Merge "Add Keystone token validation"
This commit is contained in:
commit
80f31e8af2
@ -22,6 +22,17 @@
|
||||
failure_rate:
|
||||
max: 0
|
||||
|
||||
KeystoneBasic.authenticate_user_and_validate_token:
|
||||
-
|
||||
args: {}
|
||||
runner:
|
||||
type: "constant"
|
||||
times: 20
|
||||
concurrency: 5
|
||||
sla:
|
||||
failure_rate:
|
||||
max: 0
|
||||
|
||||
KeystoneBasic.create_user_set_enabled_and_delete:
|
||||
-
|
||||
args:
|
||||
|
@ -92,6 +92,24 @@ class CreateTenant(kutils.KeystoneScenario):
|
||||
self._tenant_create(**kwargs)
|
||||
|
||||
|
||||
@validation.required_openstack(admin=True)
|
||||
@validation.required_api_versions(component="keystone", versions=[2.0])
|
||||
@scenario.configure(context={"admin_cleanup": ["keystone"]},
|
||||
name="KeystoneBasic.authenticate_user_and_validate_token")
|
||||
class AuthenticateUserAndValidateToken(kutils.KeystoneScenario):
|
||||
|
||||
def run(self):
|
||||
"""Authenticate and validate a keystone token."""
|
||||
name = self.context["user"]["credential"].username
|
||||
password = self.context["user"]["credential"].password
|
||||
tenant_id = self.context["tenant"]["id"]
|
||||
tenant_name = self.context["tenant"]["name"]
|
||||
|
||||
token = self._authenticate_token(name, password, tenant_id,
|
||||
tenant_name, atomic_action=False)
|
||||
self._token_validate(token.id)
|
||||
|
||||
|
||||
@validation.number("users_per_tenant", minval=1)
|
||||
@validation.required_openstack(admin=True)
|
||||
@validation.required_api_versions(component="keystone", versions=[2.0])
|
||||
|
@ -49,6 +49,32 @@ class KeystoneScenario(scenario.OpenStackScenario):
|
||||
"""
|
||||
self.admin_clients("keystone").users.update_enabled(user, enabled)
|
||||
|
||||
@atomic.action_timer("keystone.validate_token")
|
||||
def _token_validate(self, token):
|
||||
"""Validate a token for a user.
|
||||
|
||||
:param token: The token to validate
|
||||
"""
|
||||
self.admin_clients("keystone").tokens.validate(token)
|
||||
|
||||
@atomic.optional_action_timer("keystone.token_authenticate")
|
||||
def _authenticate_token(self, name, password, tenant_id, tenant):
|
||||
"""Authenticate user token.
|
||||
|
||||
:param name: The user username
|
||||
:param password: User password for authentication
|
||||
:param tenant_id: Tenant id for authentication
|
||||
:param tenant: Tenant on which authentication will take place
|
||||
:param atomic_action: bool, enable user authentication to be
|
||||
tracked as an atomic action. added and
|
||||
handled by the optional_action_timer()
|
||||
decorator
|
||||
"""
|
||||
return self.admin_clients("keystone").tokens.authenticate(name,
|
||||
tenant_id,
|
||||
tenant,
|
||||
password)
|
||||
|
||||
def _resource_delete(self, resource):
|
||||
""""Delete keystone resource."""
|
||||
r = "keystone.delete_%s" % resource.__class__.__name__.lower()
|
||||
|
@ -0,0 +1,17 @@
|
||||
{
|
||||
"KeystoneBasic.authenticate_user_and_validate_token": [
|
||||
{
|
||||
"args": {},
|
||||
"runner": {
|
||||
"type": "constant",
|
||||
"times": 20,
|
||||
"concurrency": 5
|
||||
},
|
||||
"sla": {
|
||||
"failure_rate": {
|
||||
"max": 0
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
KeystoneBasic.authenticate_user_and_validate_token:
|
||||
-
|
||||
args: {}
|
||||
runner:
|
||||
type: "constant"
|
||||
times: 20
|
||||
concurrency: 5
|
||||
sla:
|
||||
failure_rate:
|
||||
max: 0
|
@ -29,7 +29,8 @@ class KeystoneBasicTestCase(test.ScenarioTestCase):
|
||||
"id": "fake_user_id",
|
||||
"credential": mock.MagicMock()
|
||||
},
|
||||
"tenant": {"id": "fake_tenant_id"}
|
||||
"tenant": {"id": "fake_tenant_id",
|
||||
"name": "fake_tenant_name"}
|
||||
})
|
||||
return context
|
||||
|
||||
@ -67,6 +68,24 @@ class KeystoneBasicTestCase(test.ScenarioTestCase):
|
||||
scenario._resource_delete.assert_called_once_with(
|
||||
scenario._user_create.return_value)
|
||||
|
||||
def test_user_authenticate_and_validate_token(self):
|
||||
fake_token = mock.MagicMock()
|
||||
context = self._get_context()
|
||||
scenario = basic.AuthenticateUserAndValidateToken(context)
|
||||
|
||||
fake_user = context["user"]["credential"].username
|
||||
fake_paswd = context["user"]["credential"].password
|
||||
fake_tenant_id = context["tenant"]["id"]
|
||||
fake_tenant_name = context["tenant"]["name"]
|
||||
|
||||
scenario._authenticate_token = mock.MagicMock(return_value=fake_token)
|
||||
scenario._token_validate = mock.MagicMock()
|
||||
scenario.run()
|
||||
scenario._authenticate_token.assert_called_once_with(
|
||||
fake_user, fake_paswd, fake_tenant_id,
|
||||
fake_tenant_name, atomic_action=False)
|
||||
scenario._token_validate.assert_called_once_with(fake_token.id)
|
||||
|
||||
def test_create_tenant(self):
|
||||
scenario = basic.CreateTenant(self.context)
|
||||
scenario._tenant_create = mock.MagicMock()
|
||||
|
@ -55,6 +55,32 @@ class KeystoneScenarioTestCase(test.ScenarioTestCase):
|
||||
self._test_atomic_action_timer(scenario.atomic_actions(),
|
||||
"keystone.update_user_enabled")
|
||||
|
||||
def test_token_validate(self):
|
||||
token = mock.MagicMock()
|
||||
scenario = utils.KeystoneScenario(self.context)
|
||||
|
||||
scenario._token_validate(token)
|
||||
self.admin_clients(
|
||||
"keystone").tokens.validate.assert_called_once_with(token)
|
||||
|
||||
self._test_atomic_action_timer(scenario.atomic_actions(),
|
||||
"keystone.validate_token")
|
||||
|
||||
def test_token_authenticate(self):
|
||||
name = mock.MagicMock()
|
||||
psswd = "foopsswd"
|
||||
tenant_id = mock.MagicMock()
|
||||
tenant_name = mock.MagicMock()
|
||||
|
||||
scenario = utils.KeystoneScenario(self.context)
|
||||
scenario._authenticate_token(name, psswd, tenant_id, tenant_name)
|
||||
self.admin_clients(
|
||||
"keystone").tokens.authenticate.assert_called_once_with(
|
||||
name, tenant_id, tenant_name, "foopsswd")
|
||||
|
||||
self._test_atomic_action_timer(scenario.atomic_actions(),
|
||||
"keystone.token_authenticate")
|
||||
|
||||
def test_role_create(self):
|
||||
scenario = utils.KeystoneScenario(self.context)
|
||||
scenario.generate_random_name = mock.Mock()
|
||||
|
Loading…
Reference in New Issue
Block a user