def test_auth_ref_load_with_overridden_arguments(self): new_auth_url = 'https://newkeystone.com/v3' user_id = uuid.uuid4().hex user_name = uuid.uuid4().hex project_id = uuid.uuid4().hex first = client_fixtures.project_scoped_token(user_id=user_id, user_name=user_name, project_id=project_id) second = client_fixtures.project_scoped_token(user_id=user_id, user_name=user_name, project_id=project_id) self.stub_auth(json=first) self.stub_auth(json=second, base_url=new_auth_url) # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): c = client.Client(user_id=user_id, password='******', project_id=project_id, auth_url=self.TEST_URL) cache = json.dumps(c.auth_ref) # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): new_client = client.Client(auth_ref=json.loads(cache), auth_url=new_auth_url) self.assertIsNotNone(new_client.auth_ref) self.assertFalse(new_client.auth_ref.domain_scoped) self.assertTrue(new_client.auth_ref.project_scoped) self.assertEqual(new_auth_url, new_client.auth_url) self.assertEqual(user_name, new_client.username) self.assertIsNone(new_client.password) self.assertEqual(new_client.management_url, 'http://admin:35357/v3')
def test_oauth_authenticate_scoped_success(self): access_token = uuid.uuid4().hex # Just use an existing project scoped token and change # the methods to oauth2, and add its section. oauth_token = client_fixtures.project_scoped_token() oauth_token['methods'] = ["oauth2"] oauth_token['oauth2'] = {"access_token_id": access_token} self.stub_auth(json=oauth_token) a = auth.OAuth2(self.TEST_URL, access_token=access_token) s = session.Session(auth=a) t = s.get_token() self.assertEqual(self.TEST_TOKEN, t) OAUTH2_REQUEST_BODY = { "auth": { "identity": { "methods": ["oauth2"], "oauth2": { "access_token_id": access_token } } } } self.assertRequestBodyIs(json=OAUTH2_REQUEST_BODY)
def test_oauth_authenticate_scoped_success(self): access_token = uuid.uuid4().hex # Just use an existing project scoped token and change # the methods to oauth2, and add its section. oauth_token = client_fixtures.project_scoped_token() oauth_token['methods'] = ["oauth2"] oauth_token['oauth2'] = { "access_token_id": access_token } self.stub_auth(json=oauth_token) a = auth.OAuth2(self.TEST_URL, access_token=access_token) s = session.Session(auth=a) t = s.get_token() self.assertEqual(self.TEST_TOKEN, t) OAUTH2_REQUEST_BODY = { "auth": { "identity": { "methods": ["oauth2"], "oauth2": { "access_token_id": access_token } } } } self.assertRequestBodyIs(json=OAUTH2_REQUEST_BODY)
def test_auth_ref_load_with_overridden_arguments(self): new_auth_url = 'https://newkeystone.com/v3' self.stub_auth(json=client_fixtures.project_scoped_token()) self.stub_auth(json=client_fixtures.project_scoped_token(), base_url=new_auth_url) c = client.Client(user_id='c4da488862bd435c9e6c0275a0d0e49a', password='******', project_id='225da22d3ce34b15877ea70b2a575f58', auth_url=self.TEST_URL) cache = json.dumps(c.auth_ref) new_client = client.Client(auth_ref=json.loads(cache), auth_url=new_auth_url) self.assertIsNotNone(new_client.auth_ref) self.assertFalse(new_client.auth_ref.domain_scoped) self.assertTrue(new_client.auth_ref.project_scoped) self.assertEqual(new_client.auth_url, new_auth_url) self.assertEqual(new_client.username, 'exampleuser') self.assertIsNone(new_client.password) self.assertEqual(new_client.management_url, 'http://admin:35357/v3')
