openstack
/
heat
Code Issues Proposed changes

Use generic auth plugins 

This change removes use of version specific auth
plugins and instead uses generic plugins.

Change-Id: I19898d351c4a08f5f865f9debd60070d50aa5eff
Related-Bug: #1554533
This commit is contained in:
rabi 2016-05-24 14:29:10 +05:30
parent e1a6c072a1
commit 34b372ddb5
5 changed files with 144 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
heat/common/context.py
View File

@ -13,7 +13,7 @@
from keystoneauth1 import access
from keystoneauth1.identity import access as access_plugin
from keystoneauth1.identity import v3
from keystoneauth1.identity import generic
from keystoneauth1 import loading as ks_loading
from keystoneauth1 import token_endpoint
from oslo_config import cfg
@ -40,12 +40,12 @@ LOG = logging.getLogger(__name__)
# cfg.CONF.register*, it's done via ks_loading.register_auth_conf_options
# Note, only auth_type = v3password is expected to work, example config:
# [trustee]
# auth_type = v3password
# auth_type = password
# auth_url = http://192.168.1.2:35357
# username = heat
# password = password
# user_domain_id = default
V3_PASSWORD_PLUGIN = 'v3password'
PASSWORD_PLUGIN = 'password'
TRUSTEE_CONF_GROUP = 'trustee'
ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
@ -53,7 +53,7 @@ ks_loading.register_auth_conf_options(cfg.CONF, TRUSTEE_CONF_GROUP)
def list_opts():
trustee_opts = ks_loading.get_auth_common_conf_options()
trustee_opts.extend(ks_loading.get_auth_plugin_conf_options(
V3_PASSWORD_PLUGIN))
PASSWORD_PLUGIN))
yield TRUSTEE_CONF_GROUP, trustee_opts
@ -201,7 +201,7 @@ class RequestContext(context.RequestContext):
if 'user_domain_id' in cfg.CONF.keystone_authtoken:
trustee_user_domain = cfg.CONF.keystone_authtoken.user_domain_id
self._trusts_auth_plugin = v3.Password(
self._trusts_auth_plugin = generic.Password(
username=cfg.CONF.keystone_authtoken.admin_user,
password=cfg.CONF.keystone_authtoken.admin_password,
user_domain_id=trustee_user_domain,
@ -211,11 +211,10 @@ class RequestContext(context.RequestContext):
def _create_auth_plugin(self):
if self.auth_token_info:
auth_ref = access.AccessInfoV3(self.auth_token_info,
auth_token=self.auth_token)
access_info = access.create(body=self.auth_token_info,
auth_token=self.auth_token)
return access_plugin.AccessInfoPlugin(
auth_url=self.keystone_v3_endpoint,
auth_ref=auth_ref)
auth_ref=access_info, auth_url=self.keystone_v3_endpoint)
if self.auth_token:
# FIXME(jamielennox): This is broken but consistent. If you
@ -226,13 +225,13 @@ class RequestContext(context.RequestContext):
token=self.auth_token)
if self.password:
return v3.Password(username=self.username,
password=self.password,
project_id=self.tenant_id,
user_domain_id=self.user_domain,
auth_url=self.keystone_v3_endpoint)
return generic.Password(username=self.username,
password=self.password,
project_id=self.tenant_id,
user_domain_id=self.user_domain,
auth_url=self.keystone_v3_endpoint)
LOG.error(_LE("Keystone v3 API connection failed, no password "
LOG.error(_LE("Keystone API connection failed, no password "
"trust or auth_token!"))
raise exception.AuthorizationFailure()

