def test_version_data_override_version_url(self):
# if the request url is versioned already, just return it.
self.requests_mock.get(
V3_URL,
status_code=200,
json={
'version': fixture.V3Discovery('http://override/identity/v3')
})
disc = discover.Discover(self.session, V3_URL)
version_data = disc.version_data()
for v in version_data:
self.assertEqual(v['version'], (3, 0))
self.assertEqual(v['status'], discover.Status.CURRENT)
self.assertEqual(v['raw_status'], 'stable')
self.assertEqual(v['url'], V3_URL)
# if the request url is not versioned, just add version info to it.(
# do not changed the url's netloc or path)
self.requests_mock.get(
BASE_URL,
status_code=200,
json={
'version': fixture.V3Discovery('http://override/identity/v3')
})
disc = discover.Discover(self.session, BASE_URL)
version_data = disc.version_data()
for v in version_data:
self.assertEqual(v['version'], (3, 0))
self.assertEqual(v['status'], discover.Status.CURRENT)
self.assertEqual(v['raw_status'], 'stable')
self.assertEqual(v['url'], V3_URL)
def register_keystone_discovery_fixture(self, mreq):
v3_url = "http://no.where/v3"
v3_version = fixture.V3Discovery(v3_url)
mreq.register_uri('GET',
v3_url,
json=_create_ver_list([v3_version]),
status_code=200)
def register_keystone_auth_fixture(self, request_mocker):
self.register_keystone_v2_token_fixture(request_mocker)
self.register_keystone_v3_token_fixture(request_mocker)
request_mocker.get(V2_URL, json=ks_fixture.V2Discovery(V2_URL))
request_mocker.get(V3_URL, json=ks_fixture.V3Discovery(V3_URL))
request_mocker.get(BASE_URL, json=ks_fixture.DiscoveryList(BASE_URL))
def new_client(self):
t = fixture.V3Token(user_id=self.user_id)
t.set_project_scope()
s = t.add_service('identity')
s.add_standard_endpoints(public=self.TEST_URL,
admin=self.TEST_URL)
d = fixture.V3Discovery(self.TEST_URL)
headers = {'X-Subject-Token': uuid.uuid4().hex}
self.requests.register_uri('POST',
self.TEST_URL + '/auth/tokens',
headers=headers,
json=t)
self.requests.register_uri('GET', self.TEST_URL, json={'version': d})
with self.deprecations.expect_deprecations_here():
a = ksc_identity.V3Password(username=uuid.uuid4().hex,
password=uuid.uuid4().hex,
user_domain_id=uuid.uuid4().hex,
auth_url=self.TEST_URL)
s = ksc_session.Session(auth=a)
return v3_client.Client(session=s)
def _mock_k2k_flow_urls(self, redirect_code=302):
# List versions available for auth
self.requests_mock.get(
self.TEST_URL,
json={'version': fixture.V3Discovery(self.TEST_URL)},
headers={'Content-Type': 'application/json'})
# The IdP should return a ECP wrapped assertion when requested
self.requests_mock.register_uri(
'POST',
self.REQUEST_ECP_URL,
content=six.b(k2k_fixtures.ECP_ENVELOPE),
headers={'Content-Type': 'application/vnd.paos+xml'},
status_code=200)
# The SP should respond with a redirect (302 or 303)
self.requests_mock.register_uri(
'POST',
self.SP_URL,
content=six.b(k2k_fixtures.TOKEN_BASED_ECP),
headers={'Content-Type': 'application/vnd.paos+xml'},
status_code=redirect_code)
# Should not follow the redirect URL, but use the auth_url attribute
self.requests_mock.register_uri(
'GET',
self.SP_AUTH_URL,
json=k2k_fixtures.UNSCOPED_TOKEN,
headers={'X-Subject-Token': k2k_fixtures.UNSCOPED_TOKEN_HEADER})
def setUp(self):
super(V3IdentityPlugin, self).setUp()
self.TEST_DISCOVERY_RESPONSE = {
'versions': {'values': [fixture.V3Discovery(self.TEST_URL)]}}
self.TEST_RESPONSE_DICT = {
"token": {
"methods": [
"token",
"password"
],
"expires_at": "2020-01-01T00:00:10.000123Z",
"project": {
"domain": {
"id": self.TEST_DOMAIN_ID,
"name": self.TEST_DOMAIN_NAME
},
"id": self.TEST_TENANT_ID,
"name": self.TEST_TENANT_NAME
},
"user": {
"domain": {
