Use generic auth plugins
This change removes use of version specific auth plugins and instead uses generic plugins. Change-Id: I19898d351c4a08f5f865f9debd60070d50aa5eff Related-Bug: #1554533
This commit is contained in:
rabi
parent
e1a6c072a1
commit
34b372ddb5
@ -13,7 +13,7 @@
|
||||
|
||||
from keystoneauth1 import access
|
||||
from keystoneauth1.identity import access as access_plugin
|
||||
from keystoneauth1.identity import v3
|
||||
from keystoneauth1.identity import generic
|
||||
from keystoneauth1 import loading as ks_loading
|
||||
from keystoneauth1 import token_endpoint
|
||||
from oslo_config import cfg
|
||||
@ -40,12 +40,12 @@ LOG = logging.getLogger(__name__)
|
||||
# cfg.CONF.register*, it's done via ks_loading.register_auth_conf_options
|
||||
# Note, only auth_type = v3password is expected to work, example config:
|
||||
# [trustee]
|
||||
# auth_type = v3password
|
||||
# auth_type = password
|
||||
# auth_url = http://192.168.1.2:35357
|
||||
# username = heat
|
||||
# password = password
|
||||
# user_domain_id = default
|
||||
V3_PASSWORD_PLUGIN = 'v3password'
|
||||
PASSWORD_PLUGIN = 'password'
|
||||
TRUSTEE_CONF_GROUP = 'trustee'
|
||||
ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
|
||||
|
||||
@ -53,7 +53,7 @@ ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
|
||||
def list_opts():
|
||||
trustee_opts = ks_loading.get_auth_common_conf_options()
|
||||
trustee_opts.extend(ks_loading.get_auth_plugin_conf_options(
|
||||
V3_PASSWORD_PLUGIN))
|
||||
PASSWORD_PLUGIN))
|
||||
yield TRUSTEE_CONF_GROUP, trustee_opts
|
||||
|
||||
|
||||
@ -201,7 +201,7 @@ class RequestContext(context.RequestContext):
|
||||
if 'user_domain_id' in cfg.CONF.keystone_authtoken:
|
||||
trustee_user_domain = cfg.CONF.keystone_authtoken.user_domain_id
|
||||
|
||||
self._trusts_auth_plugin = v3.Password(
|
||||
self._trusts_auth_plugin = generic.Password(
|
||||
username=cfg.CONF.keystone_authtoken.admin_user,
|
||||
password=cfg.CONF.keystone_authtoken.admin_password,
|
||||
user_domain_id=trustee_user_domain,
|
||||
@ -211,11 +211,10 @@ class RequestContext(context.RequestContext):
|
||||
|
||||
def _create_auth_plugin(self):
|
||||
if self.auth_token_info:
|
||||
auth_ref = access.AccessInfoV3(self.auth_token_info,
|
||||
auth_token=self.auth_token)
|
||||
access_info = access.create(body=self.auth_token_info,
|
||||
auth_token=self.auth_token)
|
||||
return access_plugin.AccessInfoPlugin(
|
||||
auth_url=self.keystone_v3_endpoint,
|
||||
auth_ref=auth_ref)
|
||||
auth_ref=access_info, auth_url=self.keystone_v3_endpoint)
|
||||
|
||||
if self.auth_token:
|
||||
# FIXME(jamielennox): This is broken but consistent. If you
|
||||
@ -226,13 +225,13 @@ class RequestContext(context.RequestContext):
|
||||
token=self.auth_token)
|
||||
|
||||
if self.password:
|
||||
return v3.Password(username=self.username,
|
||||
password=self.password,
|
||||
project_id=self.tenant_id,
|
||||
user_domain_id=self.user_domain,
|
||||
auth_url=self.keystone_v3_endpoint)
|
||||
return generic.Password(username=self.username,
|
||||
password=self.password,
|
||||
project_id=self.tenant_id,
|
||||
user_domain_id=self.user_domain,
|
||||
auth_url=self.keystone_v3_endpoint)
|
||||
|
||||
LOG.error(_LE("Keystone v3 API connection failed, no password "
|
||||
LOG.error(_LE("Keystone API connection failed, no password "
|
||||
"trust or auth_token!"))
