a2b0f8a3ea
We have a goal to deprecate the kvs backends for Identity and Assignment. Before we can do this, we need to ensure our unit tests are not dependant on them. This patch sets the Identity backend for unit tests to SQL. Since, by default, the Assignment backend will pick the same backend type as Identity, this also means that it will follow suit. As well as ensuring correct database initialization, this patch moves a test that was erronously in v2_auth testing to v3. The test was passing before due to the fact that the kvs assignment driver does not correctly honor the domain boundary for all project APIs. Change-Id: I7b6e753b379a43d09ad8ea077ed6796d1f2e9a26 Partially-Closes: bug 1077282
878 lines
31 KiB
Python
878 lines
31 KiB
Python
# Copyright 2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import datetime
|
|
|
|
from oslo.utils import timeutils
|
|
|
|
from keystone import config
|
|
from keystone import exception
|
|
from keystone import tests
|
|
from keystone.tests import default_fixtures
|
|
from keystone.tests.ksfixtures import database
|
|
from keystone import token
|
|
from keystone.token.providers import pki
|
|
|
|
|
|
CONF = config.CONF
|
|
|
|
FUTURE_DELTA = datetime.timedelta(seconds=CONF.token.expiration)
|
|
CURRENT_DATE = timeutils.utcnow()
|
|
|
|
SAMPLE_V2_TOKEN = {
|
|
"access": {
|
|
"trust": {
|
|
"id": "abc123",
|
|
"trustee_user_id": "123456"
|
|
},
|
|
"serviceCatalog": [
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8774/v1.1/01257",
|
|
"id": "51934fe63a5b4ac0a32664f64eb462c3",
|
|
"internalURL": "http://localhost:8774/v1.1/01257",
|
|
"publicURL": "http://localhost:8774/v1.1/01257",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "nova",
|
|
"type": "compute"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:9292",
|
|
"id": "aaa17a539e364297a7845d67c7c7cc4b",
|
|
"internalURL": "http://localhost:9292",
|
|
"publicURL": "http://localhost:9292",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "glance",
|
|
"type": "image"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8776/v1/01257",
|
|
"id": "077d82df25304abeac2294004441db5a",
|
|
"internalURL": "http://localhost:8776/v1/01257",
|
|
"publicURL": "http://localhost:8776/v1/01257",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "volume",
|
|
"type": "volume"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8773/services/Admin",
|
|
"id": "b06997fd08414903ad458836efaa9067",
|
|
"internalURL": "http://localhost:8773/services/Cloud",
|
|
"publicURL": "http://localhost:8773/services/Cloud",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "ec2",
|
|
"type": "ec2"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8080/v1",
|
|
"id": "7bd0c643e05a4a2ab40902b2fa0dd4e6",
|
|
"internalURL": "http://localhost:8080/v1/AUTH_01257",
|
|
"publicURL": "http://localhost:8080/v1/AUTH_01257",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "swift",
|
|
"type": "object-store"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:35357/v2.0",
|
|
"id": "02850c5d1d094887bdc46e81e1e15dc7",
|
|
"internalURL": "http://localhost:5000/v2.0",
|
|
"publicURL": "http://localhost:5000/v2.0",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "keystone",
|
|
"type": "identity"
|
|
}
|
|
],
|
|
"token": {
|
|
"expires": "2013-05-22T00:02:43.941430Z",
|
|
"id": "ce4fc2d36eea4cc9a36e666ac2f1029a",
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
"tenant": {
|
|
"enabled": True,
|
|
"id": "01257",
|
|
"name": "service"
|
|
}
|
|
},
|
|
"user": {
|
|
