def new_client(self):
t = fixture.V2Token(user_id=self.user_id)
t.set_scope()
s = t.add_service('identity')
s.add_endpoint(self.TEST_URL)
d = fixture.V2Discovery(self.TEST_URL)
self.requests.register_uri('POST', self.TEST_URL + '/tokens', json=t)
# NOTE(jamielennox): Because of the versioned URL hack here even though
# the V2 URL will be in the service catalog it will be the root URL
# that will be queried for discovery.
self.requests.register_uri('GET', self.TEST_ROOT_URL,
json={'version': d})
a = ksa_identity.V2Password(username=uuid.uuid4().hex,
password=uuid.uuid4().hex,
auth_url=self.TEST_URL)
s = ksa_session.Session(auth=a)
return v2_client.Client(session=s)
def add_token_data(self,
token_id=None,
expires=None,
user_id=None,
user_name=None,
user_domain_id=None,
user_domain_name=None,
project_id=None,
project_domain_id=None,
project_domain_name=None,
role_list=None,
is_v2=False):
"""Add token data to the auth_token fixture."""
if not token_id:
token_id = uuid.uuid4().hex
if not role_list:
role_list = []
if is_v2:
token = client_fixtures.V2Token(token_id=token_id,
expires=expires,
tenant_id=project_id,
user_id=user_id,
user_name=user_name)
else:
token = client_fixtures.V3Token(
expires=expires,
user_id=user_id,
user_name=user_name,
user_domain_id=user_domain_id,
project_id=project_id,
project_domain_id=project_domain_id,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
for role in role_list:
token.add_role(name=role)
self._token_data[token_id] = token
def test_user_password(self):
token_fixture = fixture.V2Token(user_name=self.TEST_USER)
self.stub_auth(json=token_fixture)
password = uuid.uuid4().hex
token_ref = self.client.tokens.authenticate(username=self.TEST_USER,
password=password)
self.assertIsInstance(token_ref, tokens.Token)
self.assertEqual(token_fixture.token_id, token_ref.id)
self.assertEqual(token_fixture.expires_str, token_ref.expires)
req_body = {
'auth': {
'passwordCredentials': {
'username': self.TEST_USER,
'password': password,
}
}
}
self.assertRequestBodyIs(json=req_body)
def make_v2_token(req_mock):
"""Create an Identity v2 token and register the responses"""
token = ksa_fixture.V2Token(
tenant_name=test_shell.DEFAULT_PROJECT_NAME,
user_name=test_shell.DEFAULT_USERNAME,
)
# Set up the v2 auth routes
req_mock.register_uri(
'GET',
V2_AUTH_URL,
json=V2_VERSION_RESP,
status_code=200,
)
req_mock.register_uri(
'POST',
V2_AUTH_URL + 'tokens',
json=token,
status_code=200,
)
return token
def test_returns_original_when_discover_fails(self):
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
self.stub_url('GET', [], base_url=self.BASE_URL, status_code=404)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
interface='public',
version=(3, 0))
self.assertEqual(self.V2_URL, endpoint)
def test_list_tenants_fallback_to_auth_url(self):
new_auth_url = 'http://keystone.test:5000/v2.0'
token = fixture.V2Token(token_id=self.TEST_TOKEN,
user_name=self.TEST_USER,
user_id=self.TEST_USER_ID)
self.stub_auth(base_url=new_auth_url, json=token)
self.stub_url('GET', ['tenants'], base_url=new_auth_url,
json=self.TEST_TENANTS)
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
c = client.Client(username=self.TEST_USER,
auth_url=new_auth_url,
password=uuid.uuid4().hex)
self.assertIsNone(c.management_url)
tenant_list = c.tenants.list()
[self.assertIsInstance(t, tenants.Tenant) for t in tenant_list]
self.assertEqual(len(self.TEST_TENANTS['tenants']['values']),
len(tenant_list))
def test_service_catalog_multiple_service_types(self):
token = fixture.V2Token()
token.set_scope()
for i in range(3):
s = token.add_service('compute')
s.add_endpoint(public='public-%d' % i,
admin='admin-%d' % i,
internal='internal-%d' % i,
region='region-%d' % i)
auth_ref = access.create(body=token)
urls = auth_ref.service_catalog.get_urls(service_type='compute',
interface='publicURL')
self.assertEqual(set(['public-0', 'public-1', 'public-2']), set(urls))
urls = auth_ref.service_catalog.get_urls(service_type='compute',
interface='publicURL',
region_name='region-1')
self.assertEqual(('public-1', ), urls)
def test_getting_endpoints(self):
disc = fixture.DiscoveryList(href=self.BASE_URL)
self.stub_url('GET', ['/'], base_url=self.BASE_URL, json=disc)
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
interface='public',
version=(3, 0))
self.assertEqual(self.V3_URL, endpoint)
def setUp(self):
super(V2UserPluginTests, self).setUp()
self.service_token = fixture.V2Token()
self.service_token.set_scope()
s = self.service_token.add_service('identity', name='keystone')
s.add_endpoint(public=BASE_URI, admin=BASE_URI, internal=BASE_URI)
self.configure_middleware(auth_type='v2password',
auth_url='%s/v2.0/' % AUTH_URL,
user_id=self.service_token.user_id,
password=uuid.uuid4().hex,
tenant_id=self.service_token.tenant_id)
auth_discovery = fixture.DiscoveryList(href=AUTH_URL, v3=False)
