807
824
self.assertEqual(ref.legacy_endpoint_id, legacy_endpoint_id)
808
825
self.assertEqual(ref.extra, '{}')
827
def test_group_project_FK_fixup(self):
828
# To create test data we must start before we broke in the
829
# group_project_metadata table in 015.
831
session = self.Session()
833
domain_table = sqlalchemy.Table('domain', self.metadata, autoload=True)
834
group_table = sqlalchemy.Table('group', self.metadata, autoload=True)
835
tenant_table = sqlalchemy.Table('tenant', self.metadata, autoload=True)
836
role_table = sqlalchemy.Table('role', self.metadata, autoload=True)
837
group_project_metadata_table = sqlalchemy.Table(
838
'group_project_metadata', self.metadata, autoload=True)
841
domain = {'id': uuid.uuid4().hex,
842
'name': uuid.uuid4().hex,
844
session.execute(domain_table.insert().values(domain))
847
tenant = {'id': uuid.uuid4().hex,
848
'name': uuid.uuid4().hex,
850
session.execute(tenant_table.insert().values(tenant))
852
tenant1 = {'id': uuid.uuid4().hex,
853
'name': uuid.uuid4().hex,
855
session.execute(tenant_table.insert().values(tenant1))
858
group = {'id': uuid.uuid4().hex,
859
'name': uuid.uuid4().hex,
860
'domain_id': domain['id'],
861
'extra': json.dumps({})}
862
session.execute(group_table.insert().values(group))
867
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
868
session.execute(role_table.insert().values(role))
869
role_list.append(role)
871
# Grant Role to User on Project
872
role_grant = {'group_id': group['id'],
873
'project_id': tenant['id'],
874
'data': json.dumps({'roles': [role_list[0]['id']]})}
876
group_project_metadata_table.insert().values(role_grant))
878
role_grant = {'group_id': group['id'],
879
'project_id': tenant1['id'],
880
'data': json.dumps({'roles': [role_list[1]['id']]})}
882
group_project_metadata_table.insert().values(role_grant))
886
# Now upgrade and fix up the FKs
888
self.assertTableExists('group_project_metadata')
889
self.assertTableExists('project')
890
self.assertTableDoesNotExist('tenant')
892
s = sqlalchemy.select([group_project_metadata_table.c.data]).where(
893
(group_project_metadata_table.c.group_id == group['id']) &
894
(group_project_metadata_table.c.project_id == tenant['id']))
895
r = session.execute(s)
896
data = json.loads(r.fetchone()['data'])
897
self.assertEqual(len(data['roles']), 1)
898
self.assertIn(role_list[0]['id'], data['roles'])
900
s = sqlalchemy.select([group_project_metadata_table.c.data]).where(
901
(group_project_metadata_table.c.group_id == group['id']) &
902
(group_project_metadata_table.c.project_id == tenant1['id']))
903
r = session.execute(s)
904
data = json.loads(r.fetchone()['data'])
905
self.assertEqual(len(data['roles']), 1)
906
self.assertIn(role_list[1]['id'], data['roles'])
909
self.assertTableExists('group_project_metadata')
910
self.assertTableExists('project')
911
self.assertTableDoesNotExist('tenant')
913
def test_assignment_metadata_migration(self):
916
session = self.Session()
918
domain_table = sqlalchemy.Table('domain', self.metadata, autoload=True)
919
user_table = sqlalchemy.Table('user', self.metadata, autoload=True)
920
group_table = sqlalchemy.Table('group', self.metadata, autoload=True)
921
role_table = sqlalchemy.Table('role', self.metadata, autoload=True)
922
project_table = sqlalchemy.Table(
923
'project', self.metadata, autoload=True)
924
user_project_metadata_table = sqlalchemy.Table(
925
'user_project_metadata', self.metadata, autoload=True)
926
user_domain_metadata_table = sqlalchemy.Table(
927
'user_domain_metadata', self.metadata, autoload=True)
928
group_project_metadata_table = sqlalchemy.Table(
929
'group_project_metadata', self.metadata, autoload=True)