"id": "f19ddbe2c53c46f189fe66d0a7a9c9ce",
|
|
"name": "nova",
|
|
"roles": [
|
|
{
|
|
"name": "_member_"
|
|
},
|
|
{
|
|
"name": "admin"
|
|
}
|
|
],
|
|
"roles_links": [],
|
|
"username": "nova"
|
|
}
|
|
}
|
|
}
|
|
|
|
SAMPLE_V3_TOKEN = {
|
|
"token": {
|
|
"catalog": [
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "02850c5d1d094887bdc46e81e1e15dc7",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:35357/v2.0"
|
|
},
|
|
{
|
|
"id": "446e244b75034a9ab4b0811e82d0b7c8",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:5000/v2.0"
|
|
},
|
|
{
|
|
"id": "47fa3d9f499240abb5dfcf2668f168cd",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:5000/v2.0"
|
|
}
|
|
],
|
|
"id": "26d7541715a44a4d9adad96f9872b633",
|
|
"type": "identity",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "aaa17a539e364297a7845d67c7c7cc4b",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:9292"
|
|
},
|
|
{
|
|
"id": "4fa9620e42394cb1974736dce0856c71",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:9292"
|
|
},
|
|
{
|
|
"id": "9673687f9bc441d88dec37942bfd603b",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:9292"
|
|
}
|
|
],
|
|
"id": "d27a41843f4e4b0e8cf6dac4082deb0d",
|
|
"type": "image",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "7bd0c643e05a4a2ab40902b2fa0dd4e6",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8080/v1"
|
|
},
|
|
{
|
|
"id": "43bef154594d4ccb8e49014d20624e1d",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8080/v1/AUTH_01257"
|
|
},
|
|
{
|
|
"id": "e63b5f5d7aa3493690189d0ff843b9b3",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8080/v1/AUTH_01257"
|
|
}
|
|
],
|
|
"id": "a669e152f1104810a4b6701aade721bb",
|
|
"type": "object-store",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "51934fe63a5b4ac0a32664f64eb462c3",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8774/v1.1/01257"
|
|
},
|
|
{
|
|
"id": "869b535eea0d42e483ae9da0d868ebad",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8774/v1.1/01257"
|
|
},
|
|
{
|
|
"id": "93583824c18f4263a2245ca432b132a6",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8774/v1.1/01257"
|
|
}
|
|
],
|
|
"id": "7f32cc2af6c9476e82d75f80e8b3bbb8",
|
|
"type": "compute",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "b06997fd08414903ad458836efaa9067",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8773/services/Admin"
|
|
},
|
|
{
|
|
"id": "411f7de7c9a8484c9b46c254fb2676e2",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8773/services/Cloud"
|
|
},
|
|
{
|
|
"id": "f21c93f3da014785854b4126d0109c49",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8773/services/Cloud"
|
|
}
|
|
],
|
|
"id": "b08c9c7d4ef543eba5eeb766f72e5aa1",
|
|
"type": "ec2",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "077d82df25304abeac2294004441db5a",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8776/v1/01257"
|
|
},
|
|
{
|
|
"id": "875bf282362c40219665278b4fd11467",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8776/v1/01257"
|
|
},
|
|
{
|
|
"id": "cd229aa6df0640dc858a8026eb7e640c",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8776/v1/01257"
|
|
}
|
|
],
|
|
"id": "5db21b82617f4a95816064736a7bec22",
|
|
"type": "volume",
|
|
}
|
|
],
|
|
"expires_at": "2013-05-22T00:02:43.941430Z",
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
"methods": [
|
|
"password"
|
|
],
|
|
"project": {
|
|
"domain": {
|
|
"id": "default",
|
|
"name": "Default"
|
|
},
|
|
"id": "01257",
|
|
"name": "service"
|
|
},
|
|
"roles": [
|
|
{
|
|
