def setUp(self):
super(TestValidationResources, self).setUp()
self.useFixture(registry_fixture.RegistryFixture())
self.mock_sg_compute = self.useFixture(
fixtures.MockPatch(SG_CLIENT %
('compute', 'create_security_group'),
autospec=True,
return_value=FAKE_SECURITY_GROUP))
self.mock_sg_network = self.useFixture(
fixtures.MockPatch(SG_CLIENT %
('network', 'create_security_group'),
autospec=True,
return_value=FAKE_SECURITY_GROUP))
self.mock_sgr_compute = self.useFixture(
fixtures.MockPatch(SGR_CLIENT % 'compute', autospec=True))
self.mock_sgr_network = self.useFixture(
fixtures.MockPatch(SGR_CLIENT % 'network', autospec=True))
self.mock_kp = self.useFixture(
fixtures.MockPatch(KP_CLIENT % 'create_keypair',
autospec=True,
return_value=FAKE_KEYPAIR))
self.mock_fip_compute = self.useFixture(
fixtures.MockPatch(FIP_CLIENT % ('compute', 'create_floating_ip'),
autospec=True,
return_value=FAKE_FIP_NOVA_NET))
self.mock_fip_network = self.useFixture(
fixtures.MockPatch(FIP_CLIENT % ('network', 'create_floatingip'),
autospec=True,
return_value=FAKE_FIP_NEUTRON))
self.os = clients.ServiceClients(
fake_credentials.FakeKeystoneV3Credentials(), 'fake_uri')
def test___init___plugin_service_clients_cannot_load(self):
creds = fake_credentials.FakeKeystoneV3Credentials()
uri = 'fake_uri'
fake_service_clients = {
'service1': [{
'name': 'client1',
'service_version': 'client1.v1',
'module_path': 'I cannot load this',
'client_names': ['SomeClient1']
}],
'service2': [{
'name': 'client2',
'service_version': 'client2.v1',
'module_path': 'This neither',
'client_names': ['SomeClient1']
}]
}
msg = "(?=.*{0})(?=.*{1})".format(*[
x[1][0]['module_path'] for x in six.iteritems(fake_service_clients)
])
self.useFixture(
fixtures.MockPatchObject(clients.ClientsRegistry(),
'get_service_clients',
return_value=fake_service_clients))
with testtools.ExpectedException(testtools.MultipleExceptions,
value_re=msg):
clients.ServiceClients(creds, identity_uri=uri)
def setUp(self):
super(TestClearValidationResourcesFixture, self).setUp()
self.useFixture(registry_fixture.RegistryFixture())
self.mock_sg_compute = self.useFixture(
fixtures.MockPatch(SG_CLIENT %
('compute', 'delete_security_group'),
autospec=True))
self.mock_sg_network = self.useFixture(
fixtures.MockPatch(SG_CLIENT %
('network', 'delete_security_group'),
autospec=True))
self.mock_sg_wait_compute = self.useFixture(
fixtures.MockPatch(SG_CLIENT %
('compute', 'wait_for_resource_deletion'),
autospec=True))
self.mock_sg_wait_network = self.useFixture(
fixtures.MockPatch(SG_CLIENT %
('network', 'wait_for_resource_deletion'),
autospec=True))
self.mock_kp = self.useFixture(
fixtures.MockPatch(KP_CLIENT % 'delete_keypair', autospec=True))
self.mock_fip_compute = self.useFixture(
fixtures.MockPatch(FIP_CLIENT % ('compute', 'delete_floating_ip'),
autospec=True))
self.mock_fip_network = self.useFixture(
fixtures.MockPatch(FIP_CLIENT % ('network', 'delete_floatingip'),
autospec=True))
self.os = clients.ServiceClients(
fake_credentials.FakeKeystoneV3Credentials(), 'fake_uri')
def test___init___creds_v3_uri(self):
# Verify that no API request is made, since no mock
# is required to run the test successfully
creds = fake_credentials.FakeKeystoneV3Credentials()
uri = 'fake_uri'
_manager = clients.ServiceClients(creds, identity_uri=uri)
self.assertIsInstance(_manager.auth_provider,
auth.KeystoneV3AuthProvider)
def test_validation_resources_exists(self):
cfg.CONF.set_default('run_validation', True, 'validation')
creds = fake_credentials.FakeKeystoneV3Credentials()
osclients = clients.Manager(creds)
expected_vr = 'expected_validation_resources'
self.test_test_class._validation_resources[osclients] = expected_vr
obtained_vr = self.test_test_class.get_class_validation_resources(
osclients)
