keystone.tests package
Submodules
keystone.tests.core module
-
class keystone.tests.core.BaseTestCase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
Light weight base test class.
This is a placeholder that will eventually go away once thc
setup/teardown in TestCase is properly trimmed down to the bare
essentials. This is really just a play to speed up the tests by
eliminating unnecessary work.
-
cleanup_instance(*names)[source]
Create a function suitable for use with self.addCleanup.
Returns: | a callable that uses a closure to delete instance attributes |
-
class keystone.tests.core.NoModule[source]
Bases: object
A mixin class to provide support for unloading/disabling modules.
-
clear_module(module)[source]
-
disable_module(module)[source]
Ensure ImportError for the specified module.
-
setUp()[source]
-
class keystone.tests.core.SQLDriverOverrides[source]
Bases: object
A mixin for consolidating sql-specific test overrides.
-
config_overrides()[source]
-
class keystone.tests.core.TestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.BaseTestCase
-
add_path(path)[source]
-
assertCloseEnoughForGovernmentWork(a, b, delta=3)[source]
Asserts that two datetimes are nearly equal within a small delta.
Parameters: | delta – Maximum allowable time delta, defined in seconds. |
-
assertDictContainsSubset(expected, actual, msg=None)[source]
Checks whether actual is a superset of expected.
-
assertDictEqual(d1, d2, msg=None)[source]
-
assertNotEmpty(l)[source]
-
assertRaisesRegexp(expected_exception, expected_regexp, callable_obj, *args, **kwargs)[source]
Asserts that the message in a raised exception matches a regexp.
-
assertSetEqual(set1, set2, msg=None)[source]
-
clear_auth_plugin_registry()[source]
-
client(app, *args, **kw)[source]
-
config(config_files)[source]
-
config_files()[source]
-
config_overrides()[source]
-
ipv6_enabled[source]
-
load_backends()[source]
Initializes each manager and assigns them to an attribute.
-
load_fixtures(fixtures)[source]
Hacky basic and naive fixture loading based on a python module.
Expects that the various APIs into the various services are already
defined on self.
-
loadapp(config, name='main')[source]
-
setUp()[source]
-
skip_if_env_not_set(env_var)[source]
-
skip_if_no_ipv6()[source]
-
class keystone.tests.core.TestClient(app=None, token=None)[source]
Bases: object
-
get(path, headers=None)[source]
-
post(path, headers=None, body=None)[source]
-
put(path, headers=None, body=None)[source]
-
request(method, path, headers=None, body=None)[source]
-
exception keystone.tests.core.UnexpectedExit[source]
Bases: exceptions.Exception
-
keystone.tests.core.checkout_vendor(repo, rev)[source]
-
class keystone.tests.core.dirs[source]
-
static etc(*p)[source]
-
static root(*p)[source]
-
static tests(*p)[source]
-
static tests_conf(*p)[source]
-
static tmp(*p)[source]
-
keystone.tests.core.generate_paste_config(extension_name)[source]
-
keystone.tests.core.remove_generated_paste_config(extension_name)[source]
-
keystone.tests.core.remove_test_databases()[source]
-
keystone.tests.core.setup_database()[source]
-
keystone.tests.core.skip_if_cache_disabled(*sections)[source]
This decorator is used to skip a test if caching is disabled either
globally or for the specific section.
In the code fragment:
@skip_if_cache_is_disabled('assignment', 'token')
def test_method(*args):
...
The method test_method would be skipped if caching is disabled globally via
the enabled option in the cache section of the configuration or if
the caching option is set to false in either assignment or token
sections of the configuration. This decorator can be used with no
arguments to only check global caching.
If a specified configuration section does not define the caching option,
this decorator makes the same assumption as the should_cache_fn in
keystone.common.cache that caching should be enabled.
-
keystone.tests.core.teardown_database()[source]
keystone.tests.default_fixtures module
keystone.tests.fakeldap module
Fake LDAP server for test harness.
This class does very little error checking, and knows nothing about ldap
class definitions. It implements the minimum emulation of the python ldap
library to work with nova.
-
class keystone.tests.fakeldap.FakeLdap(url, *args, **kwargs)[source]
Bases: object
Fake LDAP connection.
-
add_s(dn, attrs)[source]
Add an object with the specified attributes at dn.
-
delete_ext_s(dn, serverctrls)[source]
Remove the ldap object at specified dn.
-
delete_s(dn)[source]
Remove the ldap object at specified dn.
-
modify_s(dn, attrs)[source]
Modify the object at dn using the attribute list.
Parameters: |
- dn – an LDAP DN
- attrs – a list of tuples in the following form:
([MOD_ADD | MOD_DELETE | MOD_REPACE], attribute, value)
|
-
search_s(dn, scope, query=None, fields=None)[source]
Search for all matching objects under dn using the query.
Args:
dn – dn to search under
scope – only SCOPE_BASE and SCOPE_SUBTREE are supported
query – query to filter objects by
fields – fields to return. Returns all fields if not specified
-
simple_bind_s(dn, password)[source]
This method is ignored, but provided for compatibility.
-
unbind_s()[source]
This method is ignored, but provided for compatibility.
-
class keystone.tests.fakeldap.FakeShelve[source]
Bases: dict
-
sync()[source]
keystone.tests.filtering module
-
class keystone.tests.filtering.FilterTests[source]
Bases: object
keystone.tests.mapping_fixtures module
Fixtures for Federation Mapping.
keystone.tests.matchers module
-
class keystone.tests.matchers.XMLEquals(expected)[source]
Bases: object
Parses two XML documents from strings and compares the results.
-
match(other)[source]
-
class keystone.tests.matchers.XMLMismatch(expected, other)[source]
Bases: testtools.matchers._impl.Mismatch
-
describe()[source]
keystone.tests.rest module
-
class keystone.tests.rest.RestfulTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Performs restful tests against the WSGI app over HTTP.
This class launches public & admin WSGI servers for every test, which can
be accessed by calling public_request() or admin_request(),
respectfully.
restful_request() and request() methods are also exposed if you
need to bypass restful conventions or access HTTP details in your test
implementation.
Three new asserts are provided:
- assertResponseSuccessful: called automatically for every request
unless an expected_status is provided
- assertResponseStatus: called instead of assertResponseSuccessful,
if an expected_status is provided
- assertValidResponseHeaders: validates that the response headers
appear as expected
Requests are automatically serialized according to the defined
content_type. Responses are automatically deserialized as well, and
available in the response.body attribute. The original body content is
available in the response.raw attribute.
-
admin_request(**kwargs)[source]
-
assertResponseStatus(response, expected_status)[source]
Asserts a specific status code on the response.
Parameters: |
- response – httplib.HTTPResponse
- expected_status – The specific status result expected
|
example:
self.assertResponseStatus(response, 203)
-
assertResponseSuccessful(response)[source]
Asserts that a status code lies inside the 2xx range.
Parameters: | response – httplib.HTTPResponse to be
verified to have a status code between 200 and 299. |
example:
self.assertResponseSuccessful(response, 203)
-
assertValidErrorResponse(response, expected_status=400)[source]
Verify that the error response is valid.
Subclasses can override this function based on the expected response.
Ensures that response headers appear as expected.
-
content_type = 'json'
-
get_scoped_token(tenant_id=None)[source]
Convenience method so that we can test authenticated requests.
-
get_unscoped_token()[source]
Convenience method so that we can test authenticated requests.
-
public_request(**kwargs)[source]
-
request(app, path, body=None, headers=None, token=None, expected_status=None, **kwargs)[source]
-
restful_request(method='GET', headers=None, body=None, content_type=None, **kwargs)[source]
Serializes/deserializes json/xml as request/response body.
Warning
- Existing Accept header will be overwritten.
- Existing Content-Type header will be overwritten.
-
setUp(app_conf='keystone')[source]
keystone.tests.test_associate_project_endpoint_extension module
-
class keystone.tests.test_associate_project_endpoint_extension.AssociateEndpointProjectFilterCRUDTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase
Test OS-EP-FILTER endpoint to project associations extension.
-
test_check_endpoint_project_assoc()[source]
HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Valid project and endpoint id test case.
-
test_check_endpoint_project_assoc_noendp()[source]
HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid endpoint id test case.
-
test_check_endpoint_project_assoc_noproj()[source]
HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid project id test case.
-
test_create_endpoint_project_assoc()[source]
PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Valid endpoint and project id test case.
-
test_create_endpoint_project_assoc_noendp()[source]
PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid endpoint id test case.
-
test_create_endpoint_project_assoc_noproj()[source]
PUT OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid project id test case.
-
test_create_endpoint_project_assoc_unexpected_body()[source]
PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Unexpected body in request. The body should be ignored.
-
test_get_endpoint_project_assoc()[source]
GET /OS-EP-FILTER/projects/{project_id}/endpoints success.
-
test_get_endpoint_project_assoc_noproj()[source]
GET /OS-EP-FILTER/projects/{project_id}/endpoints no project.
-
test_list_projects_for_endpoint_assoc()[source]
GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects success
Associate default project and endpoint, then get it.
-
test_list_projects_for_endpoint_default()[source]
GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects success
Don’t associate project and endpoint, then get empty list.
-
test_list_projects_for_endpoint_noendpoint()[source]
GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects
Invalid endpoint id test case.
-
test_remove_endpoint_project_assoc()[source]
DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Valid project id and endpoint id test case.
-
test_remove_endpoint_project_assoc_noendp()[source]
DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid endpoint id test case.
-
test_remove_endpoint_project_assoc_noproj()[source]
DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Invalid project id test case.
-
class keystone.tests.test_associate_project_endpoint_extension.AssociateProjectEndpointFilterTokenRequestTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase
Test OS-EP-FILTER catalog filtering extension.
-
test_default_project_id_scoped_token_ep_filter_full_catalog()[source]
-
test_default_project_id_scoped_token_ep_filter_no_catalog()[source]
-
test_default_project_id_scoped_token_with_user_id_ep_filter()[source]
-
test_disabled_endpoint()[source]
The catalog contains only enabled endpoints.
-
test_implicit_project_id_scoped_token_ep_filter_full_catalog()[source]
-
test_implicit_project_id_scoped_token_ep_filter_no_catalog()[source]
-
test_implicit_project_id_scoped_token_handling_bad_reference()[source]
-
test_implicit_project_id_scoped_token_with_user_id_ep_filter()[source]
-
class keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
EXTENSION_NAME = 'endpoint_filter'
-
EXTENSION_TO_ADD = 'endpoint_filter_extension'
-
config_overrides()[source]
-
setUp()[source]
-
setup_database()[source]
keystone.tests.test_auth module
-
class keystone.tests.test_auth.AuthBadRequests(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
setUp()[source]
-
test_authenticate_blank_auth()[source]
Verify sending blank ‘auth’ raises the right exception.
-
test_authenticate_blank_request_body()[source]
Verify sending empty json dict raises the right exception.
-
test_authenticate_invalid_auth_content()[source]
Verify sending invalid ‘auth’ raises the right exception.
-
test_authenticate_password_too_large()[source]
Verify sending large ‘password’ raises the right exception.
-
test_authenticate_tenant_id_too_large()[source]
Verify sending large ‘tenantId’ raises the right exception.
-
test_authenticate_tenant_name_too_large()[source]
Verify sending large ‘tenantName’ raises the right exception.
-
test_authenticate_token_too_large()[source]
Verify sending large ‘token’ raises the right exception.
-
test_authenticate_user_id_too_large()[source]
Verify sending large ‘userId’ raises the right exception.
-
test_authenticate_username_too_large()[source]
Verify sending large ‘username’ raises the right exception.
-
test_no_credentials_in_auth()[source]
Verify that _authenticate_local() raises exception if no creds.
-
test_no_external_auth()[source]
Verify that _authenticate_external() raises exception if N/A.
-
test_no_token_in_auth()[source]
Verify that _authenticate_token() raises exception if no token.
-
class keystone.tests.test_auth.AuthCatalog(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.test_auth.AuthTest
Tests for the catalog provided in the auth response.
-
config_files()[source]
-
test_auth_catalog_disabled_endpoint()[source]
On authenticate, get a catalog that excludes disabled endpoints.
-
test_validate_catalog_disabled_endpoint()[source]
On validate, get back a catalog that excludes disabled endpoints.
-
class keystone.tests.test_auth.AuthTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
assertEqualTokens(a, b)[source]
Assert that two tokens are equal.
Compare two tokens except for their ids. This also truncates
the time in the comparison.
-
setUp()[source]
-
class keystone.tests.test_auth.AuthWithPasswordCredentials(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
setUp()[source]
-
test_auth_empty_password()[source]
Verify exception is raised if empty password.
-
test_auth_invalid_user()[source]
Verify exception is raised if invalid user.
-
test_auth_no_password()[source]
Verify exception is raised if empty password.
-
test_auth_valid_user_invalid_password()[source]
Verify exception is raised if invalid password.
-
test_authenticate_blank_password_credentials()[source]
Sending empty dict as passwordCredentials raises a 400 error.
-
test_authenticate_no_username()[source]
Verify skipping username raises the right exception.
-
test_bind_without_remote_user()[source]
-
test_change_default_domain_id()[source]
-
class keystone.tests.test_auth.AuthWithRemoteUser(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
setUp()[source]
-
test_bind_with_kerberos()[source]
-
test_bind_without_config_opt()[source]
-
test_scoped_nometa_remote_authn()[source]
Verify getting a token with external authn and no metadata.
-
test_scoped_remote_authn()[source]
Verify getting a token with external authn.
-
test_scoped_remote_authn_invalid_user()[source]
Verify that external auth with invalid user fails.
-
test_unscoped_remote_authn()[source]
Verify getting an unscoped token with external authn.
-
test_unscoped_remote_authn_jsonless()[source]
Verify that external auth with invalid request fails.
-
class keystone.tests.test_auth.AuthWithToken(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
setUp()[source]
-
test_auth_bad_formatted_token()[source]
Verify exception is raised if invalid token.
-
test_auth_invalid_token()[source]
Verify exception is raised if invalid token.
-
test_auth_token_cross_domain_group_and_project()[source]
Verify getting a token in cross domain group/project roles.
-
test_auth_token_project_group_role()[source]
Verify getting a token in a tenant with group roles.
-
test_auth_unscoped_token_no_project()[source]
Verify getting an unscoped token with an unscoped token.
-
test_auth_unscoped_token_project()[source]
Verify getting a token in a tenant with an unscoped token.
-
test_belongs_to()[source]
-
test_belongs_to_no_tenant()[source]
-
test_deleting_role_revokes_token()[source]
-
test_token_auth_with_binding()[source]
-
test_unscoped_token()[source]
Verify getting an unscoped token with password creds.
-
class keystone.tests.test_auth.AuthWithTrust(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
assert_token_count_for_trust(expected_value)[source]
-
build_v2_token_request(username, password, tenant_id=None)[source]
-
config_overrides()[source]
-
create_trust(expires_at=None, impersonation=True)[source]
-
fetch_v2_token_from_trust()[source]
-
fetch_v3_token_from_trust()[source]
-
setUp()[source]
-
test_create_trust()[source]
-
test_create_trust_bad_data_fails()[source]
-
test_create_trust_expires_bad()[source]
-
test_create_trust_impersonation()[source]
-
test_create_trust_no_impersonation()[source]
-
test_create_trust_no_roles()[source]
-
test_create_v3_token_from_trust()[source]
-
test_delete_tokens_for_user_invalidates_tokens_from_trust()[source]
-
test_delete_trust_revokes_token()[source]
-
test_expired_trust_get_token_fails()[source]
-
test_get_trust()[source]
-
test_token_from_trust()[source]
-
test_token_from_trust_cant_get_another_token()[source]
-
test_token_from_trust_with_no_role_fails()[source]
-
test_token_from_trust_with_wrong_role_fails()[source]
-
test_token_from_trust_wrong_project_fails()[source]
-
test_token_from_trust_wrong_user_fails()[source]
-
test_v3_trust_token_get_token_fails()[source]
-
class keystone.tests.test_auth.NonDefaultAuthTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_add_non_default_auth_method()[source]
-
class keystone.tests.test_auth.TokenExpirationTest(*args, **kwargs)[source]
Bases: keystone.tests.test_auth.AuthTest
-
test_maintain_uuid_token_expiration()[source]
keystone.tests.test_backend module
-
class keystone.tests.test_backend.CatalogTests[source]
Bases: object
-
test_create_endpoint()[source]
-
test_create_endpoint_404()[source]
-
test_create_region_invalid_parent_region_404()[source]
-
test_create_region_with_duplicate_id()[source]
-
test_delete_endpoint_404()[source]
-
test_delete_region_404()[source]
-
test_delete_service_404()[source]
-
test_delete_service_with_endpoint()[source]
-
test_get_catalog_endpoint_disabled()[source]
Get back only enabled endpoints when get the v2 catalog.
-
test_get_endpoint_404()[source]
-
test_get_region_404()[source]
-
test_get_service_404()[source]
-
test_get_v3_catalog_endpoint_disabled()[source]
Get back only enabled endpoints when get the v3 catalog.