"id": self.TEST_DOMAIN_ID,
"name": self.TEST_DOMAIN_NAME
},
"id": self.TEST_USER,
"name": self.TEST_USER
},
"issued_at": "2013-05-29T16:55:21.468960Z",
"catalog": self.TEST_SERVICE_CATALOG,
"service_providers": self.TEST_SERVICE_PROVIDERS
},
}
self.TEST_PROJECTS_RESPONSE = {
"projects": [
{
"domain_id": "1789d1",
"enabled": "True",
"id": "263fd9",
"links": {
"self": "https://identity:5000/v3/projects/263fd9"
},
"name": "Dev Group A"
},
{
"domain_id": "1789d1",
"enabled": "True",
"id": "e56ad3",
"links": {
"self": "https://identity:5000/v3/projects/e56ad3"
},
"name": "Dev Group B"
}
],
"links": {
"self": "https://identity:5000/v3/projects",
}
}
def _mock_k2k_flow_urls(self):
# We need to check the auth versions available
self.requests_mock.get(
self.TEST_URL,
json={'version': auth_fixture.V3Discovery(self.TEST_URL)},
headers={'Content-Type': 'application/json'})
# The identity provider receives a request for an ECP wrapped
# assertion. This assertion contains the user authentication info
# and will be presented to the service provider
self.requests_mock.register_uri(
'POST',
self.REQUEST_ECP_URL,
content=six.b(k2k_fixtures.ECP_ENVELOPE),
headers={'Content-Type': 'application/vnd.paos+xml'},
status_code=200)
# The service provider is presented with the ECP wrapped assertion
# generated by the identity provider and should return a redirect
# (302 or 303) upon successful authentication
self.requests_mock.register_uri(
'POST',
self.SP_URL,
content=six.b(k2k_fixtures.TOKEN_BASED_ECP),
headers={'Content-Type': 'application/vnd.paos+xml'},
status_code=302)
# Should not follow the redirect URL, but use the auth_url attribute
self.requests_mock.register_uri(
'GET',
self.SP_AUTH_URL,
json=k2k_fixtures.UNSCOPED_TOKEN,
headers={'X-Subject-Token': k2k_fixtures.UNSCOPED_TOKEN_HEADER})
def setUp(self):
super(ShellTest, self).setUp()
global _old_env
_old_env, os.environ = os.environ, self.auth_env
self.requests = self.useFixture(rm_fixture.Fixture())
json_list = ks_fixture.DiscoveryList(DEFAULT_UNVERSIONED_AUTH_URL)
self.requests.get(DEFAULT_UNVERSIONED_AUTH_URL,
json=json_list,
status_code=300)
json_v2 = {'version': ks_fixture.V2Discovery(DEFAULT_V2_AUTH_URL)}
self.requests.get(DEFAULT_V2_AUTH_URL, json=json_v2)
json_v3 = {'version': ks_fixture.V3Discovery(DEFAULT_V3_AUTH_URL)}
self.requests.get(DEFAULT_V3_AUTH_URL, json=json_v3)
self.v2_auth = self.requests.post(DEFAULT_V2_AUTH_URL + '/tokens',
json=V2_TOKEN)
headers = {'X-Subject-Token': TOKEN_ID}
self.v3_auth = self.requests.post(DEFAULT_V3_AUTH_URL + '/auth/tokens',
headers=headers,
json=V3_TOKEN)
global shell, _shell, assert_called, assert_called_anytime
_shell = openstack_shell.OpenStackImagesShell()
shell = lambda cmd: _shell.main(cmd.split())
def setUp(self):
super(AuthProjectsTest, self).setUp()
self.v3token = fixture.V3Token()
self.stub_auth(json=self.v3token)
self.stub_url('GET', [],
json={'version': fixture.V3Discovery(self.TEST_URL)})
def test_version_data_unknown(self):
discovery_fixture = fixture.V3Discovery(V3_URL)
discovery_fixture.status = 'hungry'
discovery_doc = _create_single_version(discovery_fixture)
self.requests_mock.get(V3_URL, status_code=200, json=discovery_doc)
disc = discover.Discover(self.session, V3_URL)
clean_data = disc.version_data(allow_unknown=True)
self.assertEqual(discover.Status.UNKNOWN, clean_data[0]['status'])
def test_fail_getting_ecp_assertion(self):
self.requests_mock.get(
self.TEST_URL,
json={'version': fixture.V3Discovery(self.TEST_URL)},
headers={'Content-Type': 'application/json'})
self.requests_mock.register_uri('POST',
self.REQUEST_ECP_URL,
status_code=401)
self.assertRaises(exceptions.AuthorizationFailure,
