File: test_keystone.py

package info (click to toggle)
python-ironic-lib 7.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 532 kB
  • sloc: python: 3,631; makefile: 20; sh: 2
file content (121 lines) | stat: -rw-r--r-- 5,432 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from unittest import mock

from keystoneauth1 import loading as ks_loading
from oslo_config import cfg

from ironic_lib import exception
from ironic_lib import keystone
from ironic_lib.tests import base


class KeystoneTestCase(base.IronicLibTestCase):

    def setUp(self):
        super(KeystoneTestCase, self).setUp()
        self.test_group = 'test_group'
        self.cfg_fixture.conf.register_group(cfg.OptGroup(self.test_group))
        keystone.register_auth_opts(self.cfg_fixture.conf, self.test_group,
                                    service_type='vikings')
        self.config(auth_type='password',
                    group=self.test_group)
        # NOTE(pas-ha) this is due to auth_plugin options
        # being dynamically registered on first load,
        # but we need to set the config before
        plugin = ks_loading.get_plugin_loader('password')
        opts = ks_loading.get_auth_plugin_conf_options(plugin)
        self.cfg_fixture.register_opts(opts, group=self.test_group)
        self.config(auth_url='http://127.0.0.1:9898',
                    username='fake_user',
                    password='fake_pass',
                    project_name='fake_tenant',
                    group=self.test_group)

    def test_get_session(self):
        self.config(timeout=10, group=self.test_group)
        session = keystone.get_session(self.test_group, timeout=20)
        self.assertEqual(20, session.timeout)

    def test_get_auth(self):
        auth = keystone.get_auth(self.test_group)
        self.assertEqual('http://127.0.0.1:9898', auth.auth_url)

    def test_get_auth_fail(self):
        # NOTE(pas-ha) 'password' auth_plugin is used,
        # so when we set the required auth_url to None,
        # MissingOption is raised
        self.config(auth_url=None, group=self.test_group)
        self.assertRaises(exception.ConfigInvalid,
                          keystone.get_auth,
                          self.test_group)

    def test_get_adapter_from_config(self):
        self.config(valid_interfaces=['internal', 'public'],
                    group=self.test_group)
        session = keystone.get_session(self.test_group)
        adapter = keystone.get_adapter(self.test_group, session=session,
                                       interface='admin')
        self.assertEqual('admin', adapter.interface)
        self.assertEqual(session, adapter.session)

    @mock.patch('keystoneauth1.service_token.ServiceTokenAuthWrapper',
                autospec=True)
    @mock.patch('keystoneauth1.token_endpoint.Token', autospec=True)
    def test_get_service_auth(self, token_mock, service_auth_mock):
        ctxt = mock.Mock(spec=['auth_token'], auth_token='spam')
        mock_auth = mock.Mock()
        self.assertEqual(service_auth_mock.return_value,
                         keystone.get_service_auth(ctxt, 'ham', mock_auth))
        token_mock.assert_called_once_with('ham', 'spam')
        service_auth_mock.assert_called_once_with(
            user_auth=token_mock.return_value, service_auth=mock_auth)


class AuthConfTestCase(base.IronicLibTestCase):

    def setUp(self):
        super(AuthConfTestCase, self).setUp()
        self.test_group = 'test_group'
        self.cfg_fixture.conf.register_group(cfg.OptGroup(self.test_group))
        keystone.register_auth_opts(self.cfg_fixture.conf, self.test_group)
        self.config(auth_type='password',
                    group=self.test_group)
        # NOTE(pas-ha) this is due to auth_plugin options
        # being dynamically registered on first load,
        # but we need to set the config before
        plugin = ks_loading.get_plugin_loader('password')
        opts = ks_loading.get_auth_plugin_conf_options(plugin)
        self.cfg_fixture.register_opts(opts, group=self.test_group)
        self.config(auth_url='http://127.0.0.1:9898',
                    username='fake_user',
                    password='fake_pass',
                    project_name='fake_tenant',
                    group=self.test_group)

    def test_add_auth_opts(self):
        opts = keystone.add_auth_opts([])
        # check that there is no duplicates
        names = {o.dest for o in opts}
        self.assertEqual(len(names), len(opts))
        # NOTE(pas-ha) checking for most standard auth and session ones only
        expected = {'timeout', 'insecure', 'cafile', 'certfile', 'keyfile',
                    'auth_type', 'auth_url', 'username', 'password',
                    'tenant_name', 'project_name', 'trust_id',
                    'domain_id', 'user_domain_id', 'project_domain_id'}
        self.assertTrue(expected.issubset(names))

    def test_os_service_types_alias(self):
        keystone.register_auth_opts(self.cfg_fixture.conf, 'barbican')
        self.assertEqual(self.cfg_fixture.conf.barbican.service_type,
                         'key-manager')