Merge "Unauthed tests for RecordSets (Security)"
This commit is contained in:
commit
0ecb86e437
|
@ -0,0 +1,90 @@
|
||||||
|
"""
|
||||||
|
Copyright 2015 Rackspace
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from tempest_lib import exceptions
|
||||||
|
|
||||||
|
from functionaltests.common import datagen
|
||||||
|
from functionaltests.common import utils
|
||||||
|
from functionaltests.api.v2.base import DesignateV2Test
|
||||||
|
from functionaltests.api.v2.clients.recordset_client import RecordsetClient
|
||||||
|
from functionaltests.api.v2.clients.zone_client import ZoneClient
|
||||||
|
|
||||||
|
|
||||||
|
@utils.parameterized_class
|
||||||
|
class RecordsetTest(DesignateV2Test):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(RecordsetTest, self).setUp()
|
||||||
|
self.increase_quotas(user='default')
|
||||||
|
resp, self.zone = ZoneClient.as_user('default').post_zone(
|
||||||
|
datagen.random_zone_data())
|
||||||
|
ZoneClient.as_user('default').wait_for_zone(self.zone.id)
|
||||||
|
self.client = RecordsetClient.as_user('default', with_token=False)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
super(RecordsetTest, self).tearDown()
|
||||||
|
resp, self.zone = ZoneClient.as_user('default').delete_zone(
|
||||||
|
self.zone.id)
|
||||||
|
|
||||||
|
def test_create_a_recordset(self):
|
||||||
|
post_model = datagen.random_a_recordset(self.zone.name)
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.post_recordset, self.zone.id,
|
||||||
|
post_model)
|
||||||
|
|
||||||
|
def test_get_fake_recordset(self):
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.get_recordset, self.zone.id,
|
||||||
|
'junk')
|
||||||
|
|
||||||
|
def test_get_existing_recordset(self):
|
||||||
|
post_model = datagen.random_a_recordset(self.zone.name)
|
||||||
|
resp, resp_model = RecordsetClient.as_user('default') \
|
||||||
|
.post_recordset(self.zone.id, post_model)
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.get_recordset, self.zone.id,
|
||||||
|
resp_model.id)
|
||||||
|
|
||||||
|
def test_list_recordsets(self):
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.list_recordsets, self.zone.id)
|
||||||
|
|
||||||
|
def test_update_fake_recordset(self):
|
||||||
|
put_model = datagen.random_a_recordset(self.zone.name)
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.put_recordset, self.zone.id,
|
||||||
|
'junk', put_model)
|
||||||
|
|
||||||
|
def test_update_existing_recordset(self):
|
||||||
|
post_model = datagen.random_a_recordset(self.zone.name)
|
||||||
|
resp, resp_model = RecordsetClient.as_user('default') \
|
||||||
|
.post_recordset(self.zone.id, post_model)
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.put_recordset, self.zone.id,
|
||||||
|
resp_model.id, post_model)
|
||||||
|
|
||||||
|
def test_delete_fake_recordset(self):
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.delete_recordset,
|
||||||
|
self.zone.id, 'junk')
|
||||||
|
|
||||||
|
def test_delete_existing_recordset(self):
|
||||||
|
post_model = datagen.random_a_recordset(self.zone.name)
|
||||||
|
resp, resp_model = RecordsetClient.as_user('default') \
|
||||||
|
.post_recordset(self.zone.id, post_model)
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Unauthorized, self.client.delete_recordset,
|
||||||
|
self.zone.id, resp_model.id)
|
|