self.requests_mock.get(AUTH_URL, json=auth_discovery)
base_discovery = fixture.DiscoveryList(href=BASE_URI, v3=False)
self.requests_mock.get(BASE_URI, json=base_discovery)
url = '%s/v2.0/tokens' % AUTH_URL
self.requests_mock.post(url, json=self.service_token)
def test_building_scoped_accessinfo(self):
token = fixture.V2Token()
token.set_scope()
s = token.add_service('identity')
s.add_endpoint('http://url')
role_data = token.add_role()
auth_ref = access.create(body=token)
self.assertIsInstance(auth_ref, access.AccessInfoV2)
self.assertTrue(auth_ref.has_service_catalog())
self.assertEqual(auth_ref.auth_token, token.token_id)
self.assertEqual(auth_ref.username, token.user_name)
self.assertEqual(auth_ref.user_id, token.user_id)
self.assertEqual(auth_ref.role_ids, [role_data['id']])
self.assertEqual(auth_ref.role_names, [role_data['name']])
self.assertEqual(auth_ref.tenant_name, token.tenant_name)
self.assertEqual(auth_ref.tenant_id, token.tenant_id)
self.assertEqual(auth_ref.tenant_name, auth_ref.project_name)
self.assertEqual(auth_ref.tenant_id, auth_ref.project_id)
self.assertIsNone(auth_ref.project_domain_id, 'default')
self.assertIsNone(auth_ref.project_domain_name, 'Default')
self.assertIsNone(auth_ref.user_domain_id, 'default')
self.assertIsNone(auth_ref.user_domain_name, 'Default')
self.assertTrue(auth_ref.project_scoped)
self.assertFalse(auth_ref.domain_scoped)
self.assertEqual(token.audit_id, auth_ref.audit_id)
self.assertEqual(token.audit_chain_id, auth_ref.audit_chain_id)
def register_keystone_v2_token_fixture(self, request_mocker):
v2_token = ks_fixture.V2Token()
service = v2_token.add_service('baremetal')
service.add_endpoint('http://ironic.example.com', region='RegionOne')
request_mocker.post('%s/tokens' % V2_URL, json=v2_token)
def setUp(self):
super(ServiceCatalogTest, self).setUp()
self.AUTH_RESPONSE_BODY = fixture.V2Token(
token_id='ab48a9efdfedb23ty3494',
expires='2010-11-01T03:32:15-05:00',
tenant_id='345',
tenant_name='My Project',
user_id='123',
user_name='jqsmith',
audit_chain_id=uuid.uuid4().hex)
self.AUTH_RESPONSE_BODY.add_role(id='234', name='compute:admin')
role = self.AUTH_RESPONSE_BODY.add_role(id='235',
name='object-store:admin')
role['tenantId'] = '1'
s = self.AUTH_RESPONSE_BODY.add_service('compute', 'Cloud Servers')
endpoint = s.add_endpoint(
public='https://compute.north.host/v1/1234',
internal='https://compute.north.host/v1/1234',
region='North')
endpoint['tenantId'] = '1'
endpoint['versionId'] = '1.0'
endpoint['versionInfo'] = 'https://compute.north.host/v1.0/'
endpoint['versionList'] = 'https://compute.north.host/'
endpoint = s.add_endpoint(
public='https://compute.north.host/v1.1/3456',
internal='https://compute.north.host/v1.1/3456',
region='North')
endpoint['tenantId'] = '2'
endpoint['versionId'] = '1.1'
endpoint['versionInfo'] = 'https://compute.north.host/v1.1/'
endpoint['versionList'] = 'https://compute.north.host/'
s = self.AUTH_RESPONSE_BODY.add_service('object-store', 'Cloud Files')
endpoint = s.add_endpoint(public='https://swift.north.host/v1/blah',
internal='https://swift.north.host/v1/blah',
region='South')
endpoint['tenantId'] = '11'
endpoint['versionId'] = '1.0'
endpoint['versionInfo'] = 'uri'
endpoint['versionList'] = 'uri'
endpoint = s.add_endpoint(
public='https://swift.north.host/v1.1/blah',
internal='https://compute.north.host/v1.1/blah',
region='South')
endpoint['tenantId'] = '2'
endpoint['versionId'] = '1.1'
endpoint['versionInfo'] = 'https://swift.north.host/v1.1/'
endpoint['versionList'] = 'https://swift.north.host/'
s = self.AUTH_RESPONSE_BODY.add_service('image', 'Image Servers')
s.add_endpoint(public='https://image.north.host/v1/',
internal='https://image-internal.north.host/v1/',
region='North')
s.add_endpoint(public='https://image.south.host/v1/',
internal='https://image-internal.south.host/v1/',
region='South')
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystoneauth1 import fixture
from jacketclient import exceptions
from jacketclient import service_catalog
from jacketclient.tests.unit import utils
SERVICE_CATALOG = fixture.V2Token()
SERVICE_CATALOG.set_scope()
_s = SERVICE_CATALOG.add_service('jacket')
_e = _s.add_endpoint("https://jacket1.host/v1/1")
_e["tenantId"] = "1"
_e["versionId"] = "1.0"
_e = _s.add_endpoint("https://jacket1.host/v1.1/2", region="North")
_e["tenantId"] = "2"
_e["versionId"] = "1.1"
_e = _s.add_endpoint("https://jacket1.host/v1/1", region="North")
_e["tenantId"] = "1"
_e["versionId"] = "2"
_s = SERVICE_CATALOG.add_service('volume')
_e = _s.add_endpoint("https://volume1.host/v1/1", region="South")
def test_is_admin_project(self):
token = fixture.V2Token()
auth_ref = access.create(body=token)
self.assertIsInstance(auth_ref, access.AccessInfoV2)
self.assertIs(True, auth_ref.is_admin_project)
def setUp(self):
super(Examples, self).setUp()
