def setUp(self):
super(V3UserPluginTests, self).setUp()
self.service_token_id = uuid.uuid4().hex
self.service_token = fixture.V3Token()
s = self.service_token.add_service('identity', name='keystone')
s.add_standard_endpoints(public=BASE_URI,
admin=BASE_URI,
internal=BASE_URI)
self.configure_middleware(auth_type='v3password',
auth_url='%s/v3/' % AUTH_URL,
user_id=self.service_token.user_id,
password=uuid.uuid4().hex,
project_id=self.service_token.project_id)
auth_discovery = fixture.DiscoveryList(href=AUTH_URL)
self.requests_mock.get(AUTH_URL, json=auth_discovery)
base_discovery = fixture.DiscoveryList(href=BASE_URI)
self.requests_mock.get(BASE_URI, json=base_discovery)
self.requests_mock.post(
'%s/v3/auth/tokens' % AUTH_URL,
headers={'X-Subject-Token': self.service_token_id},
json=self.service_token)
def setUp(self):
super(V2UserPluginTests, self).setUp()
self.service_token = fixture.V2Token()
self.service_token.set_scope()
s = self.service_token.add_service('identity', name='keystone')
s.add_endpoint(public=BASE_URI,
admin=BASE_URI,
internal=BASE_URI)
self.configure_middleware(auth_type='v2password',
auth_url='%s/v2.0/' % AUTH_URL,
user_id=self.service_token.user_id,
password=uuid.uuid4().hex,
tenant_id=self.service_token.tenant_id)
auth_discovery = fixture.DiscoveryList(href=AUTH_URL, v3=False)
self.requests_mock.get(AUTH_URL, json=auth_discovery)
base_discovery = fixture.DiscoveryList(href=BASE_URI, v3=False)
self.requests_mock.get(BASE_URI, json=base_discovery)
url = '%s/v2.0/tokens' % AUTH_URL
self.requests_mock.post(url, json=self.service_token)
def setUp(self):
super(ShellTest, self).setUp()
global _old_env
_old_env, os.environ = os.environ, self.auth_env
self.requests = self.useFixture(rm_fixture.Fixture())
json_list = ks_fixture.DiscoveryList(DEFAULT_UNVERSIONED_AUTH_URL)
self.requests.get(DEFAULT_UNVERSIONED_AUTH_URL,
json=json_list,
status_code=300)
json_v2 = {'version': ks_fixture.V2Discovery(DEFAULT_V2_AUTH_URL)}
self.requests.get(DEFAULT_V2_AUTH_URL, json=json_v2)
json_v3 = {'version': ks_fixture.V3Discovery(DEFAULT_V3_AUTH_URL)}
self.requests.get(DEFAULT_V3_AUTH_URL, json=json_v3)
self.v2_auth = self.requests.post(DEFAULT_V2_AUTH_URL + '/tokens',
json=V2_TOKEN)
headers = {'X-Subject-Token': TOKEN_ID}
self.v3_auth = self.requests.post(DEFAULT_V3_AUTH_URL + '/auth/tokens',
headers=headers,
json=V3_TOKEN)
global shell, _shell, assert_called, assert_called_anytime
_shell = openstack_shell.OpenStackImagesShell()
shell = lambda cmd: _shell.main(cmd.split())
def test_getting_endpoints_on_auth_interface(self):
disc = fixture.DiscoveryList(href=self.BASE_URL)
self.stub_url('GET', ['/'],
base_url=self.BASE_URL,
status_code=300,
json=disc)
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
endpoint = sess.get_endpoint(interface=plugin.AUTH_INTERFACE,
version=(3, 0))
self.assertEqual(self.V3_URL, endpoint)
def test_discover_unstable_versions(self):
version_list = fixture.DiscoveryList(BASE_URL, v3_status='beta')
self.requests_mock.get(BASE_URL, status_code=300, json=version_list)
self.assertCreatesV2(auth_url=BASE_URL)
self.assertVersionNotAvailable(auth_url=BASE_URL, version=3)
self.assertCreatesV3(auth_url=BASE_URL, unstable=True)
def register_keystone_auth_fixture(self, request_mocker):
self.register_keystone_v2_token_fixture(request_mocker)
self.register_keystone_v3_token_fixture(request_mocker)
request_mocker.get(V2_URL, json=ks_fixture.V2Discovery(V2_URL))
request_mocker.get(V3_URL, json=ks_fixture.V3Discovery(V3_URL))
request_mocker.get(BASE_URL, json=ks_fixture.DiscoveryList(BASE_URL))
def setUp(self):
super(CommonIdentityTests, self).setUp()
self.TEST_URL = '%s%s' % (self.TEST_ROOT_URL, self.version)
self.TEST_ADMIN_URL = '%s%s' % (self.TEST_ROOT_ADMIN_URL, self.version)
self.TEST_DISCOVERY = fixture.DiscoveryList(href=self.TEST_ROOT_URL)
self.stub_auth_data()
def test_discovery_fail_for_missing_v3(self):
versions = fixture.DiscoveryList(v2=True, v3=False)
self.requests_mock.get(BASE_URL, status_code=300, json=versions)
