keystone.tests package

Submodules

keystone.tests.core module

class keystone.tests.core.BaseTestCase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

Light weight base test class.

This is a placeholder that will eventually go away once thc setup/teardown in TestCase is properly trimmed down to the bare essentials. This is really just a play to speed up the tests by eliminating unnecessary work.

cleanup_instance(*names)[source]

Create a function suitable for use with self.addCleanup.

Returns:a callable that uses a closure to delete instance attributes
class keystone.tests.core.NoModule[source]

Bases: object

A mixin class to provide support for unloading/disabling modules.

clear_module(module)[source]
disable_module(module)[source]

Ensure ImportError for the specified module.

setUp()[source]
class keystone.tests.core.SQLDriverOverrides[source]

Bases: object

A mixin for consolidating sql-specific test overrides.

config_overrides()[source]
class keystone.tests.core.TestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.BaseTestCase

add_path(path)[source]
assertCloseEnoughForGovernmentWork(a, b, delta=3)[source]

Asserts that two datetimes are nearly equal within a small delta.

Parameters:delta – Maximum allowable time delta, defined in seconds.
assertDictContainsSubset(expected, actual, msg=None)[source]

Checks whether actual is a superset of expected.

assertDictEqual(d1, d2, msg=None)[source]
assertNotEmpty(l)[source]
assertRaisesRegexp(expected_exception, expected_regexp, callable_obj, *args, **kwargs)[source]

Asserts that the message in a raised exception matches a regexp.

assertSetEqual(set1, set2, msg=None)[source]
clear_auth_plugin_registry()[source]
client(app, *args, **kw)[source]
config(config_files)[source]
config_files()[source]
config_overrides()[source]
ipv6_enabled[source]
load_backends()[source]

Initializes each manager and assigns them to an attribute.

load_fixtures(fixtures)[source]

Hacky basic and naive fixture loading based on a python module.

Expects that the various APIs into the various services are already defined on self.

loadapp(config, name='main')[source]
setUp()[source]
skip_if_env_not_set(env_var)[source]
skip_if_no_ipv6()[source]
class keystone.tests.core.TestClient(app=None, token=None)[source]

Bases: object

get(path, headers=None)[source]
post(path, headers=None, body=None)[source]
put(path, headers=None, body=None)[source]
request(method, path, headers=None, body=None)[source]
exception keystone.tests.core.UnexpectedExit[source]

Bases: exceptions.Exception

keystone.tests.core.checkout_vendor(repo, rev)[source]
class keystone.tests.core.dirs[source]
static etc(*p)[source]
static root(*p)[source]
static tests(*p)[source]
static tests_conf(*p)[source]
static tmp(*p)[source]
keystone.tests.core.generate_paste_config(extension_name)[source]
keystone.tests.core.remove_generated_paste_config(extension_name)[source]
keystone.tests.core.remove_test_databases()[source]
keystone.tests.core.setup_database()[source]
keystone.tests.core.skip_if_cache_disabled(*sections)[source]

This decorator is used to skip a test if caching is disabled either globally or for the specific section.

In the code fragment:

@skip_if_cache_is_disabled('assignment', 'token')
def test_method(*args):
    ...

The method test_method would be skipped if caching is disabled globally via the enabled option in the cache section of the configuration or if the caching option is set to false in either assignment or token sections of the configuration. This decorator can be used with no arguments to only check global caching.

If a specified configuration section does not define the caching option, this decorator makes the same assumption as the should_cache_fn in keystone.common.cache that caching should be enabled.

keystone.tests.core.teardown_database()[source]

keystone.tests.default_fixtures module

keystone.tests.fakeldap module

Fake LDAP server for test harness.

This class does very little error checking, and knows nothing about ldap class definitions. It implements the minimum emulation of the python ldap library to work with nova.

class keystone.tests.fakeldap.FakeLdap(url, *args, **kwargs)[source]

Bases: object

Fake LDAP connection.

add_s(dn, attrs)[source]

Add an object with the specified attributes at dn.

delete_ext_s(dn, serverctrls)[source]

Remove the ldap object at specified dn.

delete_s(dn)[source]

Remove the ldap object at specified dn.

modify_s(dn, attrs)[source]

Modify the object at dn using the attribute list.

Parameters:
  • dn – an LDAP DN
  • attrs – a list of tuples in the following form: ([MOD_ADD | MOD_DELETE | MOD_REPACE], attribute, value)
search_s(dn, scope, query=None, fields=None)[source]

Search for all matching objects under dn using the query.

Args: dn – dn to search under scope – only SCOPE_BASE and SCOPE_SUBTREE are supported query – query to filter objects by fields – fields to return. Returns all fields if not specified

simple_bind_s(dn, password)[source]

This method is ignored, but provided for compatibility.

unbind_s()[source]

This method is ignored, but provided for compatibility.

class keystone.tests.fakeldap.FakeShelve[source]

Bases: dict

sync()[source]

keystone.tests.filtering module

class keystone.tests.filtering.FilterTests[source]

Bases: object

keystone.tests.mapping_fixtures module

Fixtures for Federation Mapping.

keystone.tests.matchers module

class keystone.tests.matchers.XMLEquals(expected)[source]

Bases: object

Parses two XML documents from strings and compares the results.

match(other)[source]
class keystone.tests.matchers.XMLMismatch(expected, other)[source]

Bases: testtools.matchers._impl.Mismatch

describe()[source]

keystone.tests.rest module

class keystone.tests.rest.RestfulTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Performs restful tests against the WSGI app over HTTP.

This class launches public & admin WSGI servers for every test, which can be accessed by calling public_request() or admin_request(), respectfully.

restful_request() and request() methods are also exposed if you need to bypass restful conventions or access HTTP details in your test implementation.

Three new asserts are provided:

  • assertResponseSuccessful: called automatically for every request

    unless an expected_status is provided

  • assertResponseStatus: called instead of assertResponseSuccessful,

    if an expected_status is provided

  • assertValidResponseHeaders: validates that the response headers

    appear as expected

Requests are automatically serialized according to the defined content_type. Responses are automatically deserialized as well, and available in the response.body attribute. The original body content is available in the response.raw attribute.

admin_request(**kwargs)[source]
assertResponseStatus(response, expected_status)[source]

Asserts a specific status code on the response.

Parameters:
  • responsehttplib.HTTPResponse
  • expected_status – The specific status result expected

example:

self.assertResponseStatus(response, 203)
assertResponseSuccessful(response)[source]

Asserts that a status code lies inside the 2xx range.

Parameters:responsehttplib.HTTPResponse to be verified to have a status code between 200 and 299.

example:

self.assertResponseSuccessful(response, 203)
assertValidErrorResponse(response, expected_status=400)[source]

Verify that the error response is valid.

Subclasses can override this function based on the expected response.

assertValidResponseHeaders(response)[source]

Ensures that response headers appear as expected.

content_type = 'json'
get_scoped_token(tenant_id=None)[source]

Convenience method so that we can test authenticated requests.

get_unscoped_token()[source]

Convenience method so that we can test authenticated requests.

public_request(**kwargs)[source]
request(app, path, body=None, headers=None, token=None, expected_status=None, **kwargs)[source]
restful_request(method='GET', headers=None, body=None, content_type=None, **kwargs)[source]

Serializes/deserializes json/xml as request/response body.

Warning

  • Existing Accept header will be overwritten.
  • Existing Content-Type header will be overwritten.
setUp(app_conf='keystone')[source]

keystone.tests.test_associate_project_endpoint_extension module

class keystone.tests.test_associate_project_endpoint_extension.AssociateEndpointProjectFilterCRUDTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase

Test OS-EP-FILTER endpoint to project associations extension.

test_check_endpoint_project_assoc()[source]

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid project and endpoint id test case.

test_check_endpoint_project_assoc_noendp()[source]

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_check_endpoint_project_assoc_noproj()[source]

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

test_create_endpoint_project_assoc()[source]

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid endpoint and project id test case.

test_create_endpoint_project_assoc_noendp()[source]

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_create_endpoint_project_assoc_noproj()[source]

PUT OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

test_create_endpoint_project_assoc_unexpected_body()[source]

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Unexpected body in request. The body should be ignored.

test_get_endpoint_project_assoc()[source]

GET /OS-EP-FILTER/projects/{project_id}/endpoints success.

test_get_endpoint_project_assoc_noproj()[source]

GET /OS-EP-FILTER/projects/{project_id}/endpoints no project.

test_list_projects_for_endpoint_assoc()[source]

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects success

Associate default project and endpoint, then get it.

test_list_projects_for_endpoint_default()[source]

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects success

Don’t associate project and endpoint, then get empty list.

test_list_projects_for_endpoint_noendpoint()[source]

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects

Invalid endpoint id test case.

test_remove_endpoint_project_assoc()[source]

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid project id and endpoint id test case.

test_remove_endpoint_project_assoc_noendp()[source]

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_remove_endpoint_project_assoc_noproj()[source]

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

class keystone.tests.test_associate_project_endpoint_extension.AssociateProjectEndpointFilterTokenRequestTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase

Test OS-EP-FILTER catalog filtering extension.

test_default_project_id_scoped_token_ep_filter_full_catalog()[source]
test_default_project_id_scoped_token_ep_filter_no_catalog()[source]
test_default_project_id_scoped_token_with_user_id_ep_filter()[source]
test_disabled_endpoint()[source]

The catalog contains only enabled endpoints.

test_implicit_project_id_scoped_token_ep_filter_full_catalog()[source]
test_implicit_project_id_scoped_token_ep_filter_no_catalog()[source]
test_implicit_project_id_scoped_token_handling_bad_reference()[source]
test_implicit_project_id_scoped_token_with_user_id_ep_filter()[source]
class keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

EXTENSION_NAME = 'endpoint_filter'
EXTENSION_TO_ADD = 'endpoint_filter_extension'
config_overrides()[source]
setUp()[source]
setup_database()[source]

keystone.tests.test_auth module

class keystone.tests.test_auth.AuthBadRequests(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]
test_authenticate_blank_auth()[source]

Verify sending blank ‘auth’ raises the right exception.

test_authenticate_blank_request_body()[source]

Verify sending empty json dict raises the right exception.

test_authenticate_invalid_auth_content()[source]

Verify sending invalid ‘auth’ raises the right exception.

test_authenticate_password_too_large()[source]

Verify sending large ‘password’ raises the right exception.

test_authenticate_tenant_id_too_large()[source]

Verify sending large ‘tenantId’ raises the right exception.

test_authenticate_tenant_name_too_large()[source]

Verify sending large ‘tenantName’ raises the right exception.

test_authenticate_token_too_large()[source]

Verify sending large ‘token’ raises the right exception.

test_authenticate_user_id_too_large()[source]

Verify sending large ‘userId’ raises the right exception.

test_authenticate_username_too_large()[source]

Verify sending large ‘username’ raises the right exception.

test_no_credentials_in_auth()[source]

Verify that _authenticate_local() raises exception if no creds.

test_no_external_auth()[source]

Verify that _authenticate_external() raises exception if N/A.

test_no_token_in_auth()[source]

Verify that _authenticate_token() raises exception if no token.

class keystone.tests.test_auth.AuthCatalog(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.test_auth.AuthTest

Tests for the catalog provided in the auth response.

config_files()[source]
test_auth_catalog_disabled_endpoint()[source]

On authenticate, get a catalog that excludes disabled endpoints.

test_validate_catalog_disabled_endpoint()[source]

On validate, get back a catalog that excludes disabled endpoints.

class keystone.tests.test_auth.AuthTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

assertEqualTokens(a, b)[source]

Assert that two tokens are equal.

Compare two tokens except for their ids. This also truncates the time in the comparison.

setUp()[source]
class keystone.tests.test_auth.AuthWithPasswordCredentials(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]
test_auth_empty_password()[source]

Verify exception is raised if empty password.

test_auth_invalid_user()[source]

Verify exception is raised if invalid user.

test_auth_no_password()[source]

Verify exception is raised if empty password.

test_auth_valid_user_invalid_password()[source]

Verify exception is raised if invalid password.

test_authenticate_blank_password_credentials()[source]

Sending empty dict as passwordCredentials raises a 400 error.

test_authenticate_no_username()[source]

Verify skipping username raises the right exception.

test_bind_without_remote_user()[source]
test_change_default_domain_id()[source]
class keystone.tests.test_auth.AuthWithRemoteUser(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]
test_bind_with_kerberos()[source]
test_bind_without_config_opt()[source]
test_scoped_nometa_remote_authn()[source]

Verify getting a token with external authn and no metadata.

test_scoped_remote_authn()[source]

Verify getting a token with external authn.

test_scoped_remote_authn_invalid_user()[source]

Verify that external auth with invalid user fails.

test_unscoped_remote_authn()[source]

Verify getting an unscoped token with external authn.

test_unscoped_remote_authn_jsonless()[source]

Verify that external auth with invalid request fails.

class keystone.tests.test_auth.AuthWithToken(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]
test_auth_bad_formatted_token()[source]

Verify exception is raised if invalid token.

test_auth_invalid_token()[source]

Verify exception is raised if invalid token.

test_auth_token_cross_domain_group_and_project()[source]

Verify getting a token in cross domain group/project roles.

test_auth_token_project_group_role()[source]

Verify getting a token in a tenant with group roles.

test_auth_unscoped_token_no_project()[source]

Verify getting an unscoped token with an unscoped token.

test_auth_unscoped_token_project()[source]

Verify getting a token in a tenant with an unscoped token.

test_belongs_to()[source]
test_belongs_to_no_tenant()[source]
test_deleting_role_revokes_token()[source]
test_token_auth_with_binding()[source]
test_unscoped_token()[source]

Verify getting an unscoped token with password creds.

class keystone.tests.test_auth.AuthWithTrust(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

assert_token_count_for_trust(expected_value)[source]
build_v2_token_request(username, password, tenant_id=None)[source]
config_overrides()[source]
create_trust(expires_at=None, impersonation=True)[source]
fetch_v2_token_from_trust()[source]
fetch_v3_token_from_trust()[source]
setUp()[source]
test_create_trust()[source]
test_create_trust_bad_data_fails()[source]
test_create_trust_expires_bad()[source]
test_create_trust_impersonation()[source]
test_create_trust_no_impersonation()[source]
test_create_trust_no_roles()[source]
test_create_v3_token_from_trust()[source]
test_delete_tokens_for_user_invalidates_tokens_from_trust()[source]
test_delete_trust_revokes_token()[source]
test_expired_trust_get_token_fails()[source]
test_get_trust()[source]
test_token_from_trust()[source]
test_token_from_trust_cant_get_another_token()[source]
test_token_from_trust_with_no_role_fails()[source]
test_token_from_trust_with_wrong_role_fails()[source]
test_token_from_trust_wrong_project_fails()[source]
test_token_from_trust_wrong_user_fails()[source]
test_v3_trust_token_get_token_fails()[source]
class keystone.tests.test_auth.NonDefaultAuthTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_add_non_default_auth_method()[source]
class keystone.tests.test_auth.TokenExpirationTest(*args, **kwargs)[source]

Bases: keystone.tests.test_auth.AuthTest

test_maintain_uuid_token_expiration()[source]

keystone.tests.test_auth_plugin module

class keystone.tests.test_auth_plugin.DuplicateAuthPlugin[source]

Bases: keystone.tests.test_auth_plugin.SimpleChallengeResponse

Duplicate simple challenge response auth plugin.

class keystone.tests.test_auth_plugin.MismatchedAuthPlugin[source]

Bases: keystone.tests.test_auth_plugin.SimpleChallengeResponse

method = '8a3c34fdf2bd49ecb1ff77f36ee27fa6'
class keystone.tests.test_auth_plugin.NoMethodAuthPlugin[source]

Bases: keystone.auth.core.AuthMethodHandler

An auth plugin that does not supply a method attribute.

authenticate(context, auth_payload, auth_context)[source]
class keystone.tests.test_auth_plugin.SimpleChallengeResponse[source]

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, user_context)[source]
method = 'simple_challenge_response'
class keystone.tests.test_auth_plugin.TestAuthPlugin(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]
config_overrides()[source]
setUp()[source]
test_addition_auth_steps()[source]
test_unsupported_auth_method()[source]
class keystone.tests.test_auth_plugin.TestAuthPluginDynamicOptions(*args, **kwargs)[source]

Bases: keystone.tests.test_auth_plugin.TestAuthPlugin

config_files()[source]
config_overrides()[source]
class keystone.tests.test_auth_plugin.TestInvalidAuthMethodRegistration(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_duplicate_auth_method_registration()[source]
test_mismatched_auth_method_and_plugin_attribute()[source]
test_no_method_attribute_auth_method_by_class_name_registration()[source]

keystone.tests.test_backend module

class keystone.tests.test_backend.CatalogTests[source]

Bases: object

test_create_endpoint()[source]
test_create_endpoint_404()[source]
test_create_region_invalid_parent_region_404()[source]
test_create_region_with_duplicate_id()[source]
test_delete_endpoint_404()[source]
test_delete_region_404()[source]
test_delete_service_404()[source]
test_delete_service_with_endpoint()[source]
test_get_catalog_endpoint_disabled()[source]

Get back only enabled endpoints when get the v2 catalog.

test_get_endpoint_404()[source]
test_get_region_404()[source]
test_get_service_404()[source]
test_get_v3_catalog_endpoint_disabled()[source]

Get back only enabled endpoints when get the v3 catalog.

test_region_crud()[source]
test_service_crud()[source]
class keystone.tests.test_backend.FilterTests[source]

Bases: keystone.tests.filtering.FilterTests

test_filter_sql_injection_attack()[source]

Test against sql injection attack on filters

Test Plan: - Attempt to get all entities back by passing a two-term attribute - Attempt to piggyback filter to damage DB (e.g. drop table)

test_list_users_filtered()[source]
test_list_users_inexact_filtered()[source]
class keystone.tests.test_backend.IdentityTests[source]