# The data for several tests are signed using openssl and are stored in
# files in the signing subdirectory. In order to keep the values
# consistent between the tests and the signed documents, we read them
# in for use in the tests.
with open(os.path.join(CMSDIR, 'auth_token_scoped.json')) as f:
self.TOKEN_SCOPED_DATA = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_token_scoped.pem')) as f:
self.SIGNED_TOKEN_SCOPED = cms.cms_to_token(f.read())
self.SIGNED_TOKEN_SCOPED_HASH = _hash_signed_token_safe(
self.SIGNED_TOKEN_SCOPED)
self.SIGNED_TOKEN_SCOPED_HASH_SHA256 = _hash_signed_token_safe(
self.SIGNED_TOKEN_SCOPED, mode='sha256')
with open(os.path.join(CMSDIR, 'auth_token_unscoped.pem')) as f:
self.SIGNED_TOKEN_UNSCOPED = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_v3_token_scoped.pem')) as f:
self.SIGNED_v3_TOKEN_SCOPED = cms.cms_to_token(f.read())
self.SIGNED_v3_TOKEN_SCOPED_HASH = _hash_signed_token_safe(
self.SIGNED_v3_TOKEN_SCOPED)
self.SIGNED_v3_TOKEN_SCOPED_HASH_SHA256 = _hash_signed_token_safe(
self.SIGNED_v3_TOKEN_SCOPED, mode='sha256')
with open(os.path.join(CMSDIR, 'auth_token_revoked.pem')) as f:
self.REVOKED_TOKEN = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_token_scoped_expired.pem')) as f:
self.SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_v3_token_revoked.pem')) as f:
self.REVOKED_v3_TOKEN = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_token_scoped.pkiz')) as f:
self.SIGNED_TOKEN_SCOPED_PKIZ = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_token_unscoped.pkiz')) as f:
self.SIGNED_TOKEN_UNSCOPED_PKIZ = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_v3_token_scoped.pkiz')) as f:
self.SIGNED_v3_TOKEN_SCOPED_PKIZ = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_token_revoked.pkiz')) as f:
self.REVOKED_TOKEN_PKIZ = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR,
'auth_token_scoped_expired.pkiz')) as f:
self.SIGNED_TOKEN_SCOPED_EXPIRED_PKIZ = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'auth_v3_token_revoked.pkiz')) as f:
self.REVOKED_v3_TOKEN_PKIZ = cms.cms_to_token(f.read())
with open(os.path.join(CMSDIR, 'revocation_list.json')) as f:
self.REVOCATION_LIST = jsonutils.loads(f.read())
with open(os.path.join(CMSDIR, 'revocation_list.pem')) as f:
self.SIGNED_REVOCATION_LIST = jsonutils.dumps({'signed': f.read()})
self.SIGNING_CERT_FILE = os.path.join(CERTDIR, 'signing_cert.pem')
with open(self.SIGNING_CERT_FILE) as f:
self.SIGNING_CERT = f.read()
self.KERBEROS_BIND = 'USER@REALM'
self.SERVICE_KERBEROS_BIND = 'SERVICE_USER@SERVICE_REALM'
self.SIGNING_KEY_FILE = os.path.join(KEYDIR, 'signing_key.pem')
with open(self.SIGNING_KEY_FILE) as f:
self.SIGNING_KEY = f.read()
self.SIGNING_CA_FILE = os.path.join(CERTDIR, 'cacert.pem')
with open(self.SIGNING_CA_FILE) as f:
self.SIGNING_CA = f.read()
self.UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
self.UUID_TOKEN_NO_SERVICE_CATALOG = '8286720fbe4941e69fa8241723bb02df'
self.UUID_TOKEN_UNSCOPED = '731f903721c14827be7b2dc912af7776'
self.UUID_TOKEN_BIND = '3fc54048ad64405c98225ce0897af7c5'
self.UUID_TOKEN_UNKNOWN_BIND = '8885fdf4d42e4fb9879e6379fa1eaf48'
self.VALID_DIABLO_TOKEN = 'b0cf19b55dbb4f20a6ee18e6c6cf1726'
self.v3_UUID_TOKEN_DEFAULT = '5603457654b346fdbb93437bfe76f2f1'
self.v3_UUID_TOKEN_UNSCOPED = 'd34835fdaec447e695a0a024d84f8d79'
self.v3_UUID_TOKEN_DOMAIN_SCOPED = 'e8a7b63aaa4449f38f0c5c05c3581792'
self.v3_UUID_TOKEN_BIND = '2f61f73e1c854cbb9534c487f9bd63c2'
self.v3_UUID_TOKEN_UNKNOWN_BIND = '7ed9781b62cd4880b8d8c6788ab1d1e2'
self.UUID_SERVICE_TOKEN_DEFAULT = 'fe4c0710ec2f492748596c1b53ab124'
self.UUID_SERVICE_TOKEN_BIND = '5e43439613d34a13a7e03b2762bd08ab'
self.v3_UUID_SERVICE_TOKEN_DEFAULT = 'g431071bbc2f492748596c1b53cb229'
self.v3_UUID_SERVICE_TOKEN_BIND = 'be705e4426d0449a89e35ae21c380a05'
self.v3_NOT_IS_ADMIN_PROJECT = uuid.uuid4().hex
revoked_token = self.REVOKED_TOKEN
if isinstance(revoked_token, six.text_type):
revoked_token = revoked_token.encode('utf-8')
self.REVOKED_TOKEN_HASH = utils.hash_signed_token(revoked_token)
self.REVOKED_TOKEN_HASH_SHA256 = utils.hash_signed_token(revoked_token,
mode='sha256')
self.REVOKED_TOKEN_LIST = (
{'revoked': [{'id': self.REVOKED_TOKEN_HASH,
'expires': timeutils.utcnow()}]})
self.REVOKED_TOKEN_LIST_JSON = jsonutils.dumps(self.REVOKED_TOKEN_LIST)
revoked_v3_token = self.REVOKED_v3_TOKEN
if isinstance(revoked_v3_token, six.text_type):
revoked_v3_token = revoked_v3_token.encode('utf-8')
self.REVOKED_v3_TOKEN_HASH = utils.hash_signed_token(revoked_v3_token)
