示例#1
0
def url_for(service_catalog=None, service_type='identity',
            endpoint_type="internalURL"):
    if not service_catalog:
        service_catalog = context.current().service_catalog
    try:
        return keystone_service_catalog.ServiceCatalogV2(
            json.loads(service_catalog)).url_for(
                service_type=service_type, interface=endpoint_type,
                region_name=CONF.os_region_name)
    except keystone_ex.EndpointNotFound:
        return keystone_service_catalog.ServiceCatalogV3(
            json.loads(service_catalog)).url_for(
                service_type=service_type, interface=endpoint_type,
                region_name=CONF.os_region_name)
示例#2
0
def generate_test_data(service_providers=False, endpoint='localhost'):
    '''Builds a set of test_data data as returned by Keystone V2.'''
    test_data = TestDataContainer()

    keystone_service = {
        'type': 'identity',
        'id': uuid.uuid4().hex,
        'endpoints': [
            {
                'url': 'http://admin.%s/identity/v3' % endpoint,
                'region': 'RegionOne',
                'interface': 'admin',
                'id': uuid.uuid4().hex,
            },
            {
                'url': 'http://internal.%s/identity/v3' % endpoint,
                'region': 'RegionOne',
                'interface': 'internal',
                'id': uuid.uuid4().hex
            },
            {
                'url': 'http://public.%s/identity/v3' % endpoint,
                'region': 'RegionOne',
                'interface': 'public',
                'id': uuid.uuid4().hex
            }
        ]
    }

    # Domains
    domain_dict = {'id': uuid.uuid4().hex,
                   'name': 'domain',
                   'description': '',
                   'enabled': True}
    test_data.domain = domains.Domain(domains.DomainManager(None),
                                      domain_dict, loaded=True)

    # Users
    user_dict = {'id': uuid.uuid4().hex,
                 'name': 'gabriel',
                 'email': '*****@*****.**',
                 'password': '******',
                 'domain_id': domain_dict['id'],
                 'token': '',
                 'enabled': True}
    test_data.user = users.User(users.UserManager(None),
                                user_dict, loaded=True)

    # Projects
    project_dict_1 = {'id': uuid.uuid4().hex,
                      'name': 'tenant_one',
                      'description': '',
                      'domain_id': domain_dict['id'],
                      'enabled': True}
    project_dict_2 = {'id': uuid.uuid4().hex,
                      'name': 'tenant_two',
                      'description': '',
                      'domain_id': domain_dict['id'],
                      'enabled': False}
    test_data.project_one = projects.Project(projects.ProjectManager(None),
                                             project_dict_1,
                                             loaded=True)
    test_data.project_two = projects.Project(projects.ProjectManager(None),
                                             project_dict_2,
                                             loaded=True)

    # Roles
    role_dict = {'id': uuid.uuid4().hex,
                 'name': 'Member'}
    test_data.role = roles.Role(roles.RoleManager, role_dict)

    nova_service = {
        'type': 'compute',
        'id': uuid.uuid4().hex,
        'endpoints': [
            {
                'url': ('http://nova-admin.%s:8774/v2.0/%s'
                        % (endpoint, project_dict_1['id'])),
                'region': 'RegionOne',
                'interface': 'admin',
                'id': uuid.uuid4().hex,
            },
            {
                'url': ('http://nova-internal.%s:8774/v2.0/%s'
                        % (endpoint, project_dict_1['id'])),
                'region': 'RegionOne',
                'interface': 'internal',
                'id': uuid.uuid4().hex
            },
            {
                'url': ('http://nova-public.%s:8774/v2.0/%s'
                        % (endpoint, project_dict_1['id'])),
                'region': 'RegionOne',
                'interface': 'public',
                'id': uuid.uuid4().hex
            },
            {
                'url': ('http://nova2-admin.%s:8774/v2.0/%s'
                        % (endpoint, project_dict_1['id'])),
                'region': 'RegionTwo',
                'interface': 'admin',
                'id': uuid.uuid4().hex,
            },
            {
                'url': ('http://nova2-internal.%s:8774/v2.0/%s'
                        % (endpoint, project_dict_1['id'])),
                'region': 'RegionTwo',
                'interface': 'internal',
                'id': uuid.uuid4().hex
            },
            {
                'url': ('http://nova2-public.%s:8774/v2.0/%s'
                        % (endpoint, project_dict_1['id'])),
                'region': 'RegionTwo',
                'interface': 'public',
                'id': uuid.uuid4().hex
            }
        ]
    }