self.assertEqual(expected_vr, obtained_vr)
def test_validation_resources_invalid_config(self):
invalid_version = 999
cfg.CONF.set_default('run_validation', True, 'validation')
cfg.CONF.set_default('ip_version_for_ssh', invalid_version,
'validation')
cfg.CONF.set_default('neutron', True, 'service_available')
creds = fake_credentials.FakeKeystoneV3Credentials()
osclients = clients.Manager(creds)
with testtools.ExpectedException(
lib_exc.InvalidConfiguration,
value_re='^.*\n.*' + str(invalid_version)):
self.test_test_class.get_class_validation_resources(osclients)
def test_validation_resources_fixture(self, mock_clean_vr, mock_create_vr):
class TestWithRun(self.test_test_class):
def runTest(self):
pass
cfg.CONF.set_default('run_validation', True, 'validation')
test_case = TestWithRun()
creds = fake_credentials.FakeKeystoneV3Credentials()
osclients = clients.Manager(creds)
test_case.get_test_validation_resources(osclients)
self.assertEqual(1, mock_create_vr.call_count)
self.assertEqual(0, mock_clean_vr.call_count)
def _create_cmd_service(self,
service_type,
is_save_state=False,
is_preserve=False,
is_dry_run=False):
creds = fake_credentials.FakeKeystoneV3Credentials()
os = clients.Manager(creds)
return getattr(cleanup_service,
service_type)(os,
is_save_state=is_save_state,
is_preserve=is_preserve,
is_dry_run=is_dry_run,
data={},
saved_state_json=self.saved_state)
class TestKeystoneV3AuthProvider_DomainScope(BaseAuthTestsSetUp):
_endpoints = fake_identity.IDENTITY_V3_RESPONSE['token']['catalog']
_auth_provider_class = auth.KeystoneV3AuthProvider
credentials = fake_credentials.FakeKeystoneV3Credentials()
def setUp(self):
super(TestKeystoneV3AuthProvider_DomainScope, self).setUp()
self.patchobject(v3_client.V3TokenClient, 'raw_request',
fake_identity._fake_v3_response_domain_scope)
def test_get_auth_with_domain_scope(self):
self.auth_provider.scope = 'domain'
_, auth_data = self.auth_provider.get_auth()
self.assertIn('domain', auth_data)
self.assertNotIn('project', auth_data)
def test_validation_resources_invalid_config_nova_net(self,
mock_create_vr):
invalid_version = 999
cfg.CONF.set_default('run_validation', True, 'validation')
cfg.CONF.set_default('ip_version_for_ssh', invalid_version,
'validation')
cfg.CONF.set_default('neutron', False, 'service_available')
creds = fake_credentials.FakeKeystoneV3Credentials()
osclients = clients.Manager(creds)
expected_vr = {'expected_validation_resources': None}
mock_create_vr.return_value = expected_vr
obtained_vr = self.test_test_class.get_class_validation_resources(
osclients)
self.assertEqual(mock_create_vr.call_count, 1)
self.assertIn(osclients, mock_create_vr.call_args_list[0][0])
self.assertEqual(expected_vr, obtained_vr)
self.assertIn(osclients, self.test_test_class._validation_resources)
self.assertEqual(expected_vr,
self.test_test_class._validation_resources[osclients])
def test___init___plugin_service_clients_name_conflict(self):
creds = fake_credentials.FakeKeystoneV3Credentials()
uri = 'fake_uri'
fake_service_clients = {
'serviceA': [{
'name': 'client1',
'service_version': 'client1.v1',
'module_path': 'fake_path_1',
'client_names': ['SomeClient1']
}],
'serviceB': [{
'name': 'client1',
'service_version': 'client1.v2',
'module_path': 'fake_path_2',
'client_names': ['SomeClient2']
}],
'serviceC': [{
'name': 'client1',
'service_version': 'client1.v1',
'module_path': 'fake_path_2',
'client_names': ['SomeClient1']
}],
'serviceD': [{
'name': 'client1',
'service_version': 'client1.v2',
'module_path': 'fake_path_2',
'client_names': ['SomeClient2']
}]
}
msg = "(?=.*{0})(?=.*{1})".format(
*
[x[1][0]['service_version'] for x in fake_service_clients.items()])
self.useFixture(
fixtures.MockPatchObject(clients.ClientsRegistry(),
'get_service_clients',
return_value=fake_service_clients))
