tests Package
tests Package
core Module
-
class keystone.tests.core.BaseTestCase(*args, **kwds)[source]
Bases: oslotest.base.BaseTestCase
Light weight base test class.
This is a placeholder that will eventually go away once thc
setup/teardown in TestCase is properly trimmed down to the bare
essentials. This is really just a play to speed up the tests by
eliminating unnecessary work.
-
cleanup_instance(*names)[source]
Create a function suitable for use with self.addCleanup.
Returns: | a callable that uses a closure to delete instance attributes |
-
class keystone.tests.core.SQLDriverOverrides[source]
Bases: object
A mixin for consolidating sql-specific test overrides.
-
config_overrides()[source]
-
class keystone.tests.core.TestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.BaseTestCase
-
add_path(path)[source]
-
assertCloseEnoughForGovernmentWork(a, b, delta=3)[source]
Asserts that two datetimes are nearly equal within a small delta.
Parameters: | delta – Maximum allowable time delta, defined in seconds. |
-
assertDictContainsSubset(expected, actual, msg=None)[source]
Checks whether actual is a superset of expected.
-
assertDictEqual(d1, d2, msg=None)[source]
-
assertNotEmpty(l)[source]
-
assertRaisesRegexp(expected_exception, expected_regexp, callable_obj, *args, **kwargs)[source]
Asserts that the message in a raised exception matches a regexp.
-
assertSetEqual(set1, set2, msg=None)[source]
-
auth_plugin_config_override(methods=None, **method_classes)[source]
-
clear_auth_plugin_registry()[source]
-
client(app, *args, **kw)[source]
-
config(config_files)[source]
-
config_files()[source]
-
config_overrides()[source]
-
ipv6_enabled[source]
-
load_backends()[source]
Initializes each manager and assigns them to an attribute.
-
load_fixtures(fixtures)[source]
Hacky basic and naive fixture loading based on a python module.
Expects that the various APIs into the various services are already
defined on self.
-
loadapp(config, name='main')[source]
-
setUp()[source]
-
skip_if_env_not_set(env_var)[source]
-
skip_if_no_ipv6()[source]
-
class keystone.tests.core.TestClient(app=None, token=None)[source]
Bases: object
-
get(path, headers=None)[source]
-
post(path, headers=None, body=None)[source]
-
put(path, headers=None, body=None)[source]
-
request(method, path, headers=None, body=None)[source]
-
exception keystone.tests.core.UnexpectedExit[source]
Bases: exceptions.Exception
-
keystone.tests.core.checkout_vendor(repo, rev)[source]
-
class keystone.tests.core.dirs[source]
-
static etc(*p)[source]
-
static root(*p)[source]
-
static tests(*p)[source]
-
static tests_conf(*p)[source]
-
static tmp(*p)[source]
-
keystone.tests.core.generate_paste_config(extension_name)[source]
-
keystone.tests.core.remove_generated_paste_config(extension_name)[source]
-
keystone.tests.core.remove_test_databases()[source]
-
keystone.tests.core.skip_if_cache_disabled(*sections)[source]
This decorator is used to skip a test if caching is disabled either
globally or for the specific section.
In the code fragment:
@skip_if_cache_is_disabled('assignment', 'token')
def test_method(*args):
...
The method test_method would be skipped if caching is disabled globally via
the enabled option in the cache section of the configuration or if
the caching option is set to false in either assignment or token
sections of the configuration. This decorator can be used with no
arguments to only check global caching.
If a specified configuration section does not define the caching option,
this decorator makes the same assumption as the should_cache_fn in
keystone.common.cache that caching should be enabled.
-
keystone.tests.core.skip_if_no_multiple_domains_support(f)[source]
This decorator is used to skip a test if an identity driver
does not support multiple domains.
default_fixtures Module
fakeldap Module
Fake LDAP server for test harness.
This class does very little error checking, and knows nothing about ldap
class definitions. It implements the minimum emulation of the python ldap
library to work with nova.
-
class keystone.tests.fakeldap.FakeLdap(conn=None)[source]
Bases: keystone.common.ldap.core.LDAPHandler
Emulate the python-ldap API.
The python-ldap API requires all strings to be UTF-8 encoded. This
is assured by the caller of this interface
(i.e. KeystoneLDAPHandler).
However, internally this emulation MUST process and store strings
in a canonical form which permits operations on
characters. Encoded strings do not provide the ability to operate
on characters. Therefore this emulation accepts UTF-8 encoded
strings, decodes them to unicode for operations internal to this
emulation, and encodes them back to UTF-8 when returning values
from the emulation.
-
add_s(dn, modlist)[source]
Add an object with the specified attributes at dn.
-
connect(url, page_size=0, alias_dereferencing=None, use_tls=False, tls_cacertfile=None, tls_cacertdir=None, tls_req_cert='demand', chase_referrals=None, debug_level=None, use_pool=None, pool_size=None, pool_retry_max=None, pool_retry_delay=None, pool_conn_timeout=None, pool_conn_lifetime=None)[source]
-
delete_ext_s(dn, serverctrls, clientctrls=None)[source]
Remove the ldap object at specified dn.
-
delete_s(dn)[source]
Remove the ldap object at specified dn.
-
dn(dn)[source]
-
get_option(option)[source]
-
key(dn)[source]
-
modify_s(dn, modlist)[source]
Modify the object at dn using the attribute list.
Parameters: |
- dn – an LDAP DN
- modlist – a list of tuples in the following form:
([MOD_ADD | MOD_DELETE | MOD_REPACE], attribute, value)
|
-
result3(msgid=-1, all=1, timeout=None, resp_ctrl_classes=None)[source]
-
search_ext(base, scope, filterstr='(objectClass=*)', attrlist=None, attrsonly=0, serverctrls=None, clientctrls=None, timeout=-1, sizelimit=0)[source]
-
search_s(base, scope, filterstr='(objectClass=*)', attrlist=None, attrsonly=0)[source]
Search for all matching objects under base using the query.
Args:
base – dn to search under
scope – only SCOPE_BASE and SCOPE_SUBTREE are supported
filterstr – filter objects by
attrlist – attrs to return. Returns all attrs if not specified
-
set_option(option, invalue)[source]
-
simple_bind_s(who='', cred='', serverctrls=None, clientctrls=None)[source]
This method is ignored, but provided for compatibility.
-
unbind_s()[source]
This method is ignored, but provided for compatibility.
-
class keystone.tests.fakeldap.FakeLdapNoSubtreeDelete(conn=None)[source]
Bases: keystone.tests.fakeldap.FakeLdap
FakeLdap subclass that does not support subtree delete
Same as FakeLdap except delete will throw the LDAP error
ldap.NOT_ALLOWED_ON_NONLEAF if there is an attempt to delete
an entry that has children.
-
delete_ext_s(dn, serverctrls, clientctrls=None)[source]
Remove the ldap object at specified dn.
-
delete_s(dn)[source]
-
class keystone.tests.fakeldap.FakeLdapPool(uri, retry_max=None, retry_delay=None, conn=None)[source]
Bases: keystone.tests.fakeldap.FakeLdap
Emulate the python-ldap API with pooled connections using existing
FakeLdap logic.
This class is used as connector class in PooledLDAPHandler.
-
get_lifetime()[source]
-
simple_bind_s(who=None, cred=None, serverctrls=None, clientctrls=None)[source]
-
unbind_ext_s()[source]
Added to extend FakeLdap as connector class.
-
class keystone.tests.fakeldap.FakeShelve[source]
Bases: dict
-
sync()[source]
federation_fixtures Module
filtering Module
-
class keystone.tests.filtering.FilterTests[source]
Bases: object
identity_mapping Module
-
keystone.tests.identity_mapping.list_id_mappings()[source]
List all id_mappings for testing purposes.
mapping_fixtures Module
Fixtures for Federation Mapping.
matchers Module
-
class keystone.tests.matchers.XMLEquals(expected)[source]
Bases: object
Parses two XML documents from strings and compares the results.
-
match(other)[source]
-
class keystone.tests.matchers.XMLMismatch(expected, other)[source]
Bases: testtools.matchers._impl.Mismatch
-
describe()[source]
rest Module
-
class keystone.tests.rest.RestfulTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Performs restful tests against the WSGI app over HTTP.
This class launches public & admin WSGI servers for every test, which can
be accessed by calling public_request() or admin_request(),
respectfully.
restful_request() and request() methods are also exposed if you
need to bypass restful conventions or access HTTP details in your test
implementation.
Three new asserts are provided:
- assertResponseSuccessful: called automatically for every request
unless an expected_status is provided
- assertResponseStatus: called instead of assertResponseSuccessful,
if an expected_status is provided
- assertValidResponseHeaders: validates that the response headers
appear as expected
Requests are automatically serialized according to the defined
content_type. Responses are automatically deserialized as well, and
available in the response.body attribute. The original body content is
available in the response.raw attribute.
-
admin_request(**kwargs)[source]
-
assertResponseStatus(response, expected_status)[source]
Asserts a specific status code on the response.
Parameters: |
- response – httplib.HTTPResponse
- expected_status – The specific status result expected
|
example:
self.assertResponseStatus(response, 204)
-
assertResponseSuccessful(response)[source]
Asserts that a status code lies inside the 2xx range.
Parameters: | response – httplib.HTTPResponse to be
verified to have a status code between 200 and 299. |
example:
self.assertResponseSuccessful(response)
-
assertValidErrorResponse(response, expected_status=400)[source]
Verify that the error response is valid.
Subclasses can override this function based on the expected response.
Ensures that response headers appear as expected.
-
content_type = 'json'
-
get_scoped_token(tenant_id=None)[source]
Convenience method so that we can test authenticated requests.
-
get_unscoped_token()[source]
Convenience method so that we can test authenticated requests.
-
public_request(**kwargs)[source]
-
request(app, path, body=None, headers=None, token=None, expected_status=None, **kwargs)[source]
-
restful_request(method='GET', headers=None, body=None, content_type=None, response_content_type=None, **kwargs)[source]
Serializes/deserializes json/xml as request/response body.
Warning
- Existing Accept header will be overwritten.
- Existing Content-Type header will be overwritten.
-
setUp(app_conf='keystone')[source]
test_associate_project_endpoint_extension Module
-
class keystone.tests.test_associate_project_endpoint_extension.EndpointFilterCRUDTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase
-
test_check_endpoint_project_association()[source]
HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Valid project and endpoint id test case.
-
test_check_endpoint_project_association_with_invalid_endpoint()[source]
HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid endpoint id test case.
-
test_check_endpoint_project_association_with_invalid_project()[source]
HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid project id test case.
-
test_create_endpoint_project_association()[source]
PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Valid endpoint and project id test case.
-
test_create_endpoint_project_association_with_invalid_endpoint()[source]
PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid endpoint id test case.
-
test_create_endpoint_project_association_with_invalid_project()[source]
PUT OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid project id test case.
-
test_create_endpoint_project_association_with_unexpected_body()[source]
PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Unexpected body in request. The body should be ignored.
-
test_endpoint_project_association_cleanup_when_endpoint_deleted()[source]
-
test_endpoint_project_association_cleanup_when_project_deleted()[source]
-
test_list_endpoints_associated_with_invalid_project()[source]
GET /OS-EP-FILTER/projects/{project_id}/endpoints
Invalid project id test case.
-
test_list_endpoints_associated_with_valid_project()[source]
GET /OS-EP-FILTER/projects/{project_id}/endpoints
Valid project and endpoint id test case.
-
test_list_projects_associated_with_endpoint()[source]
GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects
Valid endpoint-project association test case.
-
test_list_projects_associated_with_invalid_endpoint()[source]
GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects
Invalid endpoint id test case.
-
test_list_projects_with_no_endpoint_project_association()[source]
GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects
Valid endpoint id but no endpoint-project associations test case.
-
test_remove_endpoint_project_association()[source]
DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Valid project id and endpoint id test case.
-
test_remove_endpoint_project_association_with_invalid_endpoint()[source]
DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid endpoint id test case.
-
test_remove_endpoint_project_association_with_invalid_project()[source]
DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid project id test case.
-
class keystone.tests.test_associate_project_endpoint_extension.EndpointFilterTokenRequestTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase
-
test_default_scoped_token_using_endpoint_filter()[source]
Verify endpoints from default scoped token filtered.
-
test_default_scoped_token_with_no_catalog_using_endpoint_filter()[source]
Verify endpoint filter when default scoped token returns no catalog.
Test that the default project scoped token response is valid for a
given endpoint-project association when no service catalog is returned.
-
test_default_scoped_token_with_no_endpoint_project_association()[source]
Verify endpoint filter when no endpoint-project association.
Test that the default project scoped token response is valid when
there are no endpoint-project associations defined.
-
test_disabled_endpoint()[source]
Test that a disabled endpoint is handled.
-
test_invalid_endpoint_project_association()[source]
Verify an invalid endpoint-project association is handled.
-
test_project_scoped_token_using_endpoint_filter()[source]
Verify endpoints from project scoped token filtered.
-
test_project_scoped_token_with_no_catalog_using_endpoint_filter()[source]
Verify endpoint filter when project scoped token returns no catalog.
Test that the project scoped token response is valid for a given
endpoint-project association when no service catalog is returned.
-
test_project_scoped_token_with_no_endpoint_project_association()[source]
Verify endpoint filter when no endpoint-project association.
Test that the project scoped token response is valid when there are
no endpoint-project associations defined.
-
class keystone.tests.test_associate_project_endpoint_extension.EndpointGroupCRUDTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase
-
DEFAULT_ENDPOINT_GROUP_BODY = {'endpoint_group': {'description': 'endpoint group description', 'filters': {'interface': 'admin'}, 'name': 'endpoint_group_name'}}
-
DEFAULT_ENDPOINT_GROUP_URL = '/OS-EP-FILTER/endpoint_groups'
-
test_add_endpoint_group_to_project()[source]
Create a valid endpoint group and project association.
-
test_add_endpoint_group_to_project_with_invalid_project_id()[source]
Create an invalid endpoint group and project association.
-
test_check_endpoint_group()[source]
HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
Valid endpoint_group_id test case.
-
test_check_endpoint_group_to_project()[source]
Test HEAD with a valid endpoint group and project association.
-
test_check_endpoint_group_to_project_with_invalid_project_id()[source]
Test HEAD with an invalid endpoint group and project association.
-
test_check_invalid_endpoint_group()[source]
HEAD /OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
Invalid endpoint_group_id test case.
-
test_create_endpoint_group()[source]
POST /OS-EP-FILTER/endpoint_groups
Valid endpoint group test case.
-
test_create_invalid_endpoint_group()[source]
POST /OS-EP-FILTER/endpoint_groups
Invalid endpoint group creation test case.
-
test_delete_endpoint_group()[source]
GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}
Valid endpoint group test case.
-
test_delete_invalid_endpoint_group()[source]
GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}
Invalid endpoint group test case.
-
test_endpoint_group_project_cleanup_with_endpoint_group()[source]
-
test_endpoint_group_project_cleanup_with_project()[source]
-
test_get_endpoint_group()[source]
GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}
Valid endpoint group test case.
-
test_get_endpoint_group_in_project()[source]
Test retrieving project endpoint group association.
-
test_get_invalid_endpoint_group()[source]
GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}
Invalid endpoint group test case.
-
test_get_invalid_endpoint_group_in_project()[source]
Test retrieving project endpoint group association.
-
test_list_endpoint_groups()[source]
GET /OS-EP-FILTER/endpoint_groups.
-
test_list_endpoints_associated_with_endpoint_group()[source]
GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}/endpoints
Valid endpoint group test case.
-
test_list_endpoints_associated_with_project_endpoint_group()[source]
GET /OS-EP-FILTER/projects/{project_id}/endpoints
Valid project, endpoint id, and endpoint group test case.
-
test_list_projects_associated_with_endpoint_group()[source]
GET /OS-EP-FILTER/endpoint_groups/{endpoint_group}/projects
Valid endpoint group test case.
-
test_patch_endpoint_group()[source]
PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}
Valid endpoint group patch test case.
-
test_patch_invalid_endpoint_group()[source]
PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}
Valid endpoint group patch test case.
-
test_patch_nonexistent_endpoint_group()[source]
PATCH /OS-EP-FILTER/endpoint_groups/{endpoint_group}
Invalid endpoint group patch test case.
-
test_removing_an_endpoint_group_project()[source]
-
class keystone.tests.test_associate_project_endpoint_extension.JsonHomeTests(*args, **kwargs)[source]
Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase, keystone.tests.test_v3.JsonHomeTestMixin
-
JSON_HOME_DATA = {'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_projects': {'href-template': '/OS-EP-FILTER/endpoints/{endpoint_id}/projects', 'href-vars': {'endpoint_id': 'http://docs.openstack.org/api/openstack-identity/3/param/endpoint_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_group_to_project_association': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id', 'project_id': 'http://docs.openstack.org/api/openstack-identity/3/param/project_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_group': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoints_in_endpoint_group': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/projects_associated_with_endpoint_group': {'href-template': '/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects', 'href-vars': {'endpoint_group_id': 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/param/endpoint_group_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-EP-FILTER/1.0/rel/endpoint_groups': {'href': '/OS-EP-FILTER/endpoint_groups'}}
-
class keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
EXTENSION_NAME = 'endpoint_filter'
-
EXTENSION_TO_ADD = 'endpoint_filter_extension'
-
config_overrides()[source]
-
setUp()[source]
test_auth Module
-
class keystone.tests.test_auth.AuthBadRequests(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
test_authenticate_blank_auth()[source]
Verify sending blank ‘auth’ raises the right exception.
-
test_authenticate_blank_request_body()[source]
Verify sending empty json dict raises the right exception.
-
test_authenticate_invalid_auth_content()[source]
Verify sending invalid ‘auth’ raises the right exception.
-
test_authenticate_password_too_large()[source]
Verify sending large ‘password’ raises the right exception.
-
test_authenticate_tenant_id_too_large()[source]
Verify sending large ‘tenantId’ raises the right exception.
-
test_authenticate_tenant_name_too_large()[source]
Verify sending large ‘tenantName’ raises the right exception.
-
test_authenticate_token_too_large()[source]
Verify sending large ‘token’ raises the right exception.
-
test_authenticate_user_id_too_large()[source]
Verify sending large ‘userId’ raises the right exception.
-
test_authenticate_username_too_large()[source]
Verify sending large ‘username’ raises the right exception.
-
test_empty_remote_user()[source]
Verify that _authenticate_external() raises exception if
REMOTE_USER is set as the empty string.
-
test_empty_username_and_userid_in_auth()[source]
Verify that empty username and userID raises ValidationError.
-
test_no_credentials_in_auth()[source]
Verify that _authenticate_local() raises exception if no creds.
-
test_no_external_auth()[source]
Verify that _authenticate_external() raises exception if N/A.
-
test_no_token_in_auth()[source]
Verify that _authenticate_token() raises exception if no token.
-
class keystone.tests.test_auth.AuthCatalog(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.test_auth.AuthTest
Tests for the catalog provided in the auth response.
-
config_files()[source]
-
test_auth_catalog_disabled_endpoint()[source]
On authenticate, get a catalog that excludes disabled endpoints.
-
test_validate_catalog_disabled_endpoint()[source]
On validate, get back a catalog that excludes disabled endpoints.
-
class keystone.tests.test_auth.AuthTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
assertEqualTokens(a, b, enforce_audit_ids=True)[source]
Assert that two tokens are equal.
Compare two tokens except for their ids. This also truncates
the time in the comparison.
-
setUp()[source]
-
class keystone.tests.test_auth.AuthWithPasswordCredentials(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
test_auth_empty_password()[source]
Verify exception is raised if empty password.
-
test_auth_invalid_user()[source]
Verify exception is raised if invalid user.
-
test_auth_no_password()[source]
Verify exception is raised if empty password.
-
test_auth_valid_user_invalid_password()[source]
Verify exception is raised if invalid password.
-
test_authenticate_blank_password_credentials()[source]
Sending empty dict as passwordCredentials raises a 400 error.
-
test_authenticate_no_username()[source]
Verify skipping username raises the right exception.
