def find_domain(identity_client, name_or_id):
"""Find a domain.
If the user does not have permssions to access the v3 domain API,
assume that domain given is the id rather than the name. This
method is used by the project list command, so errors access the
domain will be ignored and if the user has access to the project
API, everything will work fine.
Closes bugs #1317478 and #1317485.
"""
try:
dom = utils.find_resource(identity_client.domains, name_or_id)
if dom is not None:
return dom
except identity_exc.Forbidden:
pass
return domains.Domain(None, {'id': name_or_id})
def data(TEST):
# Make a deep copy of the catalog to avoid persisting side-effects
# when tests modify the catalog.
TEST.service_catalog = copy.deepcopy(SERVICE_CATALOG)
TEST.tokens = utils.TestDataContainer()
TEST.domains = utils.TestDataContainer()
TEST.users = utils.TestDataContainer()
TEST.groups = utils.TestDataContainer()
TEST.tenants = utils.TestDataContainer()
TEST.role_assignments = utils.TestDataContainer()
TEST.roles = utils.TestDataContainer()
TEST.ec2 = utils.TestDataContainer()
TEST.identity_providers = utils.TestDataContainer()
TEST.idp_mappings = utils.TestDataContainer()
TEST.idp_protocols = utils.TestDataContainer()
admin_role_dict = {'id': '1',
'name': 'admin'}
admin_role = roles.Role(roles.RoleManager, admin_role_dict, loaded=True)
member_role_dict = {'id': "2",
'name': settings.OPENSTACK_KEYSTONE_DEFAULT_ROLE}
member_role = roles.Role(roles.RoleManager, member_role_dict, loaded=True)
TEST.roles.add(admin_role, member_role)
TEST.roles.admin = admin_role
TEST.roles.member = member_role
domain_dict = {'id': "1",
'name': 'test_domain',
'description': "a test domain.",
'enabled': True}
domain_dict_2 = {'id': "2",
'name': 'disabled_domain',
'description': "a disabled test domain.",
'enabled': False}
domain = domains.Domain(domains.DomainManager, domain_dict)
disabled_domain = domains.Domain(domains.DomainManager, domain_dict_2)
TEST.domains.add(domain, disabled_domain)
TEST.domain = domain # Your "current" domain
user_dict = {'id': "1",
'name': 'test_user',
'description': 'test_description',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True,
'domain_id': "1"}
user = users.User(None, user_dict)
user_dict = {'id': "2",
'name': 'user_two',
'description': 'test_description',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True,
'domain_id': "1"}
user2 = users.User(None, user_dict)
user_dict = {'id': "3",
'name': 'user_three',
'description': 'test_description',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True,
'domain_id': "1"}
user3 = users.User(None, user_dict)
user_dict = {'id': "4",
'name': 'user_four',
'description': 'test_description',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '2',
'enabled': True,
'domain_id': "2"}
user4 = users.User(None, user_dict)
user_dict = {'id': "5",
'name': 'user_five',
'description': 'test_description',
'email': None,
'password': '******',
'token': 'test_token',
'project_id': '2',
'enabled': True,
'domain_id': "1"}
user5 = users.User(None, user_dict)
TEST.users.add(user, user2, user3, user4, user5)
TEST.user = user # Your "current" user
TEST.user.service_catalog = copy.deepcopy(SERVICE_CATALOG)
group_dict = {'id': "1",
'name': 'group_one',
'description': 'group one description',
'project_id': '1',
'domain_id': '1'}
group = groups.Group(groups.GroupManager(None), group_dict)
group_dict = {'id': "2",
'name': 'group_two',
'description': 'group two description',
'project_id': '1',
'domain_id': '1'}
group2 = groups.Group(groups.GroupManager(None), group_dict)
group_dict = {'id': "3",
'name': 'group_three',
'description': 'group three description',
