def test_getting_endpoints_on_auth_interface(self):
disc = fixture.DiscoveryList(href=self.BASE_URL)
self.stub_url('GET', ['/'],
base_url=self.BASE_URL,
status_code=300,
json=disc)
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
endpoint = sess.get_endpoint(interface=plugin.AUTH_INTERFACE,
version=(3, 0))
self.assertEqual(self.V3_URL, endpoint)
def _get_auth_plugin(self):
"""Load an auth plugin from CONF options."""
# If an auth plugin name is defined in `auth_type` option of [ironic]
# group, register its options and load it.
auth_plugin = ks_loading.load_auth_from_conf_options(
CONF, IRONIC_GROUP.name)
# If no plugin name is defined, load a v2Password plugin from the
# deprecated, legacy auth options in [ironic] group.
if auth_plugin is None:
LOG.warning(
_LW("Couldn't find adequate authentication options "
"under the [ironic] group of nova.conf. Falling "
"to legacy auth options: admin_username, "
"admin_password, admin_tenant_name and admin_url. "
"Please note that these options are deprecated "
"and won't be supported anymore in a future "
"release."))
legacy_auth = {
'username': CONF.ironic.admin_username,
'password': CONF.ironic.admin_password,
'tenant_name': CONF.ironic.admin_tenant_name,
'auth_url': CONF.ironic.admin_url
}
auth_plugin = identity.V2Password(**legacy_auth)
return auth_plugin
def get_admin_session(auth_url,
username,
password,
project_name=None,
project_domain_name=None,
user_domain_name=None,
verify=False,
timeout=180):
if 'v3' in auth_url:
auth = keystone_auth.V3Password(
auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
project_domain_name=project_domain_name,
user_domain_name=user_domain_name)
else:
auth = keystone_auth.V2Password(auth_url,
username=username,
password=password,
tenant_name=project_name)
session = keystone_auth_session.Session(auth=auth,
timeout=timeout,
verify=verify)
return session
def create_auth_plugin(self, **kwargs):
kwargs.setdefault('auth_url', self.TEST_URL)
kwargs.setdefault('username', self.TEST_USER)
kwargs.setdefault('password', self.TEST_PASS)
try:
kwargs.setdefault('tenant_id', kwargs.pop('project_id'))
except KeyError:
pass
try:
kwargs.setdefault('tenant_name', kwargs.pop('project_name'))
except KeyError:
pass
return identity.V2Password(**kwargs)
def new_client(self):
t = fixture.V2Token(user_id=self.user_id)
t.set_scope()
s = t.add_service('identity')
s.add_endpoint(self.TEST_URL)
d = fixture.V2Discovery(self.TEST_URL)
self.requests.register_uri('POST', self.TEST_URL + '/tokens', json=t)
# NOTE(jamielennox): Because of the versioned URL hack here even though
# the V2 URL will be in the service catalog it will be the root URL
# that will be queried for discovery.
self.requests.register_uri('GET', self.TEST_ROOT_URL,
json={'version': d})
a = ksa_identity.V2Password(username=uuid.uuid4().hex,
password=uuid.uuid4().hex,
auth_url=self.TEST_URL)
s = ksa_session.Session(auth=a)
return v2_client.Client(session=s)
def test_returns_original_when_discover_fails(self):
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
self.stub_url('GET', [], base_url=self.BASE_URL, status_code=404)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
interface='public',
version=(3, 0))
self.assertEqual(self.V2_URL, endpoint)
def create_auth_plugin(self, **kwargs):
kwargs.setdefault('auth_url', self.TEST_URL)
kwargs.setdefault('username', self.TEST_USER)
kwargs.setdefault('password', self.TEST_PASS)
return identity.V2Password(**kwargs)
type=str,
default='admin',
help='Keystone user password, must have admin access')
parser.add_argument('--project-name',
type=str,
default='admin',
help='Keystone user project name, must have admin access')
opts = parser.parse_args()
auth_params = {
"username": os.environ.get("OS_USERNAME", opts.username),
"password": os.environ.get("OS_PASSWORD", opts.password),
"tenant_name": os.environ.get("OS_PROJECT_NAME", opts.project_name),
}
auth = identity.V2Password(os.environ.get("OS_AUTH_URL", opts.auth_url),
**auth_params)
try:
sess = session.Session(auth=auth)
nc = client.Client(session=sess)
network_name = opts.network
network = nc.list_networks(name=network_name)['networks'][0]
print(network['provider:segmentation_id'])
create_body = {
'port': {
'network_id': network['id'],
'admin_state_up': True,
'name': 'generic_switch_test'
}
def test_setting_no_discover_hack(self):
v2_disc = fixture.V2Discovery(self.V2_URL)
common_disc = fixture.DiscoveryList(href=self.BASE_URL)
v2_m = self.stub_url('GET', ['v2.0'],
base_url=self.BASE_URL,
status_code=200,
json=v2_disc)
common_m = self.stub_url('GET', [],
base_url=self.BASE_URL,
status_code=300,
json=common_disc)
resp_text = uuid.uuid4().hex
resp_m = self.stub_url('GET', ['v3', 'path'],
base_url=self.BASE_URL,
status_code=200,
text=resp_text)
# it doesn't matter that we auth with v2 here, discovery hack is in
# base. All identity endpoints point to v2 urls.
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
# v2 auth with v2 url doesn't make any discovery calls.
self.assertFalse(v2_m.called)
self.assertFalse(common_m.called)
# v3 endpoint with hack will strip v2 suffix and call root discovery
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
version=(3, 0),
allow_version_hack=True)
# got v3 url
self.assertEqual(self.V3_URL, endpoint)
# only called root discovery.
self.assertFalse(v2_m.called)
self.assertTrue(common_m.called_once)
# with hack turned off it calls v2 discovery and finds nothing
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
version=(3, 0),
allow_version_hack=False)
self.assertIsNone(endpoint)
# this one called v2
self.assertTrue(v2_m.called_once)
self.assertTrue(common_m.called_once)
# get_endpoint returning None raises EndpointNotFound when requesting
self.assertRaises(exceptions.EndpointNotFound,
sess.get,
'/path',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0),
'allow_version_hack': False
})
self.assertFalse(resp_m.called)
# works when allow_version_hack is set
resp = sess.get('/path',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0),
'allow_version_hack': True
})
self.assertTrue(resp_m.called_once)
self.assertEqual(resp_text, resp.text)