-
test_bind_without_remote_user()[source]
-
test_change_default_domain_id()[source]
-
class keystone.tests.test_auth.AuthWithRemoteUser(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
test_bind_with_kerberos()[source]
-
test_bind_without_config_opt()[source]
-
test_scoped_nometa_remote_authn()[source]
Verify getting a token with external authn and no metadata.
-
test_scoped_remote_authn()[source]
Verify getting a token with external authn.
-
test_scoped_remote_authn_invalid_user()[source]
Verify that external auth with invalid user fails.
-
test_unscoped_remote_authn()[source]
Verify getting an unscoped token with external authn.
-
test_unscoped_remote_authn_jsonless()[source]
Verify that external auth with invalid request fails.
-
class keystone.tests.test_auth.AuthWithToken(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
test_auth_bad_formatted_token()[source]
Verify exception is raised if invalid token.
-
test_auth_invalid_token()[source]
Verify exception is raised if invalid token.
-
test_auth_token_project_group_role()[source]
Verify getting a token in a tenant with group roles.
-
test_auth_unscoped_token_no_project()[source]
Verify getting an unscoped token with an unscoped token.
-
test_auth_unscoped_token_project()[source]
Verify getting a token in a tenant with an unscoped token.
-
test_belongs_to()[source]
-
test_belongs_to_no_tenant()[source]
-
test_deleting_role_revokes_token()[source]
-
test_only_original_audit_id_is_kept()[source]
-
test_revoke_by_audit_chain_id_chained_token()[source]
-
test_revoke_by_audit_chain_id_original_token()[source]
-
test_revoke_with_no_audit_info()[source]
-
test_token_auth_with_binding()[source]
-
test_unscoped_token()[source]
Verify getting an unscoped token with password creds.
-
class keystone.tests.test_auth.AuthWithTrust(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
assert_token_count_for_trust(trust, expected_value)[source]
-
build_v2_token_request(username, password, trust, tenant_id=None)[source]
-
config_overrides()[source]
-
create_trust(trust_data, trustor_name, expires_at=None, impersonation=True)[source]
-
disable_user(user)[source]
-
fetch_v2_token_from_trust(trust)[source]
-
fetch_v3_token_from_trust(trust, trustee)[source]
-
get_unscoped_token(username, password='foo2')[source]
-
setUp()[source]
-
test_create_trust()[source]
-
test_create_trust_bad_data_fails()[source]
-
test_create_trust_expires_bad()[source]
-
test_create_trust_impersonation()[source]
-
test_create_trust_no_impersonation()[source]
-
test_create_trust_no_roles()[source]
-
test_create_trust_without_project_id()[source]
Verify that trust can be created without project id and
token can be generated with that trust.
-
test_create_v3_token_from_trust()[source]
-
test_delete_tokens_for_user_invalidates_tokens_from_trust()[source]
-
test_delete_trust_revokes_token()[source]
-
test_do_not_consume_remaining_uses_when_get_token_fails()[source]
-
test_expired_trust_get_token_fails()[source]
-
test_get_trust()[source]
-
test_token_from_trust()[source]
-
test_token_from_trust_cant_get_another_token()[source]
-
test_token_from_trust_with_no_role_fails()[source]
-
test_token_from_trust_with_wrong_role_fails()[source]
-
test_token_from_trust_wrong_project_fails()[source]
-
test_token_from_trust_wrong_user_fails()[source]
-
test_trust_get_token_fails_if_trustee_disabled()[source]
-
test_trust_get_token_fails_if_trustor_disabled()[source]
-
test_v2_trust_token_contains_trustor_user_id_and_impersonation()[source]
-
test_v3_trust_token_get_token_fails()[source]
-
class keystone.tests.test_auth.NonDefaultAuthTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_add_non_default_auth_method()[source]
-
class keystone.tests.test_auth.TokenExpirationTest(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
test_maintain_uuid_token_expiration()[source]
test_backend Module
-
class keystone.tests.test_backend.CatalogTests[source]
Bases: object
-
test_cache_layer_delete_service_with_endpoint()[source]
-
test_cache_layer_region_crud(*args, **kwargs)[source]
-
test_cache_layer_service_crud(*args, **kwargs)[source]
-
test_create_endpoint()[source]
-
test_create_endpoint_404()[source]
-
test_create_region_invalid_parent_region_404()[source]
-
test_create_region_with_duplicate_id()[source]
-
test_delete_endpoint_404()[source]
-
test_delete_region_404()[source]
-
test_delete_service_404()[source]
-
test_delete_service_with_endpoint()[source]
-
test_get_catalog_endpoint_disabled()[source]
Get back only enabled endpoints when get the v2 catalog.
-
test_get_endpoint_404()[source]
-
test_get_region_404()[source]
-
test_get_service_404()[source]
-
test_get_v3_catalog_endpoint_disabled()[source]
Get back only enabled endpoints when get the v3 catalog.
-
test_list_regions_filtered_by_parent_region_id()[source]
-
test_region_crud()[source]
-
test_service_crud()[source]
-
test_service_filtering()[source]
-
test_update_endpoint()[source]
-
test_update_endpoint_non_exist_region_id()[source]
-
class keystone.tests.test_backend.FilterTests[source]
Bases: keystone.tests.filtering.FilterTests
-
test_filter_sql_injection_attack()[source]
Test against sql injection attack on filters
Test Plan:
- Attempt to get all entities back by passing a two-term attribute
- Attempt to piggyback filter to damage DB (e.g. drop table)
-
test_list_users_filtered()[source]
-
test_list_users_inexact_filtered()[source]
-
class keystone.tests.test_backend.IdentityTests[source]
Bases: object
-
create_user_dict(**attributes)[source]
-
test_add_duplicate_role_grant()[source]
-
test_add_role_to_user_and_project_404()[source]
-
test_add_role_to_user_and_project_no_user()[source]
-
test_add_user_to_group()[source]
-
test_add_user_to_group_404()[source]
-
test_add_user_to_project()[source]
-
test_add_user_to_project_404()[source]
-
test_add_user_to_project_missing_default_role()[source]
-
test_add_user_to_project_no_user()[source]
-
test_arbitrary_attributes_are_returned_from_create_user()[source]
-
test_arbitrary_attributes_are_returned_from_get_user()[source]
-
test_attribute_update()[source]
-
test_authenticate()[source]
-
test_authenticate_and_get_roles_no_metadata()[source]
-
test_authenticate_bad_password()[source]
-
test_authenticate_bad_user()[source]
-
test_authenticate_if_no_password_set()[source]
-
test_cache_layer_domain_crud(*args, **kwargs)[source]
-
test_cache_layer_project_crud(*args, **kwargs)[source]
-
test_cache_layer_role_crud(*args, **kwargs)[source]
-
test_check_user_in_group()[source]
-
test_check_user_in_group_404()[source]
-
test_check_user_not_in_group()[source]
-
test_create_domain_case_sensitivity(*args, **kwargs)[source]
-
test_create_duplicate_group_name_fails()[source]
-
test_create_duplicate_group_name_in_different_domains()[source]
-
test_create_duplicate_project_id_fails()[source]
-
test_create_duplicate_project_name_fails()[source]
-
test_create_duplicate_project_name_in_different_domains()[source]
-
test_create_duplicate_role_name_fails()[source]
-
test_create_duplicate_user_name_fails()[source]
-
test_create_duplicate_user_name_in_different_domains()[source]
-
test_create_grant_no_group()[source]
-
test_create_grant_no_user()[source]
-
test_create_invalid_domain_fails()[source]
-
test_create_project_blank_name_fails()[source]
-
test_create_project_case_sensitivity()[source]
-
test_create_project_doesnt_modify_passed_in_dict()[source]
-
test_create_project_invalid_enabled_type_string()[source]
-
test_create_project_invalid_name_fails()[source]
-
test_create_project_long_name_fails()[source]
-
test_create_project_with_no_enabled_field()[source]
-
test_create_unicode_user_name()[source]
-
test_create_update_delete_unicode_project()[source]
-
test_create_user_blank_name_fails()[source]
-
test_create_user_case_sensitivity()[source]
-
test_create_user_doesnt_modify_passed_in_dict()[source]
-
test_create_user_invalid_enabled_type_string()[source]
-
test_create_user_invalid_name_fails()[source]
-
test_create_user_long_name_fails()[source]
-
test_create_user_missed_password()[source]
-
test_create_user_none_password()[source]
-
test_delete_domain_with_user_group_project_links()[source]
-
test_delete_group_grant_no_group()[source]
-
test_delete_group_removes_role_assignments()[source]
-
test_delete_group_with_user_project_domain_links()[source]
-
test_delete_project_404()[source]
-
test_delete_project_with_role_assignments()[source]
-
test_delete_role_404()[source]
-
test_delete_role_check_role_grant()[source]
-
test_delete_role_with_user_and_group_grants()[source]
-
test_delete_user_404()[source]
-
test_delete_user_grant_no_user()[source]
-
test_delete_user_with_group_project_domain_links()[source]
-
test_delete_user_with_project_association()[source]
-
test_delete_user_with_project_roles()[source]
-
test_domain_crud()[source]
-
test_domain_rename_invalidates_get_domain_by_name_cache(*args, **kwargs)[source]
-
test_get_and_remove_correct_role_grant_from_a_mix()[source]
-
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_project()[source]
-
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_user_and_domain()[source]
-
test_get_default_domain_by_name(*args, **kwargs)[source]
-
test_get_not_default_domain_by_name()[source]
-
test_get_project()[source]
-
test_get_project_404()[source]
-
test_get_project_by_name()[source]
-
test_get_project_by_name_404()[source]
-
test_get_project_user_ids_404()[source]
-
test_get_role()[source]
-
test_get_role_404()[source]
-
test_get_role_by_user_and_project()[source]
-
test_get_role_by_user_and_project_with_user_in_group()[source]
Test for get role by user and project, user was added into a group.
Test Plan:
- Create a user, a project & a group, add this user to group
- Create roles and grant them to user and project
- Check the role list get by the user and project was as expected
-
test_get_role_grant_by_user_and_project()[source]
-
test_get_roles_for_groups_on_domain()[source]
Test retrieving group domain roles.
Test Plan:
- Create a domain, three groups and three roles
- Assign one an inherited and the others a non-inherited group role
to the domain
- Ensure that only the non-inherited roles are returned on the domain
-
test_get_roles_for_groups_on_project()[source]
Test retrieving group project roles.
Test Plan:
- Create two domains, two projects, six groups and six roles
- Project1 is in Domain1, Project2 is in Domain2
- Domain2/Project2 are spoilers
- Assign a different direct group role to each project as well
as both an inherited and non-inherited role to each domain
- Get the group roles for Project 1 - depending on whether we have
enabled inheritance, we should either get back just the direct role
or both the direct one plus the inherited domain role from Domain 1
-
test_get_roles_for_user_and_domain()[source]
Test for getting roles for user on a domain.
Test Plan:
- Create a domain, with 2 users
- Check no roles yet exit
- Give user1 two roles on the domain, user2 one role
- Get roles on user1 and the domain - maybe sure we only
get back the 2 roles on user1
- Delete both roles from user1
- Check we get no roles back for user1 on domain
-
test_get_roles_for_user_and_domain_404()[source]
Test errors raised when getting roles for user on a domain.
Test Plan:
- Check non-existing user gives UserNotFound
- Check non-existing domain gives DomainNotFound
-
test_get_roles_for_user_and_project_404()[source]
-
test_get_user()[source]
-
test_get_user_404()[source]
-
test_get_user_by_name()[source]
-
test_get_user_by_name_404()[source]
-
test_group_crud()[source]
-
test_list_domains()[source]
-
test_list_domains_for_groups()[source]
Test retrieving domains for a list of groups.
Test Plan:
- Create three domains, three groups and one role
- Assign a non-inherited group role to two domains, and an inherited
group role to the third
- Ensure only the domains with non-inherited roles are returned
-
test_list_group_role_assignment()[source]
-
test_list_groups()[source]
-
test_list_groups_for_user()[source]
-
test_list_projects()[source]
-
test_list_projects_for_alternate_domain(*args, **kwargs)[source]
-
test_list_projects_for_domain()[source]
-
test_list_projects_for_groups()[source]
Test retrieving projects for a list of groups.
Test Plan:
- Create two domains, four projects, seven groups and seven roles
- Project1-3 are in Domain1, Project4 is in Domain2
- Domain2/Project4 are spoilers
- Project1 and 2 have direct group roles, Project3 has no direct
roles but should inherit a group role from Domain1
- Get the projects for the group roles that are assigned to Project1
Project2 and the inherited one on Domain1. Depending on whether we
have enabled inheritance, we should either get back just the projects
with direct roles (Project 1 and 2) or also Project3 due to its
inherited role from Domain1.
-
test_list_projects_for_user()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_list_role_assignments_bad_role()[source]
-
test_list_role_assignments_unfiltered()[source]
Test for unfiltered listing role assignments.
Test Plan:
- Create a domain, with a user, group & project
- Find how many role assignments already exist (from default
fixtures)
- Create a grant of each type (user/group on project/domain)
- Check the number of assignments has gone up by 4 and that
the entries we added are in the list returned
- Check that if we list assignments by role_id, then we get back
assignments that only contain that role.
-
test_list_roles()[source]
-
test_list_user_ids_for_project()[source]
-
test_list_user_ids_for_project_no_duplicates()[source]
-
test_list_user_project_ids_404()[source]
-
test_list_users()[source]
-
test_list_users_in_group()[source]
-
test_list_users_in_group_404()[source]
-
test_move_group_between_domains()[source]
-
test_move_group_between_domains_with_clashing_names_fails()[source]
-
test_move_project_between_domains()[source]
-
test_move_project_between_domains_with_clashing_names_fails()[source]
-
test_move_user_between_domains()[source]
-
test_move_user_between_domains_with_clashing_names_fails()[source]
-
test_multi_group_grants_on_project_domain()[source]
Test multiple group roles for user on project and domain.
Test Plan:
- Create 6 roles
- Create a domain, with a project, user and two groups
- Make the user a member of both groups
- Check no roles yet exit
- Assign a role to each user and both groups on both the
project and domain
- Get a list of effective roles for the user on both the
project and domain, checking we get back the correct three
roles
-
test_multi_role_grant_by_user_group_on_project_domain()[source]
-
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_project_add_and_remove_user_role()[source]
-
test_project_crud(*args, **kwargs)[source]
-
test_project_rename_invalidates_get_project_by_name_cache(*args, **kwargs)[source]
-
test_project_update_and_project_get_return_same_response()[source]
-
test_project_update_missing_attrs_with_a_falsey_value()[source]
-
test_project_update_missing_attrs_with_a_value()[source]
-
test_remove_role_from_user_and_project()[source]
-
test_remove_role_grant_from_user_and_project()[source]
-
test_remove_user_from_group()[source]
-
test_remove_user_from_group_404()[source]
-
test_remove_user_from_project()[source]
-
test_remove_user_from_project_404()[source]
-
test_remove_user_from_project_race_delete_role()[source]
-
test_remove_user_role_not_assigned()[source]
-
test_rename_duplicate_project_name_fails()[source]
-
test_rename_duplicate_role_name_fails()[source]
-
test_rename_duplicate_user_name_fails()[source]
-
test_role_crud()[source]
-
test_role_grant_by_group_and_cross_domain_project()[source]
-
test_role_grant_by_user_and_cross_domain_project()[source]
-
test_update_project_404()[source]
-
test_update_project_blank_name_fails()[source]
-
test_update_project_enable()[source]
-
test_update_project_id_does_nothing()[source]
-
test_update_project_invalid_enabled_type_string()[source]
-
test_update_project_invalid_name_fails()[source]
-
test_update_project_long_name_fails()[source]
-
test_update_role_404()[source]
-
test_update_role_no_name()[source]
-
test_update_role_same_name()[source]
-
test_update_user_404()[source]
-
test_update_user_blank_name_fails()[source]
-
test_update_user_enable()[source]
-
test_update_user_enable_fails()[source]
-
test_update_user_id_fails()[source]
-
test_update_user_invalid_name_fails()[source]
-
test_update_user_long_name_fails()[source]
-
test_update_user_name()[source]
-
test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_user_crud()[source]
-
test_user_update_and_user_get_return_same_response()[source]
-
class keystone.tests.test_backend.InheritanceTests[source]
Bases: object
-
test_inherited_role_grants_for_group()[source]
Test inherited group roles.
Test Plan:
- Enable OS-INHERIT extension
- Create 4 roles
- Create a domain, with a project, user and two groups
- Make the user a member of both groups
- Check no roles yet exit
- Assign a direct user role to the project and a (non-inherited)
group role on the domain
- Get a list of effective roles - should only get the one direct role
- Now add two inherited group roles to the domain
- Get a list of effective roles - should have three roles, one
direct and two by virtue of inherited group roles
-
test_inherited_role_grants_for_user()[source]
Test inherited user roles.
Test Plan:
- Enable OS-INHERIT extension
- Create 3 roles
- Create a domain, with a project and a user
- Check no roles yet exit
- Assign a direct user role to the project and a (non-inherited)
user role to the domain
- Get a list of effective roles - should only get the one direct role
- Now add an inherited user role to the domain
- Get a list of effective roles - should have two roles, one
direct and one by virtue of the inherited user role
- Also get effective roles for the domain - the role marked as
inherited should not show up
-
test_list_projects_for_user_with_inherited_grants()[source]
Test inherited group roles.
Test Plan:
- Enable OS-INHERIT extension
- Create a domain, with two projects and a user
- Assign an inherited user role on the domain, as well as a direct
user role to a separate project in a different domain
- Get a list of projects for user, should return all three projects
-
test_list_projects_for_user_with_inherited_group_grants()[source]
Test inherited group roles.
Test Plan:
- Enable OS-INHERIT extension
- Create two domains, each with two projects
- Create a user and group
- Make the user a member of the group
- Assign a user role two projects, an inherited
group role to one domain and an inherited regular role on
the other domain
- Get a list of projects for user, should return both pairs of projects
from the domain, plus the one separate project
-
class keystone.tests.test_backend.LimitTests[source]
Bases: keystone.tests.filtering.FilterTests
-
ENTITIES = ['user', 'group', 'project']
-
clean_up_domain()[source]
Clean up domain test data from Limit Test Cases.
-
clean_up_entities()[source]
Clean up entity test data from Limit Test Cases.
-
setUp()[source]
Setup for Limit Test Cases.
-
test_list_groups_filtered_and_limited()[source]
-
test_list_projects_filtered_and_limited()[source]
-
test_list_users_filtered_and_limited()[source]
-
class keystone.tests.test_backend.PolicyTests[source]
Bases: object
-
assertEqualPolicies(a, b)[source]
-
test_create()[source]
-
test_delete()[source]
-
test_delete_policy_404()[source]
-
test_get()[source]
-
test_get_policy_404()[source]
-
test_list()[source]
-
test_update()[source]
-
test_update_policy_404()[source]
-
class keystone.tests.test_backend.TokenCacheInvalidation[source]
Bases: object
-
test_delete_scoped_token_by_id()[source]
-
test_delete_scoped_token_by_user()[source]
-
test_delete_scoped_token_by_user_and_tenant()[source]
-
test_delete_unscoped_token()[source]
-
class keystone.tests.test_backend.TokenTests[source]
Bases: object
-
check_list_revoked_tokens(token_ids)[source]
-
create_token_sample_data(token_id=None, tenant_id=None, trust_id=None, user_id=None, expires=None)[source]
-
delete_token()[source]
-
test_create_unicode_token_id()[source]
-
test_create_unicode_user_id()[source]
-
test_delete_token_404()[source]
-
test_delete_tokens()[source]
-
test_delete_tokens_trust()[source]
-
test_expired_token()[source]
-
test_flush_expired_token()[source]
-
test_get_token_404()[source]
-
test_list_revoked_tokens_for_multiple_tokens()[source]
-
test_list_revoked_tokens_for_single_token()[source]
-
test_list_revoked_tokens_returns_empty_list()[source]
-
test_null_expires_token()[source]
-
test_predictable_revoked_pki_token_id_default()[source]
-
test_predictable_revoked_pki_token_id_sha256()[source]
-
test_predictable_revoked_uuid_token_id()[source]
-
test_revocation_list_cache(*args, **kwargs)[source]
-
test_token_crud()[source]
-
test_token_expire_timezone()[source]
-
test_token_list()[source]
-
test_token_list_trust()[source]
-
class keystone.tests.test_backend.TrustTests[source]
Bases: object
-
create_sample_trust(new_id, remaining_uses=None)[source]
-
test_consume_use()[source]
-
test_create_trust()[source]
-
test_delete_trust()[source]
-
test_delete_trust_not_found()[source]
-
test_get_deleted_trust()[source]
-
test_get_trust()[source]
-
test_list_trust_by_trustee()[source]
-
test_list_trust_by_trustor()[source]
-
test_list_trusts()[source]
-
test_trust_has_remaining_uses_negative()[source]
-
test_trust_has_remaining_uses_positive()[source]
test_backend_endpoint_policy Module
-
class keystone.tests.test_backend_endpoint_policy.PolicyAssociationTests[source]
Bases: object
-
load_sample_data()[source]
Create sample data to test policy associations.