    # Tokens
    tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
    expiration = datetime_safe.datetime.isoformat(tomorrow)
    auth_token = uuid.uuid4().hex

    auth_response_headers = {
        'X-Subject-Token': auth_token
    }

    auth_response = TestResponse({
        "headers": auth_response_headers
    })

    scoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'project': {
                'id': project_dict_1['id'],
                'name': project_dict_1['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'roles': [role_dict],
            'catalog': [keystone_service, nova_service]
        }
    }

    sp_list = None
    if service_providers:
        test_data.sp_auth_url = 'http://service_provider_endp/identity/v3'
        test_data.service_provider_id = 'k2kserviceprovider'
        # The access info for the identity provider
        # should return a list of service providers
        sp_list = [
            {'auth_url': test_data.sp_auth_url,
             'id': test_data.service_provider_id,
             'sp_url': 'https://k2kserviceprovider/sp_url'}
        ]
        scoped_token_dict['token']['service_providers'] = sp_list

    test_data.scoped_access_info = access.create(
        resp=auth_response,
        body=scoped_token_dict
    )

    domain_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'domain': {
                'id': domain_dict['id'],
                'name': domain_dict['name'],
            },
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'roles': [role_dict],
            'catalog': [keystone_service, nova_service]
        }
    }
    test_data.domain_scoped_access_info = access.create(
        resp=auth_response,
        body=domain_token_dict
    )

    unscoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'catalog': [keystone_service]
        }
    }

    if service_providers:
        unscoped_token_dict['token']['service_providers'] = sp_list

    test_data.unscoped_access_info = access.create(
        resp=auth_response,
        body=unscoped_token_dict
    )

    # Service Catalog
    test_data.service_catalog = service_catalog.ServiceCatalogV3(
        [keystone_service, nova_service])

    # federated user
    federated_scoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'project': {
                'id': project_dict_1['id'],
                'name': project_dict_1['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                },
                'OS-FEDERATION': {
                    'identity_provider': 'ACME',
                    'protocol': 'OIDC',
                    'groups': [
                        {'id': uuid.uuid4().hex},
                        {'id': uuid.uuid4().hex}
                    ]
                }
            },
            'roles': [role_dict],
            'catalog': [keystone_service, nova_service]
        }
    }

    test_data.federated_scoped_access_info = access.create(
        resp=auth_response,
        body=federated_scoped_token_dict
    )

    federated_unscoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                },
                'OS-FEDERATION': {
                    'identity_provider': 'ACME',
                    'protocol': 'OIDC',
                    'groups': [
                        {'id': uuid.uuid4().hex},
                        {'id': uuid.uuid4().hex}
                    ]
                }
            },
            'catalog': [keystone_service]
        }
    }

    test_data.federated_unscoped_access_info = access.create(
        resp=auth_response,
        body=federated_unscoped_token_dict
    )

    return test_data
def generate_test_data(pki=False):
    '''Builds a set of test_data data as returned by Keystone V2.'''
    test_data = TestDataContainer()

    keystone_service = {
        'type':
        'identity',
        'id':
        uuid.uuid4().hex,
        'endpoints': [{
            'url': 'http://admin.localhost:35357/v3',
            'region': 'RegionOne',
            'interface': 'admin',
            'id': uuid.uuid4().hex,
        }, {
            'url': 'http://internal.localhost:5000/v3',
            'region': 'RegionOne',
            'interface': 'internal',
            'id': uuid.uuid4().hex
        }, {
            'url': 'http://public.localhost:5000/v3',
            'region': 'RegionOne',
            'interface': 'public',
            'id': uuid.uuid4().hex
        }]
    }

    # Domains
    domain_dict = {
        'id': uuid.uuid4().hex,
        'name': 'domain',
        'description': '',
        'enabled': True
    }
    test_data.domain = domains.Domain(domains.DomainManager(None),
                                      domain_dict,
                                      loaded=True)

    # Users
    user_dict = {
        'id': uuid.uuid4().hex,
        'name': 'gabriel',
        'email': '*****@*****.**',
        'password': '******',
        'domain_id': domain_dict['id'],
        'token': '',
        'enabled': True
    }
    test_data.user = users.User(users.UserManager(None),
                                user_dict,
                                loaded=True)

    # Projects
    project_dict_1 = {
        'id': uuid.uuid4().hex,
        'name': 'tenant_one',
        'description': '',
        'domain_id': domain_dict['id'],
        'enabled': True
    }
    project_dict_2 = {
        'id': uuid.uuid4().hex,
        'name': 'tenant_two',
        'description': '',
        'domain_id': domain_dict['id'],
        'enabled': False
    }
    test_data.project_one = projects.Project(projects.ProjectManager(None),
                                             project_dict_1,
                                             loaded=True)
    test_data.project_two = projects.Project(projects.ProjectManager(None),
                                             project_dict_2,
                                             loaded=True)

