Example #1
0
    def setUp(self):
        super(V3FederatedPlugin, self).setUp()

        self.deprecations.expect_deprecations()

        self.unscoped_token = fixture.V3Token()
        self.unscoped_token_id = uuid.uuid4().hex
        self.scoped_token = copy.deepcopy(self.unscoped_token)
        self.scoped_token.set_project_scope()
        self.scoped_token.methods.append('token')
        self.scoped_token_id = uuid.uuid4().hex

        s = self.scoped_token.add_service('compute', name='nova')
        s.add_standard_endpoints(public='http://nova/public',
                                 admin='http://nova/admin',
                                 internal='http://nova/internal')

        self.idp = uuid.uuid4().hex
        self.protocol = uuid.uuid4().hex

        self.token_url = ('%s/OS-FEDERATION/identity_providers/%s/protocols/%s'
                          '/auth' % (self.AUTH_URL, self.idp, self.protocol))

        headers = {'X-Subject-Token': self.unscoped_token_id}
        self.unscoped_mock = self.requests_mock.post(self.token_url,
                                                     json=self.unscoped_token,
                                                     headers=headers)

        headers = {'X-Subject-Token': self.scoped_token_id}
        auth_url = self.AUTH_URL + '/auth/tokens'
        self.scoped_mock = self.requests_mock.post(auth_url,
                                                   json=self.scoped_token,
                                                   headers=headers)
Example #2
0
    def setUp(self):
        super(V3UserPluginTests, self).setUp()

        self.service_token_id = uuid.uuid4().hex
        self.service_token = fixture.V3Token()
        s = self.service_token.add_service('identity', name='keystone')
        s.add_standard_endpoints(public=BASE_URI,
                                 admin=BASE_URI,
                                 internal=BASE_URI)

        self.configure_middleware(auth_plugin='v3password',
                                  auth_url='%s/v3/' % AUTH_URL,
                                  user_id=self.service_token.user_id,
                                  password=uuid.uuid4().hex,
                                  project_id=self.service_token.project_id)

        auth_discovery = fixture.DiscoveryList(href=AUTH_URL)
        self.requests_mock.get(AUTH_URL, json=auth_discovery)

        base_discovery = fixture.DiscoveryList(href=BASE_URI)
        self.requests_mock.get(BASE_URI, json=base_discovery)

        self.requests_mock.post(
            '%s/v3/auth/tokens' % AUTH_URL,
            headers={'X-Subject-Token': self.service_token_id},
            json=self.service_token)
Example #3
0
    def test_catalog(self):
        service_type = uuid.uuid4().hex
        service_name = uuid.uuid4().hex
        region = uuid.uuid4().hex
        endpoints = {
            'public': uuid.uuid4().hex,
            'internal': uuid.uuid4().hex,
            'admin': uuid.uuid4().hex
        }

        token = fixture.V3Token()
        svc = token.add_service(type=service_type, name=service_name)
        svc.add_standard_endpoints(region=region, **endpoints)

        self.assertEqual(1, len(token['token']['catalog']))
        service = token['token']['catalog'][0]
        self.assertEqual(3, len(service['endpoints']))

        self.assertEqual(service_name, service['name'])
        self.assertEqual(service_type, service['type'])

        for interface, url in six.iteritems(endpoints):
            endpoint = {
                'interface': interface,
                'url': url,
                'region': region,
                'region_id': region
            }
            self.assertIn(endpoint, service['endpoints'])
 def register_keystone_v3_token_fixture(self, request_mocker):
     v3_token = ks_fixture.V3Token()
     service = v3_token.add_service('baremetal')
     service.add_standard_endpoints(public='http://ironic.example.com')
     request_mocker.post('%s/auth/tokens' % V3_URL,
                         json=v3_token,
                         headers={'X-Subject-Token': uuid.uuid4().hex})
    def test_catalog(self):
        service_type = uuid.uuid4().hex
        service_name = uuid.uuid4().hex
        service_id = uuid.uuid4().hex
        region = uuid.uuid4().hex
        endpoints = {'public': uuid.uuid4().hex,
                     'internal': uuid.uuid4().hex,
                     'admin': uuid.uuid4().hex}

