tests Package

tests Package

core Module

class keystone.tests.core.BaseTestCase(*args, **kwds)[source]

Bases: oslotest.base.BaseTestCase

Light weight base test class.

This is a placeholder that will eventually go away once thc setup/teardown in TestCase is properly trimmed down to the bare essentials. This is really just a play to speed up the tests by eliminating unnecessary work.

cleanup_instance(*names)[source]

Create a function suitable for use with self.addCleanup.

Returns:a callable that uses a closure to delete instance attributes
class keystone.tests.core.SQLDriverOverrides[source]

Bases: object

A mixin for consolidating sql-specific test overrides.

config_overrides()[source]
class keystone.tests.core.TestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.BaseTestCase

add_path(path)[source]
assertCloseEnoughForGovernmentWork(a, b, delta=3)[source]

Asserts that two datetimes are nearly equal within a small delta.

Parameters:delta – Maximum allowable time delta, defined in seconds.
assertDictContainsSubset(expected, actual, msg=None)[source]

Checks whether actual is a superset of expected.

assertDictEqual(d1, d2, msg=None)[source]
assertNotEmpty(l)[source]
assertRaisesRegexp(expected_exception, expected_regexp, callable_obj, *args, **kwargs)[source]

Asserts that the message in a raised exception matches a regexp.

assertSetEqual(set1, set2, msg=None)[source]
auth_plugin_config_override(methods=None, **method_classes)[source]
clear_auth_plugin_registry()[source]
client(app, *args, **kw)[source]
config(config_files)[source]
config_files()[source]
config_overrides()[source]
ipv6_enabled[source]
load_backends()[source]

Initializes each manager and assigns them to an attribute.

load_fixtures(fixtures)[source]

Hacky basic and naive fixture loading based on a python module.

Expects that the various APIs into the various services are already defined on self.

loadapp(config, name='main')[source]
setUp()[source]
skip_if_env_not_set(env_var)[source]
skip_if_no_ipv6()[source]
class keystone.tests.core.TestClient(app=None, token=None)[source]

Bases: object

get(path, headers=None)[source]
post(path, headers=None, body=None)[source]
put(path, headers=None, body=None)[source]
request(method, path, headers=None, body=None)[source]
exception keystone.tests.core.UnexpectedExit[source]

Bases: exceptions.Exception

keystone.tests.core.checkout_vendor(repo, rev)[source]
class keystone.tests.core.dirs[source]
static etc(*p)[source]
static root(*p)[source]
static tests(*p)[source]
static tests_conf(*p)[source]
static tmp(*p)[source]
keystone.tests.core.generate_paste_config(extension_name)[source]
keystone.tests.core.remove_generated_paste_config(extension_name)[source]
keystone.tests.core.remove_test_databases()[source]
keystone.tests.core.skip_if_cache_disabled(*sections)[source]

This decorator is used to skip a test if caching is disabled either globally or for the specific section.

In the code fragment:

@skip_if_cache_is_disabled('assignment', 'token')
def test_method(*args):
    ...

The method test_method would be skipped if caching is disabled globally via the enabled option in the cache section of the configuration or if the caching option is set to false in either assignment or token sections of the configuration. This decorator can be used with no arguments to only check global caching.

If a specified configuration section does not define the caching option, this decorator makes the same assumption as the should_cache_fn in keystone.common.cache that caching should be enabled.

keystone.tests.core.skip_if_no_multiple_domains_support(f)[source]

This decorator is used to skip a test if an identity driver does not support multiple domains.

default_fixtures Module

fakeldap Module

Fake LDAP server for test harness.

This class does very little error checking, and knows nothing about ldap class definitions. It implements the minimum emulation of the python ldap library to work with nova.

class keystone.tests.fakeldap.FakeLdap(conn=None)[source]

Bases: keystone.common.ldap.core.LDAPHandler

Emulate the python-ldap API.

The python-ldap API requires all strings to be UTF-8 encoded. This is assured by the caller of this interface (i.e. KeystoneLDAPHandler).

However, internally this emulation MUST process and store strings in a canonical form which permits operations on characters. Encoded strings do not provide the ability to operate on characters. Therefore this emulation accepts UTF-8 encoded strings, decodes them to unicode for operations internal to this emulation, and encodes them back to UTF-8 when returning values from the emulation.

add_s(dn, modlist)[source]

Add an object with the specified attributes at dn.

connect(url, page_size=0, alias_dereferencing=None, use_tls=False, tls_cacertfile=None, tls_cacertdir=None, tls_req_cert='demand', chase_referrals=None, debug_level=None, use_pool=None, pool_size=None, pool_retry_max=None, pool_retry_delay=None, pool_conn_timeout=None, pool_conn_lifetime=None)[source]
delete_ext_s(dn, serverctrls, clientctrls=None)[source]

Remove the ldap object at specified dn.

delete_s(dn)[source]

Remove the ldap object at specified dn.

dn(dn)[source]
get_option(option)[source]
key(dn)[source]
modify_s(dn, modlist)[source]

Modify the object at dn using the attribute list.

Parameters:
  • dn – an LDAP DN
  • modlist – a list of tuples in the following form: ([MOD_ADD | MOD_DELETE | MOD_REPACE], attribute, value)
result3(msgid=-1, all=1, timeout=None, resp_ctrl_classes=None)[source]
search_ext(base, scope, filterstr='(objectClass=*)', attrlist=None, attrsonly=0, serverctrls=None, clientctrls=None, timeout=-1, sizelimit=0)[source]
search_s(base, scope, filterstr='(objectClass=*)', attrlist=None, attrsonly=0)[source]

Search for all matching objects under base using the query.

Args: base – dn to search under scope – only SCOPE_BASE and SCOPE_SUBTREE are supported filterstr – filter objects by attrlist – attrs to return. Returns all attrs if not specified

set_option(option, invalue)[source]
simple_bind_s(who='', cred='', serverctrls=None, clientctrls=None)[source]

This method is ignored, but provided for compatibility.

unbind_s()[source]

This method is ignored, but provided for compatibility.

class keystone.tests.fakeldap.FakeLdapNoSubtreeDelete(conn=None)[source]

Bases: keystone.tests.fakeldap.FakeLdap

FakeLdap subclass that does not support subtree delete

Same as FakeLdap except delete will throw the LDAP error ldap.NOT_ALLOWED_ON_NONLEAF if there is an attempt to delete an entry that has children.

delete_ext_s(dn, serverctrls, clientctrls=None)[source]

Remove the ldap object at specified dn.

delete_s(dn)[source]
class keystone.tests.fakeldap.FakeLdapPool(uri, retry_max=None, retry_delay=None, conn=None)[source]

Bases: keystone.tests.fakeldap.FakeLdap

Emulate the python-ldap API with pooled connections using existing FakeLdap logic.

This class is used as connector class in PooledLDAPHandler.

get_lifetime()[source]
simple_bind_s(who=None, cred=None, serverctrls=None, clientctrls=None)[source]
unbind_ext_s()[source]

Added to extend FakeLdap as connector class.

class keystone.tests.fakeldap.FakeShelve[source]

Bases: dict

sync()[source]

federation_fixtures Module

filtering Module

class keystone.tests.filtering.FilterTests[source]

Bases: object

identity_mapping Module

keystone.tests.identity_mapping.list_id_mappings()[source]

List all id_mappings for testing purposes.

mapping_fixtures Module

Fixtures for Federation Mapping.

matchers Module

class keystone.tests.matchers.XMLEquals(expected)[source]

Bases: object

Parses two XML documents from strings and compares the results.

match(other)[source]
class keystone.tests.matchers.XMLMismatch(expected, other)[source]

Bases: testtools.matchers._impl.Mismatch

describe()[source]

rest Module

class keystone.tests.rest.RestfulTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Performs restful tests against the WSGI app over HTTP.

This class launches public & admin WSGI servers for every test, which can be accessed by calling public_request() or admin_request(), respectfully.

restful_request() and request() methods are also exposed if you need to bypass restful conventions or access HTTP details in your test implementation.

Three new asserts are provided:

  • assertResponseSuccessful: called automatically for every request

    unless an expected_status is provided

  • assertResponseStatus: called instead of assertResponseSuccessful,

    if an expected_status is provided

  • assertValidResponseHeaders: validates that the response headers

    appear as expected

Requests are automatically serialized according to the defined content_type. Responses are automatically deserialized as well, and available in the response.body attribute. The original body content is available in the response.raw attribute.

admin_request(**kwargs)[source]
assertResponseStatus(response, expected_status)[source]

Asserts a specific status code on the response.

Parameters:
  • responsehttplib.HTTPResponse
  • expected_status – The specific status result expected

example:

self.assertResponseStatus(response, 204)
assertResponseSuccessful(response)[source]

Asserts that a status code lies inside the 2xx range.

Parameters:responsehttplib.HTTPResponse to be verified to have a status code between 200 and 299.

example:

self.assertResponseSuccessful(response)
assertValidErrorResponse(response, expected_status=400)[source]

Verify that the error response is valid.

Subclasses can override this function based on the expected response.

assertValidResponseHeaders(response)[source]

Ensures that response headers appear as expected.

content_type = 'json'
get_scoped_token(tenant_id=None)[source]

Convenience method so that we can test authenticated requests.

get_unscoped_token()[source]

Convenience method so that we can test authenticated requests.

public_request(**kwargs)[source]
request(app, path, body=None, headers=None, token=None, expected_status=None, **kwargs)[source]
restful_request(method='GET', headers=None, body=None, content_type=None, response_content_type=None, **kwargs)[source]

Serializes/deserializes json/xml as request/response body.

Warning

  • Existing Accept header will be overwritten.
  • Existing Content-Type header will be overwritten.
setUp(app_conf='keystone')[source]

test_associate_project_endpoint_extension Module

class keystone.tests.test_associate_project_endpoint_extension.EndpointFilterCRUDTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase

test_check_endpoint_project_association()[source]

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid project and endpoint id test case.

test_check_endpoint_project_association_with_invalid_endpoint()[source]

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_check_endpoint_project_association_with_invalid_project()[source]

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

test_create_endpoint_project_association()[source]

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid endpoint and project id test case.

test_create_endpoint_project_association_with_invalid_endpoint()[source]

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_create_endpoint_project_association_with_invalid_project()[source]

PUT OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

test_create_endpoint_project_association_with_unexpected_body()[source]

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Unexpected body in request. The body should be ignored.

test_endpoint_project_association_cleanup_when_endpoint_deleted()[source]
test_endpoint_project_association_cleanup_when_project_deleted()[source]
test_list_endpoints_associated_with_invalid_project()[source]

GET /OS-EP-FILTER/projects/{project_id}/endpoints

Invalid project id test case.

test_list_endpoints_associated_with_valid_project()[source]

GET /OS-EP-FILTER/projects/{project_id}/endpoints

Valid project and endpoint id test case.

test_list_projects_associated_with_endpoint()[source]

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects

Valid endpoint-project association test case.

test_list_projects_associated_with_invalid_endpoint()[source]

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects

Invalid endpoint id test case.

test_list_projects_with_no_endpoint_project_association()[source]

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects

Valid endpoint id but no endpoint-project associations test case.

test_remove_endpoint_project_association()[source]

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid project id and endpoint id test case.

test_remove_endpoint_project_association_with_invalid_endpoint()[source]

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_remove_endpoint_project_association_with_invalid_project()[source]

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

class keystone.tests.test_associate_project_endpoint_extension.EndpointFilterTokenRequestTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase

test_default_scoped_token_using_endpoint_filter()[source]

Verify endpoints from default scoped token filtered.

test_default_scoped_token_with_no_catalog_using_endpoint_filter()[source]

Verify endpoint filter when default scoped token returns no catalog.

Test that the default project scoped token response is valid for a given endpoint-project association when no service catalog is returned.

test_default_scoped_token_with_no_endpoint_project_association()[source]

Verify endpoint filter when no endpoint-project association.

Test that the default project scoped token response is valid when there are no endpoint-project associations defined.

test_disabled_endpoint()[source]

Test that a disabled endpoint is handled.

test_invalid_endpoint_project_association()[source]

Verify an invalid endpoint-project association is handled.

test_project_scoped_token_using_endpoint_filter()[source]

Verify endpoints from project scoped token filtered.

test_project_scoped_token_with_no_catalog_using_endpoint_filter()[source]

Verify endpoint filter when project scoped token returns no catalog.

Test that the project scoped token response is valid for a given endpoint-project association when no service catalog is returned.

test_project_scoped_token_with_no_endpoint_project_association()[source]

Verify endpoint filter when no endpoint-project association.

Test that the project scoped token response is valid when there are no endpoint-project associations defined.

class keystone.tests.test_associate_project_endpoint_extension.EndpointGroupCRUDTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase

DEFAULT_ENDPOINT_GROUP_BODY = {'endpoint_group': {'description': 'endpoint group description', 'filters': {'interface': 'admin'}, 'name': 'endpoint_group_name'}}
DEFAULT_ENDPOINT_GROUP_URL = '/OS-EP-FILTER/endpoint_groups'
test_add_endpoint_group_to_project()[source]

Create a valid endpoint group and project association.

test_add_endpoint_group_to_project_with_invalid_project_id()[source]

Create an invalid endpoint group and project association.

test_check_endpoint_group()[source]

HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}

Valid endpoint_group_id test case.

test_check_endpoint_group_to_project()[source]

Test HEAD with a valid endpoint group and project association.

test_check_endpoint_group_to_project_with_invalid_project_id()[source]

Test HEAD with an invalid endpoint group and project association.

test_check_invalid_endpoint_group()[source]

HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}

Invalid endpoint_group_id test case.

test_create_endpoint_group()[source]

POST /OS-EP-FILTER/endpoint_groups

Valid endpoint group test case.

test_create_invalid_endpoint_group()[source]

POST /OS-EP-FILTER/endpoint_groups

Invalid endpoint group creation test case.

test_delete_endpoint_group()[source]

GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}

Valid endpoint group test case.

test_delete_invalid_endpoint_group()[source]

GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}

Invalid endpoint group test case.

test_endpoint_group_project_cleanup_with_endpoint_group()[source]
test_endpoint_group_project_cleanup_with_project()[source]
test_get_endpoint_group()[source]

GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}

Valid endpoint group test case.

test_get_endpoint_group_in_project()[source]

Test retrieving project endpoint group association.

test_get_invalid_endpoint_group()[source]

GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}

Invalid endpoint group test case.

test_get_invalid_endpoint_group_in_project()[source]

Test retrieving project endpoint group association.

test_list_endpoint_groups()[source]

GET /OS-EP-FILTER/endpoint_groups.

test_list_endpoints_associated_with_endpoint_group()[source]

GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}/endpoints

Valid endpoint group test case.

test_list_endpoints_associated_with_project_endpoint_group()[source]

GET /OS-EP-FILTER/projects/{project_id}/endpoints

Valid project, endpoint id, and endpoint group test case.

test_list_projects_associated_with_endpoint_group()[source]

GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects

Valid endpoint group test case.

test_patch_endpoint_group()[source]

PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}

Valid endpoint group patch test case.

test_patch_invalid_endpoint_group()[source]

PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}

Valid endpoint group patch test case.

test_patch_nonexistent_endpoint_group()[source]

PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}

Invalid endpoint group patch test case.

test_removing_an_endpoint_group_project()[source]
class keystone.tests.test_associate_project_endpoint_extension.JsonHomeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase, keystone.tests.test_v3.JsonHomeTestMixin

JSON_HOME_DATA = {'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_projects': {'href-template': '/OS-EP-FILTER/endpoints/{endpoint_id}/projects', 'href-vars': {'endpoint_id': 'http://docs.openstack.org/api/openstack-identity/3/param/endpoint_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_group_to_project_association': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id', 'project_id': 'http://docs.openstack.org/api/openstack-identity/3/param/project_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_group': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoints_in_endpoint_group': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/projects_associated_with_endpoint_group': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_groups': {'href': '/OS-EP-FILTER/endpoint_groups'}}
class keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

EXTENSION_NAME = 'endpoint_filter'
EXTENSION_TO_ADD = 'endpoint_filter_extension'
config_overrides()[source]
setUp()[source]

test_auth Module

class keystone.tests.test_auth.AuthBadRequests(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

test_authenticate_blank_auth()[source]

Verify sending blank ‘auth’ raises the right exception.

test_authenticate_blank_request_body()[source]

Verify sending empty json dict raises the right exception.

test_authenticate_invalid_auth_content()[source]

Verify sending invalid ‘auth’ raises the right exception.

test_authenticate_password_too_large()[source]

Verify sending large ‘password’ raises the right exception.

test_authenticate_tenant_id_too_large()[source]

Verify sending large ‘tenantId’ raises the right exception.

test_authenticate_tenant_name_too_large()[source]

Verify sending large ‘tenantName’ raises the right exception.

test_authenticate_token_too_large()[source]

Verify sending large ‘token’ raises the right exception.

test_authenticate_user_id_too_large()[source]

Verify sending large ‘userId’ raises the right exception.

test_authenticate_username_too_large()[source]

Verify sending large ‘username’ raises the right exception.

test_empty_remote_user()[source]

Verify that _authenticate_external() raises exception if REMOTE_USER is set as the empty string.

test_empty_username_and_userid_in_auth()[source]

Verify that empty username and userID raises ValidationError.

test_no_credentials_in_auth()[source]

Verify that _authenticate_local() raises exception if no creds.

test_no_external_auth()[source]

Verify that _authenticate_external() raises exception if N/A.

test_no_token_in_auth()[source]

Verify that _authenticate_token() raises exception if no token.

class keystone.tests.test_auth.AuthCatalog(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.test_auth.AuthTest

Tests for the catalog provided in the auth response.

config_files()[source]
test_auth_catalog_disabled_endpoint()[source]

On authenticate, get a catalog that excludes disabled endpoints.

test_validate_catalog_disabled_endpoint()[source]

On validate, get back a catalog that excludes disabled endpoints.

class keystone.tests.test_auth.AuthTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

assertEqualTokens(a, b, enforce_audit_ids=True)[source]

Assert that two tokens are equal.

Compare two tokens except for their ids. This also truncates the time in the comparison.

setUp()[source]
class keystone.tests.test_auth.AuthWithPasswordCredentials(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

test_auth_empty_password()[source]

Verify exception is raised if empty password.

test_auth_invalid_user()[source]

Verify exception is raised if invalid user.

test_auth_no_password()[source]

Verify exception is raised if empty password.

test_auth_valid_user_invalid_password()[source]

Verify exception is raised if invalid password.

test_authenticate_blank_password_credentials()[source]

Sending empty dict as passwordCredentials raises a 400 error.

test_authenticate_no_username()[source]

Verify skipping username raises the right exception.

test_bind_without_remote_user()[source]
test_change_default_domain_id()[source]
class keystone.tests.test_auth.AuthWithRemoteUser(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

test_bind_with_kerberos()[source]
test_bind_without_config_opt()[source]
test_scoped_nometa_remote_authn()[source]

Verify getting a token with external authn and no metadata.

test_scoped_remote_authn()[source]

Verify getting a token with external authn.

test_scoped_remote_authn_invalid_user()[source]

Verify that external auth with invalid user fails.

test_unscoped_remote_authn()[source]

Verify getting an unscoped token with external authn.

test_unscoped_remote_authn_jsonless()[source]

Verify that external auth with invalid request fails.

class keystone.tests.test_auth.AuthWithToken(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

test_auth_bad_formatted_token()[source]

Verify exception is raised if invalid token.

test_auth_invalid_token()[source]

Verify exception is raised if invalid token.

test_auth_token_project_group_role()[source]

Verify getting a token in a tenant with group roles.

test_auth_unscoped_token_no_project()[source]

Verify getting an unscoped token with an unscoped token.

test_auth_unscoped_token_project()[source]

Verify getting a token in a tenant with an unscoped token.

test_belongs_to()[source]
test_belongs_to_no_tenant()[source]
test_deleting_role_revokes_token()[source]
test_only_original_audit_id_is_kept()[source]
test_revoke_by_audit_chain_id_chained_token()[source]
test_revoke_by_audit_chain_id_original_token()[source]
test_revoke_with_no_audit_info()[source]
test_token_auth_with_binding()[source]
test_unscoped_token()[source]

Verify getting an unscoped token with password creds.

class keystone.tests.test_auth.AuthWithTrust(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

assert_token_count_for_trust(trust, expected_value)[source]
build_v2_token_request(username, password, trust, tenant_id=None)[source]
config_overrides()[source]
create_trust(trust_data, trustor_name, expires_at=None, impersonation=True)[source]
disable_user(user)[source]
fetch_v2_token_from_trust(trust)[source]
fetch_v3_token_from_trust(trust, trustee)[source]
get_unscoped_token(username, password='foo2')[source]
setUp()[source]
test_create_trust()[source]
test_create_trust_bad_data_fails()[source]
test_create_trust_expires_bad()[source]
test_create_trust_impersonation()[source]
test_create_trust_no_impersonation()[source]
test_create_trust_no_roles()[source]
test_create_trust_without_project_id()[source]

Verify that trust can be created without project id and token can be generated with that trust.

test_create_v3_token_from_trust()[source]
test_delete_tokens_for_user_invalidates_tokens_from_trust()[source]
test_delete_trust_revokes_token()[source]
test_do_not_consume_remaining_uses_when_get_token_fails()[source]
test_expired_trust_get_token_fails()[source]
test_get_trust()[source]
test_token_from_trust()[source]
test_token_from_trust_cant_get_another_token()[source]
test_token_from_trust_with_no_role_fails()[source]
test_token_from_trust_with_wrong_role_fails()[source]
test_token_from_trust_wrong_project_fails()[source]
test_token_from_trust_wrong_user_fails()[source]
test_trust_get_token_fails_if_trustee_disabled()[source]
test_trust_get_token_fails_if_trustor_disabled()[source]
test_v2_trust_token_contains_trustor_user_id_and_impersonation()[source]
test_v3_trust_token_get_token_fails()[source]
class keystone.tests.test_auth.NonDefaultAuthTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_add_non_default_auth_method()[source]
class keystone.tests.test_auth.TokenExpirationTest(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

test_maintain_uuid_token_expiration()[source]

test_auth_plugin Module

class keystone.tests.test_auth_plugin.DuplicateAuthPlugin[source]

