コード例 #1
0
    def test_loading_v3(self):
        section = uuid.uuid4().hex
        token = uuid.uuid4().hex
        trust_id = uuid.uuid4().hex
        project_id = uuid.uuid4().hex
        project_domain_name = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(v3_auth.Token.get_options(),
                                        group=section)

        self.conf_fixture.config(auth_plugin=self.V3TOKEN,
                                 token=token,
                                 trust_id=trust_id,
                                 project_id=project_id,
                                 project_domain_name=project_domain_name,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)

        self.assertEqual(token, a.auth_methods[0].token)
        self.assertEqual(trust_id, a.trust_id)
        self.assertEqual(project_id, a.project_id)
        self.assertEqual(project_domain_name, a.project_domain_name)
コード例 #2
0
    def setUp(self):
        super(AuthenticateOIDCTests, self).setUp()

        self.conf_fixture = self.useFixture(config.Config())
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.session = session.Session()

        self.IDENTITY_PROVIDER = 'bluepages'
        self.PROTOCOL = 'oidc'
        self.USER_NAME = '*****@*****.**'
        self.PASSWORD = uuid.uuid4().hex
        self.CLIENT_ID = uuid.uuid4().hex
        self.CLIENT_SECRET = uuid.uuid4().hex
        self.ACCESS_TOKEN_ENDPOINT = 'https://localhost:8020/oidc/token'
        self.FEDERATION_AUTH_URL = '%s/%s' % (
            self.TEST_URL,
            'OS-FEDERATION/identity_providers/bluepages/protocols/oidc/auth')

        self.oidcplugin = oidc.OidcPassword(
            self.TEST_URL,
            self.IDENTITY_PROVIDER,
            self.PROTOCOL,
            username=self.USER_NAME,
            password=self.PASSWORD,
            client_id=self.CLIENT_ID,
            client_secret=self.CLIENT_SECRET,
            access_token_endpoint=self.ACCESS_TOKEN_ENDPOINT)
コード例 #3
0
    def test_conf_params(self):
        section = uuid.uuid4().hex
        identity_provider = uuid.uuid4().hex
        identity_provider_url = uuid.uuid4().hex
        sp_endpoint = uuid.uuid4().hex
        username = uuid.uuid4().hex
        password = uuid.uuid4().hex
        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(saml2.ADFSUnscopedToken.get_options(),
                                        group=section)
        self.conf_fixture.config(auth_plugin='v3unscopedadfs',
                                 identity_provider=identity_provider,
                                 identity_provider_url=identity_provider_url,
                                 service_provider_endpoint=sp_endpoint,
                                 username=username,
                                 password=password,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)
        self.assertEqual(identity_provider, a.identity_provider)
        self.assertEqual(identity_provider_url, a.identity_provider_url)
        self.assertEqual(sp_endpoint, a.service_provider_endpoint)
        self.assertEqual(username, a.username)
        self.assertEqual(password, a.password)
コード例 #4
0
    def setUp(self):
        super(AuthenticateviaADFSTests, self).setUp()

        self.conf_fixture = self.useFixture(config.Config())
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)
        self.session = session.Session(session=requests.Session())

        self.IDENTITY_PROVIDER = "adfs"
        self.IDENTITY_PROVIDER_URL = "http://adfs.local/adfs/service/trust/13" "/usernamemixed"
        self.FEDERATION_AUTH_URL = "%s/%s" % (
            self.TEST_URL,
            "OS-FEDERATION/identity_providers/adfs/protocols/saml2/auth",
        )
        self.SP_ENDPOINT = "https://openstack4.local/Shibboleth.sso/ADFS"

        self.adfsplugin = saml2.ADFSUnscopedToken(
            self.TEST_URL,
            self.IDENTITY_PROVIDER,
            self.IDENTITY_PROVIDER_URL,
            self.SP_ENDPOINT,
            self.TEST_USER,
            self.TEST_TOKEN,
        )