self.k2kplugin._get_ecp_assertion, self.session)
def test_get_ecp_assertion_wrong_headers(self):
self.requests_mock.get(
self.TEST_URL,
json={'version': fixture.V3Discovery(self.TEST_URL)},
headers={'Content-Type': 'application/json'})
self.requests_mock.register_uri(
'POST', self.REQUEST_ECP_URL,
headers={'Content-Type': uuid.uuid4().hex},
content=six.b(''), status_code=200)
self.assertRaises(exceptions.InvalidResponse,
self.k2kplugin._get_ecp_assertion,
self.session)
"token": {
"expires": "2020-01-01T00:00:10.000123Z",
"id": 'fakeToken',
"tenant": {
"id": '1'
},
},
"user": {
"id": 'test'
},
"serviceCatalog": TEST_SERVICE_CATALOG,
},
})
V3_URL = "%sv3" % BASE_URL
V3_VERSION = fixture.V3Discovery(V3_URL)
V3_MEDIA_TYPES = V3_VERSION.media_types
V3_VERSION.updated_str = UPDATED
V3_AUTH_RESPONSE = json.dumps({
"token": {
"methods": ["token", "password"],
"expires_at": "2020-01-01T00:00:10.000123Z",
"project": {
"domain": {
"id": '1',
"name": 'test-domain'
},
"id": '1',
"name": 'test-project'
},
class ShellTestKeystoneV3(ShellTest):
version_id = u'v3'
links = [{u'href': u'http://no.where/v3', u'rel': u'self'}]
v3_version = fixture.V3Discovery(V3_URL)
v3_version.updated_str = UPDATED
test_service_catalog = [{
"endpoints": [{
"url": "http://no.where/v1.0/",
"region": "RegionOne",
"interface": "public"
}, {
"url": "http://no.where/v1.0",
"region": "RegionOne",
"interface": "internal"
}, {
"url": "http://no.where/v1.0",
"region": "RegionOne",
"interface": "admin"
}],
"type": "database",
"name": "trove"
}]
service_catalog2 = [{
"endpoints": [{
"url": "http://no.where/vXYZ",
"region": "RegionOne",
"interface": "public"
}],
"type": "database",
"name": "trove"
}]
v3_auth_response = json.dumps({
"token": {
"methods": [
"token",
"password"
],
"expires_at": "2020-01-01T00:00:10.000123Z",
"project": {
"domain": {
"id": uuid.uuid4().hex,
"name": uuid.uuid4().hex
},
"id": uuid.uuid4().hex,
"name": uuid.uuid4().hex
},
"user": {
"domain": {
"id": uuid.uuid4().hex,
"name": uuid.uuid4().hex
},
"id": uuid.uuid4().hex,
"name": uuid.uuid4().hex
},
"issued_at": "2013-05-29T16:55:21.468960Z",
"catalog": test_service_catalog
},
})
def make_env(self, exclude=None, fake_env=FAKE_V3_ENV):
if 'OS_AUTH_URL' in fake_env:
fake_env.update({'OS_AUTH_URL': 'http://no.where/v3'})
env = dict((k, v) for k, v in fake_env.items() if k != exclude)
self.useFixture(fixtures.MonkeyPatch('os.environ', env))
def register_keystone_discovery_fixture(self, mreq):
v3_url = "http://no.where/v3"
v3_version = fixture.V3Discovery(v3_url)
mreq.register_uri('GET', v3_url, json=_create_ver_list([v3_version]),
status_code=200)
def test_no_project_id(self):
required = (
u'You must provide a '
u'project_id or project_name (with '
u'project_domain_name or project_domain_id) via '
u' --os-project-id (env[OS_PROJECT_ID])'
u' --os-project-name (env[OS_PROJECT_NAME]),'
u' --os-project-domain-id '
u'(env[OS_PROJECT_DOMAIN_ID])'
u' --os-project-domain-name '
u'(env[OS_PROJECT_DOMAIN_NAME])'
)
self.make_env(exclude='OS_PROJECT_ID')
try:
self.shell('list')
except exceptions.CommandError as message:
self.assertEqual(required, message.args[0])
else:
self.fail('CommandError not raised')
@mock.patch('keystoneauth1.discover.get_version_data',
return_value=[{u'status': u'stable', u'id': version_id,
u'links': links}])
@mock.patch('troveclient.v1.datastores.DatastoreVersions.list')
@requests_mock.Mocker()
def test_datastore_version_list(self, mock_discover,
mock_list, mock_requests):
expected = '\n'.join([
'+----+------+',
'| ID | Name |',
'+----+------+',
'+----+------+',
''
])
self.make_env()
self.register_keystone_discovery_fixture(mock_requests)