Bases: keystone.tests.test_auth_plugin.SimpleChallengeResponse

Duplicate simple challenge response auth plugin.

class keystone.tests.test_auth_plugin.MismatchedAuthPlugin[source]

Bases: keystone.tests.test_auth_plugin.SimpleChallengeResponse

method = '1165051721904b148b825bffd0e8bee5'
class keystone.tests.test_auth_plugin.NoMethodAuthPlugin[source]

Bases: keystone.auth.core.AuthMethodHandler

An auth plugin that does not supply a method attribute.

authenticate(context, auth_payload, auth_context)[source]
class keystone.tests.test_auth_plugin.SimpleChallengeResponse[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, user_context)[source]
method = 'simple_challenge_response'
class keystone.tests.test_auth_plugin.TestAuthPlugin(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]
config_overrides()[source]
setUp()[source]
test_addition_auth_steps()[source]
test_unsupported_auth_method()[source]
class keystone.tests.test_auth_plugin.TestAuthPluginDynamicOptions(*args, **kwargs)[source]

Bases: keystone.tests.test_auth_plugin.TestAuthPlugin

config_files()[source]
config_overrides()[source]
class keystone.tests.test_auth_plugin.TestInvalidAuthMethodRegistration(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_duplicate_auth_method_registration()[source]
test_no_method_attribute_auth_method_by_class_name_registration()[source]
class keystone.tests.test_auth_plugin.TestMapped(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_files()[source]
config_overrides()[source]
setUp()[source]
test_mapped_with_remote_user()[source]
test_supporting_multiple_methods()[source]

test_backend Module

class keystone.tests.test_backend.CatalogTests[source]

Bases: object

test_cache_layer_delete_service_with_endpoint()[source]
test_cache_layer_region_crud(*args, **kwargs)[source]
test_cache_layer_service_crud(*args, **kwargs)[source]
test_create_endpoint()[source]
test_create_endpoint_404()[source]
test_create_region_invalid_parent_region_404()[source]
test_create_region_with_duplicate_id()[source]
test_delete_endpoint_404()[source]
test_delete_region_404()[source]
test_delete_service_404()[source]
test_delete_service_with_endpoint()[source]
test_get_catalog_endpoint_disabled()[source]

Get back only enabled endpoints when get the v2 catalog.

test_get_endpoint_404()[source]
test_get_region_404()[source]
test_get_service_404()[source]
test_get_v3_catalog_endpoint_disabled()[source]

Get back only enabled endpoints when get the v3 catalog.

test_list_regions_filtered_by_parent_region_id()[source]
test_region_crud()[source]
test_service_crud()[source]
test_service_filtering()[source]
test_update_endpoint()[source]
test_update_endpoint_non_exist_region_id()[source]
class keystone.tests.test_backend.FilterTests[source]

Bases: keystone.tests.filtering.FilterTests

test_filter_sql_injection_attack()[source]

Test against sql injection attack on filters

Test Plan: - Attempt to get all entities back by passing a two-term attribute - Attempt to piggyback filter to damage DB (e.g. drop table)

test_list_users_filtered()[source]
test_list_users_inexact_filtered()[source]
class keystone.tests.test_backend.IdentityTests[source]

Bases: object

create_user_dict(**attributes)[source]
test_add_duplicate_role_grant()[source]
test_add_role_to_user_and_project_404()[source]
test_add_role_to_user_and_project_no_user()[source]
test_add_user_to_group()[source]
test_add_user_to_group_404()[source]
test_add_user_to_project()[source]
test_add_user_to_project_404()[source]
test_add_user_to_project_missing_default_role()[source]
test_add_user_to_project_no_user()[source]
test_arbitrary_attributes_are_returned_from_create_user()[source]
test_arbitrary_attributes_are_returned_from_get_user()[source]
test_attribute_update()[source]
test_authenticate()[source]
test_authenticate_and_get_roles_no_metadata()[source]
test_authenticate_bad_password()[source]
test_authenticate_bad_user()[source]
test_authenticate_if_no_password_set()[source]
test_cache_layer_domain_crud(*args, **kwargs)[source]
test_cache_layer_project_crud(*args, **kwargs)[source]
test_cache_layer_role_crud(*args, **kwargs)[source]
test_check_user_in_group()[source]
test_check_user_in_group_404()[source]
test_check_user_not_in_group()[source]
test_create_domain_case_sensitivity(*args, **kwargs)[source]
test_create_duplicate_group_name_fails()[source]
test_create_duplicate_group_name_in_different_domains()[source]
test_create_duplicate_project_id_fails()[source]
test_create_duplicate_project_name_fails()[source]
test_create_duplicate_project_name_in_different_domains()[source]
test_create_duplicate_role_name_fails()[source]
test_create_duplicate_user_name_fails()[source]
test_create_duplicate_user_name_in_different_domains()[source]
test_create_grant_no_group()[source]
test_create_grant_no_user()[source]
test_create_invalid_domain_fails()[source]
test_create_project_blank_name_fails()[source]
test_create_project_case_sensitivity()[source]
test_create_project_doesnt_modify_passed_in_dict()[source]
test_create_project_invalid_enabled_type_string()[source]
test_create_project_invalid_name_fails()[source]
test_create_project_long_name_fails()[source]
test_create_project_with_no_enabled_field()[source]
test_create_unicode_user_name()[source]
test_create_update_delete_unicode_project()[source]
test_create_user_blank_name_fails()[source]
test_create_user_case_sensitivity()[source]
test_create_user_doesnt_modify_passed_in_dict()[source]
test_create_user_invalid_enabled_type_string()[source]
test_create_user_invalid_name_fails()[source]
test_create_user_long_name_fails()[source]
test_create_user_missed_password()[source]
test_create_user_none_password()[source]
test_delete_group_grant_no_group()[source]
test_delete_group_removes_role_assignments()[source]
test_delete_project_404()[source]
test_delete_project_with_role_assignments()[source]
test_delete_role_404()[source]
test_delete_role_check_role_grant()[source]
test_delete_role_with_user_and_group_grants()[source]
test_delete_user_404()[source]
test_delete_user_grant_no_user()[source]
test_delete_user_with_project_association()[source]
test_delete_user_with_project_roles()[source]
test_domain_crud()[source]
test_domain_rename_invalidates_get_domain_by_name_cache(*args, **kwargs)[source]
test_get_and_remove_correct_role_grant_from_a_mix()[source]
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
test_get_and_remove_role_grant_by_group_and_domain()[source]
test_get_and_remove_role_grant_by_group_and_project()[source]
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
test_get_and_remove_role_grant_by_user_and_domain()[source]
test_get_default_domain_by_name(*args, **kwargs)[source]
test_get_not_default_domain_by_name()[source]
test_get_project()[source]
test_get_project_404()[source]
test_get_project_by_name()[source]
test_get_project_by_name_404()[source]
test_get_project_user_ids_404()[source]
test_get_role()[source]
test_get_role_404()[source]
test_get_role_by_user_and_project()[source]
test_get_role_by_user_and_project_with_user_in_group()[source]

Test for get role by user and project, user was added into a group.

Test Plan:

  • Create a user, a project & a group, add this user to group
  • Create roles and grant them to user and project
  • Check the role list get by the user and project was as expected
test_get_role_grant_by_user_and_project()[source]
test_get_roles_for_groups_on_domain()[source]

Test retrieving group domain roles.

Test Plan:

  • Create a domain, three groups and three roles
  • Assign one an inherited and the others a non-inherited group role to the domain
  • Ensure that only the non-inherited roles are returned on the domain
test_get_roles_for_groups_on_project()[source]

Test retrieving group project roles.

Test Plan:

  • Create two domains, two projects, six groups and six roles
  • Project1 is in Domain1, Project2 is in Domain2
  • Domain2/Project2 are spoilers
  • Assign a different direct group role to each project as well as both an inherited and non-inherited role to each domain
  • Get the group roles for Project 1 - depending on whether we have enabled inheritance, we should either get back just the direct role or both the direct one plus the inherited domain role from Domain 1
test_get_roles_for_user_and_domain()[source]

Test for getting roles for user on a domain.

Test Plan:

  • Create a domain, with 2 users
  • Check no roles yet exit
  • Give user1 two roles on the domain, user2 one role
  • Get roles on user1 and the domain - maybe sure we only get back the 2 roles on user1
  • Delete both roles from user1
  • Check we get no roles back for user1 on domain
test_get_roles_for_user_and_domain_404()[source]

Test errors raised when getting roles for user on a domain.

Test Plan:

  • Check non-existing user gives UserNotFound
  • Check non-existing domain gives DomainNotFound
test_get_roles_for_user_and_project_404()[source]
test_get_user()[source]
test_get_user_404()[source]
test_get_user_by_name()[source]
test_get_user_by_name_404()[source]
test_group_crud()[source]
test_list_domains()[source]
test_list_domains_for_groups()[source]

Test retrieving domains for a list of groups.

Test Plan:

  • Create three domains, three groups and one role
  • Assign a non-inherited group role to two domains, and an inherited group role to the third
  • Ensure only the domains with non-inherited roles are returned
test_list_group_role_assignment()[source]
test_list_groups()[source]
test_list_groups_for_user()[source]
test_list_projects()[source]
test_list_projects_for_alternate_domain(*args, **kwargs)[source]
test_list_projects_for_domain()[source]
test_list_projects_for_groups()[source]

Test retrieving projects for a list of groups.

Test Plan:

  • Create two domains, four projects, seven groups and seven roles
  • Project1-3 are in Domain1, Project4 is in Domain2
  • Domain2/Project4 are spoilers
  • Project1 and 2 have direct group roles, Project3 has no direct roles but should inherit a group role from Domain1
  • Get the projects for the group roles that are assigned to Project1 Project2 and the inherited one on Domain1. Depending on whether we have enabled inheritance, we should either get back just the projects with direct roles (Project 1 and 2) or also Project3 due to its inherited role from Domain1.
test_list_projects_for_user()[source]
test_list_projects_for_user_with_grants()[source]
test_list_role_assignments_bad_role()[source]
test_list_role_assignments_unfiltered()[source]

Test for unfiltered listing role assignments.

Test Plan:

  • Create a domain, with a user, group & project
  • Find how many role assignments already exist (from default fixtures)
  • Create a grant of each type (user/group on project/domain)
  • Check the number of assignments has gone up by 4 and that the entries we added are in the list returned
  • Check that if we list assignments by role_id, then we get back assignments that only contain that role.
test_list_roles()[source]
test_list_user_ids_for_project()[source]
test_list_user_ids_for_project_no_duplicates()[source]
test_list_user_project_ids_404()[source]
test_list_users()[source]
test_list_users_in_group()[source]
test_list_users_in_group_404()[source]
test_move_group_between_domains()[source]
test_move_group_between_domains_with_clashing_names_fails()[source]
test_move_project_between_domains()[source]
test_move_project_between_domains_with_clashing_names_fails()[source]
test_move_user_between_domains()[source]
test_move_user_between_domains_with_clashing_names_fails()[source]
test_multi_group_grants_on_project_domain()[source]

Test multiple group roles for user on project and domain.

Test Plan:

  • Create 6 roles
  • Create a domain, with a project, user and two groups
  • Make the user a member of both groups
  • Check no roles yet exit
  • Assign a role to each user and both groups on both the project and domain
  • Get a list of effective roles for the user on both the project and domain, checking we get back the correct three roles
test_multi_role_grant_by_user_group_on_project_domain()[source]
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
test_project_add_and_remove_user_role()[source]
test_project_crud(*args, **kwargs)[source]
test_project_rename_invalidates_get_project_by_name_cache(*args, **kwargs)[source]
test_project_update_and_project_get_return_same_response()[source]
test_project_update_missing_attrs_with_a_falsey_value()[source]
test_project_update_missing_attrs_with_a_value()[source]
test_remove_role_from_user_and_project()[source]
test_remove_role_grant_from_user_and_project()[source]
test_remove_user_from_group()[source]
test_remove_user_from_group_404()[source]
test_remove_user_from_project()[source]
test_remove_user_from_project_404()[source]
test_remove_user_from_project_race_delete_role()[source]
test_remove_user_role_not_assigned()[source]
test_rename_duplicate_project_name_fails()[source]
test_rename_duplicate_role_name_fails()[source]
test_rename_duplicate_user_name_fails()[source]
test_role_crud()[source]
test_role_grant_by_group_and_cross_domain_project()[source]
test_role_grant_by_user_and_cross_domain_project()[source]
test_update_project_404()[source]
test_update_project_blank_name_fails()[source]
test_update_project_enable()[source]
test_update_project_id_does_nothing()[source]
test_update_project_invalid_enabled_type_string()[source]
test_update_project_invalid_name_fails()[source]
test_update_project_long_name_fails()[source]
test_update_role_404()[source]
test_update_role_no_name()[source]
test_update_role_same_name()[source]
test_update_user_404()[source]
test_update_user_blank_name_fails()[source]
test_update_user_enable()[source]
test_update_user_enable_fails()[source]
test_update_user_id_fails()[source]
test_update_user_invalid_name_fails()[source]
test_update_user_long_name_fails()[source]
test_update_user_name()[source]
test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
test_user_crud()[source]
test_user_update_and_user_get_return_same_response()[source]
class keystone.tests.test_backend.InheritanceTests[source]

Bases: object

test_inherited_role_grants_for_group()[source]

Test inherited group roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create 4 roles
  • Create a domain, with a project, user and two groups
  • Make the user a member of both groups
  • Check no roles yet exit
  • Assign a direct user role to the project and a (non-inherited) group role on the domain
  • Get a list of effective roles - should only get the one direct role
  • Now add two inherited group roles to the domain
  • Get a list of effective roles - should have three roles, one direct and two by virtue of inherited group roles
test_inherited_role_grants_for_user()[source]

Test inherited user roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create 3 roles
  • Create a domain, with a project and a user
  • Check no roles yet exit
  • Assign a direct user role to the project and a (non-inherited) user role to the domain
  • Get a list of effective roles - should only get the one direct role
  • Now add an inherited user role to the domain
  • Get a list of effective roles - should have two roles, one direct and one by virtue of the inherited user role
  • Also get effective roles for the domain - the role marked as inherited should not show up
test_list_projects_for_user_with_inherited_grants()[source]

Test inherited group roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create a domain, with two projects and a user
  • Assign an inherited user role on the domain, as well as a direct user role to a separate project in a different domain
  • Get a list of projects for user, should return all three projects
test_list_projects_for_user_with_inherited_group_grants()[source]

Test inherited group roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create two domains, each with two projects
  • Create a user and group
  • Make the user a member of the group
  • Assign a user role two projects, an inherited group role to one domain and an inherited regular role on the other domain
  • Get a list of projects for user, should return both pairs of projects from the domain, plus the one separate project
class keystone.tests.test_backend.LimitTests[source]

Bases: keystone.tests.filtering.FilterTests

ENTITIES = ['user', 'group', 'project']
clean_up_domain()[source]

Clean up domain test data from Limit Test Cases.

clean_up_entities()[source]

Clean up entity test data from Limit Test Cases.

setUp()[source]

Setup for Limit Test Cases.

test_list_groups_filtered_and_limited()[source]
test_list_projects_filtered_and_limited()[source]
test_list_users_filtered_and_limited()[source]
class keystone.tests.test_backend.PolicyTests[source]

Bases: object

assertEqualPolicies(a, b)[source]
test_create()[source]
test_delete()[source]
test_delete_policy_404()[source]
test_get()[source]
test_get_policy_404()[source]
test_list()[source]
test_update()[source]
test_update_policy_404()[source]
class keystone.tests.test_backend.TokenCacheInvalidation[source]

Bases: object

test_delete_scoped_token_by_id()[source]
test_delete_scoped_token_by_user()[source]
test_delete_scoped_token_by_user_and_tenant()[source]
test_delete_unscoped_token()[source]
class keystone.tests.test_backend.TokenTests[source]

Bases: object

check_list_revoked_tokens(token_ids)[source]
create_token_sample_data(token_id=None, tenant_id=None, trust_id=None, user_id=None, expires=None)[source]
delete_token()[source]
test_create_unicode_token_id()[source]
test_create_unicode_user_id()[source]
test_delete_token_404()[source]
test_delete_tokens()[source]
test_delete_tokens_trust()[source]
test_expired_token()[source]
test_flush_expired_token()[source]
test_get_token_404()[source]
test_list_revoked_tokens_for_multiple_tokens()[source]
test_list_revoked_tokens_for_single_token()[source]
test_list_revoked_tokens_returns_empty_list()[source]
test_null_expires_token()[source]
test_predictable_revoked_pki_token_id_default()[source]
test_predictable_revoked_pki_token_id_sha256()[source]
test_predictable_revoked_uuid_token_id()[source]
test_revocation_list_cache(*args, **kwargs)[source]
test_token_crud()[source]
test_token_expire_timezone()[source]
test_token_list()[source]
test_token_list_trust()[source]
class keystone.tests.test_backend.TrustTests[source]

Bases: object

create_sample_trust(new_id, remaining_uses=None)[source]
test_consume_use()[source]
test_create_trust()[source]
test_delete_trust()[source]
test_delete_trust_not_found()[source]
test_get_deleted_trust()[source]
test_get_trust()[source]
test_list_trust_by_trustee()[source]
test_list_trust_by_trustor()[source]
test_list_trusts()[source]
test_trust_has_remaining_uses_negative()[source]
test_trust_has_remaining_uses_positive()[source]

test_backend_endpoint_policy Module

class keystone.tests.test_backend_endpoint_policy.PolicyAssociationTests[source]

Bases: object

load_sample_data()[source]

Create sample data to test policy associations.

The following data is created:

  • 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top)
  • 3 services
  • 6 endpoints, 2 in each region, with a mixture of services: 0 - region 0, Service 0 1 - region 0, Service 1 2 - region 1, Service 1 3 - region 1, Service 2 4 - region 2, Service 2 5 - region 2, Service 0
test_delete_association_by_entity()[source]
test_invalid_policy_to_endpoint_association()[source]
test_overwriting_policy_to_endpoint_association()[source]
test_policy_to_endpoint_association_crud()[source]
test_policy_to_explicit_endpoint_association()[source]
test_policy_to_region_and_service_association()[source]
test_policy_to_service_association()[source]

test_backend_endpoint_policy_sql Module

class keystone.tests.test_backend_endpoint_policy_sql.SqlPolicyAssociationTable(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlModels

Set of tests for checking SQL Policy Association Mapping.

test_policy_association_mapping()[source]
class keystone.tests.test_backend_endpoint_policy_sql.SqlPolicyAssociationTests(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend_endpoint_policy.PolicyAssociationTests

load_fixtures(fixtures)[source]

test_backend_federation_sql Module

class keystone.tests.test_backend_federation_sql.SqlFederation(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlModels

Set of tests for checking SQL Federation.

test_federated_protocol()[source]
test_identity_provider()[source]
test_mapping()[source]

test_backend_id_mapping_sql Module

class keystone.tests.test_backend_id_mapping_sql.SqlIDMapping(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests

clean_sample_data()[source]
load_sample_data()[source]
setUp()[source]
test_delete_public_id_is_silent()[source]
test_id_mapping_crud()[source]
test_id_mapping_handles_unicode()[source]
test_invalid_public_key()[source]
test_purge_mappings()[source]
class keystone.tests.test_backend_id_mapping_sql.SqlIDMappingTable(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlModels

Set of tests for checking SQL Identity ID Mapping.

test_id_mapping()[source]

test_backend_kvs Module

class keystone.tests.test_backend_kvs.KvsCatalog(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests

config_overrides()[source]
setUp()[source]
test_get_catalog()[source]
test_get_catalog_404()[source]
test_get_catalog_endpoint_disabled()[source]
test_get_v3_catalog_endpoint_disabled()[source]
test_list_regions_filtered_by_parent_region_id()[source]
test_service_filtering()[source]
class keystone.tests.test_backend_kvs.KvsIdentity(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.IdentityTests

config_overrides()[source]
setUp()[source]
test_create_duplicate_group_name_in_different_domains()[source]
test_create_duplicate_project_name_in_different_domains()[source]
test_create_duplicate_user_name_in_different_domains()[source]
test_delete_group_removes_role_assignments()[source]
test_get_roles_for_groups_on_domain()[source]
test_get_roles_for_groups_on_project()[source]
test_list_domains_for_groups()[source]
test_list_projects_for_groups()[source]
test_list_projects_for_user_with_grants()[source]
test_move_group_between_domains()[source]
test_move_group_between_domains_with_clashing_names_fails()[source]
test_move_project_between_domains()[source]
test_move_project_between_domains_with_clashing_names_fails()[source]
test_move_user_between_domains()[source]
test_move_user_between_domains_with_clashing_names_fails()[source]
test_password_hashed()[source]
test_update_role_no_name()[source]
class keystone.tests.test_backend_kvs.KvsInheritanceTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.InheritanceTests

config_overrides()[source]
setUp()[source]
class keystone.tests.test_backend_kvs.KvsToken(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenTests

config_overrides()[source]
setUp()[source]
test_cleanup_user_index_on_create()[source]
test_flush_expired_token()[source]
class keystone.tests.test_backend_kvs.KvsTokenCacheInvalidation(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenCacheInvalidation

config_overrides()[source]
setUp()[source]
class keystone.tests.test_backend_kvs.KvsTrust(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TrustTests

config_overrides()[source]
setUp()[source]

test_backend_ldap Module

class keystone.tests.test_backend_ldap.BaseLDAPIdentity[source]

Bases: keystone.tests.test_backend.IdentityTests

clear_database()[source]
config_files()[source]
config_overrides()[source]
get_config(domain_id)[source]
get_user_enabled_vals(user)[source]
reload_backends(domain_id)[source]
setUp()[source]
test_arbitrary_attributes_are_returned_from_get_user()[source]
test_authenticate_requires_simple_bind()[source]
test_build_tree()[source]

Regression test for building the tree names

test_cache_layer_domain_crud()[source]
test_configurable_allowed_user_actions()[source]
test_configurable_forbidden_create_existing_user()[source]
test_configurable_forbidden_user_actions()[source]
test_create_duplicate_group_name_in_different_domains()[source]
test_create_duplicate_project_name_in_different_domains()[source]
test_create_duplicate_user_name_in_different_domains()[source]
test_create_user_none_mapping()[source]
test_create_user_with_boolean_string_names()[source]
test_delete_role_with_user_and_group_grants()[source]
test_get_and_remove_correct_role_grant_from_a_mix()[source]
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
test_get_and_remove_role_grant_by_group_and_domain()[source]
test_get_and_remove_role_grant_by_group_and_project()[source]
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
test_get_and_remove_role_grant_by_user_and_domain()[source]
test_get_roles_for_groups_on_domain()[source]
test_get_roles_for_groups_on_project()[source]
test_get_roles_for_user_and_domain()[source]
test_group_crud()[source]
test_group_enabled_ignored_disable_error()[source]
test_list_domains()[source]
test_list_domains_for_groups()[source]
test_list_domains_non_default_domain_id()[source]
test_list_group_members_dumb_member()[source]
test_list_group_members_missing_entry()[source]

List group members with deleted user.

