def test_create_trust_to_admin(self, mock_create_trust, mock_ks):
mock_ks.return_value.auth_ref.user_id = '777777'
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.create_trust_to_admin(role_names='xxxx')
mock_create_trust.assert_called_once_with('777777', 'xxxx', True)
def test_get_validate_region_name_is_None(self, mock_ks):
key = 'region_name'
val = None
cfg.CONF.set_override(key, val, 'cinder_client')
ks_client = keystone.KeystoneClientV3(self.ctx)
self.assertRaises(exception.InvalidParameterValue,
ks_client.get_validate_region_name, val)
def test_client_with_token(self, mock_v3, mock_ks):
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.client
session = ks_client.session
mock_v3.Token.assert_called_once_with(
auth_url='http://server.test:5000/v3', token='abcd1234')
mock_ks.assert_called_once_with(session=session, trust_id=None)
def test_delete_trust_not_found(self, mock_ks):
mock_delete = mock_ks.return_value.trusts.delete
mock_delete.side_effect = kc_exception.NotFound()
ks_client = keystone.KeystoneClientV3(self.ctx)
bay = mock.MagicMock()
bay.trust_id = 'atrust123'
self.assertIsNone(ks_client.delete_trust(self.ctx, bay))
def test_delete_trust(self, mock_ks):
mock_ks.return_value.trusts.delete.return_value = None
ks_client = keystone.KeystoneClientV3(self.ctx)
bay = mock.MagicMock()
bay.trust_id = 'atrust123'
self.assertIsNone(ks_client.delete_trust(self.ctx, bay))
mock_ks.return_value.trusts.delete.assert_called_once_with('atrust123')
def test_client_with_token(self, mock_ks):
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.client
self.assertIsNotNone(ks_client._client)
mock_ks.assert_called_once_with(token='abcd1234',
auth_url='http://server.test:5000/v3',
endpoint='http://server.test:5000/v3')
def test_client_with_password(self, mock_ks):
self.ctx.is_admin = True
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.client
session = ks_client.session
auth_plugin = session.auth
mock_ks.assert_called_once_with(session=session, trust_id=None)
self.assertIsInstance(auth_plugin, ka_identity.Password)
def test_client_with_v3_auth_token_info(self, mock_ks):
self.ctx.auth_token_info = {'token': {}}
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.client
self.assertIsNotNone(ks_client._client)
mock_ks.assert_called_once_with(auth_ref={'version': 'v3'},
auth_url='http://server.test:5000/v3',
token='abcd1234')
def test_client_with_access_info(self, mock_access, mock_ks):
self.ctx.auth_token_info = mock.MagicMock()
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.client
session = ks_client.session
auth_plugin = session.auth
mock_access.create.assert_called_once_with(body=mock.ANY,
auth_token='abcd1234')
mock_ks.assert_called_once_with(session=session, trust_id=None)
self.assertIsInstance(auth_plugin, ka_identity.access.AccessInfoPlugin)
def test_get_validate_region_name(self, mock_ks):
key = 'region_name'
val = 'RegionOne'
cfg.CONF.set_override(key, val, 'cinder_client')
mock_region = mock.MagicMock()
mock_region.id = 'RegionOne'
mock_ks.return_value.regions.list.return_value = [mock_region]
ks_client = keystone.KeystoneClientV3(self.ctx)
region_name = ks_client.get_validate_region_name(val)
self.assertEqual('RegionOne', region_name)
def test_client_with_is_admin(self, mock_ks):
self.ctx.is_admin = True
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.client
self.assertIsNone(ks_client._client)
self.assertIsNotNone(ks_client._admin_client)
mock_ks.assert_called_once_with(auth_url='http://server.test:5000/v3',
username='******',
password='******',
project_name='service')
def test_create_trust(self, mock_ks):
mock_ks.return_value.auth_ref.user_id = '123456'
mock_ks.return_value.auth_ref.project_id = '654321'
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.create_trust(trustee_user='******', role_names='xxxx')
mock_ks.return_value.trusts.create.assert_called_once_with(
trustor_user='******',
project='654321',
trustee_user='******',
role_names='xxxx',
impersonation=True)
def test_client_with_password_legacy(self, mock_v3, mock_loading, mock_ks):
self.ctx.is_admin = True
mock_loading.load_auth_from_conf_options.side_effect = \
ka_exception.MissingRequiredOptions(mock.MagicMock())
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.client
session = ks_client.session
self.assertWarnsRegex(Warning,
'[keystone_authtoken] section is deprecated')
mock_v3.Password.assert_called_once_with(
auth_url='http://server.test:5000/v3', password='******',
project_domain_id='default', project_name='service',
user_domain_id='default', username='******')
mock_ks.assert_called_once_with(session=session, trust_id=None)
def test_trustee_domain_id(self, mock_session, mock_auth, mock_ks):
