def _plugin(self, **kwargs):
token = fixture.V3Token()
s = token.add_service('identity')
s.add_standard_endpoints(public=self.TEST_ROOT_URL)
auth_ref = access.create(body=token, auth_token=self.auth_token)
return access_plugin.AccessInfoPlugin(auth_ref, **kwargs)
def setUp(self):
super(V3FederatedPlugin, self).setUp()
self.unscoped_token = fixture.V3Token()
self.unscoped_token_id = uuid.uuid4().hex
self.scoped_token = copy.deepcopy(self.unscoped_token)
self.scoped_token.set_project_scope()
self.scoped_token.methods.append('token')
self.scoped_token_id = uuid.uuid4().hex
s = self.scoped_token.add_service('compute', name='nova')
s.add_standard_endpoints(public='http://nova/public',
admin='http://nova/admin',
internal='http://nova/internal')
self.idp = uuid.uuid4().hex
self.protocol = uuid.uuid4().hex
self.token_url = ('%s/OS-FEDERATION/identity_providers/%s/protocols/%s'
'/auth' % (self.AUTH_URL, self.idp, self.protocol))
headers = {'X-Subject-Token': self.unscoped_token_id}
self.unscoped_mock = self.requests_mock.post(self.token_url,
json=self.unscoped_token,
headers=headers)
headers = {'X-Subject-Token': self.scoped_token_id}
auth_url = self.AUTH_URL + '/auth/tokens'
self.scoped_mock = self.requests_mock.post(auth_url,
json=self.scoped_token,
headers=headers)
def test_domain_scoped(self):
domain_id = uuid.uuid4().hex
domain_name = uuid.uuid4().hex
token = fixture.V3Token(domain_id=domain_id, domain_name=domain_name)
self.assertEqual(domain_id, token.domain_id)
self.assertEqual(domain_id, token['token']['domain']['id'])
self.assertEqual(domain_name, token.domain_name)
self.assertEqual(domain_name, token['token']['domain']['name'])
def test_roles(self):
role1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
role2 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
token = fixture.V3Token()
token.add_role(**role1)
token.add_role(**role2)
self.assertEqual(2, len(token['token']['roles']))
self.assertIn(role1, token['token']['roles'])
self.assertIn(role2, token['token']['roles'])
def setUp(self):
super(GenericPluginTestCase, self).setUp()
self.token_v2 = fixture.V2Token()
self.token_v3 = fixture.V3Token()
self.token_v3_id = uuid.uuid4().hex
self.session = session.Session()
self.stub_url('POST', ['v2.0', 'tokens'], json=self.token_v2)
self.stub_url('POST', ['v3', 'auth', 'tokens'],
headers={'X-Subject-Token': self.token_v3_id},
json=self.token_v3)
def test_oauth_scoped(self):
access_id = uuid.uuid4().hex
consumer_id = uuid.uuid4().hex
token = fixture.V3Token(oauth_access_token_id=access_id,
oauth_consumer_id=consumer_id)
oauth = token['token']['OS-OAUTH1']
self.assertEqual(access_id, token.oauth_access_token_id)
self.assertEqual(access_id, oauth['access_token_id'])
self.assertEqual(consumer_id, token.oauth_consumer_id)
self.assertEqual(consumer_id, oauth['consumer_id'])
def get_auth_data(self, **kwargs):
token = fixture.V3Token(**kwargs)
region = 'RegionOne'
svc = token.add_service('identity')
svc.add_standard_endpoints(admin=self.TEST_ADMIN_URL, region=region)
svc = token.add_service('compute')
svc.add_standard_endpoints(admin=self.TEST_COMPUTE_ADMIN,
public=self.TEST_COMPUTE_PUBLIC,
internal=self.TEST_COMPUTE_INTERNAL,
region=region)
return token
def test_trust_scoped(self):
trust_id = uuid.uuid4().hex
trustee_user_id = uuid.uuid4().hex
trustor_user_id = uuid.uuid4().hex
impersonation = True
token = fixture.V3Token(trust_id=trust_id,
trustee_user_id=trustee_user_id,
trustor_user_id=trustor_user_id,
trust_impersonation=impersonation)
trust = token['token']['OS-TRUST:trust']
self.assertEqual(trust_id, token.trust_id)
self.assertEqual(trust_id, trust['id'])
