openstack/deb-python-openstacksdk
Code Issues Proposed changes

Prepare for auth plugins

Browse Source 
In order to get ready for auth plugins I kind of needed to
turn auth plugins on their head.  The goals:

* The plugin should know what to construct based on what the
  user provides.  If a token is provided, use it.
* If a token is provided and it expires, allow the user to reauth
  with user name and password without the user having to do
  anything special.
* Support auth plugin names like identity_v2 and identity_v3 where
  the user does not need to know exactly what method they are
  using.
* Keep is simple.

In the simple department, I think this makes it simplier for the
user.

Change-Id: I7778438930bad2a32f79189b46d4fe7dbfbb67f6
This commit is contained in:
Terry Howe
2014-09-09 08:41:02 -06:00
parent b027df1f6c
commit 549301b24b
9 changed files with 354 additions and 304 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
openstack/auth/base.py
View File

@@ -69,3 +69,13 @@ class BaseAuthPlugin(object):
If nothing happens returns False to indicate give up. If nothing happens returns False to indicate give up.
""" """
return False return False
@classmethod
def get_options(cls):
"""Return the list of parameters associated with the auth plugin.
This list may be used to generate arguments.
:returns list: A list of strings describing plugin parameters.
"""
return []

20
openstack/auth/identity/authenticator.py
View File

@@ -46,8 +46,7 @@ def create(username=None, password=None, token=None, auth_url=None,
version = version.lower().replace('v', '') version = version.lower().replace('v', '')
version = version.split('.')[0] version = version.split('.')[0]
if version == '3': if version == '3':
if not token: args = {'user_name': username, 'password': password}
args = {'username': username, 'password': password}
if project_name: if project_name:
args['project_name'] = project_name args['project_name'] = project_name
if domain_name: if domain_name:
@@ -56,16 +55,15 @@ def create(username=None, password=None, token=None, auth_url=None,
args['project_domain_name'] = project_domain_name args['project_domain_name'] = project_domain_name
if user_domain_name: if user_domain_name:
args['user_domain_name'] = user_domain_name args['user_domain_name'] = user_domain_name
return v3.Password(auth_url, **args) if token:
else: args['token'] = token
return v3.Token(auth_url, token=token) return v3.Auth(auth_url, **args)
elif version == '2': elif version == '2':
if not token: args = {'user_name': username, 'password': password}
args = {}
if project_name: if project_name:
args['tenant_name'] = project_name args['project_name'] = project_name
return v2.Password(auth_url, username, password, **args) if token:
else: args['token'] = token
return v2.Token(auth_url, token) return v2.Auth(auth_url, **args)
msg = ("No support for identity version: %s" % version) msg = ("No support for identity version: %s" % version)
raise exceptions.NoMatchingPlugin(msg) raise exceptions.NoMatchingPlugin(msg)

1
openstack/auth/identity/base.py
View File

@@ -70,6 +70,7 @@ class BaseIdentityPlugin(base.BaseAuthPlugin):
if self.access_info.will_expire_soon(self.BEST_BEFORE_SECONDS): if self.access_info.will_expire_soon(self.BEST_BEFORE_SECONDS):
# if it's about to expire we should re-authenticate now. # if it's about to expire we should re-authenticate now.
self.invalidate()
return True return True
# otherwise it's fine and use the existing one. # otherwise it's fine and use the existing one.