The following data is created:
- 3 regions, in a hierarchy, 0 -> 1 -> 2 (where 0 is top)
- 3 services
- 6 endpoints, 2 in each region, with a mixture of services:
0 - region 0, Service 0
1 - region 0, Service 1
2 - region 1, Service 1
3 - region 1, Service 2
4 - region 2, Service 2
5 - region 2, Service 0
-
test_delete_association_by_entity()[source]
-
test_invalid_policy_to_endpoint_association()[source]
-
test_overwriting_policy_to_endpoint_association()[source]
-
test_policy_to_endpoint_association_crud()[source]
-
test_policy_to_explicit_endpoint_association()[source]
-
test_policy_to_region_and_service_association()[source]
-
test_policy_to_service_association()[source]
test_backend_kvs Module
-
class keystone.tests.test_backend_kvs.KvsCatalog(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests
-
config_overrides()[source]
-
setUp()[source]
-
test_get_catalog()[source]
-
test_get_catalog_404()[source]
-
test_get_catalog_endpoint_disabled()[source]
-
test_get_v3_catalog_endpoint_disabled()[source]
-
test_list_regions_filtered_by_parent_region_id()[source]
-
test_service_filtering()[source]
-
class keystone.tests.test_backend_kvs.KvsIdentity(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.IdentityTests
-
config_overrides()[source]
-
setUp()[source]
-
test_create_duplicate_group_name_in_different_domains()[source]
-
test_create_duplicate_project_name_in_different_domains()[source]
-
test_create_duplicate_user_name_in_different_domains()[source]
-
test_delete_group_removes_role_assignments()[source]
-
test_get_roles_for_groups_on_domain()[source]
-
test_get_roles_for_groups_on_project()[source]
-
test_list_domains_for_groups()[source]
-
test_list_projects_for_groups()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_move_group_between_domains()[source]
-
test_move_group_between_domains_with_clashing_names_fails()[source]
-
test_move_project_between_domains()[source]
-
test_move_project_between_domains_with_clashing_names_fails()[source]
-
test_move_user_between_domains()[source]
-
test_move_user_between_domains_with_clashing_names_fails()[source]
-
test_password_hashed()[source]
-
test_update_role_no_name()[source]
-
class keystone.tests.test_backend_kvs.KvsInheritanceTests(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.InheritanceTests
-
config_overrides()[source]
-
setUp()[source]
-
class keystone.tests.test_backend_kvs.KvsToken(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenTests
-
config_overrides()[source]
-
setUp()[source]
-
test_cleanup_user_index_on_create()[source]
-
test_flush_expired_token()[source]
-
class keystone.tests.test_backend_kvs.KvsTokenCacheInvalidation(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenCacheInvalidation
-
config_overrides()[source]
-
setUp()[source]
-
class keystone.tests.test_backend_kvs.KvsTrust(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TrustTests
-
config_overrides()[source]
-
setUp()[source]
test_backend_ldap Module
-
class keystone.tests.test_backend_ldap.BaseLDAPIdentity[source]
Bases: keystone.tests.test_backend.IdentityTests
-
clear_database()[source]
-
config_files()[source]
-
config_overrides()[source]
-
get_config(domain_id)[source]
-
get_user_enabled_vals(user)[source]
-
reload_backends(domain_id)[source]
-
setUp()[source]
-
test_arbitrary_attributes_are_returned_from_get_user()[source]
-
test_authenticate_requires_simple_bind()[source]
-
test_build_tree()[source]
Regression test for building the tree names
-
test_cache_layer_domain_crud()[source]
-
test_configurable_allowed_user_actions()[source]
-
test_configurable_forbidden_create_existing_user()[source]
-
test_configurable_forbidden_user_actions()[source]
-
test_create_duplicate_group_name_in_different_domains()[source]
-
test_create_duplicate_project_name_in_different_domains()[source]
-
test_create_duplicate_user_name_in_different_domains()[source]
-
test_create_user_none_mapping()[source]
-
test_create_user_with_boolean_string_names()[source]
-
test_delete_group_with_user_project_domain_links()[source]
-
test_delete_role_with_user_and_group_grants()[source]
-
test_delete_user_with_group_project_domain_links()[source]
-
test_get_and_remove_correct_role_grant_from_a_mix()[source]
-
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_project()[source]
-
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_user_and_domain()[source]
-
test_get_roles_for_groups_on_domain()[source]
-
test_get_roles_for_groups_on_project()[source]
-
test_get_roles_for_user_and_domain()[source]
-
test_group_crud()[source]
-
test_group_enabled_ignored_disable_error()[source]
-
test_list_domains()[source]
-
test_list_domains_for_groups()[source]
-
test_list_domains_non_default_domain_id()[source]
-
test_list_group_members_dumb_member()[source]
-
test_list_group_members_missing_entry()[source]
List group members with deleted user.
If a group has a deleted entry for a member, the non-deleted members
are returned.
-
test_list_group_members_when_no_members()[source]
-
test_list_projects_for_groups()[source]
-
test_list_projects_for_user()[source]
-
test_list_projects_for_user_and_groups()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_list_role_assignments_dumb_member()[source]
-
test_list_role_assignments_unfiltered()[source]
-
test_list_user_ids_for_project_dumb_member()[source]
-
test_move_group_between_domains()[source]
-
test_move_group_between_domains_with_clashing_names_fails()[source]
-
test_move_project_between_domains()[source]
-
test_move_project_between_domains_with_clashing_names_fails()[source]
-
test_move_user_between_domains()[source]
-
test_move_user_between_domains_with_clashing_names_fails()[source]
-
test_multi_group_grants_on_project_domain()[source]
-
test_multi_role_grant_by_user_group_on_project_domain()[source]
-
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_project_enabled_ignored_disable_error()[source]
-
test_remove_role_grant_from_user_and_project()[source]
-
test_role_grant_by_group_and_cross_domain_project()[source]
-
test_role_grant_by_user_and_cross_domain_project()[source]
-
test_unignored_user_none_mapping()[source]
-
test_update_user_name()[source]
A user’s name cannot be changed through the LDAP driver.
-
test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_user_enabled_ignored_disable_error()[source]
-
test_user_filter()[source]
-
test_user_id_comma()[source]
Even if the user has a , in their ID, groups can be listed.
-
test_user_id_comma_grants()[source]
Even if the user has a , in their ID, can get user and group grants.
-
class keystone.tests.test_backend_ldap.BaseMultiLDAPandSQLIdentity[source]
Bases: object
Mixin class with support methods for domain-specific config testing.
-
check_user(user, domain_id, expected_status)[source]
Check user is in correct backend.
As part of the tests, we want to force ourselves to manually
select the driver for a given domain, to make sure the entity
ended up in the correct backend.
-
create_user(domain_id)[source]
-
create_users_across_domains()[source]
Create a set of users, each with a role on their own domain.
-
setup_initial_domains()[source]
-
test_authenticate_to_each_domain()[source]
Test that a user in each domain can authenticate.
-
class keystone.tests.test_backend_ldap.DomainSpecificLDAPandSQLIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase, keystone.tests.test_backend_ldap.BaseMultiLDAPandSQLIdentity
Class to test when all domains use specific configs, including SQL.
We define a set of domains and domain-specific backends:
- A separate LDAP backend for the default domain
- A separate SQL backend for domain1
Although the default driver still exists, we don’t use it.
-
config_overrides()[source]
-
get_config(domain_id)[source]
-
initial_setup()[source]
-
reload_backends(domain_id)[source]
-
setUp()[source]
-
test_add_role_grant_to_user_and_project_404()[source]
-
test_domain_crud()[source]
-
test_domain_segregation()[source]
Test that separate configs have segregated the domain.
Test Plan:
- Users were created in each domain as part of setup, now make sure
you can only find a given user in its relevant domain/backend
- Make sure that for a backend that supports multiple domains
you can get the users via any of its domains
-
test_get_role_grants_for_user_and_project_404()[source]
-
test_get_roles_for_user_and_project_user_group_same_id()[source]
-
test_group_enabled_ignored_disable_error()[source]
-
test_list_domains()[source]
-
test_list_domains_non_default_domain_id()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_list_users()[source]
-
test_project_enabled_ignored_disable_error()[source]
-
test_user_enabled_ignored_disable_error()[source]
-
test_user_id_comma()[source]
-
test_user_id_comma_grants()[source]
-
class keystone.tests.test_backend_ldap.DomainSpecificSQLIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.DomainSpecificLDAPandSQLIdentity
Class to test simplest use of domain-specific SQL driver.
The simplest use of an SQL domain-specific backend is when it is used to
augment the standard case when LDAP is the default driver defined in the
main config file. This would allow, for example, service users to be
stored in SQL while LDAP handles the rest. Hence we define:
- The default driver uses the LDAP backend for the default domain
- A separate SQL backend for domain1
-
config_overrides()[source]
-
get_config(domain_id)[source]
-
initial_setup()[source]
-
reload_backends(domain_id)[source]
-
test_default_sql_plus_sql_specific_driver_fails()[source]
-
test_multiple_sql_specific_drivers_fails()[source]
-
class keystone.tests.test_backend_ldap.LDAPIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.TestCase
-
setUp()[source]
-
test_base_ldap_connection_deref_option()[source]
-
test_cache_layer_domain_crud()[source]
-
test_cache_layer_project_crud(*args, **kwargs)[source]
-
test_chase_referrals_off(*args, **keywargs)[source]
-
test_chase_referrals_on(*args, **keywargs)[source]
-
test_configurable_allowed_project_actions()[source]
-
test_configurable_allowed_role_actions()[source]
-
test_configurable_forbidden_project_actions()[source]
-
test_configurable_forbidden_role_actions()[source]
-
test_configurable_subtree_delete()[source]
-
test_create_domain_case_sensitivity(*args, **kwargs)[source]
-
test_debug_level_set(*args, **keywargs)[source]
-
test_domain_crud()[source]
-
test_domain_rename_invalidates_get_domain_by_name_cache()[source]
-
test_dumb_member()[source]
-
test_get_default_domain_by_name()[source]
-
test_get_id_from_dn_for_multivalued_attribute_id(*args, **keywargs)[source]
-
test_id_attribute_not_found(*args, **keywargs)[source]
-
test_is_dumb_member()[source]
-
test_is_dumb_member_not_dumb()[source]
-
test_is_dumb_member_upper_case_keys()[source]
-
test_is_dumb_member_with_false_use_dumb_member()[source]
-
test_list_groups_for_user_no_dn()[source]
-
test_list_groups_no_dn()[source]
-
test_list_projects_for_alternate_domain()[source]
-
test_list_users_no_dn()[source]
-
test_multi_role_grant_by_user_group_on_project_domain()[source]
-
test_project_attribute_ignore()[source]
-
test_project_attribute_mapping()[source]
-
test_project_crud()[source]
-
test_project_filter()[source]
-
test_project_rename_invalidates_get_project_by_name_cache()[source]
-
test_role_attribute_ignore()[source]
-
test_role_attribute_mapping()[source]
-
test_role_filter()[source]
-
test_user_api_get_connection_no_user_password(*args, **keywargs)[source]
Don’t bind in case the user and password are blank.
-
test_user_enable_attribute_mask()[source]
-
test_user_enabled_attribute_handles_expired(*args, **keywargs)[source]
-
test_user_enabled_attribute_handles_utf8(*args, **keywargs)[source]
-
test_user_enabled_invert()[source]
-
test_user_enabled_invert_default_str_value(*args, **keywargs)[source]
-
test_user_enabled_invert_no_enabled_value(*args, **keywargs)[source]
-
test_user_id_attribute_in_create()[source]
-
test_user_id_attribute_map()[source]
-
test_user_id_not_in_dn(*args, **keywargs)[source]
-
test_user_mixed_case_attribute(*args, **keywargs)[source]
-
test_user_name_in_dn(*args, **keywargs)[source]
-
test_wrong_alias_dereferencing()[source]
-
test_wrong_ldap_scope()[source]
-
class keystone.tests.test_backend_ldap.LDAPIdentityEnabledEmulation(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.LDAPIdentity
-
config_files()[source]
-
config_overrides()[source]
-
setUp()[source]
-
test_project_crud()[source]
-
test_user_auth_emulated()[source]
-
test_user_crud()[source]
-
test_user_enable_attribute_mask()[source]
-
test_user_enabled_attribute_handles_utf8(*args, **keywargs)[source]
-
test_user_enabled_invert()[source]
-
test_user_enabled_invert_default_str_value()[source]
-
test_user_enabled_invert_no_enabled_value()[source]
-
class keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase
-
config_files()[source]
-
config_overrides()[source]
-
setUp()[source]
-
test_create_domain()[source]
-
test_domain_crud()[source]
-
test_get_and_remove_role_grant_by_group_and_domain()[source]
-
test_list_domains()[source]
-
test_list_domains_non_default_domain_id()[source]
-
test_project_enabled_ignored_disable_error()[source]
-
class keystone.tests.test_backend_ldap.LdapIdentitySqlAssignmentWithMapping(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment
Class to test mapping of default LDAP backend.
The default configuration is not to enable mapping when using a single
backend LDAP driver. However, a cloud provider might want to enable
the mapping, hence hiding the LDAP IDs from any clients of keystone.
Setting backward_compatible_ids to False will enable this mapping.
-
config_overrides()[source]
-
test_dynamic_mapping_build()[source]
Test to ensure entities not create via controller are mapped.
Many LDAP backends will, essentially, by Read Only. In these cases
the mapping is not built by creating objects, rather from enumerating
the entries. We test this here my manually deleting the mapping and
then trying to re-read the entries.
-
test_get_roles_for_user_and_project_user_group_same_id()[source]
-
class keystone.tests.test_backend_ldap.MultiLDAPandSQLIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase, keystone.tests.test_backend_ldap.BaseMultiLDAPandSQLIdentity
Class to test common SQL plus individual LDAP backends.
We define a set of domains and domain-specific backends:
- A separate LDAP backend for the default domain
- A separate LDAP backend for domain1
- domain2 shares the same LDAP as domain1, but uses a different
tree attach point
- An SQL backend for all other domains (which will include domain3
and domain4)
Normally one would expect that the default domain would be handled as
part of the “other domains” - however the above provides better
test coverage since most of the existing backend tests use the default
domain.
-
config_overrides()[source]
-
get_config(domain_id)[source]
-
reload_backends(domain_id)[source]
-
setUp()[source]
-
test_delete_domain_with_user_added()[source]
-
test_domain_segregation()[source]
Test that separate configs have segregated the domain.
Test Plan:
- Users were created in each domain as part of setup, now make sure
you can only find a given user in its relevant domain/backend
- Make sure that for a backend that supports multiple domains
you can get the users via any of its domains
-
test_existing_uuids_work()[source]
Test that ‘uni-domain’ created IDs still work.
Throwing the switch to domain-specific backends should not cause
existing identities to be inaccessible via ID.
-
test_group_enabled_ignored_disable_error()[source]
-
test_list_domains()[source]
-
test_list_domains_non_default_domain_id()[source]
-
test_list_users()[source]
-
test_project_enabled_ignored_disable_error()[source]
-
test_scanning_of_config_dir()[source]
Test the Manager class scans the config directory.
The setup for the main tests above load the domain configs directly
so that the test overrides can be included. This test just makes sure
that the standard config directory scanning does pick up the relevant
domain config files.
-
test_user_enabled_ignored_disable_error()[source]
test_backend_sql Module
-
class keystone.tests.test_backend_sql.FakeTable(*args, **kwargs)[source]
Bases: sqlalchemy.ext.declarative.api.Base
-
col
-
insert(*args, **kwargs)[source]
-
lookup(*args, **kwargs)[source]
-
update(*args, **kwargs)[source]
-
class keystone.tests.test_backend_sql.SqlCatalog(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.CatalogTests
-
test_catalog_ignored_malformed_urls()[source]
-
test_create_endpoint_region_404()[source]
-
test_create_region_invalid_id()[source]
-
test_create_region_invalid_parent_id()[source]
-
test_delete_region_with_endpoint()[source]
-
test_get_catalog_with_empty_public_url()[source]
-
class keystone.tests.test_backend_sql.SqlCredential(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests
-
setUp()[source]
-
test_list_credentials()[source]
-
test_list_credentials_for_user()[source]
-
class keystone.tests.test_backend_sql.SqlDecorators(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_conflict_happend()[source]
-
test_initialization()[source]
-
test_initialization_fail()[source]
-
test_non_ascii_init()[source]
-
test_not_conflict_error()[source]
-
class keystone.tests.test_backend_sql.SqlFilterTests(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.FilterTests
-
class keystone.tests.test_backend_sql.SqlIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.IdentityTests
-
test_create_null_project_name()[source]
-
test_create_null_role_name()[source]
-
test_create_null_user_name()[source]
-
test_delete_project_with_user_association()[source]
-
test_delete_user_with_project_association()[source]
-
test_list_domains_for_user()[source]
-
test_list_domains_for_user_with_grants()[source]
-
test_list_domains_for_user_with_inherited_grants()[source]
Test that inherited roles on the domain are excluded.
Test Plan:
- Create two domains, one user, group and role
- Domain1 is given an inherited user role, Domain2 an inherited
group role (for a group of which the user is a member)
- When listing domains for user, neither domain should be returned
-
test_metadata_removed_on_delete_project()[source]
-
test_metadata_removed_on_delete_user()[source]
-
test_password_hashed()[source]
-
test_sql_user_to_dict_null_default_project_id()[source]
This tests for backwards-compatibility with an essex/folsom bug.
Non-indexed attributes were returned in an ‘extra’ attribute, instead
of on the entity itself; for consistency and backwards compatibility,
those attributes should be included twice.
This behavior is specific to the SQL driver.
This tests for backwards-compatibility with an essex/folsom bug.
Non-indexed attributes were returned in an ‘extra’ attribute, instead
of on the entity itself; for consistency and backwards compatibility,
those attributes should be included twice.
This behavior is specific to the SQL driver.
