1908 lines
60 KiB
Python
1908 lines
60 KiB
Python
# Copyright 2013 Nebula Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
import contextlib
|
|
from unittest import mock
|
|
|
|
from osc_lib import exceptions
|
|
|
|
from openstack import exceptions as sdk_exc
|
|
from openstack.identity.v3 import domain as _domain
|
|
from openstack.identity.v3 import group as _group
|
|
from openstack.identity.v3 import project as _project
|
|
from openstack.identity.v3 import role_assignment as _role_assignment
|
|
from openstack.identity.v3 import user as _user
|
|
from openstack.test import fakes as sdk_fakes
|
|
|
|
from openstackclient.identity import common
|
|
from openstackclient.identity.v3 import user
|
|
from openstackclient.tests.unit.identity.v3 import fakes as identity_fakes
|
|
|
|
|
|
class TestUserCreate(identity_fakes.TestIdentityv3):
|
|
domain = sdk_fakes.generate_fake_resource(_domain.Domain)
|
|
project = sdk_fakes.generate_fake_resource(_project.Project)
|
|
|
|
columns = (
|
|
'default_project_id',
|
|
'domain_id',
|
|
'email',
|
|
'enabled',
|
|
'id',
|
|
'name',
|
|
'description',
|
|
'password_expires_at',
|
|
)
|
|
|
|
def setUp(self):
|
|
super().setUp()
|
|
|
|
self.user = sdk_fakes.generate_fake_resource(
|
|
resource_type=_user.User,
|
|
domain_id=self.domain.id,
|
|
default_project_id=self.project.id,
|
|
)
|
|
self.datalist = (
|
|
self.project.id,
|
|
self.domain.id,
|
|
self.user.email,
|
|
True,
|
|
self.user.id,
|
|
self.user.name,
|
|
self.user.description,
|
|
self.user.password_expires_at,
|
|
)
|
|
|
|
self.identity_sdk_client.find_domain.return_value = self.domain
|
|
self.identity_sdk_client.find_project.return_value = self.project
|
|
self.identity_sdk_client.create_user.return_value = self.user
|
|
|
|
# Get the command object to test
|
|
self.cmd = user.CreateUser(self.app, None)
|
|
|
|
def test_user_create_no_options(self):
|
|
arglist = [
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'options': {},
|
|
'is_enabled': True,
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_password(self):
|
|
arglist = [
|
|
'--password',
|
|
'secret',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('password', 'secret'),
|
|
('password_prompt', False),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'options': {},
|
|
'is_enabled': True,
|
|
'password': 'secret',
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_password_prompt(self):
|
|
arglist = [
|
|
'--password-prompt',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('password', None),
|
|
('password_prompt', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
mocker = mock.Mock()
|
|
mocker.return_value = 'abc123'
|
|
with mock.patch("osc_lib.utils.get_password", mocker):
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'options': {},
|
|
'is_enabled': True,
|
|
'password': 'abc123',
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_email(self):
|
|
arglist = [
|
|
'--email',
|
|
'barney@example.com',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('email', 'barney@example.com'),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': 'barney@example.com',
|
|
'is_enabled': True,
|
|
'options': {},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_project(self):
|
|
arglist = [
|
|
'--project',
|
|
self.project.name,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('project', self.project.name),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': self.project.id,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
datalist = (
|
|
self.project.id,
|
|
self.domain.id,
|
|
self.user.email,
|
|
True,
|
|
self.user.id,
|
|
self.user.name,
|
|
self.user.description,
|
|
self.user.password_expires_at,
|
|
)
|
|
self.assertEqual(datalist, data)
|
|
|
|
def test_user_create_project_domain(self):
|
|
arglist = [
|
|
'--project',
|
|
self.project.name,
|
|
'--project-domain',
|
|
self.project.domain_id,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('project', self.project.name),
|
|
('project_domain', self.project.domain_id),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': self.project.id,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'options': {},
|
|
'is_enabled': True,
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
datalist = (
|
|
self.project.id,
|
|
self.domain.id,
|
|
self.user.email,
|
|
True,
|
|
self.user.id,
|
|
self.user.name,
|
|
self.user.description,
|
|
self.user.password_expires_at,
|
|
)
|
|
self.assertEqual(datalist, data)
|
|
|
|
def test_user_create_domain(self):
|
|
arglist = [
|
|
'--domain',
|
|
self.domain.name,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('domain', self.domain.name),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': self.domain.id,
|
|
'email': None,
|
|
'options': {},
|
|
'is_enabled': True,
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_enable(self):
|
|
arglist = [
|
|
'--enable',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('enable', True),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'options': {},
|
|
'is_enabled': True,
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_disable(self):
|
|
arglist = [
|
|
'--disable',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', self.user.name),
|
|
('enable', False),
|
|
('disable', True),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'options': {},
|
|
'is_enabled': False,
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_ignore_lockout_failure_attempts(self):
|
|
arglist = [
|
|
