keystoneauth1.tests.unit.identity package

Submodules

keystoneauth1.tests.unit.identity.test_access module

class keystoneauth1.tests.unit.identity.test_access.AccessInfoPluginTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

setUp()

Hook method for setting up the test fixture before exercising it.

test_auth_ref()
test_auth_url()
test_domain_auth_properties()
test_invalidate()
test_project_auth_properties()

keystoneauth1.tests.unit.identity.test_identity_common module

class keystoneauth1.tests.unit.identity.test_identity_common.CatalogHackTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

BASE_URL = 'http://keystone.server:5000/'
IDENTITY = 'identity'
OTHER_URL = 'http://other.server:5000/path'
PROJECT_ID = 'fafb993a139c455198f52235c9d37540'
TEST_URL = 'http://keystone.server:5000/v2.0'
V2_URL = 'http://keystone.server:5000/v2.0'
V3_URL = 'http://keystone.server:5000/v3'
test_endpoint_override_data_runs_discovery()
test_endpoint_override_skips_discovery()
test_forcing_discovery()
test_forcing_discovery_list_returns_url()
test_get_endpoint_data()
test_get_endpoint_data_compute()
test_getting_endpoints()
test_getting_endpoints_on_auth_interface()
test_getting_endpoints_project_id_and_trailing_slash_in_disc_url()
test_latest_version_gets_latest_version()
test_returns_original_skipping_discovery()
test_returns_original_when_discover_fails()
test_setting_no_discover_hack()
test_version_range()
class keystoneauth1.tests.unit.identity.test_identity_common.CommonIdentityTests

Bases: object

PROJECT_ID = 'aaf5a7410fd34ed7b5c1e7ff578fd5c3'
TEST_BAREMETAL_BASE = 'https://baremetal.example.com'
TEST_BAREMETAL_INTERNAL = 'https://baremetal.example.com/internal'
TEST_COMPUTE_ADMIN = 'https://compute.example.com/nova/admin'
TEST_COMPUTE_BASE = 'https://compute.example.com'
TEST_COMPUTE_INTERNAL = 'https://compute.example.com/nova/internal'
TEST_COMPUTE_PUBLIC = 'https://compute.example.com/nova/public'
TEST_PASS = 'adf03813c46c44b293c5b61e79df2ef9'
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
TEST_ROOT_URL = 'http://127.0.0.1:5000/'
TEST_VOLUME = <keystoneauth1.tests.unit.identity.test_identity_common.FakeServiceEndpoints object>
assertAccessInfoEqual(a, b)
abstract create_auth_plugin(**kwargs)

Create an auth plugin that makes sense for the auth data.

It doesn’t really matter what auth mechanism is used but it should be appropriate to the API version.

abstract get_auth_data(**kwargs)

Return fake authentication data.

This should register a valid token response and ensure that the compute endpoints are set to TEST_COMPUTE_PUBLIC, _INTERNAL and _ADMIN.

setUp()
stub_auth_data(**kwargs)
test_asking_for_auth_endpoint_ignores_checks()
test_broken_discovery_endpoint()
test_check_cache_id_match()
test_check_cache_id_no_match()
test_direct_discovering()
test_direct_discovering_with_no_data()
test_direct_discovery_provided_plugin_cache()
test_discovering()
test_discovering_version_no_discovery()
test_discovering_version_with_discovery()
test_discovering_when_version_missing()
test_discovering_with_no_data()
test_discovering_with_protocol_relative()
test_discovery_trailing_slash()
test_discovery_uses_plugin_cache()
test_discovery_uses_provided_session_cache()
test_discovery_uses_session_cache()
test_discovery_uses_session_plugin_cache()
test_endpoint_data_no_version()
test_endpoint_data_no_version_no_discovery()
test_endpoint_data_relative_version()
test_endpoint_data_version_url_no_discovery()
test_endpoint_no_version()
test_get_all_version_data()
test_get_all_version_data_adapter()
test_get_all_version_data_all_interfaces()
test_get_all_version_data_by_service_type()
test_get_all_version_data_service_alias()
test_get_auth_properties()
test_get_current_versioned_data()
test_get_set_auth_state()
test_get_versioned_data()
test_get_versioned_data_volume_project_id()
test_get_versioned_data_volume_project_id_unversioned_first()
test_interface_list()
test_invalidate()
test_no_reauthenticate()
test_no_trailing_slash_on_catalog_endpoint()
test_pathless_url()
test_reauthenticate()
test_trailing_slash_on_computed_endpoint()
abstract property version