58
heat/engine/clients/os/keystone/heat_keystoneclient.py
View File

@ -17,9 +17,9 @@ import collections
import uuid
import weakref
from keystoneauth1.identity import v3 as kc_auth_v3
from keystoneauth1 import exceptions as ks_exception
from keystoneauth1.identity import generic as ks_auth
from keystoneauth1 import session
import keystoneclient.exceptions as kc_exception
from keystoneclient.v3 import client as kc_v3
from oslo_config import cfg
from oslo_log import log as logging
@ -124,18 +124,18 @@ class KsClientWrapper(object):
if not self._domain_admin_auth:
# Note we must specify the domain when getting the token
# as only a domain scoped token can create projects in the domain
auth = kc_auth_v3.Password(username=self.domain_admin_user,
password=self.domain_admin_password,
auth_url=self.v3_endpoint,
domain_id=self._stack_domain_id,
domain_name=self.stack_domain_name,
user_domain_id=self._stack_domain_id,
user_domain_name=self.stack_domain_name)
auth = ks_auth.Password(username=self.domain_admin_user,
password=self.domain_admin_password,
auth_url=self.v3_endpoint,
domain_id=self._stack_domain_id,
domain_name=self.stack_domain_name,
user_domain_id=self._stack_domain_id,
user_domain_name=self.stack_domain_name)
# NOTE(jamielennox): just do something to ensure a valid token
try:
auth.get_token(self.session)
except kc_exception.Unauthorized:
except ks_exception.Unauthorized:
LOG.error(_LE("Domain admin client authentication failed"))
raise exception.AuthorizationFailure()
@ -161,7 +161,7 @@ class KsClientWrapper(object):
# reauthenticating if it's present and valid.
try:
auth_ref = self.context.auth_plugin.get_access(self.session)
except kc_exception.Unauthorized:
except ks_exception.Unauthorized:
LOG.error(_LE("Keystone client authentication failed"))
raise exception.AuthorizationFailure()
@ -193,11 +193,10 @@ class KsClientWrapper(object):
# We need the service admin user ID (not name), as the trustor user
# can't lookup the ID in keystoneclient unless they're admin
# workaround this by getting the user_id from admin_client
try:
trustee_user_id = self.context.trusts_auth_plugin.get_user_id(
self.session)
except kc_exception.Unauthorized:
except ks_exception.Unauthorized:
LOG.error(_LE("Domain admin client authentication failed"))
raise exception.AuthorizationFailure()
@ -215,7 +214,7 @@ class KsClientWrapper(object):
project=trustor_proj_id,
impersonation=True,
role_names=roles)
except kc_exception.NotFound:
except ks_exception.NotFound:
LOG.debug("Failed to find roles %s for user %s"
% (roles, trustor_user_id))
raise exception.MissingCredentialError(
@ -232,7 +231,7 @@ class KsClientWrapper(object):
"""Delete the specified trust."""
try:
self.client.trusts.delete(trust_id)
except kc_exception.NotFound:
except ks_exception.NotFound:
pass
def _get_username(self, username):
@ -287,15 +286,16 @@ class KsClientWrapper(object):
'configured, please fix your heat.conf')
raise exception.Error(msg)
# Create a keystoneclient session, then request a token with no
# Create a keystone session, then request a token with no
# catalog (the token is expected to be used inside an instance
# where a specific endpoint will be specified, and user-data
# space is limited..)
auth = kc_auth_v3.Password(auth_url=self.v3_endpoint,
user_id=user_id,
password=password,
project_id=project_id,
include_catalog=False)
# TODO(rabi): generic auth plugins don't support `include_catalog'
# flag yet. We'll add it once it's supported..
auth = ks_auth.Password(auth_url=self.v3_endpoint,
user_id=user_id,
password=password,
project_id=project_id)
return auth.get_token(self.session)
@ -345,7 +345,7 @@ class KsClientWrapper(object):
if not self._stack_domain_id:
try:
access = self.domain_admin_auth.get_access(self.session)
except kc_exception.Unauthorized:
except ks_exception.Unauthorized:
LOG.error(_LE("Keystone client authentication failed"))
raise exception.AuthorizationFailure()
@ -371,13 +371,13 @@ class KsClientWrapper(object):
try:
self._check_stack_domain_user(user_id, project_id, 'delete')
self.domain_admin_client.users.delete(user_id)
except kc_exception.NotFound:
except ks_exception.NotFound:
pass
def delete_stack_user(self, user_id):
try:
self.client.users.delete(user=user_id)
except kc_exception.NotFound:
except ks_exception.NotFound:
pass
def create_stack_domain_project(self, stack_id):
@ -409,9 +409,9 @@ class KsClientWrapper(object):
# to get the project, so again we should do nothing
try:
project = self.domain_admin_client.projects.get(project=project_id)
except kc_exception.NotFound:
except ks_exception.NotFound:
return
except kc_exception.Forbidden:
except ks_exception.Forbidden:
LOG.warning(_LW('Unable to get details for project %s, '
'not deleting'), project_id)
return
@ -422,7 +422,7 @@ class KsClientWrapper(object):
try:
project.delete()
except kc_exception.NotFound:
except ks_exception.NotFound:
pass
def _find_ec2_keypair(self, access, user_id=None):
@ -443,7 +443,7 @@ class KsClientWrapper(object):
if credential_id:
try:
self.client.credentials.delete(credential_id)
except kc_exception.NotFound:
except ks_exception.NotFound:
pass
elif access:
cred = self._find_ec2_keypair(access=access, user_id=user_id)
@ -510,7 +510,7 @@ class KsClientWrapper(object):
self._check_stack_domain_user(user_id, project_id, 'delete_keypair')
try:
self.domain_admin_client.credentials.delete(credential_id)
except kc_exception.NotFound:
except ks_exception.NotFound:
pass
def disable_stack_user(self, user_id):

