Permit functional tests against Swift with Keystone
While poking at such problems with authentication other than swauth it was useful to allow stock functional tests running back-to-back at two clusters, with tempauth and Keystone. When running the legacy tests, this version packs account into user the way it was down previously. This way we do not need to repack them before every call to get_auth. The downside is additional work to be done when setting ACLs. Change-Id: Ieb1d9227cb88977ecd2c39825039bc4be8afae0b
This commit is contained in:
parent
5e427e5e3b
commit
35e07e2982
@ -26,6 +26,7 @@ import simplejson as json
|
||||
|
||||
from nose import SkipTest
|
||||
from xml.dom import minidom
|
||||
from swiftclient import get_auth
|
||||
|
||||
|
||||
class AuthenticationFailed(Exception):
|
||||
@ -94,6 +95,7 @@ class Connection(object):
|
||||
self.auth_port = int(config['auth_port'])
|
||||
self.auth_ssl = config['auth_ssl'] in ('on', 'true', 'yes', '1')
|
||||
self.auth_prefix = config.get('auth_prefix', '/')
|
||||
self.auth_version = str(config.get('auth_version', '1'))
|
||||
|
||||
self.account = config.get('account')
|
||||
self.username = config['username']
|
||||
@ -116,38 +118,25 @@ class Connection(object):
|
||||
self.storage_token = clone_conn.storage_token
|
||||
return
|
||||
|
||||
if self.auth_version == "1":
|
||||
auth_path = '%sv1.0' % (self.auth_prefix)
|
||||
if self.account:
|
||||
auth_user = '%s:%s' % (self.account, self.username)
|
||||
else:
|
||||
auth_user = self.username
|
||||
headers = {
|
||||
'x-auth-user': auth_user,
|
||||
'x-auth-key': self.password,
|
||||
}
|
||||
|
||||
path = '%sv1.0' % (self.auth_prefix)
|
||||
if self.auth_ssl:
|
||||
connection = httplib.HTTPSConnection(self.auth_host,
|
||||
port=self.auth_port)
|
||||
else:
|
||||
connection = httplib.HTTPConnection(self.auth_host,
|
||||
port=self.auth_port)
|
||||
#connection.set_debuglevel(3)
|
||||
connection.request('GET', path, '', headers)
|
||||
response = connection.getresponse()
|
||||
connection.close()
|
||||
auth_user = self.username
|
||||
auth_path = self.auth_prefix
|
||||
auth_scheme = 'https://' if self.auth_ssl else 'http://'
|
||||
auth_netloc = "%s:%d" % (self.auth_host, self.auth_port)
|
||||
auth_url = auth_scheme + auth_netloc + auth_path
|
||||
|
||||
if response.status == 401:
|
||||
raise AuthenticationFailed()
|
||||
|
||||
if response.status not in (200, 204):
|
||||
raise ResponseError(response)
|
||||
|
||||
for hdr in response.getheaders():
|
||||
if hdr[0].lower() == "x-storage-url":
|
||||
storage_url = hdr[1]
|
||||
elif hdr[0].lower() == "x-auth-token":
|
||||
storage_token = hdr[1]
|
||||
(storage_url, storage_token) = get_auth(auth_url,
|
||||
auth_user, self.password,
|
||||
snet=False,
|
||||
tenant_name=self.account,
|
||||
auth_version=self.auth_version,
|
||||
os_options={})
|
||||
|
||||
if not (storage_url and storage_token):
|
||||
raise AuthenticationFailed()
|
||||
|
@ -33,8 +33,12 @@ normalized_urls = conf.get('normalized_urls', False)
|
||||
swift_test_auth = os.environ.get('SWIFT_TEST_AUTH')
|
||||
swift_test_user = [os.environ.get('SWIFT_TEST_USER'), None, None]
|
||||
swift_test_key = [os.environ.get('SWIFT_TEST_KEY'), None, None]
|
||||
swift_test_tenant = ['', '', '']
|
||||
swift_test_perm = ['', '', '']
|
||||
|
||||
if conf:
|
||||
swift_test_auth_version = str(conf.get('auth_version', '1'))
|
||||
|
||||
swift_test_auth = 'http'
|
||||