with testtools.ExpectedException(testtools.MultipleExceptions,
value_re=msg):
clients.ServiceClients(creds, identity_uri=uri)
def test_validation_resources_new(self, mock_create_vr):
cfg.CONF.set_default('run_validation', True, 'validation')
cfg.CONF.set_default('neutron', True, 'service_available')
creds = fake_credentials.FakeKeystoneV3Credentials()
osclients = clients.Manager(creds)
expected_vr = {'expected_validation_resources': None}
mock_create_vr.return_value = expected_vr
with mock.patch.object(
self.test_test_class,
'addClassResourceCleanup') as mock_add_class_cleanup:
obtained_vr = self.test_test_class.get_class_validation_resources(
osclients)
self.assertEqual(1, mock_add_class_cleanup.call_count)
self.assertEqual(mock.call(vr.clear_validation_resources,
osclients,
use_neutron=True,
**expected_vr),
mock_add_class_cleanup.call_args)
self.assertEqual(mock_create_vr.call_count, 1)
self.assertIn(osclients, mock_create_vr.call_args_list[0][0])
self.assertEqual(expected_vr, obtained_vr)
self.assertIn(osclients, self.test_test_class._validation_resources)
self.assertEqual(expected_vr,
self.test_test_class._validation_resources[osclients])
class TestKeystoneV3AuthProvider(TestKeystoneV2AuthProvider):
_endpoints = fake_identity.IDENTITY_V3_RESPONSE['token']['catalog']
_auth_provider_class = auth.KeystoneV3AuthProvider
credentials = fake_credentials.FakeKeystoneV3Credentials()
def setUp(self):
super(TestKeystoneV3AuthProvider, self).setUp()
self.stubs.Set(v3_client.V3TokenClient, 'raw_request',
fake_identity._fake_v3_response)
def _get_fake_identity(self):
return fake_identity.IDENTITY_V3_RESPONSE['token']
def _get_fake_alt_identity(self):
return fake_identity.ALT_IDENTITY_V3['token']
def _get_result_url_from_endpoint(self, ep, replacement=None):
if replacement:
return ep['url'].replace('v3', replacement)
return ep['url']
def _auth_data_with_expiry(self, date_as_string):
token, access = self.auth_provider.auth_data
access['expires_at'] = date_as_string
return token, access
def _get_from_fake_identity(self, attr):
token = fake_identity.IDENTITY_V3_RESPONSE['token']
if attr == 'user_id':
return token['user']['id']
elif attr == 'project_id':
return token['project']['id']
elif attr == 'user_domain_id':
return token['user']['domain']['id']
elif attr == 'project_domain_id':
return token['project']['domain']['id']
def test_check_credentials_missing_attribute(self):
# reset credentials to fresh ones
self.credentials.reset()
for attr in [
'username', 'password', 'user_domain_name',
'project_domain_name'
]:
cred = copy.copy(self.credentials)
del cred[attr]
self.assertFalse(self.auth_provider.check_credentials(cred),
"Credentials should be invalid without %s" % attr)
def test_check_domain_credentials_missing_attribute(self):
# reset credentials to fresh ones
self.credentials.reset()
domain_creds = fake_credentials.FakeKeystoneV3DomainCredentials()
for attr in ['username', 'password', 'user_domain_name']:
cred = copy.copy(domain_creds)
del cred[attr]
self.assertFalse(self.auth_provider.check_credentials(cred),
"Credentials should be invalid without %s" % attr)
def test_fill_credentials(self):
self.auth_provider.fill_credentials()
creds = self.auth_provider.credentials
for attr in [
'user_id', 'project_id', 'user_domain_id', 'project_domain_id'
]:
self.assertEqual(self._get_from_fake_identity(attr),
getattr(creds, attr))
# Overwrites v2 test
def test_base_url_to_get_admin_endpoint(self):
self.filters = {
'service': 'compute',
'endpoint_type': 'admin',
'region': 'MiddleEarthRegion'
}
expected = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][2])
self._test_base_url_helper(expected, self.filters)
# Overwrites v2 test
def test_base_url_with_unversioned_endpoint(self):
auth_data = {
'catalog': [{
'type':
