]> git.donarmstrong.com Git - dsa-puppet.git/blob - 3rdparty/modules/keystone/spec/unit/provider/keystone_user/openstack_spec.rb
projects / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
try with modules from master
[dsa-puppet.git] / 3rdparty / modules / keystone / spec / unit / provider / keystone_user / openstack_spec.rb
1 require 'puppet'
2 require 'spec_helper'
3 require 'puppet/provider/keystone_user/openstack'
4
5 provider_class = Puppet::Type.type(:keystone_user).provider(:openstack)
6
7 describe provider_class do
8
9   shared_examples 'authenticated with environment variables' do
10     ENV['OS_USERNAME']     = 'test'
11     ENV['OS_PASSWORD']     = 'abc123'
12     ENV['OS_PROJECT_NAME'] = 'test'
13     ENV['OS_AUTH_URL']     = 'http://127.0.0.1:5000'
14   end
15
16   let(:user_attrs) do
17     {
18       :name         => 'foo',
19       :ensure       => :present,
20       :enabled      => 'True',
21       :password     => 'foo',
22       :tenant       => 'foo',
23       :email        => 'foo@example.com',
24     }
25   end
26
27   let(:resource) do
28     Puppet::Type::Keystone_user.new(user_attrs)
29   end
30
31   let(:provider) do
32     provider_class.new(resource)
33   end
34
35   describe 'when managing a user' do
36     it_behaves_like 'authenticated with environment variables' do
37       describe '#create' do
38         it 'creates a user' do
39           provider.class.stubs(:openstack)
40                         .with('user', 'list', '--quiet', '--format', 'csv', '--long')
41                         .returns('"ID","Name","Project","Email","Enabled"
42 "1cb05cfed7c24279be884ba4f6520262","foo","foo","foo@example.com",True
43 ')
44           provider.class.stubs(:openstack)
45                         .with('user', 'create', '--format', 'shell', ['foo', '--enable', '--password', 'foo', '--project', 'foo', '--email', 'foo@example.com'])
46                         .returns('email="foo@example.com"
47 enabled="True"
48 id="12b23f07d4a3448d8189521ab09610b0"
49 name="foo"
50 project_id="5e2001b2248540f191ff22627dc0c2d7"
51 username="foo"
52 ')
53           provider.create
54           expect(provider.exists?).to be_truthy
55         end
56       end
57
58       describe '#destroy' do
59         it 'destroys a user' do
60           provider.class.stubs(:openstack)
61                         .with('user', 'list', '--quiet', '--format', 'csv', '--long')
62                         .returns('"ID","Name","Project","Email","Enabled"')
63           provider.class.stubs(:openstack)
64                         .with('user', 'delete', [])
65           provider.destroy
66           expect(provider.exists?).to be_falsey
67         end
68
69       end
70
71       describe '#exists' do
72         context 'when user does not exist' do
73           subject(:response) do
74             provider.class.stubs(:openstack)
75                           .with('user', 'list', '--quiet', '--format', 'csv', '--long')
76                           .returns('"ID","Name","Project","Email","Enabled"')
77             response = provider.exists?
78           end
79
80           it { is_expected.to be_falsey }
81         end
82       end
83
84       describe '#instances' do
85         it 'finds every user' do
86           provider.class.stubs(:openstack)
87                         .with('user', 'list', '--quiet', '--format', 'csv', '--long')
88                         .returns('"ID","Name","Project","Email","Enabled"
89 "1cb05cfed7c24279be884ba4f6520262","foo","foo","foo@example.com",True
90 ')
91           instances = Puppet::Type::Keystone_user::ProviderOpenstack.instances
92           expect(instances.count).to eq(1)
93         end
94       end
95
96       describe '#tenant' do
97         it 'gets the tenant with default backend' do
98           provider.class.stubs(:openstack)
99                         .with('user', 'list', '--quiet', '--format', 'csv', '--long')
100                         .returns('"ID","Name","Project","Email","Enabled"
101 "1cb05cfed7c24279be884ba4f6520262","foo","foo","foo@example.com",True
102 ')
103           provider.class.stubs(:openstack)
104                         .with('user role', 'list', '--quiet', '--format', 'csv', ['foo', '--project', 'foo'])
105                         .returns('"ID","Name","Project","User"
106 "9fe2ff9ee4384b1894a90878d3e92bab","_member_","foo","foo"
107 ')
108           tenant = provider.tenant
109           expect(tenant).to eq('foo')
110         end
111
112         it 'gets the tenant with LDAP backend' do
113           provider.class.stubs(:openstack)
114                         .with('user', 'list', '--quiet', '--format', 'csv', '--long')
115                         .returns('"ID","Name","Project","Email","Enabled"
116 "1cb05cfed7c24279be884ba4f6520262","foo","","foo@example.com",True
117 ')
118           provider.class.expects(:openstack)
119                         .with('user role', 'list', '--quiet', '--format', 'csv', ['foo', '--project', 'foo'])
120                         .returns('"ID","Name","Project","User"
121 "1cb05cfed7c24279be884ba4f6520262","foo","foo","foo"
122 ')
123           tenant = provider.tenant
124           expect(tenant).to eq('foo')
125         end
126       end
127
128       describe '#tenant=' do
129         context 'when using default backend' do
130           it 'sets the tenant' do
131             provider.class.expects(:openstack)
132                           .with('user', 'set', ['foo', '--project', 'bar'])
133             provider.class.expects(:openstack)
134                           .with('user role', 'list', '--quiet', '--format', 'csv', ['foo', '--project', 'bar'])
135                           .returns('"ID","Name","Project","User"
136 "9fe2ff9ee4384b1894a90878d3e92bab","_member_","bar","foo"
137 ')
138             provider.tenant=('bar')
139           end
140         end
141
142         context 'when using LDAP read-write backend' do
