def setUp(self): super(V3UserPluginTests, self).setUp() self.service_token_id = uuid.uuid4().hex self.service_token = fixture.V3Token() s = self.service_token.add_service('identity', name='keystone') s.add_standard_endpoints(public=BASE_URI, admin=BASE_URI, internal=BASE_URI) self.configure_middleware(auth_type='v3password', auth_url='%s/v3/' % AUTH_URL, user_id=self.service_token.user_id, password=uuid.uuid4().hex, project_id=self.service_token.project_id) auth_discovery = fixture.DiscoveryList(href=AUTH_URL) self.requests_mock.get(AUTH_URL, json=auth_discovery) base_discovery = fixture.DiscoveryList(href=BASE_URI) self.requests_mock.get(BASE_URI, json=base_discovery) self.requests_mock.post( '%s/v3/auth/tokens' % AUTH_URL, headers={'X-Subject-Token': self.service_token_id}, json=self.service_token)
def setUp(self): super(V2UserPluginTests, self).setUp() self.service_token = fixture.V2Token() self.service_token.set_scope() s = self.service_token.add_service('identity', name='keystone') s.add_endpoint(public=BASE_URI, admin=BASE_URI, internal=BASE_URI) self.configure_middleware(auth_type='v2password', auth_url='%s/v2.0/' % AUTH_URL, user_id=self.service_token.user_id, password=uuid.uuid4().hex, tenant_id=self.service_token.tenant_id) auth_discovery = fixture.DiscoveryList(href=AUTH_URL, v3=False) self.requests_mock.get(AUTH_URL, json=auth_discovery) base_discovery = fixture.DiscoveryList(href=BASE_URI, v3=False) self.requests_mock.get(BASE_URI, json=base_discovery) url = '%s/v2.0/tokens' % AUTH_URL self.requests_mock.post(url, json=self.service_token)
def setUp(self): super(ShellTest, self).setUp() global _old_env _old_env, os.environ = os.environ, self.auth_env self.requests = self.useFixture(rm_fixture.Fixture()) json_list = ks_fixture.DiscoveryList(DEFAULT_UNVERSIONED_AUTH_URL) self.requests.get(DEFAULT_UNVERSIONED_AUTH_URL, json=json_list, status_code=300) json_v2 = {'version': ks_fixture.V2Discovery(DEFAULT_V2_AUTH_URL)} self.requests.get(DEFAULT_V2_AUTH_URL, json=json_v2) json_v3 = {'version': ks_fixture.V3Discovery(DEFAULT_V3_AUTH_URL)} self.requests.get(DEFAULT_V3_AUTH_URL, json=json_v3) self.v2_auth = self.requests.post(DEFAULT_V2_AUTH_URL + '/tokens', json=V2_TOKEN) headers = {'X-Subject-Token': TOKEN_ID} self.v3_auth = self.requests.post(DEFAULT_V3_AUTH_URL + '/auth/tokens', headers=headers, json=V3_TOKEN) global shell, _shell, assert_called, assert_called_anytime _shell = openstack_shell.OpenStackImagesShell() shell = lambda cmd: _shell.main(cmd.split())
def test_getting_endpoints_on_auth_interface(self): disc = fixture.DiscoveryList(href=self.BASE_URL) self.stub_url('GET', ['/'], base_url=self.BASE_URL, status_code=300, json=disc) token = fixture.V2Token() service = token.add_service(self.IDENTITY) service.add_endpoint(public=self.V2_URL, admin=self.V2_URL, internal=self.V2_URL) self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token) v2_auth = identity.V2Password(self.V2_URL, username=uuid.uuid4().hex, password=uuid.uuid4().hex) sess = session.Session(auth=v2_auth) endpoint = sess.get_endpoint(interface=plugin.AUTH_INTERFACE, version=(3, 0)) self.assertEqual(self.V3_URL, endpoint)
def test_discover_unstable_versions(self): version_list = fixture.DiscoveryList(BASE_URL, v3_status='beta') self.requests_mock.get(BASE_URL, status_code=300, json=version_list) self.assertCreatesV2(auth_url=BASE_URL) self.assertVersionNotAvailable(auth_url=BASE_URL, version=3) self.assertCreatesV3(auth_url=BASE_URL, unstable=True)
def register_keystone_auth_fixture(self, request_mocker): self.register_keystone_v2_token_fixture(request_mocker) self.register_keystone_v3_token_fixture(request_mocker) request_mocker.get(V2_URL, json=ks_fixture.V2Discovery(V2_URL)) request_mocker.get(V3_URL, json=ks_fixture.V3Discovery(V3_URL)) request_mocker.get(BASE_URL, json=ks_fixture.DiscoveryList(BASE_URL))
