Permit functional tests against Swift with Keystone

While poking at such problems with authentication other than swauth it was useful to allow stock functional tests running back-to-back at two clusters, with tempauth and Keystone. When running the legacy tests, this version packs account into user the way it was down previously. This way we do not need to repack them before every call to get_auth. The downside is additional work to be done when setting ACLs. Change-Id: Ieb1d9227cb88977ecd2c39825039bc4be8afae0b
2013-03-10 18:52:10 -06:00 · 2013-03-10 18:52:10 -06:00 · 35e07e2982
commit 35e07e2982
parent 5e427e5e3b
5 changed files with 84 additions and 58 deletions
--- a/test/functional/swift_test_client.py
+++ b/test/functional/swift_test_client.py
@ -26,6 +26,7 @@ import simplejson as json
 from nose import SkipTest
 from xml.dom import minidom
 from swiftclient import get_auth
 class AuthenticationFailed(Exception):
@ -94,6 +95,7 @@ class Connection(object):
        self.auth_port = int(config['auth_port'])
        self.auth_ssl = config['auth_ssl'] in ('on', 'true', 'yes', '1')
        self.auth_prefix = config.get('auth_prefix', '/')
        self.auth_version = str(config.get('auth_version', '1'))
        self.account = config.get('account')
        self.username = config['username']
@ -116,38 +118,25 @@ class Connection(object):
            self.storage_token = clone_conn.storage_token
            return
        if self.auth_version == "1":
            auth_path = '%sv1.0' % (self.auth_prefix)
            if self.account:
                auth_user = '%s:%s' % (self.account, self.username)
            else:
                auth_user = self.username
        headers = {
            'x-auth-user': auth_user,
            'x-auth-key': self.password,
        }
        path = '%sv1.0' % (self.auth_prefix)
        if self.auth_ssl:
            connection = httplib.HTTPSConnection(self.auth_host,
                                                 port=self.auth_port)
        else:
-            connection = httplib.HTTPConnection(self.auth_host,
+            auth_user = self.username
-                                                port=self.auth_port)
+            auth_path = self.auth_prefix
-        #connection.set_debuglevel(3)
+        auth_scheme = 'https://' if self.auth_ssl else 'http://'
-        connection.request('GET', path, '', headers)
+        auth_netloc = "%s:%d" % (self.auth_host, self.auth_port)
-        response = connection.getresponse()
+        auth_url = auth_scheme + auth_netloc + auth_path
        connection.close()
-        if response.status == 401:
+        (storage_url, storage_token) = get_auth(auth_url,
-            raise AuthenticationFailed()
+              auth_user, self.password,
-
+              snet=False,
-        if response.status not in (200, 204):
+              tenant_name=self.account,
-            raise ResponseError(response)
+              auth_version=self.auth_version,
-
+              os_options={})
        for hdr in response.getheaders():
            if hdr[0].lower() == "x-storage-url":
                storage_url = hdr[1]
            elif hdr[0].lower() == "x-auth-token":
                storage_token = hdr[1]
        if not (storage_url and storage_token):
            raise AuthenticationFailed()
--- a/test/functionalnosetests/swift_testing.py
+++ b/test/functionalnosetests/swift_testing.py
@ -33,8 +33,12 @@ normalized_urls = conf.get('normalized_urls', False)
 swift_test_auth = os.environ.get('SWIFT_TEST_AUTH')
 swift_test_user = [os.environ.get('SWIFT_TEST_USER'), None, None]
 swift_test_key = [os.environ.get('SWIFT_TEST_KEY'), None, None]
 swift_test_tenant = ['', '', '']
 swift_test_perm = ['', '', '']
 if conf:
    swift_test_auth_version = str(conf.get('auth_version', '1'))
    swift_test_auth = 'http'
    if conf.get('auth_ssl', 'no').lower() in ('yes', 'true', 'on', '1'):
        swift_test_auth = 'https'
@ -42,17 +46,22 @@ if conf:
        conf['auth_prefix'] = '/'
    try:
        swift_test_auth += \
-                '://%(auth_host)s:%(auth_port)s%(auth_prefix)sv1.0' % conf
+                '://%(auth_host)s:%(auth_port)s%(auth_prefix)s' % conf
    except KeyError:
        pass  # skip
    if swift_test_auth_version == "1":
        swift_test_auth += 'v1.0'
        if 'account' in conf:
            swift_test_user[0] = '%(account)s:%(username)s' % conf
        else:
            swift_test_user[0] = '%(username)s' % conf
        swift_test_key[0] = conf['password']
        try:
-        swift_test_user[1] = '%s%s' % ('%s:' % conf['account2'] if 'account2'
+            swift_test_user[1] = '%s%s' % \
-                                       in conf else '', conf['username2'])
+               ('%s:' % conf['account2'] if 'account2' in conf else '',
                conf['username2'])
            swift_test_key[1] = conf['password2']
        except KeyError, err:
            pass  # old conf, no second account tests can be run
@ -63,6 +72,23 @@ if conf:
        except KeyError, err:
            pass  # old conf, no third account tests can be run
        for _ in range(3):
            swift_test_perm[_] = swift_test_user[_]
    else:
        swift_test_user[0] = conf['username']
        swift_test_tenant[0] = conf['account']
        swift_test_key[0] = conf['password']
        swift_test_user[1] = conf['username2']
        swift_test_tenant[1] = conf['account2']
        swift_test_key[1] = conf['password2']
        swift_test_user[2] = conf['username3']
        swift_test_tenant[2] = conf['account']
        swift_test_key[2] = conf['password3']
        for _ in range(3):
            swift_test_perm[_] = swift_test_tenant[_] + ':' + swift_test_user[_]
 skip = not all([swift_test_auth, swift_test_user[0], swift_test_key[0]])