Bases: object

create_user_dict(**attributes)[source]
test_add_duplicate_role_grant()[source]
test_add_role_to_user_and_project_404()[source]
test_add_role_to_user_and_project_no_user()[source]
test_add_user_to_group()[source]
test_add_user_to_group_404()[source]
test_add_user_to_project()[source]
test_add_user_to_project_404()[source]
test_add_user_to_project_missing_default_role()[source]
test_add_user_to_project_no_user()[source]
test_arbitrary_attributes_are_returned_from_create_user()[source]
test_arbitrary_attributes_are_returned_from_get_user()[source]
test_attribute_update()[source]
test_authenticate()[source]
test_authenticate_and_get_roles_no_metadata()[source]
test_authenticate_bad_password()[source]
test_authenticate_bad_user()[source]
test_authenticate_if_no_password_set()[source]
test_cache_layer_domain_crud(*args, **kwargs)[source]
test_cache_layer_project_crud(*args, **kwargs)[source]
test_cache_layer_role_crud(*args, **kwargs)[source]
test_check_user_in_group()[source]
test_check_user_not_in_group()[source]
test_create_domain_case_sensitivity()[source]
test_create_duplicate_group_name_fails()[source]
test_create_duplicate_group_name_in_different_domains()[source]
test_create_duplicate_project_id_fails()[source]
test_create_duplicate_project_name_fails()[source]
test_create_duplicate_project_name_in_different_domains()[source]
test_create_duplicate_role_name_fails()[source]
test_create_duplicate_user_id_fails()[source]
test_create_duplicate_user_name_fails()[source]
test_create_duplicate_user_name_in_different_domains()[source]
test_create_grant_no_group()[source]
test_create_grant_no_user()[source]
test_create_invalid_domain_fails()[source]
test_create_project_blank_name_fails()[source]
test_create_project_case_sensitivity()[source]
test_create_project_doesnt_modify_passed_in_dict()[source]
test_create_project_invalid_enabled_type_string()[source]
test_create_project_invalid_name_fails()[source]
test_create_project_long_name_fails()[source]
test_create_project_with_no_enabled_field()[source]
test_create_unicode_user_name()[source]
test_create_update_delete_unicode_project()[source]
test_create_user_blank_name_fails()[source]
test_create_user_case_sensitivity()[source]
test_create_user_doesnt_modify_passed_in_dict()[source]
test_create_user_invalid_enabled_type_string()[source]
test_create_user_invalid_name_fails()[source]
test_create_user_long_name_fails()[source]
test_create_user_missed_password()[source]
test_create_user_none_password()[source]
test_delete_group_grant_no_group()[source]
test_delete_project_404()[source]
test_delete_project_with_role_assignments()[source]
test_delete_role_404()[source]
test_delete_role_check_role_grant()[source]
test_delete_role_with_user_and_group_grants()[source]
test_delete_user_404()[source]
test_delete_user_grant_no_user()[source]
test_delete_user_with_project_association()[source]
test_delete_user_with_project_roles()[source]
test_domain_crud()[source]
test_domain_rename_invalidates_get_domain_by_name_cache(*args, **kwargs)[source]
test_get_and_remove_correct_role_grant_from_a_mix()[source]
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
test_get_and_remove_role_grant_by_group_and_domain()[source]
test_get_and_remove_role_grant_by_group_and_project()[source]
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
test_get_and_remove_role_grant_by_user_and_domain()[source]
test_get_default_domain_by_name()[source]
test_get_not_default_domain_by_name()[source]
test_get_project()[source]
test_get_project_404()[source]
test_get_project_by_name()[source]
test_get_project_by_name_404()[source]
test_get_project_user_ids_404()[source]
test_get_role()[source]
test_get_role_404()[source]
test_get_role_by_user_and_project()[source]
test_get_role_by_user_and_project_with_user_in_group()[source]

Test for get role by user and project, user was added into a group.

Test Plan:

  • Create a user, a project & a group, add this user to group
  • Create roles and grant them to user and project
  • Check the role list get by the user and project was as expected
test_get_role_grant_by_user_and_project()[source]
test_get_roles_for_user_and_domain()[source]

Test for getting roles for user on a domain.

Test Plan:

  • Create a domain, with 2 users
  • Check no roles yet exit
  • Give user1 two roles on the domain, user2 one role
  • Get roles on user1 and the domain - maybe sure we only get back the 2 roles on user1
  • Delete both roles from user1
  • Check we get no roles back for user1 on domain
test_get_roles_for_user_and_domain_404()[source]

Test errors raised when getting roles for user on a domain.

Test Plan:

  • Check non-existing user gives UserNotFound
  • Check non-existing domain gives DomainNotFound
test_get_roles_for_user_and_project_404()[source]
test_get_roles_for_user_and_project_user_group_same_id()[source]

When a user has the same ID as a group, get_roles_for_user_and_project returns only the roles for the user and not the group.

test_get_user()[source]
test_get_user_404()[source]
test_get_user_by_name()[source]
test_get_user_by_name_404()[source]
test_group_crud()[source]
test_list_domains()[source]
test_list_groups()[source]
test_list_groups_for_user()[source]
test_list_projects()[source]
test_list_projects_for_alternate_domain()[source]
test_list_projects_for_domain()[source]
test_list_projects_for_user()[source]
test_list_projects_for_user_with_grants()[source]
test_list_role_assignments_bad_role()[source]
test_list_role_assignments_unfiltered()[source]

Test for unfiltered listing role assignments.

Test Plan:

  • Create a domain, with a user, group & project
  • Find how many role assignments already exist (from default fixtures)
  • Create a grant of each type (user/group on project/domain)
  • Check the number of assignments has gone up by 4 and that the entries we added are in the list returned
  • Check that if we list assignments by role_id, then we get back assignments that only contain that role.
test_list_roles()[source]
test_list_user_ids_for_project()[source]
test_list_user_ids_for_project_no_duplicates()[source]
test_list_user_project_ids_404()[source]
test_list_users()[source]
test_list_users_in_group()[source]
test_move_group_between_domains()[source]
test_move_group_between_domains_with_clashing_names_fails()[source]
test_move_project_between_domains()[source]
test_move_project_between_domains_with_clashing_names_fails()[source]
test_move_user_between_domains()[source]
test_move_user_between_domains_with_clashing_names_fails()[source]
test_multi_group_grants_on_project_domain()[source]

Test multiple group roles for user on project and domain.

Test Plan:

  • Create 6 roles
  • Create a domain, with a project, user and two groups
  • Make the user a member of both groups
  • Check no roles yet exit
  • Assign a role to each user and both groups on both the project and domain
  • Get a list of effective roles for the user on both the project and domain, checking we get back the correct three roles
test_multi_role_grant_by_user_group_on_project_domain()[source]
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
test_password_hashed()[source]
test_project_add_and_remove_user_role()[source]
test_project_crud()[source]
test_project_rename_invalidates_get_project_by_name_cache(*args, **kwargs)[source]
test_project_update_missing_attrs_with_a_falsey_value()[source]
test_project_update_missing_attrs_with_a_value()[source]
test_remove_role_from_user_and_project()[source]
test_remove_role_grant_from_user_and_project()[source]
test_remove_user_from_group()[source]
test_remove_user_from_group_404()[source]
test_remove_user_from_project()[source]
test_remove_user_from_project_404()[source]
test_remove_user_from_project_race_delete_role()[source]
test_remove_user_role_not_assigned()[source]
test_rename_duplicate_project_name_fails()[source]
test_rename_duplicate_role_name_fails()[source]
test_rename_duplicate_user_name_fails()[source]
test_role_crud()[source]
test_role_grant_by_group_and_cross_domain_project()[source]
test_role_grant_by_user_and_cross_domain_project()[source]
test_update_project_404()[source]
test_update_project_blank_name_fails()[source]
test_update_project_enable()[source]
test_update_project_id_does_nothing()[source]
test_update_project_invalid_enabled_type_string()[source]
test_update_project_invalid_name_fails()[source]
test_update_project_long_name_fails()[source]
test_update_role_404()[source]
test_update_user_404()[source]
test_update_user_blank_name_fails()[source]
test_update_user_enable()[source]
test_update_user_enable_fails()[source]
test_update_user_id_fails()[source]
test_update_user_invalid_name_fails()[source]
test_update_user_long_name_fails()[source]
test_update_user_name()[source]
test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
test_user_crud()[source]
class keystone.tests.test_backend.InheritanceTests[source]

Bases: object

test_inherited_role_grants_for_group()[source]

Test inherited group roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create 4 roles
  • Create a domain, with a project, user and two groups
  • Make the user a member of both groups
  • Check no roles yet exit
  • Assign a direct user role to the project and a (non-inherited) group role on the domain
  • Get a list of effective roles - should only get the one direct role
  • Now add two inherited group roles to the domain
  • Get a list of effective roles - should have three roles, one direct and two by virtue of inherited group roles
test_inherited_role_grants_for_user()[source]

Test inherited user roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create 3 roles
  • Create a domain, with a project and a user
  • Check no roles yet exit
  • Assign a direct user role to the project and a (non-inherited) user role to the domain
  • Get a list of effective roles - should only get the one direct role
  • Now add an inherited user role to the domain
  • Get a list of effective roles - should have two roles, one direct and one by virtue of the inherited user role
  • Also get effective roles for the domain - the role marked as inherited should not show up
test_list_projects_for_user_with_inherited_grants()[source]

Test inherited group roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create a domain, with two projects and a user
  • Assign an inherited user role on the domain, as well as a direct user role to a separate project in a different domain
  • Get a list of projects for user, should return all three projects
test_list_projects_for_user_with_inherited_group_grants()[source]

Test inherited group roles.

Test Plan:

  • Enable OS-INHERIT extension
  • Create two domains, each with two projects
  • Create a user and group
  • Make the user a member of the group
  • Assign a user role two projects, an inherited group role to one domain and an inherited regular role on the other domain
  • Get a list of projects for user, should return both pairs of projects from the domain, plus the one separate project
class keystone.tests.test_backend.LimitTests[source]

Bases: keystone.tests.filtering.FilterTests

ENTITIES = ['user', 'group', 'project']
clean_up_domain()[source]

Clean up domain test data from Limit Test Cases.

clean_up_entities()[source]

Clean up entity test data from Limit Test Cases.

setUp()[source]

Setup for Limit Test Cases.

test_list_groups_filtered_and_limited()[source]
test_list_projects_filtered_and_limited()[source]
test_list_users_filtered_and_limited()[source]
class keystone.tests.test_backend.PolicyTests[source]

Bases: object

assertEqualPolicies(a, b)[source]
test_create()[source]
test_delete()[source]
test_delete_policy_404()[source]
test_get()[source]
test_get_policy_404()[source]
test_list()[source]
test_update()[source]
test_update_policy_404()[source]
class keystone.tests.test_backend.TokenCacheInvalidation[source]

Bases: object

test_delete_scoped_token_by_id()[source]
test_delete_scoped_token_by_user()[source]
test_delete_scoped_token_by_user_and_tenant()[source]
test_delete_unscoped_token()[source]
class keystone.tests.test_backend.TokenTests[source]

Bases: object

check_list_revoked_tokens(token_ids)[source]
create_token_sample_data(token_id=None, tenant_id=None, trust_id=None, user_id=None, expires=None)[source]
delete_token()[source]
test_create_unicode_token_id()[source]
test_create_unicode_user_id()[source]
test_delete_token_404()[source]
test_delete_tokens()[source]
test_delete_tokens_trust()[source]
test_expired_token()[source]
test_flush_expired_token()[source]
test_get_token_404()[source]
test_list_revoked_tokens_for_multiple_tokens()[source]
test_list_revoked_tokens_for_single_token()[source]
test_list_revoked_tokens_returns_empty_list()[source]
test_list_tokens_unicode_user_id()[source]
test_null_expires_token()[source]
test_predictable_revoked_pki_token_id()[source]
test_predictable_revoked_uuid_token_id()[source]
test_revocation_list_cache(*args, **kwargs)[source]
test_token_crud()[source]
test_token_expire_timezone()[source]
test_token_list()[source]
test_token_list_deprecated_public_interface()[source]
test_token_list_trust()[source]
class keystone.tests.test_backend.TrustTests[source]

Bases: object

create_sample_trust(new_id, remaining_uses=None)[source]
test_consume_use()[source]
test_create_trust()[source]
test_delete_trust()[source]
test_delete_trust_not_found()[source]
test_get_trust()[source]
test_list_trust_by_trustee()[source]
test_list_trust_by_trustor()[source]
test_list_trusts()[source]
test_trust_has_remaining_uses_negative()[source]
test_trust_has_remaining_uses_positive()[source]

keystone.tests.test_backend_federation_sql module

class keystone.tests.test_backend_federation_sql.SqlFederation(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlModels

Set of tests for checking SQL Federation.

test_federated_protocol()[source]
test_identity_provider()[source]

keystone.tests.test_backend_kvs module

class keystone.tests.test_backend_kvs.KvsCatalog(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests

config_overrides()[source]
setUp()[source]
test_get_catalog()[source]
test_get_catalog_404()[source]
test_get_catalog_endpoint_disabled()[source]
test_get_v3_catalog_endpoint_disabled()[source]
class keystone.tests.test_backend_kvs.KvsIdentity(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.IdentityTests

config_overrides()[source]
setUp()[source]
test_create_duplicate_group_name_in_different_domains()[source]
test_create_duplicate_project_name_in_different_domains()[source]
test_create_duplicate_user_name_in_different_domains()[source]
test_list_projects_for_user_with_grants()[source]
test_move_group_between_domains()[source]
test_move_group_between_domains_with_clashing_names_fails()[source]
test_move_project_between_domains()[source]
test_move_project_between_domains_with_clashing_names_fails()[source]
test_move_user_between_domains()[source]
test_move_user_between_domains_with_clashing_names_fails()[source]
class keystone.tests.test_backend_kvs.KvsToken(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenTests

config_overrides()[source]
setUp()[source]
test_cleanup_user_index_on_create()[source]
test_flush_expired_token()[source]
class keystone.tests.test_backend_kvs.KvsTokenCacheInvalidation(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenCacheInvalidation

config_overrides()[source]
setUp()[source]
class keystone.tests.test_backend_kvs.KvsTrust(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TrustTests

config_overrides()[source]
setUp()[source]

keystone.tests.test_backend_ldap module

class keystone.tests.test_backend_ldap.BaseLDAPIdentity[source]

Bases: keystone.tests.test_backend.IdentityTests

clear_database()[source]
config_files()[source]
config_overrides()[source]
get_config(domain_id)[source]
reload_backends(domain_id)[source]
test_arbitrary_attributes_are_returned_from_create_user()[source]
test_arbitrary_attributes_are_returned_from_get_user()[source]
test_authenticate_requires_simple_bind()[source]
test_build_tree()[source]

Regression test for building the tree names

test_configurable_allowed_user_actions()[source]
test_configurable_forbidden_create_existing_user()[source]
test_configurable_forbidden_user_actions()[source]
test_create_duplicate_group_name_in_different_domains()[source]
test_create_duplicate_project_name_in_different_domains()[source]
test_create_duplicate_user_name_in_different_domains()[source]
test_create_user_none_mapping()[source]
test_delete_group_grant_no_group()[source]
test_delete_role_with_user_and_group_grants()[source]
test_delete_user_grant_no_user()[source]
test_get_and_remove_correct_role_grant_from_a_mix()[source]
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
test_get_and_remove_role_grant_by_group_and_domain()[source]
test_get_and_remove_role_grant_by_group_and_project()[source]
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
test_get_and_remove_role_grant_by_user_and_domain()[source]
test_get_roles_for_user_and_domain()[source]
test_group_crud()[source]
test_list_domains()[source]
test_list_domains_non_default_domain_id()[source]
test_list_group_members_missing_entry()[source]

List group members with deleted user.

If a group has a deleted entry for a member, the non-deleted members are returned.

test_list_group_members_when_no_members()[source]
test_list_projects_for_user()[source]
test_list_projects_for_user_with_grants()[source]
test_list_role_assignments_bad_role()[source]
test_list_role_assignments_dumb_member()[source]
test_list_role_assignments_unfiltered()[source]
test_move_group_between_domains()[source]
test_move_group_between_domains_with_clashing_names_fails()[source]
test_move_project_between_domains()[source]
test_move_project_between_domains_with_clashing_names_fails()[source]
test_move_user_between_domains()[source]
test_move_user_between_domains_with_clashing_names_fails()[source]
test_multi_group_grants_on_project_domain()[source]
test_multi_role_grant_by_user_group_on_project_domain()[source]
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
test_remove_role_grant_from_user_and_project()[source]
test_role_grant_by_group_and_cross_domain_project()[source]
test_role_grant_by_user_and_cross_domain_project()[source]
test_unignored_user_none_mapping()[source]
test_update_user_name()[source]

A user’s name cannot be changed through the LDAP driver.

test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
test_user_filter()[source]
test_user_id_comma_grants()[source]

Even if the user has a , in their ID, can get user and group grants.

test_utf8_conversion()[source]
class keystone.tests.test_backend_ldap.LDAPIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.TestCase

setUp()[source]
test_binary_attribute_values()[source]
test_cache_layer_domain_crud()[source]
test_cache_layer_project_crud(*args, **kwargs)[source]
test_chase_referrals_off()[source]
test_chase_referrals_on()[source]
test_configurable_allowed_project_actions()[source]
test_configurable_allowed_role_actions()[source]
test_configurable_forbidden_project_actions()[source]
test_configurable_forbidden_role_actions()[source]
test_configurable_subtree_delete()[source]
test_create_domain_case_sensitivity()[source]
test_create_grant_no_group()[source]
test_create_grant_no_user()[source]
test_domain_crud()[source]
test_domain_rename_invalidates_get_domain_by_name_cache()[source]
test_dumb_member()[source]
test_get_default_domain_by_name()[source]
test_list_projects_for_alternate_domain()[source]
test_multi_role_grant_by_user_group_on_project_domain()[source]
test_parse_extra_attribute_mapping()[source]
test_project_attribute_ignore()[source]
test_project_attribute_mapping()[source]
test_project_crud()[source]
test_project_filter()[source]
test_project_rename_invalidates_get_project_by_name_cache()[source]
test_role_attribute_ignore()[source]
test_role_attribute_mapping()[source]
test_role_filter()[source]
test_user_api_get_connection_no_user_password()[source]

Don’t bind in case the user and password are blank.

test_user_enable_attribute_mask()[source]
test_user_extra_attribute_mapping()[source]
test_user_extra_attribute_mapping_description_is_returned()[source]
test_user_mixed_case_attribute(*args, **keywargs)[source]
test_wrong_alias_dereferencing()[source]
test_wrong_ldap_scope()[source]
class keystone.tests.test_backend_ldap.LDAPIdentityEnabledEmulation(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.LDAPIdentity

config_files()[source]
config_overrides()[source]
setUp()[source]
test_project_crud()[source]
test_user_crud()[source]
test_user_enable_attribute_mask()[source]
class keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]
config_overrides()[source]
setUp()[source]
test_add_role_grant_to_user_and_project_404()[source]
test_domain_crud()[source]
test_get_role_grants_for_user_and_project_404()[source]
test_list_domains()[source]
test_list_domains_non_default_domain_id()[source]
test_list_projects_for_user_with_grants()[source]
test_project_filter()[source]
test_role_filter()[source]
class keystone.tests.test_backend_ldap.MultiLDAPandSQLIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

Class to test common SQL plus individual LDAP backends.

