← Back to branch summary

~gandelman-a/ubuntu/precise/nova/UCA_2012.2.1

« back to all changes in this revision

Viewing changes to nova/tests/api/openstack/compute/test_auth.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2012-05-24 13:12:53 UTC
  • mfrom: (1.1.55)
  • Revision ID: package-import@ubuntu.com-20120524131253-ommql08fg1en06ut
Tags: 2012.2~f1-0ubuntu1
https://launchpad.net/bugs/907197
* New upstream release.
* Prepare for quantal:
  - Dropped debian/patches/upstream/0006-Use-project_id-in-ec2.cloud._format_image.patch
  - Dropped debian/patches/upstream/0005-Populate-image-properties-with-project_id-again.patch
  - Dropped debian/patches/upstream/0004-Fixed-bug-962840-added-a-test-case.patch
  - Dropped debian/patches/upstream/0003-Allow-unprivileged-RADOS-users-to-access-rbd-volumes.patch
  - Dropped debian/patches/upstream/0002-Stop-libvirt-test-from-deleting-instances-dir.patch
  - Dropped debian/patches/upstream/0001-fix-bug-where-nova-ignores-glance-host-in-imageref.patch 
  - Dropped debian/patches/0001-fix-useexisting-deprecation-warnings.patch
* debian/control: Add python-keystone as a dependency. (LP: #907197)
* debian/patches/kombu_tests_timeout.patch: Refreshed.
* debian/nova.conf, debian/nova-common.postinst: Convert to new ini
  file configuration
* debian/patches/nova-manage_flagfile_location.patch: Refreshed

Show diffs side-by-side

added added

removed removed

Lines of Context:
nova/tests/api/openstack/compute/test_auth.py
15
15
#    License for the specific language governing permissions and limitations
16
16
#    under the License.
17
17
 
18
 
import datetime
19
 
 
20
18
import webob
21
19
import webob.dec
22
20
 
23
 
import nova.api.openstack.compute
24
 
import nova.auth.manager
25
 
from nova.api.openstack import auth
26
21
from nova import context
27
 
from nova import db
28
22
from nova import test
29
23
from nova.tests.api.openstack import fakes
30
24
 
31
25
 
32
 
class Test(test.TestCase):
33
 
 
34
 
    def setUp(self):
35
 
        super(Test, self).setUp()
36
 
        self.stubs.Set(auth.AuthMiddleware,
37
 
            '__init__', fakes.fake_auth_init)
38
 
        self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext)
39
 
        fakes.FakeAuthManager.clear_fakes()
40
 
        fakes.FakeAuthDatabase.data = {}
41
 
        fakes.stub_out_rate_limiting(self.stubs)
42
 
        fakes.stub_out_networking(self.stubs)
43
 
 
44
 
    def test_authorize_user(self):
45
 
        f = fakes.FakeAuthManager()
46
 
        user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
47
 
        f.add_user(user)
48
 
 
49
 
        req = webob.Request.blank('/v2/')
50
 
        req.headers['X-Auth-User'] = 'user1'
51
 
        req.headers['X-Auth-Key'] = 'user1_key'
52
 
        req.headers['X-Auth-Project-Id'] = 'user1_project'
53
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
54
 
        self.assertEqual(result.status, '204 No Content')
55
 
        self.assertEqual(len(result.headers['X-Auth-Token']), 40)
56
 
 
57
 
    def test_authorize_token(self):
58
 
        f = fakes.FakeAuthManager()
59
 
        user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
60
 
        f.add_user(user)
61
 
        f.create_project('user1_project', user)
62
 
 
63
 
        req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
64
 
        req.headers['X-Auth-User'] = 'user1'
65
 
        req.headers['X-Auth-Key'] = 'user1_key'
66
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
67
 
        self.assertEqual(result.status, '204 No Content')
68
 
        self.assertEqual(len(result.headers['X-Auth-Token']), 40)
69
 
        self.assertEqual(result.headers['X-Server-Management-Url'],
70
 
            "http://foo/v2/user1_project")
71
 
 
72
 
        token = result.headers['X-Auth-Token']
73
 
        self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
74
 
                       fakes.FakeRouter)
75
 
        req = webob.Request.blank('/v2/user1_project')
76
 
        req.headers['X-Auth-Token'] = token
77
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
78
 
        self.assertEqual(result.status, '200 OK')
79
 
        self.assertEqual(result.headers['X-Test-Success'], 'True')
80
 
 
81
 
    def test_token_expiry(self):
82
 
        self.destroy_called = False
83
 
 
84
 
        def destroy_token_mock(meh, context, token):
85
 
            self.destroy_called = True
86
 
 
87
 
        def bad_token(meh, context, token_hash):
88
 
            return fakes.FakeToken(
89
 
                    token_hash=token_hash,
90
 
                    created_at=datetime.datetime(1990, 1, 1))
91
 
 
92
 
        self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_destroy',
93
 
            destroy_token_mock)
94
 
 
95
 
        self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_get',
96
 
            bad_token)
97
 
 
98
 
        req = webob.Request.blank('/v2/')
99
 
        req.headers['X-Auth-Token'] = 'token_hash'
100
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
101
 