'project_id': '1',
'domain_id': '1'}
group3 = groups.Group(groups.GroupManager(None), group_dict)
group_dict = {'id': "4",
'name': 'group_four',
'description': 'group four description',
'project_id': '2',
'domain_id': '2'}
group4 = groups.Group(groups.GroupManager(None), group_dict)
TEST.groups.add(group, group2, group3, group4)
role_assignments_dict = {'user': {'id': '1'},
'role': {'id': '1'},
'scope': {'project': {'id': '1'}}}
proj_role_assignment1 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'user': {'id': '2'},
'role': {'id': '2'},
'scope': {'project': {'id': '1'}}}
proj_role_assignment2 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'group': {'id': '1'},
'role': {'id': '2'},
'scope': {'project': {'id': '1'}}}
proj_role_assignment3 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'user': {'id': '3'},
'role': {'id': '2'},
'scope': {'project': {'id': '1'}}}
proj_role_assignment4 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'user': {'id': '1'},
'role': {'id': '1'},
'scope': {'domain': {'id': '1'}}}
domain_role_assignment1 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'user': {'id': '2'},
'role': {'id': '2'},
'scope': {'domain': {'id': '1'}}}
domain_role_assignment2 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'group': {'id': '1'},
'role': {'id': '2'},
'scope': {'domain': {'id': '1'}}}
domain_role_assignment3 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
role_assignments_dict = {'user': {'id': '3'},
'role': {'id': '2'},
'scope': {'domain': {'id': '1'}}}
domain_role_assignment4 = role_assignments.RoleAssignment(
role_assignments.RoleAssignmentManager, role_assignments_dict)
TEST.role_assignments.add(proj_role_assignment1,
proj_role_assignment2,
proj_role_assignment3,
proj_role_assignment4,
domain_role_assignment1,
domain_role_assignment2,
domain_role_assignment3,
domain_role_assignment4)
tenant_dict = {'id': "1",
'name': 'test_tenant',
'description': "a test tenant.",
'enabled': True,
'domain_id': '1',
'domain_name': 'test_domain'}
tenant_dict_2 = {'id': "2",
'name': 'disabled_tenant',
'description': "a disabled test tenant.",
'enabled': False,
'domain_id': '2',
'domain_name': 'disabled_domain'}
tenant_dict_3 = {'id': "3",
'name': u'\u4e91\u89c4\u5219',
'description': "an unicode-named tenant.",
'enabled': True,
'domain_id': '2',
'domain_name': 'disabled_domain'}
tenant = tenants.Tenant(tenants.TenantManager, tenant_dict)
disabled_tenant = tenants.Tenant(tenants.TenantManager, tenant_dict_2)
tenant_unicode = tenants.Tenant(tenants.TenantManager, tenant_dict_3)
TEST.tenants.add(tenant, disabled_tenant, tenant_unicode)
TEST.tenant = tenant # Your "current" tenant
tomorrow = datetime_safe.datetime.now() + timedelta(days=1)
expiration = tomorrow.isoformat()
scoped_token_dict = {
'access': {
'token': {
'id': "test_token_id",
'expires': expiration,
'tenant': tenant_dict,
'tenants': [tenant_dict]},
'user': {
'id': "test_user_id",
'name': "test_user",
'roles': [member_role_dict]},
'serviceCatalog': TEST.service_catalog
}
}
scoped_access_info = access.AccessInfo.factory(resp=None,
body=scoped_token_dict)
unscoped_token_dict = {
'access': {
'token': {
'id': "test_token_id",
'expires': expiration},
'user': {
'id': "test_user_id",
'name': "test_user",
'roles': [member_role_dict]},
'serviceCatalog': TEST.service_catalog
}
}
unscoped_access_info = access.AccessInfo.factory(resp=None,
body=unscoped_token_dict)
scoped_token = auth_user.Token(scoped_access_info)
unscoped_token = auth_user.Token(unscoped_access_info)
TEST.tokens.add(scoped_token, unscoped_token)
TEST.token = scoped_token # your "current" token.