We define a set of domains and domain-specific backends:

  • A separate LDAP backend for the default domain
  • A separate LDAP backend for domain1
  • domain2 shares the same LDAP as domain1, but uses a different tree attach point
  • An SQL backend for all other domains (which will include domain3 and domain4)

Normally one would expect that the default domain would be handled as part of the “other domains” - however the above provides better test coverage since most of the existing backend tests use the default domain.

config_overrides()[source]
get_config(domain_id)[source]
reload_backends(domain_id)[source]
setUp()[source]
test_add_role_grant_to_user_and_project_404()[source]
test_domain_segregation()[source]

Test that separate configs have segregated the domain.

Test Plan:

  • Create a user in each of the domains
  • Make sure that you can only find a given user in its relevant domain
  • Make sure that for a backend that supports multiple domains you can get the users via any of the domain scopes
test_get_role_grants_for_user_and_project_404()[source]
test_list_domains()[source]
test_list_domains_non_default_domain_id()[source]
test_list_projects_for_user_with_grants()[source]
test_scanning_of_config_dir()[source]

Test the Manager class scans the config directory.

The setup for the main tests above load the domain configs directly so that the test overrides can be included. This test just makes sure that the standard config directory scanning does pick up the relevant domain config files.

keystone.tests.test_backend_rules module

class keystone.tests.test_backend_rules.RulesPolicy(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.PolicyTests

config_overrides()[source]
setUp()[source]
test_create()[source]
test_delete()[source]
test_delete_policy_404()[source]
test_get()[source]
test_get_policy_404()[source]
test_list()[source]
test_update()[source]
test_update_policy_404()[source]

keystone.tests.test_backend_sql module

class keystone.tests.test_backend_sql.FakeTable(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base

col
insert(*args, **kwargs)[source]
lookup(*args, **kwargs)[source]
update(*args, **kwargs)[source]
class keystone.tests.test_backend_sql.SqlCatalog(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.CatalogTests

test_catalog_ignored_malformed_urls()[source]
test_create_endpoint_400()[source]
test_get_catalog_with_empty_public_url()[source]
class keystone.tests.test_backend_sql.SqlDecorators(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_conflict_happend()[source]
test_initialization()[source]
test_initialization_fail()[source]
test_non_ascii_init()[source]
test_not_conflict_error()[source]
class keystone.tests.test_backend_sql.SqlFilterTests(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.FilterTests

class keystone.tests.test_backend_sql.SqlIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.IdentityTests

test_create_null_project_name()[source]
test_create_null_role_name()[source]
test_create_null_user_name()[source]
test_delete_project_with_user_association()[source]
test_delete_user_with_project_association()[source]
test_metadata_removed_on_delete_project()[source]
test_metadata_removed_on_delete_user()[source]
test_password_hashed()[source]
test_sql_user_to_dict_null_default_project_id()[source]
test_update_project_returns_extra()[source]

This tests for backwards-compatibility with an essex/folsom bug.

Non-indexed attributes were returned in an ‘extra’ attribute, instead of on the entity itself; for consistency and backwards compatibility, those attributes should be included twice.

This behavior is specific to the SQL driver.

test_update_user_returns_extra()[source]

This tests for backwards-compatibility with an essex/folsom bug.

Non-indexed attributes were returned in an ‘extra’ attribute, instead of on the entity itself; for consistency and backwards compatibility, those attributes should be included twice.

This behavior is specific to the SQL driver.

class keystone.tests.test_backend_sql.SqlInheritance(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.InheritanceTests

class keystone.tests.test_backend_sql.SqlLimitTests(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.LimitTests

setUp()[source]
class keystone.tests.test_backend_sql.SqlModels(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests

assertExpectedSchema(table, cols)[source]
select_table(name)[source]
setUp()[source]
test_domain_model()[source]
test_group_model()[source]
test_project_model()[source]
test_role_assignment_model()[source]
test_role_model()[source]
test_user_group_membership()[source]
test_user_model()[source]
class keystone.tests.test_backend_sql.SqlPolicy(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.PolicyTests

class keystone.tests.test_backend_sql.SqlTests(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]
setUp()[source]
class keystone.tests.test_backend_sql.SqlToken(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenTests

test_flush_expired_tokens_batch()[source]
test_token_flush_batch_size_db2()[source]
test_token_flush_batch_size_default()[source]
test_token_revocation_list_uses_right_columns()[source]
class keystone.tests.test_backend_sql.SqlTokenCacheInvalidation(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenCacheInvalidation

setUp()[source]
class keystone.tests.test_backend_sql.SqlTrust(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TrustTests

keystone.tests.test_backend_templated module

class keystone.tests.test_backend_templated.TestTemplatedCatalog(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests

DEFAULT_FIXTURE = {'RegionOne': {'compute': {'adminURL': 'http://localhost:8774/v1.1/bar', 'id': '2', 'internalURL': 'http://localhost:8774/v1.1/bar', 'name': "'Compute Service'", 'publicURL': 'http://localhost:8774/v1.1/bar'}, 'identity': {'adminURL': 'http://localhost:35357/v2.0', 'id': '1', 'internalURL': 'http://localhost:35357/v2.0', 'name': "'Identity Service'", 'publicURL': 'http://localhost:5000/v2.0'}}}
config_overrides()[source]
setUp()[source]
test_catalog_ignored_malformed_urls()[source]
test_get_catalog()[source]
test_get_catalog_endpoint_disabled()[source]
test_get_v3_catalog()[source]
test_get_v3_catalog_endpoint_disabled()[source]

keystone.tests.test_base64utils module

class keystone.tests.test_base64utils.TestBase64Padding(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_alphabet_conversion()[source]
test_assure_padding()[source]
test_base64_percent_encoding()[source]
test_filter()[source]
test_is_padded()[source]
test_strip_padding()[source]
class keystone.tests.test_base64utils.TestTextWrap(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_wrapping()[source]
class keystone.tests.test_base64utils.TestValid(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_valid_base64()[source]
test_valid_base64url()[source]

keystone.tests.test_cache module

class keystone.tests.test_cache.CacheIsolatingProxy(*args, **kwargs)[source]

Bases: dogpile.cache.proxy.ProxyBackend

Proxy that forces a memory copy of stored values. The default in-memory cache-region does not perform a copy on values it is meant to cache. Therefore if the value is modified after set or after get, the cached value also is modified. This proxy does a copy as the last thing before storing data.

get(key)[source]
set(key, value)[source]
class keystone.tests.test_cache.CacheNoopBackendTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_noop_backend()[source]
class keystone.tests.test_cache.CacheRegionTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_cache_debug_proxy()[source]
test_cache_dictionary_config_builder()[source]

Validate we build a sane dogpile.cache dictionary config.

test_cache_region_no_error_multiple_config()[source]
test_configure_non_region_object_raises_error()[source]
test_region_built_with_proxy_direct_cache_test()[source]
test_should_cache_fn_global_cache_disabled()[source]
test_should_cache_fn_global_cache_disabled_section_cache_enabled()[source]
test_should_cache_fn_global_cache_enabled()[source]
test_should_cache_fn_global_cache_enabled_section_cache_disabled()[source]
test_should_cache_fn_global_cache_enabled_section_cache_enabled()[source]
class keystone.tests.test_cache.TestProxy(*args, **kwargs)[source]

Bases: dogpile.cache.proxy.ProxyBackend

get(key)[source]
class keystone.tests.test_cache.TestProxyValue(value)[source]

Bases: object

keystone.tests.test_cache_backend_mongo module

class keystone.tests.test_cache_backend_mongo.MockCollection(db, name)[source]

Bases: object

ensure_index(key_or_list, *args, **kwargs)[source]
find(spec=None, *args, **kwargs)[source]
find_and_modify(spec, document, upsert=False, **kwargs)[source]
find_one(spec_or_id=None, *args, **kwargs)[source]
index_information()[source]
insert(data, manipulate=True, **kwargs)[source]
remove(spec_or_id=None, search_filter=None)[source]

Remove objects matching spec_or_id from the collection.

save(data, manipulate=True, **kwargs)[source]
update(spec, document, upsert=False, **kwargs)[source]
class keystone.tests.test_cache_backend_mongo.MockCursor(collection, dataset_factory)[source]

Bases: object

next()
class keystone.tests.test_cache_backend_mongo.MockMongoClient(*args, **kwargs)[source]

Bases: object

class keystone.tests.test_cache_backend_mongo.MockMongoDB(dbname)[source]

Bases: object

add_son_manipulator(manipulator)[source]
authenticate(username, password)[source]
class keystone.tests.test_cache_backend_mongo.MongoCache(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

setUp()[source]
test_additional_crud_method_arguments_support()[source]

Additional arguments should works across find/insert/update.

test_backend_delete_data()[source]
test_backend_get_missing_data()[source]
test_backend_multi_delete_data()[source]
test_backend_multi_get_data()[source]
test_backend_multi_set_data()[source]
test_backend_multi_set_get_with_blanks_none()[source]
test_backend_multi_set_should_update_existing()[source]
test_backend_set_blank_as_data()[source]
test_backend_set_data()[source]
test_backend_set_data_with_int_as_valid_ttl()[source]
test_backend_set_data_with_string_as_valid_ttl()[source]
test_backend_set_none_as_data()[source]
test_backend_set_same_key_multiple_times()[source]
test_cache_configuration_values_assertion()[source]
test_correct_read_preference()[source]
test_correct_write_concern()[source]
test_incorrect_mongo_ttl_seconds()[source]
test_incorrect_read_preference()[source]
test_incorrect_write_concern()[source]
test_missing_cache_collection_name()[source]
test_missing_db_hosts()[source]
test_missing_db_name()[source]
test_missing_replica_set_name()[source]
test_multiple_region_cache_configuration()[source]
test_provided_replica_set_name()[source]
test_typical_configuration()[source]
class keystone.tests.test_cache_backend_mongo.MyTransformer[source]

Bases: keystone.common.cache.backends.mongo.BaseTransform

Added here just to check manipulator logic is used correctly.

transform_incoming(son, collection)[source]
transform_outgoing(son, collection)[source]
keystone.tests.test_cache_backend_mongo.get_collection(db_name, collection_name)[source]
keystone.tests.test_cache_backend_mongo.pymongo_override()[source]

keystone.tests.test_catalog module

class keystone.tests.test_catalog.TestV2CatalogAPISQL(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
new_endpoint_ref(service_id)[source]
setUp()[source]
test_get_catalog_ignores_endpoints_with_invalid_urls()[source]
class keystone.tests.test_catalog.V2CatalogTestCase(*args, **kwargs)[source]

Bases: keystone.tests.rest.RestfulTestCase

new_ref()[source]

Populates a ref with attributes common to all API entities.

new_service_ref()[source]
setUp()[source]
test_endpoint_create()[source]
test_endpoint_create_with_empty_adminurl()[source]
test_endpoint_create_with_empty_internalurl()[source]
test_endpoint_create_with_empty_publicurl()[source]
test_endpoint_create_with_empty_service_id()[source]
test_endpoint_create_with_null_adminurl()[source]
test_endpoint_create_with_null_internalurl()[source]
test_endpoint_create_with_null_publicurl()[source]
test_endpoint_create_with_null_service_id()[source]

keystone.tests.test_cert_setup module

class keystone.tests.test_cert_setup.CertSetupTestCase(*args, **kwargs)[source]

Bases: keystone.tests.rest.RestfulTestCase

config_overrides()[source]
setUp()[source]
test_can_handle_missing_certs()[source]
test_create_pki_certs()[source]
test_create_ssl_certs()[source]
test_failure()[source]
test_fetch_signing_cert()[source]

keystone.tests.test_config module

class keystone.tests.test_config.ConfigTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_files()[source]
test_config_default()[source]
test_paste_config()[source]
class keystone.tests.test_config.DeprecatedOverrideTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test using the deprecated AND new name for renamed options.

config_files()[source]
test_sql()[source]
class keystone.tests.test_config.DeprecatedTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test using the original (deprecated) name for renamed options.

config_files()[source]
test_sql()[source]

keystone.tests.test_content_types module

class keystone.tests.test_content_types.CoreApiTests[source]

Bases: object

assertNoRoles(r)[source]

Helper method to assert No Roles

This needs to be overridden by child classes based on their content type.

assertValidError(error)[source]

Applicable to XML and JSON.

assertValidExtension(extension)[source]

Applicable to XML and JSON.

However, navigating extension links differs between content types. They need to be validated separately with assertValidExtensionLink.

Applicable to XML and JSON.

assertValidRole(tenant)[source]

Applicable to XML and JSON.

assertValidTenant(tenant)[source]

Applicable to XML and JSON.

assertValidUser(user)[source]

Applicable to XML and JSON.

assertValidVersion(version)[source]

Applicable to XML and JSON.

However, navigating links and media-types differs between content types so they need to be validated separately.

test_admin_extensions()[source]
test_admin_extensions_404()[source]
test_admin_multiple_choice()[source]
test_admin_not_found()[source]
test_admin_osksadm_extension()[source]
test_admin_version()[source]
test_authenticate()[source]
test_authenticate_unscoped()[source]
test_authenticating_a_user_with_no_password()[source]
test_create_update_user_invalid_enabled_type()[source]
test_endpoints()[source]
test_error_response()[source]

This triggers assertValidErrorResponse by convention.

test_get_tenant()[source]
test_get_tenant_by_name()[source]
test_get_tenants_for_token()[source]
test_get_user()[source]
test_get_user_by_name()[source]
test_get_user_roles()[source]
test_get_user_roles_with_tenant()[source]
test_invalid_parameter_error_response()[source]
test_invalid_token_404()[source]
test_public_extensions()[source]
test_public_multiple_choice()[source]
test_public_not_found()[source]
test_public_osksadm_extension_404()[source]
test_public_version()[source]
test_remove_role_revokes_token()[source]
test_update_user_tenant()[source]
test_update_user_with_invalid_tenant()[source]
test_update_user_with_invalid_tenant_no_prev_tenant()[source]
test_update_user_with_old_tenant()[source]
test_validate_token()[source]
test_validate_token_belongs_to()[source]
test_validate_token_head()[source]

The same call as above, except using HEAD.

There’s no response to validate here, but this is included for the sake of completely covering the core API.

test_validate_token_no_belongs_to_still_returns_catalog()[source]
test_validate_token_service_role()[source]
test_www_authenticate_header()[source]
test_www_authenticate_header_host()[source]
class keystone.tests.test_content_types.JsonTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests

assertNoRoles(r)[source]
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
assertValidEndpointListResponse(r)[source]
assertValidErrorResponse(r)[source]
assertValidExtension(extension, expected)[source]
assertValidExtensionListResponse(r, expected)[source]
assertValidExtensionResponse(r, expected)[source]
assertValidMultipleChoiceResponse(r)[source]
assertValidRevocationListResponse(response)[source]
assertValidRoleListResponse(r)[source]
assertValidTenantListResponse(r)[source]
assertValidTenantResponse(r)[source]
assertValidUser(user)[source]
assertValidUserResponse(r)[source]
assertValidVersion(version)[source]
assertValidVersionResponse(r)[source]
content_type = 'json'
get_user_attribute_from_response(r, attribute_name)[source]
get_user_from_response(r)[source]
test_authenticating_a_user_with_an_OSKSADM_password()[source]
test_create_update_user_json_invalid_enabled_type()[source]
test_fetch_revocation_list_admin_200()[source]
test_fetch_revocation_list_nonadmin_fails()[source]
test_service_crud_requires_auth()[source]

Service CRUD should 401 without an X-Auth-Token (bug 1006822).

test_updating_a_user_with_an_OSKSADM_password()[source]
test_user_role_list_requires_auth()[source]

User role list should 401 without an X-Auth-Token (bug 1006815).

class keystone.tests.test_content_types.LegacyV2UsernameTests[source]

Bases: object

Tests to show the broken username behavior in V2.

The V2 API is documented to use username instead of name. The API forced used to use name and left the username to fall into the extra field.

These tests ensure this behavior works so fixes to username/name will be backward compatible.

create_user(**user_attrs)[source]

Creates a users and returns the response object.

Parameters:user_attrs – attributes added to the request body (optional)
test_create_with_extra_username()[source]

The response for creating a user will contain the extra fields.

test_get_returns_username_from_extra()[source]

The response for getting a user will contain the extra fields.

test_update_returns_new_username_when_adding_username()[source]

The response for updating a user will contain the extra fields.

This is specifically testing for updating a username when a value was not previously set.

test_update_returns_new_username_when_updating_username()[source]

The response for updating a user will contain the extra fields.

This tests updating a username that was previously set.

test_updated_username_is_returned()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_can_be_used_instead_of_name_create()[source]
test_username_can_be_used_instead_of_name_update()[source]
test_username_is_always_returned_create()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_is_always_returned_get()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_is_always_returned_get_by_name()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

test_username_is_always_returned_update_no_username_provided()[source]

Username is set as the value of name if no username is provided.