'--ignore-lockout-failure-attempts',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('ignore_lockout_failure_attempts', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'ignore_lockout_failure_attempts': True},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_no_ignore_lockout_failure_attempts(self):
|
|
arglist = [
|
|
'--no-ignore-lockout-failure-attempts',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('no_ignore_lockout_failure_attempts', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'ignore_lockout_failure_attempts': False},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_ignore_password_expiry(self):
|
|
arglist = [
|
|
'--ignore-password-expiry',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('ignore_password_expiry', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'ignore_password_expiry': True},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_no_ignore_password_expiry(self):
|
|
arglist = [
|
|
'--no-ignore-password-expiry',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('no_ignore_password_expiry', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'ignore_password_expiry': False},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_ignore_change_password_upon_first_use(self):
|
|
arglist = [
|
|
'--ignore-change-password-upon-first-use',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('ignore_change_password_upon_first_use', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'ignore_change_password_upon_first_use': True},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_no_ignore_change_password_upon_first_use(self):
|
|
arglist = [
|
|
'--no-ignore-change-password-upon-first-use',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('no_ignore_change_password_upon_first_use', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'ignore_change_password_upon_first_use': False},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_enables_lock_password(self):
|
|
arglist = [
|
|
'--enable-lock-password',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('enable_lock_password', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'lock_password': True},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_disables_lock_password(self):
|
|
arglist = [
|
|
'--disable-lock-password',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('disable_lock_password', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'lock_password': False},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_enable_multi_factor_auth(self):
|
|
arglist = [
|
|
'--enable-multi-factor-auth',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('enable_multi_factor_auth', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'multi_factor_auth_enabled': True},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_disable_multi_factor_auth(self):
|
|
arglist = [
|
|
'--disable-multi-factor-auth',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('disable_multi_factor_auth', True),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {'multi_factor_auth_enabled': False},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_option_with_multi_factor_auth_rule(self):
|
|
arglist = [
|
|
'--multi-factor-auth-rule',
|
|
identity_fakes.mfa_opt1,
|
|
'--multi-factor-auth-rule',
|
|
identity_fakes.mfa_opt2,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
(
|
|
'multi_factor_auth_rule',
|
|
[identity_fakes.mfa_opt1, identity_fakes.mfa_opt2],
|
|
),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {
|
|
'multi_factor_auth_rules': [["password", "totp"], ["password"]]
|
|
},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
def test_user_create_with_multiple_options(self):
|
|
arglist = [
|
|
'--ignore-password-expiry',
|
|
'--disable-multi-factor-auth',
|
|
'--multi-factor-auth-rule',
|
|
identity_fakes.mfa_opt1,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('ignore_password_expiry', True),
|
|
('disable_multi_factor_auth', True),
|
|
('multi_factor_auth_rule', [identity_fakes.mfa_opt1]),
|
|
('enable', False),
|
|
('disable', False),
|
|
('name', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'name': self.user.name,
|
|
'default_project_id': None,
|
|
'description': None,
|
|
'domain_id': None,
|
|
'email': None,
|
|
'is_enabled': True,
|
|
'options': {
|
|
'ignore_password_expiry': True,
|
|
'multi_factor_auth_enabled': False,
|
|
'multi_factor_auth_rules': [["password", "totp"]],
|
|
},
|
|
'password': None,
|
|
}
|
|
self.identity_sdk_client.create_user.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, data)
|
|
|
|
|
|
class TestUserDelete(identity_fakes.TestIdentityv3):
|
|
user = sdk_fakes.generate_fake_resource(_user.User)
|
|
|
|
def setUp(self):
|
|
super().setUp()
|
|
|
|
self.identity_sdk_client.find_user.return_value = self.user
|
|
self.identity_sdk_client.delete_user.return_value = None
|
|
|
|
# Get the command object to test
|
|
self.cmd = user.DeleteUser(self.app, None)
|
|
|
|
def test_user_delete_no_options(self):
|
|
arglist = [
|
|
self.user.id,
|
|
]
|
|
verifylist = [
|
|
('users', [self.user.id]),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
self.identity_sdk_client.delete_user.assert_called_with(
|
|
self.user.id,
|
|
ignore_missing=False,
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
@mock.patch.object(_user.User, 'find')
|
|
def test_delete_multi_users_with_exception(self, find_mock):
|
|
self.identity_sdk_client.find_user.side_effect = [
|
|
self.user,
|
|
sdk_exc.ResourceNotFound,
|
|
]
|
|
arglist = [
|
|
self.user.id,
|
|
'unexist_user',
|
|
]
|
|
verifylist = [
|
|
('users', arglist),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
try:
|
|
self.cmd.take_action(parsed_args)
|
|
self.fail('CommandError should be raised.')
