def test_username_length(self): """Test that user names >64 characters are properly truncated.""" self._stubs_v3() ctx = utils.dummy_context() ctx.trust_id = None # a >64 character user name and the expected version long_user_name = 'U' * 64 + 'S' good_user_name = long_user_name[-64:] # mock keystone client user functions self.mock_ks_v3_client.users = self.m.CreateMockAnything() mock_user = self.m.CreateMockAnything() mock_user.id = 'auser123' # when keystone is called, the name should have been truncated # to the last 64 characters of the long name self.mock_ks_v3_client.users.create(name=good_user_name, password='******', default_project=ctx.tenant_id ).AndReturn(mock_user) self.mock_ks_v3_client.roles = self.m.CreateMockAnything() self.mock_ks_v3_client.roles.list().AndReturn(self._mock_roles_list()) self.mock_ks_v3_client.roles.grant(project=ctx.tenant_id, role='4546', user='******').AndReturn(None) self.m.ReplayAll() # call create_stack_user with a long user name. # the cleanup VerifyAll should verify that though we passed # long_user_name, keystone was actually called with a truncated # user name heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.create_stack_user(long_user_name, password='******')
def test_delete_ec2_keypair_id(self): """Test deleting ec2 credential by id.""" user_id = 'atestuser' self._stubs_v3(user_id=user_id) ctx = utils.dummy_context() ctx.trust_id = None # mock keystone client credentials functions credential_id = 'acredential123' self.mock_ks_v3_client.credentials = self.m.CreateMockAnything() # mock keystone client delete function self.mock_ks_v3_client.credentials = self.m.CreateMockAnything() self.mock_ks_v3_client.credentials.delete(credential_id) self.mock_ks_v3_client.credentials.delete(credential_id).AndRaise( kc_exception.NotFound) self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertIsNone(heat_ks_client.delete_ec2_keypair( credential_id=credential_id)) # Second delete will raise ignored NotFound self.assertIsNone(heat_ks_client.delete_ec2_keypair( credential_id=credential_id))
def test_create_stack_domain_user_legacy_fallback(self): """Test creating a stack domain user, fallback path.""" cfg.CONF.clear_override('stack_user_domain') ctx = utils.dummy_context() ctx.trust_id = None # mock keystone client functions self._stubs_v3() self.mock_ks_v3_client.users = self.m.CreateMockAnything() mock_user = self.m.CreateMockAnything() mock_user.id = 'auser123' self.mock_ks_v3_client.users.create(name='auser', password='******', default_project=ctx.tenant_id ).AndReturn(mock_user) self.mock_ks_v3_client.roles = self.m.CreateMockAnything() self.mock_ks_v3_client.roles.list().AndReturn(self._mock_roles_list()) self.mock_ks_v3_client.roles.grant(project=ctx.tenant_id, role='4546', user='******').AndReturn(None) self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.create_stack_domain_user(username='******', project_id='aproject', password='******')
def test_create_stack_domain_user(self): """Test creating a stack domain user.""" ctx = utils.dummy_context() ctx.trust_id = None # mock keystone client functions self._stub_domain_admin_client() self.mock_admin_client.users = self.m.CreateMockAnything() mock_user = self.m.CreateMockAnything() mock_user.id = 'duser123' self.mock_admin_client.users.create(name='duser', password=None, default_project='aproject', domain='adomain123' ).AndReturn(mock_user) self.mock_admin_client.roles = self.m.CreateMockAnything() self.mock_admin_client.roles.list().AndReturn(self._mock_roles_list()) self.mock_admin_client.roles.grant(project='aproject', role='4546', user='******').AndReturn(None) self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.create_stack_domain_user(username='******', project_id='aproject')
