def _get_auth(self): if self.context.is_admin: try: auth = ka_loading.load_auth_from_conf_options( CONF, ksconf.CFG_GROUP) except ka_exception.MissingRequiredOptions: auth = self._get_legacy_auth() elif self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) elif self.context.trust_id: auth_info = { 'auth_url': self.auth_url, 'username': self.context.user_name, 'password': self.context.password, 'user_domain_id': self.context.user_domain_id, 'user_domain_name': self.context.user_domain_name, 'trust_id': self.context.trust_id } auth = ka_v3.Password(**auth_info) else: LOG.error( _LE('Keystone API connection failed: no password, ' 'trust_id or token found.')) raise exception.AuthorizationFailure() return auth
def _get_auth(self): if self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) elif self.context.trust_id: auth_info = { 'auth_url': self.auth_url, 'username': self.context.user_name, 'password': self.context.password, 'user_domain_id': self.context.user_domain_id, 'user_domain_name': self.context.user_domain_name, 'trust_id': self.context.trust_id } auth = ka_v3.Password(**auth_info) elif self.context.is_admin: try: auth = ka_loading.load_auth_from_conf_options( CONF, ksconf.CFG_GROUP) except ka_exception.MissingRequiredOptions: auth = self._get_legacy_auth() else: msg = ('Keystone API connection failed: no password, ' 'trust_id or token found.') LOG.error(msg) raise exception.AuthorizationFailure(client='keystone', message='reason %s' % msg) return auth
def _get_auth(self): if self.context.is_admin: auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP) elif self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) else: LOG.error(_LE('Keystone API connection failed: no password ' 'or token found.')) raise exception.AuthorizationFailure() return auth
def _get_auth(self): if self.context.is_admin: auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP) elif self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) else: msg = ('Keystone API connection failed: no password, ' 'trust_id or token found.') LOG.error(msg) raise exception.AuthorizationFailure(client='keystone', message='reason %s' % msg) return auth
def _get_auth(self): if self.context.auth_token_info: access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) elif self.context.is_admin: auth = ka_loading.load_auth_from_conf_options(CONF, ksconf.CFG_GROUP) else: msg = ('Keystone API connection failed: no password, ' 'trust_id or token found.') LOG.error(msg) raise exception.AuthorizationFailure(client='keystone', message='reason %s' % msg) return auth
def _get_auth(self): #LOG.debug('KeystoneClient _get_auth xxx is_admin=%s,auth_token=%s,auth_token_info=%s', self.context.is_admin, self.context.auth_token,self.context.auth_token_info) if self.context.is_admin: auth = ka_loading.load_auth_from_conf_options(CONF, CFG_GROUP) #LOG.debug('KeystoneClient _get_auth xxx auth=%s', auth.__dict__); elif self.context.auth_token_info: #LOG.debug('KeystoneClient _get_auth xxx auth_token_info inside'); access_info = ka_access.create(body=self.context.auth_token_info, auth_token=self.context.auth_token) auth = ka_access_plugin.AccessInfoPlugin(access_info) elif self.context.auth_token: #LOG.debug('KeystoneClient _get_auth xxx auth_token inside'); auth = ka_v3.Token(auth_url=self.auth_url, token=self.context.auth_token) else: msg = ('Keystone API connection failed: no password, ' 'trust_id or token found.') LOG.error(msg) raise exception.AuthorizationFailure(client='keystone', message='reason %s' % msg) #LOG.debug('KeystoneClient _get_auth xxx final auth=%s', auth); return auth
def generate_test_data(pki=False, service_providers=False, endpoint='localhost'): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': 'http://admin.%s:5000/v3' % endpoint, 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.%s:5000/v3' % endpoint, 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.%s:5000/v3' % endpoint, 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Domains domain_dict = {'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True} test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = {'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True} test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = {'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True} project_dict_2 = {'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False} test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': ('http://nova-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) if pki: # We don't need a real PKI token, but just the prefix to make the # keystone client treat it as a PKI token auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex else: auth_token = uuid.uuid4().hex auth_response_headers = { 'X-Subject-Token': auth_token } auth_response = TestResponse({ "headers": auth_response_headers }) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } sp_list = None if service_providers: test_data.sp_auth_url = 'http://service_provider_endp:5000/v3' test_data.service_provider_id = 'k2kserviceprovider' # The access info for the identity provider # should return a list of service providers sp_list = [ {'auth_url': test_data.sp_auth_url, 'id': test_data.service_provider_id, 'sp_url': 'https://k2kserviceprovider/sp_url'} ] scoped_token_dict['token']['service_providers'] = sp_list test_data.scoped_access_info = access.create( resp=auth_response, body=scoped_token_dict ) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create( resp=auth_response, body=domain_token_dict ) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } if service_providers: unscoped_token_dict['token']['service_providers'] = sp_list test_data.unscoped_access_info = access.create( resp=auth_response, body=unscoped_token_dict ) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict ) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict ) return test_data
