x/deb-python-tempest-lib
Code Issues Proposed changes

throw BadAltAuth exception when alt auth == auth

Browse Source 
If we are expecting to replace a thing by switching to alternate auth,
but don't, this should be an exception. Otherwise it's easy to
obliviously not change to an alt auth element and be doing the wrong
thing.
Fixing and extending unit tests accordingly.

Change-Id: I738098c061c64d8bb68670ecd9ade616d3a9d5ab
This commit is contained in:
Sean Dague
2015-10-15 12:15:12 -04:00
committed by Andrea Frittoli (andreaf)
parent 002d2bdd29
commit ca96243e58
4 changed files with 80 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tempest_lib/auth.py
View File

@@ -148,9 +148,15 @@ class AuthProvider(object):
auth_data=self.alt_auth_data)
alt_auth_req = dict(url=alt_url, headers=alt_headers,
body=alt_body)
if auth_req[self.alt_part] == alt_auth_req[self.alt_part]:
raise exceptions.BadAltAuth(part=self.alt_part)
auth_req[self.alt_part] = alt_auth_req[self.alt_part]
else:
# If the requested part is not affected by auth, we are
# not altering auth as expected, raise an exception
if auth_req[self.alt_part] == orig_req[self.alt_part]:
raise exceptions.BadAltAuth(part=self.alt_part)
# If alt auth data is None, skip auth in the requested part
auth_req[self.alt_part] = orig_req[self.alt_part]

11
tempest_lib/exceptions.py
View File

@@ -149,6 +149,17 @@ class InvalidStructure(TempestException):
message = "Invalid structure of table with details"
class BadAltAuth(TempestException):
"""Used when trying and failing to change to alt creds.
If alt creds end up the same as primary creds, use this
exception. This is often going to be the case when you assume
project_id is in the url, but it's not.
"""
message = "The alt auth looks the same as primary auth for %(part)s"
class CommandFailed(Exception):
def __init__(self, returncode, cmd, output, stderr):
super(CommandFailed, self).__init__()

4
tempest_lib/tests/fake_identity.py
View File

@@ -50,11 +50,11 @@ ALT_IDENTITY_V2_RESPONSE = {
"expires": "2020-01-01T00:00:10Z",
"id": ALT_TOKEN,
"tenant": {
"id": "fake_tenant_id"
"id": "fake_alt_tenant_id"
},
},
"user": {
"id": "fake_user_id",
"id": "fake_alt_user_id",
},
"serviceCatalog": CATALOG_V2,
},

68
tempest_lib/tests/test_auth.py
View File

@@ -124,6 +124,9 @@ class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp):
fake_identity._fake_v2_response)
self.target_url = 'test_api'
def _get_fake_identity(self):
return fake_identity.IDENTITY_V2_RESPONSE['access']
def _get_fake_alt_identity(self):
return fake_identity.ALT_IDENTITY_V2_RESPONSE['access']
@@ -175,14 +178,45 @@ class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp):
self._test_request_helper(filters, expected)
def test_request_with_alt_auth_cleans_alt(self):
"""Test alternate auth data for headers
Assert that when the alt data is provided for headers, after an
auth_request the data alt_data is cleaned-up.
"""
self.auth_provider.set_alt_auth_data(
'body',
'headers',
(fake_identity.ALT_TOKEN, self._get_fake_alt_identity()))
self.test_request()
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.auth_provider.auth_request('GET', self.target_url,
filters=filters)
# Assert alt auth data is clear after it
self.assertIsNone(self.auth_provider.alt_part)
self.assertIsNone(self.auth_provider.alt_auth_data)
def test_request_with_identical_alt_auth(self):
"""Test alternate but identical auth data for headers
Assert that when the alt data is provided, but it's actually
identical, an exception is raised.
"""
self.auth_provider.set_alt_auth_data(
'headers',
(fake_identity.TOKEN, self._get_fake_identity()))
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.assertRaises(exceptions.BadAltAuth,
self.auth_provider.auth_request,
'GET', self.target_url, filters=filters)
def test_request_with_alt_part_without_alt_data(self):
"""Test empty alternate auth data
@@ -194,17 +228,34 @@ class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp):
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.auth_provider.set_alt_auth_data('url', None)
self.auth_provider.set_alt_auth_data('headers', None)
url, headers, body = self.auth_provider.auth_request('GET',
self.target_url,
filters=filters)
self.assertEqual(url, self.target_url)
self.assertEqual(self._get_token_from_fake_identity(),
headers['X-Auth-Token'])
# The original headers where empty
self.assertNotEqual(url, self.target_url)
self.assertIsNone(headers)
self.assertEqual(body, None)
def test_request_with_alt_part_without_alt_data_no_change(self):
"""Test empty alternate auth data with no effect
Assert that when alt_part is defined, no auth_data is provided,
and the the corresponding original request element was not going to
be changed anyways, and exception is raised
"""
filters = {
'service': 'compute',
'endpoint_type': 'publicURL',
'region': 'fakeRegion'
}
self.auth_provider.set_alt_auth_data('body', None)
self.assertRaises(exceptions.BadAltAuth,
self.auth_provider.auth_request,
'GET', self.target_url, filters=filters)
def test_request_with_bad_service(self):
filters = {
'service': 'BAD_SERVICE',
@@ -344,6 +395,9 @@ class TestKeystoneV3AuthProvider(TestKeystoneV2AuthProvider):
self.stubs.Set(v3_client.V3TokenClient, 'raw_request',
fake_identity._fake_v3_response)
def _get_fake_identity(self):
return fake_identity.IDENTITY_V3_RESPONSE['token']
def _get_fake_alt_identity(self):
return fake_identity.ALT_IDENTITY_V3['token']