def test_create_trust_context_trust_create(self): """Test create_trust_context when creating a trust.""" class MockTrust(object): id = 'atrust123' self._stub_admin_client() self._stubs_v3() cfg.CONF.set_override('deferred_auth_method', 'trusts') cfg.CONF.set_override('trusts_delegated_roles', ['heat_stack_owner']) self.mock_ks_v3_client.auth_ref = self.m.CreateMockAnything() self.mock_ks_v3_client.auth_ref.user_id = '5678' self.mock_ks_v3_client.auth_ref.project_id = '42' self.mock_ks_v3_client.trusts = self.m.CreateMockAnything() self.mock_ks_v3_client.trusts.create( trustor_user='******', trustee_user='******', project='42', impersonation=True, role_names=['heat_stack_owner']).AndReturn(MockTrust()) self.m.ReplayAll() ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) trust_context = heat_ks_client.create_trust_context() self.assertEqual('atrust123', trust_context.trust_id) self.assertEqual('5678', trust_context.trustor_user_id)
def test_delete_stack_domain_user(self): """Test deleting a stack domain user.""" ctx = utils.dummy_context() ctx.trust_id = None # mock keystone client functions self._stub_domain_admin_client() self.mock_admin_client.users = self.m.CreateMockAnything() mock_user = self.m.CreateMockAnything() mock_user.id = 'duser123' mock_user.domain_id = 'adomain123' mock_user.default_project_id = 'aproject' self.mock_admin_client.users.get('duser123').AndReturn(mock_user) self.mock_admin_client.users.delete('duser123').AndReturn(None) self.mock_admin_client.users.get('duser123').AndRaise( kc_exception.NotFound) self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.delete_stack_domain_user(user_id='duser123', project_id='aproject') # Second delete will raise ignored NotFound heat_ks_client.delete_stack_domain_user(user_id='duser123', project_id='aproject')
def test_create_stack_domain_user_keypair(self): """Test creating ec2 credentials for domain user.""" self._stub_domain_admin_client() ctx = utils.dummy_context() ctx.trust_id = None ex_data = {'access': 'dummy_access2', 'secret': 'dummy_secret2'} ex_data_json = json.dumps(ex_data) # stub UUID.hex to match ex_data self._stub_uuid(['dummy_access2', 'dummy_secret2']) # mock keystone client credentials functions self.mock_admin_client.credentials = self.m.CreateMockAnything() mock_credential = self.m.CreateMockAnything() mock_credential.id = '1234567' mock_credential.user_id = 'atestuser2' mock_credential.blob = ex_data_json mock_credential.type = 'ec2' # mock keystone client create function self.mock_admin_client.credentials.create( user='******', type='ec2', data=ex_data_json, project='aproject').AndReturn(mock_credential) self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) ec2_cred = heat_ks_client.create_stack_domain_user_keypair( user_id='atestuser2', project_id='aproject') self.assertEqual('1234567', ec2_cred.id) self.assertEqual('dummy_access2', ec2_cred.access) self.assertEqual('dummy_secret2', ec2_cred.secret)
def test_username_length(self): """Test that user names >64 characters are properly truncated.""" self._stubs_v2() # a >64 character user name and the expected version long_user_name = 'U' * 64 + 'S' good_user_name = long_user_name[-64:] # mock keystone client user functions self.mock_ks_client.users = self.m.CreateMockAnything() mock_user = self.m.CreateMockAnything() # when keystone is called, the name should have been truncated # to the last 64 characters of the long name (self.mock_ks_client.users.create(good_user_name, 'password', mox.IgnoreArg(), enabled=True, tenant_id=mox.IgnoreArg()) .AndReturn(mock_user)) # mock out the call to roles; will send an error log message but does # not raise an exception self.mock_ks_client.roles = self.m.CreateMockAnything() self.mock_ks_client.roles.list().AndReturn([]) self.m.ReplayAll() # call create_stack_user with a long user name. # the cleanup VerifyAll should verify that though we passed # long_user_name, keystone was actually called with a truncated # user name ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.create_stack_user(long_user_name, password='******')
def test_get_ec2_keypair_id(self): """Test getting ec2 credential by id.""" user_id = 'atestuser' self._stubs_v3(user_id=user_id) ctx = utils.dummy_context() ctx.trust_id = None ex_data = {'access': 'access123', 'secret': 'secret456'} ex_data_json = json.dumps(ex_data) # Create a mock credential response credential_id = 'acredential123' mock_credential = self.m.CreateMockAnything() mock_credential.id = credential_id mock_credential.user_id = user_id mock_credential.blob = ex_data_json mock_credential.type = 'ec2' # mock keystone client get function self.mock_ks_v3_client.credentials = self.m.CreateMockAnything() self.mock_ks_v3_client.credentials.get( credential_id).AndReturn(mock_credential) self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) ec2_cred = heat_ks_client.get_ec2_keypair(credential_id=credential_id) self.assertEqual(credential_id, ec2_cred.id) self.assertEqual('access123', ec2_cred.access) self.assertEqual('secret456', ec2_cred.secret)