-
class keystone.tests.test_backend_sql.SqlInheritance(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.InheritanceTests
-
class keystone.tests.test_backend_sql.SqlLimitTests(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.LimitTests
-
setUp()[source]
-
class keystone.tests.test_backend_sql.SqlModels(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests
-
assertExpectedSchema(table, cols)[source]
-
select_table(name)[source]
-
test_domain_model()[source]
-
test_group_model()[source]
-
test_project_model()[source]
-
test_role_assignment_model()[source]
-
test_role_model()[source]
-
test_user_group_membership()[source]
-
test_user_model()[source]
-
class keystone.tests.test_backend_sql.SqlModuleInitialization(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_initialize_module(*args, **keywargs)[source]
-
class keystone.tests.test_backend_sql.SqlPolicy(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.PolicyTests
-
class keystone.tests.test_backend_sql.SqlTests(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase
-
config_files()[source]
-
setUp()[source]
-
class keystone.tests.test_backend_sql.SqlToken(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenTests
-
test_expiry_range_batched()[source]
-
test_expiry_range_strategy_ibm_db_sa()[source]
-
test_expiry_range_strategy_mysql()[source]
-
test_expiry_range_strategy_sqlite()[source]
-
test_flush_expired_tokens_batch()[source]
-
test_flush_expired_tokens_batch_mysql()[source]
-
test_token_revocation_list_uses_right_columns()[source]
-
class keystone.tests.test_backend_sql.SqlTokenCacheInvalidation(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenCacheInvalidation
-
setUp()[source]
-
class keystone.tests.test_backend_sql.SqlTrust(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TrustTests
test_backend_templated Module
-
class keystone.tests.test_backend_templated.TestTemplatedCatalog(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests
-
DEFAULT_FIXTURE = {'RegionOne': {'compute': {'adminURL': 'http://localhost:8774/v1.1/bar', 'id': '2', 'internalURL': 'http://localhost:8774/v1.1/bar', 'name': "'Compute Service'", 'publicURL': 'http://localhost:8774/v1.1/bar'}, 'identity': {'adminURL': 'http://localhost:35357/v2.0', 'id': '1', 'internalURL': 'http://localhost:35357/v2.0', 'name': "'Identity Service'", 'publicURL': 'http://localhost:5000/v2.0'}}}
-
config_overrides()[source]
-
setUp()[source]
-
test_catalog_ignored_malformed_urls()[source]
-
test_get_catalog()[source]
-
test_get_catalog_endpoint_disabled()[source]
-
test_get_v3_catalog()[source]
-
test_get_v3_catalog_endpoint_disabled()[source]
-
test_list_regions_filtered_by_parent_region_id()[source]
-
test_service_filtering()[source]
test_cache Module
-
class keystone.tests.test_cache.CacheIsolatingProxy(*args, **kwargs)[source]
Bases: dogpile.cache.proxy.ProxyBackend
Proxy that forces a memory copy of stored values.
The default in-memory cache-region does not perform a copy on values it
is meant to cache. Therefore if the value is modified after set or after
get, the cached value also is modified. This proxy does a copy as the last
thing before storing data.
-
get(key)[source]
-
set(key, value)[source]
-
class keystone.tests.test_cache.CacheNoopBackendTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
config_overrides()[source]
-
setUp()[source]
-
test_noop_backend()[source]
-
class keystone.tests.test_cache.CacheRegionTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_cache_debug_proxy()[source]
-
test_cache_dictionary_config_builder()[source]
Validate we build a sane dogpile.cache dictionary config.
-
test_cache_region_no_error_multiple_config()[source]
-
test_configure_non_region_object_raises_error()[source]
-
test_region_built_with_proxy_direct_cache_test()[source]
-
test_should_cache_fn_global_cache_disabled()[source]
-
test_should_cache_fn_global_cache_disabled_section_cache_enabled()[source]
-
test_should_cache_fn_global_cache_enabled()[source]
-
test_should_cache_fn_global_cache_enabled_section_cache_disabled()[source]
-
test_should_cache_fn_global_cache_enabled_section_cache_enabled()[source]
-
class keystone.tests.test_cache.TestProxy(*args, **kwargs)[source]
Bases: dogpile.cache.proxy.ProxyBackend
-
get(key)[source]
-
class keystone.tests.test_cache.TestProxyValue(value)[source]
Bases: object
test_cache_backend_mongo Module
-
class keystone.tests.test_cache_backend_mongo.MockCollection(db, name)[source]
Bases: object
-
ensure_index(key_or_list, *args, **kwargs)[source]
-
find(spec=None, *args, **kwargs)[source]
-
find_and_modify(spec, document, upsert=False, **kwargs)[source]
-
find_one(spec_or_id=None, *args, **kwargs)[source]
-
index_information()[source]
-
insert(data, manipulate=True, **kwargs)[source]
-
remove(spec_or_id=None, search_filter=None)[source]
Remove objects matching spec_or_id from the collection.
-
save(data, manipulate=True, **kwargs)[source]
-
update(spec, document, upsert=False, **kwargs)[source]
-
class keystone.tests.test_cache_backend_mongo.MockCursor(collection, dataset_factory)[source]
Bases: object
-
next()
-
class keystone.tests.test_cache_backend_mongo.MockMongoClient(*args, **kwargs)[source]
Bases: object
-
class keystone.tests.test_cache_backend_mongo.MockMongoDB(dbname)[source]
Bases: object
-
add_son_manipulator(manipulator)[source]
-
authenticate(username, password)[source]
-
class keystone.tests.test_cache_backend_mongo.MongoCache(*args, **kwds)[source]
Bases: keystone.tests.core.BaseTestCase
-
setUp()[source]
-
test_additional_crud_method_arguments_support()[source]
Additional arguments should works across find/insert/update.
-
test_backend_delete_data()[source]
-
test_backend_get_missing_data()[source]
-
test_backend_multi_delete_data()[source]
-
test_backend_multi_get_data()[source]
-
test_backend_multi_set_data()[source]
-
test_backend_multi_set_get_with_blanks_none()[source]
-
test_backend_multi_set_should_update_existing()[source]
-
test_backend_set_blank_as_data()[source]
-
test_backend_set_data()[source]
-
test_backend_set_data_with_int_as_valid_ttl()[source]
-
test_backend_set_data_with_string_as_valid_ttl()[source]
-
test_backend_set_none_as_data()[source]
-
test_backend_set_same_key_multiple_times()[source]
-
test_cache_configuration_values_assertion()[source]
-
test_correct_read_preference()[source]
-
test_correct_write_concern()[source]
-
test_incorrect_mongo_ttl_seconds()[source]
-
test_incorrect_read_preference()[source]
-
test_incorrect_write_concern()[source]
-
test_missing_cache_collection_name()[source]
-
test_missing_db_hosts()[source]
-
test_missing_db_name()[source]
-
test_missing_replica_set_name()[source]
-
test_multiple_region_cache_configuration()[source]
-
test_provided_replica_set_name()[source]
-
test_typical_configuration()[source]
-
class keystone.tests.test_cache_backend_mongo.MyTransformer[source]
Bases: keystone.common.cache.backends.mongo.BaseTransform
Added here just to check manipulator logic is used correctly.
-
transform_incoming(son, collection)[source]
-
transform_outgoing(son, collection)[source]
-
keystone.tests.test_cache_backend_mongo.get_collection(db_name, collection_name)[source]
-
keystone.tests.test_cache_backend_mongo.pymongo_override()[source]
test_content_types Module
-
class keystone.tests.test_content_types.CoreApiTests[source]
Bases: object
-
assertNoRoles(r)[source]
Helper method to assert No Roles
This needs to be overridden by child classes
based on their content type.
-
assertValidError(error)[source]
Applicable to XML and JSON.
-
assertValidExtension(extension)[source]
Applicable to XML and JSON.
However, navigating extension links differs between content types.
They need to be validated separately with assertValidExtensionLink.
-
assertValidExtensionLink(link)[source]
Applicable to XML and JSON.
-
assertValidRole(tenant)[source]
Applicable to XML and JSON.
-
assertValidTenant(tenant)[source]
Applicable to XML and JSON.
-
assertValidUser(user)[source]
Applicable to XML and JSON.
-
assertValidVersion(version)[source]
Applicable to XML and JSON.
However, navigating links and media-types differs between content
types so they need to be validated separately.
-
test_admin_extensions()[source]
-
test_admin_extensions_404()[source]
-
test_admin_multiple_choice()[source]
-
test_admin_not_found()[source]
-
test_admin_osksadm_extension()[source]
-
test_admin_version()[source]
-
test_authenticate()[source]
-
test_authenticate_unscoped()[source]
-
test_authenticating_a_user_with_no_password()[source]
-
test_create_update_user_invalid_enabled_type()[source]
-
test_endpoints()[source]
-
test_error_response()[source]
This triggers assertValidErrorResponse by convention.
-
test_get_tenant()[source]
-
test_get_tenant_by_name()[source]
-
test_get_tenants_for_token()[source]
-
test_get_user()[source]
-
test_get_user_by_name()[source]
-
test_get_user_roles()[source]
-
test_get_user_roles_with_tenant()[source]
-
test_invalid_parameter_error_response()[source]
-
test_invalid_token_404()[source]
-
test_public_extensions()[source]
-
test_public_multiple_choice()[source]
-
test_public_not_found()[source]
-
test_public_osksadm_extension_404()[source]
-
test_public_version()[source]
-
test_remove_role_revokes_token()[source]
-
test_update_user_tenant()[source]
-
test_update_user_with_invalid_tenant()[source]
-
test_update_user_with_invalid_tenant_no_prev_tenant()[source]
-
test_update_user_with_old_tenant()[source]
-
test_validate_token()[source]
-
test_validate_token_belongs_to()[source]
-
test_validate_token_head()[source]
The same call as above, except using HEAD.
There’s no response to validate here, but this is included for the
sake of completely covering the core API.
-
test_validate_token_no_belongs_to_still_returns_catalog()[source]
-
test_validate_token_service_role()[source]
-
class keystone.tests.test_content_types.JsonTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests
-
assertNoRoles(r)[source]
-
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
-
assertValidEndpointListResponse(r)[source]
-
assertValidErrorResponse(r)[source]
-
assertValidExtension(extension, expected)[source]
-
assertValidExtensionListResponse(r, expected)[source]
-
assertValidExtensionResponse(r, expected)[source]
-
assertValidMultipleChoiceResponse(r)[source]
-
assertValidRevocationListResponse(response)[source]
-
assertValidRoleListResponse(r)[source]
-
assertValidTenantListResponse(r)[source]
-
assertValidTenantResponse(r)[source]
-
assertValidUser(user)[source]
-
assertValidUserResponse(r)[source]
-
assertValidVersion(version)[source]
-
assertValidVersionResponse(r)[source]
-
content_type = 'json'
-
get_user_attribute_from_response(r, attribute_name)[source]
-
get_user_from_response(r)[source]
-
test_authenticating_a_user_with_an_OSKSADM_password()[source]
-
test_create_update_user_json_invalid_enabled_type()[source]
-
test_fetch_revocation_list_admin_200()[source]
-
test_fetch_revocation_list_md5()[source]
If the server is configured for md5, then the revocation list has
tokens hashed with MD5.
-
test_fetch_revocation_list_nonadmin_fails()[source]
-
test_fetch_revocation_list_sha256()[source]
If the server is configured for sha256, then the revocation list has
tokens hashed with SHA256
-
test_service_crud_requires_auth()[source]
Service CRUD should 401 without an X-Auth-Token (bug 1006822).
-
test_updating_a_user_with_an_OSKSADM_password()[source]
-
test_user_role_list_requires_auth()[source]
User role list should 401 without an X-Auth-Token (bug 1006815).
-
class keystone.tests.test_content_types.LegacyV2UsernameTests[source]
Bases: object
Tests to show the broken username behavior in V2.
The V2 API is documented to use username instead of name. The
API forced used to use name and left the username to fall into the
extra field.
These tests ensure this behavior works so fixes to username/name
will be backward compatible.
-
create_user(**user_attrs)[source]
Creates a users and returns the response object.
Parameters: | user_attrs – attributes added to the request body (optional) |
The response for creating a user will contain the extra fields.
The response for getting a user will contain the extra fields.
-
test_update_returns_new_username_when_adding_username()[source]
The response for updating a user will contain the extra fields.
This is specifically testing for updating a username when a value
was not previously set.
-
test_update_returns_new_username_when_updating_username()[source]
The response for updating a user will contain the extra fields.
This tests updating a username that was previously set.
-
test_updated_username_is_returned()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_can_be_used_instead_of_name_create()[source]
-
test_username_can_be_used_instead_of_name_update()[source]
-
test_username_is_always_returned_create()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_is_always_returned_get()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_is_always_returned_get_by_name()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_is_always_returned_update_no_username_provided()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
class keystone.tests.test_content_types.RestfulTestCase(*args, **kwargs)[source]
Bases: keystone.tests.rest.RestfulTestCase
-
setUp()[source]
-
class keystone.tests.test_content_types.RevokeApiJsonTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_content_types.JsonTestCase
-
config_overrides()[source]
-
test_fetch_revocation_list_admin_200()[source]
-
test_fetch_revocation_list_md5()[source]
-
test_fetch_revocation_list_sha256()[source]
-
class keystone.tests.test_content_types.XmlTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests
-
assertNoRoles(r)[source]
-
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
-
assertValidEndpointListResponse(r)[source]
-
assertValidErrorResponse(r)[source]
-
assertValidExtension(extension, expected)[source]
-
assertValidExtensionListResponse(r, expected)[source]
-
assertValidExtensionResponse(r, expected)[source]
-
assertValidMultipleChoiceResponse(r)[source]
-
assertValidRoleListResponse(r)[source]
-
assertValidTenantListResponse(r)[source]
-
assertValidTenantResponse(r)[source]
-
assertValidUserResponse(r)[source]
-
assertValidVersion(version)[source]
-
assertValidVersionResponse(r)[source]
-
content_type = 'xml'
-
get_user_attribute_from_response(r, attribute_name)[source]
-
get_user_from_response(r)[source]
-
test_add_tenant_json()[source]
Create a tenant without providing description field.
-
test_add_tenant_xml()[source]
Create a tenant without providing description field.
-
test_authenticate_with_invalid_xml_in_password()[source]
-
test_authenticating_a_user_with_an_OSKSADM_password()[source]
-
test_create_project_invalid_enabled_type_string()[source]
-
test_remove_role_revokes_token()[source]
-
test_update_project_invalid_enabled_type_string()[source]
-
xmlns = 'http://docs.openstack.org/identity/api/v2.0'
test_ec2_token_middleware Module
-
class keystone.tests.test_ec2_token_middleware.EC2TokenMiddlewareTestBase(*args, **kwds)[source]
Bases: keystone.tests.core.BaseTestCase
-
test_symbols()[source]
Verify ec2 middleware symbols.
Verify that the keystone version of ec2_token middleware forwards the
public symbols from the keystonemiddleware version of the ec2_token
middleware for backwards compatibility.
test_exception Module
-
class keystone.tests.test_exception.ExceptionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
assertValidJsonRendering(e)[source]
-
test_403_title()[source]
-
test_all_json_renderings()[source]
Everything callable in the exception module should be renderable.
... except for the base error class (exception.Error), which is not
user-facing.
This test provides a custom message to bypass docstring parsing, which
should be tested separately.
-
test_invalid_unicode_string()[source]
-
test_not_found()[source]
-
test_unicode_message()[source]
-
test_unicode_string()[source]
-
test_validation_error()[source]
-
class keystone.tests.test_exception.SecurityErrorTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_exception.ExceptionTestCase
Tests whether security-related info is exposed to the API user.
-
test_forbidden_action_exposure()[source]
-
test_forbidden_action_exposure_in_debug()[source]
-
test_forbidden_exposure()[source]
-
test_forbidden_exposure_in_debug()[source]
-
test_unauthorized_exposure()[source]
-
test_unauthorized_exposure_in_debug()[source]
-
test_unicode_argument_message()[source]
-
class keystone.tests.test_exception.UnexpectedExceptionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_exception.ExceptionTestCase
Tests if internal info is exposed to the API user on UnexpectedError.
-
exception SubClassExc(message=None, **kwargs)[source]
Bases: keystone.exception.UnexpectedError
-
debug_message_format = 'Debug Message: %(debug_info)s'
-
UnexpectedExceptionTestCase.setUp()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_no_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_no_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_subclass_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_subclass_no_debug()[source]
test_hacking_checks Module
test_kvs Module
test_matchers Module
-
class keystone.tests.test_matchers.TestXMLEquals(*args, **kwds)[source]
Bases: keystone.tests.core.BaseTestCase, testtools.tests.matchers.helpers.TestMatchersInterface
-
describe_examples = [('expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', <keystone.tests.matchers.XMLEquals object at 0x7fb3c37ae410>)]
-
equivalent_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n'
-
matches_matcher = <keystone.tests.matchers.XMLEquals object at 0x7fb3c37ae410>
-
matches_matches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n']
-
matches_mismatches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n']
-
matches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n'
-
mismatches_description = 'expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
-
mismatches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
-
str_examples = [('XMLEquals(\'<?xml version="1.0" encoding="UTF-8"?>\\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\\n <first z="0" y="1" x="2"/>\\n <second a="a" b="b"></second>\\n</test>\\n\')', <keystone.tests.matchers.XMLEquals object at 0x7fb3c37ae410>)]
test_notifications Module
-
exception keystone.tests.test_notifications.ArbitraryException[source]
Bases: exceptions.Exception
-
class keystone.tests.test_notifications.CadfNotificationsWrapperTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
ACTION = 'authenticate'
-
LOCAL_HOST = 'localhost'
-
ROLE_ASSIGNMENT = 'role_assignment'
-
setUp()[source]
-
test_group_domain_grant()[source]
-
test_user_project_grant()[source]
-
test_v3_authenticate_user_id()[source]
-
test_v3_authenticate_user_name_and_domain_id()[source]
-
test_v3_authenticate_user_name_and_domain_name()[source]
-
class keystone.tests.test_notifications.NotificationsForEntities(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
setUp()[source]
-
test_create_endpoint()[source]
-
test_create_group()[source]
-
test_create_policy()[source]
-
test_create_project()[source]
-
test_create_region()[source]
-
test_create_role()[source]
-
test_create_service()[source]
-
test_create_trust()[source]
-
test_create_user()[source]
-
test_delete_domain()[source]
-
test_delete_endpoint()[source]
-
test_delete_group()[source]
-
test_delete_policy()[source]
-
test_delete_project()[source]
-
test_delete_region()[source]
-
test_delete_role()[source]
-
test_delete_service()[source]
-
test_delete_trust()[source]
-
test_delete_user()[source]
-
test_disable_domain()[source]
-
test_disable_of_disabled_domain_does_not_notify()[source]
-
test_disable_of_disabled_project_does_not_notify()[source]
-
test_disable_project()[source]
-
test_update_domain()[source]
-
test_update_endpoint()[source]
-
test_update_group()[source]
-
test_update_policy()[source]
-
test_update_project()[source]
-
test_update_project_does_not_send_disable()[source]
-
test_update_region()[source]
-
test_update_role()[source]
-
test_update_service()[source]
-
test_update_user()[source]
-
class keystone.tests.test_notifications.NotificationsTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
-
setUp()[source]
-
test_send_notification()[source]
Test the private method _send_notification to ensure event_type,
payload, and context are built and passed properly.
-
class keystone.tests.test_notifications.NotificationsWrapperTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
-
create_exception(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
create_fake_ref()[source]
-
create_resource(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
delete_exception(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
delete_resource(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
test_create_exception_without_notification()[source]
-
test_delete_exception_without_notification()[source]
-
test_resource_created_notification()[source]
-
test_resource_deleted_notification()[source]
-
test_resource_updated_notification()[source]
-
test_update_exception_without_notification()[source]
-
update_exception(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
update_resource(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
class keystone.tests.test_notifications.TestCallbackRegistration(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
-
setUp()[source]
-
test_a_function_callback()[source]
-
test_a_list_of_callbacks()[source]
-
test_a_method_callback()[source]
-
test_an_invalid_callback()[source]
-
test_an_invalid_event()[source]
-
verify_log_message(data)[source]
Tests that use this are a little brittle because adding more
logging can break them.
TODO(dstanek): remove the need for this in a future refactoring
-
class keystone.tests.test_notifications.TestEventCallbacks(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
setUp()[source]
-
test_event_registration_for_unknown_resource_type()[source]
-
test_invalid_event_callbacks()[source]
-
test_invalid_event_callbacks_event()[source]
-
test_notification_event_not_valid()[source]
-
test_notification_method_not_callable()[source]
-
test_notification_received()[source]
-
test_provider_event_callbacks_subscription()[source]
-
keystone.tests.test_notifications.register_callback(operation, resource_type='3e337c0e6aed40dbbd784a3db94fd82b')[source]
Helper for creating and registering a mock callback.
test_serializer Module
-
class keystone.tests.test_serializer.XmlSerializerTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
assertSerializeDeserialize(d, xml, xmlns=None)[source]
-
test_XmlDeserializer_with_installed_succeeds(*args, **keywargs)[source]
-
test_XmlDeserializer_without_etree_installed_fails(*args, **keywargs)[source]
-
test_XmlSerializer_with_installed_succeeds(*args, **keywargs)[source]
-
test_XmlSerializer_without_etree_installed_fails(*args, **keywargs)[source]
-
test_auth_request()[source]
-
test_collection_list()[source]
-
test_collection_member()[source]
-
test_policy_list()[source]
-
test_role_crud()[source]
-
test_service_crud()[source]
-
test_tenant_crud()[source]
-
test_tenant_crud_no_description()[source]
-
test_v2_links_special_case()[source]
-
test_values_list()[source]
-
test_xml_with_namespaced_attribute_to_dict()[source]
test_singular_plural Module
-
class keystone.tests.test_singular_plural.TestSingularPlural[source]
Bases: object
-
test_keyword_arg_condition_or_methods()[source]
Raise if we see a keyword arg called ‘condition’ or ‘methods’.
test_sql_upgrade Module
To run these tests against a live database:
Modify the file keystone/tests/backend_sql.conf to use the connection
for your live database
Set up a blank, live database
Run the tests using:
tox keystone.tests.test_sql_upgrade
WARNING:
Your database will be wiped.
