Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 3e82af7f6cf565c80fbb8f0c7e614a6dc20c16f2 / . / tempest / tests / lib / test_auth.py
blob: c2531876d2c02ff31427f47e10fb90e64d22f75c [file] [log] [blame]
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]1# Copyright 2014 IBM Corp.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16import copy
17import datetime
Andrea Frittoli (andreaf)3e82af72016-05-05 22:53:38 +0100[diff] [blame^]18import testtools
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]19
20from oslotest import mockpatch
21
22from tempest.lib import auth
23from tempest.lib import exceptions
24from tempest.lib.services.identity.v2 import token_client as v2_client
25from tempest.lib.services.identity.v3 import token_client as v3_client
Matthew Treinishffad78a2016-04-16 14:39:52 -0400[diff] [blame]26from tempest.tests import base
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]27from tempest.tests.lib import fake_credentials
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]28from tempest.tests.lib import fake_identity
29
30
31def fake_get_credentials(fill_in=True, identity_version='v2', **kwargs):
32 return fake_credentials.FakeCredentials()
33
34
35class BaseAuthTestsSetUp(base.TestCase):
36 _auth_provider_class = None
37 credentials = fake_credentials.FakeCredentials()
38
39 def _auth(self, credentials, auth_url, **params):
40 """returns auth method according to keystone"""
41 return self._auth_provider_class(credentials, auth_url, **params)
42
43 def setUp(self):
44 super(BaseAuthTestsSetUp, self).setUp()
Jordan Pittier0021c292016-03-29 21:33:34 +0200[diff] [blame]45 self.patchobject(auth, 'get_credentials', fake_get_credentials)
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]46 self.auth_provider = self._auth(self.credentials,
47 fake_identity.FAKE_AUTH_URL)
48
49
50class TestBaseAuthProvider(BaseAuthTestsSetUp):
51 """Tests for base AuthProvider
52
53 This tests auth.AuthProvider class which is base for the other so we
54 obviously don't test not implemented method or the ones which strongly
55 depends on them.
56 """
57
58 class FakeAuthProviderImpl(auth.AuthProvider):
59 def _decorate_request(self):
60 pass
61
62 def _fill_credentials(self):
63 pass
64
65 def _get_auth(self):
66 pass
67
68 def base_url(self):
69 pass
70
71 def is_expired(self):
72 pass
73
74 _auth_provider_class = FakeAuthProviderImpl
75
76 def _auth(self, credentials, auth_url, **params):
77 """returns auth method according to keystone"""
78 return self._auth_provider_class(credentials, **params)
79
80 def test_check_credentials_bad_type(self):
81 self.assertFalse(self.auth_provider.check_credentials([]))
82
83 def test_auth_data_property_when_cache_exists(self):
84 self.auth_provider.cache = 'foo'
85 self.useFixture(mockpatch.PatchObject(self.auth_provider,
86 'is_expired',
87 return_value=False))
88 self.assertEqual('foo', getattr(self.auth_provider, 'auth_data'))
89
90 def test_delete_auth_data_property_through_deleter(self):
91 self.auth_provider.cache = 'foo'
92 del self.auth_provider.auth_data
93 self.assertIsNone(self.auth_provider.cache)
94
95 def test_delete_auth_data_property_through_clear_auth(self):
96 self.auth_provider.cache = 'foo'
97 self.auth_provider.clear_auth()
98 self.assertIsNone(self.auth_provider.cache)
99
100 def test_set_and_reset_alt_auth_data(self):
101 self.auth_provider.set_alt_auth_data('foo', 'bar')
102 self.assertEqual(self.auth_provider.alt_part, 'foo')
