def __call__(self, req): if 'X-Auth-Token' not in req.headers: user_id = req.headers.get('X-Auth-User', 'admin') project_id = req.headers.get('X-Auth-Project-Id', 'admin') os_url = os.path.join(req.url, project_id) res = webob.Response() # NOTE(vish): This is expecting and returning Auth(1.1), whereas # keystone uses 2.0 auth. We should probably allow # 2.0 auth here as well. res.headers['X-Auth-Token'] = '%s:%s' % (user_id, project_id) res.headers['X-Server-Management-Url'] = os_url res.content_type = 'text/plain' res.status = '204' return res token = req.headers['X-Auth-Token'] user_id, _sep, project_id = token.partition(':') project_id = project_id or user_id remote_address = getattr(req, 'remote_address', '127.0.0.1') if CONF.use_forwarded_for: remote_address = req.headers.get('X-Forwarded-For', remote_address) ctx = context.RequestContext(user_id, project_id, is_admin=True, remote_address=remote_address) req.environ['karbor.context'] = ctx return self.application
def test_user_identity(self): ctx = context.RequestContext("user", "tenant", domain="domain", user_domain="user-domain", project_domain="project-domain") self.assertEqual('user tenant domain user-domain project-domain', ctx.to_dict()["user_identity"])
def test_ignore_case_role_check(self): lowercase_action = "test:lowercase_admin" uppercase_action = "test:uppercase_admin" admin_context = context.RequestContext('admin', 'fake', roles=['AdMiN']) policy.authorize(admin_context, lowercase_action, self.target) policy.authorize(admin_context, uppercase_action, self.target)
def setUp(self): super(BaseObjectsTestCase, self).setUp() self.user_id = 'fake-user' self.project_id = 'fake-project' self.context = context.RequestContext(self.user_id, self.project_id, is_admin=False) # We only test local right now. self.assertIsNone(obj_base.KarborObject.indirection_api)
def setUp(self): super(UserTrustManagerTestCase, self).setUp() self._user_id = '123' self._project_id = '456' self._ctx = context.RequestContext(user_id=self._user_id, project_id=self._project_id) self._manager = user_trust_manager.UserTrustManager() self._manager._skp = FakeSKP()
def test_request_context_read_deleted_invalid(self): self.assertRaises(ValueError, context.RequestContext, '111', '222', read_deleted=True) ctxt = context.RequestContext('111', '222') self.assertRaises(ValueError, setattr, ctxt, 'read_deleted', True)
def test_request_context_elevated(self): user_context = context.RequestContext('fake_user', 'fake_project', is_admin=False) self.assertFalse(user_context.is_admin) admin_context = user_context.elevated() self.assertFalse(user_context.is_admin) self.assertTrue(admin_context.is_admin) self.assertNotIn('admin', user_context.roles) self.assertIn('admin', admin_context.roles)
def setUp(self): super(UserTrustManagerTestCase, self).setUp() self._user_id = '123' self._project_id = '456' self._ctx = context.RequestContext(user_id=self._user_id, project_id=self._project_id) with mock.patch.object(karbor_keystone_plugin.KarborKeystonePlugin, '_do_init'): self._manager = user_trust_manager.UserTrustManager() self._manager._skp = FakeSKP()
def __call__(self, req): headers = req.headers environ = req.environ user_id = headers.get('X_USER_ID') or headers.get('X_USER') if user_id is None: LOG.debug("Neither X_USER_ID nor X_USER found in request") return webob.exc.HTTPUnauthorized() # get the roles roles = [r.strip() for r in headers.get('X_ROLE', '').split(',')] if 'X_TENANT_ID' in headers: # This is the new header since Keystone went to ID/Name project_id = headers['X_TENANT_ID'] else: # This is for legacy compatibility project_id = headers['X_TENANT'] project_name = headers.get('X_TENANT_NAME') req_id = environ.get(request_id.ENV_REQUEST_ID) # Get the auth token auth_token = headers.get('X_AUTH_TOKEN', headers.get('X_STORAGE_TOKEN')) # Build a context, including the auth_token... remote_address = req.remote_addr auth_token_info = environ.get('keystone.token_info') service_catalog = None if headers.get('X_SERVICE_CATALOG') is not None: try: catalog_header = headers.get('X_SERVICE_CATALOG') service_catalog = jsonutils.loads(catalog_header) except ValueError: raise webob.exc.HTTPInternalServerError( explanation=_('Invalid service catalog json.')) if CONF.use_forwarded_for: remote_address = headers.get('X-Forwarded-For', remote_address) ctx = context.RequestContext(user_id, project_id, project_name=project_name, roles=roles, auth_token=auth_token, remote_address=remote_address, service_catalog=service_catalog, request_id=req_id, auth_token_info=auth_token_info) environ['karbor.context'] = ctx return self.application
def setUp(self): super(TriggerApiTest, self).setUp() self.controller = trigger_api.TriggersController() self.controller.operationengine_api = FakeRemoteOperationApi() self.ctxt = context.RequestContext('demo', 'fakeproject', True) self.req = fakes.HTTPRequest.blank('/v1/triggers') self.default_create_trigger_param = { "name": "123", "type": "time", "properties": { "format": "crontab", "pattern": "* * * * *" }, }