The API version being tested.

class keystoneauth1.tests.unit.identity.test_identity_common.DiscoveryFailures(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

TEST_ROOT_URL = 'http://127.0.0.1:5000/'
test_client_exception()
test_connection_error()
test_ssl_error()
class keystoneauth1.tests.unit.identity.test_identity_common.FakeServiceEndpoints(base_url, versions=None, project_id=None, **kwargs)

Bases: object

class keystoneauth1.tests.unit.identity.test_identity_common.GenericAuthPluginTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

ENDPOINT_FILTER = {'c75e8a2a0c32420194cdf9cb31d9247d': '296551dee5d84ee6a05df6a9264a5f97'}
setUp()

Hook method for setting up the test fixture before exercising it.

test_setting_bad_connection_params()
test_setting_connection_params()
test_setting_headers()
class keystoneauth1.tests.unit.identity.test_identity_common.GenericPlugin

Bases: keystoneauth1.plugin.BaseAuthPlugin

BAD_TOKEN = '8d51498c7a7a4655a5339ce5569044eb'
get_connection_params(session, **kwargs)

Return any additional connection parameters required for the plugin.

Parameters

session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to.

Returns

Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response.

Return type

dict

get_endpoint(session, **kwargs)

Return an endpoint for the client.

There are no required keyword arguments to get_endpoint as a plugin implementation should use best effort with the information available to determine the endpoint. However there are certain standard options that will be generated by the clients and should be used by plugins:

  • service_type: what sort of service is required.

  • service_name: the name of the service in the catalog.

  • interface: what visibility the endpoint should have.

  • region_name: the region the endpoint exists in.

Parameters

session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to.

Returns

The base URL that will be used to talk to the required service or None if not available.

Return type

string

get_headers(session, **kwargs)

Fetch authentication headers for message.

This is a more generalized replacement of the older get_token to allow plugins to specify different or additional authentication headers to the OpenStack standard ‘X-Auth-Token’ header.

How the authentication headers are obtained is up to the plugin. If the headers are still valid they may be re-used, retrieved from cache or the plugin may invoke an authentication request against a server.

The default implementation of get_headers calls the get_token method to enable older style plugins to continue functioning unchanged. Subclasses should feel free to completely override this function to provide the headers that they want.

There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.

Returning None will indicate that no token was able to be retrieved and that authorization was a failure. Adding no authentication data can be achieved by returning an empty dictionary.

Parameters

session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to.

Returns

Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response.

Return type

dict

get_token(session, **kwargs)

Obtain a token.

How the token is obtained is up to the plugin. If it is still valid it may be re-used, retrieved from cache or invoke an authentication request against a server.

There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.

Returning None will indicate that no token was able to be retrieved.

This function is misplaced as it should only be required for auth plugins that use the ‘X-Auth-Token’ header. However due to the way plugins evolved this method is required and often called to trigger an authentication request on a new plugin.

When implementing a new plugin it is advised that you implement this method, however if you don’t require the ‘X-Auth-Token’ header override the get_headers method instead.

Parameters

session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls.

Returns

A token to use.

Return type

string

url(prefix)
class keystoneauth1.tests.unit.identity.test_identity_common.V2(*args, **kwargs)

Bases: keystoneauth1.tests.unit.identity.test_identity_common.CommonIdentityTests, keystoneauth1.tests.unit.utils.TestCase

create_auth_plugin(**kwargs)

Create an auth plugin that makes sense for the auth data.

