def test_set_and_get_keyring_expired(self): # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, project_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # set an expired token into the keyring auth_ref = access.AccessInfo.factory(body=PROJECT_SCOPED_TOKEN) expired = timeutils.utcnow() - datetime.timedelta(minutes=30) auth_ref['token']['expires'] = client_utils.isotime(expired) self.memory_keyring.password = pickle.dumps(auth_ref) # stub and check that a new token is received, so not using expired method = 'get_raw_token_from_identity_service' with mock.patch.object(cl, method) as meth: meth.return_value = (True, PROJECT_SCOPED_TOKEN) self.assertTrue(cl.authenticate()) self.assertEqual(1, meth.call_count) # check that a value was returned from the keyring self.assertTrue(self.memory_keyring.fetched) # check that the new token has been loaded into the keyring new_auth_ref = pickle.loads(self.memory_keyring.password) self.assertEqual(new_auth_ref['token']['expires'], PROJECT_SCOPED_TOKEN['access']['token']['expires'])
def test_set_and_get_keyring_expired(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, project_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # set an expired token into the keyring auth_ref = access.AccessInfo.factory(body=PROJECT_SCOPED_TOKEN) expired = timeutils.utcnow() - datetime.timedelta(minutes=30) auth_ref['token']['expires'] = client_utils.isotime(expired) self.memory_keyring.password = pickle.dumps(auth_ref) # stub and check that a new token is received, so not using expired method = 'get_raw_token_from_identity_service' with mock.patch.object(cl, method) as meth: meth.return_value = (True, PROJECT_SCOPED_TOKEN) self.assertTrue(cl.authenticate()) self.assertEqual(1, meth.call_count) # check that a value was returned from the keyring self.assertTrue(self.memory_keyring.fetched) # check that the new token has been loaded into the keyring new_auth_ref = pickle.loads(self.memory_keyring.password) self.assertEqual(new_auth_ref['token']['expires'], PROJECT_SCOPED_TOKEN['access']['token']['expires'])
def create(self, name, user=None, secret=None, description=None, expires_at=None, roles=None, unrestricted=False, **kwargs): """Create a credential. :param string name: application credential name :param string user: User ID :param secret: application credential secret :param description: application credential description :param datetime.datetime expires_at: expiry time :param List roles: list of roles on the project. Maybe a list of IDs or a list of dicts specifying role name and domain :param bool unrestricted: whether the application credential has restrictions applied :returns: the created application credential :rtype: :class:`keystoneclient.v3.application_credentials.ApplicationCredential` """ user = user or self.client.user_id self.base_url = '/users/%(user)s' % {'user': user} # Convert roles list into list-of-dict API format role_list = [] if roles: if not isinstance(roles, list): roles = [roles] for role in roles: if isinstance(role, six.string_types): role_list.extend([{'id': role}]) elif isinstance(role, dict): role_list.extend([role]) else: msg = (_("Roles must be a list of IDs or role dicts.")) raise exceptions.CommandError(msg) if not role_list: role_list = None # Convert datetime.datetime expires_at to iso format string if expires_at: expires_str = utils.isotime(at=expires_at, subsecond=True) else: expires_str = None return super(ApplicationCredentialManager, self).create(name=name, secret=secret, description=description, expires_at=expires_str, roles=role_list, unrestricted=unrestricted, **kwargs)
def to_dict(self): keys = ['user_id', 'role_id', 'domain_id', 'project_id'] event = dict((key, self.__dict__[key]) for key in keys if self.__dict__[key] is not None) if self.trust_id is not None: event['OS-TRUST:trust_id'] = self.trust_id if self.consumer_id is not None: event['OS-OAUTH1:consumer_id'] = self.consumer_id if self.consumer_id is not None: event['OS-OAUTH1:access_token_id'] = self.access_token_id if self.expires_at is not None: event['expires_at'] = utils.isotime(self.expires_at, subsecond=True) if self.issued_before is not None: event['issued_before'] = utils.isotime(self.issued_before, subsecond=True) return event