"id": "9fe2ff9ee4384b1894a90878d3e92bab",
|
|
"name": "_member_"
|
|
},
|
|
{
|
|
"id": "53bff13443bd4450b97f978881d47b18",
|
|
"name": "admin"
|
|
}
|
|
],
|
|
"user": {
|
|
"domain": {
|
|
"id": "default",
|
|
"name": "Default"
|
|
},
|
|
"id": "f19ddbe2c53c46f189fe66d0a7a9c9ce",
|
|
"name": "nova"
|
|
},
|
|
"OS-TRUST:trust": {
|
|
"id": "abc123",
|
|
"trustee_user_id": "123456",
|
|
"trustor_user_id": "333333",
|
|
"impersonation": False
|
|
}
|
|
}
|
|
}
|
|
|
|
SAMPLE_V2_TOKEN_WITH_EMBEDED_VERSION = {
|
|
"access": {
|
|
"trust": {
|
|
"id": "abc123",
|
|
"trustee_user_id": "123456"
|
|
},
|
|
"serviceCatalog": [
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8774/v1.1/01257",
|
|
"id": "51934fe63a5b4ac0a32664f64eb462c3",
|
|
"internalURL": "http://localhost:8774/v1.1/01257",
|
|
"publicURL": "http://localhost:8774/v1.1/01257",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "nova",
|
|
"type": "compute"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:9292",
|
|
"id": "aaa17a539e364297a7845d67c7c7cc4b",
|
|
"internalURL": "http://localhost:9292",
|
|
"publicURL": "http://localhost:9292",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "glance",
|
|
"type": "image"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8776/v1/01257",
|
|
"id": "077d82df25304abeac2294004441db5a",
|
|
"internalURL": "http://localhost:8776/v1/01257",
|
|
"publicURL": "http://localhost:8776/v1/01257",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "volume",
|
|
"type": "volume"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8773/services/Admin",
|
|
"id": "b06997fd08414903ad458836efaa9067",
|
|
"internalURL": "http://localhost:8773/services/Cloud",
|
|
"publicURL": "http://localhost:8773/services/Cloud",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "ec2",
|
|
"type": "ec2"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:8080/v1",
|
|
"id": "7bd0c643e05a4a2ab40902b2fa0dd4e6",
|
|
"internalURL": "http://localhost:8080/v1/AUTH_01257",
|
|
"publicURL": "http://localhost:8080/v1/AUTH_01257",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "swift",
|
|
"type": "object-store"
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"adminURL": "http://localhost:35357/v2.0",
|
|
"id": "02850c5d1d094887bdc46e81e1e15dc7",
|
|
"internalURL": "http://localhost:5000/v2.0",
|
|
"publicURL": "http://localhost:5000/v2.0",
|
|
"region": "RegionOne"
|
|
}
|
|
],
|
|
"endpoints_links": [],
|
|
"name": "keystone",
|
|
"type": "identity"
|
|
}
|
|
],
|
|
"token": {
|
|
"expires": "2013-05-22T00:02:43.941430Z",
|
|
"id": "ce4fc2d36eea4cc9a36e666ac2f1029a",
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
"tenant": {
|
|
"enabled": True,
|
|
"id": "01257",
|
|
"name": "service"
|
|
}
|
|
},
|
|
"user": {
|
|
"id": "f19ddbe2c53c46f189fe66d0a7a9c9ce",
|
|
"name": "nova",
|
|
"roles": [
|
|
{
|
|
"name": "_member_"
|
|
},
|
|
{
|
|
"name": "admin"
|
|
}
|
|
],
|
|
"roles_links": [],
|
|
"username": "nova"
|
|
}
|
|
},
|
|
'token_version': 'v2.0'
|
|
}
|
|
SAMPLE_V3_TOKEN_WITH_EMBEDED_VERSION = {
|
|
"token": {
|
|
"catalog": [
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "02850c5d1d094887bdc46e81e1e15dc7",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:35357/v2.0"
|
|
},
|
|
{
|
|
"id": "446e244b75034a9ab4b0811e82d0b7c8",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:5000/v2.0"
|
|
},
|
|
{
|
|
"id": "47fa3d9f499240abb5dfcf2668f168cd",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:5000/v2.0"
|
|
}
|
|
],
|
|
