def test_management_url_is_updated(self):
first = fixture.V2Token()
first.set_scope()
admin_url = 'http://admin:35357/v2.0'
second_url = 'http://secondurl:35357/v2.0'
s = first.add_service('identity')
s.add_endpoint(public='http://public.com:5000/v2.0', admin=admin_url)
second = fixture.V2Token()
second.set_scope()
s = second.add_service('identity')
s.add_endpoint(public='http://secondurl:5000/v2.0', admin=second_url)
self.stub_auth(json=first)
cl = client.Client(username='******',
password='******',
tenant_name='exampleproject',
auth_url=self.TEST_URL)
cl.authenticate()
self.assertEqual(cl.management_url, admin_url)
self.stub_auth(json=second)
cl.authenticate()
self.assertEqual(cl.management_url, second_url)
def test_management_url_is_updated(self):
first = fixture.V2Token()
first.set_scope()
admin_url = 'http://admin:35357/v2.0'
second_url = 'http://secondurl:35357/v2.0'
s = first.add_service('identity')
s.add_endpoint(public='http://public.com:5000/v2.0', admin=admin_url)
second = fixture.V2Token()
second.set_scope()
s = second.add_service('identity')
s.add_endpoint(public='http://secondurl:5000/v2.0', admin=second_url)
self.stub_auth(response_list=[{'json': first}, {'json': second}])
# Creating a HTTPClient not using session is deprecated.
with self.deprecations.expect_deprecations_here():
cl = client.Client(username='******',
password='******',
project_name='exampleproject',
auth_url=self.TEST_URL)
self.assertEqual(cl.management_url, admin_url)
cl.authenticate()
self.assertEqual(cl.management_url, second_url)
def test_with_tenant_id(self):
token_fixture = fixture.V2Token()
token_fixture.set_scope()
self.stub_auth(json=token_fixture)
token_id = uuid.uuid4().hex
tenant_id = uuid.uuid4().hex
token_ref = self.client.tokens.authenticate(token=token_id,
tenant_id=tenant_id)
self.assertIsInstance(token_ref, tokens.Token)
self.assertEqual(token_fixture.token_id, token_ref.id)
self.assertEqual(token_fixture.expires_str, token_ref.expires)
tenant_data = {
'id': token_fixture.tenant_id,
'name': token_fixture.tenant_name
}
self.assertEqual(tenant_data, token_ref.tenant)
req_body = {
'auth': {
'token': {
'id': token_id,
},
'tenantId': tenant_id
}
}
self.assertRequestBodyIs(json=req_body)
def test_returns_original_when_discover_fails(self):
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST',
['tokens'],
base_url=self.V2_URL,
json=token)
self.stub_url('GET', [], base_url=self.BASE_URL, status_code=404)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
interface='public',
version=(3, 0))
self.assertEqual(self.V2_URL, endpoint)
def test_getting_endpoints_on_auth_interface(self):
disc = fixture.DiscoveryList(href=self.BASE_URL)
self.stub_url('GET',
['/'],
base_url=self.BASE_URL,
status_code=300,
json=disc)
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST',
['tokens'],
base_url=self.V2_URL,
json=token)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
endpoint = sess.get_endpoint(interface=base.AUTH_INTERFACE,
version=(3, 0))
self.assertEqual(self.V3_URL, endpoint)
def test_services(self):
service_type = uuid.uuid4().hex
service_name = uuid.uuid4().hex
endpoint_id = uuid.uuid4().hex
region = uuid.uuid4().hex
public = uuid.uuid4().hex
admin = uuid.uuid4().hex
internal = uuid.uuid4().hex
token = fixture.V2Token()
svc = token.add_service(type=service_type, name=service_name)
svc.add_endpoint(public=public,
admin=admin,
internal=internal,
region=region,
id=endpoint_id)
self.assertEqual(1, len(token['access']['serviceCatalog']))
service = token['access']['serviceCatalog'][0]['endpoints'][0]
self.assertEqual(public, service['publicURL'])
self.assertEqual(internal, service['internalURL'])
self.assertEqual(admin, service['adminURL'])
self.assertEqual(region, service['region'])
self.assertEqual(endpoint_id, service['id'])
def setUp(self):
"""Run before each test."""