def create(self, trustee_user, trustor_user, role_names=None, role_ids=None, project=None, impersonation=False, expires_at=None, remaining_uses=None, **kwargs): """Create a Trust. :param string trustee_user: user who is capable of consuming the trust :param string trustor_user: user who's authorization is being delegated :param string role_names: subset of trustor's roles to be granted :param string role_ids: subset of trustor's roles to be granted :param string project: project which the trustor is delegating :param boolean impersonation: enable explicit impersonation :param datetime.datetime expires_at: expiry time :param integer remaining_uses: how many times this trust can be used to generate a token. None means unlimited tokens. """ # Convert role_names list into list-of-dict API format roles = [] if role_names: roles.extend([{'name': n} for n in role_names]) if role_ids: roles.extend([{'id': i} for i in role_ids]) if not roles: roles = None # Convert datetime.datetime expires_at to iso format string if expires_at: expires_str = utils.isotime(at=expires_at, subsecond=True) else: expires_str = None return super(TrustManager, self).create(expires_at=expires_str, impersonation=impersonation, project_id=base.getid(project), remaining_uses=remaining_uses, roles=roles, trustee_user_id=base.getid(trustee_user), trustor_user_id=base.getid(trustor_user), **kwargs)
def test_get_keyring(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # set an token into the keyring auth_ref = access.AccessInfo.factory(body=PROJECT_SCOPED_TOKEN) future = timeutils.utcnow() + datetime.timedelta(minutes=30) auth_ref['token']['expires'] = client_utils.isotime(future) self.memory_keyring.password = pickle.dumps(auth_ref) # don't stub get_raw_token so will fail if authenticate happens self.assertTrue(cl.authenticate()) self.assertTrue(self.memory_keyring.fetched)
def test_get_keyring(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, project_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # set an token into the keyring auth_ref = access.AccessInfo.factory(body=PROJECT_SCOPED_TOKEN) future = timeutils.utcnow() + datetime.timedelta(minutes=30) auth_ref['token']['expires'] = client_utils.isotime(future) self.memory_keyring.password = pickle.dumps(auth_ref) # don't stub get_raw_token so will fail if authenticate happens self.assertTrue(cl.authenticate()) self.assertTrue(self.memory_keyring.fetched)
def create(self, trustee_user, trustor_user, role_names=None, role_ids=None, project=None, impersonation=False, expires_at=None, remaining_uses=None, **kwargs): """Create a Trust. :param string trustee_user: user who is capable of consuming the trust :param string trustor_user: user who's authorization is being delegated :param string role_names: subset of trustor's roles to be granted :param string role_ids: subset of trustor's roles to be granted :param string project: project which the trustor is delegating :param boolean impersonation: enable explicit impersonation :param datetime.datetime expires_at: expiry time :param integer remaining_uses: how many times this trust can be used to generate a token. None means unlimited tokens. """ # Convert role_names list into list-of-dict API format roles = [] if role_names: roles.extend([{'name': n} for n in role_names]) if role_ids: roles.extend([{'id': i} for i in role_ids]) if not roles: roles = None # Convert datetime.datetime expires_at to iso format string if expires_at: expires_str = utils.isotime(at=expires_at, subsecond=True) else: expires_str = None return super(TrustManager, self).create( expires_at=expires_str, impersonation=impersonation, project_id=base.getid(project), remaining_uses=remaining_uses, roles=roles, trustee_user_id=base.getid(trustee_user), trustor_user_id=base.getid(trustor_user), **kwargs)
def expires(self, value): self.expires_str = utils.isotime(value, subsecond=True)
def expires(self, value): self.expires_str = utils.isotime(value)
def updated(self, value): self.updated_str = utils.isotime(value)
def issued(self, value): self.issued_str = utils.isotime(value)
def issued(self, value): self.issued_str = utils.isotime(value, subsecond=True)