        self.ADFS_SECURITY_TOKEN_RESPONSE = _load_xml("ADFS_RequestSecurityTokenResponse.xml")
        self.ADFS_FAULT = _load_xml("ADFS_fault.xml")
コード例 #5
0
    def test_conf_params(self):
        section = uuid.uuid4().hex
        identity_provider = uuid.uuid4().hex
        identity_provider_url = uuid.uuid4().hex
        sp_endpoint = uuid.uuid4().hex
        username = uuid.uuid4().hex
        password = uuid.uuid4().hex
        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(saml2.ADFSUnscopedToken.get_options(),
                                        group=section)
        self.conf_fixture.config(auth_plugin='v3unscopedadfs',
                                 identity_provider=identity_provider,
                                 identity_provider_url=identity_provider_url,
                                 service_provider_endpoint=sp_endpoint,
                                 username=username,
                                 password=password,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)
        self.assertEqual(identity_provider, a.identity_provider)
        self.assertEqual(identity_provider_url, a.identity_provider_url)
        self.assertEqual(sp_endpoint, a.service_provider_endpoint)
        self.assertEqual(username, a.username)
        self.assertEqual(password, a.password)
コード例 #6
0
    def setUp(self):
        super(AuthenticateviaSAML2Tests, self).setUp()

        self.conf_fixture = self.useFixture(config.Config())
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.session = session.Session()

        self.ECP_SP_EMPTY_REQUEST_HEADERS = {
            "Accept": "text/html; application/vnd.paos+xml",
            "PAOS": ('ver="urn:liberty:paos:2003-08";' '"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"'),
        }

        self.ECP_SP_SAML2_REQUEST_HEADERS = {"Content-Type": "application/vnd.paos+xml"}

        self.ECP_SAML2_NAMESPACES = {
            "ecp": "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp",
            "S": "http://schemas.xmlsoap.org/soap/envelope/",
            "paos": "urn:liberty:paos:2003-08",
        }
        self.ECP_RELAY_STATE = "//ecp:RelayState"
        self.ECP_SERVICE_PROVIDER_CONSUMER_URL = "/S:Envelope/S:Header/paos:" "Request/" "@responseConsumerURL"
        self.ECP_IDP_CONSUMER_URL = "/S:Envelope/S:Header/ecp:Response/" "@AssertionConsumerServiceURL"
        self.IDENTITY_PROVIDER = "testidp"
        self.IDENTITY_PROVIDER_URL = "http://local.url"
        self.PROTOCOL = "saml2"
        self.FEDERATION_AUTH_URL = "%s/%s" % (
            self.TEST_URL,
            "OS-FEDERATION/identity_providers/testidp/protocols/saml2/auth",
        )
        self.SHIB_CONSUMER_URL = "https://openstack4.local/" "Shibboleth.sso/SAML2/ECP"

        self.saml2plugin = saml2.Saml2UnscopedToken(
            self.TEST_URL, self.IDENTITY_PROVIDER, self.IDENTITY_PROVIDER_URL, self.TEST_USER, self.TEST_TOKEN
        )
コード例 #7
0
    def test_conf_params(self):
        """Ensure OpenID Connect config options work."""