If a group has a deleted entry for a member, the non-deleted members are returned.

test_list_group_members_when_no_members()[source]
test_list_projects_for_groups()[source]
test_list_projects_for_user()[source]
test_list_projects_for_user_and_groups()[source]
test_list_projects_for_user_with_grants()[source]
test_list_role_assignments_dumb_member()[source]
test_list_role_assignments_unfiltered()[source]
test_list_user_ids_for_project_dumb_member()[source]
test_move_group_between_domains()[source]
test_move_group_between_domains_with_clashing_names_fails()[source]
test_move_project_between_domains()[source]
test_move_project_between_domains_with_clashing_names_fails()[source]
test_move_user_between_domains()[source]
test_move_user_between_domains_with_clashing_names_fails()[source]
test_multi_group_grants_on_project_domain()[source]
test_multi_role_grant_by_user_group_on_project_domain()[source]
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
test_project_enabled_ignored_disable_error()[source]
test_remove_role_grant_from_user_and_project()[source]
test_role_grant_by_group_and_cross_domain_project()[source]
test_role_grant_by_user_and_cross_domain_project()[source]
test_unignored_user_none_mapping()[source]
test_update_user_name()[source]

A user’s name cannot be changed through the LDAP driver.

test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
test_user_enabled_ignored_disable_error()[source]
test_user_filter()[source]
test_user_id_comma()[source]

Even if the user has a , in their ID, groups can be listed.

test_user_id_comma_grants()[source]

Even if the user has a , in their ID, can get user and group grants.

class keystone.tests.test_backend_ldap.BaseMultiLDAPandSQLIdentity[source]

Bases: object

Mixin class with support methods for domain-specific config testing.

check_user(user, domain_id, expected_status)[source]

Check user is in correct backend.

As part of the tests, we want to force ourselves to manually select the driver for a given domain, to make sure the entity ended up in the correct backend.

create_user(domain_id)[source]
create_users_across_domains()[source]

Create a set of users, each with a role on their own domain.

setup_initial_domains()[source]
test_authenticate_to_each_domain()[source]

Test that a user in each domain can authenticate.

class keystone.tests.test_backend_ldap.DomainSpecificLDAPandSQLIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase, keystone.tests.test_backend_ldap.BaseMultiLDAPandSQLIdentity

Class to test when all domains use specific configs, including SQL.

We define a set of domains and domain-specific backends:

  • A separate LDAP backend for the default domain
  • A separate SQL backend for domain1

Although the default driver still exists, we don’t use it.

config_overrides()[source]
get_config(domain_id)[source]
initial_setup()[source]
reload_backends(domain_id)[source]
setUp()[source]
test_add_role_grant_to_user_and_project_404()[source]
test_domain_crud()[source]
test_domain_segregation()[source]

Test that separate configs have segregated the domain.

Test Plan:

  • Users were created in each domain as part of setup, now make sure you can only find a given user in its relevant domain/backend
  • Make sure that for a backend that supports multiple domains you can get the users via any of its domains
test_get_role_grants_for_user_and_project_404()[source]
test_get_roles_for_user_and_project_user_group_same_id()[source]
test_group_enabled_ignored_disable_error()[source]
test_list_domains()[source]
test_list_domains_non_default_domain_id()[source]
test_list_projects_for_user_with_grants()[source]
test_list_users()[source]
test_project_enabled_ignored_disable_error()[source]
test_user_enabled_ignored_disable_error()[source]
test_user_id_comma()[source]
test_user_id_comma_grants()[source]
class keystone.tests.test_backend_ldap.DomainSpecificSQLIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.DomainSpecificLDAPandSQLIdentity

Class to test simplest use of domain-specific SQL driver.

The simplest use of an SQL domain-specific backend is when it is used to augment the standard case when LDAP is the default driver defined in the main config file. This would allow, for example, service users to be stored in SQL while LDAP handles the rest. Hence we define:

  • The default driver uses the LDAP backend for the default domain
  • A separate SQL backend for domain1
config_overrides()[source]
get_config(domain_id)[source]
initial_setup()[source]
reload_backends(domain_id)[source]
test_default_sql_plus_sql_specific_driver_fails()[source]
test_multiple_sql_specific_drivers_fails()[source]
class keystone.tests.test_backend_ldap.LDAPIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.TestCase

setUp()[source]
test_base_ldap_connection_deref_option()[source]
test_cache_layer_domain_crud()[source]
test_cache_layer_project_crud(*args, **kwargs)[source]
test_chase_referrals_off(*args, **keywargs)[source]
test_chase_referrals_on(*args, **keywargs)[source]
test_configurable_allowed_project_actions()[source]
test_configurable_allowed_role_actions()[source]
test_configurable_forbidden_project_actions()[source]
test_configurable_forbidden_role_actions()[source]
test_configurable_subtree_delete()[source]
test_create_domain_case_sensitivity(*args, **kwargs)[source]
test_debug_level_set(*args, **keywargs)[source]
test_domain_crud()[source]
test_domain_rename_invalidates_get_domain_by_name_cache()[source]
test_dumb_member()[source]
test_get_default_domain_by_name()[source]
test_get_id_from_dn_for_multivalued_attribute_id(*args, **keywargs)[source]
test_id_attribute_not_found(*args, **keywargs)[source]
test_is_dumb_member()[source]
test_is_dumb_member_not_dumb()[source]
test_is_dumb_member_upper_case_keys()[source]
test_is_dumb_member_with_false_use_dumb_member()[source]
test_list_groups_for_user_no_dn()[source]
test_list_groups_no_dn()[source]
test_list_projects_for_alternate_domain()[source]
test_list_users_no_dn()[source]
test_multi_role_grant_by_user_group_on_project_domain()[source]
test_parse_extra_attribute_mapping()[source]
test_project_attribute_ignore()[source]
test_project_attribute_mapping()[source]
test_project_crud()[source]
test_project_filter()[source]
test_project_rename_invalidates_get_project_by_name_cache()[source]
test_role_attribute_ignore()[source]
test_role_attribute_mapping()[source]
test_role_filter()[source]
test_user_api_get_connection_no_user_password(*args, **keywargs)[source]

Don’t bind in case the user and password are blank.

test_user_enable_attribute_mask()[source]
test_user_enabled_attribute_handles_expired(*args, **keywargs)[source]
test_user_enabled_attribute_handles_utf8(*args, **keywargs)[source]
test_user_enabled_invert()[source]
test_user_enabled_invert_default_str_value(*args, **keywargs)[source]
test_user_enabled_invert_no_enabled_value(*args, **keywargs)[source]
test_user_extra_attribute_mapping()[source]
test_user_extra_attribute_mapping_description_is_returned()[source]
test_user_id_attribute_in_create()[source]
test_user_id_attribute_map()[source]
test_user_id_not_in_dn(*args, **keywargs)[source]
test_user_mixed_case_attribute(*args, **keywargs)[source]
test_user_name_in_dn(*args, **keywargs)[source]
test_wrong_alias_dereferencing()[source]
test_wrong_ldap_scope()[source]
class keystone.tests.test_backend_ldap.LDAPIdentityEnabledEmulation(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.LDAPIdentity

config_files()[source]
config_overrides()[source]
setUp()[source]
test_project_crud()[source]
test_user_auth_emulated()[source]
test_user_crud()[source]
test_user_enable_attribute_mask()[source]
test_user_enabled_attribute_handles_utf8(*args, **keywargs)[source]
test_user_enabled_invert()[source]
test_user_enabled_invert_default_str_value()[source]
test_user_enabled_invert_no_enabled_value()[source]
class keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]
config_overrides()[source]
setUp()[source]
test_create_domain()[source]
test_domain_crud()[source]
test_get_and_remove_role_grant_by_group_and_domain()[source]
test_list_domains()[source]
test_list_domains_non_default_domain_id()[source]
test_project_enabled_ignored_disable_error()[source]
class keystone.tests.test_backend_ldap.LdapIdentitySqlAssignmentWithMapping(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment

Class to test mapping of default LDAP backend.

The default configuration is not to enable mapping when using a single backend LDAP driver. However, a cloud provider might want to enable the mapping, hence hiding the LDAP IDs from any clients of keystone. Setting backward_compatible_ids to False will enable this mapping.

config_overrides()[source]
test_dynamic_mapping_build()[source]

Test to ensure entities not create via controller are mapped.

Many LDAP backends will, essentially, by Read Only. In these cases the mapping is not built by creating objects, rather from enumerating the entries. We test this here my manually deleting the mapping and then trying to re-read the entries.

test_get_roles_for_user_and_project_user_group_same_id()[source]
class keystone.tests.test_backend_ldap.MultiLDAPandSQLIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase, keystone.tests.test_backend_ldap.BaseMultiLDAPandSQLIdentity

Class to test common SQL plus individual LDAP backends.

We define a set of domains and domain-specific backends:

  • A separate LDAP backend for the default domain
  • A separate LDAP backend for domain1
  • domain2 shares the same LDAP as domain1, but uses a different tree attach point
  • An SQL backend for all other domains (which will include domain3 and domain4)

Normally one would expect that the default domain would be handled as part of the “other domains” - however the above provides better test coverage since most of the existing backend tests use the default domain.

config_overrides()[source]
get_config(domain_id)[source]
reload_backends(domain_id)[source]
setUp()[source]
test_delete_domain_with_user_added()[source]
test_domain_segregation()[source]

Test that separate configs have segregated the domain.

Test Plan:

  • Users were created in each domain as part of setup, now make sure you can only find a given user in its relevant domain/backend
  • Make sure that for a backend that supports multiple domains you can get the users via any of its domains
test_existing_uuids_work()[source]

Test that ‘uni-domain’ created IDs still work.

Throwing the switch to domain-specific backends should not cause existing identities to be inaccessible via ID.

test_group_enabled_ignored_disable_error()[source]
test_list_domains()[source]
test_list_domains_non_default_domain_id()[source]
test_list_users()[source]
test_project_enabled_ignored_disable_error()[source]
test_scanning_of_config_dir()[source]

Test the Manager class scans the config directory.

The setup for the main tests above load the domain configs directly so that the test overrides can be included. This test just makes sure that the standard config directory scanning does pick up the relevant domain config files.

test_user_enabled_ignored_disable_error()[source]

test_backend_ldap_pool Module

class keystone.tests.test_backend_ldap_pool.LdapIdentitySqlAssignment(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap_pool.LdapPoolCommonTestMixin, keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment, keystone.tests.core.TestCase

Executes existing base class 150+ tests with pooled LDAP handler to make sure it works without any error.

config_files()[source]
setUp()[source]
test_utf8_encoded_is_used_in_pool(*args, **keywargs)[source]
class keystone.tests.test_backend_ldap_pool.LdapPoolCommonTestMixin[source]

Bases: object

LDAP pool specific common tests used here and in live tests.

cleanup_pools()[source]
test_handler_with_end_user_auth_use_pool_not_enabled(*args, **keywargs)[source]
test_handler_with_use_pool_enabled()[source]
test_handler_with_use_pool_not_enabled(*args, **keywargs)[source]
test_max_connection_error_raised()[source]
test_password_change_with_pool()[source]
test_pool_connection_lifetime_set()[source]
test_pool_retry_delay_set()[source]
test_pool_retry_max_set()[source]
test_pool_size_expands_correctly()[source]
test_pool_size_set()[source]
test_pool_timeout_set()[source]
test_pool_use_pool_set()[source]
test_pool_use_tls_set()[source]

test_backend_rules Module

class keystone.tests.test_backend_rules.RulesPolicy(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.PolicyTests

config_overrides()[source]
setUp()[source]
test_create()[source]
test_delete()[source]
test_delete_policy_404()[source]
test_get()[source]
test_get_policy_404()[source]
test_list()[source]
test_update()[source]
test_update_policy_404()[source]

test_backend_sql Module

class keystone.tests.test_backend_sql.FakeTable(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base

col
insert(*args, **kwargs)[source]
lookup(*args, **kwargs)[source]
update(*args, **kwargs)[source]
class keystone.tests.test_backend_sql.SqlCatalog(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.CatalogTests

test_catalog_ignored_malformed_urls()[source]
test_create_endpoint_region_404()[source]
test_create_region_invalid_id()[source]
test_create_region_invalid_parent_id()[source]
test_delete_region_with_endpoint()[source]
test_get_catalog_with_empty_public_url()[source]
class keystone.tests.test_backend_sql.SqlCredential(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests

setUp()[source]
test_list_credentials()[source]
test_list_credentials_for_user()[source]
class keystone.tests.test_backend_sql.SqlDecorators(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_conflict_happend()[source]
test_initialization()[source]
test_initialization_fail()[source]
test_non_ascii_init()[source]
test_not_conflict_error()[source]
class keystone.tests.test_backend_sql.SqlFilterTests(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.FilterTests

class keystone.tests.test_backend_sql.SqlIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.IdentityTests

test_create_null_project_name()[source]
test_create_null_role_name()[source]
test_create_null_user_name()[source]
test_delete_project_with_user_association()[source]
test_delete_user_with_project_association()[source]
test_list_domains_for_user()[source]
test_list_domains_for_user_with_grants()[source]
test_list_domains_for_user_with_inherited_grants()[source]

Test that inherited roles on the domain are excluded.

Test Plan:

  • Create two domains, one user, group and role
  • Domain1 is given an inherited user role, Domain2 an inherited group role (for a group of which the user is a member)
  • When listing domains for user, neither domain should be returned
test_metadata_removed_on_delete_project()[source]
test_metadata_removed_on_delete_user()[source]
test_password_hashed()[source]
test_sql_user_to_dict_null_default_project_id()[source]
test_update_project_returns_extra()[source]

This tests for backwards-compatibility with an essex/folsom bug.

Non-indexed attributes were returned in an ‘extra’ attribute, instead of on the entity itself; for consistency and backwards compatibility, those attributes should be included twice.

This behavior is specific to the SQL driver.

test_update_user_returns_extra()[source]

This tests for backwards-compatibility with an essex/folsom bug.

Non-indexed attributes were returned in an ‘extra’ attribute, instead of on the entity itself; for consistency and backwards compatibility, those attributes should be included twice.

This behavior is specific to the SQL driver.

class keystone.tests.test_backend_sql.SqlInheritance(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.InheritanceTests

class keystone.tests.test_backend_sql.SqlLimitTests(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.LimitTests

setUp()[source]
class keystone.tests.test_backend_sql.SqlModels(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests

assertExpectedSchema(table, cols)[source]
select_table(name)[source]
test_domain_model()[source]
test_group_model()[source]
test_project_model()[source]
test_role_assignment_model()[source]
test_role_model()[source]
test_user_group_membership()[source]
test_user_model()[source]
class keystone.tests.test_backend_sql.SqlModuleInitialization(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_initialize_module(*args, **keywargs)[source]
class keystone.tests.test_backend_sql.SqlPolicy(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.PolicyTests

class keystone.tests.test_backend_sql.SqlTests(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]
setUp()[source]
class keystone.tests.test_backend_sql.SqlToken(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenTests

test_expiry_range_batched()[source]
test_expiry_range_strategy_ibm_db_sa()[source]
test_expiry_range_strategy_mysql()[source]
test_expiry_range_strategy_sqlite()[source]
test_flush_expired_tokens_batch()[source]
test_flush_expired_tokens_batch_mysql()[source]
test_token_revocation_list_uses_right_columns()[source]
class keystone.tests.test_backend_sql.SqlTokenCacheInvalidation(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenCacheInvalidation

setUp()[source]
class keystone.tests.test_backend_sql.SqlTrust(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TrustTests

test_backend_templated Module

class keystone.tests.test_backend_templated.TestTemplatedCatalog(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests

DEFAULT_FIXTURE = {'RegionOne': {'compute': {'adminURL': 'http://localhost:8774/v1.1/bar', 'id': '2', 'internalURL': 'http://localhost:8774/v1.1/bar', 'name': "'Compute Service'", 'publicURL': 'http://localhost:8774/v1.1/bar'}, 'identity': {'adminURL': 'http://localhost:35357/v2.0', 'id': '1', 'internalURL': 'http://localhost:35357/v2.0', 'name': "'Identity Service'", 'publicURL': 'http://localhost:5000/v2.0'}}}
config_overrides()[source]
setUp()[source]
test_catalog_ignored_malformed_urls()[source]
test_get_catalog()[source]
test_get_catalog_endpoint_disabled()[source]
test_get_v3_catalog()[source]
test_get_v3_catalog_endpoint_disabled()[source]
test_list_regions_filtered_by_parent_region_id()[source]
test_service_filtering()[source]

test_base64utils Module

class keystone.tests.test_base64utils.TestBase64Padding(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_alphabet_conversion()[source]
test_assure_padding()[source]
test_base64_percent_encoding()[source]
test_filter()[source]
test_is_padded()[source]
test_strip_padding()[source]
class keystone.tests.test_base64utils.TestTextWrap(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_wrapping()[source]
class keystone.tests.test_base64utils.TestValid(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_valid_base64()[source]
test_valid_base64url()[source]

test_cache Module

class keystone.tests.test_cache.CacheIsolatingProxy(*args, **kwargs)[source]

Bases: dogpile.cache.proxy.ProxyBackend

Proxy that forces a memory copy of stored values. The default in-memory cache-region does not perform a copy on values it is meant to cache. Therefore if the value is modified after set or after get, the cached value also is modified. This proxy does a copy as the last thing before storing data.

get(key)[source]
set(key, value)[source]
class keystone.tests.test_cache.CacheNoopBackendTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_noop_backend()[source]
class keystone.tests.test_cache.CacheRegionTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_cache_debug_proxy()[source]
test_cache_dictionary_config_builder()[source]

Validate we build a sane dogpile.cache dictionary config.

test_cache_region_no_error_multiple_config()[source]
test_configure_non_region_object_raises_error()[source]
test_region_built_with_proxy_direct_cache_test()[source]
test_should_cache_fn_global_cache_disabled()[source]
test_should_cache_fn_global_cache_disabled_section_cache_enabled()[source]
test_should_cache_fn_global_cache_enabled()[source]
test_should_cache_fn_global_cache_enabled_section_cache_disabled()[source]
test_should_cache_fn_global_cache_enabled_section_cache_enabled()[source]
class keystone.tests.test_cache.TestProxy(*args, **kwargs)[source]

Bases: dogpile.cache.proxy.ProxyBackend

get(key)[source]
class keystone.tests.test_cache.TestProxyValue(value)[source]

Bases: object

test_cache_backend_mongo Module

class keystone.tests.test_cache_backend_mongo.MockCollection(db, name)[source]

Bases: object

ensure_index(key_or_list, *args, **kwargs)[source]
find(spec=None, *args, **kwargs)[source]
find_and_modify(spec, document, upsert=False, **kwargs)[source]
find_one(spec_or_id=None, *args, **kwargs)[source]
index_information()[source]
insert(data, manipulate=True, **kwargs)[source]
remove(spec_or_id=None, search_filter=None)[source]

Remove objects matching spec_or_id from the collection.

save(data, manipulate=True, **kwargs)[source]
update(spec, document, upsert=False, **kwargs)[source]
class keystone.tests.test_cache_backend_mongo.MockCursor(collection, dataset_factory)[source]

Bases: object

next()
class keystone.tests.test_cache_backend_mongo.MockMongoClient(*args, **kwargs)[source]

Bases: object

class keystone.tests.test_cache_backend_mongo.MockMongoDB(dbname)[source]

Bases: object

add_son_manipulator(manipulator)[source]
authenticate(username, password)[source]
class keystone.tests.test_cache_backend_mongo.MongoCache(*args, **kwds)[source]

Bases: keystone.tests.core.BaseTestCase

setUp()[source]
test_additional_crud_method_arguments_support()[source]

Additional arguments should works across find/insert/update.

test_backend_delete_data()[source]
test_backend_get_missing_data()[source]
test_backend_multi_delete_data()[source]
test_backend_multi_get_data()[source]
test_backend_multi_set_data()[source]
test_backend_multi_set_get_with_blanks_none()[source]
test_backend_multi_set_should_update_existing()[source]
test_backend_set_blank_as_data()[source]
test_backend_set_data()[source]
test_backend_set_data_with_int_as_valid_ttl()[source]
test_backend_set_data_with_string_as_valid_ttl()[source]
test_backend_set_none_as_data()[source]
test_backend_set_same_key_multiple_times()[source]
test_cache_configuration_values_assertion()[source]
test_correct_read_preference()[source]
test_correct_write_concern()[source]
test_incorrect_mongo_ttl_seconds()[source]
test_incorrect_read_preference()[source]
test_incorrect_write_concern()[source]
test_missing_cache_collection_name()[source]
test_missing_db_hosts()[source]
test_missing_db_name()[source]
test_missing_replica_set_name()[source]
test_multiple_region_cache_configuration()[source]
test_provided_replica_set_name()[source]
test_typical_configuration()[source]
class keystone.tests.test_cache_backend_mongo.MyTransformer[source]

Bases: keystone.common.cache.backends.mongo.BaseTransform

Added here just to check manipulator logic is used correctly.

transform_incoming(son, collection)[source]
transform_outgoing(son, collection)[source]
keystone.tests.test_cache_backend_mongo.get_collection(db_name, collection_name)[source]
keystone.tests.test_cache_backend_mongo.pymongo_override()[source]

test_catalog Module

class keystone.tests.test_catalog.TestV2CatalogAPISQL(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
new_endpoint_ref(service_id)[source]
setUp()[source]
test_get_catalog_ignores_endpoints_with_invalid_urls()[source]
class keystone.tests.test_catalog.V2CatalogTestCase(*args, **kwargs)[source]

Bases: keystone.tests.rest.RestfulTestCase

new_ref()[source]

Populates a ref with attributes common to all API entities.

new_service_ref()[source]
setUp()[source]
test_endpoint_create()[source]
test_endpoint_create_with_empty_adminurl()[source]
test_endpoint_create_with_empty_internalurl()[source]
test_endpoint_create_with_empty_publicurl()[source]
test_endpoint_create_with_empty_service_id()[source]
test_endpoint_create_with_null_adminurl()[source]
test_endpoint_create_with_null_internalurl()[source]
test_endpoint_create_with_null_publicurl()[source]
test_endpoint_create_with_null_service_id()[source]

test_cert_setup Module

class keystone.tests.test_cert_setup.CertSetupTestCase(*args, **kwargs)[source]

Bases: keystone.tests.rest.RestfulTestCase

config_overrides()[source]
setUp()[source]
test_can_handle_missing_certs()[source]
test_create_pki_certs()[source]
test_create_ssl_certs()[source]
test_failure()[source]
test_fetch_signing_cert()[source]
class keystone.tests.test_cert_setup.TestExecCommand(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_running_a_successful_command(*args, **keywargs)[source]
test_running_an_invalid_command(*args, **keywargs)[source]

test_cli Module

class keystone.tests.test_cli.CliTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]
test_token_flush()[source]

test_config Module

class keystone.tests.test_config.ConfigTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_files()[source]
test_config_default()[source]
test_paste_config()[source]
class keystone.tests.test_config.DeprecatedOverrideTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test using the deprecated AND new name for renamed options.

config_files()[source]
test_sql()[source]
class keystone.tests.test_config.DeprecatedTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test using the original (deprecated) name for renamed options.

config_files()[source]
test_sql()[source]

test_content_types Module

class keystone.tests.test_content_types.CoreApiTests[source]

Bases: object

assertNoRoles(r)[source]

Helper method to assert No Roles

This needs to be overridden by child classes based on their content type.

assertValidError(error)[source]

Applicable to XML and JSON.

assertValidExtension(extension)[source]

Applicable to XML and JSON.

