1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
# not use this file except in compliance with the License. You may obtain
5
# a copy of the License at
7
# http://www.apache.org/licenses/LICENSE-2.0
9
# Unless required by applicable law or agreed to in writing, software
10
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
# License for the specific language governing permissions and limitations
16
from six.moves import urllib
18
from keystoneclient.auth.identity import v2
19
from keystoneclient import exceptions
20
from keystoneclient import session
21
from keystoneclient.tests import utils
24
class V2IdentityPlugin(utils.TestCase):
26
TEST_ROOT_URL = 'http://127.0.0.1:5000/'
27
TEST_URL = '%s%s' % (TEST_ROOT_URL, 'v2.0')
28
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
29
TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0')
31
TEST_PASS = 'password'
33
TEST_SERVICE_CATALOG = [{
35
"adminURL": "http://cdn.admin-nets.local:8774/v1.0",
36
"region": "RegionOne",
37
"internalURL": "http://127.0.0.1:8774/v1.0",
38
"publicURL": "http://cdn.admin-nets.local:8774/v1.0/"
40
"type": "nova_compat",
44
"adminURL": "http://nova/novapi/admin",
45
"region": "RegionOne",
46
"internalURL": "http://nova/novapi/internal",
47
"publicURL": "http://nova/novapi/public"
53
"adminURL": "http://glance/glanceapi/admin",
54
"region": "RegionOne",
55
"internalURL": "http://glance/glanceapi/internal",
56
"publicURL": "http://glance/glanceapi/public"
62
"adminURL": TEST_ADMIN_URL,
63
"region": "RegionOne",
64
"internalURL": "http://127.0.0.1:5000/v2.0",
65
"publicURL": "http://127.0.0.1:5000/v2.0"
71
"adminURL": "http://swift/swiftapi/admin",
72
"region": "RegionOne",
73
"internalURL": "http://swift/swiftapi/internal",
74
"publicURL": "http://swift/swiftapi/public"
76
"type": "object-store",
81
super(V2IdentityPlugin, self).setUp()
82
self.TEST_RESPONSE_DICT = {
85
"expires": "2020-01-01T00:00:10.000123Z",
86
"id": self.TEST_TOKEN,
88
"id": self.TEST_TENANT_ID
94
"serviceCatalog": self.TEST_SERVICE_CATALOG,
98
def stub_auth(self, **kwargs):
99
self.stub_url(httpretty.POST, ['tokens'], **kwargs)
102
def test_authenticate_with_username_password(self):
103
self.stub_auth(json=self.TEST_RESPONSE_DICT)
104
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
105
password=self.TEST_PASS)
106
s = session.Session(a)
109
req = {'auth': {'passwordCredentials': {'username': self.TEST_USER,
110
'password': self.TEST_PASS}}}
111
self.assertRequestBodyIs(json=req)
112
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
115
def test_authenticate_with_username_password_scoped(self):
116
self.stub_auth(json=self.TEST_RESPONSE_DICT)
117
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
118
password=self.TEST_PASS, tenant_id=self.TEST_TENANT_ID)
119
s = session.Session(a)
122
req = {'auth': {'passwordCredentials': {'username': self.TEST_USER,
123
'password': self.TEST_PASS},
124
'tenantId': self.TEST_TENANT_ID}}
125
self.assertRequestBodyIs(json=req)
126
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
129
def test_authenticate_with_token(self):
130
self.stub_auth(json=self.TEST_RESPONSE_DICT)
131
a = v2.Token(self.TEST_URL, 'foo')
132
s = session.Session(a)
135
req = {'auth': {'token': {'id': 'foo'}}}
136
self.assertRequestBodyIs(json=req)
137
self.assertRequestHeaderEqual('x-Auth-Token', 'foo')
138
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
140
def test_missing_auth_params(self):
141
self.assertRaises(exceptions.NoMatchingPlugin, v2.Auth._factory,
145
def test_with_trust_id(self):
146
self.stub_auth(json=self.TEST_RESPONSE_DICT)
147
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
148
password=self.TEST_PASS, trust_id='trust')
149
s = session.Session(a)
152
req = {'auth': {'passwordCredentials': {'username': self.TEST_USER,
153
'password': self.TEST_PASS},
154
'trust_id': 'trust'}}
156
self.assertRequestBodyIs(json=req)
157
self.assertEqual(s.auth.auth_ref.auth_token, self.TEST_TOKEN)
160
def _do_service_url_test(self, base_url, endpoint_filter):
161
self.stub_auth(json=self.TEST_RESPONSE_DICT)
162
self.stub_url(httpretty.GET, ['path'],
164
body='SUCCESS', status=200)
166
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
167
password=self.TEST_PASS)
168
s = session.Session(auth=a)
170
resp = s.get('/path', endpoint_filter=endpoint_filter)
172
self.assertEqual(resp.status_code, 200)
173
path = "%s/%s" % (urllib.parse.urlparse(base_url).path, 'path')
174
self.assertEqual(httpretty.last_request().path, path)
176
def test_service_url(self):
177
endpoint_filter = {'service_type': 'compute', 'interface': 'admin'}
178
self._do_service_url_test('http://nova/novapi/admin', endpoint_filter)
180
def test_service_url_defaults_to_public(self):
181
endpoint_filter = {'service_type': 'compute'}
182
self._do_service_url_test('http://nova/novapi/public', endpoint_filter)
185
def test_endpoint_filter_without_service_type_fails(self):
186
self.stub_auth(json=self.TEST_RESPONSE_DICT)
188
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
189
password=self.TEST_PASS)
190
s = session.Session(auth=a)
192
self.assertRaises(exceptions.EndpointNotFound, s.get, '/path',
193
endpoint_filter={'interface': 'admin'})
196
def test_full_url_overrides_endpoint_filter(self):
197
self.stub_auth(json=self.TEST_RESPONSE_DICT)
198
self.stub_url(httpretty.GET, [],
199
base_url='http://testurl/',
200
body='SUCCESS', status=200)
202
a = v2.Password(self.TEST_URL, username=self.TEST_USER,
203
password=self.TEST_PASS)
204
s = session.Session(auth=a)
206
resp = s.get('http://testurl/',
207
endpoint_filter={'service_type': 'compute'})
208
self.assertEqual(resp.status_code, 200)
209
self.assertEqual(resp.text, 'SUCCESS')