161
heat/tests/clients/test_heat_client.py
View File

@ -17,7 +17,7 @@ import uuid
from keystoneauth1 import access as ks_access
from keystoneauth1 import exceptions as kc_exception
from keystoneauth1.identity import access as ks_auth_access
from keystoneauth1.identity import v3 as ks_auth_v3
from keystoneauth1.identity import generic as ks_auth
from keystoneauth1 import loading as ks_loading
from keystoneauth1 import session as ks_session
from keystoneauth1 import token_endpoint as ks_token_endpoint
@ -49,7 +49,7 @@ class KeystoneClientTest(common.HeatTestCase):
self.mock_ks_v3_client_domain_mngr = self.m.CreateMock(
kc_v3_domains.DomainManager)
self.m.StubOutWithMock(kc_v3, "Client")
self.m.StubOutWithMock(ks_auth_v3, 'Password')
self.m.StubOutWithMock(ks_auth, 'Password')
self.m.StubOutWithMock(ks_token_endpoint, 'Token')
self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin')
self.m.StubOutWithMock(ks_loading, 'load_auth_from_conf_options')
@ -85,13 +85,13 @@ class KeystoneClientTest(common.HeatTestCase):
mock_ks_auth = self.m.CreateMockAnything()
mock_ks_auth.get_token(mox.IsA(ks_session.Session)).AndReturn('tok')
m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
password='adminsecret',
domain_id='adomain123',
domain_name=None,
user_domain_id='adomain123',
user_domain_name=None,
username='adminuser123')
m = ks_auth.Password(auth_url='http://server.test:5000/v3',
password='adminsecret',
domain_id='adomain123',
domain_name=None,
user_domain_id='adomain123',
user_domain_name=None,
username='adminuser123')
m.AndReturn(mock_ks_auth)
n = kc_v3.Client(session=mox.IsA(ks_session.Session),
@ -100,26 +100,30 @@ class KeystoneClientTest(common.HeatTestCase):
self.mock_admin_client.domains = self.mock_ks_v3_client_domain_mngr
def _stubs_v3(self, method='token', trust_scoped=True,
user_id=None, auth_ref=None, client=True, project_id=None,
stub_trust_context=False):
def _stubs_auth(self, method='token', trust_scoped=True,
user_id=None, auth_ref=None, client=True, project_id=None,
stub_trust_context=False, version=3):
mock_auth_ref = self.m.CreateMockAnything()
mock_ks_auth = self.m.CreateMockAnything()
if method == 'token':
p = ks_token_endpoint.Token(token='abcd1234',
endpoint='http://server.test:5000/v3')
elif method == 'auth_ref':
elif method == 'auth_ref' and version == 3:
p = ks_auth_access.AccessInfoPlugin(
auth_url='http://server.test:5000/v3',
auth_ref=mox.IsA(ks_access.AccessInfo))
auth_ref=mox.IsA(ks_access.AccessInfoV3),
auth_url='http://server.test:5000/v3')
elif method == 'auth_ref' and version == 2:
p = ks_auth_access.AccessInfoPlugin(
auth_ref=mox.IsA(ks_access.AccessInfoV2),
auth_url='http://server.test:5000/v3')
elif method == 'password':
p = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
username='test_username',
password='password',
project_id=project_id or 'test_tenant_id',
user_domain_id='adomain123')
p = ks_auth.Password(auth_url='http://server.test:5000/v3',
username='test_username',
password='password',
project_id=project_id or 'test_tenant_id',
user_domain_id='adomain123')
elif method == 'trust':
p = ks_loading.load_auth_from_conf_options(cfg.CONF,
@ -153,7 +157,7 @@ class KeystoneClientTest(common.HeatTestCase):
def test_username_length(self):
"""Test that user names >64 characters are properly truncated."""
self._stubs_v3()
self._stubs_auth()
ctx = utils.dummy_context()
ctx.trust_id = None
@ -189,7 +193,7 @@ class KeystoneClientTest(common.HeatTestCase):
def test_create_stack_user_error_norole(self):
"""Test error path when no role is found."""
self._stubs_v3()
self._stubs_auth()
ctx = utils.dummy_context()
ctx.trust_id = None
@ -248,7 +252,7 @@ class KeystoneClientTest(common.HeatTestCase):
ctx.trust_id = None
# mock keystone client functions
self._stubs_v3()
self._stubs_auth()
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
mock_user = self.m.CreateMockAnything()
mock_user.id = 'auser123'
@ -323,7 +327,7 @@ class KeystoneClientTest(common.HeatTestCase):
ctx.trust_id = None
# mock keystone client functions
self._stubs_v3()
self._stubs_auth()
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
self.mock_ks_v3_client.users.delete(user='user123').AndReturn(None)
self.m.ReplayAll()
@ -380,7 +384,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test deleting a stack user."""
self._stubs_v3()
self._stubs_auth()
ctx = utils.dummy_context()
ctx.trust_id = None
@ -401,7 +405,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test creating the client, token auth."""
self._stubs_v3()
self._stubs_auth()
self.m.ReplayAll()