However, navigating extension links differs between content types. They need to be validated separately with assertValidExtensionLink.

Applicable to XML and JSON.

assertValidRole(tenant)[source]

Applicable to XML and JSON.

assertValidTenant(tenant)[source]

Applicable to XML and JSON.

assertValidUser(user)[source]

Applicable to XML and JSON.

assertValidVersion(version)[source]

Applicable to XML and JSON.

However, navigating links and media-types differs between content types so they need to be validated separately.

test_admin_extensions()[source]
test_admin_extensions_404()[source]
test_admin_multiple_choice()[source]
test_admin_not_found()[source]
test_admin_osksadm_extension()[source]
test_admin_version()[source]
test_authenticate()[source]
test_authenticate_unscoped()[source]
test_authenticating_a_user_with_no_password()[source]
test_create_update_user_invalid_enabled_type()[source]
test_endpoints()[source]
test_error_response()[source]

This triggers assertValidErrorResponse by convention.

test_get_tenant()[source]
test_get_tenant_by_name()[source]
test_get_tenants_for_token()[source]
test_get_user()[source]
test_get_user_by_name()[source]
test_get_user_roles()[source]
test_get_user_roles_with_tenant()[source]
test_invalid_parameter_error_response()[source]
test_invalid_token_404()[source]
test_public_extensions()[source]
test_public_multiple_choice()[source]
test_public_not_found()[source]
test_public_osksadm_extension_404()[source]
test_public_version()[source]
test_remove_role_revokes_token()[source]
test_update_user_tenant()[source]
test_update_user_with_invalid_tenant()[source]
test_update_user_with_invalid_tenant_no_prev_tenant()[source]
test_update_user_with_old_tenant()[source]
test_validate_token()[source]
test_validate_token_belongs_to()[source]
test_validate_token_head()[source]

The same call as above, except using HEAD.

There’s no response to validate here, but this is included for the sake of completely covering the core API.

test_validate_token_no_belongs_to_still_returns_catalog()[source]
test_validate_token_service_role()[source]
test_www_authenticate_header()[source]
test_www_authenticate_header_host()[source]
class keystone.tests.test_content_types.JsonTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests

assertNoRoles(r)[source]
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
assertValidEndpointListResponse(r)[source]
assertValidErrorResponse(r)[source]
assertValidExtension(extension, expected)[source]
assertValidExtensionListResponse(r, expected)[source]
assertValidExtensionResponse(r, expected)[source]
assertValidMultipleChoiceResponse(r)[source]
assertValidRevocationListResponse(response)[source]
assertValidRoleListResponse(r)[source]
assertValidTenantListResponse(r)[source]
assertValidTenantResponse(r)[source]
assertValidUser(user)[source]
assertValidUserResponse(r)[source]
assertValidVersion(version)[source]
assertValidVersionResponse(r)[source]
content_type = 'json'
get_user_attribute_from_response(r, attribute_name)[source]
get_user_from_response(r)[source]
test_authenticating_a_user_with_an_OSKSADM_password()[source]
test_create_update_user_json_invalid_enabled_type()[source]
test_fetch_revocation_list_admin_200()[source]
test_fetch_revocation_list_md5()[source]

If the server is configured for md5, then the revocation list has tokens hashed with MD5.

test_fetch_revocation_list_nonadmin_fails()[source]
test_fetch_revocation_list_sha256()[source]

If the server is configured for sha256, then the revocation list has tokens hashed with SHA256

test_service_crud_requires_auth()[source]

Service CRUD should 401 without an X-Auth-Token (bug 1006822).

test_updating_a_user_with_an_OSKSADM_password()[source]
test_user_role_list_requires_auth()[source]

User role list should 401 without an X-Auth-Token (bug 1006815).

class keystone.tests.test_content_types.LegacyV2UsernameTests[source]

Bases: object

Tests to show the broken username behavior in V2.

The V2 API is documented to use username instead of name. The API forced used to use name and left the username to fall into the extra field.

These tests ensure this behavior works so fixes to username/name will be backward compatible.

create_user(**user_attrs)[source]

Creates a users and returns the response object.

Parameters:user_attrs – attributes added to the request body (optional)
test_create_with_extra_username()[source]

The response for creating a user will contain the extra fields.

test_get_returns_username_from_extra()[source]

The response for getting a user will contain the extra fields.

test_update_returns_new_username_when_adding_username()[source]

The response for updating a user will contain the extra fields.

This is specifically testing for updating a username when a value was not previously set.

test_update_returns_new_username_when_updating_username()[source]

The response for updating a user will contain the extra fields.

This tests updating a username that was previously set.

test_updated_username_is_returned()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_can_be_used_instead_of_name_create()[source]
test_username_can_be_used_instead_of_name_update()[source]
test_username_is_always_returned_create()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_is_always_returned_get()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_is_always_returned_get_by_name()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_is_always_returned_update_no_username_provided()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

class keystone.tests.test_content_types.RestfulTestCase(*args, **kwargs)[source]

Bases: keystone.tests.rest.RestfulTestCase

setUp()[source]
class keystone.tests.test_content_types.RevokeApiJsonTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_content_types.JsonTestCase

config_overrides()[source]
test_fetch_revocation_list_admin_200()[source]
test_fetch_revocation_list_md5()[source]
test_fetch_revocation_list_sha256()[source]
class keystone.tests.test_content_types.XmlTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests

assertNoRoles(r)[source]
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
assertValidEndpointListResponse(r)[source]
assertValidErrorResponse(r)[source]
assertValidExtension(extension, expected)[source]
assertValidExtensionListResponse(r, expected)[source]
assertValidExtensionResponse(r, expected)[source]
assertValidMultipleChoiceResponse(r)[source]
assertValidRoleListResponse(r)[source]
assertValidTenantListResponse(r)[source]
assertValidTenantResponse(r)[source]
assertValidUserResponse(r)[source]
assertValidVersion(version)[source]
assertValidVersionResponse(r)[source]
content_type = 'xml'
get_user_attribute_from_response(r, attribute_name)[source]
get_user_from_response(r)[source]
test_add_tenant_json()[source]

Create a tenant without providing description field.

test_add_tenant_xml()[source]

Create a tenant without providing description field.

test_authenticate_with_invalid_xml_in_password()[source]
test_authenticating_a_user_with_an_OSKSADM_password()[source]
test_create_project_invalid_enabled_type_string()[source]
test_remove_role_revokes_token()[source]
test_update_project_invalid_enabled_type_string()[source]
xmlns = 'http://docs.openstack.org/identity/api/v2.0'

test_contrib_s3_core Module

class keystone.tests.test_contrib_s3_core.S3ContribCore(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_bad_signature()[source]
test_good_signature()[source]

test_contrib_simple_cert Module

class keystone.tests.test_contrib_simple_cert.BaseTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

CA_PATH = '/v3/OS-SIMPLE-CERT/ca'
CERT_PATH = '/v3/OS-SIMPLE-CERT/certificates'
EXTENSION_TO_ADD = 'simple_cert_extension'
class keystone.tests.test_contrib_simple_cert.TestSimpleCert(*args, **kwargs)[source]

Bases: keystone.tests.test_contrib_simple_cert.BaseTestCase

request_cert(path)[source]
test_ca_cert()[source]
test_missing_file()[source]
test_signing_cert()[source]

test_contrib_stats_core Module

class keystone.tests.test_contrib_stats_core.StatsContribCore(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_admin_request()[source]
test_other_request()[source]
test_public_request()[source]

test_driver_hints Module

class keystone.tests.test_driver_hints.ListHintsTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_create_iterate_satisfy()[source]
test_limits()[source]
test_multiple_creates()[source]

test_ec2_token_middleware Module

class keystone.tests.test_ec2_token_middleware.EC2TokenMiddlewareTestBase(*args, **kwds)[source]

Bases: keystone.tests.core.BaseTestCase

test_symbols()[source]

Verify ec2 middleware symbols.

Verify that the keystone version of ec2_token middleware forwards the public symbols from the keystonemiddleware version of the ec2_token middleware for backwards compatibility.

test_exception Module

class keystone.tests.test_exception.ExceptionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

assertValidJsonRendering(e)[source]
test_403_title()[source]
test_all_json_renderings()[source]

Everything callable in the exception module should be renderable.

... except for the base error class (exception.Error), which is not user-facing.

This test provides a custom message to bypass docstring parsing, which should be tested separately.

test_invalid_unicode_string()[source]
test_not_found()[source]
test_unicode_message()[source]
test_unicode_string()[source]
test_validation_error()[source]
class keystone.tests.test_exception.SecurityErrorTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_exception.ExceptionTestCase

Tests whether security-related info is exposed to the API user.

test_forbidden_action_exposure()[source]
test_forbidden_action_exposure_in_debug()[source]
test_forbidden_exposure()[source]
test_forbidden_exposure_in_debug()[source]
test_unauthorized_exposure()[source]
test_unauthorized_exposure_in_debug()[source]
test_unicode_argument_message()[source]
class keystone.tests.test_exception.UnexpectedExceptionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_exception.ExceptionTestCase

Tests if internal info is exposed to the API user on UnexpectedError.

exception SubClassExc(message=None, **kwargs)[source]

Bases: keystone.exception.UnexpectedError

debug_message_format = 'Debug Message: %(debug_info)s'
UnexpectedExceptionTestCase.setUp()[source]
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_no_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_no_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_subclass_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_subclass_no_debug()[source]

test_hacking_checks Module

test_injection Module

class keystone.tests.test_injection.TestDependencyInjection(*args, **kwds)[source]

Bases: keystone.tests.core.BaseTestCase

setUp()[source]
test_circular_dependency()[source]
test_dependency_consumer_configuration()[source]
test_dependency_injection()[source]
test_dependency_provider_configuration()[source]
test_inherited_dependency()[source]
test_optional_and_required()[source]
test_optional_dependency_not_provided()[source]
test_optional_dependency_provided()[source]
test_reset()[source]
test_unresolvable_dependency()[source]

test_ipv6 Module

class keystone.tests.test_ipv6.IPv6TestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_ipv6_ok()[source]

Make sure both public and admin API work with ipv6.

test_keystoneclient Module

class keystone.tests.test_keystoneclient.ClientDrivenTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

get_client(user_ref=None, tenant_ref=None, admin=False)[source]
setUp()[source]
test_admin_requires_adminness()[source]
test_authenticate_and_delete_token()[source]
test_authenticate_disabled_tenant()[source]
test_authenticate_invalid_tenant_id()[source]
test_authenticate_no_password()[source]
test_authenticate_no_username()[source]
test_authenticate_tenant_id_and_tenants()[source]
test_authenticate_tenant_name_and_tenants()[source]
test_authenticate_token_invalid_tenant_id()[source]
test_authenticate_token_invalid_tenant_name()[source]
test_authenticate_token_no_tenant()[source]
test_authenticate_token_tenant_id()[source]
test_authenticate_token_tenant_name()[source]
test_change_password_invalidates_token()[source]
test_delete_tenant_invalidates_token()[source]
test_delete_user_invalidates_token()[source]
test_disable_tenant_invalidates_token()[source]
test_disable_user_invalidates_token()[source]
test_endpoint_delete_404()[source]
test_invalid_password()[source]
test_invalid_user_and_password()[source]
test_role_create_no_name()[source]
test_role_crud()[source]
test_role_delete_404()[source]
test_role_get()[source]
test_role_get_404()[source]
test_role_list()[source]
test_role_list_404()[source]
test_roles_get_by_user()[source]
test_service_crud()[source]
test_service_delete_404()[source]
test_service_get_404()[source]
test_tenant_add_and_remove_user()[source]
test_tenant_create_no_name()[source]
test_tenant_create_update_and_delete()[source]
test_tenant_create_update_and_delete_unicode()[source]
test_tenant_delete_404()[source]
test_tenant_get_404()[source]
test_tenant_list()[source]
test_tenant_list_limit()[source]
test_tenant_list_limit_bad_value()[source]
test_tenant_list_marker()[source]
test_tenant_list_marker_not_found()[source]
test_tenant_update_404()[source]
test_token_expiry_maintained(*args, **keywargs)[source]
test_tokens_after_user_update_passwd()[source]
test_update_default_tenant_to_existing_value()[source]
test_user_can_update_passwd()[source]
test_user_cannot_update_other_users_passwd()[source]
test_user_change_own_password_invalidates_token()[source]
test_user_create_404()[source]
test_user_create_no_name()[source]
test_user_create_no_string_password()[source]
test_user_create_update_delete()[source]
test_user_delete_404()[source]
test_user_get()[source]
test_user_get_404()[source]
test_user_list()[source]
test_user_list_404()[source]
test_user_role_add_404()[source]
test_user_role_add_no_user()[source]
test_user_role_remove_404()[source]
test_user_update_404()[source]
test_user_update_password_404()[source]
test_user_update_tenant()[source]

test_keystoneclient_sql Module

class keystone.tests.test_keystoneclient_sql.ClientDrivenSqlTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_keystoneclient.ClientDrivenTestCase

config_files()[source]
setUp()[source]
test_ec2_auth_failure()[source]
test_ec2_auth_success()[source]
test_ec2_auth_success_trust()[source]
test_ec2_credential_crud()[source]
test_ec2_credential_crud_non_admin()[source]
test_ec2_credentials_create_404()[source]
test_ec2_credentials_delete_404()[source]
test_ec2_credentials_delete_user_forbidden()[source]
test_ec2_credentials_get_404()[source]
test_ec2_credentials_get_user_forbidden()[source]
test_ec2_credentials_list_404()[source]
test_ec2_credentials_list_user_forbidden()[source]
test_ec2_list_credentials()[source]
test_endpoint_create_404()[source]
test_endpoint_crud()[source]
test_endpoint_delete_404()[source]
test_policy_crud()[source]

test_kvs Module

test_ldap_livetest Module

class keystone.tests.test_ldap_livetest.LiveLDAPIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.LDAPIdentity

clear_database()[source]
config_files()[source]
config_overrides()[source]
setUp()[source]
tearDown()[source]
test_build_tree()[source]

Regression test for building the tree names

test_create_project_case_sensitivity()[source]
test_create_user_case_sensitivity()[source]
test_ldap_dereferencing()[source]
test_list_groups_for_user_filtered()[source]
test_project_update_missing_attrs_with_a_falsey_value()[source]
test_user_enable_attribute_mask()[source]
keystone.tests.test_ldap_livetest.create_object(dn, attrs)[source]

test_ldap_pool_livetest Module

class keystone.tests.test_ldap_pool_livetest.LiveLDAPPoolIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap_pool.LdapPoolCommonTestMixin, keystone.tests.test_ldap_livetest.LiveLDAPIdentity

Executes existing LDAP live test with pooled LDAP handler to make sure it works without any error.

Also executes common pool specific tests via Mixin class.

config_files()[source]
config_overrides()[source]
setUp()[source]
test_assert_connector_used_not_fake_ldap_pool()[source]
test_async_search_and_result3()[source]
test_password_change_with_auth_pool_disabled()[source]
test_password_change_with_auth_pool_enabled_long_lifetime()[source]
test_password_change_with_auth_pool_enabled_no_lifetime()[source]
test_pool_size_expands_correctly()[source]

test_ldap_tls_livetest Module

class keystone.tests.test_ldap_tls_livetest.LiveTLSLDAPIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_ldap_livetest.LiveLDAPIdentity

config_files()[source]
config_overrides()[source]
test_tls_bad_certdir()[source]
test_tls_bad_certfile()[source]
test_tls_certdir_demand_option()[source]
test_tls_certfile_demand_option()[source]
keystone.tests.test_ldap_tls_livetest.create_object(dn, attrs)[source]

test_matchers Module

class keystone.tests.test_matchers.TestXMLEquals(*args, **kwds)[source]

Bases: keystone.tests.core.BaseTestCase, testtools.tests.matchers.helpers.TestMatchersInterface

describe_examples = [('expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', <keystone.tests.matchers.XMLEquals object at 0x7fb3c37ae410>)]
equivalent_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n'
matches_matcher = <keystone.tests.matchers.XMLEquals object at 0x7fb3c37ae410>
matches_matches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n']
matches_mismatches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n']
matches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n'
mismatches_description = 'expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
mismatches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
str_examples = [('XMLEquals(\'<?xml version="1.0" encoding="UTF-8"?>\\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\\n <first z="0" y="1" x="2"/>\\n <second a="a" b="b"></second>\\n</test>\\n\')', <keystone.tests.matchers.XMLEquals object at 0x7fb3c37ae410>)]

test_middleware Module

class keystone.tests.test_middleware.AdminTokenAuthMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_request_admin()[source]
test_request_non_admin()[source]
class keystone.tests.test_middleware.JsonBodyMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_malformed_json()[source]
test_no_content_type()[source]
test_not_dict_body()[source]
test_request_with_params()[source]
test_unrecognized_content_type()[source]
test_unrecognized_content_type_without_body()[source]
class keystone.tests.test_middleware.PostParamsMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_request_with_params()[source]
class keystone.tests.test_middleware.TokenAuthMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_request()[source]
class keystone.tests.test_middleware.XmlBodyMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_client_fails_to_specify_accept()[source]

If client does not specify an Accept header, default to JSON.

test_client_wants_json_back()[source]

Clients requesting JSON should definitely not get XML back.

test_client_wants_xml_back()[source]

Clients requesting XML should get what they ask for.

test_json_unnaffected()[source]

JSON-only requests should be unaffected by the XML middleware.

test_xml_replaced_by_json()[source]

XML requests should be replaced by JSON requests.

keystone.tests.test_middleware.make_request(**kwargs)[source]
keystone.tests.test_middleware.make_response(**kwargs)[source]

test_no_admin_token_auth Module

class keystone.tests.test_no_admin_token_auth.TestNoAdminTokenAuth(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_request_no_admin_token_auth()[source]

test_notifications Module

exception keystone.tests.test_notifications.ArbitraryException[source]

Bases: exceptions.Exception

class keystone.tests.test_notifications.CadfNotificationsWrapperTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

ACTION = 'authenticate'
LOCAL_HOST = 'localhost'
ROLE_ASSIGNMENT = 'role_assignment'
setUp()[source]
test_group_domain_grant()[source]
test_user_project_grant()[source]
test_v3_authenticate_user_id()[source]
test_v3_authenticate_user_name_and_domain_id()[source]
test_v3_authenticate_user_name_and_domain_name()[source]
class keystone.tests.test_notifications.NotificationsForEntities(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

setUp()[source]
test_create_endpoint()[source]
test_create_group()[source]
test_create_policy()[source]
test_create_project()[source]
test_create_region()[source]
test_create_role()[source]
test_create_service()[source]
test_create_trust()[source]
test_create_user()[source]
test_delete_domain()[source]
test_delete_endpoint()[source]
test_delete_group()[source]
test_delete_policy()[source]
test_delete_project()[source]
test_delete_region()[source]
test_delete_role()[source]
test_delete_service()[source]
test_delete_trust()[source]
test_delete_user()[source]
test_disable_domain()[source]
test_disable_of_disabled_domain_does_not_notify()[source]
test_disable_of_disabled_project_does_not_notify()[source]
test_disable_project()[source]
test_update_domain()[source]
test_update_endpoint()[source]
test_update_group()[source]
test_update_policy()[source]
test_update_project()[source]
test_update_project_does_not_send_disable()[source]
test_update_region()[source]
test_update_role()[source]
test_update_service()[source]
test_update_user()[source]
class keystone.tests.test_notifications.NotificationsTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

setUp()[source]
test_send_notification()[source]

Test the private method _send_notification to ensure event_type, payload, and context are built and passed properly.

class keystone.tests.test_notifications.NotificationsWrapperTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

create_exception(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

create_fake_ref()[source]
create_resource(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

delete_exception(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

delete_resource(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

test_create_exception_without_notification()[source]
test_delete_exception_without_notification()[source]
test_resource_created_notification()[source]
test_resource_deleted_notification()[source]
test_resource_updated_notification()[source]
test_update_exception_without_notification()[source]
update_exception(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

update_resource(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

class keystone.tests.test_notifications.TestCallbackRegistration(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

setUp()[source]
test_a_function_callback()[source]
test_a_list_of_callbacks()[source]
test_a_method_callback()[source]
test_an_invalid_callback()[source]
test_an_invalid_event()[source]
verify_log_message(data)[source]

Tests that use this are a little brittle because adding more logging can break them.

