openstack/murano
Code Issues Proposed changes

Merge "Remove fallback to [keystone_authtoken]"

Browse Source
This commit is contained in:
Jenkins 2017-10-06 22:20:12 +00:00 committed by Gerrit Code Review
commit af6a44aa99
2 changed files with 47 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
murano/common/auth_utils.py
View File

@ -30,44 +30,18 @@ cfg.CONF.import_group(CFG_KEYSTONE_GROUP, 'keystonemiddleware.auth_token')
def _get_keystone_auth(trust_id=None): def _get_keystone_auth(trust_id=None):
if not cfg.CONF[CFG_MURANO_AUTH_GROUP].auth_type: kwargs = {}
# Fallback to legacy v2 options in keystone_authtoken if trust_id:
# if no auth_type is set. # Remove project_name and project_id, since we need a trust scoped
# If auth_type is set, it is possible to use the auth loader # auth object
# from keystoneauth1. This is the same fallback as keystonemiddleware kwargs['project_name'] = None
# uses. kwargs['project_domain_name'] = None
versionutils.report_deprecated_feature( kwargs['project_id'] = None
LOG, 'Please update configuration in ' + CFG_MURANO_AUTH_GROUP + kwargs['trust_id'] = trust_id
' group') auth = ka_loading.load_auth_from_conf_options(
auth_uri = cfg.CONF[CFG_KEYSTONE_GROUP].auth_uri cfg.CONF,
username = cfg.CONF[CFG_KEYSTONE_GROUP].admin_user CFG_MURANO_AUTH_GROUP,
password = cfg.CONF[CFG_KEYSTONE_GROUP].admin_password **kwargs)
project_name = cfg.CONF[CFG_KEYSTONE_GROUP].admin_tenant_name
kwargs = {
'auth_url': auth_uri.replace('v2.0', 'v3'),
'username': username,
'password': password,
'user_domain_name': 'default'
}
if not trust_id:
kwargs['project_name'] = project_name
kwargs['project_domain_name'] = 'default'
else:
kwargs['trust_id'] = trust_id
auth = identity.Password(**kwargs)
else:
kwargs = {}
if trust_id:
# Remove project_name and project_id, since we need a trust scoped
# auth object
kwargs['project_name'] = None
kwargs['project_domain_name'] = None
kwargs['project_id'] = None
kwargs['trust_id'] = trust_id
auth = ka_loading.load_auth_from_conf_options(
cfg.CONF,
CFG_MURANO_AUTH_GROUP,
**kwargs)
return auth return auth