        section = uuid.uuid4().hex
        identity_provider = uuid.uuid4().hex
        protocol = uuid.uuid4().hex
        username = uuid.uuid4().hex
        password = uuid.uuid4().hex
        client_id = uuid.uuid4().hex
        client_secret = uuid.uuid4().hex
        access_token_endpoint = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(oidc.OidcPassword.get_options(),
                                        group=section)
        self.conf_fixture.config(auth_plugin='v3oidcpassword',
                                 identity_provider=identity_provider,
                                 protocol=protocol,
                                 username=username,
                                 password=password,
                                 client_id=client_id,
                                 client_secret=client_secret,
                                 access_token_endpoint=access_token_endpoint,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)
        self.assertEqual(identity_provider, a.identity_provider)
        self.assertEqual(protocol, a.protocol)
        self.assertEqual(username, a.username)
        self.assertEqual(password, a.password)
        self.assertEqual(client_id, a.client_id)
        self.assertEqual(client_secret, a.client_secret)
        self.assertEqual(access_token_endpoint, a.access_token_endpoint)
コード例 #8
0
    def test_conf_params(self):
        """Ensure OpenID Connect config options work."""
        section = uuid.uuid4().hex
        identity_provider = uuid.uuid4().hex
        protocol = uuid.uuid4().hex
        username = uuid.uuid4().hex
        password = uuid.uuid4().hex
        client_id = uuid.uuid4().hex
        client_secret = uuid.uuid4().hex
        access_token_endpoint = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(oidc.OidcPassword.get_options(),
                                        group=section)
        self.conf_fixture.config(auth_plugin='v3oidcpassword',
                                 identity_provider=identity_provider,
                                 protocol=protocol,
                                 username=username,
                                 password=password,
                                 client_id=client_id,
                                 client_secret=client_secret,
                                 access_token_endpoint=access_token_endpoint,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)
        self.assertEqual(identity_provider, a.identity_provider)
        self.assertEqual(protocol, a.protocol)
        self.assertEqual(username, a.username)
        self.assertEqual(password, a.password)
        self.assertEqual(client_id, a.client_id)
        self.assertEqual(client_secret, a.client_secret)
        self.assertEqual(access_token_endpoint, a.access_token_endpoint)
コード例 #9
0
    def setUp(self):
        super(AuthenticateviaADFSTests, self).setUp()

        self.deprecations.expect_deprecations()

        self.conf_fixture = self.useFixture(config.Config())
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.session = session.Session(session=requests.Session())

        self.IDENTITY_PROVIDER = 'adfs'
        self.IDENTITY_PROVIDER_URL = ('http://adfs.local/adfs/service/trust/13'
                                      '/usernamemixed')
        self.FEDERATION_AUTH_URL = '%s/%s' % (
            self.TEST_URL,
            'OS-FEDERATION/identity_providers/adfs/protocols/saml2/auth')
        self.SP_ENDPOINT = 'https://openstack4.local/Shibboleth.sso/ADFS'

        self.adfsplugin = saml2.ADFSUnscopedToken(
            self.TEST_URL, self.IDENTITY_PROVIDER, self.IDENTITY_PROVIDER_URL,
            self.SP_ENDPOINT, self.TEST_USER, self.TEST_TOKEN)

        self.ADFS_SECURITY_TOKEN_RESPONSE = _load_xml(
            'ADFS_RequestSecurityTokenResponse.xml')
        self.ADFS_FAULT = _load_xml('ADFS_fault.xml')
コード例 #10
0
    def setUp(self):
        super(AuthenticateOIDCTests, self).setUp()

        self.deprecations.expect_deprecations()

        self.conf_fixture = self.useFixture(config.Config())
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.session = session.Session()

        self.IDENTITY_PROVIDER = 'bluepages'
        self.PROTOCOL = 'oidc'
        self.USER_NAME = '*****@*****.**'
        self.PASSWORD = uuid.uuid4().hex
        self.CLIENT_ID = uuid.uuid4().hex
        self.CLIENT_SECRET = uuid.uuid4().hex
        self.ACCESS_TOKEN_ENDPOINT = 'https://localhost:8020/oidc/token'
        self.FEDERATION_AUTH_URL = '%s/%s' % (
            self.TEST_URL,
            'OS-FEDERATION/identity_providers/bluepages/protocols/oidc/auth')

        self.oidcplugin = oidc.OidcPassword(
            self.TEST_URL,
            self.IDENTITY_PROVIDER,
            self.PROTOCOL,
            username=self.USER_NAME,
            password=self.PASSWORD,
            client_id=self.CLIENT_ID,
            client_secret=self.CLIENT_SECRET,
            access_token_endpoint=self.ACCESS_TOKEN_ENDPOINT)
コード例 #11
0
    def test_loading_v3(self):
        section = uuid.uuid4().hex
        token = uuid.uuid4().hex
        trust_id = uuid.uuid4().hex
        project_id = uuid.uuid4().hex
        project_domain_name = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(v3_auth.Token.get_options(),
                                        group=section)

