From 645e5bacf2c4c8bd9ee37f84af9a9c6aa3cf284a Mon Sep 17 00:00:00 2001 From: wanghong Date: Fri, 21 Mar 2014 16:53:20 +0800 Subject: [PATCH] use v3 api to get certificates Let Token signing and ca certificates can be accessible at /v3/OS-SIMPLE-CERT/{ca,certificates}. Change-Id: I6c82d1f78ba1ff2ab110474623982542610b4d2d Closes-Bug: #1206345 --- keystoneclient/middleware/auth_token.py | 10 +++- .../tests/test_auth_token_middleware.py | 57 +++++++++++++------ 2 files changed, 48 insertions(+), 19 deletions(-) diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index 7bed4feba..aeb647ee2 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -1361,7 +1361,15 @@ class AuthProtocol(object): return self.cms_verify(data['signed']) def _fetch_cert_file(self, cert_file_name, cert_type): - path = '/v2.0/certificates/' + cert_type + if not self.auth_version: + self.auth_version = self._choose_api_version() + + if self.auth_version == 'v3.0': + if cert_type == 'signing': + cert_type = 'certificates' + path = '/v3/OS-SIMPLE-CERT/' + cert_type + else: + path = '/v2.0/certificates/' + cert_type response = self._http_request('GET', path) if response.status_code != 200: raise exceptions.CertificateConfigError(response.text) diff --git a/keystoneclient/tests/test_auth_token_middleware.py b/keystoneclient/tests/test_auth_token_middleware.py index fa8042a46..87f0cd512 100644 --- a/keystoneclient/tests/test_auth_token_middleware.py +++ b/keystoneclient/tests/test_auth_token_middleware.py @@ -1060,22 +1060,33 @@ class CommonAuthTokenMiddlewareTest(object): success=False) -class CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest, - testresources.ResourcedTestCase): +class V2CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest, + testresources.ResourcedTestCase): resources = [('examples', client_fixtures.EXAMPLES_RESOURCE)] + def __init__(self, *args, **kwargs): + super(V2CertDownloadMiddlewareTest, self).__init__(*args, **kwargs) + self.auth_version = 'v2.0' + self.fake_app = None + self.ca_path = '/v2.0/certificates/ca' + self.signing_path = '/v2.0/certificates/signing' + def setUp(self): - super(CertDownloadMiddlewareTest, self).setUp() + super(V2CertDownloadMiddlewareTest, self).setUp( + auth_version=self.auth_version, + fake_app=self.fake_app) self.base_dir = tempfile.mkdtemp() self.addCleanup(shutil.rmtree, self.base_dir) self.cert_dir = os.path.join(self.base_dir, 'certs') os.makedirs(self.cert_dir, stat.S_IRWXU) conf = { 'signing_dir': self.cert_dir, + 'auth_version': self.auth_version, } self.set_middleware(conf=conf) + httpretty.reset() httpretty.enable() self.addCleanup(httpretty.disable) @@ -1086,10 +1097,10 @@ class CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest, cms._ensure_subprocess() httpretty.register_uri(httpretty.GET, - "%s/v2.0/certificates/ca" % BASE_URI, + "%s%s" % (BASE_URI, self.ca_path), status=404) httpretty.register_uri(httpretty.GET, - "%s/v2.0/certificates/signing" % BASE_URI, + "%s%s" % (BASE_URI, self.signing_path), status=404) self.assertRaises(exceptions.CertificateConfigError, self.middleware.verify_signed_token, @@ -1098,74 +1109,84 @@ class CertDownloadMiddlewareTest(BaseAuthTokenMiddlewareTest, def test_fetch_signing_cert(self): data = 'FAKE CERT' httpretty.register_uri(httpretty.GET, - "%s/v2.0/certificates/signing" % BASE_URI, + "%s%s" % (BASE_URI, self.signing_path), body=data) self.middleware.fetch_signing_cert() with open(self.middleware.signing_cert_file_name, 'r') as f: self.assertEqual(f.read(), data) - self.assertEqual("/testadmin/v2.0/certificates/signing", + self.assertEqual("/testadmin%s" % self.signing_path, httpretty.last_request().path) def test_fetch_signing_ca(self): data = 'FAKE CA' httpretty.register_uri(httpretty.GET, - "%s/v2.0/certificates/ca" % BASE_URI, + "%s%s" % (BASE_URI, self.ca_path), body=data) self.middleware.fetch_ca_cert() with open(self.middleware.signing_ca_file_name, 'r') as f: self.assertEqual(f.read(), data) - self.assertEqual("/testadmin/v2.0/certificates/ca", + self.assertEqual("/testadmin%s" % self.ca_path, httpretty.last_request().path) def test_prefix_trailing_slash(self): self.conf['auth_admin_prefix'] = '/newadmin/' httpretty.register_uri(httpretty.GET, - "%s/newadmin/v2.0/certificates/ca" % BASE_HOST, + "%s/newadmin%s" % (BASE_HOST, self.ca_path), body='FAKECA') httpretty.register_uri(httpretty.GET, - "%s/newadmin/v2.0/certificates/signing" % - BASE_HOST, body='FAKECERT') + "%s/newadmin%s" % + (BASE_HOST, self.signing_path), body='FAKECERT') self.set_middleware(conf=self.conf) self.middleware.fetch_ca_cert() - self.assertEqual('/newadmin/v2.0/certificates/ca', + self.assertEqual('/newadmin%s' % self.ca_path, httpretty.last_request().path) self.middleware.fetch_signing_cert() - self.assertEqual('/newadmin/v2.0/certificates/signing', + self.assertEqual('/newadmin%s' % self.signing_path, httpretty.last_request().path) def test_without_prefix(self): self.conf['auth_admin_prefix'] = '' httpretty.register_uri(httpretty.GET, - "%s/v2.0/certificates/ca" % BASE_HOST, + "%s%s" % (BASE_HOST, self.ca_path), body='FAKECA') httpretty.register_uri(httpretty.GET, - "%s/v2.0/certificates/signing" % BASE_HOST, + "%s%s" % (BASE_HOST, self.signing_path), body='FAKECERT') self.set_middleware(conf=self.conf) self.middleware.fetch_ca_cert() - self.assertEqual('/v2.0/certificates/ca', + self.assertEqual(self.ca_path, httpretty.last_request().path) self.middleware.fetch_signing_cert() - self.assertEqual('/v2.0/certificates/signing', + self.assertEqual(self.signing_path, httpretty.last_request().path) +class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest): + + def __init__(self, *args, **kwargs): + super(V3CertDownloadMiddlewareTest, self).__init__(*args, **kwargs) + self.auth_version = 'v3.0' + self.fake_app = v3FakeApp + self.ca_path = '/v3/OS-SIMPLE-CERT/ca' + self.signing_path = '/v3/OS-SIMPLE-CERT/certificates' + + def network_error_response(method, uri, headers): raise auth_token.NetworkError("Network connection error.")