def setUp(self): super(CommonIdentityTests, self).setUp() self.TEST_URL = '%s%s' % (self.TEST_ROOT_URL, self.version) self.TEST_ADMIN_URL = '%s%s' % (self.TEST_ROOT_ADMIN_URL, self.version) self.TEST_DISCOVERY = fixture.DiscoveryList(href=self.TEST_ROOT_URL) self.stub_auth_data()
def test_discovery_fail_for_missing_v3(self): versions = fixture.DiscoveryList(v2=True, v3=False) self.requests_mock.get(BASE_URL, status_code=300, json=versions) # Creating Discover not using session is deprecated. with self.deprecations.expect_deprecations_here(): disc = discover.Discover(auth_url=BASE_URL) self.assertRaises(exceptions.DiscoveryFailure, disc.create_client, version=(3, 0))
def test_unknown_client_version(self): V4_VERSION = {'id': 'v4.0', 'links': [{'href': 'http://url', 'rel': 'self'}], 'media-types': V3_MEDIA_TYPES, 'status': 'stable', 'updated': UPDATED} versions = fixture.DiscoveryList() versions.add_version(V4_VERSION) self.requests_mock.get(BASE_URL, status_code=300, json=versions) # Creating Discover not using session is deprecated. with self.deprecations.expect_deprecations_here(): disc = discover.Discover(auth_url=BASE_URL) self.assertRaises(exceptions.DiscoveryFailure, disc.create_client, version=4)
def test_allow_unknown(self): status = 'abcdef' version_list = fixture.DiscoveryList(BASE_URL, v2=False, v3_status=status) self.requests_mock.get(BASE_URL, json=version_list) disc = discover.Discover(self.session, BASE_URL) versions = disc.version_data() self.assertEqual(0, len(versions)) versions = disc.version_data(allow_unknown=True) self.assertEqual(1, len(versions)) self.assertEqual(status, versions[0]['raw_status']) self.assertEqual(V3_URL, versions[0]['url']) self.assertEqual((3, 0), versions[0]['version'])
def test_allow_unknown(self): status = 'abcdef' version_list = fixture.DiscoveryList(BASE_URL, v2=False, v3_status=status) self.requests_mock.get(BASE_URL, json=version_list) # Creating Discover not using session is deprecated. with self.deprecations.expect_deprecations_here(): disc = discover.Discover(auth_url=BASE_URL) versions = disc.version_data() self.assertEqual(0, len(versions)) versions = disc.version_data(allow_unknown=True) self.assertEqual(1, len(versions)) self.assertEqual(status, versions[0]['raw_status']) self.assertEqual(V3_URL, versions[0]['url']) self.assertEqual((3, 0), versions[0]['version'])
def test_loads_v3_with_user_domain(self): auth_url = 'http://keystone.test:5000' disc = fixture.DiscoveryList(href=auth_url) sess = session.Session() self.requests_mock.get(auth_url, json=disc) plugin = generic.Password().load_from_options( auth_url=auth_url, user_id=uuid.uuid4().hex, password=uuid.uuid4().hex, project_id=uuid.uuid4().hex, user_domain_id=uuid.uuid4().hex) inner_plugin = plugin._do_create_plugin(sess) self.assertIsInstance(inner_plugin, identity.V3Password) self.assertEqual(inner_plugin.auth_url, auth_url + '/v3')
def test_end_to_end_with_generic_password(self): # List versions available for auth self.requests_mock.get( self.TEST_ROOT_URL, json=fixture.DiscoveryList(self.TEST_ROOT_URL), headers={'Content-Type': 'application/json'}) # The IdP should return a ECP wrapped assertion when requested self.requests_mock.register_uri( 'POST', self.REQUEST_ECP_URL, content=six.b(k2k_fixtures.ECP_ENVELOPE), headers={'Content-Type': 'application/vnd.paos+xml'}, status_code=200) # The SP should respond with a redirect (302 or 303) self.requests_mock.register_uri( 'POST', self.SP_URL, content=six.b(k2k_fixtures.TOKEN_BASED_ECP), headers={'Content-Type': 'application/vnd.paos+xml'}, status_code=302) # Should not