121
openstack/auth/identity/v2.py
View File

@@ -12,11 +12,8 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import abc
import logging import logging
import six
from openstack.auth import access from openstack.auth import access
from openstack.auth.identity import base from openstack.auth.identity import base
from openstack import exceptions from openstack import exceptions
@@ -24,30 +21,59 @@ from openstack import exceptions
_logger = logging.getLogger(__name__) _logger = logging.getLogger(__name__)
@six.add_metaclass(abc.ABCMeta)
class Auth(base.BaseIdentityPlugin): class Auth(base.BaseIdentityPlugin):
valid_options = [
'auth_url',
'user_name',
'user_id',
'password',
'project_id',
'project_name',
'reauthenticate',
'token',
'trust_id',
]
def __init__(self, auth_url, def __init__(self, auth_url,
trust_id=None, user_name=None,
tenant_id=None, user_id=None,
tenant_name=None, password='',
reauthenticate=True): token=None,
project_id=None,
project_name=None,
reauthenticate=True,
trust_id=None):
"""Construct an Identity V2 Authentication Plugin. """Construct an Identity V2 Authentication Plugin.
A user_name, user_id or token must be provided.
:param string auth_url: Identity service endpoint for authorization. :param string auth_url: Identity service endpoint for authorization.
:param string user_name: Username for authentication.
:param string user_id: User ID for authentication.
:param string password: Password for authentication.
:param string project_id: Tenant ID for project scoping.
:param string project_name: Tenant name for project scoping.
:param bool reauthenticate: Get new token if token expires.
:param string token: Existing token for authentication.
:param string trust_id: Trust ID for trust scoping. :param string trust_id: Trust ID for trust scoping.
:param string tenant_id: Tenant ID for project scoping.
:param string tenant_name: Tenant name for project scoping. :raises TypeError: if a user_id, user_name or token is not provided.
:param bool reauthenticate: Allow fetching a new token if the current
one is going to expire.
(optional) default True
""" """
super(Auth, self).__init__(auth_url=auth_url, super(Auth, self).__init__(auth_url=auth_url,
reauthenticate=reauthenticate) reauthenticate=reauthenticate)
if not (user_id or user_name or token):
msg = 'You need to specify either a user_name, user_id or token'
raise TypeError(msg)
self.user_id = user_id
self.user_name = user_name
self.password = password
self.token = token
self.trust_id = trust_id self.trust_id = trust_id
self.tenant_id = tenant_id self.tenant_id = project_id
self.tenant_name = tenant_name self.tenant_name = project_name
def authorize(self, transport, **kwargs): def authorize(self, transport, **kwargs):
headers = {'Accept': 'application/json'} headers = {'Accept': 'application/json'}
@@ -71,64 +97,19 @@ class Auth(base.BaseIdentityPlugin):
return access.AccessInfoV2(**resp_data) return access.AccessInfoV2(**resp_data)
@abc.abstractmethod def get_auth_data(self, headers):
def get_auth_data(self, headers=None): if self.token is None:
"""Return the authentication section of an auth plugin.
:param dict headers: The headers that will be sent with the auth
request if a plugin needs to add to them.
:return dict: A dict of authentication data for the auth type.
"""
class Password(Auth):
def __init__(self, auth_url, username=None, password=None, user_id=None,
**kwargs):
"""A plugin for authenticating with a username and password.
A username or user_id must be provided.
:param string auth_url: Identity service endpoint for authorization.
:param string username: Username for authentication.
:param string password: Password for authentication.
:param string user_id: User ID for authentication.
:raises TypeError: if a user_id or username is not provided.
"""
super(Password, self).__init__(auth_url, **kwargs)
if not (user_id or username):
msg = 'You need to specify either a username or user_id'
raise TypeError(msg)
self.user_id = user_id
self.username = username
self.password = password
def get_auth_data(self, headers=None):
auth = {'password': self.password} auth = {'password': self.password}
if self.user_name:
if self.username: auth['username'] = self.user_name
auth['username'] = self.username
elif self.user_id: elif self.user_id:
auth['userId'] = self.user_id auth['userId'] = self.user_id
return {'passwordCredentials': auth} return {'passwordCredentials': auth}
class Token(Auth):
def __init__(self, auth_url, token, **kwargs):
"""A plugin for authenticating with an existing token.
:param string auth_url: Identity service endpoint for authorization.
:param string token: Existing token for authentication.
"""
super(Token, self).__init__(auth_url, **kwargs)
self.token = token
def get_auth_data(self, headers=None):
if headers is not None:
headers['X-Auth-Token'] = self.token headers['X-Auth-Token'] = self.token
return {'token': {'id': self.token}} return {'token': {'id': self.token}}
def invalidate(self):
if super(Auth, self).invalidate():
self.token = None
return True
return False

