def test_middleware_ext_context_except_unauthorized(self):
middleware = ext_context.ExternalContextMiddleware(None)
middleware.get_keystone_token = mock.MagicMock(
side_effect=exceptions.Unauthorized(''))
auth = 'Basic {}'.format(base64.encode_as_text(b'test:test'))
request_headers = {
'Authorization': auth,
}
request = webob.Request.blank('/environments', headers=request_headers)
self.assertRaises(webob.exc.HTTPUnauthorized,
middleware.process_request, request)
def test_invalid_auth(self, get):
"""Test failure when wrong credentials are specified or service user
doesn't exist.
Replicate in devstack: start devstack with or without
placement engine, specify random credentials in auth section
from the [placement] block in nova.conf.
"""
get.side_effect = ks_exc.Unauthorized()
res = self.cmd._check_placement()
self.assertEqual(status.UpgradeCheckCode.FAILURE, res.code)
self.assertIn('Placement service credentials do not work', res.details)
def test_request_with_bad_credentials(self, mock_password):
mock_password.side_effect = keystone_exc.Unauthorized(401)
req = webob.Request.blank('/tenant_id1/')
req.headers['X_AUTH_USER'] = '******'
req.headers['X_AUTH_KEY'] = 'badpassword'
req.headers['X_AUTH_URL'] = self.config['auth_uri']
req.headers['X_USER_DOMAIN_ID'] = 'domain1'
self.middleware(req.environ, self._start_fake_response)
self.assertEqual(401, self.response_status)
mock_password.assert_called_once_with(auth_url=self.config['auth_uri'],
password='******',
project_id='tenant_id1',
user_domain_id='domain1',
username='******')
def test_unauthorized(self, req):
"""Test Unauthorized handled correctly.
An unauthorized configuration should permanently disable the
client. And make future calls to it not happen.
"""
req.side_effect = ks_exc.Unauthorized()
self.client._get_resource_provider("fake")
self.assertTrue(self.client._disabled)
# reset the call count to demonstrate that future calls don't
# work
req.reset_mock()
self.client._get_resource_provider("fake")
req.assert_not_called()
def test_invalid_credentials(self, mock_get_access):
user = self.data.user
form_data = self.get_form_data(user)
form_data['password'] = "******"
url = reverse('login')
mock_get_access.side_effect = keystone_exceptions.Unauthorized(401)
# GET the page to set the test cookie.
response = self.client.get(url, form_data)
self.assertEqual(response.status_code, 200)
# POST to the page to log in.
response = self.client.post(url, form_data)
self.assertTemplateUsed(response, 'auth/login.html')
self.assertContains(response, "Invalid credentials.")
mock_get_access.assert_called_once_with(IsA(session.Session))
def test_request_with_bad_credentials(self):
self.m.StubOutWithMock(ks_auth, 'Password')
m = ks_auth.Password(auth_url=self.config['auth_uri'],
password='******',
project_id='tenant_id1',
user_domain_id='domain1',
username='******')
m.AndRaise(keystone_exc.Unauthorized(401))
self.m.ReplayAll()
req = webob.Request.blank('/tenant_id1/')
req.headers['X_AUTH_USER'] = '******'
req.headers['X_AUTH_KEY'] = 'badpassword'
req.headers['X_AUTH_URL'] = self.config['auth_uri']
req.headers['X_USER_DOMAIN_ID'] = 'domain1'
self.middleware(req.environ, self._start_fake_response)
self.m.VerifyAll()
self.assertEqual(401, self.response_status)
def test_invalid_credentials(self):
user = self.data.user
form_data = self.get_form_data(user)
form_data['password'] = "******"
exc = keystone_exceptions.Unauthorized(401)
self._mock_client_password_auth_failure(user.name, "invalid", exc)
self.mox.ReplayAll()
url = reverse('login')
# GET the page to set the test cookie.
response = self.client.get(url, form_data)
self.assertEqual(response.status_code, 200)
# POST to the page to log in.
response = self.client.post(url, form_data)
self.assertTemplateUsed(response, 'auth/login.html')
self.assertContains(response, "Invalid credentials.")
def test_run_discovery_auth(self):
url = 'https://example.com'
headers = {'Accept': 'application/json'}
session = mock.Mock()
session.get.side_effect = [
exceptions.Unauthorized('unauthorized'),
# Throw a different exception the second time so that we can
# catch it in the test and verify the retry.
exceptions.BadRequest('bad request'),
]
try:
discover.get_version_data(session, url)
except exceptions.BadRequest:
pass
# Only one call with 'url'
self.assertEqual(2, session.get.call_count)
session.get.assert_has_calls([
mock.call(url, headers=headers, authenticated=None),
mock.call(url, headers=headers, authenticated=True),
])
def test_authentication_failed_exception(self):
from keystoneauth1 import exceptions as ks_exc
original_e = KeyError("Oops")
e = osclients.AuthenticationFailed(url="https://example.com",
username="******",
project="project",
error=original_e)
self.assertEqual(
"Failed to authenticate to https://example.com for user 'foo' in "
"project 'project': [KeyError] 'Oops'", e.format_message())
original_e = ks_exc.Unauthorized(
"The request you have made requires "
"authentication.",
request_id="ID")
e = osclients.AuthenticationFailed(url="https://example.com",
username="******",
project="project",
error=original_e)
self.assertEqual(
"Failed to authenticate to https://example.com for user 'foo' in "
"project 'project': The request you have made requires "
"authentication.", e.format_message())
original_e = ks_exc.ConnectionError("Some user-friendly native error")
e = osclients.AuthenticationFailed(url="https://example.com",
username="******",
project="project",
error=original_e)
self.assertEqual("Some user-friendly native error", e.format_message())
original_e = ks_exc.ConnectionError(
"Unable to establish connection to https://example.com:500: "
"HTTPSConnectionPool(host='example.com', port=500): Max retries "
"exceeded with url: / (Caused by NewConnectionError('<urllib3."
"connection.VerifiedHTTPSConnection object at 0x7fb87a48e510>: "
"Failed to establish a new connection: [Errno 101] Network "
"is unreachable")
e = osclients.AuthenticationFailed(url="https://example.com",
username="******",
project="project",
error=original_e)
self.assertEqual(
"Unable to establish connection to https://example.com:500",
e.format_message())
original_e = ks_exc.ConnectionError(
"Unable to establish connection to https://example.com:500: "
# another pool class
"HTTPConnectionPool(host='example.com', port=500): Max retries "
"exceeded with url: / (Caused by NewConnectionError('<urllib3."
"connection.VerifiedHTTPSConnection object at 0x7fb87a48e510>: "
"Failed to establish a new connection: [Errno 101] Network "
"is unreachable")
e = osclients.AuthenticationFailed(url="https://example.com",
username="******",
project="project",
error=original_e)
self.assertEqual(
"Unable to establish connection to https://example.com:500",
e.format_message())