    # Roles
    role_dict = {'id': uuid.uuid4().hex, 'name': 'Member'}
    test_data.role = roles.Role(roles.RoleManager, role_dict)

    nova_service = {
        'type':
        'compute',
        'id':
        uuid.uuid4().hex,
        'endpoints': [{
            'url': ('http://nova-admin.localhost:8774/v2.0/%s' %
                    (project_dict_1['id'])),
            'region':
            'RegionOne',
            'interface':
            'admin',
            'id':
            uuid.uuid4().hex,
        }, {
            'url': ('http://nova-internal.localhost:8774/v2.0/%s' %
                    (project_dict_1['id'])),
            'region':
            'RegionOne',
            'interface':
            'internal',
            'id':
            uuid.uuid4().hex
        }, {
            'url': ('http://nova-public.localhost:8774/v2.0/%s' %
                    (project_dict_1['id'])),
            'region':
            'RegionOne',
            'interface':
            'public',
            'id':
            uuid.uuid4().hex
        }, {
            'url': ('http://nova2-admin.localhost:8774/v2.0/%s' %
                    (project_dict_1['id'])),
            'region':
            'RegionTwo',
            'interface':
            'admin',
            'id':
            uuid.uuid4().hex,
        }, {
            'url': ('http://nova2-internal.localhost:8774/v2.0/%s' %
                    (project_dict_1['id'])),
            'region':
            'RegionTwo',
            'interface':
            'internal',
            'id':
            uuid.uuid4().hex
        }, {
            'url': ('http://nova2-public.localhost:8774/v2.0/%s' %
                    (project_dict_1['id'])),
            'region':
            'RegionTwo',
            'interface':
            'public',
            'id':
            uuid.uuid4().hex
        }]
    }

    # Tokens
    tomorrow = datetime_safe.datetime.now() + datetime.timedelta(days=1)
    expiration = datetime_safe.datetime.isoformat(tomorrow)
    if pki:
        # We don't need a real PKI token, but just the prefix to make the
        # keystone client treat it as a PKI token
        auth_token = cms.PKI_ASN1_PREFIX + uuid.uuid4().hex
    else:
        auth_token = uuid.uuid4().hex

    auth_response_headers = {'X-Subject-Token': auth_token}

    auth_response = TestResponse({"headers": auth_response_headers})

    scoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'project': {
                'id': project_dict_1['id'],
                'name': project_dict_1['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'roles': [role_dict],
            'catalog': [keystone_service, nova_service]
        }
    }

    test_data.scoped_access_info = access.create(resp=auth_response,
                                                 body=scoped_token_dict)

    domain_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'domain': {
                'id': domain_dict['id'],
                'name': domain_dict['name'],
            },
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'roles': [role_dict],
            'catalog': [keystone_service, nova_service]
        }
    }
    test_data.domain_scoped_access_info = access.create(resp=auth_response,
                                                        body=domain_token_dict)

    unscoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'catalog': [keystone_service]
        }
    }

    test_data.unscoped_access_info = access.create(resp=auth_response,
                                                   body=unscoped_token_dict)

    # Service Catalog
    test_data.service_catalog = service_catalog.ServiceCatalogV3(
        [keystone_service, nova_service])

    # federated user
    federated_scoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'project': {
                'id': project_dict_1['id'],
                'name': project_dict_1['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                }
            },
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                },
                'OS-FEDERATION': {
                    'identity_provider': 'ACME',
                    'protocol': 'OIDC',
                    'groups': [{
                        'id': uuid.uuid4().hex
                    }, {
                        'id': uuid.uuid4().hex
                    }]
                }
            },
            'roles': [role_dict],
            'catalog': [keystone_service, nova_service]
        }
    }

    test_data.federated_scoped_access_info = access.create(
        resp=auth_response, body=federated_scoped_token_dict)

    federated_unscoped_token_dict = {
        'token': {
            'methods': ['password'],
            'expires_at': expiration,
            'user': {
                'id': user_dict['id'],
                'name': user_dict['name'],
                'domain': {
                    'id': domain_dict['id'],
                    'name': domain_dict['name']
                },
                'OS-FEDERATION': {
                    'identity_provider': 'ACME',
                    'protocol': 'OIDC',
                    'groups': [{
                        'id': uuid.uuid4().hex
                    }, {
                        'id': uuid.uuid4().hex
                    }]
                }
            },
            'catalog': [keystone_service]
        }
    }

    test_data.federated_unscoped_access_info = access.create(
        resp=auth_response, body=federated_unscoped_token_dict)

    return test_data