tests Package¶

`tests` Package¶

`core` Module¶

class keystone.tests.core.BaseTestCase(*args, **kwargs)[source]¶

Bases: testtools.testcase.TestCase

Light weight base test class.

This is a placeholder that will eventually go away once thc setup/teardown in TestCase is properly trimmed down to the bare essentials. This is really just a play to speed up the tests by eliminating unnecessary work.

cleanup_instance(*names)[source]¶

Create a function suitable for use with self.addCleanup.

Returns:	a callable that uses a closure to delete instance attributes

class keystone.tests.core.SQLDriverOverrides[source]¶

Bases: object

A mixin for consolidating sql-specific test overrides.

config_overrides()[source]¶

class keystone.tests.core.TestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.core.BaseTestCase

add_path(path)[source]¶

assertCloseEnoughForGovernmentWork(a, b, delta=3)[source]¶

Asserts that two datetimes are nearly equal within a small delta.

Parameters:	delta – Maximum allowable time delta, defined in seconds.

assertDictContainsSubset(expected, actual, msg=None)[source]¶: Checks whether actual is a superset of expected.

assertDictEqual(d1, d2, msg=None)[source]¶

assertNotEmpty(l)[source]¶

assertRaisesRegexp(expected_exception, expected_regexp, callable_obj, *args, **kwargs)[source]¶: Asserts that the message in a raised exception matches a regexp.

assertSetEqual(set1, set2, msg=None)[source]¶

clear_auth_plugin_registry()[source]¶

client(app, *args, **kw)[source]¶

config(config_files)[source]¶

config_files()[source]¶

config_overrides()[source]¶

ipv6_enabled[source]¶

load_backends()[source]¶: Initializes each manager and assigns them to an attribute.

load_fixtures(fixtures)[source]¶

Hacky basic and naive fixture loading based on a python module.

Expects that the various APIs into the various services are already defined on self.

loadapp(config, name='main')[source]¶

setUp()[source]¶

skip_if_env_not_set(env_var)[source]¶

skip_if_no_ipv6()[source]¶

class keystone.tests.core.TestClient(app=None, token=None)[source]¶

Bases: object

get(path, headers=None)[source]¶

post(path, headers=None, body=None)[source]¶

put(path, headers=None, body=None)[source]¶

request(method, path, headers=None, body=None)[source]¶

exception keystone.tests.core.UnexpectedExit[source]¶: Bases: exceptions.Exception

keystone.tests.core.checkout_vendor(repo, rev)[source]¶

class keystone.tests.core.dirs[source]¶

static etc(*p)[source]¶

static root(*p)[source]¶

static tests(*p)[source]¶

static tests_conf(*p)[source]¶

static tmp(*p)[source]¶

keystone.tests.core.generate_paste_config(extension_name)[source]¶

keystone.tests.core.remove_generated_paste_config(extension_name)[source]¶

keystone.tests.core.remove_test_databases()[source]¶

keystone.tests.core.setup_database()[source]¶

keystone.tests.core.skip_if_cache_disabled(*sections)[source]¶

This decorator is used to skip a test if caching is disabled either globally or for the specific section.

In the code fragment:

@skip_if_cache_is_disabled('assignment', 'token')
def test_method(*args):
    ...

The method test_method would be skipped if caching is disabled globally via the enabled option in the cache section of the configuration or if the caching option is set to false in either assignment or token sections of the configuration. This decorator can be used with no arguments to only check global caching.

If a specified configuration section does not define the caching option, this decorator makes the same assumption as the should_cache_fn in keystone.common.cache that caching should be enabled.

keystone.tests.core.teardown_database()[source]¶

`default_fixtures` Module¶

`fakeldap` Module¶

Fake LDAP server for test harness.

This class does very little error checking, and knows nothing about ldap class definitions. It implements the minimum emulation of the python ldap library to work with nova.

class keystone.tests.fakeldap.FakeLdap(url, *args, **kwargs)[source]¶

Bases: object

Fake LDAP connection.

add_s(dn, attrs)[source]¶: Add an object with the specified attributes at dn.

delete_ext_s(dn, serverctrls)[source]¶: Remove the ldap object at specified dn.

delete_s(dn)[source]¶: Remove the ldap object at specified dn.

modify_s(dn, attrs)[source]¶

Modify the object at dn using the attribute list.

Parameters:	dn – an LDAP DN attrs – a list of tuples in the following form: ([MOD_ADD \| MOD_DELETE \| MOD_REPACE], attribute, value)

search_s(dn, scope, query=None, fields=None)[source]¶

Search for all matching objects under dn using the query.

Args: dn – dn to search under scope – only SCOPE_BASE and SCOPE_SUBTREE are supported query – query to filter objects by fields – fields to return. Returns all fields if not specified

simple_bind_s(dn, password)[source]¶: This method is ignored, but provided for compatibility.

unbind_s()[source]¶: This method is ignored, but provided for compatibility.

class keystone.tests.fakeldap.FakeShelve[source]¶

Bases: dict

sync()[source]¶

`filtering` Module¶

class keystone.tests.filtering.FilterTests[source]¶: Bases: object

`mapping_fixtures` Module¶

Fixtures for Federation Mapping.

`matchers` Module¶

class keystone.tests.matchers.XMLEquals(expected)[source]¶

Bases: object

Parses two XML documents from strings and compares the results.

match(other)[source]¶

class keystone.tests.matchers.XMLMismatch(expected, other)[source]¶

Bases: testtools.matchers._impl.Mismatch

describe()[source]¶

`rest` Module¶

class keystone.tests.rest.RestfulTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

Performs restful tests against the WSGI app over HTTP.

This class launches public & admin WSGI servers for every test, which can be accessed by calling public_request() or admin_request(), respectfully.

restful_request() and request() methods are also exposed if you need to bypass restful conventions or access HTTP details in your test implementation.

Three new asserts are provided:

assertResponseSuccessful: called automatically for every request

unless an expected_status is provided
assertResponseStatus: called instead of assertResponseSuccessful,

if an expected_status is provided
assertValidResponseHeaders: validates that the response headers

appear as expected

Requests are automatically serialized according to the defined content_type. Responses are automatically deserialized as well, and available in the response.body attribute. The original body content is available in the response.raw attribute.

admin_request(**kwargs)[source]¶

assertResponseStatus(response, expected_status)[source]¶

Asserts a specific status code on the response.

Parameters:	response – `httplib.HTTPResponse` expected_status – The specific `status` result expected

example:

self.assertResponseStatus(response, 203)

assertResponseSuccessful(response)[source]¶

Asserts that a status code lies inside the 2xx range.

Parameters:	response – `httplib.HTTPResponse` to be verified to have a status code between 200 and 299.

example:

self.assertResponseSuccessful(response, 203)

assertValidErrorResponse(response, expected_status=400)[source]¶

Verify that the error response is valid.

Subclasses can override this function based on the expected response.

assertValidResponseHeaders(response)[source]¶: Ensures that response headers appear as expected.

content_type = 'json'¶

get_scoped_token(tenant_id=None)[source]¶: Convenience method so that we can test authenticated requests.

get_unscoped_token()[source]¶: Convenience method so that we can test authenticated requests.

public_request(**kwargs)[source]¶

request(app, path, body=None, headers=None, token=None, expected_status=None, **kwargs)[source]¶

restful_request(method='GET', headers=None, body=None, content_type=None, **kwargs)[source]¶

Serializes/deserializes json/xml as request/response body.