TEST.tokens.scoped_token = scoped_token
TEST.tokens.unscoped_token = unscoped_token
access_secret = ec2.EC2(ec2.CredentialsManager, {"access": "access",
"secret": "secret",
"tenant_id": tenant.id})
TEST.ec2.add(access_secret)
idp_dict_1 = {'id': 'idp_1',
'description': 'identity provider 1',
'enabled': True,
'remote_ids': ['rid_1', 'rid_2']}
idp_1 = identity_providers.IdentityProvider(
identity_providers.IdentityProviderManager,
idp_dict_1, loaded=True)
idp_dict_2 = {'id': 'idp_2',
'description': 'identity provider 2',
'enabled': True,
'remote_ids': ['rid_3', 'rid_4']}
idp_2 = identity_providers.IdentityProvider(
identity_providers.IdentityProviderManager,
idp_dict_2, loaded=True)
TEST.identity_providers.add(idp_1, idp_2)
idp_mapping_dict = {
"id": "mapping_1",
"rules": [
{
"local": [
{
"user": {
"name": "{0}"
}
},
{
"group": {
"id": "0cd5e9"
}
}
],
"remote": [
{
"type": "UserName"
},
{
"type": "orgPersonType",
"not_any_of": [
"Contractor",
"Guest"
]
}
]
}
]
}
idp_mapping = mappings.Mapping(
mappings.MappingManager(None),
idp_mapping_dict)
TEST.idp_mappings.add(idp_mapping)
idp_protocol_dict_1 = {'id': 'protocol_1',
'mapping_id': 'mapping_1'}
idp_protocol = protocols.Protocol(
protocols.ProtocolManager,
idp_protocol_dict_1,
loaded=True)
TEST.idp_protocols.add(idp_protocol)
def data(TEST):
TEST.service_catalog = SERVICE_CATALOG
TEST.tokens = TestDataContainer()
TEST.domains = TestDataContainer()
TEST.users = TestDataContainer()
TEST.groups = TestDataContainer()
TEST.tenants = TestDataContainer()
TEST.roles = TestDataContainer()
TEST.ec2 = TestDataContainer()
admin_role_dict = {'id': '1', 'name': 'admin'}
admin_role = roles.Role(roles.RoleManager, admin_role_dict)
member_role_dict = {
'id': "2",
'name': settings.OPENSTACK_KEYSTONE_DEFAULT_ROLE
}
member_role = roles.Role(roles.RoleManager, member_role_dict)
TEST.roles.add(admin_role, member_role)
TEST.roles.admin = admin_role
TEST.roles.member = member_role
domain_dict = {
'id': "1",
'name': 'test_domain',
'description': "a test domain.",
'enabled': True
}
domain_dict_2 = {
'id': "2",
'name': 'disabled_domain',
'description': "a disabled test domain.",
'enabled': False
}
domain = domains.Domain(domains.DomainManager, domain_dict)
disabled_domain = domains.Domain(domains.DomainManager, domain_dict_2)
TEST.domains.add(domain, disabled_domain)
TEST.domain = domain # Your "current" domain
user_dict = {
'id': "1",
'name': 'test_user',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True,
'domain_id': "1"
}
user = users.User(users.UserManager(None), user_dict)
user_dict = {
'id': "2",
'name': 'user_two',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True,
'domain_id': "1"
}
user2 = users.User(users.UserManager(None), user_dict)
user_dict = {
'id': "3",
'name': 'user_three',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True,
'domain_id': "1"
}
user3 = users.User(users.UserManager(None), user_dict)
user_dict = {
'id': "4",
'name': 'user_four',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '2',
'enabled': True,
'domain_id': "2"
}
user4 = users.User(users.UserManager(None), user_dict)
TEST.users.add(user, user2, user3, user4)
TEST.user = user # Your "current" user
TEST.user.service_catalog = SERVICE_CATALOG
group_dict = {
'id': "1",
'name': 'group_one',
'description': 'group one description',
'domain_id': '1'
}
group = groups.Group(groups.GroupManager(None), group_dict)
group_dict = {
'id': "2",
'name': 'group_two',
'description': 'group two description',
'domain_id': '1'
}
group2 = groups.Group(groups.GroupManager(None), group_dict)
group_dict = {
'id': "3",
'name': 'group_three',
'description': 'group three description',
'domain_id': '2'
}
group3 = groups.Group(groups.GroupManager(None), group_dict)
TEST.groups.add(group, group2, group3)
tenant_dict = {
'id': "1",
'name': 'test_tenant',
