diff options
author | Cedric Brandily <zzelle@gmail.com> | 2016-04-10 23:18:17 +0200 |
---|---|---|
committer | Cedric Brandily <zzelle@gmail.com> | 2016-04-10 23:20:49 +0200 |
commit | 450f505c35f8762cca29d56b6e928490288ec166 (patch) | |
tree | 367b0d9a84f991053395d77ce965e9367e0136d5 /tests | |
parent | 015903e383a27318918ee7827574ecb120110ae2 (diff) | |
download | python-swiftclient-450f505c35f8762cca29d56b6e928490288ec166.tar.gz |
Support client certificate/key
This change enables to specify a client certificate/key with:
* usual CLI options (--os-cert/--os-key)
* usual environment variables ($OS_CERT/$OS_KEY)
Closes-Bug: #1565112
Change-Id: I12e151adcb6084d801c6dfed21d82232a3259aea
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit/test_shell.py | 4 | ||||
-rw-r--r-- | tests/unit/test_swiftclient.py | 39 | ||||
-rw-r--r-- | tests/unit/utils.py | 6 |
3 files changed, 46 insertions, 3 deletions
diff --git a/tests/unit/test_shell.py b/tests/unit/test_shell.py index 236f1ef..82a5590 100644 --- a/tests/unit/test_shell.py +++ b/tests/unit/test_shell.py @@ -1781,7 +1781,9 @@ class TestKeystoneOptions(MockHttpTest): 'project-id': 'projectid', 'project-domain-id': 'projectdomainid', 'project-domain-name': 'projectdomain', - 'cacert': 'foo'} + 'cacert': 'foo', + 'cert': 'minnie', + 'key': 'mickey'} catalog_opts = {'service-type': 'my-object-store', 'endpoint-type': 'public', 'region-name': 'my-region'} diff --git a/tests/unit/test_swiftclient.py b/tests/unit/test_swiftclient.py index f3bee3b..5df54b1 100644 --- a/tests/unit/test_swiftclient.py +++ b/tests/unit/test_swiftclient.py @@ -512,6 +512,32 @@ class TestGetAuth(MockHttpTest): os_options=os_options, auth_version='2.0', insecure=False) + def test_auth_v2_cert(self): + os_options = {'tenant_name': 'foo'} + c.get_auth_keystone = fake_get_auth_keystone(os_options, None) + + auth_url_no_sslauth = 'https://www.tests.com' + auth_url_sslauth = 'https://www.tests.com/client-certificate' + + url, token = c.get_auth(auth_url_no_sslauth, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0') + self.assertTrue(url.startswith("http")) + self.assertTrue(token) + + url, token = c.get_auth(auth_url_sslauth, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0', + cert='minnie', cert_key='mickey') + self.assertTrue(url.startswith("http")) + self.assertTrue(token) + + self.assertRaises(c.ClientException, c.get_auth, + auth_url_sslauth, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0') + self.assertRaises(c.ClientException, c.get_auth, + auth_url_sslauth, 'asdf', 'asdf', + os_options=os_options, auth_version='2.0', + cert='minnie') + def test_auth_v3_with_tenant_name(self): # check the correct auth version is passed to get_auth_keystone os_options = {'tenant_name': 'asdf'} @@ -1511,6 +1537,15 @@ class TestHTTPConnection(MockHttpTest): conn = c.http_connection(u'http://www.test.com/', insecure=True) self.assertEqual(conn[1].requests_args['verify'], False) + def test_cert(self): + conn = c.http_connection(u'http://www.test.com/', cert='minnie') + self.assertEqual(conn[1].requests_args['cert'], 'minnie') + + def test_cert_key(self): + conn = c.http_connection( + u'http://www.test.com/', cert='minnie', cert_key='mickey') + self.assertEqual(conn[1].requests_args['cert'], ('minnie', 'mickey')) + def test_response_connection_released(self): _parsed_url, conn = c.http_connection(u'http://www.test.com/') conn.resp = MockHttpResponse() @@ -2018,8 +2053,8 @@ class TestConnection(MockHttpTest): return '' def local_http_connection(url, proxy=None, cacert=None, - insecure=False, ssl_compression=True, - timeout=None): + insecure=False, cert=None, cert_key=None, + ssl_compression=True, timeout=None): parsed = urlparse(url) return parsed, LocalConnection() diff --git a/tests/unit/utils.py b/tests/unit/utils.py index 3b043bc..d04583f 100644 --- a/tests/unit/utils.py +++ b/tests/unit/utils.py @@ -57,6 +57,11 @@ def fake_get_auth_keystone(expected_os_options=None, exc=None, actual_kwargs['cacert'] is None: from swiftclient import client as c raise c.ClientException("unverified-certificate") + if auth_url.startswith("https") and \ + auth_url.endswith("client-certificate") and \ + not (actual_kwargs['cert'] and actual_kwargs['cert_key']): + from swiftclient import client as c + raise c.ClientException("noclient-certificate") return storage_url, token return fake_get_auth_keystone @@ -215,6 +220,7 @@ class MockHttpTest(unittest.TestCase): on_request = kwargs.get('on_request') def wrapper(url, proxy=None, cacert=None, insecure=False, + cert=None, cert_key=None, ssl_compression=True, timeout=None): if storage_url: self.assertEqual(storage_url, url) |