"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/tests/unit/test_cli.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

test_cli.py  (keystone-16.0.1):test_cli.py  (keystone-17.0.0)
skipping to change at line 19 skipping to change at line 19
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import copy import copy
import datetime import datetime
import logging import logging
import os import os
from unittest import mock
import uuid import uuid
import argparse import argparse
import configparser
import fixtures import fixtures
import freezegun import freezegun
import mock import http.client
import oslo_config.fixture import oslo_config.fixture
from oslo_db.sqlalchemy import migration from oslo_db.sqlalchemy import migration
from oslo_log import log from oslo_log import log
from oslo_serialization import jsonutils from oslo_serialization import jsonutils
from oslo_upgradecheck import upgradecheck from oslo_upgradecheck import upgradecheck
from six.moves import configparser
from six.moves import http_client
from six.moves import range
from testtools import matchers from testtools import matchers
from keystone.cmd import cli from keystone.cmd import cli
from keystone.cmd.doctor import caching from keystone.cmd.doctor import caching
from keystone.cmd.doctor import credential from keystone.cmd.doctor import credential
from keystone.cmd.doctor import database as doc_database from keystone.cmd.doctor import database as doc_database
from keystone.cmd.doctor import debug from keystone.cmd.doctor import debug
from keystone.cmd.doctor import federation from keystone.cmd.doctor import federation
from keystone.cmd.doctor import ldap from keystone.cmd.doctor import ldap
from keystone.cmd.doctor import security_compliance from keystone.cmd.doctor import security_compliance
skipping to change at line 220 skipping to change at line 219
# Get a new X-Auth-Token # Get a new X-Auth-Token
r = c.post( r = c.post(
'/v3/auth/tokens', '/v3/auth/tokens',
json=v3_password_data) json=v3_password_data)
# Validate the old token with our new X-Auth-Token. # Validate the old token with our new X-Auth-Token.
c.get('/v3/auth/tokens', c.get('/v3/auth/tokens',
headers={'X-Auth-Token': r.headers['X-Subject-Token'], headers={'X-Auth-Token': r.headers['X-Subject-Token'],
'X-Subject-Token': token}) 'X-Subject-Token': token})
admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id) admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id)
reader_role = PROVIDERS.role_api.get_role(self.bootstrap.reader_role_id) reader_role = PROVIDERS.role_api.get_role(
member_role = PROVIDERS.role_api.get_role(self.bootstrap.member_role_id) self.bootstrap.reader_role_id)
self.assertEqual(admin_role['options'], {}) member_role = PROVIDERS.role_api.get_role(
self.assertEqual(member_role['options'], {}) self.bootstrap.member_role_id)
self.assertEqual(reader_role['options'], {}) self.assertEqual(admin_role['options'], {'immutable': True})
self.assertEqual(member_role['options'], {'immutable': True})
self.assertEqual(reader_role['options'], {'immutable': True})
def test_bootstrap_is_not_idempotent_when_password_does_change(self): def test_bootstrap_is_not_idempotent_when_password_does_change(self):
# NOTE(lbragstad): Ensure bootstrap isn't idempotent when run with # NOTE(lbragstad): Ensure bootstrap isn't idempotent when run with
# different arguments or configuration values. # different arguments or configuration values.
self._do_test_bootstrap(self.bootstrap) self._do_test_bootstrap(self.bootstrap)
app = self.loadapp() app = self.loadapp()
v3_password_data = { v3_password_data = {
'auth': { 'auth': {
'identity': { 'identity': {
"methods": ["password"], "methods": ["password"],
skipping to change at line 275 skipping to change at line 276
r = c.post('/v3/auth/tokens', json=v3_password_data) r = c.post('/v3/auth/tokens', json=v3_password_data)