hash = utils.hash_signed_token(revoked_v3_token, mode='sha256')
self.REVOKED_v3_TOKEN_HASH_SHA256 = hash
self.REVOKED_v3_TOKEN_LIST = (
{'revoked': [{'id': self.REVOKED_v3_TOKEN_HASH,
'expires': timeutils.utcnow()}]})
self.REVOKED_v3_TOKEN_LIST_JSON = jsonutils.dumps(
self.REVOKED_v3_TOKEN_LIST)
revoked_token_pkiz = self.REVOKED_TOKEN_PKIZ
if isinstance(revoked_token_pkiz, six.text_type):
revoked_token_pkiz = revoked_token_pkiz.encode('utf-8')
self.REVOKED_TOKEN_PKIZ_HASH = utils.hash_signed_token(
revoked_token_pkiz)
revoked_v3_token_pkiz = self.REVOKED_v3_TOKEN_PKIZ
if isinstance(revoked_v3_token_pkiz, six.text_type):
revoked_v3_token_pkiz = revoked_v3_token_pkiz.encode('utf-8')
self.REVOKED_v3_PKIZ_TOKEN_HASH = utils.hash_signed_token(
revoked_v3_token_pkiz)
self.REVOKED_TOKEN_PKIZ_LIST = (
{'revoked': [{'id': self.REVOKED_TOKEN_PKIZ_HASH,
'expires': timeutils.utcnow()},
{'id': self.REVOKED_v3_PKIZ_TOKEN_HASH,
'expires': timeutils.utcnow()},
]})
self.REVOKED_TOKEN_PKIZ_LIST_JSON = jsonutils.dumps(
self.REVOKED_TOKEN_PKIZ_LIST)
self.SIGNED_TOKEN_SCOPED_KEY = cms.cms_hash_token(
self.SIGNED_TOKEN_SCOPED)
self.SIGNED_TOKEN_UNSCOPED_KEY = cms.cms_hash_token(
self.SIGNED_TOKEN_UNSCOPED)
self.SIGNED_v3_TOKEN_SCOPED_KEY = cms.cms_hash_token(
self.SIGNED_v3_TOKEN_SCOPED)
self.SIGNED_TOKEN_SCOPED_PKIZ_KEY = cms.cms_hash_token(
self.SIGNED_TOKEN_SCOPED_PKIZ)
self.SIGNED_TOKEN_UNSCOPED_PKIZ_KEY = cms.cms_hash_token(
self.SIGNED_TOKEN_UNSCOPED_PKIZ)
self.SIGNED_v3_TOKEN_SCOPED_PKIZ_KEY = cms.cms_hash_token(
self.SIGNED_v3_TOKEN_SCOPED_PKIZ)
self.INVALID_SIGNED_TOKEN = (
"MIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
"CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"0000000000000000000000000000000000000000000000000000000000000000"
"1111111111111111111111111111111111111111111111111111111111111111"
"2222222222222222222222222222222222222222222222222222222222222222"
"3333333333333333333333333333333333333333333333333333333333333333"
"4444444444444444444444444444444444444444444444444444444444444444"
"5555555555555555555555555555555555555555555555555555555555555555"
"6666666666666666666666666666666666666666666666666666666666666666"
"7777777777777777777777777777777777777777777777777777777777777777"
"8888888888888888888888888888888888888888888888888888888888888888"
"9999999999999999999999999999999999999999999999999999999999999999"
"0000000000000000000000000000000000000000000000000000000000000000")
self.INVALID_SIGNED_PKIZ_TOKEN = (
"PKIZ_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
"CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"0000000000000000000000000000000000000000000000000000000000000000"
"1111111111111111111111111111111111111111111111111111111111111111"
"2222222222222222222222222222222222222222222222222222222222222222"
"3333333333333333333333333333333333333333333333333333333333333333"
"4444444444444444444444444444444444444444444444444444444444444444"
"5555555555555555555555555555555555555555555555555555555555555555"
"6666666666666666666666666666666666666666666666666666666666666666"
"7777777777777777777777777777777777777777777777777777777777777777"
"8888888888888888888888888888888888888888888888888888888888888888"
"9999999999999999999999999999999999999999999999999999999999999999"
"0000000000000000000000000000000000000000000000000000000000000000")
# JSON responses keyed by token ID
self.TOKEN_RESPONSES = {}
# basic values
PROJECT_ID = 'tenant_id1'
PROJECT_NAME = 'tenant_name1'
USER_ID = 'user_id1'
USER_NAME = 'user_name1'
DOMAIN_ID = 'domain_id1'
DOMAIN_NAME = 'domain_name1'
ROLE_NAME1 = 'role1'
ROLE_NAME2 = 'role2'
SERVICE_PROJECT_ID = 'service_project_id1'
SERVICE_PROJECT_NAME = 'service_project_name1'
SERVICE_USER_ID = 'service_user_id1'
SERVICE_USER_NAME = 'service_user_name1'
SERVICE_DOMAIN_ID = 'service_domain_id1'
SERVICE_DOMAIN_NAME = 'service_domain_name1'
SERVICE_ROLE_NAME1 = 'service_role1'
SERVICE_ROLE_NAME2 = 'service_role2'
self.SERVICE_TYPE = 'identity'
self.UNVERSIONED_SERVICE_URL = 'http://keystone.server:5000/'
self.SERVICE_URL = self.UNVERSIONED_SERVICE_URL + 'v2.0'
# Old Tokens
self.TOKEN_RESPONSES[self.VALID_DIABLO_TOKEN] = {
'access': {
'token': {
'id': self.VALID_DIABLO_TOKEN,
'expires': '2020-01-01T00:00:10.000123Z',
'tenantId': PROJECT_ID,
},
'user': {
'id': USER_ID,
'name': USER_NAME,
'roles': [
{'name': ROLE_NAME1},
{'name': ROLE_NAME2},
],
},
},
}
# Generated V2 Tokens
token = fixture.V2Token(token_id=self.UUID_TOKEN_DEFAULT,
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint(public=self.SERVICE_URL)
self.TOKEN_RESPONSES[self.UUID_TOKEN_DEFAULT] = token
