44
44
group='keystone_authtoken')
45
45
self.addCleanup(self.m.VerifyAll)
48
super(KeystoneClientTest, self).tearDown()
49
cfg.CONF.clear_override('deferred_auth_method')
50
cfg.CONF.clear_override('auth_uri', group='keystone_authtoken')
51
cfg.CONF.clear_override('admin_user', group='keystone_authtoken')
52
cfg.CONF.clear_override('admin_password', group='keystone_authtoken')
53
cfg.CONF.clear_override('admin_tenant_name',
54
group='keystone_authtoken')
56
def _stubs_v2(self, method='token', auth_ok=True):
47
def _stubs_v2(self, method='token', auth_ok=True,
57
49
self.m.StubOutClassWithMocks(heat_keystoneclient.kc, "Client")
58
50
if method == 'token':
59
51
self.mock_ks_client = heat_keystoneclient.kc.Client(
69
61
username='test_username',
70
62
password='password')
71
63
self.mock_ks_client.authenticate().AndReturn(auth_ok)
65
self.mock_ks_client = heat_keystoneclient.kc.Client(
66
auth_url='http://server.test:5000/v2.0',
67
password='verybadpass',
68
tenant_name='service',
70
self.mock_ks_client.authenticate(trust_id='atrust123',
71
tenant_id='test_tenant_id'
73
self.mock_ks_client.auth_ref = self.m.CreateMockAnything()
74
self.mock_ks_client.auth_ref.trust_scoped = trust_scoped
75
self.mock_ks_client.auth_ref.auth_token = 'atrusttoken'
73
77
def _stubs_v3(self, method='token', auth_ok=True):
74
self.m.StubOutClassWithMocks(heat_keystoneclient.kc, "Client")
75
78
self.m.StubOutClassWithMocks(heat_keystoneclient.kc_v3, "Client")
77
80
if method == 'token':
93
96
password='verybadpass',
94
97
project_name='service',
95
auth_url='http://server.test:5000/v3',
98
auth_url='http://server.test:5000/v3')
98
99
self.mock_ks_v3_client.authenticate().AndReturn(auth_ok)
100
self.mock_ks_v3_client.auth_ref = self.m.CreateMockAnything()
101
self.mock_ks_v3_client.auth_ref.get('auth_token').AndReturn(
103
self.mock_ks_client = heat_keystoneclient.kc.Client(
104
auth_url=mox.IgnoreArg(),
105
tenant_name='test_tenant',
106
token='4b97cc1b2454e137ee2e8261e115bbe8')
107
self.mock_ks_client.authenticate().AndReturn(auth_ok)
109
101
def test_username_length(self):
110
102
"""Test that user names >64 characters are properly truncated."""
132
124
# the cleanup VerifyAll should verify that though we passed
133
125
# long_user_name, keystone was actually called with a truncated
135
heat_ks_client = heat_keystoneclient.KeystoneClient(
136
utils.dummy_context())
127
ctx = utils.dummy_context()
129
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
137
130
heat_ks_client.create_stack_user(long_user_name, password='password')
139
132
def test_init_v2_password(self):
141
"""Test creating the client without trusts, user/password context."""
134
"""Test creating the client, user/password context."""
143
136
self._stubs_v2(method='password')
144
137
self.m.ReplayAll()
146
139
ctx = utils.dummy_context()
147
140
ctx.auth_token = None
148
142
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
149
143
self.assertIsNotNone(heat_ks_client.client_v2)
150
self.assertIsNone(heat_ks_client.client_v3)
144
self.assertIsNone(heat_ks_client._client_v3)
152
146
def test_init_v2_bad_nocreds(self):
157
151
ctx.auth_token = None
158
152
ctx.username = None
159
153
ctx.password = None
160
self.assertRaises(exception.AuthorizationFailure,
161
heat_keystoneclient.KeystoneClient, ctx)
163
def test_init_v2_bad_denied(self):
165
"""Test creating the client without trusts, auth failure."""
167
self._stubs_v2(method='password', auth_ok=False)
170
ctx = utils.dummy_context()
171
ctx.auth_token = None
172
self.assertRaises(exception.AuthorizationFailure,
173
heat_keystoneclient.KeystoneClient, ctx)
155
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
156
self.assertRaises(exception.AuthorizationFailure,
157
heat_ks_client._v2_client_init)
175
159
def test_init_v3_token(self):
177
"""Test creating the client with trusts, token auth."""