103 self.assertEqual(self.auth_provider.alt_auth_data, 'bar')
104
105 self.auth_provider.reset_alt_auth_data()
106 self.assertIsNone(self.auth_provider.alt_part)
107 self.assertIsNone(self.auth_provider.alt_auth_data)
108
109 def test_auth_class(self):
110 self.assertRaises(TypeError,
111 auth.AuthProvider,
112 fake_credentials.FakeCredentials)
113
114
115class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp):
116 _endpoints = fake_identity.IDENTITY_V2_RESPONSE['access']['serviceCatalog']
117 _auth_provider_class = auth.KeystoneV2AuthProvider
118 credentials = fake_credentials.FakeKeystoneV2Credentials()
119
120 def setUp(self):
121 super(TestKeystoneV2AuthProvider, self).setUp()
Jordan Pittier0021c292016-03-29 21:33:34 +0200[diff] [blame]122 self.patchobject(v2_client.TokenClient, 'raw_request',
123 fake_identity._fake_v2_response)
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]124 self.target_url = 'test_api'
125
126 def _get_fake_identity(self):
127 return fake_identity.IDENTITY_V2_RESPONSE['access']
128
129 def _get_fake_alt_identity(self):
130 return fake_identity.ALT_IDENTITY_V2_RESPONSE['access']
131
132 def _get_result_url_from_endpoint(self, ep, endpoint_type='publicURL',
133 replacement=None):
134 if replacement:
135 return ep[endpoint_type].replace('v2', replacement)
136 return ep[endpoint_type]
137
138 def _get_token_from_fake_identity(self):
139 return fake_identity.TOKEN
140
141 def _get_from_fake_identity(self, attr):
142 access = fake_identity.IDENTITY_V2_RESPONSE['access']
143 if attr == 'user_id':
144 return access['user']['id']
145 elif attr == 'tenant_id':
146 return access['token']['tenant']['id']
147
148 def _test_request_helper(self, filters, expected):
149 url, headers, body = self.auth_provider.auth_request('GET',
150 self.target_url,
151 filters=filters)
152
153 self.assertEqual(expected['url'], url)
154 self.assertEqual(expected['token'], headers['X-Auth-Token'])
155 self.assertEqual(expected['body'], body)
156
157 def _auth_data_with_expiry(self, date_as_string):
158 token, access = self.auth_provider.auth_data
159 access['token']['expires'] = date_as_string
160 return token, access
161
162 def test_request(self):
163 filters = {
164 'service': 'compute',
165 'endpoint_type': 'publicURL',
166 'region': 'FakeRegion'
167 }
168
169 url = self._get_result_url_from_endpoint(
170 self._endpoints[0]['endpoints'][1]) + '/' + self.target_url
171
172 expected = {
173 'body': None,
174 'url': url,
175 'token': self._get_token_from_fake_identity(),
176 }
177 self._test_request_helper(filters, expected)
178
179 def test_request_with_alt_auth_cleans_alt(self):
180 """Test alternate auth data for headers
181
182 Assert that when the alt data is provided for headers, after an
183 auth_request the data alt_data is cleaned-up.
184 """
185 self.auth_provider.set_alt_auth_data(
186 'headers',
187 (fake_identity.ALT_TOKEN, self._get_fake_alt_identity()))
188 filters = {
189 'service': 'compute',
190 'endpoint_type': 'publicURL',
191 'region': 'fakeRegion'
192 }
193 self.auth_provider.auth_request('GET', self.target_url,
194 filters=filters)
195
196 # Assert alt auth data is clear after it
197 self.assertIsNone(self.auth_provider.alt_part)
198 self.assertIsNone(self.auth_provider.alt_auth_data)
199
200 def _test_request_with_identical_alt_auth(self, part):
201 """Test alternate but identical auth data for headers
202
203 Assert that when the alt data is provided, but it's actually
204 identical, an exception is raised.