-
test_region_crud()[source]
-
test_service_crud()[source]
-
class keystone.tests.test_backend.FilterTests[source]
Bases: keystone.tests.filtering.FilterTests
-
test_filter_sql_injection_attack()[source]
Test against sql injection attack on filters
Test Plan:
- Attempt to get all entities back by passing a two-term attribute
- Attempt to piggyback filter to damage DB (e.g. drop table)
-
test_list_users_filtered()[source]
-
test_list_users_inexact_filtered()[source]
-
class keystone.tests.test_backend.IdentityTests[source]
Bases: object
-
create_user_dict(**attributes)[source]
-
test_add_duplicate_role_grant()[source]
-
test_add_role_to_user_and_project_404()[source]
-
test_add_role_to_user_and_project_no_user()[source]
-
test_add_user_to_group()[source]
-
test_add_user_to_group_404()[source]
-
test_add_user_to_project()[source]
-
test_add_user_to_project_404()[source]
-
test_add_user_to_project_missing_default_role()[source]
-
test_add_user_to_project_no_user()[source]
-
test_arbitrary_attributes_are_returned_from_create_user()[source]
-
test_arbitrary_attributes_are_returned_from_get_user()[source]
-
test_attribute_update()[source]
-
test_authenticate()[source]
-
test_authenticate_and_get_roles_no_metadata()[source]
-
test_authenticate_bad_password()[source]
-
test_authenticate_bad_user()[source]
-
test_authenticate_if_no_password_set()[source]
-
test_cache_layer_domain_crud(*args, **kwargs)[source]
-
test_cache_layer_project_crud(*args, **kwargs)[source]
-
test_cache_layer_role_crud(*args, **kwargs)[source]
-
test_check_user_in_group()[source]
-
test_check_user_not_in_group()[source]
-
test_create_domain_case_sensitivity()[source]
-
test_create_duplicate_group_name_fails()[source]
-
test_create_duplicate_group_name_in_different_domains()[source]
-
test_create_duplicate_project_id_fails()[source]
-
test_create_duplicate_project_name_fails()[source]
-
test_create_duplicate_project_name_in_different_domains()[source]
-
test_create_duplicate_role_name_fails()[source]
-
test_create_duplicate_user_id_fails()[source]
-
test_create_duplicate_user_name_fails()[source]
-
test_create_duplicate_user_name_in_different_domains()[source]
-
test_create_grant_no_group()[source]
-
test_create_grant_no_user()[source]
-
test_create_invalid_domain_fails()[source]
-
test_create_project_blank_name_fails()[source]
-
test_create_project_case_sensitivity()[source]
-
test_create_project_doesnt_modify_passed_in_dict()[source]
-
test_create_project_invalid_enabled_type_string()[source]
-
test_create_project_invalid_name_fails()[source]
-
test_create_project_long_name_fails()[source]
-
test_create_project_with_no_enabled_field()[source]
-
test_create_unicode_user_name()[source]
-
test_create_update_delete_unicode_project()[source]
-
test_create_user_blank_name_fails()[source]
-
test_create_user_case_sensitivity()[source]
-
test_create_user_doesnt_modify_passed_in_dict()[source]
-
test_create_user_invalid_enabled_type_string()[source]
-
test_create_user_invalid_name_fails()[source]
-
test_create_user_long_name_fails()[source]
-
test_create_user_missed_password()[source]
-
test_create_user_none_password()[source]
-
test_delete_domain_with_user_group_project_links()[source]
-
test_delete_group_grant_no_group()[source]
-
test_delete_group_with_user_project_domain_links()[source]
-
test_delete_project_404()[source]
-
test_delete_project_with_role_assignments()[source]
-
test_delete_role_404()[source]
-
test_delete_role_check_role_grant()[source]
-
test_delete_role_with_user_and_group_grants()[source]
-
test_delete_user_404()[source]
-
test_delete_user_grant_no_user()[source]
-
test_delete_user_with_group_project_domain_links()[source]
-
test_delete_user_with_project_association()[source]
-
test_delete_user_with_project_roles()[source]
-
test_domain_crud()[source]
-
test_domain_rename_invalidates_get_domain_by_name_cache(*args, **kwargs)[source]
-
test_get_and_remove_correct_role_grant_from_a_mix()[source]
-
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_project()[source]
-
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_user_and_domain()[source]
-
test_get_default_domain_by_name()[source]
-
test_get_not_default_domain_by_name()[source]
-
test_get_project()[source]
-
test_get_project_404()[source]
-
test_get_project_by_name()[source]
-
test_get_project_by_name_404()[source]
-
test_get_project_user_ids_404()[source]
-
test_get_role()[source]
-
test_get_role_404()[source]
-
test_get_role_by_user_and_project()[source]
-
test_get_role_by_user_and_project_with_user_in_group()[source]
Test for get role by user and project, user was added into a group.
Test Plan:
- Create a user, a project & a group, add this user to group
- Create roles and grant them to user and project
- Check the role list get by the user and project was as expected
-
test_get_role_grant_by_user_and_project()[source]
-
test_get_roles_for_user_and_domain()[source]
Test for getting roles for user on a domain.
Test Plan:
- Create a domain, with 2 users
- Check no roles yet exit
- Give user1 two roles on the domain, user2 one role
- Get roles on user1 and the domain - maybe sure we only
get back the 2 roles on user1
- Delete both roles from user1
- Check we get no roles back for user1 on domain
-
test_get_roles_for_user_and_domain_404()[source]
Test errors raised when getting roles for user on a domain.
Test Plan:
- Check non-existing user gives UserNotFound
- Check non-existing domain gives DomainNotFound
-
test_get_roles_for_user_and_project_404()[source]
-
test_get_roles_for_user_and_project_user_group_same_id()[source]
When a user has the same ID as a group,
get_roles_for_user_and_project returns only the roles for the user and
not the group.
-
test_get_user()[source]
-
test_get_user_404()[source]
-
test_get_user_by_name()[source]
-
test_get_user_by_name_404()[source]
-
test_group_crud()[source]
-
test_list_domains()[source]
-
test_list_groups()[source]
-
test_list_groups_for_user()[source]
-
test_list_projects()[source]
-
test_list_projects_for_alternate_domain()[source]
-
test_list_projects_for_domain()[source]
-
test_list_projects_for_user()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_list_role_assignments_bad_role()[source]
-
test_list_role_assignments_unfiltered()[source]
Test for unfiltered listing role assignments.
Test Plan:
- Create a domain, with a user, group & project
- Find how many role assignments already exist (from default
fixtures)
- Create a grant of each type (user/group on project/domain)
- Check the number of assignments has gone up by 4 and that
the entries we added are in the list returned
- Check that if we list assignments by role_id, then we get back
assignments that only contain that role.
-
test_list_roles()[source]
-
test_list_user_ids_for_project()[source]
-
test_list_user_ids_for_project_no_duplicates()[source]
-
test_list_user_project_ids_404()[source]
-
test_list_users()[source]
-
test_list_users_in_group()[source]
-
test_move_group_between_domains()[source]
-
test_move_group_between_domains_with_clashing_names_fails()[source]
-
test_move_project_between_domains()[source]
-
test_move_project_between_domains_with_clashing_names_fails()[source]
-
test_move_user_between_domains()[source]
-
test_move_user_between_domains_with_clashing_names_fails()[source]
-
test_multi_group_grants_on_project_domain()[source]
Test multiple group roles for user on project and domain.
Test Plan:
- Create 6 roles
- Create a domain, with a project, user and two groups
- Make the user a member of both groups
- Check no roles yet exit
- Assign a role to each user and both groups on both the
project and domain
- Get a list of effective roles for the user on both the
project and domain, checking we get back the correct three
roles
-
test_multi_role_grant_by_user_group_on_project_domain()[source]
-
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_password_hashed()[source]
-
test_project_add_and_remove_user_role()[source]
-
test_project_crud()[source]
-
test_project_rename_invalidates_get_project_by_name_cache(*args, **kwargs)[source]
-
test_project_update_missing_attrs_with_a_falsey_value()[source]
-
test_project_update_missing_attrs_with_a_value()[source]
-
test_remove_role_from_user_and_project()[source]
-
test_remove_role_grant_from_user_and_project()[source]
-
test_remove_user_from_group()[source]
-
test_remove_user_from_group_404()[source]
-
test_remove_user_from_project()[source]
-
test_remove_user_from_project_404()[source]
-
test_remove_user_from_project_race_delete_role()[source]
-
test_remove_user_role_not_assigned()[source]
-
test_rename_duplicate_project_name_fails()[source]
-
test_rename_duplicate_role_name_fails()[source]
-
test_rename_duplicate_user_name_fails()[source]
-
test_role_crud()[source]
-
test_role_grant_by_group_and_cross_domain_project()[source]
-
test_role_grant_by_user_and_cross_domain_project()[source]
-
test_update_project_404()[source]
-
test_update_project_blank_name_fails()[source]
-
test_update_project_enable()[source]
-
test_update_project_id_does_nothing()[source]
-
test_update_project_invalid_enabled_type_string()[source]
-
test_update_project_invalid_name_fails()[source]
-
test_update_project_long_name_fails()[source]
-
test_update_role_404()[source]
-
test_update_user_404()[source]
-
test_update_user_blank_name_fails()[source]
-
test_update_user_enable()[source]
-
test_update_user_enable_fails()[source]
-
test_update_user_id_fails()[source]
-
test_update_user_invalid_name_fails()[source]
-
test_update_user_long_name_fails()[source]
-
test_update_user_name()[source]
-
test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_user_crud()[source]
-
class keystone.tests.test_backend.InheritanceTests[source]
Bases: object
-
test_inherited_role_grants_for_group()[source]
Test inherited group roles.
Test Plan:
- Enable OS-INHERIT extension
- Create 4 roles
- Create a domain, with a project, user and two groups
- Make the user a member of both groups
- Check no roles yet exit
- Assign a direct user role to the project and a (non-inherited)
group role on the domain
- Get a list of effective roles - should only get the one direct role
- Now add two inherited group roles to the domain
- Get a list of effective roles - should have three roles, one
direct and two by virtue of inherited group roles
-
test_inherited_role_grants_for_user()[source]
Test inherited user roles.
Test Plan:
- Enable OS-INHERIT extension
- Create 3 roles
- Create a domain, with a project and a user
- Check no roles yet exit
- Assign a direct user role to the project and a (non-inherited)
user role to the domain
- Get a list of effective roles - should only get the one direct role
- Now add an inherited user role to the domain
- Get a list of effective roles - should have two roles, one
direct and one by virtue of the inherited user role
- Also get effective roles for the domain - the role marked as
inherited should not show up
-
test_list_projects_for_user_with_inherited_grants()[source]
Test inherited group roles.
Test Plan:
- Enable OS-INHERIT extension
- Create a domain, with two projects and a user
- Assign an inherited user role on the domain, as well as a direct
user role to a separate project in a different domain
- Get a list of projects for user, should return all three projects
-
test_list_projects_for_user_with_inherited_group_grants()[source]
Test inherited group roles.
Test Plan:
- Enable OS-INHERIT extension
- Create two domains, each with two projects
- Create a user and group
- Make the user a member of the group
- Assign a user role two projects, an inherited
group role to one domain and an inherited regular role on
the other domain
- Get a list of projects for user, should return both pairs of projects
from the domain, plus the one separate project
-
class keystone.tests.test_backend.LimitTests[source]
Bases: keystone.tests.filtering.FilterTests
-
ENTITIES = ['user', 'group', 'project']
-
clean_up_domain()[source]
Clean up domain test data from Limit Test Cases.
-
clean_up_entities()[source]
Clean up entity test data from Limit Test Cases.
-
setUp()[source]
Setup for Limit Test Cases.
-
test_list_groups_filtered_and_limited()[source]
-
test_list_projects_filtered_and_limited()[source]
-
test_list_users_filtered_and_limited()[source]
-
class keystone.tests.test_backend.PolicyTests[source]
Bases: object
-
assertEqualPolicies(a, b)[source]
-
test_create()[source]
-
test_delete()[source]
-
test_delete_policy_404()[source]
-
test_get()[source]
-
test_get_policy_404()[source]
-
test_list()[source]
-
test_update()[source]
-
test_update_policy_404()[source]
-
class keystone.tests.test_backend.TokenCacheInvalidation[source]
Bases: object
-
test_delete_scoped_token_by_id()[source]
-
test_delete_scoped_token_by_user()[source]
-
test_delete_scoped_token_by_user_and_tenant()[source]
-
test_delete_unscoped_token()[source]
-
class keystone.tests.test_backend.TokenTests[source]
Bases: object
-
check_list_revoked_tokens(token_ids)[source]
-
create_token_sample_data(token_id=None, tenant_id=None, trust_id=None, user_id=None, expires=None)[source]
-
delete_token()[source]
-
test_create_unicode_token_id()[source]
-
test_create_unicode_user_id()[source]
-
test_delete_token_404()[source]
-
test_delete_tokens()[source]
-
test_delete_tokens_trust()[source]
-
test_expired_token()[source]
-
test_flush_expired_token()[source]
-
test_get_token_404()[source]
-
test_list_revoked_tokens_for_multiple_tokens()[source]
-
test_list_revoked_tokens_for_single_token()[source]
-
test_list_revoked_tokens_returns_empty_list()[source]
-
test_list_tokens_unicode_user_id()[source]
-
test_null_expires_token()[source]
-
test_predictable_revoked_pki_token_id()[source]
-
test_predictable_revoked_uuid_token_id()[source]
-
test_revocation_list_cache(*args, **kwargs)[source]
-
test_token_crud()[source]
-
test_token_expire_timezone()[source]
-
test_token_list()[source]
-
test_token_list_deprecated_public_interface()[source]
-
test_token_list_trust()[source]
-
class keystone.tests.test_backend.TrustTests[source]
Bases: object
-
create_sample_trust(new_id, remaining_uses=None)[source]
-
test_consume_use()[source]
-
test_create_trust()[source]
-
test_delete_trust()[source]
-
test_delete_trust_not_found()[source]
-
test_get_trust()[source]
-
test_list_trust_by_trustee()[source]
-
test_list_trust_by_trustor()[source]
-
test_list_trusts()[source]
-
test_trust_has_remaining_uses_negative()[source]
-
test_trust_has_remaining_uses_positive()[source]
keystone.tests.test_backend_kvs module
-
class keystone.tests.test_backend_kvs.KvsCatalog(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests
-
config_overrides()[source]
-
setUp()[source]
-
test_get_catalog()[source]
-
test_get_catalog_404()[source]
-
test_get_catalog_endpoint_disabled()[source]
-
test_get_v3_catalog_endpoint_disabled()[source]
-
class keystone.tests.test_backend_kvs.KvsIdentity(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.IdentityTests
-
config_overrides()[source]
-
setUp()[source]
-
test_create_duplicate_group_name_in_different_domains()[source]
-
test_create_duplicate_project_name_in_different_domains()[source]
-
test_create_duplicate_user_name_in_different_domains()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_move_group_between_domains()[source]
-
test_move_group_between_domains_with_clashing_names_fails()[source]
-
test_move_project_between_domains()[source]
-
test_move_project_between_domains_with_clashing_names_fails()[source]
-
test_move_user_between_domains()[source]
-
test_move_user_between_domains_with_clashing_names_fails()[source]
-
class keystone.tests.test_backend_kvs.KvsToken(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenTests
-
config_overrides()[source]
-
setUp()[source]
-
test_cleanup_user_index_on_create()[source]
-
test_flush_expired_token()[source]
-
class keystone.tests.test_backend_kvs.KvsTokenCacheInvalidation(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenCacheInvalidation
-
config_overrides()[source]
-
setUp()[source]
-
class keystone.tests.test_backend_kvs.KvsTrust(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TrustTests
-
config_overrides()[source]
-
setUp()[source]
keystone.tests.test_backend_ldap module
-
class keystone.tests.test_backend_ldap.BaseLDAPIdentity[source]
Bases: keystone.tests.test_backend.IdentityTests
-
clear_database()[source]
-
config_files()[source]
-
config_overrides()[source]
-
get_config(domain_id)[source]
-
reload_backends(domain_id)[source]
-
test_arbitrary_attributes_are_returned_from_create_user()[source]
-
test_arbitrary_attributes_are_returned_from_get_user()[source]
-
test_authenticate_requires_simple_bind()[source]
-
test_build_tree()[source]
Regression test for building the tree names
-
test_configurable_allowed_user_actions()[source]
-
test_configurable_forbidden_create_existing_user()[source]
-
test_configurable_forbidden_user_actions()[source]
-
test_create_duplicate_group_name_in_different_domains()[source]
-
test_create_duplicate_project_name_in_different_domains()[source]
-
test_create_duplicate_user_name_in_different_domains()[source]
-
test_create_user_none_mapping()[source]
-
test_delete_group_grant_no_group()[source]
-
test_delete_group_with_user_project_domain_links()[source]
-
test_delete_role_with_user_and_group_grants()[source]
-
test_delete_user_grant_no_user()[source]
-
test_delete_user_with_group_project_domain_links()[source]
-
test_get_and_remove_correct_role_grant_from_a_mix()[source]
-
test_get_and_remove_role_grant_by_group_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_domain()[source]
-
test_get_and_remove_role_grant_by_group_and_project()[source]
-
test_get_and_remove_role_grant_by_user_and_cross_domain()[source]
-
test_get_and_remove_role_grant_by_user_and_domain()[source]
-
test_get_roles_for_user_and_domain()[source]
-
test_group_crud()[source]
-
test_list_domains()[source]
-
test_list_domains_non_default_domain_id()[source]
-
test_list_group_members_missing_entry()[source]
List group members with deleted user.
