tests/test_keystone_compat.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

import copy
import json
import os
import sys

from nose import exc

from keystonelight import logging
from keystonelight import models
from keystonelight import test
from keystonelight import utils


IDENTITY_API_REPO = 'git://github.com/openstack/identity-api.git'
KEYSTONE_REPO = 'git://github.com/openstack/keystone.git'
NOVACLIENT_REPO = 'git://github.com/rackspace/python-novaclient.git'


IDENTITY_SAMPLE_DIR = 'openstack-identity-api/src/docbkx/samples'
KEYSTONE_SAMPLE_DIR = 'keystone/content/common/samples'


class CompatTestCase(test.TestCase):
  """Test compatibility against various versions of keystone's docs.

  It should be noted that the docs for any given revision have rarely, if ever,
  reflected the actual usage or reliable sample output of the system, so these
  tests are largely a study of frustration and its effects on developer
  productivity.

  """

  def setUp(self):
    super(CompatTestCase, self).setUp()

    self.tenants_for_token = json.load(open(
        os.path.join(self.sampledir, 'tenants.json')))
    self.validate_token = json.load(open(
        os.path.join(self.sampledir, 'validatetoken.json')))
    # NOTE(termie): stupid hack to deal with the keystone samples being
    #               completely inconsistent
    self.validate_token['access']['user']['roles'][1]['id'] = u'235'

    self.auth_response = json.load(open(
        os.path.join(self.sampledir, 'auth.json')))

    # validate_token call
    self.tenant_345 = self.identity_backend._create_tenant(
        '345',
        models.Tenant(id='345', name='My Project'))
    self.user_123 = self.identity_backend._create_user(
        '123',
        models.User(id='123',
                    name='jqsmith',
                    tenants=[self.tenant_345['id']],
                    password='password'))
    self.extras_123 = self.identity_backend._create_extras(
        self.user_123['id'], self.tenant_345['id'],
        dict(roles=[{'id': '234',
                     'name': 'compute:admin'},
                    {'id': '235',
                     'name': 'object-store:admin',
                     'tenantId': '1'}],
             roles_links=[]))
    self.token_123 = self.token_backend.create_token(
        'ab48a9efdfedb23ty3494',
        models.Token(id='ab48a9efdfedb23ty3494',
                     expires='2010-11-01T03:32:15-05:00',
                     user=self.user_123,
                     tenant=self.tenant_345,
                     extras=self.extras_123))

    # auth call
    # NOTE(termie): the service catalog in the sample doesn't really have
    #               anything to do with the auth being returned, so just load
    #               it fully from a fixture and add it to our db
    # NOTE(termie): actually all the data is insane anyway, so don't bother
    #catalog = json.load(open(
    #    os.path.join(os.path.dirname(__file__),
    #                 'keystone_compat_diablo_sample_catalog.json')))
    #self.catalog_backend._create_catalog(self.user_123['id'],
    #                                     self.tenant_345['id'],
    #                                     catalog)

    # tenants_for_token call
    self.user_foo = self.identity_backend._create_user(
        'foo',
        models.User(id='foo', tenants=['1234', '3456']))
    self.tenant_1234 = self.identity_backend._create_tenant(
        '1234',
        models.Tenant(id='1234',
                      name='ACME Corp',
                      description='A description ...',
                      enabled=True))
    self.tenant_3456 = self.identity_backend._create_tenant(
        '3456',
        models.Tenant(id='3456',
                      name='Iron Works',
                      description='A description ...',
                      enabled=True))

    self.token_foo_unscoped = self.token_backend.create_token(
        'foo_unscoped',
        models.Token(id='foo_unscoped',
                     user=self.user_foo))
    self.token_foo_scoped = self.token_backend.create_token(
        'foo_scoped',
        models.Token(id='foo_scoped',
                     user=self.user_foo,
                     tenant=self.tenant_1234))


class DiabloCompatTestCase(CompatTestCase):
  def setUp(self):
    revdir = test.checkout_vendor(KEYSTONE_REPO, 'stable/diablo')
    self.sampledir = os.path.join(revdir, KEYSTONE_SAMPLE_DIR)
    self.app = self.loadapp('keystone_compat_diablo')
    self.options = self.appconfig('keystone_compat_diablo')

    self.identity_backend = utils.import_object(
        self.options['identity_driver'], options=self.options)
    self.token_backend = utils.import_object(
        self.options['token_driver'], options=self.options)
    self.catalog_backend = utils.import_object(
        self.options['catalog_driver'], options=self.options)

    super(DiabloCompatTestCase, self).setUp()

  def test_authenticate_scoped(self):
    # NOTE(termie): the docs arbitrarily changed and inserted a 'u' in front
    #               of one of the user ids, but none of the others
    raise exc.SkipTest()
    client = self.client(self.app)
    post_data = json.dumps(
        {'auth': {'passwordCredentials': {'username': self.user_123['id'],
                                          'password': self.user_123['password'],
                                          },
                  'tenantName': self.tenant_345['name']}})

    resp = client.post('/v2.0/tokens', body=post_data)
    data = json.loads(resp.body)
    logging.debug('KEYS: %s', data['access'].keys())
    self.assert_('expires' in data['access']['token'])
    self.assertDeepEquals(self.auth_response['access']['user'],
                          data['access']['user'])
    # there is pretty much no way to generate sane data that corresponds to
    # the sample data
    #self.assertDeepEquals(self.auth_response['access']['serviceCatalog'],
    #                      data['access']['serviceCatalog'])

  def test_validate_token_scoped(self):
    client = self.client(self.app, token=self.token_123['id'])
    resp = client.get('/v2.0/tokens/%s' % self.token_123['id'])
    data = json.loads(resp.body)
    self.assertDeepEquals(self.validate_token, data)

  def test_validate_token_scoped(self):
    client = self.client(self.app, token=self.token_123['id'])
    resp = client.get('/v2.0/tokens/%s' % self.token_123['id'])
    data = json.loads(resp.body)
    self.assertDeepEquals(self.validate_token, data)

  def test_tenants_for_token_unscoped(self):
    # get_tenants_for_token
    client = self.client(self.app, token=self.token_foo_unscoped['id'])
    resp = client.get('/v2.0/tenants')
    data = json.loads(resp.body)
    self.assertDeepEquals(self.tenants_for_token, data)

  def test_tenants_for_token_scoped(self):
    # get_tenants_for_token
    client = self.client(self.app, token=self.token_foo_scoped['id'])
    resp = client.get('/v2.0/tenants')
    data = json.loads(resp.body)
    self.assertDeepEquals(self.tenants_for_token, data)