|
||||
raise exception.AuthorizationFailure()
|
||||
|
||||
|
||||
@ -17,9 +17,9 @@ import collections
|
||||
import uuid
|
||||
import weakref
|
||||
|
||||
from keystoneauth1.identity import v3 as kc_auth_v3
|
||||
from keystoneauth1 import exceptions as ks_exception
|
||||
from keystoneauth1.identity import generic as ks_auth
|
||||
from keystoneauth1 import session
|
||||
import keystoneclient.exceptions as kc_exception
|
||||
from keystoneclient.v3 import client as kc_v3
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
@ -124,18 +124,18 @@ class KsClientWrapper(object):
|
||||
if not self._domain_admin_auth:
|
||||
# Note we must specify the domain when getting the token
|
||||
# as only a domain scoped token can create projects in the domain
|
||||
auth = kc_auth_v3.Password(username=self.domain_admin_user,
|
||||
password=self.domain_admin_password,
|
||||
auth_url=self.v3_endpoint,
|
||||
domain_id=self._stack_domain_id,
|
||||
domain_name=self.stack_domain_name,
|
||||
user_domain_id=self._stack_domain_id,
|
||||
user_domain_name=self.stack_domain_name)
|
||||
auth = ks_auth.Password(username=self.domain_admin_user,
|
||||
password=self.domain_admin_password,
|
||||
auth_url=self.v3_endpoint,
|
||||
domain_id=self._stack_domain_id,
|
||||
domain_name=self.stack_domain_name,
|
||||
user_domain_id=self._stack_domain_id,
|
||||
user_domain_name=self.stack_domain_name)
|
||||
|
||||
# NOTE(jamielennox): just do something to ensure a valid token
|
||||
try:
|
||||
auth.get_token(self.session)
|
||||
except kc_exception.Unauthorized:
|
||||
except ks_exception.Unauthorized:
|
||||
LOG.error(_LE("Domain admin client authentication failed"))
|
||||
raise exception.AuthorizationFailure()
|
||||
|
||||
@ -161,7 +161,7 @@ class KsClientWrapper(object):
|
||||
# reauthenticating if it's present and valid.
|
||||
try:
|
||||
auth_ref = self.context.auth_plugin.get_access(self.session)
|
||||
except kc_exception.Unauthorized:
|
||||
except ks_exception.Unauthorized:
|
||||
LOG.error(_LE("Keystone client authentication failed"))
|
||||
raise exception.AuthorizationFailure()
|
||||
|
||||
@ -193,11 +193,10 @@ class KsClientWrapper(object):
|
||||
# We need the service admin user ID (not name), as the trustor user
|
||||
# can't lookup the ID in keystoneclient unless they're admin
|
||||
# workaround this by getting the user_id from admin_client
|
||||
|
||||
try:
|
||||
trustee_user_id = self.context.trusts_auth_plugin.get_user_id(
|
||||
self.session)
|
||||
except kc_exception.Unauthorized:
|
||||
except ks_exception.Unauthorized:
|
||||
LOG.error(_LE("Domain admin client authentication failed"))
|
||||
raise exception.AuthorizationFailure()
|
||||
|
||||
@ -215,7 +214,7 @@ class KsClientWrapper(object):
|
||||
project=trustor_proj_id,
|
||||
impersonation=True,
|
||||
role_names=roles)
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
LOG.debug("Failed to find roles %s for user %s"
|
||||
% (roles, trustor_user_id))
|
||||
raise exception.MissingCredentialError(
|
||||
@ -232,7 +231,7 @@ class KsClientWrapper(object):
|
||||
"""Delete the specified trust."""
|
||||
try:
|
||||
self.client.trusts.delete(trust_id)
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
pass
|
||||
|
||||
def _get_username(self, username):
|
||||
@ -287,15 +286,16 @@ class KsClientWrapper(object):
|
||||
'configured, please fix your heat.conf')
|
||||
raise exception.Error(msg)
|
||||
|
||||
# Create a keystoneclient session, then request a token with no
|
||||
# Create a keystone session, then request a token with no
|
||||
# catalog (the token is expected to be used inside an instance
|
||||
# where a specific endpoint will be specified, and user-data
|
||||
# space is limited..)
|
||||
auth = kc_auth_v3.Password(auth_url=self.v3_endpoint,
|
||||
user_id=user_id,
|
||||
password=password,
|
||||
project_id=project_id,
|
||||
include_catalog=False)
