def __init__(self, **kwargs):
"""Initialize a new client for the Keystone v3 API."""
super(Client, self).__init__(**kwargs)
self.credentials = credentials.CredentialManager(self)
self.endpoint_filter = endpoint_filter.EndpointFilterManager(self)
self.endpoints = endpoints.EndpointManager(self)
self.domains = domains.DomainManager(self)
self.federation = federation.FederationManager(self)
self.groups = groups.GroupManager(self)
self.oauth1 = oauth1.create_oauth_manager(self)
self.policies = policies.PolicyManager(self)
self.projects = projects.ProjectManager(self)
self.regions = regions.RegionManager(self)
self.role_assignments = role_assignments.RoleAssignmentManager(self)
self.roles = roles.RoleManager(self)
self.services = services.ServiceManager(self)
self.tokens = tokens.TokenManager(self)
self.trusts = trusts.TrustManager(self)
self.users = users.UserManager(self)
# DEPRECATED: if session is passed then we go to the new behaviour of
# authenticating on the first required call.
if 'session' not in kwargs and self.management_url is None:
self.authenticate()
def _resolve_project_name(self, tenant_id):
try:
username = cfg.CONF[self.name].keystone_auth_name
passwd = cfg.CONF[self.name].keystone_auth_pass
project = cfg.CONF[self.name].keystone_auth_project
url = cfg.CONF[self.name].keystone_auth_url
except KeyError:
LOG.debug('Missing a config setting for keystone auth.')
return
try:
auth = v3.Password(auth_url=url,
user_id=username,
password=passwd,
project_id=project)
sess = session.Session(auth=auth)
keystone = client.Client(session=sess, auth_url=url)
except keystoneexceptions.AuthorizationFailure:
LOG.debug('Keystone client auth failed.')
return
projectmanager = projects.ProjectManager(keystone)
proj = projectmanager.get(tenant_id)
if proj:
LOG.debug('Resolved project id %s as %s' % (tenant_id, proj.name))
return proj.name
else:
return 'unknown'
def __init__(self, *args, **kwargs):
super(V3IdentityClient, self).__init__(*args, **kwargs)
self.credentials = v3credentials.CredentialManager(self)
self.endpoints = v3endpoints.EndpointManager(self)
self.domains = v3domains.DomainManager(self)
self.groups = v3groups.GroupManager(self)
self.policies = v3policies.PolicyManager(self)
self.projects = v3projects.ProjectManager(self)
self.roles = v3roles.RoleManager(self)
self.services = v3services.ServiceManager(self)
self.users = v3users.UserManager(self)
self.trusts = v3trusts.TrustManager(self)
def __init__(self, **kwargs):
"""Initialize a new client for the Keystone v3 API."""
super(Client, self).__init__(**kwargs)
self.version = 'v3'
self.credentials = credentials.CredentialManager(self)
self.endpoints = endpoints.EndpointManager(self)
self.domains = domains.DomainManager(self)
self.groups = groups.GroupManager(self)
self.policies = policies.PolicyManager(self)
self.projects = projects.ProjectManager(self)
self.roles = roles.RoleManager(self)
self.services = services.ServiceManager(self)
self.users = users.UserManager(self)
def __init__(self, **kwargs):
"""Initialize a new client for the Keystone v3 API."""
super(Client, self).__init__(**kwargs)
if not kwargs.get('session'):
warnings.warn(
'Constructing an instance of the '
'keystoneclient.v3.client.Client class without a session is '
'deprecated as of the 1.7.0 release and may be removed in '
'the 2.0.0 release.', DeprecationWarning)
self.access_rules = (access_rules.AccessRuleManager(self._adapter))
self.application_credentials = (
application_credentials.ApplicationCredentialManager(
self._adapter))
self.auth = auth.AuthManager(self._adapter)
self.credentials = credentials.CredentialManager(self._adapter)
self.ec2 = ec2.EC2Manager(self._adapter)
self.endpoint_filter = endpoint_filter.EndpointFilterManager(
self._adapter)
self.endpoint_groups = endpoint_groups.EndpointGroupManager(
self._adapter)
self.endpoint_policy = endpoint_policy.EndpointPolicyManager(
self._adapter)
self.endpoints = endpoints.EndpointManager(self._adapter)
self.domain_configs = domain_configs.DomainConfigManager(self._adapter)
self.domains = domains.DomainManager(self._adapter)
self.federation = federation.FederationManager(self._adapter)
self.groups = groups.GroupManager(self._adapter)
self.limits = limits.LimitManager(self._adapter)
self.oauth1 = oauth1.create_oauth_manager(self._adapter)
self.policies = policies.PolicyManager(self._adapter)
self.projects = projects.ProjectManager(self._adapter)
self.registered_limits = registered_limits.RegisteredLimitManager(
self._adapter)
self.regions = regions.RegionManager(self._adapter)
self.role_assignments = (role_assignments.RoleAssignmentManager(
self._adapter))
self.roles = roles.RoleManager(self._adapter)
self.inference_rules = roles.InferenceRuleManager(self._adapter)
self.services = services.ServiceManager(self._adapter)
self.simple_cert = simple_cert.SimpleCertManager(self._adapter)
self.tokens = tokens.TokenManager(self._adapter)
self.trusts = trusts.TrustManager(self._adapter)
self.users = users.UserManager(self._adapter)