171
openstack/auth/identity/v3.py
View File

@@ -26,42 +26,90 @@ _logger = logging.getLogger(__name__)
class Auth(base.BaseIdentityPlugin): class Auth(base.BaseIdentityPlugin):
def __init__(self, auth_url, auth_methods, valid_options = [
trust_id=None, 'auth_url',
'domain_id',
'domain_name',
'password',
'project_domain_id',
'project_domain_name',
'project_id',
'project_name',
'reauthenticate',
'token',
'trust_id',
'user_domain_id',
'user_domain_name',
'user_id',
'user_name',
]
def __init__(self, auth_url,
domain_id=None, domain_id=None,
domain_name=None, domain_name=None,
project_id=None, password='',
project_name=None,
project_domain_id=None, project_domain_id=None,
project_domain_name=None, project_domain_name=None,
reauthenticate=True): project_id=None,
project_name=None,
reauthenticate=True,
token=None,
trust_id=None,
user_domain_id=None,
user_domain_name=None,
user_id=None,
user_name=None):
"""Construct an Identity V3 Authentication Plugin. """Construct an Identity V3 Authentication Plugin.
This authorization plugin should be constructed with a password
and user_id or user_name. It may also be constructed with a token.
:param string auth_url: Identity service endpoint for authentication. :param string auth_url: Identity service endpoint for authentication.
:param list auth_methods: A collection of methods to authenticate with.
:param string trust_id: Trust ID for trust scoping.
:param string domain_id: Domain ID for domain scoping. :param string domain_id: Domain ID for domain scoping.
:param string domain_name: Domain name for domain scoping. :param string domain_name: Domain name for domain scoping.
:param string project_id: Project ID for project scoping. :param string password: User password for authentication.
:param string project_name: Project name for project scoping.
:param string project_domain_id: Project's domain ID for project. :param string project_domain_id: Project's domain ID for project.
:param string project_domain_name: Project's domain name for project. :param string project_domain_name: Project's domain name for project.
:param bool reauthenticate: Allow fetching a new token if the current :param string project_id: Project ID for project scoping.
one is going to expire. :param string project_name: Project name for project scoping.
(optional) default True :param bool reauthenticate: Get new token if token expires.
:param string token: Token to use for authentication.
:param string trust_id: Trust ID for trust scoping.
:param string user_domain_id: User's domain ID for authentication.
:param string user_domain_name: User's domain name for authentication.
:param string user_name: User name for authentication.
:param string user_id: User ID for authentication.
:raises TypeError: if a user_id, user_name or token is not provided.
""" """
super(Auth, self).__init__(auth_url=auth_url, super(Auth, self).__init__(auth_url=auth_url,
reauthenticate=reauthenticate) reauthenticate=reauthenticate)
self.auth_methods = auth_methods if not (user_id or user_name or token):
self.trust_id = trust_id msg = 'You need to specify either a user_name, user_id or token'
raise TypeError(msg)
self.domain_id = domain_id self.domain_id = domain_id
self.domain_name = domain_name self.domain_name = domain_name
self.project_id = project_id
self.project_name = project_name
self.project_domain_id = project_domain_id self.project_domain_id = project_domain_id
self.project_domain_name = project_domain_name self.project_domain_name = project_domain_name
self.project_id = project_id
self.project_name = project_name
self.reauthenticate = reauthenticate
self.trust_id = trust_id
self.password_method = PasswordMethod(
password=password,
user_domain_id=user_domain_id,
user_domain_name=user_domain_name,
user_name=user_name,
user_id=user_id,
)
if token:
self.token_method = TokenMethod(token=token)
self.auth_methods = [self.token_method]
else:
self.auth_methods = [self.password_method]
@property @property
def token_url(self): def token_url(self):
@@ -120,6 +168,12 @@ class Auth(base.BaseIdentityPlugin):
return access.AccessInfoV3(resp.headers['X-Subject-Token'], return access.AccessInfoV3(resp.headers['X-Subject-Token'],
**resp_data) **resp_data)
def invalidate(self):
if super(Auth, self).invalidate():
