diff options
| author | Morgan Fainberg <m@metacloud.com> | 2014-01-03 11:44:41 -0800 |
|---|---|---|
| committer | Morgan Fainberg <m@metacloud.com> | 2014-01-03 13:46:32 -0800 |
| commit | 348d66260d883ff7017c9284b7541542d805bb23 (patch) | |
| tree | 4c9f8f0d17b4a862d365fdbae202399dac77812b /keystone/tests/test_backend.py | |
| parent | 331b4ca3310c6df0795c2e5d1b55809d17bc0768 (diff) | |
| download | keystone-348d66260d883ff7017c9284b7541542d805bb23.tar.gz | |
Move deletion business logic out of controllers
Based upon the feedback on the credential_api deletion changes,
the deletion code should be moved down to the managers from the
controllers. This means the business logic to delete / modify
associated resources based upon a given action no longer resides
in the controller. The changes include (but are not limited to)
mass token deletion (delete_tokens_for_(user|trust|project|domain),
domain content deletion, credential deletion, etc.
This change also moves around the use of @dependency decorator
to ensure the *_api managers are added to the correct objects.
The token_api has been expanded to handle the token revocations
for users, projects, and domains directly (public methods). This
allows the managers to handle deletions rather than the
logic residing in the controllers; it was previously not clean
to issue a `delete_tokens_for_user` outside of the controller.
A few minor test changes and additions were needed to handle the
moving of business logic. Notably, the keystoneclient tests
(test_keystoneclient) CompatTestCase needs to setup SQL for the
credential_api to be able to perform delete logic.
bp: assignment-controller-first-class
Change-Id: I721e49258c10830b3c44f301e8c9e5f954262388
Diffstat (limited to 'keystone/tests/test_backend.py')
| -rw-r--r-- | keystone/tests/test_backend.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/keystone/tests/test_backend.py b/keystone/tests/test_backend.py index 5a66ea026..e24ac54e0 100644 --- a/keystone/tests/test_backend.py +++ b/keystone/tests/test_backend.py @@ -2209,6 +2209,11 @@ class IdentityTests(object): new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'], 'name': uuid.uuid4().hex} self.identity_api.create_group(new_group['id'], new_group) + # Make sure we get an empty list back on a new group, not an error. + user_refs = self.identity_api.list_users_in_group(new_group['id']) + self.assertEqual(user_refs, []) + # Make sure we get the correct users back once they have been added + # to the group. new_user = {'id': uuid.uuid4().hex, 'name': 'new_user', 'password': uuid.uuid4().hex, 'enabled': True, 'domain_id': domain['id']} @@ -2470,7 +2475,19 @@ class IdentityTests(object): domain_ref = self.assignment_api.get_domain(domain['id']) self.assertDictEqual(domain_ref, domain) + # Ensure an 'enabled' domain cannot be deleted + self.assertRaises(exception.ForbiddenAction, + self.assignment_api.delete_domain, + domain_id=domain['id']) + + # Disable the domain + domain['enabled'] = False + self.assignment_api.update_domain(domain['id'], domain) + + # Delete the domain self.assignment_api.delete_domain(domain['id']) + + # Make sure the domain no longer exists self.assertRaises(exception.DomainNotFound, self.assignment_api.get_domain, domain['id']) @@ -2640,6 +2657,11 @@ class IdentityTests(object): self.assignment_api.update_domain(domain_id, domain_ref) self.assertDictContainsSubset( domain_ref, self.assignment_api.get_domain(domain_id)) + # Make sure domain is 'disabled', bypass assignment api manager + domain_ref_disabled = domain_ref.copy() + domain_ref_disabled['enabled'] = False + self.assignment_api.driver.update_domain(domain_id, + domain_ref_disabled) # Delete domain, bypassing assignment api manager self.assignment_api.driver.delete_domain(domain_id) # Verify get_domain still returns the domain @@ -2654,6 +2676,9 @@ class IdentityTests(object): # Recreate Domain self.assignment_api.create_domain(domain_id, domain) self.assignment_api.get_domain(domain_id) + # Make sure domain is 'disabled', bypass assignment api manager + domain['enabled'] = False + self.assignment_api.driver.update_domain(domain_id, domain) # Delete domain self.assignment_api.delete_domain(domain_id) # verify DomainNotFound raised |