Warning

Existing Accept header will be overwritten.
Existing Content-Type header will be overwritten.

setUp(app_conf='keystone')[source]¶

`test_associate_project_endpoint_extension` Module¶

class keystone.tests.test_associate_project_endpoint_extension.AssociateEndpointProjectFilterCRUDTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase

Test OS-EP-FILTER endpoint to project associations extension.

test_check_endpoint_project_assoc()[source]¶

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid project and endpoint id test case.

test_check_endpoint_project_assoc_noendp()[source]¶

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_check_endpoint_project_assoc_noproj()[source]¶

HEAD /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

test_create_endpoint_project_assoc()[source]¶

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid endpoint and project id test case.

test_create_endpoint_project_assoc_noendp()[source]¶

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_create_endpoint_project_assoc_noproj()[source]¶

PUT OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

test_create_endpoint_project_assoc_unexpected_body()[source]¶

PUT /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Unexpected body in request. The body should be ignored.

test_get_endpoint_project_assoc()[source]¶: GET /OS-EP-FILTER/projects/{project_id}/endpoints success.

test_get_endpoint_project_assoc_noproj()[source]¶: GET /OS-EP-FILTER/projects/{project_id}/endpoints no project.

test_list_projects_for_endpoint_assoc()[source]¶

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects success

Associate default project and endpoint, then get it.

test_list_projects_for_endpoint_default()[source]¶

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects success

Don’t associate project and endpoint, then get empty list.

test_list_projects_for_endpoint_noendpoint()[source]¶

GET /OS-EP-FILTER/endpoints/{endpoint_id}/projects

Invalid endpoint id test case.

test_remove_endpoint_project_assoc()[source]¶

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Valid project id and endpoint id test case.

test_remove_endpoint_project_assoc_noendp()[source]¶

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid endpoint id test case.

test_remove_endpoint_project_assoc_noproj()[source]¶

DELETE /OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}

Invalid project id test case.

class keystone.tests.test_associate_project_endpoint_extension.AssociateProjectEndpointFilterTokenRequestTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase

Test OS-EP-FILTER catalog filtering extension.

test_default_project_id_scoped_token_ep_filter_full_catalog()[source]¶

test_default_project_id_scoped_token_ep_filter_no_catalog()[source]¶

test_default_project_id_scoped_token_with_user_id_ep_filter()[source]¶

test_disabled_endpoint()[source]¶: The catalog contains only enabled endpoints.

test_implicit_project_id_scoped_token_ep_filter_full_catalog()[source]¶

test_implicit_project_id_scoped_token_ep_filter_no_catalog()[source]¶

test_implicit_project_id_scoped_token_handling_bad_reference()[source]¶

test_implicit_project_id_scoped_token_with_user_id_ep_filter()[source]¶

class keystone.tests.test_associate_project_endpoint_extension.TestExtensionCase(*args, **kwargs)[source]¶

Bases: keystone.tests.test_v3.RestfulTestCase

EXTENSION_NAME = 'endpoint_filter'¶

EXTENSION_TO_ADD = 'endpoint_filter_extension'¶

config_overrides()[source]¶

setUp()[source]¶

setup_database()[source]¶

`test_auth` Module¶

class keystone.tests.test_auth.AuthBadRequests(*args, **kwargs)[source]¶

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]¶

test_authenticate_blank_auth()[source]¶: Verify sending blank ‘auth’ raises the right exception.

test_authenticate_blank_request_body()[source]¶: Verify sending empty json dict raises the right exception.

test_authenticate_invalid_auth_content()[source]¶: Verify sending invalid ‘auth’ raises the right exception.

test_authenticate_password_too_large()[source]¶: Verify sending large ‘password’ raises the right exception.

test_authenticate_tenant_id_too_large()[source]¶: Verify sending large ‘tenantId’ raises the right exception.

test_authenticate_tenant_name_too_large()[source]¶: Verify sending large ‘tenantName’ raises the right exception.

test_authenticate_token_too_large()[source]¶: Verify sending large ‘token’ raises the right exception.

test_authenticate_user_id_too_large()[source]¶: Verify sending large ‘userId’ raises the right exception.

test_authenticate_username_too_large()[source]¶: Verify sending large ‘username’ raises the right exception.

test_no_credentials_in_auth()[source]¶: Verify that _authenticate_local() raises exception if no creds.

test_no_external_auth()[source]¶: Verify that _authenticate_external() raises exception if N/A.

test_no_token_in_auth()[source]¶: Verify that _authenticate_token() raises exception if no token.

class keystone.tests.test_auth.AuthCatalog(*args, **kwargs)[source]¶

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.test_auth.AuthTest

Tests for the catalog provided in the auth response.

config_files()[source]¶

test_auth_catalog_disabled_endpoint()[source]¶: On authenticate, get a catalog that excludes disabled endpoints.

test_validate_catalog_disabled_endpoint()[source]¶: On validate, get back a catalog that excludes disabled endpoints.

class keystone.tests.test_auth.AuthTest(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

assertEqualTokens(a, b)[source]¶

Assert that two tokens are equal.

Compare two tokens except for their ids. This also truncates the time in the comparison.

setUp()[source]¶

class keystone.tests.test_auth.AuthWithPasswordCredentials(*args, **kwargs)[source]¶

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]¶

test_auth_empty_password()[source]¶: Verify exception is raised if empty password.

test_auth_invalid_user()[source]¶: Verify exception is raised if invalid user.

test_auth_no_password()[source]¶: Verify exception is raised if empty password.

test_auth_valid_user_invalid_password()[source]¶: Verify exception is raised if invalid password.

test_authenticate_blank_password_credentials()[source]¶: Sending empty dict as passwordCredentials raises a 400 error.

test_authenticate_no_username()[source]¶: Verify skipping username raises the right exception.

test_bind_without_remote_user()[source]¶

test_change_default_domain_id()[source]¶

class keystone.tests.test_auth.AuthWithRemoteUser(*args, **kwargs)[source]¶

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]¶

test_bind_with_kerberos()[source]¶

test_bind_without_config_opt()[source]¶

test_scoped_nometa_remote_authn()[source]¶: Verify getting a token with external authn and no metadata.

test_scoped_remote_authn()[source]¶: Verify getting a token with external authn.

test_scoped_remote_authn_invalid_user()[source]¶: Verify that external auth with invalid user fails.

test_unscoped_remote_authn()[source]¶: Verify getting an unscoped token with external authn.

test_unscoped_remote_authn_jsonless()[source]¶: Verify that external auth with invalid request fails.

class keystone.tests.test_auth.AuthWithToken(*args, **kwargs)[source]¶

Bases: keystone.tests.test_auth.AuthTest

setUp()[source]¶

test_auth_bad_formatted_token()[source]¶: Verify exception is raised if invalid token.

test_auth_invalid_token()[source]¶: Verify exception is raised if invalid token.

test_auth_token_cross_domain_group_and_project()[source]¶: Verify getting a token in cross domain group/project roles.

test_auth_token_project_group_role()[source]¶: Verify getting a token in a tenant with group roles.

test_auth_unscoped_token_no_project()[source]¶: Verify getting an unscoped token with an unscoped token.

test_auth_unscoped_token_project()[source]¶: Verify getting a token in a tenant with an unscoped token.

test_belongs_to()[source]¶

test_belongs_to_no_tenant()[source]¶

test_deleting_role_revokes_token()[source]¶

test_token_auth_with_binding()[source]¶

test_unscoped_token()[source]¶: Verify getting an unscoped token with password creds.

