From 35e07e2982e129b2f5d225a1de3fdc36c520053e Mon Sep 17 00:00:00 2001 From: Pete Zaitcev Date: Sun, 10 Mar 2013 18:52:10 -0600 Subject: [PATCH] Permit functional tests against Swift with Keystone While poking at such problems with authentication other than swauth it was useful to allow stock functional tests running back-to-back at two clusters, with tempauth and Keystone. When running the legacy tests, this version packs account into user the way it was down previously. This way we do not need to repack them before every call to get_auth. The downside is additional work to be done when setting ACLs. Change-Id: Ieb1d9227cb88977ecd2c39825039bc4be8afae0b --- test/functional/swift_test_client.py | 47 +++++++--------- test/functionalnosetests/swift_testing.py | 62 ++++++++++++++++------ test/functionalnosetests/test_container.py | 13 ++--- test/functionalnosetests/test_object.py | 14 ++--- test/sample.conf | 6 +++ 5 files changed, 84 insertions(+), 58 deletions(-) diff --git a/test/functional/swift_test_client.py b/test/functional/swift_test_client.py index 6c9ee7851f..a6d8aece08 100644 --- a/test/functional/swift_test_client.py +++ b/test/functional/swift_test_client.py @@ -26,6 +26,7 @@ import simplejson as json from nose import SkipTest from xml.dom import minidom +from swiftclient import get_auth class AuthenticationFailed(Exception): @@ -94,6 +95,7 @@ class Connection(object): self.auth_port = int(config['auth_port']) self.auth_ssl = config['auth_ssl'] in ('on', 'true', 'yes', '1') self.auth_prefix = config.get('auth_prefix', '/') + self.auth_version = str(config.get('auth_version', '1')) self.account = config.get('account') self.username = config['username'] @@ -116,38 +118,25 @@ class Connection(object): self.storage_token = clone_conn.storage_token return - if self.account: - auth_user = '%s:%s' % (self.account, self.username) + if self.auth_version == "1": + auth_path = '%sv1.0' % (self.auth_prefix) + if self.account: + auth_user = '%s:%s' % (self.account, self.username) + else: + auth_user = self.username else: auth_user = self.username - headers = { - 'x-auth-user': auth_user, - 'x-auth-key': self.password, - } + auth_path = self.auth_prefix + auth_scheme = 'https://' if self.auth_ssl else 'http://' + auth_netloc = "%s:%d" % (self.auth_host, self.auth_port) + auth_url = auth_scheme + auth_netloc + auth_path - path = '%sv1.0' % (self.auth_prefix) - if self.auth_ssl: - connection = httplib.HTTPSConnection(self.auth_host, - port=self.auth_port) - else: - connection = httplib.HTTPConnection(self.auth_host, - port=self.auth_port) - #connection.set_debuglevel(3) - connection.request('GET', path, '', headers) - response = connection.getresponse() - connection.close() - - if response.status == 401: - raise AuthenticationFailed() - - if response.status not in (200, 204): - raise ResponseError(response) - - for hdr in response.getheaders(): - if hdr[0].lower() == "x-storage-url": - storage_url = hdr[1] - elif hdr[0].lower() == "x-auth-token": - storage_token = hdr[1] + (storage_url, storage_token) = get_auth(auth_url, + auth_user, self.password, + snet=False, + tenant_name=self.account, + auth_version=self.auth_version, + os_options={}) if not (storage_url and storage_token): raise AuthenticationFailed() diff --git a/test/functionalnosetests/swift_testing.py b/test/functionalnosetests/swift_testing.py index ea9a88a4e9..023a753c21 100644 --- a/test/functionalnosetests/swift_testing.py +++ b/test/functionalnosetests/swift_testing.py @@ -33,8 +33,12 @@ normalized_urls = conf.get('normalized_urls', False) swift_test_auth = os.environ.get('SWIFT_TEST_AUTH') swift_test_user = [os.environ.get('SWIFT_TEST_USER'), None, None] swift_test_key = [os.environ.get('SWIFT_TEST_KEY'), None, None] +swift_test_tenant = ['', '', ''] +swift_test_perm = ['', '', ''] if conf: + swift_test_auth_version = str(conf.get('auth_version', '1')) + swift_test_auth = 'http' if conf.get('auth_ssl', 'no').lower() in ('yes', 'true', 'on', '1'): swift_test_auth = 'https' @@ -42,26 +46,48 @@ if conf: conf['auth_prefix'] = '/' try: swift_test_auth += \ - '://%(auth_host)s:%(auth_port)s%(auth_prefix)sv1.0' % conf + '://%(auth_host)s:%(auth_port)s%(auth_prefix)s' % conf except KeyError: pass # skip - if 'account' in conf: - swift_test_user[0] = '%(account)s:%(username)s' % conf + + if swift_test_auth_version == "1": + swift_test_auth += 'v1.0' + + if 'account' in conf: + swift_test_user[0] = '%(account)s:%(username)s' % conf + else: + swift_test_user[0] = '%(username)s' % conf + swift_test_key[0] = conf['password'] + try: + swift_test_user[1] = '%s%s' % \ + ('%s:' % conf['account2'] if 'account2' in conf else '', + conf['username2']) + swift_test_key[1] = conf['password2'] + except KeyError, err: + pass # old conf, no second account tests can be run + try: + swift_test_user[2] = '%s%s' % ('%s:' % conf['account'] if 'account' + in conf else '', conf['username3']) + swift_test_key[2] = conf['password3'] + except KeyError, err: + pass # old conf, no third account tests can be run + + for _ in range(3): + swift_test_perm[_] = swift_test_user[_] + else: - swift_test_user[0] = '%(username)s' % conf - swift_test_key[0] = conf['password'] - try: - swift_test_user[1] = '%s%s' % ('%s:' % conf['account2'] if 'account2' - in conf else '', conf['username2']) + swift_test_user[0] = conf['username'] + swift_test_tenant[0] = conf['account'] + swift_test_key[0] = conf['password'] + swift_test_user[1] = conf['username2'] + swift_test_tenant[1] = conf['account2'] swift_test_key[1] = conf['password2'] - except KeyError, err: - pass # old conf, no second account tests can be run - try: - swift_test_user[2] = '%s%s' % ('%s:' % conf['account'] if 'account' - in conf else '', conf['username3']) + swift_test_user[2] = conf['username3'] + swift_test_tenant[2] = conf['account'] swift_test_key[2] = conf['password3'] - except KeyError, err: - pass # old conf, no third account tests can be run + + for _ in range(3): + swift_test_perm[_] = swift_test_tenant[_] + ':' + swift_test_user[_] skip = not all([swift_test_auth, swift_test_user[0], swift_test_key[0]]) if skip: @@ -112,7 +138,11 @@ def retry(func, *args, **kwargs): if not url[use_account] or not token[use_account]: url[use_account], token[use_account] = \ get_auth(swift_test_auth, swift_test_user[use_account], - swift_test_key[use_account]) + swift_test_key[use_account], + snet=False, + tenant_name=swift_test_tenant[use_account], + auth_version=swift_test_auth_version, + os_options={}) parsed[use_account] = conn[use_account] = None if not parsed[use_account] or not conn[use_account]: parsed[use_account], conn[use_account] = \ diff --git a/test/functionalnosetests/test_container.py b/test/functionalnosetests/test_container.py index dd06260fe7..e92a86c591 100755 --- a/test/functionalnosetests/test_container.py +++ b/test/functionalnosetests/test_container.py @@ -24,7 +24,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \ MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH from swift_testing import check_response, retry, skip, skip2, skip3, \ - swift_test_user, web_front_end + swift_test_perm, web_front_end class TestContainer(unittest.TestCase): @@ -397,8 +397,8 @@ class TestContainer(unittest.TestCase): # Make the container accessible by the second account def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.name, '', - {'X-Auth-Token': token, 'X-Container-Read': swift_test_user[1], - 'X-Container-Write': swift_test_user[1]}) + {'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[1], + 'X-Container-Write': swift_test_perm[1]}) return check_response(conn) resp = retry(post) resp.read() @@ -465,7 +465,8 @@ class TestContainer(unittest.TestCase): # Now make the container also writeable by the second account def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.name, '', - {'X-Auth-Token': token, 'X-Container-Write': swift_test_user[1]}) + {'X-Auth-Token': token, + 'X-Container-Write': swift_test_perm[1]}) return check_response(conn) resp = retry(post) resp.read() @@ -502,7 +503,7 @@ class TestContainer(unittest.TestCase): # Make the container accessible by the third account def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.name, '', - {'X-Auth-Token': token, 'X-Container-Read': swift_test_user[2]}) + {'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[2]}) return check_response(conn) resp = retry(post) resp.read() @@ -523,7 +524,7 @@ class TestContainer(unittest.TestCase): def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.name, '', {'X-Auth-Token': token, - 'X-Container-Write': swift_test_user[2]}) + 'X-Container-Write': swift_test_perm[2]}) return check_response(conn) resp = retry(post) resp.read() diff --git a/test/functionalnosetests/test_object.py b/test/functionalnosetests/test_object.py index 82a6a01a03..168375dd54 100755 --- a/test/functionalnosetests/test_object.py +++ b/test/functionalnosetests/test_object.py @@ -23,7 +23,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \ MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH from swift_testing import check_response, retry, skip, skip3, \ - swift_test_user, web_front_end + swift_test_perm, web_front_end from test import get_config @@ -220,8 +220,8 @@ class TestObject(unittest.TestCase): conn.request('PUT', '%s/%s' % (parsed.path, shared_container), '', {'X-Auth-Token': token, - 'X-Container-Read': swift_test_user[2], - 'X-Container-Write': swift_test_user[2]}) + 'X-Container-Read': swift_test_perm[2], + 'X-Container-Write': swift_test_perm[2]}) return check_response(conn) resp = retry(put) resp.read() @@ -419,8 +419,8 @@ class TestObject(unittest.TestCase): # Grant access to the third account def post(url, token, parsed, conn): conn.request('POST', '%s/%s' % (parsed.path, self.container), - '', {'X-Auth-Token': token, 'X-Container-Read': - swift_test_user[2]}) + '', {'X-Auth-Token': token, + 'X-Container-Read': swift_test_perm[2]}) return check_response(conn) resp = retry(post) resp.read() @@ -494,8 +494,8 @@ class TestObject(unittest.TestCase): # Grant access to the third account def post(url, token, parsed, conn): conn.request('POST', '%s/%s' % (parsed.path, acontainer), - '', {'X-Auth-Token': token, 'X-Container-Read': - swift_test_user[2]}) + '', {'X-Auth-Token': token, + 'X-Container-Read': swift_test_perm[2]}) return check_response(conn) resp = retry(post) resp.read() diff --git a/test/sample.conf b/test/sample.conf index d40fb0fe47..49a83f7098 100644 --- a/test/sample.conf +++ b/test/sample.conf @@ -4,6 +4,12 @@ auth_host = 127.0.0.1 auth_port = 8080 auth_ssl = no auth_prefix = /auth/ +## sample config for Swift with Keystone +#auth_version = 2 +#auth_host = localhost +#auth_port = 5000 +#auth_ssl = no +#auth_prefix = /v2.0/ # Primary functional test account (needs admin access to the account) account = test