def test_get_barbican_client(self):
# Mock out the keystone session and get the client
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc1 = acl_auth_object.get_barbican_client()
# Our returned client should be an instance of barbican_client.Client
self.assertIsInstance(bc1, barbican_client.Client)
# Getting the session again with new class should get the same object
acl_auth_object2 = barbican_acl.BarbicanACLAuth()
bc2 = acl_auth_object2.get_barbican_client()
self.assertIs(bc1, bc2)
def test_ensure_secret_access(self, mock_ksession, mock_aclm):
acl = mock.MagicMock(spec=acls.SecretACL)
mock_aclm.return_value = acl
acl_auth_object = barbican_acl.BarbicanACLAuth()
acl_auth_object.ensure_secret_access(mock.Mock(), mock.Mock())
acl.submit.assert_called_once()
def test_get_barbican_client(self):
# There should be no existing client
self.assertIsNone(keystone._SESSION)
# Mock out the keystone session and get the client
keystone._SESSION = mock.MagicMock()
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc1 = acl_auth_object.get_barbican_client()
# Our returned client should be an instance of barbican_client.Client
self.assertIsInstance(bc1, barbican_client.Client)
# Getting the session again with new class should get the same object
acl_auth_object2 = barbican_acl.BarbicanACLAuth()
bc2 = acl_auth_object2.get_barbican_client()
self.assertIs(bc1, bc2)
def test_get_barbican_client_user_auth(self, mock_ksession):
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc = acl_auth_object.get_barbican_client_user_auth(mock.Mock())
self.assertTrue(
hasattr(bc, 'containers')
and hasattr(bc.containers, 'register_consumer'))
self.assertEqual('publicURL', bc.client.interface)
self.assertEqual('RegionOne', bc.client.region_name)
def test_get_barbican_client(self):
# Mock out the keystone session and get the client
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc1 = acl_auth_object.get_barbican_client()
# Our returned object should have elements that proves it is a real
# Barbican client object. We shouldn't use `isinstance` because that's
# an evil pattern, instead we can check for very unique things in the
# stable client API like "register_consumer", since this should fairly
# reliably prove we're dealing with a Barbican client.
self.assertTrue(
hasattr(bc1, 'containers')
and hasattr(bc1.containers, 'register_consumer'))
# Getting the session again with new class should get the same object
acl_auth_object2 = barbican_acl.BarbicanACLAuth()
bc2 = acl_auth_object2.get_barbican_client()
self.assertIs(bc1, bc2)
def test_revoke_secret_access(self, mock_ksession, mock_aclm):
service_user_id = 'uuid1'
mock_ksession().get_service_user_id.return_value = service_user_id
acl = mock.MagicMock(spec=acls.SecretACL)
poacl = mock.MagicMock(spec=acls._PerOperationACL)
type(poacl).users = mock.PropertyMock(return_value=[service_user_id])
acl.get.return_value = poacl
mock_aclm.return_value = acl
acl_auth_object = barbican_acl.BarbicanACLAuth()
acl_auth_object.revoke_secret_access(mock.Mock(), mock.Mock())
acl.submit.assert_called_once()
def test_get_barbican_client_user_auth(self, mock_ksession):
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc = acl_auth_object.get_barbican_client_user_auth(mock.Mock())
self.assertTrue(
hasattr(bc, 'containers')
and hasattr(bc.containers, 'register_consumer'))