If a group has a deleted entry for a member, the non-deleted members
are returned.
-
test_list_group_members_when_no_members()[source]
-
test_list_projects_for_user()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_list_role_assignments_bad_role()[source]
-
test_list_role_assignments_dumb_member()[source]
-
test_list_role_assignments_unfiltered()[source]
-
test_move_group_between_domains()[source]
-
test_move_group_between_domains_with_clashing_names_fails()[source]
-
test_move_project_between_domains()[source]
-
test_move_project_between_domains_with_clashing_names_fails()[source]
-
test_move_user_between_domains()[source]
-
test_move_user_between_domains_with_clashing_names_fails()[source]
-
test_multi_group_grants_on_project_domain()[source]
-
test_multi_role_grant_by_user_group_on_project_domain()[source]
-
test_new_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_remove_role_grant_from_user_and_project()[source]
-
test_role_grant_by_group_and_cross_domain_project()[source]
-
test_role_grant_by_user_and_cross_domain_project()[source]
-
test_unignored_user_none_mapping()[source]
-
test_update_user_name()[source]
A user’s name cannot be changed through the LDAP driver.
-
test_updated_arbitrary_attributes_are_returned_from_update_user()[source]
-
test_user_filter()[source]
-
test_user_id_comma_grants()[source]
Even if the user has a , in their ID, can get user and group grants.
-
test_utf8_conversion()[source]
-
class keystone.tests.test_backend_ldap.LDAPIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.TestCase
-
setUp()[source]
-
test_binary_attribute_values()[source]
-
test_cache_layer_domain_crud()[source]
-
test_cache_layer_project_crud(*args, **kwargs)[source]
-
test_chase_referrals_off()[source]
-
test_chase_referrals_on()[source]
-
test_configurable_allowed_project_actions()[source]
-
test_configurable_allowed_role_actions()[source]
-
test_configurable_forbidden_project_actions()[source]
-
test_configurable_forbidden_role_actions()[source]
-
test_configurable_subtree_delete()[source]
-
test_create_domain_case_sensitivity()[source]
-
test_create_grant_no_group()[source]
-
test_create_grant_no_user()[source]
-
test_domain_crud()[source]
-
test_domain_rename_invalidates_get_domain_by_name_cache()[source]
-
test_dumb_member()[source]
-
test_get_default_domain_by_name()[source]
-
test_list_projects_for_alternate_domain()[source]
-
test_multi_role_grant_by_user_group_on_project_domain()[source]
-
test_project_attribute_ignore()[source]
-
test_project_attribute_mapping()[source]
-
test_project_crud()[source]
-
test_project_filter()[source]
-
test_project_rename_invalidates_get_project_by_name_cache()[source]
-
test_role_attribute_ignore()[source]
-
test_role_attribute_mapping()[source]
-
test_role_filter()[source]
-
test_user_api_get_connection_no_user_password()[source]
Don’t bind in case the user and password are blank.
-
test_user_enable_attribute_mask()[source]
-
test_user_mixed_case_attribute(*args, **keywargs)[source]
-
test_wrong_alias_dereferencing()[source]
-
test_wrong_ldap_scope()[source]
-
class keystone.tests.test_backend_ldap.LDAPIdentityEnabledEmulation(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.LDAPIdentity
-
config_files()[source]
-
config_overrides()[source]
-
setUp()[source]
-
test_project_crud()[source]
-
test_user_crud()[source]
-
test_user_enable_attribute_mask()[source]
-
class keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase
-
config_files()[source]
-
config_overrides()[source]
-
setUp()[source]
-
test_add_role_grant_to_user_and_project_404()[source]
-
test_domain_crud()[source]
-
test_get_role_grants_for_user_and_project_404()[source]
-
test_list_domains()[source]
-
test_list_domains_non_default_domain_id()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_project_filter()[source]
-
test_role_filter()[source]
-
class keystone.tests.test_backend_ldap.MultiLDAPandSQLIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase
Class to test common SQL plus individual LDAP backends.
We define a set of domains and domain-specific backends:
- A separate LDAP backend for the default domain
- A separate LDAP backend for domain1
- domain2 shares the same LDAP as domain1, but uses a different
tree attach point
- An SQL backend for all other domains (which will include domain3
and domain4)
Normally one would expect that the default domain would be handled as
part of the “other domains” - however the above provides better
test coverage since most of the existing backend tests use the default
domain.
-
config_overrides()[source]
-
get_config(domain_id)[source]
-
reload_backends(domain_id)[source]
-
setUp()[source]
-
test_add_role_grant_to_user_and_project_404()[source]
-
test_domain_segregation()[source]
Test that separate configs have segregated the domain.
Test Plan:
- Create a user in each of the domains
- Make sure that you can only find a given user in its
relevant domain
- Make sure that for a backend that supports multiple domains
you can get the users via any of the domain scopes
-
test_get_role_grants_for_user_and_project_404()[source]
-
test_list_domains()[source]
-
test_list_domains_non_default_domain_id()[source]
-
test_list_projects_for_user_with_grants()[source]
-
test_scanning_of_config_dir()[source]
Test the Manager class scans the config directory.
The setup for the main tests above load the domain configs directly
so that the test overrides can be included. This test just makes sure
that the standard config directory scanning does pick up the relevant
domain config files.
keystone.tests.test_backend_sql module
-
class keystone.tests.test_backend_sql.FakeTable(*args, **kwargs)[source]
Bases: sqlalchemy.ext.declarative.api.Base
-
col
-
insert(*args, **kwargs)[source]
-
lookup(*args, **kwargs)[source]
-
update(*args, **kwargs)[source]
-
class keystone.tests.test_backend_sql.SqlCatalog(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.CatalogTests
-
test_catalog_ignored_malformed_urls()[source]
-
test_create_endpoint_400()[source]
-
test_get_catalog_with_empty_public_url()[source]
-
class keystone.tests.test_backend_sql.SqlDecorators(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_conflict_happend()[source]
-
test_initialization()[source]
-
test_initialization_fail()[source]
-
test_non_ascii_init()[source]
-
test_not_conflict_error()[source]
-
class keystone.tests.test_backend_sql.SqlFilterTests(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.FilterTests
-
class keystone.tests.test_backend_sql.SqlIdentity(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.IdentityTests
-
test_create_null_project_name()[source]
-
test_create_null_role_name()[source]
-
test_create_null_user_name()[source]
-
test_delete_project_with_user_association()[source]
-
test_delete_user_with_project_association()[source]
-
test_metadata_removed_on_delete_project()[source]
-
test_metadata_removed_on_delete_user()[source]
-
test_password_hashed()[source]
-
test_sql_user_to_dict_null_default_project_id()[source]
This tests for backwards-compatibility with an essex/folsom bug.
Non-indexed attributes were returned in an ‘extra’ attribute, instead
of on the entity itself; for consistency and backwards compatibility,
those attributes should be included twice.
This behavior is specific to the SQL driver.
This tests for backwards-compatibility with an essex/folsom bug.
Non-indexed attributes were returned in an ‘extra’ attribute, instead
of on the entity itself; for consistency and backwards compatibility,
those attributes should be included twice.
This behavior is specific to the SQL driver.
-
class keystone.tests.test_backend_sql.SqlInheritance(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.InheritanceTests
-
class keystone.tests.test_backend_sql.SqlLimitTests(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.LimitTests
-
setUp()[source]
-
class keystone.tests.test_backend_sql.SqlModels(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests
-
assertExpectedSchema(table, cols)[source]
-
select_table(name)[source]
-
setUp()[source]
-
test_domain_model()[source]
-
test_group_model()[source]
-
test_project_model()[source]
-
test_role_assignment_model()[source]
-
test_role_model()[source]
-
test_user_group_membership()[source]
-
test_user_model()[source]
-
class keystone.tests.test_backend_sql.SqlPolicy(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.PolicyTests
-
class keystone.tests.test_backend_sql.SqlTests(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase
-
config_files()[source]
-
setUp()[source]
-
class keystone.tests.test_backend_sql.SqlToken(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenTests
-
test_flush_expired_tokens_batch()[source]
-
test_token_flush_batch_size_db2()[source]
-
test_token_flush_batch_size_default()[source]
-
test_token_revocation_list_uses_right_columns()[source]
-
class keystone.tests.test_backend_sql.SqlTokenCacheInvalidation(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenCacheInvalidation
-
setUp()[source]
-
class keystone.tests.test_backend_sql.SqlTrust(*args, **kwargs)[source]
Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TrustTests
keystone.tests.test_backend_templated module
-
class keystone.tests.test_backend_templated.TestTemplatedCatalog(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests
-
DEFAULT_FIXTURE = {'RegionOne': {'compute': {'adminURL': 'http://localhost:8774/v1.1/bar', 'id': '2', 'internalURL': 'http://localhost:8774/v1.1/bar', 'name': "'Compute Service'", 'publicURL': 'http://localhost:8774/v1.1/bar'}, 'identity': {'adminURL': 'http://localhost:35357/v2.0', 'id': '1', 'internalURL': 'http://localhost:35357/v2.0', 'name': "'Identity Service'", 'publicURL': 'http://localhost:5000/v2.0'}}}
-
config_overrides()[source]
-
setUp()[source]
-
test_catalog_ignored_malformed_urls()[source]
-
test_get_catalog()[source]
-
test_get_catalog_endpoint_disabled()[source]
-
test_get_v3_catalog()[source]
-
test_get_v3_catalog_endpoint_disabled()[source]
keystone.tests.test_cache module
-
class keystone.tests.test_cache.CacheIsolatingProxy(*args, **kwargs)[source]
Bases: dogpile.cache.proxy.ProxyBackend
Proxy that forces a memory copy of stored values.
The default in-memory cache-region does not perform a copy on values it
is meant to cache. Therefore if the value is modified after set or after
get, the cached value also is modified. This proxy does a copy as the last
thing before storing data.
-
get(key)[source]
-
set(key, value)[source]
-
class keystone.tests.test_cache.CacheNoopBackendTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
config_overrides()[source]
-
setUp()[source]
-
test_noop_backend()[source]
-
class keystone.tests.test_cache.CacheRegionTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_cache_debug_proxy()[source]
-
test_cache_dictionary_config_builder()[source]
Validate we build a sane dogpile.cache dictionary config.
-
test_cache_region_no_error_multiple_config()[source]
-
test_configure_non_region_object_raises_error()[source]
-
test_region_built_with_proxy_direct_cache_test()[source]
-
test_should_cache_fn_global_cache_disabled()[source]
-
test_should_cache_fn_global_cache_disabled_section_cache_enabled()[source]
-
test_should_cache_fn_global_cache_enabled()[source]
-
test_should_cache_fn_global_cache_enabled_section_cache_disabled()[source]
-
test_should_cache_fn_global_cache_enabled_section_cache_enabled()[source]
-
class keystone.tests.test_cache.TestProxy(*args, **kwargs)[source]
Bases: dogpile.cache.proxy.ProxyBackend
-
get(key)[source]
-
class keystone.tests.test_cache.TestProxyValue(value)[source]
Bases: object
keystone.tests.test_cache_backend_mongo module
-
class keystone.tests.test_cache_backend_mongo.MockCollection(db, name)[source]
Bases: object
-
ensure_index(key_or_list, *args, **kwargs)[source]
-
find(spec=None, *args, **kwargs)[source]
-
find_and_modify(spec, document, upsert=False, **kwargs)[source]
-
find_one(spec_or_id=None, *args, **kwargs)[source]
-
index_information()[source]
-
insert(data, manipulate=True, **kwargs)[source]
-
remove(spec_or_id=None, search_filter=None)[source]
Remove objects matching spec_or_id from the collection.
-
save(data, manipulate=True, **kwargs)[source]
-
update(spec, document, upsert=False, **kwargs)[source]
-
class keystone.tests.test_cache_backend_mongo.MockCursor(collection, dataset_factory)[source]
Bases: object
-
next()
-
class keystone.tests.test_cache_backend_mongo.MockMongoClient(*args, **kwargs)[source]
Bases: object
-
class keystone.tests.test_cache_backend_mongo.MockMongoDB(dbname)[source]
Bases: object
-
add_son_manipulator(manipulator)[source]
-
authenticate(username, password)[source]
-
class keystone.tests.test_cache_backend_mongo.MongoCache(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
-
setUp()[source]
-
test_additional_crud_method_arguments_support()[source]
Additional arguments should works across find/insert/update.
-
test_backend_delete_data()[source]
-
test_backend_get_missing_data()[source]
-
test_backend_multi_delete_data()[source]
-
test_backend_multi_get_data()[source]
-
test_backend_multi_set_data()[source]
-
test_backend_multi_set_get_with_blanks_none()[source]
-
test_backend_multi_set_should_update_existing()[source]
-
test_backend_set_blank_as_data()[source]
-
test_backend_set_data()[source]
-
test_backend_set_data_with_int_as_valid_ttl()[source]
-
test_backend_set_data_with_string_as_valid_ttl()[source]
-
test_backend_set_none_as_data()[source]
-
test_backend_set_same_key_multiple_times()[source]
-
test_cache_configuration_values_assertion()[source]
-
test_correct_read_preference()[source]
-
test_correct_write_concern()[source]
-
test_incorrect_mongo_ttl_seconds()[source]
-
test_incorrect_read_preference()[source]
-
test_incorrect_write_concern()[source]
-
test_missing_cache_collection_name()[source]
-
test_missing_db_hosts()[source]
-
test_missing_db_name()[source]
-
test_missing_replica_set_name()[source]
-
test_multiple_region_cache_configuration()[source]
-
test_provided_replica_set_name()[source]
-
test_typical_configuration()[source]
-
class keystone.tests.test_cache_backend_mongo.MyTransformer[source]
Bases: keystone.common.cache.backends.mongo.BaseTransform
Added here just to check manipulator logic is used correctly.
-
transform_incoming(son, collection)[source]
-
transform_outgoing(son, collection)[source]
-
keystone.tests.test_cache_backend_mongo.get_collection(db_name, collection_name)[source]
-
keystone.tests.test_cache_backend_mongo.pymongo_override()[source]
keystone.tests.test_content_types module
-
class keystone.tests.test_content_types.CoreApiTests[source]
Bases: object
-
assertNoRoles(r)[source]
Helper method to assert No Roles
This needs to be overridden by child classes
based on their content type.
-
assertValidError(error)[source]
Applicable to XML and JSON.
-
assertValidExtension(extension)[source]
Applicable to XML and JSON.
However, navigating extension links differs between content types.
They need to be validated separately with assertValidExtensionLink.
-
assertValidExtensionLink(link)[source]
Applicable to XML and JSON.
-
assertValidRole(tenant)[source]
Applicable to XML and JSON.
-
assertValidTenant(tenant)[source]
Applicable to XML and JSON.
-
assertValidUser(user)[source]
Applicable to XML and JSON.
-
assertValidVersion(version)[source]
Applicable to XML and JSON.
However, navigating links and media-types differs between content
types so they need to be validated separately.
-
test_admin_extensions()[source]
-
test_admin_extensions_404()[source]
-
test_admin_multiple_choice()[source]
-
test_admin_not_found()[source]
-
test_admin_osksadm_extension()[source]
-
test_admin_version()[source]
-
test_authenticate()[source]
-
test_authenticate_unscoped()[source]
-
test_authenticating_a_user_with_no_password()[source]
-
test_create_update_user_invalid_enabled_type()[source]
-
test_endpoints()[source]
-
test_error_response()[source]
This triggers assertValidErrorResponse by convention.
-
test_get_tenant()[source]
-
test_get_tenant_by_name()[source]
-
test_get_tenants_for_token()[source]
-
test_get_user()[source]
-
test_get_user_by_name()[source]
-
test_get_user_roles()[source]
-
test_get_user_roles_with_tenant()[source]
-
test_invalid_parameter_error_response()[source]
-
test_invalid_token_404()[source]
-
test_public_extensions()[source]
-
test_public_multiple_choice()[source]
-
test_public_not_found()[source]
-
test_public_osksadm_extension_404()[source]
-
test_public_version()[source]
-
test_remove_role_revokes_token()[source]
-
test_update_user_tenant()[source]
-
test_update_user_with_invalid_tenant()[source]
-
test_update_user_with_invalid_tenant_no_prev_tenant()[source]
-
test_update_user_with_old_tenant()[source]
-
test_validate_token()[source]
-
test_validate_token_belongs_to()[source]
-
test_validate_token_head()[source]
The same call as above, except using HEAD.