This matches the v2.0 spec where we really should be using username and not name.

class keystone.tests.test_content_types.RestfulTestCase(*args, **kwargs)[source]

Bases: keystone.tests.rest.RestfulTestCase

setUp()[source]
class keystone.tests.test_content_types.RevokeApiJsonTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_content_types.JsonTestCase

config_overrides()[source]
test_fetch_revocation_list_admin_200()[source]
class keystone.tests.test_content_types.XmlTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests

assertNoRoles(r)[source]
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
assertValidEndpointListResponse(r)[source]
assertValidErrorResponse(r)[source]
assertValidExtension(extension, expected)[source]
assertValidExtensionListResponse(r, expected)[source]
assertValidExtensionResponse(r, expected)[source]
assertValidMultipleChoiceResponse(r)[source]
assertValidRoleListResponse(r)[source]
assertValidTenantListResponse(r)[source]
assertValidTenantResponse(r)[source]
assertValidUserResponse(r)[source]
assertValidVersion(version)[source]
assertValidVersionResponse(r)[source]
content_type = 'xml'
get_user_attribute_from_response(r, attribute_name)[source]
get_user_from_response(r)[source]
test_add_tenant_json()[source]

Create a tenant without providing description field.

test_add_tenant_xml()[source]

Create a tenant without providing description field.

test_authenticate_with_invalid_xml_in_password()[source]
test_authenticating_a_user_with_an_OSKSADM_password()[source]
test_create_project_invalid_enabled_type_string()[source]
test_remove_role_revokes_token()[source]
test_update_project_invalid_enabled_type_string()[source]
xmlns = 'http://docs.openstack.org/identity/api/v2.0'

keystone.tests.test_contrib_s3_core module

class keystone.tests.test_contrib_s3_core.S3ContribCore(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_bad_signature()[source]
test_good_signature()[source]

keystone.tests.test_contrib_simple_cert module

class keystone.tests.test_contrib_simple_cert.BaseTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

CA_PATH = '/v3/OS-SIMPLE-CERT/ca'
CERT_PATH = '/v3/OS-SIMPLE-CERT/certificates'
EXTENSION_TO_ADD = 'simple_cert_extension'
class keystone.tests.test_contrib_simple_cert.TestSimpleCert(*args, **kwargs)[source]

Bases: keystone.tests.test_contrib_simple_cert.BaseTestCase

request_cert(path)[source]
test_ca_cert()[source]
test_missing_file()[source]
test_signing_cert()[source]
class keystone.tests.test_contrib_simple_cert.UUIDSimpleCertTests(*args, **kwargs)[source]

Bases: keystone.tests.test_contrib_simple_cert.BaseTestCase

config_overrides()[source]
test_using_uuid_controller()[source]

keystone.tests.test_contrib_stats_core module

class keystone.tests.test_contrib_stats_core.StatsContribCore(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_admin_request()[source]
test_other_request()[source]
test_public_request()[source]

keystone.tests.test_driver_hints module

class keystone.tests.test_driver_hints.ListHintsTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_create_iterate_satisfy()[source]
test_limits()[source]
test_multiple_creates()[source]

keystone.tests.test_exception module

class keystone.tests.test_exception.ExceptionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

assertValidJsonRendering(e)[source]
test_403_title()[source]
test_all_json_renderings()[source]

Everything callable in the exception module should be renderable.

... except for the base error class (exception.Error), which is not user-facing.

This test provides a custom message to bypass docstring parsing, which should be tested separately.

test_invalid_unicode_string()[source]
test_not_found()[source]
test_unicode_message()[source]
test_unicode_string()[source]
test_validation_error()[source]
class keystone.tests.test_exception.SecurityErrorTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_exception.ExceptionTestCase

Tests whether security-related info is exposed to the API user.

test_forbidden_action_exposure()[source]
test_forbidden_action_exposure_in_debug()[source]
test_forbidden_exposure()[source]
test_forbidden_exposure_in_debug()[source]
test_unauthorized_exposure()[source]
test_unauthorized_exposure_in_debug()[source]
test_unicode_argument_message()[source]
class keystone.tests.test_exception.UnexpectedExceptionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_exception.ExceptionTestCase

Tests if internal info is exposed to the API user on UnexpectedError.

exception SubClassExc(message=None, **kwargs)[source]

Bases: keystone.exception.UnexpectedError

debug_message_format = 'Debug Message: %(debug_info)s'
UnexpectedExceptionTestCase.setUp()[source]
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_no_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_no_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_subclass_debug()[source]
UnexpectedExceptionTestCase.test_unexpected_error_subclass_no_debug()[source]

keystone.tests.test_injection module

class keystone.tests.test_injection.TestDependencyInjection(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

setUp()[source]
test_circular_dependency()[source]
test_dependency_consumer_configuration()[source]
test_dependency_injection()[source]
test_dependency_provider_configuration()[source]
test_inherited_dependency()[source]
test_optional_and_required()[source]
test_optional_dependency_not_provided()[source]
test_optional_dependency_provided()[source]
test_reset()[source]
test_unresolvable_dependency()[source]

keystone.tests.test_ipv6 module

class keystone.tests.test_ipv6.IPv6TestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_ipv6_ok()[source]

Make sure both public and admin API work with ipv6.

keystone.tests.test_keystoneclient module

class keystone.tests.test_keystoneclient.CompatTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.NoModule, keystone.tests.core.TestCase

get_client(user_ref=None, tenant_ref=None, admin=False)[source]
setUp()[source]
class keystone.tests.test_keystoneclient.KcMasterTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_keystoneclient.CompatTestCase, keystone.tests.test_keystoneclient.KeystoneClientTests

checkout_info = ('https://review.openstack.org/p/openstack/python-keystoneclient.git', 'master')
class keystone.tests.test_keystoneclient.KcOptTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_keystoneclient.KcMasterTestCase

setUp()[source]
class keystone.tests.test_keystoneclient.KeystoneClientTests[source]

Bases: object

Tests for all versions of keystoneclient.

test_admin_requires_adminness()[source]
test_authenticate_and_delete_token()[source]
test_authenticate_disabled_tenant()[source]
test_authenticate_invalid_tenant_id()[source]
test_authenticate_no_password()[source]
test_authenticate_no_username()[source]
test_authenticate_tenant_id_and_tenants()[source]
test_authenticate_tenant_name_and_tenants()[source]
test_authenticate_token_invalid_tenant_id()[source]
test_authenticate_token_invalid_tenant_name()[source]
test_authenticate_token_no_tenant()[source]
test_authenticate_token_tenant_id()[source]
test_authenticate_token_tenant_name()[source]
test_change_password_invalidates_token()[source]
test_delete_tenant_invalidates_token()[source]
test_delete_user_invalidates_token()[source]
test_disable_tenant_invalidates_token()[source]
test_disable_user_invalidates_token()[source]
test_endpoint_delete_404()[source]
test_invalid_password()[source]
test_invalid_user_and_password()[source]
test_role_create_no_name()[source]
test_role_crud()[source]
test_role_delete_404()[source]
test_role_get()[source]
test_role_get_404()[source]
test_role_list()[source]
test_role_list_404()[source]
test_roles_get_by_user()[source]
test_service_crud()[source]
test_service_delete_404()[source]
test_service_get_404()[source]
test_tenant_add_and_remove_user()[source]
test_tenant_create_no_name()[source]
test_tenant_create_update_and_delete()[source]
test_tenant_create_update_and_delete_unicode()[source]
test_tenant_delete_404()[source]
test_tenant_get_404()[source]
test_tenant_list()[source]
test_tenant_list_limit()[source]
test_tenant_list_limit_bad_value()[source]
test_tenant_list_marker()[source]
test_tenant_list_marker_not_found()[source]
test_tenant_update_404()[source]
test_token_expiry_maintained(*args, **keywargs)[source]
test_tokens_after_user_update_passwd()[source]
test_update_default_tenant_to_existing_value()[source]
test_user_can_update_passwd()[source]
test_user_cannot_update_other_users_passwd()[source]
test_user_create_404()[source]
test_user_create_no_name()[source]
test_user_create_no_string_password()[source]
test_user_create_update_delete()[source]
test_user_delete_404()[source]
test_user_get()[source]
test_user_get_404()[source]
test_user_list()[source]
test_user_list_404()[source]
test_user_role_add_404()[source]
test_user_role_add_no_user()[source]
test_user_role_remove_404()[source]
test_user_update_404()[source]
test_user_update_password_404()[source]
test_user_update_tenant()[source]

keystone.tests.test_keystoneclient_sql module

class keystone.tests.test_keystoneclient_sql.KcMasterSqlTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_keystoneclient.KcMasterTestCase

config_files()[source]
setUp()[source]
test_ec2_auth_failure()[source]
test_ec2_auth_success()[source]
test_ec2_auth_success_trust()[source]
test_ec2_credential_crud()[source]
test_ec2_credential_crud_non_admin()[source]
test_ec2_credentials_create_404()[source]
test_ec2_credentials_delete_404()[source]
test_ec2_credentials_delete_user_forbidden()[source]
test_ec2_credentials_get_404()[source]
test_ec2_credentials_get_user_forbidden()[source]
test_ec2_credentials_list_404()[source]
test_ec2_credentials_list_user_forbidden()[source]
test_ec2_list_credentials()[source]
test_endpoint_create_404()[source]
test_endpoint_crud()[source]
test_endpoint_delete_404()[source]
test_policy_crud()[source]
class keystone.tests.test_keystoneclient_sql.KcOptTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_keystoneclient_sql.KcMasterSqlTestCase

setUp()[source]

keystone.tests.test_kvs module

class keystone.tests.test_kvs.KVSBackendFixture(arguments)[source]

Bases: keystone.common.kvs.backends.inmemdb.MemoryBackend

get_mutex(key)[source]
classmethod key_mangler(key)[source]
class keystone.tests.test_kvs.KVSBackendForcedKeyMangleFixture(arguments)[source]

Bases: keystone.tests.test_kvs.KVSBackendFixture

classmethod key_mangler(key)[source]
use_backend_key_mangler = True
class keystone.tests.test_kvs.KVSTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_kvs_backend_registration_does_not_reregister_backends()[source]
test_kvs_basic_configuration()[source]
test_kvs_basic_get_set_delete()[source]
test_kvs_key_mangler_configuration_backend()[source]
test_kvs_key_mangler_configuration_disabled()[source]
test_kvs_key_mangler_configuration_forced_backend()[source]
test_kvs_key_mangler_fallthrough_default()[source]
test_kvs_key_mangler_set_on_backend()[source]
test_kvs_locking_context_handler()[source]
test_kvs_locking_context_handler_locking_disabled()[source]
test_kvs_memcache_key_mangler_set_to_none()[source]
test_kvs_memcache_manager_no_expiry_keys()[source]
test_kvs_memcache_set_arguments_and_memcache_expires_ttl()[source]
test_kvs_memcached_manager_invalid_dogpile_memcached_backend()[source]
test_kvs_memcached_manager_valid_dogpile_memcached_backend()[source]
test_kvs_multi_get_set_delete()[source]
test_kvs_proxy_configuration()[source]
test_kvs_with_lock_action_context_manager()[source]
test_kvs_with_lock_action_context_manager_no_lock()[source]
test_kvs_with_lock_action_context_manager_timeout()[source]
test_kvs_with_lock_action_mismatched_keys()[source]
test_memcached_lock_max_lock_attempts()[source]
test_noncallable_key_mangler_set_on_driver_raises_type_error()[source]
class keystone.tests.test_kvs.MutexFixture(storage_dict, key, timeout)[source]

Bases: object

acquire(wait=True)[source]
release()[source]
class keystone.tests.test_kvs.RegionProxy2Fixture(*args, **kwargs)[source]

Bases: dogpile.cache.proxy.ProxyBackend

A test dogpile.cache proxy that does nothing.

class keystone.tests.test_kvs.RegionProxyFixture(*args, **kwargs)[source]

Bases: dogpile.cache.proxy.ProxyBackend

A test dogpile.cache proxy that does nothing.

class keystone.tests.test_kvs.TestMemcacheDriver(arguments)[source]

Bases: dogpile.cache.api.CacheBackend

A test dogpile.cache backend that conforms to the mixin-mechanism for overriding set and set_multi methods on dogpile memcached drivers.

set(key, value)[source]
set_multi(mapping)[source]
class test_client[source]

Bases: object

add(key, value, expiry_time)[source]
delete(key)[source]
set(key, value, **set_arguments)[source]
set_multi(mapping, **set_arguments)[source]
class keystone.tests.test_kvs.TestMemcachedBackend(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_invalid_backend_fails_initialization(*args, **keywargs)[source]

keystone.tests.test_ldap_livetest module

class keystone.tests.test_ldap_livetest.LiveLDAPIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_ldap.LDAPIdentity

clear_database()[source]
config_files()[source]
config_overrides()[source]
setUp()[source]
tearDown()[source]
test_base_ldap_connection_deref_option()[source]
test_build_tree()[source]

Regression test for building the tree names

test_create_project_case_sensitivity()[source]
test_create_user_case_sensitivity()[source]
test_ldap_dereferencing()[source]
test_list_groups_for_user_filtered()[source]
test_project_update_missing_attrs_with_a_falsey_value()[source]
test_user_enable_attribute_mask()[source]
keystone.tests.test_ldap_livetest.create_object(dn, attrs)[source]

keystone.tests.test_ldap_tls_livetest module

class keystone.tests.test_ldap_tls_livetest.LiveTLSLDAPIdentity(*args, **kwargs)[source]

Bases: keystone.tests.test_ldap_livetest.LiveLDAPIdentity

config_files()[source]
config_overrides()[source]
test_tls_bad_certdir()[source]
test_tls_bad_certfile()[source]
test_tls_certdir_demand_option()[source]
test_tls_certfile_demand_option()[source]
keystone.tests.test_ldap_tls_livetest.create_object(dn, attrs)[source]

keystone.tests.test_matchers module

class keystone.tests.test_matchers.TestXMLEquals(*args, **kwargs)[source]

Bases: keystone.tests.core.BaseTestCase, testtools.tests.matchers.helpers.TestMatchersInterface

describe_examples = [('expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', <keystone.tests.matchers.XMLEquals object at 0x7f9678326590>)]
equivalent_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n'
matches_matcher = <keystone.tests.matchers.XMLEquals object at 0x7f9678326590>
matches_matches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n']
matches_mismatches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n']
matches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n'
mismatches_description = 'expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
mismatches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
str_examples = [('XMLEquals(\'<?xml version="1.0" encoding="UTF-8"?>\\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\\n <first z="0" y="1" x="2"/>\\n <second a="a" b="b"></second>\\n</test>\\n\')', <keystone.tests.matchers.XMLEquals object at 0x7f9678326590>)]

keystone.tests.test_middleware module

class keystone.tests.test_middleware.AdminTokenAuthMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_request_admin()[source]
test_request_non_admin()[source]
class keystone.tests.test_middleware.JsonBodyMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_malformed_json()[source]
test_no_content_type()[source]
test_request_with_params()[source]
test_unrecognized_content_type()[source]
test_unrecognized_content_type_without_body()[source]
class keystone.tests.test_middleware.PostParamsMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_request_with_params()[source]
class keystone.tests.test_middleware.TokenAuthMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_request()[source]
class keystone.tests.test_middleware.XmlBodyMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_client_fails_to_specify_accept()[source]

If client does not specify an Accept header, default to JSON.

test_client_wants_json_back()[source]

Clients requesting JSON should definitely not get XML back.

test_client_wants_xml_back()[source]

Clients requesting XML should get what they ask for.

test_json_unnaffected()[source]

JSON-only requests should be unaffected by the XML middleware.

test_xml_replaced_by_json()[source]

XML requests should be replaced by JSON requests.

keystone.tests.test_middleware.make_request(**kwargs)[source]
keystone.tests.test_middleware.make_response(**kwargs)[source]

keystone.tests.test_no_admin_token_auth module

class keystone.tests.test_no_admin_token_auth.TestNoAdminTokenAuth(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_request_no_admin_token_auth()[source]

keystone.tests.test_notifications module

exception keystone.tests.test_notifications.ArbitraryException[source]

Bases: exceptions.Exception

class keystone.tests.test_notifications.CadfNotificationsWrapperTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

ACTION = 'authenticate'
LOCAL_HOST = 'localhost'
setUp()[source]
test_v3_authenticate_user_id()[source]
test_v3_authenticate_user_name_and_domain_id()[source]
test_v3_authenticate_user_name_and_domain_name()[source]
class keystone.tests.test_notifications.NotificationsForEntities(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

setUp()[source]
test_create_group()[source]
test_create_project()[source]
test_create_role()[source]
test_create_trust()[source]
test_create_user()[source]
test_delete_domain()[source]
test_delete_group()[source]
test_delete_project()[source]
test_delete_role()[source]
test_delete_trust()[source]
test_delete_user()[source]
test_disable_domain()[source]
test_disable_project()[source]
test_update_domain()[source]
test_update_group()[source]
test_update_project()[source]
test_update_project_does_not_send_disable()[source]
test_update_role()[source]
test_update_user()[source]
class keystone.tests.test_notifications.NotificationsTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_send_notification()[source]

Test the private method _send_notification to ensure event_type, payload, and context are built and passed properly.

class keystone.tests.test_notifications.NotificationsWrapperTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

create_exception(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

create_resource(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

delete_exception(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

delete_resource(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

setUp()[source]
test_create_exception_without_notification()[source]
test_delete_exception_without_notification()[source]
test_resource_created_notification()[source]
test_resource_deleted_notification()[source]
test_resource_updated_notification()[source]
test_update_exception_without_notification()[source]
update_exception(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

update_resource(*args, **kwargs)[source]

Send a notification if the wrapped callable is successful.

class keystone.tests.test_notifications.TestEventCallbacks(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

setUp()[source]
test_event_registration_for_unknown_resource_type()[source]
test_invalid_event_callbacks()[source]
test_invalid_event_callbacks_event()[source]
test_notification_event_not_valid()[source]
test_notification_method_not_callable()[source]
test_notification_received()[source]
test_provider_event_callbacks_subscription()[source]

keystone.tests.test_pemutils module

class keystone.tests.test_pemutils.PEM(pem_header='CERTIFICATE', pem_type='cert', data_size=70, data_offset=0)[source]

Bases: object

PEM text and it’s associated data broken out, used for testing.

class keystone.tests.test_pemutils.TestPEMParse(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_base64_to_pem()[source]
test_binary_to_pem()[source]
test_get_pem_data()[source]
test_get_pem_data_invalid()[source]
test_get_pem_data_none()[source]
test_is_pem()[source]
test_parse_invalid()[source]
test_parse_multple()[source]
test_parse_multple_embedded()[source]
test_parse_multple_find_specific()[source]
test_parse_none()[source]
test_parse_one()[source]
test_parse_one_embedded()[source]
class keystone.tests.test_pemutils.TestPEMParseResult(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_pem_headers()[source]
test_pem_types()[source]
keystone.tests.test_pemutils.make_base64_from_data(data)[source]
keystone.tests.test_pemutils.make_data(size, offset=0)[source]
keystone.tests.test_pemutils.make_pem(header, data)[source]
keystone.tests.test_pemutils.wrap_base64(base64_text)[source]

keystone.tests.test_policy module

class keystone.tests.test_policy.DefaultPolicyTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_default_not_found()[source]
test_not_found_policy_calls_default()[source]
test_policy_called()[source]
class keystone.tests.test_policy.PolicyFileTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_modified_policy_reloads()[source]
class keystone.tests.test_policy.PolicyJsonTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_json_examples_have_matching_entries()[source]
class keystone.tests.test_policy.PolicyTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_early_AND_enforcement()[source]
test_early_OR_enforcement()[source]
test_enforce_bad_action_throws()[source]
test_enforce_good_action()[source]
test_enforce_http_false()[source]
test_enforce_http_true()[source]
test_enforce_nonexistent_action_throws()[source]
test_ignore_case_role_check()[source]
test_templatized_enforcement()[source]

keystone.tests.test_revoke module

class keystone.tests.test_revoke.KvsRevokeTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase, keystone.tests.test_revoke.RevokeTests

config_overrides()[source]
setUp()[source]
class keystone.tests.test_revoke.RevokeTests(*args, **kwargs)[source]

Bases: object

test_expired_events_removed_validate_token_success(*args, **keywargs)[source]
test_list()[source]
test_list_since()[source]
test_past_expiry_are_removed()[source]
test_revoke_by_expiration_project_and_domain_fails()[source]
class keystone.tests.test_revoke.RevokeTreeTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

removeEvent(event)[source]
setUp()[source]
test_by_domain_domain()[source]
test_by_domain_project()[source]
test_by_domain_user()[source]
test_by_project_and_user_and_role()[source]
test_by_project_grant()[source]
test_by_user_domain()[source]
test_by_user_expiration()[source]
test_by_user_project()[source]
test_cleanup()[source]
test_revoke_by_user()[source]
test_revoke_by_user_matches_trustee()[source]
test_revoke_by_user_matches_trustor()[source]
class keystone.tests.test_revoke.SqlRevokeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_revoke.RevokeTests

config_overrides()[source]

keystone.tests.test_s3_token_middleware module

class keystone.tests.test_s3_token_middleware.S3TokenMiddlewareTestBase(*args, **kwargs)[source]

Bases: testtools.testcase.TestCase

test_symbols()[source]

Verify s3_token middleware symbols.