        token = fixture.V3Token()
        svc = token.add_service(type=service_type,
                                name=service_name,
                                id=service_id)
        svc.add_standard_endpoints(region=region, **endpoints)

        self.assertEqual(1, len(token['token']['catalog']))
        service = token['token']['catalog'][0]
        self.assertEqual(3, len(service['endpoints']))

        self.assertEqual(service_name, service['name'])
        self.assertEqual(service_type, service['type'])
        self.assertEqual(service_id, service['id'])

        for endpoint in service['endpoints']:
            # assert an id exists for each endpoint, remove it to make testing
            # the endpoint content below easier.
            self.assertTrue(endpoint.pop('id'))

        for interface, url in six.iteritems(endpoints):
            endpoint = {'interface': interface, 'url': url,
                        'region': region, 'region_id': region}
            self.assertIn(endpoint, service['endpoints'])
Example #6
0
    def test_good_v3_user_token(self):
        t = fixture.V3Token()
        t.set_project_scope()
        role = t.add_role()

        token_id = uuid.uuid4().hex
        token_dict = {token_id: t}

        @webob.dec.wsgify
        def _do_cb(req):
            self.assertEqual(token_id, req.headers['X-Auth-Token'])

            self.assertEqual('Confirmed', req.headers['X-Identity-Status'])
            self.assertNotIn('X-Service-Token', req.headers)

            p = req.environ['keystone.token_auth']

            self.assertTrue(p.has_user_token)
            self.assertFalse(p.has_service_token)

            self.assertEqual(t.project_id, p.user.project_id)
            self.assertEqual(t.project_domain_id, p.user.project_domain_id)
            self.assertEqual(t.user_id, p.user.user_id)
            self.assertEqual(t.user_domain_id, p.user.user_domain_id)
            self.assertIn(role['name'], p.user.role_names)

            return webob.Response()

        m = FetchingMiddleware(_do_cb, token_dict)
        self.call(m, headers={'X-Auth-Token': token_id})
Example #7
0
    def test_multi_region(self):
        token = fixture.V3Token()
        s = token.add_service(type='identity')

        s.add_endpoint('internal', self.INTERNAL_URL, region=self.REGION_ONE)
        s.add_endpoint('public', self.PUBLIC_URL, region=self.REGION_TWO)
        s.add_endpoint('admin', self.ADMIN_URL, region=self.REGION_THREE)

        auth_ref = access.AccessInfo.factory(body=token)
        catalog_data = auth_ref.service_catalog.get_data()
        catalog = _request._v3_to_v2_catalog(catalog_data)

        self.assertEqual(1, len(catalog))
        service = catalog[0]

        # the 3 regions will come through as 3 separate endpoints
        expected = [{'internalURL': self.INTERNAL_URL,
                    'region': self.REGION_ONE},
                    {'publicURL': self.PUBLIC_URL,
                     'region': self.REGION_TWO},
                    {'adminURL': self.ADMIN_URL,
                     'region': self.REGION_THREE}]

        self.assertEqual('identity', service['type'])
        self.assertEqual(3, len(service['endpoints']))
        for e in expected:
            self.assertIn(e, expected)
Example #8
0
    def test_override_auth_token(self):
        token = fixture.V3Token()
        token.set_project_scope()

        new_auth_token = uuid.uuid4().hex
        auth_ref = access.AccessInfo.factory(body=token,
                                             auth_token=new_auth_token)
        self.assertEqual(new_auth_token, auth_ref.auth_token)
Example #9
0
    def setUp(self):
        super(AuthProjectsTest, self).setUp()

        self.v3token = fixture.V3Token()
        self.stub_auth(json=self.v3token)

        self.stub_url('GET', [],
                      json={'version': fixture.V3Discovery(self.TEST_URL)})
Example #10
0
    def _plugin(self, **kwargs):
        token = fixture.V3Token()
        s = token.add_service('identity')
        s.add_standard_endpoints(public=self.TEST_ROOT_URL)