|
|
except exceptions.CommandError as e:
|
|
self.assertEqual('1 of 2 users failed to delete.', str(e))
|
|
|
|
self.identity_sdk_client.find_user.assert_has_calls(
|
|
[
|
|
mock.call(name_or_id=self.user.id, ignore_missing=False),
|
|
mock.call(name_or_id='unexist_user', ignore_missing=False),
|
|
]
|
|
)
|
|
|
|
self.assertEqual(2, self.identity_sdk_client.find_user.call_count)
|
|
self.identity_sdk_client.delete_user.assert_called_once_with(
|
|
self.user.id, ignore_missing=False
|
|
)
|
|
|
|
|
|
class TestUserList(identity_fakes.TestIdentityv3):
|
|
domain = sdk_fakes.generate_fake_resource(_domain.Domain)
|
|
project = sdk_fakes.generate_fake_resource(_project.Project)
|
|
user = sdk_fakes.generate_fake_resource(
|
|
resource_type=_user.User,
|
|
domain_id=domain.id,
|
|
default_project_id=project.id,
|
|
)
|
|
group = sdk_fakes.generate_fake_resource(_group.Group)
|
|
role_assignment = sdk_fakes.generate_fake_resource(
|
|
resource_type=_role_assignment.RoleAssignment, user={'id': user.id}
|
|
)
|
|
|
|
columns = ['ID', 'Name']
|
|
datalist = (
|
|
(
|
|
user.id,
|
|
user.name,
|
|
),
|
|
)
|
|
|
|
def setUp(self):
|
|
super(TestUserList, self).setUp()
|
|
|
|
self.identity_sdk_client.find_user.return_value = self.user
|
|
self.identity_sdk_client.users.return_value = [self.user]
|
|
self.identity_sdk_client.group_users.return_value = [self.user]
|
|
self.identity_sdk_client.find_domain.return_value = self.domain
|
|
self.identity_sdk_client.find_group.return_value = self.group
|
|
self.identity_sdk_client.find_project.return_value = self.project
|
|
self.identity_sdk_client.role_assignments_filter.return_value = [
|
|
self.role_assignment
|
|
]
|
|
|
|
# Get the command object to test
|
|
self.cmd = user.ListUser(self.app, None)
|
|
|
|
def test_user_list_no_options(self):
|
|
arglist = []
|
|
verifylist = []
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class Lister in cliff, abstract method take_action()
|
|
# returns a tuple containing the column names and an iterable
|
|
# containing the data to be listed.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'domain_id': None,
|
|
}
|
|
|
|
self.identity_sdk_client.users.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, tuple(data))
|
|
|
|
def test_user_list_domain(self):
|
|
arglist = [
|
|
'--domain',
|
|
self.domain.id,
|
|
]
|
|
verifylist = [
|
|
('domain', self.domain.id),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class Lister in cliff, abstract method take_action()
|
|
# returns a tuple containing the column names and an iterable
|
|
# containing the data to be listed.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'domain_id': self.domain.id,
|
|
}
|
|
|
|
self.identity_sdk_client.users.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, tuple(data))
|
|
|
|
def test_user_list_group(self):
|
|
arglist = [
|
|
'--group',
|
|
self.group.name,
|
|
]
|
|
verifylist = [
|
|
('group', self.group.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class Lister in cliff, abstract method take_action()
|
|
# returns a tuple containing the column names and an iterable
|
|
# containing the data to be listed.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'domain_id': None,
|
|
'group': self.group.id,
|
|
}
|
|
|
|
self.identity_sdk_client.group_users.assert_called_with(**kwargs)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, tuple(data))
|
|
|
|
def test_user_list_long(self):
|
|
arglist = [
|
|
'--long',
|
|
]
|
|
verifylist = [
|
|
('long', True),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class Lister in cliff, abstract method take_action()
|
|
# returns a tuple containing the column names and an iterable
|
|
# containing the data to be listed.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'domain_id': None,
|
|
}
|
|
|
|
self.identity_sdk_client.users.assert_called_with(**kwargs)
|
|
|
|
collist = [
|
|
'ID',
|
|
'Name',
|
|
'Project',
|
|
'Domain',
|
|
'Description',
|
|
'Email',
|
|
'Enabled',
|
|
]
|
|
self.assertEqual(collist, columns)
|
|
datalist = (
|
|
(
|
|
self.user.id,
|
|
self.user.name,
|
|
self.project.id,
|
|
self.domain.id,
|
|
self.user.description,
|
|
self.user.email,
|
|
True,
|
|
),
|
|
)
|
|
self.assertEqual(datalist, tuple(data))
|
|
|
|
def test_user_list_project(self):
|
|
arglist = [
|
|
'--project',
|
|
self.project.name,
|
|
]
|
|
verifylist = [
|
|
('project', self.project.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class Lister in cliff, abstract method take_action()
|
|
# returns a tuple containing the column names and an iterable
|
|
# containing the data to be listed.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
kwargs = {