There’s no response to validate here, but this is included for the
sake of completely covering the core API.
-
test_validate_token_no_belongs_to_still_returns_catalog()[source]
-
test_validate_token_service_role()[source]
-
class keystone.tests.test_content_types.JsonTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests
-
assertNoRoles(r)[source]
-
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
-
assertValidEndpointListResponse(r)[source]
-
assertValidErrorResponse(r)[source]
-
assertValidExtension(extension, expected)[source]
-
assertValidExtensionListResponse(r, expected)[source]
-
assertValidExtensionResponse(r, expected)[source]
-
assertValidMultipleChoiceResponse(r)[source]
-
assertValidRevocationListResponse(response)[source]
-
assertValidRoleListResponse(r)[source]
-
assertValidTenantListResponse(r)[source]
-
assertValidTenantResponse(r)[source]
-
assertValidUser(user)[source]
-
assertValidUserResponse(r)[source]
-
assertValidVersion(version)[source]
-
assertValidVersionResponse(r)[source]
-
content_type = 'json'
-
get_user_attribute_from_response(r, attribute_name)[source]
-
get_user_from_response(r)[source]
-
test_authenticating_a_user_with_an_OSKSADM_password()[source]
-
test_create_update_user_json_invalid_enabled_type()[source]
-
test_fetch_revocation_list_admin_200()[source]
-
test_fetch_revocation_list_nonadmin_fails()[source]
-
test_service_crud_requires_auth()[source]
Service CRUD should 401 without an X-Auth-Token (bug 1006822).
-
test_updating_a_user_with_an_OSKSADM_password()[source]
-
test_user_role_list_requires_auth()[source]
User role list should 401 without an X-Auth-Token (bug 1006815).
-
class keystone.tests.test_content_types.LegacyV2UsernameTests[source]
Bases: object
Tests to show the broken username behavior in V2.
The V2 API is documented to use username instead of name. The
API forced used to use name and left the username to fall into the
extra field.
These tests ensure this behavior works so fixes to username/name
will be backward compatible.
-
create_user(**user_attrs)[source]
Creates a users and returns the response object.
Parameters: | user_attrs – attributes added to the request body (optional) |
The response for creating a user will contain the extra fields.
The response for getting a user will contain the extra fields.
-
test_update_returns_new_username_when_adding_username()[source]
The response for updating a user will contain the extra fields.
This is specifically testing for updating a username when a value
was not previously set.
-
test_update_returns_new_username_when_updating_username()[source]
The response for updating a user will contain the extra fields.
This tests updating a username that was previously set.
-
test_updated_username_is_returned()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_can_be_used_instead_of_name_create()[source]
-
test_username_can_be_used_instead_of_name_update()[source]
-
test_username_is_always_returned_create()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_is_always_returned_get()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_is_always_returned_get_by_name()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
test_username_is_always_returned_update_no_username_provided()[source]
Username is set as the value of name if no username is provided.
This matches the v2.0 spec where we really should be using username
and not name.
-
class keystone.tests.test_content_types.RestfulTestCase(*args, **kwargs)[source]
Bases: keystone.tests.rest.RestfulTestCase
-
setUp()[source]
-
class keystone.tests.test_content_types.RevokeApiJsonTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_content_types.JsonTestCase
-
config_overrides()[source]
-
test_fetch_revocation_list_admin_200()[source]
-
class keystone.tests.test_content_types.XmlTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests
-
assertNoRoles(r)[source]
-
assertValidAuthenticationResponse(r, require_service_catalog=False)[source]
-
assertValidEndpointListResponse(r)[source]
-
assertValidErrorResponse(r)[source]
-
assertValidExtension(extension, expected)[source]
-
assertValidExtensionListResponse(r, expected)[source]
-
assertValidExtensionResponse(r, expected)[source]
-
assertValidMultipleChoiceResponse(r)[source]
-
assertValidRoleListResponse(r)[source]
-
assertValidTenantListResponse(r)[source]
-
assertValidTenantResponse(r)[source]
-
assertValidUserResponse(r)[source]
-
assertValidVersion(version)[source]
-
assertValidVersionResponse(r)[source]
-
content_type = 'xml'
-
get_user_attribute_from_response(r, attribute_name)[source]
-
get_user_from_response(r)[source]
-
test_add_tenant_json()[source]
Create a tenant without providing description field.
-
test_add_tenant_xml()[source]
Create a tenant without providing description field.
-
test_authenticate_with_invalid_xml_in_password()[source]
-
test_authenticating_a_user_with_an_OSKSADM_password()[source]
-
test_create_project_invalid_enabled_type_string()[source]
-
test_remove_role_revokes_token()[source]
-
test_update_project_invalid_enabled_type_string()[source]
-
xmlns = 'http://docs.openstack.org/identity/api/v2.0'
keystone.tests.test_exception module
-
class keystone.tests.test_exception.ExceptionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
assertValidJsonRendering(e)[source]
-
test_403_title()[source]
-
test_all_json_renderings()[source]
Everything callable in the exception module should be renderable.
... except for the base error class (exception.Error), which is not
user-facing.
This test provides a custom message to bypass docstring parsing, which
should be tested separately.
-
test_invalid_unicode_string()[source]
-
test_not_found()[source]
-
test_unicode_message()[source]
-
test_unicode_string()[source]
-
test_validation_error()[source]
-
class keystone.tests.test_exception.SecurityErrorTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_exception.ExceptionTestCase
Tests whether security-related info is exposed to the API user.
-
test_forbidden_action_exposure()[source]
-
test_forbidden_action_exposure_in_debug()[source]
-
test_forbidden_exposure()[source]
-
test_forbidden_exposure_in_debug()[source]
-
test_unauthorized_exposure()[source]
-
test_unauthorized_exposure_in_debug()[source]
-
test_unicode_argument_message()[source]
-
class keystone.tests.test_exception.UnexpectedExceptionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_exception.ExceptionTestCase
Tests if internal info is exposed to the API user on UnexpectedError.
-
exception SubClassExc(message=None, **kwargs)[source]
Bases: keystone.exception.UnexpectedError
-
debug_message_format = 'Debug Message: %(debug_info)s'
-
UnexpectedExceptionTestCase.setUp()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_custom_message_no_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_no_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_subclass_debug()[source]
-
UnexpectedExceptionTestCase.test_unexpected_error_subclass_no_debug()[source]
keystone.tests.test_injection module
-
class keystone.tests.test_injection.TestDependencyInjection(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
-
setUp()[source]
-
test_circular_dependency()[source]
-
test_dependency_consumer_configuration()[source]
-
test_dependency_injection()[source]
-
test_dependency_provider_configuration()[source]
-
test_inherited_dependency()[source]
-
test_optional_and_required()[source]
-
test_optional_dependency_not_provided()[source]
-
test_optional_dependency_provided()[source]
-
test_reset()[source]
-
test_unresolvable_dependency()[source]
keystone.tests.test_kvs module
-
class keystone.tests.test_kvs.KVSBackendFixture(arguments)[source]
Bases: keystone.common.kvs.backends.inmemdb.MemoryBackend
-
get_mutex(key)[source]
-
classmethod key_mangler(key)[source]
-
class keystone.tests.test_kvs.KVSBackendForcedKeyMangleFixture(arguments)[source]
Bases: keystone.tests.test_kvs.KVSBackendFixture
-
classmethod key_mangler(key)[source]
-
use_backend_key_mangler = True
-
class keystone.tests.test_kvs.KVSTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_kvs_backend_registration_does_not_reregister_backends()[source]
-
test_kvs_basic_configuration()[source]
-
test_kvs_basic_get_set_delete()[source]
-
test_kvs_key_mangler_configuration_backend()[source]
-
test_kvs_key_mangler_configuration_disabled()[source]
-
test_kvs_key_mangler_configuration_forced_backend()[source]
-
test_kvs_key_mangler_fallthrough_default()[source]
-
test_kvs_key_mangler_set_on_backend()[source]
-
test_kvs_locking_context_handler()[source]
-
test_kvs_locking_context_handler_locking_disabled()[source]
-
test_kvs_memcache_key_mangler_set_to_none()[source]
-
test_kvs_memcache_manager_no_expiry_keys()[source]
-
test_kvs_memcache_set_arguments_and_memcache_expires_ttl()[source]
-
test_kvs_memcached_manager_invalid_dogpile_memcached_backend()[source]
-
test_kvs_memcached_manager_valid_dogpile_memcached_backend()[source]
-
test_kvs_multi_get_set_delete()[source]
-
test_kvs_proxy_configuration()[source]
-
test_kvs_with_lock_action_context_manager()[source]
-
test_kvs_with_lock_action_context_manager_no_lock()[source]
-
test_kvs_with_lock_action_context_manager_timeout()[source]
-
test_kvs_with_lock_action_mismatched_keys()[source]
-
test_memcached_lock_max_lock_attempts()[source]
-
test_noncallable_key_mangler_set_on_driver_raises_type_error()[source]
-
class keystone.tests.test_kvs.MutexFixture(storage_dict, key, timeout)[source]
Bases: object
-
acquire(wait=True)[source]
-
release()[source]
-
class keystone.tests.test_kvs.RegionProxy2Fixture(*args, **kwargs)[source]
Bases: dogpile.cache.proxy.ProxyBackend
A test dogpile.cache proxy that does nothing.
-
class keystone.tests.test_kvs.RegionProxyFixture(*args, **kwargs)[source]
Bases: dogpile.cache.proxy.ProxyBackend
A test dogpile.cache proxy that does nothing.
-
class keystone.tests.test_kvs.TestMemcacheDriver(arguments)[source]
Bases: dogpile.cache.api.CacheBackend
A test dogpile.cache backend that conforms to the mixin-mechanism for
overriding set and set_multi methods on dogpile memcached drivers.
-
set(key, value)[source]
-
set_multi(mapping)[source]
-
class test_client[source]
Bases: object
-
add(key, value, expiry_time)[source]
-
delete(key)[source]
-
set(key, value, **set_arguments)[source]
-
set_multi(mapping, **set_arguments)[source]
-
class keystone.tests.test_kvs.TestMemcachedBackend(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_invalid_backend_fails_initialization(*args, **keywargs)[source]
keystone.tests.test_matchers module
-
class keystone.tests.test_matchers.TestXMLEquals(*args, **kwargs)[source]
Bases: keystone.tests.core.BaseTestCase, testtools.tests.matchers.helpers.TestMatchersInterface
-
describe_examples = [('expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n', <keystone.tests.matchers.XMLEquals object at 0x7f9678326590>)]
-
equivalent_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n'
-
matches_matcher = <keystone.tests.matchers.XMLEquals object at 0x7f9678326590>
-
matches_matches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n', '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <second a="a" b="b"/>\n <first z="0" y="1" x="2"></first>\n</test>\n']
-
matches_mismatches = ['<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n']
-
matches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"></second>\n</test>\n'
-
mismatches_description = 'expected =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <first z="0" y="1" x="2"/>\n <second a="a" b="b"/>\n</test>\n\nactual =\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
-
mismatches_xml = '<?xml version="1.0" encoding="UTF-8"?>\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\n <nope_it_fails/>\n</test>\n'
-
str_examples = [('XMLEquals(\'<?xml version="1.0" encoding="UTF-8"?>\\n<test xmlns="http://docs.openstack.org/identity/api/v2.0">\\n <first z="0" y="1" x="2"/>\\n <second a="a" b="b"></second>\\n</test>\\n\')', <keystone.tests.matchers.XMLEquals object at 0x7f9678326590>)]
keystone.tests.test_middleware module
-
class keystone.tests.test_middleware.AdminTokenAuthMiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_request_admin()[source]
-
test_request_non_admin()[source]
-
class keystone.tests.test_middleware.JsonBodyMiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_malformed_json()[source]
-
test_no_content_type()[source]
-
test_request_with_params()[source]
-
test_unrecognized_content_type()[source]
-
test_unrecognized_content_type_without_body()[source]
-
class keystone.tests.test_middleware.PostParamsMiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_request_with_params()[source]
-
class keystone.tests.test_middleware.TokenAuthMiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_request()[source]
-
class keystone.tests.test_middleware.XmlBodyMiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_client_fails_to_specify_accept()[source]
If client does not specify an Accept header, default to JSON.
-
test_client_wants_json_back()[source]
Clients requesting JSON should definitely not get XML back.
-
test_client_wants_xml_back()[source]
Clients requesting XML should get what they ask for.
-
test_json_unnaffected()[source]
JSON-only requests should be unaffected by the XML middleware.
-
test_xml_replaced_by_json()[source]
XML requests should be replaced by JSON requests.
-
keystone.tests.test_middleware.make_request(**kwargs)[source]
-
keystone.tests.test_middleware.make_response(**kwargs)[source]
keystone.tests.test_notifications module
-
exception keystone.tests.test_notifications.ArbitraryException[source]
Bases: exceptions.Exception
-
class keystone.tests.test_notifications.CadfNotificationsWrapperTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
ACTION = 'authenticate'
-
LOCAL_HOST = 'localhost'
-
setUp()[source]
-
test_v3_authenticate_user_id()[source]
-
test_v3_authenticate_user_name_and_domain_id()[source]
-
test_v3_authenticate_user_name_and_domain_name()[source]
-
class keystone.tests.test_notifications.NotificationsForEntities(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
setUp()[source]
-
test_create_group()[source]
-
test_create_project()[source]
-
test_create_role()[source]
-
test_create_trust()[source]
-
test_create_user()[source]
-
test_delete_domain()[source]
-
test_delete_group()[source]
-
test_delete_project()[source]
-
test_delete_role()[source]
-
test_delete_trust()[source]
-
test_delete_user()[source]
-
test_disable_domain()[source]
-
test_disable_project()[source]
-
test_update_domain()[source]
-
test_update_group()[source]
-
test_update_project()[source]
-
test_update_project_does_not_send_disable()[source]
-
test_update_role()[source]
-
test_update_user()[source]
-
class keystone.tests.test_notifications.NotificationsTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_send_notification()[source]
Test the private method _send_notification to ensure event_type,
payload, and context are built and passed properly.
-
class keystone.tests.test_notifications.NotificationsWrapperTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
create_exception(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
create_resource(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
delete_exception(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
delete_resource(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
setUp()[source]
-
test_create_exception_without_notification()[source]
-
test_delete_exception_without_notification()[source]
-
test_resource_created_notification()[source]
-
test_resource_deleted_notification()[source]
-
test_resource_updated_notification()[source]
-
test_update_exception_without_notification()[source]
-
update_exception(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
update_resource(*args, **kwargs)[source]
Send a notification if the wrapped callable is successful.
-
class keystone.tests.test_notifications.TestEventCallbacks(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
setUp()[source]
-
test_event_registration_for_unknown_resource_type()[source]
-
test_invalid_event_callbacks()[source]
-
test_invalid_event_callbacks_event()[source]
-
test_notification_event_not_valid()[source]
-
test_notification_method_not_callable()[source]
-
test_notification_received()[source]
-
test_provider_event_callbacks_subscription()[source]
keystone.tests.test_pemutils module
-
class keystone.tests.test_pemutils.PEM(pem_header='CERTIFICATE', pem_type='cert', data_size=70, data_offset=0)[source]
Bases: object
PEM text and it’s associated data broken out, used for testing.
-
class keystone.tests.test_pemutils.TestPEMParse(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_base64_to_pem()[source]
-
test_binary_to_pem()[source]
-
test_get_pem_data()[source]
-
test_get_pem_data_invalid()[source]
-
test_get_pem_data_none()[source]
-
test_is_pem()[source]
-
test_parse_invalid()[source]
-
test_parse_multple()[source]
-
test_parse_multple_embedded()[source]
-
test_parse_multple_find_specific()[source]
-
test_parse_none()[source]
-
test_parse_one()[source]
-
test_parse_one_embedded()[source]
-
class keystone.tests.test_pemutils.TestPEMParseResult(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
test_pem_types()[source]
-
keystone.tests.test_pemutils.make_base64_from_data(data)[source]
-
keystone.tests.test_pemutils.make_data(size, offset=0)[source]
-
keystone.tests.test_pemutils.make_pem(header, data)[source]
-
keystone.tests.test_pemutils.wrap_base64(base64_text)[source]
keystone.tests.test_s3_token_middleware module
-
class keystone.tests.test_s3_token_middleware.S3TokenMiddlewareTestBase(*args, **kwargs)[source]
Bases: testtools.testcase.TestCase
-
test_symbols()[source]
Verify s3_token middleware symbols.