        self.assertEqual(result.status, '401 Unauthorized')
102
 
        self.assertEqual(self.destroy_called, True)
103
 
 
104
 
    def test_authorize_project(self):
105
 
        f = fakes.FakeAuthManager()
106
 
        user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
107
 
        f.add_user(user)
108
 
        f.create_project('user1_project', user)
109
 
        f.create_project('user2_project', user)
110
 
 
111
 
        req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
112
 
        req.headers['X-Auth-User'] = 'user1'
113
 
        req.headers['X-Auth-Key'] = 'user1_key'
114
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
115
 
        self.assertEqual(result.status, '204 No Content')
116
 
 
117
 
        token = result.headers['X-Auth-Token']
118
 
        self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
119
 
                       fakes.FakeRouter)
120
 
        req = webob.Request.blank('/v2/user2_project')
121
 
        req.headers['X-Auth-Token'] = token
122
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
123
 
        self.assertEqual(result.status, '200 OK')
124
 
        self.assertEqual(result.headers['X-Test-Success'], 'True')
125
 
 
126
 
    def test_bad_user_bad_key(self):
127
 
        req = webob.Request.blank('/v2/')
128
 
        req.headers['X-Auth-User'] = 'unknown_user'
129
 
        req.headers['X-Auth-Key'] = 'unknown_user_key'
130
 
        req.headers['X-Auth-Project-Id'] = 'user_project'
131
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
132
 
        self.assertEqual(result.status, '401 Unauthorized')
133
 
 
134
 
    def test_bad_user_good_key(self):
135
 
        f = fakes.FakeAuthManager()
136
 
        user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
137
 
        f.add_user(user)
138
 
 
139
 
        req = webob.Request.blank('/v2/')
140
 
        req.headers['X-Auth-User'] = 'unknown_user'
141
 
        req.headers['X-Auth-Key'] = 'user1_key'
142
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
143
 
        self.assertEqual(result.status, '401 Unauthorized')
144
 
 
145
 
    def test_no_user(self):
146
 
        req = webob.Request.blank('/v2/')
147
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
148
 
        self.assertEqual(result.status, '401 Unauthorized')
149
 
 
150
 
    def test_bad_token(self):
151
 
        req = webob.Request.blank('/v2/')
152
 
        req.headers['X-Auth-Token'] = 'unknown_token'
153
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
154
 
        self.assertEqual(result.status, '401 Unauthorized')
155
 
 
156
 
    def test_bad_project(self):
157
 
        f = fakes.FakeAuthManager()
158
 
        user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
159
 
        user2 = nova.auth.manager.User('id2', 'user2', 'user2_key', None, None)
160
 
        f.add_user(user1)
161
 
        f.add_user(user2)
162
 
        f.create_project('user1_project', user1)
163
 
        f.create_project('user2_project', user2)
164
 
 
165
 
        req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
166
 
        req.headers['X-Auth-User'] = 'user1'
167
 
        req.headers['X-Auth-Key'] = 'user1_key'
168
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
169
 
        self.assertEqual(result.status, '204 No Content')
170
 
 
171
 
        token = result.headers['X-Auth-Token']
172
 
        self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
173
 
                       fakes.FakeRouter)
174
 
        req = webob.Request.blank('/v2/user2_project')
175
 
        req.headers['X-Auth-Token'] = token
176
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
177
 
        self.assertEqual(result.status, '401 Unauthorized')
178
 
 
179
 
    def test_not_authorized_project(self):
180
 
        f = fakes.FakeAuthManager()
181
 
        user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
182
 
        f.add_user(user1)
183
 
        f.create_project('user1_project', user1)
184
 
 
185
 
        user2 = nova.auth.manager.User('id2', 'user2', 'user2_key', None, None)
186
 
        f.add_user(user2)
187
 
        f.create_project('user2_project', user2)
188
 
 
189
 
        req = webob.Request.blank('/v2/', {'HTTP_HOST': 'foo'})
190
 
        req.headers['X-Auth-User'] = 'user1'
191
 
        req.headers['X-Auth-Key'] = 'user1_key'
192
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
193
 
        self.assertEqual(result.status, '204 No Content')
194
 
 
195
 
        token = result.headers['X-Auth-Token']
196
 
        self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
197
 
                       fakes.FakeRouter)
198
 
        req = webob.Request.blank('/v2/user2_project')
199
 
        req.headers['X-Auth-Token'] = token
200
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
201
 
        self.assertEqual(result.status, '401 Unauthorized')
202
 
 
203
 
    def test_auth_token_no_empty_headers(self):
204
 
        f = fakes.FakeAuthManager()
205
 
        user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
206
 
        f.add_user(user)
207
 
 
208
 
        req = webob.Request.blank('/v2/')
209
 
        req.headers['X-Auth-User'] = 'user1'
210
 
        req.headers['X-Auth-Key'] = 'user1_key'
211
 
        req.headers['X-Auth-Project-Id'] = 'user1_project'
212
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
213
 