|
||||
# TODO(rabi): generic auth plugins don't support `include_catalog'
|
||||
# flag yet. We'll add it once it's supported..
|
||||
auth = ks_auth.Password(auth_url=self.v3_endpoint,
|
||||
user_id=user_id,
|
||||
password=password,
|
||||
project_id=project_id)
|
||||
|
||||
return auth.get_token(self.session)
|
||||
|
||||
@ -345,7 +345,7 @@ class KsClientWrapper(object):
|
||||
if not self._stack_domain_id:
|
||||
try:
|
||||
access = self.domain_admin_auth.get_access(self.session)
|
||||
except kc_exception.Unauthorized:
|
||||
except ks_exception.Unauthorized:
|
||||
LOG.error(_LE("Keystone client authentication failed"))
|
||||
raise exception.AuthorizationFailure()
|
||||
|
||||
@ -371,13 +371,13 @@ class KsClientWrapper(object):
|
||||
try:
|
||||
self._check_stack_domain_user(user_id, project_id, 'delete')
|
||||
self.domain_admin_client.users.delete(user_id)
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
pass
|
||||
|
||||
def delete_stack_user(self, user_id):
|
||||
try:
|
||||
self.client.users.delete(user=user_id)
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
pass
|
||||
|
||||
def create_stack_domain_project(self, stack_id):
|
||||
@ -409,9 +409,9 @@ class KsClientWrapper(object):
|
||||
# to get the project, so again we should do nothing
|
||||
try:
|
||||
project = self.domain_admin_client.projects.get(project=project_id)
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
return
|
||||
except kc_exception.Forbidden:
|
||||
except ks_exception.Forbidden:
|
||||
LOG.warning(_LW('Unable to get details for project %s, '
|
||||
'not deleting'), project_id)
|
||||
return
|
||||
@ -422,7 +422,7 @@ class KsClientWrapper(object):
|
||||
|
||||
try:
|
||||
project.delete()
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
pass
|
||||
|
||||
def _find_ec2_keypair(self, access, user_id=None):
|
||||
@ -443,7 +443,7 @@ class KsClientWrapper(object):
|
||||
if credential_id:
|
||||
try:
|
||||
self.client.credentials.delete(credential_id)
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
pass
|
||||
elif access:
|
||||
cred = self._find_ec2_keypair(access=access, user_id=user_id)
|
||||
@ -510,7 +510,7 @@ class KsClientWrapper(object):
|
||||
self._check_stack_domain_user(user_id, project_id, 'delete_keypair')
|
||||
try:
|
||||
self.domain_admin_client.credentials.delete(credential_id)
|
||||
except kc_exception.NotFound:
|
||||
except ks_exception.NotFound:
|
||||
pass
|
||||
|
||||
def disable_stack_user(self, user_id):
|
||||
|
||||
@ -17,7 +17,7 @@ import uuid
|
||||
from keystoneauth1 import access as ks_access
|
||||
from keystoneauth1 import exceptions as kc_exception
|
||||
from keystoneauth1.identity import access as ks_auth_access
|
||||
from keystoneauth1.identity import v3 as ks_auth_v3
|
||||
from keystoneauth1.identity import generic as ks_auth
|
||||
from keystoneauth1 import loading as ks_loading
|
||||
from keystoneauth1 import session as ks_session
|
||||
from keystoneauth1 import token_endpoint as ks_token_endpoint
|
||||
@ -49,7 +49,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
self.mock_ks_v3_client_domain_mngr = self.m.CreateMock(
|
||||
kc_v3_domains.DomainManager)
|
||||
self.m.StubOutWithMock(kc_v3, "Client")
|
||||
self.m.StubOutWithMock(ks_auth_v3, 'Password')
|
||||
self.m.StubOutWithMock(ks_auth, 'Password')
|
||||
self.m.StubOutWithMock(ks_token_endpoint, 'Token')
|
||||
self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin')
|
||||
self.m.StubOutWithMock(ks_loading, 'load_auth_from_conf_options')
|
||||
@ -85,13 +85,13 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
mock_ks_auth = self.m.CreateMockAnything()
|
||||
mock_ks_auth.get_token(mox.IsA(ks_session.Session)).AndReturn('tok')
|
||||
|
||||
m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
|
||||
password='adminsecret',
|
||||
domain_id='adomain123',
|
||||
domain_name=None,
|
||||
user_domain_id='adomain123',
|
||||
user_domain_name=None,
|
||||
username='adminuser123')
|
||||
m = ks_auth.Password(auth_url='http://server.test:5000/v3',
|
||||
password='adminsecret',
|
||||
domain_id='adomain123',
|
||||
domain_name=None,
|
||||
user_domain_id='adomain123',
|
||||
user_domain_name=None,
