def test_auth_ref_load_with_overridden_arguments(self):
new_auth_url = 'https://newkeystone.com/v3'
user_id = uuid.uuid4().hex
user_name = uuid.uuid4().hex
project_id = uuid.uuid4().hex
first = client_fixtures.project_scoped_token(user_id=user_id,
user_name=user_name,
project_id=project_id)
second = client_fixtures.project_scoped_token(user_id=user_id,
user_name=user_name,
project_id=project_id)
self.stub_auth(json=first)
self.stub_auth(json=second, base_url=new_auth_url)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
c = client.Client(user_id=user_id,
password='******',
project_id=project_id,
auth_url=self.TEST_URL)
cache = json.dumps(c.auth_ref)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
new_client = client.Client(auth_ref=json.loads(cache),
auth_url=new_auth_url)
self.assertIsNotNone(new_client.auth_ref)
self.assertFalse(new_client.auth_ref.domain_scoped)
self.assertTrue(new_client.auth_ref.project_scoped)
self.assertEqual(new_auth_url, new_client.auth_url)
self.assertEqual(user_name, new_client.username)
self.assertIsNone(new_client.password)
self.assertEqual(new_client.management_url,
'http://admin:35357/v3')
def test_auth_ref_load_with_overridden_arguments(self):
new_auth_url = 'https://newkeystone.com/v3'
user_id = uuid.uuid4().hex
user_name = uuid.uuid4().hex
project_id = uuid.uuid4().hex
first = client_fixtures.project_scoped_token(user_id=user_id,
user_name=user_name,
project_id=project_id)
second = client_fixtures.project_scoped_token(user_id=user_id,
user_name=user_name,
project_id=project_id)
self.stub_auth(json=first)
self.stub_auth(json=second, base_url=new_auth_url)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
c = client.Client(user_id=user_id,
password='******',
project_id=project_id,
auth_url=self.TEST_URL)
cache = json.dumps(c.auth_ref)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
new_client = client.Client(auth_ref=json.loads(cache),
auth_url=new_auth_url)
self.assertIsNotNone(new_client.auth_ref)
self.assertFalse(new_client.auth_ref.domain_scoped)
self.assertTrue(new_client.auth_ref.project_scoped)
self.assertEqual(new_auth_url, new_client.auth_url)
self.assertEqual(user_name, new_client.username)
self.assertIsNone(new_client.password)
self.assertEqual(new_client.management_url,
'http://admin:35357/v3')
def test_oauth_authenticate_scoped_success(self):
access_token = uuid.uuid4().hex
# Just use an existing project scoped token and change
# the methods to oauth2, and add its section.
oauth_token = client_fixtures.project_scoped_token()
oauth_token['methods'] = ["oauth2"]
oauth_token['oauth2'] = {"access_token_id": access_token}
self.stub_auth(json=oauth_token)
a = auth.OAuth2(self.TEST_URL, access_token=access_token)
s = session.Session(auth=a)
t = s.get_token()
self.assertEqual(self.TEST_TOKEN, t)
OAUTH2_REQUEST_BODY = {
"auth": {
"identity": {
"methods": ["oauth2"],
"oauth2": {
"access_token_id": access_token
}
}
}
}
self.assertRequestBodyIs(json=OAUTH2_REQUEST_BODY)
def test_oauth_authenticate_scoped_success(self):
