308 lines
15 KiB
Python
308 lines
15 KiB
Python
# Copyright 2017 IBM Corp.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from unittest import mock
|
|
|
|
from oslo_config import cfg
|
|
import testtools
|
|
|
|
from tempest.common import credentials_factory as cf
|
|
from tempest import config
|
|
from tempest.lib.common import dynamic_creds
|
|
from tempest.lib.common import preprov_creds
|
|
from tempest.lib import exceptions
|
|
from tempest.tests import base
|
|
from tempest.tests import fake_config
|
|
from tempest.tests.lib import fake_credentials
|
|
|
|
|
|
class TestCredentialsFactory(base.TestCase):
|
|
|
|
def setUp(self):
|
|
super(TestCredentialsFactory, self).setUp()
|
|
self.useFixture(fake_config.ConfigFixture())
|
|
self.patchobject(config, 'TempestConfigPrivate',
|
|
fake_config.FakePrivate)
|
|
|
|
def test_get_dynamic_provider_params_creds_v2(self):
|
|
expected_uri = 'EXPECTED_V2_URI'
|
|
cfg.CONF.set_default('uri', expected_uri, group='identity')
|
|
admin_creds = fake_credentials.FakeCredentials()
|
|
params = cf.get_dynamic_provider_params('v2', admin_creds=admin_creds)
|
|
expected_params = dict(identity_uri=expected_uri,
|
|
admin_creds=admin_creds)
|
|
for key in expected_params:
|
|
self.assertIn(key, params)
|
|
self.assertEqual(expected_params[key], params[key])
|
|
|
|
def test_get_dynamic_provider_params_creds_v3(self):
|
|
expected_uri = 'EXPECTED_V3_URI'
|
|
cfg.CONF.set_default('uri_v3', expected_uri, group='identity')
|
|
admin_creds = fake_credentials.FakeCredentials()
|
|
params = cf.get_dynamic_provider_params('v3', admin_creds=admin_creds)
|
|
expected_params = dict(identity_uri=expected_uri,
|
|
admin_creds=admin_creds)
|
|
for key in expected_params:
|
|
self.assertIn(key, params)
|
|
self.assertEqual(expected_params[key], params[key])
|
|
|
|
def test_get_dynamic_provider_params_creds_vx(self):
|
|
admin_creds = fake_credentials.FakeCredentials()
|
|
invalid_version = 'invalid_version_x'
|
|
with testtools.ExpectedException(
|
|
exc_type=exceptions.InvalidIdentityVersion,
|
|
value_re='Invalid version ' + invalid_version):
|
|
cf.get_dynamic_provider_params(invalid_version,
|
|
admin_creds=admin_creds)
|
|
|
|
def test_get_dynamic_provider_params_no_creds(self):
|
|
expected_identity_version = 'v3'
|
|
with mock.patch.object(
|
|
cf, 'get_configured_admin_credentials') as admin_creds_mock:
|
|
cf.get_dynamic_provider_params(expected_identity_version)
|
|
admin_creds_mock.assert_called_once_with(
|
|
fill_in=True, identity_version=expected_identity_version)
|
|
|
|
def test_get_preprov_provider_params_creds_v2(self):
|
|
expected_uri = 'EXPECTED_V2_URI'
|
|
cfg.CONF.set_default('uri', expected_uri, group='identity')
|
|
params = cf.get_preprov_provider_params('v2')
|
|
self.assertIn('identity_uri', params)
|
|
self.assertEqual(expected_uri, params['identity_uri'])
|
|
|
|
def test_get_preprov_provider_params_creds_v3(self):
|
|
expected_uri = 'EXPECTED_V3_URI'
|
|
cfg.CONF.set_default('uri_v3', expected_uri, group='identity')
|
|
params = cf.get_preprov_provider_params('v3')
|
|
self.assertIn('identity_uri', params)
|
|
self.assertEqual(expected_uri, params['identity_uri'])
|
|
|
|
def test_get_preprov_provider_params_creds_vx(self):
|
|
