Esempio n. 1
0
    def _auth_to_url(self, url):
        """
        Test that plain ec2 credentials returns a 200 OK
        """
        access = "xpd285.access"
        secret = "345fgi.secret"
        kwargs = {
            "user_name": self.auth_user['name'],
            "tenant_id": self.auth_user['tenant_id'],
            "type": "EC2",
            "key": access,
            "secret": secret,
        }
        self.fixture_create_credentials(**kwargs)
        req = self.get_request('POST', url)
        params = {
            "SignatureVersion": "2",
            "one_param": "5",
            "two_params": "happy",
        }
        credentials = {
            "access": access,
            "verb": "GET",
            "params": params,
            "host": "some.host.com:8773",
            "path": "services/Cloud",
            "signature": None,
        }
        sign = signer.Signer(secret)
        obj_creds = auth.Ec2Credentials(**credentials)
        credentials['signature'] = sign.generate(obj_creds)
        body = {
            "auth": {
                "ec2Credentials": credentials,
            }
        }
        req.body = json.dumps(body)
        self.get_response()

        expected = {
            u'access': {
                u'token': {
                    u'id': self.auth_token_id,
                    u'expires': self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f")
                },
                u'user': {
                    u'id':
                    unicode(self.auth_user['id']),
                    u'name':
                    self.auth_user['name'],
                    u'roles': [{
                        u'description': u'regular role',
                        u'id': u'0',
                        u'name': u'regular_role'
                    }]
                }
            }
        }
        self.assert_dict_equal(expected, json.loads(self.res.body))
        self.status_ok()
Esempio n. 2
0
    def test_valid_authn_s3_success_json(self):
        """Tests correct syntax with {"auth":} wrapper and extension """
        url = "/tokens"
        access = "xpd285.access"
        secret = "345fgi.secret"
        kwargs = {
            "user_name": self.auth_user['name'],
            "tenant_id": self.auth_user['tenant_id'],
            "type": "EC2",
            "key": access,
            "secret": secret,
        }
        self.fixture_create_credentials(**kwargs)
        req = self.get_request('POST', url)
        params = {
            "x-amz-acl": "public-read-write",
            "x-amz-server-side-encryption": "AES256",
        }
        credentials = {
            "access": access,
            "verb": "PUT",
            "path": "/test.txt",
            "expire": 0,
            "content_type": "text/plain",
            "content_md5": "1234567890abcdef",
            "xheaders": params,
            "signature": None,
        }
        sign = signer.Signer(secret)
        obj_creds = auth.S3Credentials(**credentials)
        credentials['signature'] = sign.generate(obj_creds, s3=True)
        body = {
            "auth": {
                "OS-KSS3:s3Credentials": credentials,
            }
        }
        req.body = json.dumps(body)
        self.get_response()

        expected = {
            u'access': {
                u'token': {
                    u'id': self.auth_token_id,
                    u'expires': self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f")
                },
                u'user': {
                    u'id':
                    unicode(self.auth_user['id']),
                    u'name':
                    self.auth_user['name'],
                    u'roles': [{
                        u'description': u'regular role',
                        u'id': u'0',
                        u'name': u'regular_role'
                    }]
                }
            }
        }
        self.assert_dict_equal(expected, json.loads(self.res.body))
        self.status_ok()
Esempio n. 3
0
    def test_authn_s3_success_json_bad_tenant(self):
        """
        Test that bad credentials returns a 401
        """
        # Create dummy tenant (or adding creds will fail)
        self.fixture_create_tenant(id='bad', name='bad')
        access = "xpd285.access"
        secret = "345fgi.secret"
        kwargs = {
            "user_name": self.auth_user['name'],
            "tenant_id": 'bad',
            "type": "EC2",
            "key": access,
            "secret": secret,
        }
        self.fixture_create_credentials(**kwargs)
        # Delete the 'bad' tenant, orphaning the creds
        self.get_request('DELETE', '/tenants/bad')

        url = "/tokens"
        req = self.get_request('POST', url)
        params = {
            "x-amz-acl": "public-read-write",
            "x-amz-server-side-encryption": "AES256",
        }
        credentials = {
            "access": access,
            "verb": "PUT",
            "path": "/test.txt",
            "expire": 0,
            "content_type": "text/plain",
            "content_md5": "1234567890abcdef",
            "xheaders": params,
            "signature": None,
        }
        sign = signer.Signer(secret)
        obj_creds = auth.S3Credentials(**credentials)
        credentials['signature'] = sign.generate(obj_creds, s3=True)
        body = {
            "auth": {
                "OS-KSS3:s3Credentials": credentials,
            }
        }
        req.body = json.dumps(body)
        self.get_response()