access_token = uuid.uuid4().hex
# Just use an existing project scoped token and change
# the methods to oauth2, and add its section.
oauth_token = client_fixtures.project_scoped_token()
oauth_token['methods'] = ["oauth2"]
oauth_token['oauth2'] = {
"access_token_id": access_token
}
self.stub_auth(json=oauth_token)
a = auth.OAuth2(self.TEST_URL, access_token=access_token)
s = session.Session(auth=a)
t = s.get_token()
self.assertEqual(self.TEST_TOKEN, t)
OAUTH2_REQUEST_BODY = {
"auth": {
"identity": {
"methods": ["oauth2"],
"oauth2": {
"access_token_id": access_token
}
}
}
}
self.assertRequestBodyIs(json=OAUTH2_REQUEST_BODY)
def test_auth_ref_load_with_overridden_arguments(self):
new_auth_url = 'https://newkeystone.com/v3'
self.stub_auth(json=client_fixtures.project_scoped_token())
self.stub_auth(json=client_fixtures.project_scoped_token(),
base_url=new_auth_url)
c = client.Client(user_id='c4da488862bd435c9e6c0275a0d0e49a',
password='******',
project_id='225da22d3ce34b15877ea70b2a575f58',
auth_url=self.TEST_URL)
cache = json.dumps(c.auth_ref)
new_client = client.Client(auth_ref=json.loads(cache),
auth_url=new_auth_url)
self.assertIsNotNone(new_client.auth_ref)
self.assertFalse(new_client.auth_ref.domain_scoped)
self.assertTrue(new_client.auth_ref.project_scoped)
self.assertEqual(new_client.auth_url, new_auth_url)
self.assertEqual(new_client.username, 'exampleuser')
self.assertIsNone(new_client.password)
self.assertEqual(new_client.management_url, 'http://admin:35357/v3')
def test_auth_ref_load_with_overridden_arguments(self):
new_auth_url = 'https://newkeystone.com/v3'
self.stub_auth(json=client_fixtures.project_scoped_token())
self.stub_auth(json=client_fixtures.project_scoped_token(),
base_url=new_auth_url)
c = client.Client(user_id='c4da488862bd435c9e6c0275a0d0e49a',
password='******',
project_id='225da22d3ce34b15877ea70b2a575f58',
auth_url=self.TEST_URL)
cache = json.dumps(c.auth_ref)
new_client = client.Client(auth_ref=json.loads(cache),
auth_url=new_auth_url)
self.assertIsNotNone(new_client.auth_ref)
self.assertFalse(new_client.auth_ref.domain_scoped)
self.assertTrue(new_client.auth_ref.project_scoped)
self.assertEqual(new_client.auth_url, new_auth_url)
self.assertEqual(new_client.username, 'exampleuser')
self.assertIsNone(new_client.password)
self.assertEqual(new_client.management_url,
'http://admin:35357/v3')
def test_project_scoped_init(self):
self.stub_auth(json=client_fixtures.project_scoped_token()),
c = client.Client(user_id='c4da488862bd435c9e6c0275a0d0e49a',
password='******',
user_domain_name='exampledomain',
project_name='exampleproject',
auth_url=self.TEST_URL)
self.assertIsNotNone(c.auth_ref)
self.assertFalse(c.auth_ref.domain_scoped)
self.assertTrue(c.auth_ref.project_scoped)
self.assertEqual(c.auth_user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
self.assertEqual(c.auth_tenant_id, '225da22d3ce34b15877ea70b2a575f58')
self.assertEqual('c4da488862bd435c9e6c0275a0d0e49a',
c.get_user_id(session=None))
self.assertEqual('225da22d3ce34b15877ea70b2a575f58',
c.get_project_id(session=None))
def test_oauth_authenticate_success(self):
