Enable py3 tests for test_v3_auth
Enable python3 testing for test_v3_auth. Co-Authored-By: Victor Stinner <vstinner@redhat.com> Change-Id: I06fe42cc061b1daaca05ce591fd4bace823c21dd
This commit is contained in:
parent
3afbf86b56
commit
68473b26ee
@ -62,7 +62,7 @@ def _generate_totp_passcode(secret):
|
|||||||
decoded = base64.b32decode(secret)
|
decoded = base64.b32decode(secret)
|
||||||
totp = crypto_totp.TOTP(
|
totp = crypto_totp.TOTP(
|
||||||
decoded, 6, hashes.SHA1(), 30, backend=default_backend())
|
decoded, 6, hashes.SHA1(), 30, backend=default_backend())
|
||||||
return totp.generate(timeutils.utcnow_ts(microsecond=True))
|
return six.text_type(totp.generate(timeutils.utcnow_ts(microsecond=True)))
|
||||||
|
|
||||||
|
|
||||||
@dependency.requires('credential_api')
|
@dependency.requires('credential_api')
|
||||||
|
@ -409,7 +409,7 @@ def new_ec2_credential(user_id, project_id=None, blob=None, **kwargs):
|
|||||||
|
|
||||||
def new_totp_credential(user_id, project_id=None, blob=None):
|
def new_totp_credential(user_id, project_id=None, blob=None):
|
||||||
if not blob:
|
if not blob:
|
||||||
blob = base64.b32encode(uuid.uuid4().hex).rstrip('=')
|
blob = base64.b32encode(os.urandom(20)).decode('utf-8')
|
||||||
credential = new_credential_ref(user_id=user_id,
|
credential = new_credential_ref(user_id=user_id,
|
||||||
project_id=project_id,
|
project_id=project_id,
|
||||||
blob=blob,
|
blob=blob,
|
||||||
|
@ -15,7 +15,6 @@
|
|||||||
import copy
|
import copy
|
||||||
import datetime
|
import datetime
|
||||||
import itertools
|
import itertools
|
||||||
import json
|
|
||||||
import operator
|
import operator
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
@ -23,8 +22,10 @@ from keystoneclient.common import cms
|
|||||||
import mock
|
import mock
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import versionutils
|
from oslo_log import versionutils
|
||||||
|
from oslo_serialization import jsonutils as json
|
||||||
from oslo_utils import fixture
|
from oslo_utils import fixture
|
||||||
from oslo_utils import timeutils
|
from oslo_utils import timeutils
|
||||||
|
import six
|
||||||
from six.moves import http_client
|
from six.moves import http_client
|
||||||
from six.moves import range
|
from six.moves import range
|
||||||
from testtools import matchers
|
from testtools import matchers
|
||||||
@ -199,6 +200,17 @@ class TokenAPITests(object):
|
|||||||
user['enabled'] = enabled
|
user['enabled'] = enabled
|
||||||
self.identity_api.update_user(user['id'], user)
|
self.identity_api.update_user(user['id'], user)
|
||||||
|
|
||||||
|
def assertTimestampEqual(self, expected, value):
