openstack
/
murano
Code Issues Proposed changes

Merge "Remove fallback to [keystone_authtoken]"

This commit is contained in:
Jenkins 2017-10-06 22:20:12 +00:00 committed by Gerrit Code Review
parent f0f3b548c6 64a798a2de
commit af6a44aa99
2 changed files with 47 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
murano/common/auth_utils.py
View File

@ -30,44 +30,18 @@ cfg.CONF.import_group(CFG_KEYSTONE_GROUP, 'keystonemiddleware.auth_token')
def _get_keystone_auth(trust_id=None):
if not cfg.CONF[CFG_MURANO_AUTH_GROUP].auth_type:
# Fallback to legacy v2 options in keystone_authtoken
# if no auth_type is set.
# If auth_type is set, it is possible to use the auth loader
# from keystoneauth1. This is the same fallback as keystonemiddleware
# uses.
versionutils.report_deprecated_feature(
LOG, 'Please update configuration in ' + CFG_MURANO_AUTH_GROUP +
' group')
auth_uri = cfg.CONF[CFG_KEYSTONE_GROUP].auth_uri
username = cfg.CONF[CFG_KEYSTONE_GROUP].admin_user
password = cfg.CONF[CFG_KEYSTONE_GROUP].admin_password
project_name = cfg.CONF[CFG_KEYSTONE_GROUP].admin_tenant_name
kwargs = {
'auth_url': auth_uri.replace('v2.0', 'v3'),
'username': username,
'password': password,
'user_domain_name': 'default'
}
if not trust_id:
kwargs['project_name'] = project_name
kwargs['project_domain_name'] = 'default'
else:
kwargs['trust_id'] = trust_id
auth = identity.Password(**kwargs)
else:
kwargs = {}
if trust_id:
# Remove project_name and project_id, since we need a trust scoped
# auth object
kwargs['project_name'] = None
kwargs['project_domain_name'] = None
kwargs['project_id'] = None
kwargs['trust_id'] = trust_id
auth = ka_loading.load_auth_from_conf_options(
cfg.CONF,
CFG_MURANO_AUTH_GROUP,
**kwargs)
kwargs = {}
if trust_id:
# Remove project_name and project_id, since we need a trust scoped
# auth object
kwargs['project_name'] = None
kwargs['project_domain_name'] = None
kwargs['project_id'] = None
kwargs['trust_id'] = trust_id
auth = ka_loading.load_auth_from_conf_options(
cfg.CONF,
CFG_MURANO_AUTH_GROUP,
**kwargs)
return auth