follow the redirect URL, but use the auth_url attribute self.requests_mock.register_uri( 'GET', self.SP_AUTH_URL, json=k2k_fixtures.UNSCOPED_TOKEN, headers={'X-Subject-Token': k2k_fixtures.UNSCOPED_TOKEN_HEADER}) self.stub_url('POST', ['auth', 'tokens'], headers={'X-Subject-Token': uuid.uuid4().hex}, json=self.token_v3) plugin = identity.Password(self.TEST_ROOT_URL, username=self.TEST_USER, password=self.TEST_PASS, user_domain_id='default') k2kplugin = self.get_plugin(base_plugin=plugin) self.assertEqual(k2k_fixtures.UNSCOPED_TOKEN_HEADER, k2kplugin.get_token(self.session))
def test_discovering_when_version_missing(self): # need to construct list this way for relative disc = fixture.DiscoveryList(v2=False, v3=False) disc.add_v2('v2.0') self.stub_url('GET', [], base_url=self.TEST_COMPUTE_ADMIN, json=disc) a = self.create_auth_plugin() s = session.Session(auth=a) endpoint_v2 = s.get_endpoint(service_type='compute', interface='admin', version=(2, 0)) endpoint_v3 = s.get_endpoint(service_type='compute', interface='admin', version=(3, 0)) self.assertEqual(self.TEST_COMPUTE_ADMIN + '/v2.0', endpoint_v2) self.assertIsNone(endpoint_v3)
def setUp(self): super(TestInputs, self).setUp() disc = fixture.DiscoveryList(href=AUTH_URL, v2=False) self.service_type = uuid.uuid4().hex self.service_id = uuid.uuid4().hex self.service_name = uuid.uuid4().hex self.user_id = uuid.uuid4().hex self.username = uuid.uuid4().hex self.project_id = uuid.uuid4().hex self.project_name = uuid.uuid4().hex self.token = fixture.V3Token(user_id=self.user_id, user_name=self.username, project_id=self.project_id, project_name=self.project_name) self.token.add_role() self.token.add_role() self.token_id = uuid.uuid4().hex service = self.token.add_service(self.service_type, id=self.service_id, name=self.service_name) service.add_standard_endpoints(public=PUBLIC_SERVICE_URL, admin=ADMIN_SERVICE_URL, internal=INTERNAL_SERVICE_URL, region=SERVICE_REGION) self.requests_mock.get(AUTH_URL, json=disc, status_code=300) self.auth_mock = self.requests_mock.post( AUTH_URL + '/v3/auth/tokens', json=self.token, headers={'X-Subject-Token': self.token_id}) # don't do any console formatting markup m = fixtures.MockPatchObject(shell, 'formatter_name', 'text') self.useFixture(m)
def test_discovering_with_relative_anchored_link(self): # need to construct list this way for relative disc = fixture.DiscoveryList(v2=False, v3=False) disc.add_v2('/v2.0') disc.add_v3('/v3') self.stub_url('GET', [], base_url=self.TEST_COMPUTE_ADMIN, json=disc) a = self.create_auth_plugin() s = session.Session(auth=a) endpoint_v2 = s.get_endpoint(service_type='compute', interface='admin', version=(2, 0)) endpoint_v3 = s.get_endpoint(service_type='compute', interface='admin', version=(3, 0)) # by the nature of urljoin a relative link with a /path gets joined # back to the root. self.assertEqual(self.TEST_COMPUTE_BASE + '/v2.0', endpoint_v2) self.assertEqual(self.TEST_COMPUTE_BASE + '/v3', endpoint_v3)
def test_discovering_with_protocol_relative(self): # strip up to and including the : leaving //host/path path = self.TEST_COMPUTE_ADMIN[self.TEST_COMPUTE_ADMIN.find(':') + 1:] disc = fixture.DiscoveryList(v2=False, v3=False) disc.add_v2(path + '/v2.0') disc.add_v3(path + '/v3') self.stub_url('GET', [], base_url=self.TEST_COMPUTE_ADMIN, json=disc) a = self.create_auth_plugin() s = session.Session(auth=a) endpoint_v2 = s.get_endpoint(service_type='compute', interface='admin', version=(2, 0)) endpoint_v3 = s.get_endpoint(service_type='compute', interface='admin', version=(3, 0)) # ensures that the http is carried over from the lookup url self.assertEqual(self.TEST_COMPUTE_ADMIN + '/v2.0', endpoint_v2) self.assertEqual(self.TEST_COMPUTE_ADMIN + '/v3', endpoint_v3)