def test_delete_stack_domain_user_keypair(self): ctx = utils.dummy_context() ctx.trust_id = None # mock keystone client functions self._stub_domain_admin_client() user = self._stub_admin_user_get('duser123', 'adomain123', 'aproject') self.mock_admin_client.credentials = self.m.CreateMockAnything() self.mock_admin_client.credentials.delete('acredentialid').AndReturn( None) self.mock_admin_client.users.get('duser123').AndReturn(user) self.mock_admin_client.credentials.delete('acredentialid').AndRaise( kc_exception.NotFound) self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.delete_stack_domain_user_keypair( user_id='duser123', project_id='aproject', credential_id='acredentialid') # Second delete will raise ignored NotFound heat_ks_client.delete_stack_domain_user_keypair( user_id='duser123', project_id='aproject', credential_id='acredentialid')
def test_get_ec2_keypair_error(self): """Test getting ec2 credential error path.""" ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertRaises(ValueError, heat_ks_client.get_ec2_keypair)
def load_user_creds(creds_id): user_creds = db_api.user_creds_get(creds_id) stored_context = context.RequestContext.from_dict(user_creds) # heat_keystoneclient populates the context with an auth_token # either via the stored user/password or trust_id, depending # on how deferred_auth_method is configured in the conf file hkc.KeystoneClient(stored_context) return stored_context
def test_delete_stack_domain_project_legacy_fallback(self): """Test the delete_stack_domain_project function, fallback path.""" cfg.CONF.clear_override('stack_user_domain') ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertIsNone(heat_ks_client.delete_stack_domain_project( project_id='aprojectid'))
def test_deleting_ec2_keypair_error(self): """Test deleting ec2 credential error path.""" ctx = utils.dummy_context() ctx.trust_id = None self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertRaises(ValueError, heat_ks_client.delete_ec2_keypair)
def test_stack_domain_id_existing(self): """Test the stack_domain_id property when the domain exists.""" self._stub_domain(ret_id='adomain123') self.m.ReplayAll() ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertEqual('adomain123', heat_ks_client.stack_domain_id)
def test_create_stack_domain_project_legacy_fallback(self): """Test the create_stack_domain_project function, fallback path.""" cfg.CONF.clear_override('stack_user_domain') ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertEqual(ctx.tenant_id, heat_ks_client.create_stack_domain_project('astack'))
def test_init_v3_bad_nocreds(self): """Test creating the client, no credentials.""" ctx = utils.dummy_context() ctx.auth_token = None ctx.trust_id = None ctx.username = None ctx.password = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertRaises(exception.AuthorizationFailure, heat_ks_client._v3_client_init)
def test_init_domain_cfg_not_set_fallback(self): """Test error path when config lacks domain config.""" cfg.CONF.clear_override('stack_user_domain') cfg.CONF.clear_override('stack_domain_admin') cfg.CONF.clear_override('stack_domain_admin_password') ctx = utils.dummy_context() ctx.username = None ctx.password = None ctx.trust_id = None self.assertIsNotNone(heat_keystoneclient.KeystoneClient(ctx))
def test_trust_init_pw(self): """Test trust_id is takes precedence username/password specified.""" self._stubs_v3(method='trust') self.m.ReplayAll() ctx = utils.dummy_context() ctx.auth_token = None ctx.trust_id = 'atrust123' ctx.trustor_user_id = 'trustor_user_id' heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertIsNotNone(heat_ks_client._client)
def test_init_v3_password(self): """Test creating the client, password auth.""" self._stubs_v3(method='password') self.m.ReplayAll() ctx = utils.dummy_context() ctx.auth_token = None ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) client = heat_ks_client.client self.assertIsNotNone(client)