930
group_domain_metadata_table = sqlalchemy.Table(
931
'group_domain_metadata', self.metadata, autoload=True)
934
domain = {'id': uuid.uuid4().hex,
935
'name': uuid.uuid4().hex,
937
session.execute(domain_table.insert().values(domain))
939
# Create anther Domain
940
domain2 = {'id': uuid.uuid4().hex,
941
'name': uuid.uuid4().hex,
943
session.execute(domain_table.insert().values(domain2))
946
project = {'id': uuid.uuid4().hex,
947
'name': uuid.uuid4().hex,
948
'domain_id': domain['id'],
950
session.execute(project_table.insert().values(project))
952
# Create another Project
953
project2 = {'id': uuid.uuid4().hex,
954
'name': uuid.uuid4().hex,
955
'domain_id': domain['id'],
957
session.execute(project_table.insert().values(project2))
960
user = {'id': uuid.uuid4().hex,
961
'name': uuid.uuid4().hex,
962
'domain_id': domain['id'],
963
'password': uuid.uuid4().hex,
965
'extra': json.dumps({})}
966
session.execute(user_table.insert().values(user))
969
group = {'id': uuid.uuid4().hex,
970
'name': uuid.uuid4().hex,
971
'domain_id': domain['id'],
972
'extra': json.dumps({})}
973
session.execute(group_table.insert().values(group))
978
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
979
session.execute(role_table.insert().values(role))
980
role_list.append(role)
982
# Grant Role to User on Project
983
role_grant = {'user_id': user['id'],
984
'project_id': project['id'],
985
'data': json.dumps({'roles': [role_list[0]['id']]})}
987
user_project_metadata_table.insert().values(role_grant))
989
role_grant = {'user_id': user['id'],
990
'project_id': project2['id'],
991
'data': json.dumps({'roles': [role_list[1]['id']]})}
993
user_project_metadata_table.insert().values(role_grant))
995
# Grant Role to Group on different Project
996
role_grant = {'group_id': group['id'],
997
'project_id': project2['id'],
998
'data': json.dumps({'roles': [role_list[2]['id']]})}
1000
group_project_metadata_table.insert().values(role_grant))
1002
# Grant Role to User on Domain
1003
role_grant = {'user_id': user['id'],
1004
'domain_id': domain['id'],
1005
'data': json.dumps({'roles': [role_list[3]['id']]})}
1006
session.execute(user_domain_metadata_table.insert().values(role_grant))
1008
# Grant Role to Group on Domain
1009
role_grant = {'group_id': group['id'],
1010
'domain_id': domain['id'],
1012
{'roles': [role_list[4]['id']],
1013
'other': 'somedata'})}
1015
group_domain_metadata_table.insert().values(role_grant))
1020
s = sqlalchemy.select([user_project_metadata_table.c.data]).where(
1021
(user_project_metadata_table.c.user_id == user['id']) &
1022
(user_project_metadata_table.c.project_id == project['id']))
1023
r = session.execute(s)
1024
data = json.loads(r.fetchone()['data'])
1025
self.assertEqual(len(data['roles']), 1)
1026
self.assertIn({'id': role_list[0]['id']}, data['roles'])
1028
s = sqlalchemy.select([user_project_metadata_table.c.data]).where(
1029
(user_project_metadata_table.c.user_id == user['id']) &
1030
(user_project_metadata_table.c.project_id == project2['id']))
1031
r = session.execute(s)
1032
data = json.loads(r.fetchone()['data'])
1033
self.assertEqual(len(data['roles']), 1)
1034
self.assertIn({'id': role_list[1]['id']}, data['roles'])
1036
s = sqlalchemy.select([group_project_metadata_table.c.data]).where(
1037
(group_project_metadata_table.c.group_id == group['id']) &
1038
(group_project_metadata_table.c.project_id == project2['id']))
1039
r = session.execute(s)
1040
data = json.loads(r.fetchone()['data'])
1041
self.assertEqual(len(data['roles']), 1)
1042
self.assertIn({'id': role_list[2]['id']}, data['roles'])
1044
s = sqlalchemy.select([user_domain_metadata_table.c.data]).where(