        self.assertEqual(result.status, '204 No Content')
214
 
        self.assertEqual(len(result.headers['X-Auth-Token']), 40)
215
 
        self.assertFalse('X-CDN-Management-Url' in result.headers)
216
 
        self.assertFalse('X-Storage-Url' in result.headers)
217
 
 
218
 
 
219
 
class TestFunctional(test.TestCase):
220
 
    def test_token_expiry(self):
221
 
        ctx = context.get_admin_context()
222
 
        tok = db.auth_token_create(ctx, dict(
223
 
                token_hash='test_token_hash',
224
 
                cdn_management_url='',
225
 
                server_management_url='',
226
 
                storage_url='',
227
 
                user_id='user1',
228
 
                ))
229
 
 
230
 
        db.auth_token_update(ctx, tok.token_hash, dict(
231
 
                created_at=datetime.datetime(2000, 1, 1, 12, 0, 0),
232
 
                ))
233
 
 
234
 
        req = webob.Request.blank('/v2/')
235
 
        req.headers['X-Auth-Token'] = 'test_token_hash'
236
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
237
 
        self.assertEqual(result.status, '401 Unauthorized')
238
 
 
239
 
    def test_token_doesnotexist(self):
240
 
        req = webob.Request.blank('/v2/')
241
 
        req.headers['X-Auth-Token'] = 'nonexistant_token_hash'
242
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
243
 
        self.assertEqual(result.status, '401 Unauthorized')
244
 
 
245
 
 
246
 
class TestLimiter(test.TestCase):
247
 
    def setUp(self):
248
 
        super(TestLimiter, self).setUp()
249
 
        self.stubs.Set(auth.AuthMiddleware,
250
 
            '__init__', fakes.fake_auth_init)
251
 
        self.stubs.Set(context, 'RequestContext', fakes.FakeRequestContext)
252
 
        fakes.FakeAuthManager.clear_fakes()
253
 
        fakes.FakeAuthDatabase.data = {}
254
 
        fakes.stub_out_networking(self.stubs)
255
 
 
256
 
    def test_authorize_token(self):
257
 
        f = fakes.FakeAuthManager()
258
 
        user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
259
 
        f.add_user(user)
260
 
        f.create_project('test', user)
261
 
 
262
 
        req = webob.Request.blank('/v2/')
263
 
        req.headers['X-Auth-User'] = 'user1'
264
 
        req.headers['X-Auth-Key'] = 'user1_key'
265
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
266
 
        self.assertEqual(len(result.headers['X-Auth-Token']), 40)
267
 
 
268
 
        token = result.headers['X-Auth-Token']
269
 
        self.stubs.Set(nova.api.openstack.compute, 'APIRouter',
270
 
                       fakes.FakeRouter)
271
 
        req = webob.Request.blank('/v2/test')
272
 
        req.method = 'POST'
273
 
        req.headers['X-Auth-Token'] = token
274
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False))
275
 
        self.assertEqual(result.status, '200 OK')
276
 
        self.assertEqual(result.headers['X-Test-Success'], 'True')
277
 
 
278
 
 
279
26
class TestNoAuthMiddleware(test.TestCase):
280
27
 
281
28
    def setUp(self):
291
38
        req.headers['X-Auth-User'] = 'user1'
292
39
        req.headers['X-Auth-Key'] = 'user1_key'
293
40
        req.headers['X-Auth-Project-Id'] = 'user1_project'
294
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False,
295
 
                                                 use_no_auth=True))
 
41
        result = req.get_response(fakes.wsgi_app(use_no_auth=True))
296
42
        self.assertEqual(result.status, '204 No Content')
297
43
        self.assertEqual(result.headers['X-Server-Management-Url'],
298
44
            "http://localhost/v2/user1_project")
303
49
        req.headers['X-Auth-User'] = 'user1'
304
50
        req.headers['X-Auth-Key'] = 'user1_key'
305
51
        req.headers['X-Auth-Project-Id'] = 'user1_project'
306
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False,
307
 
                                                 use_no_auth=True))
 
52
        result = req.get_response(fakes.wsgi_app(use_no_auth=True))
308
53
        self.assertEqual(result.status, '204 No Content')
309
54
        self.assertEqual(result.headers['X-Server-Management-Url'],
310
55
            "http://localhost/v2/user1_project")
314
59
        req.headers['X-Auth-User'] = 'user1'
315
60
        req.headers['X-Auth-Key'] = 'user1_key'
316
61
        req.headers['X-Auth-Project-Id'] = 'user1_project'
317
 
        result = req.get_response(fakes.wsgi_app(fake_auth=False,
318
 
                                                 use_no_auth=True))
 
62
        result = req.get_response(fakes.wsgi_app(use_no_auth=True))
319
63
        self.assertEqual(result.status, '204 No Content')
320
64
        self.assertFalse('X-CDN-Management-Url' in result.headers)
321
65
        self.assertFalse('X-Storage-Url' in result.headers)