TODO(dstanek): remove the need for this in a future refactoring

class keystone.tests.test_notifications.TestEventCallbacks(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

setUp()[source]
test_event_registration_for_unknown_resource_type()[source]
test_invalid_event_callbacks()[source]
test_invalid_event_callbacks_event()[source]
test_notification_event_not_valid()[source]
test_notification_method_not_callable()[source]
test_notification_received()[source]
test_provider_event_callbacks_subscription()[source]
keystone.tests.test_notifications.register_callback(operation, resource_type='3e337c0e6aed40dbbd784a3db94fd82b')[source]

Helper for creating and registering a mock callback.

test_pemutils Module

class keystone.tests.test_pemutils.PEM(pem_header='CERTIFICATE', pem_type='cert', data_size=70, data_offset=0)[source]

Bases: object

PEM text and it’s associated data broken out, used for testing.

class keystone.tests.test_pemutils.TestPEMParse(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_base64_to_pem()[source]
test_binary_to_pem()[source]
test_get_pem_data()[source]
test_get_pem_data_invalid()[source]
test_get_pem_data_none()[source]
test_is_pem()[source]
test_parse_invalid()[source]
test_parse_multple()[source]
test_parse_multple_embedded()[source]
test_parse_multple_find_specific()[source]
test_parse_none()[source]
test_parse_one()[source]
test_parse_one_embedded()[source]
class keystone.tests.test_pemutils.TestPEMParseResult(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_pem_headers()[source]
test_pem_types()[source]
keystone.tests.test_pemutils.make_base64_from_data(data)[source]
keystone.tests.test_pemutils.make_data(size, offset=0)[source]
keystone.tests.test_pemutils.make_pem(header, data)[source]
keystone.tests.test_pemutils.wrap_base64(base64_text)[source]

test_policy Module

class keystone.tests.test_policy.DefaultPolicyTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_default_not_found()[source]
test_not_found_policy_calls_default()[source]
test_policy_called()[source]
class keystone.tests.test_policy.PolicyFileTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_modified_policy_reloads()[source]
class keystone.tests.test_policy.PolicyJsonTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_json_examples_have_matching_entries()[source]
class keystone.tests.test_policy.PolicyTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_early_AND_enforcement()[source]
test_early_OR_enforcement()[source]
test_enforce_bad_action_throws()[source]
test_enforce_good_action()[source]
test_enforce_http_false()[source]
test_enforce_http_true()[source]
test_enforce_nonexistent_action_throws()[source]
test_ignore_case_role_check()[source]
test_templatized_enforcement()[source]

test_revoke Module

class keystone.tests.test_revoke.KvsRevokeTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_revoke.RevokeTests

config_overrides()[source]
setUp()[source]
class keystone.tests.test_revoke.RevokeTests(*args, **kwargs)[source]

Bases: object

test_expired_events_removed_validate_token_success(*args, **keywargs)[source]
test_list()[source]
test_list_since()[source]
test_past_expiry_are_removed()[source]
test_revoke_by_expiration_project_and_domain_fails()[source]
class keystone.tests.test_revoke.RevokeTreeTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

removeEvent(event)[source]
setUp()[source]
test_by_domain_domain()[source]
test_by_domain_project()[source]
test_by_domain_user()[source]
test_by_project_and_user_and_role()[source]
test_by_project_grant()[source]
test_by_user_domain()[source]
test_by_user_expiration()[source]
test_by_user_project()[source]
test_cleanup()[source]
test_revoke_by_audit_chain_id()[source]
test_revoke_by_audit_id()[source]
test_revoke_by_user()[source]
test_revoke_by_user_matches_trustee()[source]
test_revoke_by_user_matches_trustor()[source]
class keystone.tests.test_revoke.SqlRevokeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_revoke.RevokeTests

config_overrides()[source]

test_serializer Module

class keystone.tests.test_serializer.XmlSerializerTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

assertSerializeDeserialize(d, xml, xmlns=None)[source]
test_XmlDeserializer_with_installed_succeeds(*args, **keywargs)[source]
test_XmlDeserializer_without_etree_installed_fails(*args, **keywargs)[source]
test_XmlSerializer_with_installed_succeeds(*args, **keywargs)[source]
test_XmlSerializer_without_etree_installed_fails(*args, **keywargs)[source]
test_auth_request()[source]
test_collection_list()[source]
test_collection_member()[source]
test_policy_list()[source]
test_role_crud()[source]
test_service_crud()[source]
test_tenant_crud()[source]
test_tenant_crud_no_description()[source]
test_values_list()[source]
test_xml_with_namespaced_attribute_to_dict()[source]

test_singular_plural Module

class keystone.tests.test_singular_plural.TestSingularPlural[source]

Bases: object

test_keyword_arg_condition_or_methods()[source]

Raise if we see a keyword arg called ‘condition’ or ‘methods’.

test_sizelimit Module

class keystone.tests.test_sizelimit.TestRequestBodySizeLimiter(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_content_length_acceptable()[source]
test_content_length_too_large()[source]
test_request_too_large_no_content_length()[source]

test_sql_livetest Module

class keystone.tests.test_sql_livetest.Db2MigrateTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlUpgradeTests

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.MysqlMigrateTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlUpgradeTests

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.MysqlRevokeExtensionsTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_migrate_extensions.RevokeExtension

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.PostgresqlMigrateTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlUpgradeTests

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.PostgresqlRevokeExtensionsTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_migrate_extensions.RevokeExtension

config_files()[source]
setUp()[source]

test_sql_migrate_extensions Module

To run these tests against a live database:

  1. Modify the file tests/backend_sql.conf to use the connection for your live database

  2. Set up a blank, live database.

  3. run the tests using

    ./run_tests.sh -N  test_sql_upgrade

    WARNING:

    Your database will be wiped.

    Do not do this against a Database with valuable data as all data will be lost.

class keystone.tests.test_sql_migrate_extensions.EndpointFilterExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.EndpointPolicyExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.FederationExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

Test class for ensuring the Federation SQL.

repo_package()[source]
setUp()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.RevokeExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.SqlUpgradeExampleExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.SqlUpgradeOAuth1Extension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

downgrade(version)[source]
repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
upgrade(version)[source]

test_sql_upgrade Module

To run these tests against a live database:

  1. Modify the file keystone/tests/backend_sql.conf to use the connection for your live database

  2. Set up a blank, live database

  3. Run the tests using:

    tox keystone.tests.test_sql_upgrade

WARNING:

Your database will be wiped.

Do not do this against a database with valuable data as all data will be
lost.
class keystone.tests.test_sql_upgrade.SqlMigrateBase(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

assertTableColumns(table_name, expected_cols)[source]

Asserts that the table contains the expected set of columns.

assertTableDoesNotExist(table_name)[source]

Asserts that a given table exists cannot be selected by name.

assertTableExists(table_name)[source]
config_files()[source]
downgrade(*args, **kwargs)[source]
initial_db_version[source]
initialize_sql()[source]
repo_package()[source]
select_table(name)[source]
setUp()[source]
tearDown()[source]
upgrade(*args, **kwargs)[source]
class keystone.tests.test_sql_upgrade.SqlUpgradeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

check_initial_table_structure()[source]
insert_dict(session, table_name, d, table=None)[source]

Naively inserts key-value pairs into a table, given a dictionary.

populate_tenant_table(with_desc_enab=False, with_desc_enab_domain=False)[source]
populate_user_table(with_pass_enab=False, with_pass_enab_domain=False)[source]
test_add_actor_id_index()[source]
test_assignment_table_migration()[source]
test_blank_db_to_start()[source]
test_downgrade_endpoint_enabled_cols()[source]

Check columns when downgrade from migration 41.

The downgrade from migration 42 removes the enabled column from the endpoint table.

test_downgrade_endpoint_enabled_data()[source]

Downgrade from migration 42 migrates data.

Downgrade from migration 42 migrates data from enabled to extra. Any disabled endpoints have ‘enabled’: False put into ‘extra’.

test_downgrade_service_enabled_cols()[source]

Check columns when downgrade to migration 43.

The downgrade from migration 44 removes the enabled column from the service table.

test_downgrade_service_enabled_data()[source]

Downgrade from migration 44 migrates data.

Downgrade from migration 44 migrates data from enabled to extra. Any disabled services have ‘enabled’: False put into ‘extra’.

test_downgrade_to_db_init_version()[source]
test_endpoint_region_downgrade_columns()[source]
test_endpoint_region_migration()[source]
test_endpoint_region_upgrade_columns()[source]
test_id_mapping()[source]
test_limited_trusts_downgrade()[source]
test_limited_trusts_downgrade_trusts_cleanup()[source]
test_limited_trusts_upgrade()[source]
test_region_migration()[source]
test_region_url_cleanup()[source]
test_region_url_downgrade()[source]
test_region_url_upgrade()[source]
test_remove_actor_id_index()[source]
test_start_version_db_init_version()[source]
test_token_user_id_and_trust_id_index_downgrade()[source]
test_token_user_id_and_trust_id_index_upgrade()[source]
test_two_steps_forward_one_step_back()[source]

You should be able to cleanly undo and re-apply all upgrades.

Upgrades are run in the following order:

Starting with the initial version defined at
keystone.common.migrate_repo.DB_INIT_VERSION

INIT +1 -> INIT +2 -> INIT +1 -> INIT +2 -> INIT +3 -> INIT +2 ...
^---------------------^          ^---------------------^

Downgrade to the DB_INIT_VERSION does not occur based on the requirement that the base version be DB_INIT_VERSION + 1 before migration can occur. Downgrade below DB_INIT_VERSION + 1 is no longer supported.

DB_INIT_VERSION is the number preceding the release schema version from two releases prior. Example, Juno releases with the DB_INIT_VERSION being 35 where Havana (Havana was two releases before Juno) release schema version is 36.

The migrate utility requires the db must be initialized under version control with the revision directly before the first version to be applied.

test_upgrade_add_initial_tables()[source]
test_upgrade_endpoint_enabled_cols()[source]

Migration 42 added enabled column to endpoint table.

test_upgrade_endpoint_enabled_data()[source]

Migration 42 has to migrate data from extra to enabled.

test_upgrade_region_non_unique_description()[source]

Test upgrade to migration 43.

This migration should occur with no unique constraint on the region description column.

Create two regions with the same description.

test_upgrade_region_unique_description()[source]

Test upgrade to migration 43.

This test models a migration where there is a unique constraint on the description column.

Create two regions with the same description.

test_upgrade_service_enabled_cols()[source]

Migration 44 added enabled column to service table.

test_upgrade_service_enabled_data()[source]

Migration 44 has to migrate data from extra to enabled.

class keystone.tests.test_sql_upgrade.VersionTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

test_core_initial()[source]

Get the version before migrated, it’s the initial DB version.

test_core_max()[source]

When get the version after upgrading, it’s the new version.

test_extension_downgraded()[source]

When get the version after downgrading an extension, it is 0.

test_extension_initial()[source]

When get the initial version of an extension, it’s 0.

test_extension_migrated()[source]

When get the version after migrating an extension, it’s not 0.

test_extension_not_controlled()[source]

When get the version before controlling, raises DbMigrationError.

test_initial_with_extension_version_None()[source]

When performing a default migration, also migrate extensions.

test_initial_with_extension_version_max()[source]

When migrating to max version, do not migrate extensions.

test_unexpected_extension()[source]

The version for an extension that doesn’t exist raises ImportError.

test_unversioned_extension()[source]

The version for extensions without migrations raise an exception.

test_ssl Module

class keystone.tests.test_ssl.SSLTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

get_HTTPSConnection(*args)[source]

Simple helper to configure HTTPSConnection objects.

setUp()[source]
test_1way_ssl_ok()[source]

Make sure both public and admin API work with 1-way SSL.

test_1way_ssl_with_ipv6_ok()[source]

Make sure both public and admin API work with 1-way ipv6 & SSL.

test_2way_ssl_fail()[source]

Expect to fail when client does not present proper certificate.

test_2way_ssl_ok()[source]

Make sure both public and admin API work with 2-way SSL.

Requires client certificate.

test_2way_ssl_with_ipv6_ok()[source]

Make sure both public and admin API work with 2-way ipv6 & SSL.

Requires client certificate.

test_token_bind Module

class keystone.tests.test_token_bind.BindTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test binding tokens to a Principal.

Even though everything in this file references kerberos the same concepts will apply to all future binding mechanisms.

assert_kerberos_bind(tokens, bind_level, use_kerberos=True, success=True)[source]
setUp()[source]
test_bind_disabled_with_kerb_user()[source]
test_bind_named_with_kerb_user()[source]
test_bind_named_with_regular_token()[source]
test_bind_named_with_unknown_bind()[source]
test_bind_named_with_unknown_scheme()[source]
test_bind_named_without_kerb_user()[source]
test_bind_permissive_with_kerb_user()[source]
test_bind_permissive_with_regular_token()[source]
test_bind_permissive_with_unknown_bind()[source]
test_bind_permissive_without_kerb_user()[source]
test_bind_required_with_kerb_user()[source]
test_bind_required_with_regular_token()[source]
test_bind_required_with_unknown_bind()[source]
test_bind_required_without_kerb_user()[source]
test_bind_strict_with_kerb_user()[source]
test_bind_strict_with_regular_token()[source]
test_bind_strict_with_unknown_bind()[source]
test_bind_strict_without_kerb_user()[source]

test_token_provider Module

class keystone.tests.test_token_provider.PKIProviderTests[source]

Bases: object

setUp()[source]
test_get_token_id_error_handling()[source]
class keystone.tests.test_token_provider.TestPKIProviderWithEventlet(*args, **kwargs)[source]

Bases: keystone.tests.test_token_provider.PKIProviderTests, keystone.tests.core.TestCase

setUp()[source]
class keystone.tests.test_token_provider.TestPKIProviderWithStdlib(*args, **kwargs)[source]

Bases: keystone.tests.test_token_provider.PKIProviderTests, keystone.tests.core.TestCase

setUp()[source]
class keystone.tests.test_token_provider.TestTokenProvider(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_default_providers_without_token_format()[source]
test_default_token_format()[source]
test_get_token_version()[source]
test_provider_override_token_format()[source]
test_provider_token_expiration_validation()[source]
test_unsupported_token_format()[source]
test_uuid_provider()[source]
test_uuid_token_format_and_no_provider()[source]
class keystone.tests.test_token_provider.TestTokenProviderOAuth1(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_uuid_provider_no_oauth_fails_oauth()[source]
keystone.tests.test_token_provider.create_v2_token()[source]
keystone.tests.test_token_provider.create_v3_token()[source]

test_url_middleware Module

class keystone.tests.test_url_middleware.FakeApp[source]

Bases: object

Fakes a WSGI app URL normalized.

class keystone.tests.test_url_middleware.UrlMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
start_fake_response(status, headers)[source]
test_rewrite_empty_path()[source]

Tests empty path is rewritten to root.

test_trailing_slash_normalization()[source]

Tests /v2.0/tokens and /v2.0/tokens/ normalized URLs match.

test_utils Module

class keystone.tests.test_utils.LimitingReaderTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_read_default_value()[source]
class keystone.tests.test_utils.ServiceHelperTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_fail_gracefully()[source]
class keystone.tests.test_utils.UtilsTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

OPTIONAL = <object object at 0x7fb3c619aba0>
test_auth_str_equal()[source]
test_hash()[source]
test_hash_edge_cases()[source]
test_hash_long_password_strict()[source]
test_hash_long_password_truncation()[source]
test_hash_unicode()[source]
test_hash_user_password_with_empty_password()[source]
test_hash_user_password_with_null_password()[source]
test_hash_user_password_without_password()[source]
test_unixtime()[source]
test_verify_long_password_strict()[source]
test_verify_long_password_strict_raises_exception()[source]
test_verify_normal_password_strict()[source]
keystone.tests.test_utils.timezone(func)[source]

test_v2_controller Module

class keystone.tests.test_v2_controller.TenantTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Tests for the V2 Tenant controller.

These tests exercise keystone.assignment.controllers.Tenant.

setUp()[source]
test_get_project_users_no_user()[source]

get_project_users when user doesn’t exist.

When a user that’s not known to identity has a role on a project, then get_project_users just skips that user.

test_list_projects_default_domain()[source]

Test that list projects only returns those in the default domain.

test_v3 Module

class keystone.tests.test_v3.AuthContextMiddlewareTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_admin_token_auth_context()[source]
test_auth_context_build_by_middleware()[source]
test_auth_context_override()[source]
class keystone.tests.test_v3.AuthTestMixin[source]

Bases: object

To hold auth building helper functions.

build_auth_scope(project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, domain_id=None, domain_name=None, trust_id=None)[source]
build_authentication_request(token=None, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, kerberos=False, **kwargs)[source]

Build auth dictionary.

It will create an auth dictionary based on all the arguments that it receives.

build_password_auth(user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None)[source]
build_token_auth(token)[source]
class keystone.tests.test_v3.JsonHomeTestMixin[source]

Bases: object

JSON Home test

Mixin this class to provide a test for the JSON-Home response for an extension.

The base class must set JSON_HOME_DATA to a dict of relationship URLs (rels) to the JSON-Home data for the relationship. The rels and associated data must be in the response.

test_get_json_home()[source]
class keystone.tests.test_v3.RestfulTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.rest.RestfulTestCase, keystone.tests.test_v3.AuthTestMixin

admin_request(*args, **kwargs)[source]

Translates XML responses to dicts.

This implies that we only have to write assertions for JSON.

assertEqualTokens(a, b)[source]

Assert that two tokens are equal.

Compare two tokens except for their ids. This also truncates the time in the comparison.

assertRoleAssignmentInListResponse(resp, ref, link_url=None, expected=1)[source]
assertRoleAssignmentNotInListResponse(resp, ref, link_url=None)[source]
assertValidCatalog(entity)[source]
assertValidCatalogResponse(resp, *args, **kwargs)[source]
assertValidCredential(entity, ref=None)[source]
assertValidCredentialListResponse(resp, *args, **kwargs)[source]
assertValidCredentialResponse(resp, *args, **kwargs)[source]
assertValidDomain(entity, ref=None)[source]
assertValidDomainListResponse(resp, *args, **kwargs)[source]
assertValidDomainResponse(resp, *args, **kwargs)[source]
assertValidDomainScopedTokenResponse(r, *args, **kwargs)[source]
assertValidEndpoint(entity, ref=None)[source]
assertValidEndpointListResponse(resp, *args, **kwargs)[source]
assertValidEndpointResponse(resp, *args, **kwargs)[source]
assertValidEntity(entity, ref=None, keys_to_check=None)[source]

Make assertions common to all API entities.

If a reference is provided, the entity will also be compared against the reference.

assertValidErrorResponse(r)[source]
assertValidGroup(entity, ref=None)[source]
assertValidGroupListResponse(resp, *args, **kwargs)[source]
assertValidGroupResponse(resp, *args, **kwargs)[source]
assertValidISO8601ExtendedFormatDatetime(dt)[source]
assertValidListResponse(resp, key, entity_validator, ref=None, expected_length=None, keys_to_check=None, resource_url=None)[source]

Make assertions common to all API list responses.