        auth_ref = access.AccessInfo.factory(body=token,
                                             auth_token=self.auth_token)
        return access_plugin.AccessInfoPlugin(auth_ref, **kwargs)
Example #11
0
    def test_project_scoped_service_headers(self):
        token = fixture.V3Token()
        token.set_project_scope()
        token_id = uuid.uuid4().hex

        auth_ref = access.AccessInfo.factory(token_id=token_id, body=token)
        self.request.set_service_headers(auth_ref)

        self._test_v3_headers(token, '-Service')
Example #12
0
    def test_project_scoped_user_headers(self):
        token = fixture.V3Token()
        token.set_project_scope()
        token_id = uuid.uuid4().hex

        auth_ref = access.AccessInfo.factory(token_id=token_id, body=token)
        self.request.set_user_headers(auth_ref, include_service_catalog=True)

        self._test_v3_headers(token, '')
Example #13
0
    def test_domain_scoped(self):
        domain_id = uuid.uuid4().hex
        domain_name = uuid.uuid4().hex

        token = fixture.V3Token(domain_id=domain_id, domain_name=domain_name)

        self.assertEqual(domain_id, token.domain_id)
        self.assertEqual(domain_id, token['token']['domain']['id'])
        self.assertEqual(domain_name, token.domain_name)
        self.assertEqual(domain_name, token['token']['domain']['name'])
def trust_token():
    return fixture.V3Token(user_id='0ca8f6',
                           user_name='exampleuser',
                           user_domain_id='4e6893b7ba0b4006840c3845660b86ed',
                           user_domain_name='exampledomain',
                           expires='2010-11-01T03:32:15-05:00',
                           trust_id='fe0aef',
                           trust_impersonation=False,
                           trustee_user_id='0ca8f6',
                           trustor_user_id='bd263c')
    def setUp(self):
        super(GenericPluginTestCase, self).setUp()

        self.token_v2 = fixture.V2Token()
        self.token_v3 = fixture.V3Token()
        self.token_v3_id = uuid.uuid4().hex
        self.session = session.Session()

        self.stub_url('POST', ['v2.0', 'tokens'], json=self.token_v2)
        self.stub_url('POST', ['v3', 'auth', 'tokens'],
                      headers={'X-Subject-Token': self.token_v3_id},
                      json=self.token_v3)
    def test_roles(self):
        role1 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
        role2 = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}

        token = fixture.V3Token()
        token.add_role(**role1)
        token.add_role(**role2)

        self.assertEqual(2, len(token['token']['roles']))

        self.assertIn(role1, token['token']['roles'])
        self.assertIn(role2, token['token']['roles'])
    def test_oauth_scoped(self):
        access_id = uuid.uuid4().hex
        consumer_id = uuid.uuid4().hex

        token = fixture.V3Token(oauth_access_token_id=access_id,
                                oauth_consumer_id=consumer_id)

        oauth = token['token']['OS-OAUTH1']

        self.assertEqual(access_id, token.oauth_access_token_id)
        self.assertEqual(access_id, oauth['access_token_id'])
        self.assertEqual(consumer_id, token.oauth_consumer_id)
        self.assertEqual(consumer_id, oauth['consumer_id'])
    def setUp(self):
        super(AuthProjectsTest, self).setUp()

        self.v3token = fixture.V3Token()
        self.stub_auth(json=self.v3token)

        self.stub_url('GET', [],
                      json={'version': fixture.V3Discovery(self.TEST_URL)})

        self.auth = v3.Password(auth_url=self.TEST_URL,
                                user_id=self.v3token.user_id,
                                password=uuid.uuid4().hex)
        self.session = session.Session(auth=self.auth)
        self.client = client.Client(session=self.session)
Example #19
0
    def get_auth_data(self, **kwargs):
        token = fixture.V3Token(**kwargs)
        region = 'RegionOne'

        svc = token.add_service('identity')
        svc.add_standard_endpoints(admin=self.TEST_ADMIN_URL, region=region)