"id": "26d7541715a44a4d9adad96f9872b633",
|
|
"type": "identity",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "aaa17a539e364297a7845d67c7c7cc4b",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:9292"
|
|
},
|
|
{
|
|
"id": "4fa9620e42394cb1974736dce0856c71",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:9292"
|
|
},
|
|
{
|
|
"id": "9673687f9bc441d88dec37942bfd603b",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:9292"
|
|
}
|
|
],
|
|
"id": "d27a41843f4e4b0e8cf6dac4082deb0d",
|
|
"type": "image",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "7bd0c643e05a4a2ab40902b2fa0dd4e6",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8080/v1"
|
|
},
|
|
{
|
|
"id": "43bef154594d4ccb8e49014d20624e1d",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8080/v1/AUTH_01257"
|
|
},
|
|
{
|
|
"id": "e63b5f5d7aa3493690189d0ff843b9b3",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8080/v1/AUTH_01257"
|
|
}
|
|
],
|
|
"id": "a669e152f1104810a4b6701aade721bb",
|
|
"type": "object-store",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "51934fe63a5b4ac0a32664f64eb462c3",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8774/v1.1/01257"
|
|
},
|
|
{
|
|
"id": "869b535eea0d42e483ae9da0d868ebad",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8774/v1.1/01257"
|
|
},
|
|
{
|
|
"id": "93583824c18f4263a2245ca432b132a6",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8774/v1.1/01257"
|
|
}
|
|
],
|
|
"id": "7f32cc2af6c9476e82d75f80e8b3bbb8",
|
|
"type": "compute",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "b06997fd08414903ad458836efaa9067",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8773/services/Admin"
|
|
},
|
|
{
|
|
"id": "411f7de7c9a8484c9b46c254fb2676e2",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8773/services/Cloud"
|
|
},
|
|
{
|
|
"id": "f21c93f3da014785854b4126d0109c49",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8773/services/Cloud"
|
|
}
|
|
],
|
|
"id": "b08c9c7d4ef543eba5eeb766f72e5aa1",
|
|
"type": "ec2",
|
|
},
|
|
{
|
|
"endpoints": [
|
|
{
|
|
"id": "077d82df25304abeac2294004441db5a",
|
|
"interface": "admin",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8776/v1/01257"
|
|
},
|
|
{
|
|
"id": "875bf282362c40219665278b4fd11467",
|
|
"interface": "internal",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8776/v1/01257"
|
|
},
|
|
{
|
|
"id": "cd229aa6df0640dc858a8026eb7e640c",
|
|
"interface": "public",
|
|
"region": "RegionOne",
|
|
"url": "http://localhost:8776/v1/01257"
|
|
}
|
|
],
|
|
"id": "5db21b82617f4a95816064736a7bec22",
|
|
"type": "volume",
|
|
}
|
|
],
|
|
"expires_at": "2013-05-22T00:02:43.941430Z",
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
"methods": [
|
|
"password"
|
|
],
|
|
"project": {
|
|
"domain": {
|
|
"id": "default",
|
|
"name": "Default"
|
|
},
|
|
"id": "01257",
|
|
"name": "service"
|
|
},
|
|
"roles": [
|
|
{
|
|
"id": "9fe2ff9ee4384b1894a90878d3e92bab",
|
|
"name": "_member_"
|
|
},
|
|
{
|
|
"id": "53bff13443bd4450b97f978881d47b18",
|
|
"name": "admin"
|
|
}
|
|
],
|
|
"user": {
|
|
"domain": {
|
|
"id": "default",
|
|
"name": "Default"
|
|
},
|
|
"id": "f19ddbe2c53c46f189fe66d0a7a9c9ce",
|
|
"name": "nova"
|
|
},
|
|
"OS-TRUST:trust": {
|
|
"id": "abc123",
|
|
"trustee_user_id": "123456",
|
|
"trustor_user_id": "333333",
|
|
"impersonation": False
|
|
}
|
|
},
|
|
'token_version': 'v3.0'
|
|
}
|
|
|
|
|
|
def create_v2_token():
|
|
return {
|
|
"access": {
|
|
"token": {
|
|
"expires": timeutils.isotime(timeutils.utcnow() +
|