Verify that the keystone version of s3_token middleware forwards the public symbols from the keystoneclient version of the s3_token middleware for backwards compatibility.

keystone.tests.test_serializer module

class keystone.tests.test_serializer.XmlSerializerTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

assertSerializeDeserialize(d, xml, xmlns=None)[source]
test_auth_request()[source]
test_collection_list()[source]
test_collection_member()[source]
test_policy_list()[source]
test_role_crud()[source]
test_service_crud()[source]
test_tenant_crud()[source]
test_tenant_crud_no_description()[source]
test_values_list()[source]
test_xml_with_namespaced_attribute_to_dict()[source]

keystone.tests.test_singular_plural module

class keystone.tests.test_singular_plural.TestSingularPlural[source]

Bases: object

test_keyword_arg_condition_or_methods()[source]

Raise if we see a keyword arg called ‘condition’ or ‘methods’.

keystone.tests.test_sizelimit module

class keystone.tests.test_sizelimit.TestRequestBodySizeLimiter(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_content_length_acceptable()[source]
test_content_length_too_large()[source]
test_request_too_large_no_content_length()[source]

keystone.tests.test_sql_livetest module

class keystone.tests.test_sql_livetest.Db2MigrateTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlUpgradeTests

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.MysqlMigrateTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlUpgradeTests

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.MysqlRevokeExtensionsTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_migrate_extensions.RevokeExtension

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.PostgresqlMigrateTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlUpgradeTests

config_files()[source]
setUp()[source]
class keystone.tests.test_sql_livetest.PostgresqlRevokeExtensionsTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_migrate_extensions.RevokeExtension

config_files()[source]
setUp()[source]

keystone.tests.test_sql_migrate_extensions module

To run these tests against a live database:

  1. Modify the file tests/backend_sql.conf to use the connection for your live database

  2. Set up a blank, live database.

  3. run the tests using

    ./run_tests.sh -N  test_sql_upgrade
    

    WARNING:

    Your database will be wiped.
    

    Do not do this against a Database with valuable data as all data will be lost.

class keystone.tests.test_sql_migrate_extensions.EndpointFilterExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.FederationExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

Test class for ensuring the Federation SQL.

repo_package()[source]
setUp()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.RevokeExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.SqlUpgradeExampleExtension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]
class keystone.tests.test_sql_migrate_extensions.SqlUpgradeOAuth1Extension(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

repo_package()[source]
test_downgrade()[source]
test_upgrade()[source]

keystone.tests.test_sql_upgrade module

To run these tests against a live database:

  1. Modify the file keystone/tests/backend_sql.conf to use the connection for your live database

  2. Set up a blank, live database

  3. Run the tests using:

    tox keystone.tests.test_sql_upgrade
    

WARNING:

Your database will be wiped.

Do not do this against a database with valuable data as all data will be
lost.
class keystone.tests.test_sql_upgrade.SqlMigrateBase(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

assertTableColumns(table_name, expected_cols)[source]

Asserts that the table contains the expected set of columns.

assertTableDoesNotExist(table_name)[source]

Asserts that a given table exists cannot be selected by name.

assertTableExists(table_name)[source]
config_files()[source]
downgrade(*args, **kwargs)[source]
initialize_sql()[source]
repo_package()[source]
select_table(name)[source]
setUp()[source]
tearDown()[source]
upgrade(*args, **kwargs)[source]
class keystone.tests.test_sql_upgrade.SqlUpgradeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

assertProjectTables()[source]
assertTenantTables()[source]
check_uniqueness_constraints()[source]
insert_dict(session, table_name, d, table=None)[source]

Naively inserts key-value pairs into a table, given a dictionary.

populate_tenant_table(with_desc_enab=False, with_desc_enab_domain=False)[source]
populate_user_table(with_pass_enab=False, with_pass_enab_domain=False)[source]
test_assignment_metadata_migration()[source]
test_assignment_table_migration()[source]
test_blank_db_to_start()[source]
test_downgrade_10_to_8()[source]
test_downgrade_16_to_14()[source]
test_downgrade_30()[source]
test_downgrade_32_to_31()[source]
test_downgrade_endpoint_enabled_cols()[source]

Check columns when downgrade from migration 41.

The downgrade from migration 42 removes the enabled column from the endpoint table.

test_downgrade_endpoint_enabled_data()[source]

Downgrade from migration 42 migrates data.

Downgrade from migration 42 migrates data from enabled to extra. Any disabled endpoints have ‘enabled’: False put into ‘extra’.

test_downgrade_endpoints()[source]
test_downgrade_project_to_tenant()[source]
test_downgrade_remove_group_tables()[source]
test_downgrade_service_enabled_cols()[source]

Check columns when downgrade to migration 43.

The downgrade from migration 44 removes the enabled column from the service table.

test_downgrade_service_enabled_data()[source]

Downgrade from migration 44 migrates data.

Downgrade from migration 44 migrates data from enabled to extra. Any disabled services have ‘enabled’: False put into ‘extra’.

test_downgrade_to_0()[source]
test_drop_credential_constraint()[source]
test_drop_credential_indexes()[source]
test_dropped_valid_index()[source]
test_fixup_role()[source]
test_group_project_FK_fixup()[source]
test_legacy_endpoint_id()[source]
test_limited_trusts_downgrade()[source]
test_limited_trusts_downgrade_trusts_cleanup()[source]
test_limited_trusts_upgrade()[source]
test_metadata_table_migration()[source]
test_migrate_add_default_project_id_column_downgrade()[source]
test_migrate_add_default_project_id_column_upgrade()[source]
test_migrate_ec2_credential()[source]
test_migrate_ec2_credential_with_conflict_project()[source]
test_migrate_ec2_credential_with_conflict_secret()[source]
test_migrate_ec2_credential_with_invalid_blob()[source]
test_normalized_enabled_states()[source]
test_region_migration()[source]
test_revoked_token_index()[source]
test_start_version_0()[source]
test_two_steps_forward_one_step_back()[source]

You should be able to cleanly undo and re-apply all upgrades.

Upgrades are run in the following order:

0 -> 1 -> 0 -> 1 -> 2 -> 1 -> 2 -> 3 -> 2 -> 3 ...
     ^---------^    ^---------^    ^---------^
test_upgrade_14_to_16()[source]
test_upgrade_31_to_32()[source]
test_upgrade_add_domain_tables()[source]
test_upgrade_add_group_tables()[source]
test_upgrade_add_initial_tables()[source]
test_upgrade_add_policy()[source]
test_upgrade_default_roles()[source]
test_upgrade_endpoint_enabled_cols()[source]

Migration 42 added enabled column to endpoint table.

test_upgrade_endpoint_enabled_data()[source]

Migration 42 has to migrate data from extra to enabled.

test_upgrade_endpoints()[source]
test_upgrade_normalize_identity()[source]
test_upgrade_region_non_unique_description()[source]

Test upgrade to migration 43.

This migration should occur with no unique constraint on the region description column.

Create two regions with the same description.

test_upgrade_region_unique_description()[source]

Test upgrade to migration 43.

This test models a migration where there is a unique constraint on the description column.

Create two regions with the same description.

test_upgrade_service_enabled_cols()[source]

Migration 44 added enabled column to service table.

test_upgrade_service_enabled_data()[source]

Migration 44 has to migrate data from extra to enabled.

test_upgrade_tenant_to_project()[source]
test_upgrade_trusts()[source]
test_upgrade_user_tenant_membership_to_metadata()[source]
class keystone.tests.test_sql_upgrade.VersionTests(*args, **kwargs)[source]

Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase

test_core_initial()[source]

When get the version before migrated, it’s 0.

test_core_max()[source]

When get the version after upgrading, it’s the new version.

test_extension_initial()[source]

When get the initial version of an extension, it’s 0.

test_extension_migrated()[source]

When get the version after migrating an extension, it’s not 0.

test_extension_not_controlled()[source]

When get the version before controlling, raises DbMigrationError.

test_unexpected_extension()[source]

The version for an extension that doesn’t exist raises ImportError.

test_unversioned_extension()[source]

The version for extensions without migrations raise an exception.

keystone.tests.test_ssl module

class keystone.tests.test_ssl.SSLTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_1way_ssl_ok()[source]

Make sure both public and admin API work with 1-way SSL.

test_1way_ssl_with_ipv6_ok()[source]

Make sure both public and admin API work with 1-way ipv6 & SSL.

test_2way_ssl_fail()[source]

Expect to fail when client does not present proper certificate.

test_2way_ssl_ok()[source]

Make sure both public and admin API work with 2-way SSL.

Requires client certificate.

test_2way_ssl_with_ipv6_ok()[source]

Make sure both public and admin API work with 2-way ipv6 & SSL.

Requires client certificate.

keystone.tests.test_token_bind module

class keystone.tests.test_token_bind.BindTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test binding tokens to a Principal.

Even though everything in this file references kerberos the same concepts will apply to all future binding mechanisms.

assert_kerberos_bind(tokens, bind_level, use_kerberos=True, success=True)[source]
test_bind_disabled_with_kerb_user()[source]
test_bind_named_with_kerb_user()[source]
test_bind_named_with_regular_token()[source]
test_bind_named_with_unknown_bind()[source]
test_bind_named_with_unknown_scheme()[source]
test_bind_named_without_kerb_user()[source]
test_bind_permissive_with_kerb_user()[source]
test_bind_permissive_with_regular_token()[source]
test_bind_permissive_with_unknown_bind()[source]
test_bind_permissive_without_kerb_user()[source]
test_bind_required_with_kerb_user()[source]
test_bind_required_with_regular_token()[source]
test_bind_required_with_unknown_bind()[source]
test_bind_required_without_kerb_user()[source]
test_bind_strict_with_kerb_user()[source]
test_bind_strict_with_regular_token()[source]
test_bind_strict_with_unknown_bind()[source]
test_bind_strict_without_kerb_user()[source]

keystone.tests.test_token_provider module

class keystone.tests.test_token_provider.TestPKIProvider[source]

Bases: object

setUp()[source]
test_get_token_id_error_handling()[source]
class keystone.tests.test_token_provider.TestPKIProviderWithEventlet(*args, **kwargs)[source]

Bases: keystone.tests.test_token_provider.TestPKIProvider, keystone.tests.core.TestCase

setUp()[source]
class keystone.tests.test_token_provider.TestPKIProviderWithStdlib(*args, **kwargs)[source]

Bases: keystone.tests.test_token_provider.TestPKIProvider, keystone.tests.core.TestCase

setUp()[source]
class keystone.tests.test_token_provider.TestTokenProvider(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_default_providers_without_token_format()[source]
test_default_token_format()[source]
test_get_token_version()[source]
test_provider_override_token_format()[source]
test_provider_token_expiration_validation()[source]
test_token_format_provider_mismatch()[source]
test_unsupported_token_format()[source]
test_uuid_provider()[source]
test_uuid_token_format_and_no_provider()[source]
class keystone.tests.test_token_provider.TestTokenProviderOAuth1(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_uuid_provider_no_oauth_fails_oauth()[source]
keystone.tests.test_token_provider.create_v2_token()[source]
keystone.tests.test_token_provider.create_v3_token()[source]

keystone.tests.test_url_middleware module

class keystone.tests.test_url_middleware.FakeApp[source]

Bases: object

Fakes a WSGI app URL normalized.

class keystone.tests.test_url_middleware.UrlMiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
start_fake_response(status, headers)[source]
test_rewrite_empty_path()[source]

Tests empty path is rewritten to root.

test_trailing_slash_normalization()[source]

Tests /v2.0/tokens and /v2.0/tokens/ normalized URLs match.

keystone.tests.test_utils module

class keystone.tests.test_utils.LimitingReaderTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_read_default_value()[source]
class keystone.tests.test_utils.ServiceHelperTests(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

test_fail_gracefully()[source]
class keystone.tests.test_utils.UtilsTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

OPTIONAL = <object object at 0x7f9678a88290>
test_auth_str_equal()[source]
test_hash()[source]
test_hash_edge_cases()[source]
test_hash_ldap_user_password_with_empty_password()[source]
test_hash_ldap_user_password_with_null_password()[source]
test_hash_ldap_user_password_without_password()[source]
test_hash_long_password()[source]
test_hash_unicode()[source]
test_hash_user_password_with_empty_password()[source]
test_hash_user_password_with_null_password()[source]
test_hash_user_password_without_password()[source]
test_unixtime()[source]
keystone.tests.test_utils.timezone(func)[source]

keystone.tests.test_v2_controller module

class keystone.tests.test_v2_controller.TenantTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Tests for the V2 Tenant controller.

These tests exercise keystone.assignment.controllers.Tenant.

setUp()[source]
test_get_project_users_no_user()[source]

get_project_users when user doesn’t exist.

When a user that’s not known to identity has a role on a project, then get_project_users just skips that user.

test_list_projects_default_domain()[source]

Test that list projects only returns those in the default domain.

keystone.tests.test_v3 module

class keystone.tests.test_v3.AuthContextMiddlewareTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_admin_token_auth_context()[source]
test_auth_context_build_by_middleware()[source]
test_auth_context_override()[source]
class keystone.tests.test_v3.RestfulTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.rest.RestfulTestCase

admin_request(*args, **kwargs)[source]

Translates XML responses to dicts.

This implies that we only have to write assertions for JSON.

assertEqualTokens(a, b)[source]

Assert that two tokens are equal.

Compare two tokens except for their ids. This also truncates the time in the comparison.

assertRoleAssignmentInListResponse(resp, ref, link_url=None, expected=1)[source]
assertRoleAssignmentNotInListResponse(resp, ref, link_url=None)[source]
assertValidCredential(entity, ref=None)[source]
assertValidCredentialListResponse(resp, *args, **kwargs)[source]
assertValidCredentialResponse(resp, *args, **kwargs)[source]
assertValidDomain(entity, ref=None)[source]
assertValidDomainListResponse(resp, *args, **kwargs)[source]
assertValidDomainResponse(resp, *args, **kwargs)[source]
assertValidDomainScopedTokenResponse(r, *args, **kwargs)[source]
assertValidEndpoint(entity, ref=None)[source]
assertValidEndpointListResponse(resp, *args, **kwargs)[source]
assertValidEndpointResponse(resp, *args, **kwargs)[source]
assertValidEntity(entity, ref=None, keys_to_check=None)[source]

Make assertions common to all API entities.

If a reference is provided, the entity will also be compared against the reference.

assertValidErrorResponse(r)[source]
assertValidGroup(entity, ref=None)[source]
assertValidGroupListResponse(resp, *args, **kwargs)[source]
assertValidGroupResponse(resp, *args, **kwargs)[source]
assertValidISO8601ExtendedFormatDatetime(dt)[source]
assertValidListResponse(resp, key, entity_validator, ref=None, expected_length=None, keys_to_check=None)[source]

Make assertions common to all API list responses.