205 """
206 self.auth_provider.set_alt_auth_data(
207 part,
208 (fake_identity.TOKEN, self._get_fake_identity()))
209 filters = {
210 'service': 'compute',
211 'endpoint_type': 'publicURL',
212 'region': 'fakeRegion'
213 }
214
215 self.assertRaises(exceptions.BadAltAuth,
216 self.auth_provider.auth_request,
217 'GET', self.target_url, filters=filters)
218
219 def test_request_with_identical_alt_auth_headers(self):
220 self._test_request_with_identical_alt_auth('headers')
221
222 def test_request_with_identical_alt_auth_url(self):
223 self._test_request_with_identical_alt_auth('url')
224
225 def test_request_with_identical_alt_auth_body(self):
226 self._test_request_with_identical_alt_auth('body')
227
228 def test_request_with_alt_part_without_alt_data(self):
229 """Test empty alternate auth data
230
231 Assert that when alt_part is defined, the corresponding original
232 request element is kept the same.
233 """
234 filters = {
235 'service': 'compute',
236 'endpoint_type': 'publicURL',
237 'region': 'fakeRegion'
238 }
239 self.auth_provider.set_alt_auth_data('headers', None)
240
241 url, headers, body = self.auth_provider.auth_request('GET',
242 self.target_url,
243 filters=filters)
244 # The original headers where empty
245 self.assertNotEqual(url, self.target_url)
246 self.assertIsNone(headers)
247 self.assertEqual(body, None)
248
249 def _test_request_with_alt_part_without_alt_data_no_change(self, body):
250 """Test empty alternate auth data with no effect
251
252 Assert that when alt_part is defined, no auth_data is provided,
Anh Trand44a8be2016-03-25 09:49:14 +0700[diff] [blame]253 and the corresponding original request element was not going to
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]254 be changed anyways, and exception is raised
255 """
256 filters = {
257 'service': 'compute',
258 'endpoint_type': 'publicURL',
259 'region': 'fakeRegion'
260 }
261 self.auth_provider.set_alt_auth_data('body', None)
262
263 self.assertRaises(exceptions.BadAltAuth,
264 self.auth_provider.auth_request,
265 'GET', self.target_url, filters=filters)
266
267 def test_request_with_alt_part_without_alt_data_no_change_headers(self):
268 self._test_request_with_alt_part_without_alt_data_no_change('headers')
269
270 def test_request_with_alt_part_without_alt_data_no_change_url(self):
271 self._test_request_with_alt_part_without_alt_data_no_change('url')
272
273 def test_request_with_alt_part_without_alt_data_no_change_body(self):
274 self._test_request_with_alt_part_without_alt_data_no_change('body')
275
276 def test_request_with_bad_service(self):
277 filters = {
278 'service': 'BAD_SERVICE',
279 'endpoint_type': 'publicURL',
280 'region': 'fakeRegion'
281 }
282 self.assertRaises(exceptions.EndpointNotFound,
283 self.auth_provider.auth_request, 'GET',
284 self.target_url, filters=filters)
285
286 def test_request_without_service(self):
287 filters = {
288 'service': None,
289 'endpoint_type': 'publicURL',
290 'region': 'fakeRegion'
291 }
292 self.assertRaises(exceptions.EndpointNotFound,
293 self.auth_provider.auth_request, 'GET',
294 self.target_url, filters=filters)
295
296 def test_check_credentials_missing_attribute(self):
297 for attr in ['username', 'password']:
298 cred = copy.copy(self.credentials)
299 del cred[attr]
300 self.assertFalse(self.auth_provider.check_credentials(cred))
301
302 def test_fill_credentials(self):
303 self.auth_provider.fill_credentials()
304 creds = self.auth_provider.credentials
305 for attr in ['user_id', 'tenant_id']:
306 self.assertEqual(self._get_from_fake_identity(attr),
307 getattr(creds, attr))
308
309 def _test_base_url_helper(self, expected_url, filters,
310 auth_data=None):
311
312 url = self.auth_provider.base_url(filters, auth_data)
313 self.assertEqual(url, expected_url)
314
315 def test_base_url(self):
316 self.filters = {
317 'service': 'compute',
318 'endpoint_type': 'publicURL',
319 'region': 'FakeRegion'
320 }
321 expected = self._get_result_url_from_endpoint(
322 self._endpoints[0]['endpoints'][1])
323 self._test_base_url_helper(expected, self.filters)
324
325 def test_base_url_to_get_admin_endpoint(self):
326 self.filters = {
327 'service': 'compute',
328 'endpoint_type': 'adminURL',
329 'region': 'FakeRegion'
330 }
331 expected = self._get_result_url_from_endpoint(
332 self._endpoints[0]['endpoints'][1], endpoint_type='adminURL')
333 self._test_base_url_helper(expected, self.filters)
334
335 def test_base_url_unknown_region(self):
336 """If the region is unknown, the first endpoint is returned."""