invalid_version = 'invalid_version_x'
|
|
with testtools.ExpectedException(
|
|
exc_type=exceptions.InvalidIdentityVersion,
|
|
value_re='Invalid version ' + invalid_version):
|
|
cf.get_dynamic_provider_params(invalid_version)
|
|
|
|
@mock.patch.object(dynamic_creds, 'DynamicCredentialProvider')
|
|
@mock.patch.object(cf, 'get_dynamic_provider_params')
|
|
def test_get_credentials_provider_dynamic(
|
|
self, mock_dynamic_provider_params,
|
|
mock_dynamic_credentials_provider_class):
|
|
cfg.CONF.set_default('use_dynamic_credentials', True, group='auth')
|
|
expected_params = {'foo': 'bar'}
|
|
mock_dynamic_provider_params.return_value = expected_params
|
|
expected_name = 'my_name'
|
|
expected_network_resources = {'network': 'resources'}
|
|
expected_identity_version = 'identity_version'
|
|
cf.get_credentials_provider(
|
|
expected_name,
|
|
network_resources=expected_network_resources,
|
|
force_tenant_isolation=False,
|
|
identity_version=expected_identity_version)
|
|
mock_dynamic_provider_params.assert_called_once_with(
|
|
expected_identity_version)
|
|
mock_dynamic_credentials_provider_class.assert_called_once_with(
|
|
name=expected_name, network_resources=expected_network_resources,
|
|
**expected_params)
|
|
|
|
@mock.patch.object(preprov_creds, 'PreProvisionedCredentialProvider')
|
|
@mock.patch.object(cf, 'get_preprov_provider_params')
|
|
def test_get_credentials_provider_preprov(
|
|
self, mock_preprov_provider_params,
|
|
mock_preprov_credentials_provider_class):
|
|
cfg.CONF.set_default('use_dynamic_credentials', False, group='auth')
|
|
cfg.CONF.set_default('test_accounts_file', '/some/file', group='auth')
|
|
expected_params = {'foo': 'bar'}
|
|
mock_preprov_provider_params.return_value = expected_params
|
|
expected_name = 'my_name'
|
|
expected_identity_version = 'identity_version'
|
|
cf.get_credentials_provider(
|
|
expected_name,
|
|
force_tenant_isolation=False,
|
|
identity_version=expected_identity_version)
|
|
mock_preprov_provider_params.assert_called_once_with(
|
|
expected_identity_version)
|
|
mock_preprov_credentials_provider_class.assert_called_once_with(
|
|
name=expected_name, **expected_params)
|
|
|
|
def test_get_credentials_provider_preprov_no_file(self):
|
|
cfg.CONF.set_default('use_dynamic_credentials', False, group='auth')
|
|
cfg.CONF.set_default('test_accounts_file', None, group='auth')
|
|
with testtools.ExpectedException(
|
|
exc_type=exceptions.InvalidConfiguration):
|
|
cf.get_credentials_provider(
|
|
'some_name',
|
|
force_tenant_isolation=False,
|
|
identity_version='some_version')
|
|
|
|
@mock.patch.object(dynamic_creds, 'DynamicCredentialProvider')
|
|
@mock.patch.object(cf, 'get_dynamic_provider_params')
|
|
def test_get_credentials_provider_force_dynamic(
|
|
self, mock_dynamic_provider_params,
|
|
mock_dynamic_credentials_provider_class):
|
|
cfg.CONF.set_default('use_dynamic_credentials', False, group='auth')
|
|
expected_params = {'foo': 'bar'}
|
|
mock_dynamic_provider_params.return_value = expected_params
|
|
expected_name = 'my_name'
|
|
expected_network_resources = {'network': 'resources'}
|
|
expected_identity_version = 'identity_version'
|
|
cf.get_credentials_provider(
|
|
expected_name,
|
|
network_resources=expected_network_resources,
|