expected_domain_id = '_expected_domain_id'
_mock_session = mock.MagicMock()
mock_session.__get__ = mock.MagicMock(return_value=_mock_session)
_mock_auth = mock.MagicMock()
mock_auth.__get__ = mock.MagicMock(return_value=_mock_auth)
mock_access = mock.MagicMock()
mock_access.domain_id = expected_domain_id
_mock_auth.get_access.return_value = mock_access
ks_client = keystone.KeystoneClientV3(self.ctx)
self.assertEqual(expected_domain_id, ks_client.trustee_domain_id)
_mock_auth.get_access.assert_called_once_with(_mock_session)
def test_create_trust_with_all_roles(self, mock_session, mock_ks):
mock_session.return_value.get_user_id.return_value = '123456'
mock_session.return_value.get_project_id.return_value = '654321'
self.ctx.roles = ['role1', 'role2']
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.create_trust(trustee_user='******')
mock_ks.return_value.trusts.create.assert_called_once_with(
delegation_depth=0,
trustor_user='******', project='654321',
trustee_user='******', role_names=['role1', 'role2'],
impersonation=True)
def test_create_trust_with_limit_roles(self, mock_session, mock_ks):
mock_session.return_value.get_user_id.return_value = '123456'
mock_session.return_value.get_project_id.return_value = '654321'
self.ctx.roles = ['role1', 'role2']
ks_client = keystone.KeystoneClientV3(self.ctx)
cfg.CONF.set_override('roles', ['role3'], group='trust')
ks_client.create_trust(trustee_user='******')
mock_ks.return_value.trusts.create.assert_called_once_with(
trustor_user='******',
project='654321',
trustee_user='******',
role_names=['role3'],
impersonation=True)
def test_create_trustee(self, mock_tdi, mock_ks):
expected_username = '******'
expected_password = '******'
expected_domain = '_expected_trustee_domain_id'
mock_tdi.__get__ = mock.MagicMock(return_value=expected_domain)
ks_client = keystone.KeystoneClientV3(self.ctx)
ks_client.create_trustee(
username=expected_username,
password=expected_password,
)
mock_ks.return_value.users.create.assert_called_once_with(
name=expected_username,
password=expected_password,
domain=expected_domain,
)
def keystone(self):
if self._keystone:
return self._keystone
self._keystone = keystone.KeystoneClientV3(self.context)
return self._keystone
def test_client_with_invalid_auth_token_info(self, mock_ks):
self.ctx.auth_token_info = {'not_this': 'urg'}
ks_client = keystone.KeystoneClientV3(self.ctx)
self.assertRaises(exception.AuthorizationFailure,
ks_client._get_ks_client)
def test_client_with_no_credentials(self, mock_ks):
self.ctx.auth_token = None
ks_client = keystone.KeystoneClientV3(self.ctx)
self.assertRaises(exception.AuthorizationFailure,
ks_client._get_ks_client)
def setUp(self):
super(TestCase, self).setUp()
token_info = {
'token': {
'project': {
'id': 'fake_project'
},
'user': {
'id': 'fake_user'
}
}
}
trustee_domain_id = '12345678-9012-3456-7890-123456789abc'
self.context = magnum_context.RequestContext(
auth_token_info=token_info,
project_id='fake_project',
user_id='fake_user',
is_admin=False)
self.global_mocks = {}
self.keystone_client = magnum_keystone.KeystoneClientV3(self.context)
self.policy = self.useFixture(policy_fixture.PolicyFixture())
self.output = self.useFixture(output_fixture.OutputStreamCapture())
self.useFixture(fixtures.MockPatchObject(
oslo_messaging, 'Notifier',
fake_notifier.FakeNotifier))
self.addCleanup(fake_notifier.reset)
def make_context(*args, **kwargs):
# If context hasn't been constructed with token_info
if not kwargs.get('auth_token_info'):
kwargs['auth_token_info'] = copy.deepcopy(token_info)
if not kwargs.get('project_id'):
kwargs['project_id'] = 'fake_project'
if not kwargs.get('user_id'):
kwargs['user_id'] = 'fake_user'
if not kwargs.get('is_admin'):
kwargs['is_admin'] = False
context = magnum_context.RequestContext(*args, **kwargs)
return magnum_context.RequestContext.from_dict(context.to_dict())
p = mock.patch.object(magnum_context, 'make_context',
side_effect=make_context)
self.global_mocks['magnum.common.context.make_context'] = p
q = mock.patch.object(magnum_keystone.KeystoneClientV3,
'trustee_domain_id',
return_value=trustee_domain_id)
self.global_mocks[
'magnum.common.keystone.KeystoneClientV3.trustee_domain_id'] = q
self.mock_make_context = p.start()
self.addCleanup(p.stop)
self.mock_make_trustee_domain_id = q.start()
self.addCleanup(q.stop)
self.useFixture(conf_fixture.ConfFixture())
self.useFixture(fixtures.NestedTempfile())
self._base_test_obj_backup = copy.copy(
objects_base.MagnumObjectRegistry._registry._obj_classes)
self.addCleanup(self._restore_obj_registry)
def reset_pecan():
pecan.set_config({}, overwrite=True)
self.addCleanup(reset_pecan)