It doesn’t really matter what auth mechanism is used but it should be appropriate to the API version.

property discovery_version
get_auth_data(**kwargs)

Return fake authentication data.

This should register a valid token response and ensure that the compute endpoints are set to TEST_COMPUTE_PUBLIC, _INTERNAL and _ADMIN.

stub_auth(**kwargs)
property version

The API version being tested.

class keystoneauth1.tests.unit.identity.test_identity_common.V3(*args, **kwargs)

Bases: keystoneauth1.tests.unit.identity.test_identity_common.CommonIdentityTests, keystoneauth1.tests.unit.utils.TestCase

create_auth_plugin(**kwargs)

Create an auth plugin that makes sense for the auth data.

It doesn’t really matter what auth mechanism is used but it should be appropriate to the API version.

property discovery_version
get_auth_data(**kwargs)

Return fake authentication data.

This should register a valid token response and ensure that the compute endpoints are set to TEST_COMPUTE_PUBLIC, _INTERNAL and _ADMIN.

stub_auth(subject_token=None, **kwargs)
property version

The API version being tested.

keystoneauth1.tests.unit.identity.test_identity_v2 module

class keystoneauth1.tests.unit.identity.test_identity_v2.V2IdentityPlugin(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

TEST_ADMIN_URL = 'http://127.0.0.1:35357/v2.0'
TEST_PASS = 'password'
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
TEST_ROOT_URL = 'http://127.0.0.1:5000/'
TEST_SERVICE_CATALOG = [{'endpoints': [{'adminURL': 'http://cdn.admin-nets.local:8774/v1.0', 'region': 'RegionOne', 'internalURL': 'http://127.0.0.1:8774/v1.0', 'publicURL': 'http://cdn.admin-nets.local:8774/v1.0/'}], 'type': 'nova_compat', 'name': 'nova_compat'}, {'endpoints': [{'adminURL': 'http://nova/novapi/admin', 'region': 'RegionOne', 'internalURL': 'http://nova/novapi/internal', 'publicURL': 'http://nova/novapi/public'}], 'type': 'compute', 'name': 'nova'}, {'endpoints': [{'adminURL': 'http://glance/glanceapi/admin', 'region': 'RegionOne', 'internalURL': 'http://glance/glanceapi/internal', 'publicURL': 'http://glance/glanceapi/public'}], 'type': 'image', 'name': 'glance'}, {'endpoints': [{'adminURL': 'http://127.0.0.1:35357/v2.0', 'region': 'RegionOne', 'internalURL': 'http://127.0.0.1:5000/v2.0', 'publicURL': 'http://127.0.0.1:5000/v2.0'}], 'type': 'identity', 'name': 'keystone'}, {'endpoints': [{'adminURL': 'http://swift/swiftapi/admin', 'region': 'RegionOne', 'internalURL': 'http://swift/swiftapi/internal', 'publicURL': 'http://swift/swiftapi/public'}], 'type': 'object-store', 'name': 'swift'}]
TEST_URL = 'http://127.0.0.1:5000/v2.0'
setUp()

Hook method for setting up the test fixture before exercising it.

stub_auth(**kwargs)
test_authenticate_with_token()
test_authenticate_with_user_id_password()
test_authenticate_with_user_id_password_scoped()
test_authenticate_with_username_password()
test_authenticate_with_username_password_scoped()
test_doesnt_log_password()
test_endpoint_filter_without_service_type_fails()
test_full_url_overrides_endpoint_filter()
test_invalid_auth_response_dict()
test_invalid_auth_response_type()
test_invalidate_response()
test_password_cache_id()
test_password_change_auth_state()
test_password_with_no_user_id_or_name()
test_service_url()
test_service_url_defaults_to_public()
test_with_trust_id()

keystoneauth1.tests.unit.identity.test_identity_v3 module

class keystoneauth1.tests.unit.identity.test_identity_v3.V3IdentityPlugin(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