|
force_tenant_isolation=True,
|
|
identity_version=expected_identity_version)
|
|
mock_dynamic_provider_params.assert_called_once_with(
|
|
expected_identity_version)
|
|
mock_dynamic_credentials_provider_class.assert_called_once_with(
|
|
name=expected_name, network_resources=expected_network_resources,
|
|
**expected_params)
|
|
|
|
@mock.patch.object(cf, 'get_credentials')
|
|
def test_get_configured_admin_credentials(self, mock_get_credentials):
|
|
cfg.CONF.set_default('auth_version', 'v3', 'identity')
|
|
all_params = [
|
|
('admin_username', 'username', 'my_name'),
|
|
('admin_user_domain_name', 'user_domain_name', 'my_dname'),
|
|
('admin_password', 'password', 'secret'),
|
|
('admin_project_name', 'project_name', 'my_pname'),
|
|
('admin_project_domain_name', 'project_domain_name', 'my_dname'),
|
|
('admin_domain_name', 'domain_name', 'my_dname'),
|
|
('admin_system', 'system', None),
|
|
]
|
|
expected_result = 'my_admin_credentials'
|
|
mock_get_credentials.return_value = expected_result
|
|
for config_item, _, value in all_params:
|
|
cfg.CONF.set_default(config_item, value, 'auth')
|
|
# Build the expected params
|
|
expected_params = dict(
|
|
[(field, value) for _, field, value in all_params])
|
|
expected_params.update(config.service_client_config())
|
|
admin_creds = cf.get_configured_admin_credentials()
|
|
mock_get_credentials.assert_called_once_with(
|
|
fill_in=True, identity_version='v3', **expected_params)
|
|
self.assertEqual(expected_result, admin_creds)
|
|
|
|
@mock.patch.object(cf, 'get_credentials')
|
|
def test_get_configured_admin_credentials_not_fill_valid(
|
|
self, mock_get_credentials):
|
|
cfg.CONF.set_default('auth_version', 'v2', 'identity')
|
|
all_params = [
|
|
('admin_username', 'username', 'my_name'),
|
|
('admin_user_domain_name', 'user_domain_name', 'my_dname'),
|
|
('admin_password', 'password', 'secret'),
|
|
('admin_project_domain_name', 'project_domain_name', 'my_dname'),
|
|
('admin_project_name', 'project_name', 'my_pname'),
|
|
('admin_domain_name', 'domain_name', 'my_dname'),
|
|
('admin_system', 'system', None),
|
|
]
|
|
expected_result = mock.Mock()
|
|
expected_result.is_valid.return_value = True
|
|
mock_get_credentials.return_value = expected_result
|
|
for config_item, _, value in all_params:
|
|
cfg.CONF.set_default(config_item, value, 'auth')
|
|
# Build the expected params
|
|
expected_params = dict(
|
|
[(field, value) for _, field, value in all_params])
|
|
expected_params.update(config.service_client_config())
|
|
admin_creds = cf.get_configured_admin_credentials(
|
|
fill_in=False, identity_version='v3')
|
|
mock_get_credentials.assert_called_once_with(
|
|
fill_in=False, identity_version='v3', **expected_params)
|
|
self.assertEqual(expected_result, admin_creds)
|
|
expected_result.is_valid.assert_called_once()
|
|
|
|
@mock.patch.object(cf, 'get_credentials')
|
|
def test_get_configured_admin_credentials_not_fill_not_valid(
|
|
self, mock_get_credentials):
|
|
cfg.CONF.set_default('auth_version', 'v2', 'identity')
|
|
expected_result = mock.Mock()
|
|
expected_result.is_valid.return_value = False
|
|
mock_get_credentials.return_value = expected_result
|
|
with testtools.ExpectedException(exceptions.InvalidConfiguration,
|
|