337 self.filters = {
338 'service': 'compute',
339 'endpoint_type': 'publicURL',
340 'region': 'AintNoBodyKnowThisRegion'
341 }
342 expected = self._get_result_url_from_endpoint(
343 self._endpoints[0]['endpoints'][0])
344 self._test_base_url_helper(expected, self.filters)
345
346 def test_base_url_with_non_existent_service(self):
347 self.filters = {
348 'service': 'BAD_SERVICE',
349 'endpoint_type': 'publicURL',
350 'region': 'FakeRegion'
351 }
352 self.assertRaises(exceptions.EndpointNotFound,
353 self._test_base_url_helper, None, self.filters)
354
355 def test_base_url_without_service(self):
356 self.filters = {
357 'endpoint_type': 'publicURL',
358 'region': 'FakeRegion'
359 }
360 self.assertRaises(exceptions.EndpointNotFound,
361 self._test_base_url_helper, None, self.filters)
362
363 def test_base_url_with_api_version_filter(self):
364 self.filters = {
365 'service': 'compute',
366 'endpoint_type': 'publicURL',
367 'region': 'FakeRegion',
368 'api_version': 'v12'
369 }
370 expected = self._get_result_url_from_endpoint(
371 self._endpoints[0]['endpoints'][1], replacement='v12')
372 self._test_base_url_helper(expected, self.filters)
373
374 def test_base_url_with_skip_path_filter(self):
375 self.filters = {
376 'service': 'compute',
377 'endpoint_type': 'publicURL',
378 'region': 'FakeRegion',
379 'skip_path': True
380 }
381 expected = 'http://fake_url/'
382 self._test_base_url_helper(expected, self.filters)
383
Jamie Lennoxa934a702016-03-09 11:36:36 +1100[diff] [blame]384 def test_base_url_with_unversioned_endpoint(self):
385 auth_data = {
386 'serviceCatalog': [
387 {
388 'type': 'identity',
389 'endpoints': [
390 {
391 'region': 'FakeRegion',
392 'publicURL': 'http://fake_url'
393 }
394 ]
395 }
396 ]
397 }
398
399 filters = {
400 'service': 'identity',
401 'endpoint_type': 'publicURL',
402 'region': 'FakeRegion',
403 'api_version': 'v2.0'
404 }
405
406 expected = 'http://fake_url/v2.0'
407 self._test_base_url_helper(expected, filters, ('token', auth_data))
408
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]409 def test_token_not_expired(self):
410 expiry_data = datetime.datetime.utcnow() + datetime.timedelta(days=1)
411 self._verify_expiry(expiry_data=expiry_data, should_be_expired=False)
412
413 def test_token_expired(self):
414 expiry_data = datetime.datetime.utcnow() - datetime.timedelta(hours=1)
415 self._verify_expiry(expiry_data=expiry_data, should_be_expired=True)
416
417 def test_token_not_expired_to_be_renewed(self):
418 expiry_data = (datetime.datetime.utcnow() +
419 self.auth_provider.token_expiry_threshold / 2)
420 self._verify_expiry(expiry_data=expiry_data, should_be_expired=True)
421
422 def _verify_expiry(self, expiry_data, should_be_expired):
423 for expiry_format in self.auth_provider.EXPIRY_DATE_FORMATS:
424 auth_data = self._auth_data_with_expiry(
425 expiry_data.strftime(expiry_format))
426 self.assertEqual(self.auth_provider.is_expired(auth_data),
427 should_be_expired)
428
Andrea Frittoli (andreaf)3e82af72016-05-05 22:53:38 +0100[diff] [blame^]429 def test_set_scope_all_valid(self):
430 for scope in self.auth_provider.SCOPES:
431 self.auth_provider.scope = scope
432 self.assertEqual(scope, self.auth_provider.scope)