'description': "a test tenant.",
'enabled': True,
'domain_id': '1'
}
tenant_dict_2 = {
'id': "2",
'name': 'disabled_tenant',
'description': "a disabled test tenant.",
'enabled': False,
'domain_id': '2'
}
tenant_dict_3 = {
'id': "3",
'name': u'\u4e91\u89c4\u5219',
'description': "an unicode-named tenant.",
'enabled': True,
'domain_id': '2'
}
tenant = tenants.Tenant(tenants.TenantManager, tenant_dict)
disabled_tenant = tenants.Tenant(tenants.TenantManager, tenant_dict_2)
tenant_unicode = tenants.Tenant(tenants.TenantManager, tenant_dict_3)
TEST.tenants.add(tenant, disabled_tenant, tenant_unicode)
TEST.tenant = tenant # Your "current" tenant
tomorrow = datetime_safe.datetime.now() + timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
scoped_token_dict = {
'access': {
'token': {
'id': "test_token_id",
'expires': expiration,
'tenant': tenant_dict,
'tenants': [tenant_dict]
},
'user': {
'id': "test_user_id",
'name': "test_user",
'roles': [member_role_dict]
},
'serviceCatalog': TEST.service_catalog
}
}
scoped_access_info = AccessInfo.factory(resp=None, body=scoped_token_dict)
unscoped_token_dict = {
'access': {
'token': {
'id': "test_token_id",
'expires': expiration
},
'user': {
'id': "test_user_id",
'name': "test_user",
'roles': [member_role_dict]
},
'serviceCatalog': TEST.service_catalog
}
}
unscoped_access_info = AccessInfo.factory(resp=None,
body=unscoped_token_dict)
scoped_token = Token(scoped_access_info)
unscoped_token = Token(unscoped_access_info)
TEST.tokens.add(scoped_token, unscoped_token)
TEST.token = scoped_token # your "current" token.
TEST.tokens.scoped_token = scoped_token
TEST.tokens.unscoped_token = unscoped_token
access_secret = ec2.EC2(ec2.CredentialsManager, {
"access": "access",
"secret": "secret"
})
TEST.ec2.add(access_secret)
def generate_test_data(service_providers=False, endpoint='localhost'):
'''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer()
keystone_service = {
'type': 'identity',
'id': uuid.uuid4().hex,
'endpoints': [
{
'url': 'http://admin.%s/identity/v3' % endpoint,
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
},
{
'url': 'http://internal.%s/identity/v3' % endpoint,
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
},
{
'url': 'http://public.%s/identity/v3' % endpoint,
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
}
]
}
# Domains
domain_dict = {'id': uuid.uuid4().hex,
'name': 'domain',
'description': '',
'enabled': True}
test_data.domain = domains.Domain(domains.DomainManager(None),
domain_dict, loaded=True)
# Users
user_dict = {'id': uuid.uuid4().hex,
'name': 'gabriel',
'email': '*****@*****.**',
'password': '******',
'domain_id': domain_dict['id'],
'token': '',
'enabled': True}
test_data.user = users.User(users.UserManager(None),
user_dict, loaded=True)
# Projects
project_dict_1 = {'id': uuid.uuid4().hex,
'name': 'tenant_one',
'description': '',
'domain_id': domain_dict['id'],
'enabled': True}
project_dict_2 = {'id': uuid.uuid4().hex,
'name': 'tenant_two',
'description': '',
'domain_id': domain_dict['id'],
'enabled': False}
test_data.project_one = projects.Project(projects.ProjectManager(None),
project_dict_1,
loaded=True)
test_data.project_two = projects.Project(projects.ProjectManager(None),
project_dict_2,
loaded=True)
# Roles
role_dict = {'id': uuid.uuid4().hex,
'name': 'Member'}
test_data.role = roles.Role(roles.RoleManager, role_dict)
nova_service = {
'type': 'compute',
'id': uuid.uuid4().hex,
'endpoints': [
{
'url': ('http://nova-admin.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
},
{
'url': ('http://nova-internal.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
},
{
'url': ('http://nova-public.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
},
{
'url': ('http://nova2-admin.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionTwo',
'interface': 'admin',
'id': uuid.uuid4().hex,