token = fixture.V2Token(token_id=self.UUID_TOKEN_UNSCOPED,
user_id=USER_ID,
user_name=USER_NAME)
self.TOKEN_RESPONSES[self.UUID_TOKEN_UNSCOPED] = token
token = fixture.V2Token(token_id='valid-token',
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(ROLE_NAME1)
token.add_role(ROLE_NAME2)
self.TOKEN_RESPONSES[self.UUID_TOKEN_NO_SERVICE_CATALOG] = token
token = fixture.V2Token(token_id=self.SIGNED_TOKEN_SCOPED_KEY,
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(ROLE_NAME1)
token.add_role(ROLE_NAME2)
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY] = token
token = fixture.V2Token(token_id=self.SIGNED_TOKEN_UNSCOPED_KEY,
user_id=USER_ID,
user_name=USER_NAME)
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED_KEY] = token
token = fixture.V2Token(token_id=self.UUID_TOKEN_BIND,
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(ROLE_NAME1)
token.add_role(ROLE_NAME2)
token['access']['token']['bind'] = {'kerberos': self.KERBEROS_BIND}
self.TOKEN_RESPONSES[self.UUID_TOKEN_BIND] = token
token = fixture.V2Token(token_id=self.UUID_SERVICE_TOKEN_BIND,
tenant_id=SERVICE_PROJECT_ID,
tenant_name=SERVICE_PROJECT_NAME,
user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME)
token.add_role(SERVICE_ROLE_NAME1)
token.add_role(SERVICE_ROLE_NAME2)
token['access']['token']['bind'] = {
'kerberos': self.SERVICE_KERBEROS_BIND}
self.TOKEN_RESPONSES[self.UUID_SERVICE_TOKEN_BIND] = token
token = fixture.V2Token(token_id=self.UUID_TOKEN_UNKNOWN_BIND,
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(ROLE_NAME1)
token.add_role(ROLE_NAME2)
token['access']['token']['bind'] = {'FOO': 'BAR'}
self.TOKEN_RESPONSES[self.UUID_TOKEN_UNKNOWN_BIND] = token
token = fixture.V2Token(token_id=self.UUID_SERVICE_TOKEN_DEFAULT,
tenant_id=SERVICE_PROJECT_ID,
tenant_name=SERVICE_PROJECT_NAME,
user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME)
token.add_role(name=SERVICE_ROLE_NAME1)
token.add_role(name=SERVICE_ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint(public=self.SERVICE_URL)
self.TOKEN_RESPONSES[self.UUID_SERVICE_TOKEN_DEFAULT] = token
# Generated V3 Tokens
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(id=ROLE_NAME1, name=ROLE_NAME1)
token.add_role(id=ROLE_NAME2, name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_DEFAULT] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME)
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_UNSCOPED] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
domain_id=DOMAIN_ID,
domain_name=DOMAIN_NAME)
token.add_role(id=ROLE_NAME1, name=ROLE_NAME1)
token.add_role(id=ROLE_NAME2, name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_DOMAIN_SCOPED] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.SIGNED_v3_TOKEN_SCOPED_KEY] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
token['token']['bind'] = {'kerberos': self.KERBEROS_BIND}
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_BIND] = token
token = fixture.V3Token(user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME,
user_domain_id=SERVICE_DOMAIN_ID,
user_domain_name=SERVICE_DOMAIN_NAME,
project_id=SERVICE_PROJECT_ID,
project_name=SERVICE_PROJECT_NAME,
project_domain_id=SERVICE_DOMAIN_ID,
project_domain_name=SERVICE_DOMAIN_NAME)
token.add_role(name=SERVICE_ROLE_NAME1)
token.add_role(name=SERVICE_ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
token['token']['bind'] = {'kerberos': self.SERVICE_KERBEROS_BIND}
self.TOKEN_RESPONSES[self.v3_UUID_SERVICE_TOKEN_BIND] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
token['token']['bind'] = {'FOO': 'BAR'}
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_UNKNOWN_BIND] = token
token = fixture.V3Token(user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME,
user_domain_id=SERVICE_DOMAIN_ID,
user_domain_name=SERVICE_DOMAIN_NAME,
project_id=SERVICE_PROJECT_ID,
project_name=SERVICE_PROJECT_NAME,
project_domain_id=SERVICE_DOMAIN_ID,
project_domain_name=SERVICE_DOMAIN_NAME)
token.add_role(id=SERVICE_ROLE_NAME1,
name=SERVICE_ROLE_NAME1)
token.add_role(id=SERVICE_ROLE_NAME2,
name=SERVICE_ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_UUID_SERVICE_TOKEN_DEFAULT] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME,
is_admin_project=False)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_NOT_IS_ADMIN_PROJECT] = token
# PKIZ tokens generally link to above tokens
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_PKIZ_KEY] = (
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_SCOPED_KEY])
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED_PKIZ_KEY] = (