def test_service_catalog_nova_and_swift(self): service_catalog = [{ u'type': u'compute', u'name': u'nova' }, { u'type': u's3', u'name': u's3' }, { u'type': u'image', u'name': u'glance' }, { u'type': u'volume', u'name': u'cinder' }, { u'type': u'ec2', u'name': u'ec2' }, { u'type': u'object-store', u'name': u'swift' }, { u'type': u'identity', u'name': u'keystone' }, { u'type': None, u'name': u'S_withtypeNone' }, { u'type': u'co', u'name': u'S_partofcompute' }] compute_catalog = [{u'type': u'compute', u'name': u'nova'}] object_catalog = [{u'name': u'swift', u'type': u'object-store'}] ctxt = context.RequestContext('111', '222', service_catalog=service_catalog) self.assertEqual(5, len(ctxt.service_catalog)) return_compute = [ v for v in ctxt.service_catalog if v['type'] == u'compute' ] return_object = [ v for v in ctxt.service_catalog if v['type'] == u'object-store' ] self.assertEqual(compute_catalog, return_compute) self.assertEqual(object_catalog, return_object)
def setUp(self): super(PolicyTestCase, self).setUp() rules = [ oslo_policy.RuleDefault("true", '@'), oslo_policy.RuleDefault("test:allowed", '@'), oslo_policy.RuleDefault("test:denied", "!"), oslo_policy.RuleDefault( "test:my_file", "role:compute_admin or " "project_id:%(project_id)s"), oslo_policy.RuleDefault("test:early_and_fail", "! and @"), oslo_policy.RuleDefault("test:early_or_success", "@ or !"), oslo_policy.RuleDefault("test:lowercase_admin", "role:admin"), oslo_policy.RuleDefault("test:uppercase_admin", "role:ADMIN"), ] policy.reset() policy.init() # before a policy rule can be used, its default has to be registered. policy._ENFORCER.register_defaults(rules) self.context = context.RequestContext('fake', 'fake', roles=['member']) self.target = {} self.addCleanup(policy.reset)
def setUp(self): super(ScheduledOperationApiTest, self).setUp() self.remote_operation_api = FakeRemoteOperationApi() self.controller = operation_api.ScheduledOperationController() self.controller.operationengine_api = self.remote_operation_api self.ctxt = context.RequestContext('demo', 'fakeproject', True) self.req = fakes.HTTPRequest.blank('/v1/scheduled_operations') trigger = self._create_trigger() self._plan = self._create_plan(uuidutils.generate_uuid()) self.default_create_operation_param = { "name": "123", "description": "123", "operation_type": "protect", "trigger_id": trigger['trigger_info']['id'], "operation_definition": { "plan_id": self._plan['id'], "provider_id": self._plan['provider_id'] }, }
def setUp(self): super(TriggerTestCase, self).setUp() self.ctxt = context.RequestContext(user_id='user_id', project_id='project_id')
def setUp(self): super(QuotaApiTest, self).setUp() self.controller = quotas.QuotasController() self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self): super(ProvidersApiTest, self).setUp() self.controller = providers.ProvidersController() self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self): super(RestoreApiTest, self).setUp() self.controller = restores.RestoresController() self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self): super(VerificationApiTest, self).setUp() self.controller = verifications.VerificationsController() self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self): super(CopiesApiTest, self).setUp() self.controller = copies.CopiesController() self.ctxt = context.RequestContext('demo', DEFAULT_PROJECT_ID, True)
def setUp(self): super(OperationLogTest, self).setUp() self.controller = operation_logs.OperationLogsController() self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self): super(ServicesDbTestCase, self).setUp() self.ctxt = context.RequestContext(user_id='user_id', project_id='project_id', is_admin=True)
def setUp(self): super(ScheduledOperationStateTestCase, self).setUp() self.ctxt = context.RequestContext(user_id='user_id', project_id='project_id')
def test_request_context_read_deleted(self): ctxt = context.RequestContext('111', '222', read_deleted='yes') self.assertEqual('yes', ctxt.read_deleted) ctxt.read_deleted = 'no' self.assertEqual('no', ctxt.read_deleted)
def setUp(self): super(PlanApiTest, self).setUp() self.controller = plans.PlansController() self.ctxt = context.RequestContext('demo', 'fakeproject', True)
def setUp(self): super(PlanApiTest, self).setUp() self.controller = plans.PlansController() self.ctxt = context.RequestContext('demo', DEFAULT_PROJECT_ID, True)
def setUp(self): super(ProtectablesApiTest, self).setUp() self.controller = protectables.ProtectablesController() self.ctxt = context.RequestContext('admin', 'fakeproject', True)
def test_request_context_sets_is_admin_upcase(self): ctxt = context.RequestContext('111', '222', roles=['Admin', 'weasel']) self.assertTrue(ctxt.is_admin)