Esempio n. 1
0
    def test_swift3_with_s3_token_no_pass_token_to_auth_token(self):
        self.swift = FakeSwift()
        self.keystone_auth = KeystoneAuth(self.swift,
                                          {'operator_roles': 'swift-user'})
        self.auth_token = AuthProtocol(self.keystone_auth,
                                       {'delay_auth_decision': 'True'})
        self.s3_token = S3Token(self.auth_token,
                                {'auth_uri': 'https://fakehost/identity'})
        self.swift3 = Swift3Middleware(self.s3_token, CONF)
        req = Request.blank('/bucket',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers={
                                'Authorization': 'AWS access:signature',
                                'Date': self.get_date_header()
                            })
        self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket',
                            swob.HTTPCreated, {}, None)
        self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {},
                            None)
        with patch.object(self.s3_token, '_json_request') as mock_req:
            with patch.object(self.auth_token,
                              '_do_fetch_token') as mock_fetch:
                mock_resp = requests.Response()
                no_token_id_good_resp = copy.deepcopy(GOOD_RESPONSE_V2)
                # delete token id
                del no_token_id_good_resp['access']['token']['id']
                mock_resp._content = json.dumps(no_token_id_good_resp)
                mock_resp.status_code = 201
                mock_req.return_value = mock_resp

                mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2)
                mock_access_info.will_expire_soon = \
                    lambda stale_duration: False
                mock_fetch.return_value = (MagicMock(), mock_access_info)

                status, headers, body = self.call_swift3(req)
                # No token provided from keystone result in 401 Unauthorized
                # at `swift.common.middleware.keystoneauth` because auth_token
                # will remove all auth headers including 'X-Identity-Status'[1]
                # and then, set X-Identity-Status: Invalid at [2]
                #
                # 1: https://github.com/openstack/keystonemiddleware/blob/
                #    master/keystonemiddleware/auth_token/__init__.py#L620
                # 2: https://github.com/openstack/keystonemiddleware/blob/
                #    master/keystonemiddleware/auth_token/__init__.py#L627-L629

                self.assertEqual('403 Forbidden', status)
                self.assertEqual(1, mock_req.call_count)
                # if no token provided from keystone, we can skip the call to
                # fetch the token
                self.assertEqual(0, mock_fetch.call_count)
Esempio n. 2
0
    def test_swift3_with_s3_token_and_auth_token(self):
        self.swift = FakeSwift()
        self.keystone_auth = KeystoneAuth(self.swift,
                                          {'operator_roles': 'swift-user'})
        self.auth_token = AuthProtocol(self.keystone_auth,
                                       {'delay_auth_decision': 'True'})
        self.s3_token = S3Token(self.auth_token,
                                {'auth_uri': 'https://fakehost/identity'})
        self.swift3 = Swift3Middleware(self.s3_token, CONF)
        req = Request.blank('/bucket',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers={
                                'Authorization': 'AWS access:signature',
                                'Date': self.get_date_header()
                            })
        self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket',
                            swob.HTTPCreated, {}, None)
        self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {},
                            None)
        with patch.object(self.s3_token, '_json_request') as mock_req:
            with patch.object(self.auth_token,
                              '_do_fetch_token') as mock_fetch:
                mock_resp = requests.Response()
                mock_resp._content = json.dumps(GOOD_RESPONSE_V2)
                mock_resp.status_code = 201
                mock_req.return_value = mock_resp

                mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2)
                mock_access_info.will_expire_soon = \
                    lambda stale_duration: False
                mock_fetch.return_value = (MagicMock(), mock_access_info)

                status, headers, body = self.call_swift3(req)
                self.assertEqual(body, '')
                self.assertEqual(1, mock_req.call_count)
                # With X-Auth-Token, auth_token will call _do_fetch_token to
                # connect to keystone in auth_token, again
                self.assertEqual(1, mock_fetch.call_count)