},
{
'url': ('http://nova2-internal.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionTwo',
'interface': 'internal',
'id': uuid.uuid4().hex
},
{
'url': ('http://nova2-public.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionTwo',
'interface': 'public',
'id': uuid.uuid4().hex
}
]
}
# Tokens
tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
auth_token = uuid.uuid4().hex
auth_response_headers = {
'X-Subject-Token': auth_token
}
auth_response = TestResponse({
"headers": auth_response_headers
})
scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
sp_list = None
if service_providers:
test_data.sp_auth_url = 'http://service_provider_endp/identity/v3'
test_data.service_provider_id = 'k2kserviceprovider'
# The access info for the identity provider
# should return a list of service providers
sp_list = [
{'auth_url': test_data.sp_auth_url,
'id': test_data.service_provider_id,
'sp_url': 'https://k2kserviceprovider/sp_url'}
]
scoped_token_dict['token']['service_providers'] = sp_list
test_data.scoped_access_info = access.create(
resp=auth_response,
body=scoped_token_dict
)
domain_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name'],
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.domain_scoped_access_info = access.create(
resp=auth_response,
body=domain_token_dict
)
unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'catalog': [keystone_service]
}
}
if service_providers:
unscoped_token_dict['token']['service_providers'] = sp_list
test_data.unscoped_access_info = access.create(
resp=auth_response,
body=unscoped_token_dict
)
# Service Catalog
test_data.service_catalog = service_catalog.ServiceCatalogV3(
[keystone_service, nova_service])
# federated user
federated_scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [
{'id': uuid.uuid4().hex},
{'id': uuid.uuid4().hex}
]
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.federated_scoped_access_info = access.create(
resp=auth_response,
body=federated_scoped_token_dict
)
federated_unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [
{'id': uuid.uuid4().hex},
{'id': uuid.uuid4().hex}
]
}
},
'catalog': [keystone_service]
}
}
test_data.federated_unscoped_access_info = access.create(
resp=auth_response,
body=federated_unscoped_token_dict
)
return test_data
def generate_test_data():
'''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer()
keystone_service = {
'type':
'identity',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': 'http://admin.localhost:35357/v3',
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
}, {
'url': 'http://internal.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
}, {
'url': 'http://public.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
}]
}
# Domains
domain_dict = {
'id': uuid.uuid4().hex,
'name': 'domain',
'description': '',
'enabled': True
}
test_data.domain = domains.Domain(domains.DomainManager(None),
domain_dict,
loaded=True)
# Users
user_dict = {
'id': uuid.uuid4().hex,
'name': 'gabriel',
'email': '*****@*****.**',
'password': '******',
'domain_id': domain_dict['id'],
'token': '',
'enabled': True
}
test_data.user = users.User(users.UserManager(None),
user_dict,
loaded=True)
# Projects
project_dict_1 = {
'id': uuid.uuid4().hex,
'name': 'tenant_one',
'description': '',
'domain_id': domain_dict['id'],
'enabled': True
}
project_dict_2 = {
'id': uuid.uuid4().hex,
'name': 'tenant_two',
'description': '',
'domain_id': domain_dict['id'],
'enabled': False
}
test_data.project_one = projects.Project(projects.ProjectManager(None),
project_dict_1,
loaded=True)
test_data.project_two = projects.Project(projects.ProjectManager(None),
project_dict_2,
loaded=True)
# Roles
role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'}
test_data.role = roles.Role(roles.RoleManager, role_dict)
nova_service = {
'type':