'identity',
'endpoints': [{
'region': 'FakeRegion',
'url': 'http://fake_url',
'interface': 'public'
}]
}]
}
filters = {
'service': 'identity',
'endpoint_type': 'publicURL',
'region': 'FakeRegion',
'api_version': 'v3'
}
expected = 'http://fake_url/v3'
self._test_base_url_helper(expected, filters, ('token', auth_data))
def test_validation_resources_no_validation(self):
cfg.CONF.set_default('run_validation', False, 'validation')
creds = fake_credentials.FakeKeystoneV3Credentials()
osclients = clients.Manager(creds)
vr = self.test_test_class.get_class_validation_resources(osclients)
self.assertIsNone(vr)
class TestKeystoneV3AuthProvider(TestKeystoneV2AuthProvider):
_endpoints = fake_identity.IDENTITY_V3_RESPONSE['token']['catalog']
_auth_provider_class = auth.KeystoneV3AuthProvider
credentials = fake_credentials.FakeKeystoneV3Credentials()
def setUp(self):
super(TestKeystoneV3AuthProvider, self).setUp()
self.patchobject(v3_client.V3TokenClient, 'raw_request',
fake_identity._fake_v3_response)
def _get_fake_identity(self):
return fake_identity.IDENTITY_V3_RESPONSE['token']
def _get_fake_alt_identity(self):
return fake_identity.ALT_IDENTITY_V3['token']
def _get_result_url_from_endpoint(self, ep, replacement=None):
if replacement:
return ep['url'].replace('v3', replacement)
return ep['url']
def _auth_data_with_expiry(self, date_as_string):
token, access = self.auth_provider.auth_data
access['expires_at'] = date_as_string
return token, access
def _get_from_fake_identity(self, attr):
token = fake_identity.IDENTITY_V3_RESPONSE['token']
if attr == 'user_id':
return token['user']['id']
elif attr == 'project_id':
return token['project']['id']
elif attr == 'user_domain_id':
return token['user']['domain']['id']
elif attr == 'project_domain_id':
return token['project']['domain']['id']
def test_check_credentials_missing_attribute(self):
# reset credentials to fresh ones
self.credentials.reset()
for attr in ['username', 'password', 'user_domain_name',
'project_domain_name']:
cred = copy.copy(self.credentials)
del cred[attr]
self.assertFalse(self.auth_provider.check_credentials(cred),
"Credentials should be invalid without %s" % attr)
def test_check_domain_credentials_missing_attribute(self):
# reset credentials to fresh ones
self.credentials.reset()
domain_creds = fake_credentials.FakeKeystoneV3DomainCredentials()
for attr in ['username', 'password', 'user_domain_name']:
cred = copy.copy(domain_creds)
del cred[attr]
self.assertFalse(self.auth_provider.check_credentials(cred),
"Credentials should be invalid without %s" % attr)
def test_fill_credentials(self):
self.auth_provider.fill_credentials()
creds = self.auth_provider.credentials
for attr in ['user_id', 'project_id', 'user_domain_id',
'project_domain_id']:
self.assertEqual(self._get_from_fake_identity(attr),
getattr(creds, attr))
# Overwrites v2 test
def test_base_url_to_get_admin_endpoint(self):
self.filters = {
'service': 'compute',
'endpoint_type': 'admin',
'region': 'MiddleEarthRegion'
}
expected = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][2])
self._test_base_url_helper(expected, self.filters)
# Overwrites v2 test
def test_base_url_with_unversioned_endpoint(self):
auth_data = {
'catalog': [
{
'type': 'identity',
'endpoints': [
{
'region': 'FakeRegion',
'url': 'http://fake_url',
'interface': 'public'
}
]
}
]
}
filters = {
'service': 'identity',
'endpoint_type': 'publicURL',
'region': 'FakeRegion',
'api_version': 'v3'
}
expected = 'http://fake_url/v3'
self._test_base_url_helper(expected, filters, ('token', auth_data))
def test_base_url_with_extra_path_endpoint(self):
auth_data = {
'catalog': [
{
'type': 'compute',
'endpoints': [
{
'region': 'FakeRegion',
'url': 'http://fake_url/some_path/v2.0',
'interface': 'public'
}
]
}
]
}
