Merge "Increase unit test coverage for Common Auth Utils."

2017-01-11 23:36:55 +00:00 · 2017-01-11 23:36:55 +00:00 · 63602ce1b8
parent 3a806680f9 82a1278515
commit 63602ce1b8
1 changed files with 354 additions and 0 deletions
--- a/murano/tests/unit/common/test_auth_utils.py
+++ b/murano/tests/unit/common/test_auth_utils.py
@ -0,0 +1,354 @@
+# Copyright (c) 2016 AT&T Corp
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import mock
+
+from keystoneauth1 import loading as ka_loading
+
+from murano.common import auth_utils
+from murano.tests.unit import base
+
+
+class TestAuthUtils(base.MuranoTestCase):
+
+    def setUp(self):
+        super(TestAuthUtils, self).setUp()
+        self.addCleanup(mock.patch.stopall)
+
+    def _init_mock_cfg(self, auth_type):
+        if auth_type:
+            mock_auth_obj = mock.patch.object(auth_utils, 'ka_loading',
+                                              spec_set=ka_loading).start()
+            mock_auth_obj.load_auth_from_conf_options.return_value = \
+                mock.sentinel.auth
+            mock_auth_obj.session.Session.return_value.load_from_options.\
+                return_value = mock.sentinel.session
+        else:
+            mock_auth_obj = mock.patch.object(auth_utils, 'identity',
+                                              autospec=True).start()
+            mock_auth_obj.Password.return_value = mock.sentinel.auth
+        mock_cfg = mock.patch.object(auth_utils, 'cfg', autospec=True).start()
+        mock_conf = mock_cfg.CONF.__getitem__.return_value
+        mock_conf.auth_type = auth_type
+        mock_conf.auth_uri = 'foo_auth_uri/v2.0'
+        mock_conf.admin_user = mock.sentinel.admin_user
+        mock_conf.admin_password = mock.sentinel.admin_password
+        mock_conf.admin_tenant_name = mock.sentinel.admin_tenant_name
+        return mock_cfg, mock_auth_obj
+
+    def test_get_keystone_auth(self):
+        mock_cfg, mock_identity = self._init_mock_cfg(False)
+
+        expected_kwargs = {
+            'auth_url': 'foo_auth_uri/v3',
+            'username': mock.sentinel.admin_user,
+            'password': mock.sentinel.admin_password,
+            'user_domain_name': 'Default',
+            'project_name': mock.sentinel.admin_tenant_name,
+            'project_domain_name': 'Default'
+        }
+        expected_auth = mock.sentinel.auth
+        actual_auth = auth_utils._get_keystone_auth()
+
+        self.assertEqual(expected_auth, actual_auth)
+        mock_identity.Password.assert_called_once_with(**expected_kwargs)
+
+    def test_get_keystone_auth_with_trust_id(self):
+        mock_cfg, mock_identity = self._init_mock_cfg(False)
+
+        expected_kwargs = {
+            'auth_url': 'foo_auth_uri/v3',
+            'username': mock.sentinel.admin_user,
+            'password': mock.sentinel.admin_password,
+            'user_domain_name': 'Default',
+            'trust_id': mock.sentinel.trust_id
+        }
+        expected_auth = mock.sentinel.auth
+        actual_auth = auth_utils._get_keystone_auth(mock.sentinel.trust_id)
+
+        self.assertEqual(expected_auth, actual_auth)
+        mock_identity.Password.assert_called_once_with(**expected_kwargs)
+
+    def test_get_keystone_auth_without_auth(self):
+        mock_cfg, mock_ka_loading = self._init_mock_cfg(True)
+
+        expected_kwargs = {
+            'project_name': None,
+            'project_domain_name': None,
+            'project_id': None,
+            'trust_id': mock.sentinel.trust_id
+        }
+        expected_auth = mock.sentinel.auth
+        actual_auth = auth_utils._get_keystone_auth(mock.sentinel.trust_id)
+
+        self.assertEqual(expected_auth, actual_auth)
+        mock_ka_loading.load_auth_from_conf_options.assert_called_once_with(
+            mock_cfg.CONF,
+            auth_utils.CFG_KEYSTONE_GROUP,
+            **expected_kwargs)
+
+    @mock.patch.object(auth_utils, 'ks_client', autospec=True)