        self.conf_fixture.config(auth_plugin=self.V3TOKEN,
                                 token=token,
                                 trust_id=trust_id,
                                 project_id=project_id,
                                 project_domain_name=project_domain_name,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)

        self.assertEqual(token, a.auth_methods[0].token)
        self.assertEqual(trust_id, a.trust_id)
        self.assertEqual(project_id, a.project_id)
        self.assertEqual(project_domain_name, a.project_domain_name)
コード例 #12
0
    def test_loading_v2(self):
        section = uuid.uuid4().hex
        username = uuid.uuid4().hex
        password = uuid.uuid4().hex
        trust_id = uuid.uuid4().hex
        tenant_id = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(v2_auth.Password.get_options(),
                                        group=section)

        self.conf_fixture.config(auth_plugin=self.V2PASS,
                                 username=username,
                                 password=password,
                                 trust_id=trust_id,
                                 tenant_id=tenant_id,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)

        self.assertEqual(username, a.username)
        self.assertEqual(password, a.password)
        self.assertEqual(trust_id, a.trust_id)
        self.assertEqual(tenant_id, a.tenant_id)
コード例 #13
0
    def test_loading_v2(self):
        section = uuid.uuid4().hex
        username = uuid.uuid4().hex
        password = uuid.uuid4().hex
        trust_id = uuid.uuid4().hex
        tenant_id = uuid.uuid4().hex

        self.conf_fixture.config(auth_section=section, group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.conf_fixture.register_opts(v2_auth.Password.get_options(),
                                        group=section)

        self.conf_fixture.config(auth_plugin=self.V2PASS,
                                 username=username,
                                 password=password,
                                 trust_id=trust_id,
                                 tenant_id=tenant_id,
                                 group=section)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)

        self.assertEqual(username, a.username)
        self.assertEqual(password, a.password)
        self.assertEqual(trust_id, a.trust_id)
        self.assertEqual(tenant_id, a.tenant_id)
コード例 #14
0
    def setUp(self):
        super(ConfTests, self).setUp()
        self.conf_fixture = self.useFixture(config.Config())

        # NOTE(jamielennox): we register the basic config options first because
        # we need them in place before we can stub them. We will need to run
        # the register again after we stub the auth section and auth plugin so
        # it can load the plugin specific options.
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)
コード例 #15
0
    def setUp(self):
        super(ConfTests, self).setUp()
        self.conf_fixture = self.useFixture(config.Config())

        # NOTE(jamielennox): we register the basic config options first because
        # we need them in place before we can stub them. We will need to run
        # the register again after we stub the auth section and auth plugin so
        # it can load the plugin specific options.
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)
コード例 #16
0
    def test_same_section(self, m):
        self.conf_fixture.register_opts(utils.MockPlugin.get_options(),
                                        group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)
        self.conf_fixture.config(auth_plugin=uuid.uuid4().hex,
                                 group=self.GROUP,
                                 **self.TEST_VALS)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)
        self.assertTestVals(a)
コード例 #17
0
    def test_same_section(self, m):
        self.conf_fixture.register_opts(utils.MockPlugin.get_options(),
                                        group=self.GROUP)
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)
        self.conf_fixture.config(auth_plugin=uuid.uuid4().hex,
                                 group=self.GROUP,
                                 **self.TEST_VALS)

        a = conf.load_from_conf_options(self.conf_fixture.conf, self.GROUP)
        self.assertTestVals(a)
コード例 #18
0
    def setUp(self):
        super(AuthenticateviaSAML2Tests, self).setUp()

        self.deprecations.expect_deprecations()