Do not do this against a database with valuable data as all data will be
lost.
-
class keystone.tests.test_sql_upgrade.SqlMigrateBase(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase
-
assertTableColumns(table_name, expected_cols)[source]
Asserts that the table contains the expected set of columns.
-
assertTableDoesNotExist(table_name)[source]
Asserts that a given table exists cannot be selected by name.
-
assertTableExists(table_name)[source]
-
config_files()[source]
-
downgrade(*args, **kwargs)[source]
-
initial_db_version[source]
-
initialize_sql()[source]
-
repo_package()[source]
-
select_table(name)[source]
-
setUp()[source]
-
tearDown()[source]
-
upgrade(*args, **kwargs)[source]
-
class keystone.tests.test_sql_upgrade.SqlUpgradeTests(*args, **kwargs)[source]
Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase
-
check_initial_table_structure()[source]
-
insert_dict(session, table_name, d, table=None)[source]
Naively inserts key-value pairs into a table, given a dictionary.
-
populate_tenant_table(with_desc_enab=False, with_desc_enab_domain=False)[source]
-
populate_user_table(with_pass_enab=False, with_pass_enab_domain=False)[source]
-
test_add_actor_id_index()[source]
-
test_assignment_table_migration()[source]
-
test_blank_db_to_start()[source]
-
test_downgrade_endpoint_enabled_cols()[source]
Check columns when downgrade from migration 41.
The downgrade from migration 42 removes the enabled column from the
endpoint table.
-
test_downgrade_endpoint_enabled_data()[source]
Downgrade from migration 42 migrates data.
Downgrade from migration 42 migrates data from enabled to
extra. Any disabled endpoints have ‘enabled’: False put into ‘extra’.
-
test_downgrade_service_enabled_cols()[source]
Check columns when downgrade to migration 43.
The downgrade from migration 44 removes the enabled column from the
service table.
-
test_downgrade_service_enabled_data()[source]
Downgrade from migration 44 migrates data.
Downgrade from migration 44 migrates data from enabled to
extra. Any disabled services have ‘enabled’: False put into ‘extra’.
-
test_downgrade_to_db_init_version()[source]
-
test_endpoint_region_downgrade_columns()[source]
-
test_endpoint_region_migration()[source]
-
test_endpoint_region_upgrade_columns()[source]
-
test_id_mapping()[source]
-
test_limited_trusts_downgrade()[source]
-
test_limited_trusts_downgrade_trusts_cleanup()[source]
-
test_limited_trusts_upgrade()[source]
-
test_region_migration()[source]
-
test_region_url_cleanup()[source]
-
test_region_url_downgrade()[source]
-
test_region_url_upgrade()[source]
-
test_remove_actor_id_index()[source]
-
test_start_version_db_init_version()[source]
-
test_token_user_id_and_trust_id_index_downgrade()[source]
-
test_token_user_id_and_trust_id_index_upgrade()[source]
-
test_two_steps_forward_one_step_back()[source]
You should be able to cleanly undo and re-apply all upgrades.
Upgrades are run in the following order:
Starting with the initial version defined at
keystone.common.migrate_repo.DB_INIT_VERSION
INIT +1 -> INIT +2 -> INIT +1 -> INIT +2 -> INIT +3 -> INIT +2 ...
^---------------------^ ^---------------------^
Downgrade to the DB_INIT_VERSION does not occur based on the
requirement that the base version be DB_INIT_VERSION + 1 before
migration can occur. Downgrade below DB_INIT_VERSION + 1 is no longer
supported.
DB_INIT_VERSION is the number preceding the release schema version from
two releases prior. Example, Juno releases with the DB_INIT_VERSION
being 35 where Havana (Havana was two releases before Juno) release
schema version is 36.
The migrate utility requires the db must be initialized under version
control with the revision directly before the first version to be
applied.
-
test_upgrade_add_initial_tables()[source]
-
test_upgrade_endpoint_enabled_cols()[source]
Migration 42 added enabled column to endpoint table.
-
test_upgrade_endpoint_enabled_data()[source]
Migration 42 has to migrate data from extra to enabled.
-
test_upgrade_region_non_unique_description()[source]
Test upgrade to migration 43.
This migration should occur with no unique constraint on the region
description column.
Create two regions with the same description.
-
test_upgrade_region_unique_description()[source]
Test upgrade to migration 43.
This test models a migration where there is a unique constraint on the
description column.
Create two regions with the same description.
-
test_upgrade_service_enabled_cols()[source]
Migration 44 added enabled column to service table.
-
test_upgrade_service_enabled_data()[source]
Migration 44 has to migrate data from extra to enabled.
-
class keystone.tests.test_sql_upgrade.VersionTests(*args, **kwargs)[source]
Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase
-
test_core_initial()[source]
Get the version before migrated, it’s the initial DB version.
-
test_core_max()[source]
When get the version after upgrading, it’s the new version.
-
test_extension_downgraded()[source]
When get the version after downgrading an extension, it is 0.
-
test_extension_initial()[source]
When get the initial version of an extension, it’s 0.
-
test_extension_migrated()[source]
When get the version after migrating an extension, it’s not 0.
-
test_extension_not_controlled()[source]
When get the version before controlling, raises DbMigrationError.
-
test_initial_with_extension_version_None()[source]
When performing a default migration, also migrate extensions.
-
test_initial_with_extension_version_max()[source]
When migrating to max version, do not migrate extensions.
-
test_unexpected_extension()[source]
The version for an extension that doesn’t exist raises ImportError.
-
test_unversioned_extension()[source]
The version for extensions without migrations raise an exception.
test_ssl Module
-
class keystone.tests.test_ssl.SSLTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
get_HTTPSConnection(*args)[source]
Simple helper to configure HTTPSConnection objects.
-
setUp()[source]
-
test_1way_ssl_ok()[source]
Make sure both public and admin API work with 1-way SSL.
-
test_1way_ssl_with_ipv6_ok()[source]
Make sure both public and admin API work with 1-way ipv6 & SSL.
-
test_2way_ssl_fail()[source]
Expect to fail when client does not present proper certificate.
-
test_2way_ssl_ok()[source]
Make sure both public and admin API work with 2-way SSL.
Requires client certificate.
-
test_2way_ssl_with_ipv6_ok()[source]
Make sure both public and admin API work with 2-way ipv6 & SSL.
Requires client certificate.
test_token_bind Module
-
class keystone.tests.test_token_bind.BindTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Test binding tokens to a Principal.
Even though everything in this file references kerberos the same concepts
will apply to all future binding mechanisms.
-
assert_kerberos_bind(tokens, bind_level, use_kerberos=True, success=True)[source]
-
setUp()[source]
-
test_bind_disabled_with_kerb_user()[source]
-
test_bind_named_with_kerb_user()[source]
-
test_bind_named_with_regular_token()[source]
-
test_bind_named_with_unknown_bind()[source]
-
test_bind_named_with_unknown_scheme()[source]
-
test_bind_named_without_kerb_user()[source]
-
test_bind_permissive_with_kerb_user()[source]
-
test_bind_permissive_with_regular_token()[source]
-
test_bind_permissive_with_unknown_bind()[source]
-
test_bind_permissive_without_kerb_user()[source]
-
test_bind_required_with_kerb_user()[source]
-
test_bind_required_with_regular_token()[source]
-
test_bind_required_with_unknown_bind()[source]
-
test_bind_required_without_kerb_user()[source]
-
test_bind_strict_with_kerb_user()[source]
-
test_bind_strict_with_regular_token()[source]
-
test_bind_strict_with_unknown_bind()[source]
-
test_bind_strict_without_kerb_user()[source]
test_url_middleware Module
-
class keystone.tests.test_url_middleware.FakeApp[source]
Bases: object
Fakes a WSGI app URL normalized.
-
class keystone.tests.test_url_middleware.UrlMiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
start_fake_response(status, headers)[source]
-
test_rewrite_empty_path()[source]
Tests empty path is rewritten to root.
-
test_trailing_slash_normalization()[source]
Tests /v2.0/tokens and /v2.0/tokens/ normalized URLs match.
test_v2_controller Module
-
class keystone.tests.test_v2_controller.TenantTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Tests for the V2 Tenant controller.
These tests exercise keystone.assignment.controllers.Tenant.
-
setUp()[source]
-
test_get_project_users_no_user()[source]
get_project_users when user doesn’t exist.
When a user that’s not known to identity has a role on a project,
then get_project_users just skips that user.
-
test_list_projects_default_domain()[source]
Test that list projects only returns those in the default domain.
test_v3 Module
-
class keystone.tests.test_v3.AuthContextMiddlewareTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_admin_token_auth_context()[source]
-
test_auth_context_build_by_middleware()[source]
-
test_auth_context_override()[source]
-
class keystone.tests.test_v3.AuthTestMixin[source]
Bases: object
To hold auth building helper functions.
-
build_auth_scope(project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, domain_id=None, domain_name=None, trust_id=None)[source]
-
build_authentication_request(token=None, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, kerberos=False, **kwargs)[source]
Build auth dictionary.
It will create an auth dictionary based on all the arguments
that it receives.
-
build_password_auth(user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None)[source]
-
build_token_auth(token)[source]
-
class keystone.tests.test_v3.JsonHomeTestMixin[source]
Bases: object
JSON Home test
Mixin this class to provide a test for the JSON-Home response for an
extension.
The base class must set JSON_HOME_DATA to a dict of relationship URLs
(rels) to the JSON-Home data for the relationship. The rels and associated
data must be in the response.
-
test_get_json_home()[source]
-
class keystone.tests.test_v3.RestfulTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.rest.RestfulTestCase, keystone.tests.test_v3.AuthTestMixin
-
admin_request(*args, **kwargs)[source]
Translates XML responses to dicts.
This implies that we only have to write assertions for JSON.
-
assertEqualTokens(a, b)[source]
Assert that two tokens are equal.
Compare two tokens except for their ids. This also truncates
the time in the comparison.
-
assertRoleAssignmentInListResponse(resp, ref, link_url=None, expected=1)[source]
-
assertRoleAssignmentNotInListResponse(resp, ref, link_url=None)[source]
-
assertValidCatalog(entity)[source]
-
assertValidCatalogResponse(resp, *args, **kwargs)[source]
-
assertValidCredential(entity, ref=None)[source]
-
assertValidCredentialListResponse(resp, *args, **kwargs)[source]
-
assertValidCredentialResponse(resp, *args, **kwargs)[source]
-
assertValidDomain(entity, ref=None)[source]
-
assertValidDomainListResponse(resp, *args, **kwargs)[source]
-
assertValidDomainResponse(resp, *args, **kwargs)[source]
-
assertValidDomainScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidEndpoint(entity, ref=None)[source]
-
assertValidEndpointListResponse(resp, *args, **kwargs)[source]
-
assertValidEndpointResponse(resp, *args, **kwargs)[source]
-
assertValidEntity(entity, ref=None, keys_to_check=None)[source]
Make assertions common to all API entities.
If a reference is provided, the entity will also be compared against
the reference.
-
assertValidErrorResponse(r)[source]
-
assertValidGroup(entity, ref=None)[source]
-
assertValidGroupListResponse(resp, *args, **kwargs)[source]
-
assertValidGroupResponse(resp, *args, **kwargs)[source]
-
assertValidISO8601ExtendedFormatDatetime(dt)[source]
-
assertValidListLinks(links, resource_url=None)[source]
-
assertValidListResponse(resp, key, entity_validator, ref=None, expected_length=None, keys_to_check=None, resource_url=None)[source]
Make assertions common to all API list responses.
If a reference is provided, it’s ID will be searched for in the
response, and asserted to be equal.
-
assertValidPolicy(entity, ref=None)[source]
-
assertValidPolicyListResponse(resp, *args, **kwargs)[source]
-
assertValidPolicyResponse(resp, *args, **kwargs)[source]
-
assertValidProject(entity, ref=None)[source]
-
assertValidProjectListResponse(resp, *args, **kwargs)[source]
-
assertValidProjectResponse(resp, *args, **kwargs)[source]
-
assertValidProjectScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidProjectTrustScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidRegion(entity, ref=None)[source]
-
assertValidRegionListResponse(resp, *args, **kwargs)[source]
-
assertValidRegionResponse(resp, *args, **kwargs)[source]
-
assertValidResponse(resp, key, entity_validator, *args, **kwargs)[source]
Make assertions common to all API responses.
-
assertValidRole(entity, ref=None)[source]
-
assertValidRoleAssignment(entity, ref=None, url=None)[source]
-
assertValidRoleAssignmentListResponse(resp, ref=None, expected_length=None, resource_url=None)[source]
-
assertValidRoleListResponse(resp, *args, **kwargs)[source]
-
assertValidRoleResponse(resp, *args, **kwargs)[source]
-
assertValidScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidService(entity, ref=None)[source]
-
assertValidServiceListResponse(resp, *args, **kwargs)[source]
-
assertValidServiceResponse(resp, *args, **kwargs)[source]
-
assertValidTokenResponse(r, user=None)[source]
-
assertValidTrust(entity, ref=None, summary=False)[source]
-
assertValidTrustListResponse(resp, *args, **kwargs)[source]
-
assertValidTrustResponse(resp, *args, **kwargs)[source]
-
assertValidTrustSummary(entity, ref=None)[source]
-
assertValidUnscopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidUser(entity, ref=None)[source]
-
assertValidUserListResponse(resp, *args, **kwargs)[source]
-
assertValidUserResponse(resp, *args, **kwargs)[source]
-
build_external_auth_request(remote_user, remote_domain=None, auth_data=None, kerberos=False)[source]
-
config_files()[source]
-
create_new_default_project_for_user(user_id, domain_id, enable_project=True)[source]
-
delete(path, **kwargs)[source]
-
generate_paste_config()[source]
-
get(path, **kwargs)[source]
-
get_extensions()[source]
-
get_requested_token(auth)[source]
Request the specific token we want.
-
get_scoped_token()[source]
Convenience method so that we can test authenticated requests.
-
head(path, **kwargs)[source]
-
load_backends()[source]
-
load_fixtures(fixtures)[source]
-
load_sample_data()[source]
-
new_credential_ref(user_id, project_id=None, cred_type=None)[source]
-
new_domain_ref()[source]
-
new_endpoint_ref(service_id, interface='public', **kwargs)[source]
-
new_group_ref(domain_id)[source]
-
new_policy_ref()[source]
-
new_project_ref(domain_id)[source]
-
new_ref()[source]
Populates a ref with attributes common to all API entities.
-
new_region_ref()[source]
-
new_role_ref()[source]
-
new_service_ref()[source]
-
new_trust_ref(trustor_user_id, trustee_user_id, project_id=None, impersonation=None, expires=None, role_ids=None, role_names=None, remaining_uses=None)[source]
-
new_user_ref(domain_id, project_id=None)[source]
-
patch(path, **kwargs)[source]
-
post(path, **kwargs)[source]
-
put(path, **kwargs)[source]
-
remove_generated_paste_config()[source]
-
setUp(app_conf='keystone')[source]
Setup for v3 Restful Test Cases.
-
v3_authenticate_token(auth, expected_status=201)[source]
-
v3_noauth_request(path, **kwargs)[source]
-
v3_request(path, **kwargs)[source]
-
class keystone.tests.test_v3.VersionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_get_version()[source]
test_v3_auth Module
-
class keystone.tests.test_v3_auth.TestAPIProtectionWithoutAuthContextMiddleware(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_api_protection_with_no_auth_context_in_env()[source]
-
class keystone.tests.test_v3_auth.TestAuthContext(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_identity_attribute_conflict()[source]
-
test_identity_attribute_conflict_with_none_value()[source]
-
test_non_identity_attribute_conflict_override()[source]
-
test_pick_lowest_expires_at()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalDisabled(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
test_remote_user_disabled()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalDomain(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
content_type = 'json'
-
test_project_id_scoped_with_remote_user()[source]
-
test_remote_user_with_realm()[source]
-
test_unscoped_bind_with_remote_user()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDefaultDomain(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
content_type = 'json'
-
test_remote_user_no_domain()[source]
-
test_remote_user_no_realm()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDomain(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
content_type = 'json'
-
test_project_id_scoped_with_remote_user()[source]
-
test_remote_user_with_realm()[source]
-
test_unscoped_bind_with_remote_user()[source]
-
class keystone.tests.test_v3_auth.TestAuthInfo(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.AuthTestMixin, testtools.testcase.TestCase
-
setUp()[source]
-
test_both_project_and_domain_in_scope()[source]
-
test_get_method_data_invalid_method()[source]
-
test_get_method_names_duplicates()[source]
-
test_missing_auth_method_data()[source]
-
test_missing_auth_methods()[source]
-
test_project_name_no_domain()[source]
-
test_unsupported_auth_method()[source]
-
class keystone.tests.test_v3_auth.TestAuthJSON(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
content_type = 'json'
-
get_v2_token(tenant_id=None)[source]
-
test_auth_catalog_attributes()[source]
-
test_auth_catalog_disabled_endpoint()[source]
On authenticate, get a catalog that excludes disabled endpoints.
-
test_auth_catalog_disabled_service()[source]
On authenticate, get a catalog that excludes disabled services.
-
test_auth_methods_with_different_identities_fails()[source]
-
test_auth_token_cross_domain_group_and_project()[source]
Verify getting a token in cross domain group/project roles.
-
test_auth_with_bind_token()[source]
-
test_auth_with_id()[source]
-
test_authenticating_a_user_with_no_password()[source]
-
test_bind_not_set_with_remote_user()[source]
-
test_default_project_id_scoped_token_with_user_id()[source]
-
test_default_project_id_scoped_token_with_user_id_no_catalog()[source]
-
test_disabled_default_project_domain_result_in_unscoped_token()[source]
-
test_disabled_default_project_result_in_unscoped_token()[source]
-
test_disabled_scope_project_domain_result_in_401()[source]
-
test_domain_id_scoped_token_with_user_domain_id()[source]
-
test_domain_id_scoped_token_with_user_domain_name()[source]
-
test_domain_id_scoped_token_with_user_id()[source]
-
test_domain_name_scoped_token_with_user_domain_id()[source]
-
test_domain_name_scoped_token_with_user_domain_name()[source]
-
test_domain_name_scoped_token_with_user_id()[source]
-
test_domain_scope_failed()[source]
-
test_domain_scope_token_with_group_role()[source]
-
test_domain_scope_token_with_name()[source]
-
test_implicit_project_id_scoped_token_with_user_id_no_catalog()[source]
-
test_invalid_domain_id()[source]
-
test_invalid_domain_name()[source]
-
test_invalid_password()[source]
-
test_invalid_user_id()[source]
-
test_invalid_user_name()[source]
-
test_no_access_to_default_project_result_in_unscoped_token()[source]
-
test_project_id_scoped_token_with_user_domain_id()[source]
-
test_project_id_scoped_token_with_user_domain_name()[source]
-
test_project_id_scoped_token_with_user_id()[source]
-
test_project_id_scoped_token_with_user_id_401()[source]
-
test_remote_user_and_explicit_external()[source]
-
test_remote_user_and_password()[source]
-
test_remote_user_bad_password()[source]
-
test_remote_user_no_domain()[source]
-
test_remote_user_no_realm()[source]
-
test_unscoped_token_with_user_domain_id()[source]
-
test_unscoped_token_with_user_domain_name()[source]
-
test_unscoped_token_with_user_id()[source]
-
test_user_and_group_roles_scoped_token()[source]
Test correct roles are returned in scoped token.