433
434 def test_set_scope_invalid(self):
435 with testtools.ExpectedException(exceptions.InvalidScope,
436 '.* invalid_scope .*'):
437 self.auth_provider.scope = 'invalid_scope'
438
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]439
440class TestKeystoneV3AuthProvider(TestKeystoneV2AuthProvider):
441 _endpoints = fake_identity.IDENTITY_V3_RESPONSE['token']['catalog']
442 _auth_provider_class = auth.KeystoneV3AuthProvider
443 credentials = fake_credentials.FakeKeystoneV3Credentials()
444
445 def setUp(self):
446 super(TestKeystoneV3AuthProvider, self).setUp()
Jordan Pittier0021c292016-03-29 21:33:34 +0200[diff] [blame]447 self.patchobject(v3_client.V3TokenClient, 'raw_request',
448 fake_identity._fake_v3_response)
Matthew Treinish9e26ca82016-02-23 11:43:20 -0500[diff] [blame]449
450 def _get_fake_identity(self):
451 return fake_identity.IDENTITY_V3_RESPONSE['token']
452
453 def _get_fake_alt_identity(self):
454 return fake_identity.ALT_IDENTITY_V3['token']
455
456 def _get_result_url_from_endpoint(self, ep, replacement=None):
457 if replacement:
458 return ep['url'].replace('v3', replacement)
459 return ep['url']
460
461 def _auth_data_with_expiry(self, date_as_string):
462 token, access = self.auth_provider.auth_data
463 access['expires_at'] = date_as_string
464 return token, access
465
466 def _get_from_fake_identity(self, attr):
467 token = fake_identity.IDENTITY_V3_RESPONSE['token']
468 if attr == 'user_id':
469 return token['user']['id']
470 elif attr == 'project_id':
471 return token['project']['id']
472 elif attr == 'user_domain_id':
473 return token['user']['domain']['id']
474 elif attr == 'project_domain_id':
475 return token['project']['domain']['id']
476
477 def test_check_credentials_missing_attribute(self):
478 # reset credentials to fresh ones
479 self.credentials.reset()
480 for attr in ['username', 'password', 'user_domain_name',
481 'project_domain_name']:
482 cred = copy.copy(self.credentials)
483 del cred[attr]
484 self.assertFalse(self.auth_provider.check_credentials(cred),
485 "Credentials should be invalid without %s" % attr)
486
487 def test_check_domain_credentials_missing_attribute(self):
488 # reset credentials to fresh ones
489 self.credentials.reset()
490 domain_creds = fake_credentials.FakeKeystoneV3DomainCredentials()
491 for attr in ['username', 'password', 'user_domain_name']:
492 cred = copy.copy(domain_creds)
493 del cred[attr]
494 self.assertFalse(self.auth_provider.check_credentials(cred),
495 "Credentials should be invalid without %s" % attr)
496
497 def test_fill_credentials(self):
498 self.auth_provider.fill_credentials()
499 creds = self.auth_provider.credentials
500 for attr in ['user_id', 'project_id', 'user_domain_id',
501 'project_domain_id']:
502 self.assertEqual(self._get_from_fake_identity(attr),
503 getattr(creds, attr))
504
505 # Overwrites v2 test
506 def test_base_url_to_get_admin_endpoint(self):
507 self.filters = {
508 'service': 'compute',
509 'endpoint_type': 'admin',
510 'region': 'MiddleEarthRegion'
511 }
512 expected = self._get_result_url_from_endpoint(
513 self._endpoints[0]['endpoints'][2])
514 self._test_base_url_helper(expected, self.filters)