def generate_test_data(): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': 'http://admin.localhost:35357/v3', 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Domains domain_dict = {'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True} test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = {'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True} test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = {'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True} project_dict_2 = {'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False} test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': ('http://nova-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) auth_token = uuid.uuid4().hex auth_response_headers = { 'X-Subject-Token': auth_token } auth_response = TestResponse({ "headers": auth_response_headers }) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.create( resp=auth_response, body=scoped_token_dict ) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create( resp=auth_response, body=domain_token_dict ) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } test_data.unscoped_access_info = access.create( resp=auth_response, body=unscoped_token_dict ) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict ) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict ) return test_data
def generate_test_data(service_providers=False, endpoint='localhost'): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': 'http://admin.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.%s/identity/v3' % endpoint, 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Domains domain_dict = {'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True} test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = {'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True} test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = {'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True} project_dict_2 = {'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False} test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [ { 'url': ('http://nova-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.%s:8774/v2.0/%s' % (endpoint, project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex } ] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) auth_token = uuid.uuid4().hex auth_response_headers = { 'X-Subject-Token': auth_token } auth_response = TestResponse({ "headers": auth_response_headers }) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } sp_list = None if service_providers: test_data.sp_auth_url = 'http://service_provider_endp/identity/v3' test_data.service_provider_id = 'k2kserviceprovider' # The access info for the identity provider # should return a list of service providers sp_list = [ {'auth_url': test_data.sp_auth_url, 'id': test_data.service_provider_id, 'sp_url': 'https://k2kserviceprovider/sp_url'} ] scoped_token_dict['token']['service_providers'] = sp_list test_data.scoped_access_info = access.create( resp=auth_response, body=scoped_token_dict ) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create( resp=auth_response, body=domain_token_dict ) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } if service_providers: unscoped_token_dict['token']['service_providers'] = sp_list test_data.unscoped_access_info = access.create( resp=auth_response, body=unscoped_token_dict ) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict ) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [ {'id': uuid.uuid4().hex}, {'id': uuid.uuid4().hex} ] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict ) return test_data
def generate_test_data(): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'name': 'keystone', 'endpoints_links': [], 'endpoints': [{ 'region': 'RegionOne', 'adminURL': 'http://admin.localhost:35357/v2.0', 'internalURL': 'http://internal.localhost:5000/v2.0', 'publicURL': 'http://public.localhost:5000/v2.0' }] } # Users user_dict = { 'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'token': '', 'enabled': True } test_data.user = users.User(None, user_dict, loaded=True) # Tenants tenant_dict_1 = { 'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'enabled': True } tenant_dict_2 = { 'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'enabled': False } test_data.tenant_one = tenants.Tenant(None, tenant_dict_1, loaded=True) test_data.tenant_two = tenants.Tenant(None, tenant_dict_2, loaded=True) nova_service = { 'type': 'compute', 'name': 'nova', 'endpoint_links': [], 'endpoints': [{ 'region': 'RegionOne', 'adminURL': ('http://nova-admin.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'internalURL': ('http://nova-internal.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'publicURL': ('http://nova-public.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])) }, { 'region': 'RegionTwo', 'adminURL': ('http://nova2-admin.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'internalURL': ('http://nova2-internal.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'publicURL': ('http://nova2-public.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])) }] } # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) scoped_token_dict = { 'access': { 'token': { 'id': uuid.uuid4().hex, 'expires': expiration, 'tenant': tenant_dict_1, 'tenants': [tenant_dict_1, tenant_dict_2] }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'roles': [role_dict] }, 'serviceCatalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.create(resp=None, body=scoped_token_dict) unscoped_token_dict = { 'access': { 'token': { 'id': uuid.uuid4().hex, 'expires': expiration }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'roles': [role_dict] }, 'serviceCatalog': [keystone_service] } } test_data.unscoped_access_info = access.create(resp=None, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV2( [keystone_service, nova_service]) return test_data
