def test_s3api_with_only_s3_token_v3(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth( self.swift, {'operator_roles': 'swift-user'}) self.s3_token = S3Token( self.keystone_auth, {'auth_uri': 'https://fakehost/identity'}) self.s3api = S3ApiMiddleware(self.s3_token, self.conf) req = Request.blank( '/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'AWS access:signature', 'Date': self.get_date_header()}) self.swift.register('PUT', '/v1/AUTH_PROJECT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_PROJECT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: mock_resp = requests.Response() mock_resp._content = json.dumps(GOOD_RESPONSE_V3) mock_resp.status_code = 200 mock_req.return_value = mock_resp status, headers, body = self.call_s3api(req) self.assertEqual(body, '') self.assertEqual(1, mock_req.call_count)
def test_s3api_with_s3_token_no_pass_token_to_auth_token(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth(self.swift, {'operator_roles': 'swift-user'}) self.auth_token = AuthProtocol(self.keystone_auth, {'delay_auth_decision': 'True'}) self.s3_token = S3Token(self.auth_token, {'auth_uri': 'https://fakehost/identity'}) self.s3api = S3ApiMiddleware(self.s3_token, self.conf) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={ 'Authorization': 'AWS access:signature', 'Date': self.get_date_header() }) self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: with patch.object(self.auth_token, '_do_fetch_token') as mock_fetch: mock_resp = requests.Response() no_token_id_good_resp = copy.deepcopy(GOOD_RESPONSE_V2) # delete token id del no_token_id_good_resp['access']['token']['id'] mock_resp._content = json.dumps(no_token_id_good_resp) mock_resp.status_code = 201 mock_req.return_value = mock_resp mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2) mock_access_info.will_expire_soon = \ lambda stale_duration: False mock_fetch.return_value = (MagicMock(), mock_access_info) status, headers, body = self.call_s3api(req) # No token provided from keystone result in 401 Unauthorized # at `swift.common.middleware.keystoneauth` because auth_token # will remove all auth headers including 'X-Identity-Status'[1] # and then, set X-Identity-Status: Invalid at [2] # # 1: https://github.com/openstack/keystonemiddleware/blob/ # master/keystonemiddleware/auth_token/__init__.py#L620 # 2: https://github.com/openstack/keystonemiddleware/blob/ # master/keystonemiddleware/auth_token/__init__.py#L627-L629 self.assertEqual('403 Forbidden', status) self.assertEqual(1, mock_req.call_count) # if no token provided from keystone, we can skip the call to # fetch the token self.assertEqual(0, mock_fetch.call_count)
def test_fake_swift_sysmeta(self): swift = FakeSwift() orig_headers = HeaderKeyDict() orig_headers.update({ sysmeta_header('container', 'acl'): 'test', 'x-container-meta-foo': 'bar' }) swift.register(self.method, self.path, MagicMock(), orig_headers, None) self._check_headers(swift, self.method, self.path, orig_headers) new_headers = orig_headers.copy() del new_headers[sysmeta_header('container', 'acl').title()] swift.register(self.method, self.path, MagicMock(), new_headers, None) self._check_headers(swift, self.method, self.path, orig_headers)
def test_s3api_with_s3_token_and_auth_token(self): self.swift = FakeSwift() self.keystone_auth = KeystoneAuth(self.swift, {'operator_roles': 'swift-user'}) self.auth_token = AuthProtocol(self.keystone_auth, {'delay_auth_decision': 'True'}) self.s3_token = S3Token(self.auth_token, {'auth_uri': 'https://fakehost/identity'}) self.s3api = S3ApiMiddleware(self.s3_token, self.conf) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={ 'Authorization': 'AWS access:signature', 'Date': self.get_date_header() }) self.swift.register('PUT', '/v1/AUTH_TENANT_ID/bucket', swob.HTTPCreated, {}, None) self.swift.register('HEAD', '/v1/AUTH_TENANT_ID', swob.HTTPOk, {}, None) with patch.object(self.s3_token, '_json_request') as mock_req: with patch.object(self.auth_token, '_do_fetch_token') as mock_fetch: mock_resp = requests.Response() mock_resp._content = json.dumps(GOOD_RESPONSE_V2) mock_resp.status_code = 201 mock_req.return_value = mock_resp mock_access_info = AccessInfoV2(GOOD_RESPONSE_V2) mock_access_info.will_expire_soon = \ lambda stale_duration: False mock_fetch.return_value = (MagicMock(), mock_access_info) status, headers, body = self.call_s3api(req) self.assertEqual(body, '') self.assertEqual(1, mock_req.call_count) # With X-Auth-Token, auth_token will call _do_fetch_token to # connect to keystone in auth_token, again self.assertEqual(1, mock_fetch.call_count)
def __init__(self): self.swift = FakeSwift()