def test___init___creds_uri_none(self):
creds = fake_credentials.FakeKeystoneV2Credentials()
msg = ("Invalid Credentials\nDetails: ServiceClients requires a "
"non-empty")
with testtools.ExpectedException(exceptions.InvalidCredentials,
value_re=msg):
clients.ServiceClients(creds, None)
def test___init___creds_v2_uri(self):
# Verify that no API request is made, since no mock
# is required to run the test successfully
creds = fake_credentials.FakeKeystoneV2Credentials()
uri = 'fake_uri'
_manager = clients.ServiceClients(creds, identity_uri=uri)
self.assertIsInstance(_manager.auth_provider,
auth.KeystoneV2AuthProvider)
def test___init___creds_uri_params_unknown_services(self):
creds = fake_credentials.FakeKeystoneV2Credentials()
fake_params = {'fake_param1': 'fake_value1'}
params = {
'unknown_service1': fake_params,
'unknown_service2': fake_params
}
uri = 'fake_uri'
msg = "(?=.*{0})(?=.*{1})".format(*list(params.keys()))
with testtools.ExpectedException(exceptions.UnknownServiceClient,
value_re=msg):
clients.ServiceClients(creds,
identity_uri=uri,
client_parameters=params)
def test___init___creds_uri_params(self):
creds = fake_credentials.FakeKeystoneV2Credentials()
expeted_params = {
'fake_param1': 'fake_value1',
'fake_param2': 'fake_value2'
}
params = {'fake_service1': expeted_params}
uri = 'fake_uri'
_manager = clients.ServiceClients(creds,
identity_uri=uri,
client_parameters=params)
self.assertIn('fake_service1', _manager.parameters)
for _key in expeted_params:
self.assertIn(_key, _manager.parameters['fake_service1'].keys())
self.assertEqual(expeted_params[_key],
_manager.parameters['fake_service1'].get(_key))
def _get_manager(self, init_region='fake_region'):
# Get a manager to invoke _setup_parameters on
creds = fake_credentials.FakeKeystoneV2Credentials()
return clients.ServiceClients(creds,
identity_uri='fake_uri',
region=init_region)
def test___init___invalid_creds_uri(self):
creds = fake_credentials.FakeKeystoneV2Credentials()
delattr(creds, 'username')
uri = 'fake_uri'
with testtools.ExpectedException(exceptions.InvalidCredentials):
clients.ServiceClients(creds, identity_uri=uri)
class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp):
_endpoints = fake_identity.IDENTITY_V2_RESPONSE['access']['serviceCatalog']
_auth_provider_class = auth.KeystoneV2AuthProvider
credentials = fake_credentials.FakeKeystoneV2Credentials()
def setUp(self):
super(TestKeystoneV2AuthProvider, self).setUp()
self.stubs.Set(v2_client.TokenClient, 'raw_request',
fake_identity._fake_v2_response)
self.target_url = 'test_api'
def _get_fake_identity(self):
return fake_identity.IDENTITY_V2_RESPONSE['access']
def _get_fake_alt_identity(self):
return fake_identity.ALT_IDENTITY_V2_RESPONSE['access']
def _get_result_url_from_endpoint(self,
ep,
endpoint_type='publicURL',
replacement=None):
if replacement:
return ep[endpoint_type].replace('v2', replacement)
return ep[endpoint_type]
def _get_token_from_fake_identity(self):
return fake_identity.TOKEN
def _get_from_fake_identity(self, attr):
access = fake_identity.IDENTITY_V2_RESPONSE['access']
if attr == 'user_id':
return access['user']['id']
elif attr == 'tenant_id':
return access['token']['tenant']['id']
def _test_request_helper(self, filters, expected):
url, headers, body = self.auth_provider.auth_request('GET',
self.target_url,
filters=filters)
self.assertEqual(expected['url'], url)
self.assertEqual(expected['token'], headers['X-Auth-Token'])
self.assertEqual(expected['body'], body)
def _auth_data_with_expiry(self, date_as_string):
token, access = self.auth_provider.auth_data
access['token']['expires'] = date_as_string
return token, access
def test_request(self):
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion'
}
url = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][1]) + '/' + self.target_url
expected = {
'body': None,
'url': url,
'token': self._get_token_from_fake_identity(),
}
self._test_request_helper(filters, expected)
def test_request_with_alt_auth_cleans_alt(self):
"""Test alternate auth data for headers
Assert that when the alt data is provided for headers, after an
auth_request the data alt_data is cleaned-up.
"""
self.auth_provider.set_alt_auth_data(
'headers',
(fake_identity.ALT_TOKEN, self._get_fake_alt_identity()))
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.auth_provider.auth_request('GET',
self.target_url,
filters=filters)
# Assert alt auth data is clear after it
self.assertIsNone(self.auth_provider.alt_part)
self.assertIsNone(self.auth_provider.alt_auth_data)
def _test_request_with_identical_alt_auth(self, part):
"""Test alternate but identical auth data for headers
Assert that when the alt data is provided, but it's actually
identical, an exception is raised.
"""
self.auth_provider.set_alt_auth_data(
part, (fake_identity.TOKEN, self._get_fake_identity()))
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.assertRaises(exceptions.BadAltAuth,
self.auth_provider.auth_request,
'GET',
self.target_url,
filters=filters)
def test_request_with_identical_alt_auth_headers(self):
self._test_request_with_identical_alt_auth('headers')
def test_request_with_identical_alt_auth_url(self):
self._test_request_with_identical_alt_auth('url')
def test_request_with_identical_alt_auth_body(self):
self._test_request_with_identical_alt_auth('body')
def test_request_with_alt_part_without_alt_data(self):
"""Test empty alternate auth data
Assert that when alt_part is defined, the corresponding original
request element is kept the same.
