def test_login_fails_demo_project_admin(self):
# Admin role on demo project, but missing the admin project
(self.user, password) = create_user({'demo': 'admin'},
{'Default': 'admin'})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'access to the admin project'):
auth_token.login(self.user.name, password)
def test_login_fails_domain_admin(self):
# Domain admin, but lacking access to admin project
(self.user, password) = create_user({'demo': 'admin'},
{'Default': 'admin'})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'access to the admin project'):
auth_token.login(self.user.name, password)
def test_login_fails_domain_member(self):
# Admin role on admin project, domain member, but missing the domain
# admin
(self.user, password) = create_user({'admin': 'admin'},
{'Default': '_member_'})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'not an admin of the default domain'):
auth_token.login(self.user.name, password)
def test_login_fails_multiple_admin_projects(self):
# Admin role on both projects, but missing the domain admin
(self.user, password) = create_user({
'admin': 'admin',
'demo': 'admin'
})
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'not authorized on the .* domain'):
auth_token.login(self.user.name, password)
def login(self):
(self.user, password) = create_user({'admin': 'admin'},
{'Default': 'admin'})
auth_ref = auth_token.login(self.user.name, password)
self.assertIsNotNone(auth_ref)
self.assertIsNotNone(auth_ref.auth_token)
self.assertTrue(auth_token.validate(auth_ref.auth_token))
return auth_ref
def get_auth_ref_from_env():
"""
Obtains keystone token using the provided configuration
"""
username = os.getenv('OS_USERNAME')
password = os.getenv('OS_PASSWORD')
if username is None or password is None:
raise Exception("OS_USERNAME and OS_PASSWORD env vars must be set")
return auth_token.login(username, password)
def test_login_other_admin(self):
# Domain admin, and demo project admin, and monasca-user role
# on admin project. This should succeed
(self.user,
password) = create_user({
'admin': 'monasca-user',
'demo': 'admin'
}, {'Default': 'admin'})
auth_ref = auth_token.login(self.user.name, password)
token = auth_ref.auth_token
ref = auth_token.get_appropriate_auth_ref(token)
self.assertIsNotNone(ref)
self.assertIsNotNone(ref.auth_token)
self.assertEqual('demo', ref.project_name)
def auth_token(self, username=None, password=None, tenant=None):
"""
POST /auth_token
BODY {"username": username, "password": password}
"""
body = json.loads(request.body)
username = body['username']
password = body['password']
LOG.debug("/auth_token user=%s" % (username))
auth_ref = None
try:
auth_ref = login(username, password)
return json.dumps({
'token': auth_ref.auth_token,
'expires': auth_ref.expires.isoformat()
})
except Exception as e:
LOG.info("User login as %s failed: %s" % (username, str(e)))
return Response(str(e), 401)
def test_login_fails_without_project_or_domain(self):
(self.user, password) = create_user()
with self.assertRaisesRegexp(BllAuthenticationFailedException,
'access to the admin project'):
auth_token.login(self.user.name, password)
