def test_s3api_with_only_s3_token_v3(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth( self.swift, {'operator_roles': 'swift-user'}) self.s3_token = S3Token( self.keystone_auth, {'auth_uri': 'https://fakehost/identity'}) self.s3api = S3ApiMiddleware(self.s3_token, self.conf) req = Request.blank( '/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'AWS access:signature', 'Date': self.get_date_header()}) self.swift.register('PUT', '/v1/AUTH_PROJECT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_PROJECT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: mock_resp = requests.Response() mock_resp._content = json.dumps(GOOD_RESPONSE_V3) mock_resp.status_code = 200 mock_req.return_value = mock_resp status, headers, body = self.call_s3api(req) self.assertEqual(body, '') self.assertEqual(1, mock_req.call_count)
def test_s3api_with_s3_token_no_pass_token_to_auth_token(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth(self.swift, {'operator_roles': 'swift-user'}) self.auth_token = AuthProtocol(self.keystone_auth, {'delay_auth_decision': 'True'}) self.s3_token = S3Token(self.auth_token, {'auth_uri': 'https://fakehost/identity'}) self.s3api = S3ApiMiddleware(self.s3_token, self.conf) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={ 'Authorization': 'AWS access:signature', 'Date': self.get_date_header() }) self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: with patch.object(self.auth_token, '_do_fetch_token') as mock_fetch: mock_resp = requests.Response() no_token_id_good_resp = copy.deepcopy(GOOD_RESPONSE_V2) # delete token id del no_token_id_good_resp['access']['token']['id'] mock_resp._content = json.dumps(no_token_id_good_resp) mock_resp.status_code = 201 mock_req.return_value = mock_resp mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2) mock_access_info.will_expire_soon = \ lambda stale_duration: False mock_fetch.return_value = (MagicMock(), mock_access_info) status, headers, body = self.call_s3api(req) # No token provided from keystone result in 401 Unauthorized # at `swift.common.middleware.keystoneauth` because auth_token # will remove all auth headers including 'X-Identity-Status'[1] # and then, set X-Identity-Status: Invalid at [2] # # 1: https://github.com/openstack/keystonemiddleware/blob/ # master/keystonemiddleware/auth_token/__init__.py#L620 # 2: https://github.com/openstack/keystonemiddleware/blob/ # master/keystonemiddleware/auth_token/__init__.py#L627-L629 self.assertEqual('403 Forbidden', status) self.assertEqual(1, mock_req.call_count) # if no token provided from keystone, we can skip the call to # fetch the token self.assertEqual(0, mock_fetch.call_count)
def setUp(self): # setup default config self.conf = Config({ 'allow_no_owner': False, 'location': 'US', 'dns_compliant_bucket_names': True, 'max_bucket_listing': 1000, 'max_parts_listing': 1000, 'max_multi_delete_objects': 1000, 's3_acl': False, 'storage_domain': 'localhost', 'auth_pipeline_check': True, 'max_upload_part_num': 1000, 'check_bucket_owner': False, 'force_swift_request_proxy_log': False, 'allow_multipart_uploads': True, 'min_segment_size': 5242880, }) # those 2 settings has existed the original test setup self.conf.log_level = 'debug' self.app = FakeApp() self.swift = self.app.swift self.s3api = S3ApiMiddleware(self.app, self.conf) self.swift.register('HEAD', '/v1/AUTH_test', swob.HTTPOk, {}, None) self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent, {}, None) self.swift.register('PUT', '/v1/AUTH_test/bucket', swob.HTTPCreated, {}, None) self.swift.register('POST', '/v1/AUTH_test/bucket', swob.HTTPNoContent, {}, None) self.swift.register('DELETE', '/v1/AUTH_test/bucket', swob.HTTPNoContent, {}, None) self.swift.register('GET', '/v1/AUTH_test/bucket/object', swob.HTTPOk, {}, "") self.swift.register('PUT', '/v1/AUTH_test/bucket/object', swob.HTTPCreated, {}, None) self.swift.register('DELETE', '/v1/AUTH_test/bucket/object', swob.HTTPNoContent, {}, None)
def test_s3api_with_s3_token_and_auth_token(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth(self.swift, {'operator_roles': 'swift-user'}) self.auth_token = AuthProtocol(self.keystone_auth, {'delay_auth_decision': 'True'}) self.s3_token = S3Token(self.auth_token, {'auth_uri': 'https://fakehost/identity'}) self.s3api = S3ApiMiddleware(self.s3_token, self.conf) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={ 'Authorization': 'AWS access:signature', 'Date': self.get_date_header() }) self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: with patch.object(self.auth_token, '_do_fetch_token') as mock_fetch: mock_resp = requests.Response() mock_resp._content = json.dumps(GOOD_RESPONSE_V2) mock_resp.status_code = 201 mock_req.return_value = mock_resp mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2) mock_access_info.will_expire_soon = \ lambda stale_duration: False mock_fetch.return_value = (MagicMock(), mock_access_info) status, headers, body = self.call_s3api(req) self.assertEqual(body, '') self.assertEqual(1, mock_req.call_count) # With X-Auth-Token, auth_token will call _do_fetch_token to # connect to keystone in auth_token, again self.assertEqual(1, mock_fetch.call_count)