'compute',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': ('http://nova-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'public',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova2-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'public',
'id':
uuid.uuid4().hex
}]
}
# Tokens
tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
auth_token = uuid.uuid4().hex
auth_response_headers = {'X-Subject-Token': auth_token}
auth_response = TestResponse({"headers": auth_response_headers})
scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.scoped_access_info = access.AccessInfo.factory(
resp=auth_response, body=scoped_token_dict)
unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'catalog': [keystone_service]
}
}
test_data.unscoped_access_info = access.AccessInfo.factory(
resp=auth_response, body=unscoped_token_dict)
# Service Catalog
test_data.service_catalog = service_catalog.ServiceCatalog.factory(
{
'methods': ['password'],
'user': {},
'catalog': [keystone_service, nova_service],
},
token=auth_token)
return test_data
def data(TEST):
TEST.service_catalog = SERVICE_CATALOG
TEST.tokens = TestDataContainer()
TEST.domains = TestDataContainer()
TEST.users = TestDataContainer()
TEST.tenants = TestDataContainer()
TEST.roles = TestDataContainer()
TEST.ec2 = TestDataContainer()
admin_role_dict = {'id': '1',
'name': 'admin'}
admin_role = roles.Role(roles.RoleManager, admin_role_dict)
member_role_dict = {'id': "2",
'name': settings.OPENSTACK_KEYSTONE_DEFAULT_ROLE}
member_role = roles.Role(roles.RoleManager, member_role_dict)
TEST.roles.add(admin_role, member_role)
TEST.roles.admin = admin_role
TEST.roles.member = member_role
domain_dict = {'id': "1",
'name': 'test_domain',
'description': "a test domain.",
'enabled': True}
domain_dict_2 = {'id': "2",
'name': 'disabled_domain',
'description': "a disabled test domain.",
'enabled': False}
domain = domains.Domain(domains.DomainManager, domain_dict)
disabled_domain = domains.Domain(domains.DomainManager, domain_dict_2)
TEST.domains.add(domain, disabled_domain)
TEST.domain = domain # Your "current" domain
user_dict = {'id': "1",
'name': 'test_user',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True}
user = users.User(users.UserManager(None), user_dict)
user_dict = {'id': "2",
'name': 'user_two',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True}
user2 = users.User(users.UserManager(None), user_dict)
user_dict = {'id': "3",
'name': 'user_three',
'email': '*****@*****.**',
'password': '******',
'token': 'test_token',
'project_id': '1',
'enabled': True}
user3 = users.User(users.UserManager(None), user_dict)
TEST.users.add(user, user2, user3)
TEST.user = user # Your "current" user
TEST.user.service_catalog = SERVICE_CATALOG
tenant_dict = {'id': "1",
'name': 'test_tenant',
'description': "a test tenant.",
'enabled': True}
tenant_dict_2 = {'id': "2",
'name': 'disabled_tenant',
'description': "a disabled test tenant.",
'enabled': False}
tenant = tenants.Tenant(tenants.TenantManager, tenant_dict)
disabled_tenant = tenants.Tenant(tenants.TenantManager, tenant_dict_2)
TEST.tenants.add(tenant, disabled_tenant)
TEST.tenant = tenant # Your "current" tenant
tomorrow = datetime_safe.datetime.now() + timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
scoped_token = tokens.Token(tokens.TokenManager,
dict(token={"id": "test_token_id",
"expires": expiration,
"tenant": tenant_dict,
"tenants": [tenant_dict]},
user={"id": "test_user_id",
"name": "test_user",
"roles": [member_role_dict]},
serviceCatalog=TEST.service_catalog))
unscoped_token = tokens.Token(tokens.TokenManager,
dict(token={"id": "test_token_id",
"expires": expiration},
user={"id": "test_user_id",
"name": "test_user",
"roles": [member_role_dict]},
serviceCatalog=TEST.service_catalog))
TEST.tokens.add(scoped_token, unscoped_token)
TEST.token = scoped_token # your "current" token.