class keystone.tests.test_auth.AuthWithTrust(*args, **kwargs)[source]¶

Bases: keystone.tests.test_auth.AuthTest

assert_token_count_for_trust(expected_value)[source]¶

build_v2_token_request(username, password, tenant_id=None)[source]¶

config_overrides()[source]¶

create_trust(expires_at=None, impersonation=True)[source]¶

fetch_v2_token_from_trust()[source]¶

fetch_v3_token_from_trust()[source]¶

setUp()[source]¶

test_create_trust()[source]¶

test_create_trust_bad_data_fails()[source]¶

test_create_trust_expires_bad()[source]¶

test_create_trust_impersonation()[source]¶

test_create_trust_no_impersonation()[source]¶

test_create_trust_no_roles()[source]¶

test_create_v3_token_from_trust()[source]¶

test_delete_tokens_for_user_invalidates_tokens_from_trust()[source]¶

test_delete_trust_revokes_token()[source]¶

test_expired_trust_get_token_fails()[source]¶

test_get_trust()[source]¶

test_token_from_trust()[source]¶

test_token_from_trust_cant_get_another_token()[source]¶

test_token_from_trust_with_no_role_fails()[source]¶

test_token_from_trust_with_wrong_role_fails()[source]¶

test_token_from_trust_wrong_project_fails()[source]¶

test_token_from_trust_wrong_user_fails()[source]¶

test_v3_trust_token_get_token_fails()[source]¶

class keystone.tests.test_auth.NonDefaultAuthTest(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

test_add_non_default_auth_method()[source]¶

class keystone.tests.test_auth.TokenExpirationTest(*args, **kwargs)[source]¶

Bases: keystone.tests.test_auth.AuthTest

test_maintain_uuid_token_expiration()[source]¶

`test_auth_plugin` Module¶

class keystone.tests.test_auth_plugin.DuplicateAuthPlugin[source]¶

Bases: keystone.tests.test_auth_plugin.SimpleChallengeResponse

Duplicate simple challenge response auth plugin.

class keystone.tests.test_auth_plugin.MismatchedAuthPlugin[source]¶

Bases: keystone.tests.test_auth_plugin.SimpleChallengeResponse

method = 'dfffa3afd42449a08d662ee72a5e1023'¶

class keystone.tests.test_auth_plugin.NoMethodAuthPlugin[source]¶

Bases: keystone.auth.core.AuthMethodHandler

An auth plugin that does not supply a method attribute.

authenticate(context, auth_payload, auth_context)[source]¶

class keystone.tests.test_auth_plugin.SimpleChallengeResponse[source]¶

Bases: keystone.auth.core.AuthMethodHandler

authenticate(context, auth_payload, user_context)[source]¶

method = 'simple_challenge_response'¶

class keystone.tests.test_auth_plugin.TestAuthPlugin(*args, **kwargs)[source]¶

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]¶

config_overrides()[source]¶

setUp()[source]¶

test_addition_auth_steps()[source]¶

test_unsupported_auth_method()[source]¶

class keystone.tests.test_auth_plugin.TestAuthPluginDynamicOptions(*args, **kwargs)[source]¶

Bases: keystone.tests.test_auth_plugin.TestAuthPlugin

config_files()[source]¶

config_overrides()[source]¶

class keystone.tests.test_auth_plugin.TestInvalidAuthMethodRegistration(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

test_duplicate_auth_method_registration()[source]¶

test_mismatched_auth_method_and_plugin_attribute()[source]¶

test_no_method_attribute_auth_method_by_class_name_registration()[source]¶

`test_backend` Module¶

class keystone.tests.test_backend.CatalogTests[source]¶

Bases: object

test_create_endpoint()[source]¶

test_create_endpoint_404()[source]¶

test_create_region_invalid_parent_region_404()[source]¶

test_create_region_with_duplicate_id()[source]¶

test_delete_endpoint_404()[source]¶

test_delete_region_404()[source]¶

test_delete_service_404()[source]¶

test_delete_service_with_endpoint()[source]¶

test_get_catalog_endpoint_disabled()[source]¶: Get back only enabled endpoints when get the v2 catalog.

test_get_endpoint_404()[source]¶

test_get_region_404()[source]¶

test_get_service_404()[source]¶

test_get_v3_catalog_endpoint_disabled()[source]¶: Get back only enabled endpoints when get the v3 catalog.

test_region_crud()[source]¶

test_service_crud()[source]¶

class keystone.tests.test_backend.FilterTests[source]¶

Bases: keystone.tests.filtering.FilterTests

test_filter_sql_injection_attack()[source]¶

Test against sql injection attack on filters

Test Plan: - Attempt to get all entities back by passing a two-term attribute - Attempt to piggyback filter to damage DB (e.g. drop table)

test_list_users_filtered()[source]¶

test_list_users_inexact_filtered()[source]¶

class keystone.tests.test_backend.IdentityTests[source]¶

Bases: object

create_user_dict(**attributes)[source]¶

test_add_duplicate_role_grant()[source]¶

test_add_role_to_user_and_project_404()[source]¶

test_add_role_to_user_and_project_no_user()[source]¶

test_add_user_to_group()[source]¶

test_add_user_to_group_404()[source]¶

test_add_user_to_project()[source]¶

test_add_user_to_project_404()[source]¶

test_add_user_to_project_missing_default_role()[source]¶

test_add_user_to_project_no_user()[source]¶

test_arbitrary_attributes_are_returned_from_create_user()[source]¶

test_arbitrary_attributes_are_returned_from_get_user()[source]¶

test_attribute_update()[source]¶

test_authenticate()[source]¶

test_authenticate_and_get_roles_no_metadata()[source]¶

test_authenticate_bad_password()[source]¶

test_authenticate_bad_user()[source]¶

test_authenticate_if_no_password_set()[source]¶

test_cache_layer_domain_crud(*args, **kwargs)[source]¶

test_cache_layer_project_crud(*args, **kwargs)[source]¶

test_cache_layer_role_crud(*args, **kwargs)[source]¶

test_check_user_in_group()[source]¶

test_check_user_not_in_group()[source]¶

test_create_domain_case_sensitivity()[source]¶

test_create_duplicate_group_name_fails()[source]¶

test_create_duplicate_group_name_in_different_domains()[source]¶

test_create_duplicate_project_id_fails()[source]¶

test_create_duplicate_project_name_fails()[source]¶

test_create_duplicate_project_name_in_different_domains()[source]¶

test_create_duplicate_role_name_fails()[source]¶

test_create_duplicate_user_id_fails()[source]¶

test_create_duplicate_user_name_fails()[source]¶

test_create_duplicate_user_name_in_different_domains()[source]¶

test_create_grant_no_group()[source]¶

test_create_grant_no_user()[source]¶

test_create_invalid_domain_fails()[source]¶

test_create_project_blank_name_fails()[source]¶

test_create_project_case_sensitivity()[source]¶

test_create_project_doesnt_modify_passed_in_dict()[source]¶

test_create_project_invalid_enabled_type_string()[source]¶

test_create_project_invalid_name_fails()[source]¶

test_create_project_long_name_fails()[source]¶

test_create_project_with_no_enabled_field()[source]¶

test_create_unicode_user_name()[source]¶

test_create_update_delete_unicode_project()[source]¶

test_create_user_blank_name_fails()[source]¶

test_create_user_case_sensitivity()[source]¶

test_create_user_doesnt_modify_passed_in_dict()[source]¶

test_create_user_invalid_enabled_type_string()[source]¶

test_create_user_invalid_name_fails()[source]¶

test_create_user_long_name_fails()[source]¶

test_create_user_missed_password()[source]¶

test_create_user_none_password()[source]¶

test_delete_domain_with_user_group_project_links()[source]¶

test_delete_group_grant_no_group()[source]¶

test_delete_group_with_user_project_domain_links()[source]¶

test_delete_project_404()[source]¶

test_delete_project_with_role_assignments()[source]¶

test_delete_role_404()[source]¶

test_delete_role_check_role_grant()[source]¶

test_delete_role_with_user_and_group_grants()[source]¶

test_delete_user_404()[source]¶

test_delete_user_grant_no_user()[source]¶

test_delete_user_with_group_project_domain_links()[source]¶

test_delete_user_with_project_association()[source]¶

test_delete_user_with_project_roles()[source]¶

test_domain_crud()[source]¶

test_domain_rename_invalidates_get_domain_by_name_cache(*args, **kwargs)[source]¶

