def test_no_keyring_key(self): """Test case when no keyring set. Ensure that if we don't have use_keyring set in the client that the keyring is never accessed. """ # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, project_id=TENANT_ID, auth_url=AUTH_URL) # stub and check that a new token is received method = 'get_raw_token_from_identity_service' with mock.patch.object(cl, method) as meth: meth.return_value = (True, PROJECT_SCOPED_TOKEN) self.assertTrue(cl.authenticate()) self.assertEqual(1, meth.call_count) # make sure that we never touched the keyring self.assertFalse(self.memory_keyring.get_password_called) self.assertFalse(self.memory_keyring.set_password_called)
def test_set_keyring(self): # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, project_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # stub and check that a new token is received method = 'get_raw_token_from_identity_service' with mock.patch.object(cl, method) as meth: meth.return_value = (True, PROJECT_SCOPED_TOKEN) self.assertTrue(cl.authenticate()) self.assertEqual(1, meth.call_count) # we checked the keyring, but we didn't find anything self.assertTrue(self.memory_keyring.get_password_called) self.assertFalse(self.memory_keyring.fetched) # check that the new token has been loaded into the keyring self.assertTrue(self.memory_keyring.set_password_called) new_auth_ref = pickle.loads(self.memory_keyring.password) self.assertEqual(new_auth_ref.auth_token, TOKEN) self.assertEqual(new_auth_ref['token'], PROJECT_SCOPED_TOKEN['access']['token']) self.assertEqual(new_auth_ref.username, USERNAME)
def test_set_and_get_keyring_expired(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # set an expired token into the keyring auth_ref = access.AccessInfo.factory(body=PROJECT_SCOPED_TOKEN) expired = timeutils.utcnow() - datetime.timedelta(minutes=30) auth_ref['token']['expires'] = timeutils.isotime(expired) self.memory_keyring.password = pickle.dumps(auth_ref) # stub and check that a new token is received, so not using expired with mock.patch.object(cl, 'get_raw_token_from_identity_service') \ as meth: meth.return_value = (True, PROJECT_SCOPED_TOKEN) self.assertTrue(cl.authenticate()) meth.assert_called_once() # check that a value was returned from the keyring self.assertTrue(self.memory_keyring.fetched) # check that the new token has been loaded into the keyring new_auth_ref = pickle.loads(self.memory_keyring.password) self.assertEqual(new_auth_ref['token']['expires'], PROJECT_SCOPED_TOKEN['access']['token']['expires'])
def test_set_keyring(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # stub and check that a new token is received with mock.patch.object(cl, 'get_raw_token_from_identity_service') \ as meth: meth.return_value = (True, PROJECT_SCOPED_TOKEN) self.assertTrue(cl.authenticate()) meth.assert_called_once() # we checked the keyring, but we didn't find anything self.assertTrue(self.memory_keyring.get_password_called) self.assertFalse(self.memory_keyring.fetched) # check that the new token has been loaded into the keyring self.assertTrue(self.memory_keyring.set_password_called) new_auth_ref = pickle.loads(self.memory_keyring.password) self.assertEqual(new_auth_ref.auth_token, TOKEN) self.assertEqual(new_auth_ref['token'], PROJECT_SCOPED_TOKEN['access']['token']) self.assertEqual(new_auth_ref.username, USERNAME)
def get_client(): cl = httpclient.HTTPClient(username="******", password="******", project_id="tenant", auth_url="auth_test", cacert="ca.pem", cert=('cert.pem', "key.pem")) return cl
def test_forwarded_for(self): ORIGINAL_IP = "10.100.100.1" cl = httpclient.HTTPClient(username="******", password="******", tenant_id="tenant", auth_url="auth_test", original_ip=ORIGINAL_IP) self.stub_url(httpretty.GET) cl.request(self.TEST_URL, 'GET') self.assertEqual(httpretty.last_request().headers['Forwarded'], "for=%s;by=%s" % (ORIGINAL_IP, httpclient.USER_AGENT))
