diff options
-rw-r--r-- | tests/client_fixtures.py | 297 | ||||
-rw-r--r-- | tests/test_auth_token_middleware.py | 372 |
2 files changed, 342 insertions, 327 deletions
diff --git a/tests/client_fixtures.py b/tests/client_fixtures.py new file mode 100644 index 0000000..0abb06e --- /dev/null +++ b/tests/client_fixtures.py @@ -0,0 +1,297 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2013 OpenStack LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os + +from keystoneclient.common import cms +from keystoneclient.openstack.common import jsonutils +from keystoneclient.openstack.common import timeutils +from keystoneclient import utils + + +ROOTDIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) +CERTDIR = os.path.join(ROOTDIR, "examples/pki/certs") +CMSDIR = os.path.join(ROOTDIR, "examples/pki/cms") + + +# @TODO(mordred) This should become a testresources resource attached to the +# class +# The data for these tests are signed using openssl and are stored in files +# in the signing subdirectory. In order to keep the values consistent between +# the tests and the signed documents, we read them in for use in the tests. +with open(os.path.join(CMSDIR, 'auth_token_scoped.pem')) as f: + SIGNED_TOKEN_SCOPED = cms.cms_to_token(f.read()) +with open(os.path.join(CMSDIR, 'auth_token_unscoped.pem')) as f: + SIGNED_TOKEN_UNSCOPED = cms.cms_to_token(f.read()) +with open(os.path.join(CMSDIR, 'auth_v3_token_scoped.pem')) as f: + SIGNED_v3_TOKEN_SCOPED = cms.cms_to_token(f.read()) +with open(os.path.join(CMSDIR, 'auth_token_revoked.pem')) as f: + REVOKED_TOKEN = cms.cms_to_token(f.read()) +with open(os.path.join(CMSDIR, 'auth_token_scoped_expired.pem')) as f: + SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read()) +with open(os.path.join(CMSDIR, 'auth_v3_token_revoked.pem')) as f: + REVOKED_v3_TOKEN = cms.cms_to_token(f.read()) +with open(os.path.join(CMSDIR, 'revocation_list.json')) as f: + REVOCATION_LIST = jsonutils.loads(f.read()) +with open(os.path.join(CMSDIR, 'revocation_list.pem')) as f: + SIGNED_REVOCATION_LIST = jsonutils.dumps({'signed': f.read()}) +with open(os.path.join(CERTDIR, 'signing_cert.pem')) as f: + SIGNING_CERT = f.read() +with open(os.path.join(CERTDIR, 'cacert.pem')) as f: + SIGNING_CA = f.read() + +UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d" +UUID_TOKEN_NO_SERVICE_CATALOG = '8286720fbe4941e69fa8241723bb02df' +UUID_TOKEN_UNSCOPED = '731f903721c14827be7b2dc912af7776' +VALID_DIABLO_TOKEN = 'b0cf19b55dbb4f20a6ee18e6c6cf1726' +v3_UUID_TOKEN_DEFAULT = '5603457654b346fdbb93437bfe76f2f1' +v3_UUID_TOKEN_UNSCOPED = 'd34835fdaec447e695a0a024d84f8d79' +v3_UUID_TOKEN_DOMAIN_SCOPED = 'e8a7b63aaa4449f38f0c5c05c3581792' + +REVOKED_TOKEN_HASH = utils.hash_signed_token(REVOKED_TOKEN) +REVOKED_TOKEN_LIST = {'revoked': [{'id': REVOKED_TOKEN_HASH, + 'expires': timeutils.utcnow()}]} +REVOKED_TOKEN_LIST_JSON = jsonutils.dumps(REVOKED_TOKEN_LIST) + +REVOKED_v3_TOKEN_HASH = utils.hash_signed_token(REVOKED_v3_TOKEN) +REVOKED_v3_TOKEN_LIST = {'revoked': [{'id': REVOKED_v3_TOKEN_HASH, + 'expires': timeutils.utcnow()}]} +REVOKED_v3_TOKEN_LIST_JSON = jsonutils.dumps(REVOKED_v3_TOKEN_LIST) + +SIGNED_TOKEN_SCOPED_KEY = cms.cms_hash_token(SIGNED_TOKEN_SCOPED) +SIGNED_TOKEN_UNSCOPED_KEY = cms.cms_hash_token(SIGNED_TOKEN_UNSCOPED) +SIGNED_v3_TOKEN_SCOPED_KEY = cms.cms_hash_token(SIGNED_v3_TOKEN_SCOPED) + +INVALID_SIGNED_TOKEN = \ + "MIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ + "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" \ + "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" \ + "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" \ + "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" \ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \ + "0000000000000000000000000000000000000000000000000000000000000000" \ + "1111111111111111111111111111111111111111111111111111111111111111" \ + "2222222222222222222222222222222222222222222222222222222222222222" \ + "3333333333333333333333333333333333333333333333333333333333333333" \ + "4444444444444444444444444444444444444444444444444444444444444444" \ + "5555555555555555555555555555555555555555555555555555555555555555" \ + "6666666666666666666666666666666666666666666666666666666666666666" \ + "7777777777777777777777777777777777777777777777777777777777777777" \ + "8888888888888888888888888888888888888888888888888888888888888888" \ + "9999999999999999999999999999999999999999999999999999999999999999" \ + "0000000000000000000000000000000000000000000000000000000000000000" \ + + +# JSON responses keyed by token ID +TOKEN_RESPONSES = { + UUID_TOKEN_DEFAULT: { + 'access': { + 'token': { + 'id': UUID_TOKEN_DEFAULT, + 'expires': '2020-01-01T00:00:10.000123Z', + 'tenant': { + 'id': 'tenant_id1', + 'name': 'tenant_name1', + }, + }, + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'roles': [ + {'name': 'role1'}, + {'name': 'role2'}, + ], + }, + 'serviceCatalog': {} + }, + }, + VALID_DIABLO_TOKEN: { + 'access': { + 'token': { + 'id': VALID_DIABLO_TOKEN, + 'expires': '2020-01-01T00:00:10.000123Z', + 'tenantId': 'tenant_id1', + }, + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'roles': [ + {'name': 'role1'}, + {'name': 'role2'}, + ], + }, + }, + }, + UUID_TOKEN_UNSCOPED: { + 'access': { + 'token': { + 'id': UUID_TOKEN_UNSCOPED, + 'expires': '2020-01-01T00:00:10.000123Z', + }, + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'roles': [ + {'name': 'role1'}, + {'name': 'role2'}, + ], + }, + }, + }, + UUID_TOKEN_NO_SERVICE_CATALOG: { + 'access': { + 'token': { + 'id': 'valid-token', + 'expires': '2020-01-01T00:00:10.000123Z', + 'tenant': { + 'id': 'tenant_id1', + 'name': 'tenant_name1', + }, + }, + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'roles': [ + {'name': 'role1'}, + {'name': 'role2'}, + ], + } + }, + }, + v3_UUID_TOKEN_DEFAULT: { + 'token': { + 'expires_at': '2020-01-01T00:00:10.000123Z', + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'domain': { + 'id': 'domain_id1', + 'name': 'domain_name1' + } + }, + 'project': { + 'id': 'tenant_id1', + 'name': 'tenant_name1', + 'domain': { + 'id': 'domain_id1', + 'name': 'domain_name1' + } + }, + 'roles': [ + {'name': 'role1', 'id': 'Role1'}, + {'name': 'role2', 'id': 'Role2'}, + ], + 'catalog': {} + } + }, + v3_UUID_TOKEN_UNSCOPED: { + 'token': { + 'expires_at': '2020-01-01T00:00:10.000123Z', + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'domain': { + 'id': 'domain_id1', + 'name': 'domain_name1' + } + } + } + }, + v3_UUID_TOKEN_DOMAIN_SCOPED: { + 'token': { + 'expires_at': '2020-01-01T00:00:10.000123Z', + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'domain': { + 'id': 'domain_id1', + 'name': 'domain_name1' + } + }, + 'domain': { + 'id': 'domain_id1', + 'name': 'domain_name1', + }, + 'roles': [ + {'name': 'role1', 'id': 'Role1'}, + {'name': 'role2', 'id': 'Role2'}, + ], + 'catalog': {} + } + }, + SIGNED_TOKEN_SCOPED_KEY: { + 'access': { + 'token': { + 'id': SIGNED_TOKEN_SCOPED_KEY, + }, + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'tenantId': 'tenant_id1', + 'tenantName': 'tenant_name1', + 'roles': [ + {'name': 'role1'}, + {'name': 'role2'}, + ], + }, + }, + }, + SIGNED_TOKEN_UNSCOPED_KEY: { + 'access': { + 'token': { + 'id': SIGNED_TOKEN_UNSCOPED_KEY, + }, + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'roles': [ + {'name': 'role1'}, + {'name': 'role2'}, + ], + }, + }, + }, + SIGNED_v3_TOKEN_SCOPED_KEY: { + 'token': { + 'expires': '2020-01-01T00:00:10.000123Z', + 'user': { + 'id': 'user_id1', + 'name': 'user_name1', + 'domain': { + 'id': 'domain_id1', + 'name': 'domain_name1' + } + }, + 'project': { + 'id': 'tenant_id1', + 'name': 'tenant_name1', + 'domain': { + 'id': 'domain_id1', + 'name': 'domain_name1' + } + }, + 'roles': [ + {'name': 'role1'}, + {'name': 'role2'} + ], + 'catalog': {} + } + }, +} + + +JSON_TOKEN_RESPONSES = dict([(k, jsonutils.dumps(v)) for k, v in + TOKEN_RESPONSES.iteritems()]) diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py index 172acf7..55052ae 100644 --- a/tests/test_auth_token_middleware.py +++ b/tests/test_auth_token_middleware.py @@ -19,7 +19,6 @@ import iso8601 import os import shutil import stat -import string import sys import tempfile import testtools @@ -33,200 +32,11 @@ from keystoneclient.middleware import auth_token from keystoneclient.openstack.common import jsonutils from keystoneclient.openstack.common import memorycache from keystoneclient.openstack.common import timeutils -from keystoneclient import utils +import client_fixtures -ROOTDIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) - -CERTDIR = os.path.join(ROOTDIR, "examples/pki/certs") -KEYDIR = os.path.join(ROOTDIR, "examples/pki/private") -CMSDIR = os.path.join(ROOTDIR, "examples/pki/cms") -SIGNING_CERT = os.path.join(CERTDIR, 'signing_cert.pem') -SIGNING_KEY = os.path.join(KEYDIR, 'signing_key.pem') -CA = os.path.join(CERTDIR, 'ca.pem') - -REVOCATION_LIST = None -REVOKED_TOKEN = None -REVOKED_TOKEN_HASH = None -REVOKED_v3_TOKEN = None -REVOKED_v3_TOKEN_HASH = None SIGNED_REVOCATION_LIST = None -SIGNED_TOKEN_SCOPED = None -SIGNED_TOKEN_UNSCOPED = None -SIGNED_v3_TOKEN_SCOPED = None -SIGNED_v3_TOKEN_UNSCOPED = None -SIGNED_TOKEN_SCOPED_KEY = None -SIGNED_TOKEN_UNSCOPED_KEY = None -SIGNED_v3_TOKEN_SCOPED_KEY = None - -VALID_SIGNED_REVOCATION_LIST = None - -UUID_TOKEN_DEFAULT = "ec6c0710ec2f471498484c1b53ab4f9d" -UUID_TOKEN_NO_SERVICE_CATALOG = '8286720fbe4941e69fa8241723bb02df' -UUID_TOKEN_UNSCOPED = '731f903721c14827be7b2dc912af7776' -VALID_DIABLO_TOKEN = 'b0cf19b55dbb4f20a6ee18e6c6cf1726' -v3_UUID_TOKEN_DEFAULT = '5603457654b346fdbb93437bfe76f2f1' -v3_UUID_TOKEN_UNSCOPED = 'd34835fdaec447e695a0a024d84f8d79' -v3_UUID_TOKEN_DOMAIN_SCOPED = 'e8a7b63aaa4449f38f0c5c05c3581792' - -INVALID_SIGNED_TOKEN = string.replace( - """AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB -CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC -DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD -EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE -FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -0000000000000000000000000000000000000000000000000000000000000000 -1111111111111111111111111111111111111111111111111111111111111111 -2222222222222222222222222222222222222222222222222222222222222222 -3333333333333333333333333333333333333333333333333333333333333333 -4444444444444444444444444444444444444444444444444444444444444444 -5555555555555555555555555555555555555555555555555555555555555555 -6666666666666666666666666666666666666666666666666666666666666666 -7777777777777777777777777777777777777777777777777777777777777777 -8888888888888888888888888888888888888888888888888888888888888888 -9999999999999999999999999999999999999999999999999999999999999999 -0000000000000000000000000000000000000000000000000000000000000000 -xg==""", "\n", "") - -# JSON responses keyed by token ID -TOKEN_RESPONSES = { - UUID_TOKEN_DEFAULT: { - 'access': { - 'token': { - 'id': UUID_TOKEN_DEFAULT, - 'expires': '2020-01-01T00:00:10.000123Z', - 'tenant': { - 'id': 'tenant_id1', - 'name': 'tenant_name1', - }, - }, - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'roles': [ - {'name': 'role1'}, - {'name': 'role2'}, - ], - }, - 'serviceCatalog': {} - }, - }, - VALID_DIABLO_TOKEN: { - 'access': { - 'token': { - 'id': VALID_DIABLO_TOKEN, - 'expires': '2020-01-01T00:00:10.000123Z', - 'tenantId': 'tenant_id1', - }, - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'roles': [ - {'name': 'role1'}, - {'name': 'role2'}, - ], - }, - }, - }, - UUID_TOKEN_UNSCOPED: { - 'access': { - 'token': { - 'id': UUID_TOKEN_UNSCOPED, - 'expires': '2020-01-01T00:00:10.000123Z', - }, - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'roles': [ - {'name': 'role1'}, - {'name': 'role2'}, - ], - }, - }, - }, - UUID_TOKEN_NO_SERVICE_CATALOG: { - 'access': { - 'token': { - 'id': 'valid-token', - 'expires': '2020-01-01T00:00:10.000123Z', - 'tenant': { - 'id': 'tenant_id1', - 'name': 'tenant_name1', - }, - }, - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'roles': [ - {'name': 'role1'}, - {'name': 'role2'}, - ], - } - }, - }, - v3_UUID_TOKEN_DEFAULT: { - 'token': { - 'expires_at': '2020-01-01T00:00:10.000123Z', - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'domain': { - 'id': 'domain_id1', - 'name': 'domain_name1' - } - }, - 'project': { - 'id': 'tenant_id1', - 'name': 'tenant_name1', - 'domain': { - 'id': 'domain_id1', - 'name': 'domain_name1' - } - }, - 'roles': [ - {'name': 'role1', 'id': 'Role1'}, - {'name': 'role2', 'id': 'Role2'}, - ], - 'catalog': {} - } - }, - v3_UUID_TOKEN_UNSCOPED: { - 'token': { - 'expires_at': '2020-01-01T00:00:10.000123Z', - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'domain': { - 'id': 'domain_id1', - 'name': 'domain_name1' - } - } - } - }, - v3_UUID_TOKEN_DOMAIN_SCOPED: { - 'token': { - 'expires_at': '2020-01-01T00:00:10.000123Z', - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'domain': { - 'id': 'domain_id1', - 'name': 'domain_name1' - } - }, - 'domain': { - 'id': 'domain_id1', - 'name': 'domain_name1', - }, - 'roles': [ - {'name': 'role1', 'id': 'Role1'}, - {'name': 'role2', 'id': 'Role2'}, - ], - 'catalog': {} - } - } -} +VALID_SIGNED_REVOCATION_LIST = client_fixtures.SIGNED_REVOCATION_LIST EXPECTED_V2_DEFAULT_ENV_RESPONSE = { 'HTTP_X_IDENTITY_STATUS': 'Confirmed', @@ -242,101 +52,6 @@ EXPECTED_V2_DEFAULT_ENV_RESPONSE = { FAKE_RESPONSE_STACK = [] - -# @TODO(mordred) This should become a testresources resource attached to the -# class -# The data for these tests are signed using openssl and are stored in files -# in the signing subdirectory. In order to keep the values consistent between -# the tests and the signed documents, we read them in for use in the tests. -signing_path = CMSDIR -with open(os.path.join(signing_path, 'auth_token_scoped.pem')) as f: - SIGNED_TOKEN_SCOPED = cms.cms_to_token(f.read()) -with open(os.path.join(signing_path, 'auth_token_unscoped.pem')) as f: - SIGNED_TOKEN_UNSCOPED = cms.cms_to_token(f.read()) -with open(os.path.join(signing_path, 'auth_v3_token_scoped.pem')) as f: - SIGNED_v3_TOKEN_SCOPED = cms.cms_to_token(f.read()) -with open(os.path.join(signing_path, 'auth_token_revoked.pem')) as f: - REVOKED_TOKEN = cms.cms_to_token(f.read()) -with open(os.path.join(signing_path, - 'auth_token_scoped_expired.pem')) as f: - SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read()) -REVOKED_TOKEN_HASH = utils.hash_signed_token(REVOKED_TOKEN) -with open(os.path.join(signing_path, 'auth_v3_token_revoked.pem')) as f: - REVOKED_v3_TOKEN = cms.cms_to_token(f.read()) -REVOKED_v3_TOKEN_HASH = utils.hash_signed_token(REVOKED_v3_TOKEN) -with open(os.path.join(signing_path, 'revocation_list.json')) as f: - REVOCATION_LIST = jsonutils.loads(f.read()) -with open(os.path.join(signing_path, 'revocation_list.pem')) as f: - VALID_SIGNED_REVOCATION_LIST = jsonutils.dumps( - {'signed': f.read()}) -SIGNED_TOKEN_SCOPED_KEY =\ - cms.cms_hash_token(SIGNED_TOKEN_SCOPED) -SIGNED_TOKEN_UNSCOPED_KEY =\ - cms.cms_hash_token(SIGNED_TOKEN_UNSCOPED) -SIGNED_v3_TOKEN_SCOPED_KEY = ( - cms.cms_hash_token(SIGNED_v3_TOKEN_SCOPED)) - -TOKEN_RESPONSES[SIGNED_TOKEN_SCOPED_KEY] = { - 'access': { - 'token': { - 'id': SIGNED_TOKEN_SCOPED_KEY, - }, - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'tenantId': 'tenant_id1', - 'tenantName': 'tenant_name1', - 'roles': [ - {'name': 'role1'}, - {'name': 'role2'}, - ], - }, - }, -} - -TOKEN_RESPONSES[SIGNED_TOKEN_UNSCOPED_KEY] = { - 'access': { - 'token': { - 'id': SIGNED_TOKEN_UNSCOPED_KEY, - }, - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'roles': [ - {'name': 'role1'}, - {'name': 'role2'}, - ], - }, - }, -} - -TOKEN_RESPONSES[SIGNED_v3_TOKEN_SCOPED_KEY] = { - 'token': { - 'expires': '2020-01-01T00:00:10.000123Z', - 'user': { - 'id': 'user_id1', - 'name': 'user_name1', - 'domain': { - 'id': 'domain_id1', - 'name': 'domain_name1' - } - }, - 'project': { - 'id': 'tenant_id1', - 'name': 'tenant_name1', - 'domain': { - 'id': 'domain_id1', - 'name': 'domain_name1' - } - }, - 'roles': [ - {'name': 'role1'}, - {'name': 'role2'} - ], - 'catalog': {} - } -} - VERSION_LIST_v3 = { "versions": { "values": [ @@ -444,9 +159,9 @@ class BaseFakeHTTPConnection(object): return 404 indicating an unknown (therefore unauthorized) token. """ - if token_id in TOKEN_RESPONSES.keys(): + if token_id in client_fixtures.JSON_TOKEN_RESPONSES.keys(): status = 200 - body = jsonutils.dumps(TOKEN_RESPONSES[token_id]) + body = client_fixtures.JSON_TOKEN_RESPONSES[token_id] elif token_id == "revoked": status = 200 body = SIGNED_REVOCATION_LIST @@ -655,19 +370,20 @@ class BaseAuthTokenMiddlewareTest(testtools.TestCase): self.token_dict = token_dict else: self.token_dict = { - 'uuid_token_default': UUID_TOKEN_DEFAULT, - 'uuid_token_unscoped': UUID_TOKEN_UNSCOPED, - 'signed_token_scoped': SIGNED_TOKEN_SCOPED, - 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED, - 'revoked_token': REVOKED_TOKEN, - 'revoked_token_hash': REVOKED_TOKEN_HASH + 'uuid_token_default': client_fixtures.UUID_TOKEN_DEFAULT, + 'uuid_token_unscoped': client_fixtures.UUID_TOKEN_UNSCOPED, + 'signed_token_scoped': client_fixtures.SIGNED_TOKEN_SCOPED, + 'signed_token_scoped_expired': + client_fixtures.SIGNED_TOKEN_SCOPED_EXPIRED, + 'revoked_token': client_fixtures.REVOKED_TOKEN, + 'revoked_token_hash': client_fixtures.REVOKED_TOKEN_HASH } self.conf = { 'auth_host': 'keystone.example.com', 'auth_port': 1234, 'auth_admin_prefix': '/testadmin', - 'signing_dir': CERTDIR, + 'signing_dir': client_fixtures.CERTDIR, 'auth_version': auth_version } @@ -811,7 +527,7 @@ class StackResponseAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): FAKE_RESPONSE_STACK.append(resp4) fetched_list = jsonutils.loads(self.middleware.fetch_revocation_list()) - self.assertEqual(fetched_list, REVOCATION_LIST) + self.assertEqual(fetched_list, client_fixtures.REVOCATION_LIST) class DiabloAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): @@ -829,7 +545,7 @@ class DiabloAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): def test_valid_diablo_response(self): req = webob.Request.blank('/') - req.headers['X-Auth-Token'] = VALID_DIABLO_TOKEN + req.headers['X-Auth-Token'] = client_fixtures.VALID_DIABLO_TOKEN self.middleware(req.environ, self.start_fake_response) self.assertEqual(self.response_status, 200) self.assertTrue('keystone.token_info' in req.environ) @@ -994,7 +710,7 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): self.middleware.token_revocation_list_fetched_time = None os.remove(self.middleware.revoked_file_name) self.assertEqual(self.middleware.token_revocation_list, - REVOCATION_LIST) + client_fixtures.REVOCATION_LIST) def test_get_revocation_list_returns_current_list_from_memory(self): self.assertEqual(self.middleware.token_revocation_list, @@ -1015,7 +731,7 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): # tests to override the fake http connection self.set_fake_http(FakeHTTPConnection) fetched_list = jsonutils.loads(self.middleware.fetch_revocation_list()) - self.assertEqual(fetched_list, REVOCATION_LIST) + self.assertEqual(fetched_list, client_fixtures.REVOCATION_LIST) def test_request_invalid_uuid_token(self): req = webob.Request.blank('/') @@ -1027,7 +743,7 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): def test_request_invalid_signed_token(self): req = webob.Request.blank('/') - req.headers['X-Auth-Token'] = INVALID_SIGNED_TOKEN + req.headers['X-Auth-Token'] = client_fixtures.INVALID_SIGNED_TOKEN self.middleware(req.environ, self.start_fake_response) self.assertEqual(self.response_status, 401) self.assertEqual(self.response_headers['WWW-Authenticate'], @@ -1061,17 +777,11 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): def test_request_no_token_http(self): req = webob.Request.blank('/', environ={'REQUEST_METHOD': 'HEAD'}) - conf = { - 'auth_host': 'keystone.example.com', - 'auth_port': 1234, - 'auth_protocol': 'http', - 'auth_admin_prefix': '/testadmin', - } - self.set_middleware(conf=conf) + self.set_middleware() body = self.middleware(req.environ, self.start_fake_response) self.assertEqual(self.response_status, 401) self.assertEqual(self.response_headers['WWW-Authenticate'], - "Keystone uri='http://keystone.example.com:1234'") + "Keystone uri='https://keystone.example.com:1234'") self.assertEqual(body, ['']) def test_request_blank_token(self): @@ -1113,7 +823,7 @@ class AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): token_cache_time = 10 conf = { 'token_cache_time': token_cache_time, - 'signing_dir': CERTDIR, + 'signing_dir': client_fixtures.CERTDIR, } conf.update(extra_conf) self.set_middleware(conf=conf) @@ -1402,10 +1112,12 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): self.assertTrue('keystone.token_info' in req.environ) def test_default_tenant_uuid_token(self): - self.assert_unscoped_default_tenant_auto_scopes(UUID_TOKEN_DEFAULT) + self.assert_unscoped_default_tenant_auto_scopes( + client_fixtures.UUID_TOKEN_DEFAULT) def test_default_tenant_signed_token(self): - self.assert_unscoped_default_tenant_auto_scopes(SIGNED_TOKEN_SCOPED) + self.assert_unscoped_default_tenant_auto_scopes( + client_fixtures.SIGNED_TOKEN_SCOPED) def assert_unscoped_token_receives_401(self, token): """Unscoped requests with no default tenant ID should be rejected.""" @@ -1417,15 +1129,18 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): "Keystone uri='https://keystone.example.com:1234'") def test_unscoped_uuid_token_receives_401(self): - self.assert_unscoped_token_receives_401(UUID_TOKEN_UNSCOPED) + self.assert_unscoped_token_receives_401( + client_fixtures.UUID_TOKEN_UNSCOPED) def