Verify that the keystone version of s3_token middleware forwards the
public symbols from the keystoneclient version of the s3_token
middleware for backwards compatibility.
keystone.tests.test_singular_plural module
-
class keystone.tests.test_singular_plural.TestSingularPlural[source]
Bases: object
-
test_keyword_arg_condition_or_methods()[source]
Raise if we see a keyword arg called ‘condition’ or ‘methods’.
keystone.tests.test_sql_upgrade module
To run these tests against a live database:
Modify the file keystone/tests/backend_sql.conf to use the connection
for your live database
Set up a blank, live database
Run the tests using:
tox keystone.tests.test_sql_upgrade
WARNING:
Your database will be wiped.
Do not do this against a database with valuable data as all data will be
lost.
-
class keystone.tests.test_sql_upgrade.SqlMigrateBase(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase
-
assertTableColumns(table_name, expected_cols)[source]
Asserts that the table contains the expected set of columns.
-
assertTableDoesNotExist(table_name)[source]
Asserts that a given table exists cannot be selected by name.
-
assertTableExists(table_name)[source]
-
config_files()[source]
-
downgrade(*args, **kwargs)[source]
-
initialize_sql()[source]
-
repo_package()[source]
-
select_table(name)[source]
-
setUp()[source]
-
tearDown()[source]
-
upgrade(*args, **kwargs)[source]
-
class keystone.tests.test_sql_upgrade.SqlUpgradeTests(*args, **kwargs)[source]
Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase
-
assertProjectTables()[source]
-
assertTenantTables()[source]
-
check_uniqueness_constraints()[source]
-
insert_dict(session, table_name, d, table=None)[source]
Naively inserts key-value pairs into a table, given a dictionary.
-
populate_tenant_table(with_desc_enab=False, with_desc_enab_domain=False)[source]
-
populate_user_table(with_pass_enab=False, with_pass_enab_domain=False)[source]
-
test_assignment_metadata_migration()[source]
-
test_assignment_table_migration()[source]
-
test_blank_db_to_start()[source]
-
test_downgrade_10_to_8()[source]
-
test_downgrade_16_to_14()[source]
-
test_downgrade_30()[source]
-
test_downgrade_32_to_31()[source]
-
test_downgrade_endpoint_enabled_cols()[source]
Check columns when downgrade from migration 41.
The downgrade from migration 42 removes the enabled column from the
endpoint table.
-
test_downgrade_endpoint_enabled_data()[source]
Downgrade from migration 42 migrates data.
Downgrade from migration 42 migrates data from enabled to
extra. Any disabled endpoints have ‘enabled’: False put into ‘extra’.
-
test_downgrade_endpoints()[source]
-
test_downgrade_project_to_tenant()[source]
-
test_downgrade_remove_group_tables()[source]
-
test_downgrade_service_enabled_cols()[source]
Check columns when downgrade to migration 43.
The downgrade from migration 44 removes the enabled column from the
service table.
-
test_downgrade_service_enabled_data()[source]
Downgrade from migration 44 migrates data.
Downgrade from migration 44 migrates data from enabled to
extra. Any disabled services have ‘enabled’: False put into ‘extra’.
-
test_downgrade_to_0()[source]
-
test_drop_credential_constraint()[source]
-
test_drop_credential_indexes()[source]
-
test_dropped_valid_index()[source]
-
test_fixup_role()[source]
-
test_group_project_FK_fixup()[source]
-
test_legacy_endpoint_id()[source]
-
test_limited_trusts_downgrade()[source]
-
test_limited_trusts_downgrade_trusts_cleanup()[source]
-
test_limited_trusts_upgrade()[source]
-
test_metadata_table_migration()[source]
-
test_migrate_add_default_project_id_column_downgrade()[source]
-
test_migrate_add_default_project_id_column_upgrade()[source]
-
test_migrate_ec2_credential()[source]
-
test_migrate_ec2_credential_with_conflict_project()[source]
-
test_migrate_ec2_credential_with_conflict_secret()[source]
-
test_migrate_ec2_credential_with_invalid_blob()[source]
-
test_normalized_enabled_states()[source]
-
test_region_migration()[source]
-
test_revoked_token_index()[source]
-
test_start_version_0()[source]
-
test_two_steps_forward_one_step_back()[source]
You should be able to cleanly undo and re-apply all upgrades.
Upgrades are run in the following order:
0 -> 1 -> 0 -> 1 -> 2 -> 1 -> 2 -> 3 -> 2 -> 3 ...
^---------^ ^---------^ ^---------^
-
test_upgrade_14_to_16()[source]
-
test_upgrade_31_to_32()[source]
-
test_upgrade_add_domain_tables()[source]
-
test_upgrade_add_group_tables()[source]
-
test_upgrade_add_initial_tables()[source]
-
test_upgrade_add_policy()[source]
-
test_upgrade_default_roles()[source]
-
test_upgrade_endpoint_enabled_cols()[source]
Migration 42 added enabled column to endpoint table.
-
test_upgrade_endpoint_enabled_data()[source]
Migration 42 has to migrate data from extra to enabled.
-
test_upgrade_endpoints()[source]
-
test_upgrade_normalize_identity()[source]
-
test_upgrade_region_non_unique_description()[source]
Test upgrade to migration 43.
This migration should occur with no unique constraint on the region
description column.
Create two regions with the same description.
-
test_upgrade_region_unique_description()[source]
Test upgrade to migration 43.
This test models a migration where there is a unique constraint on the
description column.
Create two regions with the same description.
-
test_upgrade_service_enabled_cols()[source]
Migration 44 added enabled column to service table.
-
test_upgrade_service_enabled_data()[source]
Migration 44 has to migrate data from extra to enabled.
-
test_upgrade_tenant_to_project()[source]
-
test_upgrade_trusts()[source]
-
test_upgrade_user_tenant_membership_to_metadata()[source]
-
class keystone.tests.test_sql_upgrade.VersionTests(*args, **kwargs)[source]
Bases: keystone.tests.test_sql_upgrade.SqlMigrateBase
-
test_core_initial()[source]
When get the version before migrated, it’s 0.
-
test_core_max()[source]
When get the version after upgrading, it’s the new version.
-
test_extension_initial()[source]
When get the initial version of an extension, it’s 0.
-
test_extension_migrated()[source]
When get the version after migrating an extension, it’s not 0.
-
test_extension_not_controlled()[source]
When get the version before controlling, raises DbMigrationError.
-
test_unexpected_extension()[source]
The version for an extension that doesn’t exist raises ImportError.
-
test_unversioned_extension()[source]
The version for extensions without migrations raise an exception.
keystone.tests.test_ssl module
-
class keystone.tests.test_ssl.SSLTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_1way_ssl_ok()[source]
Make sure both public and admin API work with 1-way SSL.
-
test_1way_ssl_with_ipv6_ok()[source]
Make sure both public and admin API work with 1-way ipv6 & SSL.
-
test_2way_ssl_fail()[source]
Expect to fail when client does not present proper certificate.
-
test_2way_ssl_ok()[source]
Make sure both public and admin API work with 2-way SSL.
Requires client certificate.
-
test_2way_ssl_with_ipv6_ok()[source]
Make sure both public and admin API work with 2-way ipv6 & SSL.
Requires client certificate.
keystone.tests.test_token_bind module
-
class keystone.tests.test_token_bind.BindTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Test binding tokens to a Principal.
Even though everything in this file references kerberos the same concepts
will apply to all future binding mechanisms.
-
assert_kerberos_bind(tokens, bind_level, use_kerberos=True, success=True)[source]
-
test_bind_disabled_with_kerb_user()[source]
-
test_bind_named_with_kerb_user()[source]
-
test_bind_named_with_regular_token()[source]
-
test_bind_named_with_unknown_bind()[source]
-
test_bind_named_with_unknown_scheme()[source]
-
test_bind_named_without_kerb_user()[source]
-
test_bind_permissive_with_kerb_user()[source]
-
test_bind_permissive_with_regular_token()[source]
-
test_bind_permissive_with_unknown_bind()[source]
-
test_bind_permissive_without_kerb_user()[source]
-
test_bind_required_with_kerb_user()[source]
-
test_bind_required_with_regular_token()[source]
-
test_bind_required_with_unknown_bind()[source]
-
test_bind_required_without_kerb_user()[source]
-
test_bind_strict_with_kerb_user()[source]
-
test_bind_strict_with_regular_token()[source]
-
test_bind_strict_with_unknown_bind()[source]
-
test_bind_strict_without_kerb_user()[source]
keystone.tests.test_url_middleware module
-
class keystone.tests.test_url_middleware.FakeApp[source]
Bases: object
Fakes a WSGI app URL normalized.
-
class keystone.tests.test_url_middleware.UrlMiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
start_fake_response(status, headers)[source]
-
test_rewrite_empty_path()[source]
Tests empty path is rewritten to root.
-
test_trailing_slash_normalization()[source]
Tests /v2.0/tokens and /v2.0/tokens/ normalized URLs match.
keystone.tests.test_v2_controller module
-
class keystone.tests.test_v2_controller.TenantTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Tests for the V2 Tenant controller.
These tests exercise keystone.assignment.controllers.Tenant.
-
setUp()[source]
-
test_get_project_users_no_user()[source]
get_project_users when user doesn’t exist.
When a user that’s not known to identity has a role on a project,
then get_project_users just skips that user.
-
test_list_projects_default_domain()[source]
Test that list projects only returns those in the default domain.
keystone.tests.test_v3 module
-
class keystone.tests.test_v3.AuthContextMiddlewareTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_admin_token_auth_context()[source]
-
test_auth_context_build_by_middleware()[source]
-
test_auth_context_override()[source]
-
class keystone.tests.test_v3.RestfulTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.rest.RestfulTestCase
-
admin_request(*args, **kwargs)[source]
Translates XML responses to dicts.
This implies that we only have to write assertions for JSON.
-
assertEqualTokens(a, b)[source]
Assert that two tokens are equal.
Compare two tokens except for their ids. This also truncates
the time in the comparison.
-
assertRoleAssignmentInListResponse(resp, ref, link_url=None, expected=1)[source]
-
assertRoleAssignmentNotInListResponse(resp, ref, link_url=None)[source]
-
assertValidCredential(entity, ref=None)[source]
-
assertValidCredentialListResponse(resp, *args, **kwargs)[source]
-
assertValidCredentialResponse(resp, *args, **kwargs)[source]
-
assertValidDomain(entity, ref=None)[source]
-
assertValidDomainListResponse(resp, *args, **kwargs)[source]
-
assertValidDomainResponse(resp, *args, **kwargs)[source]
-
assertValidDomainScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidEndpoint(entity, ref=None)[source]
-
assertValidEndpointListResponse(resp, *args, **kwargs)[source]
-
assertValidEndpointResponse(resp, *args, **kwargs)[source]
-
assertValidEntity(entity, ref=None, keys_to_check=None)[source]
Make assertions common to all API entities.
If a reference is provided, the entity will also be compared against
the reference.
-
assertValidErrorResponse(r)[source]
-
assertValidGroup(entity, ref=None)[source]
-
assertValidGroupListResponse(resp, *args, **kwargs)[source]
-
assertValidGroupResponse(resp, *args, **kwargs)[source]
-
assertValidISO8601ExtendedFormatDatetime(dt)[source]
-
assertValidListLinks(links)[source]
-
assertValidListResponse(resp, key, entity_validator, ref=None, expected_length=None, keys_to_check=None)[source]
Make assertions common to all API list responses.
If a reference is provided, it’s ID will be searched for in the
response, and asserted to be equal.
-
assertValidPolicy(entity, ref=None)[source]
-
assertValidPolicyListResponse(resp, *args, **kwargs)[source]
-
assertValidPolicyResponse(resp, *args, **kwargs)[source]
-
assertValidProject(entity, ref=None)[source]
-
assertValidProjectListResponse(resp, *args, **kwargs)[source]
-
assertValidProjectResponse(resp, *args, **kwargs)[source]
-
assertValidProjectScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidProjectTrustScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidRegion(entity, ref=None)[source]
-
assertValidRegionListResponse(resp, *args, **kwargs)[source]
-
assertValidRegionResponse(resp, *args, **kwargs)[source]
-
assertValidResponse(resp, key, entity_validator, *args, **kwargs)[source]
Make assertions common to all API responses.
-
assertValidRole(entity, ref=None)[source]
-
assertValidRoleAssignment(entity, ref=None, url=None)[source]
-
assertValidRoleAssignmentListResponse(resp, ref=None, expected_length=None)[source]
-
assertValidRoleListResponse(resp, *args, **kwargs)[source]
-
assertValidRoleResponse(resp, *args, **kwargs)[source]
-
assertValidScopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidService(entity, ref=None)[source]
-
assertValidServiceListResponse(resp, *args, **kwargs)[source]
-
assertValidServiceResponse(resp, *args, **kwargs)[source]
-
assertValidTokenResponse(r, user=None)[source]
-
assertValidTrust(entity, ref=None, summary=False)[source]
-
assertValidTrustListResponse(resp, *args, **kwargs)[source]
-
assertValidTrustResponse(resp, *args, **kwargs)[source]
-
assertValidTrustSummary(entity, ref=None)[source]
-
assertValidUnscopedTokenResponse(r, *args, **kwargs)[source]
-
assertValidUser(entity, ref=None)[source]
-
assertValidUserListResponse(resp, *args, **kwargs)[source]
-
assertValidUserResponse(resp, *args, **kwargs)[source]
-
build_auth_scope(project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, domain_id=None, domain_name=None, trust_id=None)[source]
-
build_authentication_request(token=None, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, **kwargs)[source]
Build auth dictionary.
It will create an auth dictionary based on all the arguments
that it receives.
-
build_external_auth_request(remote_user, remote_domain=None, auth_data=None)[source]
-
build_password_auth(user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None)[source]
-
build_token_auth(token)[source]
-
config_files()[source]
-
create_new_default_project_for_user(user_id, domain_id, enable_project=True)[source]
-
delete(path, **kwargs)[source]
-
generate_paste_config()[source]
-
get(path, **kwargs)[source]
-
get_requested_token(auth)[source]
Request the specific token we want.
-
get_scoped_token()[source]
Convenience method so that we can test authenticated requests.
-
head(path, **kwargs)[source]
-
load_backends()[source]
-
load_fixtures(fixtures)[source]
-
load_sample_data()[source]
-
new_credential_ref(user_id, project_id=None)[source]
-
new_domain_ref()[source]
-
new_endpoint_ref(service_id, **kwargs)[source]
-
new_group_ref(domain_id)[source]
-
new_policy_ref()[source]
-
new_project_ref(domain_id)[source]
-
new_ref()[source]
Populates a ref with attributes common to all API entities.
-
new_region_ref()[source]
-
new_role_ref()[source]
-
new_service_ref()[source]
-
new_trust_ref(trustor_user_id, trustee_user_id, project_id=None, impersonation=None, expires=None, role_ids=None, role_names=None, remaining_uses=None)[source]
-
new_user_ref(domain_id, project_id=None)[source]
-
patch(path, **kwargs)[source]
-
post(path, **kwargs)[source]
-
put(path, **kwargs)[source]
-
remove_generated_paste_config()[source]
-
setUp(app_conf='keystone')[source]
Setup for v3 Restful Test Cases.
-
setup_database()[source]
-
teardown_database()[source]
-
v3_request(path, **kwargs)[source]
-
class keystone.tests.test_v3.VersionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_get_version()[source]
keystone.tests.test_v3_auth module
-
class keystone.tests.test_v3_auth.TestAPIProtectionWithoutAuthContextMiddleware(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_api_protection_with_no_auth_context_in_env()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalDisabled(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
test_remote_user_disabled()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalDomain(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
content_type = 'json'
-
test_project_id_scoped_with_remote_user()[source]
-
test_remote_user_with_realm()[source]
-
test_unscoped_bind_with_remote_user()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDefaultDomain(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
content_type = 'json'
-
test_remote_user_no_domain()[source]
-
test_remote_user_no_realm()[source]
-
class keystone.tests.test_v3_auth.TestAuthExternalLegacyDomain(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
content_type = 'json'
-
test_project_id_scoped_with_remote_user()[source]
-
test_remote_user_with_realm()[source]
-
test_unscoped_bind_with_remote_user()[source]
-
class keystone.tests.test_v3_auth.TestAuthInfo(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
test_both_project_and_domain_in_scope()[source]
-
test_get_method_data_invalid_method()[source]
-
test_get_method_names_duplicates()[source]
-
test_missing_auth_method_data()[source]
-
test_missing_auth_methods()[source]
-
test_project_name_no_domain()[source]
-
test_unsupported_auth_method()[source]
-
class keystone.tests.test_v3_auth.TestAuthJSON(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
content_type = 'json'
-
get_v2_token(tenant_id=None)[source]
-
test_auth_catalog_disabled_endpoint()[source]
On authenticate, get a catalog that excludes disabled endpoints.
-
test_auth_catalog_disabled_service()[source]
On authenticate, get a catalog that excludes disabled services.