        svc = token.add_service('compute')
        svc.add_standard_endpoints(admin=self.TEST_COMPUTE_ADMIN,
                                   public=self.TEST_COMPUTE_PUBLIC,
                                   internal=self.TEST_COMPUTE_INTERNAL,
                                   region=region)

        return token
def project_scoped_token():
    f = fixture.V3Token(user_id='c4da488862bd435c9e6c0275a0d0e49a',
                        user_name='exampleuser',
                        user_domain_id='4e6893b7ba0b4006840c3845660b86ed',
                        user_domain_name='exampledomain',
                        expires='2010-11-01T03:32:15-05:00',
                        project_id='225da22d3ce34b15877ea70b2a575f58',
                        project_name='exampleproject',
                        project_domain_id='4e6893b7ba0b4006840c3845660b86ed',
                        project_domain_name='exampledomain',
                        audit_chain_id=uuid.uuid4().hex)

    f.add_role(id='76e72a', name='admin')
    f.add_role(id='f4f392', name='member')

    region = 'RegionOne'
    tenant = '225da22d3ce34b15877ea70b2a575f58'

    s = f.add_service('volume')
    s.add_standard_endpoints(public='http://public.com:8776/v1/%s' % tenant,
                             internal='http://internal:8776/v1/%s' % tenant,
                             admin='http://admin:8776/v1/%s' % tenant,
                             region=region)

    s = f.add_service('image')
    s.add_standard_endpoints(public='http://public.com:9292/v1',
                             internal='http://internal:9292/v1',
                             admin='http://admin:9292/v1',
                             region=region)

    s = f.add_service('compute')
    s.add_standard_endpoints(public='http://public.com:8774/v2/%s' % tenant,
                             internal='http://internal:8774/v2/%s' % tenant,
                             admin='http://admin:8774/v2/%s' % tenant,
                             region=region)

    s = f.add_service('ec2')
    s.add_standard_endpoints(public='http://public.com:8773/services/Cloud',
                             internal='http://internal:8773/services/Cloud',
                             admin='http://admin:8773/services/Admin',
                             region=region)

    s = f.add_service('identity')
    s.add_standard_endpoints(public='http://public.com:5000/v3',
                             internal='http://internal:5000/v3',
                             admin='http://admin:35357/v3',
                             region=region)

    return f
Example #21
0
    def test_expired_user_token(self):
        t = fixture.V3Token()
        t.set_project_scope()
        t.expires = datetime.datetime.utcnow() - datetime.timedelta(minutes=10)

        token_id = uuid.uuid4().hex
        token_dict = {token_id: t}

        @webob.dec.wsgify
        def _do_cb(req):
            self.assertEqual('Invalid', req.headers['X-Identity-Status'])
            self.assertEqual(token_id, req.headers['X-Auth-Token'])
            return webob.Response()

        m = FetchingMiddleware(_do_cb, token_dict=token_dict)
        self.call(m, headers={'X-Auth-Token': token_id})
Example #22
0
    def test_oauth_access(self):
        consumer_id = uuid.uuid4().hex
        access_token_id = uuid.uuid4().hex

        token = fixture.V3Token()
        token.set_project_scope()
        token.set_oauth(access_token_id=access_token_id,
                        consumer_id=consumer_id)

        auth_ref = access.AccessInfo.factory(body=token)

        self.assertEqual(consumer_id, auth_ref.oauth_consumer_id)
        self.assertEqual(access_token_id, auth_ref.oauth_access_token_id)

        self.assertEqual(consumer_id, auth_ref['OS-OAUTH1']['consumer_id'])
        self.assertEqual(access_token_id,
                         auth_ref['OS-OAUTH1']['access_token_id'])
def domain_scoped_token():
    f = fixture.V3Token(user_id='c4da488862bd435c9e6c0275a0d0e49a',
                        user_name='exampleuser',
                        user_domain_id='4e6893b7ba0b4006840c3845660b86ed',
                        user_domain_name='exampledomain',
                        expires='2010-11-01T03:32:15-05:00',
                        domain_id='8e9283b7ba0b1038840c3842058b86ab',
                        domain_name='anotherdomain',
                        audit_chain_id=uuid.uuid4().hex)