123
murano/tests/unit/common/test_auth_utils.py
View File

@ -38,61 +38,41 @@ class TestAuthUtils(base.MuranoTestCase):
group=auth_utils.CFG_MURANO_AUTH_GROUP) group=auth_utils.CFG_MURANO_AUTH_GROUP)
self.addCleanup(mock.patch.stopall) self.addCleanup(mock.patch.stopall)
def _init_mock_cfg(self, auth_type): def _init_mock_cfg(self):
if auth_type: mock_auth_obj = mock.patch.object(auth_utils, 'ka_loading',
mock_auth_obj = mock.patch.object(auth_utils, 'ka_loading', spec_set=ka_loading).start()
spec_set=ka_loading).start() mock_auth_obj.load_auth_from_conf_options.return_value = \
mock_auth_obj.load_auth_from_conf_options.return_value = \ mock.sentinel.auth
mock.sentinel.auth mock_auth_obj.load_session_from_conf_options.\
mock_auth_obj.load_session_from_conf_options.\ return_value = mock.sentinel.session
return_value = mock.sentinel.session cfg.CONF.set_override('auth_type',
cfg.CONF.set_override('auth_type', 'password',
'password', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF.set_override('auth_uri',
cfg.CONF.set_override('auth_uri', 'foo_auth_uri',
'foo_auth_uri', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF.set_override('auth_url',
cfg.CONF.set_override('auth_url', 'foo_auth_url',
'foo_auth_url', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF.set_override('username',
cfg.CONF.set_override('username', 'fakeuser',
'fakeuser', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF.set_override('password',
cfg.CONF.set_override('password', 'fakepass',
'fakepass', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF.set_override('user_domain_name',
cfg.CONF.set_override('user_domain_name', 'Default',
'Default', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF.set_override('project_domain_name',
cfg.CONF.set_override('project_domain_name', 'Default',
'Default', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF.set_override('project_name',
cfg.CONF.set_override('project_name', 'fakeproj',
'fakeproj', auth_utils.CFG_MURANO_AUTH_GROUP)
auth_utils.CFG_MURANO_AUTH_GROUP)
else:
mock_auth_obj = mock.patch.object(auth_utils, 'identity',
autospec=True).start()
mock_auth_obj.Password.return_value = mock.sentinel.auth
cfg.CONF.set_override('auth_type',
None,
auth_utils.CFG_MURANO_AUTH_GROUP)
cfg.CONF.set_override('auth_uri',
'foo_auth_uri/v3',
auth_utils.CFG_KEYSTONE_GROUP)
cfg.CONF.set_override('admin_user',
'adminuser',
auth_utils.CFG_KEYSTONE_GROUP)
cfg.CONF.set_override('admin_password',
'adminpass',
auth_utils.CFG_KEYSTONE_GROUP)
cfg.CONF.set_override('admin_tenant_name',
'admintenant',
auth_utils.CFG_KEYSTONE_GROUP)
return mock_auth_obj return mock_auth_obj
def test_get_keystone_auth(self): def test_get_keystone_auth(self):
mock_identity = self._init_mock_cfg(True) mock_identity = self._init_mock_cfg()
expected_auth = mock.sentinel.auth expected_auth = mock.sentinel.auth
actual_auth = auth_utils._get_keystone_auth() actual_auth = auth_utils._get_keystone_auth()
@ -101,25 +81,8 @@ class TestAuthUtils(base.MuranoTestCase):
mock_identity.load_auth_from_conf_options.assert_called_once_with( mock_identity.load_auth_from_conf_options.assert_called_once_with(
cfg.CONF, auth_utils.CFG_MURANO_AUTH_GROUP) cfg.CONF, auth_utils.CFG_MURANO_AUTH_GROUP)
def test_get_keystone_auth_fallback_to_v2(self):
mock_identity = self._init_mock_cfg(False)
expected_kwargs = {
'auth_url': 'foo_auth_uri/v3',
'username': 'adminuser',
'password': 'adminpass',
'user_domain_name': 'default',
'project_name': 'admintenant',
'project_domain_name': 'default'
}
expected_auth = mock.sentinel.auth
actual_auth = auth_utils._get_keystone_auth()
self.assertEqual(expected_auth, actual_auth)
mock_identity.Password.assert_called_once_with(**expected_kwargs)
def test_get_keystone_with_trust_id(self): def test_get_keystone_with_trust_id(self):
mock_ka_loading = self._init_mock_cfg(True) mock_ka_loading = self._init_mock_cfg()
expected_kwargs = { expected_kwargs = {
'project_name': None, 'project_name': None,
@ -136,26 +99,10 @@ class TestAuthUtils(base.MuranoTestCase):
auth_utils.CFG_MURANO_AUTH_GROUP, auth_utils.CFG_MURANO_AUTH_GROUP,
**expected_kwargs) **expected_kwargs)
def test_get_keystone_auth_with_trust_id_fallback_to_v2(self):
mock_identity = self._init_mock_cfg(False)
expected_kwargs = {
'auth_url': 'foo_auth_uri/v3',
'username': 'adminuser',
'password': 'adminpass',
'user_domain_name': 'default',
'trust_id': mock.sentinel.trust_id
}
expected_auth = mock.sentinel.auth
actual_auth = auth_utils._get_keystone_auth(mock.sentinel.trust_id)
self.assertEqual(expected_auth, actual_auth)
mock_identity.Password.assert_called_once_with(**expected_kwargs)
@mock.patch.object(auth_utils, 'ks_client', autospec=True) @mock.patch.object(auth_utils, 'ks_client', autospec=True)
@mock.patch.object(auth_utils, '_get_session', autospec=True) @mock.patch.object(auth_utils, '_get_session', autospec=True)
def test_create_keystone_admin_client(self, mock_get_sess, mock_ks_client): def test_create_keystone_admin_client(self, mock_get_sess, mock_ks_client):
self._init_mock_cfg(False) self._init_mock_cfg()
mock_get_sess.return_value = mock.sentinel.session mock_get_sess.return_value = mock.sentinel.session
mock_ks_client.Client.return_value = mock.sentinel.ks_admin_client mock_ks_client.Client.return_value = mock.sentinel.ks_admin_client
@ -311,7 +258,7 @@ class TestAuthUtils(base.MuranoTestCase):
self.assertIsNone(auth_utils._get_config_option(None, 'url')) self.assertIsNone(auth_utils._get_config_option(None, 'url'))
def test_get_session(self): def test_get_session(self):
mock_ka_loading = self._init_mock_cfg(True) mock_ka_loading = self._init_mock_cfg()
session = auth_utils._get_session(mock.sentinel.auth) session = auth_utils._get_session(mock.sentinel.auth)