def test_get_auth_redis_client(self):
origval = conf.auth_redis.ssl_enable
conf.auth_redis.ssl_enable = 'None'
test_redis = get_auth_redis_client()
conf.auth_redis.ssl_enable = 'True'
test_redis = get_auth_redis_client()
conf.auth_redis.ssl_enable = origval
def test_token_cache(self):
# get_auth_redis_client()
origval = conf.auth_redis.ssl_enable
conf.auth_redis.ssl_enable = 'None'
test_redis = get_auth_redis_client()
self.assertIsNotNone(test_redis)
conf.auth_redis.ssl_enable = 'True'
test_redis = get_auth_redis_client()
self.assertIsNotNone(test_redis)
conf.auth_redis.ssl_enable = origval
def test_validate_client_impersonation(self, m):
test_redis = get_auth_redis_client()
m.post('http://mockurl/tokens', text='\
{"access": {"token": {"id": "the-token", \
"expires": "2025-09-04T14:09:20.236Z"}}}')
token_data = AdminToken(url='http://mockurl', tenant='tenant-id',
passwd='passwd', token='thetoken')
self.assertIsNone(token_data.token_data)
m.get('http://mockurl/tenants/tenant-id/users', text='\
{"users": [{"id": "the-user-id"}]}')
m.get('http://mockurl/users/the-user-id/RAX-AUTH/admins', text='\
{"users": [{"username": "******"}]}')
m.post('http://mockurl/RAX-AUTH/impersonation-tokens', text='\
{"access": {"token": {"id": "the-token",\
"expires": "2025-09-04T14:09:20.236Z"}}}')
retval, token, cache_key = validate_client_impersonation(test_redis,
url='http://mockurl', tenant='tenant-id', admintoken=token_data)
self.assertTrue(retval)
self.assertIsNotNone(cache_key)
self.assertEqual(token["expires"], "2025-09-04T14:09:20.236Z")
self.assertEqual(token["tenant"], "tenant-id")
self.assertEqual(token["token"], "the-token")
m.post('http://mockurl/RAX-AUTH/impersonation-tokens', status_code=404)
retval, token, cache_key = validate_client_impersonation(test_redis,
url='http://mockurl', tenant='tenant-id', admintoken=token_data)
self.assertFalse(retval)
self.assertIsNone(token)
self.assertIsNone(cache_key)
def test_retrieve_data_from_cache(self):
test_redis = get_auth_redis_client()
self.assertIsNone(_retrieve_data_from_cache(test_redis,
url='http://mockurl', tenant='tenant-id', cache_key=None))
retval = _retrieve_data_from_cache(test_redis, url='http://mockurl',
tenant='tenant-id', cache_key='cache-key')
self.assertIsNone(retval)
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_exception):
self.assertIsNone(_retrieve_data_from_cache(test_redis,
url='http://mockurl', tenant='tenant-id',
cache_key='cache-key'))
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata):
retval = _retrieve_data_from_cache(test_redis,
url='http://mockurl',
tenant='tenant-id', cache_key='cache-key')
self.assertIsNotNone(retval)
self.assertEqual(retval['tenant'], 'tenant-id')
self.assertEqual(retval['token'], 'the-token')
self.assertEqual(retval['expires'], '2125-09-04T14:09:20.236Z')
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata_wrong):
self.assertIsNone(_retrieve_data_from_cache(test_redis,
url='http://mockurl', tenant='tenant-id',
cache_key='cache-key'))
def test_validate_client_token(self):
test_redis = get_auth_redis_client()
self.assertIsNotNone(test_redis)
retval, token = validate_client_token(
test_redis, url='http://mockurl',
tenant='tenant-id', cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata):
retval, token = validate_client_token(
test_redis,
url='http://mockurl',
tenant='tenant-id',
cache_key='cache-key')
self.assertTrue(retval)
self.assertEqual(token, 'the-token')
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata_expired):
retval, token = validate_client_token(
test_redis,
url='http://mockurl',
tenant='tenant-id',
cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_exception):
retval, token = validate_client_token(
test_redis, url='http://mockurl',
tenant='tenant-id', cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
with mock.patch.object(test_redis, 'get',
side_effect=side_effect_redis_getdata):
with mock.patch.object(dateutil.parser, 'parse',
side_effect=side_effect_exception):
retval, token = validate_client_token(test_redis,
url='http://mockurl',
tenant='tenant-id',
cache_key='cache-key')
self.assertFalse(retval)
self.assertIsNone(token)
def test_send_data_to_cache(self, m):
test_redis = get_auth_redis_client()
m.post('http://mockurl/tokens', text='{"access": \
{"token": {"id": "the-token", "expires": \
"2125-09-04T14:09:20.236Z"}}}')
token_data = AdminToken(url='http://mockurl', tenant='\
tenant-id', passwd='passwd', token='thetoken')
self.assertIsNotNone(token_data)
self.assertIsNone(token_data.token_data)
# _send_data_to_cache()
retval, key = _send_data_to_cache(test_redis, '', token_data)
self.assertTrue(retval)
self.assertIsNotNone(key)
self.assertIsInstance(key, str)
with mock.patch.object(test_redis, 'set',
side_effect=side_effect_exception):
retval, key = _send_data_to_cache(test_redis, '', token_data)
self.assertFalse(retval)
self.assertIsNone(key)
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
import falcon
# Load Rackspace version of auth endpoint.
import stealth.impl_rax.auth_endpoint as auth
from stealth.impl_rax import token_validation
import stealth.util.log as logging
from stealth.transport.wsgi import errors
from stealth import conf
LOG = logging.getLogger(__name__)
# Get the separated Redis Server for Auth
auth_redis_client = token_validation.get_auth_redis_client()
authserv = auth.AuthServ(auth_redis_client)
class ItemResource(object):
def on_get(self, req, resp):
try:
project_id = req.headers['X-PROJECT-ID']
LOG.info('Auth [{0}]... '.format(project_id))
res, msg = authserv.auth(req, resp)
if res is False:
raise errors.HTTPUnauthorizedError(msg)
else:
resp.location = '/auth/%s' % (project_id)
