Merge "Refactor: move PKI-specific tests into the appropriate class"
This commit is contained in:
commit
7c9d6f0a8e
|
@ -134,32 +134,6 @@ class TokenAPITests(object):
|
||||||
def test_default_fixture_scope_token(self):
|
def test_default_fixture_scope_token(self):
|
||||||
self.assertIsNotNone(self.get_scoped_token())
|
self.assertIsNotNone(self.get_scoped_token())
|
||||||
|
|
||||||
def verify_token(self, *args, **kwargs):
|
|
||||||
return cms.verify_token(*args, **kwargs)
|
|
||||||
|
|
||||||
def test_v3_token_id(self):
|
|
||||||
auth_data = self.build_authentication_request(
|
|
||||||
user_id=self.user['id'],
|
|
||||||
password=self.user['password'])
|
|
||||||
resp = self.v3_authenticate_token(auth_data)
|
|
||||||
token_data = resp.result
|
|
||||||
token_id = resp.headers.get('X-Subject-Token')
|
|
||||||
self.assertIn('expires_at', token_data['token'])
|
|
||||||
|
|
||||||
decoded_token = self.verify_token(token_id, CONF.signing.certfile,
|
|
||||||
CONF.signing.ca_certs)
|
|
||||||
decoded_token_dict = json.loads(decoded_token)
|
|
||||||
|
|
||||||
token_resp_dict = json.loads(resp.body)
|
|
||||||
|
|
||||||
self.assertEqual(decoded_token_dict, token_resp_dict)
|
|
||||||
# should be able to validate hash PKI token as well
|
|
||||||
hash_token_id = cms.cms_hash_token(token_id)
|
|
||||||
headers = {'X-Subject-Token': hash_token_id}
|
|
||||||
resp = self.get('/auth/tokens', headers=headers)
|
|
||||||
expected_token_data = resp.result
|
|
||||||
self.assertDictEqual(expected_token_data, token_data)
|
|
||||||
|
|
||||||
def test_v3_v2_intermix_non_default_domain_failed(self):
|
def test_v3_v2_intermix_non_default_domain_failed(self):
|
||||||
auth_data = self.build_authentication_request(
|
auth_data = self.build_authentication_request(
|
||||||
user_id=self.user['id'],
|
user_id=self.user['id'],
|
||||||
|
@ -297,31 +271,6 @@ class TokenAPITests(object):
|
||||||
self.assertEqual(v2_token['access']['user']['roles'][0]['id'],
|
self.assertEqual(v2_token['access']['user']['roles'][0]['id'],
|
||||||
token_data['token']['roles'][0]['id'])
|
token_data['token']['roles'][0]['id'])
|
||||||
|
|
||||||
def test_v3_v2_hashed_pki_token_intermix(self):
|
|
||||||
auth_data = self.build_authentication_request(
|
|
||||||
user_id=self.default_domain_user['id'],
|
|
||||||
password=self.default_domain_user['password'],
|
|
||||||
project_id=self.default_domain_project['id'])
|
|
||||||
resp = self.v3_authenticate_token(auth_data)
|
|
||||||
token_data = resp.result
|
|
||||||
token = resp.headers.get('X-Subject-Token')
|
|
||||||
|
|
||||||
# should be able to validate a hash PKI token in v2 too
|
|
||||||
token = cms.cms_hash_token(token)
|
|
||||||
path = '/v2.0/tokens/%s' % (token)
|
|
||||||
resp = self.admin_request(path=path,
|
|
||||||
token='ADMIN',
|
|
||||||
method='GET')
|
|
||||||
v2_token = resp.result
|
|
||||||
self.assertEqual(v2_token['access']['user']['id'],
|
|
||||||
token_data['token']['user']['id'])
|
|
||||||
# v2 token time has not fraction of second precision so
|
|
||||||
# just need to make sure the non fraction part agrees
|
|
||||||
self.assertIn(v2_token['access']['token']['expires'][:-1],
|
|
||||||
token_data['token']['expires_at'])
|
|
||||||
self.assertEqual(v2_token['access']['user']['roles'][0]['id'],
|
|
||||||
token_data['token']['roles'][0]['id'])
|
|
||||||
|
|
||||||
def test_v2_v3_unscoped_token_intermix(self):
|
def test_v2_v3_unscoped_token_intermix(self):
|
||||||
body = {
|
body = {
|
||||||
'auth': {
|
'auth': {
|
||||||
|
@ -493,19 +442,65 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
||||||
super(TestPKITokenAPIs, self).setUp()
|
super(TestPKITokenAPIs, self).setUp()
|
||||||
self.doSetUp()
|
self.doSetUp()
|
||||||
|
|
||||||
|
|
||||||
class TestPKIZTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
|
||||||
|
|
||||||
def verify_token(self, *args, **kwargs):
|
def verify_token(self, *args, **kwargs):
