Make KeyRepository shareable
Because sharing is caring... and it helps us test credential encryption by allowing us to reuse the KeyRepository fixture for credentials and fernet. bp credential-encryption Change-Id: I50a4e663385a0070ee1fd2c83c2fe5913f5a0ad0
This commit is contained in:
parent
bd80bb77e9
commit
fab5f82683
@ -19,19 +19,21 @@ CONF = keystone.conf.CONF
|
||||
|
||||
|
||||
class KeyRepository(fixtures.Fixture):
|
||||
def __init__(self, config_fixture):
|
||||
def __init__(self, config_fixture, key_group, max_active_keys):
|
||||
super(KeyRepository, self).__init__()
|
||||
self.config_fixture = config_fixture
|
||||
self.max_active_keys = max_active_keys
|
||||
self.key_group = key_group
|
||||
|
||||
def setUp(self):
|
||||
super(KeyRepository, self).setUp()
|
||||
directory = self.useFixture(fixtures.TempDir()).path
|
||||
self.config_fixture.config(group='fernet_tokens',
|
||||
self.config_fixture.config(group=self.key_group,
|
||||
key_repository=directory)
|
||||
|
||||
fernet_utils = utils.FernetUtils(
|
||||
CONF.fernet_tokens.key_repository,
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
directory,
|
||||
self.max_active_keys
|
||||
)
|
||||
fernet_utils.create_key_directory()
|
||||
fernet_utils.initialize_key_repository()
|
||||
|
@ -625,7 +625,13 @@ class FernetAuthWithToken(AuthWithToken, AuthTest):
|
||||
def config_overrides(self):
|
||||
super(FernetAuthWithToken, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def test_token_auth_with_binding(self):
|
||||
self.config_fixture.config(group='token', bind=['kerberos'])
|
||||
@ -829,7 +835,13 @@ class FernetAuthWithRemoteUser(AuthWithRemoteUser, AuthTest):
|
||||
def config_overrides(self):
|
||||
super(FernetAuthWithRemoteUser, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def test_bind_with_kerberos(self):
|
||||
self.config_fixture.config(group='token', bind=['kerberos'])
|
||||
@ -1301,7 +1313,13 @@ class FernetAuthWithTrust(AuthWithTrust, AuthTest):
|
||||
def config_overrides(self):
|
||||
super(FernetAuthWithTrust, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def setUp(self):
|
||||
super(FernetAuthWithTrust, self).setUp()
|
||||
|
@ -719,7 +719,13 @@ class TestTokenProvider(unit.TestCase):
|
||||
def setUp(self):
|
||||
super(TestTokenProvider, self).setUp()
|
||||
self.useFixture(database.Database())
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
self.load_backends()
|
||||
|
||||
def test_get_token_version(self):
|
||||
|
@ -1452,7 +1452,13 @@ class V2TestCaseFernet(V2TestCase, RestfulTestCase, CoreApiTests,
|
||||
def config_overrides(self):
|
||||
super(V2TestCaseFernet, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def test_fetch_revocation_list_md5(self):
|
||||
self.skipTest('Revocation lists do not support Fernet')
|
||||
@ -1519,7 +1525,13 @@ class TestFernetTokenProviderV2(RestfulTestCase):
|
||||
def config_overrides(self):
|
||||
super(TestFernetTokenProviderV2, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def test_authenticate_unscoped_token(self):
|
||||
unscoped_token = self.get_unscoped_token()
|
||||
|
@ -2427,7 +2427,13 @@ class TestFernetTokenAPIs(test_v3.RestfulTestCase, TokenAPITests,
|
||||
def config_overrides(self):
|
||||
super(TestFernetTokenAPIs, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def setUp(self):
|
||||
super(TestFernetTokenAPIs, self).setUp()
|
||||
@ -4899,7 +4905,13 @@ class TestTrustAuthFernetTokenProvider(TrustAPIBehavior, TestTrustChain):
|
||||
revoke_by_id=False)
|
||||
self.config_fixture.config(group='trust',
|
||||
enabled=True)
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
class TestAuthTOTP(test_v3.RestfulTestCase):
|
||||
|
@ -2530,7 +2530,13 @@ class FernetFederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
|
||||
def config_overrides(self):
|
||||
super(FernetFederatedTokenTests, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def auth_plugin_config_override(self):
|
||||
methods = ['saml2', 'token', 'password']
|
||||
|
@ -22,6 +22,7 @@ from pycadf import cadftaxonomy
|
||||
from six.moves import http_client
|
||||
from six.moves import urllib
|
||||
|
||||
import keystone.conf
|
||||
from keystone.contrib.oauth1 import routers
|
||||
from keystone import exception
|
||||
from keystone import oauth1
|
||||
@ -34,6 +35,9 @@ from keystone.tests.unit.ksfixtures import temporaryfile
|
||||
from keystone.tests.unit import test_v3
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
|
||||
|
||||
def _urllib_parse_qs_text_keys(content):
|
||||
results = urllib.parse.parse_qs(content)
|
||||
return {key.decode('utf-8'): value for key, value in results.items()}
|
||||
@ -616,7 +620,13 @@ class FernetAuthTokenTests(AuthTokenTests, OAuthFlowTests):
|
||||
def config_overrides(self):
|
||||
super(FernetAuthTokenTests, self).config_overrides()
|
||||
self.config_fixture.config(group='token', provider='fernet')
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def test_delete_keystone_tokens_by_consumer_id(self):
|
||||
self.skipTest('Fernet tokens are never persisted in the backend.')
|
||||
|
@ -39,7 +39,13 @@ CONF = keystone.conf.CONF
|
||||
class TestFernetTokenProvider(unit.TestCase):
|
||||
def setUp(self):
|
||||
super(TestFernetTokenProvider, self).setUp()
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
self.provider = fernet.Provider()
|
||||
|
||||
def test_supports_bind_authentication_returns_false(self):
|
||||
@ -72,7 +78,13 @@ class TestFernetTokenProvider(unit.TestCase):
|
||||
class TestValidate(unit.TestCase):
|
||||
def setUp(self):
|
||||
super(TestValidate, self).setUp()
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
self.useFixture(database.Database())
|
||||
self.load_backends()
|
||||
|
||||
@ -217,7 +229,13 @@ class TestValidate(unit.TestCase):
|
||||
class TestTokenFormatter(unit.TestCase):
|
||||
def setUp(self):
|
||||
super(TestTokenFormatter, self).setUp()
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def test_restore_padding(self):
|
||||
# 'a' will result in '==' padding, 'aa' will result in '=' padding, and
|
||||
@ -555,7 +573,13 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
|
||||
# Ensure that resetting the key repository always results in 2
|
||||
# active keys.
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
# Validate the initial repository state.
|
||||
self.assertRepositoryState(expected_size=min_active_keys)
|
||||
@ -599,7 +623,13 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
self.assertEqual(exp_keys, self.keys)
|
||||
|
||||
def test_non_numeric_files(self):
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
evil_file = os.path.join(CONF.fernet_tokens.key_repository, '99.bak')
|
||||
with open(evil_file, 'w'):
|
||||
pass
|
||||
@ -619,7 +649,13 @@ class TestFernetKeyRotation(unit.TestCase):
|
||||
|
||||
class TestLoadKeys(unit.TestCase):
|
||||
def test_non_numeric_files(self):
|
||||
self.useFixture(ksfixtures.KeyRepository(self.config_fixture))
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
evil_file = os.path.join(CONF.fernet_tokens.key_repository, '~1')
|
||||
with open(evil_file, 'w'):
|
||||
pass
|
||||
|
Loading…
Reference in New Issue
Block a user