def test_project_scoped_init(self): self.stub_auth(json=client_fixtures.project_scoped_token()), c = client.Client(user_id='c4da488862bd435c9e6c0275a0d0e49a', password='******', user_domain_name='exampledomain', project_name='exampleproject', auth_url=self.TEST_URL) self.assertIsNotNone(c.auth_ref) self.assertFalse(c.auth_ref.domain_scoped) self.assertTrue(c.auth_ref.project_scoped) self.assertEqual(c.auth_user_id, 'c4da488862bd435c9e6c0275a0d0e49a') self.assertEqual(c.auth_tenant_id, '225da22d3ce34b15877ea70b2a575f58') self.assertEqual('c4da488862bd435c9e6c0275a0d0e49a', c.get_user_id(session=None)) self.assertEqual('225da22d3ce34b15877ea70b2a575f58', c.get_project_id(session=None))
def test_oauth_authenticate_success(self): consumer_key = uuid.uuid4().hex consumer_secret = uuid.uuid4().hex access_key = uuid.uuid4().hex access_secret = uuid.uuid4().hex # Just use an existing project scoped token and change # the methods to oauth1, and add an OS-OAUTH1 section. oauth_token = client_fixtures.project_scoped_token() oauth_token['methods'] = ["oauth1"] oauth_token['OS-OAUTH1'] = { "consumer_id": consumer_key, "access_token_id": access_key } self.stub_auth(json=oauth_token) with self.deprecations.expect_deprecations_here(): a = auth.OAuth(self.TEST_URL, consumer_key=consumer_key, consumer_secret=consumer_secret, access_key=access_key, access_secret=access_secret) s = session.Session(auth=a) t = s.get_token() self.assertEqual(self.TEST_TOKEN, t) OAUTH_REQUEST_BODY = { "auth": { "identity": { "methods": ["oauth1"], "oauth1": {} } } } self.assertRequestBodyIs(json=OAUTH_REQUEST_BODY) # Assert that the headers have the same oauthlib data req_headers = self.requests_mock.last_request.headers oauth_client = oauth1.Client(consumer_key, client_secret=consumer_secret, resource_owner_key=access_key, resource_owner_secret=access_secret, signature_method=oauth1.SIGNATURE_HMAC) self._validate_oauth_headers(req_headers['Authorization'], oauth_client)
def test_project_scoped_init(self): token = client_fixtures.project_scoped_token() self.stub_auth(json=token), # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): c = client.Client(user_id=token.user_id, password='******', user_domain_name=token.user_domain_name, project_name=token.project_name, auth_url=self.TEST_URL) self.assertIsNotNone(c.auth_ref) self.assertFalse(c.auth_ref.domain_scoped) self.assertTrue(c.auth_ref.project_scoped) self.assertEqual(token.user_id, c.auth_user_id) self.assertEqual(token.project_id, c.auth_tenant_id) self.assertEqual(token.user_id, c.get_user_id(session=None)) self.assertEqual(token.project_id, c.get_project_id(session=None))
def test_oauth_authenticate_success(self): consumer_key = uuid.uuid4().hex consumer_secret = uuid.uuid4().hex access_key = uuid.uuid4().hex access_secret = uuid.uuid4().hex # Just use an existing project scoped token and change # the methods to oauth1, and add an OS-OAUTH1 section. oauth_token = client_fixtures.project_scoped_token() oauth_token['methods'] = ["oauth1"] oauth_token['OS-OAUTH1'] = {"consumer_id": consumer_key, "access_token_id": access_key} self.stub_auth(json=oauth_token) a = auth.OAuth(self.TEST_URL, consumer_key=consumer_key, consumer_secret=consumer_secret, access_key=access_key, access_secret=access_secret) s = session.Session(auth=a) with self.deprecations.expect_deprecations_here(): t = s.get_token() self.assertEqual(self.TEST_TOKEN, t) OAUTH_REQUEST_BODY = { "auth": { "identity": { "methods": ["oauth1"], "oauth1": {} } } } self.assertRequestBodyIs(json=OAUTH_REQUEST_BODY) # Assert that the headers have the same oauthlib data req_headers = self.requests_mock.last_request.headers oauth_client = oauth1.Client(consumer_key, client_secret=consumer_secret, resource_owner_key=access_key, resource_owner_secret=access_secret, signature_method=oauth1.SIGNATURE_HMAC) self._validate_oauth_headers(req_headers['Authorization'], oauth_client)