|
FUTURE_DELTA),
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
"tenant": {
|
|
"enabled": True,
|
|
"id": "01257",
|
|
"name": "service"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
SAMPLE_V2_TOKEN_EXPIRED = {
|
|
"access": {
|
|
"token": {
|
|
"expires": timeutils.isotime(CURRENT_DATE),
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
"tenant": {
|
|
"enabled": True,
|
|
"id": "01257",
|
|
"name": "service"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
def create_v3_token():
|
|
return {
|
|
"token": {
|
|
'methods': [],
|
|
"expires_at": timeutils.isotime(timeutils.utcnow() + FUTURE_DELTA),
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
}
|
|
}
|
|
|
|
|
|
SAMPLE_V3_TOKEN_EXPIRED = {
|
|
"token": {
|
|
"expires_at": timeutils.isotime(CURRENT_DATE),
|
|
"issued_at": "2013-05-21T00:02:43.941473Z",
|
|
}
|
|
}
|
|
|
|
SAMPLE_MALFORMED_TOKEN = {
|
|
"token": {
|
|
"bogus": {
|
|
"no expiration data": None
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
class TestTokenProvider(tests.TestCase):
|
|
def setUp(self):
|
|
super(TestTokenProvider, self).setUp()
|
|
self.useFixture(database.Database())
|
|
self.load_backends()
|
|
|
|
def test_get_token_version(self):
|
|
self.assertEqual(
|
|
token.provider.V2,
|
|
self.token_provider_api.get_token_version(SAMPLE_V2_TOKEN))
|
|
self.assertEqual(
|
|
token.provider.V2,
|
|
self.token_provider_api.get_token_version(
|
|
SAMPLE_V2_TOKEN_WITH_EMBEDED_VERSION))
|
|
self.assertEqual(
|
|
token.provider.V3,
|
|
self.token_provider_api.get_token_version(SAMPLE_V3_TOKEN))
|
|
self.assertEqual(
|
|
token.provider.V3,
|
|
self.token_provider_api.get_token_version(
|
|
SAMPLE_V3_TOKEN_WITH_EMBEDED_VERSION))
|
|
self.assertRaises(exception.UnsupportedTokenVersionException,
|
|
self.token_provider_api.get_token_version,
|
|
'bogus')
|
|
|
|
def test_default_token_format(self):
|
|
self.assertEqual(token.provider.PKIZ_PROVIDER,
|
|
token.provider.Manager.get_token_provider())
|
|
|
|
def test_uuid_token_format_and_no_provider(self):
|
|
self.config_fixture.config(group='signing', token_format='UUID')
|
|
self.assertEqual(token.provider.UUID_PROVIDER,
|
|
token.provider.Manager.get_token_provider())
|
|
|
|
def test_default_providers_without_token_format(self):
|
|
self.config_fixture.config(group='token',
|
|
provider=token.provider.UUID_PROVIDER)
|
|
token.provider.Manager()
|
|
|
|
self.config_fixture.config(group='token',
|
|
provider=token.provider.PKI_PROVIDER)
|
|
token.provider.Manager()
|
|
|
|
self.config_fixture.config(group='token',
|
|
provider=token.provider.PKIZ_PROVIDER)
|
|
token.provider.Manager()
|
|
|
|
def test_unsupported_token_format(self):
|
|
self.config_fixture.config(group='signing', token_format='CUSTOM')
|
|
self.assertRaises(exception.UnexpectedError,
|
|
token.provider.Manager.get_token_provider)
|
|
|
|
def test_uuid_provider(self):
|
|
self.config_fixture.config(group='token',
|
|
provider=token.provider.UUID_PROVIDER)
|
|
self.assertEqual(token.provider.UUID_PROVIDER,
|
|
token.provider.Manager.get_token_provider())
|
|
|
|
def test_provider_override_token_format(self):
|
|
self.config_fixture.config(
|
|
group='token',
|
|
provider='keystone.token.providers.pki.Test')
|
|
self.assertEqual('keystone.token.providers.pki.Test',
|
|
token.provider.Manager.get_token_provider())
|
|
|
|
self.config_fixture.config(group='signing', token_format='UUID')
|
|
self.config_fixture.config(group='token',
|
|
provider=token.provider.UUID_PROVIDER)
|
|