super(ShellTest, self).setUp()
for var in self.FAKE_ENV:
self.useFixture(
fixtures.EnvironmentVariable(var, self.FAKE_ENV[var]))
self.shell = shell.OpenStackCinderShell()
# HACK(bcwaldon): replace this when we start using stubs
self.old_get_client_class = client.get_client_class
client.get_client_class = lambda *_: fakes.FakeClient
self.requests = self.useFixture(requests_mock_fixture.Fixture())
self.requests.register_uri(
'GET',
keystone_client.BASE_URL,
text=keystone_client.keystone_request_callback)
token = keystone_client_fixture.V2Token()
s = token.add_service('volume', 'cinder')
s.add_endpoint(public='http://127.0.0.1:8776')
self.requests.post(keystone_client.BASE_URL + 'v2.0/tokens',
json=token)
self.requests.get('http://127.0.0.1:8776',
json=fixture_base.generate_version_output())
def test_bootstrap(self):
user = {'user': {'id': '1'}}
role = {'role': {'id': '1'}}
tenant = {'tenant': {'id': '1'}}
token = fixture.V2Token(user_id=1, tenant_id=1)
token.add_role(id=1)
svc = token.add_service('identity')
svc.add_endpoint(public=DEFAULT_AUTH_URL,
admin=DEFAULT_ADMIN_URL)
self.stub_auth(json=token)
self.stub_url('POST', ['OS-KSADM', 'roles'], json=role)
self.stub_url('GET', ['OS-KSADM', 'roles', '1'], json=role)
self.stub_url('POST', ['tenants'], json=tenant)
self.stub_url('GET', ['tenants', '1'], json=tenant)
self.stub_url('POST', ['users'], json=user)
self.stub_url('GET', ['users', '1'], json=user)
self.stub_url('PUT',
['tenants', '1', 'users', '1', 'roles', 'OS-KSADM', '1'],
json=role)
self.run_command('bootstrap --user-name new-user'
' --pass 1 --role-name admin'
' --tenant-name new-tenant')
def called_anytime(method, path, json=None):
for r in self.requests.request_history:
if not r.method == method:
continue
if not r.url == self.TEST_URL + path:
continue
if json:
last_request_body = r.body.decode('utf-8')
json_body = jsonutils.loads(last_request_body)
if not json_body == json:
continue
return True
return False
called_anytime('POST', '/users', {'user': {'email': None,
'password': '******',
'enabled': True,
'name': 'new-user',
'tenantId': None}})
called_anytime('POST', '/tenants', {"tenant": {"enabled": True,
"name": "new-tenant",
"description": None}})
called_anytime('POST', '/OS-KSADM/roles',
{"role": {"name": "new-role"}})
called_anytime('PUT', '/tenants/1/users/1/roles/OS-KSADM/1')
def test_validate_token_access_info_with_token_id(self):