-
test_auth_with_bind_token()[source]
-
test_auth_with_id()[source]
-
test_authenticating_a_user_with_no_password()[source]
-
test_bind_not_set_with_remote_user()[source]
-
test_default_project_id_scoped_token_with_user_id()[source]
-
test_default_project_id_scoped_token_with_user_id_no_catalog()[source]
-
test_disabled_default_project_domain_result_in_unscoped_token()[source]
-
test_disabled_default_project_result_in_unscoped_token()[source]
-
test_domain_id_scoped_token_with_user_domain_id()[source]
-
test_domain_id_scoped_token_with_user_domain_name()[source]
-
test_domain_id_scoped_token_with_user_id()[source]
-
test_domain_name_scoped_token_with_user_domain_id()[source]
-
test_domain_name_scoped_token_with_user_domain_name()[source]
-
test_domain_name_scoped_token_with_user_id()[source]
-
test_domain_scope_failed()[source]
-
test_domain_scope_token_with_group_role()[source]
-
test_domain_scope_token_with_name()[source]
-
test_implicit_project_id_scoped_token_with_user_id_no_catalog()[source]
-
test_invalid_domain_id()[source]
-
test_invalid_domain_name()[source]
-
test_invalid_password()[source]
-
test_invalid_user_id()[source]
-
test_invalid_user_name()[source]
-
test_no_access_to_default_project_result_in_unscoped_token()[source]
-
test_project_id_scoped_token_with_user_domain_id()[source]
-
test_project_id_scoped_token_with_user_domain_name()[source]
-
test_project_id_scoped_token_with_user_id()[source]
-
test_project_id_scoped_token_with_user_id_401()[source]
-
test_remote_user_and_explicit_external()[source]
-
test_remote_user_and_password()[source]
-
test_remote_user_bad_password()[source]
-
test_remote_user_no_domain()[source]
-
test_remote_user_no_realm()[source]
-
test_unscoped_token_with_user_domain_id()[source]
-
test_unscoped_token_with_user_domain_name()[source]
-
test_unscoped_token_with_user_id()[source]
-
test_user_and_group_roles_scoped_token()[source]
Test correct roles are returned in scoped token.
Test Plan:
- Create a domain, with 1 project, 2 users (user1 and user2)
and 2 groups (group1 and group2)
- Make user1 a member of group1, user2 a member of group2
- Create 8 roles, assigning them to each of the 8 combinations
of users/groups on domain/project
- Get a project scoped token for user1, checking that the right
two roles are returned (one directly assigned, one by virtue
of group membership)
- Repeat this for a domain scoped token
- Make user1 also a member of group2
- Get another scoped token making sure the additional role
shows up
- User2 is just here as a spoiler, to make sure we don’t get
any roles uniquely assigned to it returned in any of our
tokens
-
test_v2_v3_bind_token_intermix()[source]
-
test_validate_v2_scoped_token_with_v3_api()[source]
-
test_validate_v2_unscoped_token_with_v3_api()[source]
-
test_verify_with_bound_token()[source]
-
class keystone.tests.test_v3_auth.TestAuthXML(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_auth.TestAuthJSON
-
content_type = 'xml'
-
class keystone.tests.test_v3_auth.TestPKITokenAPIs(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests
-
config_overrides()[source]
-
setUp()[source]
-
class keystone.tests.test_v3_auth.TestTokenRevokeApi(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_auth.TestTokenRevokeById
-
EXTENSION_NAME = 'revoke'
-
EXTENSION_TO_ADD = 'revoke_extension'
Test token revocation on the v3 Identity API.
-
assertDomainInList(events_response, domain_id)[source]
-
assertUserAndExpiryInList(events, user_id, expires_at)[source]
-
assertValidDeletedProjectResponse(events_response, project_id)[source]
-
assertValidRevokedTokenResponse(events_response, user_id, project_id=None)[source]
-
config_overrides()[source]
-
test_disable_domain_shows_in_event_list()[source]
-
test_list_delete_project_shows_in_event_list()[source]
-
test_list_delete_token_shows_in_event_list()[source]
-
test_list_with_filter()[source]
-
test_revoke_by_id_false_410()[source]
-
test_revoke_token()[source]
-
test_revoke_v2_token()[source]
-
class keystone.tests.test_v3_auth.TestTokenRevokeById(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test token revocation on the v3 Identity API.
-
config_overrides()[source]
-
get_v2_token(token=None, project_id=None)[source]
-
role_data_fixtures()[source]
-
setUp()[source]
Setup for Token Revoking Test Cases.
As well as the usual housekeeping, create a set of domains,
users, groups, roles and projects for the subsequent tests:
- Two domains: A & B
- Three users (1, 2 and 3)
- Three groups (1, 2 and 3)
- Two roles (1 and 2)
- DomainA owns user1, domainB owns user2 and user3
- DomainA owns group1 and group2, domainB owns group3
- User1 and user2 are members of group1
- User3 is a member of group2
- Two projects: A & B, both in domainA
- Group1 has role1 on Project A and B, meaning that user1 and user2
will get these roles by virtue of membership
- User1, 2 and 3 have role1 assigned to projectA
- Group1 has role1 on Project A and B, meaning that user1 and user2
will get role1 (duplicated) by virtue of membership
- User1 has role2 assigned to domainA
-
test_deleting_group_grant_revokes_tokens()[source]
Test deleting a group grant revokes tokens.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Get a token for user2, scoped to ProjectA
- Get a token for user3, scoped to ProjectA
- Delete the grant group1 has on ProjectA
- Check tokens for user1 & user2 are no longer valid,
since user1 and user2 are members of group1
- Check token for user3 is still valid
-
test_deleting_project_deletes_grants()[source]
-
test_deleting_project_revokes_token()[source]
-
test_deleting_role_revokes_token()[source]
Test deleting a role revokes token.
- Add some additional test data, namely:
- A third project (project C)
- Three additional users - user4 owned by domainB and user5 and 6
owned by domainA (different domain ownership should not affect
the test results, just provided to broaden test coverage)
- User5 is a member of group1
- Group1 gets an additional assignment - role1 on projectB as
well as its existing role1 on projectA
- User4 has role2 on Project C
- User6 has role1 on projectA and domainA
- This allows us to create 5 tokens by virtue of different types
of role assignment:
- user1, scoped to ProjectA by virtue of user role1 assignment
- user5, scoped to ProjectB by virtue of group role1 assignment
- user4, scoped to ProjectC by virtue of user role2 assignment
- user6, scoped to ProjectA by virtue of user role1 assignment
- user6, scoped to DomainA by virtue of user role1 assignment
- role1 is then deleted
- Check the tokens on Project A and B, and DomainA are revoked,
but not the one for Project C
-
test_deleting_user_grant_revokes_token()[source]
Test deleting a user grant revokes token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Delete the grant user1 has on ProjectA
- Check token is no longer valid
-
test_disabling_project_revokes_token()[source]
-
test_domain_group_role_assignment_maintains_token()[source]
Test domain-group role assignment maintains existing token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Create a grant for group1 on DomainB
- Check token is still longer valid
-
test_domain_user_role_assignment_maintains_token()[source]
Test user-domain role assignment maintains existing token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Create a grant for user1 on DomainB
- Check token is still valid
-
test_group_membership_changes_revokes_token()[source]
Test add/removal to/from group revokes token.
Test Plan:
- Get a token for user1, scoped to ProjectA
- Get a token for user2, scoped to ProjectA
- Remove user1 from group1
- Check token for user1 is no longer valid
- Check token for user2 is still valid, even though
user2 is also part of group1
- Add user2 to group2
- Check token for user2 is now no longer valid
-
test_removing_role_assignment_does_not_affect_other_users()[source]
Revoking a role from one user should not affect other users.
-
test_revoke_token_from_token()[source]
-
test_revoke_token_from_token_v2()[source]
-
test_revoke_v2_token_no_check()[source]
-
test_unscoped_token_remains_valid_after_role_assignment()[source]
-
class keystone.tests.test_v3_auth.TestTokenRevokeSelfAndAdmin(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test token revoke using v3 Identity API by token owner and admin.
-
config_overrides()[source]
-
setUp()[source]
Setup for Test Cases.
Two domains, domainA and domainB
Two users in domainA, userNormalA and userAdminA
One user in domainB, userAdminB
-
test_adminA_revokes_userA_token()[source]
-
test_adminB_fails_revoking_userA_token()[source]
-
test_user_revokes_own_token()[source]
-
class keystone.tests.test_v3_auth.TestTrustAuth(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_auth.TestAuthInfo
-
EXTENSION_NAME = 'revoke'
-
EXTENSION_TO_ADD = 'revoke_extension'
-
assertTrustTokensRevoked(trust_id)[source]
-
config_overrides()[source]
-
setUp()[source]
-
test_change_password_invalidates_trust_tokens()[source]
-
test_consume_trust_once()[source]
-
test_create_expired_trust()[source]
-
test_create_one_time_use_trust()[source]
-
test_create_trust_400()[source]
-
test_create_trust_no_roles()[source]
-
test_create_trust_project_404()[source]
-
test_create_trust_role_id_404()[source]
-
test_create_trust_role_name_404()[source]
-
test_create_trust_trustee_404()[source]
-
test_create_trust_trustor_trustee_backwards()[source]
-
test_create_trust_with_bad_values_for_remaining_uses()[source]
-
test_create_unlimited_use_trust()[source]
-
test_create_unscoped_trust()[source]
-
test_delete_trust()[source]
-
test_delete_trust_revokes_tokens()[source]
-
test_exercise_trust_scoped_token_with_impersonation()[source]
-
test_exercise_trust_scoped_token_without_impersonation()[source]
-
test_impersonation_token_cannot_create_new_trust()[source]
-
test_list_trusts()[source]
-
test_trust_crud()[source]
-
test_trustee_can_do_role_ops()[source]
-
test_v3_v2_intermix()[source]
-
test_v3_v2_intermix_project_not_in_default_domaini_failed()[source]
-
test_v3_v2_intermix_trustor_not_in_default_domain_failed()[source]
-
test_v3_v2_intermix_trustor_not_in_default_domaini_failed()[source]
-
class keystone.tests.test_v3_auth.TestTrustOptional(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
config_overrides()[source]
-
test_auth_with_scope_in_trust_403()[source]
-
test_trusts_404()[source]
-
class keystone.tests.test_v3_auth.TestUUIDTokenAPIs(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase, keystone.tests.test_v3_auth.TokenAPITests
-
config_overrides()[source]
-
setUp()[source]
-
test_v3_token_id()[source]
-
test_v3_v2_hashed_pki_token_intermix()[source]
-
class keystone.tests.test_v3_auth.TokenAPITests[source]
Bases: object
-
doSetUp()[source]
-
test_check_token()[source]
-
test_default_fixture_scope_token()[source]
-
test_rescoping_token()[source]
-
test_v2_v3_token_intermix()[source]
-
test_v2_v3_unscoped_token_intermix()[source]
-
test_v3_token_id()[source]
-
test_v3_v2_hashed_pki_token_intermix()[source]
-
test_v3_v2_intermix_domain_scoped_token_failed()[source]
-
test_v3_v2_intermix_new_default_domain()[source]
-
test_v3_v2_intermix_non_default_domain_failed()[source]
-
test_v3_v2_intermix_non_default_project_failed()[source]
-
test_v3_v2_token_intermix()[source]
-
test_v3_v2_unscoped_token_intermix()[source]
-
test_validate_token()[source]
-
test_validate_token_nocatalog()[source]
-
verify_token(*args, **kwargs)[source]
keystone.tests.test_v3_catalog module
-
class keystone.tests.test_v3_catalog.CatalogTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test service & endpoint CRUD.
-
assertValidErrorResponse(response)[source]
-
test_create_endpoint_400()[source]
Call POST /endpoints.
-
test_create_endpoint_enabled_false()[source]
Call POST /endpoints with enabled: false.
-
test_create_endpoint_enabled_str_false()[source]
Call POST /endpoints with enabled: ‘False’.
-
test_create_endpoint_enabled_str_random()[source]
Call POST /endpoints with enabled: ‘puppies’.
-
test_create_endpoint_enabled_str_true()[source]
Call POST /endpoints with enabled: ‘True’.
-
test_create_endpoint_enabled_true()[source]
Call POST /endpoints with enabled: true.
-
test_create_endpoint_no_enabled()[source]
Call POST /endpoints.
-
test_create_endpoint_on_v2()[source]
-
test_create_endpoint_with_empty_url()[source]
Call POST /endpoints.
-
test_create_region()[source]
Call POST /regions with an ID in the request body.
-
test_create_region_with_conflicting_ids()[source]
Call PUT /regions/{region_id} with conflicting region IDs.
-
test_create_region_with_duplicate_id()[source]
Call PUT /regions/{region_id}.
-
test_create_region_with_id()[source]
Call PUT /regions/{region_id} w/o an ID in the request body.
-
test_create_region_with_matching_ids()[source]
Call PUT /regions/{region_id} with an ID in the request body.
-
test_create_region_without_id()[source]
Call POST /regions without an ID in the request body.
-
test_create_service()[source]
Call POST /services.
-
test_create_service_enabled_false()[source]
Call POST /services.
-
test_create_service_enabled_str_false()[source]
Call POST /services.
-
test_create_service_enabled_str_random()[source]
Call POST /services.
-
test_create_service_enabled_str_true()[source]
Call POST /services.
-
test_create_service_enabled_true()[source]
Call POST /services.
-
test_create_service_no_enabled()[source]
Call POST /services.
-
test_delete_endpoint()[source]
Call DELETE /endpoints/{endpoint_id}.
-
test_delete_region()[source]
Call DELETE /regions/{region_id}.
-
test_delete_service()[source]
Call DELETE /services/{service_id}.
-
test_get_endpoint()[source]
Call GET /endpoints/{endpoint_id}.
-
test_get_region()[source]
Call GET /regions/{region_id}.
-
test_get_service()[source]
Call GET /services/{service_id}.
-
test_list_endpoints()[source]
Call GET /endpoints.
-
test_list_endpoints_xml()[source]
Call GET /endpoints (xml data).
-
test_list_regions()[source]
Call GET /regions.
-
test_list_regions_xml()[source]
Call GET /regions (xml data).
-
test_list_services()[source]
Call GET /services.
-
test_list_services_xml()[source]
Call GET /services (xml data).
-
test_update_endpoint()[source]
Call PATCH /endpoints/{endpoint_id}.
-
test_update_endpoint_enabled_false()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: False.
-
test_update_endpoint_enabled_str_false()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: ‘False’.
-
test_update_endpoint_enabled_str_random()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: ‘kitties’.
-
test_update_endpoint_enabled_str_true()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: ‘True’.
-
test_update_endpoint_enabled_true()[source]
Call PATCH /endpoints/{endpoint_id} with enabled: True.
-
test_update_region()[source]
Call PATCH /regions/{region_id}.
-
test_update_service()[source]
Call PATCH /services/{service_id}.
-
class keystone.tests.test_v3_catalog.TestCatalogAPISQL(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Tests for the catalog Manager against the SQL backend.
-
config_overrides()[source]
-
new_endpoint_ref(service_id)[source]
-
setUp()[source]
-
test_get_catalog_ignores_endpoints_with_invalid_urls()[source]
keystone.tests.test_v3_credential module
-
class keystone.tests.test_v3_credential.CredentialBaseTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
class keystone.tests.test_v3_credential.CredentialTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase
Test credential CRUD.
-
setUp()[source]
-
test_create_credential()[source]
Call POST /credentials.
-
test_create_credential_with_admin_token()[source]
-
test_create_ec2_credential()[source]
Call POST /credentials for creating ec2 credential.
-
test_create_ec2_credential_with_invalid_blob()[source]
Call POST /credentials for creating ec2
credential with invalid blob.
-
test_create_non_ec2_credential()[source]
Call POST /credentials for creating non-ec2 credential.
-
test_credential_api_delete_credentials_for_project()[source]
-
test_credential_api_delete_credentials_for_user()[source]
-
test_delete_credential()[source]
Call DELETE /credentials/{credential_id}.
-
test_get_credential()[source]
Call GET /credentials/{credential_id}.
-
test_get_ec2_dict_blob()[source]
Ensure non-JSON blob data is correctly converted.
-
test_list_credentials()[source]
Call GET /credentials.
-
test_list_credentials_xml()[source]
Call GET /credentials (xml data).
-
test_list_ec2_dict_blob()[source]
Ensure non-JSON blob data is correctly converted.
-
test_update_credential()[source]
Call PATCH /credentials/{credential_id}.
-
class keystone.tests.test_v3_credential.TestCredentialEc2(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_credential.CredentialBaseTestCase
Test v3 credential compatibility with ec2tokens.
-
setUp()[source]
-
test_ec2_create_credential()[source]
Test ec2 credential creation.
-
test_ec2_credential_signature_validate()[source]
Test signature validation with a v3 ec2 credential.
-
test_ec2_credential_signature_validate_legacy()[source]
Test signature validation with a legacy v3 ec2 credential.
-
test_ec2_delete_credential()[source]
Test ec2 credential deletion.
-
test_ec2_get_credential()[source]
-
test_ec2_list_credentials()[source]
Test ec2 credential listing.