|
||||
username='adminuser123')
|
||||
m.AndReturn(mock_ks_auth)
|
||||
|
||||
n = kc_v3.Client(session=mox.IsA(ks_session.Session),
|
||||
@ -100,26 +100,30 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
self.mock_admin_client.domains = self.mock_ks_v3_client_domain_mngr
|
||||
|
||||
def _stubs_v3(self, method='token', trust_scoped=True,
|
||||
user_id=None, auth_ref=None, client=True, project_id=None,
|
||||
stub_trust_context=False):
|
||||
def _stubs_auth(self, method='token', trust_scoped=True,
|
||||
user_id=None, auth_ref=None, client=True, project_id=None,
|
||||
stub_trust_context=False, version=3):
|
||||
mock_auth_ref = self.m.CreateMockAnything()
|
||||
mock_ks_auth = self.m.CreateMockAnything()
|
||||
|
||||
if method == 'token':
|
||||
p = ks_token_endpoint.Token(token='abcd1234',
|
||||
endpoint='http://server.test:5000/v3')
|
||||
elif method == 'auth_ref':
|
||||
elif method == 'auth_ref' and version == 3:
|
||||
p = ks_auth_access.AccessInfoPlugin(
|
||||
auth_url='http://server.test:5000/v3',
|
||||
auth_ref=mox.IsA(ks_access.AccessInfo))
|
||||
auth_ref=mox.IsA(ks_access.AccessInfoV3),
|
||||
auth_url='http://server.test:5000/v3')
|
||||
elif method == 'auth_ref' and version == 2:
|
||||
p = ks_auth_access.AccessInfoPlugin(
|
||||
auth_ref=mox.IsA(ks_access.AccessInfoV2),
|
||||
auth_url='http://server.test:5000/v3')
|
||||
|
||||
elif method == 'password':
|
||||
p = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
|
||||
username='test_username',
|
||||
password='password',
|
||||
project_id=project_id or 'test_tenant_id',
|
||||
user_domain_id='adomain123')
|
||||
p = ks_auth.Password(auth_url='http://server.test:5000/v3',
|
||||
username='test_username',
|
||||
password='password',
|
||||
project_id=project_id or 'test_tenant_id',
|
||||
user_domain_id='adomain123')
|
||||
|
||||
elif method == 'trust':
|
||||
p = ks_loading.load_auth_from_conf_options(cfg.CONF,
|
||||
@ -153,7 +157,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
def test_username_length(self):
|
||||
"""Test that user names >64 characters are properly truncated."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -189,7 +193,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
def test_create_stack_user_error_norole(self):
|
||||
"""Test error path when no role is found."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -248,7 +252,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
ctx.trust_id = None
|
||||
|
||||
# mock keystone client functions
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
|
||||
mock_user = self.m.CreateMockAnything()
|
||||
mock_user.id = 'auser123'
|
||||
@ -323,7 +327,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
ctx.trust_id = None
|
||||
|
||||
# mock keystone client functions
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
|
||||
self.mock_ks_v3_client.users.delete(user='user123').AndReturn(None)
|
||||
self.m.ReplayAll()
|
||||
@ -380,7 +384,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test deleting a stack user."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -401,7 +405,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test creating the client, token auth."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
self.m.ReplayAll()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
@ -418,7 +422,9 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
expected_auth_ref = {'token': {'id': 'ctx_token', 'expires': '123'},
|
||||
'version': 'v2.0'}
|
||||
self._stubs_v3(method='auth_ref', auth_ref=expected_auth_ref)
|
||||
self._stubs_auth(method='auth_ref',
|
||||
auth_ref=expected_auth_ref,
|
||||
version=2)
|
||||
self.m.ReplayAll()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
@ -440,7 +446,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
'expires': '456',
|
||||
'version': 'v3',
|
||||
'methods': []}
|
||||
self._stubs_v3(method='auth_ref', auth_ref=expected_auth_ref)
|
||||
self._stubs_auth(method='auth_ref', auth_ref=expected_auth_ref)
|
||||
self.m.ReplayAll()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
@ -457,7 +463,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test creating the client, password auth."""
