From c2c59f4c9eb9f9ef6081e386bf2bc1badc145241 Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Wed, 15 Feb 2023 17:37:01 +0000 Subject: [PATCH] Fix unit tests for python-barbicanclient 5.5.0 The certificates unit tests were testing too deep inside the barbican client code. When the barbican client was updated to support microversions the tests would no longer pass. This patch updates the tests to not rely on barbican client internals. Change-Id: I345c0055e3b841ae5cc3abe874d1e22853f20618 --- .../common/auth/test_barbican_acl.py | 88 ++++++++++++------- 1 file changed, 57 insertions(+), 31 deletions(-) diff --git a/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py b/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py index 4448d4ed00..ed279ca45f 100644 --- a/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py +++ b/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py @@ -13,11 +13,9 @@ # under the License. from unittest import mock -from barbicanclient.v1 import acls from oslo_config import cfg from oslo_config import fixture as oslo_fixture - import octavia.certificates.common.auth.barbican_acl as barbican_acl import octavia.certificates.manager.barbican as barbican_cert_mgr from octavia.common import keystone @@ -33,62 +31,90 @@ class TestBarbicanACLAuth(base.TestCase): # Reset the client keystone._SESSION = None self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF)) - self.conf.config(group="certificates", region_name='RegionOne') - self.conf.config(group="certificates", endpoint_type='publicURL') + self.region_name = 'RegionOne' + self.endpoint_type = 'publicURL' + self.endpoint = 'barbican' + self.conf.config(group="certificates", region_name=self.region_name) + self.conf.config(group="certificates", + endpoint_type=self.endpoint_type) + self.conf.config(group="certificates", endpoint=self.endpoint) + + @mock.patch('barbicanclient.client.Client') + @mock.patch('keystoneauth1.session.Session') + def test_get_barbican_client(self, mock_ksession, mock_client): + session_mock = mock.Mock() + mock_ksession.return_value = session_mock + mock_client.return_value = mock.MagicMock() - @mock.patch('keystoneauth1.session.Session', mock.Mock()) - def test_get_barbican_client(self): # Mock out the keystone session and get the client acl_auth_object = barbican_acl.BarbicanACLAuth() bc1 = acl_auth_object.get_barbican_client() - # Our returned object should have elements that proves it is a real - # Barbican client object. We shouldn't use `isinstance` because that's - # an evil pattern, instead we can check for very unique things in the - # stable client API like "register_consumer", since this should fairly - # reliably prove we're dealing with a Barbican client. - self.assertTrue(hasattr(bc1, 'containers') and - hasattr(bc1.containers, 'register_consumer')) + mock_client.assert_called_once_with(session=session_mock, + region_name=self.region_name, + interface=self.endpoint_type) + mock_client.reset_mock() # Getting the session again with new class should get the same object acl_auth_object2 = barbican_acl.BarbicanACLAuth() bc2 = acl_auth_object2.get_barbican_client() self.assertIs(bc1, bc2) + mock_client.assert_not_called() + def test_load_auth_driver(self): bcm = barbican_cert_mgr.BarbicanCertManager() self.assertIsInstance(bcm.auth, barbican_acl.BarbicanACLAuth) - @mock.patch('barbicanclient.v1.acls.ACLManager.get') + @mock.patch('barbicanclient.client.Client') @mock.patch('octavia.common.keystone.KeystoneSession') - def test_ensure_secret_access(self, mock_ksession, mock_aclm): - acl = mock.MagicMock(spec=acls.SecretACL) - mock_aclm.return_value = acl + def test_ensure_secret_access(self, mock_ksession, mock_client): + service_user_id = 'uuid1' + client_mock = mock.MagicMock() + mock_client.return_value = client_mock + mock_ksession().get_service_user_id.return_value = service_user_id + + mock_acl = mock.MagicMock() + client_mock.acls.get.return_value = mock_acl + + mock_read = mock.MagicMock() + mock_read.users = [] + mock_acl.get.return_value = mock_read acl_auth_object = barbican_acl.BarbicanACLAuth() acl_auth_object.ensure_secret_access(mock.Mock(), mock.Mock()) - acl.submit.assert_called_once() + mock_acl.submit.assert_called_once() + self.assertEqual([service_user_id], mock_read.users) - @mock.patch('barbicanclient.v1.acls.ACLManager.get') + @mock.patch('barbicanclient.client.Client') @mock.patch('octavia.common.keystone.KeystoneSession') - def test_revoke_secret_access(self, mock_ksession, mock_aclm): + def test_revoke_secret_access(self, mock_ksession, mock_client): service_user_id = 'uuid1' + client_mock = mock.MagicMock() + mock_client.return_value = client_mock mock_ksession().get_service_user_id.return_value = service_user_id - acl = mock.MagicMock(spec=acls.SecretACL) - poacl = mock.MagicMock(spec=acls._PerOperationACL) - type(poacl).users = mock.PropertyMock(return_value=[service_user_id]) - acl.get.return_value = poacl - mock_aclm.return_value = acl + + mock_acl = mock.MagicMock() + client_mock.acls.get.return_value = mock_acl + + mock_read = mock.MagicMock() + mock_read.users = [service_user_id] + mock_acl.get.return_value = mock_read acl_auth_object = barbican_acl.BarbicanACLAuth() acl_auth_object.revoke_secret_access(mock.Mock(), mock.Mock()) - acl.submit.assert_called_once() + mock_acl.submit.assert_called_once() @mock.patch('octavia.common.keystone.KeystoneSession') - def test_get_barbican_client_user_auth(self, mock_ksession): + @mock.patch('barbicanclient.client.Client') + @mock.patch('keystoneauth1.session.Session') + def test_get_barbican_client_user_auth(self, mock_ksession, mock_client, + mock_keystone): + session_mock = mock.MagicMock() + mock_ksession.return_value = session_mock acl_auth_object = barbican_acl.BarbicanACLAuth() - bc = acl_auth_object.get_barbican_client_user_auth(mock.Mock()) - self.assertTrue(hasattr(bc, 'containers') and - hasattr(bc.containers, 'register_consumer')) - self.assertEqual('public', bc.client.interface) + acl_auth_object.get_barbican_client_user_auth(mock.Mock()) + + mock_client.assert_called_once_with(session=session_mock, + endpoint=self.endpoint)