def test_delete_stack_domain_project(self): """Test the delete_stack_domain_project function.""" self._stub_admin_client() self.mock_admin_client.projects = self.m.CreateMockAnything() self.mock_admin_client.projects.delete(project='aprojectid') self.m.ReplayAll() ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.delete_stack_domain_project(project_id='aprojectid')
def test_delete_trust(self): """Test delete_trust when deleting trust.""" self._stubs_v3() cfg.CONF.set_override('deferred_auth_method', 'trusts') self.mock_ks_v3_client.trusts = self.m.CreateMockAnything() self.mock_ks_v3_client.trusts.delete('atrust123').AndReturn(None) self.m.ReplayAll() ctx = utils.dummy_context() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertIsNone(heat_ks_client.delete_trust(trust_id='atrust123'))
def test_trust_init_token(self): """Test trust_id takes precedence when token specified.""" self._stubs_v2(method='trust') self.m.ReplayAll() ctx = utils.dummy_context() ctx.username = None ctx.password = None ctx.trust_id = 'atrust123' heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertIsNotNone(heat_ks_client._client_v2) self.assertIsNone(heat_ks_client._client_v3)
def test_delete_trust_not_found(self): """Test delete_trust when trust already deleted.""" self._stubs_v3() cfg.CONF.set_override('deferred_auth_method', 'trusts') self.mock_ks_v3_client.trusts = self.m.CreateMockAnything() self.mock_ks_v3_client.trusts.delete('atrust123').AndRaise( kc_exception.NotFound) self.m.ReplayAll() ctx = utils.dummy_context() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertIsNone(heat_ks_client.delete_trust(trust_id='atrust123'))
def test_stack_domain_id_new(self): """Test the stack_domain_id property when the domain doesn't exist.""" self._stub_domain(cfg_name='testname') dummy = self.m.CreateMockAnything() dummy.id = 'adomain123' self.mock_admin_client.domains.create(name='testname').AndReturn(dummy) self.m.ReplayAll() ctx = utils.dummy_context() ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertEqual('adomain123', heat_ks_client.stack_domain_id)
def test_init_v3_token(self): """Test creating the client, token auth.""" self._stubs_v3() self.m.ReplayAll() ctx = utils.dummy_context() ctx.username = None ctx.password = None ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) heat_ks_client.client self.assertIsNotNone(heat_ks_client._client)
def test_init_admin_client(self): """Test the admin_client property.""" self._stub_admin_client() self.m.ReplayAll() ctx = utils.dummy_context() ctx.username = None ctx.password = None ctx.trust_id = None heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertEqual(self.mock_admin_client, heat_ks_client.admin_client) self.assertEqual(self.mock_admin_client, heat_ks_client._admin_client)
def test_delete_stack_domain_user_keypair_error_domain(self): ctx = utils.dummy_context() ctx.trust_id = None # mock keystone client functions self._stub_domain_admin_client() self._stub_admin_user_get('duser123', 'notadomain123', 'aproject') self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertRaises(ValueError, heat_ks_client.delete_stack_domain_user_keypair, user_id='duser123', project_id='aproject', credential_id='acredentialid')
def test_disable_stack_domain_user_error_domain(self): """Test disabling a stack domain user, wrong domain.""" ctx = utils.dummy_context() ctx.trust_id = None # mock keystone client functions self._stub_domain_admin_client() self._stub_admin_user_get('duser123', 'notadomain123', 'aproject') self.m.ReplayAll() heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) self.assertRaises(ValueError, heat_ks_client.disable_stack_domain_user, user_id='duser123', project_id='aproject')
def test_create_trust_context_trust_id(self): """Test create_trust_context with existing trust_id.""" self._stubs_v3(method='trust') cfg.CONF.set_override('deferred_auth_method', 'trusts') self.m.ReplayAll() ctx = utils.dummy_context() ctx.trust_id = 'atrust123' ctx.trustor_user_id = 'trustor_user_id' heat_ks_client = heat_keystoneclient.KeystoneClient(ctx) trust_context = heat_ks_client.create_trust_context() self.assertEqual(ctx.to_dict(), trust_context.to_dict())