self.TOKEN_RESPONSES[self.SIGNED_TOKEN_UNSCOPED_KEY])
self.TOKEN_RESPONSES[self.SIGNED_v3_TOKEN_SCOPED_PKIZ_KEY] = (
self.TOKEN_RESPONSES[self.SIGNED_v3_TOKEN_SCOPED_KEY])
self.JSON_TOKEN_RESPONSES = dict([(k, jsonutils.dumps(v)) for k, v in
six.iteritems(self.TOKEN_RESPONSES)])
def setUp(self):
super(Examples, self).setUp()
self.KERBEROS_BIND = 'USER@REALM'
self.SERVICE_KERBEROS_BIND = 'SERVICE_USER@SERVICE_REALM'
self.UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d"
self.UUID_TOKEN_NO_SERVICE_CATALOG = '8286720fbe4941e69fa8241723bb02df'
self.UUID_TOKEN_UNSCOPED = '731f903721c14827be7b2dc912af7776'
self.UUID_TOKEN_BIND = '3fc54048ad64405c98225ce0897af7c5'
self.UUID_TOKEN_UNKNOWN_BIND = '8885fdf4d42e4fb9879e6379fa1eaf48'
self.v3_UUID_TOKEN_DEFAULT = '5603457654b346fdbb93437bfe76f2f1'
self.v3_UUID_TOKEN_UNSCOPED = 'd34835fdaec447e695a0a024d84f8d79'
self.v3_UUID_TOKEN_DOMAIN_SCOPED = 'e8a7b63aaa4449f38f0c5c05c3581792'
self.v3_UUID_TOKEN_BIND = '2f61f73e1c854cbb9534c487f9bd63c2'
self.v3_UUID_TOKEN_UNKNOWN_BIND = '7ed9781b62cd4880b8d8c6788ab1d1e2'
self.v3_SYSTEM_SCOPED_TOKEN = '9ca6e88364b6418a88ffc02e6a24afd8'
self.UUID_SERVICE_TOKEN_DEFAULT = 'fe4c0710ec2f492748596c1b53ab124'
self.UUID_SERVICE_TOKEN_BIND = '5e43439613d34a13a7e03b2762bd08ab'
self.v3_UUID_SERVICE_TOKEN_DEFAULT = 'g431071bbc2f492748596c1b53cb229'
self.v3_UUID_SERVICE_TOKEN_BIND = 'be705e4426d0449a89e35ae21c380a05'
self.v3_NOT_IS_ADMIN_PROJECT = uuid.uuid4().hex
self.v3_APP_CRED_TOKEN = '6f506fa9641448bbaecbd12dd30678a9'
self.v3_APP_CRED_ACCESS_RULES = 'c417747898c44629b08791f2579e40a5'
self.v3_APP_CRED_EMPTY_ACCESS_RULES = 'c75905c307f04fdd9979126582d7aae'
self.v3_APP_CRED_MATCHING_RULES = 'ad49decc7106489d95ca9ed874b6cb66'
# JSON responses keyed by token ID
self.TOKEN_RESPONSES = {}
# basic values
PROJECT_ID = 'tenant_id1'
PROJECT_NAME = 'tenant_name1'
USER_ID = 'user_id1'
USER_NAME = 'user_name1'
DOMAIN_ID = 'domain_id1'
DOMAIN_NAME = 'domain_name1'
ROLE_NAME1 = 'role1'
ROLE_NAME2 = 'role2'
SERVICE_PROJECT_ID = 'service_project_id1'
SERVICE_PROJECT_NAME = 'service_project_name1'
SERVICE_USER_ID = 'service_user_id1'
SERVICE_USER_NAME = 'service_user_name1'
SERVICE_DOMAIN_ID = 'service_domain_id1'
SERVICE_DOMAIN_NAME = 'service_domain_name1'
SERVICE_ROLE_NAME1 = 'service'
SERVICE_ROLE_NAME2 = 'service_role2'
APP_CRED_ID = 'app_cred_id1'
self.SERVICE_TYPE = 'identity'
self.UNVERSIONED_SERVICE_URL = 'https://keystone.example.com:1234/'
self.SERVICE_URL = self.UNVERSIONED_SERVICE_URL + 'v2.0'
# Generated V2 Tokens
token = fixture.V2Token(token_id=self.UUID_TOKEN_DEFAULT,
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint(public=self.SERVICE_URL)
self.TOKEN_RESPONSES[self.UUID_TOKEN_DEFAULT] = token
token = fixture.V2Token(token_id=self.UUID_TOKEN_UNSCOPED,
user_id=USER_ID,
user_name=USER_NAME)
self.TOKEN_RESPONSES[self.UUID_TOKEN_UNSCOPED] = token
token = fixture.V2Token(token_id='valid-token',
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(ROLE_NAME1)
token.add_role(ROLE_NAME2)
self.TOKEN_RESPONSES[self.UUID_TOKEN_NO_SERVICE_CATALOG] = token
token = fixture.V2Token(token_id=self.UUID_TOKEN_BIND,
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(ROLE_NAME1)
token.add_role(ROLE_NAME2)
token['access']['token']['bind'] = {'kerberos': self.KERBEROS_BIND}
self.TOKEN_RESPONSES[self.UUID_TOKEN_BIND] = token
token = fixture.V2Token(token_id=self.UUID_SERVICE_TOKEN_BIND,
tenant_id=SERVICE_PROJECT_ID,
tenant_name=SERVICE_PROJECT_NAME,
user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME)
token.add_role(SERVICE_ROLE_NAME1)
token.add_role(SERVICE_ROLE_NAME2)
token['access']['token']['bind'] = {
'kerberos': self.SERVICE_KERBEROS_BIND
}
self.TOKEN_RESPONSES[self.UUID_SERVICE_TOKEN_BIND] = token
token = fixture.V2Token(token_id=self.UUID_TOKEN_UNKNOWN_BIND,
tenant_id=PROJECT_ID,
tenant_name=PROJECT_NAME,
user_id=USER_ID,
user_name=USER_NAME)
token.add_role(ROLE_NAME1)
token.add_role(ROLE_NAME2)
token['access']['token']['bind'] = {'FOO': 'BAR'}
self.TOKEN_RESPONSES[self.UUID_TOKEN_UNKNOWN_BIND] = token
token = fixture.V2Token(token_id=self.UUID_SERVICE_TOKEN_DEFAULT,
tenant_id=SERVICE_PROJECT_ID,
tenant_name=SERVICE_PROJECT_NAME,
user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME)
token.add_role(name=SERVICE_ROLE_NAME1)
token.add_role(name=SERVICE_ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint(public=self.SERVICE_URL)
self.TOKEN_RESPONSES[self.UUID_SERVICE_TOKEN_DEFAULT] = token
# Generated V3 Tokens
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(id=ROLE_NAME1, name=ROLE_NAME1)