143           it 'sets the tenant when _member_ role exists' do
144             provider.class.expects(:openstack)
145                           .with('user', 'set', ['foo', '--project', 'bar'])
146             provider.class.expects(:openstack)
147                           .with('user role', 'list', '--quiet', '--format', 'csv', ['foo', '--project', 'bar'])
148                           .returns('')
149             provider.class.expects(:openstack)
150                           .with('role', 'show', '--format', 'shell', ['_member_'])
151                           .returns('id="9fe2ff9ee4384b1894a90878d3e92bab"
152 name="_member_"
153 ')
154             provider.class.expects(:openstack)
155                           .with('role', 'add', ['_member_', '--project', 'bar', '--user', 'foo'])
156             provider.tenant=('bar')
157           end
158           it 'sets the tenant when _member_ role does not exist' do
159             provider.class.expects(:openstack)
160                           .with('user', 'set', ['foo', '--project', 'bar'])
161             provider.class.expects(:openstack)
162                           .with('user role', 'list', '--quiet', '--format', 'csv', ['foo', '--project', 'bar'])
163                           .returns('')
164             provider.class.expects(:openstack)
165                           .with('role', 'show', '--format', 'shell', ['_member_'])
166                           .raises(Puppet::ExecutionFailure, 'no such role _member_')
167             provider.class.expects(:openstack)
168                           .with('role', 'create', '--format', 'shell', ['_member_'])
169                           .returns('name="_member_"')
170             provider.class.expects(:openstack)
171                           .with('role', 'add', ['_member_', '--project', 'bar', '--user', 'foo'])
172                           .returns('id="8wr2ff9ee4384b1894a90878d3e92bab"
173 name="_member_"
174 ')
175             provider.tenant=('bar')
176           end
177         end
178
179 # This doesn't make sense, need to clarify what's happening with LDAP mock
180 =begin
181         context 'when using LDAP read-only backend' do
182           it 'sets the tenant when _member_ role exists' do
183             provider.class.expects(:openstack)
184                           .with('user', 'set', [['foo', '--project', 'bar']])
185                           .raises(Puppet::ExecutionFailure, 'You are not authorized to perform the requested action: LDAP user update')
186             provider.class.expects(:openstack)
187                            .with('user role', 'list', '--quiet', '--format', 'csv', [['foo', '--project', 'bar']])
188                            .returns('')
189             provider.class.expects(:openstack)
190                           .with('role', 'show', '--format', 'shell', [['_member_']])
191                           .returns('id="9fe2ff9ee4384b1894a90878d3e92bab"
192 name="_member_"
193 ')
194             provider.class.expects(:openstack)
195                           .with('role', 'add', [['_member_', '--project', 'bar', '--user', 'foo']])
196             provider.tenant=('bar')
197           end
198
199           it 'sets the tenant and gets an unexpected exception message' do
200             provider.class.expects(:openstack)
201                           .with('user', 'set', [['foo', '--project', 'bar']])
202                           .raises(Puppet::ExecutionFailure, 'unknown error message')
203             expect{ provider.tenant=('bar') }.to raise_error(Puppet::ExecutionFailure, /unknown error message/)
204           end
205         end
206 =end
207       end
208     end
209   end
210
211   describe "#password" do
212     let(:user_attrs) do
213       {
214         :name         => 'foo',
215         :ensure       => 'present',
216         :enabled      => 'True',
217         :password     => 'foo',
218         :tenant       => 'foo',
219         :email        => 'foo@example.com',
220       }
221     end
222
223     let(:resource) do
224       Puppet::Type::Keystone_user.new(user_attrs)
225     end
226
227     let :provider do
228       provider_class.new(resource)
229     end
230
231     shared_examples 'with auth-url environment variable' do
232       ENV['OS_AUTH_URL'] = 'http://localhost:5000'
233     end
234
235     it_behaves_like 'with auth-url environment variable' do
236       it 'checks the password' do
237         Puppet::Provider::Openstack.stubs(:openstack)
238                       .with('token', 'issue', ['--format', 'value'])
239                       .returns('2015-05-14T04:06:05Z
240 e664a386befa4a30878dcef20e79f167
241 8dce2ae9ecd34c199d2877bf319a3d06
242 ac43ec53d5a74a0b9f51523ae41a29f0
243 ')
244         password = provider.password
245         expect(password).to eq('foo')
246       end
247
248       it 'fails the password check' do
249         Puppet::Provider::Openstack.stubs(:openstack)
250                       .with('token', 'issue', ['--format', 'value'])
251                       .raises(Puppet::ExecutionFailure, 'HTTP 401 invalid authentication')
252         password = provider.password
253         expect(password).to eq(nil)
254       end
255     end
256
257     describe 'when updating a user with unmanaged password' do
258
259       let(:user_attrs) do
260         {
261           :name             => 'foo',
262           :ensure           => 'present',
263           :enabled          => 'True',
264           :password         => 'foo',
265           :replace_password => 'False',
266           :tenant           => 'foo',
267           :email            => 'foo@example.com',
268         }
269       end
270
271       it 'should not try to check password' do
272         expect(provider.password).to eq('foo')
273       end
274     end
275
276   end
277 end
Unnamed repository; edit this file 'description' to name the repository.