Test Plan:
- Create a domain, with 1 project, 2 users (user1 and user2)
and 2 groups (group1 and group2)
- Make user1 a member of group1, user2 a member of group2
- Create 8 roles, assigning them to each of the 8 combinations
of users/groups on domain/project
- Get a project scoped token for user1, checking that the right
two roles are returned (one directly assigned, one by virtue
of group membership)
- Repeat this for a domain scoped token
- Make user1 also a member of group2
- Get another scoped token making sure the additional role
shows up
- User2 is just here as a spoiler, to make sure we don’t get
any roles uniquely assigned to it returned in any of our
tokens
-
test_v2_v3_bind_token_intermix()[source]
-
test_validate_v2_scoped_token_with_v3_api()[source]
-
test_validate_v2_unscoped_token_with_v3_api()[source]
-
test_verify_with_bound_token()[source]
-
class keystone.tests.test_v3_auth.TestAuthJSONExternal(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
auth_plugin_config_override(methods=None, **method_classes)[source]
-
config_overrides()[source]
-
content_type = 'json'
-
test_remote_user_no_method()[source]
-
class keystone.tests.test_v3_auth.TestAuthKerberos(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_auth.TestAuthExternalDomain
-
config_overrides()[source]
-
class keystone.tests.test_v3_auth.TestAuthSpecificData(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_get_catalog_domain_scoped_token()[source]
Call GET /auth/catalog with a domain-scoped token.
-
test_get_catalog_no_token()[source]
Call GET /auth/catalog without a token.
-
test_get_catalog_project_scoped_token()[source]
Call GET /auth/catalog with a project-scoped token.
-
test_get_catalog_unscoped_token()[source]
Call GET /auth/catalog with an unscoped token.
-
test_get_domains_project_scoped_token()[source]
-
test_get_projects_project_scoped_token()[source]
-
class keystone.tests.test_v3_auth.TestAuthXML(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_auth.TestAuthJSON
-
content_type = 'xml'
-
class keystone.tests.test_v3_auth.TestPKITokenAPIs(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests
-
config_overrides()[source]
-
setUp()[source]
-
class keystone.tests.test_v3_auth.TestPKIZTokenAPIs(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests
-
config_overrides()[source]
-
setUp()[source]
-
verify_token(*args, **kwargs)[source]
-
class keystone.tests.test_v3_auth.TestTokenRevokeApi(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_auth.TestTokenRevokeById
-
EXTENSION_NAME = 'revoke'
-
EXTENSION_TO_ADD = 'revoke_extension'
Test token revocation on the v3 Identity API.
-
assertDomainInList(events_response, domain_id)[source]
-
assertEventDataInList(events, **kwargs)[source]
-
assertValidDeletedProjectResponse(events_response, project_id)[source]
-
assertValidRevokedTokenResponse(events_response, **kwargs)[source]
-
config_overrides()[source]
-
test_disable_domain_shows_in_event_list()[source]
-
test_list_delete_project_shows_in_event_list()[source]
-
test_list_delete_token_shows_in_event_list()[source]
-
test_list_with_filter()[source]
-
test_revoke_by_id_false_410()[source]
-
test_revoke_token()[source]
-
test_revoke_v2_token()[source]
-
class keystone.tests.test_v3_auth.TestTokenRevokeById(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test token revocation on the v3 Identity API.
-
config_overrides()[source]
-
get_v2_token(token=None, project_id=None)[source]
-
role_data_fixtures()[source]
-
setUp()[source]
Setup for Token Revoking Test Cases.
As well as the usual housekeeping, create a set of domains,
users, groups, roles and projects for the subsequent tests:
- Two domains: A & B
- Three users (1, 2 and 3)
- Three groups (1, 2 and 3)
- Two roles (1 and 2)
- DomainA owns user1, domainB owns user2 and user3
- DomainA owns group1 and group2, domainB owns group3
- User1 and user2 are members of group1
- User3 is a member of group2
- Two projects: A & B, both in domainA
- Group1 has role1 on Project A and B, meaning that user1 and user2
will get these roles by virtue of membership
- User1, 2 and 3 have role1 assigned to projectA
- Group1 has role1 on Project A and B, meaning that user1 and user2
will get role1 (duplicated) by virtue of membership
- User1 has role2 assigned to domainA
-
test_deleting_group_grant_revokes_tokens()[source]
Test deleting a group grant revokes tokens.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Get a token for user2, scoped to ProjectA
- Get a token for user3, scoped to ProjectA
- Delete the grant group1 has on ProjectA
- Check tokens for user1 & user2 are no longer valid,
since user1 and user2 are members of group1
- Check token for user3 is still valid
-
test_deleting_project_deletes_grants()[source]
-
test_deleting_project_revokes_token()[source]
-
test_deleting_role_revokes_token()[source]
Test deleting a role revokes token.
- Add some additional test data, namely:
- A third project (project C)
- Three additional users - user4 owned by domainB and user5 and 6
owned by domainA (different domain ownership should not affect
the test results, just provided to broaden test coverage)
- User5 is a member of group1
- Group1 gets an additional assignment - role1 on projectB as
well as its existing role1 on projectA
- User4 has role2 on Project C
- User6 has role1 on projectA and domainA
- This allows us to create 5 tokens by virtue of different types
of role assignment:
- user1, scoped to ProjectA by virtue of user role1 assignment
- user5, scoped to ProjectB by virtue of group role1 assignment
- user4, scoped to ProjectC by virtue of user role2 assignment
- user6, scoped to ProjectA by virtue of user role1 assignment
- user6, scoped to DomainA by virtue of user role1 assignment
- role1 is then deleted
- Check the tokens on Project A and B, and DomainA are revoked,
but not the one for Project C
-
test_deleting_user_grant_revokes_token()[source]
Test deleting a user grant revokes token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Delete the grant user1 has on ProjectA
- Check token is no longer valid
-
test_disabling_project_revokes_token()[source]
-
test_domain_group_role_assignment_maintains_token()[source]
Test domain-group role assignment maintains existing token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Create a grant for group1 on DomainB
- Check token is still longer valid
-
test_domain_user_role_assignment_maintains_token()[source]
Test user-domain role assignment maintains existing token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Create a grant for user1 on DomainB
- Check token is still valid
-
test_group_membership_changes_revokes_token()[source]
Test add/removal to/from group revokes token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Get a token for user2, scoped to ProjectA
- Remove user1 from group1
- Check token for user1 is no longer valid
- Check token for user2 is still valid, even though
user2 is also part of group1
- Add user2 to group2
- Check token for user2 is now no longer valid
-
test_removing_role_assignment_does_not_affect_other_users()[source]
Revoking a role from one user should not affect other users.
-
test_revoke_token_from_token()[source]
-
test_revoke_token_from_token_v2()[source]
-
test_revoke_v2_token_no_check()[source]
-
test_unscoped_token_remains_valid_after_role_assignment()[source]
-
class keystone.tests.test_v3_auth.TestTokenRevokeSelfAndAdmin(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test token revoke using v3 Identity API by token owner and admin.
-
config_overrides()[source]
-
load_sample_data()[source]
Load Sample Data for Test Cases.
Two domains, domainA and domainB
Two users in domainA, userNormalA and userAdminA
One user in domainB, userAdminB
-
test_adminA_revokes_userA_token()[source]
-
test_adminB_fails_revoking_userA_token()[source]
-
test_user_revokes_own_token()[source]
-
class keystone.tests.test_v3_auth.TestTrustAuth(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
EXTENSION_NAME = 'revoke'
-
EXTENSION_TO_ADD = 'revoke_extension'
-
assertTrustTokensRevoked(trust_id)[source]
-
config_overrides()[source]
-
disable_user(user)[source]
-
setUp()[source]
-
test_change_password_invalidates_trust_tokens()[source]
-
test_consume_trust_once()[source]
-
test_create_expired_trust()[source]
-
test_create_one_time_use_trust()[source]
-
test_create_trust_400()[source]
-
test_create_trust_no_roles()[source]
-
test_create_trust_project_404()[source]
-
test_create_trust_role_id_404()[source]
-
test_create_trust_role_name_404()[source]
-
test_create_trust_trustee_404()[source]
-
test_create_trust_trustor_trustee_backwards()[source]
-
test_create_trust_with_bad_values_for_remaining_uses()[source]
-
test_create_unlimited_use_trust()[source]
-
test_create_unscoped_trust()[source]
-
test_delete_trust()[source]
-
test_delete_trust_revokes_tokens()[source]
-
test_do_not_consume_remaining_uses_when_get_token_fails()[source]
-
test_exercise_trust_scoped_token_with_impersonation()[source]
-
test_exercise_trust_scoped_token_without_impersonation()[source]
-
test_impersonation_token_cannot_create_new_trust()[source]
-
test_invalid_trust_request_without_impersonation()[source]
-
test_invalid_trust_request_without_trustee()[source]
-
test_list_trusts()[source]
-
test_trust_chained()[source]
Test that a trust token can’t be used to execute another trust.
To do this, we create an A->B->C hierarchy of trusts, then attempt to
execute the trusts in series (C->B->A).
-
test_trust_crud()[source]
-
test_trust_deleted_grant()[source]
-
test_trust_get_token_fails_if_trustee_disabled()[source]
-
test_trust_get_token_fails_if_trustor_disabled()[source]
-
test_trustee_can_do_role_ops()[source]
-
test_v3_v2_intermix()[source]
-
test_v3_v2_intermix_project_not_in_default_domaini_failed()[source]
-
test_v3_v2_intermix_trustor_not_in_default_domain_failed()[source]
-
test_v3_v2_intermix_trustor_not_in_default_domaini_failed()[source]
-
class keystone.tests.test_v3_auth.TestTrustOptional(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
test_auth_with_scope_in_trust_403()[source]
-
test_trusts_404()[source]
-
class keystone.tests.test_v3_auth.TestUUIDTokenAPIs(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests
-
config_overrides()[source]
-
setUp()[source]
-
test_v3_token_id()[source]
-
test_v3_v2_hashed_pki_token_intermix()[source]
-
class keystone.tests.test_v3_auth.TokenAPITests[source]
Bases: object
-
doSetUp()[source]
-
test_check_token()[source]
-
test_default_fixture_scope_token()[source]
-
test_rescoping_token()[source]
-
test_v2_token_deleted_on_v3()[source]
-
test_v2_v3_token_intermix()[source]
-
test_v2_v3_unscoped_token_intermix()[source]
-
test_v3_token_id()[source]
-
test_v3_v2_hashed_pki_token_intermix()[source]
-
test_v3_v2_intermix_domain_scoped_token_failed()[source]
-
test_v3_v2_intermix_new_default_domain()[source]
-
test_v3_v2_intermix_non_default_domain_failed()[source]
-
test_v3_v2_intermix_non_default_project_failed()[source]
-
test_v3_v2_token_intermix()[source]
-
test_v3_v2_unscoped_token_intermix()[source]
-
test_validate_token()[source]
-
test_validate_token_nocatalog()[source]
-
verify_token(*args, **kwargs)[source]
test_v3_catalog Module
-
class keystone.tests.test_v3_catalog.CatalogTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test service & endpoint CRUD.
-
test_create_endpoint_enabled_false()[source]
Call POST /endpoints with enabled: false.
-
test_create_endpoint_enabled_str_false()[source]
Call POST /endpoints with enabled: ‘False’.
-
test_create_endpoint_enabled_str_random()[source]
Call POST /endpoints with enabled: ‘puppies’.
-
test_create_endpoint_enabled_str_true()[source]
Call POST /endpoints with enabled: ‘True’.
-
test_create_endpoint_enabled_true()[source]
Call POST /endpoints with enabled: true.
-
test_create_endpoint_no_enabled()[source]
Call POST /endpoints.
-
test_create_endpoint_on_v2()[source]
-
test_create_endpoint_with_empty_url()[source]
Call POST /endpoints.
-
test_create_endpoint_with_invalid_region_id()[source]
Call POST /endpoints.
-
test_create_endpoint_with_no_region()[source]
EndpointV3 allows to creates the endpoint without region.
-
test_create_endpoint_with_region()[source]
EndpointV3 creates the region before creating the endpoint, if
endpoint is provided with ‘region’ and no ‘region_id’
-
test_create_region()[source]
Call POST /regions with an ID in the request body.
-
test_create_region_with_conflicting_ids()[source]
Call PUT /regions/{region_id} with conflicting region IDs.
-
test_create_region_with_duplicate_id()[source]
Call PUT /regions/{region_id}.
-
test_create_region_with_empty_id()[source]
Call POST /regions with an empty ID in the request body.
-
test_create_region_with_id()[source]
Call PUT /regions/{region_id} w/o an ID in the request body.
-
test_create_region_with_matching_ids()[source]
Call PUT /regions/{region_id} with an ID in the request body.
-
test_create_region_with_url()[source]
Call POST /regions with a custom url field.
-
test_create_region_without_description()[source]
Call POST /regions without description in the request body.
-
test_create_region_without_id()[source]
Call POST /regions without an ID in the request body.
-
test_create_regions_with_same_description_string()[source]
Call POST /regions with same description in the request bodies.
-
test_create_regions_without_descriptions()[source]
Call POST /regions with no description in the request bodies.
-
test_create_service()[source]
Call POST /services.
-
test_create_service_enabled_false()[source]
Call POST /services.
-
test_create_service_enabled_str_false()[source]
Call POST /services.
-
test_create_service_enabled_str_random()[source]
Call POST /services.
-
test_create_service_enabled_str_true()[source]
Call POST /services.
-
test_create_service_enabled_true()[source]
Call POST /services.
-
test_create_service_no_enabled()[source]
Call POST /services.
-
test_delete_endpoint()[source]
Call DELETE /endpoints/{endpoint_id}.
-
test_delete_region()[source]
Call DELETE /regions/{region_id}.
-
test_delete_service()[source]
Call DELETE /services/{service_id}.
-
test_filter_list_services_by_name()[source]
Call GET /services?name=<some name>.
-
test_filter_list_services_by_type()[source]
Call GET /services?type=<some type>.
-
test_get_endpoint()[source]
Call GET /endpoints/{endpoint_id}.
-
test_get_region()[source]
Call GET /regions/{region_id}.
-
test_get_service()[source]
Call GET /services/{service_id}.
-
test_list_endpoints()[source]
Call GET /endpoints.
-
test_list_endpoints_xml()[source]
Call GET /endpoints (xml data).
-
test_list_regions()[source]
Call GET /regions.
-
test_list_regions_filtered_by_parent_region_id()[source]
Call GET /regions?parent_region_id={parent_region_id}.
-
test_list_regions_xml()[source]
Call GET /regions (xml data).
-
test_list_services()[source]
Call GET /services.
-
test_list_services_xml()[source]
Call GET /services (xml data).
-
test_update_endpoint()[source]
Call PATCH /endpoints/{endpoint_id}.
-
test_update_endpoint_enabled_false()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: False.
-
test_update_endpoint_enabled_str_false()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: ‘False’.
-
test_update_endpoint_enabled_str_random()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: ‘kitties’.
-
test_update_endpoint_enabled_str_true()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: ‘True’.
-
test_update_endpoint_enabled_true()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: True.
-
test_update_region()[source]
Call PATCH /regions/{region_id}.
-
test_update_region_with_url()[source]
Call PUT /regions with a custom url field.
-
test_update_service()[source]
Call PATCH /services/{service_id}.
-
class keystone.tests.test_v3_catalog.TestCatalogAPISQL(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Tests for the catalog Manager against the SQL backend.
-
config_overrides()[source]
-
new_endpoint_ref(service_id)[source]
-
setUp()[source]
-
test_get_catalog_ignores_endpoints_with_invalid_urls()[source]
-
class keystone.tests.test_v3_catalog.TestCatalogAPISQLRegions(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Tests for the catalog Manager against the SQL backend.
-
assertValidCatalogEndpoint(entity, ref=None)[source]
-
config_overrides()[source]
-
new_endpoint_ref(service_id)[source]
-
setUp()[source]
-
test_get_catalog_returns_proper_endpoints_with_no_region()[source]
-
test_get_catalog_returns_proper_endpoints_with_region()[source]
test_v3_controller Module
-
class keystone.tests.test_v3_controller.V3ControllerTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Tests for the V3Controller class.
-
setUp()[source]
-
test_check_immutable_params()[source]
Pass valid parameters to the method and expect no failure.
-
test_check_immutable_params_fail()[source]
Pass invalid parameter to the method and expect failure.
test_v3_credential Module
-
class keystone.tests.test_v3_credential.CredentialBaseTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
class keystone.tests.test_v3_credential.CredentialTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase
Test credential CRUD.
-
setUp()[source]
-
test_create_credential()[source]
Call POST /credentials.
-
test_create_credential_with_admin_token()[source]
-
test_create_ec2_credential()[source]
Call POST /credentials for creating ec2 credential.
-
test_create_ec2_credential_with_invalid_blob()[source]
Call POST /credentials for creating ec2
credential with invalid blob.
-
test_create_non_ec2_credential()[source]
Call POST /credentials for creating non-ec2 credential.
-
test_credential_api_delete_credentials_for_project()[source]
-
test_credential_api_delete_credentials_for_user()[source]
-
test_delete_credential()[source]
Call DELETE /credentials/{credential_id}.
-
test_get_credential()[source]
Call GET /credentials/{credential_id}.
-
test_get_ec2_dict_blob()[source]
Ensure non-JSON blob data is correctly converted.
-
test_list_credentials()[source]
Call GET /credentials.
-
test_list_credentials_filtered_by_user_id()[source]
Call GET /credentials?user_id={user_id}.
-
test_list_credentials_xml()[source]
Call GET /credentials (xml data).
-
test_list_ec2_dict_blob()[source]
Ensure non-JSON blob data is correctly converted.
-
test_update_credential()[source]
Call PATCH /credentials/{credential_id}.
-
class keystone.tests.test_v3_credential.TestCredentialEc2(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase
Test v3 credential compatibility with ec2tokens.
-
setUp()[source]
-
test_ec2_create_credential()[source]
Test ec2 credential creation.
-
test_ec2_credential_signature_validate()[source]
Test signature validation with a v3 ec2 credential.
-
test_ec2_credential_signature_validate_legacy()[source]
Test signature validation with a legacy v3 ec2 credential.
-
test_ec2_delete_credential()[source]
Test ec2 credential deletion.
-
test_ec2_get_credential()[source]
-
test_ec2_list_credentials()[source]
Test ec2 credential listing.
-
class keystone.tests.test_v3_credential.TestCredentialTrustScoped(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test credential with trust scoped token.
-
config_overrides()[source]
-
setUp()[source]
-
test_trust_scoped_ec2_credential()[source]
Call POST /credentials for creating ec2 credential.
test_v3_endpoint_policy Module
-
class keystone.tests.test_v3_endpoint_policy.EndpointPolicyTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_endpoint_policy.TestExtensionCase
Test endpoint policy CRUD.
In general, the controller layer of the endpoint policy extension is really
just marshalling the data around the underlying manager calls. Given that
the manager layer is tested in depth by the backend tests, the tests we
execute here concentrate on ensuring we are correctly passing and
presenting the data.
-
setUp()[source]
-
test_crud_for_policy_for_explicit_endpoint()[source]
PUT, HEAD and DELETE for explicit endpoint policy.
-
test_crud_for_policy_for_region_and_service()[source]
PUT, HEAD and DELETE for region and service endpoint policy.
-
test_crud_for_policy_for_service()[source]
PUT, HEAD and DELETE for service endpoint policy.
-
test_endpoint_association_cleanup_when_endpoint_deleted()[source]
-
test_get_policy_for_endpoint()[source]
GET /endpoints/{endpoint_id}/policy.
-
test_list_endpoints_for_policy()[source]
GET /policies/%(policy_id}/endpoints.