# Since the user account was recovered with a different # Since the user account was recovered with a different
# password, we shouldn't be able to validate this token. # password, we shouldn't be able to validate this token.
# Bootstrap should have persisted a revocation event because # Bootstrap should have persisted a revocation event because
# the user's password was updated. Since this token was # the user's password was updated. Since this token was
# obtained using the original password, it should now be # obtained using the original password, it should now be
# invalid. # invalid.
c.get('/v3/auth/tokens', c.get('/v3/auth/tokens',
headers={'X-Auth-Token': r.headers['X-Subject-Token'], headers={'X-Auth-Token': r.headers['X-Subject-Token'],
'X-Subject-Token': token}, 'X-Subject-Token': token},
expected_status_code=http_client.NOT_FOUND) expected_status_code=http.client.NOT_FOUND)
def test_bootstrap_recovers_user(self): def test_bootstrap_recovers_user(self):
self._do_test_bootstrap(self.bootstrap) self._do_test_bootstrap(self.bootstrap)
# Completely lock the user out. # Completely lock the user out.
user_id = PROVIDERS.identity_api.get_user_by_name( user_id = PROVIDERS.identity_api.get_user_by_name(
self.bootstrap.username, self.bootstrap.username,
'default')['id'] 'default')['id']
PROVIDERS.identity_api.update_user( PROVIDERS.identity_api.update_user(
user_id, user_id,
skipping to change at line 298 skipping to change at line 299
# The second bootstrap run will recover the account. # The second bootstrap run will recover the account.
self._do_test_bootstrap(self.bootstrap) self._do_test_bootstrap(self.bootstrap)
# Sanity check that the original password works again. # Sanity check that the original password works again.
with self.make_request(): with self.make_request():
PROVIDERS.identity_api.authenticate( PROVIDERS.identity_api.authenticate(
user_id, user_id,
self.bootstrap.password) self.bootstrap.password)
def test_bootstrap_with_immutable_roles(self): def test_bootstrap_with_explicit_immutable_roles(self):
CONF(args=['bootstrap', CONF(args=['bootstrap',
'--bootstrap-password', uuid.uuid4().hex, '--bootstrap-password', uuid.uuid4().hex,
'--immutable-roles'], '--immutable-roles'],
project='keystone') project='keystone')
self._do_test_bootstrap(self.bootstrap) self._do_test_bootstrap(self.bootstrap)
admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id) admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id)
reader_role = PROVIDERS.role_api.get_role(self.bootstrap.reader_role_id) reader_role = PROVIDERS.role_api.get_role(
member_role = PROVIDERS.role_api.get_role(self.bootstrap.member_role_id) self.bootstrap.reader_role_id)
member_role = PROVIDERS.role_api.get_role(
self.bootstrap.member_role_id)
self.assertTrue(admin_role['options']['immutable']) self.assertTrue(admin_role['options']['immutable'])
self.assertTrue(member_role['options']['immutable']) self.assertTrue(member_role['options']['immutable'])
self.assertTrue(reader_role['options']['immutable']) self.assertTrue(reader_role['options']['immutable'])
def test_bootstrap_with_default_immutable_roles(self):
CONF(args=['bootstrap',
'--bootstrap-password', uuid.uuid4().hex],
project='keystone')
self._do_test_bootstrap(self.bootstrap)
admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id)
reader_role = PROVIDERS.role_api.get_role(
self.bootstrap.reader_role_id)
member_role = PROVIDERS.role_api.get_role(
self.bootstrap.member_role_id)
self.assertTrue(admin_role['options']['immutable'])
self.assertTrue(member_role['options']['immutable'])
self.assertTrue(reader_role['options']['immutable'])
def test_bootstrap_with_no_immutable_roles(self):
CONF(args=['bootstrap',
'--bootstrap-password', uuid.uuid4().hex,
'--no-immutable-roles'],
project='keystone')
self._do_test_bootstrap(self.bootstrap)
admin_role = PROVIDERS.role_api.get_role(self.bootstrap.role_id)
reader_role = PROVIDERS.role_api.get_role(
self.bootstrap.reader_role_id)
