def test_keystone_get_session(self, auth_url):
credential = objects.Credential(auth_url, "user", "pass", "tenant")
self.set_up_keystone_mocks()
keystone = osclients.Keystone(credential, {}, {})
version_data = mock.Mock(return_value=[{"version": (1, 0)}])
self.ksa_auth.discover.Discover.return_value = (mock.Mock(
version_data=version_data))
self.assertEqual(
(self.ksa_session.Session.return_value, self.ksa_identity_plugin),
keystone.get_session())
if auth_url.endswith("v2.0"):
self.ksa_password.assert_called_once_with(auth_url=auth_url,
password="******",
tenant_name="tenant",
username="******")
else:
self.ksa_password.assert_called_once_with(auth_url=auth_url,
password="******",
tenant_name="tenant",
username="******",
domain_name=None,
project_domain_name=None,
user_domain_name=None)
self.ksa_session.Session.assert_has_calls([
mock.call(timeout=180.0, verify=True),
mock.call(auth=self.ksa_identity_plugin,
timeout=180.0,
verify=True)
])
def test__configure_identity(self, auth_url, data, ex_uri, ex_uri_v3,
ex_auth_version):
self.tempest.conf.add_section("identity")
self.tempest.credential.auth_url = auth_url
process_url = osclients.Keystone(self.tempest.credential, 0,
0)._remove_url_version
self.tempest.clients.keystone._remove_url_version = process_url
from keystoneauth1 import discover
from keystoneauth1 import session
with mock.patch.object(discover, "Discover") as mock_discover:
with mock.patch.object(session, "Session") as mock_session:
mock_discover.return_value.version_data.return_value = data
self.tempest._configure_identity()
mock_discover.assert_called_once_with(
mock_session.return_value, auth_url)
expected = {
"region": CRED["region_name"],
"auth_version": ex_auth_version,
"uri": ex_uri,
"uri_v3": ex_uri_v3,
"disable_ssl_certificate_validation": str(CRED["https_insecure"]),
"ca_certificates_file": CRED["https_cacert"]
}
self.assertEqual(expected, dict(self.tempest.conf.items("identity")))
def test_create_client(self):
# NOTE(bigjools): This is a very poor testing strategy as it
# tightly couples the test implementation to the tested
# function's implementation. Ideally, we'd use a fake keystone
# but all that's happening here is that it's checking the right
# parameters were passed to the various parts that create a
# client. Hopefully one day we'll get a real fake from the
# keystone guys.
self.set_up_keystone_mocks()
keystone = osclients.Keystone(self.credential, {}, mock.MagicMock())
keystone.get_session = mock.Mock(return_value=(
self.ksa_session,
self.ksa_identity_plugin,
))
client = keystone.create_client(version=3)
kwargs_session = self.credential.to_dict()
kwargs_session.update({
"auth_url": "http://auth_url/",
"session": self.ksa_session,
"timeout": 180.0
})
keystone.get_session.assert_called_once_with(version="3")
self.ksc_client.Client.assert_called_once_with(
session=self.ksa_session, timeout=180.0, version="3")
self.assertIs(client, self.ksc_client.Client())
def test_client_is_pre_authed(self):
# The client needs to be pre-authed so that service_catalog
# works. This is because when using sessions, lazy auth is done
# in keystoneclient.
self.set_up_keystone_mocks()
_, all_kwargs = self.make_auth_args()
keystone = osclients.Keystone(
mock.MagicMock(), mock.sentinel, mock.sentinel)
client = keystone._create_keystone_client(all_kwargs)
auth_ref = getattr(client, "auth_ref", None)
self.assertIsNot(auth_ref, None)
def test_auth_ref_fails(self, mock_get_access):
mock_get_access.side_effect = Exception
keystone = osclients.Keystone(self.credential, {}, {})
try:
keystone.auth_ref
except exceptions.AuthenticationFailed:
pass
else:
self.fail("keystone.auth_ref didn't raise"
" exceptions.AuthenticationFailed")
def test_auth_ref(self, mock_keystone_get_session):
session = mock.MagicMock()
auth_plugin = mock.MagicMock()
mock_keystone_get_session.return_value = (session, auth_plugin)
cache = {}
keystone = osclients.Keystone(None, None, cache)
self.assertEqual(auth_plugin.get_access.return_value,
keystone.auth_ref)
self.assertEqual(auth_plugin.get_access.return_value,
cache["keystone_auth_ref"])
# check that auth_ref was cached.
keystone.auth_ref
mock_keystone_get_session.assert_called_once_with()
def test_create_client_removes_url_path_if_version_specified(self):
# If specifying a version on the client creation call, ensure
# the auth_url is versionless and the version required is passed
# into the Client() call.
self.set_up_keystone_mocks()
auth_kwargs, all_kwargs = self.make_auth_args()
credential = objects.Credential("http://auth_url/v2.0", "user", "pass",
"tenant")
keystone = osclients.Keystone(credential, {}, mock.MagicMock())
client = keystone.create_client(version="3")
self.assertIs(client, self.ksc_client.Client())
called_with = self.ksc_client.Client.call_args_list[0][1]
self.expectThat(called_with["auth_url"],
matchers.Equals("http://auth_url/"))
self.expectThat(called_with["version"], matchers.Equals("3"))
def test_auth_ref_debug(self, mock_get_access, mock_is_debug,
mock_log_exception):
mock_is_debug.return_value = True
mock_get_access.side_effect = Exception
keystone = osclients.Keystone(self.credential, {}, {})
try:
keystone.auth_ref
except exceptions.AuthenticationFailed:
pass
else:
self.fail("keystone.auth_ref didn't raise"
" exceptions.AuthenticationFailed")
mock_log_exception.assert_called_once_with(mock.ANY)
mock_is_debug.assert_called_once_with()
def test_create_client_removes_url_path_if_version_specified(self):
