From 9940e3fe0e47ff5f2f6d05c9564d17fc19ca0f5c Mon Sep 17 00:00:00 2001 From: Istvan Imre Date: Thu, 12 Jan 2017 13:18:25 +0100 Subject: [PATCH] Pass relevant parameters to Token based authentication In case of token authentication is used pass relevant parameters to Token authenticator. Co-Authored-By: Andrey Kurilin Change-Id: I9a04d89016a834fe96f1b77e91011f7fa4fdda51 Closes-Bug: #1654183 --- novaclient/client.py | 6 ++- novaclient/tests/functional/base.py | 6 +-- novaclient/tests/functional/test_auth.py | 50 +++++++++++++++++++----- 3 files changed, 48 insertions(+), 14 deletions(-) diff --git a/novaclient/client.py b/novaclient/client.py index 75ecf3805..9ca9658c7 100644 --- a/novaclient/client.py +++ b/novaclient/client.py @@ -135,7 +135,11 @@ def _construct_http_client(api_version=None, if not session: if not auth and auth_token: auth = identity.Token(auth_url=auth_url, - token=auth_token) + token=auth_token, + project_id=project_id, + project_name=project_name, + project_domain_id=project_domain_id, + project_domain_name=project_domain_name) elif not auth: auth = identity.Password(username=username, user_id=user_id, diff --git a/novaclient/tests/functional/base.py b/novaclient/tests/functional/base.py index b1b2bf9ff..acc110132 100644 --- a/novaclient/tests/functional/base.py +++ b/novaclient/tests/functional/base.py @@ -193,7 +193,7 @@ class ClientTestBase(testtools.TestCase): user = auth_info['username'] passwd = auth_info['password'] - tenant = auth_info['project_name'] + self.project_name = auth_info['project_name'] auth_url = auth_info['auth_url'] user_domain_id = auth_info['user_domain_id'] self.project_domain_id = auth_info['project_domain_id'] @@ -205,7 +205,7 @@ class ClientTestBase(testtools.TestCase): auth = identity.Password(username=user, password=passwd, - project_name=tenant, + project_name=self.project_name, auth_url=auth_url, project_domain_id=self.project_domain_id, user_domain_id=user_domain_id) @@ -247,7 +247,7 @@ class ClientTestBase(testtools.TestCase): self.cli_clients = tempest.lib.cli.base.CLIClient( username=user, password=passwd, - tenant_name=tenant, + tenant_name=self.project_name, uri=auth_url, cli_dir=cli_dir, insecure=self.insecure) diff --git a/novaclient/tests/functional/test_auth.py b/novaclient/tests/functional/test_auth.py index 760e62e92..9f645c334 100644 --- a/novaclient/tests/functional/test_auth.py +++ b/novaclient/tests/functional/test_auth.py @@ -13,40 +13,70 @@ from six.moves.urllib import parse import tempest.lib.cli.base +from novaclient import client from novaclient.tests.functional import base class TestAuthentication(base.ClientTestBase): - def nova(self, action, identity_api_version): + + def _get_url(self, identity_api_version): url = parse.urlparse(self.cli_clients.uri) - url = parse.urlunparse((url.scheme, url.netloc, - '/identity/v%s' % identity_api_version, - url.params, url.query, - url.fragment)) + return parse.urlunparse((url.scheme, url.netloc, + '/identity/v%s' % identity_api_version, + url.params, url.query, + url.fragment)) + + def nova_auth_with_password(self, action, identity_api_version): flags = ('--os-username %s --os-tenant-name %s --os-password %s ' '--os-auth-url %s --os-endpoint-type publicURL' % ( self.cli_clients.username, self.cli_clients.tenant_name, self.cli_clients.password, - url)) + self._get_url(identity_api_version))) if self.cli_clients.insecure: flags += ' --insecure ' return tempest.lib.cli.base.execute( "nova", action, flags, cli_dir=self.cli_clients.cli_dir) + def nova_auth_with_token(self, identity_api_version): + auth_ref = self.client.client.session.auth.get_access( + self.client.client.session) + token = auth_ref.auth_token + auth_url = self._get_url(identity_api_version) + kw = {} + if identity_api_version == "3": + kw["project_domain_id"] = self.project_domain_id + nova = client.Client("2", auth_token=token, auth_url=auth_url, + project_name=self.project_name, **kw) + nova.servers.list() + + # NOTE(andreykurilin): token auth is completely broken in CLI + # flags = ('--os-username %s --os-tenant-name %s --os-auth-token %s ' + # '--os-auth-url %s --os-endpoint-type publicURL' % ( + # self.cli_clients.username, + # self.cli_clients.tenant_name, + # token, auth_url)) + # if self.cli_clients.insecure: + # flags += ' --insecure ' + # + # return tempest.lib.cli.base.execute( + # "nova", action, flags, cli_dir=self.cli_clients.cli_dir) + def test_auth_via_keystone_v2(self): session = self.keystone.session version = (2, 0) if not base.is_keystone_version_available(session, version): - self.skip("Identity API version 2.0 is not available.") + self.skipTest("Identity API version 2.0 is not available.") - self.nova("list", identity_api_version="2.0") + self.nova_auth_with_password("list", identity_api_version="2.0") + self.nova_auth_with_token(identity_api_version="2.0") def test_auth_via_keystone_v3(self): session = self.keystone.session version = (3, 0) if not base.is_keystone_version_available(session, version): - self.skip("Identity API version 3.0 is not available.") + self.skipTest("Identity API version 3.0 is not available.") - self.nova("list", identity_api_version="3") + self.nova_auth_with_password("list", identity_api_version="3") + self.nova_auth_with_token(identity_api_version="3")