"""
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.auth_provider.set_alt_auth_data('headers', None)
url, headers, body = self.auth_provider.auth_request('GET',
self.target_url,
filters=filters)
# The original headers where empty
self.assertNotEqual(url, self.target_url)
self.assertIsNone(headers)
self.assertEqual(body, None)
def _test_request_with_alt_part_without_alt_data_no_change(self, body):
"""Test empty alternate auth data with no effect
Assert that when alt_part is defined, no auth_data is provided,
and the corresponding original request element was not going to
be changed anyways, and exception is raised
"""
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.auth_provider.set_alt_auth_data('body', None)
self.assertRaises(exceptions.BadAltAuth,
self.auth_provider.auth_request,
'GET',
self.target_url,
filters=filters)
def test_request_with_alt_part_without_alt_data_no_change_headers(self):
self._test_request_with_alt_part_without_alt_data_no_change('headers')
def test_request_with_alt_part_without_alt_data_no_change_url(self):
self._test_request_with_alt_part_without_alt_data_no_change('url')
def test_request_with_alt_part_without_alt_data_no_change_body(self):
self._test_request_with_alt_part_without_alt_data_no_change('body')
def test_request_with_bad_service(self):
filters = {
'service': 'BAD_SERVICE',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.assertRaises(exceptions.EndpointNotFound,
self.auth_provider.auth_request,
'GET',
self.target_url,
filters=filters)
def test_request_without_service(self):
filters = {
'service': None,
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.assertRaises(exceptions.EndpointNotFound,
self.auth_provider.auth_request,
'GET',
self.target_url,
filters=filters)
def test_check_credentials_missing_attribute(self):
for attr in ['username', 'password']:
cred = copy.copy(self.credentials)
del cred[attr]
self.assertFalse(self.auth_provider.check_credentials(cred))
def test_fill_credentials(self):
self.auth_provider.fill_credentials()
creds = self.auth_provider.credentials
for attr in ['user_id', 'tenant_id']:
self.assertEqual(self._get_from_fake_identity(attr),
getattr(creds, attr))
def _test_base_url_helper(self, expected_url, filters, auth_data=None):
url = self.auth_provider.base_url(filters, auth_data)
self.assertEqual(url, expected_url)
def test_base_url(self):
self.filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion'
}
expected = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][1])
self._test_base_url_helper(expected, self.filters)
def test_base_url_to_get_admin_endpoint(self):
self.filters = {
'service': 'compute',
'endpoint_type': 'adminURL',
'region': 'FakeRegion'
}
expected = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][1], endpoint_type='adminURL')
self._test_base_url_helper(expected, self.filters)
def test_base_url_unknown_region(self):
"""If the region is unknown, the first endpoint is returned."""
self.filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'AintNoBodyKnowThisRegion'
}
expected = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][0])
self._test_base_url_helper(expected, self.filters)
def test_base_url_with_non_existent_service(self):
self.filters = {
'service': 'BAD_SERVICE',
'endpoint_type': 'publicURL',
'region': 'FakeRegion'
}
self.assertRaises(exceptions.EndpointNotFound,
self._test_base_url_helper, None, self.filters)
def test_base_url_without_service(self):
self.filters = {'endpoint_type': 'publicURL', 'region': 'FakeRegion'}
self.assertRaises(exceptions.EndpointNotFound,
self._test_base_url_helper, None, self.filters)
def test_base_url_with_api_version_filter(self):
self.filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion',
'api_version': 'v12'
}
expected = self._get_result_url_from_endpoint(
self._endpoints[0]['endpoints'][1], replacement='v12')
self._test_base_url_helper(expected, self.filters)
def test_base_url_with_skip_path_filter(self):
self.filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'FakeRegion',
'skip_path': True
}
expected = 'http://fake_url/'
self._test_base_url_helper(expected, self.filters)
def test_base_url_with_unversioned_endpoint(self):
auth_data = {
'serviceCatalog': [{
'type':
'identity',
'endpoints': [{
'region': 'FakeRegion',
'publicURL': 'http://fake_url'
}]
}]
}
filters = {
'service': 'identity',
'endpoint_type': 'publicURL',
'region': 'FakeRegion',
'api_version': 'v2.0'
}
expected = 'http://fake_url/v2.0'
self._test_base_url_helper(expected, filters, ('token', auth_data))
def test_token_not_expired(self):
expiry_data = datetime.datetime.utcnow() + datetime.timedelta(days=1)
self._verify_expiry(expiry_data=expiry_data, should_be_expired=False)
def test_token_expired(self):
expiry_data = datetime.datetime.utcnow() - datetime.timedelta(hours=1)
self._verify_expiry(expiry_data=expiry_data, should_be_expired=True)
def test_token_not_expired_to_be_renewed(self):
expiry_data = (datetime.datetime.utcnow() +
self.auth_provider.token_expiry_threshold / 2)
self._verify_expiry(expiry_data=expiry_data, should_be_expired=True)
def _verify_expiry(self, expiry_data, should_be_expired):
for expiry_format in self.auth_provider.EXPIRY_DATE_FORMATS:
auth_data = self._auth_data_with_expiry(
expiry_data.strftime(expiry_format))
self.assertEqual(self.auth_provider.is_expired(auth_data),
should_be_expired)