Jamie Lennoxa934a702016-03-09 11:36:36 +1100[diff] [blame]515
516 # Overwrites v2 test
517 def test_base_url_with_unversioned_endpoint(self):
518 auth_data = {
519 'catalog': [
520 {
521 'type': 'identity',
522 'endpoints': [
523 {
524 'region': 'FakeRegion',
525 'url': 'http://fake_url',
526 'interface': 'public'
527 }
528 ]
529 }
530 ]
531 }
532
533 filters = {
534 'service': 'identity',
535 'endpoint_type': 'publicURL',
536 'region': 'FakeRegion',
537 'api_version': 'v3'
538 }
539
540 expected = 'http://fake_url/v3'
541 self._test_base_url_helper(expected, filters, ('token', auth_data))
John Warrenb10c6ca2016-02-26 15:32:37 -0500[diff] [blame]542
Andrea Frittoli (andreaf)3e82af72016-05-05 22:53:38 +0100[diff] [blame^]543 # Base URL test with scope only for V3
544 def test_base_url_scope_project(self):
545 self.auth_provider.scope = 'project'
546 self.filters = {
547 'service': 'compute',
548 'endpoint_type': 'publicURL',
549 'region': 'FakeRegion'
550 }
551 expected = self._get_result_url_from_endpoint(
552 self._endpoints[0]['endpoints'][1])
553 self._test_base_url_helper(expected, self.filters)
554
555 # Base URL test with scope only for V3
556 def test_base_url_unscoped_identity(self):
557 self.auth_provider.scope = 'unscoped'
558 self.patchobject(v3_client.V3TokenClient, 'raw_request',
559 fake_identity._fake_v3_response_no_scope)
560 self.filters = {
561 'service': 'identity',
562 'endpoint_type': 'publicURL',
563 'region': 'FakeRegion'
564 }
565 expected = fake_identity.FAKE_AUTH_URL
566 self._test_base_url_helper(expected, self.filters)
567
568 # Base URL test with scope only for V3
569 def test_base_url_unscoped_other(self):
570 self.auth_provider.scope = 'unscoped'
571 self.patchobject(v3_client.V3TokenClient, 'raw_request',
572 fake_identity._fake_v3_response_no_scope)
573 self.filters = {
574 'service': 'compute',
575 'endpoint_type': 'publicURL',
576 'region': 'FakeRegion'
577 }
578 self.assertRaises(exceptions.EndpointNotFound,
579 self.auth_provider.base_url,
580 auth_data=self.auth_provider.auth_data,
581 filters=self.filters)
582
583 def test_auth_parameters_with_scope_unset(self):
584 # No scope defaults to 'project'
585 all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
586 self.auth_provider.credentials = all_creds
587 auth_params = self.auth_provider._auth_params()
588 self.assertNotIn('scope', auth_params.keys())
589 for attr in all_creds.get_init_attributes():
590 if attr.startswith('domain_'):
591 self.assertNotIn(attr, auth_params.keys())
592 else:
593 self.assertIn(attr, auth_params.keys())
594 self.assertEqual(getattr(all_creds, attr), auth_params[attr])
595
596 def test_auth_parameters_with_project_scope(self):
597 all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
598 self.auth_provider.credentials = all_creds
599 self.auth_provider.scope = 'project'
600 auth_params = self.auth_provider._auth_params()
601 self.assertNotIn('scope', auth_params.keys())
602 for attr in all_creds.get_init_attributes():
603 if attr.startswith('domain_'):
604 self.assertNotIn(attr, auth_params.keys())
605 else:
606 self.assertIn(attr, auth_params.keys())
607 self.assertEqual(getattr(all_creds, attr), auth_params[attr])
608
