def find_domain(identity_client, name_or_id): """Find a domain. If the user does not have permssions to access the v3 domain API, assume that domain given is the id rather than the name. This method is used by the project list command, so errors access the domain will be ignored and if the user has access to the project API, everything will work fine. Closes bugs #1317478 and #1317485. """ try: dom = utils.find_resource(identity_client.domains, name_or_id) if dom is not None: return dom except identity_exc.Forbidden: pass return domains.Domain(None, {'id': name_or_id})
def data(TEST): # Make a deep copy of the catalog to avoid persisting side-effects # when tests modify the catalog. TEST.service_catalog = copy.deepcopy(SERVICE_CATALOG) TEST.tokens = utils.TestDataContainer() TEST.domains = utils.TestDataContainer() TEST.users = utils.TestDataContainer() TEST.groups = utils.TestDataContainer() TEST.tenants = utils.TestDataContainer() TEST.role_assignments = utils.TestDataContainer() TEST.roles = utils.TestDataContainer() TEST.ec2 = utils.TestDataContainer() TEST.identity_providers = utils.TestDataContainer() TEST.idp_mappings = utils.TestDataContainer() TEST.idp_protocols = utils.TestDataContainer() admin_role_dict = {'id': '1', 'name': 'admin'} admin_role = roles.Role(roles.RoleManager, admin_role_dict, loaded=True) member_role_dict = {'id': "2", 'name': settings.OPENSTACK_KEYSTONE_DEFAULT_ROLE} member_role = roles.Role(roles.RoleManager, member_role_dict, loaded=True) TEST.roles.add(admin_role, member_role) TEST.roles.admin = admin_role TEST.roles.member = member_role domain_dict = {'id': "1", 'name': 'test_domain', 'description': "a test domain.", 'enabled': True} domain_dict_2 = {'id': "2", 'name': 'disabled_domain', 'description': "a disabled test domain.", 'enabled': False} domain = domains.Domain(domains.DomainManager, domain_dict) disabled_domain = domains.Domain(domains.DomainManager, domain_dict_2) TEST.domains.add(domain, disabled_domain) TEST.domain = domain # Your "current" domain user_dict = {'id': "1", 'name': 'test_user', 'description': 'test_description', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True, 'domain_id': "1"} user = users.User(None, user_dict) user_dict = {'id': "2", 'name': 'user_two', 'description': 'test_description', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True, 'domain_id': "1"} user2 = users.User(None, user_dict) user_dict = {'id': "3", 'name': 'user_three', 'description': 'test_description', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True, 'domain_id': "1"} user3 = users.User(None, user_dict) user_dict = {'id': "4", 'name': 'user_four', 'description': 'test_description', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '2', 'enabled': True, 'domain_id': "2"} user4 = users.User(None, user_dict) user_dict = {'id': "5", 'name': 'user_five', 'description': 'test_description', 'email': None, 'password': '******', 'token': 'test_token', 'project_id': '2', 'enabled': True, 'domain_id': "1"} user5 = users.User(None, user_dict) TEST.users.add(user, user2, user3, user4, user5) TEST.user = user # Your "current" user TEST.user.service_catalog = copy.deepcopy(SERVICE_CATALOG) group_dict = {'id': "1", 'name': 'group_one', 'description': 'group one description', 'project_id': '1', 'domain_id': '1'} group = groups.Group(groups.GroupManager(None), group_dict) group_dict = {'id': "2", 'name': 'group_two', 'description': 'group two description', 'project_id': '1', 'domain_id': '1'} group2 = groups.Group(groups.GroupManager(None), group_dict) group_dict = {'id': "3", 'name': 'group_three', 'description': 'group three description', 'project_id': '1', 'domain_id': '1'} group3 = groups.Group(groups.GroupManager(None), group_dict) group_dict = {'id': "4", 'name': 'group_four', 'description': 'group four description', 'project_id': '2', 'domain_id': '2'} group4 = groups.Group(groups.GroupManager(None), group_dict) TEST.groups.add(group, group2, group3, group4) role_assignments_dict = {'user': {'id': '1'}, 'role': {'id': '1'}, 'scope': {'project': {'id': '1'}}} proj_role_assignment1 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'user': {'id': '2'}, 