self.assertEqual(trustee_user_id, token.trustee_user_id)
self.assertEqual(trustee_user_id, trust['trustee_user']['id'])
self.assertEqual(trustor_user_id, token.trustor_user_id)
self.assertEqual(trustor_user_id, trust['trustor_user']['id'])
self.assertEqual(impersonation, token.trust_impersonation)
self.assertEqual(impersonation, trust['impersonation'])
def test_project_scoped(self):
project_id = uuid.uuid4().hex
project_name = uuid.uuid4().hex
project_domain_id = uuid.uuid4().hex
project_domain_name = uuid.uuid4().hex
token = fixture.V3Token(project_id=project_id,
project_name=project_name,
project_domain_id=project_domain_id,
project_domain_name=project_domain_name)
self.assertEqual(project_id, token.project_id)
self.assertEqual(project_id, token['token']['project']['id'])
self.assertEqual(project_name, token.project_name)
self.assertEqual(project_name, token['token']['project']['name'])
project_domain = token['token']['project']['domain']
self.assertEqual(project_domain_id, token.project_domain_id)
self.assertEqual(project_domain_id, project_domain['id'])
self.assertEqual(project_domain_name, token.project_domain_name)
self.assertEqual(project_domain_name, project_domain['name'])
def test_unscoped(self):
user_id = uuid.uuid4().hex
user_name = uuid.uuid4().hex
user_domain_id = uuid.uuid4().hex
user_domain_name = uuid.uuid4().hex
token = fixture.V3Token(user_id=user_id,
user_name=user_name,
user_domain_id=user_domain_id,
user_domain_name=user_domain_name)
self.assertEqual(user_id, token.user_id)
self.assertEqual(user_id, token['token']['user']['id'])
self.assertEqual(user_name, token.user_name)
self.assertEqual(user_name, token['token']['user']['name'])
user_domain = token['token']['user']['domain']
self.assertEqual(user_domain_id, token.user_domain_id)
self.assertEqual(user_domain_id, user_domain['id'])
self.assertEqual(user_domain_name, token.user_domain_name)
self.assertEqual(user_domain_name, user_domain['name'])
def test_catalog(self):
service_type = uuid.uuid4().hex
service_name = uuid.uuid4().hex
service_id = uuid.uuid4().hex
region = uuid.uuid4().hex
endpoints = {
'public': uuid.uuid4().hex,
'internal': uuid.uuid4().hex,
'admin': uuid.uuid4().hex
}
token = fixture.V3Token()
svc = token.add_service(type=service_type,
name=service_name,
id=service_id)
svc.add_standard_endpoints(region=region, **endpoints)
self.assertEqual(1, len(token['token']['catalog']))
service = token['token']['catalog'][0]
self.assertEqual(3, len(service['endpoints']))
self.assertEqual(service_name, service['name'])
self.assertEqual(service_type, service['type'])
self.assertEqual(service_id, service['id'])
for endpoint in service['endpoints']:
# assert an id exists for each endpoint, remove it to make testing
# the endpoint content below easier.
self.assertTrue(endpoint.pop('id'))
for interface, url in six.iteritems(endpoints):
endpoint = {
'interface': interface,
'url': url,
'region': region,
'region_id': region
}
self.assertIn(endpoint, service['endpoints'])
def test_unscoped_request(self):
token = fixture.V3Token()
self.stub_auth(json=token)
password = uuid.uuid4().hex
a = v3.Password(self.TEST_URL,
user_id=token.user_id,
password=password,
unscoped=True)
s = session.Session()
auth_ref = a.get_access(s)
self.assertFalse(auth_ref.scoped)
body = self.requests_mock.last_request.json()
ident = body['auth']['identity']
self.assertEqual(['password'], ident['methods'])
self.assertEqual(token.user_id, ident['password']['user']['id'])
self.assertEqual(password, ident['password']['user']['password'])
self.assertEqual({}, body['auth']['scope']['unscoped'])