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion',
'api_version': 'v2.0'
}
expected = 'http://fake_url/some_path/v2.0'
self._test_base_url_helper(expected, filters, ('token', auth_data))
def test_base_url_with_unversioned_extra_path_endpoint(self):
auth_data = {
'catalog': [
{
'type': 'compute',
'endpoints': [
{
'region': 'FakeRegion',
'url': 'http://fake_url/some_path',
'interface': 'public'
}
]
}
]
}
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion',
'api_version': 'v2.0'
}
expected = 'http://fake_url/some_path/v2.0'
self._test_base_url_helper(expected, filters, ('token', auth_data))
# Base URL test with scope only for V3
def test_base_url_scope_project(self):
self.auth_provider.scope = 'project'
self.filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion'
}
expected = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][1])
self._test_base_url_helper(expected, self.filters)
# Base URL test with scope only for V3
def test_base_url_unscoped_identity(self):
self.auth_provider.scope = 'unscoped'
self.patchobject(v3_client.V3TokenClient, 'raw_request',
fake_identity._fake_v3_response_no_scope)
self.filters = {
'service': 'identity',
'endpoint_type': 'publicURL',
'region': 'FakeRegion'
}
expected = fake_identity.FAKE_AUTH_URL
self._test_base_url_helper(expected, self.filters)
# Base URL test with scope only for V3
def test_base_url_unscoped_other(self):
self.auth_provider.scope = 'unscoped'
self.patchobject(v3_client.V3TokenClient, 'raw_request',
fake_identity._fake_v3_response_no_scope)
self.filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion'
}
self.assertRaises(exceptions.EndpointNotFound,
self.auth_provider.base_url,
auth_data=self.auth_provider.auth_data,
filters=self.filters)
def test_auth_parameters_with_scope_unset(self):
# No scope defaults to 'project'
all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
self.auth_provider.credentials = all_creds
auth_params = self.auth_provider._auth_params()
self.assertNotIn('scope', auth_params.keys())
for attr in all_creds.get_init_attributes():
if attr.startswith('domain_'):
self.assertNotIn(attr, auth_params.keys())
else:
self.assertIn(attr, auth_params.keys())
self.assertEqual(getattr(all_creds, attr), auth_params[attr])
def test_auth_parameters_with_project_scope(self):
all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
self.auth_provider.credentials = all_creds
self.auth_provider.scope = 'project'
auth_params = self.auth_provider._auth_params()
self.assertNotIn('scope', auth_params.keys())
for attr in all_creds.get_init_attributes():
if attr.startswith('domain_'):
self.assertNotIn(attr, auth_params.keys())
else:
self.assertIn(attr, auth_params.keys())
self.assertEqual(getattr(all_creds, attr), auth_params[attr])
def test_auth_parameters_with_domain_scope(self):
all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
self.auth_provider.credentials = all_creds
self.auth_provider.scope = 'domain'
auth_params = self.auth_provider._auth_params()
self.assertNotIn('scope', auth_params.keys())
for attr in all_creds.get_init_attributes():
if attr.startswith('project_'):
self.assertNotIn(attr, auth_params.keys())
else:
self.assertIn(attr, auth_params.keys())
self.assertEqual(getattr(all_creds, attr), auth_params[attr])
def test_auth_parameters_unscoped(self):
all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
self.auth_provider.credentials = all_creds
self.auth_provider.scope = 'unscoped'
auth_params = self.auth_provider._auth_params()
self.assertNotIn('scope', auth_params.keys())
for attr in all_creds.get_init_attributes():
if attr.startswith('project_') or attr.startswith('domain_'):
self.assertNotIn(attr, auth_params.keys())
else:
self.assertIn(attr, auth_params.keys())
self.assertEqual(getattr(all_creds, attr), auth_params[attr])