def test_auth_ref_load(self): token = client_fixtures.project_scoped_token() self.stub_auth(json=token) # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): c = client.Client(user_id=token.user_id, password='******', project_id=token.project_id, auth_url=self.TEST_URL) cache = jsonutils.dumps(c.auth_ref) # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): new_client = client.Client(auth_ref=jsonutils.loads(cache)) self.assertIsNotNone(new_client.auth_ref) self.assertFalse(new_client.auth_ref.domain_scoped) self.assertTrue(new_client.auth_ref.project_scoped) self.assertEqual(token.user_name, new_client.username) self.assertIsNone(new_client.password) self.assertEqual(new_client.management_url, 'http://admin:35357/v3')
def setUp(self): super(ScopeFederationTokenTests, self).setUp() self.PROJECT_SCOPED_TOKEN_JSON = client_fixtures.project_scoped_token() self.PROJECT_SCOPED_TOKEN_JSON["methods"] = ["saml2"] # for better readability self.TEST_TENANT_ID = self.PROJECT_SCOPED_TOKEN_JSON.project_id self.TEST_TENANT_NAME = self.PROJECT_SCOPED_TOKEN_JSON.project_name self.DOMAIN_SCOPED_TOKEN_JSON = client_fixtures.domain_scoped_token() self.DOMAIN_SCOPED_TOKEN_JSON["methods"] = ["saml2"] # for better readability self.TEST_DOMAIN_ID = self.DOMAIN_SCOPED_TOKEN_JSON.domain_id self.TEST_DOMAIN_NAME = self.DOMAIN_SCOPED_TOKEN_JSON.domain_name self.saml2_scope_plugin = saml2.Saml2ScopedToken( self.TEST_URL, saml2_fixtures.UNSCOPED_TOKEN_HEADER, project_id=self.TEST_TENANT_ID )
def test_service_catalog_without_name(self): pr_auth_ref = access.AccessInfo.factory( resp=None, body=client_fixtures.project_scoped_token()) pr_sc = pr_auth_ref.service_catalog # this will work because there are no service names on that token url_ref = 'http://public.com:8774/v2/225da22d3ce34b15877ea70b2a575f58' url = pr_sc.url_for(service_type='compute', service_name='NotExist', endpoint_type='public') self.assertEqual(url_ref, url) ab_auth_ref = access.AccessInfo.factory(resp=None, body=self.AUTH_RESPONSE_BODY) ab_sc = ab_auth_ref.service_catalog # this won't work because there is a name and it's not this one self.assertRaises(exceptions.EndpointNotFound, ab_sc.url_for, service_type='compute', service_name='NotExist', endpoint_type='public')
def setUp(self): super(ScopeFederationTokenTests, self).setUp() self.PROJECT_SCOPED_TOKEN_JSON = client_fixtures.project_scoped_token() self.PROJECT_SCOPED_TOKEN_JSON['methods'] = ['saml2'] # for better readability self.TEST_TENANT_ID = self.PROJECT_SCOPED_TOKEN_JSON.project_id self.TEST_TENANT_NAME = self.PROJECT_SCOPED_TOKEN_JSON.project_name self.DOMAIN_SCOPED_TOKEN_JSON = client_fixtures.domain_scoped_token() self.DOMAIN_SCOPED_TOKEN_JSON['methods'] = ['saml2'] # for better readability self.TEST_DOMAIN_ID = self.DOMAIN_SCOPED_TOKEN_JSON.domain_id self.TEST_DOMAIN_NAME = self.DOMAIN_SCOPED_TOKEN_JSON.domain_name self.saml2_scope_plugin = saml2.Saml2ScopedToken( self.TEST_URL, saml2_fixtures.UNSCOPED_TOKEN_HEADER, project_id=self.TEST_TENANT_ID)