token.add_role(id=ROLE_NAME2, name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_DEFAULT] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME)
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_UNSCOPED] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME)
token.system = {'all': True}
token.add_role(id=ROLE_NAME1, name=ROLE_NAME1)
token.add_role(id=ROLE_NAME2, name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_SYSTEM_SCOPED_TOKEN] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
domain_id=DOMAIN_ID,
domain_name=DOMAIN_NAME)
token.add_role(id=ROLE_NAME1, name=ROLE_NAME1)
token.add_role(id=ROLE_NAME2, name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_DOMAIN_SCOPED] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
token['token']['bind'] = {'kerberos': self.KERBEROS_BIND}
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_BIND] = token
token = fixture.V3Token(user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME,
user_domain_id=SERVICE_DOMAIN_ID,
user_domain_name=SERVICE_DOMAIN_NAME,
project_id=SERVICE_PROJECT_ID,
project_name=SERVICE_PROJECT_NAME,
project_domain_id=SERVICE_DOMAIN_ID,
project_domain_name=SERVICE_DOMAIN_NAME)
token.add_role(name=SERVICE_ROLE_NAME1)
token.add_role(name=SERVICE_ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
token['token']['bind'] = {'kerberos': self.SERVICE_KERBEROS_BIND}
self.TOKEN_RESPONSES[self.v3_UUID_SERVICE_TOKEN_BIND] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
token['token']['bind'] = {'FOO': 'BAR'}
self.TOKEN_RESPONSES[self.v3_UUID_TOKEN_UNKNOWN_BIND] = token
token = fixture.V3Token(user_id=SERVICE_USER_ID,
user_name=SERVICE_USER_NAME,
user_domain_id=SERVICE_DOMAIN_ID,
user_domain_name=SERVICE_DOMAIN_NAME,
project_id=SERVICE_PROJECT_ID,
project_name=SERVICE_PROJECT_NAME,
project_domain_id=SERVICE_DOMAIN_ID,
project_domain_name=SERVICE_DOMAIN_NAME)
token.add_role(id=SERVICE_ROLE_NAME1, name=SERVICE_ROLE_NAME1)
token.add_role(id=SERVICE_ROLE_NAME2, name=SERVICE_ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_UUID_SERVICE_TOKEN_DEFAULT] = token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME,
is_admin_project=False)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_NOT_IS_ADMIN_PROJECT] = token
# Application credential token
token = fixture.V3Token(user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME,
application_credential_id=APP_CRED_ID)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
svc = token.add_service('compute')
svc.add_endpoint('public', 'https://nova.openstack.example.org/v2.1')
self.TOKEN_RESPONSES[self.v3_APP_CRED_TOKEN] = token
# Application credential with access_rules token
access_rules = [{
'path': '/v2.1/servers',
'method': 'GET',
'service': 'compute'
}]
token = fixture.V3Token(
user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME,
application_credential_id=APP_CRED_ID,
application_credential_access_rules=access_rules)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
svc = token.add_service('compute')
svc.add_endpoint('public', 'https://nova.openstack.example.org')
svc = token.add_service('image')
svc.add_endpoint('public', 'https://glance.openstack.example.org')
self.TOKEN_RESPONSES[self.v3_APP_CRED_ACCESS_RULES] = token
# Application credential with explicitly empty access_rules
access_rules = []
token = fixture.V3Token(
user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME,
application_credential_id=APP_CRED_ID,
application_credential_access_rules=access_rules)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
self.TOKEN_RESPONSES[self.v3_APP_CRED_EMPTY_ACCESS_RULES] = token
# Application credential with matching rules
access_rules = [{
'path': '/v2.1/servers/{server_id}',
'method': 'GET',
'service': 'compute'
}, {
'path': '/v2/images/*',
'method': 'GET',
'service': 'image'
}, {
'path': '**',
'method': 'GET',
'service': 'identity'
}, {
'path': '/v3/{project_id}/types/{volume_type_id}',
'method': 'GET',
'service': 'block-storage'
}, {
'path': '/v1/*/*/*',
'method': 'GET',
'service': 'object-store'
}]
token = fixture.V3Token(
user_id=USER_ID,
user_name=USER_NAME,
user_domain_id=DOMAIN_ID,
user_domain_name=DOMAIN_NAME,
project_id=PROJECT_ID,
project_name=PROJECT_NAME,
project_domain_id=DOMAIN_ID,
project_domain_name=DOMAIN_NAME,
application_credential_id=APP_CRED_ID,
application_credential_access_rules=access_rules)
token.add_role(name=ROLE_NAME1)
token.add_role(name=ROLE_NAME2)
svc = token.add_service(self.SERVICE_TYPE)
svc.add_endpoint('public', self.SERVICE_URL)