consumer_key = uuid.uuid4().hex
consumer_secret = uuid.uuid4().hex
access_key = uuid.uuid4().hex
access_secret = uuid.uuid4().hex
# Just use an existing project scoped token and change
# the methods to oauth1, and add an OS-OAUTH1 section.
oauth_token = client_fixtures.project_scoped_token()
oauth_token['methods'] = ["oauth1"]
oauth_token['OS-OAUTH1'] = {
"consumer_id": consumer_key,
"access_token_id": access_key
}
self.stub_auth(json=oauth_token)
with self.deprecations.expect_deprecations_here():
a = auth.OAuth(self.TEST_URL,
consumer_key=consumer_key,
consumer_secret=consumer_secret,
access_key=access_key,
access_secret=access_secret)
s = session.Session(auth=a)
t = s.get_token()
self.assertEqual(self.TEST_TOKEN, t)
OAUTH_REQUEST_BODY = {
"auth": {
"identity": {
"methods": ["oauth1"],
"oauth1": {}
}
}
}
self.assertRequestBodyIs(json=OAUTH_REQUEST_BODY)
# Assert that the headers have the same oauthlib data
req_headers = self.requests_mock.last_request.headers
oauth_client = oauth1.Client(consumer_key,
client_secret=consumer_secret,
resource_owner_key=access_key,
resource_owner_secret=access_secret,
signature_method=oauth1.SIGNATURE_HMAC)
self._validate_oauth_headers(req_headers['Authorization'],
oauth_client)
def test_project_scoped_init(self):
token = client_fixtures.project_scoped_token()
self.stub_auth(json=token),
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
c = client.Client(user_id=token.user_id,
password='******',
user_domain_name=token.user_domain_name,
project_name=token.project_name,
auth_url=self.TEST_URL)
self.assertIsNotNone(c.auth_ref)
self.assertFalse(c.auth_ref.domain_scoped)
self.assertTrue(c.auth_ref.project_scoped)
self.assertEqual(token.user_id, c.auth_user_id)
self.assertEqual(token.project_id, c.auth_tenant_id)
self.assertEqual(token.user_id, c.get_user_id(session=None))
self.assertEqual(token.project_id, c.get_project_id(session=None))
def test_project_scoped_init(self):
token = client_fixtures.project_scoped_token()
self.stub_auth(json=token),
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
c = client.Client(user_id=token.user_id,
password='******',
user_domain_name=token.user_domain_name,
project_name=token.project_name,
auth_url=self.TEST_URL)
self.assertIsNotNone(c.auth_ref)
self.assertFalse(c.auth_ref.domain_scoped)
self.assertTrue(c.auth_ref.project_scoped)
self.assertEqual(token.user_id, c.auth_user_id)
self.assertEqual(token.project_id, c.auth_tenant_id)
self.assertEqual(token.user_id, c.get_user_id(session=None))
self.assertEqual(token.project_id, c.get_project_id(session=None))
def test_project_scoped_init(self):
self.stub_auth(json=client_fixtures.project_scoped_token()),
c = client.Client(user_id='c4da488862bd435c9e6c0275a0d0e49a',
password='******',
user_domain_name='exampledomain',
project_name='exampleproject',
auth_url=self.TEST_URL)
self.assertIsNotNone(c.auth_ref)
self.assertFalse(c.auth_ref.domain_scoped)
self.assertTrue(c.auth_ref.project_scoped)
self.assertEqual(c.auth_user_id,
'c4da488862bd435c9e6c0275a0d0e49a')
self.assertEqual(c.auth_tenant_id,
'225da22d3ce34b15877ea70b2a575f58')
self.assertEqual('c4da488862bd435c9e6c0275a0d0e49a',
c.get_user_id(session=None))
self.assertEqual('225da22d3ce34b15877ea70b2a575f58',
c.get_project_id(session=None))
def test_oauth_authenticate_success(self):