self.auth_methods = [self.password_method]
return True
return False
@six.add_metaclass(abc.ABCMeta) @six.add_metaclass(abc.ABCMeta)
class AuthMethod(object): class AuthMethod(object):
@@ -128,27 +182,10 @@ class AuthMethod(object):
V3 Tokens allow multiple methods to be presented when authentication V3 Tokens allow multiple methods to be presented when authentication
against the server. Each one of these methods is implemented by an against the server. Each one of these methods is implemented by an
AuthMethod. AuthMethod.
Note: When implementing an AuthMethod use the method_parameters
and do not use positional arguments. Otherwise they can't be picked up by
the factory method and don't work as well with AuthConstructors.
""" """
_method_parameters = []
def __init__(self, **kwargs): def __init__(self, **kwargs):
for param in self._method_parameters: for param in kwargs:
setattr(self, param, kwargs.pop(param, None)) setattr(self, param, kwargs.get(param, None))
if kwargs:
msg = "Unexpected Attributes: %s" % ", ".join(kwargs.keys())
raise AttributeError(msg)
@classmethod
def _extract_kwargs(cls, kwargs):
"""Remove parameters related to this method from other kwargs."""
return dict([(p, kwargs.pop(p, None))
for p in cls._method_parameters])
@abc.abstractmethod @abc.abstractmethod
def get_auth_data(self, transport, auth, headers, **kwargs): def get_auth_data(self, transport, auth, headers, **kwargs):
@@ -163,53 +200,14 @@ class AuthMethod(object):
""" """
@six.add_metaclass(abc.ABCMeta)
class _AuthConstructor(Auth):
"""AuthConstructor creates an authentication plugin with one method.
AuthConstructor is a means of creating an authentication plugin that
contains only one authentication method. This is generally the required
usage.
An AuthConstructor creates an AuthMethod based on the method's
arguments and the auth_method_class defined by the plugin. It then
creates the auth plugin with only that authentication method.
"""
_auth_method_class = None
def __init__(self, auth_url, *args, **kwargs):
method_kwargs = self._auth_method_class._extract_kwargs(kwargs)
method = self._auth_method_class(*args, **method_kwargs)
super(_AuthConstructor, self).__init__(auth_url, [method], **kwargs)
class PasswordMethod(AuthMethod): class PasswordMethod(AuthMethod):
_method_parameters = ['user_id',
'username',
'user_domain_id',
'user_domain_name',
'password']
def __init__(self, **kwargs):
"""Construct a User/Password based authentication method.
:param string password: Password for authentication.
:param string username: Username for authentication.
:param string user_id: User ID for authentication.
:param string user_domain_id: User's domain ID for authentication.
:param string user_domain_name: User's domain name for authentication.
"""
super(PasswordMethod, self).__init__(**kwargs)
def get_auth_data(self, transport, auth, headers, **kwargs): def get_auth_data(self, transport, auth, headers, **kwargs):
user = {'password': self.password} user = {'password': self.password}
if self.user_id: if self.user_id:
user['id'] = self.user_id user['id'] = self.user_id
elif self.username: elif self.user_name:
user['name'] = self.username user['name'] = self.user_name
if self.user_domain_id: if self.user_domain_id:
user['domain'] = {'id': self.user_domain_id} user['domain'] = {'id': self.user_domain_id}
@@ -219,28 +217,7 @@ class PasswordMethod(AuthMethod):
return 'password', {'user': user} return 'password', {'user': user}
class Password(_AuthConstructor):
_auth_method_class = PasswordMethod
class TokenMethod(AuthMethod): class TokenMethod(AuthMethod):
_method_parameters = ['token']
def __init__(self, **kwargs):
"""Construct an Auth plugin to fetch a token from a token.
:param string token: Token for authentication.
"""
super(TokenMethod, self).__init__(**kwargs)
def get_auth_data(self, transport, auth, headers, **kwargs): def get_auth_data(self, transport, auth, headers, **kwargs):
headers['X-Auth-Token'] = self.token headers['X-Auth-Token'] = self.token
return 'token', {'id': self.token} return 'token', {'id': self.token}
class Token(_AuthConstructor):
_auth_method_class = TokenMethod
def __init__(self, auth_url, token, **kwargs):
super(Token, self).__init__(auth_url, token=token, **kwargs)

