summaryrefslogtreecommitdiff
path: root/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py')
-rw-r--r--keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py104
1 files changed, 104 insertions, 0 deletions
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 04e605c..9fd0328 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -1413,6 +1413,110 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
e = self.requests_mock.request_history[3].qs.get('allow_expired')
self.assertIsNone(e)
+ def test_app_cred_token_without_access_rules(self):
+ self.set_middleware(conf={'service_type': 'compute'})
+ token = self.examples.v3_APP_CRED_TOKEN
+ token_data = self.examples.TOKEN_RESPONSES[token]
+ resp = self.call_middleware(headers={'X-Auth-Token': token})
+ self.assertEqual(FakeApp.SUCCESS, resp.body)
+ token_auth = resp.request.environ['keystone.token_auth']
+ self.assertEqual(token_data.application_credential_id,
+ token_auth.user.application_credential_id)
+
+ def test_app_cred_access_rules_token(self):
+ self.set_middleware(conf={'service_type': 'compute'})
+ token = self.examples.v3_APP_CRED_ACCESS_RULES
+ token_data = self.examples.TOKEN_RESPONSES[token]
+ resp = self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=200,
+ method='GET', path='/v2.1/servers')
+ token_auth = resp.request.environ['keystone.token_auth']
+ self.assertEqual(token_data.application_credential_id,
+ token_auth.user.application_credential_id)
+ self.assertEqual(token_data.application_credential_access_rules,
+ token_auth.user.application_credential_access_rules)
+ resp = self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET',
+ path='/v2.1/servers/someuuid')
+ token_auth = resp.request.environ['keystone.token_auth']
+ self.assertEqual(token_data.application_credential_id,
+ token_auth.user.application_credential_id)
+ self.assertEqual(token_data.application_credential_access_rules,
+ token_auth.user.application_credential_access_rules)
+
+ def test_app_cred_access_rules_service_request(self):
+ self.set_middleware(conf={'service_type': 'image'})
+ token = self.examples.v3_APP_CRED_ACCESS_RULES
+ headers = {'X-Auth-Token': token}
+ self.call_middleware(headers=headers,
+ expected_status=401,
+ method='GET', path='/v2/images')
+ service_token = self.examples.v3_UUID_SERVICE_TOKEN_DEFAULT
+ headers['X-Service-Token'] = service_token
+ self.call_middleware(headers=headers,
+ expected_status=200,
+ method='GET', path='/v2/images')
+
+ def test_app_cred_no_access_rules_token(self):
+ self.set_middleware(conf={'service_type': 'compute'})
+ token = self.examples.v3_APP_CRED_EMPTY_ACCESS_RULES
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/v2.1/servers')
+ service_token = self.examples.v3_UUID_SERVICE_TOKEN_DEFAULT
+ headers = {
+ 'X-Auth-Token': token,
+ 'X-Service-Token': service_token
+ }
+ self.call_middleware(headers=headers, expected_status=401,
+ method='GET', path='/v2.1/servers')
+
+ def test_app_cred_matching_rules(self):
+ self.set_middleware(conf={'service_type': 'compute'})
+ token = self.examples.v3_APP_CRED_MATCHING_RULES
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=200,
+ method='GET', path='/v2.1/servers/foobar')
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/v2.1/servers/foobar/barfoo')
+ self.set_middleware(conf={'service_type': 'image'})
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=200,
+ method='GET', path='/v2/images/foobar')
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/v2/images/foobar/barfoo')
+ self.set_middleware(conf={'service_type': 'identity'})
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=200,
+ method='GET',
+ path='/v3/projects/123/users/456/roles/member')
+ self.set_middleware(conf={'service_type': 'block-storage'})
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=200,
+ method='GET', path='/v3/123/types/456')
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/v3/123/types')
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/v2/123/types/456')
+ self.set_middleware(conf={'service_type': 'object-store'})
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=200,
+ method='GET', path='/v1/1/2/3')
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/v1/1/2')
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/v2/1/2')
+ self.call_middleware(headers={'X-Auth-Token': token},
+ expected_status=401,
+ method='GET', path='/info')
+
class DelayedAuthTests(BaseAuthTokenMiddlewareTest):
View Lorry Controller Status