# DEPRECATED: if session is passed then we go to the new behaviour of
# authenticating on the first required call.
if 'session' not in kwargs and self.management_url is None:
self.authenticate()
def __init__(self, **kwargs):
"""Initialize a new client for the Keystone v3 API."""
super(Client, self).__init__(**kwargs)
self.credentials = credentials.CredentialManager(self)
self.endpoints = endpoints.EndpointManager(self)
self.domains = domains.DomainManager(self)
self.groups = groups.GroupManager(self)
self.policies = policies.PolicyManager(self)
self.projects = projects.ProjectManager(self)
self.roles = roles.RoleManager(self)
self.services = services.ServiceManager(self)
self.users = users.UserManager(self)
self.trusts = trusts.TrustManager(self)
if self.management_url is None:
self.authenticate()
def __init__(self, **kwargs):
"""Initialize a new client for the Keystone v3 API."""
# NOTE(Roxana Gherle): Keystone V3 APIs has no admin versus public
# distinction. They are both going through the same endpoint, so
# set a public default here instead of picking up an admin default in
# httpclient.HTTPClient
kwargs.setdefault('interface', 'public')
super(Client, self).__init__(**kwargs)
if not kwargs.get('session'):
warnings.warn(
'Constructing an instance of the '
'keystoneclient.v3.client.Client class without a session is '
'deprecated as of the 1.7.0 release and may be removed in '
'the 2.0.0 release.', DeprecationWarning)
self.auth = auth.AuthManager(self._adapter)
self.credentials = credentials.CredentialManager(self._adapter)
self.ec2 = ec2.EC2Manager(self._adapter)
self.endpoint_filter = endpoint_filter.EndpointFilterManager(
self._adapter)
self.endpoint_policy = endpoint_policy.EndpointPolicyManager(
self._adapter)
self.endpoints = endpoints.EndpointManager(self._adapter)
self.domains = domains.DomainManager(self._adapter)
self.federation = federation.FederationManager(self._adapter)
self.groups = groups.GroupManager(self._adapter)
self.oauth1 = oauth1.create_oauth_manager(self._adapter)
self.policies = policies.PolicyManager(self._adapter)
self.projects = projects.ProjectManager(self._adapter)
self.regions = regions.RegionManager(self._adapter)
self.role_assignments = (
role_assignments.RoleAssignmentManager(self._adapter))
self.roles = roles.RoleManager(self._adapter)
self.services = services.ServiceManager(self._adapter)
self.simple_cert = simple_cert.SimpleCertManager(self._adapter)
self.tokens = tokens.TokenManager(self._adapter)
self.trusts = trusts.TrustManager(self._adapter)
self.users = users.UserManager(self._adapter)
# DEPRECATED: if session is passed then we go to the new behaviour of
# authenticating on the first required call.
if 'session' not in kwargs and self.management_url is None:
self.authenticate()
def __init__(self, endpoint=None, **kwargs):
""" Initialize a new client for the Keystone v2.0 API. """
super(Client, self).__init__(endpoint=endpoint, **kwargs)
self.credentials = credentials.CredentialManager(self)
self.endpoints = endpoints.EndpointManager(self)
self.domains = domains.DomainManager(self)
self.policies = policies.PolicyManager(self)
self.projects = projects.ProjectManager(self)
self.roles = roles.RoleManager(self)
self.services = services.ServiceManager(self)
self.users = users.UserManager(self)
# NOTE(gabriel): If we have a pre-defined endpoint then we can
# get away with lazy auth. Otherwise auth immediately.
if endpoint:
self.management_url = endpoint
else:
self.authenticate()
def __init__(self, **kwargs):
"""Initialize a new client for the Keystone v3 API."""