If a reference is provided, it’s ID will be searched for in the response, and asserted to be equal.

assertValidPolicy(entity, ref=None)[source]
assertValidPolicyListResponse(resp, *args, **kwargs)[source]
assertValidPolicyResponse(resp, *args, **kwargs)[source]
assertValidProject(entity, ref=None)[source]
assertValidProjectListResponse(resp, *args, **kwargs)[source]
assertValidProjectResponse(resp, *args, **kwargs)[source]
assertValidProjectScopedTokenResponse(r, *args, **kwargs)[source]
assertValidProjectTrustScopedTokenResponse(r, *args, **kwargs)[source]
assertValidRegion(entity, ref=None)[source]
assertValidRegionListResponse(resp, *args, **kwargs)[source]
assertValidRegionResponse(resp, *args, **kwargs)[source]
assertValidResponse(resp, key, entity_validator, *args, **kwargs)[source]

Make assertions common to all API responses.

assertValidRole(entity, ref=None)[source]
assertValidRoleAssignment(entity, ref=None, url=None)[source]
assertValidRoleAssignmentListResponse(resp, ref=None, expected_length=None, resource_url=None)[source]
assertValidRoleListResponse(resp, *args, **kwargs)[source]
assertValidRoleResponse(resp, *args, **kwargs)[source]
assertValidScopedTokenResponse(r, *args, **kwargs)[source]
assertValidService(entity, ref=None)[source]
assertValidServiceListResponse(resp, *args, **kwargs)[source]
assertValidServiceResponse(resp, *args, **kwargs)[source]
assertValidTokenResponse(r, user=None)[source]
assertValidTrust(entity, ref=None, summary=False)[source]
assertValidTrustListResponse(resp, *args, **kwargs)[source]
assertValidTrustResponse(resp, *args, **kwargs)[source]
assertValidTrustSummary(entity, ref=None)[source]
assertValidUnscopedTokenResponse(r, *args, **kwargs)[source]
assertValidUser(entity, ref=None)[source]
assertValidUserListResponse(resp, *args, **kwargs)[source]
assertValidUserResponse(resp, *args, **kwargs)[source]
build_external_auth_request(remote_user, remote_domain=None, auth_data=None, kerberos=False)[source]
config_files()[source]
create_new_default_project_for_user(user_id, domain_id, enable_project=True)[source]
delete(path, **kwargs)[source]
generate_paste_config()[source]
get(path, **kwargs)[source]
get_extensions()[source]
get_requested_token(auth)[source]

Request the specific token we want.

get_scoped_token()[source]

Convenience method so that we can test authenticated requests.

head(path, **kwargs)[source]
load_backends()[source]
load_fixtures(fixtures)[source]
load_sample_data()[source]
new_credential_ref(user_id, project_id=None, cred_type=None)[source]
new_domain_ref()[source]
new_endpoint_ref(service_id, interface='public', **kwargs)[source]
new_group_ref(domain_id)[source]
new_policy_ref()[source]
new_project_ref(domain_id)[source]
new_ref()[source]

Populates a ref with attributes common to all API entities.

new_region_ref()[source]
new_role_ref()[source]
new_service_ref()[source]
new_trust_ref(trustor_user_id, trustee_user_id, project_id=None, impersonation=None, expires=None, role_ids=None, role_names=None, remaining_uses=None)[source]
new_user_ref(domain_id, project_id=None)[source]
patch(path, **kwargs)[source]
post(path, **kwargs)[source]
put(path, **kwargs)[source]
remove_generated_paste_config()[source]
setUp(app_conf='keystone')[source]

Setup for v3 Restful Test Cases.

v3_authenticate_token(auth, expected_status=201)[source]
v3_noauth_request(path, **kwargs)[source]
v3_request(path, **kwargs)[source]
class keystone.tests.test_v3.VersionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_get_version()[source]

test_v3_auth Module

class keystone.tests.test_v3_auth.TestAPIProtectionWithoutAuthContextMiddleware(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_api_protection_with_no_auth_context_in_env()[source]
class keystone.tests.test_v3_auth.TestAuthContext(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_identity_attribute_conflict()[source]
test_identity_attribute_conflict_with_none_value()[source]
test_non_identity_attribute_conflict_override()[source]
test_pick_lowest_expires_at()[source]
class keystone.tests.test_v3_auth.TestAuthExternalDisabled(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
test_remote_user_disabled()[source]
class keystone.tests.test_v3_auth.TestAuthExternalDomain(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
content_type = 'json'
test_project_id_scoped_with_remote_user()[source]
test_remote_user_with_realm()[source]
test_unscoped_bind_with_remote_user()[source]
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDefaultDomain(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
content_type = 'json'
test_remote_user_no_domain()[source]
test_remote_user_no_realm()[source]
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDomain(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
content_type = 'json'
test_project_id_scoped_with_remote_user()[source]
test_remote_user_with_realm()[source]
test_unscoped_bind_with_remote_user()[source]
class keystone.tests.test_v3_auth.TestAuthInfo(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.AuthTestMixin, testtools.testcase.TestCase

setUp()[source]
test_both_project_and_domain_in_scope()[source]
test_get_method_data_invalid_method()[source]
test_get_method_names_duplicates()[source]
test_missing_auth_method_data()[source]
test_missing_auth_methods()[source]
test_project_name_no_domain()[source]
test_unsupported_auth_method()[source]
class keystone.tests.test_v3_auth.TestAuthJSON(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

content_type = 'json'
get_v2_token(tenant_id=None)[source]
test_auth_catalog_attributes()[source]
test_auth_catalog_disabled_endpoint()[source]

On authenticate, get a catalog that excludes disabled endpoints.

test_auth_catalog_disabled_service()[source]

On authenticate, get a catalog that excludes disabled services.

test_auth_methods_with_different_identities_fails()[source]
test_auth_token_cross_domain_group_and_project()[source]

Verify getting a token in cross domain group/project roles.

test_auth_with_bind_token()[source]
test_auth_with_id()[source]
test_authenticating_a_user_with_no_password()[source]
test_bind_not_set_with_remote_user()[source]
test_default_project_id_scoped_token_with_user_id()[source]
test_default_project_id_scoped_token_with_user_id_no_catalog()[source]
test_disabled_default_project_domain_result_in_unscoped_token()[source]
test_disabled_default_project_result_in_unscoped_token()[source]
test_disabled_scope_project_domain_result_in_401()[source]
test_domain_id_scoped_token_with_user_domain_id()[source]
test_domain_id_scoped_token_with_user_domain_name()[source]
test_domain_id_scoped_token_with_user_id()[source]
test_domain_name_scoped_token_with_user_domain_id()[source]
test_domain_name_scoped_token_with_user_domain_name()[source]
test_domain_name_scoped_token_with_user_id()[source]
test_domain_scope_failed()[source]
test_domain_scope_token_with_group_role()[source]
test_domain_scope_token_with_name()[source]
test_implicit_project_id_scoped_token_with_user_id_no_catalog()[source]
test_invalid_domain_id()[source]
test_invalid_domain_name()[source]
test_invalid_password()[source]
test_invalid_user_id()[source]
test_invalid_user_name()[source]
test_no_access_to_default_project_result_in_unscoped_token()[source]
test_project_id_scoped_token_with_user_domain_id()[source]
test_project_id_scoped_token_with_user_domain_name()[source]
test_project_id_scoped_token_with_user_id()[source]
test_project_id_scoped_token_with_user_id_401()[source]
test_remote_user_and_explicit_external()[source]
test_remote_user_and_password()[source]
test_remote_user_bad_password()[source]
test_remote_user_no_domain()[source]
test_remote_user_no_realm()[source]
test_unscoped_token_with_user_domain_id()[source]
test_unscoped_token_with_user_domain_name()[source]
test_unscoped_token_with_user_id()[source]
test_user_and_group_roles_scoped_token()[source]

Test correct roles are returned in scoped token.

Test Plan:

  • Create a domain, with 1 project, 2 users (user1 and user2) and 2 groups (group1 and group2)
  • Make user1 a member of group1, user2 a member of group2
  • Create 8 roles, assigning them to each of the 8 combinations of users/groups on domain/project
  • Get a project scoped token for user1, checking that the right two roles are returned (one directly assigned, one by virtue of group membership)
  • Repeat this for a domain scoped token
  • Make user1 also a member of group2
  • Get another scoped token making sure the additional role shows up
  • User2 is just here as a spoiler, to make sure we don’t get any roles uniquely assigned to it returned in any of our tokens
test_v2_v3_bind_token_intermix()[source]
test_validate_v2_scoped_token_with_v3_api()[source]
test_validate_v2_unscoped_token_with_v3_api()[source]
test_verify_with_bound_token()[source]
class keystone.tests.test_v3_auth.TestAuthJSONExternal(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

auth_plugin_config_override(methods=None, **method_classes)[source]
config_overrides()[source]
content_type = 'json'
test_remote_user_no_method()[source]
class keystone.tests.test_v3_auth.TestAuthKerberos(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_auth.TestAuthExternalDomain

config_overrides()[source]
class keystone.tests.test_v3_auth.TestAuthSpecificData(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_get_catalog_domain_scoped_token()[source]

Call GET /auth/catalog with a domain-scoped token.

test_get_catalog_no_token()[source]

Call GET /auth/catalog without a token.

test_get_catalog_project_scoped_token()[source]

Call GET /auth/catalog with a project-scoped token.

test_get_catalog_unscoped_token()[source]

Call GET /auth/catalog with an unscoped token.

test_get_domains_project_scoped_token()[source]
test_get_projects_project_scoped_token()[source]
class keystone.tests.test_v3_auth.TestAuthXML(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_auth.TestAuthJSON

content_type = 'xml'
class keystone.tests.test_v3_auth.TestPKITokenAPIs(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests

config_overrides()[source]
setUp()[source]
class keystone.tests.test_v3_auth.TestPKIZTokenAPIs(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests

config_overrides()[source]
setUp()[source]
verify_token(*args, **kwargs)[source]
class keystone.tests.test_v3_auth.TestTokenRevokeApi(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_auth.TestTokenRevokeById

EXTENSION_NAME = 'revoke'
EXTENSION_TO_ADD = 'revoke_extension'

Test token revocation on the v3 Identity API.

assertDomainInList(events_response, domain_id)[source]
assertEventDataInList(events, **kwargs)[source]
assertValidDeletedProjectResponse(events_response, project_id)[source]
assertValidRevokedTokenResponse(events_response, **kwargs)[source]
config_overrides()[source]
test_disable_domain_shows_in_event_list()[source]
test_list_delete_project_shows_in_event_list()[source]
test_list_delete_token_shows_in_event_list()[source]
test_list_with_filter()[source]
test_revoke_by_id_false_410()[source]
test_revoke_token()[source]
test_revoke_v2_token()[source]
class keystone.tests.test_v3_auth.TestTokenRevokeById(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test token revocation on the v3 Identity API.

config_overrides()[source]
get_v2_token(token=None, project_id=None)[source]
role_data_fixtures()[source]
setUp()[source]

Setup for Token Revoking Test Cases.

As well as the usual housekeeping, create a set of domains, users, groups, roles and projects for the subsequent tests:

  • Two domains: A & B
  • Three users (1, 2 and 3)
  • Three groups (1, 2 and 3)
  • Two roles (1 and 2)
  • DomainA owns user1, domainB owns user2 and user3
  • DomainA owns group1 and group2, domainB owns group3
  • User1 and user2 are members of group1
  • User3 is a member of group2
  • Two projects: A & B, both in domainA
  • Group1 has role1 on Project A and B, meaning that user1 and user2 will get these roles by virtue of membership
  • User1, 2 and 3 have role1 assigned to projectA
  • Group1 has role1 on Project A and B, meaning that user1 and user2 will get role1 (duplicated) by virtue of membership
  • User1 has role2 assigned to domainA
test_deleting_group_grant_revokes_tokens()[source]

Test deleting a group grant revokes tokens.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Get a token for user2, scoped to ProjectA
  • Get a token for user3, scoped to ProjectA
  • Delete the grant group1 has on ProjectA
  • Check tokens for user1 & user2 are no longer valid, since user1 and user2 are members of group1
  • Check token for user3 is still valid
test_deleting_project_deletes_grants()[source]
test_deleting_project_revokes_token()[source]
test_deleting_role_revokes_token()[source]

Test deleting a role revokes token.

Add some additional test data, namely:
  • A third project (project C)
  • Three additional users - user4 owned by domainB and user5 and 6 owned by domainA (different domain ownership should not affect the test results, just provided to broaden test coverage)
  • User5 is a member of group1
  • Group1 gets an additional assignment - role1 on projectB as well as its existing role1 on projectA
  • User4 has role2 on Project C
  • User6 has role1 on projectA and domainA
  • This allows us to create 5 tokens by virtue of different types of role assignment: - user1, scoped to ProjectA by virtue of user role1 assignment - user5, scoped to ProjectB by virtue of group role1 assignment - user4, scoped to ProjectC by virtue of user role2 assignment - user6, scoped to ProjectA by virtue of user role1 assignment - user6, scoped to DomainA by virtue of user role1 assignment
  • role1 is then deleted
  • Check the tokens on Project A and B, and DomainA are revoked, but not the one for Project C
test_deleting_user_grant_revokes_token()[source]

Test deleting a user grant revokes token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Delete the grant user1 has on ProjectA
  • Check token is no longer valid
test_disabling_project_revokes_token()[source]
test_domain_group_role_assignment_maintains_token()[source]

Test domain-group role assignment maintains existing token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Create a grant for group1 on DomainB
  • Check token is still longer valid
test_domain_user_role_assignment_maintains_token()[source]

Test user-domain role assignment maintains existing token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Create a grant for user1 on DomainB
  • Check token is still valid
test_group_membership_changes_revokes_token()[source]

Test add/removal to/from group revokes token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Get a token for user2, scoped to ProjectA
  • Remove user1 from group1
  • Check token for user1 is no longer valid
  • Check token for user2 is still valid, even though user2 is also part of group1
  • Add user2 to group2
  • Check token for user2 is now no longer valid
test_removing_role_assignment_does_not_affect_other_users()[source]

Revoking a role from one user should not affect other users.

test_revoke_token_from_token()[source]
test_revoke_token_from_token_v2()[source]
test_revoke_v2_token_no_check()[source]
test_unscoped_token_remains_valid_after_role_assignment()[source]
class keystone.tests.test_v3_auth.TestTokenRevokeSelfAndAdmin(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test token revoke using v3 Identity API by token owner and admin.

config_overrides()[source]
load_sample_data()[source]

Load Sample Data for Test Cases. Two domains, domainA and domainB Two users in domainA, userNormalA and userAdminA One user in domainB, userAdminB

test_adminA_revokes_userA_token()[source]
test_adminB_fails_revoking_userA_token()[source]
test_user_revokes_own_token()[source]
class keystone.tests.test_v3_auth.TestTrustAuth(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

EXTENSION_NAME = 'revoke'
EXTENSION_TO_ADD = 'revoke_extension'
assertTrustTokensRevoked(trust_id)[source]
config_overrides()[source]
disable_user(user)[source]
setUp()[source]
test_change_password_invalidates_trust_tokens()[source]
test_consume_trust_once()[source]
test_create_expired_trust()[source]
test_create_one_time_use_trust()[source]
test_create_trust_400()[source]
test_create_trust_no_roles()[source]
test_create_trust_project_404()[source]
test_create_trust_role_id_404()[source]
test_create_trust_role_name_404()[source]
test_create_trust_trustee_404()[source]
test_create_trust_trustor_trustee_backwards()[source]
test_create_trust_with_bad_values_for_remaining_uses()[source]
test_create_unlimited_use_trust()[source]
test_create_unscoped_trust()[source]
test_delete_trust()[source]
test_delete_trust_revokes_tokens()[source]
test_do_not_consume_remaining_uses_when_get_token_fails()[source]
test_exercise_trust_scoped_token_with_impersonation()[source]
test_exercise_trust_scoped_token_without_impersonation()[source]
test_impersonation_token_cannot_create_new_trust()[source]
test_invalid_trust_request_without_impersonation()[source]
test_invalid_trust_request_without_trustee()[source]
test_list_trusts()[source]
test_trust_chained()[source]

Test that a trust token can’t be used to execute another trust.

To do this, we create an A->B->C hierarchy of trusts, then attempt to execute the trusts in series (C->B->A).

test_trust_crud()[source]
test_trust_deleted_grant()[source]
test_trust_get_token_fails_if_trustee_disabled()[source]
test_trust_get_token_fails_if_trustor_disabled()[source]
test_trustee_can_do_role_ops()[source]
test_v3_v2_intermix()[source]
test_v3_v2_intermix_project_not_in_default_domaini_failed()[source]
test_v3_v2_intermix_trustor_not_in_default_domain_failed()[source]
test_v3_v2_intermix_trustor_not_in_default_domaini_failed()[source]
class keystone.tests.test_v3_auth.TestTrustOptional(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
test_auth_with_scope_in_trust_403()[source]
test_trusts_404()[source]
class keystone.tests.test_v3_auth.TestUUIDTokenAPIs(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests

config_overrides()[source]
setUp()[source]
test_v3_token_id()[source]
test_v3_v2_hashed_pki_token_intermix()[source]
class keystone.tests.test_v3_auth.TokenAPITests[source]

Bases: object

doSetUp()[source]
test_check_token()[source]
test_default_fixture_scope_token()[source]
test_rescoping_token()[source]
test_v2_token_deleted_on_v3()[source]
test_v2_v3_token_intermix()[source]
test_v2_v3_unscoped_token_intermix()[source]
test_v3_token_id()[source]
test_v3_v2_hashed_pki_token_intermix()[source]
test_v3_v2_intermix_domain_scoped_token_failed()[source]
test_v3_v2_intermix_new_default_domain()[source]
test_v3_v2_intermix_non_default_domain_failed()[source]
test_v3_v2_intermix_non_default_project_failed()[source]
test_v3_v2_token_intermix()[source]
test_v3_v2_unscoped_token_intermix()[source]
test_validate_token()[source]
test_validate_token_nocatalog()[source]
verify_token(*args, **kwargs)[source]

test_v3_catalog Module

class keystone.tests.test_v3_catalog.CatalogTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test service & endpoint CRUD.

test_create_endpoint_enabled_false()[source]

Call POST /endpoints with enabled: false.

test_create_endpoint_enabled_str_false()[source]

Call POST /endpoints with enabled: ‘False’.

test_create_endpoint_enabled_str_random()[source]

Call POST /endpoints with enabled: ‘puppies’.

test_create_endpoint_enabled_str_true()[source]

Call POST /endpoints with enabled: ‘True’.

test_create_endpoint_enabled_true()[source]

Call POST /endpoints with enabled: true.

test_create_endpoint_no_enabled()[source]

Call POST /endpoints.

test_create_endpoint_on_v2()[source]
test_create_endpoint_with_empty_url()[source]

Call POST /endpoints.

test_create_endpoint_with_invalid_region_id()[source]

Call POST /endpoints.

test_create_endpoint_with_no_region()[source]

EndpointV3 allows to creates the endpoint without region.

test_create_endpoint_with_region()[source]

EndpointV3 creates the region before creating the endpoint, if endpoint is provided with ‘region’ and no ‘region_id’

test_create_region()[source]

Call POST /regions with an ID in the request body.

test_create_region_with_conflicting_ids()[source]

Call PUT /regions/{region_id} with conflicting region IDs.

test_create_region_with_duplicate_id()[source]

Call PUT /regions/{region_id}.

test_create_region_with_empty_id()[source]

Call POST /regions with an empty ID in the request body.

test_create_region_with_id()[source]

Call PUT /regions/{region_id} w/o an ID in the request body.

test_create_region_with_matching_ids()[source]

Call PUT /regions/{region_id} with an ID in the request body.

test_create_region_with_url()[source]

Call POST /regions with a custom url field.

test_create_region_without_description()[source]

Call POST /regions without description in the request body.

test_create_region_without_id()[source]

Call POST /regions without an ID in the request body.

test_create_regions_with_same_description_string()[source]

Call POST /regions with same description in the request bodies.

test_create_regions_without_descriptions()[source]

Call POST /regions with no description in the request bodies.

test_create_service()[source]

Call POST /services.

test_create_service_enabled_false()[source]

Call POST /services.

test_create_service_enabled_str_false()[source]

Call POST /services.

test_create_service_enabled_str_random()[source]

Call POST /services.

test_create_service_enabled_str_true()[source]

Call POST /services.

test_create_service_enabled_true()[source]

Call POST /services.

test_create_service_no_enabled()[source]

Call POST /services.

test_delete_endpoint()[source]

Call DELETE /endpoints/{endpoint_id}.

test_delete_region()[source]

Call DELETE /regions/{region_id}.

test_delete_service()[source]

Call DELETE /services/{service_id}.

test_filter_list_services_by_name()[source]

Call GET /services?name=<some name>.

test_filter_list_services_by_type()[source]

Call GET /services?type=<some type>.

test_get_endpoint()[source]

Call GET /endpoints/{endpoint_id}.

test_get_region()[source]

Call GET /regions/{region_id}.

test_get_service()[source]

Call GET /services/{service_id}.

test_list_endpoints()[source]

Call GET /endpoints.

test_list_endpoints_xml()[source]

Call GET /endpoints (xml data).

test_list_regions()[source]

Call GET /regions.

test_list_regions_filtered_by_parent_region_id()[source]

Call GET /regions?parent_region_id={parent_region_id}.

test_list_regions_xml()[source]

Call GET /regions (xml data).

test_list_services()[source]

Call GET /services.

test_list_services_xml()[source]

Call GET /services (xml data).

test_update_endpoint()[source]

Call PATCH /endpoints/{endpoint_id}.

test_update_endpoint_enabled_false()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: False.

test_update_endpoint_enabled_str_false()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: ‘False’.

test_update_endpoint_enabled_str_random()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: ‘kitties’.

test_update_endpoint_enabled_str_true()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: ‘True’.

test_update_endpoint_enabled_true()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: True.

test_update_region()[source]

Call PATCH /regions/{region_id}.

test_update_region_with_url()[source]

Call PUT /regions with a custom url field.

test_update_service()[source]

Call PATCH /services/{service_id}.

class keystone.tests.test_v3_catalog.TestCatalogAPISQL(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Tests for the catalog Manager against the SQL backend.

config_overrides()[source]
new_endpoint_ref(service_id)[source]
setUp()[source]
test_get_catalog_ignores_endpoints_with_invalid_urls()[source]
class keystone.tests.test_v3_catalog.TestCatalogAPISQLRegions(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Tests for the catalog Manager against the SQL backend.

assertValidCatalogEndpoint(entity, ref=None)[source]
config_overrides()[source]
new_endpoint_ref(service_id)[source]
setUp()[source]
test_get_catalog_returns_proper_endpoints_with_no_region()[source]
test_get_catalog_returns_proper_endpoints_with_region()[source]

test_v3_controller Module

class keystone.tests.test_v3_controller.V3ControllerTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Tests for the V3Controller class.

setUp()[source]
test_check_immutable_params()[source]

Pass valid parameters to the method and expect no failure.

test_check_immutable_params_fail()[source]

Pass invalid parameter to the method and expect failure.

test_v3_credential Module

class keystone.tests.test_v3_credential.CredentialBaseTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

class keystone.tests.test_v3_credential.CredentialTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase

Test credential CRUD.

setUp()[source]
test_create_credential()[source]

Call POST /credentials.

test_create_credential_with_admin_token()[source]
test_create_ec2_credential()[source]

Call POST /credentials for creating ec2 credential.

test_create_ec2_credential_with_invalid_blob()[source]

Call POST /credentials for creating ec2 credential with invalid blob.

test_create_non_ec2_credential()[source]

Call POST /credentials for creating non-ec2 credential.

test_credential_api_delete_credentials_for_project()[source]
test_credential_api_delete_credentials_for_user()[source]
test_delete_credential()[source]

Call DELETE /credentials/{credential_id}.

test_get_credential()[source]

Call GET /credentials/{credential_id}.

test_get_ec2_dict_blob()[source]

Ensure non-JSON blob data is correctly converted.

test_list_credentials()[source]

Call GET /credentials.

test_list_credentials_filtered_by_user_id()[source]

Call GET  /credentials?user_id={user_id}.

test_list_credentials_xml()[source]

Call GET /credentials (xml data).

test_list_ec2_dict_blob()[source]

Ensure non-JSON blob data is correctly converted.

test_update_credential()[source]

Call PATCH /credentials/{credential_id}.

class keystone.tests.test_v3_credential.TestCredentialEc2(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase

Test v3 credential compatibility with ec2tokens.

setUp()[source]
test_ec2_create_credential()[source]

Test ec2 credential creation.

test_ec2_credential_signature_validate()[source]

Test signature validation with a v3 ec2 credential.

test_ec2_credential_signature_validate_legacy()[source]

Test signature validation with a legacy v3 ec2 credential.

test_ec2_delete_credential()[source]

Test ec2 credential deletion.

test_ec2_get_credential()[source]
test_ec2_list_credentials()[source]

Test ec2 credential listing.

class keystone.tests.test_v3_credential.TestCredentialTrustScoped(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test credential with trust scoped token.

config_overrides()[source]
setUp()[source]
test_trust_scoped_ec2_credential()[source]

Call POST /credentials for creating ec2 credential.

test_v3_endpoint_policy Module

class keystone.tests.test_v3_endpoint_policy.EndpointPolicyTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_endpoint_policy.TestExtensionCase

Test endpoint policy CRUD.