if conf.get('auth_ssl', 'no').lower() in ('yes', 'true', 'on', '1'):
|
||||
swift_test_auth = 'https'
|
||||
@ -42,17 +46,22 @@ if conf:
|
||||
conf['auth_prefix'] = '/'
|
||||
try:
|
||||
swift_test_auth += \
|
||||
'://%(auth_host)s:%(auth_port)s%(auth_prefix)sv1.0' % conf
|
||||
'://%(auth_host)s:%(auth_port)s%(auth_prefix)s' % conf
|
||||
except KeyError:
|
||||
pass # skip
|
||||
|
||||
if swift_test_auth_version == "1":
|
||||
swift_test_auth += 'v1.0'
|
||||
|
||||
if 'account' in conf:
|
||||
swift_test_user[0] = '%(account)s:%(username)s' % conf
|
||||
else:
|
||||
swift_test_user[0] = '%(username)s' % conf
|
||||
swift_test_key[0] = conf['password']
|
||||
try:
|
||||
swift_test_user[1] = '%s%s' % ('%s:' % conf['account2'] if 'account2'
|
||||
in conf else '', conf['username2'])
|
||||
swift_test_user[1] = '%s%s' % \
|
||||
('%s:' % conf['account2'] if 'account2' in conf else '',
|
||||
conf['username2'])
|
||||
swift_test_key[1] = conf['password2']
|
||||
except KeyError, err:
|
||||
pass # old conf, no second account tests can be run
|
||||
@ -63,6 +72,23 @@ if conf:
|
||||
except KeyError, err:
|
||||
pass # old conf, no third account tests can be run
|
||||
|
||||
for _ in range(3):
|
||||
swift_test_perm[_] = swift_test_user[_]
|
||||
|
||||
else:
|
||||
swift_test_user[0] = conf['username']
|
||||
swift_test_tenant[0] = conf['account']
|
||||
swift_test_key[0] = conf['password']
|
||||
swift_test_user[1] = conf['username2']
|
||||
swift_test_tenant[1] = conf['account2']
|
||||
swift_test_key[1] = conf['password2']
|
||||
swift_test_user[2] = conf['username3']
|
||||
swift_test_tenant[2] = conf['account']
|
||||
swift_test_key[2] = conf['password3']
|
||||
|
||||
for _ in range(3):
|
||||
swift_test_perm[_] = swift_test_tenant[_] + ':' + swift_test_user[_]
|
||||
|
||||
skip = not all([swift_test_auth, swift_test_user[0], swift_test_key[0]])
|
||||
if skip:
|
||||
print >>sys.stderr, 'SKIPPING FUNCTIONAL TESTS DUE TO NO CONFIG'
|
||||
@ -112,7 +138,11 @@ def retry(func, *args, **kwargs):
|
||||
if not url[use_account] or not token[use_account]:
|
||||
url[use_account], token[use_account] = \
|
||||
get_auth(swift_test_auth, swift_test_user[use_account],
|
||||
swift_test_key[use_account])
|
||||
swift_test_key[use_account],
|
||||
snet=False,
|
||||
tenant_name=swift_test_tenant[use_account],
|
||||
auth_version=swift_test_auth_version,
|
||||
os_options={})
|
||||
parsed[use_account] = conn[use_account] = None
|
||||
if not parsed[use_account] or not conn[use_account]:
|
||||
parsed[use_account], conn[use_account] = \
|
||||
|
@ -24,7 +24,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \
|
||||
MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH
|
||||
|
||||
from swift_testing import check_response, retry, skip, skip2, skip3, \
|
||||
swift_test_user, web_front_end
|
||||
swift_test_perm, web_front_end
|
||||
|
||||
|
||||
class TestContainer(unittest.TestCase):
|
||||
@ -397,8 +397,8 @@ class TestContainer(unittest.TestCase):
|
||||
# Make the container accessible by the second account
|
||||
def post(url, token, parsed, conn):
|
||||
conn.request('POST', parsed.path + '/' + self.name, '',
|
||||
{'X-Auth-Token': token, 'X-Container-Read': swift_test_user[1],
|
||||
'X-Container-Write': swift_test_user[1]})
|
||||
{'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[1],
|
||||
'X-Container-Write': swift_test_perm[1]})
|
||||
return check_response(conn)
|
||||
resp = retry(post)
|
||||
resp.read()
|
||||