+    @mock.patch.object(auth_utils, '_get_session', autospec=True)
+    def test_create_keystone_admin_client(self, mock_get_sess, mock_ks_client):
+        self._init_mock_cfg(False)
+        mock_get_sess.return_value = mock.sentinel.session
+        mock_ks_client.Client.return_value = mock.sentinel.ks_admin_client
+
+        result = auth_utils._create_keystone_admin_client()
+
+        self.assertEqual(result, mock.sentinel.ks_admin_client)
+        self.assertTrue(mock_get_sess.called)
+        mock_ks_client.Client.assert_called_once_with(
+            session=mock.sentinel.session)
+
+    @mock.patch.object(auth_utils, '_get_session', autospec=True)
+    @mock.patch.object(auth_utils, '_get_keystone_auth', autospec=True)
+    @mock.patch.object(
+        auth_utils.helpers, 'get_execution_session', autospec=True)
+    def test_get_client_session(self, mock_get_execution_session,
+                                mock_get_keystone_auth, mock_get_session):
+        mock_exec_session = mock.Mock(trust_id=mock.sentinel.trust_id)
+        mock_get_execution_session.return_value = mock_exec_session
+        mock_get_keystone_auth.return_value = mock.sentinel.auth
+        mock_get_session.return_value = mock.sentinel.session
+
+        session = auth_utils.get_client_session(conf=mock.sentinel.conf)
+
+        self.assertEqual(mock.sentinel.session, session)
+        mock_get_execution_session.assert_called_once_with()
+        mock_get_keystone_auth.assert_called_once_with(mock.sentinel.trust_id)
+        mock_get_session.assert_called_once_with(
+            auth=mock.sentinel.auth, conf_section=mock.sentinel.conf)
+
+    @mock.patch.object(auth_utils, 'get_token_client_session', autospec=True)
+    @mock.patch.object(
+        auth_utils.helpers, 'get_execution_session', autospec=True)
+    def test_get_client_session_without_trust_id(
+            self, mock_get_execution_session, mock_get_token_client_session):
+        mock_get_token_client_session.return_value = mock.sentinel.session
+        mock_exec_session = mock.Mock(trust_id=None,
+                                      token=mock.sentinel.token,
+                                      project_id=mock.sentinel.project_id)
+
+        session = auth_utils.get_client_session(
+            execution_session=mock_exec_session, conf=mock.sentinel.conf)
+
+        self.assertEqual(mock.sentinel.session, session)
+        self.assertFalse(mock_get_execution_session.called)
+        mock_get_token_client_session.assert_called_once_with(
+            token=mock.sentinel.token, project_id=mock.sentinel.project_id)
+
+    @mock.patch.object(auth_utils, '_get_session', autospec=True)
+    @mock.patch.object(auth_utils, 'identity', autospec=True)
+    @mock.patch.object(
+        auth_utils.helpers, 'get_execution_session', autospec=True)
+    @mock.patch.object(auth_utils, 'cfg', autospec=True)
+    def test_get_token_client_session(
+            self, mock_cfg, mock_get_execution_session, mock_identity,
+            mock_get_session):
+        mock_cfg.CONF.__getitem__.return_value.auth_uri = 'foo_auth_uri/v2.0'
+        mock_get_execution_session.return_value = \
+            mock.Mock(token=mock.sentinel.token,
+                      project_id=mock.sentinel.project_id)
+        mock_identity.Token.return_value = mock.sentinel.auth
+        mock_get_session.return_value = mock.sentinel.session
+
+        session = auth_utils.get_token_client_session(conf=mock.sentinel.conf)
+        self.assertEqual(mock.sentinel.session, session)
+
+        mock_get_execution_session.assert_called_once_with()
+        mock_identity.Token.assert_called_once_with(
+            'foo_auth_uri/v3', token=mock.sentinel.token,
+            project_id=mock.sentinel.project_id)
+        mock_get_session.assert_called_once_with(
+            auth=mock.sentinel.auth, conf_section=mock.sentinel.conf)
+
+    @mock.patch.object(auth_utils, 'get_token_client_session', autospec=True)