@ -38,19 +38,31 @@ class KeystoneV2AuthProviderWithOverridableUrl(KeystoneV2AuthProvider):
|
||||||
.base_url(*args, **kwargs)
|
.base_url(*args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
class KeystoneV2AuthProviderNoToken(KeystoneV2AuthProviderWithOverridableUrl):
|
||||||
|
|
||||||
|
def _decorate_request(self, filters, method, url, headers=None, body=None,
|
||||||
|
auth_data=None):
|
||||||
|
_res = super(KeystoneV2AuthProviderNoToken, self)._decorate_request(
|
||||||
|
filters, method, url, headers=headers, body=body,
|
||||||
|
auth_data=auth_data)
|
||||||
|
_url, _headers, _body = _res
|
||||||
|
del _headers['X-Auth-Token']
|
||||||
|
return (_url, _headers, _body)
|
||||||
|
|
||||||
|
|
||||||
class BaseDesignateClient(RestClient):
|
class BaseDesignateClient(RestClient):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self, with_token=True):
|
||||||
super(BaseDesignateClient, self).__init__(
|
super(BaseDesignateClient, self).__init__(
|
||||||
auth_provider=self.get_auth_provider(),
|
auth_provider=self.get_auth_provider(with_token),
|
||||||
service='dns',
|
service='dns',
|
||||||
region=cfg.CONF.identity.region
|
region=cfg.CONF.identity.region
|
||||||
)
|
)
|
||||||
|
|
||||||
def get_auth_provider(self):
|
def get_auth_provider(self, with_token=True):
|
||||||
if cfg.CONF.noauth.use_noauth:
|
if cfg.CONF.noauth.use_noauth:
|
||||||
return self._get_noauth_auth_provider()
|
return self._get_noauth_auth_provider()
|
||||||
return self._get_keystone_auth_provider()
|
return self._get_keystone_auth_provider(with_token)
|
||||||
|
|
||||||
@abc.abstractmethod
|
@abc.abstractmethod
|
||||||
def _get_noauth_auth_provider(self):
|
def _get_noauth_auth_provider(self):
|
||||||
|
@ -60,9 +72,13 @@ class BaseDesignateClient(RestClient):
|
||||||
def _get_keystone_auth_provider(self):
|
def _get_keystone_auth_provider(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def _create_keystone_auth_provider(self, creds):
|
def _create_keystone_auth_provider(self, creds, with_token=True):
|
||||||
auth_provider = KeystoneV2AuthProviderWithOverridableUrl(
|
if with_token:
|
||||||
creds, cfg.CONF.identity.uri)
|
auth_provider = KeystoneV2AuthProviderWithOverridableUrl(
|
||||||
|
creds, cfg.CONF.identity.uri)
|
||||||
|
else:
|
||||||
|
auth_provider = KeystoneV2AuthProviderNoToken(
|
||||||
|
creds, cfg.CONF.identity.uri)
|
||||||
auth_provider.fill_credentials()
|
auth_provider.fill_credentials()
|
||||||
return auth_provider
|
return auth_provider
|
||||||
|
|
||||||
|
@ -76,13 +92,13 @@ class DesignateClient(BaseDesignateClient):
|
||||||
)
|
)
|
||||||
return NoAuthAuthProvider(creds, cfg.CONF.noauth.designate_endpoint)
|
return NoAuthAuthProvider(creds, cfg.CONF.noauth.designate_endpoint)
|
||||||
|
|
||||||
def _get_keystone_auth_provider(self):
|
def _get_keystone_auth_provider(self, with_token=True):
|
||||||
creds = KeystoneV2Credentials(
|
creds = KeystoneV2Credentials(
|
||||||
username=cfg.CONF.identity.username,
|
username=cfg.CONF.identity.username,
|
||||||
password=cfg.CONF.identity.password,
|
password=cfg.CONF.identity.password,
|
||||||
tenant_name=cfg.CONF.identity.tenant_name,
|
tenant_name=cfg.CONF.identity.tenant_name,
|
||||||
)
|
)
|
||||||
return self._create_keystone_auth_provider(creds)
|
return self._create_keystone_auth_provider(creds, with_token)