-
test_region_service_association_cleanup_when_region_deleted()[source]
-
test_region_service_association_cleanup_when_service_deleted()[source]
-
test_service_association_cleanup_when_service_deleted()[source]
-
class keystone.tests.test_v3_endpoint_policy.JsonHomeTests(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_endpoint_policy.TestExtensionCase, keystone.tests.test_v3.JsonHomeTestMixin
-
EXTENSION_LOCATION = 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel'
-
JSON_HOME_DATA = {'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/endpoint_policy': {'href-template': '/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy', 'href-vars': {'endpoint_id': 'http://docs.openstack.org/api/openstack-identity/3/param/endpoint_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/service_policy_association': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}', 'href-vars': {'service_id': 'http://docs.openstack.org/api/openstack-identity/3/param/service_id', 'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/endpoint_policy_association': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}', 'href-vars': {'endpoint_id': 'http://docs.openstack.org/api/openstack-identity/3/param/endpoint_id', 'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/policy_endpoints': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints', 'href-vars': {'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}, 'http://docs.openstack.org/api/openstack-identity/3/ext/OS-ENDPOINT-POLICY/1.0/rel/region_and_service_policy_association': {'href-template': '/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}', 'href-vars': {'service_id': 'http://docs.openstack.org/api/openstack-identity/3/param/service_id', 'region_id': 'http://docs.openstack.org/api/openstack-identity/3/param/region_id', 'policy_id': 'http://docs.openstack.org/api/openstack-identity/3/param/policy_id'}}}
-
PARAM_LOCATION = 'http://docs.openstack.org/api/openstack-identity/3/param'
-
class keystone.tests.test_v3_endpoint_policy.TestExtensionCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
EXTENSION_NAME = 'endpoint_policy'
-
EXTENSION_TO_ADD = 'endpoint_policy_extension'
test_v3_federation Module
test_v3_filters Module
-
class keystone.tests.test_v3_filters.IdentityTestFilteredCase(*args, **kwargs)[source]
Bases: keystone.tests.filtering.FilterTests, keystone.tests.test_v3.RestfulTestCase
Test filter enforcement on the v3 Identity API.
-
content_type = 'json'
-
load_sample_data()[source]
Create sample data for these tests.
As well as the usual housekeeping, create a set of domains,
users, roles and projects for the subsequent tests:
- Three domains: A,B & C. C is disabled.
- DomainA has user1, DomainB has user2 and user3
- DomainA has group1 and group2, DomainB has group3
- User1 has a role on DomainA
Remember that there will also be a fourth domain in existence,
the default domain.
-
setUp()[source]
Setup for Identity Filter Test Cases.
-
test_filter_sql_injection_attack()[source]
GET /users?name=<injected sql_statement>
Test Plan:
- Attempt to get all entities back by passing a two-term attribute
- Attempt to piggyback filter to damage DB (e.g. drop table)
-
test_inexact_filters()[source]
-
test_list_filtered_domains()[source]
GET /domains?enabled=0
Test Plan:
- Update policy for no protection on api
- Filter by the ‘enabled’ boolean to get disabled domains, which
should return just domainC
- Try the filter using different ways of specifying True/False
to test that our handling of booleans in filter matching is
correct
-
test_list_users_filtered_by_domain()[source]
GET /users?domain_id=mydomain (filtered)
Test Plan:
- Update policy so api is unprotected
- Use an un-scoped token to make sure we can filter the
users by domainB, getting back the 2 users in that domain
-
test_list_users_filtered_by_funny_name()[source]
GET /users?name=%myname%
Test Plan:
- Update policy so api is unprotected
- Update a user with name that has filter escape characters
- Ensure we can filter on it
-
test_multiple_filters()[source]
GET /domains?enabled&name=myname
Test Plan:
- Update policy for no protection on api
- Filter by the ‘enabled’ boolean and name - this should
return a single domain
-
class keystone.tests.test_v3_filters.IdentityTestFilteredCaseXML(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase
-
content_type = 'xml'
-
class keystone.tests.test_v3_filters.IdentityTestListLimitCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase
Test list limiting enforcement on the v3 Identity API.
-
clean_up_entity(entity)[source]
Clean up entity test data from Identity Limit Test Cases.
-
clean_up_policy()[source]
Clean up policy test data from Identity Limit Test Cases.
-
clean_up_service()[source]
Clean up service test data from Identity Limit Test Cases.
-
content_type = 'json'
-
setUp()[source]
Setup for Identity Limit Test Cases.
-
test_at_limit()[source]
Check truncated attribute not set when list at max size.
-
test_groups_list_limit()[source]
-
test_no_limit()[source]
Check truncated attribute not set when list not limited.
-
test_non_driver_list_limit()[source]
Check list can be limited without driver level support.
Policy limiting is not done at the driver level (since it
really isn’t worth doing it there). So use this as a test
for ensuring the controller level will successfully limit
in this case.
-
test_projects_list_limit()[source]
-
test_services_list_limit()[source]
-
test_users_list_limit()[source]
-
class keystone.tests.test_v3_filters.IdentityTestListLimitCaseXML(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_filters.IdentityTestListLimitCase
-
content_type = 'xml'
test_v3_identity Module
-
class keystone.tests.test_v3_identity.IdentityInheritanceDisabledTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test inheritance crud and its effects.
-
config_overrides()[source]
-
test_crud_inherited_role_grants_failed_if_disabled()[source]
-
class keystone.tests.test_v3_identity.IdentityInheritanceTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test inheritance crud and its effects.
-
config_overrides()[source]
-
test_crud_user_inherited_domain_role_grants()[source]
-
test_filtered_role_assignments_for_inherited_grants()[source]
Call GET /role_assignments?scope.OS-INHERIT:inherited_to.
Test Plan:
- Create 5 roles
- Create a domain with a user, group and two projects
- Assign three direct spoiler roles to projects
- Issue the URL to add an inherited user role to the domain
- Issue the URL to add an inherited group role to the domain
- Issue the URL to filter by inherited roles - this should
return just the 2 inherited roles.
-
test_list_role_assignments_for_disabled_inheritance_extension()[source]
Call GET /role_assignments with inherited domain grants.
Test Plan:
- Issue the URL to add inherited role to the domain
- Issue the URL to check effective roles on project include the
inherited role
- Disable the extension
- Re-check the effective roles, proving the inherited role no longer
shows up.
-
test_list_role_assignments_for_inherited_domain_grants()[source]
Call GET /role_assignments with inherited domain grants.
Test Plan:
- Create 4 roles
- Create a domain with a user and two projects
- Assign two direct roles to project1
- Assign a spoiler role to project2
- Issue the URL to add inherited role to the domain
- Issue the URL to check it is indeed on the domain
- Issue the URL to check effective roles on project1 - this
should return 3 roles.
-
test_list_role_assignments_for_inherited_group_domain_grants()[source]
Call GET /role_assignments with inherited group domain grants.
Test Plan:
- Create 4 roles
- Create a domain with a user and two projects
- Assign two direct roles to project1
- Assign a spoiler role to project2
- Issue the URL to add inherited role to the domain
- Issue the URL to check it is indeed on the domain
- Issue the URL to check effective roles on project1 - this
should return 3 roles.
-
class keystone.tests.test_v3_identity.IdentityTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test domains, projects, users, groups, & role CRUD.
-
setUp()[source]
-
test_add_user_to_group()[source]
Call PUT /groups/{group_id}/users/{user_id}.
-
test_admin_password_reset()[source]
-
test_check_effective_values_for_role_assignments()[source]
Call GET /role_assignments?effective=value.
Check the various ways of specifying the ‘effective’
query parameter. If the ‘effective’ query parameter
is included then this should always be treated as meaning ‘True’
unless it is specified as:
{url}?effective=0
This is by design to match the agreed way of handling
policy checking on query/filter parameters.
Test Plan:
- Create two extra user for tests
- Add these users to a group
- Add a role assignment for the group on a domain
- Get a list of all role assignments, checking one has been added
- Then issue various request with different ways of defining
the ‘effective’ query parameter. As we have tested the
correctness of the data coming back when we get effective roles
in other tests, here we just use the count of entities to
know if we are getting effective roles or not
-
test_check_user_in_group()[source]
Call HEAD /groups/{group_id}/users/{user_id}.
-
test_create_domain()[source]
Call POST /domains.
-
test_create_domain_400()[source]
Call POST /domains.
-
test_create_domain_case_sensitivity()[source]
Call POST /domains` twice with upper() and lower() cased name.
-
test_create_group()[source]
Call POST /groups.
-
test_create_group_400()[source]
Call POST /groups.
-
test_create_project()[source]
Call POST /projects.
-
test_create_project_400()[source]
Call POST /projects.
-
test_create_role()[source]
Call POST /roles.
-
test_create_role_400()[source]
Call POST /roles.
-
test_create_user()[source]
Call POST /users.
-
test_create_user_400()[source]
Call POST /users.
-
test_create_user_password_not_logged()[source]
-
test_create_user_without_domain()[source]
Call POST /users without specifying domain.
According to the identity-api specification, if you do not
explicitly specific the domain_id in the entity, it should
take the domain scope of the token as the domain_id.
-
test_crud_group_domain_role_grants()[source]
-
test_crud_group_domain_role_grants_no_group()[source]
Grant role on a domain to a group that doesn’t exist, 404 result.
When grant a role on a domain to a group that doesn’t exist, the server
returns 404 Not Found for the group.
-
test_crud_group_project_role_grants()[source]
-
test_crud_group_project_role_grants_no_group()[source]
Grant role on a project to a group that doesn’t exist, 404 result.
When grant a role on a project to a group that doesn’t exist, the
server returns 404 Not Found for the group.
-
test_crud_user_domain_role_grants()[source]
-
test_crud_user_domain_role_grants_no_user()[source]
Grant role on a domain to a user that doesn’t exist, 404 result.
When grant a role on a domain to a user that doesn’t exist, the server
returns 404 Not Found for the user.
-
test_crud_user_project_role_grants()[source]
-
test_crud_user_project_role_grants_no_user()[source]
Grant role on a project to a user that doesn’t exist, 404 result.
When grant a role on a project to a user that doesn’t exist, the server
returns 404 Not Found for the user.
-
test_delete_default_domain_fails()[source]
-
test_delete_domain()[source]
Call DELETE /domains/{domain_id}.
The sample data set up already has a user, group, project
and credential that is part of self.domain. Since the user
we will authenticate with is in this domain, we create a
another set of entities in a second domain. Deleting this
second domain should delete all these new entities. In addition,
all the entities in the regular self.domain should be unaffected
by the delete.
Test Plan:
- Create domain2 and a 2nd set of entities
- Disable domain2
- Delete domain2
- Check entities in domain2 have been deleted
- Check entities in self.domain are unaffected
-
test_delete_enabled_domain_fails()[source]
Call DELETE /domains/{domain_id} (when domain enabled).
-
test_delete_group()[source]
Call DELETE /groups/{group_id}.
-
test_delete_new_default_domain_fails()[source]
-
test_delete_old_default_domain()[source]
-
test_delete_project()[source]
Call DELETE /projects/{project_id}
As well as making sure the delete succeeds, we ensure
that any credentials that reference this projects are
also deleted, while other credentials are unaffected.
-
test_delete_role()[source]
Call DELETE /roles/{role_id}.
-
test_delete_user()[source]
Call DELETE /users/{user_id}.
As well as making sure the delete succeeds, we ensure
that any credentials that reference this user are
also deleted, while other credentials are unaffected.
In addition, no tokens should remain valid for this user.
-
test_delete_user_and_check_role_assignment_fails()[source]
Call DELETE on the user and check the role assignment.
-
test_delete_user_before_removing_role_assignment_succeeds()[source]
Call DELETE on the user before the role assignment.
-
test_disable_domain()[source]
Call PATCH /domains/{domain_id} (set enabled=False).
-
test_filtered_role_assignments()[source]
Call GET /role_assignments?filters.
Test Plan:
- Create extra users, group, role and project for tests
- Make the following assignments:
Give group1, role1 on project1 and domain
Give user1, role2 on project1 and domain
Make User1 a member of Group1
- Test a series of single filter list calls, checking that
the correct results are obtained
- Test a multi-filtered list call
- Test listing all effective roles for a given user
- Test the equivalent of the list of roles in a project scoped
token (all effective roles for a user on a project)
-
test_get_domain()[source]
Call GET /domains/{domain_id}.
-
test_get_effective_role_assignments()[source]
Call GET /role_assignments?effective.
Test Plan:
- Create two extra user for tests
- Add these users to a group
- Add a role assignment for the group on a domain
- Get a list of all role assignments, checking one has been added
- Then get a list of all effective role assignments - the group
assignment should have turned into assignments on the domain
for each of the group members.
-
test_get_group()[source]
Call GET /groups/{group_id}.
-
test_get_project()[source]
Call GET /projects/{project_id}.
-
test_get_role()[source]
Call GET /roles/{role_id}.
-
test_get_role_assignments()[source]
Call GET /role_assignments.
The sample data set up already has a user, group and project
that is part of self.domain. We use these plus a new user
we create as our data set, making sure we ignore any
role assignments that are already in existence.
Since we don’t yet support a first class entity for role
assignments, we are only testing the LIST API. To create
and delete the role assignments we use the old grant APIs.
Test Plan:
- Create extra user for tests
- Get a list of all existing role assignments
- Add a new assignment for each of the four combinations, i.e.
group+domain, user+domain, group+project, user+project, using
the same role each time
- Get a new list of all role assignments, checking these four new
ones have been added
- Then delete the four we added
- Get a new list of all role assignments, checking the four have
been removed
-
test_get_user()[source]
Call GET /users/{user_id}.
-
test_get_user_with_default_project()[source]
Call GET /users/{user_id} making sure of default_project_id.
-
test_list_domains()[source]
Call GET /domains.
-
test_list_domains_xml()[source]
Call GET /domains (xml data).
-
test_list_groups()[source]
Call GET /groups.
-
test_list_groups_for_user()[source]
Call GET /users/{user_id}/groups.
-
test_list_groups_xml()[source]
Call GET /groups (xml data).
-
test_list_projects()[source]
Call GET /projects.
-
test_list_projects_xml()[source]
Call GET /projects (xml data).
-
test_list_roles()[source]
Call GET /roles.
-
test_list_roles_xml()[source]
Call GET /roles (xml data).
-
test_list_users()[source]
Call GET /users.
-
test_list_users_in_group()[source]
Call GET /groups/{group_id}/users.
-
test_list_users_no_default_project()[source]
Call GET /users making sure no default_project_id.
-
test_list_users_with_multiple_backends()[source]
Call GET /users when multiple backends is enabled.
In this scenario, the controller requires a domain to be specified
either as a filter or by using a domain scoped token.
-
test_list_users_with_static_admin_token_and_multiple_backends()[source]
-
test_list_users_xml()[source]
Call GET /users (xml data).
-
test_remove_user_from_group()[source]
Call DELETE /groups/{group_id}/users/{user_id}.
-
test_token_revoked_once_domain_disabled()[source]
Test token from a disabled domain has been invalidated.
Test that a token that was valid for an enabled domain
becomes invalid once that domain is disabled.
-
test_token_revoked_once_group_role_grant_revoked()[source]
Test token is revoked when group role grant is revoked
When a role granted to a group is revoked for a given scope,
all tokens related to this scope and belonging to one of the members
of this group should be revoked.
The revocation should be independently to the presence
of the revoke API.
-
test_update_domain()[source]
Call PATCH /domains/{domain_id}.
-
test_update_group()[source]
Call PATCH /groups/{group_id}.
-
test_update_group_domain_id()[source]
Call PATCH /groups/{group_id} with domain_id.
-
test_update_password_not_logged()[source]
-
test_update_project()[source]
Call PATCH /projects/{project_id}.
-
test_update_project_domain_id()[source]
Call PATCH /projects/{project_id} with domain_id.
-
test_update_role()[source]
Call PATCH /roles/{role_id}.
-
test_update_user()[source]
Call PATCH /users/{user_id}.
-
test_update_user_domain_id()[source]
Call PATCH /users/{user_id} with domain_id.
-
class keystone.tests.test_v3_identity.TestV3toV2Methods(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Test V3 to V2 conversion methods.
-
setUp()[source]
-
test_v2controller_filter_domain_id()[source]
-
test_v3_to_v2_user_method()[source]
-
test_v3_to_v2_user_method_list()[source]
-
test_v3controller_filter_domain_id()[source]
-
class keystone.tests.test_v3_identity.UserSelfServiceChangingPasswordsTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
change_password(expected_status, **kwargs)[source]
Returns a test response for a change password request.
-
get_request_token(password, expected_status)[source]
-
setUp()[source]
-
test_changing_password()[source]
-
test_changing_password_not_logged()[source]
-
test_changing_password_with_disabled_user_fails()[source]
-
test_changing_password_with_incorrect_password_fails()[source]
-
test_changing_password_with_missing_original_password_fails()[source]
-
test_changing_password_with_missing_password_fails()[source]
test_v3_policy Module
-
class keystone.tests.test_v3_policy.PolicyTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test policy CRUD.
-
setUp()[source]
-
test_create_policy()[source]
Call POST /policies.
-
test_delete_policy()[source]
Call DELETE /policies/{policy_id}.
-
test_get_policy()[source]
Call GET /policies/{policy_id}.
-
test_list_policies()[source]
Call GET /policies.
-
test_list_policies_xml()[source]
Call GET /policies (xml data).
-
test_update_policy()[source]
Call PATCH /policies/{policy_id}.
test_v3_protection Module
-
class keystone.tests.test_v3_protection.IdentityTestProtectedCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test policy enforcement on the v3 Identity API.
-
load_sample_data()[source]
-
setUp()[source]
Setup for Identity Protection Test Cases.
As well as the usual housekeeping, create a set of domains,
users, roles and projects for the subsequent tests:
- Three domains: A,B & C. C is disabled.
- DomainA has user1, DomainB has user2 and user3
- DomainA has group1 and group2, DomainB has group3
- User1 has two roles on DomainA
- User2 has one role on DomainA
Remember that there will also be a fourth domain in existence,
the default domain.
-
test_get_user_protected_match_id()[source]
GET /users/{id} (match payload)
Test Plan:
- Update policy to protect api by user_id
- List users with user_id of user1 as filter, to check that
this will correctly match user_id in the flattened
payload
-
test_get_user_protected_match_target()[source]
GET /users/{id} (match target)
Test Plan:
- Update policy to protect api by domain_id
- Try and read a user who is in DomainB with a token scoped
to Domain A - this should fail
- Retry this for a user who is in Domain A, which should succeed.
- Finally, try getting a user that does not exist, which should
still return UserNotFound
-
test_list_groups_protected_by_domain()[source]
GET /groups?domain_id=mydomain (protected)
Test Plan:
- Update policy to protect api by domain_id
- List groups using a token scoped to domainA and make sure
we only get back the two groups that are in domainA
- Try and read the groups from domainB - this should fail since
we don’t have a token scoped for domainB
-
test_list_groups_protected_by_domain_and_filtered()[source]
GET /groups?domain_id=mydomain&name=myname (protected)
Test Plan:
- Update policy to protect api by domain_id
- List groups using a token scoped to domainA with a filter
specifying both domainA and the name of group.
- We should only get back the group in domainA that matches
the name
-
test_list_users_filtered_by_domain()[source]
GET /users?domain_id=mydomain (filtered)
Test Plan:
- Update policy so api is unprotected
- Use an un-scoped token to make sure we can filter the
users by domainB, getting back the 2 users in that domain
-
test_list_users_protected_by_domain()[source]
GET /users?domain_id=mydomain (protected)
Test Plan:
- Update policy to protect api by domain_id
- List groups using a token scoped to domainA with a filter
specifying domainA - we should only get back the one user
that is in domainA.
- Try and read the users from domainB - this should fail since
we don’t have a token scoped for domainB
-
test_list_users_unprotected()[source]
GET /users (unprotected)
Test Plan:
- Update policy so api is unprotected
- Use an un-scoped token to make sure we can get back all
the users independent of domain
-
test_revoke_grant_protected_match_target()[source]
DELETE /domains/{id}/users/{id}/roles/{id} (match target)
Test Plan:
- Update policy to protect api by domain_id of entities in
the grant
- Try and delete the existing grant that has a user who is
from a different domain - this should fail.
- Retry this for a user who is in Domain A, which should succeed.