|
|
'project': self.project.id,
|
|
}
|
|
|
|
self.identity_sdk_client.role_assignments_filter.assert_called_with(
|
|
**kwargs
|
|
)
|
|
|
|
self.assertEqual(self.columns, columns)
|
|
self.assertEqual(self.datalist, tuple(data))
|
|
|
|
|
|
class TestUserSet(identity_fakes.TestIdentityv3):
|
|
project = sdk_fakes.generate_fake_resource(_project.Project)
|
|
domain = sdk_fakes.generate_fake_resource(_domain.Domain)
|
|
user = sdk_fakes.generate_fake_resource(
|
|
resource_type=_user.User, default_project_id=project.id
|
|
)
|
|
user2 = sdk_fakes.generate_fake_resource(
|
|
resource_type=_user.User,
|
|
default_project_id=project.id,
|
|
domain_id=domain.id,
|
|
)
|
|
|
|
def setUp(self):
|
|
super(TestUserSet, self).setUp()
|
|
|
|
self.identity_sdk_client.find_project.return_value = self.project
|
|
self.identity_sdk_client.find_user.return_value = self.user
|
|
self.identity_sdk_client.update_user.return_value = self.user
|
|
|
|
# Get the command object to test
|
|
self.cmd = user.SetUser(self.app, None)
|
|
|
|
def test_user_set_no_options(self):
|
|
arglist = [
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_name(self):
|
|
arglist = [
|
|
'--name',
|
|
'qwerty',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', 'qwerty'),
|
|
('password', None),
|
|
('email', None),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'name': 'qwerty',
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_specify_domain(self):
|
|
arglist = [
|
|
'--name',
|
|
'qwerty',
|
|
'--domain',
|
|
self.domain.id,
|
|
self.user2.name,
|
|
]
|
|
verifylist = [
|
|
('name', 'qwerty'),
|
|
('password', None),
|
|
('domain', self.domain.id),
|
|
('email', None),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user2.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
kwargs = {'is_enabled': True, 'name': 'qwerty'}
|
|
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_password(self):
|
|
arglist = [
|
|
'--password',
|
|
'secret',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', 'secret'),
|
|
('password_prompt', False),
|
|
('email', None),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'password': 'secret',
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_password_prompt(self):
|
|
arglist = [
|
|
'--password-prompt',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('password_prompt', True),
|
|
('email', None),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
mocker = mock.Mock()
|
|
mocker.return_value = 'abc123'
|
|
with mock.patch("osc_lib.utils.get_password", mocker):
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'password': 'abc123',
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_email(self):
|
|
arglist = [
|
|
'--email',
|
|
'barney@example.com',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', 'barney@example.com'),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'email': 'barney@example.com',
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_project(self):
|
|
arglist = [
|
|
'--project',
|
|
self.project.id,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('project', self.project.id),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'default_project_id': self.project.id,
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_project_domain(self):
|
|
arglist = [
|
|
'--project',
|
|
self.project.id,
|
|
'--project-domain',
|
|
self.project.domain_id,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('project', self.project.id),
|
|
('project_domain', self.project.domain_id),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'default_project_id': self.project.id,
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_enable(self):
|
|
arglist = [
|
|
'--enable',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('project', None),
|
|
('enable', True),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_disable(self):
|
|
arglist = [
|
|
'--disable',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', True),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': False,
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_ignore_lockout_failure_attempts(self):
|
|
arglist = [
|
|
'--ignore-lockout-failure-attempts',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('ignore_lockout_failure_attempts', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'ignore_lockout_failure_attempts': True},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_no_ignore_lockout_failure_attempts(self):
|
|
arglist = [
|
|
