From 68473b26eea2114fc02e4f29e8f33f0bcb4c0eba Mon Sep 17 00:00:00 2001 From: Morgan Fainberg Date: Wed, 18 May 2016 16:50:29 -0700 Subject: [PATCH] Enable py3 tests for test_v3_auth Enable python3 testing for test_v3_auth. Co-Authored-By: Victor Stinner Change-Id: I06fe42cc061b1daaca05ce591fd4bace823c21dd --- keystone/auth/plugins/totp.py | 2 +- keystone/tests/unit/core.py | 2 +- keystone/tests/unit/test_v3_auth.py | 54 +++++++++++++++-------------- tests-py3-blacklist.txt | 1 - 4 files changed, 30 insertions(+), 29 deletions(-) diff --git a/keystone/auth/plugins/totp.py b/keystone/auth/plugins/totp.py index b94b7573e4..8be2aa21e9 100644 --- a/keystone/auth/plugins/totp.py +++ b/keystone/auth/plugins/totp.py @@ -62,7 +62,7 @@ def _generate_totp_passcode(secret): decoded = base64.b32decode(secret) totp = crypto_totp.TOTP( decoded, 6, hashes.SHA1(), 30, backend=default_backend()) - return totp.generate(timeutils.utcnow_ts(microsecond=True)) + return six.text_type(totp.generate(timeutils.utcnow_ts(microsecond=True))) @dependency.requires('credential_api') diff --git a/keystone/tests/unit/core.py b/keystone/tests/unit/core.py index 9ea6d9fba5..88356ba1d1 100644 --- a/keystone/tests/unit/core.py +++ b/keystone/tests/unit/core.py @@ -409,7 +409,7 @@ def new_ec2_credential(user_id, project_id=None, blob=None, **kwargs): def new_totp_credential(user_id, project_id=None, blob=None): if not blob: - blob = base64.b32encode(uuid.uuid4().hex).rstrip('=') + blob = base64.b32encode(os.urandom(20)).decode('utf-8') credential = new_credential_ref(user_id=user_id, project_id=project_id, blob=blob, diff --git a/keystone/tests/unit/test_v3_auth.py b/keystone/tests/unit/test_v3_auth.py index e6f1a59a5e..b498b6c94a 100644 --- a/keystone/tests/unit/test_v3_auth.py +++ b/keystone/tests/unit/test_v3_auth.py @@ -15,7 +15,6 @@ import copy import datetime import itertools -import json import operator import uuid @@ -23,8 +22,10 @@ from keystoneclient.common import cms import mock from oslo_config import cfg from oslo_log import versionutils +from oslo_serialization import jsonutils as json from oslo_utils import fixture from oslo_utils import timeutils +import six from six.moves import http_client from six.moves import range from testtools import matchers @@ -199,6 +200,17 @@ class TokenAPITests(object): user['enabled'] = enabled self.identity_api.update_user(user['id'], user) + def assertTimestampEqual(self, expected, value): + # Compare two timestamps but ignore the microseconds part + # of the expected timestamp. Keystone does not track microseconds and + # is working to eliminate microseconds from it's datetimes used. + expected = timeutils.parse_isotime(expected).replace(microsecond=0) + value = timeutils.parse_isotime(value).replace(microsecond=0) + self.assertEqual( + expected, + value, + "%s != %s" % (expected, value)) + def test_validate_unscoped_token(self): unscoped_token = self._get_unscoped_token() self._validate_token(unscoped_token) @@ -603,10 +615,8 @@ class TokenAPITests(object): self.assertEqual(v2_token_data['access']['user']['id'], v3_token_data['token']['user']['id']) - # v2 token time has not fraction of second precision so - # just need to make sure the non fraction part agrees - self.assertIn(v2_token_data['access']['token']['expires'][:-1], - v3_token_data['token']['expires_at']) + self.assertTimestampEqual(v2_token_data['access']['token']['expires'], + v3_token_data['token']['expires_at']) def test_v3_v2_token_intermix(self): # FIXME(gyee): PKI tokens are not interchangeable because token @@ -628,10 +638,8 @@ class TokenAPITests(object): self.assertEqual(v2_token_data['access']['user']['id'], v3_token_data['token']['user']['id']) - # v2 token time has not fraction of second precision so - # just need to make sure the non fraction part agrees - self.assertIn(v2_token_data['access']['token']['expires'][:-1], - v3_token_data['token']['expires_at']) + self.assertTimestampEqual(v2_token_data['access']['token']['expires'], + v3_token_data['token']['expires_at']) self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'], v3_token_data['token']['roles'][0]['name']) @@ -656,10 +664,8 @@ class TokenAPITests(object): self.assertEqual(v2_token_data['access']['user']['id'], v3_token_data['token']['user']['id']) - # v2 token time has not fraction of second precision so - # just need to make sure the non fraction part agrees - self.assertIn(v2_token_data['access']['token']['expires'][-1], - v3_token_data['token']['expires_at']) + self.assertTimestampEqual(v2_token_data['access']['token']['expires'], + v3_token_data['token']['expires_at']) def test_v2_v3_token_intermix(self): r = self.admin_request( @@ -683,10 +689,8 @@ class TokenAPITests(object): self.assertEqual(v2_token_data['access']['user']['id'], v3_token_data['token']['user']['id']) - # v2 token time has not fraction of second precision so - # just need to make sure the non fraction part agrees - self.assertIn(v2_token_data['access']['token']['expires'][-1], - v3_token_data['token']['expires_at']) + self.assertTimestampEqual(v2_token_data['access']['token']['expires'], + v3_token_data['token']['expires_at']) self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'], v3_token_data['token']['roles'][0]['name']) @@ -731,7 +735,7 @@ class TokenAPITests(object): self.assertValidProjectScopedTokenResponse(r) # ensure token expiration stayed the same - self.assertEqual(expires, r.result['token']['expires_at']) + self.assertTimestampEqual(expires, r.result['token']['expires_at']) def test_check_token(self): self.head('/auth/tokens', headers=self.headers, @@ -1111,7 +1115,7 @@ class TokenDataTests(object): r = self.get('/auth/tokens', headers=self.headers) # populate the response result with some extra data - r.result['token'][u'extra'] = unicode(uuid.uuid4().hex) + r.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex) self.assertRaises(exception.SchemaValidationError, self.assertValidUnscopedTokenResponse, r) @@ -1133,7 +1137,7 @@ class TokenDataTests(object): r = self.get('/auth/tokens', headers=self.headers) # populate the response result with some extra data - r.result['token'][u'extra'] = unicode(uuid.uuid4().hex) + r.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex) self.assertRaises(exception.SchemaValidationError, self.assertValidDomainScopedTokenResponse, r) @@ -1150,7 +1154,7 @@ class TokenDataTests(object): resp = self.get('/auth/tokens', headers=self.headers) # populate the response result with some extra data - resp.result['token'][u'extra'] = unicode(uuid.uuid4().hex) + resp.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex) self.assertRaises(exception.SchemaValidationError, self.assertValidProjectScopedTokenResponse, resp) @@ -1258,8 +1262,8 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests, TokenDataTests): decoded_token = self.verify_token(token_id, CONF.signing.certfile, CONF.signing.ca_certs) - decoded_token_dict = json.loads(decoded_token) + decoded_token_dict = json.loads(decoded_token) token_resp_dict = json.loads(resp.body) self.assertEqual(decoded_token_dict, token_resp_dict) @@ -1288,10 +1292,8 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests, TokenDataTests): v2_token = resp.result self.assertEqual(v2_token['access']['user']['id'], token_data['token']['user']['id']) - # v2 token time has not fraction of second precision so - # just need to make sure the non fraction part agrees - self.assertIn(v2_token['access']['token']['expires'][:-1], - token_data['token']['expires_at']) + self.assertTimestampEqual(v2_token['access']['token']['expires'], + token_data['token']['expires_at']) self.assertEqual(v2_token['access']['user']['roles'][0]['name'], token_data['token']['roles'][0]['name']) diff --git a/tests-py3-blacklist.txt b/tests-py3-blacklist.txt index 95abf00da7..a5be1f2b7b 100644 --- a/tests-py3-blacklist.txt +++ b/tests-py3-blacklist.txt @@ -1,2 +1 @@ -keystone.tests.unit.test_v3_auth keystone.tests.unit.test_v3_oauth1