def test_username_length(self):
"""Test that user names >64 characters are properly truncated."""
self._stubs_v3()
ctx = utils.dummy_context()
ctx.trust_id = None
# a >64 character user name and the expected version
long_user_name = 'U' * 64 + 'S'
good_user_name = long_user_name[-64:]
# mock keystone client user functions
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
mock_user = self.m.CreateMockAnything()
mock_user.id = 'auser123'
# when keystone is called, the name should have been truncated
# to the last 64 characters of the long name
self.mock_ks_v3_client.users.create(name=good_user_name,
password='******',
default_project=ctx.tenant_id
).AndReturn(mock_user)
self.mock_ks_v3_client.roles = self.m.CreateMockAnything()
self.mock_ks_v3_client.roles.list().AndReturn(self._mock_roles_list())
self.mock_ks_v3_client.roles.grant(project=ctx.tenant_id,
role='4546',
user='******').AndReturn(None)
self.m.ReplayAll()
# call create_stack_user with a long user name.
# the cleanup VerifyAll should verify that though we passed
# long_user_name, keystone was actually called with a truncated
# user name
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.create_stack_user(long_user_name, password='******')
def test_delete_ec2_keypair_id(self):
"""Test deleting ec2 credential by id."""
user_id = 'atestuser'
self._stubs_v3(user_id=user_id)
ctx = utils.dummy_context()
ctx.trust_id = None
# mock keystone client credentials functions
credential_id = 'acredential123'
self.mock_ks_v3_client.credentials = self.m.CreateMockAnything()
# mock keystone client delete function
self.mock_ks_v3_client.credentials = self.m.CreateMockAnything()
self.mock_ks_v3_client.credentials.delete(credential_id)
self.mock_ks_v3_client.credentials.delete(credential_id).AndRaise(
kc_exception.NotFound)
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertIsNone(heat_ks_client.delete_ec2_keypair(
credential_id=credential_id))
# Second delete will raise ignored NotFound
self.assertIsNone(heat_ks_client.delete_ec2_keypair(
credential_id=credential_id))
def test_create_stack_domain_user_legacy_fallback(self):
"""Test creating a stack domain user, fallback path."""
cfg.CONF.clear_override('stack_user_domain')
ctx = utils.dummy_context()
ctx.trust_id = None
# mock keystone client functions
self._stubs_v3()
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
mock_user = self.m.CreateMockAnything()
mock_user.id = 'auser123'
self.mock_ks_v3_client.users.create(name='auser',
password='******',
default_project=ctx.tenant_id
).AndReturn(mock_user)
self.mock_ks_v3_client.roles = self.m.CreateMockAnything()
self.mock_ks_v3_client.roles.list().AndReturn(self._mock_roles_list())
self.mock_ks_v3_client.roles.grant(project=ctx.tenant_id,
role='4546',
user='******').AndReturn(None)
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.create_stack_domain_user(username='******',
project_id='aproject',
password='******')
def test_create_stack_domain_user(self):
"""Test creating a stack domain user."""
ctx = utils.dummy_context()
ctx.trust_id = None
# mock keystone client functions
self._stub_domain_admin_client()
self.mock_admin_client.users = self.m.CreateMockAnything()
mock_user = self.m.CreateMockAnything()
mock_user.id = 'duser123'
self.mock_admin_client.users.create(name='duser',
password=None,
default_project='aproject',
domain='adomain123'
).AndReturn(mock_user)
self.mock_admin_client.roles = self.m.CreateMockAnything()
self.mock_admin_client.roles.list().AndReturn(self._mock_roles_list())
self.mock_admin_client.roles.grant(project='aproject',
role='4546',
user='******').AndReturn(None)
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.create_stack_domain_user(username='******',
project_id='aproject')
def test_create_trust_context_trust_create(self):
"""Test create_trust_context when creating a trust."""