# Can validate a token passing a string token ID.
token_id = uuid.uuid4().hex
token_fixture = fixture.V2Token(token_id=token_id)
self.stub_url('GET', ['tokens', token_id], json=token_fixture)
access_info = self.client.tokens.validate_access_info(token_id)
self.assertIsInstance(access_info, access.AccessInfoV2)
self.assertEqual(token_id, access_info.auth_token)
def get_token(self, **kwargs):
resp = fixture.V2Token(**kwargs)
resp.set_scope()
s = resp.add_service('compute')
s.add_endpoint('http://localhost:8774/v1.1', region='RegionOne')
return resp
def test_validate_token(self):
id_ = uuid.uuid4().hex
token_fixture = fixture.V2Token(token_id=id_)
self.stub_url('GET', ['tokens', id_], json=token_fixture)
token_ref = self.client.tokens.validate(id_)
self.assertIsInstance(token_ref, tokens.Token)
self.assertEqual(id_, token_ref.id)
def auth_response_body():
f = fixture.V2Token(token_id='ab48a9efdfedb23ty3494',
expires='2010-11-01T03:32:15-05:00',
tenant_id='345',
tenant_name='My Project',
user_id='123',
user_name='jqsmith',
audit_chain_id=uuid.uuid4().hex)
f.add_role(id='234', name='compute:admin')
role = f.add_role(id='235', name='object-store:admin')
role['tenantId'] = '1'
s = f.add_service('compute', 'Cloud Servers')
endpoint = s.add_endpoint(public='https://compute.north.host/v1/1234',
internal='https://compute.north.host/v1/1234',
region='North')
endpoint['tenantId'] = '1'
endpoint['versionId'] = '1.0'
endpoint['versionInfo'] = 'https://compute.north.host/v1.0/'
endpoint['versionList'] = 'https://compute.north.host/'
endpoint = s.add_endpoint(public='https://compute.north.host/v1.1/3456',
internal='https://compute.north.host/v1.1/3456',
region='North')
endpoint['tenantId'] = '2'
endpoint['versionId'] = '1.1'
endpoint['versionInfo'] = 'https://compute.north.host/v1.1/'
endpoint['versionList'] = 'https://compute.north.host/'
s = f.add_service('object-store', 'Cloud Files')
endpoint = s.add_endpoint(public='https://swift.north.host/v1/blah',
internal='https://swift.north.host/v1/blah',
region='South')
endpoint['tenantId'] = '11'
endpoint['versionId'] = '1.0'
endpoint['versionInfo'] = 'uri'
endpoint['versionList'] = 'uri'
endpoint = s.add_endpoint(public='https://swift.north.host/v1.1/blah',
internal='https://compute.north.host/v1.1/blah',
region='South')
endpoint['tenantId'] = '2'
endpoint['versionId'] = '1.1'
endpoint['versionInfo'] = 'https://swift.north.host/v1.1/'
endpoint['versionList'] = 'https://swift.north.host/'
s = f.add_service('image', 'Image Servers')
s.add_endpoint(public='https://image.north.host/v1/',
internal='https://image-internal.north.host/v1/',
region='North')
s.add_endpoint(public='https://image.south.host/v1/',
internal='https://image-internal.south.host/v1/',
region='South')
return f
def setup_keystone_v2(mrequests):
v2_token = ks_fixture.V2Token(token_id=TOKENID)
service = v2_token.add_service('network')
service.add_endpoint(PUBLIC_ENDPOINT_URL, region=REGION)
mrequests.register_uri('POST', '%s/tokens' % (V2_URL), json=v2_token)
auth_session = session.Session()
auth_plugin = ks_v2_auth.Password(V2_URL, 'xx', 'xx')
return auth_session, auth_plugin
def test_authenticate_use_admin_url(self):
token_fixture = fixture.V2Token()
token_fixture.set_scope()
self.stub_auth(json=token_fixture)
self.assertEqual(self.TEST_URL, self.client.management_url)
token_ref = self.client.tokens.authenticate(token=uuid.uuid4().hex)
self.assertIsInstance(token_ref, tokens.Token)
self.assertEqual(token_fixture.token_id, token_ref.id)
self.assertEqual(token_fixture.expires_str, token_ref.expires)
def test_tenant_scoped(self):
tenant_id = uuid.uuid4().hex
tenant_name = uuid.uuid4().hex
token = fixture.V2Token(tenant_id=tenant_id, tenant_name=tenant_name)
self.assertEqual(tenant_id, token.tenant_id)
self.assertEqual(tenant_id, token['access']['token']['tenant']['id'])
self.assertEqual(tenant_name, token.tenant_name)
tn = token['access']['token']['tenant']['name']
self.assertEqual(tenant_name, tn)
def setUp(self):
super(GenericPluginTestCase, self).setUp()
self.token_v2 = fixture.V2Token()
self.token_v3 = fixture.V3Token()
self.token_v3_id = uuid.uuid4().hex
self.session = session.Session()
self.stub_url('POST', ['v2.0', 'tokens'], json=self.token_v2)
self.stub_url('POST', ['v3', 'auth', 'tokens'],
headers={'X-Subject-Token': self.token_v3_id},
json=self.token_v3)
def test_trust_scoped(self):
trust_id = uuid.uuid4().hex
trustee_user_id = uuid.uuid4().hex
token = fixture.V2Token(trust_id=trust_id,
trustee_user_id=trustee_user_id)
trust = token['access']['trust']
self.assertEqual(trust_id, token.trust_id)
self.assertEqual(trust_id, trust['id'])
self.assertEqual(trustee_user_id, token.trustee_user_id)
self.assertEqual(trustee_user_id, trust['trustee_user_id'])
def mock_http_request(resp=None):
"""Mock an HTTP Request."""