value_re='.*\n.*identity version v2'):
|
|
cf.get_configured_admin_credentials(fill_in=False)
|
|
|
|
@mock.patch('tempest.lib.auth.get_credentials')
|
|
def test_get_credentials_v2(self, mock_auth_get_credentials):
|
|
expected_uri = 'V2_URI'
|
|
expected_result = 'my_creds'
|
|
mock_auth_get_credentials.return_value = expected_result
|
|
cfg.CONF.set_default('uri', expected_uri, 'identity')
|
|
params = {'foo': 'bar'}
|
|
expected_params = params.copy()
|
|
expected_params.update(config.service_client_config())
|
|
result = cf.get_credentials(identity_version='v2', **params)
|
|
self.assertEqual(expected_result, result)
|
|
mock_auth_get_credentials.assert_called_once_with(
|
|
expected_uri, fill_in=True, identity_version='v2',
|
|
**expected_params)
|
|
|
|
@mock.patch('tempest.lib.auth.get_credentials')
|
|
def test_get_credentials_v3_no_domain(self, mock_auth_get_credentials):
|
|
expected_uri = 'V3_URI'
|
|
expected_result = 'my_creds'
|
|
expected_domain = 'my_domain'
|
|
mock_auth_get_credentials.return_value = expected_result
|
|
cfg.CONF.set_default('uri_v3', expected_uri, 'identity')
|
|
cfg.CONF.set_default('default_credentials_domain_name',
|
|
expected_domain, 'auth')
|
|
params = {'foo': 'bar'}
|
|
expected_params = params.copy()
|
|
expected_params['domain_name'] = expected_domain
|
|
expected_params.update(config.service_client_config())
|
|
result = cf.get_credentials(fill_in=False, identity_version='v3',
|
|
**params)
|
|
self.assertEqual(expected_result, result)
|
|
mock_auth_get_credentials.assert_called_once_with(
|
|
expected_uri, fill_in=False, identity_version='v3',
|
|
**expected_params)
|
|
|
|
@mock.patch('tempest.lib.auth.get_credentials')
|
|
def test_get_credentials_v3_domain(self, mock_auth_get_credentials):
|
|
expected_uri = 'V3_URI'
|
|
expected_result = 'my_creds'
|
|
expected_domain = 'my_domain'
|
|
mock_auth_get_credentials.return_value = expected_result
|
|
cfg.CONF.set_default('uri_v3', expected_uri, 'identity')
|
|
cfg.CONF.set_default('default_credentials_domain_name',
|
|
expected_domain, 'auth')
|
|
params = {'foo': 'bar', 'user_domain_name': expected_domain}
|
|
expected_params = params.copy()
|
|
expected_params.update(config.service_client_config())
|
|
result = cf.get_credentials(fill_in=False, identity_version='v3',
|
|
**params)
|
|
self.assertEqual(expected_result, result)
|
|
mock_auth_get_credentials.assert_called_once_with(
|
|
expected_uri, fill_in=False, identity_version='v3',
|
|
**expected_params)
|
|
|
|
@mock.patch('tempest.lib.auth.get_credentials')
|
|
def test_get_credentials_v3_system(self, mock_auth_get_credentials):
|
|
expected_uri = 'V3_URI'
|
|
expected_result = 'my_creds'
|
|
mock_auth_get_credentials.return_value = expected_result
|
|
cfg.CONF.set_default('uri_v3', expected_uri, 'identity')
|
|
cfg.CONF.set_default('admin_system', 'all', 'auth')
|
|
params = {'system': 'all'}
|
|
expected_params = params.copy()
|
|
expected_params.update(config.service_client_config())
|
|
result = cf.get_credentials(fill_in=False, identity_version='v3',
|
|
**params)
|
|
self.assertEqual(expected_result, result)
|
|
mock_auth_get_credentials.assert_called_once_with(
|
|
expected_uri, fill_in=False, identity_version='v3',
|
|
**expected_params)
|