Make KeyRepository shareable

Because sharing is caring... and it helps us test credential encryption by allowing us to reuse the KeyRepository fixture for credentials and fernet. bp credential-encryption Change-Id: I50a4e663385a0070ee1fd2c83c2fe5913f5a0ad0
2016-08-16 14:36:47 +00:00 · 2016-08-16 14:36:47 +00:00 · fab5f82683
parent bd80bb77e9
commit fab5f82683
8 changed files with 122 additions and 20 deletions
--- a/keystone/tests/unit/ksfixtures/key_repository.py
+++ b/keystone/tests/unit/ksfixtures/key_repository.py
@ -19,19 +19,21 @@ CONF = keystone.conf.CONF


 class KeyRepository(fixtures.Fixture):
-    def __init__(self, config_fixture):
+    def __init__(self, config_fixture, key_group, max_active_keys):
        super(KeyRepository, self).__init__()
        self.config_fixture = config_fixture
+        self.max_active_keys = max_active_keys
+        self.key_group = key_group

    def setUp(self):
        super(KeyRepository, self).setUp()
        directory = self.useFixture(fixtures.TempDir()).path
-        self.config_fixture.config(group='fernet_tokens',
+        self.config_fixture.config(group=self.key_group,
                                   key_repository=directory)

        fernet_utils = utils.FernetUtils(
-            CONF.fernet_tokens.key_repository,
-            CONF.fernet_tokens.max_active_keys
+            directory,
+            self.max_active_keys
        )
        fernet_utils.create_key_directory()
        fernet_utils.initialize_key_repository()
--- a/keystone/tests/unit/test_auth.py
+++ b/keystone/tests/unit/test_auth.py
@ -625,7 +625,13 @@ class FernetAuthWithToken(AuthWithToken, AuthTest):
    def config_overrides(self):
        super(FernetAuthWithToken, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def test_token_auth_with_binding(self):
        self.config_fixture.config(group='token', bind=['kerberos'])
@ -829,7 +835,13 @@ class FernetAuthWithRemoteUser(AuthWithRemoteUser, AuthTest):
    def config_overrides(self):
        super(FernetAuthWithRemoteUser, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def test_bind_with_kerberos(self):
        self.config_fixture.config(group='token', bind=['kerberos'])
@ -1301,7 +1313,13 @@ class FernetAuthWithTrust(AuthWithTrust, AuthTest):
    def config_overrides(self):
        super(FernetAuthWithTrust, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def setUp(self):
        super(FernetAuthWithTrust, self).setUp()
--- a/keystone/tests/unit/test_token_provider.py
+++ b/keystone/tests/unit/test_token_provider.py
@ -719,7 +719,13 @@ class TestTokenProvider(unit.TestCase):
    def setUp(self):
        super(TestTokenProvider, self).setUp()
        self.useFixture(database.Database())
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )
        self.load_backends()

    def test_get_token_version(self):
--- a/keystone/tests/unit/test_v2.py
+++ b/keystone/tests/unit/test_v2.py
@ -1452,7 +1452,13 @@ class V2TestCaseFernet(V2TestCase, RestfulTestCase, CoreApiTests,
    def config_overrides(self):
        super(V2TestCaseFernet, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def test_fetch_revocation_list_md5(self):
        self.skipTest('Revocation lists do not support Fernet')
@ -1519,7 +1525,13 @@ class TestFernetTokenProviderV2(RestfulTestCase):
    def config_overrides(self):
        super(TestFernetTokenProviderV2, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def test_authenticate_unscoped_token(self):
        unscoped_token = self.get_unscoped_token()
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -2427,7 +2427,13 @@ class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests,
    def config_overrides(self):
        super(TestFernetTokenAPIs, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def setUp(self):
        super(TestFernetTokenAPIs, self).setUp()
@ -4899,7 +4905,13 @@ class TestTrustAuthFernetTokenProvider(TrustAPIBehavior, TestTrustChain):
                                   revoke_by_id=False)
        self.config_fixture.config(group='trust',
                                   enabled=True)
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )


 class TestAuthTOTP(test_v3.RestfulTestCase):
--- a/keystone/tests/unit/test_v3_federation.py
+++ b/keystone/tests/unit/test_v3_federation.py
@ -2530,7 +2530,13 @@ class FernetFederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
    def config_overrides(self):
        super(FernetFederatedTokenTests, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def auth_plugin_config_override(self):
        methods = ['saml2', 'token', 'password']
--- a/keystone/tests/unit/test_v3_oauth1.py
+++ b/keystone/tests/unit/test_v3_oauth1.py
@ -22,6 +22,7 @@ from pycadf import cadftaxonomy
 from six.moves import http_client
 from six.moves import urllib

+import keystone.conf
 from keystone.contrib.oauth1 import routers
 from keystone import exception
 from keystone import oauth1
@ -34,6 +35,9 @@ from keystone.tests.unit.ksfixtures import temporaryfile
 from keystone.tests.unit import test_v3


+CONF = keystone.conf.CONF
+
+
 def _urllib_parse_qs_text_keys(content):
    results = urllib.parse.parse_qs(content)
    return {key.decode('utf-8'): value for key, value in results.items()}
@ -616,7 +620,13 @@ class FernetAuthTokenTests(AuthTokenTests, OAuthFlowTests):
    def config_overrides(self):
        super(FernetAuthTokenTests, self).config_overrides()
        self.config_fixture.config(group='token', provider='fernet')
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def test_delete_keystone_tokens_by_consumer_id(self):
        self.skipTest('Fernet tokens are never persisted in the backend.')
--- a/keystone/tests/unit/token/test_fernet_provider.py
+++ b/keystone/tests/unit/token/test_fernet_provider.py
@ -39,7 +39,13 @@ CONF = keystone.conf.CONF
 class TestFernetTokenProvider(unit.TestCase):
    def setUp(self):
        super(TestFernetTokenProvider, self).setUp()
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )
        self.provider = fernet.Provider()

    def test_supports_bind_authentication_returns_false(self):
@ -72,7 +78,13 @@ class TestFernetTokenProvider(unit.TestCase):
 class TestValidate(unit.TestCase):
    def setUp(self):
        super(TestValidate, self).setUp()
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )
        self.useFixture(database.Database())
        self.load_backends()

@ -217,7 +229,13 @@ class TestValidate(unit.TestCase):
 class TestTokenFormatter(unit.TestCase):
    def setUp(self):
        super(TestTokenFormatter, self).setUp()
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def test_restore_padding(self):
        # 'a' will result in '==' padding, 'aa' will result in '=' padding, and
@ -555,7 +573,13 @@ class TestFernetKeyRotation(unit.TestCase):

            # Ensure that resetting the key repository always results in 2
            # active keys.
-            self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+            self.useFixture(
+                ksfixtures.KeyRepository(
+                    self.config_fixture,
+                    'fernet_tokens',
+                    CONF.fernet_tokens.max_active_keys
+                )
+            )

            # Validate the initial repository state.
            self.assertRepositoryState(expected_size=min_active_keys)
@ -599,7 +623,13 @@ class TestFernetKeyRotation(unit.TestCase):
                self.assertEqual(exp_keys, self.keys)

    def test_non_numeric_files(self):
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )
        evil_file = os.path.join(CONF.fernet_tokens.key_repository, '99.bak')
        with open(evil_file, 'w'):
            pass
@ -619,7 +649,13 @@ class TestFernetKeyRotation(unit.TestCase):

 class TestLoadKeys(unit.TestCase):
    def test_non_numeric_files(self):
-        self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )
        evil_file = os.path.join(CONF.fernet_tokens.key_repository, '~1')
        with open(evil_file, 'w'):
            pass