123
murano/tests/unit/common/test_auth_utils.py
View File

@ -38,61 +38,41 @@ class TestAuthUtils(base.MuranoTestCase):
group=auth_utils.CFG_MURANO_AUTH_GROUP)
self.addCleanup(mock.patch.stopall)
def _init_mock_cfg(self, auth_type):
if auth_type:
mock_auth_obj = mock.patch.object(auth_utils, 'ka_loading',
spec_set=ka_loading).start()
mock_auth_obj.load_auth_from_conf_options.return_value = \
mock.sentinel.auth
mock_auth_obj.load_session_from_conf_options.\
return_value = mock.sentinel.session
cfg.CONF.set_override('auth_type',
'password',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('auth_uri',
'foo_auth_uri',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('auth_url',
'foo_auth_url',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('username',
'fakeuser',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('password',
'fakepass',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('user_domain_name',
'Default',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('project_domain_name',
'Default',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('project_name',
'fakeproj',
auth_utils.CFG_MURANO_AUTH_GROUP)
else:
mock_auth_obj = mock.patch.object(auth_utils, 'identity',
autospec=True).start()
mock_auth_obj.Password.return_value = mock.sentinel.auth
cfg.CONF.set_override('auth_type',
None,
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('auth_uri',
'foo_auth_uri/v3',
auth_utils.CFG_KEYSTONE_GROUP)
cfg.CONF.set_override('admin_user',
'adminuser',
auth_utils.CFG_KEYSTONE_GROUP)
cfg.CONF.set_override('admin_password',
'adminpass',
auth_utils.CFG_KEYSTONE_GROUP)
cfg.CONF.set_override('admin_tenant_name',
'admintenant',
auth_utils.CFG_KEYSTONE_GROUP)
def _init_mock_cfg(self):
mock_auth_obj = mock.patch.object(auth_utils, 'ka_loading',
spec_set=ka_loading).start()
mock_auth_obj.load_auth_from_conf_options.return_value = \
mock.sentinel.auth
mock_auth_obj.load_session_from_conf_options.\
return_value = mock.sentinel.session
cfg.CONF.set_override('auth_type',
'password',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('auth_uri',
'foo_auth_uri',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('auth_url',
'foo_auth_url',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('username',
'fakeuser',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('password',
'fakepass',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('user_domain_name',
'Default',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('project_domain_name',
'Default',
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('project_name',
'fakeproj',
auth_utils.CFG_MURANO_AUTH_GROUP)
return mock_auth_obj
def test_get_keystone_auth(self):
mock_identity = self._init_mock_cfg(True)
mock_identity = self._init_mock_cfg()
expected_auth = mock.sentinel.auth
actual_auth = auth_utils._get_keystone_auth()
@ -101,25 +81,8 @@ class TestAuthUtils(base.MuranoTestCase):
mock_identity.load_auth_from_conf_options.assert_called_once_with(
cfg.CONF, auth_utils.CFG_MURANO_AUTH_GROUP)
def test_get_keystone_auth_fallback_to_v2(self):
mock_identity = self._init_mock_cfg(False)
expected_kwargs = {
'auth_url': 'foo_auth_uri/v3',
'username': 'adminuser',
'password': 'adminpass',
'user_domain_name': 'default',
'project_name': 'admintenant',
'project_domain_name': 'default'
}
expected_auth = mock.sentinel.auth
actual_auth = auth_utils._get_keystone_auth()
self.assertEqual(expected_auth, actual_auth)
mock_identity.Password.assert_called_once_with(**expected_kwargs)
def test_get_keystone_with_trust_id(self):
mock_ka_loading = self._init_mock_cfg(True)
mock_ka_loading = self._init_mock_cfg()
expected_kwargs = {
'project_name': None,
@ -136,26 +99,10 @@ class TestAuthUtils(base.MuranoTestCase):
auth_utils.CFG_MURANO_AUTH_GROUP,
**expected_kwargs)
def test_get_keystone_auth_with_trust_id_fallback_to_v2(self):
mock_identity = self._init_mock_cfg(False)
expected_kwargs = {
'auth_url': 'foo_auth_uri/v3',
'username': 'adminuser',
'password': 'adminpass',
'user_domain_name': 'default',
'trust_id': mock.sentinel.trust_id
}
expected_auth = mock.sentinel.auth
actual_auth = auth_utils._get_keystone_auth(mock.sentinel.trust_id)
self.assertEqual(expected_auth, actual_auth)
mock_identity.Password.assert_called_once_with(**expected_kwargs)
@mock.patch.object(auth_utils, 'ks_client', autospec=True)
@mock.patch.object(auth_utils, '_get_session', autospec=True)
def test_create_keystone_admin_client(self, mock_get_sess, mock_ks_client):
self._init_mock_cfg(False)
self._init_mock_cfg()
mock_get_sess.return_value = mock.sentinel.session
mock_ks_client.Client.return_value = mock.sentinel.ks_admin_client
@ -311,7 +258,7 @@ class TestAuthUtils(base.MuranoTestCase):
self.assertIsNone(auth_utils._get_config_option(None, 'url'))
def test_get_session(self):
mock_ka_loading = self._init_mock_cfg(True)
mock_ka_loading = self._init_mock_cfg()
session = auth_utils._get_session(mock.sentinel.auth)