609 def test_auth_parameters_with_domain_scope(self):
610 all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
611 self.auth_provider.credentials = all_creds
612 self.auth_provider.scope = 'domain'
613 auth_params = self.auth_provider._auth_params()
614 self.assertNotIn('scope', auth_params.keys())
615 for attr in all_creds.get_init_attributes():
616 if attr.startswith('project_'):
617 self.assertNotIn(attr, auth_params.keys())
618 else:
619 self.assertIn(attr, auth_params.keys())
620 self.assertEqual(getattr(all_creds, attr), auth_params[attr])
621
622 def test_auth_parameters_unscoped(self):
623 all_creds = fake_credentials.FakeKeystoneV3AllCredentials()
624 self.auth_provider.credentials = all_creds
625 self.auth_provider.scope = 'unscoped'
626 auth_params = self.auth_provider._auth_params()
627 self.assertNotIn('scope', auth_params.keys())
628 for attr in all_creds.get_init_attributes():
629 if attr.startswith('project_') or attr.startswith('domain_'):
630 self.assertNotIn(attr, auth_params.keys())
631 else:
632 self.assertIn(attr, auth_params.keys())
633 self.assertEqual(getattr(all_creds, attr), auth_params[attr])
634
John Warrenb10c6ca2016-02-26 15:32:37 -0500[diff] [blame]635
636class TestKeystoneV3Credentials(base.TestCase):
637 def testSetAttrUserDomain(self):
638 creds = auth.KeystoneV3Credentials()
639 creds.user_domain_name = 'user_domain'
640 creds.domain_name = 'domain'
641 self.assertEqual('user_domain', creds.user_domain_name)
642 creds = auth.KeystoneV3Credentials()
643 creds.domain_name = 'domain'
644 creds.user_domain_name = 'user_domain'
645 self.assertEqual('user_domain', creds.user_domain_name)
646
647 def testSetAttrProjectDomain(self):
648 creds = auth.KeystoneV3Credentials()
649 creds.project_domain_name = 'project_domain'
650 creds.domain_name = 'domain'
651 self.assertEqual('project_domain', creds.user_domain_name)
652 creds = auth.KeystoneV3Credentials()
653 creds.domain_name = 'domain'
654 creds.project_domain_name = 'project_domain'
655 self.assertEqual('project_domain', creds.project_domain_name)
656
657 def testProjectTenantNoCollision(self):
658 creds = auth.KeystoneV3Credentials(tenant_id='tenant')
659 self.assertEqual('tenant', creds.project_id)
660 creds = auth.KeystoneV3Credentials(project_id='project')
661 self.assertEqual('project', creds.tenant_id)
662 creds = auth.KeystoneV3Credentials(tenant_name='tenant')
663 self.assertEqual('tenant', creds.project_name)
664 creds = auth.KeystoneV3Credentials(project_name='project')
665 self.assertEqual('project', creds.tenant_name)
666
667 def testProjectTenantCollision(self):
668 attrs = {'tenant_id': 'tenant', 'project_id': 'project'}
669 self.assertRaises(
670 exceptions.InvalidCredentials, auth.KeystoneV3Credentials, **attrs)
671 attrs = {'tenant_name': 'tenant', 'project_name': 'project'}
672 self.assertRaises(
673 exceptions.InvalidCredentials, auth.KeystoneV3Credentials, **attrs)
Brant Knudsonf2d1f572016-04-11 15:02:01 -0500[diff] [blame]674
675
676class TestReplaceVersion(base.TestCase):
677 def test_version_no_trailing_path(self):
678 self.assertEqual(
679 'http://localhost:35357/v2.0',
680 auth.replace_version('http://localhost:35357/v3', 'v2.0'))
681
