2 files changed, 103 insertions, 0 deletions

diff --git a/test/unit/test_shell.py b/test/unit/test_shell.py
index a63d16b..3c08218 100644
--- a/test/unit/test_shell.py
+++ b/test/unit/test_shell.py
@@ -2395,6 +2395,8 @@ class TestParsing(TestBase):
                                  'object_storage_url', 'project_domain_id',
                                  'user_id', 'user_domain_id', 'tenant_id',
                                  'service_type', 'project_id', 'auth_token',
+                                 'auth_type', 'application_credential_id',
+                                 'application_credential_secret',
                                  'project_domain_name']
         for key in expected_os_opts_keys:
             self.assertIn(key, actual_os_opts_dict)
@@ -2686,6 +2688,50 @@ class TestParsing(TestBase):
             swiftclient.shell.main(args)
         self.assertIn('Auth version 3 requires OS_AUTH_URL', str(cm.exception))
 
+    def test_command_args_v3applicationcredential(self):
+        result = [None, None]
+        fake_command = self._make_fake_command(result)
+        opts = {"auth_version": "3"}
+        os_opts = {
+            "auth_type": "v3applicationcredential",
+            "application_credential_id": "proejct_id",
+            "application_credential_secret": "secret",
+            "auth_url": "http://example.com:5000/v3"}
+
+        args = _make_args("stat", opts, os_opts)
+        with mock.patch('swiftclient.shell.st_stat', fake_command):
+            swiftclient.shell.main(args)
+            self.assertEqual(['stat'], result[1])
+        with mock.patch('swiftclient.shell.st_stat', fake_command):
+            args = args + ["container_name"]
+            swiftclient.shell.main(args)
+            self.assertEqual(["stat", "container_name"], result[1])
+
+    def test_insufficient_args_v3applicationcredential(self):
+        opts = {"auth_version": "3"}
+        os_opts = {
+            "auth_type": "v3applicationcredential",
+            "application_credential_secret": "secret",
+            "auth_url": "http://example.com:5000/v3"}
+
+        args = _make_args("stat", opts, os_opts)
+        with self.assertRaises(SystemExit) as cm:
+            swiftclient.shell.main(args)
+        self.assertIn('Auth version 3 (application credential) requires',
+                      str(cm.exception))
+
+        os_opts = {
+            "auth_type": "v3password",
+            "application_credential_id": "proejct_id",
+            "application_credential_secret": "secret",
+            "auth_url": "http://example.com:5000/v3"}
+
+        args = _make_args("stat", opts, os_opts)
+        with self.assertRaises(SystemExit) as cm:
+            swiftclient.shell.main(args)
+        self.assertIn('Only "v3applicationcredential" is supported for',
+                      str(cm.exception))
+
     def test_password_prompt(self):
         def do_test(opts, os_opts, auth_version):
             args = _make_args("stat", opts, os_opts)
diff --git a/test/unit/test_swiftclient.py b/test/unit/test_swiftclient.py
index 2d45deb..7354bdc 100644
--- a/test/unit/test_swiftclient.py
+++ b/test/unit/test_swiftclient.py
@@ -562,6 +562,63 @@ class TestGetAuth(MockHttpTest):
         self.assertTrue(url.startswith("http"))
         self.assertTrue(token)
 
+    def test_auth_v3applicationcredential(self):
+        from keystoneauth1 import exceptions as ksauthexceptions
+
+        os_options = {
+            "auth_type": "v3applicationcredential",
+            "application_credential_id": "proejct_id",
+            "application_credential_secret": "secret"}
+
+        class FakeEndpointData(object):
+            catalog_url = 'http://swift.cluster/v1/KEY_project_id'
+
+        class FakeKeystoneuth1v3Session(object):
+
+            def __init__(self, auth):
+                self.auth = auth
+                self.token = 'token'
+
+            def get_token(self):
+                if self.auth.auth_url == 'http://keystone:5000/v3':
+                    return self.token
+                elif self.auth.auth_url == 'http://keystone:9000/v3':
+                    raise ksauthexceptions.AuthorizationFailure
+                else:
+                    raise ksauthexceptions.Unauthorized
+
+            def get_endpoint_data(self, service_type, endpoint_type, **kwargs):
+                return FakeEndpointData()
+
+        mock_sess = FakeKeystoneuth1v3Session
+        with mock.patch('keystoneauth1.session.Session', mock_sess):
+            url, token = c.get_auth('http://keystone:5000', '', '',
+                                    os_options=os_options,
+                                    auth_version="3")
+
+        self.assertTrue(url.startswith("http"))
+        self.assertEqual(url, 'http://swift.cluster/v1/KEY_project_id')
+        self.assertEqual(token, 'token')
+
+        with mock.patch('keystoneauth1.session.Session', mock_sess):
+            with self.assertRaises(c.ClientException) as exc_mgr:
+                url, token = c.get_auth('http://keystone:9000', '', '',
+                                        os_options=os_options,
+                                        auth_version="3")
+
+        body = 'Unauthorized. Check application credential id and secret.'
+        body = 'Authorization Failure. Cannot authorize API client.'
+        self.assertEqual(exc_mgr.exception.__str__()[-89:], body)
+
+        with mock.patch('keystoneauth1.session.Session', mock_sess):
+            with self.assertRaises(c.ClientException) as exc_mgr:
+                url, token = c.get_auth('http://keystone:5000', '', '',
+                                        os_options=os_options,
+                                        auth_version="2")
+
+        body = 'Unauthorized. Check application credential id and secret.'
+        self.assertEqual(exc_mgr.exception.__str__()[-89:], body)
+
     def test_get_keystone_client_2_0(self):
         # check the correct auth version is passed to get_auth_keystone
         os_options = {'tenant_name': 'asdf'}