def test_eom_auth_wrap(self): with mock.patch('eom.auth._validate_client') as MockValidateClient: # Create a LookupError or KeyError when the X-Auth-Token # Header is not located env_no_token = {'HTTP_X_PROJECT_ID': 'valid_projectid'} self.auth(env_no_token, self.start_response) self.assertEqual(self.status, '412 Precondition Failed') # Create a LookupError or KeyError when the X-Project-ID # Header is not located env_no_projectid = {'HTTP_X_AUTH_TOKEN': 'valid_auth_token'} self.auth(env_no_projectid, self.start_response) self.assertEqual(self.status, '412 Precondition Failed') # Valid Headers from here on out env_valid = {} env_valid.update(env_no_token) env_valid.update(env_no_projectid) # Assume the client fails validation MockValidateClient.return_value = False self.auth(env_valid, self.start_response) self.assertEqual(self.status, '401 Unauthorized') # With everything else working correctly, simulate too many # requests sent to auth endpoint which should result in # HTTP 503 - Service Unavailable MockValidateClient.side_effect = exceptions.RequestEntityTooLarge( 'Mock - request entity too large') self.auth(env_valid, self.start_response) self.assertEqual(self.status, '503 Service Unavailable') # Client passes validation MockValidateClient.side_effect = [True] self.auth(env_valid, self.start_response) self.assertEqual(self.status, '204 No Content')
class TestIsNotFound(common.HeatTestCase): scenarios = [ ('ceilometer_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='ceilometer', exception=lambda: ceil_exc.HTTPNotFound(details='gone'), )), ('ceilometer_not_found_apiclient', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='ceilometer', exception=lambda: c_a_exc.NotFound(details='gone'), )), ('ceilometer_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='ceilometer', exception=lambda: Exception() )), ('ceilometer_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='ceilometer', exception=lambda: ceil_exc.HTTPOverLimit(details='over'), )), ('ceilometer_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='ceilometer', exception=lambda: ceil_exc.HTTPConflict(), )), ('cinder_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='cinder', exception=lambda: cinder_exc.NotFound(code=404), )), ('cinder_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='cinder', exception=lambda: Exception() )), ('cinder_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='cinder', exception=lambda: cinder_exc.OverLimit(code=413), )), ('cinder_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='cinder', exception=lambda: cinder_exc.ClientException(code=409), )), ('glance_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='glance', exception=lambda: glance_exc.HTTPNotFound(details='gone'), )), ('glance_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='glance', exception=lambda: Exception() )), ('glance_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='glance', exception=lambda: glance_exc.HTTPOverLimit(details='over'), )), ('glance_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='glance', exception=lambda: glance_exc.HTTPConflict(), )), ('heat_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='heat', exception=lambda: heat_exc.HTTPNotFound(message='gone'), )), ('heat_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='heat', exception=lambda: Exception() )), ('heat_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='heat', exception=lambda: heat_exc.HTTPOverLimit(message='over'), )), ('heat_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='heat', exception=lambda: heat_exc.HTTPConflict(), )), ('keystone_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='keystone', exception=lambda: keystone_exc.NotFound(details='gone'), )), ('keystone_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='keystone', exception=lambda: Exception() )), ('keystone_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='keystone', exception=lambda: keystone_exc.RequestEntityTooLarge( details='over'), )), ('keystone_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='keystone', exception=lambda: keystone_exc.Conflict( message='Conflict'), )), ('neutron_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='neutron', exception=lambda: neutron_exc.NotFound, )), ('neutron_network_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='neutron', exception=lambda: neutron_exc.NetworkNotFoundClient(), )), ('neutron_port_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='neutron', exception=lambda: neutron_exc.PortNotFoundClient(), )), ('neutron_status_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='neutron', exception=lambda: neutron_exc.NeutronClientException( status_code=404), )), ('neutron_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='neutron', exception=lambda: Exception() )), ('neutron_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='neutron', exception=lambda: neutron_exc.NeutronClientException( status_code=413), )), ('neutron_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='neutron', exception=lambda: neutron_exc.Conflict(), )), ('nova_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, is_unprocessable_entity=False, plugin='nova', exception=lambda: fakes_nova.fake_exception(), )), ('nova_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, is_unprocessable_entity=False, plugin='nova', exception=lambda: Exception() )), ('nova_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, is_unprocessable_entity=False, plugin='nova', exception=lambda: fakes_nova.fake_exception(413), )), ('nova_unprocessable_entity', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=False, is_unprocessable_entity=True, plugin='nova', exception=lambda: fakes_nova.fake_exception(422), )), ('nova_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, is_unprocessable_entity=False, plugin='nova', exception=lambda: fakes_nova.fake_exception(409), )), ('swift_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='swift', exception=lambda: swift_exc.ClientException( msg='gone', http_status=404), )), ('swift_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='swift', exception=lambda: Exception() )), ('swift_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='swift', exception=lambda: swift_exc.ClientException( msg='ouch', http_status=413), )), ('swift_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='swift', exception=lambda: swift_exc.ClientException( msg='conflict', http_status=409), )), ('trove_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='trove', exception=lambda: troveclient.exceptions.NotFound(message='gone'), )), ('trove_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='trove', exception=lambda: Exception() )), ('trove_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='trove', exception=lambda: troveclient.exceptions.RequestEntityTooLarge( message='over'), )), ('trove_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='trove', exception=lambda: troveclient.exceptions.Conflict( message='Conflict'), )), ('sahara_not_found', dict( is_not_found=True, is_over_limit=False, is_client_exception=True, is_conflict=False, plugin='sahara', exception=lambda: sahara_base.APIException( error_message='gone1', error_code=404), )), ('sahara_exception', dict( is_not_found=False, is_over_limit=False, is_client_exception=False, is_conflict=False, plugin='sahara', exception=lambda: Exception() )), ('sahara_overlimit', dict( is_not_found=False, is_over_limit=True, is_client_exception=True, is_conflict=False, plugin='sahara', exception=lambda: sahara_base.APIException( error_message='over1', error_code=413), )), ('sahara_conflict', dict( is_not_found=False, is_over_limit=False, is_client_exception=True, is_conflict=True, plugin='sahara', exception=lambda: sahara_base.APIException( error_message='conflict1', error_code=409), )), ] def test_is_not_found(self): con = mock.Mock() c = clients.Clients(con) client_plugin = c.client_plugin(self.plugin) try: raise self.exception() except Exception as e: if self.is_not_found != client_plugin.is_not_found(e): raise def test_ignore_not_found(self): con = mock.Mock() c = clients.Clients(con) client_plugin = c.client_plugin(self.plugin) try: exp = self.exception() exp_class = exp.__class__ raise exp except Exception as e: if self.is_not_found: client_plugin.ignore_not_found(e) else: self.assertRaises(exp_class, client_plugin.ignore_not_found, e) def test_ignore_conflict_and_not_found(self): con = mock.Mock() c = clients.Clients(con) client_plugin = c.client_plugin(self.plugin) try: exp = self.exception() exp_class = exp.__class__ raise exp except Exception as e: if self.is_conflict or self.is_not_found: client_plugin.ignore_conflict_and_not_found(e) else: self.assertRaises(exp_class, client_plugin.ignore_conflict_and_not_found, e) def test_is_over_limit(self): con = mock.Mock() c = clients.Clients(con) client_plugin = c.client_plugin(self.plugin) try: raise self.exception() except Exception as e: if self.is_over_limit != client_plugin.is_over_limit(e): raise def test_is_client_exception(self): con = mock.Mock() c = clients.Clients(con) client_plugin = c.client_plugin(self.plugin) try: raise self.exception() except Exception as e: ice = self.is_client_exception actual = client_plugin.is_client_exception(e) if ice != actual: raise def test_is_conflict(self): con = mock.Mock() c = clients.Clients(con) client_plugin = c.client_plugin(self.plugin) try: raise self.exception() except Exception as e: if self.is_conflict != client_plugin.is_conflict(e): raise def test_is_unprocessable_entity(self): con = mock.Mock() c = clients.Clients(con) # only 'nova' client plugin need to check this exception if self.plugin == 'nova': client_plugin = c.client_plugin(self.plugin) try: raise self.exception() except Exception as e: iue = self.is_unprocessable_entity if iue != client_plugin.is_unprocessable_entity(e): raise
def _retrieve_data_from_keystone(redis_client, url, tenant, token, blacklist_ttl, max_cache_life): """Retrieve the authentication data from OpenStack Keystone :param redis_client: redis.Redis object connected to the redis cache :param url: Keystone Identity URL to authenticate against :param tenant: tenant id of user data to retrieve :param token: auth_token for the tenant_id :param blacklist_ttl: time in milliseconds for blacklisting failed tokens :param max_cache_life: time in seconds for the maximum time a cache entry should remain in the cache of valid data :returns: a keystoneclient.access.AccessInfo on success or None on error """ try: # Try to authenticate the user and get the user information using # only the data provided, no special administrative tokens required. # When using the alternative validation method, the service catalog # identity does not return a service catalog for valid tokens. if get_conf().alternate_validation is True: _url = url.rstrip('/') + '/tokens' validation_url = _url + '/{0}'.format(token) headers = { 'Accept': 'application/json', 'X-Auth-Token': token } resp = requests.get(validation_url, headers=headers) if resp.status_code >= 400: LOG.debug('Request returned failure status: {0}'.format( resp.status_code)) raise exceptions.from_response(resp, 'GET', _url) try: resp_data = resp.json()['access'] except (KeyError, ValueError): raise exceptions.InvalidResponse(response=resp) access_info = access.AccessInfoV2(**resp_data) else: keystone = keystonev2_client.Client(tenant_id=tenant, token=token, auth_url=url) access_info = keystone.get_raw_token_from_identity_service( auth_url=url, tenant_id=tenant, token=token) # cache the data so it is easier to access next time _send_data_to_cache(redis_client, url, access_info, max_cache_life) return access_info except (exceptions.AuthorizationFailure, exceptions.Unauthorized) as ex: # re-raise 413 here and later on respond with 503 if 'HTTP 413' in str(ex): raise exceptions.RequestEntityTooLarge( method='POST', url=url, http_status=413 ) # Provided data was invalid and authorization failed msg = 'Failed to authenticate against {0} - {1}'.format( url, str(ex) ) LOG.debug(msg) # Blacklist the token _blacklist_token(redis_client, token, blacklist_ttl) return None except exceptions.RequestEntityTooLarge: LOG.debug('Request entity too large error from authentication server.') raise except Exception as ex: # Provided data was invalid or something else went wrong msg = 'Failed to authenticate against {0} - {1}'.format( url, str(ex) ) LOG.debug(msg) return None