# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. import copy from mox3 import mox from django.conf import settings from django.contrib.auth import REDIRECT_FIELD_NAME from django.core.urlresolvers import reverse from django import test from keystoneclient import exceptions as keystone_exceptions from keystoneclient.v2_0 import client as client_v2 from keystoneclient.v3 import client as client_v3 from openstack_auth.tests.data_v2 import generate_test_data as data_v2 from openstack_auth.tests.data_v3 import generate_test_data as data_v3 from openstack_auth.utils import get_project_list DEFAULT_DOMAIN = settings.OPENSTACK_KEYSTONE_DEFAULT_DOMAIN class OpenStackAuthTestsV2(test.TestCase): def setUp(self): super(OpenStackAuthTestsV2, self).setUp() self.mox = mox.Mox() self.data = data_v2() self.ks_client_module = client_v2 endpoint = settings.OPENSTACK_KEYSTONE_URL self.keystone_client_unscoped = self.ks_client_module.Client( endpoint=endpoint, auth_ref=self.data.unscoped_access_info) self.keystone_client_scoped = self.ks_client_module.Client( endpoint=endpoint, auth_ref=self.data.scoped_access_info) settings.OPENSTACK_API_VERSIONS['identity'] = 2.0 settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0" def tearDown(self): self.mox.UnsetStubs() self.mox.VerifyAll() def _login(self): tenants = [self.data.tenant_one, self.data.tenant_two] user = self.data.user unscoped = self.data.unscoped_access_info form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn(tenants) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.tenant_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) def test_login(self): self._login() def test_login_with_disabled_tenants(self): # Test to validate that authentication will try to get # scoped token if the first project is disabled. tenants = [self.data.tenant_one, self.data.tenant_two] user = self.data.user unscoped = self.data.unscoped_access_info form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn(tenants) exc = keystone_exceptions.AuthorizationFailure self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.tenant_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndRaise(exc) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.tenant_one.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) def test_no_enabled_tenants(self): tenants = [self.data.tenant_one, self.data.tenant_two] user = self.data.user unscoped = self.data.unscoped_access_info form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn(tenants) exc = keystone_exceptions.AuthorizationFailure self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.tenant_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndRaise(exc) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.tenant_one.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndRaise(exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, 'Unable to authenticate to any available' ' projects.') def test_no_tenants(self): user = self.data.user form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn([]) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, 'You are not authorized for any projects.') def test_invalid_credentials(self): user = self.data.user form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': "invalid", 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") exc = keystone_exceptions.Unauthorized(401) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password="invalid", username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False).AndRaise(exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, "Invalid user name or password.") def test_exception(self): user = self.data.user form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") exc = keystone_exceptions.ClientException(500) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False).AndRaise(exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, ("An error occurred authenticating. Please try " "again later.")) def test_redirect_when_already_logged_in(self): self._login() response = self.client.get(reverse('login')) self.assertEqual(response.status_code, 302) self.assertNotIn(reverse('login'), response['location']) def test_dont_redirect_when_already_logged_in_if_next_is_set(self): self._login() expected_url = "%s?%s=/%s/" % (reverse('login'), REDIRECT_FIELD_NAME, 'special') response = self.client.get(expected_url) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, 'auth/login.html') def test_switch(self, next=None): tenant = self.data.tenant_two tenants = [self.data.tenant_one, self.data.tenant_two] user = self.data.user unscoped = self.data.unscoped_access_info scoped = self.data.scoped_access_info sc = self.data.service_catalog et = getattr(settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL') form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'username': user.name, 'password': user.password} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False) \ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn(tenants) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.tenant_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.ks_client_module.Client(auth_url=sc.url_for(endpoint_type=et), tenant_id=tenant.id, token=scoped.auth_token, insecure=False, cacert=None, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) url = reverse('switch_tenants', args=[tenant.id]) scoped['token']['tenant']['id'] = self.data.tenant_two.id if next: form_data.update({REDIRECT_FIELD_NAME: next}) response = self.client.get(url, form_data) if next: expected_url = 'http://testserver%s' % next self.assertEqual(response['location'], expected_url) else: self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) self.assertEqual(self.client.session['token'].tenant['id'], scoped.tenant_id) def test_switch_with_next(self): self.test_switch(next='/next_url') def test_switch_region(self, next=None): tenants = [self.data.tenant_one, self.data.tenant_two] user = self.data.user unscoped = self.data.unscoped_access_info sc = self.data.service_catalog form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'username': user.name, 'password': user.password} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False) \ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn(tenants) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.tenant_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) old_region = sc.get_endpoints()['compute'][0]['region'] self.assertEqual(self.client.session['services_region'], old_region) region = sc.get_endpoints()['compute'][1]['region'] url = reverse('switch_services_region', args=[region]) form_data['region_name'] = region if next: form_data.update({REDIRECT_FIELD_NAME: next}) response = self.client.get(url, form_data) if next: expected_url = 'http://testserver%s' % next self.assertEqual(response['location'], expected_url) else: self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) self.assertEqual(self.client.session['services_region'], region) def test_switch_region_with_next(self, next=None): self.test_switch_region(next='/next_url') def test_tenant_sorting(self): tenants = [self.data.tenant_two, self.data.tenant_one] expected_tenants = [self.data.tenant_one, self.data.tenant_two] user = self.data.user unscoped = self.data.unscoped_access_info self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.tenants, "list") self.ks_client_module.Client(user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.tenants.list().AndReturn(tenants) self.mox.ReplayAll() tenant_list = get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(tenant_list, expected_tenants) def EndpointMetaFactory(endpoint_type): def endpoint_wrapper(func): def new_func(*args, **kwargs): _endpoint_type = getattr(settings, 'OPENSTACK_ENDPOINT_TYPE', None) # set settings.OPENSTACK_ENDPOINT_TYPE to given value setattr(settings, 'OPENSTACK_ENDPOINT_TYPE', endpoint_type) # ensure that ret won't be touched by del/setattr below ret = copy.deepcopy(func(*args, **kwargs)) # and restore it if _endpoint_type is None: del settings.OPENSTACK_ENDPOINT_TYPE else: setattr(settings, 'OPENSTACK_ENDPOINT_TYPE', _endpoint_type) return ret return new_func class EndPointMeta(type): # wrap each test with OPENSTACK_ENDPOINT_TYPE parameter set/restore def __new__(cls, name, bases, attrs): base, = bases for k, v in base.__dict__.iteritems(): if not k.startswith('__') and getattr(v, '__call__', None): attrs[k] = endpoint_wrapper(v) return super(EndPointMeta, cls).__new__(cls, name, bases, attrs) return EndPointMeta class OpenStackAuthTestsV2WithPublicURL(OpenStackAuthTestsV2): """Test V2 with settings.OPENSTACK_ENDPOINT_TYPE = 'publicURL'.""" __metaclass__ = EndpointMetaFactory('publicURL') class OpenStackAuthTestsV2WithInternalURL(OpenStackAuthTestsV2): """Test V2 with settings.OPENSTACK_ENDPOINT_TYPE = 'internalURL'.""" __metaclass__ = EndpointMetaFactory('internalURL') class OpenStackAuthTestsV2WithAdminURL(OpenStackAuthTestsV2): """Test V2 with settings.OPENSTACK_ENDPOINT_TYPE = 'adminURL'.""" __metaclass__ = EndpointMetaFactory('adminURL') class OpenStackAuthTestsV3(test.TestCase): def setUp(self): super(OpenStackAuthTestsV3, self).setUp() self.mox = mox.Mox() self.data = data_v3() self.ks_client_module = client_v3 endpoint = settings.OPENSTACK_KEYSTONE_URL self.keystone_client_unscoped = self.ks_client_module.Client( endpoint=endpoint, auth_ref=self.data.unscoped_access_info) self.keystone_client_scoped = self.ks_client_module.Client( endpoint=endpoint, auth_ref=self.data.scoped_access_info) settings.OPENSTACK_API_VERSIONS['identity'] = 3 settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3" def tearDown(self): self.mox.UnsetStubs() self.mox.VerifyAll() def test_login(self): projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.project_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) def test_login_with_disabled_projects(self): projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) exc = keystone_exceptions.AuthorizationFailure self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.project_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndRaise(exc) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.project_one.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) def test_no_enabled_projects(self): projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) exc = keystone_exceptions.AuthorizationFailure self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.project_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndRaise(exc) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.project_one.