if not resp:
resp = fixture.V2Token()
resp.set_scope()
s = resp.add_service('compute')
s.add_endpoint("http://localhost:8774/v1.1", region='RegionOne')
auth_response = utils.TestResponse({
"status_code": 200,
"text": json.dumps(resp),
})
return mock.Mock(return_value=(auth_response))
def get_token(self):
token = fixture.V2Token()
token.set_scope()
token.add_role()
request_headers = {'X-Auth-Token': self.service_token.token_id}
url = '%s/v2.0/tokens/%s' % (BASE_URI, token.token_id)
self.requests_mock.get(url,
request_headers=request_headers,
json=token)
return token.token_id, token
def test_with_user_pass(self):
base_uri = 'http://testhost:8888/admin'
token = fixture.V2Token()
admin_tenant_name = uuid.uuid4().hex
self.requests_mock.post(base_uri + '/v2.0/tokens', json=token)
plugin = self.new_plugin(identity_uri=base_uri,
admin_user=uuid.uuid4().hex,
admin_password=uuid.uuid4().hex,
admin_tenant_name=admin_tenant_name)
self.assertEqual(token.token_id, plugin.get_token(self.session))
def test_override_auth_token_in_factory(self):
token = fixture.V2Token()
token.set_scope()
token.add_role()
new_auth_token = uuid.uuid4().hex
auth_ref = access.AccessInfo.factory(body=token,
auth_token=new_auth_token)
self.assertEqual(new_auth_token, auth_ref.auth_token)
del auth_ref.auth_token
self.assertEqual(token.token_id, auth_ref.auth_token)
def get_auth_data(self, **kwargs):
token = fixture.V2Token(**kwargs)
region = 'RegionOne'
svc = token.add_service('identity')
svc.add_endpoint(self.TEST_ADMIN_URL, region=region)
svc = token.add_service('compute')
svc.add_endpoint(public=self.TEST_COMPUTE_PUBLIC,
internal=self.TEST_COMPUTE_INTERNAL,
admin=self.TEST_COMPUTE_ADMIN,
region=region)
return token
def test_trusts(self):
user_id = uuid.uuid4().hex
trust_id = uuid.uuid4().hex
token = fixture.V2Token(user_id=user_id, trust_id=trust_id)
token.set_scope()
token.add_role()
auth_ref = access.AccessInfo.factory(body=token)
self.assertEqual(trust_id, auth_ref.trust_id)
self.assertEqual(user_id, auth_ref.trustee_user_id)
self.assertEqual(trust_id, token['access']['trust']['id'])
def test_v2_roles(self):
role_id = 'a'
role_name = 'b'
token = fixture.V2Token()
token.set_scope()
token.add_role(id=role_id, name=role_name)
auth_ref = access.AccessInfo.factory(body=token)
self.assertEqual([role_id], auth_ref.role_ids)
self.assertEqual([role_id], auth_ref['metadata']['roles'])
self.assertEqual([role_name], auth_ref.role_names)
self.assertEqual([{'name': role_name}], auth_ref['user']['roles'])
def test_unscoped(self):
token_id = uuid.uuid4().hex
user_id = uuid.uuid4().hex
user_name = uuid.uuid4().hex
token = fixture.V2Token(token_id=token_id,
user_id=user_id,
user_name=user_name)
self.assertEqual(token_id, token.token_id)
self.assertEqual(token_id, token['access']['token']['id'])