-
class keystone.tests.test_v3_credential.TestCredentialTrustScoped(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test credential with trust scoped token.
-
config_overrides()[source]
-
setUp()[source]
-
test_trust_scoped_ec2_credential()[source]
Call POST /credentials for creating ec2 credential.
keystone.tests.test_v3_federation module
-
class keystone.tests.test_v3_federation.FederatedIdentityProviderTests(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_federation.FederationTests
A test class for Identity Providers.
-
base_url(suffix=None)[source]
-
default_body = {'enabled': True, 'description': None}
-
idp_keys = ['description', 'enabled']
-
test_assign_protocol_to_idp()[source]
Assign a protocol to existing IdP.
-
test_assign_protocol_to_nonexistent_idp()[source]
Assign protocol to IdP that doesn’t exist.
Expect HTTP 404 code.
-
test_check_idp_uniqueness()[source]
Add same IdP twice.
Expect HTTP 409 code for the latter call.
-
test_create_idp()[source]
Creates the IdentityProvider entity.
-
test_delete_existing_idp()[source]
Create and later delete IdP.
Expect HTTP 404 for the GET IdP call.
-
test_delete_nonexisting_idp()[source]
Delete nonexisting IdP.
Expect HTTP 404 for the GET IdP call.
-
test_delete_protocol()[source]
Delete protocol.
Expect HTTP 404 code for the GET call after the protocol is deleted.
-
test_get_idp()[source]
Create and later fetch IdP.
-
test_get_nonexisting_idp()[source]
Fetch nonexisting IdP entity.
Expected HTTP 404 status code.
-
test_get_protocol()[source]
Create and later fetch protocol tied to IdP.
-
test_list_idps(iterations=5)[source]
Lists all available IdentityProviders.
This test collects ids of created IdPs and
intersects it with the list of all available IdPs.
List of all IdPs can be a superset of IdPs created in this test,
because other tests also create IdPs.
-
test_list_protocols()[source]
Create set of protocols and later list them.
Compare input and output id sets.
-
test_protocol_composite_pk()[source]
Test whether Keystone let’s add two entities with identical
names, however attached to different IdPs.
- Add IdP and assign it protocol with predefined name
- Add another IdP and assign it a protocol with same name.
Expect HTTP 201 code
-
test_protocol_idp_pk_uniqueness()[source]
Test whether Keystone checks for unique idp/protocol values.
Add same protocol twice, expect Keystone to reject a latter call and
return HTTP 409 code.
-
test_update_idp_immutable_attributes()[source]
Update IdP’s immutable parameters.
Expect HTTP 403 code.
-
test_update_idp_mutable_attributes()[source]
Update IdP’s mutable parameters.
-
test_update_nonexistent_idp()[source]
Update nonexistent IdP
Expect HTTP 404 code.
-
test_update_protocols_attribute()[source]
Update protocol’s attribute.
-
class keystone.tests.test_v3_federation.FederatedTokenTests(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_federation.FederationTests
-
ASSERTION_PREFIX = 'PREFIX_'
-
AUTH_METHOD = 'saml2'
-
AUTH_URL = '/auth/tokens'
-
IDP = 'ORG_IDP'
-
PROTOCOL = 'saml2'
-
UNSCOPED_V3_SAML2_REQ = {'identity': {'methods': ['saml2'], 'saml2': {'identity_provider': 'ORG_IDP', 'protocol': 'saml2'}}}
-
USER = 'user@ORGANIZATION'
-
idp_ref(id=None)[source]
-
load_federation_sample_data()[source]
Inject additional data.
-
mapping_ref(rules=None)[source]
-
proto_ref(mapping_id=None)[source]
-
setUp()[source]
-
test_assertion_prefix_parameter()[source]
Test parameters filtering based on the prefix.
With assertion_prefix set to fixed, non defailt value,
issue an unscoped token from assertion EMPLOYEE_ASSERTION_PREFIXED.
Expect server to return unscoped token.
-
test_assertion_prefix_parameter_expect_fail()[source]
Test parameters filtering based on the prefix.
With assertion_prefix default value set to empty string
issue an unscoped token from assertion EMPLOYEE_ASSERTION.
Next, configure assertion_prefix to value UserName.
Try issuing unscoped token with EMPLOYEE_ASSERTION.
Expect server to raise exception.Unathorized exception.
-
test_full_workflow()[source]
Test ‘standard’ workflow for granting access tokens.
- Issue unscoped token
- List available projects based on groups
- Scope token to a one of available projects
-
test_issue_token_from_rules_without_user()[source]
-
test_issue_token_with_nonexistent_group()[source]
Inject assertion that matches rule issuing bad group id.
Expect server to find out that some groups are missing in the
backend and raise exception.MappedGroupNotFound exception.
-
test_issue_unscoped_token()[source]
-
test_issue_unscoped_token_malformed_environment()[source]
Test whether non string objects are filtered out.
Put non string objects into the environment, inject
correct assertion and try to get an unscoped token.
Expect server not to fail on using split() method on
non string objects and return token id in the HTTP header.
-
test_issue_unscoped_token_no_groups()[source]
-
test_issue_unscoped_token_serialize_to_xml()[source]
Issue unscoped token and serialize to XML.
Make sure common.serializer doesn’t complain about
the response structure and tag names.
-
test_list_domains()[source]
-
test_list_projects()[source]
-
test_scope_to_bad_project()[source]
Scope unscoped token with a project we don’t have access to.
-
test_scope_to_domain_multiple_tokens()[source]
Issue multiple tokens scoping to different domains.
The new tokens should be scoped to:
-
test_scope_to_domain_once()[source]
-
test_scope_to_project_multiple_times()[source]
Try to scope the unscoped token multiple times.
The new tokens should be scoped to:
- Customers’ project
- Employees’ project
-
test_scope_to_project_once()[source]
-
test_scope_token_from_nonexistent_unscoped_token()[source]
Try to scope token from non-existent unscoped token.
-
test_workflow_with_groups_deletion()[source]
Test full workflow with groups deletion before token scoping.
- The test scenario is as follows:
- Create group group
- Create and assign roles to group and project_all
- Patch mapping rules for existing IdP so it issues group id
- Issue unscoped token with group‘s id
- Delete group group
- Scope token to project_all
- Expect HTTP 500 response
-
class keystone.tests.test_v3_federation.FederationTests(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
EXTENSION_NAME = 'federation'
-
EXTENSION_TO_ADD = 'federation_extension'
-
setup_database()[source]
-
class keystone.tests.test_v3_federation.MappingCRUDTests(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_federation.FederationTests
A class for testing CRUD operations for Mappings.
-
MAPPING_URL = '/OS-FEDERATION/mappings/'
-
assertValidMapping(entity, ref=None)[source]
-
assertValidMappingListResponse(resp, *args, **kwargs)[source]
-
assertValidMappingResponse(resp, *args, **kwargs)[source]
-
test_create_mapping_bad_requirements()[source]
-
test_create_mapping_bad_value()[source]
-
test_create_mapping_empty_map()[source]
-
test_create_mapping_missing_local()[source]
-
test_create_mapping_missing_type()[source]
-
test_create_mapping_no_remote_objects()[source]
-
test_create_mapping_no_rules()[source]
-
test_create_mapping_wrong_type()[source]
-
test_delete_mapping_dne()[source]
-
test_get_mapping_dne()[source]
-
test_mapping_create()[source]
-
test_mapping_delete()[source]
-
test_mapping_get()[source]
-
test_mapping_list()[source]
-
test_mapping_update()[source]
-
class keystone.tests.test_v3_federation.MappingRuleEngineTests(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_federation.FederationTests
A class for testing the mapping rule engine.
-
test_rule_engine_any_one_of_and_direct_mapping()[source]
Should return user’s name and group id EMPLOYEE_GROUP_ID.
The ADMIN_ASSERTION should successfully have a match in MAPPING_LARGE.
The will test the case where any_one_of is valid, and there is
a direct mapping for the users name.
-
test_rule_engine_any_one_of_many_rules()[source]
Should return group CONTRACTOR_GROUP_ID.
The CONTRACTOR_ASSERTION should successfully have a match in
MAPPING_SMALL. This will test the case where many rules
must be matched, including an any_one_of, and a direct
mapping.
-
test_rule_engine_discards_nonstring_objects()[source]
Check whether RuleProcessor discards non string objects.
Despite the fact that assertion is malformed and contains
non string objects, RuleProcessor should correctly discard them and
successfully have a match in MAPPING_LARGE.
-
test_rule_engine_fails_after_discarding_nonstring()[source]
Check whether RuleProcessor discards non string objects.
Expect RuleProcessor to discard non string object, which
is required for a correct rule match. Since no rules are
matched expect RuleProcessor to raise exception.Unauthorized
exception.
-
test_rule_engine_no_regex_match()[source]
Should deny authorization, the email of the tester won’t match.
This will not match since the email in the assertion will fail
the regex test. It is set to match any @example.com address.
But the incoming value is set to eviltester@example.org.
RuleProcessor should raise exception.Unauthorized exception.
-
test_rule_engine_not_any_of_and_direct_mapping()[source]
Should return user’s name and email.
The CUSTOMER_ASSERTION should successfully have a match in
MAPPING_LARGE. This will test the case where a requirement
has not_any_of, and direct mapping to a username, no group.
-
test_rule_engine_not_any_of_many_rules()[source]
Should return group EMPLOYEE_GROUP_ID.
The EMPLOYEE_ASSERTION should successfully have a match in
MAPPING_SMALL. This will test the case where many remote
rules must be matched, including a not_any_of.
-
test_rule_engine_regex_match_and_many_groups()[source]
Should return group DEVELOPER_GROUP_ID and TESTER_GROUP_ID.
The TESTER_ASSERTION should successfully have a match in
MAPPING_LARGE. This will test a successful regex match
for an any_one_of evaluation type, and will have many
groups returned.
-
keystone.tests.test_v3_federation.dummy_validator(*args, **kwargs)[source]
keystone.tests.test_v3_filters module
-
class keystone.tests.test_v3_filters.IdentityTestFilteredCase(*args, **kwargs)[source]
Bases: keystone.tests.filtering.FilterTests, keystone.tests.test_v3.RestfulTestCase
Test filter enforcement on the v3 Identity API.
-
content_type = 'json'
-
load_sample_data()[source]
Create sample data for these tests.
As well as the usual housekeeping, create a set of domains,
users, roles and projects for the subsequent tests:
- Three domains: A,B & C. C is disabled.
- DomainA has user1, DomainB has user2 and user3
- DomainA has group1 and group2, DomainB has group3
- User1 has a role on DomainA
Remember that there will also be a fourth domain in existence,
the default domain.
-
setUp()[source]
Setup for Identity Filter Test Cases.
-
test_filter_sql_injection_attack()[source]
GET /users?name=<injected sql_statement>
Test Plan:
- Attempt to get all entities back by passing a two-term attribute
- Attempt to piggyback filter to damage DB (e.g. drop table)
-
test_inexact_filters()[source]
-
test_list_filtered_domains()[source]
GET /domains?enabled=0
Test Plan:
- Update policy for no protection on api
- Filter by the ‘enabled’ boolean to get disabled domains, which
should return just domainC
- Try the filter using different ways of specifying True/False
to test that our handling of booleans in filter matching is
correct
-
test_list_users_filtered_by_domain()[source]
GET /users?domain_id=mydomain (filtered)
Test Plan:
- Update policy so api is unprotected
- Use an un-scoped token to make sure we can filter the
users by domainB, getting back the 2 users in that domain
-
test_list_users_filtered_by_funny_name()[source]
GET /users?name=%myname%
Test Plan:
- Update policy so api is unprotected
- Update a user with name that has filter escape characters
- Ensure we can filter on it
-
test_multiple_filters()[source]
GET /domains?enabled&name=myname
Test Plan:
- Update policy for no protection on api
- Filter by the ‘enabled’ boolean and name - this should
return a single domain
-
class keystone.tests.test_v3_filters.IdentityTestFilteredCaseXML(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase
-
content_type = 'xml'
-
class keystone.tests.test_v3_filters.IdentityTestListLimitCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_filters.IdentityTestFilteredCase
Test list limiting enforcement on the v3 Identity API.
-
clean_up_entity(entity)[source]
Clean up entity test data from Identity Limit Test Cases.
-
clean_up_policy()[source]
Clean up policy test data from Identity Limit Test Cases.
-
clean_up_service()[source]
Clean up service test data from Identity Limit Test Cases.
-
content_type = 'json'
-
setUp()[source]
Setup for Identity Limit Test Cases.
-
test_at_limit()[source]
Check truncated attribute not set when list at max size.
-
test_groups_list_limit()[source]
-
test_no_limit()[source]
Check truncated attribute not set when list not limited.
-
test_non_driver_list_limit()[source]
Check list can be limited without driver level support.
Policy limiting is not done at the driver level (since it
really isn’t worth doing it there). So use this as a test
for ensuring the controller level will successfully limit
in this case.
-
test_projects_list_limit()[source]
-
test_services_list_limit()[source]
-
test_users_list_limit()[source]
-
class keystone.tests.test_v3_filters.IdentityTestListLimitCaseXML(*args, **kwargs)[source]
Bases: keystone.tests.test_v3_filters.IdentityTestListLimitCase
-
content_type = 'xml'
keystone.tests.test_v3_identity module
-
class keystone.tests.test_v3_identity.IdentityInheritanceDisabledTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test inheritance crud and its effects.
-
config_overrides()[source]
-
test_crud_inherited_role_grants_failed_if_disabled()[source]
-
class keystone.tests.test_v3_identity.IdentityInheritanceTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test inheritance crud and its effects.
-
config_overrides()[source]
-
test_crud_user_inherited_domain_role_grants()[source]
-
test_filtered_role_assignments_for_inherited_grants()[source]
Call GET /role_assignments?scope.OS-INHERIT:inherited_to.
Test Plan:
- Create 5 roles
- Create a domain with a user, group and two projects
- Assign three direct spoiler roles to projects
- Issue the URL to add an inherited user role to the domain
- Issue the URL to add an inherited group role to the domain
- Issue the URL to filter by inherited roles - this should
return just the 2 inherited roles.
-
test_list_role_assignments_for_disabled_inheritance_extension()[source]
Call GET /role_assignments with inherited domain grants.
Test Plan:
- Issue the URL to add inherited role to the domain
- Issue the URL to check effective roles on project include the
inherited role
- Disable the extension
- Re-check the effective roles, proving the inherited role no longer
shows up.
-
test_list_role_assignments_for_inherited_domain_grants()[source]
Call GET /role_assignments with inherited domain grants.
Test Plan:
- Create 4 roles
- Create a domain with a user and two projects
- Assign two direct roles to project1
- Assign a spoiler role to project2
- Issue the URL to add inherited role to the domain
- Issue the URL to check it is indeed on the domain
- Issue the URL to check effective roles on project1 - this
should return 3 roles.
-
test_list_role_assignments_for_inherited_group_domain_grants()[source]
Call GET /role_assignments with inherited group domain grants.
Test Plan:
- Create 4 roles
- Create a domain with a user and two projects
- Assign two direct roles to project1
- Assign a spoiler role to project2
- Issue the URL to add inherited role to the domain
- Issue the URL to check it is indeed on the domain
- Issue the URL to check effective roles on project1 - this
should return 3 roles.
-
class keystone.tests.test_v3_identity.IdentityTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test domains, projects, users, groups, & role CRUD.
-
setUp()[source]
-
test_add_user_to_group()[source]
Call PUT /groups/{group_id}/users/{user_id}.
-
test_check_effective_values_for_role_assignments()[source]
Call GET /role_assignments?effective=value.
Check the various ways of specifying the ‘effective’
query parameter. If the ‘effective’ query parameter
is included then this should always be treated as
as meaning ‘True’ unless it is specified as:
{url}?effective=0
This is by design to match the agreed way of handling
policy checking on query/filter parameters.
Test Plan:
- Create two extra user for tests
- Add these users to a group
- Add a role assignment for the group on a domain
- Get a list of all role assignments, checking one has been added
- Then issue various request with different ways of defining
the ‘effective’ query parameter. As we have tested the
correctness of the data coming back when we get effective roles
in other tests, here we just use the count of entities to
know if we are getting effective roles or not
-
test_check_user_in_group()[source]
Call HEAD /groups/{group_id}/users/{user_id}.
-
test_create_domain()[source]
Call POST /domains.
-
test_create_domain_400()[source]
Call POST /domains.
-
test_create_domain_case_sensitivity()[source]
Call POST /domains` twice with upper() and lower() cased name.
-
test_create_group()[source]
Call POST /groups.
-
test_create_group_400()[source]
Call POST /groups.
-
test_create_project()[source]
Call POST /projects.
-
test_create_project_400()[source]
Call POST /projects.
-
test_create_role()[source]
Call POST /roles.
-
test_create_role_400()[source]
Call POST /roles.
-
test_create_user()[source]
Call POST /users.
-
test_create_user_400()[source]
Call POST /users.
