def setUp(self): super(OpenStackAuthTestsWebSSO, self).setUp() self.mox = mox.Mox() self.addCleanup(self.mox.VerifyAll) self.addCleanup(self.mox.UnsetStubs) self.data = data_v3.generate_test_data() self.ks_client_module = client_v3 self.idp_id = uuid.uuid4().hex self.idp_oidc_id = uuid.uuid4().hex self.idp_saml2_id = uuid.uuid4().hex settings.OPENSTACK_API_VERSIONS['identity'] = 3 settings.OPENSTACK_KEYSTONE_URL = 'http://localhost:5000/v3' settings.WEBSSO_ENABLED = True settings.WEBSSO_CHOICES = ( ('credentials', 'Keystone Credentials'), ('oidc', 'OpenID Connect'), ('saml2', 'Security Assertion Markup Language'), (self.idp_oidc_id, 'IDP OIDC'), (self.idp_saml2_id, 'IDP SAML2') ) settings.WEBSSO_IDP_MAPPING = { self.idp_oidc_id: (self.idp_id, 'oidc'), self.idp_saml2_id: (self.idp_id, 'saml2') } self.mox.StubOutClassWithMocks(token_endpoint, 'Token') self.mox.StubOutClassWithMocks(auth_v3, 'Token') self.mox.StubOutClassWithMocks(auth_v3, 'Password') self.mox.StubOutClassWithMocks(client_v3, 'Client')
def setUp(self): super(OpenStackAuthTestsWebSSO, self).setUp() self.mox = mox.Mox() self.addCleanup(self.mox.VerifyAll) self.addCleanup(self.mox.UnsetStubs) self.data = data_v3.generate_test_data() self.ks_client_module = client_v3 self.idp_id = uuid.uuid4().hex self.idp_oidc_id = uuid.uuid4().hex self.idp_saml2_id = uuid.uuid4().hex settings.OPENSTACK_API_VERSIONS['identity'] = 3 settings.OPENSTACK_KEYSTONE_URL = 'http://localhost:5000/v3' settings.WEBSSO_ENABLED = True settings.WEBSSO_CHOICES = ( ('credentials', 'Keystone Credentials'), ('oidc', 'OpenID Connect'), ('saml2', 'Security Assertion Markup Language'), (self.idp_oidc_id, 'IDP OIDC'), (self.idp_saml2_id, 'IDP SAML2') ) settings.WEBSSO_IDP_MAPPING = { self.idp_oidc_id: (self.idp_id, 'oidc'), self.idp_saml2_id: (self.idp_id, 'saml2') } self.mox.StubOutClassWithMocks(token_endpoint, 'Token') self.mox.StubOutClassWithMocks(v3_auth, 'Token') self.mox.StubOutClassWithMocks(v3_auth, 'Password') self.mox.StubOutClassWithMocks(client_v3, 'Client')
def setUp(self): super(OpenStackAuthTestsV3WithMock, self).setUp() if getattr(self, 'interface', None): override = self.settings(OPENSTACK_ENDPOINT_TYPE=self.interface) override.enable() self.addCleanup(override.disable) self.data = data_v3.generate_test_data() settings.OPENSTACK_API_VERSIONS['identity'] = 3 settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3"
def setUp(self): super(OpenStackAuthTestsV3, self).setUp() self.mox = mox.Mox() self.data = data_v3.generate_test_data() self.ks_client_module = client_v3 endpoint = settings.OPENSTACK_KEYSTONE_URL self.keystone_client_unscoped = self.ks_client_module.Client( endpoint=endpoint, auth_ref=self.data.unscoped_access_info) self.keystone_client_scoped = self.ks_client_module.Client( endpoint=endpoint, auth_ref=self.data.scoped_access_info) settings.OPENSTACK_API_VERSIONS['identity'] = 3 settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3"
def test_switch_keystone_provider_local(self): auth_url = settings.OPENSTACK_KEYSTONE_URL self.data = data_v3.generate_test_data(service_providers=True) keystone_provider = 'localkeystone' projects = [self.data.project_one, self.data.project_two] domains = [] user = self.data.user unscoped = self.data.unscoped_access_info form_data = self.get_form_data(user) # mock authenticate self._mock_unscoped_and_domain_list_projects(user, projects) self._mock_scoped_client_for_tenant(unscoped, self.data.project_one.id) self._mock_unscoped_token_client(unscoped, auth_url=auth_url, client=False) unscoped_auth = self._mock_plugin(unscoped) client = self._mock_unscoped_token_client(None, auth_url=auth_url, plugin=unscoped_auth) self._mock_unscoped_list_domains(client, domains) client = self._mock_unscoped_token_client(None, auth_url=auth_url, plugin=unscoped_auth) self._mock_unscoped_list_projects(client, user, projects) self._mock_scoped_client_for_tenant(unscoped, self.data.project_one.id) self.mox.ReplayAll() # Log in url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Switch url = reverse('switch_keystone_provider', args=[keystone_provider]) form_data['keystone_provider'] = keystone_provider response = self.client.get(url, form_data, follow=True) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Assert nothing has changed since we are going from local to local self.assertEqual(self.client.session['keystone_provider_id'], keystone_provider) self.assertEqual(self.client.session['k2k_base_unscoped_token'], unscoped.auth_token) self.assertEqual(self.client.session['k2k_auth_url'], auth_url)
def test_switch_keystone_provider_local_fail(self): auth_url = settings.OPENSTACK_KEYSTONE_URL self.data = data_v3.generate_test_data(service_providers=True) keystone_provider = 'localkeystone' projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info form_data = self.get_form_data(user) # mock authenticate self._mock_unscoped_and_domain_list_projects(user, projects) self._mock_scoped_client_for_tenant(unscoped, self.data.project_one.id) # Let using the base token for logging in fail plugin = v3_auth.Token(auth_url=auth_url, token=unscoped.auth_token, project_id=None, reauthenticate=False) plugin.get_access(mox.IsA(session.Session)). \ AndRaise(keystone_exceptions.AuthorizationFailure) plugin.auth_url = auth_url self.mox.ReplayAll() # Log in url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Switch url = reverse('switch_keystone_provider', args=[keystone_provider]) form_data['keystone_provider'] = keystone_provider response = self.client.get(url, form_data, follow=True) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Assert self.assertEqual(self.client.session['keystone_provider_id'], keystone_provider) self.assertEqual(self.client.session['k2k_base_unscoped_token'], unscoped.auth_token) self.assertEqual(self.client.session['k2k_auth_url'], auth_url)
def setUp(self): super(OpenStackAuthTestsV3, self).setUp() if getattr(self, 'interface', None): override = self.settings(OPENSTACK_ENDPOINT_TYPE=self.interface) override.enable() self.addCleanup(override.disable) self.mox = mox.Mox() self.addCleanup(self.mox.VerifyAll) self.addCleanup(self.mox.UnsetStubs) self.data = data_v3.generate_test_data() self.ks_client_module = client_v3 settings.OPENSTACK_API_VERSIONS['identity'] = 3 settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3" self.mox.StubOutClassWithMocks(token_endpoint, 'Token') self.mox.StubOutClassWithMocks(v3_auth, 'Token') self.mox.StubOutClassWithMocks(v3_auth, 'Password') self.mox.StubOutClassWithMocks(client_v3, 'Client')
def test_switch_keystone_provider_remote(self): auth_url = settings.OPENSTACK_KEYSTONE_URL target_provider = 'k2kserviceprovider' self.data = data_v3.generate_test_data(service_providers=True) self.sp_data = data_v3.generate_test_data(endpoint='http://sp2') projects = [self.data.project_one, self.data.project_two] domains = [] user = self.data.user unscoped = self.data.unscoped_access_info form_data = self.get_form_data(user) # mock authenticate self._mock_unscoped_and_domain_list_projects(user, projects) self._mock_scoped_client_for_tenant(unscoped, self.data.project_one.id) # mock switch plugin = v3_auth.Token(auth_url=auth_url, token=unscoped.auth_token, project_id=None, reauthenticate=False) plugin.get_access(mox.IsA(session.Session)).AndReturn( self.data.unscoped_access_info) plugin.auth_url = auth_url client = self.ks_client_module.Client(session=mox.IsA(session.Session), auth=plugin) self._mock_unscoped_list_projects(client, user, projects) plugin = self._create_token_auth( self.data.project_one.id, token=self.data.unscoped_access_info.auth_token, url=settings.OPENSTACK_KEYSTONE_URL) plugin.get_access(mox.IsA(session.Session)).AndReturn( settings.OPENSTACK_KEYSTONE_URL) plugin.get_sp_auth_url( mox.IsA(session.Session), target_provider ).AndReturn('https://k2kserviceprovider/sp_url') plugin = v3_auth.Keystone2Keystone(base_plugin=plugin, service_provider=target_provider) plugin.get_access(mox.IsA(session.Session)). \ AndReturn(self.sp_data.unscoped_access_info) plugin.auth_url = 'http://service_provider_endp:5000/v3' # mock authenticate for service provider sp_projects = [self.sp_data.project_one, self.sp_data.project_two] sp_unscoped = self.sp_data.federated_unscoped_access_info sp_unscoped_auth = self._mock_plugin(sp_unscoped, auth_url=plugin.auth_url) client = self._mock_unscoped_token_client(None, plugin.auth_url, plugin=sp_unscoped_auth) self._mock_unscoped_list_domains(client, domains) client = self._mock_unscoped_token_client(None, plugin.auth_url, plugin=sp_unscoped_auth) self._mock_unscoped_federated_list_projects(client, sp_projects) self._mock_scoped_client_for_tenant(sp_unscoped, self.sp_data.project_one.id, url=plugin.auth_url, token=sp_unscoped.auth_token) self.mox.ReplayAll() # Log in url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Switch url = reverse('switch_keystone_provider', args=[target_provider]) form_data['keystone_provider'] = target_provider response = self.client.get(url, form_data, follow=True) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Assert keystone provider has changed self.assertEqual(self.client.session['keystone_provider_id'], target_provider) # These should not change self.assertEqual(self.client.session['k2k_base_unscoped_token'], unscoped.auth_token) self.assertEqual(self.client.session['k2k_auth_url'], auth_url)
def test_switch_keystone_provider_local_fail(self): self.data = data_v3.generate_test_data(service_providers=True) keystone_provider = 'localkeystone' projects = [self.data.project_one, self.data.project_two] user = self.data.user form_data = self.get_form_data(user) # mock authenticate plugin = v3_auth.Password( auth_url=settings.OPENSTACK_KEYSTONE_URL, password=self.data.user.password, username=self.data.user.name, user_domain_name=DEFAULT_DOMAIN, unscoped=True) plugin.get_access(mox.IsA(session.Session)). \ AndReturn(self.data.unscoped_access_info) plugin.auth_url = settings.OPENSTACK_KEYSTONE_URL client = self.ks_client_module.Client( session=mox.IsA(session.Session), auth=plugin) plugin = v3_auth.Token( auth_url=settings.OPENSTACK_KEYSTONE_URL, token=self.data.unscoped_access_info.auth_token, domain_name=DEFAULT_DOMAIN, reauthenticate=False) plugin.get_access(mox.IsA(session.Session)).AndReturn( self.data.domain_scoped_access_info) client.projects = self.mox.CreateMockAnything() client.projects.list(user=user.id).AndReturn(projects) plugin = v3_auth.Token( auth_url=settings.OPENSTACK_KEYSTONE_URL, token=self.data.unscoped_access_info.auth_token, project_id=self.data.project_one.id, reauthenticate=False) self.scoped_token_auth = plugin plugin.get_access(mox.IsA(session.Session)).AndReturn( self.data.unscoped_access_info) self.ks_client_module.Client( session=mox.IsA(session.Session), auth=plugin) # Let using the base token for logging in fail plugin = v3_auth.Token( auth_url=settings.OPENSTACK_KEYSTONE_URL, token=self.data.unscoped_access_info.auth_token, project_id=None, reauthenticate=False) plugin.get_access(mox.IsA(session.Session)).AndRaise( keystone_exceptions.AuthorizationFailure) plugin.auth_url = settings.OPENSTACK_KEYSTONE_URL self.mox.ReplayAll() # Log in url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Switch url = reverse('switch_keystone_provider', args=[keystone_provider]) form_data['keystone_provider'] = keystone_provider response = self.client.get(url, form_data, follow=True) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Assert self.assertEqual(self.client.session['keystone_provider_id'], keystone_provider) self.assertEqual(self.client.session['k2k_base_unscoped_token'], self.data.unscoped_access_info.auth_token) self.assertEqual(self.client.session['k2k_auth_url'], settings.OPENSTACK_KEYSTONE_URL)