def generate_test_data(): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'name': 'keystone', 'endpoints_links': [], 'endpoints': [ { 'region': 'RegionOne', 'adminURL': 'http://admin.localhost:35357/v2.0', 'internalURL': 'http://internal.localhost:5000/v2.0', 'publicURL': 'http://public.localhost:5000/v2.0' } ] } # Users user_dict = {'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'token': '', 'enabled': True} test_data.user = users.User(None, user_dict, loaded=True) # Tenants tenant_dict_1 = {'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'enabled': True} tenant_dict_2 = {'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'enabled': False} test_data.tenant_one = tenants.Tenant(None, tenant_dict_1, loaded=True) test_data.tenant_two = tenants.Tenant(None, tenant_dict_2, loaded=True) nova_service = { 'type': 'compute', 'name': 'nova', 'endpoint_links': [], 'endpoints': [ { 'region': 'RegionOne', 'adminURL': ('http://nova-admin.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'internalURL': ('http://nova-internal.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'publicURL': ('http://nova-public.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])) }, { 'region': 'RegionTwo', 'adminURL': ('http://nova2-admin.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'internalURL': ('http://nova2-internal.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])), 'publicURL': ('http://nova2-public.localhost:8774/v2.0/%s' % (tenant_dict_1['id'])) } ] } # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) scoped_token_dict = { 'access': { 'token': { 'id': uuid.uuid4().hex, 'expires': expiration, 'tenant': tenant_dict_1, 'tenants': [tenant_dict_1, tenant_dict_2]}, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'roles': [role_dict]}, 'serviceCatalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.create( resp=None, body=scoped_token_dict) unscoped_token_dict = { 'access': { 'token': { 'id': uuid.uuid4().hex, 'expires': expiration}, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'roles': [role_dict]}, 'serviceCatalog': [keystone_service] } } test_data.unscoped_access_info = access.create( resp=None, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV2( [keystone_service, nova_service]) return test_data
def generate_test_data(pki=False): '''Builds a set of test_data data as returned by Keystone V2.''' test_data = TestDataContainer() keystone_service = { 'type': 'identity', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': 'http://admin.localhost:35357/v3', 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': 'http://internal.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': 'http://public.localhost:5000/v3', 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Domains domain_dict = { 'id': uuid.uuid4().hex, 'name': 'domain', 'description': '', 'enabled': True } test_data.domain = domains.Domain(domains.DomainManager(None), domain_dict, loaded=True) # Users user_dict = { 'id': uuid.uuid4().hex, 'name': 'gabriel', 'email': '*****@*****.**', 'password': '******', 'domain_id': domain_dict['id'], 'token': '', 'enabled': True } test_data.user = users.User(users.UserManager(None), user_dict, loaded=True) # Projects project_dict_1 = { 'id': uuid.uuid4().hex, 'name': 'tenant_one', 'description': '', 'domain_id': domain_dict['id'], 'enabled': True } project_dict_2 = { 'id': uuid.uuid4().hex, 'name': 'tenant_two', 'description': '', 'domain_id': domain_dict['id'], 'enabled': False } test_data.project_one = projects.Project(projects.ProjectManager(None), project_dict_1, loaded=True) test_data.project_two = projects.Project(projects.ProjectManager(None), project_dict_2, loaded=True) # Roles role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'} test_data.role = roles.Role(roles.RoleManager, role_dict) nova_service = { 'type': 'compute', 'id': uuid.uuid4().hex, 'endpoints': [{ 'url': ('http://nova-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionOne', 'interface': 'public', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-admin.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'admin', 'id': uuid.uuid4().hex, }, { 'url': ('http://nova2-internal.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'internal', 'id': uuid.uuid4().hex }, { 'url': ('http://nova2-public.localhost:8774/v2.0/%s' % (project_dict_1['id'])), 'region': 'RegionTwo', 'interface': 'public', 'id': uuid.uuid4().hex }] } # Tokens tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1) expiration = datetime_safe.datetime.isoformat(tomorrow) if pki: # We don't need a real PKI token, but just the prefix to make the # keystone client treat it as a PKI token auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex else: auth_token = uuid.uuid4().hex auth_response_headers = {'X-Subject-Token': auth_token} auth_response = TestResponse({"headers": auth_response_headers}) scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.scoped_access_info = access.create(resp=auth_response, body=scoped_token_dict) domain_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'], }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.domain_scoped_access_info = access.create(resp=auth_response, body=domain_token_dict) unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'catalog': [keystone_service] } } test_data.unscoped_access_info = access.create(resp=auth_response, body=unscoped_token_dict) # Service Catalog test_data.service_catalog = service_catalog.ServiceCatalogV3( [keystone_service, nova_service]) # federated user federated_scoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'project': { 'id': project_dict_1['id'], 'name': project_dict_1['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] } }, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [{ 'id': uuid.uuid4().hex }, { 'id': uuid.uuid4().hex }] } }, 'roles': [role_dict], 'catalog': [keystone_service, nova_service] } } test_data.federated_scoped_access_info = access.create( resp=auth_response, body=federated_scoped_token_dict) federated_unscoped_token_dict = { 'token': { 'methods': ['password'], 'expires_at': expiration, 'user': { 'id': user_dict['id'], 'name': user_dict['name'], 'domain': { 'id': domain_dict['id'], 'name': domain_dict['name'] }, 'OS-FEDERATION': { 'identity_provider': 'ACME', 'protocol': 'OIDC', 'groups': [{ 'id': uuid.uuid4().hex }, { 'id': uuid.uuid4().hex }] } }, 'catalog': [keystone_service] } } test_data.federated_unscoped_access_info = access.create( resp=auth_response, body=federated_unscoped_token_dict) return test_data