TEST_ADMIN_URL = 'http://127.0.0.1:35357/v3'
TEST_APP_CRED_ID = 'appcredid'
TEST_APP_CRED_SECRET = 'secret'
TEST_PASS = 'password'
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
TEST_ROOT_URL = 'http://127.0.0.1:5000/'
TEST_SERVICE_CATALOG = [{'endpoints': [{'url': 'http://cdn.admin-nets.local:8774/v1.0/', 'region': 'RegionOne', 'interface': 'public'}, {'url': 'http://127.0.0.1:8774/v1.0', 'region': 'RegionOne', 'interface': 'internal'}, {'url': 'http://cdn.admin-nets.local:8774/v1.0', 'region': 'RegionOne', 'interface': 'admin'}], 'type': 'nova_compat'}, {'endpoints': [{'url': 'http://nova/novapi/public', 'region': 'RegionOne', 'interface': 'public'}, {'url': 'http://nova/novapi/internal', 'region': 'RegionOne', 'interface': 'internal'}, {'url': 'http://nova/novapi/admin', 'region': 'RegionOne', 'interface': 'admin'}], 'type': 'compute', 'name': 'nova'}, {'endpoints': [{'url': 'http://glance/glanceapi/public', 'region': 'RegionOne', 'interface': 'public'}, {'url': 'http://glance/glanceapi/internal', 'region': 'RegionOne', 'interface': 'internal'}, {'url': 'http://glance/glanceapi/admin', 'region': 'RegionOne', 'interface': 'admin'}], 'type': 'image', 'name': 'glance'}, {'endpoints': [{'url': 'http://127.0.0.1:5000/v3', 'region': 'RegionOne', 'interface': 'public'}, {'url': 'http://127.0.0.1:5000/v3', 'region': 'RegionOne', 'interface': 'internal'}, {'url': 'http://127.0.0.1:35357/v3', 'region': 'RegionOne', 'interface': 'admin'}], 'type': 'identity'}, {'endpoints': [{'url': 'http://swift/swiftapi/public', 'region': 'RegionOne', 'interface': 'public'}, {'url': 'http://swift/swiftapi/internal', 'region': 'RegionOne', 'interface': 'internal'}, {'url': 'http://swift/swiftapi/admin', 'region': 'RegionOne', 'interface': 'admin'}], 'type': 'object-store'}]
TEST_SERVICE_PROVIDERS = [{'auth_url': 'https://sp1.com/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth', 'id': 'sp1', 'sp_url': 'https://sp1.com/Shibboleth.sso/SAML2/ECP'}, {'auth_url': 'https://sp2.com/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth', 'id': 'sp2', 'sp_url': 'https://sp2.com/Shibboleth.sso/SAML2/ECP'}]
TEST_URL = 'http://127.0.0.1:5000/v3'
setUp()

Hook method for setting up the test fixture before exercising it.

stub_auth(subject_token=None, **kwargs)
stub_receipt(receipt=None, receipt_data=None, **kwargs)
test_application_credential_method()
test_authenticate_with_multi_factor()
test_authenticate_with_receipt_and_totp()
test_authenticate_with_token()
test_authenticate_with_unversioned_endpoint()
test_authenticate_with_username_password()
test_authenticate_with_username_password_domain_scoped()
test_authenticate_with_username_password_project_scoped()
test_doesnt_log_password()
test_endpoint_filter_without_service_type_fails()
test_full_url_overrides_endpoint_filter()
test_handle_missing_service_provider()
test_invalid_auth_response_dict()
test_invalid_auth_response_type()
test_invalidate_response()
test_password_cache_id()
test_password_change_auth_state()
test_receipt_response_is_handled()
test_sends_nocatalog()
test_service_providers_urls()
test_service_url()
test_service_url_defaults_to_public()
test_symbols()
test_unscoped_request()
test_unscoped_with_scope_data()
test_with_domain_and_project_scoping()
test_with_expired()
test_with_multiple_mechanisms()
test_with_multiple_mechanisms_factory()
test_with_multiple_scopes()
test_with_trust_id()

keystoneauth1.tests.unit.identity.test_identity_v3_federation module

class keystoneauth1.tests.unit.identity.test_identity_v3_federation.K2KAuthPluginTest(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