test_get_and_remove_correct_role_grant_from_a_mix()[source]¶

test_get_and_remove_role_grant_by_group_and_cross_domain()[source]¶

test_get_and_remove_role_grant_by_group_and_domain()[source]¶

test_get_and_remove_role_grant_by_group_and_project()[source]¶

test_get_and_remove_role_grant_by_user_and_cross_domain()[source]¶

test_get_and_remove_role_grant_by_user_and_domain()[source]¶

test_get_default_domain_by_name()[source]¶

test_get_not_default_domain_by_name()[source]¶

test_get_project()[source]¶

test_get_project_404()[source]¶

test_get_project_by_name()[source]¶

test_get_project_by_name_404()[source]¶

test_get_project_user_ids_404()[source]¶

test_get_role()[source]¶

test_get_role_404()[source]¶

test_get_role_by_user_and_project()[source]¶

test_get_role_by_user_and_project_with_user_in_group()[source]¶

Test for get role by user and project, user was added into a group.

Test Plan:

Create a user, a project & a group, add this user to group
Create roles and grant them to user and project
Check the role list get by the user and project was as expected

test_get_role_grant_by_user_and_project()[source]¶

test_get_roles_for_user_and_domain()[source]¶

Test for getting roles for user on a domain.

Test Plan:

Create a domain, with 2 users
Check no roles yet exit
Give user1 two roles on the domain, user2 one role
Get roles on user1 and the domain - maybe sure we only get back the 2 roles on user1
Delete both roles from user1
Check we get no roles back for user1 on domain

test_get_roles_for_user_and_domain_404()[source]¶

Test errors raised when getting roles for user on a domain.

Test Plan:

Check non-existing user gives UserNotFound
Check non-existing domain gives DomainNotFound

test_get_roles_for_user_and_project_404()[source]¶

test_get_roles_for_user_and_project_user_group_same_id()[source]¶: When a user has the same ID as a group, get_roles_for_user_and_project returns only the roles for the user and not the group.

test_get_user()[source]¶

test_get_user_404()[source]¶

test_get_user_by_name()[source]¶

test_get_user_by_name_404()[source]¶

test_group_crud()[source]¶

test_list_domains()[source]¶

test_list_groups()[source]¶

test_list_groups_for_user()[source]¶

test_list_projects()[source]¶

test_list_projects_for_alternate_domain()[source]¶

test_list_projects_for_domain()[source]¶

test_list_projects_for_user()[source]¶

test_list_projects_for_user_with_grants()[source]¶

test_list_role_assignments_bad_role()[source]¶

test_list_role_assignments_unfiltered()[source]¶

Test for unfiltered listing role assignments.

Test Plan:

Create a domain, with a user, group & project
Find how many role assignments already exist (from default fixtures)
Create a grant of each type (user/group on project/domain)
Check the number of assignments has gone up by 4 and that the entries we added are in the list returned
Check that if we list assignments by role_id, then we get back assignments that only contain that role.

test_list_roles()[source]¶

test_list_user_ids_for_project()[source]¶

test_list_user_ids_for_project_no_duplicates()[source]¶

test_list_user_project_ids_404()[source]¶

test_list_users()[source]¶

test_list_users_in_group()[source]¶

test_move_group_between_domains()[source]¶

test_move_group_between_domains_with_clashing_names_fails()[source]¶

test_move_project_between_domains()[source]¶

test_move_project_between_domains_with_clashing_names_fails()[source]¶

test_move_user_between_domains()[source]¶

test_move_user_between_domains_with_clashing_names_fails()[source]¶

test_multi_group_grants_on_project_domain()[source]¶

Test multiple group roles for user on project and domain.

Test Plan:

Create 6 roles
Create a domain, with a project, user and two groups
Make the user a member of both groups
Check no roles yet exit
Assign a role to each user and both groups on both the project and domain
Get a list of effective roles for the user on both the project and domain, checking we get back the correct three roles

test_multi_role_grant_by_user_group_on_project_domain()[source]¶

test_new_arbitrary_attributes_are_returned_from_update_user()[source]¶

test_password_hashed()[source]¶

test_project_add_and_remove_user_role()[source]¶

test_project_crud()[source]¶

test_project_rename_invalidates_get_project_by_name_cache(*args, **kwargs)[source]¶

test_project_update_missing_attrs_with_a_falsey_value()[source]¶

test_project_update_missing_attrs_with_a_value()[source]¶

test_remove_role_from_user_and_project()[source]¶

test_remove_role_grant_from_user_and_project()[source]¶

test_remove_user_from_group()[source]¶

test_remove_user_from_group_404()[source]¶

test_remove_user_from_project()[source]¶

test_remove_user_from_project_404()[source]¶

test_remove_user_from_project_race_delete_role()[source]¶

test_remove_user_role_not_assigned()[source]¶

test_rename_duplicate_project_name_fails()[source]¶

test_rename_duplicate_role_name_fails()[source]¶

test_rename_duplicate_user_name_fails()[source]¶

test_role_crud()[source]¶

test_role_grant_by_group_and_cross_domain_project()[source]¶

test_role_grant_by_user_and_cross_domain_project()[source]¶

test_update_project_404()[source]¶

test_update_project_blank_name_fails()[source]¶

test_update_project_enable()[source]¶

test_update_project_id_does_nothing()[source]¶

test_update_project_invalid_enabled_type_string()[source]¶

test_update_project_invalid_name_fails()[source]¶

test_update_project_long_name_fails()[source]¶

test_update_role_404()[source]¶

test_update_user_404()[source]¶

test_update_user_blank_name_fails()[source]¶

test_update_user_enable()[source]¶

test_update_user_enable_fails()[source]¶

test_update_user_id_fails()[source]¶

test_update_user_invalid_name_fails()[source]¶

test_update_user_long_name_fails()[source]¶

test_update_user_name()[source]¶

test_updated_arbitrary_attributes_are_returned_from_update_user()[source]¶

test_user_crud()[source]¶

class keystone.tests.test_backend.InheritanceTests[source]¶

Bases: object

test_inherited_role_grants_for_group()[source]¶

Test inherited group roles.

Test Plan:

Enable OS-INHERIT extension
Create 4 roles
Create a domain, with a project, user and two groups
Make the user a member of both groups
Check no roles yet exit
Assign a direct user role to the project and a (non-inherited) group role on the domain
Get a list of effective roles - should only get the one direct role
Now add two inherited group roles to the domain
Get a list of effective roles - should have three roles, one direct and two by virtue of inherited group roles

test_inherited_role_grants_for_user()[source]¶

Test inherited user roles.

Test Plan:

Enable OS-INHERIT extension
Create 3 roles
Create a domain, with a project and a user
Check no roles yet exit
Assign a direct user role to the project and a (non-inherited) user role to the domain
Get a list of effective roles - should only get the one direct role
Now add an inherited user role to the domain
Get a list of effective roles - should have two roles, one direct and one by virtue of the inherited user role
Also get effective roles for the domain - the role marked as inherited should not show up

test_list_projects_for_user_with_inherited_grants()[source]¶

Test inherited group roles.

Test Plan:

Enable OS-INHERIT extension
Create a domain, with two projects and a user
Assign an inherited user role on the domain, as well as a direct user role to a separate project in a different domain
Get a list of projects for user, should return all three projects

test_list_projects_for_user_with_inherited_group_grants()[source]¶

Test inherited group roles.