-
test_crud_group_domain_role_grants()[source]
-
test_crud_group_domain_role_grants_no_group()[source]
Grant role on a domain to a group that doesn’t exist, 404 result.
When grant a role on a domain to a group that doesn’t exist, the server
returns 404 Not Found for the group.
-
test_crud_group_project_role_grants()[source]
-
test_crud_group_project_role_grants_no_group()[source]
Grant role on a project to a group that doesn’t exist, 404 result.
When grant a role on a project to a group that doesn’t exist, the
server returns 404 Not Found for the group.
-
test_crud_user_domain_role_grants()[source]
-
test_crud_user_domain_role_grants_no_user()[source]
Grant role on a domain to a user that doesn’t exist, 404 result.
When grant a role on a domain to a user that doesn’t exist, the server
returns 404 Not Found for the user.
-
test_crud_user_project_role_grants()[source]
-
test_crud_user_project_role_grants_no_user()[source]
Grant role on a project to a user that doesn’t exist, 404 result.
When grant a role on a project to a user that doesn’t exist, the server
returns 404 Not Found for the user.
-
test_delete_default_domain_fails()[source]
-
test_delete_domain()[source]
Call DELETE /domains/{domain_id}.
The sample data set up already has a user, group, project
and credential that is part of self.domain. Since the user
we will authenticate with is in this domain, we create a
another set of entities in a second domain. Deleting this
second domain should delete all these new entities. In addition,
all the entities in the regular self.domain should be unaffected
by the delete.
Test Plan:
- Create domain2 and a 2nd set of entities
- Disable domain2
- Delete domain2
- Check entities in domain2 have been deleted
- Check entities in self.domain are unaffected
-
test_delete_enabled_domain_fails()[source]
Call DELETE /domains/{domain_id} (when domain enabled).
-
test_delete_group()[source]
Call DELETE /groups/{group_id}.
-
test_delete_new_default_domain_fails()[source]
-
test_delete_old_default_domain()[source]
-
test_delete_project()[source]
Call DELETE /projects/{project_id}
As well as making sure the delete succeeds, we ensure
that any credentials that reference this projects are
also deleted, while other credentials are unaffected.
-
test_delete_role()[source]
Call DELETE /roles/{role_id}.
-
test_delete_user()[source]
Call DELETE /users/{user_id}.
As well as making sure the delete succeeds, we ensure
that any credentials that reference this user are
also deleted, while other credentials are unaffected.
In addition, no tokens should remain valid for this user.
-
test_disable_domain()[source]
Call PATCH /domains/{domain_id} (set enabled=False).
-
test_filtered_role_assignments()[source]
Call GET /role_assignments?filters.
Test Plan:
- Create extra users, group, role and project for tests
- Make the following assignments:
Give group1, role1 on project1 and domain
Give user1, role2 on project1 and domain
Make User1 a member of Group1
- Test a series of single filter list calls, checking that
the correct results are obtained
- Test a multi-filtered list call
- Test listing all effective roles for a given user
- Test the equivalent of the list of roles in a project scoped
token (all effective roles for a user on a project)
-
test_get_domain()[source]
Call GET /domains/{domain_id}.
-
test_get_effective_role_assignments()[source]
Call GET /role_assignments?effective.
Test Plan:
- Create two extra user for tests
- Add these users to a group
- Add a role assignment for the group on a domain
- Get a list of all role assignments, checking one has been added
- Then get a list of all effective role assignments - the group
assignment should have turned into assignments on the domain
for each of the group members.
-
test_get_group()[source]
Call GET /groups/{group_id}.
-
test_get_project()[source]
Call GET /projects/{project_id}.
-
test_get_role()[source]
Call GET /roles/{role_id}.
-
test_get_role_assignments()[source]
Call GET /role_assignments.
The sample data set up already has a user, group and project
that is part of self.domain. We use these plus a new user
we create as our data set, making sure we ignore any
role assignments that are already in existence.
Since we don’t yet support a first class entity for role
assignments, we are only testing the LIST API. To create
and delete the role assignments we use the old grant APIs.
Test Plan:
- Create extra user for tests
- Get a list of all existing role assignments
- Add a new assignment for each of the four combinations, i.e.
group+domain, user+domain, group+project, user+project, using
the same role each time
- Get a new list of all role assignments, checking these four new
ones have been added
- Then delete the four we added
- Get a new list of all role assignments, checking the four have
been removed
-
test_get_user()[source]
Call GET /users/{user_id}.
-
test_get_user_with_default_project()[source]
Call GET /users/{user_id} making sure of default_project_id.
-
test_list_domains()[source]
Call GET /domains.
-
test_list_domains_xml()[source]
Call GET /domains (xml data).
-
test_list_groups()[source]
Call GET /groups.
-
test_list_groups_for_user()[source]
Call GET /users/{user_id}/groups.
-
test_list_groups_xml()[source]
Call GET /groups (xml data).
-
test_list_projects()[source]
Call GET /projects.
-
test_list_projects_xml()[source]
Call GET /projects (xml data).
-
test_list_roles()[source]
Call GET /roles.
-
test_list_roles_xml()[source]
Call GET /roles (xml data).
-
test_list_users()[source]
Call GET /users.
-
test_list_users_in_group()[source]
Call GET /groups/{group_id}/users.
-
test_list_users_no_default_project()[source]
Call GET /users making sure no default_project_id.
-
test_list_users_xml()[source]
Call GET /users (xml data).
-
test_remove_user_from_group()[source]
Call DELETE /groups/{group_id}/users/{user_id}.
-
test_update_domain()[source]
Call PATCH /domains/{domain_id}.
-
test_update_group()[source]
Call PATCH /groups/{group_id}.
-
test_update_group_domain_id()[source]
Call PATCH /groups/{group_id} with domain_id.
-
test_update_project()[source]
Call PATCH /projects/{project_id}.
-
test_update_project_domain_id()[source]
Call PATCH /projects/{project_id} with domain_id.
-
test_update_role()[source]
Call PATCH /roles/{role_id}.
-
test_update_user()[source]
Call PATCH /users/{user_id}.
-
test_update_user_domain_id()[source]
Call PATCH /users/{user_id} with domain_id.
-
class keystone.tests.test_v3_identity.TestV3toV2Methods(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
Test V3 to V2 conversion methods.
-
setUp()[source]
-
test_v2controller_filter_domain_id()[source]
-
test_v3_to_v2_user_method()[source]
-
test_v3_to_v2_user_method_list()[source]
-
test_v3controller_filter_domain_id()[source]
-
class keystone.tests.test_v3_identity.UserSelfServiceChangingPasswordsTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
change_password(expected_status, **kwargs)[source]
Returns a test response for a change password request.
-
get_request_token(password, expected_status)[source]
-
setUp()[source]
-
test_changing_password()[source]
-
test_changing_password_with_disabled_user_fails()[source]
-
test_changing_password_with_incorrect_password_fails()[source]
-
test_changing_password_with_missing_original_password_fails()[source]
-
test_changing_password_with_missing_password_fails()[source]
keystone.tests.test_v3_os_revoke module
-
class keystone.tests.test_v3_os_revoke.OSRevokeTests(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
-
EXTENSION_NAME = 'revoke'
-
EXTENSION_TO_ADD = 'revoke_extension'
-
assertReportedEventMatchesRecorded(event, sample, before_time)[source]
-
test_disabled_domain_in_list()[source]
-
test_disabled_project_in_list()[source]
-
test_get_empty_list()[source]
-
test_list_since_invalid()[source]
-
test_list_since_valid()[source]
-
test_revoked_token_in_list()[source]
-
test_since_future_time_no_events()[source]
keystone.tests.test_v3_policy module
-
class keystone.tests.test_v3_policy.PolicyTestCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test policy CRUD.
-
setUp()[source]
-
test_create_policy()[source]
Call POST /policies.
-
test_delete_policy()[source]
Call DELETE /policies/{policy_id}.
-
test_get_policy()[source]
Call GET /policies/{policy_id}.
-
test_list_policies()[source]
Call GET /policies.
-
test_list_policies_xml()[source]
Call GET /policies (xml data).
-
test_update_policy()[source]
Call PATCH /policies/{policy_id}.
keystone.tests.test_v3_protection module
-
class keystone.tests.test_v3_protection.IdentityTestProtectedCase(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test policy enforcement on the v3 Identity API.
-
load_sample_data()[source]
-
setUp()[source]
Setup for Identity Protection Test Cases.
As well as the usual housekeeping, create a set of domains,
users, roles and projects for the subsequent tests:
- Three domains: A,B & C. C is disabled.
- DomainA has user1, DomainB has user2 and user3
- DomainA has group1 and group2, DomainB has group3
- User1 has two roles on DomainA
- User2 has one role on DomainA
Remember that there will also be a fourth domain in existence,
the default domain.
-
test_get_user_protected_match_id()[source]
GET /users/{id} (match payload)
Test Plan:
- Update policy to protect api by user_id
- List users with user_id of user1 as filter, to check that
this will correctly match user_id in the flattened
payload
-
test_get_user_protected_match_target()[source]
GET /users/{id} (match target)
Test Plan:
- Update policy to protect api by domain_id
- Try and read a user who is in DomainB with a token scoped
to Domain A - this should fail
- Retry this for a user who is in Domain A, which should succeed.
- Finally, try getting a user that does not exist, which should
still return UserNotFound
-
test_list_groups_protected_by_domain()[source]
GET /groups?domain_id=mydomain (protected)
Test Plan:
- Update policy to protect api by domain_id
- List groups using a token scoped to domainA and make sure
we only get back the two groups that are in domainA
- Try and read the groups from domainB - this should fail since
we don’t have a token scoped for domainB
-
test_list_groups_protected_by_domain_and_filtered()[source]
GET /groups?domain_id=mydomain&name=myname (protected)
Test Plan:
- Update policy to protect api by domain_id
- List groups using a token scoped to domainA with a filter
specifying both domainA and the name of group.
- We should only get back the group in domainA that matches
the name
-
test_list_users_filtered_by_domain()[source]
GET /users?domain_id=mydomain (filtered)
Test Plan:
- Update policy so api is unprotected
- Use an un-scoped token to make sure we can filter the
users by domainB, getting back the 2 users in that domain
-
test_list_users_protected_by_domain()[source]
GET /users?domain_id=mydomain (protected)
Test Plan:
- Update policy to protect api by domain_id
- List groups using a token scoped to domainA with a filter
specifying domainA - we should only get back the one user
that is in domainA.
- Try and read the users from domainB - this should fail since
we don’t have a token scoped for domainB
-
test_list_users_unprotected()[source]
GET /users (unprotected)
Test Plan:
- Update policy so api is unprotected
- Use an un-scoped token to make sure we can get back all
the users independent of domain
-
test_revoke_grant_protected_match_target()[source]
DELETE /domains/{id}/users/{id}/roles/{id} (match target)
Test Plan:
- Update policy to protect api by domain_id of entities in
the grant
- Try and delete the existing grant that has a user who is
from a different domain - this should fail.
- Retry this for a user who is in Domain A, which should succeed.
-
class keystone.tests.test_v3_protection.IdentityTestv3CloudPolicySample(*args, **kwargs)[source]
Bases: keystone.tests.test_v3.RestfulTestCase
Test policy enforcement of the sample v3 cloud policy file.
-
load_sample_data()[source]
-
setUp()[source]
Setup for v3 Cloud Policy Sample Test Cases.
The following data is created:
- Three domains: domainA, domainB and admin_domain
- One project, which name is ‘project’
- domainA has three users: domain_admin_user, project_admin_user and
just_a_user:
- domain_admin_user has role ‘admin’ on domainA,
- project_admin_user has role ‘admin’ on the project,
- just_a_user has a non-admin role on both domainA and the project.
- admin_domain has user cloud_admin_user, with an ‘admin’ role
on admin_domain.
We test various api protection rules from the cloud sample policy
file to make sure the sample is valid and that we correctly enforce it.
-
test_cloud_admin()[source]
-
test_domain_grants()[source]
-
test_domain_grants_by_cloud_admin()[source]
-
test_project_grants()[source]
-
test_project_grants_by_domain_admin()[source]
-
test_project_management()[source]
-
test_user_management()[source]
-
test_user_management_by_cloud_admin()[source]
keystone.tests.test_versions module
-
class keystone.tests.test_versions.VersionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
config_overrides()[source]
-
setUp()[source]
-
test_admin_version_v2()[source]
-
test_admin_version_v3()[source]
-
test_admin_versions()[source]
-
test_public_version_v2()[source]
-
test_public_version_v3()[source]
-
test_public_versions()[source]
-
test_use_site_url_if_endpoint_unset()[source]
-
test_use_site_url_if_endpoint_unset_v2()[source]
-
test_use_site_url_if_endpoint_unset_v3()[source]
-
test_v2_disabled()[source]
-
test_v3_disabled()[source]
-
class keystone.tests.test_versions.XmlVersionTestCase(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
DOC_INTRO = '<?xml version="1.0" encoding="UTF-8"?>'
-
VERSIONS_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<versions xmlns="http://docs.openstack.org/identity/api/v2.0">\n\n<version status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n\n<version status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n</version>\n\n</versions>\n'
-
XML_NAMESPACE_ATTR = 'xmlns="http://docs.openstack.org/identity/api/v2.0"'
-
XML_NAMESPACE_V3 = 'xmlns="http://docs.openstack.org/identity/api/v3"'
-
config_overrides()[source]
-
setUp()[source]
-
test_admin_version_v2()[source]
-
test_admin_version_v3()[source]
-
test_admin_versions()[source]
-
test_public_version_v2()[source]
-
test_public_version_v3()[source]
-
test_public_versions()[source]
-
test_use_site_url_if_endpoint_unset()[source]
-
test_v2_disabled()[source]
-
test_v3_disabled()[source]
-
v2_VERSION_DATA = '\n<version %(v2_namespace)s status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n </links>\n <link href="http://localhost:%%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n</version>\n'
-
v2_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v2.0" status="stable" updated="2014-04-17T00:00:00Z"\n id="v2.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v2.0+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v2.0+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n </links>\n <link href="http://localhost:%(port)s/v2.0/" rel="self"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/" type="text/html" rel="describedby"/>\n <link href="http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf" type="application/pdf" rel="describedby"/>\n</version>\n'
-
v3_VERSION_DATA = '\n<version %(v3_namespace)s status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'
-
v3_VERSION_RESPONSE = '<?xml version="1.0" encoding="UTF-8"?>\n<version xmlns="http://docs.openstack.org/identity/api/v3" status="stable" updated="2013-03-06T00:00:00Z"\n id="v3.0">\n <media-types>\n <media-type base="application/json" type="application/vnd.openstack.identity-v3+json"/>\n <media-type base="application/xml" type="application/vnd.openstack.identity-v3+xml"/>\n </media-types>\n <links>\n <link href="http://localhost:%(port)s/v3/" rel="self"/>\n </links>\n</version>\n'
keystone.tests.test_wsgi module
-
class keystone.tests.test_wsgi.ApplicationTest(*args, **kwargs)[source]
Bases: keystone.tests.test_wsgi.BaseWSGITest
-
test_application_local_config()[source]
-
test_query_string_available()[source]
-
test_render_exception()[source]
-
test_render_exception_host()[source]
-
test_render_response()[source]
-
test_render_response_custom_status()[source]
-
test_render_response_head_with_body()[source]
-
test_render_response_no_body()[source]
-
test_response_content_type()[source]
-
class keystone.tests.test_wsgi.BaseWSGITest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
class keystone.tests.test_wsgi.ExtensionRouterTest(*args, **kwargs)[source]
Bases: keystone.tests.test_wsgi.BaseWSGITest
-
test_extensionrouter_local_config()[source]
-
class keystone.tests.test_wsgi.FakeApp(*args, **kwargs)[source]
Bases: keystone.common.wsgi.Application
-
index(context)[source]
-
class keystone.tests.test_wsgi.LocalizedResponseTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_dynamic_translated_string_is_Message()[source]
-
test_request_match_default()[source]
-
test_request_match_language_expected()[source]
-
test_request_match_language_unexpected()[source]
-
test_static_translated_string_is_Message()[source]
-
class keystone.tests.test_wsgi.MiddlewareTest(*args, **kwargs)[source]
Bases: keystone.tests.test_wsgi.BaseWSGITest
-
test_middleware_bad_request()[source]
-
test_middleware_exception_error()[source]
-
test_middleware_local_config()[source]
-
test_middleware_request()[source]
-
test_middleware_response()[source]
-
test_middleware_type_error()[source]
-
class keystone.tests.test_wsgi.ServerTest(*args, **kwargs)[source]
Bases: keystone.tests.core.TestCase
-
setUp()[source]
-
test_keepalive_and_keepidle_set(*args, **keywargs)[source]
-
test_keepalive_set(*args, **keywargs)[source]
-
test_keepalive_unset(*args, **keywargs)[source]
keystone.tests.utils module
Useful utilities for tests.
-
keystone.tests.utils.new_uuid()[source]
Return a string UUID.
Module contents