diff options
author | Sascha Peilicke <saschpe@suse.de> | 2013-01-21 15:34:42 +0100 |
---|---|---|
committer | Monty Taylor <mordred@inaugust.com> | 2013-08-14 01:30:01 -0300 |
commit | 14e090154c10001550127628c2728013f15d4256 (patch) | |
tree | 99be365f496f7942638a95f28241839c6ca8771a /keystone/tests/test_auth_plugin.py | |
parent | 361f6fe111b3eddf013c544776d63980689dfaf5 (diff) | |
download | keystone-14e090154c10001550127628c2728013f15d4256.tar.gz keystone-14e090154c10001550127628c2728013f15d4256.tar.xz keystone-14e090154c10001550127628c2728013f15d4256.zip |
Move 'tests' directory into 'keystone' package
Similar to a range of other components (e.g. glance,nova,...) and recent
reviews by Monty.
Running individual tests can be done like this:
./run_tests.sh keystone.tests.test_drivers
Change-Id: I2482a48322150e5eb09b703326a94d8283f1c75b
Diffstat (limited to 'keystone/tests/test_auth_plugin.py')
-rw-r--r-- | keystone/tests/test_auth_plugin.py | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/keystone/tests/test_auth_plugin.py b/keystone/tests/test_auth_plugin.py new file mode 100644 index 00000000..e3346cf1 --- /dev/null +++ b/keystone/tests/test_auth_plugin.py @@ -0,0 +1,106 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2013 OpenStack LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import uuid + +from keystone.tests import core as test + +from keystone import auth +from keystone import exception +from keystone import token + + +# for testing purposes only +METHOD_NAME = 'simple-challenge-response' +EXPECTED_RESPONSE = uuid.uuid4().hex +DEMO_USER_ID = uuid.uuid4().hex + + +class SimpleChallengeResponse(auth.AuthMethodHandler): + def authenticate(self, context, auth_payload, user_context): + if 'response' in auth_payload: + if auth_payload['response'] != EXPECTED_RESPONSE: + raise exception.Unauthorized('Wrong answer') + user_context['user_id'] = DEMO_USER_ID + else: + return {"challenge": "What's the name of your high school?"} + + +class TestAuthPlugin(test.TestCase): + def setUp(self): + super(TestAuthPlugin, self).setUp() + self.config([ + test.etcdir('keystone.conf.sample'), + test.testsdir('test_overrides.conf'), + test.testsdir('backend_sql.conf'), + test.testsdir('backend_sql_disk.conf'), + test.testsdir('test_auth_plugin.conf')]) + self.load_backends() + auth.controllers.AUTH_METHODS[METHOD_NAME] = SimpleChallengeResponse() + + # need to register the token provider first because auth controller + # depends on it + token.provider.Manager() + + self.api = auth.controllers.Auth() + + def test_unsupported_auth_method(self): + method_name = uuid.uuid4().hex + auth_data = {'methods': [method_name]} + auth_data[method_name] = {'test': 'test'} + auth_data = {'identity': auth_data} + self.assertRaises(exception.AuthMethodNotSupported, + auth.controllers.AuthInfo, + None, + auth_data) + + def test_addition_auth_steps(self): + auth_data = {'methods': ['simple-challenge-response']} + auth_data['simple-challenge-response'] = { + 'test': 'test'} + auth_data = {'identity': auth_data} + auth_info = auth.controllers.AuthInfo(None, auth_data) + auth_context = {'extras': {}, 'method_names': []} + try: + self.api.authenticate({}, auth_info, auth_context) + except exception.AdditionalAuthRequired as e: + self.assertTrue('methods' in e.authentication) + self.assertTrue(METHOD_NAME in e.authentication['methods']) + self.assertTrue(METHOD_NAME in e.authentication) + self.assertTrue('challenge' in e.authentication[METHOD_NAME]) + + # test correct response + auth_data = {'methods': ['simple-challenge-response']} + auth_data['simple-challenge-response'] = { + 'response': EXPECTED_RESPONSE} + auth_data = {'identity': auth_data} + auth_info = auth.controllers.AuthInfo(None, auth_data) + auth_context = {'extras': {}, 'method_names': []} + self.api.authenticate({}, auth_info, auth_context) + self.assertEqual(auth_context['user_id'], DEMO_USER_ID) + + # test incorrect response + auth_data = {'methods': ['simple-challenge-response']} + auth_data['simple-challenge-response'] = { + 'response': uuid.uuid4().hex} + auth_data = {'identity': auth_data} + auth_info = auth.controllers.AuthInfo(None, auth_data) + auth_context = {'extras': {}, 'method_names': []} + self.assertRaises(exception.Unauthorized, + self.api.authenticate, + {}, + auth_info, + auth_context) |