4
openstack/tests/auth/identity/test_authenticator.py
View File

@@ -28,7 +28,7 @@ class TestAuthenticatorCreate(base.TestCase):
project_domain_name='8', project_domain_name='8',
user_domain_name='9', user_domain_name='9',
) )
self.assertEqual('1', auth.auth_methods[0].username) self.assertEqual('1', auth.auth_methods[0].user_name)
self.assertEqual('2', auth.auth_methods[0].password) self.assertEqual('2', auth.auth_methods[0].password)
self.assertEqual('4', auth.auth_url) self.assertEqual('4', auth.auth_url)
self.assertEqual('6', auth.project_name) self.assertEqual('6', auth.project_name)
@@ -57,7 +57,7 @@ class TestAuthenticatorCreate(base.TestCase):
version='2', version='2',
project_name='6', project_name='6',
) )
self.assertEqual('1', auth.username) self.assertEqual('1', auth.user_name)
self.assertEqual('2', auth.password) self.assertEqual('2', auth.password)
self.assertEqual('4', auth.auth_url) self.assertEqual('4', auth.auth_url)
self.assertEqual('6', auth.tenant_name) self.assertEqual('6', auth.tenant_name)

92
openstack/tests/auth/identity/test_v2.py
View File

@@ -25,35 +25,45 @@ TEST_RESPONSE_DICT = common.TEST_RESPONSE_DICT_V2
class TestV2Auth(testtools.TestCase): class TestV2Auth(testtools.TestCase):
def test_password(self): def test_password(self):
kargs = {'trust_id': common.TEST_TRUST_ID, kargs = {
'tenant_id': common.TEST_TENANT_ID, 'password': common.TEST_PASS,
'tenant_name': common.TEST_TENANT_NAME} 'project_id': common.TEST_TENANT_ID,
'project_name': common.TEST_TENANT_NAME,
'trust_id': common.TEST_TRUST_ID,
'user_name': common.TEST_USER,
}
sot = v2.Password(TEST_URL, common.TEST_USER, common.TEST_PASS, sot = v2.Auth(TEST_URL, **kargs)
**kargs)
self.assertEqual(common.TEST_USER, sot.username) self.assertEqual(common.TEST_USER, sot.user_name)
self.assertEqual(common.TEST_PASS, sot.password) self.assertEqual(common.TEST_PASS, sot.password)
self.assertEqual(common.TEST_TRUST_ID, sot.trust_id) self.assertEqual(common.TEST_TRUST_ID, sot.trust_id)
self.assertEqual(common.TEST_TENANT_ID, sot.tenant_id) self.assertEqual(common.TEST_TENANT_ID, sot.tenant_id)
self.assertEqual(common.TEST_TENANT_NAME, sot.tenant_name) self.assertEqual(common.TEST_TENANT_NAME, sot.tenant_name)
expected = {'passwordCredentials': {'password': common.TEST_PASS, expected = {'passwordCredentials': {'password': common.TEST_PASS,
'username': common.TEST_USER}} 'username': common.TEST_USER}}
self.assertEqual(expected, sot.get_auth_data()) headers = {}
self.assertEqual(expected, sot.get_auth_data(headers))
self.assertEqual({}, headers)
def test_token(self): def test_token(self):
kargs = {'trust_id': common.TEST_TRUST_ID, kargs = {
'tenant_id': common.TEST_TENANT_ID, 'project_id': common.TEST_TENANT_ID,
'tenant_name': common.TEST_TENANT_NAME} 'project_name': common.TEST_TENANT_NAME,
'token': common.TEST_TOKEN,
'trust_id': common.TEST_TRUST_ID,
}
sot = v2.Token(TEST_URL, common.TEST_TOKEN, **kargs) sot = v2.Auth(TEST_URL, **kargs)
self.assertEqual(common.TEST_TOKEN, sot.token) self.assertEqual(common.TEST_TOKEN, sot.token)
self.assertEqual(common.TEST_TRUST_ID, sot.trust_id) self.assertEqual(common.TEST_TRUST_ID, sot.trust_id)
self.assertEqual(common.TEST_TENANT_ID, sot.tenant_id) self.assertEqual(common.TEST_TENANT_ID, sot.tenant_id)
self.assertEqual(common.TEST_TENANT_NAME, sot.tenant_name) self.assertEqual(common.TEST_TENANT_NAME, sot.tenant_name)
expected = {'token': {'id': common.TEST_TOKEN}} expected = {'token': {'id': common.TEST_TOKEN}}
self.assertEqual(expected, sot.get_auth_data()) headers = {}
self.assertEqual(expected, sot.get_auth_data(headers))
self.assertEqual({'X-Auth-Token': common.TEST_TOKEN}, headers)
def create_mock_transport(self, xresp): def create_mock_transport(self, xresp):
transport = mock.Mock() transport = mock.Mock()
@@ -65,10 +75,13 @@ class TestV2Auth(testtools.TestCase):
return transport return transport
def test_authorize_tenant_id(self): def test_authorize_tenant_id(self):
kargs = {'trust_id': common.TEST_TRUST_ID, kargs = {
'tenant_id': common.TEST_TENANT_ID, 'project_id': common.TEST_TENANT_ID,
'tenant_name': common.TEST_TENANT_NAME} 'project_name': common.TEST_TENANT_NAME,
sot = v2.Token(TEST_URL, common.TEST_TOKEN, **kargs) 'token': common.TEST_TOKEN,
'trust_id': common.TEST_TRUST_ID,
}
sot = v2.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(TEST_RESPONSE_DICT) xport = self.create_mock_transport(TEST_RESPONSE_DICT)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -85,8 +98,11 @@ class TestV2Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_tenant_name(self): def test_authorize_tenant_name(self):
kargs = {'tenant_name': common.TEST_TENANT_NAME} kargs = {
sot = v2.Token(TEST_URL, common.TEST_TOKEN, **kargs) 'project_name': common.TEST_TENANT_NAME,
'token': common.TEST_TOKEN,
}
sot = v2.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(TEST_RESPONSE_DICT) xport = self.create_mock_transport(TEST_RESPONSE_DICT)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -102,7 +118,8 @@ class TestV2Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_token_only(self): def test_authorize_token_only(self):
sot = v2.Token(TEST_URL, common.TEST_TOKEN) kargs = {'token': common.TEST_TOKEN}
sot = v2.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(TEST_RESPONSE_DICT) xport = self.create_mock_transport(TEST_RESPONSE_DICT)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -117,7 +134,42 @@ class TestV2Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_bad_response(self): def test_authorize_bad_response(self):
sot = v2.Token(TEST_URL, common.TEST_TOKEN) kargs = {'token': common.TEST_TOKEN}
sot = v2.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport({}) xport = self.create_mock_transport({})
self.assertRaises(exceptions.InvalidResponse, sot.authorize, xport) self.assertRaises(exceptions.InvalidResponse, sot.authorize, xport)
def test_invalidate(self):
kargs = {
'password': common.TEST_PASS,
'token': common.TEST_TOKEN,
'user_name': common.TEST_USER,
}
sot = v2.Auth(TEST_URL, **kargs)
expected = {'token': {'id': common.TEST_TOKEN}}
headers = {}
self.assertEqual(expected, sot.get_auth_data(headers))
self.assertEqual({'X-Auth-Token': common.TEST_TOKEN}, headers)
self.assertEqual(True, sot.invalidate())
expected = {'passwordCredentials': {'password': common.TEST_PASS,
'username': common.TEST_USER}}
headers = {}
self.assertEqual(expected, sot.get_auth_data(headers))
self.assertEqual({}, headers)
def test_valid_options(self):
expected = [
'auth_url',
'user_name',
'user_id',
'password',
'project_id',
'project_name',
'reauthenticate',
'token',
'trust_id',
]
self.assertEqual(expected, v2.Auth.valid_options)

