def test_swift3_with_s3_token_no_pass_token_to_auth_token(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth(self.swift, {'operator_roles': 'swift-user'}) self.auth_token = AuthProtocol(self.keystone_auth, {'delay_auth_decision': 'True'}) self.s3_token = S3Token(self.auth_token, {'auth_uri': 'https://fakehost/identity'}) self.swift3 = Swift3Middleware(self.s3_token, CONF) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={ 'Authorization': 'AWS access:signature', 'Date': self.get_date_header() }) self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: with patch.object(self.auth_token, '_do_fetch_token') as mock_fetch: mock_resp = requests.Response() no_token_id_good_resp = copy.deepcopy(GOOD_RESPONSE_V2) # delete token id del no_token_id_good_resp['access']['token']['id'] mock_resp._content = json.dumps(no_token_id_good_resp) mock_resp.status_code = 201 mock_req.return_value = mock_resp mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2) mock_access_info.will_expire_soon = \ lambda stale_duration: False mock_fetch.return_value = (MagicMock(), mock_access_info) status, headers, body = self.call_swift3(req) # No token provided from keystone result in 401 Unauthorized # at `swift.common.middleware.keystoneauth` because auth_token # will remove all auth headers including 'X-Identity-Status'[1] # and then, set X-Identity-Status: Invalid at [2] # # 1: https://github.com/openstack/keystonemiddleware/blob/ # master/keystonemiddleware/auth_token/__init__.py#L620 # 2: https://github.com/openstack/keystonemiddleware/blob/ # master/keystonemiddleware/auth_token/__init__.py#L627-L629 self.assertEqual('403 Forbidden', status) self.assertEqual(1, mock_req.call_count) # if no token provided from keystone, we can skip the call to # fetch the token self.assertEqual(0, mock_fetch.call_count)
def test_swift3_with_s3_token_and_auth_token(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth(self.swift, {'operator_roles': 'swift-user'}) self.auth_token = AuthProtocol(self.keystone_auth, {'delay_auth_decision': 'True'}) self.s3_token = S3Token(self.auth_token, {'auth_uri': 'https://fakehost/identity'}) self.swift3 = Swift3Middleware(self.s3_token, CONF) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={ 'Authorization': 'AWS access:signature', 'Date': self.get_date_header() }) self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: with patch.object(self.auth_token, '_do_fetch_token') as mock_fetch: mock_resp = requests.Response() mock_resp._content = json.dumps(GOOD_RESPONSE_V2) mock_resp.status_code = 201 mock_req.return_value = mock_resp mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2) mock_access_info.will_expire_soon = \ lambda stale_duration: False mock_fetch.return_value = (MagicMock(), mock_access_info) status, headers, body = self.call_swift3(req) self.assertEqual(body, '') self.assertEqual(1, mock_req.call_count) # With X-Auth-Token, auth_token will call _do_fetch_token to # connect to keystone in auth_token, again self.assertEqual(1, mock_fetch.call_count)