test_unscoped_pki_token_receives_401(self): - self.assert_unscoped_token_receives_401(SIGNED_TOKEN_UNSCOPED) + self.assert_unscoped_token_receives_401( + client_fixtures.SIGNED_TOKEN_UNSCOPED) def test_request_prevent_service_catalog_injection(self): req = webob.Request.blank('/') req.headers['X-Service-Catalog'] = '[]' - req.headers['X-Auth-Token'] = UUID_TOKEN_NO_SERVICE_CATALOG + req.headers['X-Auth-Token'] = \ + client_fixtures.UUID_TOKEN_NO_SERVICE_CATALOG body = self.middleware(req.environ, self.start_fake_response) self.assertEqual(self.response_status, 200) self.assertFalse(req.headers.get('X-Service-Catalog')) @@ -1445,17 +1160,18 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): 'auth_host': 'keystone.example.com', 'auth_port': 1234, 'auth_admin_prefix': '/testadmin', - 'signing_dir': CERTDIR, + 'signing_dir': client_fixtures.CERTDIR, 'auth_version': 'v2.0' } self.set_middleware(fake_http=v3FakeHTTPConnection, conf=conf) # This tests will only work is auth_token has chosen to use the # lower, v2, api version req = webob.Request.blank('/') - req.headers['X-Auth-Token'] = UUID_TOKEN_DEFAULT + req.headers['X-Auth-Token'] = client_fixtures.UUID_TOKEN_DEFAULT body = self.middleware(req.environ, self.start_fake_response) self.assertEqual(self.response_status, 200) - self.assertEqual("/testadmin/v2.0/tokens/%s" % UUID_TOKEN_DEFAULT, + self.assertEqual("/testadmin/v2.0/tokens/%s" % + client_fixtures.UUID_TOKEN_DEFAULT, v3FakeHTTPConnection.last_requested_url) def test_invalid_auth_version_request(self): @@ -1463,7 +1179,7 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest): 'auth_host': 'keystone.example.com', 'auth_port': 1234, 'auth_admin_prefix': '/testadmin', - 'signing_dir': CERTDIR, + 'signing_dir': client_fixtures.CERTDIR, 'auth_version': 'v1.0' # v1.0 is no longer supported } self.assertRaises(Exception, self.set_middleware, conf) @@ -1495,12 +1211,13 @@ class v3AuthTokenMiddlewareTest(AuthTokenMiddlewareTest): """ def setUp(self): token_dict = { - 'uuid_token_default': v3_UUID_TOKEN_DEFAULT, - 'uuid_token_unscoped': v3_UUID_TOKEN_UNSCOPED, - 'signed_token_scoped': SIGNED_v3_TOKEN_SCOPED, - 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED, - 'revoked_token': REVOKED_v3_TOKEN, - 'revoked_token_hash': REVOKED_v3_TOKEN_HASH + 'uuid_token_default': client_fixtures.v3_UUID_TOKEN_DEFAULT, + 'uuid_token_unscoped': client_fixtures.v3_UUID_TOKEN_UNSCOPED, + 'signed_token_scoped': client_fixtures.SIGNED_v3_TOKEN_SCOPED, + 'signed_token_scoped_expired': + client_fixtures.SIGNED_TOKEN_SCOPED_EXPIRED, + 'revoked_token': client_fixtures.REVOKED_v3_TOKEN, + 'revoked_token_hash': client_fixtures.REVOKED_v3_TOKEN_HASH } super(v3AuthTokenMiddlewareTest, self).setUp( auth_version='v3.0', @@ -1528,7 +1245,7 @@ class v3AuthTokenMiddlewareTest(AuthTokenMiddlewareTest): 'HTTP_X_ROLE': '', } self.set_middleware(expected_env=delta_expected_env) - self.assert_valid_request_200(v3_UUID_TOKEN_UNSCOPED, + self.assert_valid_request_200(client_fixtures.v3_UUID_TOKEN_UNSCOPED, with_catalog=False) self.assertEqual('/testadmin/v3/auth/tokens', v3FakeHTTPConnection.last_requested_url) @@ -1547,7 +1264,8 @@ class v3AuthTokenMiddlewareTest(AuthTokenMiddlewareTest): 'HTTP_X_TENANT': None } self.set_middleware(expected_env=delta_expected_env) - self.assert_valid_request_200(v3_UUID_TOKEN_DOMAIN_SCOPED) + self.assert_valid_request_200( + client_fixtures.v3_UUID_TOKEN_DOMAIN_SCOPED) self.assertEqual('/testadmin/v3/auth/tokens', v3FakeHTTPConnection.last_requested_url) |