'--no-ignore-lockout-failure-attempts',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('no_ignore_lockout_failure_attempts', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'ignore_lockout_failure_attempts': False},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_ignore_password_expiry(self):
|
|
arglist = [
|
|
'--ignore-password-expiry',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('ignore_password_expiry', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'ignore_password_expiry': True},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_no_ignore_password_expiry(self):
|
|
arglist = [
|
|
'--no-ignore-password-expiry',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('no_ignore_password_expiry', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'ignore_password_expiry': False},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_ignore_change_password_upon_first_use(self):
|
|
arglist = [
|
|
'--ignore-change-password-upon-first-use',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('ignore_change_password_upon_first_use', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'ignore_change_password_upon_first_use': True},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_no_ignore_change_password_upon_first_use(self):
|
|
arglist = [
|
|
'--no-ignore-change-password-upon-first-use',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('no_ignore_change_password_upon_first_use', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'ignore_change_password_upon_first_use': False},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_enable_lock_password(self):
|
|
arglist = [
|
|
'--enable-lock-password',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('enable_lock_password', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'lock_password': True},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_disable_lock_password(self):
|
|
arglist = [
|
|
'--disable-lock-password',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('disable_lock_password', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'lock_password': False},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_enable_multi_factor_auth(self):
|
|
arglist = [
|
|
'--enable-multi-factor-auth',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('enable_multi_factor_auth', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'multi_factor_auth_enabled': True},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_disable_multi_factor_auth(self):
|
|
arglist = [
|
|
'--disable-multi-factor-auth',
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('disable_multi_factor_auth', True),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'multi_factor_auth_enabled': False},
|
|
}
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_option_multi_factor_auth_rule(self):
|
|
arglist = [
|
|
'--multi-factor-auth-rule',
|
|
identity_fakes.mfa_opt1,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('multi_factor_auth_rule', [identity_fakes.mfa_opt1]),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {'multi_factor_auth_rules': [["password", "totp"]]},
|
|
}
|
|
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_set_with_multiple_options(self):
|
|
arglist = [
|
|
'--ignore-password-expiry',
|
|
'--enable-multi-factor-auth',
|
|
'--multi-factor-auth-rule',
|
|
identity_fakes.mfa_opt1,
|
|
self.user.name,
|
|
]
|
|
verifylist = [
|
|
('name', None),
|
|
('password', None),
|
|
('email', None),
|
|
('ignore_password_expiry', True),
|
|
('enable_multi_factor_auth', True),
|
|
('multi_factor_auth_rule', [identity_fakes.mfa_opt1]),
|
|
('project', None),
|
|
('enable', False),
|
|
('disable', False),
|
|
('user', self.user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
# Set expected values
|
|
kwargs = {
|
|
'is_enabled': True,
|
|
'options': {
|
|
'ignore_password_expiry': True,
|
|
'multi_factor_auth_enabled': True,
|
|
'multi_factor_auth_rules': [["password", "totp"]],
|
|
},
|
|
}
|
|
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
user=self.user, **kwargs
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
|
|
class TestUserSetPassword(identity_fakes.TestIdentityv3):
|
|
def setUp(self):
|
|
super(TestUserSetPassword, self).setUp()
|
|
self.cmd = user.SetPasswordUser(self.app, None)
|
|
|
|
@staticmethod
|
|
@contextlib.contextmanager
|
|
def _mock_get_password(*passwords):
|
|
mocker = mock.Mock(side_effect=passwords)
|
|
with mock.patch("osc_lib.utils.get_password", mocker):
|
|
yield
|
|
|
|
def test_user_password_change(self):
|
|
current_pass = 'old_pass'
|
|
new_pass = 'new_pass'
|
|
arglist = [
|
|
'--password',
|
|
new_pass,
|
|
]
|
|
verifylist = [
|
|
('password', new_pass),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# Mock getting user current password.