179
cfg.CONF.set_override('deferred_auth_method', 'trusts')
161
"""Test creating the client, token auth."""
182
164
self.m.ReplayAll()
184
166
ctx = utils.dummy_context()
185
167
ctx.username = None
186
168
ctx.password = None
187
170
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
188
self.assertIsNotNone(heat_ks_client.client_v2)
189
self.assertIsNotNone(heat_ks_client.client_v3)
171
heat_ks_client.client_v3
172
self.assertIsNotNone(heat_ks_client._client_v3)
173
self.assertIsNone(heat_ks_client._client_v2)
191
175
def test_init_v3_password(self):
193
"""Test creating the client with trusts, password auth."""
195
cfg.CONF.set_override('deferred_auth_method', 'trusts')
177
"""Test creating the client, password auth."""
197
179
self._stubs_v3(method='password')
198
180
self.m.ReplayAll()
201
183
ctx.auth_token = None
202
184
ctx.trust_id = None
203
185
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
204
self.assertIsNotNone(heat_ks_client.client_v2)
205
self.assertIsNotNone(heat_ks_client.client_v3)
186
client_v3 = heat_ks_client.client_v3
187
self.assertIsNotNone(client_v3)
188
self.assertIsNone(heat_ks_client._client_v2)
207
190
def test_init_v3_bad_nocreds(self):
209
"""Test creating the client with trusts, no credentials."""
211
cfg.CONF.set_override('deferred_auth_method', 'trusts')
192
"""Test creating the client, no credentials."""
213
194
ctx = utils.dummy_context()
214
195
ctx.auth_token = None
215
196
ctx.trust_id = None
216
197
ctx.username = None
217
198
ctx.password = None
218
self.assertRaises(exception.AuthorizationFailure,
219
heat_keystoneclient.KeystoneClient, ctx)
221
def test_init_v3_bad_denied(self):
223
"""Test creating the client with trusts, auth failure."""
225
cfg.CONF.set_override('deferred_auth_method', 'trusts')
227
self._stubs_v3(method='password', auth_ok=False)
230
ctx = utils.dummy_context()
231
ctx.auth_token = None
233
self.assertRaises(exception.AuthorizationFailure,
234
heat_keystoneclient.KeystoneClient, ctx)
236
def test_create_trust_context_notrust(self):
238
"""Test create_trust_context with trusts disabled."""
240
self._stubs_v2(method='password')
243
ctx = utils.dummy_context()
244
ctx.auth_token = None
246
199
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
247
self.assertIsNone(heat_ks_client.create_trust_context())
200
self.assertRaises(exception.AuthorizationFailure,
201
heat_ks_client._v3_client_init)
249
203
def test_create_trust_context_trust_id(self):
251
205
"""Test create_trust_context with existing trust_id."""
207
self._stubs_v2(method='trust')
253
210
cfg.CONF.set_override('deferred_auth_method', 'trusts')
258
212
ctx = utils.dummy_context()
213
ctx.trust_id = 'atrust123'
259
215
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
260
self.assertIsNone(heat_ks_client.create_trust_context())
216
trust_context = heat_ks_client.create_trust_context()
217
self.assertEqual(trust_context.to_dict(), ctx.to_dict())
262
219
def test_create_trust_context_trust_create(self):
264
"""Test create_trust_context when creating a new trust."""
221
"""Test create_trust_context when creating a trust."""