|
||||||
return cms.pkiz_verify(*args, **kwargs)
|
return cms.verify_token(*args, **kwargs)
|
||||||
|
|
||||||
|
def test_v3_token_id(self):
|
||||||
|
auth_data = self.build_authentication_request(
|
||||||
|
user_id=self.user['id'],
|
||||||
|
password=self.user['password'])
|
||||||
|
resp = self.v3_authenticate_token(auth_data)
|
||||||
|
token_data = resp.result
|
||||||
|
token_id = resp.headers.get('X-Subject-Token')
|
||||||
|
self.assertIn('expires_at', token_data['token'])
|
||||||
|
|
||||||
|
decoded_token = self.verify_token(token_id, CONF.signing.certfile,
|
||||||
|
CONF.signing.ca_certs)
|
||||||
|
decoded_token_dict = json.loads(decoded_token)
|
||||||
|
|
||||||
|
token_resp_dict = json.loads(resp.body)
|
||||||
|
|
||||||
|
self.assertEqual(decoded_token_dict, token_resp_dict)
|
||||||
|
# should be able to validate hash PKI token as well
|
||||||
|
hash_token_id = cms.cms_hash_token(token_id)
|
||||||
|
headers = {'X-Subject-Token': hash_token_id}
|
||||||
|
resp = self.get('/auth/tokens', headers=headers)
|
||||||
|
expected_token_data = resp.result
|
||||||
|
self.assertDictEqual(expected_token_data, token_data)
|
||||||
|
|
||||||
|
def test_v3_v2_hashed_pki_token_intermix(self):
|
||||||
|
auth_data = self.build_authentication_request(
|
||||||
|
user_id=self.default_domain_user['id'],
|
||||||
|
password=self.default_domain_user['password'],
|
||||||
|
project_id=self.default_domain_project['id'])
|
||||||
|
resp = self.v3_authenticate_token(auth_data)
|
||||||
|
token_data = resp.result
|
||||||
|
token = resp.headers.get('X-Subject-Token')
|
||||||
|
|
||||||
|
# should be able to validate a hash PKI token in v2 too
|
||||||
|
token = cms.cms_hash_token(token)
|
||||||
|
path = '/v2.0/tokens/%s' % (token)
|
||||||
|
resp = self.admin_request(path=path,
|
||||||
|
token='ADMIN',
|
||||||
|
method='GET')
|
||||||
|
v2_token = resp.result
|
||||||
|
self.assertEqual(v2_token['access']['user']['id'],
|
||||||
|
token_data['token']['user']['id'])
|
||||||
|
# v2 token time has not fraction of second precision so
|
||||||
|
# just need to make sure the non fraction part agrees
|
||||||
|
self.assertIn(v2_token['access']['token']['expires'][:-1],
|
||||||
|
token_data['token']['expires_at'])
|
||||||
|
self.assertEqual(v2_token['access']['user']['roles'][0]['id'],
|
||||||
|
token_data['token']['roles'][0]['id'])
|
||||||
|
|
||||||
|
|
||||||
|
class TestPKIZTokenAPIs(TestPKITokenAPIs):
|
||||||
def config_overrides(self):
|
def config_overrides(self):
|
||||||
super(TestPKIZTokenAPIs, self).config_overrides()
|
super(TestPKIZTokenAPIs, self).config_overrides()
|
||||||
self.config_fixture.config(group='token', provider='pkiz')
|
self.config_fixture.config(group='token', provider='pkiz')
|
||||||
|
|
||||||
def setUp(self):
|
def verify_token(self, *args, **kwargs):
|
||||||
super(TestPKIZTokenAPIs, self).setUp()
|
return cms.pkiz_verify(*args, **kwargs)
|
||||||
self.doSetUp()
|
|
||||||
|
|
||||||
|
|
||||||
class TestUUIDTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
class TestUUIDTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
||||||
|
@ -527,11 +522,6 @@ class TestUUIDTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
||||||
self.assertIn('expires_at', token_data['token'])
|
self.assertIn('expires_at', token_data['token'])
|
||||||
self.assertFalse(cms.is_asn1_token(token_id))
|
self.assertFalse(cms.is_asn1_token(token_id))
|
||||||
|
|
||||||
def test_v3_v2_hashed_pki_token_intermix(self):
|
|
||||||
# this test is only applicable for PKI tokens
|
|
||||||
# skipping it for UUID tokens
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
class TestTokenRevokeSelfAndAdmin(test_v3.RestfulTestCase):
|
||||||
"""Test token revoke using v3 Identity API by token owner and admin."""
|
"""Test token revoke using v3 Identity API by token owner and admin."""
|
||||||
|
|
Loading…
Reference in New Issue