# If specifying a version on the client creation call, ensure
# the auth_url is versionless and the version required is passed
# into the Client() call.
self.set_up_keystone_mocks()
auth_kwargs, all_kwargs = self.make_auth_args()
keystone = osclients.Keystone(
self.credential, {}, mock.MagicMock())
keystone.get_session = mock.Mock(
return_value=(self.ksa_session, self.ksa_identity_plugin,))
client = keystone.create_client(version="3")
self.assertIs(client, self.ksc_client.Client())
called_with = self.ksc_client.Client.call_args_list[0][1]
self.assertEqual(
{"session": self.ksa_session, "timeout": 180.0, "version": "3"},
called_with)
def test_create_keystone_client(self):
# NOTE(bigjools): This is a very poor testing strategy as it
# tightly couples the test implementation to the tested
# function's implementation. Ideally, we'd use a fake keystone
# but all that's happening here is that it's checking the right
# parameters were passed to the various parts that create a
# client. Hopefully one day we'll get a real fake from the
# keystone guys.
self.set_up_keystone_mocks()
auth_kwargs, all_kwargs = self.make_auth_args()
keystone = osclients.Keystone(
mock.MagicMock(), mock.sentinel, mock.sentinel)
client = keystone._create_keystone_client(all_kwargs)
self.ksc_password.assert_called_once_with(**auth_kwargs)
self.ksc_session.Session.assert_called_once_with(
auth=self.ksc_identity.Password(), timeout=mock.ANY,
verify=mock.ANY)
self.ksc_client.Client.assert_called_once_with(**all_kwargs)
self.assertIs(client, self.ksc_client.Client())
def test_create_keystone_client_with_v2_version_omits_domain(self):
self.set_up_keystone_mocks()
auth_kwargs, all_kwargs = self.make_auth_args()
all_kwargs["auth_url"] = "http://auth_url/"
auth_kwargs["auth_url"] = all_kwargs["auth_url"]
keystone = osclients.Keystone(mock.MagicMock(), mock.sentinel,
mock.sentinel)
client = keystone._create_keystone_client(all_kwargs, version="2")
auth_kwargs.pop("user_domain_name")
auth_kwargs.pop("project_domain_name")
auth_kwargs.pop("domain_name")
self.ksc_password.assert_called_once_with(**auth_kwargs)
self.ksc_session.Session.assert_called_once_with(
auth=self.ksc_identity.Password(),
timeout=mock.ANY,
verify=mock.ANY)
self.ksc_client.Client.assert_called_once_with(version="2",
**all_kwargs)
self.assertIs(client, self.ksc_client.Client())
def test_create_keystone_client_with_v2_url_omits_domain(self):
# NOTE(bigjools): Test that domain-related info is not present
# when forcing a v2 URL, because it breaks keystoneclient's
# service discovery.
self.set_up_keystone_mocks()
auth_kwargs, all_kwargs = self.make_auth_args()
all_kwargs["auth_url"] = "http://auth_url/v2.0"
auth_kwargs["auth_url"] = all_kwargs["auth_url"]
keystone = osclients.Keystone(
mock.MagicMock(), mock.sentinel, mock.sentinel)
client = keystone._create_keystone_client(all_kwargs)
auth_kwargs.pop("user_domain_name")
auth_kwargs.pop("project_domain_name")
auth_kwargs.pop("domain_name")
self.ksc_password.assert_called_once_with(**auth_kwargs)
self.ksc_session.Session.assert_called_once_with(
auth=self.ksc_identity.Password(), timeout=mock.ANY,
verify=mock.ANY)
self.ksc_client.Client.assert_called_once_with(**all_kwargs)
self.assertIs(client, self.ksc_client.Client())
def test_create_client(self):
# NOTE(bigjools): This is a very poor testing strategy as it
# tightly couples the test implementation to the tested
# function's implementation. Ideally, we'd use a fake keystone
# but all that's happening here is that it's checking the right
# parameters were passed to the various parts that create a
# client. Hopefully one day we'll get a real fake from the
# keystone guys.
self.set_up_keystone_mocks()
keystone = osclients.Keystone(self.credential, {}, mock.MagicMock())
keystone._get_session = mock.Mock(return_value=(
self.ksa_session,
self.ksc_identity_plugin,
))
self.ksc_identity_plugin.get_access = mock.Mock(
return_value="fake_auth_ref")
client = keystone.create_client(version=3)
kwargs_session = self.credential.to_dict()
kwargs_session.update({
"auth_url": "http://auth_url/",
"session": self.ksa_session,
"timeout": 180.0
})
keystone._get_session.assert_called_once_with(
auth_url="http://auth_url/", version="3")
self.ksc_identity_plugin.get_access.assert_called_once_with(
self.ksa_session)
self.ksc_client.Client.assert_called_once_with(
session=self.ksa_session, timeout=180.0, version="3")
self.assertIs(client, self.ksc_client.Client())
self.assertEqual("fake_auth_ref", self.ksc_client.Client().auth_ref)
# The client needs to be pre-authed so that service_catalog
# works. This is because when using sessions, lazy auth is done
# in keystoneclient.
auth_ref = getattr(client, "auth_ref", None)
self.assertIsNot(auth_ref, None)
def test_keystone_property(self):
keystone = osclients.Keystone(None, None, None)
self.assertRaises(exceptions.RallyException, lambda: keystone.keystone)
def test__remove_url_version(self, original, cropped):
credential = oscredential.OpenStackCredential(original, "user", "pass",
"tenant")
keystone = osclients.Keystone(credential, {}, {})
self.assertEqual(cropped, keystone._remove_url_version())