'role': {'id': '2'}, 'scope': {'project': {'id': '1'}}} proj_role_assignment2 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'group': {'id': '1'}, 'role': {'id': '2'}, 'scope': {'project': {'id': '1'}}} proj_role_assignment3 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'user': {'id': '3'}, 'role': {'id': '2'}, 'scope': {'project': {'id': '1'}}} proj_role_assignment4 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'user': {'id': '1'}, 'role': {'id': '1'}, 'scope': {'domain': {'id': '1'}}} domain_role_assignment1 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'user': {'id': '2'}, 'role': {'id': '2'}, 'scope': {'domain': {'id': '1'}}} domain_role_assignment2 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'group': {'id': '1'}, 'role': {'id': '2'}, 'scope': {'domain': {'id': '1'}}} domain_role_assignment3 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'user': {'id': '3'}, 'role': {'id': '2'}, 'scope': {'domain': {'id': '1'}}} domain_role_assignment4 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) TEST.role_assignments.add(proj_role_assignment1, proj_role_assignment2, proj_role_assignment3, proj_role_assignment4, domain_role_assignment1, domain_role_assignment2, domain_role_assignment3, domain_role_assignment4) tenant_dict = {'id': "1", 'name': 'test_tenant', 'description': "a test tenant.", 'enabled': True, 'domain_id': '1', 'domain_name': 'test_domain'} tenant_dict_2 = {'id': "2", 'name': 'disabled_tenant', 'description': "a disabled test tenant.", 'enabled': False, 'domain_id': '2', 'domain_name': 'disabled_domain'} tenant_dict_3 = {'id': "3", 'name': u'\u4e91\u89c4\u5219', 'description': "an unicode-named tenant.", 'enabled': True, 'domain_id': '2', 'domain_name': 'disabled_domain'} tenant = tenants.Tenant(tenants.TenantManager, tenant_dict) disabled_tenant = tenants.Tenant(tenants.TenantManager, tenant_dict_2) tenant_unicode = tenants.Tenant(tenants.TenantManager, tenant_dict_3) TEST.tenants.add(tenant, disabled_tenant, tenant_unicode) TEST.tenant = tenant # Your "current" tenant tomorrow = datetime_safe.datetime.now() + timedelta(days=1) expiration = tomorrow.isoformat() scoped_token_dict = { 'access': { 'token': { 'id': "test_token_id", 'expires': expiration, 'tenant': tenant_dict, 'tenants': [tenant_dict]}, 'user': { 'id': "test_user_id", 'name': "test_user", 'roles': [member_role_dict]}, 'serviceCatalog': TEST.service_catalog } } scoped_access_info = access.AccessInfo.factory(resp=None, body=scoped_token_dict) unscoped_token_dict = { 'access': { 'token': { 'id': "test_token_id", 'expires': expiration}, 'user': { 'id': "test_user_id", 'name': "test_user", 'roles': [member_role_dict]}, 'serviceCatalog': TEST.service_catalog } } unscoped_access_info = access.AccessInfo.factory(resp=None, body=unscoped_token_dict) scoped_token = auth_user.Token(scoped_access_info) unscoped_token = auth_user.Token(unscoped_access_info) TEST.tokens.add(scoped_token, unscoped_token) TEST.token = scoped_token # your "current" token. TEST.tokens.scoped_token = scoped_token TEST.tokens.unscoped_token = unscoped_token access_secret = ec2.EC2(ec2.CredentialsManager, {"access": "access", "secret": "secret", "tenant_id": tenant.id}) TEST.ec2.add(access_secret) idp_dict_1 = {'id': 'idp_1', 'description': 'identity provider 1', 'enabled': True, 'remote_ids': ['rid_1', 'rid_2']} idp_1 = identity_providers.IdentityProvider( identity_providers.IdentityProviderManager, idp_dict_1, loaded=True) idp_dict_2 = {'id': 'idp_2', 'description': 'identity provider 2', 'enabled': True, 'remote_ids': ['rid_3', 'rid_4']} idp_2 = identity_providers.IdentityProvider( identity_providers.IdentityProviderManager, idp_dict_2, loaded=True) TEST.identity_providers.add(idp_1, idp_2) idp_mapping_dict = { "id": "mapping_1", "rules": [ { "local": [ { "user": { "name": "{0}" } }, { "group": { "id": "0cd5e9" } } ], "remote": [ { "type": "UserName" }, { "type": "orgPersonType", "not_any_of": [ "Contractor", "Guest" ] } ] } ] } idp_mapping = mappings.Mapping( mappings.MappingManager(None), idp_mapping_dict) TEST.idp_mappings.add(idp_mapping) idp_protocol_dict_1 = {'id': 'protocol_1', 'mapping_id': 'mapping_1'} idp_protocol = protocols.Protocol( protocols.ProtocolManager, idp_protocol_dict_1, loaded=True) TEST.idp_protocols.add(idp_protocol)