|
||||
|
||||
self._stubs_v3(method='password')
|
||||
self._stubs_auth(method='password')
|
||||
self.m.ReplayAll()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
@ -486,7 +492,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test create_trust_context with existing trust_id."""
|
||||
|
||||
self._stubs_v3(method='trust')
|
||||
self._stubs_auth(method='trust')
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
self.m.ReplayAll()
|
||||
@ -514,9 +520,9 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
id = 'atrust123'
|
||||
|
||||
self._stub_admin_auth()
|
||||
mock_ks_auth, mock_auth_ref = self._stubs_v3(user_id='5678',
|
||||
project_id='42',
|
||||
stub_trust_context=True)
|
||||
mock_ks_auth, mock_auth_ref = self._stubs_auth(user_id='5678',
|
||||
project_id='42',
|
||||
stub_trust_context=True)
|
||||
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
@ -555,9 +561,9 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
self._stub_admin_auth()
|
||||
|
||||
mock_auth, mock_auth_ref = self._stubs_v3(user_id='5678',
|
||||
project_id='42',
|
||||
stub_trust_context=True)
|
||||
mock_auth, mock_auth_ref = self._stubs_auth(user_id='5678',
|
||||
project_id='42',
|
||||
stub_trust_context=True)
|
||||
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
@ -614,7 +620,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test consuming a trust when initializing."""
|
||||
|
||||
self._stubs_v3(method='trust')
|
||||
self._stubs_auth(method='trust')
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
self.m.ReplayAll()
|
||||
@ -633,7 +639,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test consuming a trust when initializing, error scoping."""
|
||||
|
||||
self._stubs_v3(method='trust', trust_scoped=False)
|
||||
self._stubs_auth(method='trust', trust_scoped=False)
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
self.m.ReplayAll()
|
||||
@ -651,7 +657,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test consuming a trust when initializing, impersonation error."""
|
||||
|
||||
self._stubs_v3(method='trust', user_id='wrong_user_id')
|
||||
self._stubs_auth(method='trust', user_id='wrong_user_id')
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
self.m.ReplayAll()
|
||||
@ -669,7 +675,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test trust_id is takes precedence username/password specified."""
|
||||
|
||||
self._stubs_v3(method='trust')
|
||||
self._stubs_auth(method='trust')
|
||||
self.m.ReplayAll()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
@ -683,7 +689,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test trust_id takes precedence when token specified."""
|
||||
|
||||
self._stubs_v3(method='trust')
|
||||
self._stubs_auth(method='trust')
|
||||
self.m.ReplayAll()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
@ -698,7 +704,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test delete_trust when deleting trust."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
|
||||
@ -713,7 +719,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test delete_trust when trust already deleted."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
cfg.CONF.set_override('deferred_auth_method', 'trusts',
|
||||
enforce_type=True)
|
||||
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
|
||||
@ -729,7 +735,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test disabling a stack user."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -746,7 +752,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test enabling a stack user."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -793,7 +799,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
ctx.trust_id = None
|
||||
|
||||
# mock keystone client functions
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
|
||||
self.mock_ks_v3_client.users.update(user='user123', enabled=True
|
||||
).AndReturn(None)
|
||||
@ -858,7 +864,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
ctx.trust_id = None
|
||||
|
||||
# mock keystone client functions
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
|
||||
self.mock_ks_v3_client.users.update(user='user123', enabled=False
|
||||
).AndReturn(None)
|
||||
@ -930,7 +936,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
ctx.trust_id = None
|
||||
|
||||
# mock keystone client functions
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
self.mock_ks_v3_client.credentials = self.m.CreateMockAnything()
|
||||
self.mock_ks_v3_client.credentials.delete(
|
||||
'acredentialid').AndReturn(None)
|
||||
@ -984,7 +990,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
"""Test creating ec2 credentials."""