Test Plan:

Enable OS-INHERIT extension
Create two domains, each with two projects
Create a user and group
Make the user a member of the group
Assign a user role two projects, an inherited group role to one domain and an inherited regular role on the other domain
Get a list of projects for user, should return both pairs of projects from the domain, plus the one separate project

class keystone.tests.test_backend.LimitTests[source]¶

Bases: keystone.tests.filtering.FilterTests

ENTITIES = ['user', 'group', 'project']¶

clean_up_domain()[source]¶: Clean up domain test data from Limit Test Cases.

clean_up_entities()[source]¶: Clean up entity test data from Limit Test Cases.

setUp()[source]¶: Setup for Limit Test Cases.

test_list_groups_filtered_and_limited()[source]¶

test_list_projects_filtered_and_limited()[source]¶

test_list_users_filtered_and_limited()[source]¶

class keystone.tests.test_backend.PolicyTests[source]¶

Bases: object

assertEqualPolicies(a, b)[source]¶

test_create()[source]¶

test_delete()[source]¶

test_delete_policy_404()[source]¶

test_get()[source]¶

test_get_policy_404()[source]¶

test_list()[source]¶

test_update()[source]¶

test_update_policy_404()[source]¶

class keystone.tests.test_backend.TokenCacheInvalidation[source]¶

Bases: object

test_delete_scoped_token_by_id()[source]¶

test_delete_scoped_token_by_user()[source]¶

test_delete_scoped_token_by_user_and_tenant()[source]¶

test_delete_unscoped_token()[source]¶

class keystone.tests.test_backend.TokenTests[source]¶

Bases: object

check_list_revoked_tokens(token_ids)[source]¶

create_token_sample_data(token_id=None, tenant_id=None, trust_id=None, user_id=None, expires=None)[source]¶

delete_token()[source]¶

test_create_unicode_token_id()[source]¶

test_create_unicode_user_id()[source]¶

test_delete_token_404()[source]¶

test_delete_tokens()[source]¶

test_delete_tokens_trust()[source]¶

test_expired_token()[source]¶

test_flush_expired_token()[source]¶

test_get_token_404()[source]¶

test_list_revoked_tokens_for_multiple_tokens()[source]¶

test_list_revoked_tokens_for_single_token()[source]¶

test_list_revoked_tokens_returns_empty_list()[source]¶

test_list_tokens_unicode_user_id()[source]¶

test_null_expires_token()[source]¶

test_predictable_revoked_pki_token_id()[source]¶

test_predictable_revoked_uuid_token_id()[source]¶

test_revocation_list_cache(*args, **kwargs)[source]¶

test_token_crud()[source]¶

test_token_expire_timezone()[source]¶

test_token_list()[source]¶

test_token_list_deprecated_public_interface()[source]¶

test_token_list_trust()[source]¶

class keystone.tests.test_backend.TrustTests[source]¶

Bases: object

create_sample_trust(new_id, remaining_uses=None)[source]¶

test_consume_use()[source]¶

test_create_trust()[source]¶

test_delete_trust()[source]¶

test_delete_trust_not_found()[source]¶

test_get_trust()[source]¶

test_list_trust_by_trustee()[source]¶

test_list_trust_by_trustor()[source]¶

test_list_trusts()[source]¶

test_trust_has_remaining_uses_negative()[source]¶

test_trust_has_remaining_uses_positive()[source]¶

`test_backend_federation_sql` Module¶

class keystone.tests.test_backend_federation_sql.SqlFederation(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_sql.SqlModels

Set of tests for checking SQL Federation.

test_federated_protocol()[source]¶

test_identity_provider()[source]¶

`test_backend_kvs` Module¶

class keystone.tests.test_backend_kvs.KvsCatalog(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests

config_overrides()[source]¶

setUp()[source]¶

test_get_catalog()[source]¶

test_get_catalog_404()[source]¶

test_get_catalog_endpoint_disabled()[source]¶

test_get_v3_catalog_endpoint_disabled()[source]¶

class keystone.tests.test_backend_kvs.KvsIdentity(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.IdentityTests

config_overrides()[source]¶

setUp()[source]¶

test_create_duplicate_group_name_in_different_domains()[source]¶

test_create_duplicate_project_name_in_different_domains()[source]¶

test_create_duplicate_user_name_in_different_domains()[source]¶

test_list_projects_for_user_with_grants()[source]¶

test_move_group_between_domains()[source]¶

test_move_group_between_domains_with_clashing_names_fails()[source]¶

test_move_project_between_domains()[source]¶

test_move_project_between_domains_with_clashing_names_fails()[source]¶

test_move_user_between_domains()[source]¶

test_move_user_between_domains_with_clashing_names_fails()[source]¶

class keystone.tests.test_backend_kvs.KvsToken(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenTests

config_overrides()[source]¶

setUp()[source]¶

test_cleanup_user_index_on_create()[source]¶

test_flush_expired_token()[source]¶

class keystone.tests.test_backend_kvs.KvsTokenCacheInvalidation(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TokenCacheInvalidation

config_overrides()[source]¶

setUp()[source]¶

class keystone.tests.test_backend_kvs.KvsTrust(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.TrustTests

config_overrides()[source]¶

setUp()[source]¶

`test_backend_ldap` Module¶

class keystone.tests.test_backend_ldap.BaseLDAPIdentity[source]¶

Bases: keystone.tests.test_backend.IdentityTests

clear_database()[source]¶

config_files()[source]¶

config_overrides()[source]¶

get_config(domain_id)[source]¶

reload_backends(domain_id)[source]¶

test_arbitrary_attributes_are_returned_from_create_user()[source]¶

test_arbitrary_attributes_are_returned_from_get_user()[source]¶

test_authenticate_requires_simple_bind()[source]¶

test_build_tree()[source]¶: Regression test for building the tree names

test_configurable_allowed_user_actions()[source]¶

test_configurable_forbidden_create_existing_user()[source]¶

test_configurable_forbidden_user_actions()[source]¶

test_create_duplicate_group_name_in_different_domains()[source]¶

test_create_duplicate_project_name_in_different_domains()[source]¶

test_create_duplicate_user_name_in_different_domains()[source]¶

test_create_user_none_mapping()[source]¶

test_delete_group_grant_no_group()[source]¶

test_delete_group_with_user_project_domain_links()[source]¶

test_delete_role_with_user_and_group_grants()[source]¶

test_delete_user_grant_no_user()[source]¶

test_delete_user_with_group_project_domain_links()[source]¶

test_get_and_remove_correct_role_grant_from_a_mix()[source]¶

test_get_and_remove_role_grant_by_group_and_cross_domain()[source]¶

test_get_and_remove_role_grant_by_group_and_domain()[source]¶

test_get_and_remove_role_grant_by_group_and_project()[source]¶

test_get_and_remove_role_grant_by_user_and_cross_domain()[source]¶

test_get_and_remove_role_grant_by_user_and_domain()[source]¶

test_get_roles_for_user_and_domain()[source]¶

test_group_crud()[source]¶

test_list_domains()[source]¶

test_list_domains_non_default_domain_id()[source]¶

test_list_group_members_missing_entry()[source]¶

List group members with deleted user.

