6ae0d2e8a5
Currently OpenStackClient uses keystoneclient for authentication. This change will update OpenStackClient to use keystoneauth for authentication. All dependant test have been updated. Updating how auth_ref is set in the tests to use KSA fixtures had some racy side-effects. The user_role_list tests failed when they picked up an auth_ref that was a fixture. This exposed a weakness in ListUserRole that needed to be fixed at the same time re handling of unscoped tokens and options. Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00 Closes-Bug: 1533369
227 lines
6.5 KiB
Python
227 lines
6.5 KiB
Python
# Copyright 2013 Nebula Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
import copy
|
|
import mock
|
|
import uuid
|
|
|
|
from keystoneauth1 import access
|
|
from keystoneauth1 import fixture
|
|
|
|
from openstackclient.tests import fakes
|
|
from openstackclient.tests import utils
|
|
|
|
|
|
project_id = '8-9-64'
|
|
project_name = 'beatles'
|
|
project_description = 'Fab Four'
|
|
|
|
PROJECT = {
|
|
'id': project_id,
|
|
'name': project_name,
|
|
'description': project_description,
|
|
'enabled': True,
|
|
}
|
|
|
|
PROJECT_2 = {
|
|
'id': project_id + '-2222',
|
|
'name': project_name + ' reprise',
|
|
'description': project_description + 'plus four more',
|
|
'enabled': True,
|
|
}
|
|
|
|
role_id = '1'
|
|
role_name = 'boss'
|
|
|
|
ROLE = {
|
|
'id': role_id,
|
|
'name': role_name,
|
|
}
|
|
|
|
service_id = '1925-10-11'
|
|
service_name = 'elmore'
|
|
service_description = 'Leonard, Elmore, rip'
|
|
service_type = 'author'
|
|
|
|
SERVICE = {
|
|
'id': service_id,
|
|
'name': service_name,
|
|
'description': service_description,
|
|
'type': service_type,
|
|
}
|
|
|
|
user_id = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
|
|
user_name = 'paul'
|
|
user_description = 'Sir Paul'
|
|
user_email = 'paul@applecorps.com'
|
|
|
|
USER = {
|
|
'id': user_id,
|
|
'name': user_name,
|
|
'tenantId': project_id,
|
|
'email': user_email,
|
|
'enabled': True,
|
|
}
|
|
|
|
token_expires = '2014-01-01T00:00:00Z'
|
|
token_id = 'tttttttt-tttt-tttt-tttt-tttttttttttt'
|
|
|
|
TOKEN = {
|
|
'expires': token_expires,
|
|
'id': token_id,
|
|
'tenant_id': project_id,
|
|
'user_id': user_id,
|
|
}
|
|
|
|
UNSCOPED_TOKEN = {
|
|
'expires': token_expires,
|
|
'id': token_id,
|
|
'user_id': user_id,
|
|
}
|
|
|
|
endpoint_name = service_name
|
|
endpoint_adminurl = 'https://admin.example.com/v2/UUID'
|
|
endpoint_region = 'RegionOne'
|
|
endpoint_internalurl = 'https://internal.example.com/v2/UUID'
|
|
endpoint_type = service_type
|
|
endpoint_id = '11b41ee1b00841128b7333d4bf1a6140'
|
|
endpoint_publicurl = 'https://public.example.com/v2/UUID'
|
|
endpoint_service_id = service_id
|
|
|
|
ENDPOINT = {
|
|
'service_name': endpoint_name,
|
|
'adminurl': endpoint_adminurl,
|
|
'region': endpoint_region,
|
|
'internalurl': endpoint_internalurl,
|
|
'service_type': endpoint_type,
|
|
'id': endpoint_id,
|
|
'publicurl': endpoint_publicurl,
|
|
'service_id': endpoint_service_id,
|
|
}
|
|
|
|
|
|
def fake_auth_ref(fake_token, fake_service=None):
|
|
"""Create an auth_ref using keystoneauth's fixtures"""
|
|
token_copy = copy.deepcopy(fake_token)
|
|
token_copy['token_id'] = token_copy.pop('id')
|
|
token = fixture.V2Token(**token_copy)
|
|
# An auth_ref is actually an access info object
|
|
auth_ref = access.create(body=token)
|
|
|
|
# Create a service catalog
|
|
if fake_service:
|
|
service = token.add_service(
|
|
fake_service['type'],
|
|
fake_service['name'],
|
|
)
|
|
# TODO(dtroyer): Add an 'id' element to KSA's _Service fixure
|
|
service['id'] = fake_service['id']
|
|
for e in fake_service['endpoints']:
