def setUp(self):
super(ClientDrivenTestCase, self).setUp()
# FIXME(morganfainberg): Since we are running tests through the
# controllers and some internal api drivers are SQL-only, the correct
# approach is to ensure we have the correct backing store. The
# credential api makes some very SQL specific assumptions that should
# be addressed allowing for non-SQL based testing to occur.
self.useFixture(database.Database())
self.load_backends()
self.load_fixtures(default_fixtures)
# TODO(termie): add an admin user to the fixtures and use that user
# override the fixtures, for now
self.assignment_api.add_role_to_user_and_project(
self.user_foo['id'], self.tenant_bar['id'], self.role_admin['id'])
conf = self._paste_config('keystone')
fixture = self.useFixture(appserver.AppServer(conf, appserver.MAIN))
self.public_server = fixture.server
fixture = self.useFixture(appserver.AppServer(conf, appserver.ADMIN))
self.admin_server = fixture.server
self.addCleanup(self.cleanup_instance('public_server', 'admin_server'))
def test_2way_ssl_ok(self):
"""Make sure both public and admin API work with 2-way SSL.
Requires client certificate.
"""
paste_conf = self._paste_config('keystone')
ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA, cert_required=True)
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
conn = self.get_HTTPSConnection('127.0.0.1',
CONF.eventlet_server.admin_port,
CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
conn = self.get_HTTPSConnection('127.0.0.1',
CONF.eventlet_server.public_port,
CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
def test_2way_ssl_with_ipv6_ok(self):
"""Make sure both public and admin API work with 2-way ipv6 & SSL.
Requires client certificate.
"""
self.skip_if_no_ipv6()
paste_conf = self._paste_config('keystone')
ssl_kwargs = dict(cert=CERT,
key=KEY,
ca=CA,
cert_required=True,
host="::1")
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
conn = environment.httplib.HTTPSConnection(
'::1', CONF.eventlet_server.admin_port, CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
conn = environment.httplib.HTTPSConnection(
'::1', CONF.eventlet_server.public_port, CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
def test_ipv6_ok(self):
"""Make sure both public and admin API work with ipv6."""
paste_conf = self._paste_config('keystone')
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, host="::1"):
conn = environment.httplib.HTTPConnection(
'::1', CONF.eventlet_server.admin_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, host="::1"):
conn = environment.httplib.HTTPConnection(
'::1', CONF.eventlet_server.public_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
def test_1way_ssl_ok(self):
"""Make sure both public and admin API work with 1-way SSL."""
paste_conf = self._paste_config('keystone')
ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA)
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
conn = environment.httplib.HTTPSConnection(
'127.0.0.1', CONF.eventlet_server.admin_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
conn = environment.httplib.HTTPSConnection(
'127.0.0.1', CONF.eventlet_server.public_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
def test_1way_ssl_with_ipv6_ok(self):
"""Make sure both public and admin API work with 1-way ipv6 & SSL."""
self.skip_if_no_ipv6()
paste_conf = self._paste_config('keystone')
ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA, host="::1")
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
conn = self.get_HTTPSConnection('::1',
CONF.eventlet_server.admin_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
conn = self.get_HTTPSConnection('::1',
CONF.eventlet_server.public_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
def test_2way_ssl_fail(self):
"""Expect to fail when client does not present proper certificate."""
paste_conf = self._paste_config('keystone')
ssl_kwargs = dict(cert=CERT, key=KEY, ca=CA, cert_required=True)
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
conn = self.get_HTTPSConnection('127.0.0.1',
CONF.eventlet_server.admin_port)
try:
conn.request('GET', '/')
self.fail('Admin API shoulda failed with SSL handshake!')
except ssl.SSLError:
pass
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
conn = self.get_HTTPSConnection('127.0.0.1',
CONF.eventlet_server.public_port)
try:
conn.request('GET', '/')
self.fail('Public API shoulda failed with SSL handshake!')
except ssl.SSLError:
pass