mock_requests.register_uri('POST', "http://no.where/v3/auth/tokens",
headers={'X-Subject-Token': 'fakeToken'},
text=self.v3_auth_response)
stdout, stderr = self.shell('datastore-version-list XXX')
self.assertEqual(expected, (stdout + stderr))
@mock.patch('keystoneauth1.discover.get_version_data',
return_value=[{u'status': u'stable', u'id': version_id,
u'links': links}])
@mock.patch('troveclient.v1.datastores.Datastores.list')
@requests_mock.Mocker()
def test_get_datastore_list(self, mock_discover,
mock_list, mock_requests):
expected = '\n'.join([
'+----+------+',
'| ID | Name |',
'+----+------+',
'+----+------+',
''
])
self.make_env()
self.register_keystone_discovery_fixture(mock_requests)
mock_requests.register_uri('POST', "http://no.where/v3/auth/tokens",
headers={'X-Subject-Token': 'fakeToken'},
text=self.v3_auth_response)
stdout, stderr = self.shell('datastore-list')
self.assertEqual(expected, (stdout + stderr))
@mock.patch('keystoneauth1.discover.get_version_data',
return_value=[{u'status': u'stable', u'id': version_id,
u'links': links}])
@requests_mock.Mocker()
def test_invalid_client_version(self, mock_discover,
mock_requests):
response = json.loads(self.v3_auth_response)
response['token']['catalog'] = self.service_catalog2
self.make_env()
self.register_keystone_discovery_fixture(mock_requests)
mock_requests.register_uri('POST', "http://no.where/v3/auth/tokens",
headers={'X-Subject-Token': 'fakeToken'},
text=json.dumps(response))
try:
self.shell('datastore-list')
except exceptions.UnsupportedVersion:
pass
else:
self.fail('UnsupportedVersion not raised')
def setUp(self):
super(V3IdentityPlugin, self).setUp()
self.TEST_DISCOVERY_RESPONSE = {
'versions': {
'values': [fixture.V3Discovery(self.TEST_URL)]
}
}
nextyear = 1 + time.gmtime().tm_year
self.TEST_RESPONSE_DICT = {
"token": {
"methods": ["token", "password"],
"expires_at": "%i-02-01T00:00:10.000123Z" % nextyear,
"project": {
"domain": {
"id": self.TEST_DOMAIN_ID,
"name": self.TEST_DOMAIN_NAME
},
"id": self.TEST_TENANT_ID,
"name": self.TEST_TENANT_NAME
},
"user": {
"domain": {
"id": self.TEST_DOMAIN_ID,
"name": self.TEST_DOMAIN_NAME
},
"id": self.TEST_USER,
"name": self.TEST_USER
},
"issued_at": "2013-05-29T16:55:21.468960Z",
"catalog": self.TEST_SERVICE_CATALOG,
"service_providers": self.TEST_SERVICE_PROVIDERS
},
}
self.TEST_PROJECTS_RESPONSE = {
"projects": [{
"domain_id": "1789d1",
"enabled": "True",
"id": "263fd9",
"links": {
"self": "https://identity:5000/v3/projects/263fd9"
},
"name": "Dev Group A"
}, {
"domain_id": "1789d1",
"enabled": "True",
"id": "e56ad3",
"links": {
"self": "https://identity:5000/v3/projects/e56ad3"
},
"name": "Dev Group B"
}],
"links": {
"self": "https://identity:5000/v3/projects",
}
}
self.TEST_APP_CRED_TOKEN_RESPONSE = {
"token": {
"methods": ["application_credential"],
"expires_at": "%i-02-01T00:00:10.000123Z" % nextyear,
"project": {
"domain": {
"id": self.TEST_DOMAIN_ID,
"name": self.TEST_DOMAIN_NAME
},
"id": self.TEST_TENANT_ID,
"name": self.TEST_TENANT_NAME
},
"user": {
"domain": {
"id": self.TEST_DOMAIN_ID,
"name": self.TEST_DOMAIN_NAME
},
"id": self.TEST_USER,
"name": self.TEST_USER
},
"issued_at": "2013-05-29T16:55:21.468960Z",
"catalog": self.TEST_SERVICE_CATALOG,
"service_providers": self.TEST_SERVICE_PROVIDERS,
"application_credential_restricted": True
},
}
self.TEST_RECEIPT_RESPONSE = {
"receipt": {
"methods": ["password"],
"expires_at": "%i-02-01T00:00:10.000123Z" % nextyear,
"user": {
"domain": {
"id": self.TEST_DOMAIN_ID,
"name": self.TEST_DOMAIN_NAME,
},
"id": self.TEST_USER,
"name": self.TEST_USER,
},
"issued_at": "2013-05-29T16:55:21.468960Z",
},
"required_auth_methods": [["password", "totp"]],
}