In general, the controller layer of the endpoint policy extension is really just marshalling the data around the underlying manager calls. Given that the manager layer is tested in depth by the backend tests, the tests we execute here concentrate on ensuring we are correctly passing and presenting the data.

setUp()[source]
test_crud_for_policy_for_explicit_endpoint()[source]

PUT, HEAD and DELETE for explicit endpoint policy.

test_crud_for_policy_for_region_and_service()[source]

PUT, HEAD and DELETE for region and service endpoint policy.

test_crud_for_policy_for_service()[source]

PUT, HEAD and DELETE for service endpoint policy.

test_endpoint_association_cleanup_when_endpoint_deleted()[source]
test_get_policy_for_endpoint()[source]

GET /endpoints/{endpoint_id}/policy.

test_list_endpoints_for_policy()[source]

GET /policies/%(policy_id}/endpoints.

test_region_service_association_cleanup_when_region_deleted()[source]
test_region_service_association_cleanup_when_service_deleted()[source]
test_service_association_cleanup_when_service_deleted()[source]
class keystone.tests.test_v3_endpoint_policy.JsonHomeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_endpoint_policy.TestExtensionCase, keystone.tests.test_v3.JsonHomeTestMixin

EXTENSION_LOCATION = 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel'
JSON_HOME_DATA = {'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/endpoint_policy': {'href-template': '/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy', 'href-vars': {'endpoint_id': 'http://docs.openstack.org/api/openstack-identity/3/param/endpoint_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/service_policy_association': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}', 'href-vars': {'service_id': 'http://docs.openstack.org/api/openstack-identity/3/param/service_id', 'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/endpoint_policy_association': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}', 'href-vars': {'endpoint_id': 'http://docs.openstack.org/api/openstack-identity/3/param/endpoint_id', 'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/policy_endpoints': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints', 'href-vars': {'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/region_and_service_policy_association': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}', 'href-vars': {'service_id': 'http://docs.openstack.org/api/openstack-identity/3/param/service_id', 'region_id': 'http://docs.openstack.org/api/openstack-identity/3/param/region_id', 'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}}
PARAM_LOCATION = 'http://docs.openstack.org/api/openstack-identity/3/param'
class keystone.tests.test_v3_endpoint_policy.TestExtensionCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

EXTENSION_NAME = 'endpoint_policy'
EXTENSION_TO_ADD = 'endpoint_policy_extension'

test_v3_federation Module

test_v3_filters Module

class keystone.tests.test_v3_filters.IdentityTestFilteredCase(*args, **kwargs)[source]

Bases: keystone.tests.filtering.FilterTests, keystone.tests.test_v3.RestfulTestCase

Test filter enforcement on the v3 Identity API.

content_type = 'json'
load_sample_data()[source]

Create sample data for these tests.

As well as the usual housekeeping, create a set of domains, users, roles and projects for the subsequent tests:

  • Three domains: A,B & C. C is disabled.
  • DomainA has user1, DomainB has user2 and user3
  • DomainA has group1 and group2, DomainB has group3
  • User1 has a role on DomainA

Remember that there will also be a fourth domain in existence, the default domain.

setUp()[source]

Setup for Identity Filter Test Cases.

test_filter_sql_injection_attack()[source]

GET /users?name=<injected sql_statement>

Test Plan:

  • Attempt to get all entities back by passing a two-term attribute
  • Attempt to piggyback filter to damage DB (e.g. drop table)
test_inexact_filters()[source]
test_list_filtered_domains()[source]

GET /domains?enabled=0

Test Plan:

  • Update policy for no protection on api
  • Filter by the ‘enabled’ boolean to get disabled domains, which should return just domainC
  • Try the filter using different ways of specifying True/False to test that our handling of booleans in filter matching is correct
test_list_users_filtered_by_domain()[source]

GET /users?domain_id=mydomain (filtered)

Test Plan:

  • Update policy so api is unprotected
  • Use an un-scoped token to make sure we can filter the users by domainB, getting back the 2 users in that domain
test_list_users_filtered_by_funny_name()[source]

GET /users?name=%myname%

Test Plan:

  • Update policy so api is unprotected
  • Update a user with name that has filter escape characters
  • Ensure we can filter on it
test_multiple_filters()[source]

GET /domains?enabled&name=myname

Test Plan:

  • Update policy for no protection on api
  • Filter by the ‘enabled’ boolean and name - this should return a single domain
class keystone.tests.test_v3_filters.IdentityTestFilteredCaseXML(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase

content_type = 'xml'
class keystone.tests.test_v3_filters.IdentityTestListLimitCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase

Test list limiting enforcement on the v3 Identity API.

clean_up_entity(entity)[source]

Clean up entity test data from Identity Limit Test Cases.

clean_up_policy()[source]

Clean up policy test data from Identity Limit Test Cases.

clean_up_service()[source]

Clean up service test data from Identity Limit Test Cases.

content_type = 'json'
setUp()[source]

Setup for Identity Limit Test Cases.

test_at_limit()[source]

Check truncated attribute not set when list at max size.

test_groups_list_limit()[source]
test_no_limit()[source]

Check truncated attribute not set when list not limited.

test_non_driver_list_limit()[source]

Check list can be limited without driver level support.

Policy limiting is not done at the driver level (since it really isn’t worth doing it there). So use this as a test for ensuring the controller level will successfully limit in this case.

test_projects_list_limit()[source]
test_services_list_limit()[source]
test_users_list_limit()[source]
class keystone.tests.test_v3_filters.IdentityTestListLimitCaseXML(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_filters.IdentityTestListLimitCase

content_type = 'xml'

test_v3_identity Module

class keystone.tests.test_v3_identity.IdentityInheritanceDisabledTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test inheritance crud and its effects.

config_overrides()[source]
test_crud_inherited_role_grants_failed_if_disabled()[source]
class keystone.tests.test_v3_identity.IdentityInheritanceTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test inheritance crud and its effects.

config_overrides()[source]
test_crud_user_inherited_domain_role_grants()[source]
test_filtered_role_assignments_for_inherited_grants()[source]

Call GET /role_assignments?scope.OS-INHERIT:inherited_to.

Test Plan:

  • Create 5 roles
  • Create a domain with a user, group and two projects
  • Assign three direct spoiler roles to projects
  • Issue the URL to add an inherited user role to the domain
  • Issue the URL to add an inherited group role to the domain
  • Issue the URL to filter by inherited roles - this should return just the 2 inherited roles.
test_list_role_assignments_for_disabled_inheritance_extension()[source]

Call GET /role_assignments with inherited domain grants.

Test Plan:

  • Issue the URL to add inherited role to the domain
  • Issue the URL to check effective roles on project include the inherited role
  • Disable the extension
  • Re-check the effective roles, proving the inherited role no longer shows up.
test_list_role_assignments_for_inherited_domain_grants()[source]

Call GET /role_assignments with inherited domain grants.

Test Plan:

  • Create 4 roles
  • Create a domain with a user and two projects
  • Assign two direct roles to project1
  • Assign a spoiler role to project2
  • Issue the URL to add inherited role to the domain
  • Issue the URL to check it is indeed on the domain
  • Issue the URL to check effective roles on project1 - this should return 3 roles.
test_list_role_assignments_for_inherited_group_domain_grants()[source]

Call GET /role_assignments with inherited group domain grants.

Test Plan:

  • Create 4 roles
  • Create a domain with a user and two projects
  • Assign two direct roles to project1
  • Assign a spoiler role to project2
  • Issue the URL to add inherited role to the domain
  • Issue the URL to check it is indeed on the domain
  • Issue the URL to check effective roles on project1 - this should return 3 roles.
class keystone.tests.test_v3_identity.IdentityTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test domains, projects, users, groups, & role CRUD.

setUp()[source]
test_add_user_to_group()[source]

Call PUT /groups/{group_id}/users/{user_id}.

test_admin_password_reset()[source]
test_check_effective_values_for_role_assignments()[source]

Call GET /role_assignments?effective=value.

Check the various ways of specifying the ‘effective’ query parameter. If the ‘effective’ query parameter is included then this should always be treated as meaning ‘True’ unless it is specified as:

{url}?effective=0

This is by design to match the agreed way of handling policy checking on query/filter parameters.

Test Plan:

  • Create two extra user for tests
  • Add these users to a group
  • Add a role assignment for the group on a domain
  • Get a list of all role assignments, checking one has been added
  • Then issue various request with different ways of defining the ‘effective’ query parameter. As we have tested the correctness of the data coming back when we get effective roles in other tests, here we just use the count of entities to know if we are getting effective roles or not
test_check_user_in_group()[source]

Call HEAD /groups/{group_id}/users/{user_id}.

test_create_domain()[source]

Call POST /domains.

test_create_domain_400()[source]

Call POST /domains.

test_create_domain_case_sensitivity()[source]

Call POST /domains` twice with upper() and lower() cased name.

test_create_group()[source]

Call POST /groups.

test_create_group_400()[source]

Call POST /groups.

test_create_project()[source]

Call POST /projects.

test_create_project_400()[source]

Call POST /projects.

test_create_role()[source]

Call POST /roles.

test_create_role_400()[source]

Call POST /roles.

test_create_user()[source]

Call POST /users.

test_create_user_400()[source]

Call POST /users.

test_create_user_password_not_logged()[source]
test_create_user_without_domain()[source]

Call POST /users without specifying domain.

According to the identity-api specification, if you do not explicitly specific the domain_id in the entity, it should take the domain scope of the token as the domain_id.

test_crud_group_domain_role_grants()[source]
test_crud_group_domain_role_grants_no_group()[source]

Grant role on a domain to a group that doesn’t exist, 404 result.

When grant a role on a domain to a group that doesn’t exist, the server returns 404 Not Found for the group.

test_crud_group_project_role_grants()[source]
test_crud_group_project_role_grants_no_group()[source]

Grant role on a project to a group that doesn’t exist, 404 result.

When grant a role on a project to a group that doesn’t exist, the server returns 404 Not Found for the group.

test_crud_user_domain_role_grants()[source]
test_crud_user_domain_role_grants_no_user()[source]

Grant role on a domain to a user that doesn’t exist, 404 result.

When grant a role on a domain to a user that doesn’t exist, the server returns 404 Not Found for the user.

test_crud_user_project_role_grants()[source]
test_crud_user_project_role_grants_no_user()[source]

Grant role on a project to a user that doesn’t exist, 404 result.

When grant a role on a project to a user that doesn’t exist, the server returns 404 Not Found for the user.

test_delete_default_domain_fails()[source]
test_delete_domain()[source]

Call DELETE /domains/{domain_id}.

The sample data set up already has a user, group, project and credential that is part of self.domain. Since the user we will authenticate with is in this domain, we create a another set of entities in a second domain. Deleting this second domain should delete all these new entities. In addition, all the entities in the regular self.domain should be unaffected by the delete.

Test Plan:

  • Create domain2 and a 2nd set of entities
  • Disable domain2
  • Delete domain2
  • Check entities in domain2 have been deleted
  • Check entities in self.domain are unaffected
test_delete_enabled_domain_fails()[source]

Call DELETE /domains/{domain_id} (when domain enabled).

test_delete_group()[source]

Call DELETE /groups/{group_id}.

test_delete_new_default_domain_fails()[source]
test_delete_old_default_domain()[source]
test_delete_project()[source]

Call DELETE /projects/{project_id}

As well as making sure the delete succeeds, we ensure that any credentials that reference this projects are also deleted, while other credentials are unaffected.

test_delete_role()[source]

Call DELETE /roles/{role_id}.

test_delete_user()[source]

Call DELETE /users/{user_id}.

As well as making sure the delete succeeds, we ensure that any credentials that reference this user are also deleted, while other credentials are unaffected. In addition, no tokens should remain valid for this user.

test_delete_user_and_check_role_assignment_fails()[source]

Call DELETE on the user and check the role assignment.

test_delete_user_before_removing_role_assignment_succeeds()[source]

Call DELETE on the user before the role assignment.

test_disable_domain()[source]

Call PATCH /domains/{domain_id} (set enabled=False).

test_filtered_role_assignments()[source]

Call GET /role_assignments?filters.

Test Plan:

  • Create extra users, group, role and project for tests
  • Make the following assignments: Give group1, role1 on project1 and domain Give user1, role2 on project1 and domain Make User1 a member of Group1
  • Test a series of single filter list calls, checking that the correct results are obtained
  • Test a multi-filtered list call
  • Test listing all effective roles for a given user
  • Test the equivalent of the list of roles in a project scoped token (all effective roles for a user on a project)
test_get_domain()[source]

Call GET /domains/{domain_id}.

test_get_effective_role_assignments()[source]

Call GET /role_assignments?effective.

Test Plan:

  • Create two extra user for tests
  • Add these users to a group
  • Add a role assignment for the group on a domain
  • Get a list of all role assignments, checking one has been added
  • Then get a list of all effective role assignments - the group assignment should have turned into assignments on the domain for each of the group members.
test_get_group()[source]

Call GET /groups/{group_id}.

test_get_project()[source]

Call GET /projects/{project_id}.

test_get_role()[source]

Call GET /roles/{role_id}.

test_get_role_assignments()[source]

Call GET /role_assignments.

The sample data set up already has a user, group and project that is part of self.domain. We use these plus a new user we create as our data set, making sure we ignore any role assignments that are already in existence.

Since we don’t yet support a first class entity for role assignments, we are only testing the LIST API. To create and delete the role assignments we use the old grant APIs.

Test Plan:

  • Create extra user for tests
  • Get a list of all existing role assignments
  • Add a new assignment for each of the four combinations, i.e. group+domain, user+domain, group+project, user+project, using the same role each time
  • Get a new list of all role assignments, checking these four new ones have been added
  • Then delete the four we added
  • Get a new list of all role assignments, checking the four have been removed
test_get_user()[source]

Call GET /users/{user_id}.

test_get_user_with_default_project()[source]

Call GET /users/{user_id} making sure of default_project_id.

test_list_domains()[source]

Call GET /domains.

test_list_domains_xml()[source]

Call GET /domains (xml data).

test_list_groups()[source]

Call GET /groups.

test_list_groups_for_user()[source]

Call GET /users/{user_id}/groups.

test_list_groups_xml()[source]

Call GET /groups (xml data).

test_list_projects()[source]

Call GET /projects.

test_list_projects_xml()[source]

Call GET /projects (xml data).

test_list_roles()[source]

Call GET /roles.

test_list_roles_xml()[source]

Call GET /roles (xml data).

test_list_users()[source]

Call GET /users.

test_list_users_in_group()[source]

Call GET /groups/{group_id}/users.

test_list_users_no_default_project()[source]

Call GET /users making sure no default_project_id.

test_list_users_with_multiple_backends()[source]

Call GET /users when multiple backends is enabled.

In this scenario, the controller requires a domain to be specified either as a filter or by using a domain scoped token.

test_list_users_with_static_admin_token_and_multiple_backends()[source]
test_list_users_xml()[source]

Call GET /users (xml data).

test_remove_user_from_group()[source]

Call DELETE /groups/{group_id}/users/{user_id}.

test_token_revoked_once_domain_disabled()[source]

Test token from a disabled domain has been invalidated.

Test that a token that was valid for an enabled domain becomes invalid once that domain is disabled.

test_token_revoked_once_group_role_grant_revoked()[source]

Test token is revoked when group role grant is revoked

When a role granted to a group is revoked for a given scope, all tokens related to this scope and belonging to one of the members of this group should be revoked.

The revocation should be independently to the presence of the revoke API.

test_update_domain()[source]

Call PATCH /domains/{domain_id}.

test_update_group()[source]

Call PATCH /groups/{group_id}.

test_update_group_domain_id()[source]

Call PATCH /groups/{group_id} with domain_id.

test_update_password_not_logged()[source]
test_update_project()[source]

Call PATCH /projects/{project_id}.

test_update_project_domain_id()[source]

Call PATCH /projects/{project_id} with domain_id.

test_update_role()[source]

Call PATCH /roles/{role_id}.

test_update_user()[source]

Call PATCH /users/{user_id}.

test_update_user_domain_id()[source]

Call PATCH /users/{user_id} with domain_id.

class keystone.tests.test_v3_identity.TestV3toV2Methods(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test V3 to V2 conversion methods.

setUp()[source]
test_v2controller_filter_domain_id()[source]
test_v3_to_v2_user_method()[source]
test_v3_to_v2_user_method_list()[source]
test_v3controller_filter_domain_id()[source]
class keystone.tests.test_v3_identity.UserSelfServiceChangingPasswordsTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

change_password(expected_status, **kwargs)[source]

Returns a test response for a change password request.

get_request_token(password, expected_status)[source]
setUp()[source]
test_changing_password()[source]
test_changing_password_not_logged()[source]
test_changing_password_with_disabled_user_fails()[source]
test_changing_password_with_incorrect_password_fails()[source]
test_changing_password_with_missing_original_password_fails()[source]
test_changing_password_with_missing_password_fails()[source]

test_v3_oauth1 Module

class keystone.tests.test_v3_oauth1.AccessTokenCRUDTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuthFlowTests

test_delete_access_token_dne()[source]
test_get_access_token_dne()[source]
test_get_role_in_access_token()[source]
test_get_role_in_access_token_dne()[source]
test_get_single_access_token()[source]
test_list_all_roles_in_access_token()[source]
test_list_and_delete_access_tokens()[source]
test_list_no_access_tokens()[source]
class keystone.tests.test_v3_oauth1.AuthTokenTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuthFlowTests

test_change_user_password_also_deletes_tokens()[source]
test_delete_access_token_also_revokes_token()[source]
test_delete_keystone_tokens_by_consumer_id()[source]
test_deleting_consumer_also_deletes_tokens()[source]
test_deleting_project_also_invalidates_tokens()[source]
test_keystone_token_is_valid()[source]
test_oauth_token_cannot_authorize_request_token()[source]
test_oauth_token_cannot_create_new_trust()[source]
test_oauth_token_cannot_list_request_tokens()[source]
test_token_chaining_is_not_allowed()[source]
test_trust_token_cannot_authorize_request_token()[source]
test_trust_token_cannot_list_request_tokens()[source]
class keystone.tests.test_v3_oauth1.ConsumerCRUDTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuth1Tests

test_consumer_create()[source]
test_consumer_create_no_description()[source]
test_consumer_create_none_desc_1()[source]
test_consumer_create_none_desc_2()[source]
test_consumer_create_normalize_field()[source]
test_consumer_delete()[source]
test_consumer_get()[source]
test_consumer_get_bad_id()[source]
test_consumer_list()[source]
test_consumer_update()[source]
test_consumer_update_bad_id()[source]
test_consumer_update_bad_secret()[source]
test_consumer_update_normalize_field()[source]
class keystone.tests.test_v3_oauth1.JsonHomeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuth1Tests, keystone.tests.test_v3.JsonHomeTestMixin

JSON_HOME_DATA = {'http://docs.openstack.org/api/openstack-identity/3/ext/OS-OAUTH1/1.0/rel/consumers': {'href': '/OS-OAUTH1/consumers'}}
class keystone.tests.test_v3_oauth1.MaliciousOAuth1Tests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuth1Tests

test_bad_authorizing_roles()[source]
test_bad_consumer_secret()[source]
test_bad_request_token_key()[source]
test_bad_verifier()[source]
test_expired_authorizing_request_token()[source]
test_expired_creating_keystone_token()[source]
class keystone.tests.test_v3_oauth1.OAuth1Tests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

CONSUMER_URL = '/OS-OAUTH1/consumers'
EXTENSION_NAME = 'oauth1'
EXTENSION_TO_ADD = 'oauth1_extension'
setUp()[source]
class keystone.tests.test_v3_oauth1.OAuthFlowTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuth1Tests

test_oauth_flow()[source]

test_v3_os_revoke Module

class keystone.tests.test_v3_os_revoke.OSRevokeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3.JsonHomeTestMixin

EXTENSION_NAME = 'revoke'
EXTENSION_TO_ADD = 'revoke_extension'
JSON_HOME_DATA = {'http://docs.openstack.org/api/openstack-identity/3/ext/OS-REVOKE/1.0/rel/events': {'href': '/OS-REVOKE/events'}}
assertReportedEventMatchesRecorded(event, sample, before_time)[source]
test_disabled_domain_in_list()[source]
test_disabled_project_in_list()[source]
test_get_empty_list()[source]
test_list_since_invalid()[source]
test_list_since_valid()[source]
test_revoked_token_in_list()[source]
test_since_future_time_no_events()[source]

test_v3_policy Module

class keystone.tests.test_v3_policy.PolicyTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test policy CRUD.

setUp()[source]
test_create_policy()[source]

Call POST /policies.

test_delete_policy()[source]

Call DELETE /policies/{policy_id}.

test_get_policy()[source]

Call GET /policies/{policy_id}.

test_list_policies()[source]

Call GET /policies.

test_list_policies_xml()[source]

Call GET /policies (xml data).

test_update_policy()[source]

Call PATCH /policies/{policy_id}.

test_v3_protection Module

class keystone.tests.test_v3_protection.IdentityTestProtectedCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test policy enforcement on the v3 Identity API.

load_sample_data()[source]
setUp()[source]

Setup for Identity Protection Test Cases.