def test_switch_keystone_provider_remote_fail(self): target_provider = 'k2kserviceprovider' self.data = data_v3.generate_test_data(service_providers=True) self.sp_data = data_v3.generate_test_data(endpoint='http://sp2') projects = [self.data.project_one, self.data.project_two] user = self.data.user form_data = self.get_form_data(user) plugin = v3_auth.Password( auth_url=settings.OPENSTACK_KEYSTONE_URL, password=self.data.user.password, username=self.data.user.name, user_domain_name=DEFAULT_DOMAIN, unscoped=True) plugin.get_access(mox.IsA(session.Session)). \ AndReturn(self.data.unscoped_access_info) plugin.auth_url = settings.OPENSTACK_KEYSTONE_URL client = self.ks_client_module.Client( session=mox.IsA(session.Session), auth=plugin) plugin = v3_auth.Token( auth_url=settings.OPENSTACK_KEYSTONE_URL, token=self.data.unscoped_access_info.auth_token, domain_name=DEFAULT_DOMAIN, reauthenticate=False) plugin.get_access(mox.IsA(session.Session)).AndReturn( self.data.domain_scoped_access_info) client.projects = self.mox.CreateMockAnything() client.projects.list(user=user.id).AndReturn(projects) plugin = v3_auth.Token( auth_url=settings.OPENSTACK_KEYSTONE_URL, token=self.data.unscoped_access_info.auth_token, project_id=self.data.project_one.id, reauthenticate=False) self.scoped_token_auth = plugin plugin.get_access(mox.IsA(session.Session)).AndReturn( self.data.unscoped_access_info) self.ks_client_module.Client( session=mox.IsA(session.Session), auth=plugin) # mock switch plugin = v3_auth.Token( auth_url=settings.OPENSTACK_KEYSTONE_URL, token=self.data.unscoped_access_info.auth_token, project_id=None, reauthenticate=False) plugin.get_access(mox.IsA(session.Session)).AndReturn( self.data.unscoped_access_info) plugin.auth_url = settings.OPENSTACK_KEYSTONE_URL client = self.ks_client_module.Client(session=mox.IsA(session.Session), auth=plugin) client.projects = self.mox.CreateMockAnything() client.projects.list(user=user.id).AndReturn(projects) plugin = v3_auth.Token( auth_url=settings.OPENSTACK_KEYSTONE_URL, token=self.data.unscoped_access_info.auth_token, project_id=self.data.project_one.id, reauthenticate=False) plugin.get_access(mox.IsA(session.Session)).AndReturn( settings.OPENSTACK_KEYSTONE_URL) plugin.get_sp_auth_url( mox.IsA(session.Session), target_provider ).AndReturn('https://k2kserviceprovider/sp_url') # let the K2K plugin fail when logging in plugin = v3_auth.Keystone2Keystone( base_plugin=plugin, service_provider=target_provider) plugin.get_access(mox.IsA(session.Session)).AndRaise( keystone_exceptions.AuthorizationFailure) self.mox.ReplayAll() # Log in url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Switch url = reverse('switch_keystone_provider', args=[target_provider]) form_data['keystone_provider'] = target_provider response = self.client.get(url, form_data, follow=True) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) # Assert that provider has not changed because of failure self.assertEqual(self.client.session['keystone_provider_id'], 'localkeystone') # These should never change self.assertEqual(self.client.session['k2k_base_unscoped_token'], self.data.unscoped_access_info.auth_token) self.assertEqual(self.client.session['k2k_auth_url'], settings.OPENSTACK_KEYSTONE_URL)
def setUp(self): self.data = data_v3.generate_test_data(pki=True)
def setUp(self): super(UserTestCase, self).setUp() self.data = data_v3.generate_test_data(pki=True)