If a group has a deleted entry for a member, the non-deleted members are returned.

test_list_group_members_when_no_members()[source]¶

test_list_projects_for_user()[source]¶

test_list_projects_for_user_with_grants()[source]¶

test_list_role_assignments_bad_role()[source]¶

test_list_role_assignments_dumb_member()[source]¶

test_list_role_assignments_unfiltered()[source]¶

test_move_group_between_domains()[source]¶

test_move_group_between_domains_with_clashing_names_fails()[source]¶

test_move_project_between_domains()[source]¶

test_move_project_between_domains_with_clashing_names_fails()[source]¶

test_move_user_between_domains()[source]¶

test_move_user_between_domains_with_clashing_names_fails()[source]¶

test_multi_group_grants_on_project_domain()[source]¶

test_multi_role_grant_by_user_group_on_project_domain()[source]¶

test_new_arbitrary_attributes_are_returned_from_update_user()[source]¶

test_remove_role_grant_from_user_and_project()[source]¶

test_role_grant_by_group_and_cross_domain_project()[source]¶

test_role_grant_by_user_and_cross_domain_project()[source]¶

test_unignored_user_none_mapping()[source]¶

test_update_user_name()[source]¶: A user’s name cannot be changed through the LDAP driver.

test_updated_arbitrary_attributes_are_returned_from_update_user()[source]¶

test_user_filter()[source]¶

test_user_id_comma_grants()[source]¶: Even if the user has a , in their ID, can get user and group grants.

test_utf8_conversion()[source]¶

class keystone.tests.test_backend_ldap.LDAPIdentity(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.TestCase

setUp()[source]¶

test_binary_attribute_values()[source]¶

test_cache_layer_domain_crud()[source]¶

test_cache_layer_project_crud(*args, **kwargs)[source]¶

test_chase_referrals_off()[source]¶

test_chase_referrals_on()[source]¶

test_configurable_allowed_project_actions()[source]¶

test_configurable_allowed_role_actions()[source]¶

test_configurable_forbidden_project_actions()[source]¶

test_configurable_forbidden_role_actions()[source]¶

test_configurable_subtree_delete()[source]¶

test_create_domain_case_sensitivity()[source]¶

test_create_grant_no_group()[source]¶

test_create_grant_no_user()[source]¶

test_domain_crud()[source]¶

test_domain_rename_invalidates_get_domain_by_name_cache()[source]¶

test_dumb_member()[source]¶

test_get_default_domain_by_name()[source]¶

test_list_projects_for_alternate_domain()[source]¶

test_multi_role_grant_by_user_group_on_project_domain()[source]¶

test_parse_extra_attribute_mapping()[source]¶

test_project_attribute_ignore()[source]¶

test_project_attribute_mapping()[source]¶

test_project_crud()[source]¶

test_project_filter()[source]¶

test_project_rename_invalidates_get_project_by_name_cache()[source]¶

test_role_attribute_ignore()[source]¶

test_role_attribute_mapping()[source]¶

test_role_filter()[source]¶

test_user_api_get_connection_no_user_password()[source]¶: Don’t bind in case the user and password are blank.

test_user_enable_attribute_mask()[source]¶

test_user_extra_attribute_mapping()[source]¶

test_user_extra_attribute_mapping_description_is_returned()[source]¶

test_user_mixed_case_attribute(*args, **keywargs)[source]¶

test_wrong_alias_dereferencing()[source]¶

test_wrong_ldap_scope()[source]¶

class keystone.tests.test_backend_ldap.LDAPIdentityEnabledEmulation(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_ldap.LDAPIdentity

config_files()[source]¶

config_overrides()[source]¶

setUp()[source]¶

test_project_crud()[source]¶

test_user_crud()[source]¶

test_user_enable_attribute_mask()[source]¶

class keystone.tests.test_backend_ldap.LdapIdentitySqlAssignment(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]¶

config_overrides()[source]¶

setUp()[source]¶

test_add_role_grant_to_user_and_project_404()[source]¶

test_domain_crud()[source]¶

test_get_role_grants_for_user_and_project_404()[source]¶

test_list_domains()[source]¶

test_list_domains_non_default_domain_id()[source]¶

test_list_projects_for_user_with_grants()[source]¶

test_project_filter()[source]¶

test_role_filter()[source]¶

class keystone.tests.test_backend_ldap.MultiLDAPandSQLIdentity(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_ldap.BaseLDAPIdentity, keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

Class to test common SQL plus individual LDAP backends.

We define a set of domains and domain-specific backends:

A separate LDAP backend for the default domain
A separate LDAP backend for domain1
domain2 shares the same LDAP as domain1, but uses a different tree attach point
An SQL backend for all other domains (which will include domain3 and domain4)

Normally one would expect that the default domain would be handled as part of the “other domains” - however the above provides better test coverage since most of the existing backend tests use the default domain.

config_overrides()[source]¶

get_config(domain_id)[source]¶

reload_backends(domain_id)[source]¶

setUp()[source]¶

test_add_role_grant_to_user_and_project_404()[source]¶

test_domain_segregation()[source]¶

Test that separate configs have segregated the domain.

Test Plan:

Create a user in each of the domains
Make sure that you can only find a given user in its relevant domain
Make sure that for a backend that supports multiple domains you can get the users via any of the domain scopes

test_get_role_grants_for_user_and_project_404()[source]¶

test_list_domains()[source]¶

test_list_domains_non_default_domain_id()[source]¶

test_list_projects_for_user_with_grants()[source]¶

test_scanning_of_config_dir()[source]¶

Test the Manager class scans the config directory.

The setup for the main tests above load the domain configs directly so that the test overrides can be included. This test just makes sure that the standard config directory scanning does pick up the relevant domain config files.

`test_backend_rules` Module¶

class keystone.tests.test_backend_rules.RulesPolicy(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.PolicyTests

config_overrides()[source]¶

setUp()[source]¶

test_create()[source]¶

test_delete()[source]¶

test_delete_policy_404()[source]¶

test_get()[source]¶

test_get_policy_404()[source]¶

test_list()[source]¶

test_update()[source]¶

test_update_policy_404()[source]¶

`test_backend_sql` Module¶

class keystone.tests.test_backend_sql.FakeTable(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.Base

col¶

insert(*args, **kwargs)[source]¶

lookup(*args, **kwargs)[source]¶

update(*args, **kwargs)[source]¶

class keystone.tests.test_backend_sql.SqlCatalog(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.CatalogTests

test_catalog_ignored_malformed_urls()[source]¶

test_create_endpoint_400()[source]¶

test_get_catalog_with_empty_public_url()[source]¶

class keystone.tests.test_backend_sql.SqlDecorators(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

test_conflict_happend()[source]¶

test_initialization()[source]¶

test_initialization_fail()[source]¶

test_non_ascii_init()[source]¶

test_not_conflict_error()[source]¶

class keystone.tests.test_backend_sql.SqlFilterTests(*args, **kwargs)[source]¶: Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.FilterTests

class keystone.tests.test_backend_sql.SqlIdentity(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.IdentityTests

test_create_null_project_name()[source]¶

test_create_null_role_name()[source]¶

test_create_null_user_name()[source]¶

test_delete_project_with_user_association()[source]¶

test_delete_user_with_project_association()[source]¶

test_metadata_removed_on_delete_project()[source]¶

test_metadata_removed_on_delete_user()[source]¶

test_password_hashed()[source]¶

test_sql_user_to_dict_null_default_project_id()[source]¶

test_update_project_returns_extra()[source]¶

This tests for backwards-compatibility with an essex/folsom bug.

Non-indexed attributes were returned in an ‘extra’ attribute, instead of on the entity itself; for consistency and backwards compatibility, those attributes should be included twice.

This behavior is specific to the SQL driver.

test_update_user_returns_extra()[source]¶

This tests for backwards-compatibility with an essex/folsom bug.

Non-indexed attributes were returned in an ‘extra’ attribute, instead of on the entity itself; for consistency and backwards compatibility, those attributes should be included twice.

