diff options
-rw-r--r-- | tempest_lib/auth.py | 6 | ||||
-rw-r--r-- | tempest_lib/exceptions.py | 11 | ||||
-rw-r--r-- | tempest_lib/tests/fake_identity.py | 4 | ||||
-rw-r--r-- | tempest_lib/tests/test_auth.py | 68 |
4 files changed, 80 insertions, 9 deletions
diff --git a/tempest_lib/auth.py b/tempest_lib/auth.py index 0a05445..c16d6dd 100644 --- a/tempest_lib/auth.py +++ b/tempest_lib/auth.py @@ -148,9 +148,15 @@ class AuthProvider(object): auth_data=self.alt_auth_data) alt_auth_req = dict(url=alt_url, headers=alt_headers, body=alt_body) + if auth_req[self.alt_part] == alt_auth_req[self.alt_part]: + raise exceptions.BadAltAuth(part=self.alt_part) auth_req[self.alt_part] = alt_auth_req[self.alt_part] else: + # If the requested part is not affected by auth, we are + # not altering auth as expected, raise an exception + if auth_req[self.alt_part] == orig_req[self.alt_part]: + raise exceptions.BadAltAuth(part=self.alt_part) # If alt auth data is None, skip auth in the requested part auth_req[self.alt_part] = orig_req[self.alt_part] diff --git a/tempest_lib/exceptions.py b/tempest_lib/exceptions.py index 050ccc6..5873b4a 100644 --- a/tempest_lib/exceptions.py +++ b/tempest_lib/exceptions.py @@ -149,6 +149,17 @@ class InvalidStructure(TempestException): message = "Invalid structure of table with details" +class BadAltAuth(TempestException): + """Used when trying and failing to change to alt creds. + + If alt creds end up the same as primary creds, use this + exception. This is often going to be the case when you assume + project_id is in the url, but it's not. + + """ + message = "The alt auth looks the same as primary auth for %(part)s" + + class CommandFailed(Exception): def __init__(self, returncode, cmd, output, stderr): super(CommandFailed, self).__init__() diff --git a/tempest_lib/tests/fake_identity.py b/tempest_lib/tests/fake_identity.py index ad78f85..bac2676 100644 --- a/tempest_lib/tests/fake_identity.py +++ b/tempest_lib/tests/fake_identity.py @@ -50,11 +50,11 @@ ALT_IDENTITY_V2_RESPONSE = { "expires": "2020-01-01T00:00:10Z", "id": ALT_TOKEN, "tenant": { - "id": "fake_tenant_id" + "id": "fake_alt_tenant_id" }, }, "user": { - "id": "fake_user_id", + "id": "fake_alt_user_id", }, "serviceCatalog": CATALOG_V2, }, diff --git a/tempest_lib/tests/test_auth.py b/tempest_lib/tests/test_auth.py index 133a268..21399ed 100644 --- a/tempest_lib/tests/test_auth.py +++ b/tempest_lib/tests/test_auth.py @@ -124,6 +124,9 @@ class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp): fake_identity._fake_v2_response) self.target_url = 'test_api' + def _get_fake_identity(self): + return fake_identity.IDENTITY_V2_RESPONSE['access'] + def _get_fake_alt_identity(self): return fake_identity.ALT_IDENTITY_V2_RESPONSE['access'] @@ -175,14 +178,45 @@ class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp): self._test_request_helper(filters, expected) def test_request_with_alt_auth_cleans_alt(self): + """Test alternate auth data for headers + + Assert that when the alt data is provided for headers, after an + auth_request the data alt_data is cleaned-up. + """ self.auth_provider.set_alt_auth_data( - 'body', + 'headers', (fake_identity.ALT_TOKEN, self._get_fake_alt_identity())) - self.test_request() + filters = { + 'service': 'compute', + 'endpoint_type': 'publicURL', + 'region': 'fakeRegion' + } + self.auth_provider.auth_request('GET', self.target_url, + filters=filters) + # Assert alt auth data is clear after it self.assertIsNone(self.auth_provider.alt_part) self.assertIsNone(self.auth_provider.alt_auth_data) + def test_request_with_identical_alt_auth(self): + """Test alternate but identical auth data for headers + + Assert that when the alt data is provided, but it's actually + identical, an exception is raised. + """ + self.auth_provider.set_alt_auth_data( + 'headers', + (fake_identity.TOKEN, self._get_fake_identity())) + filters = { + 'service': 'compute', + 'endpoint_type': 'publicURL', + 'region': 'fakeRegion' + } + + self.assertRaises(exceptions.BadAltAuth, + self.auth_provider.auth_request, + 'GET', self.target_url, filters=filters) + def test_request_with_alt_part_without_alt_data(self): """Test empty alternate auth data @@ -194,17 +228,34 @@ class TestKeystoneV2AuthProvider(BaseAuthTestsSetUp): 'endpoint_type': 'publicURL', 'region': 'fakeRegion' } - self.auth_provider.set_alt_auth_data('url', None) + self.auth_provider.set_alt_auth_data('headers', None) url, headers, body = self.auth_provider.auth_request('GET', self.target_url, filters=filters) - - self.assertEqual(url, self.target_url) - self.assertEqual(self._get_token_from_fake_identity(), - headers['X-Auth-Token']) + # The original headers where empty + self.assertNotEqual(url, self.target_url) + self.assertIsNone(headers) self.assertEqual(body, None) + def test_request_with_alt_part_without_alt_data_no_change(self): + """Test empty alternate auth data with no effect + + Assert that when alt_part is defined, no auth_data is provided, + and the the corresponding original request element was not going to + be changed anyways, and exception is raised + """ + filters = { + 'service': 'compute', + 'endpoint_type': 'publicURL', + 'region': 'fakeRegion' + } + self.auth_provider.set_alt_auth_data('body', None) + + self.assertRaises(exceptions.BadAltAuth, + self.auth_provider.auth_request, + 'GET', self.target_url, filters=filters) + def test_request_with_bad_service(self): filters = { 'service': 'BAD_SERVICE', @@ -344,6 +395,9 @@ class TestKeystoneV3AuthProvider(TestKeystoneV2AuthProvider): self.stubs.Set(v3_client.V3TokenClient, 'raw_request', fake_identity._fake_v3_response) + def _get_fake_identity(self): + return fake_identity.IDENTITY_V3_RESPONSE['token'] + def _get_fake_alt_identity(self): return fake_identity.ALT_IDENTITY_V3['token'] |