self.assertEqual(token.provider.UUID_PROVIDER,
|
|
token.provider.Manager.get_token_provider())
|
|
|
|
self.config_fixture.config(group='signing', token_format='PKI')
|
|
self.config_fixture.config(group='token',
|
|
provider=token.provider.PKI_PROVIDER)
|
|
self.assertEqual(token.provider.PKI_PROVIDER,
|
|
token.provider.Manager.get_token_provider())
|
|
|
|
self.config_fixture.config(group='signing', token_format='CUSTOM')
|
|
self.config_fixture.config(group='token',
|
|
provider='my.package.MyProvider')
|
|
self.assertRaises(exception.UnexpectedError,
|
|
token.provider.Manager.get_token_provider)
|
|
|
|
def test_provider_token_expiration_validation(self):
|
|
self.assertRaises(exception.TokenNotFound,
|
|
self.token_provider_api._is_valid_token,
|
|
SAMPLE_V2_TOKEN_EXPIRED)
|
|
self.assertRaises(exception.TokenNotFound,
|
|
self.token_provider_api._is_valid_token,
|
|
SAMPLE_V3_TOKEN_EXPIRED)
|
|
self.assertRaises(exception.TokenNotFound,
|
|
self.token_provider_api._is_valid_token,
|
|
SAMPLE_MALFORMED_TOKEN)
|
|
self.assertIsNone(
|
|
self.token_provider_api._is_valid_token(create_v2_token()))
|
|
self.assertIsNone(
|
|
self.token_provider_api._is_valid_token(create_v3_token()))
|
|
|
|
|
|
class TestTokenProviderOAuth1(tests.TestCase):
|
|
def setUp(self):
|
|
super(TestTokenProviderOAuth1, self).setUp()
|
|
self.useFixture(database.Database())
|
|
self.load_backends()
|
|
|
|
def config_overrides(self):
|
|
super(TestTokenProviderOAuth1, self).config_overrides()
|
|
self.config_fixture.config(group='token',
|
|
provider=token.provider.UUID_PROVIDER)
|
|
|
|
def test_uuid_provider_no_oauth_fails_oauth(self):
|
|
self.load_fixtures(default_fixtures)
|
|
self.token_provider_api.driver.oauth_api = None
|
|
self.assertRaises(exception.Forbidden,
|
|
self.token_provider_api.driver.issue_v3_token,
|
|
self.user_foo['id'], ['oauth1'])
|
|
|
|
|
|
# NOTE(ayoung): renamed to avoid automatic test detection
|
|
class PKIProviderTests(object):
|
|
|
|
def setUp(self):
|
|
super(PKIProviderTests, self).setUp()
|
|
|
|
from keystoneclient.common import cms
|
|
self.cms = cms
|
|
|
|
from keystone.common import environment
|
|
self.environment = environment
|
|
|
|
old_cms_subprocess = cms.subprocess
|
|
self.addCleanup(setattr, cms, 'subprocess', old_cms_subprocess)
|
|
|
|
old_env_subprocess = environment.subprocess
|
|
self.addCleanup(setattr, environment, 'subprocess', old_env_subprocess)
|
|
|
|
self.cms.subprocess = self.target_subprocess
|
|
self.environment.subprocess = self.target_subprocess
|
|
|
|
reload(pki) # force module reload so the imports get re-evaluated
|
|
|
|
def test_get_token_id_error_handling(self):
|
|
# cause command-line failure
|
|
self.config_fixture.config(group='signing',
|
|
keyfile='--please-break-me')
|
|
|
|
provider = pki.Provider()
|
|
token_data = {}
|
|
self.assertRaises(exception.UnexpectedError,
|
|
provider._get_token_id,
|
|
token_data)
|
|
|
|
|
|
class TestPKIProviderWithEventlet(PKIProviderTests, tests.TestCase):
|
|
|
|
def setUp(self):
|
|
# force keystoneclient.common.cms to use eventlet's subprocess
|
|
from eventlet.green import subprocess
|
|
self.target_subprocess = subprocess
|
|
|
|
super(TestPKIProviderWithEventlet, self).setUp()
|
|
|
|
|
|
class TestPKIProviderWithStdlib(PKIProviderTests, tests.TestCase):
|
|
|
|
def setUp(self):
|
|
# force keystoneclient.common.cms to use the stdlib subprocess
|
|
import subprocess
|
|
self.target_subprocess = subprocess
|
|
|
|
super(TestPKIProviderWithStdlib, self).setUp()
|