def __call__(self, req):
if 'X-Auth-Token' not in req.headers:
user_id = req.headers.get('X-Auth-User', 'admin')
project_id = req.headers.get('X-Auth-Project-Id', 'admin')
os_url = os.path.join(req.url, project_id)
res = webob.Response()
# NOTE(vish): This is expecting and returning Auth(1.1), whereas
# keystone uses 2.0 auth. We should probably allow
# 2.0 auth here as well.
res.headers['X-Auth-Token'] = '%s:%s' % (user_id, project_id)
res.headers['X-Server-Management-Url'] = os_url
res.content_type = 'text/plain'
res.status = '204'
return res
token = req.headers['X-Auth-Token']
user_id, _sep, project_id = token.partition(':')
project_id = project_id or user_id
remote_address = getattr(req, 'remote_address', '127.0.0.1')
if CONF.use_forwarded_for:
remote_address = req.headers.get('X-Forwarded-For', remote_address)
ctx = context.RequestContext(user_id,
project_id,
is_admin=True,
remote_address=remote_address)
req.environ['karbor.context'] = ctx
return self.application
def test_user_identity(self):
ctx = context.RequestContext("user",
"tenant",
domain="domain",
user_domain="user-domain",
project_domain="project-domain")
self.assertEqual('user tenant domain user-domain project-domain',
ctx.to_dict()["user_identity"])
def test_ignore_case_role_check(self):
lowercase_action = "test:lowercase_admin"
uppercase_action = "test:uppercase_admin"
admin_context = context.RequestContext('admin',
'fake',
roles=['AdMiN'])
policy.authorize(admin_context, lowercase_action, self.target)
policy.authorize(admin_context, uppercase_action, self.target)
def setUp(self):
super(BaseObjectsTestCase, self).setUp()
self.user_id = 'fake-user'
self.project_id = 'fake-project'
self.context = context.RequestContext(self.user_id, self.project_id,
is_admin=False)
# We only test local right now.
self.assertIsNone(obj_base.KarborObject.indirection_api)
def setUp(self):
super(UserTrustManagerTestCase, self).setUp()
self._user_id = '123'
self._project_id = '456'
self._ctx = context.RequestContext(user_id=self._user_id,
project_id=self._project_id)
self._manager = user_trust_manager.UserTrustManager()
self._manager._skp = FakeSKP()
def test_request_context_read_deleted_invalid(self):
self.assertRaises(ValueError,
context.RequestContext,
'111',
'222',
read_deleted=True)
ctxt = context.RequestContext('111', '222')
self.assertRaises(ValueError, setattr, ctxt, 'read_deleted', True)
def test_request_context_elevated(self):
user_context = context.RequestContext('fake_user',
'fake_project',
is_admin=False)
self.assertFalse(user_context.is_admin)
admin_context = user_context.elevated()
self.assertFalse(user_context.is_admin)
self.assertTrue(admin_context.is_admin)
self.assertNotIn('admin', user_context.roles)
self.assertIn('admin', admin_context.roles)
def setUp(self):
super(UserTrustManagerTestCase, self).setUp()
self._user_id = '123'
self._project_id = '456'
self._ctx = context.RequestContext(user_id=self._user_id,
project_id=self._project_id)
with mock.patch.object(karbor_keystone_plugin.KarborKeystonePlugin,
'_do_init'):
self._manager = user_trust_manager.UserTrustManager()
self._manager._skp = FakeSKP()
def __call__(self, req):
headers = req.headers
environ = req.environ
user_id = headers.get('X_USER_ID') or headers.get('X_USER')
if user_id is None:
LOG.debug("Neither X_USER_ID nor X_USER found in request")
return webob.exc.HTTPUnauthorized()
# get the roles
roles = [r.strip() for r in headers.get('X_ROLE', '').split(',')]
if 'X_TENANT_ID' in headers:
# This is the new header since Keystone went to ID/Name
project_id = headers['X_TENANT_ID']
else:
# This is for legacy compatibility
project_id = headers['X_TENANT']
project_name = headers.get('X_TENANT_NAME')
req_id = environ.get(request_id.ENV_REQUEST_ID)
# Get the auth token
auth_token = headers.get('X_AUTH_TOKEN',
headers.get('X_STORAGE_TOKEN'))
# Build a context, including the auth_token...
remote_address = req.remote_addr
auth_token_info = environ.get('keystone.token_info')
service_catalog = None
if headers.get('X_SERVICE_CATALOG') is not None:
try:
catalog_header = headers.get('X_SERVICE_CATALOG')
service_catalog = jsonutils.loads(catalog_header)
except ValueError:
raise webob.exc.HTTPInternalServerError(
explanation=_('Invalid service catalog json.'))