REQUEST_ECP_URL = 'http://127.0.0.1:5000/v3/auth/OS-FEDERATION/saml2/ecp'
SERVICE_PROVIDER_DICT = {'auth_url': 'https://sp1.com/v3/OS-FEDERATION/identity_providers/testidp/protocols/saml2/auth', 'id': 'sp1', 'sp_url': 'https://sp1.com/Shibboleth.sso/SAML2/ECP'}
SP_AUTH_URL = 'https://sp1.com/v3/OS-FEDERATION/identity_providers/testidp/protocols/saml2/auth'
SP_ID = 'sp1'
SP_ROOT_URL = 'https://sp1.com/v3'
SP_URL = 'https://sp1.com/Shibboleth.sso/SAML2/ECP'
TEST_PASS = 'password'
TEST_ROOT_URL = 'http://127.0.0.1:5000/'
TEST_URL = 'http://127.0.0.1:5000/v3'
get_plugin(**kwargs)
setUp()

Hook method for setting up the test fixture before exercising it.

test_end_to_end_with_generic_password()
test_end_to_end_workflow()
test_end_to_end_workflow_303_redirect()
test_fail_getting_ecp_assertion()
test_get_ecp_assertion_empty_response()
test_get_ecp_assertion_wrong_headers()
test_remote_url()
test_send_ecp_authn_response()
test_send_ecp_authn_response_303_redirect()
class keystoneauth1.tests.unit.identity.test_identity_v3_federation.TesterFederationPlugin(auth_url, identity_provider, protocol, **kwargs)

Bases: keystoneauth1.identity.v3.federation.FederationBaseAuth

get_unscoped_auth_ref(sess, **kwargs)

Fetch unscoped federated token.

class keystoneauth1.tests.unit.identity.test_identity_v3_federation.V3FederatedPlugin(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

AUTH_URL = 'http://keystone/v3'
get_plugin(**kwargs)
setUp()

Hook method for setting up the test fixture before exercising it.

test_federated_url()
test_scoped_behaviour()
test_unscoped_behaviour()

keystoneauth1.tests.unit.identity.test_identity_v3_oidc module

class keystoneauth1.tests.unit.identity.test_identity_v3_oidc.BaseOIDCTests

Bases: object

setUp()
test_can_pass_grant_type_but_warning_is_issued()
test_discovery_not_found()
test_grant_type_and_plugin_missmatch()
test_invalid_discovery_document()
test_load_discovery()
test_load_discovery_override_by_endpoints()
test_no_access_token_endpoint()
test_no_discovery()
test_wrong_grant_type()
class keystoneauth1.tests.unit.identity.test_identity_v3_oidc.OIDCAuthorizationGrantTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.identity.test_identity_v3_oidc.BaseOIDCTests, keystoneauth1.tests.unit.utils.TestCase

setUp()

Hook method for setting up the test fixture before exercising it.

test_initial_call_to_get_access_token()

Test initial call, expect JSON access token.

class keystoneauth1.tests.unit.identity.test_identity_v3_oidc.OIDCClientCredentialsTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.identity.test_identity_v3_oidc.BaseOIDCTests, keystoneauth1.tests.unit.utils.TestCase

setUp()

Hook method for setting up the test fixture before exercising it.

test_end_to_end_workflow()

Test full OpenID Connect workflow.

test_initial_call_to_get_access_token()

Test initial call, expect JSON access token.

test_second_call_to_protected_url()

Test subsequent call, expect Keystone token.