        expected = {
            u'unauthorized': {
                u'code': u'401',
                u'message': u'Unauthorized on this tenant',
            }
        }
        self.assert_dict_equal(expected, json.loads(self.res.body))
        self.assertEqual(self.res.status_int, 401)
Esempio n. 4
0
    def test_authn_ec2_success_json_bad_tenant(self):
        """
        Test that bad credentials returns a 401
        """
        # Create dummy tenant (or adding creds will fail)
        self.fixture_create_tenant(id='bad', name='bad')
        access = "xpd285.access"
        secret = "345fgi.secret"
        kwargs = {
            "user_name": self.auth_user['name'],
            "tenant_id": 'bad',
            "type": "EC2",
            "key": access,
            "secret": secret,
        }
        self.fixture_create_credentials(**kwargs)
        # Delete the 'bad' tenant, orphaning the creds
        self.get_request('DELETE', '/tenants/bad')

        url = "/ec2tokens"
        req = self.get_request('POST', url)
        params = {
            "SignatureVersion": "2",
            "one_param": "5",
            "two_params": "happy",
        }
        credentials = {
            "access": access,
            "verb": "GET",
            "params": params,
            "host": "some.host.com:8773",
            "path": "services/Cloud",
            "signature": None,
        }
        sign = signer.Signer(secret)
        obj_creds = auth.Ec2Credentials(**credentials)
        credentials['signature'] = sign.generate(obj_creds)
        body = {
            "ec2Credentials": credentials,
        }
        req.body = json.dumps(body)
        self.get_response()

        expected = {
            u'unauthorized': {
                u'code': u'401',
                u'message': u'Unauthorized on this tenant',
            }
        }
        self.assert_dict_equal(expected, json.loads(self.res.body))
        self.assertEqual(self.res.status_int, 401)
Esempio n. 5
0
    def test_authn_s3_success_json_bad_user(self):
        """
        Test that bad credentials returns a 401
        """
        access = "xpd285.access"
        secret = "345fgi.secret"
        url = "/tokens"
        req = self.get_request('POST', url)
        params = {
            "x-amz-acl": "public-read-write",
            "x-amz-server-side-encryption": "AES256",
        }
        credentials = {
            "access": access,
            "verb": "PUT",
            "path": "/test.txt",
            "expire": 0,
            "content_type": "text/plain",
            "content_md5": "1234567890abcdef",
            "xheaders": params,
            "signature": None,
        }
        sign = signer.Signer(secret)
        obj_creds = auth.S3Credentials(**credentials)
        credentials['signature'] = sign.generate(obj_creds, s3=True)
        body = {
            "auth": {
                "OS-KSS3:s3Credentials": credentials,
            }
        }
        req.body = json.dumps(body)
        self.get_response()

        expected = {
            u'unauthorized': {
                u'code': u'401',
                u'message': u'No credentials found for %s' % access,
            }
        }
        self.assert_dict_equal(expected, json.loads(self.res.body))
        self.assertEqual(self.res.status_int, 401)
Esempio n. 6
0
    def test_authn_ec2_success_json_bad_user(self):
        """
        Test that bad credentials returns a 401
        """
        access = "xpd285.access"
        secret = "345fgi.secret"
        url = "/ec2tokens"
        req = self.get_request('POST', url)
        params = {
            "SignatureVersion": "2",
            "one_param": "5",
            "two_params": "happy",
        }
        credentials = {
            "access": access,
            "verb": "GET",
            "params": params,
            "host": "some.host.com:8773",
            "path": "services/Cloud",
            "signature": None,
        }
        sign = signer.Signer(secret)
        obj_creds = auth.Ec2Credentials(**credentials)
        credentials['signature'] = sign.generate(obj_creds)
        body = {
            "ec2Credentials": credentials,
        }
        req.body = json.dumps(body)
        self.get_response()

        expected = {
            u'unauthorized': {
                u'code': u'401',
                u'message': u'No credentials found for %s' % access,
            }
        }
        self.assert_dict_equal(expected, json.loads(self.res.body))
        self.assertEqual(self.res.status_int, 401)