# Creating Discover not using session is deprecated.
with self.deprecations.expect_deprecations_here():
disc = discover.Discover(auth_url=BASE_URL)
self.assertRaises(exceptions.DiscoveryFailure,
disc.create_client, version=(3, 0))
def test_unknown_client_version(self):
V4_VERSION = {'id': 'v4.0',
'links': [{'href': 'http://url', 'rel': 'self'}],
'media-types': V3_MEDIA_TYPES,
'status': 'stable',
'updated': UPDATED}
versions = fixture.DiscoveryList()
versions.add_version(V4_VERSION)
self.requests_mock.get(BASE_URL, status_code=300, json=versions)
# Creating Discover not using session is deprecated.
with self.deprecations.expect_deprecations_here():
disc = discover.Discover(auth_url=BASE_URL)
self.assertRaises(exceptions.DiscoveryFailure,
disc.create_client, version=4)
def test_allow_unknown(self):
status = 'abcdef'
version_list = fixture.DiscoveryList(BASE_URL,
v2=False,
v3_status=status)
self.requests_mock.get(BASE_URL, json=version_list)
disc = discover.Discover(self.session, BASE_URL)
versions = disc.version_data()
self.assertEqual(0, len(versions))
versions = disc.version_data(allow_unknown=True)
self.assertEqual(1, len(versions))
self.assertEqual(status, versions[0]['raw_status'])
self.assertEqual(V3_URL, versions[0]['url'])
self.assertEqual((3, 0), versions[0]['version'])
def test_allow_unknown(self):
status = 'abcdef'
version_list = fixture.DiscoveryList(BASE_URL, v2=False,
v3_status=status)
self.requests_mock.get(BASE_URL, json=version_list)
# Creating Discover not using session is deprecated.
with self.deprecations.expect_deprecations_here():
disc = discover.Discover(auth_url=BASE_URL)
versions = disc.version_data()
self.assertEqual(0, len(versions))
versions = disc.version_data(allow_unknown=True)
self.assertEqual(1, len(versions))
self.assertEqual(status, versions[0]['raw_status'])
self.assertEqual(V3_URL, versions[0]['url'])
self.assertEqual((3, 0), versions[0]['version'])
def test_loads_v3_with_user_domain(self):
auth_url = 'http://keystone.test:5000'
disc = fixture.DiscoveryList(href=auth_url)
sess = session.Session()
self.requests_mock.get(auth_url, json=disc)
plugin = generic.Password().load_from_options(
auth_url=auth_url,
user_id=uuid.uuid4().hex,
password=uuid.uuid4().hex,
project_id=uuid.uuid4().hex,
user_domain_id=uuid.uuid4().hex)
inner_plugin = plugin._do_create_plugin(sess)
self.assertIsInstance(inner_plugin, identity.V3Password)
self.assertEqual(inner_plugin.auth_url, auth_url + '/v3')
def test_end_to_end_with_generic_password(self):
# List versions available for auth
self.requests_mock.get(
self.TEST_ROOT_URL,
json=fixture.DiscoveryList(self.TEST_ROOT_URL),
headers={'Content-Type': 'application/json'})
# The IdP should return a ECP wrapped assertion when requested
self.requests_mock.register_uri(
'POST',
self.REQUEST_ECP_URL,
content=six.b(k2k_fixtures.ECP_ENVELOPE),
headers={'Content-Type': 'application/vnd.paos+xml'},
status_code=200)