TEST.tokens.scoped_token = scoped_token
TEST.tokens.unscoped_token = unscoped_token
access_secret = ec2.EC2(ec2.CredentialsManager, {"access": "access",
"secret": "secret"})
TEST.ec2.add(access_secret)
def generate_test_data(pki=False):
'''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer()
keystone_service = {
'type':
'identity',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': 'http://admin.localhost:35357/v3',
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
}, {
'url': 'http://internal.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
}, {
'url': 'http://public.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
}]
}
# Domains
domain_dict = {
'id': uuid.uuid4().hex,
'name': 'domain',
'description': '',
'enabled': True
}
test_data.domain = domains.Domain(domains.DomainManager(None),
domain_dict,
loaded=True)
# Users
user_dict = {
'id': uuid.uuid4().hex,
'name': 'gabriel',
'email': '*****@*****.**',
'password': '******',
'domain_id': domain_dict['id'],
'token': '',
'enabled': True
}
test_data.user = users.User(users.UserManager(None),
user_dict,
loaded=True)
# Projects
project_dict_1 = {
'id': uuid.uuid4().hex,
'name': 'tenant_one',
'description': '',
'domain_id': domain_dict['id'],
'enabled': True
}
project_dict_2 = {
'id': uuid.uuid4().hex,
'name': 'tenant_two',
'description': '',
'domain_id': domain_dict['id'],
'enabled': False
}
test_data.project_one = projects.Project(projects.ProjectManager(None),
project_dict_1,
loaded=True)
test_data.project_two = projects.Project(projects.ProjectManager(None),
project_dict_2,
loaded=True)
# Roles
role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'}
test_data.role = roles.Role(roles.RoleManager, role_dict)
nova_service = {
'type':
'compute',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': ('http://nova-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'public',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova2-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'public',
'id':
uuid.uuid4().hex
}]
}
# Tokens
tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
if pki:
# We don't need a real PKI token, but just the prefix to make the
# keystone client treat it as a PKI token
auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex
else:
auth_token = uuid.uuid4().hex
auth_response_headers = {'X-Subject-Token': auth_token}
auth_response = TestResponse({"headers": auth_response_headers})
scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.scoped_access_info = access.create(resp=auth_response,
body=scoped_token_dict)
domain_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name'],
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.domain_scoped_access_info = access.create(resp=auth_response,
body=domain_token_dict)
unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'catalog': [keystone_service]
}
}
test_data.unscoped_access_info = access.create(resp=auth_response,
body=unscoped_token_dict)
# Service Catalog
test_data.service_catalog = service_catalog.ServiceCatalogV3(
[keystone_service, nova_service])
# federated user
federated_scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [{
'id': uuid.uuid4().hex
}, {
'id': uuid.uuid4().hex
}]
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.federated_scoped_access_info = access.create(
resp=auth_response, body=federated_scoped_token_dict)
federated_unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [{
'id': uuid.uuid4().hex
}, {
'id': uuid.uuid4().hex
}]
}
},
'catalog': [keystone_service]
}
}
test_data.federated_unscoped_access_info = access.create(
resp=auth_response, body=federated_unscoped_token_dict)
return test_data