266
223
cfg.CONF.set_override('deferred_auth_method', 'trusts')
268
225
class MockTrust(object):
228
self.m.StubOutClassWithMocks(heat_keystoneclient.kc, "Client")
272
229
mock_admin_client = heat_keystoneclient.kc.Client(
273
230
auth_url=mox.IgnoreArg(),
275
232
password='verybadpass',
276
233
tenant_name='service')
277
mock_admin_client.authenticate().AndReturn(True)
278
234
mock_admin_client.auth_ref = self.m.CreateMockAnything()
279
mock_admin_client.auth_ref.__getitem__('user').AndReturn(
281
self.mock_ks_v3_client.auth_ref.__getitem__('user').AndReturn(
283
self.mock_ks_v3_client.auth_ref.__getitem__('project').AndReturn(
235
mock_admin_client.auth_ref.user_id = '1234'
237
self.mock_ks_v3_client.auth_ref = self.m.CreateMockAnything()
238
self.mock_ks_v3_client.auth_ref.user_id = '5678'
239
self.mock_ks_v3_client.auth_ref.project_id = '42'
285
240
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
286
241
self.mock_ks_v3_client.trusts.create(
287
242
trustor_user='5678',
295
250
ctx = utils.dummy_context()
296
251
ctx.trust_id = None
297
252
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
298
self.assertIsNone(heat_ks_client.create_trust_context())
299
self.assertEqual(ctx.trust_id, 'atrust123')
300
self.assertEqual(ctx.trustor_user_id, '5678')
302
def test_create_trust_context_denied(self):
304
"""Test create_trust_context when creating admin auth fails."""
306
cfg.CONF.set_override('deferred_auth_method', 'trusts')
309
mock_admin_client = heat_keystoneclient.kc.Client(
310
auth_url=mox.IgnoreArg(),
312
password='verybadpass',
313
tenant_name='service')
314
mock_admin_client.authenticate().AndReturn(False)
317
ctx = utils.dummy_context()
319
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
320
self.assertRaises(exception.AuthorizationFailure,
321
heat_ks_client.create_trust_context)
253
trust_context = heat_ks_client.create_trust_context()
254
self.assertEqual(trust_context.trust_id, 'atrust123')
255
self.assertEqual(trust_context.trustor_user_id, '5678')
323
257
def test_trust_init(self):
327
261
cfg.CONF.set_override('deferred_auth_method', 'trusts')
329
self._stubs_v3(method='trust')
332
ctx = utils.dummy_context()
335
ctx.auth_token = None
336
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
338
def test_delete_trust_context(self):
340
"""Test delete_trust_context when deleting trust."""
263
self._stubs_v2(method='trust')
266
ctx = utils.dummy_context()
269
ctx.auth_token = None
270
ctx.trust_id = 'atrust123'
271
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
272
client_v2 = heat_ks_client.client_v2
273
self.assertIsNotNone(client_v2)
275
def test_trust_init_fail(self):
277
"""Test consuming a trust when initializing, error scoping."""
279
cfg.CONF.set_override('deferred_auth_method', 'trusts')
281
self._stubs_v2(method='trust', trust_scoped=False)
284
ctx = utils.dummy_context()
287
ctx.auth_token = None
288
ctx.trust_id = 'atrust123'
289
self.assertRaises(exception.AuthorizationFailure,
290
heat_keystoneclient.KeystoneClient, ctx)
292
def test_trust_init_pw(self):
294
"""Test trust_id is takes precedence username/password specified."""
296
self._stubs_v2(method='trust')
299
ctx = utils.dummy_context()
300
ctx.auth_token = None
301
ctx.trust_id = 'atrust123'
302
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
303
self.assertIsNotNone(heat_ks_client._client_v2)
304
self.assertIsNone(heat_ks_client._client_v3)
306
def test_trust_init_token(self):
308
"""Test trust_id takes precedence when token specified."""
310
self._stubs_v2(method='trust')
313
ctx = utils.dummy_context()
316
ctx.trust_id = 'atrust123'
317
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
318
self.assertIsNotNone(heat_ks_client._client_v2)
319
self.assertIsNone(heat_ks_client._client_v3)
321
def test_delete_trust(self):
323
"""Test delete_trust when deleting trust."""
342
325
cfg.CONF.set_override('deferred_auth_method', 'trusts')
348
331
self.m.ReplayAll()
349
332
ctx = utils.dummy_context()
350
333
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
351
self.assertIsNone(heat_ks_client.delete_trust_context())
353
def test_delete_trust_context_notrust(self):
355
"""Test delete_trust_context no trust_id specified."""
357
cfg.CONF.set_override('deferred_auth_method', 'trusts')
361
ctx = utils.dummy_context()
363
heat_ks_client = heat_keystoneclient.KeystoneClient(ctx)
364
self.assertIsNone(heat_ks_client.delete_trust_context())
334
self.assertIsNone(heat_ks_client.delete_trust(trust_id='atrust123'))