def data(TEST): TEST.service_catalog = SERVICE_CATALOG TEST.tokens = TestDataContainer() TEST.domains = TestDataContainer() TEST.users = TestDataContainer() TEST.groups = TestDataContainer() TEST.tenants = TestDataContainer() TEST.roles = TestDataContainer() TEST.ec2 = TestDataContainer() admin_role_dict = {'id': '1', 'name': 'admin'} admin_role = roles.Role(roles.RoleManager, admin_role_dict) member_role_dict = { 'id': "2", 'name': settings.OPENSTACK_KEYSTONE_DEFAULT_ROLE } member_role = roles.Role(roles.RoleManager, member_role_dict) TEST.roles.add(admin_role, member_role) TEST.roles.admin = admin_role TEST.roles.member = member_role domain_dict = { 'id': "1", 'name': 'test_domain', 'description': "a test domain.", 'enabled': True } domain_dict_2 = { 'id': "2", 'name': 'disabled_domain', 'description': "a disabled test domain.", 'enabled': False } domain = domains.Domain(domains.DomainManager, domain_dict) disabled_domain = domains.Domain(domains.DomainManager, domain_dict_2) TEST.domains.add(domain, disabled_domain) TEST.domain = domain # Your "current" domain user_dict = { 'id': "1", 'name': 'test_user', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True, 'domain_id': "1" } user = users.User(users.UserManager(None), user_dict) user_dict = { 'id': "2", 'name': 'user_two', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True, 'domain_id': "1" } user2 = users.User(users.UserManager(None), user_dict) user_dict = { 'id': "3", 'name': 'user_three', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True, 'domain_id': "1" } user3 = users.User(users.UserManager(None), user_dict) user_dict = { 'id': "4", 'name': 'user_four', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '2', 'enabled': True, 'domain_id': "2" } user4 = users.User(users.UserManager(None), user_dict) TEST.users.add(user, user2, user3, user4) TEST.user = user # Your "current" user TEST.user.service_catalog = SERVICE_CATALOG group_dict = { 'id': "1", 'name': 'group_one', 'description': 'group one description', 'domain_id': '1' } group = groups.Group(groups.GroupManager(None), group_dict) group_dict = { 'id': "2", 'name': 'group_two', 'description': 'group two description', 'domain_id': '1' } group2 = groups.Group(groups.GroupManager(None), group_dict) group_dict = { 'id': "3", 'name': 'group_three', 'description': 'group three description', 'domain_id': '2' } group3 = groups.Group(groups.GroupManager(None), group_dict) TEST.groups.add(group, group2, group3) tenant_dict = { 'id': "1", 'name': 'test_tenant', 'description': "a test tenant.", 'enabled': True, 'domain_id': '1' } tenant_dict_2 = { 'id': "2", 'name': 'disabled_tenant', 'description': "a disabled test tenant.", 'enabled': False, 'domain_id': '2' } tenant_dict_3 = { 'id': "3", 'name': u'\u4e91\u89c4\u5219', 'description': "an unicode-named tenant.", 'enabled': True, 'domain_id': '2' } tenant = tenants.Tenant(tenants.TenantManager, tenant_dict) disabled_tenant = tenants.Tenant(tenants.TenantManager, tenant_dict_2) tenant_unicode = tenants.Tenant(tenants.TenantManager, tenant_dict_3) TEST.tenants.add(tenant, disabled_tenant, tenant_unicode) TEST.tenant = tenant # Your "current" tenant tomorrow = datetime_safe.datetime.now() + timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) scoped_token_dict = { 'access': { 'token': { 'id': "test_token_id", 'expires': expiration, 'tenant': tenant_dict, 'tenants': [tenant_dict] }, 'user': { 'id': "test_user_id", 'name': "test_user", 'roles': [member_role_dict] }, 'serviceCatalog': TEST.service_catalog } } scoped_access_info = AccessInfo.factory(resp=None, body=scoped_token_dict) unscoped_token_dict = { 'access': { 'token': { 'id': "test_token_id", 'expires': expiration }, 'user': { 'id': "test_user_id", 'name': "test_user", 'roles': [member_role_dict] }, 'serviceCatalog': TEST.service_catalog } } unscoped_access_info = AccessInfo.factory(resp=None, body=unscoped_token_dict) scoped_token = Token(scoped_access_info) unscoped_token = Token(unscoped_access_info) TEST.tokens.add(scoped_token, unscoped_token) TEST.token = scoped_token # your "current" token. TEST.tokens.scoped_token = scoped_token TEST.tokens.unscoped_token = unscoped_token access_secret = ec2.EC2(ec2.CredentialsManager, { "access": "access", "secret": "secret" }) TEST.ec2.add(access_secret)
