Add Keystone token validation

Added Keystone benchmarking scenario to perform token validation.

Change-Id: Ie84f99156c7537a2a4630e9b0778009e7121ef86
This commit is contained in:
Anthony Washington 2016-09-07 16:55:46 +00:00
parent 0d9f7525d8
commit f1553b591f
7 changed files with 130 additions and 2 deletions

View File

@ -22,6 +22,17 @@
failure_rate:
max: 0
KeystoneBasic.authenticate_user_and_validate_token:
-
args: {}
runner:
type: "constant"
times: 20
concurrency: 5
sla:
failure_rate:
max: 0
KeystoneBasic.create_user_set_enabled_and_delete:
-
args:

View File

@ -92,6 +92,24 @@ class CreateTenant(kutils.KeystoneScenario):
self._tenant_create(**kwargs)
@validation.required_openstack(admin=True)
@validation.required_api_versions(component="keystone", versions=[2.0])
@scenario.configure(context={"admin_cleanup": ["keystone"]},
name="KeystoneBasic.authenticate_user_and_validate_token")
class AuthenticateUserAndValidateToken(kutils.KeystoneScenario):
def run(self):
"""Authenticate and validate a keystone token."""
name = self.context["user"]["credential"].username
password = self.context["user"]["credential"].password
tenant_id = self.context["tenant"]["id"]
tenant_name = self.context["tenant"]["name"]
token = self._authenticate_token(name, password, tenant_id,
tenant_name, atomic_action=False)
self._token_validate(token.id)
@validation.number("users_per_tenant", minval=1)
@validation.required_openstack(admin=True)
@validation.required_api_versions(component="keystone", versions=[2.0])
@ -313,4 +331,4 @@ class CreateAndDeleteEc2Credential(kutils.KeystoneScenario):
"""Create and delete keystone ec2-credential."""
creds = self._create_ec2credentials(self.context["user"]["id"],
self.context["tenant"]["id"])
self._delete_ec2credential(self.context["user"]["id"], creds.access)
self._delete_ec2credential(self.context["user"]["id"], creds.access)

View File

@ -49,6 +49,32 @@ class KeystoneScenario(scenario.OpenStackScenario):
"""
self.admin_clients("keystone").users.update_enabled(user, enabled)
@atomic.action_timer("keystone.validate_token")
def _token_validate(self, token):
"""Validate a token for a user.
:param token: The token to validate
"""
self.admin_clients("keystone").tokens.validate(token)
@atomic.optional_action_timer("keystone.token_authenticate")
def _authenticate_token(self, name, password, tenant_id, tenant):
"""Authenticate user token.
:param name: The user username
:param password: User password for authentication
:param tenant_id: Tenant id for authentication
:param tenant: Tenant on which authentication will take place
:param atomic_action: bool, enable user authentication to be
tracked as an atomic action. added and
handled by the optional_action_timer()
decorator
"""
return self.admin_clients("keystone").tokens.authenticate(name,
tenant_id,
tenant,
password)
def _resource_delete(self, resource):
""""Delete keystone resource."""
r = "keystone.delete_%s" % resource.__class__.__name__.lower()

View File

@ -0,0 +1,17 @@
{
"KeystoneBasic.authenticate_user_and_validate_token": [
{
"args": {},
"runner": {
"type": "constant",
"times": 20,
"concurrency": 5
},
"sla": {
"failure_rate": {
"max": 0
}
}
}
]
}

View File

@ -0,0 +1,11 @@
---
KeystoneBasic.authenticate_user_and_validate_token:
-
args: {}
runner:
type: "constant"
times: 20
concurrency: 5
sla:
failure_rate:
max: 0

View File

@ -29,7 +29,8 @@ class KeystoneBasicTestCase(test.ScenarioTestCase):
"id": "fake_user_id",
"credential": mock.MagicMock()
},
"tenant": {"id": "fake_tenant_id"}
"tenant": {"id": "fake_tenant_id",
"name": "fake_tenant_name"}
})
return context
@ -67,6 +68,24 @@ class KeystoneBasicTestCase(test.ScenarioTestCase):
scenario._resource_delete.assert_called_once_with(
scenario._user_create.return_value)
def test_user_authenticate_and_validate_token(self):
fake_token = mock.MagicMock()
context = self._get_context()
scenario = basic.AuthenticateUserAndValidateToken(context)
fake_user = context["user"]["credential"].username
fake_paswd = context["user"]["credential"].password
fake_tenant_id = context["tenant"]["id"]
fake_tenant_name = context["tenant"]["name"]
scenario._authenticate_token = mock.MagicMock(return_value=fake_token)
scenario._token_validate = mock.MagicMock()
scenario.run()
scenario._authenticate_token.assert_called_once_with(
fake_user, fake_paswd, fake_tenant_id,
fake_tenant_name, atomic_action=False)
scenario._token_validate.assert_called_once_with(fake_token.id)
def test_create_tenant(self):
scenario = basic.CreateTenant(self.context)
scenario._tenant_create = mock.MagicMock()

View File

@ -55,6 +55,32 @@ class KeystoneScenarioTestCase(test.ScenarioTestCase):
self._test_atomic_action_timer(scenario.atomic_actions(),
"keystone.update_user_enabled")
def test_token_validate(self):
token = mock.MagicMock()
scenario = utils.KeystoneScenario(self.context)
scenario._token_validate(token)
self.admin_clients(
"keystone").tokens.validate.assert_called_once_with(token)
self._test_atomic_action_timer(scenario.atomic_actions(),
"keystone.validate_token")
def test_token_authenticate(self):
name = mock.MagicMock()
psswd = "foopsswd"
tenant_id = mock.MagicMock()
tenant_name = mock.MagicMock()
scenario = utils.KeystoneScenario(self.context)
scenario._authenticate_token(name, psswd, tenant_id, tenant_name)
self.admin_clients(
"keystone").tokens.authenticate.assert_called_once_with(
name, tenant_id, tenant_name, "foopsswd")
self._test_atomic_action_timer(scenario.atomic_actions(),
"keystone.token_authenticate")
def test_role_create(self):
scenario = utils.KeystoneScenario(self.context)
scenario.generate_random_name = mock.Mock()