    f.add_role(id='76e72a', name='admin')
    f.add_role(id='f4f392', name='member')
    region = 'RegionOne'

    s = f.add_service('volume')
    s.add_standard_endpoints(public='http://public.com:8776/v1/None',
                             internal='http://internal.com:8776/v1/None',
                             admin='http://admin.com:8776/v1/None',
                             region=region)

    s = f.add_service('image')
    s.add_standard_endpoints(public='http://public.com:9292/v1',
                             internal='http://internal:9292/v1',
                             admin='http://admin:9292/v1',
                             region=region)

    s = f.add_service('compute')
    s.add_standard_endpoints(public='http://public.com:8774/v1.1/None',
                             internal='http://internal:8774/v1.1/None',
                             admin='http://admin:8774/v1.1/None',
                             region=region)

    s = f.add_service('ec2')
    s.add_standard_endpoints(public='http://public.com:8773/services/Cloud',
                             internal='http://internal:8773/services/Cloud',
                             admin='http://admin:8773/services/Admin',
                             region=region)

    s = f.add_service('identity')
    s.add_standard_endpoints(public='http://public.com:5000/v3',
                             internal='http://internal:5000/v3',
                             admin='http://admin:35357/v3',
                             region=region)

    return f
Example #24
0
    def get_token(self):
        token_id = uuid.uuid4().hex
        token = fixture.V3Token()
        token.set_project_scope()
        token.add_role()

        request_headers = {
            'X-Auth-Token': self.service_token_id,
            'X-Subject-Token': token_id
        }
        headers = {'X-Subject-Token': token_id}

        self.requests_mock.get('%s/v3/auth/tokens' % BASE_URI,
                               request_headers=request_headers,
                               headers=headers,
                               json=token)

        return token_id, token
def auth_response_body():
    f = fixture.V3Token(user_id='567',
                        user_name='test',
                        user_domain_id='1',
                        user_domain_name='aDomain',
                        expires='2010-11-01T03:32:15-05:00',
                        project_domain_id='123',
                        project_domain_name='aDomain',
                        project_id='345',
                        project_name='aTenant',
                        audit_chain_id=uuid.uuid4().hex)

    f.add_role(id='76e72a', name='admin')
    f.add_role(id='f4f392', name='member')

    s = f.add_service('compute', name='nova')
    s.add_standard_endpoints(
        public='https://compute.north.host/novapi/public',
        internal='https://compute.north.host/novapi/internal',
        admin='https://compute.north.host/novapi/admin',
        region='North')

    s = f.add_service('object-store', name='swift')
    s.add_standard_endpoints(
        public='http://swift.north.host/swiftapi/public',
        internal='http://swift.north.host/swiftapi/internal',
        admin='http://swift.north.host/swiftapi/admin',
        region='South')

    s = f.add_service('image', name='glance')
    s.add_standard_endpoints(
        public='http://glance.north.host/glanceapi/public',
        internal='http://glance.north.host/glanceapi/internal',
        admin='http://glance.north.host/glanceapi/admin',
        region='North')

    s.add_standard_endpoints(
        public='http://glance.south.host/glanceapi/public',
        internal='http://glance.south.host/glanceapi/internal',
        admin='http://glance.south.host/glanceapi/admin',
        region='South')

    return f
    def test_trust_scoped(self):
        trust_id = uuid.uuid4().hex
        trustee_user_id = uuid.uuid4().hex
        trustor_user_id = uuid.uuid4().hex
        impersonation = True

        token = fixture.V3Token(trust_id=trust_id,
                                trustee_user_id=trustee_user_id,
                                trustor_user_id=trustor_user_id,
                                trust_impersonation=impersonation)