If a reference is provided, it’s ID will be searched for in the response, and asserted to be equal.

assertValidPolicy(entity, ref=None)[source]
assertValidPolicyListResponse(resp, *args, **kwargs)[source]
assertValidPolicyResponse(resp, *args, **kwargs)[source]
assertValidProject(entity, ref=None)[source]
assertValidProjectListResponse(resp, *args, **kwargs)[source]
assertValidProjectResponse(resp, *args, **kwargs)[source]
assertValidProjectScopedTokenResponse(r, *args, **kwargs)[source]
assertValidProjectTrustScopedTokenResponse(r, *args, **kwargs)[source]
assertValidRegion(entity, ref=None)[source]
assertValidRegionListResponse(resp, *args, **kwargs)[source]
assertValidRegionResponse(resp, *args, **kwargs)[source]
assertValidResponse(resp, key, entity_validator, *args, **kwargs)[source]

Make assertions common to all API responses.

assertValidRole(entity, ref=None)[source]
assertValidRoleAssignment(entity, ref=None, url=None)[source]
assertValidRoleAssignmentListResponse(resp, ref=None, expected_length=None)[source]
assertValidRoleListResponse(resp, *args, **kwargs)[source]
assertValidRoleResponse(resp, *args, **kwargs)[source]
assertValidScopedTokenResponse(r, *args, **kwargs)[source]
assertValidService(entity, ref=None)[source]
assertValidServiceListResponse(resp, *args, **kwargs)[source]
assertValidServiceResponse(resp, *args, **kwargs)[source]
assertValidTokenResponse(r, user=None)[source]
assertValidTrust(entity, ref=None, summary=False)[source]
assertValidTrustListResponse(resp, *args, **kwargs)[source]
assertValidTrustResponse(resp, *args, **kwargs)[source]
assertValidTrustSummary(entity, ref=None)[source]
assertValidUnscopedTokenResponse(r, *args, **kwargs)[source]
assertValidUser(entity, ref=None)[source]
assertValidUserListResponse(resp, *args, **kwargs)[source]
assertValidUserResponse(resp, *args, **kwargs)[source]
build_auth_scope(project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, domain_id=None, domain_name=None, trust_id=None)[source]
build_authentication_request(token=None, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, **kwargs)[source]

Build auth dictionary.

It will create an auth dictionary based on all the arguments that it receives.

build_external_auth_request(remote_user, remote_domain=None, auth_data=None)[source]
build_password_auth(user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None)[source]
build_token_auth(token)[source]
config_files()[source]
create_new_default_project_for_user(user_id, domain_id, enable_project=True)[source]
delete(path, **kwargs)[source]
generate_paste_config()[source]
get(path, **kwargs)[source]
get_requested_token(auth)[source]

Request the specific token we want.

get_scoped_token()[source]

Convenience method so that we can test authenticated requests.

head(path, **kwargs)[source]
load_backends()[source]
load_fixtures(fixtures)[source]
load_sample_data()[source]
new_credential_ref(user_id, project_id=None)[source]
new_domain_ref()[source]
new_endpoint_ref(service_id, **kwargs)[source]
new_group_ref(domain_id)[source]
new_policy_ref()[source]
new_project_ref(domain_id)[source]
new_ref()[source]

Populates a ref with attributes common to all API entities.

new_region_ref()[source]
new_role_ref()[source]
new_service_ref()[source]
new_trust_ref(trustor_user_id, trustee_user_id, project_id=None, impersonation=None, expires=None, role_ids=None, role_names=None, remaining_uses=None)[source]
new_user_ref(domain_id, project_id=None)[source]
patch(path, **kwargs)[source]
post(path, **kwargs)[source]
put(path, **kwargs)[source]
remove_generated_paste_config()[source]
setUp(app_conf='keystone')[source]

Setup for v3 Restful Test Cases.

setup_database()[source]
teardown_database()[source]
v3_request(path, **kwargs)[source]
class keystone.tests.test_v3.VersionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_get_version()[source]

keystone.tests.test_v3_auth module

class keystone.tests.test_v3_auth.TestAPIProtectionWithoutAuthContextMiddleware(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_api_protection_with_no_auth_context_in_env()[source]
class keystone.tests.test_v3_auth.TestAuthExternalDisabled(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
test_remote_user_disabled()[source]
class keystone.tests.test_v3_auth.TestAuthExternalDomain(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
content_type = 'json'
test_project_id_scoped_with_remote_user()[source]
test_remote_user_with_realm()[source]
test_unscoped_bind_with_remote_user()[source]
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDefaultDomain(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
content_type = 'json'
test_remote_user_no_domain()[source]
test_remote_user_no_realm()[source]
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDomain(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
content_type = 'json'
test_project_id_scoped_with_remote_user()[source]
test_remote_user_with_realm()[source]
test_unscoped_bind_with_remote_user()[source]
class keystone.tests.test_v3_auth.TestAuthInfo(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

test_both_project_and_domain_in_scope()[source]
test_get_method_data_invalid_method()[source]
test_get_method_names_duplicates()[source]
test_missing_auth_method_data()[source]
test_missing_auth_methods()[source]
test_project_name_no_domain()[source]
test_unsupported_auth_method()[source]
class keystone.tests.test_v3_auth.TestAuthJSON(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

content_type = 'json'
get_v2_token(tenant_id=None)[source]
test_auth_catalog_disabled_endpoint()[source]

On authenticate, get a catalog that excludes disabled endpoints.

test_auth_catalog_disabled_service()[source]

On authenticate, get a catalog that excludes disabled services.

test_auth_with_bind_token()[source]
test_auth_with_id()[source]
test_authenticating_a_user_with_no_password()[source]
test_bind_not_set_with_remote_user()[source]
test_default_project_id_scoped_token_with_user_id()[source]
test_default_project_id_scoped_token_with_user_id_no_catalog()[source]
test_disabled_default_project_domain_result_in_unscoped_token()[source]
test_disabled_default_project_result_in_unscoped_token()[source]
test_domain_id_scoped_token_with_user_domain_id()[source]
test_domain_id_scoped_token_with_user_domain_name()[source]
test_domain_id_scoped_token_with_user_id()[source]
test_domain_name_scoped_token_with_user_domain_id()[source]
test_domain_name_scoped_token_with_user_domain_name()[source]
test_domain_name_scoped_token_with_user_id()[source]
test_domain_scope_failed()[source]
test_domain_scope_token_with_group_role()[source]
test_domain_scope_token_with_name()[source]
test_implicit_project_id_scoped_token_with_user_id_no_catalog()[source]
test_invalid_domain_id()[source]
test_invalid_domain_name()[source]
test_invalid_password()[source]
test_invalid_user_id()[source]
test_invalid_user_name()[source]
test_no_access_to_default_project_result_in_unscoped_token()[source]
test_project_id_scoped_token_with_user_domain_id()[source]
test_project_id_scoped_token_with_user_domain_name()[source]
test_project_id_scoped_token_with_user_id()[source]
test_project_id_scoped_token_with_user_id_401()[source]
test_remote_user_and_explicit_external()[source]
test_remote_user_and_password()[source]
test_remote_user_bad_password()[source]
test_remote_user_no_domain()[source]
test_remote_user_no_realm()[source]
test_unscoped_token_with_user_domain_id()[source]
test_unscoped_token_with_user_domain_name()[source]
test_unscoped_token_with_user_id()[source]
test_user_and_group_roles_scoped_token()[source]

Test correct roles are returned in scoped token.

Test Plan:

  • Create a domain, with 1 project, 2 users (user1 and user2) and 2 groups (group1 and group2)
  • Make user1 a member of group1, user2 a member of group2
  • Create 8 roles, assigning them to each of the 8 combinations of users/groups on domain/project
  • Get a project scoped token for user1, checking that the right two roles are returned (one directly assigned, one by virtue of group membership)
  • Repeat this for a domain scoped token
  • Make user1 also a member of group2
  • Get another scoped token making sure the additional role shows up
  • User2 is just here as a spoiler, to make sure we don’t get any roles uniquely assigned to it returned in any of our tokens
test_v2_v3_bind_token_intermix()[source]
test_validate_v2_scoped_token_with_v3_api()[source]
test_validate_v2_unscoped_token_with_v3_api()[source]
test_verify_with_bound_token()[source]
class keystone.tests.test_v3_auth.TestAuthXML(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_auth.TestAuthJSON

content_type = 'xml'
class keystone.tests.test_v3_auth.TestPKITokenAPIs(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests

config_overrides()[source]
setUp()[source]
class keystone.tests.test_v3_auth.TestTokenRevokeApi(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_auth.TestTokenRevokeById

EXTENSION_NAME = 'revoke'
EXTENSION_TO_ADD = 'revoke_extension'

Test token revocation on the v3 Identity API.

assertDomainInList(events_response, domain_id)[source]
assertUserAndExpiryInList(events, user_id, expires_at)[source]
assertValidDeletedProjectResponse(events_response, project_id)[source]
assertValidRevokedTokenResponse(events_response, user_id, project_id=None)[source]
config_overrides()[source]
test_disable_domain_shows_in_event_list()[source]
test_list_delete_project_shows_in_event_list()[source]
test_list_delete_token_shows_in_event_list()[source]
test_list_with_filter()[source]
test_revoke_by_id_false_410()[source]
test_revoke_token()[source]
test_revoke_v2_token()[source]
class keystone.tests.test_v3_auth.TestTokenRevokeById(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test token revocation on the v3 Identity API.

config_overrides()[source]
get_v2_token(token=None, project_id=None)[source]
role_data_fixtures()[source]
setUp()[source]

Setup for Token Revoking Test Cases.

As well as the usual housekeeping, create a set of domains, users, groups, roles and projects for the subsequent tests:

  • Two domains: A & B
  • Three users (1, 2 and 3)
  • Three groups (1, 2 and 3)
  • Two roles (1 and 2)
  • DomainA owns user1, domainB owns user2 and user3
  • DomainA owns group1 and group2, domainB owns group3
  • User1 and user2 are members of group1
  • User3 is a member of group2
  • Two projects: A & B, both in domainA
  • Group1 has role1 on Project A and B, meaning that user1 and user2 will get these roles by virtue of membership
  • User1, 2 and 3 have role1 assigned to projectA
  • Group1 has role1 on Project A and B, meaning that user1 and user2 will get role1 (duplicated) by virtue of membership
  • User1 has role2 assigned to domainA
test_deleting_group_grant_revokes_tokens()[source]

Test deleting a group grant revokes tokens.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Get a token for user2, scoped to ProjectA
  • Get a token for user3, scoped to ProjectA
  • Delete the grant group1 has on ProjectA
  • Check tokens for user1 & user2 are no longer valid, since user1 and user2 are members of group1
  • Check token for user3 is still valid
test_deleting_project_deletes_grants()[source]
test_deleting_project_revokes_token()[source]
test_deleting_role_revokes_token()[source]

Test deleting a role revokes token.

Add some additional test data, namely:
  • A third project (project C)
  • Three additional users - user4 owned by domainB and user5 and 6 owned by domainA (different domain ownership should not affect the test results, just provided to broaden test coverage)
  • User5 is a member of group1
  • Group1 gets an additional assignment - role1 on projectB as well as its existing role1 on projectA
  • User4 has role2 on Project C
  • User6 has role1 on projectA and domainA
  • This allows us to create 5 tokens by virtue of different types of role assignment: - user1, scoped to ProjectA by virtue of user role1 assignment - user5, scoped to ProjectB by virtue of group role1 assignment - user4, scoped to ProjectC by virtue of user role2 assignment - user6, scoped to ProjectA by virtue of user role1 assignment - user6, scoped to DomainA by virtue of user role1 assignment
  • role1 is then deleted
  • Check the tokens on Project A and B, and DomainA are revoked, but not the one for Project C
test_deleting_user_grant_revokes_token()[source]

Test deleting a user grant revokes token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Delete the grant user1 has on ProjectA
  • Check token is no longer valid
test_disabling_project_revokes_token()[source]
test_domain_group_role_assignment_maintains_token()[source]

Test domain-group role assignment maintains existing token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Create a grant for group1 on DomainB
  • Check token is still longer valid
test_domain_user_role_assignment_maintains_token()[source]

Test user-domain role assignment maintains existing token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Create a grant for user1 on DomainB
  • Check token is still valid
test_group_membership_changes_revokes_token()[source]

Test add/removal to/from group revokes token.

Test Plan:

  • Get a token for user1, scoped to ProjectA
  • Get a token for user2, scoped to ProjectA
  • Remove user1 from group1
  • Check token for user1 is no longer valid
  • Check token for user2 is still valid, even though user2 is also part of group1
  • Add user2 to group2
  • Check token for user2 is now no longer valid
test_removing_role_assignment_does_not_affect_other_users()[source]

Revoking a role from one user should not affect other users.

test_revoke_token_from_token()[source]
test_revoke_token_from_token_v2()[source]
test_revoke_v2_token_no_check()[source]
test_unscoped_token_remains_valid_after_role_assignment()[source]
class keystone.tests.test_v3_auth.TestTokenRevokeSelfAndAdmin(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test token revoke using v3 Identity API by token owner and admin.

config_overrides()[source]
setUp()[source]

Setup for Test Cases. Two domains, domainA and domainB Two users in domainA, userNormalA and userAdminA One user in domainB, userAdminB

test_adminA_revokes_userA_token()[source]
test_adminB_fails_revoking_userA_token()[source]
test_user_revokes_own_token()[source]
class keystone.tests.test_v3_auth.TestTrustAuth(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_auth.TestAuthInfo

EXTENSION_NAME = 'revoke'
EXTENSION_TO_ADD = 'revoke_extension'
assertTrustTokensRevoked(trust_id)[source]
config_overrides()[source]
setUp()[source]
test_change_password_invalidates_trust_tokens()[source]
test_consume_trust_once()[source]
test_create_expired_trust()[source]
test_create_one_time_use_trust()[source]
test_create_trust_400()[source]
test_create_trust_no_roles()[source]
test_create_trust_project_404()[source]
test_create_trust_role_id_404()[source]
test_create_trust_role_name_404()[source]
test_create_trust_trustee_404()[source]
test_create_trust_trustor_trustee_backwards()[source]
test_create_trust_with_bad_values_for_remaining_uses()[source]
test_create_unlimited_use_trust()[source]
test_create_unscoped_trust()[source]
test_delete_trust()[source]
test_delete_trust_revokes_tokens()[source]
test_exercise_trust_scoped_token_with_impersonation()[source]
test_exercise_trust_scoped_token_without_impersonation()[source]
test_impersonation_token_cannot_create_new_trust()[source]
test_list_trusts()[source]
test_trust_crud()[source]
test_trustee_can_do_role_ops()[source]
test_v3_v2_intermix()[source]
test_v3_v2_intermix_project_not_in_default_domaini_failed()[source]
test_v3_v2_intermix_trustor_not_in_default_domain_failed()[source]
test_v3_v2_intermix_trustor_not_in_default_domaini_failed()[source]
class keystone.tests.test_v3_auth.TestTrustOptional(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

config_overrides()[source]
test_auth_with_scope_in_trust_403()[source]
test_trusts_404()[source]
class keystone.tests.test_v3_auth.TestUUIDTokenAPIs(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests

config_overrides()[source]
setUp()[source]
test_v3_token_id()[source]
test_v3_v2_hashed_pki_token_intermix()[source]
class keystone.tests.test_v3_auth.TokenAPITests[source]

Bases: object

doSetUp()[source]
test_check_token()[source]
test_default_fixture_scope_token()[source]
test_rescoping_token()[source]
test_v2_v3_token_intermix()[source]
test_v2_v3_unscoped_token_intermix()[source]
test_v3_token_id()[source]
test_v3_v2_hashed_pki_token_intermix()[source]
test_v3_v2_intermix_domain_scoped_token_failed()[source]
test_v3_v2_intermix_new_default_domain()[source]
test_v3_v2_intermix_non_default_domain_failed()[source]
test_v3_v2_intermix_non_default_project_failed()[source]
test_v3_v2_token_intermix()[source]
test_v3_v2_unscoped_token_intermix()[source]
test_validate_token()[source]
test_validate_token_nocatalog()[source]
verify_token(*args, **kwargs)[source]

keystone.tests.test_v3_catalog module

class keystone.tests.test_v3_catalog.CatalogTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test service & endpoint CRUD.

assertValidErrorResponse(response)[source]
test_create_endpoint_400()[source]

Call POST /endpoints.

test_create_endpoint_enabled_false()[source]

Call POST /endpoints with enabled: false.

test_create_endpoint_enabled_str_false()[source]

Call POST /endpoints with enabled: ‘False’.

test_create_endpoint_enabled_str_random()[source]

Call POST /endpoints with enabled: ‘puppies’.

test_create_endpoint_enabled_str_true()[source]

Call POST /endpoints with enabled: ‘True’.

test_create_endpoint_enabled_true()[source]

Call POST /endpoints with enabled: true.

test_create_endpoint_no_enabled()[source]

Call POST /endpoints.

test_create_endpoint_on_v2()[source]
test_create_endpoint_with_empty_url()[source]

Call POST /endpoints.

test_create_region()[source]

Call POST /regions with an ID in the request body.

test_create_region_with_conflicting_ids()[source]

Call PUT /regions/{region_id} with conflicting region IDs.

test_create_region_with_duplicate_id()[source]

Call PUT /regions/{region_id}.

test_create_region_with_id()[source]

Call PUT /regions/{region_id} w/o an ID in the request body.

test_create_region_with_matching_ids()[source]

Call PUT /regions/{region_id} with an ID in the request body.

test_create_region_without_id()[source]

Call POST /regions without an ID in the request body.

test_create_service()[source]

Call POST /services.

test_create_service_enabled_false()[source]

Call POST /services.

test_create_service_enabled_str_false()[source]

Call POST /services.

test_create_service_enabled_str_random()[source]

Call POST /services.

test_create_service_enabled_str_true()[source]

Call POST /services.

test_create_service_enabled_true()[source]

Call POST /services.

test_create_service_no_enabled()[source]

Call POST /services.

test_delete_endpoint()[source]

Call DELETE /endpoints/{endpoint_id}.

test_delete_region()[source]

Call DELETE /regions/{region_id}.

test_delete_service()[source]

Call DELETE /services/{service_id}.

test_get_endpoint()[source]

Call GET /endpoints/{endpoint_id}.

test_get_region()[source]

Call GET /regions/{region_id}.

test_get_service()[source]

Call GET /services/{service_id}.

test_list_endpoints()[source]

Call GET /endpoints.

test_list_endpoints_xml()[source]

Call GET /endpoints (xml data).

test_list_regions()[source]

Call GET /regions.

test_list_regions_xml()[source]

Call GET /regions (xml data).

test_list_services()[source]

Call GET /services.

test_list_services_xml()[source]

Call GET /services (xml data).

test_update_endpoint()[source]

Call PATCH /endpoints/{endpoint_id}.

test_update_endpoint_enabled_false()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: False.

test_update_endpoint_enabled_str_false()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: ‘False’.

test_update_endpoint_enabled_str_random()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: ‘kitties’.

test_update_endpoint_enabled_str_true()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: ‘True’.

test_update_endpoint_enabled_true()[source]

Call PATCH /endpoints/{endpoint_id} with enabled: True.

test_update_region()[source]

Call PATCH /regions/{region_id}.

test_update_service()[source]

Call PATCH /services/{service_id}.