def stub_discovery(self, base_url=None, **kwargs): kwargs.setdefault('href', self.TEST_URL) disc = fixture.DiscoveryList(**kwargs) self.stub_url('GET', json=disc, base_url=base_url, status_code=300) return disc
def test_lesser_version_than_required(self): versions = fixture.DiscoveryList(BASE_URL, v3_id='v3.4') self.requests_mock.get(BASE_URL, json=versions) self.assertVersionNotAvailable(auth_url=BASE_URL, version=(3, 6))
def test_greater_version_than_required(self): versions = fixture.DiscoveryList(BASE_URL, v3_id='v3.6') self.requests_mock.get(BASE_URL, json=versions) self.assertCreatesV3(auth_url=BASE_URL, version=(3, 4))
TEST_RESPONSE_DICT = fixture.V2Token(token_id=AUTH_TOKEN, user_name=USERNAME) _s = TEST_RESPONSE_DICT.add_service('identity', name='keystone') _s.add_endpoint(AUTH_URL + ':5000/v2.0') _s = TEST_RESPONSE_DICT.add_service('network', name='neutron') _s.add_endpoint(AUTH_URL + ':9696') _s = TEST_RESPONSE_DICT.add_service('compute', name='nova') _s.add_endpoint(AUTH_URL + ':8774/v2') _s = TEST_RESPONSE_DICT.add_service('image', name='glance') _s.add_endpoint(AUTH_URL + ':9292') _s = TEST_RESPONSE_DICT.add_service('object', name='swift') _s.add_endpoint(AUTH_URL + ':8080/v1') TEST_RESPONSE_DICT_V3 = fixture.V3Token(user_name=USERNAME) TEST_RESPONSE_DICT_V3.set_project_scope() TEST_VERSIONS = fixture.DiscoveryList(href=AUTH_URL) class FakeStdout(object): def __init__(self): self.content = [] def write(self, text): self.content.append(text) def make_string(self): result = '' for line in self.content: result = result + line return result
def test_setting_no_discover_hack(self): v2_disc = fixture.V2Discovery(self.V2_URL) common_disc = fixture.DiscoveryList(href=self.BASE_URL) v2_m = self.stub_url('GET', ['v2.0'], base_url=self.BASE_URL, status_code=200, json=v2_disc) common_m = self.stub_url('GET', [], base_url=self.BASE_URL, status_code=300, json=common_disc) resp_text = uuid.uuid4().hex resp_m = self.stub_url('GET', ['v3', 'path'], base_url=self.BASE_URL, status_code=200, text=resp_text) # it doesn't matter that we auth with v2 here, discovery hack is in # base. All identity endpoints point to v2 urls. token = fixture.V2Token() service = token.add_service(self.IDENTITY) service.add_endpoint(public=self.V2_URL, admin=self.V2_URL, internal=self.V2_URL) self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token) v2_auth = identity.V2Password(self.V2_URL, username=uuid.uuid4().hex, password=uuid.uuid4().hex) sess = session.Session(auth=v2_auth) # v2 auth with v2 url doesn't make any discovery calls. self.assertFalse(v2_m.called) self.assertFalse(common_m.called) # v3 endpoint with hack will strip v2 suffix and call root discovery endpoint = sess.get_endpoint(service_type=self.IDENTITY, version=(3, 0), allow_version_hack=True) # got v3 url self.assertEqual(self.V3_URL, endpoint) # only called root discovery. self.assertFalse(v2_m.called) self.assertTrue(common_m.called_once) # with hack turned off it calls v2 discovery and finds nothing endpoint = sess.get_endpoint(service_type=self.IDENTITY, version=(3, 0), allow_version_hack=False) self.assertIsNone(endpoint) # this one called v2 self.assertTrue(v2_m.called_once) self.assertTrue(common_m.called_once) # get_endpoint returning None raises EndpointNotFound when requesting self.assertRaises(exceptions.EndpointNotFound, sess.get, '/path', endpoint_filter={ 'service_type': 'identity', 'version': (3, 0), 'allow_version_hack': False }) self.assertFalse(resp_m.called) # works when allow_version_hack is set resp = sess.get('/path', endpoint_filter={ 'service_type': 'identity', 'version': (3, 0), 'allow_version_hack': True }) self.assertTrue(resp_m.called_once) self.assertEqual(resp_text, resp.text)