 if skip:
    print >>sys.stderr, 'SKIPPING FUNCTIONAL TESTS DUE TO NO CONFIG'
@ -112,7 +138,11 @@ def retry(func, *args, **kwargs):
            if not url[use_account] or not token[use_account]:
                url[use_account], token[use_account] = \
                    get_auth(swift_test_auth, swift_test_user[use_account],
-                             swift_test_key[use_account])
+                             swift_test_key[use_account],
                             snet=False,
                             tenant_name=swift_test_tenant[use_account],
                             auth_version=swift_test_auth_version,
                             os_options={})
                parsed[use_account] = conn[use_account] = None
            if not parsed[use_account] or not conn[use_account]:
                parsed[use_account], conn[use_account] = \
--- a/test/functionalnosetests/test_container.py
+++ b/test/functionalnosetests/test_container.py
@ -24,7 +24,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \
    MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH
 from swift_testing import check_response, retry, skip, skip2, skip3, \
-                          swift_test_user, web_front_end
+                          swift_test_perm, web_front_end
 class TestContainer(unittest.TestCase):
@ -397,8 +397,8 @@ class TestContainer(unittest.TestCase):
        # Make the container accessible by the second account
        def post(url, token, parsed, conn):
            conn.request('POST', parsed.path + '/' + self.name, '',
-                {'X-Auth-Token': token, 'X-Container-Read': swift_test_user[1],
+                {'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[1],
-                 'X-Container-Write': swift_test_user[1]})
+                 'X-Container-Write': swift_test_perm[1]})
            return check_response(conn)
        resp = retry(post)
        resp.read()
@ -465,7 +465,8 @@ class TestContainer(unittest.TestCase):
        # Now make the container also writeable by the second account
        def post(url, token, parsed, conn):
            conn.request('POST', parsed.path + '/' + self.name, '',
-                {'X-Auth-Token': token, 'X-Container-Write': swift_test_user[1]})
+                {'X-Auth-Token': token,
                 'X-Container-Write': swift_test_perm[1]})
            return check_response(conn)
        resp = retry(post)
        resp.read()
@ -502,7 +503,7 @@ class TestContainer(unittest.TestCase):
        # Make the container accessible by the third account
        def post(url, token, parsed, conn):
            conn.request('POST', parsed.path + '/' + self.name, '',
-               {'X-Auth-Token': token, 'X-Container-Read': swift_test_user[2]})
+               {'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[2]})
            return check_response(conn)
        resp = retry(post)
        resp.read()
@ -523,7 +524,7 @@ class TestContainer(unittest.TestCase):
        def post(url, token, parsed, conn):
            conn.request('POST', parsed.path + '/' + self.name, '',
                         {'X-Auth-Token': token,
-                          'X-Container-Write': swift_test_user[2]})
+                          'X-Container-Write': swift_test_perm[2]})
            return check_response(conn)
        resp = retry(post)
        resp.read()
--- a/test/functionalnosetests/test_object.py
+++ b/test/functionalnosetests/test_object.py
@ -23,7 +23,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \
    MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH
 from swift_testing import check_response, retry, skip, skip3, \
-    swift_test_user, web_front_end
+    swift_test_perm, web_front_end
 from test import get_config
@ -220,8 +220,8 @@ class TestObject(unittest.TestCase):
            conn.request('PUT', '%s/%s' % (parsed.path,
                                           shared_container), '',
                         {'X-Auth-Token': token,
-                         'X-Container-Read': swift_test_user[2],
+                          'X-Container-Read': swift_test_perm[2],
-                         'X-Container-Write': swift_test_user[2]})
+                          'X-Container-Write': swift_test_perm[2]})
            return check_response(conn)
        resp = retry(put)
        resp.read()
@ -419,8 +419,8 @@ class TestObject(unittest.TestCase):
            # Grant access to the third account
            def post(url, token, parsed, conn):
                conn.request('POST', '%s/%s' % (parsed.path, self.container),
-                    '', {'X-Auth-Token': token, 'X-Container-Read':
+                    '', {'X-Auth-Token': token,
-                    swift_test_user[2]})
+                         'X-Container-Read': swift_test_perm[2]})
                return check_response(conn)
            resp = retry(post)
            resp.read()
@ -494,8 +494,8 @@ class TestObject(unittest.TestCase):
            # Grant access to the third account
            def post(url, token, parsed, conn):
                conn.request('POST', '%s/%s' % (parsed.path, acontainer),
-                    '', {'X-Auth-Token': token, 'X-Container-Read':
+                    '', {'X-Auth-Token': token,
-                    swift_test_user[2]})
+                         'X-Container-Read': swift_test_perm[2]})
                return check_response(conn)
            resp = retry(post)
            resp.read()
--- a/test/sample.conf
+++ b/test/sample.conf
@ -4,6 +4,12 @@ auth_host = 127.0.0.1
 auth_port = 8080
 auth_ssl = no
 auth_prefix = /auth/
 ## sample config for Swift with Keystone
 #auth_version = 2
 #auth_host = localhost
 #auth_port = 5000
 #auth_ssl = no
 #auth_prefix = /v2.0/
 # Primary functional test account (needs admin access to the account)
 account = test