+    @mock.patch.object(auth_utils, 'ks_client', autospec=True)
+    def test_create_keystone_client(self, mock_ks_client,
+                                    mock_get_token_client_session):
+        mock_ks_client.Client.return_value = mock.sentinel.ks_client
+        mock_session = mock.Mock(
+            token=mock.sentinel.token, project_id=mock.sentinel.project_id,
+            conf=mock.sentinel.conf)
+        mock_get_token_client_session.return_value = mock_session
+
+        ks_client = auth_utils.create_keystone_client(
+            mock.sentinel.token, mock.sentinel.project_id, mock.sentinel.conf)
+
+        self.assertEqual(mock.sentinel.ks_client, ks_client)
+        mock_ks_client.Client.assert_called_once_with(session=mock_session)
+
+    @mock.patch.object(auth_utils, 'create_keystone_client', autospec=True)
+    @mock.patch.object(
+        auth_utils, '_create_keystone_admin_client', autospec=True)
+    def test_create_trust(self, mock_create_ks_admin_client,
+                          mock_create_ks_client):
+        mock_auth_ref = mock.Mock(user_id=mock.sentinel.trustor_user,
+                                  project_id=mock.sentinel.project_id,
+                                  role_names=mock.sentinel.role_names)
+        mock_admin_session = mock.Mock(**{
+            'auth.get_user_id.return_value': mock.sentinel.trustee_user
+        })
+        mock_user_session = mock.Mock(**{
+            'auth.get_access.return_value': mock_auth_ref
+        })
+        mock_trust = mock.Mock(id=mock.sentinel.trust_id)
+        mock_admin_client = mock.Mock(session=mock_admin_session)
+        mock_user_client = mock.Mock(
+            session=mock_user_session,
+            **{'trusts.create.return_value': mock_trust})
+
+        mock_create_ks_admin_client.return_value = mock_admin_client
+        mock_create_ks_client.return_value = mock_user_client
+
+        trust_id = auth_utils.create_trust(
+            trustee_token=mock.sentinel.trustee_token,
+            trustee_project_id=mock.sentinel.trustee_project_id)
+
+        self.assertEqual(mock.sentinel.trust_id, trust_id)
+        mock_create_ks_admin_client.assert_called_once_with()
+        mock_create_ks_client.assert_called_once_with(
+            token=mock.sentinel.trustee_token,
+            project_id=mock.sentinel.trustee_project_id)
+        mock_admin_client.session.auth.get_user_id.assert_called_once_with(
+            mock_admin_session)
+        mock_user_client.session.auth.get_access.assert_called_once_with(
+            mock_user_session)
+        mock_user_client.trusts.create.assert_called_once_with(
+            trustor_user=mock.sentinel.trustor_user,
+            trustee_user=mock.sentinel.trustee_user,
+            impersonation=True,
+            role_names=mock.sentinel.role_names,
+            project=mock.sentinel.project_id)
+
+    @mock.patch.object(
+        auth_utils, '_create_keystone_admin_client', autospec=True)
+    def test_delete_trust(self, mock_create_ks_admin_client):
+        mock_admin_client = mock.Mock()
+        mock_create_ks_admin_client.return_value = mock_admin_client
+
+        auth_utils.delete_trust(mock.sentinel.trust)
+
+        mock_admin_client.trusts.delete.assert_called_once_with(
+            mock.sentinel.trust)
+
+    def test_get_config_option(self):
+        option_names = 'foo'
+        conf_section = mock.Mock(foo='bar')
+        self.assertEqual('bar', auth_utils._get_config_option(
+            conf_section, option_names))
+
+    def test_get_config_option_return_default(self):
+        self.assertEqual(None, auth_utils._get_config_option(
+            None, []))
+
+    @mock.patch.object(auth_utils, '_get_config_option', autospec=True)
+    def test_get_session(self, mock_get_config_option):
+        mock_cfg, mock_ka_loading = self._init_mock_cfg(True)
+        mock_cfg.CONF.__getitem__.return_value = mock.sentinel.conf_section