ctx = utils.dummy_context()
@ -418,7 +422,9 @@ class KeystoneClientTest(common.HeatTestCase):
expected_auth_ref = {'token': {'id': 'ctx_token', 'expires': '123'},
'version': 'v2.0'}
self._stubs_v3(method='auth_ref', auth_ref=expected_auth_ref)
self._stubs_auth(method='auth_ref',
auth_ref=expected_auth_ref,
version=2)
self.m.ReplayAll()
ctx = utils.dummy_context()
@ -440,7 +446,7 @@ class KeystoneClientTest(common.HeatTestCase):
'expires': '456',
'version': 'v3',
'methods': []}
self._stubs_v3(method='auth_ref', auth_ref=expected_auth_ref)
self._stubs_auth(method='auth_ref', auth_ref=expected_auth_ref)
self.m.ReplayAll()
ctx = utils.dummy_context()
@ -457,7 +463,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test creating the client, password auth."""
self._stubs_v3(method='password')
self._stubs_auth(method='password')
self.m.ReplayAll()
ctx = utils.dummy_context()
@ -486,7 +492,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test create_trust_context with existing trust_id."""
self._stubs_v3(method='trust')
self._stubs_auth(method='trust')
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
self.m.ReplayAll()
@ -514,9 +520,9 @@ class KeystoneClientTest(common.HeatTestCase):
id = 'atrust123'
self._stub_admin_auth()
mock_ks_auth, mock_auth_ref = self._stubs_v3(user_id='5678',
project_id='42',
stub_trust_context=True)
mock_ks_auth, mock_auth_ref = self._stubs_auth(user_id='5678',
project_id='42',
stub_trust_context=True)
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
@ -555,9 +561,9 @@ class KeystoneClientTest(common.HeatTestCase):
self._stub_admin_auth()
mock_auth, mock_auth_ref = self._stubs_v3(user_id='5678',
project_id='42',
stub_trust_context=True)
mock_auth, mock_auth_ref = self._stubs_auth(user_id='5678',
project_id='42',
stub_trust_context=True)
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
@ -614,7 +620,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test consuming a trust when initializing."""
self._stubs_v3(method='trust')
self._stubs_auth(method='trust')
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
self.m.ReplayAll()
@ -633,7 +639,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test consuming a trust when initializing, error scoping."""
self._stubs_v3(method='trust', trust_scoped=False)
self._stubs_auth(method='trust', trust_scoped=False)
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
self.m.ReplayAll()
@ -651,7 +657,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test consuming a trust when initializing, impersonation error."""
self._stubs_v3(method='trust', user_id='wrong_user_id')
self._stubs_auth(method='trust', user_id='wrong_user_id')
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
self.m.ReplayAll()
@ -669,7 +675,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test trust_id is takes precedence username/password specified."""
self._stubs_v3(method='trust')
self._stubs_auth(method='trust')
self.m.ReplayAll()
ctx = utils.dummy_context()
@ -683,7 +689,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test trust_id takes precedence when token specified."""
self._stubs_v3(method='trust')
self._stubs_auth(method='trust')
self.m.ReplayAll()
ctx = utils.dummy_context()
@ -698,7 +704,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test delete_trust when deleting trust."""
self._stubs_v3()
self._stubs_auth()
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
@ -713,7 +719,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test delete_trust when trust already deleted."""
self._stubs_v3()
self._stubs_auth()
cfg.CONF.set_override('deferred_auth_method', 'trusts',
enforce_type=True)
self.mock_ks_v3_client.trusts = self.m.CreateMockAnything()
@ -729,7 +735,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test disabling a stack user."""
self._stubs_v3()
self._stubs_auth()
ctx = utils.dummy_context()
ctx.trust_id = None
@ -746,7 +752,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test enabling a stack user."""
self._stubs_v3()
self._stubs_auth()
ctx = utils.dummy_context()
ctx.trust_id = None
@ -793,7 +799,7 @@ class KeystoneClientTest(common.HeatTestCase):
ctx.trust_id = None
# mock keystone client functions
self._stubs_v3()
self._stubs_auth()
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
self.mock_ks_v3_client.users.update(user='user123', enabled=True
).AndReturn(None)
@ -858,7 +864,7 @@ class KeystoneClientTest(common.HeatTestCase):
ctx.trust_id = None
# mock keystone client functions
self._stubs_v3()
self._stubs_auth()
self.mock_ks_v3_client.users = self.m.CreateMockAnything()