if CONF.use_forwarded_for:
remote_address = headers.get('X-Forwarded-For', remote_address)
ctx = context.RequestContext(user_id,
project_id,
project_name=project_name,
roles=roles,
auth_token=auth_token,
remote_address=remote_address,
service_catalog=service_catalog,
request_id=req_id,
auth_token_info=auth_token_info)
environ['karbor.context'] = ctx
return self.application
def setUp(self):
super(TriggerApiTest, self).setUp()
self.controller = trigger_api.TriggersController()
self.controller.operationengine_api = FakeRemoteOperationApi()
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
self.req = fakes.HTTPRequest.blank('/v1/triggers')
self.default_create_trigger_param = {
"name": "123",
"type": "time",
"properties": {
"format": "crontab",
"pattern": "* * * * *"
},
}
def test_service_catalog_nova_and_swift(self):
service_catalog = [{
u'type': u'compute',
u'name': u'nova'
}, {
u'type': u's3',
u'name': u's3'
}, {
u'type': u'image',
u'name': u'glance'
}, {
u'type': u'volume',
u'name': u'cinder'
}, {
u'type': u'ec2',
u'name': u'ec2'
}, {
u'type': u'object-store',
u'name': u'swift'
}, {
u'type': u'identity',
u'name': u'keystone'
}, {
u'type': None,
u'name': u'S_withtypeNone'
}, {
u'type': u'co',
u'name': u'S_partofcompute'
}]
compute_catalog = [{u'type': u'compute', u'name': u'nova'}]
object_catalog = [{u'name': u'swift', u'type': u'object-store'}]
ctxt = context.RequestContext('111',
'222',
service_catalog=service_catalog)
self.assertEqual(5, len(ctxt.service_catalog))
return_compute = [
v for v in ctxt.service_catalog if v['type'] == u'compute'
]
return_object = [
v for v in ctxt.service_catalog if v['type'] == u'object-store'
]
self.assertEqual(compute_catalog, return_compute)
self.assertEqual(object_catalog, return_object)
def setUp(self):
super(PolicyTestCase, self).setUp()
rules = [
oslo_policy.RuleDefault("true", '@'),
oslo_policy.RuleDefault("test:allowed", '@'),
oslo_policy.RuleDefault("test:denied", "!"),
oslo_policy.RuleDefault(
"test:my_file", "role:compute_admin or "
"project_id:%(project_id)s"),
oslo_policy.RuleDefault("test:early_and_fail", "! and @"),
oslo_policy.RuleDefault("test:early_or_success", "@ or !"),
oslo_policy.RuleDefault("test:lowercase_admin", "role:admin"),
oslo_policy.RuleDefault("test:uppercase_admin", "role:ADMIN"),
]
policy.reset()
policy.init()
# before a policy rule can be used, its default has to be registered.
policy._ENFORCER.register_defaults(rules)
self.context = context.RequestContext('fake', 'fake', roles=['member'])
self.target = {}
self.addCleanup(policy.reset)
def setUp(self):
super(ScheduledOperationApiTest, self).setUp()
self.remote_operation_api = FakeRemoteOperationApi()
self.controller = operation_api.ScheduledOperationController()
self.controller.operationengine_api = self.remote_operation_api
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
self.req = fakes.HTTPRequest.blank('/v1/scheduled_operations')
trigger = self._create_trigger()
self._plan = self._create_plan(uuidutils.generate_uuid())
self.default_create_operation_param = {
"name": "123",
"description": "123",
"operation_type": "protect",
"trigger_id": trigger['trigger_info']['id'],
"operation_definition": {
"plan_id": self._plan['id'],
"provider_id": self._plan['provider_id']
},
}
def setUp(self):
super(TriggerTestCase, self).setUp()
self.ctxt = context.RequestContext(user_id='user_id',
project_id='project_id')
def setUp(self):
super(QuotaApiTest, self).setUp()
self.controller = quotas.QuotasController()
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self):
super(ProvidersApiTest, self).setUp()
self.controller = providers.ProvidersController()
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self):
super(RestoreApiTest, self).setUp()
self.controller = restores.RestoresController()
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self):
super(VerificationApiTest, self).setUp()
self.controller = verifications.VerificationsController()
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self):
super(CopiesApiTest, self).setUp()
self.controller = copies.CopiesController()
self.ctxt = context.RequestContext('demo', DEFAULT_PROJECT_ID, True)
def setUp(self):
super(OperationLogTest, self).setUp()
self.controller = operation_logs.OperationLogsController()
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self):
super(ServicesDbTestCase, self).setUp()
self.ctxt = context.RequestContext(user_id='user_id',
project_id='project_id',
is_admin=True)
def setUp(self):
super(ScheduledOperationStateTestCase, self).setUp()
self.ctxt = context.RequestContext(user_id='user_id',
project_id='project_id')
def test_request_context_read_deleted(self):
ctxt = context.RequestContext('111', '222', read_deleted='yes')
self.assertEqual('yes', ctxt.read_deleted)
ctxt.read_deleted = 'no'
self.assertEqual('no', ctxt.read_deleted)
def setUp(self):
super(PlanApiTest, self).setUp()
self.controller = plans.PlansController()
self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self):
super(PlanApiTest, self).setUp()
self.controller = plans.PlansController()
self.ctxt = context.RequestContext('demo', DEFAULT_PROJECT_ID, True)
def setUp(self):
super(ProtectablesApiTest, self).setUp()
self.controller = protectables.ProtectablesController()
self.ctxt = context.RequestContext('admin', 'fakeproject', True)
def test_request_context_sets_is_admin_upcase(self):
ctxt = context.RequestContext('111', '222', roles=['Admin', 'weasel'])
self.assertTrue(ctxt.is_admin)