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndRaise(exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, 'Unable to authenticate to any available' ' projects.') def test_no_projects(self): user = self.data.user form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn([]) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, 'You are not authorized for any projects.') def test_invalid_credentials(self): user = self.data.user form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': "invalid", 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") exc = keystone_exceptions.Unauthorized(401) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password="invalid", username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False).AndRaise(exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, "Invalid user name or password.") def test_exception(self): user = self.data.user form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'password': user.password, 'username': user.name} self.mox.StubOutWithMock(self.ks_client_module, "Client") exc = keystone_exceptions.ClientException(500) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False).AndRaise(exc) self.mox.ReplayAll() url = reverse('login') # GET the page to set the test cookie. response = self.client.get(url, form_data) self.assertEqual(response.status_code, 200) # POST to the page to log in. response = self.client.post(url, form_data) self.assertTemplateUsed(response, 'auth/login.html') self.assertContains(response, ("An error occurred authenticating. Please try " "again later.")) def test_switch(self, next=None): project = self.data.project_two projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info scoped = self.data.scoped_access_info sc = self.data.service_catalog et = getattr(settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL') form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'username': user.name, 'password': user.password} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False) \ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.project_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.ks_client_module.Client(auth_url=sc.url_for(endpoint_type=et), tenant_id=project.id, token=scoped.auth_token, insecure=False, cacert=None, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) url = reverse('switch_tenants', args=[project.id]) scoped['project']['id'] = self.data.project_two.id if next: form_data.update({REDIRECT_FIELD_NAME: next}) response = self.client.get(url, form_data) if next: expected_url = 'http://testserver%s' % next self.assertEqual(response['location'], expected_url) else: self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) self.assertEqual(self.client.session['token'].project['id'], scoped.project_id) def test_switch_with_next(self): self.test_switch(next='/next_url') def test_switch_region(self, next=None): projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info sc = self.data.service_catalog form_data = {'region': settings.OPENSTACK_KEYSTONE_URL, 'domain': DEFAULT_DOMAIN, 'username': user.name, 'password': user.password} self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, password=user.password, username=user.name, user_domain_name=DEFAULT_DOMAIN, insecure=False, cacert=None, debug=False) \ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) self.ks_client_module.Client(auth_url=settings.OPENSTACK_KEYSTONE_URL, tenant_id=self.data.project_two.id, insecure=False, cacert=None, token=unscoped.auth_token, debug=False) \ .AndReturn(self.keystone_client_scoped) self.mox.ReplayAll() url = reverse('login') response = self.client.get(url) self.assertEqual(response.status_code, 200) response = self.client.post(url, form_data) self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) old_region = sc.get_endpoints()['compute'][0]['region'] self.assertEqual(self.client.session['services_region'], old_region) region = sc.get_endpoints()['compute'][1]['region'] url = reverse('switch_services_region', args=[region]) form_data['region_name'] = region if next: form_data.update({REDIRECT_FIELD_NAME: next}) response = self.client.get(url, form_data) if next: expected_url = 'http://testserver%s' % next self.assertEqual(response['location'], expected_url) else: self.assertRedirects(response, settings.LOGIN_REDIRECT_URL) self.assertEqual(self.client.session['services_region'], region) def test_switch_region_with_next(self, next=None): self.test_switch_region(next='/next_url') def test_tenant_sorting(self): projects = [self.data.project_two, self.data.project_one] expected_projects = [self.data.project_one, self.data.project_two] user = self.data.user unscoped = self.data.unscoped_access_info self.mox.StubOutWithMock(self.ks_client_module, "Client") self.mox.StubOutWithMock(self.keystone_client_unscoped.projects, "list") self.ks_client_module.Client(user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False)\ .AndReturn(self.keystone_client_unscoped) self.keystone_client_unscoped.projects.list(user=user.id) \ .AndReturn(projects) self.mox.ReplayAll() project_list = get_project_list( user_id=user.id, auth_url=settings.OPENSTACK_KEYSTONE_URL, token=unscoped.auth_token, insecure=False, cacert=None, debug=False) self.assertEqual(project_list, expected_projects) class OpenStackAuthTestsV3WithPublicURL(OpenStackAuthTestsV3): """Test V3 with settings.OPENSTACK_ENDPOINT_TYPE = 'publicURL'.""" __metaclass__ = EndpointMetaFactory('publicURL') class OpenStackAuthTestsV3WithInternalURL(OpenStackAuthTestsV3): """Test V3 with settings.OPENSTACK_ENDPOINT_TYPE = 'internalURL'.""" __metaclass__ = EndpointMetaFactory('internalURL') class OpenStackAuthTestsV3WithAdminURL(OpenStackAuthTestsV3): """Test V3 with settings.OPENSTACK_ENDPOINT_TYPE = 'adminURL'.""" __metaclass__ = EndpointMetaFactory('adminURL')