def test_api_error_log_no_password(check, instance, caplog):
with caplog.at_level(logging.DEBUG):
with pytest.raises(KeystoneUnreachable):
with mock.patch(
'datadog_checks.base.utils.http.requests.post') as req:
req.side_effect = HTTPError(mock.Mock(status=404), 'not found')
check._api = SimpleApi(check.log,
instance.get("keystone_server_url"),
check.http)
identity = Authenticator._get_user_identity(
instance.get("user"))
Authenticator._post_auth_token(
check._api.logger, instance.get("keystone_server_url"),
identity, check.http)
expected_pass = "******"
for _, level, message in caplog.record_tuples:
# make sure password is hidden and actual password is not in the log
if level == logging.DEBUG and expected_pass in message and instance.get(
"user").get("password") not in message:
break
else:
raise AssertionError(
'Expected DEBUG log with message `{}`'.format(expected_pass))
def test_get_user_identity():
authenticator = Authenticator()
for user in BAD_USERS:
_test_bad_user(user)
for user in GOOD_USERS:
parsed_user = authenticator._get_user_identity(user['user'])
assert parsed_user == {'methods': ['password'], 'password': user}
def test_from_config_with_missing_id():
mock_http_response = copy.deepcopy(common.EXAMPLE_AUTH_RESPONSE)
mock_response = MockHTTPResponse(response_dict=mock_http_response, headers={'X-Subject-Token': 'fake_token'})
project_response_without_name = copy.deepcopy(PROJECT_RESPONSE)
del project_response_without_name[0]["id"]
with mock.patch('datadog_checks.openstack_controller.api.Authenticator._post_auth_token',
return_value=mock_response):
with mock.patch('datadog_checks.openstack_controller.api.Authenticator._get_auth_projects',
return_value=project_response_without_name):
cred = Authenticator.from_config(log, 'http://10.0.2.15:5000', GOOD_USERS[0]['user'])
assert cred is None
def test_from_config():
mock_http_response = copy.deepcopy(common.EXAMPLE_AUTH_RESPONSE)
mock_response = MockHTTPResponse(response_dict=mock_http_response, headers={'X-Subject-Token': 'fake_token'})
with mock.patch('datadog_checks.openstack_controller.api.Authenticator._post_auth_token',
return_value=mock_response):
with mock.patch('datadog_checks.openstack_controller.api.Authenticator._get_auth_projects',
return_value=PROJECTS_RESPONSE):
cred = Authenticator.from_config(log, 'http://10.0.2.15:5000', GOOD_USERS[0]['user'])
assert isinstance(cred, Credential)
assert cred.auth_token == "fake_token"
assert cred.name == "name 2"
assert cred.domain_id == "3333"
assert cred.tenant_id == "2222"
assert cred.nova_endpoint == "http://10.0.2.15:8774/v2.1/0850707581fe4d738221a72db0182876"
assert cred.neutron_endpoint == "http://10.0.2.15:9292"
def test_get_endpoint():
authenticator = Authenticator()
assert (authenticator._get_nova_endpoint(common.EXAMPLE_AUTH_RESPONSE) ==
u'http://10.0.2.15:8774/v2.1/0850707581fe4d738221a72db0182876')
with pytest.raises(MissingNovaEndpoint):
authenticator._get_nova_endpoint({})
assert authenticator._get_neutron_endpoint(
common.EXAMPLE_AUTH_RESPONSE) == u'http://10.0.2.15:9292'
with pytest.raises(MissingNeutronEndpoint):
authenticator._get_neutron_endpoint({})
assert authenticator._get_valid_endpoint({}, None, None) is None
assert authenticator._get_valid_endpoint({'token': {}}, None, None) is None
assert authenticator._get_valid_endpoint({'token': {
"catalog": []
}}, None, None) is None
assert authenticator._get_valid_endpoint({'token': {
"catalog": []
}}, None, None) is None
assert authenticator._get_valid_endpoint({'token': {
"catalog": [{}]
}}, None, None) is None
assert (authenticator._get_valid_endpoint(
{'token': {
"catalog": [{
u'type': u'compute',
u'name': u'nova'
}]
}}, None, None) is None)
assert (authenticator._get_valid_endpoint(
{
'token': {
"catalog": [{
u'endpoints': [],
u'type': u'compute',
u'name': u'nova'
}]
}
}, None, None) is None)
assert (authenticator._get_valid_endpoint(
{
'token': {
"catalog": [{
u'endpoints': [{}],
u'type': u'compute',
u'name': u'nova'
}]
}
}, 'nova', 'compute') is None)
assert (authenticator._get_valid_endpoint(
{
'token': {
"catalog":
[{
u'endpoints': [{
u'url': u'dummy_url',
u'interface': u'dummy'
}],
u'type': u'compute',
u'name': u'nova',
}]
}
},
'nova',
'compute',
) is None)
assert (authenticator._get_valid_endpoint(
{
'token': {
"catalog": [{
u'endpoints': [{
u'url': u'dummy_url'
}],
u'type': u'compute',
u'name': u'nova'
}]
}
},
'nova',
'compute',
) is None)
assert (authenticator._get_valid_endpoint(
{
'token': {
"catalog": [{
u'endpoints': [{
u'interface': u'public'
}],
u'type': u'compute',
u'name': u'nova'
}]
}
},
'nova',
'compute',
) is None)
assert (authenticator._get_valid_endpoint(
{
'token': {
"catalog": [{
u'endpoints': [{
u'url': u'dummy_url',
u'interface': u'internal'
}],
u'type':
u'compute',
u'name':
u'nova',
}]
}
},
'nova',
'compute',
) == 'dummy_url')
def _test_bad_user(user):
authenticator = Authenticator()
with pytest.raises(IncompleteIdentity):
authenticator._get_user_identity(user['user'])