195
openstack/tests/auth/identity/test_v3.py
View File

@@ -22,21 +22,22 @@ TEST_URL = 'http://127.0.0.1:5000/v3.0'
class TestV3Auth(testtools.TestCase): class TestV3Auth(testtools.TestCase):
def test_password_user_domain(self): def test_password_user_domain(self):
kargs = {'trust_id': common.TEST_TRUST_ID, kargs = {
'trust_id': common.TEST_TRUST_ID,
'project_id': common.TEST_PROJECT_ID, 'project_id': common.TEST_PROJECT_ID,
'project_name': common.TEST_PROJECT_NAME} 'project_name': common.TEST_PROJECT_NAME,
'user_name': common.TEST_USER,
method = v3.PasswordMethod(username=common.TEST_USER, 'user_id': common.TEST_USER_ID,
user_id=common.TEST_USER_ID, 'user_domain_id': common.TEST_DOMAIN_ID,
user_domain_id=common.TEST_DOMAIN_ID, 'user_domain_name': common.TEST_DOMAIN_NAME,
user_domain_name=common.TEST_DOMAIN_NAME, 'password': common.TEST_PASS,
password=common.TEST_PASS) }
sot = v3.Auth(TEST_URL, [method], **kargs) sot = v3.Auth(TEST_URL, **kargs)
self.assertEqual(1, len(sot.auth_methods)) self.assertEqual(1, len(sot.auth_methods))
auther = sot.auth_methods[0] auther = sot.auth_methods[0]
self.assertEqual(common.TEST_USER_ID, auther.user_id) self.assertEqual(common.TEST_USER_ID, auther.user_id)
self.assertEqual(common.TEST_USER, auther.username) self.assertEqual(common.TEST_USER, auther.user_name)
self.assertEqual(common.TEST_DOMAIN_ID, auther.user_domain_id) self.assertEqual(common.TEST_DOMAIN_ID, auther.user_domain_id)
self.assertEqual(common.TEST_DOMAIN_NAME, auther.user_domain_name) self.assertEqual(common.TEST_DOMAIN_NAME, auther.user_domain_name)
self.assertEqual(common.TEST_PASS, auther.password) self.assertEqual(common.TEST_PASS, auther.password)
@@ -53,21 +54,22 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(TEST_URL + '/auth/tokens', sot.token_url) self.assertEqual(TEST_URL + '/auth/tokens', sot.token_url)
def test_password_domain(self): def test_password_domain(self):
kargs = {'domain_id': common.TEST_DOMAIN_ID, kargs = {
'domain_id': common.TEST_DOMAIN_ID,
'domain_name': common.TEST_DOMAIN_NAME, 'domain_name': common.TEST_DOMAIN_NAME,
'trust_id': common.TEST_TRUST_ID, 'trust_id': common.TEST_TRUST_ID,
'project_id': common.TEST_PROJECT_ID, 'project_id': common.TEST_PROJECT_ID,
'project_name': common.TEST_PROJECT_NAME} 'project_name': common.TEST_PROJECT_NAME,
'user_name': common.TEST_USER,
methods = [v3.PasswordMethod(username=common.TEST_USER, 'user_id': common.TEST_USER_ID,
user_id=common.TEST_USER_ID, 'password': common.TEST_PASS,
password=common.TEST_PASS)] }
sot = v3.Auth(TEST_URL, methods, **kargs) sot = v3.Auth(TEST_URL, **kargs)
self.assertEqual(1, len(sot.auth_methods)) self.assertEqual(1, len(sot.auth_methods))
auther = sot.auth_methods[0] auther = sot.auth_methods[0]
self.assertEqual(common.TEST_USER_ID, auther.user_id) self.assertEqual(common.TEST_USER_ID, auther.user_id)
self.assertEqual(common.TEST_USER, auther.username) self.assertEqual(common.TEST_USER, auther.user_name)
self.assertEqual(None, auther.user_domain_id) self.assertEqual(None, auther.user_domain_id)
self.assertEqual(None, auther.user_domain_name) self.assertEqual(None, auther.user_domain_name)
self.assertEqual(common.TEST_PASS, auther.password) self.assertEqual(common.TEST_PASS, auther.password)
@@ -84,14 +86,15 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(TEST_URL + '/auth/tokens', sot.token_url) self.assertEqual(TEST_URL + '/auth/tokens', sot.token_url)
def test_token_project_domain(self): def test_token_project_domain(self):
kargs = {'project_domain_id': common.TEST_DOMAIN_ID, kargs = {
'project_domain_id': common.TEST_DOMAIN_ID,
'project_domain_name': common.TEST_DOMAIN_NAME, 'project_domain_name': common.TEST_DOMAIN_NAME,
'trust_id': common.TEST_TRUST_ID, 'trust_id': common.TEST_TRUST_ID,
'project_id': common.TEST_PROJECT_ID, 'project_id': common.TEST_PROJECT_ID,
'project_name': common.TEST_PROJECT_NAME} 'project_name': common.TEST_PROJECT_NAME,