# The SP should respond with a redirect (302 or 303)
self.requests_mock.register_uri(
'POST',
self.SP_URL,
content=six.b(k2k_fixtures.TOKEN_BASED_ECP),
headers={'Content-Type': 'application/vnd.paos+xml'},
status_code=302)
# Should not follow the redirect URL, but use the auth_url attribute
self.requests_mock.register_uri(
'GET',
self.SP_AUTH_URL,
json=k2k_fixtures.UNSCOPED_TOKEN,
headers={'X-Subject-Token': k2k_fixtures.UNSCOPED_TOKEN_HEADER})
self.stub_url('POST', ['auth', 'tokens'],
headers={'X-Subject-Token': uuid.uuid4().hex},
json=self.token_v3)
plugin = identity.Password(self.TEST_ROOT_URL,
username=self.TEST_USER,
password=self.TEST_PASS,
user_domain_id='default')
k2kplugin = self.get_plugin(base_plugin=plugin)
self.assertEqual(k2k_fixtures.UNSCOPED_TOKEN_HEADER,
k2kplugin.get_token(self.session))
def test_discovering_when_version_missing(self):
# need to construct list this way for relative
disc = fixture.DiscoveryList(v2=False, v3=False)
disc.add_v2('v2.0')
self.stub_url('GET', [], base_url=self.TEST_COMPUTE_ADMIN, json=disc)
a = self.create_auth_plugin()
s = session.Session(auth=a)
endpoint_v2 = s.get_endpoint(service_type='compute',
interface='admin',
version=(2, 0))
endpoint_v3 = s.get_endpoint(service_type='compute',
interface='admin',
version=(3, 0))
self.assertEqual(self.TEST_COMPUTE_ADMIN + '/v2.0', endpoint_v2)
self.assertIsNone(endpoint_v3)
def setUp(self):
super(TestInputs, self).setUp()
disc = fixture.DiscoveryList(href=AUTH_URL, v2=False)
self.service_type = uuid.uuid4().hex
self.service_id = uuid.uuid4().hex
self.service_name = uuid.uuid4().hex
self.user_id = uuid.uuid4().hex
self.username = uuid.uuid4().hex
self.project_id = uuid.uuid4().hex
self.project_name = uuid.uuid4().hex
self.token = fixture.V3Token(user_id=self.user_id,
user_name=self.username,
project_id=self.project_id,
project_name=self.project_name)
self.token.add_role()
self.token.add_role()
self.token_id = uuid.uuid4().hex
service = self.token.add_service(self.service_type,
id=self.service_id,
name=self.service_name)
service.add_standard_endpoints(public=PUBLIC_SERVICE_URL,
admin=ADMIN_SERVICE_URL,
internal=INTERNAL_SERVICE_URL,
region=SERVICE_REGION)
self.requests_mock.get(AUTH_URL, json=disc, status_code=300)
self.auth_mock = self.requests_mock.post(
AUTH_URL + '/v3/auth/tokens',
json=self.token,
headers={'X-Subject-Token': self.token_id})
# don't do any console formatting markup
m = fixtures.MockPatchObject(shell, 'formatter_name', 'text')
self.useFixture(m)
def test_discovering_with_relative_anchored_link(self):
# need to construct list this way for relative
disc = fixture.DiscoveryList(v2=False, v3=False)
disc.add_v2('/v2.0')
disc.add_v3('/v3')
self.stub_url('GET', [], base_url=self.TEST_COMPUTE_ADMIN, json=disc)
a = self.create_auth_plugin()
s = session.Session(auth=a)
endpoint_v2 = s.get_endpoint(service_type='compute',
interface='admin',
version=(2, 0))
endpoint_v3 = s.get_endpoint(service_type='compute',
interface='admin',
version=(3, 0))