1045
(user_domain_metadata_table.c.user_id == user['id']) &
1046
(user_domain_metadata_table.c.domain_id == domain['id']))
1047
r = session.execute(s)
1048
data = json.loads(r.fetchone()['data'])
1049
self.assertEqual(len(data['roles']), 1)
1050
self.assertIn({'id': role_list[3]['id']}, data['roles'])
1052
s = sqlalchemy.select([group_domain_metadata_table.c.data]).where(
1053
(group_domain_metadata_table.c.group_id == group['id']) &
1054
(group_domain_metadata_table.c.domain_id == domain['id']))
1055
r = session.execute(s)
1056
data = json.loads(r.fetchone()['data'])
1057
self.assertEqual(len(data['roles']), 1)
1058
self.assertIn({'id': role_list[4]['id']}, data['roles'])
1059
self.assertIn('other', data)
1061
# Now add an entry that has one regular and one inherited role
1062
role_grant = {'user_id': user['id'],
1063
'domain_id': domain2['id'],
1065
{'roles': [{'id': role_list[5]['id']},
1066
{'id': role_list[6]['id'],
1067
'inherited_to': 'projects'}]})}
1068
session.execute(user_domain_metadata_table.insert().values(role_grant))
1073
s = sqlalchemy.select([user_project_metadata_table.c.data]).where(
1074
(user_project_metadata_table.c.user_id == user['id']) &
1075
(user_project_metadata_table.c.project_id == project['id']))
1076
r = session.execute(s)
1077
data = json.loads(r.fetchone()['data'])
1078
self.assertEqual(len(data['roles']), 1)
1079
self.assertIn(role_list[0]['id'], data['roles'])
1081
s = sqlalchemy.select([user_project_metadata_table.c.data]).where(
1082
(user_project_metadata_table.c.user_id == user['id']) &
1083
(user_project_metadata_table.c.project_id == project2['id']))
1084
r = session.execute(s)
1085
data = json.loads(r.fetchone()['data'])
1086
self.assertEqual(len(data['roles']), 1)
1087
self.assertIn(role_list[1]['id'], data['roles'])
1089
s = sqlalchemy.select([group_project_metadata_table.c.data]).where(
1090
(group_project_metadata_table.c.group_id == group['id']) &
1091
(group_project_metadata_table.c.project_id == project2['id']))
1092
r = session.execute(s)
1093
data = json.loads(r.fetchone()['data'])
1094
self.assertEqual(len(data['roles']), 1)
1095
self.assertIn(role_list[2]['id'], data['roles'])
1097
s = sqlalchemy.select([user_domain_metadata_table.c.data]).where(
1098
(user_domain_metadata_table.c.user_id == user['id']) &
1099
(user_domain_metadata_table.c.domain_id == domain['id']))
1100
r = session.execute(s)
1101
data = json.loads(r.fetchone()['data'])
1102
self.assertEqual(len(data['roles']), 1)
1103
self.assertIn(role_list[3]['id'], data['roles'])
1105
s = sqlalchemy.select([group_domain_metadata_table.c.data]).where(
1106
(group_domain_metadata_table.c.group_id == group['id']) &
1107
(group_domain_metadata_table.c.domain_id == domain['id']))
1108
r = session.execute(s)
1109
data = json.loads(r.fetchone()['data'])
1110
self.assertEqual(len(data['roles']), 1)
1111
self.assertIn(role_list[4]['id'], data['roles'])
1112
self.assertIn('other', data)
1114
# For user-domain2, where we had one regular and one inherited role,
1115
# only the direct role should remain, the inherited role should
1116
# have been deleted during the downgrade
1117
s = sqlalchemy.select([user_domain_metadata_table.c.data]).where(
1118
(user_domain_metadata_table.c.user_id == user['id']) &
1119
(user_domain_metadata_table.c.domain_id == domain2['id']))
1120
r = session.execute(s)
1121
data = json.loads(r.fetchone()['data'])
1122
self.assertEqual(len(data['roles']), 1)
1123
self.assertIn(role_list[5]['id'], data['roles'])
810
1125
def populate_user_table(self, with_pass_enab=False,
811
1126
with_pass_enab_domain=False):
812
1127
# Populate the appropriate fields in the user