|
||||||
|
# Compare two timestamps but ignore the microseconds part
|
||||||
|
# of the expected timestamp. Keystone does not track microseconds and
|
||||||
|
# is working to eliminate microseconds from it's datetimes used.
|
||||||
|
expected = timeutils.parse_isotime(expected).replace(microsecond=0)
|
||||||
|
value = timeutils.parse_isotime(value).replace(microsecond=0)
|
||||||
|
self.assertEqual(
|
||||||
|
expected,
|
||||||
|
value,
|
||||||
|
"%s != %s" % (expected, value))
|
||||||
|
|
||||||
def test_validate_unscoped_token(self):
|
def test_validate_unscoped_token(self):
|
||||||
unscoped_token = self._get_unscoped_token()
|
unscoped_token = self._get_unscoped_token()
|
||||||
self._validate_token(unscoped_token)
|
self._validate_token(unscoped_token)
|
||||||
@ -603,9 +615,7 @@ class TokenAPITests(object):
|
|||||||
|
|
||||||
self.assertEqual(v2_token_data['access']['user']['id'],
|
self.assertEqual(v2_token_data['access']['user']['id'],
|
||||||
v3_token_data['token']['user']['id'])
|
v3_token_data['token']['user']['id'])
|
||||||
# v2 token time has not fraction of second precision so
|
self.assertTimestampEqual(v2_token_data['access']['token']['expires'],
|
||||||
# just need to make sure the non fraction part agrees
|
|
||||||
self.assertIn(v2_token_data['access']['token']['expires'][:-1],
|
|
||||||
v3_token_data['token']['expires_at'])
|
v3_token_data['token']['expires_at'])
|
||||||
|
|
||||||
def test_v3_v2_token_intermix(self):
|
def test_v3_v2_token_intermix(self):
|
||||||
@ -628,9 +638,7 @@ class TokenAPITests(object):
|
|||||||
|
|
||||||
self.assertEqual(v2_token_data['access']['user']['id'],
|
self.assertEqual(v2_token_data['access']['user']['id'],
|
||||||
v3_token_data['token']['user']['id'])
|
v3_token_data['token']['user']['id'])
|
||||||
# v2 token time has not fraction of second precision so
|
self.assertTimestampEqual(v2_token_data['access']['token']['expires'],
|
||||||
# just need to make sure the non fraction part agrees
|
|
||||||
self.assertIn(v2_token_data['access']['token']['expires'][:-1],
|
|
||||||
v3_token_data['token']['expires_at'])
|
v3_token_data['token']['expires_at'])
|
||||||
self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'],
|
self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'],
|
||||||
v3_token_data['token']['roles'][0]['name'])
|
v3_token_data['token']['roles'][0]['name'])
|
||||||
@ -656,9 +664,7 @@ class TokenAPITests(object):
|
|||||||
|
|
||||||
self.assertEqual(v2_token_data['access']['user']['id'],
|
self.assertEqual(v2_token_data['access']['user']['id'],
|
||||||
v3_token_data['token']['user']['id'])
|
v3_token_data['token']['user']['id'])
|
||||||
# v2 token time has not fraction of second precision so
|
self.assertTimestampEqual(v2_token_data['access']['token']['expires'],
|
||||||
# just need to make sure the non fraction part agrees
|
|
||||||
self.assertIn(v2_token_data['access']['token']['expires'][-1],
|
|
||||||
v3_token_data['token']['expires_at'])
|
v3_token_data['token']['expires_at'])
|
||||||
|
|
||||||
def test_v2_v3_token_intermix(self):
|
def test_v2_v3_token_intermix(self):
|
||||||
@ -683,9 +689,7 @@ class TokenAPITests(object):
|
|||||||
|
|
||||||
self.assertEqual(v2_token_data['access']['user']['id'],
|
self.assertEqual(v2_token_data['access']['user']['id'],
|
||||||
v3_token_data['token']['user']['id'])
|
v3_token_data['token']['user']['id'])
|
||||||
# v2 token time has not fraction of second precision so
|
self.assertTimestampEqual(v2_token_data['access']['token']['expires'],
|
||||||
# just need to make sure the non fraction part agrees
|
|
||||||
self.assertIn(v2_token_data['access']['token']['expires'][-1],
|
|
||||||
v3_token_data['token']['expires_at'])
|
v3_token_data['token']['expires_at'])
|
||||||
self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'],
|
self.assertEqual(v2_token_data['access']['user']['roles'][0]['name'],
|
||||||
v3_token_data['token']['roles'][0]['name'])
|
v3_token_data['token']['roles'][0]['name'])
|
||||||
@ -731,7 +735,7 @@ class TokenAPITests(object):
|
|||||||
self.assertValidProjectScopedTokenResponse(r)
|
self.assertValidProjectScopedTokenResponse(r)
|
||||||
|
|
||||||