def generate_test_data(service_providers=False, endpoint='localhost'): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': 'http://admin.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Domains domain_dict = {'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True} test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = {'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True} test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = {'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True} project_dict_2 = {'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False} test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': ('http://nova-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) auth_token = uuid.uuid4().hex auth_response_headers = { 'X-Subject-Token': auth_token } auth_response = TestResponse({ "headers": auth_response_headers }) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } sp_list = None if service_providers: test_data.sp_auth_url = 'http://service_provider_endp/identity/v3' test_data.service_provider_id = 'k2kserviceprovider' # The access info for the identity provider # should return a list of service providers sp_list = [ {'auth_url': test_data.sp_auth_url, 'id': test_data.service_provider_id, 'sp_url': 'https://k2kserviceprovider/sp_url'} ] scoped_token_dict['token']['service_providers'] = sp_list test_data.scoped_access_info = access.create( resp=auth_response, body=scoped_token_dict ) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create( resp=auth_response, body=domain_token_dict ) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } if service_providers: unscoped_token_dict['token']['service_providers'] = sp_list test_data.unscoped_access_info = access.create( resp=auth_response, body=unscoped_token_dict ) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict ) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict ) return test_data
def generate_test_data(): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': 'http://admin.localhost:35357/v3', 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Domains domain_dict = { 'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True } test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = { 'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True } test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = { 'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True } project_dict_2 = { 'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False } test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': ('http://nova-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) auth_token = uuid.uuid4().hex auth_response_headers = {'X-Subject-Token': auth_token} auth_response = TestResponse({"headers": auth_response_headers}) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.AccessInfo.factory( resp=auth_response, body=scoped_token_dict) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } test_data.unscoped_access_info = access.AccessInfo.factory( resp=auth_response, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalog.factory( { 'methods': ['password'], 'user': {}, 'catalog': [keystone_service, nova_service], }, token=auth_token) return test_data