svc = token.add_service('compute')
svc.add_endpoint('public', 'https://nova.openstack.example.org')
svc = token.add_service('image')
svc.add_endpoint('public', 'https://glance.openstack.example.org')
svc = token.add_service('block-storage')
svc.add_endpoint('public', 'https://cinder.openstack.example.org')
svc = token.add_service('object-store')
svc.add_endpoint('public', 'https://swift.openstack.example.org')
self.TOKEN_RESPONSES[self.v3_APP_CRED_MATCHING_RULES] = token
self.JSON_TOKEN_RESPONSES = dict([
(k, jsonutils.dumps(v)) for k, v in self.TOKEN_RESPONSES.items()
])
def unscoped_token():
return fixture.V2Token(token_id='3e2813b7ba0b4006840c3825860b86ed',
expires='2012-10-03T16:58:01Z',
user_id='c4da488862bd435c9e6c0275a0d0e49a',
user_name='exampleuser')
def __init__(self, *args, **kwargs):
super(Base, self).__init__(*args, **kwargs)
self.token = fixture.V2Token()
self.token.set_scope()
}
FAKE_V4_ENV = {
'OS_USERNAME': DEFAULT_USERNAME,
'OS_PASSWORD': DEFAULT_PASSWORD,
'OS_PROJECT_ID': DEFAULT_PROJECT_ID,
'OS_USER_DOMAIN_NAME': DEFAULT_USER_DOMAIN_NAME,
'OS_AUTH_URL': DEFAULT_V3_AUTH_URL,
'OS_SERVICE_TYPE': DEFAULT_SERVICE_TYPE,
'OS_ENDPOINT_TYPE': DEFAULT_ENDPOINT_TYPE,
'OS_AUTH_TOKEN': DEFAULT_AUTH_TOKEN
}
TOKEN_ID = uuid.uuid4().hex
V2_TOKEN = ks_fixture.V2Token(token_id=TOKEN_ID)
V2_TOKEN.set_scope()
_s = V2_TOKEN.add_service('image', name='glance')
_s.add_endpoint(DEFAULT_IMAGE_URL)
V3_TOKEN = ks_fixture.V3Token()
V3_TOKEN.set_project_scope()
_s = V3_TOKEN.add_service('image', name='glance')
_s.add_standard_endpoints(public=DEFAULT_IMAGE_URL,
internal=DEFAULT_IMAGE_URL_INTERNAL)
class ShellTest(testutils.TestCase):
# auth environment to use
auth_env = FAKE_V2_ENV.copy()
# expected auth plugin to invoke
import six
import sys
from keystoneauth1 import fixture
import requests
AUTH_TOKEN = "foobar"
AUTH_URL = "http://0.0.0.0"
USERNAME = "******"
PASSWORD = "******"
PROJECT_NAME = "poochie"
REGION_NAME = "richie"
INTERFACE = "catchy"
VERSION = "3"
TEST_RESPONSE_DICT = fixture.V2Token(token_id=AUTH_TOKEN, user_name=USERNAME)
_s = TEST_RESPONSE_DICT.add_service('identity', name='keystone')
_s.add_endpoint(AUTH_URL + ':5000/v2.0')
_s = TEST_RESPONSE_DICT.add_service('network', name='neutron')
_s.add_endpoint(AUTH_URL + ':9696')
_s = TEST_RESPONSE_DICT.add_service('compute', name='nova')
_s.add_endpoint(AUTH_URL + ':8774/v2')
_s = TEST_RESPONSE_DICT.add_service('image', name='glance')
_s.add_endpoint(AUTH_URL + ':9292')
_s = TEST_RESPONSE_DICT.add_service('object', name='swift')
_s.add_endpoint(AUTH_URL + ':8080/v1')
TEST_RESPONSE_DICT_V3 = fixture.V3Token(user_name=USERNAME)
TEST_RESPONSE_DICT_V3.set_project_scope()
TEST_VERSIONS = fixture.DiscoveryList(href=AUTH_URL)
def test_setting_no_discover_hack(self):
v2_disc = fixture.V2Discovery(self.V2_URL)
common_disc = fixture.DiscoveryList(href=self.BASE_URL)
v2_m = self.stub_url('GET', ['v2.0'],
base_url=self.BASE_URL,
status_code=200,
json=v2_disc)
common_m = self.stub_url('GET', [],
base_url=self.BASE_URL,
status_code=300,
json=common_disc)
resp_text = uuid.uuid4().hex
resp_m = self.stub_url('GET', ['v3', 'path'],
base_url=self.BASE_URL,
status_code=200,
text=resp_text)
# it doesn't matter that we auth with v2 here, discovery hack is in
# base. All identity endpoints point to v2 urls.
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
# v2 auth with v2 url doesn't make any discovery calls.
self.assertFalse(v2_m.called)
self.assertFalse(common_m.called)
# v3 endpoint with hack will strip v2 suffix and call root discovery
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
version=(3, 0),
allow_version_hack=True)
# got v3 url
self.assertEqual(self.V3_URL, endpoint)
# only called root discovery.
self.assertFalse(v2_m.called)
self.assertTrue(common_m.called_once)
# with hack turned off it calls v2 discovery and finds nothing
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
version=(3, 0),
allow_version_hack=False)
self.assertIsNone(endpoint)
# this one called v2
self.assertTrue(v2_m.called_once)
self.assertTrue(common_m.called_once)
# get_endpoint returning None raises EndpointNotFound when requesting
self.assertRaises(exceptions.EndpointNotFound,
sess.get,
'/path',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0),
'allow_version_hack': False
})
self.assertFalse(resp_m.called)
# works when allow_version_hack is set
resp = sess.get('/path',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0),
'allow_version_hack': True
})
self.assertTrue(resp_m.called_once)
self.assertEqual(resp_text, resp.text)