As well as the usual housekeeping, create a set of domains, users, roles and projects for the subsequent tests:

  • Three domains: A,B & C. C is disabled.
  • DomainA has user1, DomainB has user2 and user3
  • DomainA has group1 and group2, DomainB has group3
  • User1 has two roles on DomainA
  • User2 has one role on DomainA

Remember that there will also be a fourth domain in existence, the default domain.

test_get_user_protected_match_id()[source]

GET /users/{id} (match payload)

Test Plan:

  • Update policy to protect api by user_id
  • List users with user_id of user1 as filter, to check that this will correctly match user_id in the flattened payload
test_get_user_protected_match_target()[source]

GET /users/{id} (match target)

Test Plan:

  • Update policy to protect api by domain_id
  • Try and read a user who is in DomainB with a token scoped to Domain A - this should fail
  • Retry this for a user who is in Domain A, which should succeed.
  • Finally, try getting a user that does not exist, which should still return UserNotFound
test_list_groups_protected_by_domain()[source]

GET /groups?domain_id=mydomain (protected)

Test Plan:

  • Update policy to protect api by domain_id
  • List groups using a token scoped to domainA and make sure we only get back the two groups that are in domainA
  • Try and read the groups from domainB - this should fail since we don’t have a token scoped for domainB
test_list_groups_protected_by_domain_and_filtered()[source]

GET /groups?domain_id=mydomain&name=myname (protected)

Test Plan:

  • Update policy to protect api by domain_id
  • List groups using a token scoped to domainA with a filter specifying both domainA and the name of group.
  • We should only get back the group in domainA that matches the name
test_list_users_filtered_by_domain()[source]

GET /users?domain_id=mydomain (filtered)

Test Plan:

  • Update policy so api is unprotected
  • Use an un-scoped token to make sure we can filter the users by domainB, getting back the 2 users in that domain
test_list_users_protected_by_domain()[source]

GET /users?domain_id=mydomain (protected)

Test Plan:

  • Update policy to protect api by domain_id
  • List groups using a token scoped to domainA with a filter specifying domainA - we should only get back the one user that is in domainA.
  • Try and read the users from domainB - this should fail since we don’t have a token scoped for domainB
test_list_users_unprotected()[source]

GET /users (unprotected)

Test Plan:

  • Update policy so api is unprotected
  • Use an un-scoped token to make sure we can get back all the users independent of domain
test_revoke_grant_protected_match_target()[source]

DELETE /domains/{id}/users/{id}/roles/{id} (match target)

Test Plan:

  • Update policy to protect api by domain_id of entities in the grant
  • Try and delete the existing grant that has a user who is from a different domain - this should fail.
  • Retry this for a user who is in Domain A, which should succeed.
class keystone.tests.test_v3_protection.IdentityTestv3CloudPolicySample(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test policy enforcement of the sample v3 cloud policy file.

load_sample_data()[source]
setUp()[source]

Setup for v3 Cloud Policy Sample Test Cases.

The following data is created:

  • Three domains: domainA, domainB and admin_domain
  • One project, which name is ‘project’
  • domainA has three users: domain_admin_user, project_admin_user and just_a_user:
    • domain_admin_user has role ‘admin’ on domainA,
    • project_admin_user has role ‘admin’ on the project,
    • just_a_user has a non-admin role on both domainA and the project.
  • admin_domain has user cloud_admin_user, with an ‘admin’ role on admin_domain.

We test various api protection rules from the cloud sample policy file to make sure the sample is valid and that we correctly enforce it.

test_cloud_admin()[source]
test_domain_grants()[source]
test_domain_grants_by_cloud_admin()[source]
test_list_user_credentials()[source]
test_project_grants()[source]
test_project_grants_by_domain_admin()[source]
test_project_management()[source]
test_user_management()[source]
test_user_management_by_cloud_admin()[source]

test_validation Module

class keystone.tests.test_validation.CredentialValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Credential API validation.

setUp()[source]
test_validate_credential_succeeds()[source]

Test that we validate a credential request.

test_validate_credential_update_succeeds()[source]

Test that a credential request is properly validated.

test_validate_credential_update_with_extra_parameters_succeeds()[source]

Validate credential update with extra parameters.

test_validate_credential_update_without_parameters_fails()[source]

Exception is raised on update without parameters.

test_validate_credential_with_extra_parameters_succeeds()[source]

Validate create request with extra parameters.

test_validate_credential_with_types_succeeds()[source]

Test that credential type works for ec2 and cert.

test_validate_credential_without_blob_fails()[source]

Exception raised without blob in create request.

test_validate_credential_without_type_fails()[source]

Exception raised without type in create request.

test_validate_credential_without_user_id_fails()[source]

Exception raised without user_id in create request.

class keystone.tests.test_validation.DomainValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Domain API validation.

setUp()[source]
test_validate_domain_request()[source]

Make sure we successfully validate a create domain request.

test_validate_domain_request_with_enabled()[source]

Validate enabled as boolean-like values for domains.

test_validate_domain_request_with_invalid_description_fails()[source]

Exception is raised when description is a non-string value.

test_validate_domain_request_with_invalid_enabled_fails()[source]

Exception is raised when enabled isn’t a boolean-like value.

test_validate_domain_request_with_name_too_long()[source]

Exception is raised when name is too long.

test_validate_domain_request_with_name_too_short()[source]

Exception raised when name is too short.

test_validate_domain_request_with_valid_description()[source]

Test that we validate description in create domain requests.

test_validate_domain_request_without_name_fails()[source]

Make sure we raise an exception when name isn’t included.

test_validate_domain_update_request()[source]

Test that we validate a domain update request.

test_validate_domain_update_request_with_name_too_long_fails()[source]

Exception raised when updating a domain with name too long.

test_validate_domain_update_request_with_name_too_short_fails()[source]

Exception raised when updating a domain with name too short.

test_validate_domain_update_request_with_no_parameters_fails()[source]

Exception is raised when updating a domain without parameters.

class keystone.tests.test_validation.EndpointValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Endpoint API validation.

setUp()[source]
test_validate_create_endpoint_fails_with_invalid_enabled()[source]

Exception raised when boolean-like values as enabled.

test_validate_endpoint_create_fails_with_invalid_interface()[source]

Exception raised with invalid interface.

test_validate_endpoint_create_fails_with_invalid_url()[source]

Exception raised when passing invalid url in request.

test_validate_endpoint_create_fails_without_interface()[source]

Exception raised when interface isn’t in endpoint request.

test_validate_endpoint_create_fails_without_service_id()[source]

Exception raised when service_id isn’t in endpoint request.

test_validate_endpoint_create_fails_without_url()[source]

Exception raised when url isn’t in endpoint request.

test_validate_endpoint_create_succeeds_with_extra_parameters()[source]

Test that extra parameters pass validation on create endpoint.

test_validate_endpoint_create_succeeds_with_required_parameters()[source]

Validate an endpoint request with only the required parameters.

test_validate_endpoint_create_succeeds_with_url()[source]

Validate url attribute in endpoint create request.

test_validate_endpoint_create_succeeds_with_valid_enabled()[source]

Validate an endpoint with boolean values.

Validate boolean values as enabled in endpoint create requests.

test_validate_endpoint_request_succeeds()[source]

Test that we validate an endpoint request.

test_validate_endpoint_update_fails_with_invalid_enabled()[source]

Exception raised when enabled is boolean-like value.

test_validate_endpoint_update_fails_with_invalid_interface()[source]

Exception raised when invalid interface on endpoint update.

test_validate_endpoint_update_fails_with_invalid_url()[source]

Exception raised when passing invalid url in request.

test_validate_endpoint_update_fails_with_no_parameters()[source]

Exception raised when no parameters on endpoint update.

test_validate_endpoint_update_request_succeeds()[source]

Test that we validate an endpoint update request.

test_validate_endpoint_update_succeeds_with_extra_parameters()[source]

Test that extra parameters pass validation on update endpoint.

test_validate_endpoint_update_succeeds_with_url()[source]

Validate url attribute in endpoint update request.

test_validate_endpoint_update_succeeds_with_valid_enabled()[source]

Validate enabled as boolean values.

class keystone.tests.test_validation.EntityValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

setUp()[source]
test_create_entity_with_all_valid_parameters_validates()[source]

Validate all parameter values against test schema.

test_create_entity_with_invalid_email_fails()[source]

Validate invalid email address.

Test that an exception is raised when validating improperly formatted email addresses.

test_create_entity_with_invalid_enabled_format_raises_exception()[source]

Validate invalid enabled formats.

Test that an exception is raised when passing invalid boolean-like values as enabled.

test_create_entity_with_invalid_id_strings()[source]

Exception raised when using invalid id strings.

test_create_entity_with_invalid_urls_fails()[source]

Test that an exception is raised when validating improper urls.

test_create_entity_with_name_too_long_raises_exception()[source]

Validate long names.

Validate that an exception is raised when validating a string of 255+ characters passed in as a name.

test_create_entity_with_name_too_short_raises_exception()[source]

Validate short names.

Test that an exception is raised when passing a string of length zero as a name parameter.

test_create_entity_with_null_id_string()[source]

Validate that None is an acceptable optional string type.

test_create_entity_with_null_string_succeeds()[source]

Exception raised when passing None on required id strings.

test_create_entity_with_only_required_valid_parameters_validates()[source]

Validate correct for only parameters values against test schema.

test_create_entity_with_unicode_name_validates()[source]

Test that we successfully validate a unicode string.

test_create_entity_with_valid_email_validates()[source]

Validate email address

Test that we successfully validate properly formatted email addresses.

test_create_entity_with_valid_enabled_formats_validates()[source]

Validate valid enabled formats.

Test that we have successful validation on boolean values for enabled.

test_create_entity_with_valid_id_strings()[source]

Validate acceptable id strings.

test_create_entity_with_valid_urls_validates()[source]

Test that proper urls are successfully validated.

test_update_entity_with_a_null_optional_parameter_validates()[source]

Optional parameters can be null to removed the value.

test_update_entity_with_a_required_null_parameter_fails()[source]

The name parameter can’t be null.

test_update_entity_with_a_valid_optional_parameter_validates()[source]

Succeeds with only a single valid optional parameter.

test_update_entity_with_a_valid_required_parameter_validates()[source]

Succeed if a valid required parameter is provided.

test_update_entity_with_all_parameters_valid_validates()[source]

Simulate updating an entity by ID.

test_update_entity_with_invalid_optional_parameter_fails()[source]

Fails when an optional parameter is invalid.

test_update_entity_with_invalid_required_parameter_fails()[source]

Fail if a provided required parameter is invalid.

test_update_entity_with_no_parameters_fails()[source]

At least one parameter needs to be present for an update.

class keystone.tests.test_validation.PolicyValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Policy API validation.

setUp()[source]
test_validate_policy_create_with_extra_parameters_succeeds()[source]

Validate policy create with extra parameters.

test_validate_policy_create_with_invalid_type_fails()[source]

Exception raised when blob and type are boolean.

test_validate_policy_succeeds()[source]

Test that we validate a create policy request.

test_validate_policy_update_succeeds()[source]

Test that we validate a policy update request.

test_validate_policy_update_with_extra_parameters_succeeds()[source]

Validate policy update request with extra parameters.

test_validate_policy_update_with_invalid_type_fails()[source]

Exception raised when invalid type on policy update.

test_validate_policy_update_without_parameters_fails()[source]

Exception raised when updating policy without parameters.

test_validate_policy_without_blob_fails()[source]

Exception raised without blob in request.

test_validate_policy_without_type_fails()[source]

Exception raised without type in request.

class keystone.tests.test_validation.ProjectValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Project API validation.

setUp()[source]
test_validate_project_request()[source]

Test that we validate a project with name in request.

test_validate_project_request_with_enabled()[source]

Validate enabled as boolean-like values for projects.

test_validate_project_request_with_invalid_description_fails()[source]

Exception is raised when description as a non-string value.

test_validate_project_request_with_invalid_enabled_fails()[source]

Exception is raised when enabled isn’t a boolean-like value.

test_validate_project_request_with_name_too_long()[source]

Exception is raised when name is too long.

test_validate_project_request_with_name_too_short()[source]

Exception raised when name is too short.

test_validate_project_request_with_valid_description()[source]

Test that we validate description in create project requests.

test_validate_project_request_without_name_fails()[source]

Validate project request fails without name.

test_validate_project_update_request()[source]

Test that we validate a project update request.

test_validate_project_update_request_with_name_too_long_fails()[source]

Exception raised when updating a project with name too long.

test_validate_project_update_request_with_name_too_short_fails()[source]

Exception raised when updating a project with name too short.

test_validate_project_update_request_with_no_parameters_fails()[source]

Exception is raised when updating project without parameters.

test_validate_project_update_request_with_null_domain_id_fails()[source]
class keystone.tests.test_validation.RegionValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Region API validation.

setUp()[source]
test_validate_region_create_fails_with_invalid_url()[source]

Exception raised when passing invalid url in request.

test_validate_region_create_request_with_parameters()[source]

Test that we validate a region request with parameters.

test_validate_region_create_succeeds_with_extra_parameters()[source]

Validate create region request with extra values.

test_validate_region_create_succeeds_with_url()[source]

Validate url attribute in region create request.

test_validate_region_create_with_uuid()[source]

Test that we validate a region request with a UUID as the id.

test_validate_region_request()[source]

Test that we validate a basic region request.

test_validate_region_update_fails_with_invalid_url()[source]

Exception raised when passing invalid url in request.

test_validate_region_update_fails_with_no_parameters()[source]

Exception raised when passing no parameters in a region update.

test_validate_region_update_succeeds()[source]

Test that we validate a region update request.

test_validate_region_update_succeeds_with_extra_parameters()[source]

Validate extra attributes in the region update request.

test_validate_region_update_succeeds_with_url()[source]

Validate url attribute in region update request.

class keystone.tests.test_validation.RoleValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Role API validation.

setUp()[source]
test_validate_role_create_when_name_is_not_string_fails()[source]

Exception is raised on role create with a non-string name.

test_validate_role_create_without_name_raises_exception()[source]

Test that we raise an exception when name isn’t included.

test_validate_role_request()[source]

Test we can successfully validate a create role request.

test_validate_role_update_fails_with_invalid_name_fails()[source]

Exception when validating an update request with invalid name.

test_validate_role_update_request()[source]

Test that we validate a role update request.

class keystone.tests.test_validation.ServiceValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Service API validation.

setUp()[source]
test_validate_service_create_fails_when_name_too_long()[source]

Exception raised when name is greater than 255 characters.

test_validate_service_create_fails_when_name_too_short()[source]

Exception is raised when name is too short.

test_validate_service_create_fails_when_type_too_long()[source]

Exception is raised when type is too long.

test_validate_service_create_fails_when_type_too_short()[source]

Exception is raised when type is too short.

test_validate_service_create_fails_with_invalid_enabled()[source]

Exception raised when boolean-like parameters as enabled

On service create, make sure an exception is raised if enabled is not a boolean value.

test_validate_service_create_fails_without_type()[source]

Exception raised when trying to create a service without type.

test_validate_service_create_succeeds()[source]

Test that we validate a service create request.

test_validate_service_create_succeeds_with_extra_parameters()[source]

Test that extra parameters pass validation on create service.

test_validate_service_create_succeeds_with_required_parameters()[source]

Validate a service create request with the required parameters.

test_validate_service_create_succeeds_with_valid_enabled()[source]

Validate boolean values as enabled values on service create.

test_validate_service_update_fails_with_invalid_enabled()[source]

Exception raised when boolean-like values as enabled.

test_validate_service_update_fails_with_name_too_long()[source]

Exception is raised when name is too long on update.

test_validate_service_update_fails_with_name_too_short()[source]

Exception is raised when name is too short on update.

test_validate_service_update_fails_with_no_parameters()[source]

Exception raised when updating a service without values.

test_validate_service_update_fails_with_type_too_long()[source]

Exception is raised when type is too long on update.

test_validate_service_update_fails_with_type_too_short()[source]

Exception is raised when type is too short on update.

test_validate_service_update_request_succeeds()[source]

Test that we validate a service update request.

test_validate_service_update_succeeds_with_extra_parameters()[source]

Validate updating a service with extra parameters.

test_validate_service_update_succeeds_with_valid_enabled()[source]

Validate boolean formats as enabled on service update.

class keystone.tests.test_validation.TrustValidationTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Test for V3 Trust API validation.

setUp()[source]
test_validate_trust_succeeds()[source]

Test that we can validate a trust request.

test_validate_trust_with_all_parameters_succeeds()[source]

Test that we can validate a trust request with all parameters.

test_validate_trust_with_extra_parameters_succeeds()[source]

Test that we can validate a trust request with extra parameters.

test_validate_trust_with_invalid_expires_at_fails()[source]

Validate trust request with invalid expires_at fails.

test_validate_trust_with_invalid_impersonation_fails()[source]

Validate trust request with invalid impersonation fails.

test_validate_trust_with_invalid_role_type_fails()[source]

Validate trust request with invalid roles fails.

test_validate_trust_with_list_of_valid_roles_succeeds()[source]

Validate trust request with a list of valid roles.

test_validate_trust_with_null_remaining_uses_succeeds()[source]

Validate trust request with null remaining_uses.

test_validate_trust_with_remaining_uses_succeeds()[source]

Validate trust request with remaining_uses succeeds.

test_validate_trust_with_role_types_succeeds()[source]

Validate trust request with roles succeeds.

test_validate_trust_without_impersonation_fails()[source]

Validate trust request fails without impersonation.

test_validate_trust_without_trustee_id_fails()[source]

Validate trust request fails without trustee_id.

test_validate_trust_without_trustor_id_fails()[source]

Validate trust request fails without trustor_id.

test_versions Module

class keystone.tests.test_versions.VersionInheritEnabledTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_json_home_v3()[source]
class keystone.tests.test_versions.VersionSingleAppTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Tests running with a single application loaded.

These are important because when Keystone is running in Apache httpd there’s only one application loaded for each instance.

config_overrides()[source]
setUp()[source]
test_admin()[source]
test_public()[source]
class keystone.tests.test_versions.VersionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_accept_type_handling()[source]
test_admin_version_v2()[source]
test_admin_version_v3()[source]
test_admin_versions()[source]
test_json_home_root()[source]
test_json_home_v3()[source]
test_public_version_v2()[source]
test_public_version_v3()[source]
test_public_versions()[source]
test_use_site_url_if_endpoint_unset()[source]
test_use_site_url_if_endpoint_unset_v2()[source]
test_use_site_url_if_endpoint_unset_v3()[source]
test_v2_disabled(*args, **keywargs)[source]
test_v3_disabled(*args, **keywargs)[source]
class keystone.tests.test_versions.XmlVersionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

DOC_INTRO = '<?xml version="1.0" encoding="UTF-8"?>'
REQUEST_HEADERS = {'Accept': 'application/xml'}
VERSIONS_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<versions xmlns="http://docs.openstack.org/identity/api/v2.0">\n\n<version status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n\n<version status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n</version>\n\n</versions>\n'
XML_NAMESPACE_ATTR = 'xmlns="http://docs.openstack.org/identity/api/v2.0"'
XML_NAMESPACE_V3 = 'xmlns="http://docs.openstack.org/identity/api/v3"'
config_overrides()[source]
setUp()[source]
test_admin_version_v2()[source]
test_admin_version_v3()[source]
test_admin_versions()[source]
test_public_version_v2()[source]
test_public_version_v3()[source]
test_public_versions()[source]
test_use_site_url_if_endpoint_unset()[source]
test_v2_disabled(*args, **keywargs)[source]
test_v3_disabled(*args, **keywargs)[source]
v2_VERSION_DATA = '\n<version %(v2_namespace)s status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n </links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n</version>\n'
v2_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v2.0" status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n</version>\n'
v3_VERSION_DATA = '\n<version %(v3_namespace)s status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'
v3_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v3" status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'

test_wsgi Module

class keystone.tests.test_wsgi.ApplicationTest(*args, **kwargs)[source]

Bases: keystone.tests.test_wsgi.BaseWSGITest

test_application_local_config()[source]
test_attribute_missing_from_request()[source]
test_headers_available()[source]
test_no_required_attributes_present()[source]
test_query_string_available()[source]
test_render_exception()[source]
test_render_exception_host()[source]
test_render_response()[source]
test_render_response_custom_headers()[source]
test_render_response_custom_status()[source]
test_render_response_head_with_body()[source]
test_render_response_no_body()[source]
test_require_attribute_fail_if_attribute_not_present()[source]
test_response_content_type()[source]
test_successful_require_attribute()[source]
test_successful_require_multiple_attributes()[source]
class keystone.tests.test_wsgi.BaseWSGITest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
class keystone.tests.test_wsgi.ExtensionRouterTest(*args, **kwargs)[source]

Bases: keystone.tests.test_wsgi.BaseWSGITest

test_extensionrouter_local_config()[source]
class keystone.tests.test_wsgi.FakeApp(*args, **kwargs)[source]

Bases: keystone.common.wsgi.Application

index(context)[source]
class keystone.tests.test_wsgi.FakeAttributeCheckerApp(*args, **kwargs)[source]

Bases: keystone.common.wsgi.Application

assert_attribute(body, attr)[source]

Asserts that the given request has a certain attribute.

assert_attributes(body, attr)[source]

Asserts that the given request has a certain set attributes.

index(context)[source]
class keystone.tests.test_wsgi.LocalizedResponseTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_get_localized_response(*args, **keywargs)[source]
test_request_match_default()[source]
test_request_match_language_expected(*args, **keywargs)[source]
test_request_match_language_unexpected(*args, **keywargs)[source]
test_static_translated_string_is_lazy_translatable()[source]
class keystone.tests.test_wsgi.MiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.test_wsgi.BaseWSGITest

test_middleware_bad_request()[source]
test_middleware_exception_error()[source]
test_middleware_local_config()[source]
test_middleware_request()[source]
test_middleware_response()[source]
test_middleware_type_error()[source]
class keystone.tests.test_wsgi.ServerTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_client_socket_timeout()[source]
test_keepalive_and_keepidle_set(*args, **keywargs)[source]
test_keepalive_set(*args, **keywargs)[source]
test_keepalive_unset(*args, **keywargs)[source]
test_wsgi_keep_alive()[source]

utils Module

Useful utilities for tests.

keystone.tests.utils.new_uuid()[source]

Return a string UUID.

Table Of Contents

Previous topic

backends Package

Next topic

ksfixtures Package

This Page