def test_build_keyring_key(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL) keyring_key = cl._build_keyring_key(auth_url=AUTH_URL, username=USERNAME, tenant_name=TENANT, tenant_id=TENANT_ID, token=TOKEN) self.assertEqual(keyring_key, '%s/%s/%s/%s/%s' % (AUTH_URL, TENANT_ID, TENANT, TOKEN, USERNAME))
def test_forwarded_for(self): ORIGINAL_IP = "10.100.100.1" cl = httpclient.HTTPClient(username="******", password="******", tenant_id="tenant", auth_url="auth_test", original_ip=ORIGINAL_IP) self.stub_url('GET') cl.request(self.TEST_URL, 'GET') forwarded = "for=%s;by=%s" % (ORIGINAL_IP, httpclient.USER_AGENT) self.assertRequestHeaderEqual('Forwarded', forwarded)
def _check_keystone_versions(self, url): """Calls Keystone URL and detects the available API versions.""" try: client = httpclient.HTTPClient() resp, body = client.request(url, "GET", headers={'Accept': 'application/json'}) # Multiple Choices status code is returned by the root # identity endpoint, with references to one or more # Identity API versions -- v3 spec # some cases we get No Content if resp.status_code in (200, 204, 300): try: results = {} if 'version' in body: results['message'] = "Keystone found at %s" % url version = body['version'] # Stable/diablo incorrect format id, status, version_url = \ self._get_version_info(version, url) results[str(id)] = { "id": id, "status": status, "url": version_url } return results elif 'versions' in body: # Correct format results['message'] = "Keystone found at %s" % url for version in body['versions']['values']: id, status, version_url = \ self._get_version_info(version, url) results[str(id)] = { "id": id, "status": status, "url": version_url } return results else: results['message'] = ("Unrecognized response from %s" % url) return results except KeyError: raise exceptions.AuthorizationFailure() elif resp.status_code == 305: return self._check_keystone_versions(resp['location']) else: raise exceptions.from_response(resp, "GET", url) except Exception as e: _logger.exception(e)
def test_build_keyring_key(self): # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, project_id=TENANT_ID, auth_url=AUTH_URL) keyring_key = cl._build_keyring_key(auth_url=AUTH_URL, username=USERNAME, tenant_name=TENANT, tenant_id=TENANT_ID, token=TOKEN) self.assertEqual(keyring_key, '%s/%s/%s/%s/%s' % (AUTH_URL, TENANT_ID, TENANT, TOKEN, USERNAME))
def test_forwarded_for(self): ORIGINAL_IP = "10.100.100.1" cl = httpclient.HTTPClient(username="******", password="******", tenant_id="tenant", auth_url="auth_test", original_ip=ORIGINAL_IP) with mock.patch.object(requests, "request", MOCK_REQUEST): res = cl.request('/', 'GET') args, kwargs = MOCK_REQUEST.call_args self.assertIn(('Forwarded', "for=%s;by=%s" % (ORIGINAL_IP, httpclient.USER_AGENT)), kwargs['headers'].items())
def test_get_keyring(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) # set an token into the keyring auth_ref = access.AccessInfo.factory(body=PROJECT_SCOPED_TOKEN) future = timeutils.utcnow() + datetime.timedelta(minutes=30) auth_ref['token']['expires'] = timeutils.isotime(future) self.memory_keyring.password = pickle.dumps(auth_ref) # don't stub get_raw_token so will fail if authenticate happens self.assertTrue(cl.authenticate()) self.assertTrue(self.memory_keyring.fetched)
def test_forwarded_for(self): ORIGINAL_IP = "10.100.100.1" # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): cl = httpclient.HTTPClient(username="******", password="******", project_id="tenant", auth_url="auth_test", original_ip=ORIGINAL_IP) self.stub_url('GET') with self.deprecations.expect_deprecations_here(): cl.request(self.TEST_URL, 'GET') forwarded = "for=%s;by=%s" % (ORIGINAL_IP, httpclient.USER_AGENT) self.assertRequestHeaderEqual('Forwarded', forwarded)
def test_no_keyring_key(self): """Ensure that we get no value back if we don't have use_keyring set in the client. """ cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL) (keyring_key, auth_ref) = cl.get_auth_ref_from_keyring(auth_url=AUTH_URL, username=USERNAME, tenant_name=TENANT, tenant_id=TENANT_ID, token=TOKEN) self.assertIsNone(keyring_key) self.assertIsNone(auth_ref)
