342 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			342 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| # Copyright (c) 2013 OpenStack Foundation
 | |
| #
 | |
| # All Rights Reserved.
 | |
| #
 | |
| #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 | |
| #    not use this file except in compliance with the License. You may obtain
 | |
| #    a copy of the License at
 | |
| #
 | |
| #         http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| #    Unless required by applicable law or agreed to in writing, software
 | |
| #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 | |
| #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 | |
| #    License for the specific language governing permissions and limitations
 | |
| #    under the License.
 | |
| 
 | |
| import json
 | |
| 
 | |
| import mock
 | |
| import requests
 | |
| 
 | |
| from cinderclient import exceptions
 | |
| from cinderclient.v2 import client
 | |
| from cinderclient.tests.unit import utils
 | |
| 
 | |
| 
 | |
| class AuthenticateAgainstKeystoneTests(utils.TestCase):
 | |
|     def test_authenticate_success(self):
 | |
|         cs = client.Client("username", "password", "project_id",
 | |
|                            "http://localhost:8776/v2", service_type='volumev2')
 | |
|         resp = {
 | |
|             "access": {
 | |
|                 "token": {
 | |
|                     "expires": "2014-11-01T03:32:15-05:00",
 | |
|                     "id": "FAKE_ID",
 | |
|                 },
 | |
|                 "serviceCatalog": [
 | |
|                     {
 | |
|                         "type": "volumev2",
 | |
|                         "endpoints": [
 | |
|                             {
 | |
|                                 "region": "RegionOne",
 | |
|                                 "adminURL": "http://localhost:8776/v2",
 | |
|                                 "internalURL": "http://localhost:8776/v2",
 | |
|                                 "publicURL": "http://localhost:8776/v2",
 | |
|                             },
 | |
|                         ],
 | |
|                     },
 | |
|                 ],
 | |
|             },
 | |
|         }
 | |
|         auth_response = utils.TestResponse({
 | |
|             "status_code": 200,
 | |
|             "text": json.dumps(resp),
 | |
|         })
 | |
| 
 | |
|         mock_request = mock.Mock(return_value=(auth_response))
 | |
| 
 | |
|         @mock.patch.object(requests, "request", mock_request)
 | |
|         def test_auth_call():
 | |
|             cs.client.authenticate()
 | |
|             headers = {
 | |
|                 'User-Agent': cs.client.USER_AGENT,
 | |
|                 'Content-Type': 'application/json',
 | |
|                 'Accept': 'application/json',
 | |
|             }
 | |
|             body = {
 | |
|                 'auth': {
 | |
|                     'passwordCredentials': {
 | |
|                         'username': cs.client.user,
 | |
|                         'password': cs.client.password,
 | |
|                     },
 | |
|                     'tenantName': cs.client.projectid,
 | |
|                 },
 | |
|             }
 | |
| 
 | |
|             token_url = cs.client.auth_url + "/tokens"
 | |
|             mock_request.assert_called_with(
 | |
|                 "POST",
 | |
|                 token_url,
 | |
|                 headers=headers,
 | |
|                 data=json.dumps(body),
 | |
|                 allow_redirects=True,
 | |
|                 **self.TEST_REQUEST_BASE)
 | |
| 
 | |
|             endpoints = resp["access"]["serviceCatalog"][0]['endpoints']
 | |
|             public_url = endpoints[0]["publicURL"].rstrip('/')
 | |
|             self.assertEqual(public_url, cs.client.management_url)
 | |
|             token_id = resp["access"]["token"]["id"]
 | |
|             self.assertEqual(token_id, cs.client.auth_token)
 | |
| 
 | |
|         test_auth_call()
 | |
| 
 | |
|     def test_authenticate_tenant_id(self):
 | |
|         cs = client.Client("username", "password",
 | |
|                            auth_url="http://localhost:8776/v2",
 | |
|                            tenant_id='tenant_id', service_type='volumev2')
 | |
|         resp = {
 | |
|             "access": {
 | |
|                 "token": {
 | |
|                     "expires": "2014-11-01T03:32:15-05:00",
 | |
|                     "id": "FAKE_ID",
 | |
|                     "tenant": {
 | |
|                         "description": None,
 | |
|                         "enabled": True,
 | |
|                         "id": "tenant_id",
 | |
|                         "name": "demo"
 | |
|                     }  # tenant associated with token
 | |
|                 },
 | |
|                 "serviceCatalog": [
 | |
|                     {
 | |
|                         "type": 'volumev2',
 | |