-
class keystone.tests.test_v3_protection.IdentityTestv3CloudPolicySample(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test policy enforcement of the sample v3 cloud policy file.
-
load_sample_data()[source]
-
setUp()[source]
Setup for v3 Cloud Policy Sample Test Cases.
The following data is created:
- Three domains: domainA, domainB and admin_domain
- One project, which name is ‘project’
- domainA has three users: domain_admin_user, project_admin_user and
just_a_user:
- domain_admin_user has role ‘admin’ on domainA,
- project_admin_user has role ‘admin’ on the project,
- just_a_user has a non-admin role on both domainA and the project.
- admin_domain has user cloud_admin_user, with an ‘admin’ role
on admin_domain.
We test various api protection rules from the cloud sample policy
file to make sure the sample is valid and that we correctly enforce it.
-
test_cloud_admin()[source]
-
test_domain_grants()[source]
-
test_domain_grants_by_cloud_admin()[source]
-
test_list_user_credentials()[source]
-
test_project_grants()[source]
-
test_project_grants_by_domain_admin()[source]
-
test_project_management()[source]
-
test_user_management()[source]
-
test_user_management_by_cloud_admin()[source]
test_validation Module
-
class keystone.tests.test_validation.CredentialValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Credential API validation.
-
setUp()[source]
-
test_validate_credential_succeeds()[source]
Test that we validate a credential request.
-
test_validate_credential_update_succeeds()[source]
Test that a credential request is properly validated.
Validate credential update with extra parameters.
-
test_validate_credential_update_without_parameters_fails()[source]
Exception is raised on update without parameters.
Validate create request with extra parameters.
-
test_validate_credential_with_types_succeeds()[source]
Test that credential type works for ec2 and cert.
-
test_validate_credential_without_blob_fails()[source]
Exception raised without blob in create request.
-
test_validate_credential_without_type_fails()[source]
Exception raised without type in create request.
-
test_validate_credential_without_user_id_fails()[source]
Exception raised without user_id in create request.
-
class keystone.tests.test_validation.DomainValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Domain API validation.
-
setUp()[source]
-
test_validate_domain_request()[source]
Make sure we successfully validate a create domain request.
-
test_validate_domain_request_with_enabled()[source]
Validate enabled as boolean-like values for domains.
-
test_validate_domain_request_with_invalid_description_fails()[source]
Exception is raised when description is a non-string value.
-
test_validate_domain_request_with_invalid_enabled_fails()[source]
Exception is raised when enabled isn’t a boolean-like value.
-
test_validate_domain_request_with_name_too_long()[source]
Exception is raised when name is too long.
-
test_validate_domain_request_with_name_too_short()[source]
Exception raised when name is too short.
-
test_validate_domain_request_with_valid_description()[source]
Test that we validate description in create domain requests.
-
test_validate_domain_request_without_name_fails()[source]
Make sure we raise an exception when name isn’t included.
-
test_validate_domain_update_request()[source]
Test that we validate a domain update request.
-
test_validate_domain_update_request_with_name_too_long_fails()[source]
Exception raised when updating a domain with name too long.
-
test_validate_domain_update_request_with_name_too_short_fails()[source]
Exception raised when updating a domain with name too short.
-
test_validate_domain_update_request_with_no_parameters_fails()[source]
Exception is raised when updating a domain without parameters.
-
class keystone.tests.test_validation.EndpointValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Endpoint API validation.
-
setUp()[source]
-
test_validate_create_endpoint_fails_with_invalid_enabled()[source]
Exception raised when boolean-like values as enabled.
-
test_validate_endpoint_create_fails_with_invalid_interface()[source]
Exception raised with invalid interface.
-
test_validate_endpoint_create_fails_with_invalid_url()[source]
Exception raised when passing invalid url in request.
-
test_validate_endpoint_create_fails_without_interface()[source]
Exception raised when interface isn’t in endpoint request.
-
test_validate_endpoint_create_fails_without_service_id()[source]
Exception raised when service_id isn’t in endpoint request.
-
test_validate_endpoint_create_fails_without_url()[source]
Exception raised when url isn’t in endpoint request.
Test that extra parameters pass validation on create endpoint.
-
test_validate_endpoint_create_succeeds_with_required_parameters()[source]
Validate an endpoint request with only the required parameters.
-
test_validate_endpoint_create_succeeds_with_url()[source]
Validate url attribute in endpoint create request.
-
test_validate_endpoint_create_succeeds_with_valid_enabled()[source]
Validate an endpoint with boolean values.
Validate boolean values as enabled in endpoint create requests.
-
test_validate_endpoint_request_succeeds()[source]
Test that we validate an endpoint request.
-
test_validate_endpoint_update_fails_with_invalid_enabled()[source]
Exception raised when enabled is boolean-like value.
-
test_validate_endpoint_update_fails_with_invalid_interface()[source]
Exception raised when invalid interface on endpoint update.
-
test_validate_endpoint_update_fails_with_invalid_url()[source]
Exception raised when passing invalid url in request.
-
test_validate_endpoint_update_fails_with_no_parameters()[source]
Exception raised when no parameters on endpoint update.
-
test_validate_endpoint_update_request_succeeds()[source]
Test that we validate an endpoint update request.
Test that extra parameters pass validation on update endpoint.
-
test_validate_endpoint_update_succeeds_with_url()[source]
Validate url attribute in endpoint update request.
-
test_validate_endpoint_update_succeeds_with_valid_enabled()[source]
Validate enabled as boolean values.
-
class keystone.tests.test_validation.EntityValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
-
setUp()[source]
-
test_create_entity_with_all_valid_parameters_validates()[source]
Validate all parameter values against test schema.
-
test_create_entity_with_invalid_email_fails()[source]
Validate invalid email address.
Test that an exception is raised when validating improperly
formatted email addresses.
-
test_create_entity_with_invalid_enabled_format_raises_exception()[source]
Validate invalid enabled formats.
Test that an exception is raised when passing invalid boolean-like
values as enabled.
-
test_create_entity_with_invalid_id_strings()[source]
Exception raised when using invalid id strings.
-
test_create_entity_with_invalid_urls_fails()[source]
Test that an exception is raised when validating improper urls.
-
test_create_entity_with_name_too_long_raises_exception()[source]
Validate long names.
Validate that an exception is raised when validating a string of 255+
characters passed in as a name.
-
test_create_entity_with_name_too_short_raises_exception()[source]
Validate short names.
Test that an exception is raised when passing a string of length
zero as a name parameter.
-
test_create_entity_with_null_id_string()[source]
Validate that None is an acceptable optional string type.
-
test_create_entity_with_null_string_succeeds()[source]
Exception raised when passing None on required id strings.
-
test_create_entity_with_only_required_valid_parameters_validates()[source]
Validate correct for only parameters values against test schema.
-
test_create_entity_with_unicode_name_validates()[source]
Test that we successfully validate a unicode string.
-
test_create_entity_with_valid_email_validates()[source]
Validate email address
Test that we successfully validate properly formatted email
addresses.
-
test_create_entity_with_valid_enabled_formats_validates()[source]
Validate valid enabled formats.
Test that we have successful validation on boolean values for
enabled.
-
test_create_entity_with_valid_id_strings()[source]
Validate acceptable id strings.
-
test_create_entity_with_valid_urls_validates()[source]
Test that proper urls are successfully validated.
-
test_update_entity_with_a_null_optional_parameter_validates()[source]
Optional parameters can be null to removed the value.
-
test_update_entity_with_a_required_null_parameter_fails()[source]
The name parameter can’t be null.
-
test_update_entity_with_a_valid_optional_parameter_validates()[source]
Succeeds with only a single valid optional parameter.
-
test_update_entity_with_a_valid_required_parameter_validates()[source]
Succeed if a valid required parameter is provided.
-
test_update_entity_with_all_parameters_valid_validates()[source]
Simulate updating an entity by ID.
-
test_update_entity_with_invalid_optional_parameter_fails()[source]
Fails when an optional parameter is invalid.
-
test_update_entity_with_invalid_required_parameter_fails()[source]
Fail if a provided required parameter is invalid.
-
test_update_entity_with_no_parameters_fails()[source]
At least one parameter needs to be present for an update.
-
class keystone.tests.test_validation.PolicyValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Policy API validation.
-
setUp()[source]
Validate policy create with extra parameters.
-
test_validate_policy_create_with_invalid_type_fails()[source]
Exception raised when blob and type are boolean.
-
test_validate_policy_succeeds()[source]
Test that we validate a create policy request.
-
test_validate_policy_update_succeeds()[source]
Test that we validate a policy update request.
Validate policy update request with extra parameters.
-
test_validate_policy_update_with_invalid_type_fails()[source]
Exception raised when invalid type on policy update.
-
test_validate_policy_update_without_parameters_fails()[source]
Exception raised when updating policy without parameters.
-
test_validate_policy_without_blob_fails()[source]
Exception raised without blob in request.
-
test_validate_policy_without_type_fails()[source]
Exception raised without type in request.
-
class keystone.tests.test_validation.ProjectValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Project API validation.
-
setUp()[source]
-
test_validate_project_request()[source]
Test that we validate a project with name in request.
-
test_validate_project_request_with_enabled()[source]
Validate enabled as boolean-like values for projects.
-
test_validate_project_request_with_invalid_description_fails()[source]
Exception is raised when description as a non-string value.
-
test_validate_project_request_with_invalid_enabled_fails()[source]
Exception is raised when enabled isn’t a boolean-like value.
-
test_validate_project_request_with_name_too_long()[source]
Exception is raised when name is too long.
-
test_validate_project_request_with_name_too_short()[source]
Exception raised when name is too short.
-
test_validate_project_request_with_valid_description()[source]
Test that we validate description in create project requests.
-
test_validate_project_request_without_name_fails()[source]
Validate project request fails without name.
-
test_validate_project_update_request()[source]
Test that we validate a project update request.
-
test_validate_project_update_request_with_name_too_long_fails()[source]
Exception raised when updating a project with name too long.
-
test_validate_project_update_request_with_name_too_short_fails()[source]
Exception raised when updating a project with name too short.
-
test_validate_project_update_request_with_no_parameters_fails()[source]
Exception is raised when updating project without parameters.
-
test_validate_project_update_request_with_null_domain_id_fails()[source]
-
class keystone.tests.test_validation.RegionValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Region API validation.
-
setUp()[source]
-
test_validate_region_create_fails_with_invalid_url()[source]
Exception raised when passing invalid url in request.
-
test_validate_region_create_request_with_parameters()[source]
Test that we validate a region request with parameters.
Validate create region request with extra values.
-
test_validate_region_create_succeeds_with_url()[source]
Validate url attribute in region create request.
-
test_validate_region_create_with_uuid()[source]
Test that we validate a region request with a UUID as the id.
-
test_validate_region_request()[source]
Test that we validate a basic region request.
-
test_validate_region_update_fails_with_invalid_url()[source]
Exception raised when passing invalid url in request.
-
test_validate_region_update_fails_with_no_parameters()[source]
Exception raised when passing no parameters in a region update.
-
test_validate_region_update_succeeds()[source]
Test that we validate a region update request.
Validate extra attributes in the region update request.
-
test_validate_region_update_succeeds_with_url()[source]
Validate url attribute in region update request.
-
class keystone.tests.test_validation.RoleValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Role API validation.
-
setUp()[source]
-
test_validate_role_create_when_name_is_not_string_fails()[source]
Exception is raised on role create with a non-string name.
-
test_validate_role_create_without_name_raises_exception()[source]
Test that we raise an exception when name isn’t included.
-
test_validate_role_request()[source]
Test we can successfully validate a create role request.
-
test_validate_role_update_fails_with_invalid_name_fails()[source]
Exception when validating an update request with invalid name.
-
test_validate_role_update_request()[source]
Test that we validate a role update request.
-
class keystone.tests.test_validation.ServiceValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Service API validation.
-
setUp()[source]
-
test_validate_service_create_fails_when_name_too_long()[source]
Exception raised when name is greater than 255 characters.
-
test_validate_service_create_fails_when_name_too_short()[source]
Exception is raised when name is too short.
-
test_validate_service_create_fails_when_type_too_long()[source]
Exception is raised when type is too long.
-
test_validate_service_create_fails_when_type_too_short()[source]
Exception is raised when type is too short.
-
test_validate_service_create_fails_with_invalid_enabled()[source]
Exception raised when boolean-like parameters as enabled
On service create, make sure an exception is raised if enabled is
not a boolean value.
-
test_validate_service_create_fails_without_type()[source]
Exception raised when trying to create a service without type.
-
test_validate_service_create_succeeds()[source]
Test that we validate a service create request.
Test that extra parameters pass validation on create service.
-
test_validate_service_create_succeeds_with_required_parameters()[source]
Validate a service create request with the required parameters.
-
test_validate_service_create_succeeds_with_valid_enabled()[source]
Validate boolean values as enabled values on service create.
-
test_validate_service_update_fails_with_invalid_enabled()[source]
Exception raised when boolean-like values as enabled.
-
test_validate_service_update_fails_with_name_too_long()[source]
Exception is raised when name is too long on update.
-
test_validate_service_update_fails_with_name_too_short()[source]
Exception is raised when name is too short on update.
-
test_validate_service_update_fails_with_no_parameters()[source]
Exception raised when updating a service without values.
-
test_validate_service_update_fails_with_type_too_long()[source]
Exception is raised when type is too long on update.
-
test_validate_service_update_fails_with_type_too_short()[source]
Exception is raised when type is too short on update.
-
test_validate_service_update_request_succeeds()[source]
Test that we validate a service update request.
Validate updating a service with extra parameters.
-
test_validate_service_update_succeeds_with_valid_enabled()[source]
Validate boolean formats as enabled on service update.
-
class keystone.tests.test_validation.TrustValidationTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Test for V3 Trust API validation.
-
setUp()[source]
-
test_validate_trust_succeeds()[source]
Test that we can validate a trust request.
-
test_validate_trust_with_all_parameters_succeeds()[source]
Test that we can validate a trust request with all parameters.
Test that we can validate a trust request with extra parameters.
-
test_validate_trust_with_invalid_expires_at_fails()[source]
Validate trust request with invalid expires_at fails.
-
test_validate_trust_with_invalid_impersonation_fails()[source]
Validate trust request with invalid impersonation fails.
-
test_validate_trust_with_invalid_role_type_fails()[source]
Validate trust request with invalid roles fails.
-
test_validate_trust_with_list_of_valid_roles_succeeds()[source]
Validate trust request with a list of valid roles.
-
test_validate_trust_with_null_remaining_uses_succeeds()[source]
Validate trust request with null remaining_uses.
-
test_validate_trust_with_remaining_uses_succeeds()[source]
Validate trust request with remaining_uses succeeds.
-
test_validate_trust_with_role_types_succeeds()[source]
Validate trust request with roles succeeds.
-
test_validate_trust_without_impersonation_fails()[source]
Validate trust request fails without impersonation.
-
test_validate_trust_without_trustee_id_fails()[source]
Validate trust request fails without trustee_id.
-
test_validate_trust_without_trustor_id_fails()[source]
Validate trust request fails without trustor_id.
test_versions Module
-
class keystone.tests.test_versions.VersionInheritEnabledTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
config_overrides()[source]
-
setUp()[source]
-
test_json_home_v3()[source]
-
class keystone.tests.test_versions.VersionSingleAppTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Tests running with a single application loaded.
These are important because when Keystone is running in Apache httpd
there’s only one application loaded for each instance.
-
config_overrides()[source]
-
setUp()[source]
-
test_admin()[source]
-
test_public()[source]
-
class keystone.tests.test_versions.VersionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
config_overrides()[source]
-
setUp()[source]
-
test_accept_type_handling()[source]
-
test_admin_version_v2()[source]
-
test_admin_version_v3()[source]
-
test_admin_versions()[source]
-
test_json_home_root()[source]
-
test_json_home_v3()[source]
-
test_public_version_v2()[source]
-
test_public_version_v3()[source]
-
test_public_versions()[source]
-
test_use_site_url_if_endpoint_unset()[source]
-
test_use_site_url_if_endpoint_unset_v2()[source]
-
test_use_site_url_if_endpoint_unset_v3()[source]
-
test_v2_disabled(*args, **keywargs)[source]
-
test_v3_disabled(*args, **keywargs)[source]
-
class keystone.tests.test_versions.XmlVersionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
DOC_INTRO = '<?xml version="1.0" encoding="UTF-8"?>'
-
VERSIONS_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<versions xmlns="http://docs.openstack.org/identity/api/v2.0">\n\n<version status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n\n<version status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n</version>\n\n</versions>\n'
-
XML_NAMESPACE_ATTR = 'xmlns="http://docs.openstack.org/identity/api/v2.0"'
-
XML_NAMESPACE_V3 = 'xmlns="http://docs.openstack.org/identity/api/v3"'
-
config_overrides()[source]
-
setUp()[source]
-
test_admin_version_v2()[source]
-
test_admin_version_v3()[source]
-
test_admin_versions()[source]
-
test_public_version_v2()[source]
-
test_public_version_v3()[source]
-
test_public_versions()[source]
-
test_use_site_url_if_endpoint_unset()[source]
-
test_v2_disabled(*args, **keywargs)[source]
-
test_v3_disabled(*args, **keywargs)[source]
-
v2_VERSION_DATA = '\n<version %(v2_namespace)s status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n </links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n</version>\n'
-
v2_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v2.0" status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/" type="text/html" rel="describedby"/>\n</version>\n'
-
v3_VERSION_DATA = '\n<version %(v3_namespace)s status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'
-
v3_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v3" status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'
test_wsgi Module
-
class keystone.tests.test_wsgi.ApplicationTest(*args, **kwargs)[source]
Bases: keystone.tests.test_wsgi.BaseWSGITest
-
test_application_local_config()[source]
-
test_attribute_missing_from_request()[source]
-
test_no_required_attributes_present()[source]
-
test_query_string_available()[source]
-
test_render_exception()[source]
-
test_render_exception_host()[source]
-
test_render_response()[source]
-
test_render_response_custom_status()[source]
-
test_render_response_head_with_body()[source]
-
test_render_response_no_body()[source]
-
test_require_attribute_fail_if_attribute_not_present()[source]
-
test_response_content_type()[source]
-
test_successful_require_attribute()[source]
-
test_successful_require_multiple_attributes()[source]
-
class keystone.tests.test_wsgi.BaseWSGITest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
class keystone.tests.test_wsgi.ExtensionRouterTest(*args, **kwargs)[source]
Bases: keystone.tests.test_wsgi.BaseWSGITest
-
test_extensionrouter_local_config()[source]
-
class keystone.tests.test_wsgi.FakeApp(*args, **kwargs)[source]
Bases: keystone.common.wsgi.Application
-
index(context)[source]
-
class keystone.tests.test_wsgi.FakeAttributeCheckerApp(*args, **kwargs)[source]
Bases: keystone.common.wsgi.Application
-
assert_attribute(body, attr)[source]
Asserts that the given request has a certain attribute.
-
assert_attributes(body, attr)[source]
Asserts that the given request has a certain set attributes.
-
index(context)[source]
-
class keystone.tests.test_wsgi.LocalizedResponseTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_get_localized_response(*args, **keywargs)[source]
-
test_request_match_default()[source]
-
test_request_match_language_expected(*args, **keywargs)[source]
-
test_request_match_language_unexpected(*args, **keywargs)[source]
-
test_static_translated_string_is_lazy_translatable()[source]
-
class keystone.tests.test_wsgi.MiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.test_wsgi.BaseWSGITest
-
test_middleware_bad_request()[source]
-
test_middleware_exception_error()[source]
-
test_middleware_local_config()[source]
-
test_middleware_request()[source]
-
test_middleware_response()[source]
-
test_middleware_type_error()[source]
-
class keystone.tests.test_wsgi.ServerTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_client_socket_timeout()[source]
-
test_keepalive_and_keepidle_set(*args, **keywargs)[source]
-
test_keepalive_set(*args, **keywargs)[source]
-
test_keepalive_unset(*args, **keywargs)[source]
-
test_wsgi_keep_alive()[source]
utils Module
Useful utilities for tests.
-
keystone.tests.utils.new_uuid()[source]
Return a string UUID.