def test_post_auth(self, MOCK_REQUEST): MOCK_REQUEST.return_value = FAKE_RESPONSE cl = httpclient.HTTPClient( username="******", password="******", tenant_id="tenant", auth_url="auth_test", cacert="ca.pem", key="key.pem", cert="cert.pem") cl.management_url = "https://127.0.0.1:5000" cl.auth_token = "token" cl.post("/hi", body=[1, 2, 3]) # this may become too tightly couple later mock_args, mock_kwargs = MOCK_REQUEST.call_args self.assertEqual(mock_args[0], 'POST') self.assertEqual(mock_args[1], REQUEST_URL) self.assertEqual(mock_kwargs['data'], '[1, 2, 3]') self.assertEqual(mock_kwargs['headers']['X-Auth-Token'], 'token') self.assertEqual(mock_kwargs['cert'], ('cert.pem', 'key.pem')) self.assertEqual(mock_kwargs['verify'], 'ca.pem')
def _check_keystone_extensions(self, url): """Calls Keystone URL and detects the available extensions.""" try: client = httpclient.HTTPClient() if not url.endswith("/"): url += '/' resp, body = client.request("%sextensions" % url, "GET", headers={'Accept': 'application/json'}) if resp.status_code in (200, 204): # some cases we get No Content try: results = {} if 'extensions' in body: if 'values' in body['extensions']: # Parse correct format (per contract) for extension in body['extensions']['values']: alias, name = \ self._get_extension_info( extension['extension'] ) results[alias] = name return results else: # Support incorrect, but prevalent format for extension in body['extensions']: alias, name = \ self._get_extension_info(extension) results[alias] = name return results else: results['message'] = ("Unrecognized extensions " "response from %s" % url) return results except KeyError: raise exceptions.AuthorizationFailure() elif resp.status_code == 305: return self._check_keystone_extensions(resp['location']) else: raise exceptions.from_response(resp, "GET", "%sextensions" % url) except Exception as e: _logger.exception(e)
def test_no_keyring_key(self): """Ensure that if we don't have use_keyring set in the client that the keyring is never accessed. """ cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL) # stub and check that a new token is received with mock.patch.object(cl, 'get_raw_token_from_identity_service') \ as meth: meth.return_value = (True, PROJECT_SCOPED_TOKEN) self.assertTrue(cl.authenticate()) meth.assert_called_once() # make sure that we never touched the keyring self.assertFalse(self.memory_keyring.get_password_called) self.assertFalse(self.memory_keyring.set_password_called)
def test_post_auth(self): with mock.patch.object(requests, "request", MOCK_REQUEST): cl = httpclient.HTTPClient( username="******", password="******", tenant_id="tenant", auth_url="auth_test", cacert="ca.pem", key="key.pem", cert="cert.pem") cl.management_url = "https://127.0.0.1:5000" cl.auth_token = "token" cl.post("/hi", body=[1, 2, 3]) headers = { "X-Auth-Token": "token", "Content-Type": "application/json", "User-Agent": httpclient.USER_AGENT } kwargs = copy.copy(self.TEST_REQUEST_BASE) kwargs['cert'] = ('cert.pem', 'key.pem') kwargs['verify'] = 'ca.pem' MOCK_REQUEST.assert_called_with( "POST", "https://127.0.0.1:5000/hi", headers=headers, data='[1, 2, 3]', **kwargs)
def test_set_and_get_keyring_expired(self): cl = httpclient.HTTPClient(username=USERNAME, password=PASSWORD, tenant_id=TENANT_ID, auth_url=AUTH_URL, use_keyring=True) keyring_key = cl._build_keyring_key(auth_url=AUTH_URL, username=USERNAME, tenant_name=TENANT, tenant_id=TENANT_ID, token=TOKEN) cl.auth_ref = access.AccessInfo.factory(body=PROJECT_SCOPED_TOKEN) expired = timeutils.utcnow() - datetime.timedelta(minutes=30) cl.auth_ref['token']['expires'] = timeutils.isotime(expired) cl.store_auth_ref_into_keyring(keyring_key) (keyring_key, auth_ref) = cl.get_auth_ref_from_keyring(auth_url=AUTH_URL, username=USERNAME, tenant_name=TENANT, tenant_id=TENANT_ID, token=TOKEN) self.assertIsNone(auth_ref)
def get_client(): cl = httpclient.HTTPClient(username="******", password="******", tenant_id="tenant", auth_url="auth_test") return cl