# by the nature of urljoin a relative link with a /path gets joined
# back to the root.
self.assertEqual(self.TEST_COMPUTE_BASE + '/v2.0', endpoint_v2)
self.assertEqual(self.TEST_COMPUTE_BASE + '/v3', endpoint_v3)
def test_discovering_with_protocol_relative(self):
# strip up to and including the : leaving //host/path
path = self.TEST_COMPUTE_ADMIN[self.TEST_COMPUTE_ADMIN.find(':') + 1:]
disc = fixture.DiscoveryList(v2=False, v3=False)
disc.add_v2(path + '/v2.0')
disc.add_v3(path + '/v3')
self.stub_url('GET', [], base_url=self.TEST_COMPUTE_ADMIN, json=disc)
a = self.create_auth_plugin()
s = session.Session(auth=a)
endpoint_v2 = s.get_endpoint(service_type='compute',
interface='admin',
version=(2, 0))
endpoint_v3 = s.get_endpoint(service_type='compute',
interface='admin',
version=(3, 0))
# ensures that the http is carried over from the lookup url
self.assertEqual(self.TEST_COMPUTE_ADMIN + '/v2.0', endpoint_v2)
self.assertEqual(self.TEST_COMPUTE_ADMIN + '/v3', endpoint_v3)
def stub_discovery(self, base_url=None, **kwargs):
kwargs.setdefault('href', self.TEST_URL)
disc = fixture.DiscoveryList(**kwargs)
self.stub_url('GET', json=disc, base_url=base_url, status_code=300)
return disc
def test_lesser_version_than_required(self):
versions = fixture.DiscoveryList(BASE_URL, v3_id='v3.4')
self.requests_mock.get(BASE_URL, json=versions)
self.assertVersionNotAvailable(auth_url=BASE_URL, version=(3, 6))
def test_greater_version_than_required(self):
versions = fixture.DiscoveryList(BASE_URL, v3_id='v3.6')
self.requests_mock.get(BASE_URL, json=versions)
self.assertCreatesV3(auth_url=BASE_URL, version=(3, 4))
TEST_RESPONSE_DICT = fixture.V2Token(token_id=AUTH_TOKEN, user_name=USERNAME)
_s = TEST_RESPONSE_DICT.add_service('identity', name='keystone')
_s.add_endpoint(AUTH_URL + ':5000/v2.0')
_s = TEST_RESPONSE_DICT.add_service('network', name='neutron')
_s.add_endpoint(AUTH_URL + ':9696')
_s = TEST_RESPONSE_DICT.add_service('compute', name='nova')
_s.add_endpoint(AUTH_URL + ':8774/v2')
_s = TEST_RESPONSE_DICT.add_service('image', name='glance')
_s.add_endpoint(AUTH_URL + ':9292')
_s = TEST_RESPONSE_DICT.add_service('object', name='swift')
_s.add_endpoint(AUTH_URL + ':8080/v1')
TEST_RESPONSE_DICT_V3 = fixture.V3Token(user_name=USERNAME)
TEST_RESPONSE_DICT_V3.set_project_scope()
TEST_VERSIONS = fixture.DiscoveryList(href=AUTH_URL)
class FakeStdout(object):
def __init__(self):
self.content = []
def write(self, text):
self.content.append(text)
def make_string(self):
result = ''
for line in self.content:
result = result + line
return result
def test_setting_no_discover_hack(self):
v2_disc = fixture.V2Discovery(self.V2_URL)
common_disc = fixture.DiscoveryList(href=self.BASE_URL)
v2_m = self.stub_url('GET', ['v2.0'],
base_url=self.BASE_URL,
status_code=200,
json=v2_disc)
common_m = self.stub_url('GET', [],
base_url=self.BASE_URL,
status_code=300,
json=common_disc)
resp_text = uuid.uuid4().hex
resp_m = self.stub_url('GET', ['v3', 'path'],
base_url=self.BASE_URL,
status_code=200,
text=resp_text)
# it doesn't matter that we auth with v2 here, discovery hack is in
# base. All identity endpoints point to v2 urls.
token = fixture.V2Token()
service = token.add_service(self.IDENTITY)
service.add_endpoint(public=self.V2_URL,
admin=self.V2_URL,
internal=self.V2_URL)
self.stub_url('POST', ['tokens'], base_url=self.V2_URL, json=token)
v2_auth = identity.V2Password(self.V2_URL,
username=uuid.uuid4().hex,
password=uuid.uuid4().hex)
sess = session.Session(auth=v2_auth)
# v2 auth with v2 url doesn't make any discovery calls.
self.assertFalse(v2_m.called)
self.assertFalse(common_m.called)
# v3 endpoint with hack will strip v2 suffix and call root discovery
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
version=(3, 0),
allow_version_hack=True)
# got v3 url
self.assertEqual(self.V3_URL, endpoint)
# only called root discovery.
self.assertFalse(v2_m.called)
self.assertTrue(common_m.called_once)
# with hack turned off it calls v2 discovery and finds nothing
endpoint = sess.get_endpoint(service_type=self.IDENTITY,
version=(3, 0),
allow_version_hack=False)
self.assertIsNone(endpoint)
# this one called v2
self.assertTrue(v2_m.called_once)
self.assertTrue(common_m.called_once)
# get_endpoint returning None raises EndpointNotFound when requesting
self.assertRaises(exceptions.EndpointNotFound,
sess.get,
'/path',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0),
'allow_version_hack': False
})
self.assertFalse(resp_m.called)
# works when allow_version_hack is set
resp = sess.get('/path',
endpoint_filter={
'service_type': 'identity',
'version': (3, 0),
'allow_version_hack': True
})
self.assertTrue(resp_m.called_once)
self.assertEqual(resp_text, resp.text)