class MockTrust(object):
id = 'atrust123'
self._stub_admin_client()
self._stubs_v3()
cfg.CONF.set_override('deferred_auth_method', 'trusts')
cfg.CONF.set_override('trusts_delegated_roles', ['heat_stack_owner'])
self.mock_ks_v3_client.auth_ref = self.m.CreateMockAnything()
self.mock_ks_v3_client.auth_ref.user_id = '5678'
self.mock_ks_v3_client.auth_ref.project_id = '42'
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
self.mock_ks_v3_client.trusts.create(
trustor_user='******',
trustee_user='******',
project='42',
impersonation=True,
role_names=['heat_stack_owner']).AndReturn(MockTrust())
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
trust_context = heat_ks_client.create_trust_context()
self.assertEqual('atrust123', trust_context.trust_id)
self.assertEqual('5678', trust_context.trustor_user_id)
def test_delete_stack_domain_user(self):
"""Test deleting a stack domain user."""
ctx = utils.dummy_context()
ctx.trust_id = None
# mock keystone client functions
self._stub_domain_admin_client()
self.mock_admin_client.users = self.m.CreateMockAnything()
mock_user = self.m.CreateMockAnything()
mock_user.id = 'duser123'
mock_user.domain_id = 'adomain123'
mock_user.default_project_id = 'aproject'
self.mock_admin_client.users.get('duser123').AndReturn(mock_user)
self.mock_admin_client.users.delete('duser123').AndReturn(None)
self.mock_admin_client.users.get('duser123').AndRaise(
kc_exception.NotFound)
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.delete_stack_domain_user(user_id='duser123',
project_id='aproject')
# Second delete will raise ignored NotFound
heat_ks_client.delete_stack_domain_user(user_id='duser123',
project_id='aproject')
def test_create_stack_domain_user_keypair(self):
"""Test creating ec2 credentials for domain user."""
self._stub_domain_admin_client()
ctx = utils.dummy_context()
ctx.trust_id = None
ex_data = {'access': 'dummy_access2',
'secret': 'dummy_secret2'}
ex_data_json = json.dumps(ex_data)
# stub UUID.hex to match ex_data
self._stub_uuid(['dummy_access2', 'dummy_secret2'])
# mock keystone client credentials functions
self.mock_admin_client.credentials = self.m.CreateMockAnything()
mock_credential = self.m.CreateMockAnything()
mock_credential.id = '1234567'
mock_credential.user_id = 'atestuser2'
mock_credential.blob = ex_data_json
mock_credential.type = 'ec2'
# mock keystone client create function
self.mock_admin_client.credentials.create(
user='******', type='ec2', data=ex_data_json,
project='aproject').AndReturn(mock_credential)
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
ec2_cred = heat_ks_client.create_stack_domain_user_keypair(
user_id='atestuser2', project_id='aproject')
self.assertEqual('1234567', ec2_cred.id)
self.assertEqual('dummy_access2', ec2_cred.access)
self.assertEqual('dummy_secret2', ec2_cred.secret)
def test_username_length(self):
"""Test that user names >64 characters are properly truncated."""
self._stubs_v2()
# a >64 character user name and the expected version
long_user_name = 'U' * 64 + 'S'
good_user_name = long_user_name[-64:]
# mock keystone client user functions
self.mock_ks_client.users = self.m.CreateMockAnything()
mock_user = self.m.CreateMockAnything()
# when keystone is called, the name should have been truncated
# to the last 64 characters of the long name
(self.mock_ks_client.users.create(good_user_name, 'password',
mox.IgnoreArg(), enabled=True,
tenant_id=mox.IgnoreArg())
.AndReturn(mock_user))
# mock out the call to roles; will send an error log message but does
# not raise an exception
self.mock_ks_client.roles = self.m.CreateMockAnything()
self.mock_ks_client.roles.list().AndReturn([])
self.m.ReplayAll()
# call create_stack_user with a long user name.
# the cleanup VerifyAll should verify that though we passed
# long_user_name, keystone was actually called with a truncated
# user name
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.create_stack_user(long_user_name, password='******')
def test_get_ec2_keypair_id(self):
"""Test getting ec2 credential by id."""