consumer_key = uuid.uuid4().hex
consumer_secret = uuid.uuid4().hex
access_key = uuid.uuid4().hex
access_secret = uuid.uuid4().hex
# Just use an existing project scoped token and change
# the methods to oauth1, and add an OS-OAUTH1 section.
oauth_token = client_fixtures.project_scoped_token()
oauth_token['methods'] = ["oauth1"]
oauth_token['OS-OAUTH1'] = {"consumer_id": consumer_key,
"access_token_id": access_key}
self.stub_auth(json=oauth_token)
a = auth.OAuth(self.TEST_URL, consumer_key=consumer_key,
consumer_secret=consumer_secret,
access_key=access_key,
access_secret=access_secret)
s = session.Session(auth=a)
with self.deprecations.expect_deprecations_here():
t = s.get_token()
self.assertEqual(self.TEST_TOKEN, t)
OAUTH_REQUEST_BODY = {
"auth": {
"identity": {
"methods": ["oauth1"],
"oauth1": {}
}
}
}
self.assertRequestBodyIs(json=OAUTH_REQUEST_BODY)
# Assert that the headers have the same oauthlib data
req_headers = self.requests_mock.last_request.headers
oauth_client = oauth1.Client(consumer_key,
client_secret=consumer_secret,
resource_owner_key=access_key,
resource_owner_secret=access_secret,
signature_method=oauth1.SIGNATURE_HMAC)
self._validate_oauth_headers(req_headers['Authorization'],
oauth_client)
def test_auth_ref_load(self):
token = client_fixtures.project_scoped_token()
self.stub_auth(json=token)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
c = client.Client(user_id=token.user_id,
password='******',
project_id=token.project_id,
auth_url=self.TEST_URL)
cache = jsonutils.dumps(c.auth_ref)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
new_client = client.Client(auth_ref=jsonutils.loads(cache))
self.assertIsNotNone(new_client.auth_ref)
self.assertFalse(new_client.auth_ref.domain_scoped)
self.assertTrue(new_client.auth_ref.project_scoped)
self.assertEqual(token.user_name, new_client.username)
self.assertIsNone(new_client.password)
self.assertEqual(new_client.management_url, 'http://admin:35357/v3')
def setUp(self):
super(ScopeFederationTokenTests, self).setUp()
self.PROJECT_SCOPED_TOKEN_JSON = client_fixtures.project_scoped_token()
self.PROJECT_SCOPED_TOKEN_JSON["methods"] = ["saml2"]
# for better readability
self.TEST_TENANT_ID = self.PROJECT_SCOPED_TOKEN_JSON.project_id
self.TEST_TENANT_NAME = self.PROJECT_SCOPED_TOKEN_JSON.project_name
self.DOMAIN_SCOPED_TOKEN_JSON = client_fixtures.domain_scoped_token()
self.DOMAIN_SCOPED_TOKEN_JSON["methods"] = ["saml2"]
# for better readability
self.TEST_DOMAIN_ID = self.DOMAIN_SCOPED_TOKEN_JSON.domain_id
self.TEST_DOMAIN_NAME = self.DOMAIN_SCOPED_TOKEN_JSON.domain_name
self.saml2_scope_plugin = saml2.Saml2ScopedToken(
self.TEST_URL, saml2_fixtures.UNSCOPED_TOKEN_HEADER, project_id=self.TEST_TENANT_ID
)
def test_service_catalog_without_name(self):
pr_auth_ref = access.AccessInfo.factory(
resp=None,
body=client_fixtures.project_scoped_token())
pr_sc = pr_auth_ref.service_catalog
# this will work because there are no service names on that token
url_ref = 'http://public.com:8774/v2/225da22d3ce34b15877ea70b2a575f58'
url = pr_sc.url_for(service_type='compute', service_name='NotExist',
endpoint_type='public')
self.assertEqual(url_ref, url)
ab_auth_ref = access.AccessInfo.factory(resp=None,
body=self.AUTH_RESPONSE_BODY)
ab_sc = ab_auth_ref.service_catalog
# this won't work because there is a name and it's not this one
self.assertRaises(exceptions.EndpointNotFound, ab_sc.url_for,
service_type='compute', service_name='NotExist',
endpoint_type='public')
def setUp(self):
super(ScopeFederationTokenTests, self).setUp()
self.PROJECT_SCOPED_TOKEN_JSON = client_fixtures.project_scoped_token()
self.PROJECT_SCOPED_TOKEN_JSON['methods'] = ['saml2']
# for better readability
self.TEST_TENANT_ID = self.PROJECT_SCOPED_TOKEN_JSON.project_id
self.TEST_TENANT_NAME = self.PROJECT_SCOPED_TOKEN_JSON.project_name
self.DOMAIN_SCOPED_TOKEN_JSON = client_fixtures.domain_scoped_token()
self.DOMAIN_SCOPED_TOKEN_JSON['methods'] = ['saml2']
# for better readability
self.TEST_DOMAIN_ID = self.DOMAIN_SCOPED_TOKEN_JSON.domain_id
self.TEST_DOMAIN_NAME = self.DOMAIN_SCOPED_TOKEN_JSON.domain_name
self.saml2_scope_plugin = saml2.Saml2ScopedToken(
self.TEST_URL, saml2_fixtures.UNSCOPED_TOKEN_HEADER,
project_id=self.TEST_TENANT_ID)
def test_two_factor_authenticate_scoped_success(self):