# ensure token expiration stayed the same
|
# ensure token expiration stayed the same
|
||||||
self.assertEqual(expires, r.result['token']['expires_at'])
|
self.assertTimestampEqual(expires, r.result['token']['expires_at'])
|
||||||
|
|
||||||
def test_check_token(self):
|
def test_check_token(self):
|
||||||
self.head('/auth/tokens', headers=self.headers,
|
self.head('/auth/tokens', headers=self.headers,
|
||||||
@ -1111,7 +1115,7 @@ class TokenDataTests(object):
|
|||||||
r = self.get('/auth/tokens', headers=self.headers)
|
r = self.get('/auth/tokens', headers=self.headers)
|
||||||
|
|
||||||
# populate the response result with some extra data
|
# populate the response result with some extra data
|
||||||
r.result['token'][u'extra'] = unicode(uuid.uuid4().hex)
|
r.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex)
|
||||||
self.assertRaises(exception.SchemaValidationError,
|
self.assertRaises(exception.SchemaValidationError,
|
||||||
self.assertValidUnscopedTokenResponse,
|
self.assertValidUnscopedTokenResponse,
|
||||||
r)
|
r)
|
||||||
@ -1133,7 +1137,7 @@ class TokenDataTests(object):
|
|||||||
r = self.get('/auth/tokens', headers=self.headers)
|
r = self.get('/auth/tokens', headers=self.headers)
|
||||||
|
|
||||||
# populate the response result with some extra data
|
# populate the response result with some extra data
|
||||||
r.result['token'][u'extra'] = unicode(uuid.uuid4().hex)
|
r.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex)
|
||||||
self.assertRaises(exception.SchemaValidationError,
|
self.assertRaises(exception.SchemaValidationError,
|
||||||
self.assertValidDomainScopedTokenResponse,
|
self.assertValidDomainScopedTokenResponse,
|
||||||
r)
|
r)
|
||||||
@ -1150,7 +1154,7 @@ class TokenDataTests(object):
|
|||||||
resp = self.get('/auth/tokens', headers=self.headers)
|
resp = self.get('/auth/tokens', headers=self.headers)
|
||||||
|
|
||||||
# populate the response result with some extra data
|
# populate the response result with some extra data
|
||||||
resp.result['token'][u'extra'] = unicode(uuid.uuid4().hex)
|
resp.result['token'][u'extra'] = six.text_type(uuid.uuid4().hex)
|
||||||
self.assertRaises(exception.SchemaValidationError,
|
self.assertRaises(exception.SchemaValidationError,
|
||||||
self.assertValidProjectScopedTokenResponse,
|
self.assertValidProjectScopedTokenResponse,
|
||||||
resp)
|
resp)
|
||||||
@ -1258,8 +1262,8 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests, TokenDataTests):
|
|||||||
|
|
||||||
decoded_token = self.verify_token(token_id, CONF.signing.certfile,
|
decoded_token = self.verify_token(token_id, CONF.signing.certfile,
|
||||||
CONF.signing.ca_certs)
|
CONF.signing.ca_certs)
|
||||||
decoded_token_dict = json.loads(decoded_token)
|
|
||||||
|
|
||||||
|
decoded_token_dict = json.loads(decoded_token)
|
||||||
token_resp_dict = json.loads(resp.body)
|
token_resp_dict = json.loads(resp.body)
|
||||||
|
|
||||||
self.assertEqual(decoded_token_dict, token_resp_dict)
|
self.assertEqual(decoded_token_dict, token_resp_dict)
|
||||||
@ -1288,9 +1292,7 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests, TokenDataTests):
|
|||||||
v2_token = resp.result
|
v2_token = resp.result
|
||||||
self.assertEqual(v2_token['access']['user']['id'],
|
self.assertEqual(v2_token['access']['user']['id'],
|
||||||
token_data['token']['user']['id'])
|
token_data['token']['user']['id'])
|
||||||
# v2 token time has not fraction of second precision so
|
self.assertTimestampEqual(v2_token['access']['token']['expires'],
|
||||||
# just need to make sure the non fraction part agrees
|
|
||||||
self.assertIn(v2_token['access']['token']['expires'][:-1],
|
|
||||||
token_data['token']['expires_at'])
|
token_data['token']['expires_at'])
|
||||||
self.assertEqual(v2_token['access']['user']['roles'][0]['name'],
|
self.assertEqual(v2_token['access']['user']['roles'][0]['name'],
|
||||||
token_data['token']['roles'][0]['name'])
|
token_data['token']['roles'][0]['name'])
|
||||||
|
@ -1,2 +1 @@
|
|||||||
keystone.tests.unit.test_v3_auth
|
|
||||||
keystone.tests.unit.test_v3_oauth1
|
keystone.tests.unit.test_v3_oauth1
|
||||||
|
Loading…
Reference in New Issue
Block a user