This behavior is specific to the SQL driver.

class keystone.tests.test_backend_sql.SqlInheritance(*args, **kwargs)[source]¶: Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.InheritanceTests

class keystone.tests.test_backend_sql.SqlLimitTests(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.LimitTests

setUp()[source]¶

class keystone.tests.test_backend_sql.SqlModels(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_sql.SqlTests

assertExpectedSchema(table, cols)[source]¶

select_table(name)[source]¶

setUp()[source]¶

test_domain_model()[source]¶

test_group_model()[source]¶

test_project_model()[source]¶

test_role_assignment_model()[source]¶

test_role_model()[source]¶

test_user_group_membership()[source]¶

test_user_model()[source]¶

class keystone.tests.test_backend_sql.SqlPolicy(*args, **kwargs)[source]¶: Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.PolicyTests

class keystone.tests.test_backend_sql.SqlTests(*args, **kwargs)[source]¶

Bases: keystone.tests.core.SQLDriverOverrides, keystone.tests.core.TestCase

config_files()[source]¶

setUp()[source]¶

class keystone.tests.test_backend_sql.SqlToken(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenTests

test_flush_expired_tokens_batch()[source]¶

test_token_flush_batch_size_db2()[source]¶

test_token_flush_batch_size_default()[source]¶

test_token_revocation_list_uses_right_columns()[source]¶

class keystone.tests.test_backend_sql.SqlTokenCacheInvalidation(*args, **kwargs)[source]¶

Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TokenCacheInvalidation

setUp()[source]¶

class keystone.tests.test_backend_sql.SqlTrust(*args, **kwargs)[source]¶: Bases: keystone.tests.test_backend_sql.SqlTests, keystone.tests.test_backend.TrustTests

`test_backend_templated` Module¶

class keystone.tests.test_backend_templated.TestTemplatedCatalog(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase, keystone.tests.test_backend.CatalogTests

DEFAULT_FIXTURE = {'RegionOne': {'compute': {'adminURL': 'http://localhost:8774/v1.1/bar', 'id': '2', 'internalURL': 'http://localhost:8774/v1.1/bar', 'name': "'Compute Service'", 'publicURL': 'http://localhost:8774/v1.1/bar'}, 'identity': {'adminURL': 'http://localhost:35357/v2.0', 'id': '1', 'internalURL': 'http://localhost:35357/v2.0', 'name': "'Identity Service'", 'publicURL': 'http://localhost:5000/v2.0'}}}¶

config_overrides()[source]¶

setUp()[source]¶

test_catalog_ignored_malformed_urls()[source]¶

test_get_catalog()[source]¶

test_get_catalog_endpoint_disabled()[source]¶

test_get_v3_catalog()[source]¶

test_get_v3_catalog_endpoint_disabled()[source]¶

`test_base64utils` Module¶

class keystone.tests.test_base64utils.TestBase64Padding(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

test_alphabet_conversion()[source]¶

test_assure_padding()[source]¶

test_base64_percent_encoding()[source]¶

test_filter()[source]¶

test_is_padded()[source]¶

test_strip_padding()[source]¶

class keystone.tests.test_base64utils.TestTextWrap(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

test_wrapping()[source]¶

class keystone.tests.test_base64utils.TestValid(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

test_valid_base64()[source]¶

test_valid_base64url()[source]¶

`test_cache` Module¶

class keystone.tests.test_cache.CacheIsolatingProxy(*args, **kwargs)[source]¶

Bases: dogpile.cache.proxy.ProxyBackend

Proxy that forces a memory copy of stored values. The default in-memory cache-region does not perform a copy on values it is meant to cache. Therefore if the value is modified after set or after get, the cached value also is modified. This proxy does a copy as the last thing before storing data.

get(key)[source]¶

set(key, value)[source]¶

class keystone.tests.test_cache.CacheNoopBackendTest(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

config_overrides()[source]¶

setUp()[source]¶

test_noop_backend()[source]¶

class keystone.tests.test_cache.CacheRegionTest(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

setUp()[source]¶

test_cache_debug_proxy()[source]¶

test_cache_dictionary_config_builder()[source]¶: Validate we build a sane dogpile.cache dictionary config.

test_cache_region_no_error_multiple_config()[source]¶

test_configure_non_region_object_raises_error()[source]¶

test_region_built_with_proxy_direct_cache_test()[source]¶

test_should_cache_fn_global_cache_disabled()[source]¶

test_should_cache_fn_global_cache_disabled_section_cache_enabled()[source]¶

test_should_cache_fn_global_cache_enabled()[source]¶

test_should_cache_fn_global_cache_enabled_section_cache_disabled()[source]¶

test_should_cache_fn_global_cache_enabled_section_cache_enabled()[source]¶

class keystone.tests.test_cache.TestProxy(*args, **kwargs)[source]¶

Bases: dogpile.cache.proxy.ProxyBackend

get(key)[source]¶

class keystone.tests.test_cache.TestProxyValue(value)[source]¶: Bases: object

`test_cache_backend_mongo` Module¶

class keystone.tests.test_cache_backend_mongo.MockCollection(db, name)[source]¶

Bases: object

ensure_index(key_or_list, *args, **kwargs)[source]¶

find(spec=None, *args, **kwargs)[source]¶

find_and_modify(spec, document, upsert=False, **kwargs)[source]¶

find_one(spec_or_id=None, *args, **kwargs)[source]¶

index_information()[source]¶

insert(data, manipulate=True, **kwargs)[source]¶

remove(spec_or_id=None, search_filter=None)[source]¶: Remove objects matching spec_or_id from the collection.

save(data, manipulate=True, **kwargs)[source]¶

update(spec, document, upsert=False, **kwargs)[source]¶

class keystone.tests.test_cache_backend_mongo.MockCursor(collection, dataset_factory)[source]¶

Bases: object

next()¶

class keystone.tests.test_cache_backend_mongo.MockMongoClient(*args, **kwargs)[source]¶: Bases: object

class keystone.tests.test_cache_backend_mongo.MockMongoDB(dbname)[source]¶

Bases: object

add_son_manipulator(manipulator)[source]¶

authenticate(username, password)[source]¶

class keystone.tests.test_cache_backend_mongo.MongoCache(*args, **kwargs)[source]¶

Bases: testtools.testcase.TestCase

setUp()[source]¶

test_additional_crud_method_arguments_support()[source]¶: Additional arguments should works across find/insert/update.

test_backend_delete_data()[source]¶

test_backend_get_missing_data()[source]¶

test_backend_multi_delete_data()[source]¶

test_backend_multi_get_data()[source]¶

test_backend_multi_set_data()[source]¶

test_backend_multi_set_get_with_blanks_none()[source]¶

test_backend_multi_set_should_update_existing()[source]¶

test_backend_set_blank_as_data()[source]¶

test_backend_set_data()[source]¶

test_backend_set_data_with_int_as_valid_ttl()[source]¶

test_backend_set_data_with_string_as_valid_ttl()[source]¶

test_backend_set_none_as_data()[source]¶

test_backend_set_same_key_multiple_times()[source]¶

test_cache_configuration_values_assertion()[source]¶

test_correct_read_preference()[source]¶

test_correct_write_concern()[source]¶

test_incorrect_mongo_ttl_seconds()[source]¶

test_incorrect_read_preference()[source]¶

test_incorrect_write_concern()[source]¶

test_missing_cache_collection_name()[source]¶

test_missing_db_hosts()[source]¶

test_missing_db_name()[source]¶

test_missing_replica_set_name()[source]¶

test_multiple_region_cache_configuration()[source]¶

test_provided_replica_set_name()[source]¶

test_typical_configuration()[source]¶

class keystone.tests.test_cache_backend_mongo.MyTransformer[source]¶

Bases: keystone.common.cache.backends.mongo.BaseTransform

Added here just to check manipulator logic is used correctly.