member_role = PROVIDERS.role_api.get_role(
self.bootstrap.member_role_id)
self.assertNotIn('immutable', admin_role['options'])
self.assertNotIn('immutable', member_role['options'])
self.assertNotIn('immutable', reader_role['options'])
def test_bootstrap_with_ambiguous_role_names(self): def test_bootstrap_with_ambiguous_role_names(self):
# bootstrap system to create the default admin role # bootstrap system to create the default admin role
self._do_test_bootstrap(self.bootstrap) self._do_test_bootstrap(self.bootstrap)
# create a domain-specific roles that share the same names as the # create a domain-specific roles that share the same names as the
# default roles created by keystone-manage bootstrap # default roles created by keystone-manage bootstrap
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex} domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
domain = PROVIDERS.resource_api.create_domain(domain['id'], domain) domain = PROVIDERS.resource_api.create_domain(domain['id'], domain)
domain_roles = {} domain_roles = {}
skipping to change at line 609 skipping to change at line 641
default_config = { default_config = {
'ldap': {'url': uuid.uuid4().hex}, 'ldap': {'url': uuid.uuid4().hex},
'identity': {'driver': 'ldap'} 'identity': {'driver': 'ldap'}
} }
PROVIDERS.domain_config_api.create_config( PROVIDERS.domain_config_api.create_config(
CONF.identity.default_domain_id, default_config) CONF.identity.default_domain_id, default_config)
# Now try and upload the settings in the configuration file for the # Now try and upload the settings in the configuration file for the
# default domain # default domain
provider_api.ProviderAPIs._clear_registry_instances() provider_api.ProviderAPIs._clear_registry_instances()
with mock.patch('six.moves.builtins.print') as mock_print: with mock.patch('builtins.print') as mock_print:
self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main)
file_name = ('keystone.%s.conf' % self.default_domain['name']) file_name = ('keystone.%s.conf' % self.default_domain['name'])
error_msg = _( error_msg = _(
'Domain: %(domain)s already has a configuration defined - ' 'Domain: %(domain)s already has a configuration defined - '
'ignoring file: %(file)s.') % { 'ignoring file: %(file)s.') % {
'domain': self.default_domain['name'], 'domain': self.default_domain['name'],
'file': os.path.join(CONF.identity.domain_config_dir, 'file': os.path.join(CONF.identity.domain_config_dir,
file_name)} file_name)}
mock_print.assert_has_calls([mock.call(error_msg)]) mock_print.assert_has_calls([mock.call(error_msg)])
skipping to change at line 633 skipping to change at line 665
self.assertEqual(default_config, res) self.assertEqual(default_config, res)
class CliDomainConfigNoOptionsTestCase(CliDomainConfigAllTestCase): class CliDomainConfigNoOptionsTestCase(CliDomainConfigAllTestCase):
def config(self, config_files): def config(self, config_files):
CONF(args=['domain_config_upload'], CONF(args=['domain_config_upload'],
project='keystone', default_config_files=config_files) project='keystone', default_config_files=config_files)
def test_config_upload(self): def test_config_upload(self):
provider_api.ProviderAPIs._clear_registry_instances() provider_api.ProviderAPIs._clear_registry_instances()
with mock.patch('six.moves.builtins.print') as mock_print: with mock.patch('builtins.print') as mock_print:
self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main)
mock_print.assert_has_calls( mock_print.assert_has_calls(
[mock.call( [mock.call(
_('At least one option must be provided, use either ' _('At least one option must be provided, use either '
'--all or --domain-name'))]) '--all or --domain-name'))])
class CliDomainConfigTooManyOptionsTestCase(CliDomainConfigAllTestCase): class CliDomainConfigTooManyOptionsTestCase(CliDomainConfigAllTestCase):
def config(self, config_files): def config(self, config_files):
CONF(args=['domain_config_upload', '--all', '--domain-name', CONF(args=['domain_config_upload', '--all', '--domain-name',