        self.conf_fixture = self.useFixture(config.Config())
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.session = session.Session()

        self.ECP_SP_EMPTY_REQUEST_HEADERS = {
            'Accept':
            'text/html; application/vnd.paos+xml',
            'PAOS': ('ver="urn:liberty:paos:2003-08";'
                     '"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"')
        }

        self.ECP_SP_SAML2_REQUEST_HEADERS = {
            'Content-Type': 'application/vnd.paos+xml'
        }

        self.ECP_SAML2_NAMESPACES = {
            'ecp': 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp',
            'S': 'http://schemas.xmlsoap.org/soap/envelope/',
            'paos': 'urn:liberty:paos:2003-08'
        }
        self.ECP_RELAY_STATE = '//ecp:RelayState'
        self.ECP_SERVICE_PROVIDER_CONSUMER_URL = ('/S:Envelope/S:Header/paos:'
                                                  'Request/'
                                                  '@responseConsumerURL')
        self.ECP_IDP_CONSUMER_URL = ('/S:Envelope/S:Header/ecp:Response/'
                                     '@AssertionConsumerServiceURL')
        self.IDENTITY_PROVIDER = 'testidp'
        self.IDENTITY_PROVIDER_URL = 'http://local.url'
        self.PROTOCOL = 'saml2'
        self.FEDERATION_AUTH_URL = '%s/%s' % (
            self.TEST_URL,
            'OS-FEDERATION/identity_providers/testidp/protocols/saml2/auth')
        self.SHIB_CONSUMER_URL = ('https://openstack4.local/'
                                  'Shibboleth.sso/SAML2/ECP')

        self.saml2plugin = saml2.Saml2UnscopedToken(self.TEST_URL,
                                                    self.IDENTITY_PROVIDER,
                                                    self.IDENTITY_PROVIDER_URL,
                                                    self.TEST_USER,
                                                    self.TEST_TOKEN)
コード例 #19
0
    def setUp(self):
        super(AuthenticateviaSAML2Tests, self).setUp()

        self.deprecations.expect_deprecations()

        self.conf_fixture = self.useFixture(config.Config())
        conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)

        self.session = session.Session()

        self.ECP_SP_EMPTY_REQUEST_HEADERS = {
            'Accept': 'text/html; application/vnd.paos+xml',
            'PAOS': ('ver="urn:liberty:paos:2003-08";'
                     '"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"')
        }

        self.ECP_SP_SAML2_REQUEST_HEADERS = {
            'Content-Type': 'application/vnd.paos+xml'
        }

        self.ECP_SAML2_NAMESPACES = {
            'ecp': 'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp',
            'S': 'http://schemas.xmlsoap.org/soap/envelope/',
            'paos': 'urn:liberty:paos:2003-08'
        }
        self.ECP_RELAY_STATE = '//ecp:RelayState'
        self.ECP_SERVICE_PROVIDER_CONSUMER_URL = ('/S:Envelope/S:Header/paos:'
                                                  'Request/'
                                                  '@responseConsumerURL')
        self.ECP_IDP_CONSUMER_URL = ('/S:Envelope/S:Header/ecp:Response/'
                                     '@AssertionConsumerServiceURL')
        self.IDENTITY_PROVIDER = 'testidp'
        self.IDENTITY_PROVIDER_URL = 'http://local.url'
        self.PROTOCOL = 'saml2'
        self.FEDERATION_AUTH_URL = '%s/%s' % (
            self.TEST_URL,
            'OS-FEDERATION/identity_providers/testidp/protocols/saml2/auth')
        self.SHIB_CONSUMER_URL = ('https://openstack4.local/'
                                  'Shibboleth.sso/SAML2/ECP')

        self.saml2plugin = saml2.Saml2UnscopedToken(
            self.TEST_URL,
            self.IDENTITY_PROVIDER, self.IDENTITY_PROVIDER_URL,
            self.TEST_USER, self.TEST_TOKEN)