transform_incoming(son, collection)[source]¶

transform_outgoing(son, collection)[source]¶

keystone.tests.test_cache_backend_mongo.get_collection(db_name, collection_name)[source]¶

keystone.tests.test_cache_backend_mongo.pymongo_override()[source]¶

`test_catalog` Module¶

class keystone.tests.test_catalog.TestV2CatalogAPISQL(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

config_overrides()[source]¶

new_endpoint_ref(service_id)[source]¶

setUp()[source]¶

test_get_catalog_ignores_endpoints_with_invalid_urls()[source]¶

class keystone.tests.test_catalog.V2CatalogTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.rest.RestfulTestCase

new_ref()[source]¶: Populates a ref with attributes common to all API entities.

new_service_ref()[source]¶

setUp()[source]¶

test_endpoint_create()[source]¶

test_endpoint_create_with_empty_adminurl()[source]¶

test_endpoint_create_with_empty_internalurl()[source]¶

test_endpoint_create_with_empty_publicurl()[source]¶

test_endpoint_create_with_empty_service_id()[source]¶

test_endpoint_create_with_null_adminurl()[source]¶

test_endpoint_create_with_null_internalurl()[source]¶

test_endpoint_create_with_null_publicurl()[source]¶

test_endpoint_create_with_null_service_id()[source]¶

`test_cert_setup` Module¶

class keystone.tests.test_cert_setup.CertSetupTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.rest.RestfulTestCase

config_overrides()[source]¶

setUp()[source]¶

test_can_handle_missing_certs()[source]¶

test_create_pki_certs()[source]¶

test_create_ssl_certs()[source]¶

test_failure()[source]¶

test_fetch_signing_cert()[source]¶

`test_config` Module¶

class keystone.tests.test_config.ConfigTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

config_files()[source]¶

test_config_default()[source]¶

test_paste_config()[source]¶

class keystone.tests.test_config.DeprecatedOverrideTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

Test using the deprecated AND new name for renamed options.

config_files()[source]¶

test_sql()[source]¶

class keystone.tests.test_config.DeprecatedTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.core.TestCase

Test using the original (deprecated) name for renamed options.

config_files()[source]¶

test_sql()[source]¶

`test_content_types` Module¶

class keystone.tests.test_content_types.CoreApiTests[source]¶

Bases: object

assertNoRoles(r)[source]¶

Helper method to assert No Roles

This needs to be overridden by child classes based on their content type.

assertValidError(error)[source]¶: Applicable to XML and JSON.

assertValidExtension(extension)[source]¶

Applicable to XML and JSON.

However, navigating extension links differs between content types. They need to be validated separately with assertValidExtensionLink.

assertValidExtensionLink(link)[source]¶: Applicable to XML and JSON.

assertValidRole(tenant)[source]¶: Applicable to XML and JSON.

assertValidTenant(tenant)[source]¶: Applicable to XML and JSON.

assertValidUser(user)[source]¶: Applicable to XML and JSON.

assertValidVersion(version)[source]¶

Applicable to XML and JSON.

However, navigating links and media-types differs between content types so they need to be validated separately.

test_admin_extensions()[source]¶

test_admin_extensions_404()[source]¶

test_admin_multiple_choice()[source]¶

test_admin_not_found()[source]¶

test_admin_osksadm_extension()[source]¶

test_admin_version()[source]¶

test_authenticate()[source]¶

test_authenticate_unscoped()[source]¶

test_authenticating_a_user_with_no_password()[source]¶

test_create_update_user_invalid_enabled_type()[source]¶

test_endpoints()[source]¶

test_error_response()[source]¶: This triggers assertValidErrorResponse by convention.

test_get_tenant()[source]¶

test_get_tenant_by_name()[source]¶

test_get_tenants_for_token()[source]¶

test_get_user()[source]¶

test_get_user_by_name()[source]¶

test_get_user_roles()[source]¶

test_get_user_roles_with_tenant()[source]¶

test_invalid_parameter_error_response()[source]¶

test_invalid_token_404()[source]¶

test_public_extensions()[source]¶

test_public_multiple_choice()[source]¶

test_public_not_found()[source]¶

test_public_osksadm_extension_404()[source]¶

test_public_version()[source]¶

test_remove_role_revokes_token()[source]¶

test_update_user_tenant()[source]¶

test_update_user_with_invalid_tenant()[source]¶

test_update_user_with_invalid_tenant_no_prev_tenant()[source]¶

test_update_user_with_old_tenant()[source]¶

test_validate_token()[source]¶

test_validate_token_belongs_to()[source]¶

test_validate_token_head()[source]¶

The same call as above, except using HEAD.

There’s no response to validate here, but this is included for the sake of completely covering the core API.

test_validate_token_no_belongs_to_still_returns_catalog()[source]¶

test_validate_token_service_role()[source]¶

test_www_authenticate_header()[source]¶

test_www_authenticate_header_host()[source]¶

class keystone.tests.test_content_types.JsonTestCase(*args, **kwargs)[source]¶

Bases: keystone.tests.test_content_types.RestfulTestCase, keystone.tests.test_content_types.CoreApiTests, keystone.tests.test_content_types.LegacyV2UsernameTests

assertNoRoles(r)[source]¶

assertValidAuthenticationResponse(r, require_service_catalog=False)[source]¶

assertValidEndpointListResponse(r)[source]¶

assertValidErrorResponse(r)[source]¶

assertValidExtension(extension, expected)[source]¶

assertValidExtensionListResponse(r, expected)[source]¶

assertValidExtensionResponse(r, expected)[source]¶

assertValidMultipleChoiceResponse(r)[source]¶

assertValidRevocationListResponse(response)[source]¶

assertValidRoleListResponse(r)[source]¶

assertValidTenantListResponse(r)[source]¶

assertValidTenantResponse(r)[source]¶

assertValidUser(user)[source]¶

assertValidUserResponse(r)[source]¶

assertValidVersion(version)[source]¶

assertValidVersionResponse(r)[source]¶

content_type = 'json'¶

get_user_attribute_from_response(r, attribute_name)[source]¶

get_user_from_response(r)[source]¶

test_authenticating_a_user_with_an_OSKSADM_password()[source]¶

test_create_update_user_json_invalid_enabled_type()[source]¶

test_fetch_revocation_list_admin_200()[source]¶

test_fetch_revocation_list_nonadmin_fails()[source]¶

test_service_crud_requires_auth()[source]¶: Service CRUD should 401 without an X-Auth-Token (bug 1006822).

test_updating_a_user_with_an_OSKSADM_password()[source]¶

test_user_role_list_requires_auth()[source]¶: User role list should 401 without an X-Auth-Token (bug 1006815).

class keystone.tests.test_content_types.LegacyV2UsernameTests[source]¶

Bases: object

Tests to show the broken username behavior in V2.

The V2 API is documented to use username instead of name. The API forced used to use name and left the username to fall into the extra field.

These tests ensure this behavior works so fixes to username/name will be backward compatible.

create_user(**user_attrs)[source]¶

Creates a users and returns the response object.

Parameters:	user_attrs – attributes added to the request body (optional)

test_create_with_extra_username()[source]¶: The response for creating a user will contain the extra fields.

test_get_returns_username_from_extra()[source]¶: The response for getting a user will contain the extra fields.

test_update_returns_new_username_when_adding_username()[source]¶

The response for updating a user will contain the extra fields.

This is specifically testing for updating a username when a value was not previously set.

test_update_returns_new_username_when_updating_username()[source]¶

The response for updating a user will contain the extra fields.

This tests updating a username that was previously set.

test_updated_username_is_returned()[source]¶

Username is set as the value of name if no username is provided.