1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
require 'spec_helper'
require_relative './shared_context'
describe Fog::OpenStack::Network do
before :all do
openstack_vcr = OpenStackVCR.new(
:vcr_directory => 'spec/fixtures/openstack/network',
:service_class => Fog::OpenStack::Network,
:project_scoped => true
)
@service = openstack_vcr.service
@current_project = openstack_vcr.project_name
openstack_vcr = OpenStackVCR.new(
:vcr_directory => 'spec/fixtures/openstack/network',
:service_class => Fog::OpenStack::Identity::V3
)
@identity_service = openstack_vcr.service
end
it 'CRUD subnets' do
VCR.use_cassette('subnets_crud') do
begin
foonet = @service.networks.create(:name => 'foo-net12', :shared => false)
subnet = @service.subnets.create(
:name => "my-network",
:network_id => foonet.id,
:cidr => '172.16.0.0/16',
:ip_version => 4,
:gateway_ip => nil
)
subnet.name.must_equal 'my-network'
ensure
subnet.destroy if subnet
foonet.destroy if foonet
end
end
end
it 'CRUD rbacs' do
VCR.use_cassette('rbacs_crud') do
begin
own_project = @identity_service.projects.select { |p| p.name == @current_project }.first
other_project = @identity_service.projects.reject { |p| p.name == @current_project }.first
foonet = @service.networks.create(:name => 'foo-net23', :tenant_id => own_project.id)
# create share access for other project
rbac = @service.rbac_policies.create(
:object_type => 'network',
:object_id => foonet.id,
:tenant_id => own_project.id,
:target_tenant => other_project.id,
:action => 'access_as_shared'
)
rbac.target_tenant.must_equal other_project.id
foonet.reload.shared.must_equal false
@service.rbac_policies.all(:object_id => foonet.id).length.must_equal 1
# get
@service.rbac_policies.find_by_id(rbac.id).wont_equal nil
# change share target to own project
rbac.target_tenant = own_project.id
rbac.save
foonet.reload.shared.must_equal true
# delete the sharing
rbac.destroy
rbac = nil
@service.rbac_policies.all(:object_id => foonet.id).length.must_equal 0
foonet.reload.shared.must_equal false
ensure
rbac.destroy if rbac
foonet.destroy if foonet
end
end
end
it 'fails at token expiration on auth with token but not with username+password' do
VCR.use_cassette('token_expiration') do
@auth_token = @identity_service.credentials[:openstack_auth_token]
openstack_vcr = OpenStackVCR.new(
:vcr_directory => 'spec/fixtures/openstack/network',
:service_class => Fog::OpenStack::Network,
:project_scoped => true,
:token_auth => true,
:token => @auth_token
)
@service_with_token = openstack_vcr.service
[@service_with_token, @service].each_with_index do |service, index|
@network_token = service.credentials[:openstack_auth_token]
# any network object would do, take sec group - at least we have a default
@before = service.security_groups.all(:limit => 2).first.tenant_id
# invalidate the token, hopefully it is not a palindrome
# NOTE: token_revoke does not work here, because of neutron keystone-middleware cache
service.instance_variable_set("@auth_token", @network_token.reverse)
# with token
if index == 0
err = -> { service.security_groups.all(:limit => 2) }.must_raise Excon::Errors::Unauthorized
err.message.must_match(/Authentication required/)
# with username+password
else
@after = service.security_groups.all(:limit => 2).first.tenant_id
@before.must_equal @after
end
end
end
end
end
|
