keystone.tests.unit.backend.core_ldap

updated: 2020-06-04 20:20

Source code for keystone.tests.unit.backend.core_ldap

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import ldap


from keystone.common import cache
import keystone.conf
from keystone.tests import unit
from keystone.tests.unit import default_fixtures
from keystone.tests.unit.ksfixtures import database
from keystone.tests.unit.ksfixtures import ldapdb


CONF = keystone.conf.CONF



[docs]def create_group_container(identity_api):
        # Create the groups base entry (ou=Groups,cn=example,cn=com)
        group_api = identity_api.driver.group
        conn = group_api.get_connection()
        dn = 'ou=Groups,cn=example,cn=com'
        conn.add_s(dn, [('objectclass', ['organizationalUnit']),
                        ('ou', ['Groups'])])




[docs]class BaseBackendLdapCommon(object):
    """Mixin class to set up generic LDAP backends."""


[docs]    def setUp(self):
        super(BaseBackendLdapCommon, self).setUp()
        self.useFixture(ldapdb.LDAPDatabase())

        self.load_backends()
        self.load_fixtures(default_fixtures)


    def _get_domain_fixture(self):
        """Return the static domain, since domains in LDAP are read-only."""
        return self.resource_api.get_domain(CONF.identity.default_domain_id)


[docs]    def get_config(self, domain_id):
        # Only one conf structure unless we are using separate domain backends
        return CONF



[docs]    def config_overrides(self):
        super(BaseBackendLdapCommon, self).config_overrides()
        self.config_fixture.config(group='identity', driver='ldap')



[docs]    def config_files(self):
        config_files = super(BaseBackendLdapCommon, self).config_files()
        config_files.append(unit.dirs.tests_conf('backend_ldap.conf'))
        return config_files



[docs]    def get_user_enabled_vals(self, user):
            user_dn = (
                self.identity_api.driver.user._id_to_dn_string(user['id']))
            enabled_attr_name = CONF.ldap.user_enabled_attribute

            ldap_ = self.identity_api.driver.user.get_connection()
            res = ldap_.search_s(user_dn,
                                 ldap.SCOPE_BASE,
                                 u'(sn=%s)' % user['name'])
            if enabled_attr_name in res[0][1]:
                return res[0][1][enabled_attr_name]
            else:
                return None




[docs]class BaseBackendLdap(object):
    """Mixin class to set up an all-LDAP configuration."""


[docs]    def setUp(self):
        # NOTE(dstanek): The database must be setup prior to calling the
        # parent's setUp. The parent's setUp uses services (like
        # credentials) that require a database.
        self.useFixture(database.Database())
        super(BaseBackendLdap, self).setUp()



[docs]    def load_fixtures(self, fixtures):
        # Override super impl since need to create group container.
        create_group_container(self.identity_api)
        super(BaseBackendLdap, self).load_fixtures(fixtures)




[docs]class BaseBackendLdapIdentitySqlEverythingElse(unit.SQLDriverOverrides):
    """Mixin base for Identity LDAP, everything else SQL backend tests."""


[docs]    def config_files(self):
        config_files = super(BaseBackendLdapIdentitySqlEverythingElse,
                             self).config_files()
        config_files.append(unit.dirs.tests_conf('backend_ldap_sql.conf'))
        return config_files



[docs]    def setUp(self):
        sqldb = self.useFixture(database.Database())
        super(BaseBackendLdapIdentitySqlEverythingElse, self).setUp()
        self.load_backends()
        cache.configure_cache()

        sqldb.recreate()
        self.load_fixtures(default_fixtures)
        # defaulted by the data load
        self.user_foo['enabled'] = True



[docs]    def config_overrides(self):
        super(BaseBackendLdapIdentitySqlEverythingElse,
              self).config_overrides()
        self.config_fixture.config(group='identity', driver='ldap')
        self.config_fixture.config(group='resource', driver='sql')
        self.config_fixture.config(group='assignment', driver='sql')




[docs]class BaseBackendLdapIdentitySqlEverythingElseWithMapping(object):
    """Mixin base class to test mapping of default LDAP backend.

    The default configuration is not to enable mapping when using a single
    backend LDAP driver.  However, a cloud provider might want to enable
    the mapping, hence hiding the LDAP IDs from any clients of keystone.
    Setting backward_compatible_ids to False will enable this mapping.

    """


[docs]    def config_overrides(self):
        super(BaseBackendLdapIdentitySqlEverythingElseWithMapping,
              self).config_overrides()
        self.config_fixture.config(group='identity_mapping',
                                   backward_compatible_ids=False)
updated: 2020-06-04 20:20
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?