super(Client, self).__init__(**kwargs)
self.credentials = credentials.CredentialManager(self._adapter)
self.endpoint_filter = endpoint_filter.EndpointFilterManager(
self._adapter)
self.endpoint_policy = endpoint_policy.EndpointPolicyManager(
self._adapter)
self.endpoints = endpoints.EndpointManager(self._adapter)
self.domains = domains.DomainManager(self._adapter)
self.federation = federation.FederationManager(self._adapter)
self.groups = groups.GroupManager(self._adapter)
self.oauth1 = oauth1.create_oauth_manager(self._adapter)
# TODO(garcianavalon) document this
self.endpoint_groups = endpoint_filter.EndpointGroupFilterManager(
self._adapter)
self.fiware_roles = fiware_roles.FiwareRolesManager(self)
self.oauth2 = oauth2.create_oauth_manager(self)
self.user_registration = user_registration.UserRegistrationManager(
self)
self.two_factor = two_factor.TwoFactorManager(self)
self.policies = policies.PolicyManager(self._adapter)
self.projects = projects.ProjectManager(self._adapter)
self.regions = regions.RegionManager(self._adapter)
self.role_assignments = (role_assignments.RoleAssignmentManager(
self._adapter))
self.roles = roles.RoleManager(self._adapter)
self.services = services.ServiceManager(self._adapter)
self.tokens = tokens.TokenManager(self._adapter)
self.trusts = trusts.TrustManager(self._adapter)
self.users = users.UserManager(self._adapter)
# DEPRECATED: if session is passed then we go to the new behaviour of
# authenticating on the first required call.
if 'session' not in kwargs and self.management_url is None:
self.authenticate()
def setUp(self):
super(ProjectsRequestIdTests, self).setUp()
self.mgr = projects.ProjectManager(self.client)
self.mgr.resource_class = projects.Project
def generate_test_data(service_providers=False, endpoint='localhost'):
'''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer()
keystone_service = {
'type': 'identity',
'id': uuid.uuid4().hex,
'endpoints': [
{
'url': 'http://admin.%s/identity/v3' % endpoint,
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
},
{
'url': 'http://internal.%s/identity/v3' % endpoint,
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
},
{
'url': 'http://public.%s/identity/v3' % endpoint,
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
}
]
}
# Domains
domain_dict = {'id': uuid.uuid4().hex,
'name': 'domain',
'description': '',
'enabled': True}
test_data.domain = domains.Domain(domains.DomainManager(None),
domain_dict, loaded=True)
# Users
user_dict = {'id': uuid.uuid4().hex,
'name': 'gabriel',
'email': '*****@*****.**',
'password': '******',
'domain_id': domain_dict['id'],
'token': '',
'enabled': True}
test_data.user = users.User(users.UserManager(None),
user_dict, loaded=True)
# Projects
project_dict_1 = {'id': uuid.uuid4().hex,
'name': 'tenant_one',
'description': '',
'domain_id': domain_dict['id'],
'enabled': True}
project_dict_2 = {'id': uuid.uuid4().hex,
'name': 'tenant_two',
'description': '',
'domain_id': domain_dict['id'],
'enabled': False}
test_data.project_one = projects.Project(projects.ProjectManager(None),
project_dict_1,
loaded=True)
test_data.project_two = projects.Project(projects.ProjectManager(None),
project_dict_2,
loaded=True)
# Roles
role_dict = {'id': uuid.uuid4().hex,
'name': 'Member'}
test_data.role = roles.Role(roles.RoleManager, role_dict)
nova_service = {
'type': 'compute',
'id': uuid.uuid4().hex,
'endpoints': [
{
'url': ('http://nova-admin.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
},
{
'url': ('http://nova-internal.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
},
{
'url': ('http://nova-public.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
},
{
'url': ('http://nova2-admin.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionTwo',
'interface': 'admin',
'id': uuid.uuid4().hex,
},
{
'url': ('http://nova2-internal.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionTwo',
'interface': 'internal',
'id': uuid.uuid4().hex
},
{
'url': ('http://nova2-public.%s:8774/v2.0/%s'
% (endpoint, project_dict_1['id'])),
'region': 'RegionTwo',
'interface': 'public',
'id': uuid.uuid4().hex
}
]
}
# Tokens
tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
auth_token = uuid.uuid4().hex
auth_response_headers = {
'X-Subject-Token': auth_token
}
auth_response = TestResponse({
"headers": auth_response_headers
})
scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
sp_list = None
if service_providers:
test_data.sp_auth_url = 'http://service_provider_endp/identity/v3'
test_data.service_provider_id = 'k2kserviceprovider'
# The access info for the identity provider
# should return a list of service providers
sp_list = [
{'auth_url': test_data.sp_auth_url,
'id': test_data.service_provider_id,
'sp_url': 'https://k2kserviceprovider/sp_url'}
]
scoped_token_dict['token']['service_providers'] = sp_list
test_data.scoped_access_info = access.create(
resp=auth_response,
body=scoped_token_dict