user_id = 'atestuser'
self._stubs_v3(user_id=user_id)
ctx = utils.dummy_context()
ctx.trust_id = None
ex_data = {'access': 'access123',
'secret': 'secret456'}
ex_data_json = json.dumps(ex_data)
# Create a mock credential response
credential_id = 'acredential123'
mock_credential = self.m.CreateMockAnything()
mock_credential.id = credential_id
mock_credential.user_id = user_id
mock_credential.blob = ex_data_json
mock_credential.type = 'ec2'
# mock keystone client get function
self.mock_ks_v3_client.credentials = self.m.CreateMockAnything()
self.mock_ks_v3_client.credentials.get(
credential_id).AndReturn(mock_credential)
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
ec2_cred = heat_ks_client.get_ec2_keypair(credential_id=credential_id)
self.assertEqual(credential_id, ec2_cred.id)
self.assertEqual('access123', ec2_cred.access)
self.assertEqual('secret456', ec2_cred.secret)
def test_delete_stack_domain_user_keypair(self):
ctx = utils.dummy_context()
ctx.trust_id = None
# mock keystone client functions
self._stub_domain_admin_client()
user = self._stub_admin_user_get('duser123', 'adomain123', 'aproject')
self.mock_admin_client.credentials = self.m.CreateMockAnything()
self.mock_admin_client.credentials.delete('acredentialid').AndReturn(
None)
self.mock_admin_client.users.get('duser123').AndReturn(user)
self.mock_admin_client.credentials.delete('acredentialid').AndRaise(
kc_exception.NotFound)
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.delete_stack_domain_user_keypair(
user_id='duser123',
project_id='aproject',
credential_id='acredentialid')
# Second delete will raise ignored NotFound
heat_ks_client.delete_stack_domain_user_keypair(
user_id='duser123',
project_id='aproject',
credential_id='acredentialid')
def test_get_ec2_keypair_error(self):
"""Test getting ec2 credential error path."""
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertRaises(ValueError, heat_ks_client.get_ec2_keypair)
def load_user_creds(creds_id):
user_creds = db_api.user_creds_get(creds_id)
stored_context = context.RequestContext.from_dict(user_creds)
# heat_keystoneclient populates the context with an auth_token
# either via the stored user/password or trust_id, depending
# on how deferred_auth_method is configured in the conf file
hkc.KeystoneClient(stored_context)
return stored_context
def test_delete_stack_domain_project_legacy_fallback(self):
"""Test the delete_stack_domain_project function, fallback path."""
cfg.CONF.clear_override('stack_user_domain')
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertIsNone(heat_ks_client.delete_stack_domain_project(
project_id='aprojectid'))
def test_deleting_ec2_keypair_error(self):
"""Test deleting ec2 credential error path."""
ctx = utils.dummy_context()
ctx.trust_id = None
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertRaises(ValueError, heat_ks_client.delete_ec2_keypair)
def test_stack_domain_id_existing(self):
"""Test the stack_domain_id property when the domain exists."""
self._stub_domain(ret_id='adomain123')
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertEqual('adomain123', heat_ks_client.stack_domain_id)
def test_create_stack_domain_project_legacy_fallback(self):
"""Test the create_stack_domain_project function, fallback path."""
cfg.CONF.clear_override('stack_user_domain')
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertEqual(ctx.tenant_id,
heat_ks_client.create_stack_domain_project('astack'))
def test_init_v3_bad_nocreds(self):
"""Test creating the client, no credentials."""
ctx = utils.dummy_context()
ctx.auth_token = None
ctx.trust_id = None
ctx.username = None
ctx.password = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertRaises(exception.AuthorizationFailure,
heat_ks_client._v3_client_init)
def test_init_domain_cfg_not_set_fallback(self):
"""Test error path when config lacks domain config."""
cfg.CONF.clear_override('stack_user_domain')
cfg.CONF.clear_override('stack_domain_admin')
cfg.CONF.clear_override('stack_domain_admin_password')
ctx = utils.dummy_context()
ctx.username = None
ctx.password = None
ctx.trust_id = None
self.assertIsNotNone(heat_keystoneclient.KeystoneClient(ctx))
def test_trust_init_pw(self):
"""Test trust_id is takes precedence username/password specified."""
