Move X-Auth-Url logic to auth_url middleware

Refactoring the auth_password middleware to move X-Auth-Url logic
into the auth_url middleware, so that all X-Auth-Url logic is
handled in one place.

This also adds the auth_url middleware in front of the auth_password
middleware, so that there should be no behavior change

Co-Authored-By: Richard Lee <rblee88@gmail.com>
Related-Bug: #1259364
Change-Id: I3819cbf1a4c4955752dc7c804b0add1bab2b962c

1 files changed, 44 insertions, 2 deletions

diff --git a/heat/tests/test_auth_url.py b/heat/tests/test_auth_url.py
index d7c219943..dc0483a45 100644
--- a/heat/tests/test_auth_url.py
+++ b/heat/tests/test_auth_url.py
@@ -36,6 +36,7 @@ class AuthUrlFilterTest(HeatTestCase):
         super(AuthUrlFilterTest, self).setUp()
         self.app = FakeApp()
         self.config = {'auth_uri': 'foobar'}
+        self.middleware = auth_url.AuthUrlFilter(self.app, self.config)
 
     @mock.patch.object(auth_url.cfg, 'CONF')
     def test_adds_default_auth_url_from_keystone_authtoken(self, mock_cfg):
@@ -49,15 +50,56 @@ class AuthUrlFilterTest(HeatTestCase):
         self.assertEqual('foobar', req.headers['X-Auth-Url'])
 
     def test_overwrites_auth_url_from_headers_with_local_config(self):
-        self.middleware = auth_url.AuthUrlFilter(self.app, self.config)
         req = webob.Request.blank('/tenant_id/')
         req.headers['X-Auth-Url'] = 'should_be_overwritten'
         self.middleware(req)
         self.assertEqual('foobar', req.headers['X-Auth-Url'])
 
     def test_reads_auth_url_from_local_config(self):
-        self.middleware = auth_url.AuthUrlFilter(self.app, self.config)
         req = webob.Request.blank('/tenant_id/')
         self.middleware(req)
         self.assertIn('X-Auth-Url', req.headers)
         self.assertEqual('foobar', req.headers['X-Auth-Url'])
+
+    @mock.patch.object(auth_url.AuthUrlFilter, '_validate_auth_url')
+    @mock.patch.object(auth_url.cfg, 'CONF')
+    def test_multicloud_reads_auth_url_from_headers(self, mock_cfg, mock_val):
+        mock_cfg.auth_password.multi_cloud = True
+        mock_val.return_value = True
+        req = webob.Request.blank('/tenant_id/')
+        req.headers['X-Auth-Url'] = 'overwrites config'
+        self.middleware(req)
+        self.assertIn('X-Auth-Url', req.headers)
+        self.assertEqual('overwrites config', req.headers['X-Auth-Url'])
+
+    @mock.patch.object(auth_url.AuthUrlFilter, '_validate_auth_url')
+    @mock.patch.object(auth_url.cfg, 'CONF')
+    def test_multicloud_validates_auth_url(self, mock_cfg, mock_validate):
+        mock_cfg.auth_password.multi_cloud = True
+        req = webob.Request.blank('/tenant_id/')
+
+        self.middleware(req)
+        self.assertTrue(mock_validate.called)
+
+    def test_validate_auth_url_with_missing_url(self):
+        self.assertRaises(auth_url.HTTPBadRequest,
+                          self.middleware._validate_auth_url,
+                          auth_url='')
+
+        self.assertRaises(auth_url.HTTPBadRequest,
+                          self.middleware._validate_auth_url,
+                          auth_url=None)
+
+    @mock.patch.object(auth_url.cfg, 'CONF')
+    def test_validate_auth_url_with_url_not_allowed(self, mock_cfg):
+        mock_cfg.auth_password.allowed_auth_uris = ['foobar']
+
+        self.assertRaises(auth_url.HTTPUnauthorized,
+                          self.middleware._validate_auth_url,
+                          auth_url='not foobar')
+
+    @mock.patch.object(auth_url.cfg, 'CONF')
+    def test_validate_auth_url_with_valid_url(self, mock_cfg):
+        mock_cfg.auth_password.allowed_auth_uris = ['foobar']
+
+        self.assertTrue(self.middleware._validate_auth_url('foobar'))