        trust = token['token']['OS-TRUST:trust']
        self.assertEqual(trust_id, token.trust_id)
        self.assertEqual(trust_id, trust['id'])
        self.assertEqual(trustee_user_id, token.trustee_user_id)
        self.assertEqual(trustee_user_id, trust['trustee_user']['id'])
        self.assertEqual(trustor_user_id, token.trustor_user_id)
        self.assertEqual(trustor_user_id, trust['trustor_user']['id'])
        self.assertEqual(impersonation, token.trust_impersonation)
        self.assertEqual(impersonation, trust['impersonation'])
    def test_project_scoped(self):
        project_id = uuid.uuid4().hex
        project_name = uuid.uuid4().hex
        project_domain_id = uuid.uuid4().hex
        project_domain_name = uuid.uuid4().hex

        token = fixture.V3Token(project_id=project_id,
                                project_name=project_name,
                                project_domain_id=project_domain_id,
                                project_domain_name=project_domain_name)

        self.assertEqual(project_id, token.project_id)
        self.assertEqual(project_id, token['token']['project']['id'])
        self.assertEqual(project_name, token.project_name)
        self.assertEqual(project_name, token['token']['project']['name'])

        project_domain = token['token']['project']['domain']

        self.assertEqual(project_domain_id, token.project_domain_id)
        self.assertEqual(project_domain_id, project_domain['id'])
        self.assertEqual(project_domain_name, token.project_domain_name)
        self.assertEqual(project_domain_name, project_domain['name'])
    def test_unscoped(self):
        user_id = uuid.uuid4().hex
        user_name = uuid.uuid4().hex
        user_domain_id = uuid.uuid4().hex
        user_domain_name = uuid.uuid4().hex

        token = fixture.V3Token(user_id=user_id,
                                user_name=user_name,
                                user_domain_id=user_domain_id,
                                user_domain_name=user_domain_name)

        self.assertEqual(user_id, token.user_id)
        self.assertEqual(user_id, token['token']['user']['id'])
        self.assertEqual(user_name, token.user_name)
        self.assertEqual(user_name, token['token']['user']['name'])

        user_domain = token['token']['user']['domain']

        self.assertEqual(user_domain_id, token.user_domain_id)
        self.assertEqual(user_domain_id, user_domain['id'])
        self.assertEqual(user_domain_name, token.user_domain_name)
        self.assertEqual(user_domain_name, user_domain['name'])
    def new_client(self):
        t = fixture.V3Token(user_id=self.user_id)
        t.set_project_scope()

        s = t.add_service('identity')
        s.add_standard_endpoints(public=self.TEST_URL, admin=self.TEST_URL)

        d = fixture.V3Discovery(self.TEST_URL)

        headers = {'X-Subject-Token': uuid.uuid4().hex}
        self.requests.register_uri('POST',
                                   self.TEST_URL + '/auth/tokens',
                                   headers=headers,
                                   json=t)
        self.requests.register_uri('GET', self.TEST_URL, json={'version': d})

        a = ksa_identity.V3Password(username=uuid.uuid4().hex,
                                    password=uuid.uuid4().hex,
                                    user_domain_id=uuid.uuid4().hex,
                                    auth_url=self.TEST_URL)
        s = ksa_session.Session(auth=a)
        return v3_client.Client(session=s)
Example #30
0
def setup_keystone_v3(mrequests):
    mrequests.register_uri('GET', V3_URL, json=V3_VERSION_ENTRY)

    v3_token = ks_fixture.V3Token()
    service = v3_token.add_service('network')
    service.add_standard_endpoints(public=PUBLIC_ENDPOINT_URL,
                                   admin=ADMIN_ENDPOINT_URL,
                                   internal=INTERNAL_ENDPOINT_URL,
                                   region=REGION)

    mrequests.register_uri('POST',
                           '%s/auth/tokens' % (V3_URL),
                           text=json.dumps(v3_token),
                           headers={'X-Subject-Token': TOKENID})

    auth_session = session.Session()
    auth_plugin = ks_v3_auth.Password(V3_URL,
                                      username='******',
                                      user_id='xx',
                                      user_domain_name='xx',
                                      user_domain_id='xx')
    return auth_session, auth_plugin