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -1056,7 +1062,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
"""Test creating ec2 credentials for domain user, fallback path."""
|
||||
self._clear_domain_override()
|
||||
|
||||
self._stubs_v3()
|
||||
self._stubs_auth()
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -1093,7 +1099,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
"""Test getting ec2 credential by id."""
|
||||
|
||||
user_id = 'atestuser'
|
||||
self._stubs_v3(user_id=user_id)
|
||||
self._stubs_auth(user_id=user_id)
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -1143,7 +1149,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
"""Test getting ec2 credential by access."""
|
||||
|
||||
user_id = 'atestuser'
|
||||
self._stubs_v3(user_id=user_id)
|
||||
self._stubs_auth(user_id=user_id)
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -1171,7 +1177,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
"""Test deleting ec2 credential by id."""
|
||||
|
||||
user_id = 'atestuser'
|
||||
self._stubs_v3(user_id=user_id)
|
||||
self._stubs_auth(user_id=user_id)
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -1198,7 +1204,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
"""Test deleting ec2 credential by access."""
|
||||
|
||||
user_id = 'atestuser'
|
||||
self._stubs_v3(user_id=user_id)
|
||||
self._stubs_auth(user_id=user_id)
|
||||
|
||||
ctx = utils.dummy_context()
|
||||
ctx.trust_id = None
|
||||
@ -1335,11 +1341,11 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
heat_ks_client.delete_stack_domain_project(project_id='aprojectid')
|
||||
|
||||
def _stub_domain_user_pw_auth(self):
|
||||
ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
|
||||
user_id='duser',
|
||||
password='apassw',
|
||||
project_id='aproject',
|
||||
user_domain_id='adomain123').AndReturn('dummyauth')
|
||||
ks_auth.Password(auth_url='http://server.test:5000/v3',
|
||||
user_id='duser',
|
||||
password='apassw',
|
||||
project_id='aproject',
|
||||
user_domain_id='adomain123').AndReturn('dummyauth')
|
||||
|
||||
def test_stack_domain_user_token(self):
|
||||
"""Test stack_domain_user_token function."""
|
||||
@ -1347,11 +1353,10 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
mock_ks_auth = self.m.CreateMockAnything()
|
||||
mock_ks_auth.get_token(mox.IsA(ks_session.Session)).AndReturn(dum_tok)
|
||||
|
||||
m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
|
||||
password='apassw',
|
||||
project_id='aproject',
|
||||
user_id='duser',
|
||||
include_catalog=False)
|
||||
m = ks_auth.Password(auth_url='http://server.test:5000/v3',
|
||||
password='apassw',
|
||||
project_id='aproject',
|
||||
user_id='duser')
|
||||
m.AndReturn(mock_ks_auth)
|
||||
|
||||
self.m.ReplayAll()
|
||||
@ -1388,7 +1393,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
|
||||
def _test_url_for(self, service_url, expected_kwargs, ctx=None, **kwargs):
|
||||
"""Testing url_for depending on different ways to pass region name."""
|
||||
mock_ks_auth, mock_auth_ref = self._stubs_v3(client=False)
|
||||
mock_ks_auth, mock_auth_ref = self._stubs_auth(client=False)
|
||||
mock_ks_auth.get_endpoint(mox.IsA(ks_session.Session),
|
||||
**expected_kwargs).AndReturn(service_url)
|
||||
|
||||
@ -1489,13 +1494,13 @@ class KeystoneClientTestDomainName(KeystoneClientTest):
|
||||
a.domain_id = domain_id
|
||||
mock_ks_auth.get_access(mox.IsA(ks_session.Session)).AndReturn(a)
|
||||
|
||||
m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
|
||||
password='adminsecret',
|
||||
domain_id=None,
|
||||
domain_name='fake_domain_name',
|
||||
user_domain_id=None,
|
||||
user_domain_name='fake_domain_name',
|
||||
username='adminuser123')
|
||||
m = ks_auth.Password(auth_url='http://server.test:5000/v3',
|
||||
password='adminsecret',
|
||||
domain_id=None,
|
||||
domain_name='fake_domain_name',
|
||||