self.mock_ks_v3_client.users.update(user='user123', enabled=False
).AndReturn(None)
@ -930,7 +936,7 @@ class KeystoneClientTest(common.HeatTestCase):
ctx.trust_id = None
# mock keystone client functions
self._stubs_v3()
self._stubs_auth()
self.mock_ks_v3_client.credentials = self.m.CreateMockAnything()
self.mock_ks_v3_client.credentials.delete(
'acredentialid').AndReturn(None)
@ -984,7 +990,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test creating ec2 credentials."""
self._stubs_v3()
self._stubs_auth()
ctx = utils.dummy_context()
ctx.trust_id = None
@ -1056,7 +1062,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test creating ec2 credentials for domain user, fallback path."""
self._clear_domain_override()
self._stubs_v3()
self._stubs_auth()
ctx = utils.dummy_context()
ctx.trust_id = None
@ -1093,7 +1099,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test getting ec2 credential by id."""
user_id = 'atestuser'
self._stubs_v3(user_id=user_id)
self._stubs_auth(user_id=user_id)
ctx = utils.dummy_context()
ctx.trust_id = None
@ -1143,7 +1149,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test getting ec2 credential by access."""
user_id = 'atestuser'
self._stubs_v3(user_id=user_id)
self._stubs_auth(user_id=user_id)
ctx = utils.dummy_context()
ctx.trust_id = None
@ -1171,7 +1177,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test deleting ec2 credential by id."""
user_id = 'atestuser'
self._stubs_v3(user_id=user_id)
self._stubs_auth(user_id=user_id)
ctx = utils.dummy_context()
ctx.trust_id = None
@ -1198,7 +1204,7 @@ class KeystoneClientTest(common.HeatTestCase):
"""Test deleting ec2 credential by access."""
user_id = 'atestuser'
self._stubs_v3(user_id=user_id)
self._stubs_auth(user_id=user_id)
ctx = utils.dummy_context()
ctx.trust_id = None
@ -1335,11 +1341,11 @@ class KeystoneClientTest(common.HeatTestCase):
heat_ks_client.delete_stack_domain_project(project_id='aprojectid')
def _stub_domain_user_pw_auth(self):
ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
user_id='duser',
password='apassw',
project_id='aproject',
user_domain_id='adomain123').AndReturn('dummyauth')
ks_auth.Password(auth_url='http://server.test:5000/v3',
user_id='duser',
password='apassw',
project_id='aproject',
user_domain_id='adomain123').AndReturn('dummyauth')
def test_stack_domain_user_token(self):
"""Test stack_domain_user_token function."""
@ -1347,11 +1353,10 @@ class KeystoneClientTest(common.HeatTestCase):
mock_ks_auth = self.m.CreateMockAnything()
mock_ks_auth.get_token(mox.IsA(ks_session.Session)).AndReturn(dum_tok)
m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
password='apassw',
project_id='aproject',
user_id='duser',
include_catalog=False)
m = ks_auth.Password(auth_url='http://server.test:5000/v3',
password='apassw',
project_id='aproject',
user_id='duser')
m.AndReturn(mock_ks_auth)
self.m.ReplayAll()
@ -1388,7 +1393,7 @@ class KeystoneClientTest(common.HeatTestCase):
def _test_url_for(self, service_url, expected_kwargs, ctx=None, **kwargs):
"""Testing url_for depending on different ways to pass region name."""
mock_ks_auth, mock_auth_ref = self._stubs_v3(client=False)
mock_ks_auth, mock_auth_ref = self._stubs_auth(client=False)
mock_ks_auth.get_endpoint(mox.IsA(ks_session.Session),
**expected_kwargs).AndReturn(service_url)
@ -1489,13 +1494,13 @@ class KeystoneClientTestDomainName(KeystoneClientTest):
a.domain_id = domain_id
mock_ks_auth.get_access(mox.IsA(ks_session.Session)).AndReturn(a)
m = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
password='adminsecret',
domain_id=None,
domain_name='fake_domain_name',
user_domain_id=None,
user_domain_name='fake_domain_name',
username='adminuser123')
m = ks_auth.Password(auth_url='http://server.test:5000/v3',
password='adminsecret',
domain_id=None,
domain_name='fake_domain_name',
user_domain_id=None,
user_domain_name='fake_domain_name',
username='adminuser123')
m.AndReturn(mock_ks_auth)
@ -1506,12 +1511,12 @@ class KeystoneClientTestDomainName(KeystoneClientTest):
self.mock_admin_client.domains = self.mock_ks_v3_client_domain_mngr
def _stub_domain_user_pw_auth(self):
ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
user_id='duser',
password='apassw',
project_id='aproject',
user_domain_name='fake_domain_name'
).AndReturn('dummyauth')
ks_auth.Password(auth_url='http://server.test:5000/v3',
user_id='duser',
password='apassw',
project_id='aproject',
user_domain_name='fake_domain_name'
).AndReturn('dummyauth')
def test_enable_stack_domain_user_error_project(self):
p = super(KeystoneClientTestDomainName, self)