682 def test_version_no_trailing_path_solidus(self):
683 self.assertEqual(
684 'http://localhost:35357/v2.0/',
685 auth.replace_version('http://localhost:35357/v3/', 'v2.0'))
686
687 def test_version_trailing_path(self):
688 self.assertEqual(
689 'http://localhost:35357/v2.0/uuid',
690 auth.replace_version('http://localhost:35357/v3/uuid', 'v2.0'))
691
692 def test_version_trailing_path_solidus(self):
693 self.assertEqual(
694 'http://localhost:35357/v2.0/uuid/',
695 auth.replace_version('http://localhost:35357/v3/uuid/', 'v2.0'))
696
697 def test_no_version_base(self):
698 self.assertEqual(
699 'http://localhost:35357/v2.0',
700 auth.replace_version('http://localhost:35357', 'v2.0'))
701
702 def test_no_version_base_solidus(self):
Brant Knudsonf2d1f572016-04-11 15:02:01 -0500[diff] [blame]703 self.assertEqual(
Brant Knudson77293802016-04-11 15:14:54 -0500[diff] [blame]704 'http://localhost:35357/v2.0',
Brant Knudsonf2d1f572016-04-11 15:02:01 -0500[diff] [blame]705 auth.replace_version('http://localhost:35357/', 'v2.0'))
706
707 def test_no_version_path(self):
Brant Knudsonf2d1f572016-04-11 15:02:01 -0500[diff] [blame]708 self.assertEqual(
Brant Knudson77293802016-04-11 15:14:54 -0500[diff] [blame]709 'http://localhost/identity/v2.0',
Brant Knudsonf2d1f572016-04-11 15:02:01 -0500[diff] [blame]710 auth.replace_version('http://localhost/identity', 'v2.0'))
711
712 def test_no_version_path_solidus(self):
Brant Knudsonf2d1f572016-04-11 15:02:01 -0500[diff] [blame]713 self.assertEqual(
Brant Knudson77293802016-04-11 15:14:54 -0500[diff] [blame]714 'http://localhost/identity/v2.0',
Brant Knudsonf2d1f572016-04-11 15:02:01 -0500[diff] [blame]715 auth.replace_version('http://localhost/identity/', 'v2.0'))
716
717 def test_path_version(self):
718 self.assertEqual(
719 'http://localhost/identity/v2.0',
720 auth.replace_version('http://localhost/identity/v3', 'v2.0'))
721
722 def test_path_version_solidus(self):
723 self.assertEqual(
724 'http://localhost/identity/v2.0/',
725 auth.replace_version('http://localhost/identity/v3/', 'v2.0'))
726
727 def test_path_version_trailing_path(self):
728 self.assertEqual(
729 'http://localhost/identity/v2.0/uuid',
730 auth.replace_version('http://localhost/identity/v3/uuid', 'v2.0'))
731
732 def test_path_version_trailing_path_solidus(self):
733 self.assertEqual(
734 'http://localhost/identity/v2.0/uuid/',
735 auth.replace_version('http://localhost/identity/v3/uuid/', 'v2.0'))
Andrea Frittoli (andreaf)3e82af72016-05-05 22:53:38 +0100[diff] [blame^]736
737
738class TestKeystoneV3AuthProvider_DomainScope(BaseAuthTestsSetUp):
739 _endpoints = fake_identity.IDENTITY_V3_RESPONSE['token']['catalog']
740 _auth_provider_class = auth.KeystoneV3AuthProvider
741 credentials = fake_credentials.FakeKeystoneV3Credentials()
742
743 def setUp(self):
744 super(TestKeystoneV3AuthProvider_DomainScope, self).setUp()
745 self.patchobject(v3_client.V3TokenClient, 'raw_request',
746 fake_identity._fake_v3_response_domain_scope)
747
748 def test_get_auth_with_domain_scope(self):
749 self.auth_provider.scope = 'domain'
750 _, auth_data = self.auth_provider.get_auth()
751 self.assertIn('domain', auth_data)
752 self.assertNotIn('project', auth_data)