+        mock_get_config_option.side_effect = [
+            mock.sentinel.secure_option,
+            mock.sentinel.cacert_option,
+            mock.sentinel.keyfile_option,
+            mock.sentinel.cert_option,
+        ]
+
+        session = auth_utils._get_session(mock.sentinel.auth, None)
+
+        self.assertEqual(mock.sentinel.session, session)
+        mock_ka_loading.session.Session.return_value.load_from_options.\
+            assert_called_once_with(auth=mock.sentinel.auth,
+                                    insecure=mock.sentinel.secure_option,
+                                    cacert=mock.sentinel.cacert_option,
+                                    key=mock.sentinel.keyfile_option,
+                                    cert=mock.sentinel.cert_option)
+
+    @mock.patch.object(auth_utils, '_get_config_option', autospec=True)
+    @mock.patch.object(auth_utils, 'cfg', autospec=True)
+    def test_get_session_client_parameters(
+            self, mock_cfg, mock_get_config_option):
+        mock_cfg.CONF.home_region = mock.sentinel.home_region
+        mock_get_config_option.side_effect = [
+            mock.sentinel.url,
+            mock.sentinel.endpoint_type
+        ]
+
+        expected_result = {
+            'session': mock.sentinel.session,
+            'endpoint_override': mock.sentinel.url
+        }
+
+        result = auth_utils.get_session_client_parameters(
+            service_type=mock.sentinel.service_type,
+            service_name=mock.sentinel.service_name,
+            session=mock.sentinel.session)
+
+        for key, val in expected_result.items():
+            self.assertEqual(val, result[key])
+
+    @mock.patch.object(auth_utils, '_get_config_option', autospec=True)
+    @mock.patch.object(auth_utils, 'cfg', autospec=True)
+    def test_get_session_client_parameters_without_url(
+            self, mock_cfg, mock_get_config_option):
+        mock_cfg.CONF.home_region = mock.sentinel.home_region
+        mock_get_config_option.side_effect = [
+            None,
+            mock.sentinel.endpoint_type
+        ]
+
+        expected_result = {
+            'session': mock.sentinel.session,
+            'service_type': mock.sentinel.service_type,
+            'service_name': mock.sentinel.service_name,
+            'interface': mock.sentinel.endpoint_type,
+            'region_name': mock.sentinel.home_region
+        }
+
+        result = auth_utils.get_session_client_parameters(
+            service_type=mock.sentinel.service_type,
+            service_name=mock.sentinel.service_name,
+            session=mock.sentinel.session)
+
+        for key, val in expected_result.items():
+            self.assertEqual(val, result[key])
+
+    @mock.patch.object(
+        auth_utils, '_create_keystone_admin_client', autospec=True)
+    def test_get_user(self, mock_create_ks_admin_client):
+        mock_client = mock.Mock(
+            **{'users.get.return_value.to_dict.return_value':
+                mock.sentinel.user})
+        mock_create_ks_admin_client.return_value = mock_client
+
+        user = auth_utils.get_user(mock.sentinel.uid)
+
+        self.assertEqual(mock.sentinel.user, user)
+        mock_client.users.get.assert_called_once_with(mock.sentinel.uid)
+        mock_client.users.get.return_value.to_dict.assert_called_once_with()
+
+    @mock.patch.object(
+        auth_utils, '_create_keystone_admin_client', autospec=True)
+    def test_get_project(self, mock_create_ks_admin_client):
+        mock_client = mock.Mock(
+            **{'projects.get.return_value.to_dict.return_value':
+                mock.sentinel.project})
+        mock_create_ks_admin_client.return_value = mock_client
+
+        project = auth_utils.get_project(mock.sentinel.pid)
+
+        self.assertEqual(mock.sentinel.project, project)
+        mock_client.projects.get.assert_called_once_with(mock.sentinel.pid)
+        mock_client.projects.get.return_value.to_dict.assert_called_once_with()