More validation in test_user_enable_attribute_mask

Validate the enabled attribute returned by create_user, update_user. Also, validate that the enabled attribute in the LDAP server is set. Change-Id: I78d194528ad4fd67fc35ca4d124f2e031d02d9cc Related-Bug: #1210175
openstack · Aug 16, 2013 · 54178b7 · 54178b7
1 parent 81534a1
commit 54178b7
Showing 1 changed file with 37 additions and 6 deletions.
diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py
@@ -17,6 +17,8 @@
 
 import uuid
 
+import ldap
+
 from keystone import assignment
 from keystone.common.ldap import fakeldap
 from keystone.common import sql
@@ -480,21 +482,50 @@ def test_user_enable_attribute_mask(self):
         self.load_backends()
         self.load_fixtures(default_fixtures)
 
+        ldap_ = self.identity_api.driver.user.get_connection()
+
+        def get_enabled_vals():
+            user_dn = self.identity_api.driver.user._id_to_dn_string('fake1')
+            enabled_attr_name = CONF.ldap.user_enabled_attribute
+
+            res = ldap_.search_s(user_dn,
+                                 ldap.SCOPE_BASE,
+                                 query='(sn=fake1)')
+            return res[0][1][enabled_attr_name]
+
         user = {'id': 'fake1', 'name': 'fake1', 'enabled': True,
                 'domain_id': CONF.identity.default_domain_id}
-        self.identity_api.create_user('fake1', user)
+
+        user_ref = self.identity_api.create_user('fake1', user)
+
+        self.assertEqual(user_ref['enabled'], 512)
+        # TODO(blk-u): 512 seems wrong, should it be True?
+
+        enabled_vals = get_enabled_vals()
+        self.assertEqual(enabled_vals, [512])
+
         user_ref = self.identity_api.get_user('fake1')
-        self.assertEqual(user_ref['enabled'], True)
+        self.assertIs(user_ref['enabled'], True)
 
         user['enabled'] = False
-        self.identity_api.update_user('fake1', user)
+        user_ref = self.identity_api.update_user('fake1', user)
+        self.assertIs(user_ref['enabled'], False)
+
+        enabled_vals = get_enabled_vals()
+        self.assertEqual(enabled_vals, [514])
+
         user_ref = self.identity_api.get_user('fake1')
-        self.assertEqual(user_ref['enabled'], False)
+        self.assertIs(user_ref['enabled'], False)
 
         user['enabled'] = True
-        self.identity_api.update_user('fake1', user)
+        user_ref = self.identity_api.update_user('fake1', user)
+        self.assertIs(user_ref['enabled'], True)
+
+        enabled_vals = get_enabled_vals()
+        self.assertEqual(enabled_vals, [512])
+
         user_ref = self.identity_api.get_user('fake1')
-        self.assertEqual(user_ref['enabled'], True)
+        self.assertIs(user_ref['enabled'], True)
 
     def test_user_api_get_connection_no_user_password(self):
         """Don't bind in case the user and password are blank."""