Update to use keystoneclient when available
1049++ class FakeResponse(object):
1050++ def start_fake_response(self, status, headers):
1051++ self.response_status = int(status.split(' ', 1)[0])
1052++ self.response_headers = dict(headers)
1053++ responseobject = FakeResponse()
1054++
1055++ req = webob.Request.blank(
1056++ '/v2.0/OS-KSCRUD/users/%s' % self.user_two['id'],
1057++ headers={'X-Auth-Token': token_id})
1058++ req.method = 'PATCH'
1059++ req.body = ('{"user":{"password":"%s","original_password":"%s"}}' %
1060++ (new_password, self.user_two['password']))
1061++
1062++ rv = self.public_server.application(
1063++ req.environ,
1064++ responseobject.start_fake_response)
1065++ response_json = jsonutils.loads(rv.pop())
1066++ new_token_id = response_json['access']['token']['id']
1067++
1068++ self.assertRaises(client_exceptions.Unauthorized, client.tenants.list)
1069++ client.auth_token = new_token_id
1070++ client.tenants.list()
1071++
1072++
1073++class KcEssex3TestCase(CompatTestCase, KeystoneClientTests):
1074++ def get_checkout(self):
1075++ return KEYSTONECLIENT_REPO, 'essex-3'
1076++
1077++ def test_tenant_add_and_remove_user(self):
1078++ client = self.get_client(admin=True)
1079++ client.roles.add_user_to_tenant(tenant_id=self.tenant_bar['id'],
1080++ user_id=self.user_two['id'],
1081++ role_id=self.role_member['id'])
1082++ role_refs = client.roles.get_user_role_refs(
1083++ user_id=self.user_two['id'])
1084++ self.assert_(self.tenant_baz['id'] in [x.tenantId for x in role_refs])
1085++
1086++ # get the "role_refs" so we get the proper id, this is how the clients
1087++ # do it
1088++ roleref_refs = client.roles.get_user_role_refs(
1089++ user_id=self.user_two['id'])
1090++ for roleref_ref in roleref_refs:
1091++ if (roleref_ref.roleId == self.role_member['id']
1092++ and roleref_ref.tenantId == self.tenant_baz['id']):
1093++ # use python's scope fall through to leave roleref_ref set
1094++ break
1095++
1096++ client.roles.remove_user_from_tenant(tenant_id=self.tenant_bar['id'],
1097++ user_id=self.user_two['id'],
1098++ role_id=roleref_ref.id)
1099++
1100++ role_refs = client.roles.get_user_role_refs(
1101++ user_id=self.user_two['id'])
1102++ self.assert_(self.tenant_baz['id'] not in
1103++ [x.tenantId for x in role_refs])
1104++
1105++ def test_roles_get_by_user(self):
1106++ client = self.get_client(admin=True)
1107++ roles = client.roles.get_user_role_refs(user_id='foo')
1108++ self.assertTrue(len(roles) > 0)
1109++
1110++ def test_role_list_404(self):
1111++ raise nose.exc.SkipTest('N/A')
1112++
1113++ def test_authenticate_and_delete_token(self):
1114++ raise nose.exc.SkipTest('N/A')
1115++
1116++ def test_user_create_update_delete(self):
1117++ from keystoneclient import exceptions as client_exceptions
1118++
1119++ test_username = 'new_user'
1120++ client = self.get_client(admin=True)
1121++ user = client.users.create(name=test_username,
1122++ password='password',
1123++ email='user1@test.com')
1124++ self.assertEquals(user.name, test_username)
1125++
1126++ user = client.users.get(user=user.id)
1127++ self.assertEquals(user.name, test_username)
1128++
1129++ user = client.users.update_email(user=user, email='user2@test.com')
1130++ self.assertEquals(user.email, 'user2@test.com')
1131++
1132++ # NOTE(termie): update_enabled doesn't return anything, probably a bug
1133++ client.users.update_enabled(user=user, enabled=False)
1134++ user = client.users.get(user.id)
1135++ self.assertFalse(user.enabled)
1136++
1137++ self.assertRaises(client_exceptions.Unauthorized,
1138++ self._client,
1139++ username=test_username,
1140++ password='password')
1141++ client.users.update_enabled(user, True)
1142++
1143++ user = client.users.update_password(user=user, password='password2')
1144++
1145++ self._client(username=test_username,
1146++ password='password2')
1147++
1148++ user = client.users.update_tenant(user=user, tenant='bar')
1149++ # TODO(ja): once keystonelight supports default tenant
1150++ # when you login without specifying tenant, the
1151++ # token should be scoped to tenant 'bar'
1152++
1153++ client.users.delete(user.id)
1154++ self.assertRaises(client_exceptions.NotFound, client.users.get,
1155++ user.id)
1156++
1157++ def test_user_update_404(self):
1158++ raise nose.exc.SkipTest('N/A')
1159++
1160++ def test_endpoint_create_404(self):
1161++ raise nose.exc.SkipTest('N/A')
1162++
1163++ def test_endpoint_delete_404(self):
1164++ raise nose.exc.SkipTest('N/A')
1165++
1166++ def test_policy_crud(self):
1167++ """Due to lack of endpoint CRUD"""
1168++ raise nose.exc.SkipTest('N/A')
1169++
1170++
1171++class Kc11TestCase(CompatTestCase, KeystoneClientTests):
1172++ def get_checkout(self):
1173++ return KEYSTONECLIENT_REPO, '0.1.1'
1174++
1175++ def test_policy_crud(self):
1176++ raise nose.exc.SkipTest('N/A')

Subscribers

People subscribed via source and target branches