'token': common.TEST_TOKEN,
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] }
sot = v3.Auth(TEST_URL, methods, **kargs) sot = v3.Auth(TEST_URL, **kargs)
self.assertEqual(1, len(sot.auth_methods)) self.assertEqual(1, len(sot.auth_methods))
auther = sot.auth_methods[0] auther = sot.auth_methods[0]
@@ -118,8 +121,8 @@ class TestV3Auth(testtools.TestCase):
return transport return transport
def test_authorize_token(self): def test_authorize_token(self):
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] kargs = {'token': common.TEST_TOKEN}
sot = v3.Auth(TEST_URL, methods) sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -136,9 +139,11 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_token_domain_id(self): def test_authorize_token_domain_id(self):
kargs = {'domain_id': common.TEST_DOMAIN_ID} kargs = {
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] 'domain_id': common.TEST_DOMAIN_ID,
sot = v3.Auth(TEST_URL, methods, **kargs) 'token': common.TEST_TOKEN,
}
sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -156,9 +161,11 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_token_domain_name(self): def test_authorize_token_domain_name(self):
kargs = {'domain_name': common.TEST_DOMAIN_NAME} kargs = {
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] 'domain_name': common.TEST_DOMAIN_NAME,
sot = v3.Auth(TEST_URL, methods, **kargs) 'token': common.TEST_TOKEN,
}
sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -177,9 +184,11 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_token_project_id(self): def test_authorize_token_project_id(self):
kargs = {'project_id': common.TEST_PROJECT_ID} kargs = {
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] 'project_id': common.TEST_PROJECT_ID,
sot = v3.Auth(TEST_URL, methods, **kargs) 'token': common.TEST_TOKEN,
}
sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -198,10 +207,12 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_token_project_name(self): def test_authorize_token_project_name(self):
kargs = {'project_name': common.TEST_PROJECT_NAME, kargs = {
'project_domain_id': common.TEST_DOMAIN_ID} 'project_name': common.TEST_PROJECT_NAME,
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] 'project_domain_id': common.TEST_DOMAIN_ID,
sot = v3.Auth(TEST_URL, methods, **kargs) 'token': common.TEST_TOKEN,
}
sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -222,10 +233,12 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_token_project_name_domain_name(self): def test_authorize_token_project_name_domain_name(self):
kargs = {'project_name': common.TEST_PROJECT_NAME, kargs = {
'project_domain_name': common.TEST_DOMAIN_NAME} 'project_name': common.TEST_PROJECT_NAME,
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] 'project_domain_name': common.TEST_DOMAIN_NAME,
sot = v3.Auth(TEST_URL, methods, **kargs) 'token': common.TEST_TOKEN,
}
sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -246,9 +259,11 @@ class TestV3Auth(testtools.TestCase):
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_token_trust_id(self): def test_authorize_token_trust_id(self):
kargs = {'trust_id': common.TEST_TRUST_ID} kargs = {
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] 'token': common.TEST_TOKEN,
sot = v3.Auth(TEST_URL, methods, **kargs) 'trust_id': common.TEST_TRUST_ID,
}
sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport) resp = sot.authorize(xport)
@@ -266,55 +281,71 @@ class TestV3Auth(testtools.TestCase):
ecatalog['version'] = 'v3' ecatalog['version'] = 'v3'
self.assertEqual(ecatalog, resp._info) self.assertEqual(ecatalog, resp._info)
def test_authorize_multi_method(self):
methods = [v3.PasswordMethod(username=common.TEST_USER,
password=common.TEST_PASS),
v3.TokenMethod(token=common.TEST_TOKEN)]
sot = v3.Auth(TEST_URL, methods)
xport = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