verification_code = uuid.uuid4().hex
password = uuid.uuid4().hex
user_id = uuid.uuid4().hex
# Just use an existing project scoped token and change
# the methods to password, and add its section.
token = client_fixtures.project_scoped_token()
token['methods'] = ["password"]
token['password'] = {
"verification_code": verification_code,
'password': password
}
self.stub_auth(json=token)
a = auth.TwoFactor(
self.TEST_URL,
verification_code=verification_code,
password=password,
user_id=user_id)
s = session.Session(auth=a)
t = s.get_token()
self.assertEqual(self.TEST_TOKEN, t)
TWO_FACTOR_REQUEST_BODY = {
"auth": {
"identity": {
"methods": ["password"],
"password": {
'user': {
'verification_code': verification_code,
'password': password,
'id': user_id
}
}
}
}
}
self.assertRequestBodyIs(json=TWO_FACTOR_REQUEST_BODY)
def test_auth_ref_load(self):
token = client_fixtures.project_scoped_token()
self.stub_auth(json=token)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
c = client.Client(user_id=token.user_id,
password='******',
project_id=token.project_id,
auth_url=self.TEST_URL)
cache = json.dumps(c.auth_ref)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
new_client = client.Client(auth_ref=json.loads(cache))
self.assertIsNotNone(new_client.auth_ref)
self.assertFalse(new_client.auth_ref.domain_scoped)
self.assertTrue(new_client.auth_ref.project_scoped)
self.assertEqual(token.user_name, new_client.username)
self.assertIsNone(new_client.password)
self.assertEqual(new_client.management_url,
'http://admin:35357/v3')
import uuid
from oslo_utils import timeutils
from keystoneclient import access
from keystoneclient import fixture
from keystoneclient.tests.unit.v3 import client_fixtures
from keystoneclient.tests.unit.v3 import utils
TOKEN_RESPONSE = utils.TestResponse({
"headers": client_fixtures.AUTH_RESPONSE_HEADERS
})
UNSCOPED_TOKEN = client_fixtures.unscoped_token()
DOMAIN_SCOPED_TOKEN = client_fixtures.domain_scoped_token()
PROJECT_SCOPED_TOKEN = client_fixtures.project_scoped_token()
class AccessInfoTest(utils.TestCase):
def test_building_unscoped_accessinfo(self):
auth_ref = access.AccessInfo.factory(resp=TOKEN_RESPONSE,
body=UNSCOPED_TOKEN)
self.assertTrue(auth_ref)
self.assertIn('methods', auth_ref)
self.assertNotIn('catalog', auth_ref)
self.assertEqual(auth_ref.auth_token,
'3e2813b7ba0b4006840c3825860b86ed')
self.assertEqual(auth_ref.username, 'exampleuser')
self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
def test_management_url_is_updated_with_project(self):
self._management_url_is_updated(client_fixtures.project_scoped_token(),
project_name='exampleproject')
import datetime
import uuid
from oslo_utils import timeutils
from keystoneclient import access
from keystoneclient import fixture
from keystoneclient.tests.unit.v3 import client_fixtures
from keystoneclient.tests.unit.v3 import utils
TOKEN_RESPONSE = utils.TestResponse(
{"headers": client_fixtures.AUTH_RESPONSE_HEADERS})
UNSCOPED_TOKEN = client_fixtures.unscoped_token()
DOMAIN_SCOPED_TOKEN = client_fixtures.domain_scoped_token()
PROJECT_SCOPED_TOKEN = client_fixtures.project_scoped_token()
class AccessInfoTest(utils.TestCase):
def test_building_unscoped_accessinfo(self):
auth_ref = access.AccessInfo.factory(resp=TOKEN_RESPONSE,
body=UNSCOPED_TOKEN)
self.assertTrue(auth_ref)
self.assertIn('methods', auth_ref)
self.assertNotIn('catalog', auth_ref)
self.assertEqual(auth_ref.auth_token,
'3e2813b7ba0b4006840c3825860b86ed')
self.assertEqual(auth_ref.username, 'exampleuser')
self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
def test_management_url_is_updated_with_project(self):
self._management_url_is_updated(client_fixtures.project_scoped_token(),
project_name='exampleproject')