user_domain_id=None,
|
||||
user_domain_name='fake_domain_name',
|
||||
username='adminuser123')
|
||||
|
||||
m.AndReturn(mock_ks_auth)
|
||||
|
||||
@ -1506,12 +1511,12 @@ class KeystoneClientTestDomainName(KeystoneClientTest):
|
||||
self.mock_admin_client.domains = self.mock_ks_v3_client_domain_mngr
|
||||
|
||||
def _stub_domain_user_pw_auth(self):
|
||||
ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
|
||||
user_id='duser',
|
||||
password='apassw',
|
||||
project_id='aproject',
|
||||
user_domain_name='fake_domain_name'
|
||||
).AndReturn('dummyauth')
|
||||
ks_auth.Password(auth_url='http://server.test:5000/v3',
|
||||
user_id='duser',
|
||||
password='apassw',
|
||||
project_id='aproject',
|
||||
user_domain_name='fake_domain_name'
|
||||
).AndReturn('dummyauth')
|
||||
|
||||
def test_enable_stack_domain_user_error_project(self):
|
||||
p = super(KeystoneClientTestDomainName, self)
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from keystoneauth1.identity import v3 as ks_v3_auth
|
||||
from keystoneauth1.identity import generic as ks_auth
|
||||
from keystoneauth1 import session as ks_session
|
||||
from keystoneclient import exceptions as keystone_exc
|
||||
import mox
|
||||
@ -120,10 +120,10 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
||||
self.response_headers = dict(headers)
|
||||
|
||||
def test_valid_v2_request(self):
|
||||
mock_auth = self.m.CreateMock(ks_v3_auth.Password)
|
||||
self.m.StubOutWithMock(ks_v3_auth, 'Password')
|
||||
mock_auth = self.m.CreateMock(ks_auth.Password)
|
||||
self.m.StubOutWithMock(ks_auth, 'Password')
|
||||
|
||||
ks_v3_auth.Password(
|
||||
ks_auth.Password(
|
||||
auth_url=self.config['auth_uri'],
|
||||
password='goodpassword',
|
||||
project_id='tenant_id1',
|
||||
@ -144,14 +144,14 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
||||
self.m.VerifyAll()
|
||||
|
||||
def test_valid_v3_request(self):
|
||||
mock_auth = self.m.CreateMock(ks_v3_auth.Password)
|
||||
self.m.StubOutWithMock(ks_v3_auth, 'Password')
|
||||
mock_auth = self.m.CreateMock(ks_auth.Password)
|
||||
self.m.StubOutWithMock(ks_auth, 'Password')
|
||||
|
||||
ks_v3_auth.Password(auth_url=self.config['auth_uri'],
|
||||
password='goodpassword',
|
||||
project_id='tenant_id1',
|
||||
user_domain_id='domain1',
|
||||
username='user_name1').AndReturn(mock_auth)
|
||||
ks_auth.Password(auth_url=self.config['auth_uri'],
|
||||
password='goodpassword',
|
||||
project_id='tenant_id1',
|
||||
user_domain_id='domain1',
|
||||
username='user_name1').AndReturn(mock_auth)
|
||||
|
||||
m = mock_auth.get_access(mox.IsA(ks_session.Session))
|
||||
m.AndReturn(TOKEN_V3_RESPONSE)
|
||||
@ -169,13 +169,13 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
|
||||
self.m.VerifyAll()
|
||||
|
||||
def test_request_with_bad_credentials(self):
|
||||
self.m.StubOutWithMock(ks_v3_auth, 'Password')
|
||||
self.m.StubOutWithMock(ks_auth, 'Password')
|
||||
|
||||
m = ks_v3_auth.Password(auth_url=self.config['auth_uri'],
|
||||
password='badpassword',
|
||||
project_id='tenant_id1',
|
||||
user_domain_id='domain1',
|
||||
username='user_name1')
|
||||
m = ks_auth.Password(auth_url=self.config['auth_uri'],
|
||||
password='badpassword',
|
||||
project_id='tenant_id1',
|
||||
user_domain_id='domain1',
|
||||
username='user_name1')
|
||||
m.AndRaise(keystone_exc.Unauthorized(401))
|
||||
|
||||
self.m.ReplayAll()
|
||||
|
||||
@ -198,7 +198,7 @@ class TestRequestContext(common.HeatTestCase):
|
||||
ctx = context.RequestContext(auth_url=None,
|
||||
user_domain_id='non-default',
|
||||
username='test')
|
||||
with mock.patch('keystoneauth1.identity.v3.Password') as ps:
|
||||
with mock.patch('keystoneauth1.identity.generic.Password') as ps:
|
||||
ctx.trusts_auth_plugin
|
||||
ps.assert_called_once_with(username='heat',
|
||||
password='password',
|
||||
|
||||
Loading…
Reference in New Issue
Block a user