def test_two_factor_authenticate_scoped_success(self): verification_code = uuid.uuid4().hex password = uuid.uuid4().hex user_id = uuid.uuid4().hex # Just use an existing project scoped token and change # the methods to password, and add its section. token = client_fixtures.project_scoped_token() token['methods'] = ["password"] token['password'] = { "verification_code": verification_code, 'password': password } self.stub_auth(json=token) a = auth.TwoFactor( self.TEST_URL, verification_code=verification_code, password=password, user_id=user_id) s = session.Session(auth=a) t = s.get_token() self.assertEqual(self.TEST_TOKEN, t) TWO_FACTOR_REQUEST_BODY = { "auth": { "identity": { "methods": ["password"], "password": { 'user': { 'verification_code': verification_code, 'password': password, 'id': user_id } } } } } self.assertRequestBodyIs(json=TWO_FACTOR_REQUEST_BODY)
def test_auth_ref_load(self): token = client_fixtures.project_scoped_token() self.stub_auth(json=token) # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): c = client.Client(user_id=token.user_id, password='******', project_id=token.project_id, auth_url=self.TEST_URL) cache = json.dumps(c.auth_ref) # Creating a HTTPClient not using session is deprecated. with self.deprecations.expect_deprecations_here(): new_client = client.Client(auth_ref=json.loads(cache)) self.assertIsNotNone(new_client.auth_ref) self.assertFalse(new_client.auth_ref.domain_scoped) self.assertTrue(new_client.auth_ref.project_scoped) self.assertEqual(token.user_name, new_client.username) self.assertIsNone(new_client.password) self.assertEqual(new_client.management_url, 'http://admin:35357/v3')
import uuid from oslo_utils import timeutils from keystoneclient import access from keystoneclient import fixture from keystoneclient.tests.unit.v3 import client_fixtures from keystoneclient.tests.unit.v3 import utils TOKEN_RESPONSE = utils.TestResponse({ "headers": client_fixtures.AUTH_RESPONSE_HEADERS }) UNSCOPED_TOKEN = client_fixtures.unscoped_token() DOMAIN_SCOPED_TOKEN = client_fixtures.domain_scoped_token() PROJECT_SCOPED_TOKEN = client_fixtures.project_scoped_token() class AccessInfoTest(utils.TestCase): def test_building_unscoped_accessinfo(self): auth_ref = access.AccessInfo.factory(resp=TOKEN_RESPONSE, body=UNSCOPED_TOKEN) self.assertTrue(auth_ref) self.assertIn('methods', auth_ref) self.assertNotIn('catalog', auth_ref) self.assertEqual(auth_ref.auth_token, '3e2813b7ba0b4006840c3825860b86ed') self.assertEqual(auth_ref.username, 'exampleuser') self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
def test_management_url_is_updated_with_project(self): self._management_url_is_updated(client_fixtures.project_scoped_token(), project_name='exampleproject')
import datetime import uuid from oslo_utils import timeutils from keystoneclient import access from keystoneclient import fixture from keystoneclient.tests.unit.v3 import client_fixtures from keystoneclient.tests.unit.v3 import utils TOKEN_RESPONSE = utils.TestResponse( {"headers": client_fixtures.AUTH_RESPONSE_HEADERS}) UNSCOPED_TOKEN = client_fixtures.unscoped_token() DOMAIN_SCOPED_TOKEN = client_fixtures.domain_scoped_token() PROJECT_SCOPED_TOKEN = client_fixtures.project_scoped_token() class AccessInfoTest(utils.TestCase): def test_building_unscoped_accessinfo(self): auth_ref = access.AccessInfo.factory(resp=TOKEN_RESPONSE, body=UNSCOPED_TOKEN) self.assertTrue(auth_ref) self.assertIn('methods', auth_ref) self.assertNotIn('catalog', auth_ref) self.assertEqual(auth_ref.auth_token, '3e2813b7ba0b4006840c3825860b86ed') self.assertEqual(auth_ref.username, 'exampleuser') self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')