'Default'], 'Default'],
project='keystone', default_config_files=config_files) project='keystone', default_config_files=config_files)
def test_config_upload(self): def test_config_upload(self):
provider_api.ProviderAPIs._clear_registry_instances() provider_api.ProviderAPIs._clear_registry_instances()
with mock.patch('six.moves.builtins.print') as mock_print: with mock.patch('builtins.print') as mock_print:
self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main)
mock_print.assert_has_calls( mock_print.assert_has_calls(
[mock.call(_('The --all option cannot be used with ' [mock.call(_('The --all option cannot be used with '
'the --domain-name option'))]) 'the --domain-name option'))])
class CliDomainConfigInvalidDomainTestCase(CliDomainConfigAllTestCase): class CliDomainConfigInvalidDomainTestCase(CliDomainConfigAllTestCase):
def config(self, config_files): def config(self, config_files):
self.invalid_domain_name = uuid.uuid4().hex self.invalid_domain_name = uuid.uuid4().hex
CONF(args=['domain_config_upload', '--domain-name', CONF(args=['domain_config_upload', '--domain-name',
self.invalid_domain_name], self.invalid_domain_name],
project='keystone', default_config_files=config_files) project='keystone', default_config_files=config_files)
def test_config_upload(self): def test_config_upload(self):
provider_api.ProviderAPIs._clear_registry_instances() provider_api.ProviderAPIs._clear_registry_instances()
with mock.patch('six.moves.builtins.print') as mock_print: with mock.patch('builtins.print') as mock_print:
self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main) self.assertRaises(unit.UnexpectedExit, cli.DomainConfigUpload.main)
file_name = 'keystone.%s.conf' % self.invalid_domain_name file_name = 'keystone.%s.conf' % self.invalid_domain_name
error_msg = (_( error_msg = (_(
'Invalid domain name: %(domain)s found in config file name: ' 'Invalid domain name: %(domain)s found in config file name: '
'%(file)s - ignoring this file.') % { '%(file)s - ignoring this file.') % {
'domain': self.invalid_domain_name, 'domain': self.invalid_domain_name,
'file': os.path.join(CONF.identity.domain_config_dir, 'file': os.path.join(CONF.identity.domain_config_dir,
file_name)}) file_name)})
mock_print.assert_has_calls([mock.call(error_msg)]) mock_print.assert_has_calls([mock.call(error_msg)])
skipping to change at line 1820 skipping to change at line 1852
f.write("UserName:me\n") f.write("UserName:me\n")
f.write("orgPersonType:NoContractor\n") f.write("orgPersonType:NoContractor\n")
f.write("LastName:Bo\n") f.write("LastName:Bo\n")
f.write("FirstName:Jill\n") f.write("FirstName:Jill\n")
self.command_input = tmpfilename self.command_input = tmpfilename
self.command_prefix = None self.command_prefix = None
self.command_engine_debug = True self.command_engine_debug = True
self.useFixture(fixtures.MockPatchObject( self.useFixture(fixtures.MockPatchObject(
CONF, 'command', self.FakeConfCommand(self))) CONF, 'command', self.FakeConfCommand(self)))
mapping_engine = cli.MappingEngineTester() mapping_engine = cli.MappingEngineTester()
with mock.patch('six.moves.builtins.print') as mock_print: with mock.patch('builtins.print') as mock_print:
mapping_engine.main() mapping_engine.main()
self.assertEqual(mock_print.call_count, 3) self.assertEqual(mock_print.call_count, 3)
call = mock_print.call_args_list[0] call = mock_print.call_args_list[0]
args, kwargs = call args, kwargs = call
self.assertTrue(args[0].startswith('Using Rules:')) self.assertTrue(args[0].startswith('Using Rules:'))
call = mock_print.call_args_list[1] call = mock_print.call_args_list[1]
args, kwargs = call args, kwargs = call
self.assertTrue(args[0].startswith('Using Assertion:')) self.assertTrue(args[0].startswith('Using Assertion:'))
call = mock_print.call_args_list[2] call = mock_print.call_args_list[2]
args, kwargs = call args, kwargs = call
 End of changes. 14 change blocks. 
18 lines changed or deleted 50 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)