def data(TEST): TEST.service_catalog = SERVICE_CATALOG TEST.tokens = TestDataContainer() TEST.domains = TestDataContainer() TEST.users = TestDataContainer() TEST.tenants = TestDataContainer() TEST.roles = TestDataContainer() TEST.ec2 = TestDataContainer() admin_role_dict = {'id': '1', 'name': 'admin'} admin_role = roles.Role(roles.RoleManager, admin_role_dict) member_role_dict = {'id': "2", 'name': settings.OPENSTACK_KEYSTONE_DEFAULT_ROLE} member_role = roles.Role(roles.RoleManager, member_role_dict) TEST.roles.add(admin_role, member_role) TEST.roles.admin = admin_role TEST.roles.member = member_role domain_dict = {'id': "1", 'name': 'test_domain', 'description': "a test domain.", 'enabled': True} domain_dict_2 = {'id': "2", 'name': 'disabled_domain', 'description': "a disabled test domain.", 'enabled': False} domain = domains.Domain(domains.DomainManager, domain_dict) disabled_domain = domains.Domain(domains.DomainManager, domain_dict_2) TEST.domains.add(domain, disabled_domain) TEST.domain = domain # Your "current" domain user_dict = {'id': "1", 'name': 'test_user', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True} user = users.User(users.UserManager(None), user_dict) user_dict = {'id': "2", 'name': 'user_two', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True} user2 = users.User(users.UserManager(None), user_dict) user_dict = {'id': "3", 'name': 'user_three', 'email': '*****@*****.**', 'password': '******', 'token': 'test_token', 'project_id': '1', 'enabled': True} user3 = users.User(users.UserManager(None), user_dict) TEST.users.add(user, user2, user3) TEST.user = user # Your "current" user TEST.user.service_catalog = SERVICE_CATALOG tenant_dict = {'id': "1", 'name': 'test_tenant', 'description': "a test tenant.", 'enabled': True} tenant_dict_2 = {'id': "2", 'name': 'disabled_tenant', 'description': "a disabled test tenant.", 'enabled': False} tenant = tenants.Tenant(tenants.TenantManager, tenant_dict) disabled_tenant = tenants.Tenant(tenants.TenantManager, tenant_dict_2) TEST.tenants.add(tenant, disabled_tenant) TEST.tenant = tenant # Your "current" tenant tomorrow = datetime_safe.datetime.now() + timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) scoped_token = tokens.Token(tokens.TokenManager, dict(token={"id": "test_token_id", "expires": expiration, "tenant": tenant_dict, "tenants": [tenant_dict]}, user={"id": "test_user_id", "name": "test_user", "roles": [member_role_dict]}, serviceCatalog=TEST.service_catalog)) unscoped_token = tokens.Token(tokens.TokenManager, dict(token={"id": "test_token_id", "expires": expiration}, user={"id": "test_user_id", "name": "test_user", "roles": [member_role_dict]}, serviceCatalog=TEST.service_catalog)) TEST.tokens.add(scoped_token, unscoped_token) TEST.token = scoped_token # your "current" token. TEST.tokens.scoped_token = scoped_token TEST.tokens.unscoped_token = unscoped_token access_secret = ec2.EC2(ec2.CredentialsManager, {"access": "access", "secret": "secret"}) TEST.ec2.add(access_secret)
def generate_test_data(pki=False): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': 'http://admin.localhost:35357/v3', 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Domains domain_dict = { 'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True } test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = { 'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True } test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = { 'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True } project_dict_2 = { 'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False } test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': ('http://nova-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) if pki: # We don't need a real PKI token, but just the prefix to make the # keystone client treat it as a PKI token auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex else: auth_token = uuid.uuid4().hex auth_response_headers = {'X-Subject-Token': auth_token} auth_response = TestResponse({"headers": auth_response_headers}) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.create(resp=auth_response, body=scoped_token_dict) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create(resp=auth_response, body=domain_token_dict) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } test_data.unscoped_access_info = access.create(resp=auth_response, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [{ 'id': uuid.uuid4().hex }, { 'id': uuid.uuid4().hex }] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [{ 'id': uuid.uuid4().hex }, { 'id': uuid.uuid4().hex }] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict) return test_data