class keystone.tests.test_v3_catalog.TestCatalogAPISQL(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Tests for the catalog Manager against the SQL backend.

config_overrides()[source]
new_endpoint_ref(service_id)[source]
setUp()[source]
test_get_catalog_ignores_endpoints_with_invalid_urls()[source]

keystone.tests.test_v3_credential module

class keystone.tests.test_v3_credential.CredentialBaseTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

class keystone.tests.test_v3_credential.CredentialTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase

Test credential CRUD.

setUp()[source]
test_create_credential()[source]

Call POST /credentials.

test_create_credential_with_admin_token()[source]
test_create_ec2_credential()[source]

Call POST /credentials for creating ec2 credential.

test_create_ec2_credential_with_invalid_blob()[source]

Call POST /credentials for creating ec2 credential with invalid blob.

test_create_non_ec2_credential()[source]

Call POST /credentials for creating non-ec2 credential.

test_credential_api_delete_credentials_for_project()[source]
test_credential_api_delete_credentials_for_user()[source]
test_delete_credential()[source]

Call DELETE /credentials/{credential_id}.

test_get_credential()[source]

Call GET /credentials/{credential_id}.

test_get_ec2_dict_blob()[source]

Ensure non-JSON blob data is correctly converted.

test_list_credentials()[source]

Call GET /credentials.

test_list_credentials_xml()[source]

Call GET /credentials (xml data).

test_list_ec2_dict_blob()[source]

Ensure non-JSON blob data is correctly converted.

test_update_credential()[source]

Call PATCH /credentials/{credential_id}.

class keystone.tests.test_v3_credential.TestCredentialEc2(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase

Test v3 credential compatibility with ec2tokens.

setUp()[source]
test_ec2_create_credential()[source]

Test ec2 credential creation.

test_ec2_credential_signature_validate()[source]

Test signature validation with a v3 ec2 credential.

test_ec2_credential_signature_validate_legacy()[source]

Test signature validation with a legacy v3 ec2 credential.

test_ec2_delete_credential()[source]

Test ec2 credential deletion.

test_ec2_get_credential()[source]
test_ec2_list_credentials()[source]

Test ec2 credential listing.

class keystone.tests.test_v3_credential.TestCredentialTrustScoped(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test credential with trust scoped token.

config_overrides()[source]
setUp()[source]
test_trust_scoped_ec2_credential()[source]

Call POST /credentials for creating ec2 credential.

keystone.tests.test_v3_federation module

class keystone.tests.test_v3_federation.FederatedIdentityProviderTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_federation.FederationTests

A test class for Identity Providers.

base_url(suffix=None)[source]
default_body = {'enabled': True, 'description': None}
idp_keys = ['description', 'enabled']
test_assign_protocol_to_idp()[source]

Assign a protocol to existing IdP.

test_assign_protocol_to_nonexistent_idp()[source]

Assign protocol to IdP that doesn’t exist.

Expect HTTP 404 code.

test_check_idp_uniqueness()[source]

Add same IdP twice.

Expect HTTP 409 code for the latter call.

test_create_idp()[source]

Creates the IdentityProvider entity.

test_delete_existing_idp()[source]

Create and later delete IdP.

Expect HTTP 404 for the GET IdP call.

test_delete_nonexisting_idp()[source]

Delete nonexisting IdP.

Expect HTTP 404 for the GET IdP call.

test_delete_protocol()[source]

Delete protocol.

Expect HTTP 404 code for the GET call after the protocol is deleted.

test_get_idp()[source]

Create and later fetch IdP.

test_get_nonexisting_idp()[source]

Fetch nonexisting IdP entity.

Expected HTTP 404 status code.

test_get_protocol()[source]

Create and later fetch protocol tied to IdP.

test_list_idps(iterations=5)[source]

Lists all available IdentityProviders.

This test collects ids of created IdPs and intersects it with the list of all available IdPs. List of all IdPs can be a superset of IdPs created in this test, because other tests also create IdPs.

test_list_protocols()[source]

Create set of protocols and later list them.

Compare input and output id sets.

test_protocol_composite_pk()[source]

Test whether Keystone let’s add two entities with identical names, however attached to different IdPs.

  1. Add IdP and assign it protocol with predefined name
  2. Add another IdP and assign it a protocol with same name.

Expect HTTP 201 code

test_protocol_idp_pk_uniqueness()[source]

Test whether Keystone checks for unique idp/protocol values.

Add same protocol twice, expect Keystone to reject a latter call and return HTTP 409 code.

test_update_idp_immutable_attributes()[source]

Update IdP’s immutable parameters.

Expect HTTP 403 code.

test_update_idp_mutable_attributes()[source]

Update IdP’s mutable parameters.

test_update_nonexistent_idp()[source]

Update nonexistent IdP

Expect HTTP 404 code.

test_update_protocols_attribute()[source]

Update protocol’s attribute.

class keystone.tests.test_v3_federation.FederatedTokenTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_federation.FederationTests

ASSERTION_PREFIX = 'PREFIX_'
AUTH_METHOD = 'saml2'
AUTH_URL = '/auth/tokens'
IDP = 'ORG_IDP'
PROTOCOL = 'saml2'
UNSCOPED_V3_SAML2_REQ = {'identity': {'methods': ['saml2'], 'saml2': {'identity_provider': 'ORG_IDP', 'protocol': 'saml2'}}}
USER = 'user@ORGANIZATION'
idp_ref(id=None)[source]
load_federation_sample_data()[source]

Inject additional data.

mapping_ref(rules=None)[source]
proto_ref(mapping_id=None)[source]
setUp()[source]
test_assertion_prefix_parameter()[source]

Test parameters filtering based on the prefix.

With assertion_prefix set to fixed, non defailt value, issue an unscoped token from assertion EMPLOYEE_ASSERTION_PREFIXED. Expect server to return unscoped token.

test_assertion_prefix_parameter_expect_fail()[source]

Test parameters filtering based on the prefix.

With assertion_prefix default value set to empty string issue an unscoped token from assertion EMPLOYEE_ASSERTION. Next, configure assertion_prefix to value UserName. Try issuing unscoped token with EMPLOYEE_ASSERTION. Expect server to raise exception.Unathorized exception.

test_full_workflow()[source]

Test ‘standard’ workflow for granting access tokens.

  • Issue unscoped token
  • List available projects based on groups
  • Scope token to a one of available projects
test_issue_token_from_rules_without_user()[source]
test_issue_token_with_nonexistent_group()[source]

Inject assertion that matches rule issuing bad group id.

Expect server to find out that some groups are missing in the backend and raise exception.MappedGroupNotFound exception.

test_issue_unscoped_token()[source]
test_issue_unscoped_token_malformed_environment()[source]

Test whether non string objects are filtered out.

Put non string objects into the environment, inject correct assertion and try to get an unscoped token. Expect server not to fail on using split() method on non string objects and return token id in the HTTP header.

test_issue_unscoped_token_no_groups()[source]
test_issue_unscoped_token_serialize_to_xml()[source]

Issue unscoped token and serialize to XML.

Make sure common.serializer doesn’t complain about the response structure and tag names.

test_list_domains()[source]
test_list_projects()[source]
test_scope_to_bad_project()[source]

Scope unscoped token with a project we don’t have access to.

test_scope_to_domain_multiple_tokens()[source]

Issue multiple tokens scoping to different domains.

The new tokens should be scoped to:

  • domainA
  • domainB
  • domainC
test_scope_to_domain_once()[source]
test_scope_to_project_multiple_times()[source]

Try to scope the unscoped token multiple times.

The new tokens should be scoped to:

  • Customers’ project
  • Employees’ project
test_scope_to_project_once()[source]
test_scope_token_from_nonexistent_unscoped_token()[source]

Try to scope token from non-existent unscoped token.

test_workflow_with_groups_deletion()[source]

Test full workflow with groups deletion before token scoping.

The test scenario is as follows:
  • Create group group
  • Create and assign roles to group and project_all
  • Patch mapping rules for existing IdP so it issues group id
  • Issue unscoped token with group‘s id
  • Delete group group
  • Scope token to project_all
  • Expect HTTP 500 response
class keystone.tests.test_v3_federation.FederationTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

EXTENSION_NAME = 'federation'
EXTENSION_TO_ADD = 'federation_extension'
setup_database()[source]
class keystone.tests.test_v3_federation.MappingCRUDTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_federation.FederationTests

A class for testing CRUD operations for Mappings.

MAPPING_URL = '/OS-FEDERATION/mappings/'
assertValidMapping(entity, ref=None)[source]
assertValidMappingListResponse(resp, *args, **kwargs)[source]
assertValidMappingResponse(resp, *args, **kwargs)[source]
test_create_mapping_bad_requirements()[source]
test_create_mapping_bad_value()[source]
test_create_mapping_empty_map()[source]
test_create_mapping_extra_remote_properties_any_one_of()[source]
test_create_mapping_extra_remote_properties_just_type()[source]
test_create_mapping_extra_remote_properties_not_any_of()[source]
test_create_mapping_extra_rules_properties()[source]
test_create_mapping_missing_local()[source]
test_create_mapping_missing_type()[source]
test_create_mapping_no_remote_objects()[source]
test_create_mapping_no_rules()[source]
test_create_mapping_wrong_type()[source]
test_delete_mapping_dne()[source]
test_get_mapping_dne()[source]
test_mapping_create()[source]
test_mapping_delete()[source]
test_mapping_get()[source]
test_mapping_list()[source]
test_mapping_update()[source]
class keystone.tests.test_v3_federation.MappingRuleEngineTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_federation.FederationTests

A class for testing the mapping rule engine.

test_rule_engine_any_one_of_and_direct_mapping()[source]

Should return user’s name and group id EMPLOYEE_GROUP_ID.

The ADMIN_ASSERTION should successfully have a match in MAPPING_LARGE. The will test the case where any_one_of is valid, and there is a direct mapping for the users name.

test_rule_engine_any_one_of_many_rules()[source]

Should return group CONTRACTOR_GROUP_ID.

The CONTRACTOR_ASSERTION should successfully have a match in MAPPING_SMALL. This will test the case where many rules must be matched, including an any_one_of, and a direct mapping.

test_rule_engine_discards_nonstring_objects()[source]

Check whether RuleProcessor discards non string objects.

Despite the fact that assertion is malformed and contains non string objects, RuleProcessor should correctly discard them and successfully have a match in MAPPING_LARGE.

test_rule_engine_fails_after_discarding_nonstring()[source]

Check whether RuleProcessor discards non string objects.

Expect RuleProcessor to discard non string object, which is required for a correct rule match. Since no rules are matched expect RuleProcessor to raise exception.Unauthorized exception.

test_rule_engine_no_regex_match()[source]

Should deny authorization, the email of the tester won’t match.

This will not match since the email in the assertion will fail the regex test. It is set to match any @example.com address. But the incoming value is set to eviltester@example.org. RuleProcessor should raise exception.Unauthorized exception.

test_rule_engine_not_any_of_and_direct_mapping()[source]

Should return user’s name and email.

The CUSTOMER_ASSERTION should successfully have a match in MAPPING_LARGE. This will test the case where a requirement has not_any_of, and direct mapping to a username, no group.

test_rule_engine_not_any_of_many_rules()[source]

Should return group EMPLOYEE_GROUP_ID.

The EMPLOYEE_ASSERTION should successfully have a match in MAPPING_SMALL. This will test the case where many remote rules must be matched, including a not_any_of.

test_rule_engine_regex_match_and_many_groups()[source]

Should return group DEVELOPER_GROUP_ID and TESTER_GROUP_ID.

The TESTER_ASSERTION should successfully have a match in MAPPING_LARGE. This will test a successful regex match for an any_one_of evaluation type, and will have many groups returned.

keystone.tests.test_v3_federation.dummy_validator(*args, **kwargs)[source]

keystone.tests.test_v3_filters module

class keystone.tests.test_v3_filters.IdentityTestFilteredCase(*args, **kwargs)[source]

Bases: keystone.tests.filtering.FilterTests, keystone.tests.test_v3.RestfulTestCase

Test filter enforcement on the v3 Identity API.

content_type = 'json'
load_sample_data()[source]

Create sample data for these tests.

As well as the usual housekeeping, create a set of domains, users, roles and projects for the subsequent tests:

  • Three domains: A,B & C. C is disabled.
  • DomainA has user1, DomainB has user2 and user3
  • DomainA has group1 and group2, DomainB has group3
  • User1 has a role on DomainA

Remember that there will also be a fourth domain in existence, the default domain.

setUp()[source]

Setup for Identity Filter Test Cases.

test_filter_sql_injection_attack()[source]

GET /users?name=<injected sql_statement>

Test Plan:

  • Attempt to get all entities back by passing a two-term attribute
  • Attempt to piggyback filter to damage DB (e.g. drop table)
test_inexact_filters()[source]
test_list_filtered_domains()[source]

GET /domains?enabled=0

Test Plan:

  • Update policy for no protection on api
  • Filter by the ‘enabled’ boolean to get disabled domains, which should return just domainC
  • Try the filter using different ways of specifying True/False to test that our handling of booleans in filter matching is correct
test_list_users_filtered_by_domain()[source]

GET /users?domain_id=mydomain (filtered)

Test Plan:

  • Update policy so api is unprotected
  • Use an un-scoped token to make sure we can filter the users by domainB, getting back the 2 users in that domain
test_list_users_filtered_by_funny_name()[source]

GET /users?name=%myname%

Test Plan:

  • Update policy so api is unprotected
  • Update a user with name that has filter escape characters
  • Ensure we can filter on it
test_multiple_filters()[source]

GET /domains?enabled&name=myname

Test Plan:

  • Update policy for no protection on api
  • Filter by the ‘enabled’ boolean and name - this should return a single domain
class keystone.tests.test_v3_filters.IdentityTestFilteredCaseXML(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase

content_type = 'xml'
class keystone.tests.test_v3_filters.IdentityTestListLimitCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase

Test list limiting enforcement on the v3 Identity API.

clean_up_entity(entity)[source]

Clean up entity test data from Identity Limit Test Cases.

clean_up_policy()[source]

Clean up policy test data from Identity Limit Test Cases.

clean_up_service()[source]

Clean up service test data from Identity Limit Test Cases.

content_type = 'json'
setUp()[source]

Setup for Identity Limit Test Cases.

test_at_limit()[source]

Check truncated attribute not set when list at max size.

test_groups_list_limit()[source]
test_no_limit()[source]

Check truncated attribute not set when list not limited.

test_non_driver_list_limit()[source]

Check list can be limited without driver level support.

Policy limiting is not done at the driver level (since it really isn’t worth doing it there). So use this as a test for ensuring the controller level will successfully limit in this case.

test_projects_list_limit()[source]
test_services_list_limit()[source]
test_users_list_limit()[source]
class keystone.tests.test_v3_filters.IdentityTestListLimitCaseXML(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_filters.IdentityTestListLimitCase

content_type = 'xml'

keystone.tests.test_v3_identity module

class keystone.tests.test_v3_identity.IdentityInheritanceDisabledTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test inheritance crud and its effects.

config_overrides()[source]
test_crud_inherited_role_grants_failed_if_disabled()[source]
class keystone.tests.test_v3_identity.IdentityInheritanceTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test inheritance crud and its effects.

config_overrides()[source]
test_crud_user_inherited_domain_role_grants()[source]
test_filtered_role_assignments_for_inherited_grants()[source]

Call GET /role_assignments?scope.OS-INHERIT:inherited_to.

Test Plan:

  • Create 5 roles
  • Create a domain with a user, group and two projects
  • Assign three direct spoiler roles to projects
  • Issue the URL to add an inherited user role to the domain
  • Issue the URL to add an inherited group role to the domain
  • Issue the URL to filter by inherited roles - this should return just the 2 inherited roles.
test_list_role_assignments_for_disabled_inheritance_extension()[source]

Call GET /role_assignments with inherited domain grants.

Test Plan:

  • Issue the URL to add inherited role to the domain
  • Issue the URL to check effective roles on project include the inherited role
  • Disable the extension
  • Re-check the effective roles, proving the inherited role no longer shows up.
test_list_role_assignments_for_inherited_domain_grants()[source]

Call GET /role_assignments with inherited domain grants.

Test Plan:

  • Create 4 roles
  • Create a domain with a user and two projects
  • Assign two direct roles to project1
  • Assign a spoiler role to project2
  • Issue the URL to add inherited role to the domain
  • Issue the URL to check it is indeed on the domain
  • Issue the URL to check effective roles on project1 - this should return 3 roles.
test_list_role_assignments_for_inherited_group_domain_grants()[source]

Call GET /role_assignments with inherited group domain grants.

Test Plan:

  • Create 4 roles
  • Create a domain with a user and two projects
  • Assign two direct roles to project1
  • Assign a spoiler role to project2
  • Issue the URL to add inherited role to the domain
  • Issue the URL to check it is indeed on the domain
  • Issue the URL to check effective roles on project1 - this should return 3 roles.
class keystone.tests.test_v3_identity.IdentityTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test domains, projects, users, groups, & role CRUD.

setUp()[source]
test_add_user_to_group()[source]

Call PUT /groups/{group_id}/users/{user_id}.

test_check_effective_values_for_role_assignments()[source]

Call GET /role_assignments?effective=value.

Check the various ways of specifying the ‘effective’ query parameter. If the ‘effective’ query parameter is included then this should always be treated as as meaning ‘True’ unless it is specified as:

{url}?effective=0

This is by design to match the agreed way of handling policy checking on query/filter parameters.

Test Plan:

  • Create two extra user for tests
  • Add these users to a group
  • Add a role assignment for the group on a domain
  • Get a list of all role assignments, checking one has been added
  • Then issue various request with different ways of defining the ‘effective’ query parameter. As we have tested the correctness of the data coming back when we get effective roles in other tests, here we just use the count of entities to know if we are getting effective roles or not
test_check_user_in_group()[source]

Call HEAD /groups/{group_id}/users/{user_id}.

test_create_domain()[source]

Call POST /domains.

test_create_domain_400()[source]

Call POST /domains.

test_create_domain_case_sensitivity()[source]

Call POST /domains` twice with upper() and lower() cased name.

test_create_group()[source]

Call POST /groups.

test_create_group_400()[source]

Call POST /groups.

test_create_project()[source]

Call POST /projects.

test_create_project_400()[source]

Call POST /projects.

test_create_role()[source]

Call POST /roles.

test_create_role_400()[source]

Call POST /roles.

test_create_user()[source]

Call POST /users.

test_create_user_400()[source]

Call POST /users.

test_crud_group_domain_role_grants()[source]
test_crud_group_domain_role_grants_no_group()[source]

Grant role on a domain to a group that doesn’t exist, 404 result.