@ -465,7 +465,8 @@ class TestContainer(unittest.TestCase):
|
||||
# Now make the container also writeable by the second account
|
||||
def post(url, token, parsed, conn):
|
||||
conn.request('POST', parsed.path + '/' + self.name, '',
|
||||
{'X-Auth-Token': token, 'X-Container-Write': swift_test_user[1]})
|
||||
{'X-Auth-Token': token,
|
||||
'X-Container-Write': swift_test_perm[1]})
|
||||
return check_response(conn)
|
||||
resp = retry(post)
|
||||
resp.read()
|
||||
@ -502,7 +503,7 @@ class TestContainer(unittest.TestCase):
|
||||
# Make the container accessible by the third account
|
||||
def post(url, token, parsed, conn):
|
||||
conn.request('POST', parsed.path + '/' + self.name, '',
|
||||
{'X-Auth-Token': token, 'X-Container-Read': swift_test_user[2]})
|
||||
{'X-Auth-Token': token, 'X-Container-Read': swift_test_perm[2]})
|
||||
return check_response(conn)
|
||||
resp = retry(post)
|
||||
resp.read()
|
||||
@ -523,7 +524,7 @@ class TestContainer(unittest.TestCase):
|
||||
def post(url, token, parsed, conn):
|
||||
conn.request('POST', parsed.path + '/' + self.name, '',
|
||||
{'X-Auth-Token': token,
|
||||
'X-Container-Write': swift_test_user[2]})
|
||||
'X-Container-Write': swift_test_perm[2]})
|
||||
return check_response(conn)
|
||||
resp = retry(post)
|
||||
resp.read()
|
||||
|
@ -23,7 +23,7 @@ from swift.common.constraints import MAX_META_COUNT, MAX_META_NAME_LENGTH, \
|
||||
MAX_META_OVERALL_SIZE, MAX_META_VALUE_LENGTH
|
||||
|
||||
from swift_testing import check_response, retry, skip, skip3, \
|
||||
swift_test_user, web_front_end
|
||||
swift_test_perm, web_front_end
|
||||
from test import get_config
|
||||
|
||||
|
||||
@ -220,8 +220,8 @@ class TestObject(unittest.TestCase):
|
||||
conn.request('PUT', '%s/%s' % (parsed.path,
|
||||
shared_container), '',
|
||||
{'X-Auth-Token': token,
|
||||
'X-Container-Read': swift_test_user[2],
|
||||
'X-Container-Write': swift_test_user[2]})
|
||||
'X-Container-Read': swift_test_perm[2],
|
||||
'X-Container-Write': swift_test_perm[2]})
|
||||
return check_response(conn)
|
||||
resp = retry(put)
|
||||
resp.read()
|
||||
@ -419,8 +419,8 @@ class TestObject(unittest.TestCase):
|
||||
# Grant access to the third account
|
||||
def post(url, token, parsed, conn):
|
||||
conn.request('POST', '%s/%s' % (parsed.path, self.container),
|
||||
'', {'X-Auth-Token': token, 'X-Container-Read':
|
||||
swift_test_user[2]})
|
||||
'', {'X-Auth-Token': token,
|
||||
'X-Container-Read': swift_test_perm[2]})
|
||||
return check_response(conn)
|
||||
resp = retry(post)
|
||||
resp.read()
|
||||
@ -494,8 +494,8 @@ class TestObject(unittest.TestCase):
|
||||
# Grant access to the third account
|
||||
def post(url, token, parsed, conn):
|
||||
conn.request('POST', '%s/%s' % (parsed.path, acontainer),
|
||||
'', {'X-Auth-Token': token, 'X-Container-Read':
|
||||
swift_test_user[2]})
|
||||
'', {'X-Auth-Token': token,
|
||||
'X-Container-Read': swift_test_perm[2]})
|
||||
return check_response(conn)
|
||||
resp = retry(post)
|
||||
resp.read()
|
||||
|
@ -4,6 +4,12 @@ auth_host = 127.0.0.1
|
||||
auth_port = 8080
|
||||
auth_ssl = no
|
||||
auth_prefix = /auth/
|
||||
## sample config for Swift with Keystone
|
||||
#auth_version = 2
|
||||
#auth_host = localhost
|
||||
#auth_port = 5000
|
||||
#auth_ssl = no
|
||||
#auth_prefix = /v2.0/
|
||||
|
||||
# Primary functional test account (needs admin access to the account)
|
||||
account = test
|
||||
|
Loading…
x
Reference in New Issue
Block a user