)
domain_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name'],
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.domain_scoped_access_info = access.create(
resp=auth_response,
body=domain_token_dict
)
unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'catalog': [keystone_service]
}
}
if service_providers:
unscoped_token_dict['token']['service_providers'] = sp_list
test_data.unscoped_access_info = access.create(
resp=auth_response,
body=unscoped_token_dict
)
# Service Catalog
test_data.service_catalog = service_catalog.ServiceCatalogV3(
[keystone_service, nova_service])
# federated user
federated_scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [
{'id': uuid.uuid4().hex},
{'id': uuid.uuid4().hex}
]
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.federated_scoped_access_info = access.create(
resp=auth_response,
body=federated_scoped_token_dict
)
federated_unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [
{'id': uuid.uuid4().hex},
{'id': uuid.uuid4().hex}
]
}
},
'catalog': [keystone_service]
}
}
test_data.federated_unscoped_access_info = access.create(
resp=auth_response,
body=federated_unscoped_token_dict
)
return test_data
def generate_test_data():
'''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer()
keystone_service = {
'type':
'identity',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': 'http://admin.localhost:35357/v3',
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
}, {
'url': 'http://internal.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
}, {
'url': 'http://public.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
}]
}
# Domains
domain_dict = {
'id': uuid.uuid4().hex,
'name': 'domain',
'description': '',
'enabled': True
}
test_data.domain = domains.Domain(domains.DomainManager(None),
domain_dict,
loaded=True)
# Users
user_dict = {
'id': uuid.uuid4().hex,
'name': 'gabriel',
'email': '*****@*****.**',
'password': '******',
'domain_id': domain_dict['id'],
'token': '',
'enabled': True
}
test_data.user = users.User(users.UserManager(None),
user_dict,
loaded=True)
# Projects
project_dict_1 = {
'id': uuid.uuid4().hex,
'name': 'tenant_one',
'description': '',
'domain_id': domain_dict['id'],
'enabled': True
}
project_dict_2 = {
'id': uuid.uuid4().hex,
'name': 'tenant_two',
'description': '',
'domain_id': domain_dict['id'],
'enabled': False
}
test_data.project_one = projects.Project(projects.ProjectManager(None),
project_dict_1,
loaded=True)
test_data.project_two = projects.Project(projects.ProjectManager(None),
project_dict_2,
loaded=True)
# Roles
role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'}
test_data.role = roles.Role(roles.RoleManager, role_dict)
nova_service = {
'type':
'compute',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': ('http://nova-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'public',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova2-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'public',
'id':
uuid.uuid4().hex
}]
}
# Tokens
tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
auth_token = uuid.uuid4().hex
auth_response_headers = {'X-Subject-Token': auth_token}
auth_response = TestResponse({"headers": auth_response_headers})
scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.scoped_access_info = access.AccessInfo.factory(
resp=auth_response, body=scoped_token_dict)
unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'catalog': [keystone_service]
}
}
test_data.unscoped_access_info = access.AccessInfo.factory(
resp=auth_response, body=unscoped_token_dict)
# Service Catalog
test_data.service_catalog = service_catalog.ServiceCatalog.factory(
{
'methods': ['password'],
'user': {},
'catalog': [keystone_service, nova_service],
},
token=auth_token)
return test_data
self.user = None
def get_admin_role(manager):
for role in manager.list():
if role.name == "Admin":
return role
if __name__ == '__main__':
reset=False
keystone = client.Client(user_domain_name='Default',
username=os.environ['OS_USERNAME'],
password=os.environ['OS_PASSWORD'],
project_domain_name='Default',
project_name='admin',
auth_url=os.environ['OS_AUTH_URL'])
domain_manager = domains.DomainManager(keystone)
project_manager = projects.ProjectManager(keystone)
user_manager = users.UserManager(keystone)
role_manager = roles.RoleManager(keystone)
barbican_domain=BarbicanDomain(domain_manager, reset=reset)
barbican_project=BarbicanProject(project_manager, barbican_domain.domain.id, reset=reset)
barbican_user=BarbicanUser(user_manager, barbican_domain.domain.id, reset=reset)
admin_role=get_admin_role(role_manager)
role_manager.grant(admin_role.id,
user=barbican_user.user.id,
project=barbican_project.project.id)
print "Domain ID: " + barbican_domain.domain.id
print "Project ID: " + barbican_project.project.id
def generate_test_data(pki=False):
'''Builds a set of test_data data as returned by Keystone V2.'''
