cd3f58a8d0
Ensure that we validate the domain status of user/project for a user authenticating via the v2 API. This patch builds on the initial functional change done by Dolph, and fixes up the tests that broke sure to domain being required in any tests that setup data directly in the backends. Fixes Bug #1130236 Change-Id: I66dfd453fb95fa4fa3fde713b663386a2c2ecdf8
88 lines
2.6 KiB
Python
88 lines
2.6 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2012 OpenStack LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import os
|
|
import shutil
|
|
|
|
from keystone.common import openssl
|
|
from keystone import exception
|
|
from keystone import test
|
|
from keystone import token
|
|
|
|
import default_fixtures
|
|
|
|
|
|
ROOTDIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
SSLDIR = "%s/tests/ssl/" % ROOTDIR
|
|
CONF = test.CONF
|
|
DEFAULT_DOMAIN_ID = CONF.identity.default_domain_id
|
|
|
|
|
|
def rootdir(*p):
|
|
return os.path.join(SSLDIR, *p)
|
|
|
|
|
|
CERTDIR = rootdir("certs")
|
|
KEYDIR = rootdir("private")
|
|
|
|
|
|
class CertSetupTestCase(test.TestCase):
|
|
|
|
def setUp(self):
|
|
super(CertSetupTestCase, self).setUp()
|
|
CONF.signing.certfile = os.path.join(CERTDIR, 'signing_cert.pem')
|
|
CONF.signing.ca_certs = os.path.join(CERTDIR, "ca.pem")
|
|
CONF.signing.keyfile = os.path.join(KEYDIR, "signing_key.pem")
|
|
|
|
self.load_backends()
|
|
self.load_fixtures(default_fixtures)
|
|
self.controller = token.controllers.Auth()
|
|
|
|
def test_can_handle_missing_certs(self):
|
|
self.opt_in_group('signing', token_format='PKI')
|
|
self.opt_in_group('signing', certfile='invalid')
|
|
user = {
|
|
'id': 'fake1',
|
|
'name': 'fake1',
|
|
'password': 'fake1',
|
|
'domain_id': DEFAULT_DOMAIN_ID
|
|
}
|
|
body_dict = {
|
|
'passwordCredentials': {
|
|
'userId': user['id'],
|
|
'password': user['password'],
|
|
},
|
|
}
|
|
self.identity_api.create_user(user['id'], user)
|
|
self.assertRaises(exception.UnexpectedError,
|
|
self.controller.authenticate,
|
|
{}, body_dict)
|
|
|
|
def test_create_certs(self):
|
|
ssl = openssl.ConfigurePKI(None, None)
|
|
ssl.run()
|
|
self.assertTrue(os.path.exists(CONF.signing.certfile))
|
|
self.assertTrue(os.path.exists(CONF.signing.ca_certs))
|
|
self.assertTrue(os.path.exists(CONF.signing.keyfile))
|
|
|
|
def tearDown(self):
|
|
try:
|
|
shutil.rmtree(rootdir(SSLDIR))
|
|
except OSError:
|
|
pass
|
|
super(CertSetupTestCase, self).tearDown()
|