34
heat/tests/test_auth_password.py
View File

@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
from keystoneauth1.identity import v3 as ks_v3_auth
from keystoneauth1.identity import generic as ks_auth
from keystoneauth1 import session as ks_session
from keystoneclient import exceptions as keystone_exc
import mox
@ -120,10 +120,10 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
self.response_headers = dict(headers)
def test_valid_v2_request(self):
mock_auth = self.m.CreateMock(ks_v3_auth.Password)
self.m.StubOutWithMock(ks_v3_auth, 'Password')
mock_auth = self.m.CreateMock(ks_auth.Password)
self.m.StubOutWithMock(ks_auth, 'Password')
ks_v3_auth.Password(
ks_auth.Password(
auth_url=self.config['auth_uri'],
password='goodpassword',
project_id='tenant_id1',
@ -144,14 +144,14 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
self.m.VerifyAll()
def test_valid_v3_request(self):
mock_auth = self.m.CreateMock(ks_v3_auth.Password)
self.m.StubOutWithMock(ks_v3_auth, 'Password')
mock_auth = self.m.CreateMock(ks_auth.Password)
self.m.StubOutWithMock(ks_auth, 'Password')
ks_v3_auth.Password(auth_url=self.config['auth_uri'],
password='goodpassword',
project_id='tenant_id1',
user_domain_id='domain1',
username='user_name1').AndReturn(mock_auth)
ks_auth.Password(auth_url=self.config['auth_uri'],
password='goodpassword',
project_id='tenant_id1',
user_domain_id='domain1',
username='user_name1').AndReturn(mock_auth)
m = mock_auth.get_access(mox.IsA(ks_session.Session))
m.AndReturn(TOKEN_V3_RESPONSE)
@ -169,13 +169,13 @@ class KeystonePasswordAuthProtocolTest(common.HeatTestCase):
self.m.VerifyAll()
def test_request_with_bad_credentials(self):
self.m.StubOutWithMock(ks_v3_auth, 'Password')
self.m.StubOutWithMock(ks_auth, 'Password')
m = ks_v3_auth.Password(auth_url=self.config['auth_uri'],
password='badpassword',
project_id='tenant_id1',
user_domain_id='domain1',
username='user_name1')
m = ks_auth.Password(auth_url=self.config['auth_uri'],
password='badpassword',
project_id='tenant_id1',
user_domain_id='domain1',
username='user_name1')
m.AndRaise(keystone_exc.Unauthorized(401))
self.m.ReplayAll()

2
heat/tests/test_common_context.py
View File

@ -198,7 +198,7 @@ class TestRequestContext(common.HeatTestCase):
ctx = context.RequestContext(auth_url=None,
user_domain_id='non-default',
username='test')
with mock.patch('keystoneauth1.identity.v3.Password') as ps:
with mock.patch('keystoneauth1.identity.generic.Password') as ps:
ctx.trusts_auth_plugin
ps.assert_called_once_with(username='heat',
password='password',