test_data = TestDataContainer()
keystone_service = {
'type':
'identity',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': 'http://admin.localhost:35357/v3',
'region': 'RegionOne',
'interface': 'admin',
'id': uuid.uuid4().hex,
}, {
'url': 'http://internal.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'internal',
'id': uuid.uuid4().hex
}, {
'url': 'http://public.localhost:5000/v3',
'region': 'RegionOne',
'interface': 'public',
'id': uuid.uuid4().hex
}]
}
# Domains
domain_dict = {
'id': uuid.uuid4().hex,
'name': 'domain',
'description': '',
'enabled': True
}
test_data.domain = domains.Domain(domains.DomainManager(None),
domain_dict,
loaded=True)
# Users
user_dict = {
'id': uuid.uuid4().hex,
'name': 'gabriel',
'email': '*****@*****.**',
'password': '******',
'domain_id': domain_dict['id'],
'token': '',
'enabled': True
}
test_data.user = users.User(users.UserManager(None),
user_dict,
loaded=True)
# Projects
project_dict_1 = {
'id': uuid.uuid4().hex,
'name': 'tenant_one',
'description': '',
'domain_id': domain_dict['id'],
'enabled': True
}
project_dict_2 = {
'id': uuid.uuid4().hex,
'name': 'tenant_two',
'description': '',
'domain_id': domain_dict['id'],
'enabled': False
}
test_data.project_one = projects.Project(projects.ProjectManager(None),
project_dict_1,
loaded=True)
test_data.project_two = projects.Project(projects.ProjectManager(None),
project_dict_2,
loaded=True)
# Roles
role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'}
test_data.role = roles.Role(roles.RoleManager, role_dict)
nova_service = {
'type':
'compute',
'id':
uuid.uuid4().hex,
'endpoints': [{
'url': ('http://nova-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionOne',
'interface':
'public',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-admin.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'admin',
'id':
uuid.uuid4().hex,
}, {
'url': ('http://nova2-internal.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'internal',
'id':
uuid.uuid4().hex
}, {
'url': ('http://nova2-public.localhost:8774/v2.0/%s' %
(project_dict_1['id'])),
'region':
'RegionTwo',
'interface':
'public',
'id':
uuid.uuid4().hex
}]
}
# Tokens
tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
expiration = datetime_safe.datetime.isoformat(tomorrow)
if pki:
# We don't need a real PKI token, but just the prefix to make the
# keystone client treat it as a PKI token
auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex
else:
auth_token = uuid.uuid4().hex
auth_response_headers = {'X-Subject-Token': auth_token}
auth_response = TestResponse({"headers": auth_response_headers})
scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.scoped_access_info = access.create(resp=auth_response,
body=scoped_token_dict)
domain_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name'],
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.domain_scoped_access_info = access.create(resp=auth_response,
body=domain_token_dict)
unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'catalog': [keystone_service]
}
}
test_data.unscoped_access_info = access.create(resp=auth_response,
body=unscoped_token_dict)
# Service Catalog
test_data.service_catalog = service_catalog.ServiceCatalogV3(
[keystone_service, nova_service])
# federated user
federated_scoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'project': {
'id': project_dict_1['id'],
'name': project_dict_1['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
}
},
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [{
'id': uuid.uuid4().hex
}, {
'id': uuid.uuid4().hex
}]
}
},
'roles': [role_dict],
'catalog': [keystone_service, nova_service]
}
}
test_data.federated_scoped_access_info = access.create(
resp=auth_response, body=federated_scoped_token_dict)
federated_unscoped_token_dict = {
'token': {
'methods': ['password'],
'expires_at': expiration,
'user': {
'id': user_dict['id'],
'name': user_dict['name'],
'domain': {
'id': domain_dict['id'],
'name': domain_dict['name']
},
'OS-FEDERATION': {
'identity_provider': 'ACME',
'protocol': 'OIDC',
'groups': [{
'id': uuid.uuid4().hex
}, {
'id': uuid.uuid4().hex
}]
}
},
'catalog': [keystone_service]
}
}
test_data.federated_unscoped_access_info = access.create(
resp=auth_response, body=federated_unscoped_token_dict)
return test_data
