openstack/octavia
Code Issues Proposed changes

Fix unit tests for python-barbicanclient 5.5.0

Browse Source 
The certificates unit tests were testing too deep inside the barbican client code. When the barbican client was updated to support microversions the tests would no longer pass. This patch updates the tests to not rely on barbican client internals.

Change-Id: I345c0055e3b841ae5cc3abe874d1e22853f20618
This commit is contained in:
Michael Johnson
2023-02-15 17:37:01 +00:00
parent a2af707089
commit c2c59f4c9e
1 changed files with 57 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
octavia/tests/unit/certificates/common/auth/test_barbican_acl.py
View File

@@ -13,11 +13,9 @@
# under the License.
from unittest import mock
from barbicanclient.v1 import acls
from oslo_config import cfg
from oslo_config import fixture as oslo_fixture
import octavia.certificates.common.auth.barbican_acl as barbican_acl
import octavia.certificates.manager.barbican as barbican_cert_mgr
from octavia.common import keystone
@@ -33,62 +31,90 @@ class TestBarbicanACLAuth(base.TestCase):
# Reset the client
keystone._SESSION = None
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
self.conf.config(group="certificates", region_name='RegionOne')
self.conf.config(group="certificates", endpoint_type='publicURL')
self.region_name = 'RegionOne'
self.endpoint_type = 'publicURL'
self.endpoint = 'barbican'
self.conf.config(group="certificates", region_name=self.region_name)
self.conf.config(group="certificates",
endpoint_type=self.endpoint_type)
self.conf.config(group="certificates", endpoint=self.endpoint)
@mock.patch('barbicanclient.client.Client')
@mock.patch('keystoneauth1.session.Session')
def test_get_barbican_client(self, mock_ksession, mock_client):
session_mock = mock.Mock()
mock_ksession.return_value = session_mock
mock_client.return_value = mock.MagicMock()
@mock.patch('keystoneauth1.session.Session', mock.Mock())
def test_get_barbican_client(self):
# Mock out the keystone session and get the client
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc1 = acl_auth_object.get_barbican_client()
# Our returned object should have elements that proves it is a real
# Barbican client object. We shouldn't use `isinstance` because that's
# an evil pattern, instead we can check for very unique things in the
# stable client API like "register_consumer", since this should fairly
# reliably prove we're dealing with a Barbican client.
self.assertTrue(hasattr(bc1, 'containers') and
hasattr(bc1.containers, 'register_consumer'))
mock_client.assert_called_once_with(session=session_mock,
region_name=self.region_name,
interface=self.endpoint_type)
mock_client.reset_mock()
# Getting the session again with new class should get the same object
acl_auth_object2 = barbican_acl.BarbicanACLAuth()
bc2 = acl_auth_object2.get_barbican_client()
self.assertIs(bc1, bc2)
mock_client.assert_not_called()
def test_load_auth_driver(self):
bcm = barbican_cert_mgr.BarbicanCertManager()
self.assertIsInstance(bcm.auth, barbican_acl.BarbicanACLAuth)
@mock.patch('barbicanclient.v1.acls.ACLManager.get')
@mock.patch('barbicanclient.client.Client')
@mock.patch('octavia.common.keystone.KeystoneSession')
def test_ensure_secret_access(self, mock_ksession, mock_aclm):
acl = mock.MagicMock(spec=acls.SecretACL)
mock_aclm.return_value = acl
def test_ensure_secret_access(self, mock_ksession, mock_client):
service_user_id = 'uuid1'
client_mock = mock.MagicMock()
mock_client.return_value = client_mock
mock_ksession().get_service_user_id.return_value = service_user_id
mock_acl = mock.MagicMock()
client_mock.acls.get.return_value = mock_acl
mock_read = mock.MagicMock()
mock_read.users = []
mock_acl.get.return_value = mock_read
acl_auth_object = barbican_acl.BarbicanACLAuth()
acl_auth_object.ensure_secret_access(mock.Mock(), mock.Mock())
acl.submit.assert_called_once()
mock_acl.submit.assert_called_once()
self.assertEqual([service_user_id], mock_read.users)
@mock.patch('barbicanclient.v1.acls.ACLManager.get')
@mock.patch('barbicanclient.client.Client')
@mock.patch('octavia.common.keystone.KeystoneSession')
def test_revoke_secret_access(self, mock_ksession, mock_aclm):
def test_revoke_secret_access(self, mock_ksession, mock_client):
service_user_id = 'uuid1'
client_mock = mock.MagicMock()
mock_client.return_value = client_mock
mock_ksession().get_service_user_id.return_value = service_user_id
acl = mock.MagicMock(spec=acls.SecretACL)
poacl = mock.MagicMock(spec=acls._PerOperationACL)
type(poacl).users = mock.PropertyMock(return_value=[service_user_id])
acl.get.return_value = poacl
mock_aclm.return_value = acl
mock_acl = mock.MagicMock()
client_mock.acls.get.return_value = mock_acl
mock_read = mock.MagicMock()
mock_read.users = [service_user_id]
mock_acl.get.return_value = mock_read
acl_auth_object = barbican_acl.BarbicanACLAuth()
acl_auth_object.revoke_secret_access(mock.Mock(), mock.Mock())
acl.submit.assert_called_once()
mock_acl.submit.assert_called_once()
@mock.patch('octavia.common.keystone.KeystoneSession')
def test_get_barbican_client_user_auth(self, mock_ksession):
@mock.patch('barbicanclient.client.Client')
@mock.patch('keystoneauth1.session.Session')
def test_get_barbican_client_user_auth(self, mock_ksession, mock_client,
mock_keystone):
session_mock = mock.MagicMock()
mock_ksession.return_value = session_mock
acl_auth_object = barbican_acl.BarbicanACLAuth()
bc = acl_auth_object.get_barbican_client_user_auth(mock.Mock())
self.assertTrue(hasattr(bc, 'containers') and
hasattr(bc.containers, 'register_consumer'))
self.assertEqual('public', bc.client.interface)
acl_auth_object.get_barbican_client_user_auth(mock.Mock())
mock_client.assert_called_once_with(session=session_mock,
endpoint=self.endpoint)