self._stubs_v3(method='trust')
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.auth_token = None
ctx.trust_id = 'atrust123'
ctx.trustor_user_id = 'trustor_user_id'
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertIsNotNone(heat_ks_client._client)
def test_init_v3_password(self):
"""Test creating the client, password auth."""
self._stubs_v3(method='password')
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.auth_token = None
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
client = heat_ks_client.client
self.assertIsNotNone(client)
def test_delete_stack_domain_project(self):
"""Test the delete_stack_domain_project function."""
self._stub_admin_client()
self.mock_admin_client.projects = self.m.CreateMockAnything()
self.mock_admin_client.projects.delete(project='aprojectid')
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.delete_stack_domain_project(project_id='aprojectid')
def test_delete_trust(self):
"""Test delete_trust when deleting trust."""
self._stubs_v3()
cfg.CONF.set_override('deferred_auth_method', 'trusts')
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
self.mock_ks_v3_client.trusts.delete('atrust123').AndReturn(None)
self.m.ReplayAll()
ctx = utils.dummy_context()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertIsNone(heat_ks_client.delete_trust(trust_id='atrust123'))
def test_trust_init_token(self):
"""Test trust_id takes precedence when token specified."""
self._stubs_v2(method='trust')
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.username = None
ctx.password = None
ctx.trust_id = 'atrust123'
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertIsNotNone(heat_ks_client._client_v2)
self.assertIsNone(heat_ks_client._client_v3)
def test_delete_trust_not_found(self):
"""Test delete_trust when trust already deleted."""
self._stubs_v3()
cfg.CONF.set_override('deferred_auth_method', 'trusts')
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
self.mock_ks_v3_client.trusts.delete('atrust123').AndRaise(
kc_exception.NotFound)
self.m.ReplayAll()
ctx = utils.dummy_context()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertIsNone(heat_ks_client.delete_trust(trust_id='atrust123'))
def test_stack_domain_id_new(self):
"""Test the stack_domain_id property when the domain doesn't exist."""
self._stub_domain(cfg_name='testname')
dummy = self.m.CreateMockAnything()
dummy.id = 'adomain123'
self.mock_admin_client.domains.create(name='testname').AndReturn(dummy)
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertEqual('adomain123', heat_ks_client.stack_domain_id)
def test_init_v3_token(self):
"""Test creating the client, token auth."""
self._stubs_v3()
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.username = None
ctx.password = None
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
heat_ks_client.client
self.assertIsNotNone(heat_ks_client._client)
def test_init_admin_client(self):
"""Test the admin_client property."""
self._stub_admin_client()
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.username = None
ctx.password = None
ctx.trust_id = None
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertEqual(self.mock_admin_client, heat_ks_client.admin_client)
self.assertEqual(self.mock_admin_client, heat_ks_client._admin_client)
def test_delete_stack_domain_user_keypair_error_domain(self):
ctx = utils.dummy_context()
ctx.trust_id = None
# mock keystone client functions
self._stub_domain_admin_client()
self._stub_admin_user_get('duser123', 'notadomain123', 'aproject')
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertRaises(ValueError,
heat_ks_client.delete_stack_domain_user_keypair,
user_id='duser123', project_id='aproject',
credential_id='acredentialid')
def test_disable_stack_domain_user_error_domain(self):
"""Test disabling a stack domain user, wrong domain."""
ctx = utils.dummy_context()
ctx.trust_id = None
# mock keystone client functions
self._stub_domain_admin_client()
self._stub_admin_user_get('duser123', 'notadomain123', 'aproject')
self.m.ReplayAll()
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
self.assertRaises(ValueError, heat_ks_client.disable_stack_domain_user,
user_id='duser123', project_id='aproject')
def test_create_trust_context_trust_id(self):
"""Test create_trust_context with existing trust_id."""
self._stubs_v3(method='trust')
cfg.CONF.set_override('deferred_auth_method', 'trusts')
self.m.ReplayAll()
ctx = utils.dummy_context()
ctx.trust_id = 'atrust123'
ctx.trustor_user_id = 'trustor_user_id'
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
trust_context = heat_ks_client.create_trust_context()
self.assertEqual(ctx.to_dict(), trust_context.to_dict())