|                         "endpoints": [
 | |
|                             {
 | |
|                                 "region": "RegionOne",
 | |
|                                 "adminURL": "http://localhost:8776/v2",
 | |
|                                 "internalURL": "http://localhost:8776/v2",
 | |
|                                 "publicURL": "http://localhost:8776/v2",
 | |
|                             },
 | |
|                         ],
 | |
|                     },
 | |
|                 ],
 | |
|             },
 | |
|         }
 | |
|         auth_response = utils.TestResponse({
 | |
|             "status_code": 200,
 | |
|             "text": json.dumps(resp),
 | |
|         })
 | |
| 
 | |
|         mock_request = mock.Mock(return_value=(auth_response))
 | |
| 
 | |
|         @mock.patch.object(requests, "request", mock_request)
 | |
|         def test_auth_call():
 | |
|             cs.client.authenticate()
 | |
|             headers = {
 | |
|                 'User-Agent': cs.client.USER_AGENT,
 | |
|                 'Content-Type': 'application/json',
 | |
|                 'Accept': 'application/json',
 | |
|             }
 | |
|             body = {
 | |
|                 'auth': {
 | |
|                     'passwordCredentials': {
 | |
|                         'username': cs.client.user,
 | |
|                         'password': cs.client.password,
 | |
|                     },
 | |
|                     'tenantId': cs.client.tenant_id,
 | |
|                 },
 | |
|             }
 | |
| 
 | |
|             token_url = cs.client.auth_url + "/tokens"
 | |
|             mock_request.assert_called_with(
 | |
|                 "POST",
 | |
|                 token_url,
 | |
|                 headers=headers,
 | |
|                 data=json.dumps(body),
 | |
|                 allow_redirects=True,
 | |
|                 **self.TEST_REQUEST_BASE)
 | |
| 
 | |
|             endpoints = resp["access"]["serviceCatalog"][0]['endpoints']
 | |
|             public_url = endpoints[0]["publicURL"].rstrip('/')
 | |
|             self.assertEqual(public_url, cs.client.management_url)
 | |
|             token_id = resp["access"]["token"]["id"]
 | |
|             self.assertEqual(token_id, cs.client.auth_token)
 | |
|             tenant_id = resp["access"]["token"]["tenant"]["id"]
 | |
|             self.assertEqual(tenant_id, cs.client.tenant_id)
 | |
| 
 | |
|         test_auth_call()
 | |
| 
 | |
|     def test_authenticate_failure(self):
 | |
|         cs = client.Client("username", "password", "project_id",
 | |
|                            "http://localhost:8776/v2")
 | |
|         resp = {"unauthorized": {"message": "Unauthorized", "code": "401"}}
 | |
|         auth_response = utils.TestResponse({
 | |
|             "status_code": 401,
 | |
|             "text": json.dumps(resp),
 | |
|         })
 | |
| 
 | |
|         mock_request = mock.Mock(return_value=(auth_response))
 | |
| 
 | |
|         @mock.patch.object(requests, "request", mock_request)
 | |
|         def test_auth_call():
 | |
|             self.assertRaises(exceptions.Unauthorized, cs.client.authenticate)
 | |
| 
 | |
|         test_auth_call()
 | |
| 
 | |
|     def test_auth_redirect(self):
 | |
|         cs = client.Client("username", "password", "project_id",
 | |
|                            "http://localhost:8776/v2", service_type='volumev2')
 | |
|         dict_correct_response = {
 | |
|             "access": {
 | |
|                 "token": {
 | |
|                     "expires": "2014-11-01T03:32:15-05:00",
 | |
|                     "id": "FAKE_ID",
 | |
|                 },
 | |
|                 "serviceCatalog": [
 | |
|                     {
 | |
|                         "type": "volumev2",
 | |
|                         "endpoints": [
 | |
|                             {
 | |
|                                 "adminURL": "http://localhost:8776/v2",
 | |
|                                 "region": "RegionOne",
 | |
|                                 "internalURL": "http://localhost:8776/v2",
 | |
|                                 "publicURL": "http://localhost:8776/v2/",
 | |
|                             },
 | |
|                         ],
 | |
|                     },
 | |
|                 ],
 | |
|             },
 | |
|         }
 | |
|         correct_response = json.dumps(dict_correct_response)
 | |
|         dict_responses = [
 | |
|             {"headers": {'location': 'http://127.0.0.1:5001'},
 | |
|              "status_code": 305,
 | |
|              "text": "Use proxy"},
 | |
|             # Configured on admin port, cinder redirects to v2.0 port.
 | |
|             # When trying to connect on it, keystone auth succeed by v1.0
 | |
|             # protocol (through headers) but tokens are being returned in
 | |
|             # body (looks like keystone bug). Leaved for compatibility.