When grant a role on a domain to a group that doesn’t exist, the server returns 404 Not Found for the group.

test_crud_group_project_role_grants()[source]
test_crud_group_project_role_grants_no_group()[source]

Grant role on a project to a group that doesn’t exist, 404 result.

When grant a role on a project to a group that doesn’t exist, the server returns 404 Not Found for the group.

test_crud_user_domain_role_grants()[source]
test_crud_user_domain_role_grants_no_user()[source]

Grant role on a domain to a user that doesn’t exist, 404 result.

When grant a role on a domain to a user that doesn’t exist, the server returns 404 Not Found for the user.

test_crud_user_project_role_grants()[source]
test_crud_user_project_role_grants_no_user()[source]

Grant role on a project to a user that doesn’t exist, 404 result.

When grant a role on a project to a user that doesn’t exist, the server returns 404 Not Found for the user.

test_delete_default_domain_fails()[source]
test_delete_domain()[source]

Call DELETE /domains/{domain_id}.

The sample data set up already has a user, group, project and credential that is part of self.domain. Since the user we will authenticate with is in this domain, we create a another set of entities in a second domain. Deleting this second domain should delete all these new entities. In addition, all the entities in the regular self.domain should be unaffected by the delete.

Test Plan:

  • Create domain2 and a 2nd set of entities
  • Disable domain2
  • Delete domain2
  • Check entities in domain2 have been deleted
  • Check entities in self.domain are unaffected
test_delete_enabled_domain_fails()[source]

Call DELETE /domains/{domain_id} (when domain enabled).

test_delete_group()[source]

Call DELETE /groups/{group_id}.

test_delete_new_default_domain_fails()[source]
test_delete_old_default_domain()[source]
test_delete_project()[source]

Call DELETE /projects/{project_id}

As well as making sure the delete succeeds, we ensure that any credentials that reference this projects are also deleted, while other credentials are unaffected.

test_delete_role()[source]

Call DELETE /roles/{role_id}.

test_delete_user()[source]

Call DELETE /users/{user_id}.

As well as making sure the delete succeeds, we ensure that any credentials that reference this user are also deleted, while other credentials are unaffected. In addition, no tokens should remain valid for this user.

test_disable_domain()[source]

Call PATCH /domains/{domain_id} (set enabled=False).

test_filtered_role_assignments()[source]

Call GET /role_assignments?filters.

Test Plan:

  • Create extra users, group, role and project for tests
  • Make the following assignments: Give group1, role1 on project1 and domain Give user1, role2 on project1 and domain Make User1 a member of Group1
  • Test a series of single filter list calls, checking that the correct results are obtained
  • Test a multi-filtered list call
  • Test listing all effective roles for a given user
  • Test the equivalent of the list of roles in a project scoped token (all effective roles for a user on a project)
test_get_domain()[source]

Call GET /domains/{domain_id}.

test_get_effective_role_assignments()[source]

Call GET /role_assignments?effective.

Test Plan:

  • Create two extra user for tests
  • Add these users to a group
  • Add a role assignment for the group on a domain
  • Get a list of all role assignments, checking one has been added
  • Then get a list of all effective role assignments - the group assignment should have turned into assignments on the domain for each of the group members.
test_get_group()[source]

Call GET /groups/{group_id}.

test_get_project()[source]

Call GET /projects/{project_id}.

test_get_role()[source]

Call GET /roles/{role_id}.

test_get_role_assignments()[source]

Call GET /role_assignments.

The sample data set up already has a user, group and project that is part of self.domain. We use these plus a new user we create as our data set, making sure we ignore any role assignments that are already in existence.

Since we don’t yet support a first class entity for role assignments, we are only testing the LIST API. To create and delete the role assignments we use the old grant APIs.

Test Plan:

  • Create extra user for tests
  • Get a list of all existing role assignments
  • Add a new assignment for each of the four combinations, i.e. group+domain, user+domain, group+project, user+project, using the same role each time
  • Get a new list of all role assignments, checking these four new ones have been added
  • Then delete the four we added
  • Get a new list of all role assignments, checking the four have been removed
test_get_user()[source]

Call GET /users/{user_id}.

test_get_user_with_default_project()[source]

Call GET /users/{user_id} making sure of default_project_id.

test_list_domains()[source]

Call GET /domains.

test_list_domains_xml()[source]

Call GET /domains (xml data).

test_list_groups()[source]

Call GET /groups.

test_list_groups_for_user()[source]

Call GET /users/{user_id}/groups.

test_list_groups_xml()[source]

Call GET /groups (xml data).

test_list_projects()[source]

Call GET /projects.

test_list_projects_xml()[source]

Call GET /projects (xml data).

test_list_roles()[source]

Call GET /roles.

test_list_roles_xml()[source]

Call GET /roles (xml data).

test_list_users()[source]

Call GET /users.

test_list_users_in_group()[source]

Call GET /groups/{group_id}/users.

test_list_users_no_default_project()[source]

Call GET /users making sure no default_project_id.

test_list_users_xml()[source]

Call GET /users (xml data).

test_remove_user_from_group()[source]

Call DELETE /groups/{group_id}/users/{user_id}.

test_update_domain()[source]

Call PATCH /domains/{domain_id}.

test_update_group()[source]

Call PATCH /groups/{group_id}.

test_update_group_domain_id()[source]

Call PATCH /groups/{group_id} with domain_id.

test_update_project()[source]

Call PATCH /projects/{project_id}.

test_update_project_domain_id()[source]

Call PATCH /projects/{project_id} with domain_id.

test_update_role()[source]

Call PATCH /roles/{role_id}.

test_update_user()[source]

Call PATCH /users/{user_id}.

test_update_user_domain_id()[source]

Call PATCH /users/{user_id} with domain_id.

class keystone.tests.test_v3_identity.TestV3toV2Methods(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

Test V3 to V2 conversion methods.

setUp()[source]
test_v2controller_filter_domain_id()[source]
test_v3_to_v2_user_method()[source]
test_v3_to_v2_user_method_list()[source]
test_v3controller_filter_domain_id()[source]
class keystone.tests.test_v3_identity.UserSelfServiceChangingPasswordsTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

change_password(expected_status, **kwargs)[source]

Returns a test response for a change password request.

get_request_token(password, expected_status)[source]
setUp()[source]
test_changing_password()[source]
test_changing_password_with_disabled_user_fails()[source]
test_changing_password_with_incorrect_password_fails()[source]
test_changing_password_with_missing_original_password_fails()[source]
test_changing_password_with_missing_password_fails()[source]

keystone.tests.test_v3_oauth1 module

class keystone.tests.test_v3_oauth1.AccessTokenCRUDTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuthFlowTests

test_delete_access_token_dne()[source]
test_get_access_token_dne()[source]
test_get_role_in_access_token()[source]
test_get_role_in_access_token_dne()[source]
test_get_single_access_token()[source]
test_list_all_roles_in_access_token()[source]
test_list_and_delete_access_tokens()[source]
test_list_no_access_tokens()[source]
class keystone.tests.test_v3_oauth1.AuthTokenTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuthFlowTests

test_change_user_password_also_deletes_tokens()[source]
test_delete_access_token_also_revokes_token()[source]
test_delete_keystone_tokens_by_consumer_id()[source]
test_deleting_consumer_also_deletes_tokens()[source]
test_deleting_project_also_invalidates_tokens()[source]
test_keystone_token_is_valid()[source]
test_oauth_token_cannot_authorize_request_token()[source]
test_oauth_token_cannot_create_new_trust()[source]
test_oauth_token_cannot_list_request_tokens()[source]
test_token_chaining_is_not_allowed()[source]
test_trust_token_cannot_authorize_request_token()[source]
test_trust_token_cannot_list_request_tokens()[source]
class keystone.tests.test_v3_oauth1.ConsumerCRUDTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuth1Tests

test_consumer_create()[source]
test_consumer_create_no_description()[source]
test_consumer_create_none_desc_1()[source]
test_consumer_create_none_desc_2()[source]
test_consumer_create_normalize_field()[source]
test_consumer_delete()[source]
test_consumer_get()[source]
test_consumer_get_bad_id()[source]
test_consumer_list()[source]
test_consumer_update()[source]
test_consumer_update_bad_id()[source]
test_consumer_update_bad_secret()[source]
test_consumer_update_normalize_field()[source]
class keystone.tests.test_v3_oauth1.MaliciousOAuth1Tests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuth1Tests

test_bad_authorizing_roles()[source]
test_bad_consumer_secret()[source]
test_bad_request_token_key()[source]
test_bad_verifier()[source]
test_expired_authorizing_request_token()[source]
test_expired_creating_keystone_token()[source]
class keystone.tests.test_v3_oauth1.OAuth1Tests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

CONSUMER_URL = '/OS-OAUTH1/consumers'
EXTENSION_NAME = 'oauth1'
EXTENSION_TO_ADD = 'oauth1_extension'
setUp()[source]
setup_database()[source]
class keystone.tests.test_v3_oauth1.OAuthFlowTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3_oauth1.OAuth1Tests

test_oauth_flow()[source]

keystone.tests.test_v3_os_revoke module

class keystone.tests.test_v3_os_revoke.OSRevokeTests(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

EXTENSION_NAME = 'revoke'
EXTENSION_TO_ADD = 'revoke_extension'
assertReportedEventMatchesRecorded(event, sample, before_time)[source]
test_disabled_domain_in_list()[source]
test_disabled_project_in_list()[source]
test_get_empty_list()[source]
test_list_since_invalid()[source]
test_list_since_valid()[source]
test_revoked_token_in_list()[source]
test_since_future_time_no_events()[source]

keystone.tests.test_v3_policy module

class keystone.tests.test_v3_policy.PolicyTestCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test policy CRUD.

setUp()[source]
test_create_policy()[source]

Call POST /policies.

test_delete_policy()[source]

Call DELETE /policies/{policy_id}.

test_get_policy()[source]

Call GET /policies/{policy_id}.

test_list_policies()[source]

Call GET /policies.

test_list_policies_xml()[source]

Call GET /policies (xml data).

test_update_policy()[source]

Call PATCH /policies/{policy_id}.

keystone.tests.test_v3_protection module

class keystone.tests.test_v3_protection.IdentityTestProtectedCase(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test policy enforcement on the v3 Identity API.

load_sample_data()[source]
setUp()[source]

Setup for Identity Protection Test Cases.

As well as the usual housekeeping, create a set of domains, users, roles and projects for the subsequent tests:

  • Three domains: A,B & C. C is disabled.
  • DomainA has user1, DomainB has user2 and user3
  • DomainA has group1 and group2, DomainB has group3
  • User1 has two roles on DomainA
  • User2 has one role on DomainA

Remember that there will also be a fourth domain in existence, the default domain.

test_get_user_protected_match_id()[source]

GET /users/{id} (match payload)

Test Plan:

  • Update policy to protect api by user_id
  • List users with user_id of user1 as filter, to check that this will correctly match user_id in the flattened payload
test_get_user_protected_match_target()[source]

GET /users/{id} (match target)

Test Plan:

  • Update policy to protect api by domain_id
  • Try and read a user who is in DomainB with a token scoped to Domain A - this should fail
  • Retry this for a user who is in Domain A, which should succeed.
  • Finally, try getting a user that does not exist, which should still return UserNotFound
test_list_groups_protected_by_domain()[source]

GET /groups?domain_id=mydomain (protected)

Test Plan:

  • Update policy to protect api by domain_id
  • List groups using a token scoped to domainA and make sure we only get back the two groups that are in domainA
  • Try and read the groups from domainB - this should fail since we don’t have a token scoped for domainB
test_list_groups_protected_by_domain_and_filtered()[source]

GET /groups?domain_id=mydomain&name=myname (protected)

Test Plan:

  • Update policy to protect api by domain_id
  • List groups using a token scoped to domainA with a filter specifying both domainA and the name of group.
  • We should only get back the group in domainA that matches the name
test_list_users_filtered_by_domain()[source]

GET /users?domain_id=mydomain (filtered)

Test Plan:

  • Update policy so api is unprotected
  • Use an un-scoped token to make sure we can filter the users by domainB, getting back the 2 users in that domain
test_list_users_protected_by_domain()[source]

GET /users?domain_id=mydomain (protected)

Test Plan:

  • Update policy to protect api by domain_id
  • List groups using a token scoped to domainA with a filter specifying domainA - we should only get back the one user that is in domainA.
  • Try and read the users from domainB - this should fail since we don’t have a token scoped for domainB
test_list_users_unprotected()[source]

GET /users (unprotected)

Test Plan:

  • Update policy so api is unprotected
  • Use an un-scoped token to make sure we can get back all the users independent of domain
test_revoke_grant_protected_match_target()[source]

DELETE /domains/{id}/users/{id}/roles/{id} (match target)

Test Plan:

  • Update policy to protect api by domain_id of entities in the grant
  • Try and delete the existing grant that has a user who is from a different domain - this should fail.
  • Retry this for a user who is in Domain A, which should succeed.
class keystone.tests.test_v3_protection.IdentityTestv3CloudPolicySample(*args, **kwargs)[source]

Bases: keystone.tests.test_v3.RestfulTestCase

Test policy enforcement of the sample v3 cloud policy file.

load_sample_data()[source]
setUp()[source]

Setup for v3 Cloud Policy Sample Test Cases.

The following data is created:

  • Three domains: domainA, domainB and admin_domain
  • One project, which name is ‘project’
  • domainA has three users: domain_admin_user, project_admin_user and just_a_user:
    • domain_admin_user has role ‘admin’ on domainA,
    • project_admin_user has role ‘admin’ on the project,
    • just_a_user has a non-admin role on both domainA and the project.
  • admin_domain has user cloud_admin_user, with an ‘admin’ role on admin_domain.

We test various api protection rules from the cloud sample policy file to make sure the sample is valid and that we correctly enforce it.

test_cloud_admin()[source]
test_domain_grants()[source]
test_domain_grants_by_cloud_admin()[source]
test_project_grants()[source]
test_project_grants_by_domain_admin()[source]
test_project_management()[source]
test_user_management()[source]
test_user_management_by_cloud_admin()[source]

keystone.tests.test_versions module

class keystone.tests.test_versions.VersionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

config_overrides()[source]
setUp()[source]
test_admin_version_v2()[source]
test_admin_version_v3()[source]
test_admin_versions()[source]
test_public_version_v2()[source]
test_public_version_v3()[source]
test_public_versions()[source]
test_use_site_url_if_endpoint_unset()[source]
test_use_site_url_if_endpoint_unset_v2()[source]
test_use_site_url_if_endpoint_unset_v3()[source]
test_v2_disabled()[source]
test_v3_disabled()[source]
class keystone.tests.test_versions.XmlVersionTestCase(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

DOC_INTRO = '<?xml version="1.0" encoding="UTF-8"?>'
REQUEST_HEADERS = {'Accept': 'application/xml'}
VERSIONS_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<versions xmlns="http://docs.openstack.org/identity/api/v2.0">\n\n<version status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n\n<version status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n</version>\n\n</versions>\n'
XML_NAMESPACE_ATTR = 'xmlns="http://docs.openstack.org/identity/api/v2.0"'
XML_NAMESPACE_V3 = 'xmlns="http://docs.openstack.org/identity/api/v3"'
config_overrides()[source]
setUp()[source]
test_admin_version_v2()[source]
test_admin_version_v3()[source]
test_admin_versions()[source]
test_public_version_v2()[source]
test_public_version_v3()[source]
test_public_versions()[source]
test_use_site_url_if_endpoint_unset()[source]
test_v2_disabled()[source]
test_v3_disabled()[source]
v2_VERSION_DATA = '\n<version %(v2_namespace)s status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n </links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n</version>\n'
v2_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v2.0" status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n</version>\n'
v3_VERSION_DATA = '\n<version %(v3_namespace)s status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'
v3_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v3" status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'

keystone.tests.test_wsgi module

class keystone.tests.test_wsgi.ApplicationTest(*args, **kwargs)[source]

Bases: keystone.tests.test_wsgi.BaseWSGITest

test_application_local_config()[source]
test_headers_available()[source]
test_query_string_available()[source]
test_render_exception()[source]
test_render_exception_host()[source]
test_render_response()[source]
test_render_response_custom_headers()[source]
test_render_response_custom_status()[source]
test_render_response_head_with_body()[source]
test_render_response_no_body()[source]
test_response_content_type()[source]
class keystone.tests.test_wsgi.BaseWSGITest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
class keystone.tests.test_wsgi.ExtensionRouterTest(*args, **kwargs)[source]

Bases: keystone.tests.test_wsgi.BaseWSGITest

test_extensionrouter_local_config()[source]
class keystone.tests.test_wsgi.FakeApp(*args, **kwargs)[source]

Bases: keystone.common.wsgi.Application

index(context)[source]
class keystone.tests.test_wsgi.LocalizedResponseTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_dynamic_translated_string_is_Message()[source]
test_request_match_default()[source]
test_request_match_language_expected()[source]
test_request_match_language_unexpected()[source]
test_static_translated_string_is_Message()[source]
class keystone.tests.test_wsgi.MiddlewareTest(*args, **kwargs)[source]

Bases: keystone.tests.test_wsgi.BaseWSGITest

test_middleware_bad_request()[source]
test_middleware_exception_error()[source]
test_middleware_local_config()[source]
test_middleware_request()[source]
test_middleware_response()[source]
test_middleware_type_error()[source]
class keystone.tests.test_wsgi.ServerTest(*args, **kwargs)[source]

Bases: keystone.tests.core.TestCase

setUp()[source]
test_keepalive_and_keepidle_set(*args, **keywargs)[source]
test_keepalive_set(*args, **keywargs)[source]
test_keepalive_unset(*args, **keywargs)[source]

keystone.tests.utils module

Useful utilities for tests.

keystone.tests.utils.new_uuid()[source]

Return a string UUID.

Module contents

Table Of Contents

Previous topic

keystone.policy.backends package

Next topic

keystone.tests.ksfixtures package

This Page