|
|
# KSA's _Service fixture copies publicURL to internalURL and
|
|
# adminURL if they do not exist. Soooo helpful...
|
|
internal = e.get('internalURL', None)
|
|
admin = e.get('adminURL', None)
|
|
region = e.get('region_id') or e.get('region', '<none>')
|
|
endpoint = service.add_endpoint(
|
|
public=e['publicURL'],
|
|
internal=internal,
|
|
admin=admin,
|
|
region=region,
|
|
)
|
|
# ...so undo that helpfulness
|
|
if not internal:
|
|
endpoint['internalURL'] = None
|
|
if not admin:
|
|
endpoint['adminURL'] = None
|
|
|
|
return auth_ref
|
|
|
|
|
|
class FakeIdentityv2Client(object):
|
|
|
|
def __init__(self, **kwargs):
|
|
self.roles = mock.Mock()
|
|
self.roles.resource_class = fakes.FakeResource(None, {})
|
|
self.services = mock.Mock()
|
|
self.services.resource_class = fakes.FakeResource(None, {})
|
|
self.tenants = mock.Mock()
|
|
self.tenants.resource_class = fakes.FakeResource(None, {})
|
|
self.tokens = mock.Mock()
|
|
self.tokens.resource_class = fakes.FakeResource(None, {})
|
|
self.users = mock.Mock()
|
|
self.users.resource_class = fakes.FakeResource(None, {})
|
|
self.ec2 = mock.Mock()
|
|
self.ec2.resource_class = fakes.FakeResource(None, {})
|
|
self.endpoints = mock.Mock()
|
|
self.endpoints.resource_class = fakes.FakeResource(None, {})
|
|
self.extensions = mock.Mock()
|
|
self.extensions.resource_class = fakes.FakeResource(None, {})
|
|
self.auth_token = kwargs['token']
|
|
self.management_url = kwargs['endpoint']
|
|
|
|
def __getattr__(self, name):
|
|
# Map v3 'projects' back to v2 'tenants'
|
|
if name == "projects":
|
|
return self.tenants
|
|
else:
|
|
raise AttributeError(name)
|
|
|
|
|
|
class TestIdentityv2(utils.TestCommand):
|
|
|
|
def setUp(self):
|
|
super(TestIdentityv2, self).setUp()
|
|
|
|
self.app.client_manager.identity = FakeIdentityv2Client(
|
|
endpoint=fakes.AUTH_URL,
|
|
token=fakes.AUTH_TOKEN,
|
|
)
|
|
|
|
|
|
class FakeExtension(object):
|
|
"""Fake one or more extension."""
|
|
|
|
@staticmethod
|
|
def create_one_extension(attrs=None):
|
|
"""Create a fake extension.
|
|
|
|
:param Dictionary attrs:
|
|
A dictionary with all attributes
|
|
:return:
|
|
A FakeResource object with name, namespace, etc.
|
|
"""
|
|
attrs = attrs or {}
|
|
|
|
# Set default attributes.
|
|
extension_info = {
|
|
'name': 'name-' + uuid.uuid4().hex,
|
|
'namespace': ('http://docs.openstack.org/identity/'
|
|
'api/ext/OS-KSCRUD/v1.0'),
|
|
'description': 'description-' + uuid.uuid4().hex,
|
|
'updated': '2013-07-07T12:00:0-00:00',
|
|
'alias': 'OS-KSCRUD',
|
|
'links': ('[{"href":'
|
|
'"https://github.com/openstack/identity-api", "type":'
|
|
' "text/html", "rel": "describedby"}]')
|
|
}
|
|
|
|
# Overwrite default attributes.
|
|
extension_info.update(attrs)
|
|
|
|
extension = fakes.FakeResource(
|
|
info=copy.deepcopy(extension_info),
|
|
loaded=True)
|
|
return extension
|