|
||||||
|
|
||||||
|
|
||||||
class DesignateAltClient(BaseDesignateClient):
|
class DesignateAltClient(BaseDesignateClient):
|
||||||
|
@ -94,13 +110,13 @@ class DesignateAltClient(BaseDesignateClient):
|
||||||
)
|
)
|
||||||
return NoAuthAuthProvider(creds, cfg.CONF.noauth.designate_endpoint)
|
return NoAuthAuthProvider(creds, cfg.CONF.noauth.designate_endpoint)
|
||||||
|
|
||||||
def _get_keystone_auth_provider(self):
|
def _get_keystone_auth_provider(self, with_token=True):
|
||||||
creds = KeystoneV2Credentials(
|
creds = KeystoneV2Credentials(
|
||||||
username=cfg.CONF.identity.alt_username,
|
username=cfg.CONF.identity.alt_username,
|
||||||
password=cfg.CONF.identity.alt_password,
|
password=cfg.CONF.identity.alt_password,
|
||||||
tenant_name=cfg.CONF.identity.alt_tenant_name,
|
tenant_name=cfg.CONF.identity.alt_tenant_name,
|
||||||
)
|
)
|
||||||
return self._create_keystone_auth_provider(creds)
|
return self._create_keystone_auth_provider(creds, with_token)
|
||||||
|
|
||||||
|
|
||||||
class DesignateAdminClient(BaseDesignateClient):
|
class DesignateAdminClient(BaseDesignateClient):
|
||||||
|
@ -112,24 +128,24 @@ class DesignateAdminClient(BaseDesignateClient):
|
||||||
)
|
)
|
||||||
return NoAuthAuthProvider(creds, cfg.CONF.noauth.designate_endpoint)
|
return NoAuthAuthProvider(creds, cfg.CONF.noauth.designate_endpoint)
|
||||||
|
|
||||||
def _get_keystone_auth_provider(self):
|
def _get_keystone_auth_provider(self, with_token=True):
|
||||||
creds = KeystoneV2Credentials(
|
creds = KeystoneV2Credentials(
|
||||||
username=cfg.CONF.identity.admin_username,
|
username=cfg.CONF.identity.admin_username,
|
||||||
password=cfg.CONF.identity.admin_password,
|
password=cfg.CONF.identity.admin_password,
|
||||||
tenant_name=cfg.CONF.identity.admin_tenant_name,
|
tenant_name=cfg.CONF.identity.admin_tenant_name,
|
||||||
)
|
)
|
||||||
return self._create_keystone_auth_provider(creds)
|
return self._create_keystone_auth_provider(creds, with_token)
|
||||||
|
|
||||||
|
|
||||||
class ClientMixin(object):
|
class ClientMixin(object):
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
@memoized
|
@memoized
|
||||||
def get_clients(cls):
|
def get_clients(cls, with_token):
|
||||||
return {
|
return {
|
||||||
'default': DesignateClient(),
|
'default': DesignateClient(with_token),
|
||||||
'alt': DesignateAltClient(),
|
'alt': DesignateAltClient(with_token),
|
||||||
'admin': DesignateAdminClient(),
|
'admin': DesignateAdminClient(with_token),
|
||||||
}
|
}
|
||||||
|
|
||||||
def __init__(self, client):
|
def __init__(self, client):
|
||||||
|
@ -140,11 +156,13 @@ class ClientMixin(object):
|
||||||
return resp, model_type.from_json(body)
|
return resp, model_type.from_json(body)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def as_user(cls, user):
|
def as_user(cls, user, with_token=True):
|
||||||
"""
|
"""
|
||||||
:param user: 'default', 'alt', or 'admin'
|
:param user: 'default', 'alt', or 'admin'
|
||||||
|
:param with_token: Boolean for whether to send the x-auth-token with
|
||||||
|
requests
|
||||||
"""
|
"""
|
||||||
return cls(cls.get_clients()[user])
|
return cls(cls.get_clients(with_token)[user])
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def tenant_id(self):
|
def tenant_id(self):
|
||||||
|
|
Loading…
Reference in New Issue