self.assertEqual(user_id, token.user_id)
self.assertEqual(user_id, token['access']['user']['id'])
self.assertEqual(user_name, token.user_name)
self.assertEqual(user_name, token['access']['user']['name'])
def test_authenticate_fallback_to_auth_url(self):
new_auth_url = 'http://keystone.test:5000/v2.0'
token_fixture = fixture.V2Token()
self.stub_auth(base_url=new_auth_url, json=token_fixture)
c = client.Client(username=self.TEST_USER,
auth_url=new_auth_url,
password=uuid.uuid4().hex)
self.assertIsNone(c.management_url)
token_ref = c.tokens.authenticate(token=uuid.uuid4().hex)
self.assertIsInstance(token_ref, tokens.Token)
self.assertEqual(token_fixture.token_id, token_ref.id)
self.assertEqual(token_fixture.expires_str, token_ref.expires)
def test_roles(self):
role_id1 = uuid.uuid4().hex
role_name1 = uuid.uuid4().hex
role_id2 = uuid.uuid4().hex
role_name2 = uuid.uuid4().hex
token = fixture.V2Token()
token.add_role(id=role_id1, name=role_name1)
token.add_role(id=role_id2, name=role_name2)
role_names = token['access']['user']['roles']
role_ids = token['access']['metadata']['roles']
self.assertEqual(set([role_id1, role_id2]), set(role_ids))
for r in (role_name1, role_name2):
self.assertIn({'name': r}, role_names)
def __init__(self, requests,
compute_url=COMPUTE_URL, identity_url=IDENTITY_URL):
super(V1, self).__init__()
self.identity_url = identity_url
self.compute_url = compute_url
self.client = None
self.requests = requests
self.token = fixture.V2Token()
self.token.set_scope()
s = self.token.add_service('compute')
s.add_endpoint(self.compute_url)
s = self.token.add_service('computev3')
s.add_endpoint(self.compute_url)
def test_cinder_version_discovery_only_v1(self, mocker):
"""Verify when v1 is only enabled, the client discovers it."""
token = keystone_client_fixture.V2Token()
volume_service = token.add_service('volume', 'Cinder')
volume_service.add_endpoint(public='http://127.0.0.1:8776',
region='RegionOne')
mocker.post(keystone_client.BASE_HOST + '/v2.0/tokens', json=token)
mocker.get('http://127.0.0.1:8776/',
json=fixture_base.generate_version_output(v1=True, v2=True))
volume_request = mocker.get('http://127.0.0.1:8776/v1/volumes/detail',
json={'volumes': {}})
self.shell('list')
self.assertTrue(volume_request.called)
def test_cinder_version_discovery_unsupported_version(self, mocker):
"""Try a version from the client that's not enabled in Cinder."""
token = keystone_client_fixture.V2Token()
volume_service = token.add_service('volume', 'Cinder')
volume_service.add_endpoint(public='http://127.0.0.1:8776',
region='RegionOne')
mocker.post(keystone_client.BASE_HOST + '/v2.0/tokens', json=token)
mocker.get('http://127.0.0.1:8776/',
json=fixture_base.generate_version_output(v1=False,
v2=True))
self.assertRaises(exceptions.InvalidAPIVersion, self.shell,
'--os-volume-api-version 1 list')