|
|
with self._mock_get_password(current_pass):
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
current_password=current_pass, password=new_pass
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_create_password_prompt(self):
|
|
current_pass = 'old_pass'
|
|
new_pass = 'new_pass'
|
|
parsed_args = self.check_parser(self.cmd, [], [])
|
|
|
|
# Mock getting user current and new password.
|
|
with self._mock_get_password(current_pass, new_pass):
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
current_password=current_pass, password=new_pass
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
def test_user_password_change_no_prompt(self):
|
|
current_pass = 'old_pass'
|
|
new_pass = 'new_pass'
|
|
arglist = [
|
|
'--password',
|
|
new_pass,
|
|
'--original-password',
|
|
current_pass,
|
|
]
|
|
verifylist = [
|
|
('password', new_pass),
|
|
('original_password', current_pass),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
result = self.cmd.take_action(parsed_args)
|
|
|
|
self.identity_sdk_client.update_user.assert_called_with(
|
|
current_password=current_pass, password=new_pass
|
|
)
|
|
self.assertIsNone(result)
|
|
|
|
|
|
class TestUserShow(identity_fakes.TestIdentityv3):
|
|
user = sdk_fakes.generate_fake_resource(_user.User)
|
|
|
|
def setUp(self):
|
|
super(TestUserShow, self).setUp()
|
|
|
|
self.identity_sdk_client.find_user.return_value = self.user
|
|
|
|
# Get the command object to test
|
|
self.cmd = user.ShowUser(self.app, None)
|
|
self.identity_client.auth.client.get_user_id.return_value = ( # noqa: E501
|
|
self.user.id
|
|
)
|
|
self.identity_client.tokens.get_token_data.return_value = {
|
|
'token': {
|
|
'user': {
|
|
'domain_id': {'id': self.user.domain_id},
|
|
'id': self.user.id,
|
|
'name': self.user.name,
|
|
}
|
|
}
|
|
}
|
|
|
|
def test_user_show(self):
|
|
arglist = [
|
|
self.user.id,
|
|
]
|
|
verifylist = [
|
|
('user', self.user.id),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
# In base command class ShowOne in cliff, abstract method take_action()
|
|
# returns a two-part tuple with a tuple of column names and a tuple of
|
|
# data to be shown.
|
|
columns, data = self.cmd.take_action(parsed_args)
|
|
|
|
self.identity_sdk_client.find_user.assert_called_with(
|
|
name_or_id=self.user.id, ignore_missing=False
|
|
)
|
|
|
|
collist = (
|
|
'default_project_id',
|
|
'domain_id',
|
|
'email',
|
|
'enabled',
|
|
'id',
|
|
'name',
|
|
'description',
|
|
'password_expires_at',
|
|
)
|
|
self.assertEqual(collist, columns)
|
|
datalist = (
|
|
self.user.default_project_id,
|
|
self.user.domain_id,
|
|
self.user.email,
|
|
True,
|
|
self.user.id,
|
|
self.user.name,
|
|
self.user.description,
|
|
self.user.password_expires_at,
|
|
)
|
|
self.assertEqual(datalist, data)
|
|
|
|
def test_user_show_with_domain(self):
|
|
user = sdk_fakes.generate_fake_resource(
|
|
resource_type=_user.User, name=self.user.name
|
|
)
|
|
|
|
arglist = [
|
|
"--domain",
|
|
self.user.domain_id,
|
|
user.name,
|
|
]
|
|
verifylist = [
|
|
('domain', self.user.domain_id),
|
|
('user', user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
user_str = common._get_token_resource(
|
|
self.identity_sdk_client,
|
|
'user',
|
|
parsed_args.user,
|
|
parsed_args.domain,
|
|
)
|
|
self.assertEqual(self.user.name, user_str)
|
|
|
|
arglist = [
|
|
"--domain",
|
|
user.domain_id,
|
|
user.name,
|
|
]
|
|
verifylist = [
|
|
('domain', user.domain_id),
|
|
('user', user.name),
|
|
]
|
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
|
|
|
user_str = common._get_token_resource(
|
|
self.identity_sdk_client,
|
|
'user',
|
|
parsed_args.user,
|
|
parsed_args.domain,
|
|
)
|
|
self.assertEqual(user.name, user_str)
|