resp = sot.authorize(xport)
eurl = TEST_URL + '/auth/tokens'
eheaders = {'Accept': 'application/json',
'X-Auth-Token': common.TEST_TOKEN}
up = {'password': common.TEST_PASS, 'name': common.TEST_USER}
ejson = {'auth': {'identity': {'token': {'id': common.TEST_TOKEN},
'password': {'user': up},
'methods': ['password', 'token']}}}
xport.post.assert_called_with(eurl, headers=eheaders, json=ejson)
ecatalog = common.TEST_RESPONSE_DICT_V3['token'].copy()
ecatalog['auth_token'] = common.TEST_SUBJECT
ecatalog['version'] = 'v3'
self.assertEqual(ecatalog, resp._info)
def test_authorize_mutually_exclusive(self): def test_authorize_mutually_exclusive(self):
x = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3) x = self.create_mock_transport(common.TEST_RESPONSE_DICT_V3)
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] kargs = {'token': common.TEST_TOKEN}
kargs = {'domain_id': 'a', sot = v3.Auth(TEST_URL, **kargs)
'project_id': 'b'} sot.domain_id = 'a'
sot = v3.Auth(TEST_URL, methods, **kargs) sot.project_id = 'b'
self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x) self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x)
kargs = {'domain_name': 'a', sot = v3.Auth(TEST_URL, **kargs)
'project_name': 'b'} sot.domain_name = 'a'
sot = v3.Auth(TEST_URL, methods, **kargs) sot.project_name = 'b'
self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x) self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x)
kargs = {'domain_name': 'a', sot = v3.Auth(TEST_URL, **kargs)
'trust_id': 'b'} sot.domain_name = 'a'
sot = v3.Auth(TEST_URL, methods, **kargs) sot.trust_id = 'b'
self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x) self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x)
kargs = {'project_id': 'a', sot = v3.Auth(TEST_URL, **kargs)
'trust_id': 'b'} sot.project_id = 'a'
sot = v3.Auth(TEST_URL, methods, **kargs) sot.trust_id = 'b'
self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x) self.assertRaises(exceptions.AuthorizationFailure, sot.authorize, x)
def test_authorize_bad_response(self): def test_authorize_bad_response(self):
methods = [v3.TokenMethod(token=common.TEST_TOKEN)] kargs = {'token': common.TEST_TOKEN}
sot = v3.Auth(TEST_URL, methods) sot = v3.Auth(TEST_URL, **kargs)
xport = self.create_mock_transport({}) xport = self.create_mock_transport({})
self.assertRaises(exceptions.InvalidResponse, sot.authorize, xport) self.assertRaises(exceptions.InvalidResponse, sot.authorize, xport)
def test_invalidate(self):
kargs = {
'user_name': common.TEST_USER,
'password': common.TEST_PASS,
'token': common.TEST_TOKEN,
}
sot = v3.Auth(TEST_URL, **kargs)
self.assertEqual(1, len(sot.auth_methods))
auther = sot.auth_methods[0]
self.assertEqual(common.TEST_TOKEN, auther.token)
self.assertEqual(True, sot.invalidate())
self.assertEqual(1, len(sot.auth_methods))
auther = sot.auth_methods[0]
self.assertEqual(common.TEST_USER, auther.user_name)
self.assertEqual(common.TEST_PASS, auther.password)
def test_valid_options(self):
expected = [
'auth_url',
'domain_id',
'domain_name',
'password',
'project_domain_id',
'project_domain_name',
'project_id',
'project_name',
'reauthenticate',
'token',
'trust_id',
'user_domain_id',
'user_domain_name',
'user_id',
'user_name',
]
self.assertEqual(expected, v3.Auth.valid_options)

2
openstack/tests/test_session.py
View File

@@ -96,7 +96,7 @@ class TestSessionCreate(base.TestCase):
user_agent='9', user_agent='9',
region='10', region='10',
) )
self.assertEqual('1', sess.authenticator.auth_methods[0].username) self.assertEqual('1', sess.authenticator.auth_methods[0].user_name)
self.assertEqual('2', sess.authenticator.auth_methods[0].password) self.assertEqual('2', sess.authenticator.auth_methods[0].password)
self.assertEqual('7', sess.transport.verify) self.assertEqual('7', sess.transport.verify)
self.assertEqual('9', sess.transport._user_agent) self.assertEqual('9', sess.transport._user_agent)