class keystoneauth1.tests.unit.identity.test_identity_v3_oidc.OIDCPasswordTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.identity.test_identity_v3_oidc.BaseOIDCTests, keystoneauth1.tests.unit.utils.TestCase

setUp()

Hook method for setting up the test fixture before exercising it.

test_end_to_end_workflow()

Test full OpenID Connect workflow.

test_initial_call_to_get_access_token()

Test initial call, expect JSON access token.

test_second_call_to_protected_url()

Test subsequent call, expect Keystone token.

class keystoneauth1.tests.unit.identity.test_identity_v3_oidc.OIDCTokenTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

setUp()

Hook method for setting up the test fixture before exercising it.

test_end_to_end_workflow()

Test full OpenID Connect workflow.

keystoneauth1.tests.unit.identity.test_password module

class keystoneauth1.tests.unit.identity.test_password.PasswordTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.identity.utils.GenericPluginTestCase

PLUGIN_CLASS

alias of keystoneauth1.identity.generic.password.Password

V2_PLUGIN_CLASS

alias of keystoneauth1.identity.v2.Password

V3_PLUGIN_CLASS

alias of keystoneauth1.identity.v3.password.Password

new_plugin(**kwargs)
test_default_domain_id_with_v3()
test_default_domain_name_with_v3()
test_password_cache_id()
test_symbols()
test_v3_disocovery_failure_v2_url()
test_v3_domain_params_v2_url()
test_v3_user_params_v2_url()
test_with_user_domain_params()

keystoneauth1.tests.unit.identity.test_token module

class keystoneauth1.tests.unit.identity.test_token.TokenTests(*args, **kwargs)

Bases: keystoneauth1.tests.unit.identity.utils.GenericPluginTestCase

PLUGIN_CLASS

alias of keystoneauth1.identity.generic.token.Token

V2_PLUGIN_CLASS

alias of keystoneauth1.identity.v2.Token

V3_PLUGIN_CLASS

alias of keystoneauth1.identity.v3.token.Token

new_plugin(**kwargs)
test_symbols()
test_token_cache_id()

keystoneauth1.tests.unit.identity.test_tokenless_auth module

class keystoneauth1.tests.unit.identity.test_tokenless_auth.TokenlessAuthTest(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

TEST_URL = 'http://server/prefix'
create(auth_url, domain_id=None, domain_name=None, project_id=None, project_name=None, project_domain_id=None, project_domain_name=None)
test_domain_id_scope_header_pass()
test_domain_name_scope_header_pass()
test_no_scope_header_fail()
test_project_id_scope_header_pass()
test_project_name_scope_only_header_fail()
test_project_of_domain__name_scope_header_pass()
test_project_of_domain_id_scope_header_pass()

keystoneauth1.tests.unit.identity.utils module

class keystoneauth1.tests.unit.identity.utils.GenericPluginTestCase(*args, **kwargs)

Bases: keystoneauth1.tests.unit.utils.TestCase

PLUGIN_CLASS = None
TEST_URL = 'http://keystone.host:5000/'
V2_PLUGIN_CLASS = None
V3_PLUGIN_CLASS = None
assertCreateV2(**kwargs)
assertCreateV3(**kwargs)
assertDiscoveryFailure(**kwargs)
new_plugin(**kwargs)
setUp()

Hook method for setting up the test fixture before exercising it.

stub_discovery(base_url=None, **kwargs)
test_create_plugin_no_reauthenticate()
test_create_v2_if_no_domain_params()
test_create_v3_if_domain_params()
test_default_domain_id_no_v3()
test_default_domain_id_with_v3(**kwargs)
test_default_domain_name_no_v3()
test_default_domain_name_with_v3(**kwargs)
test_disc_error_for_failure()
test_no_urls()
test_path_based_url_v2()
test_path_based_url_v3()
test_unknown_discovery_version()
test_v2_params_v3_url()
test_v3_params_v2_url()
test_v3_plugin_from_failure()

Module contents