 | |
|             {"headers": {},
 | |
|              "status_code": 200,
 | |
|              "text": correct_response},
 | |
|             {"headers": {},
 | |
|              "status_code": 200,
 | |
|              "text": correct_response}
 | |
|         ]
 | |
| 
 | |
|         responses = [(utils.TestResponse(resp)) for resp in dict_responses]
 | |
| 
 | |
|         def side_effect(*args, **kwargs):
 | |
|             return responses.pop(0)
 | |
| 
 | |
|         mock_request = mock.Mock(side_effect=side_effect)
 | |
| 
 | |
|         @mock.patch.object(requests, "request", mock_request)
 | |
|         def test_auth_call():
 | |
|             cs.client.authenticate()
 | |
|             headers = {
 | |
|                 'User-Agent': cs.client.USER_AGENT,
 | |
|                 'Content-Type': 'application/json',
 | |
|                 'Accept': 'application/json',
 | |
|             }
 | |
|             body = {
 | |
|                 'auth': {
 | |
|                     'passwordCredentials': {
 | |
|                         'username': cs.client.user,
 | |
|                         'password': cs.client.password,
 | |
|                     },
 | |
|                     'tenantName': cs.client.projectid,
 | |
|                 },
 | |
|             }
 | |
| 
 | |
|             token_url = cs.client.auth_url + "/tokens"
 | |
|             mock_request.assert_called_with(
 | |
|                 "POST",
 | |
|                 token_url,
 | |
|                 headers=headers,
 | |
|                 data=json.dumps(body),
 | |
|                 allow_redirects=True,
 | |
|                 **self.TEST_REQUEST_BASE)
 | |
| 
 | |
|             resp = dict_correct_response
 | |
|             endpoints = resp["access"]["serviceCatalog"][0]['endpoints']
 | |
|             public_url = endpoints[0]["publicURL"].rstrip('/')
 | |
|             self.assertEqual(public_url, cs.client.management_url)
 | |
|             token_id = resp["access"]["token"]["id"]
 | |
|             self.assertEqual(token_id, cs.client.auth_token)
 | |
| 
 | |
|         test_auth_call()
 | |
| 
 | |
| 
 | |
| class AuthenticationTests(utils.TestCase):
 | |
|     def test_authenticate_success(self):
 | |
|         cs = client.Client("username", "password", "project_id", "auth_url")
 | |
|         management_url = 'https://localhost/v2.1/443470'
 | |
|         auth_response = utils.TestResponse({
 | |
|             'status_code': 204,
 | |
|             'headers': {
 | |
|                 'x-server-management-url': management_url,
 | |
|                 'x-auth-token': '1b751d74-de0c-46ae-84f0-915744b582d1',
 | |
|             },
 | |
|         })
 | |
|         mock_request = mock.Mock(return_value=(auth_response))
 | |
| 
 | |
|         @mock.patch.object(requests, "request", mock_request)
 | |
|         def test_auth_call():
 | |
|             cs.client.authenticate()
 | |
|             headers = {
 | |
|                 'Accept': 'application/json',
 | |
|                 'X-Auth-User': 'username',
 | |
|                 'X-Auth-Key': 'password',
 | |
|                 'X-Auth-Project-Id': 'project_id',
 | |
|                 'User-Agent': cs.client.USER_AGENT
 | |
|             }
 | |
|             mock_request.assert_called_with(
 | |
|                 "GET",
 | |
|                 cs.client.auth_url,
 | |
|                 headers=headers,
 | |
|                 **self.TEST_REQUEST_BASE)
 | |
| 
 | |
|             self.assertEqual(auth_response.headers['x-server-management-url'],
 | |
|                              cs.client.management_url)
 | |
|             self.assertEqual(auth_response.headers['x-auth-token'],
 | |
|                              cs.client.auth_token)
 | |
| 
 | |
|         test_auth_call()
 | |
| 
 | |
|     def test_authenticate_failure(self):
 | |
|         cs = client.Client("username", "password", "project_id", "auth_url")
 | |
|         auth_response = utils.TestResponse({"status_code": 401})
 | |
|         mock_request = mock.Mock(return_value=(auth_response))
 | |
| 
 | |
|         @mock.patch.object(requests, "request", mock_request)
 | |
|         def test_auth_call():
 | |
|             self.assertRaises(exceptions.Unauthorized, cs.client.authenticate)
 | |
| 
 | |
|         test_auth_call()
 | |
| 
 | |
|     def test_auth_automatic(self):
 | |
|         cs = client.Client("username", "password", "project_id", "auth_url")
 | |
|         http_client = cs.client
 | |
|         http_client.management_url = ''
 | |
|         mock_request = mock.Mock(return_value=(None, None))
 | |
| 
 | |
|         @mock.patch.object(http_client, 'request', mock_request)
 | |
|         @mock.patch.object(http_client, 'authenticate')
 | |
|         def test_auth_call(m):
 | |
|             http_client.get('/')
 | |
|             self.assertTrue(m.called)
 | |
|             self.assertTrue(mock_request.called)
 | |
| 
 | |
|         test_auth_call()
 | |
| 
 | |
|     def test_auth_manual(self):
 | |
|         cs = client.Client("username", "password", "project_id", "auth_url")
 | |
| 
 | |
|         @mock.patch.object(cs.client, 'authenticate')
 | |
|         def test_auth_call(m):
 | |
|             cs.authenticate()
 | |
|             self.assertTrue(m.called)
 | |
| 
 | |
|         test_auth_call()
 | 
