diff options
author | Prashanth Pai <ppai@redhat.com> | 2013-12-26 14:24:19 +0530 |
---|---|---|
committer | Luis Pabon <lpabon@redhat.com> | 2014-01-10 07:45:51 -0800 |
commit | f952c756ad024e100953a43b1f297f82b5c8f3e2 (patch) | |
tree | f30f155a1fd1c1929370af1094cb83567b5aed81 /test/unit/test_kerbauth.py | |
parent | 2f9e3120bbd7ef6b7459fccb5b740b6542b13c57 (diff) |
Return X-Storage-Url in passive mode
When auth_mode is set to 'passive', client can authenticate itself
using account, user and key. This enables swiftkerbauth to return
X-Storage-Url response header to client. X-Storage-Url contains
account name provided in the request.
This required a change in X-Storage-User header format from
X-Storage-User: user
to
X-Storage-User: account:user
This makes swiftkerbauth(passive mode) handle_get_token APIs to be
more consistent with that of swauth and tempauth.
Change-Id: Ic1d1520bb8afbc80cca443d92d659436f2f7cd0e
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6595
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
Diffstat (limited to 'test/unit/test_kerbauth.py')
-rw-r--r-- | test/unit/test_kerbauth.py | 83 |
1 files changed, 68 insertions, 15 deletions
diff --git a/test/unit/test_kerbauth.py b/test/unit/test_kerbauth.py index 471ff58..207558f 100644 --- a/test/unit/test_kerbauth.py +++ b/test/unit/test_kerbauth.py @@ -80,7 +80,8 @@ class TestAuth(unittest.TestCase): patch_filter_factory() def setUp(self): - self.test_auth = auth.filter_factory({})(FakeApp()) + self.test_auth = \ + auth.filter_factory({'auth_method': 'active'})(FakeApp()) self.test_auth_passive = \ auth.filter_factory({'auth_method': 'passive'})(FakeApp()) @@ -273,13 +274,46 @@ class TestAuth(unittest.TestCase): self.assertEquals(resp.status_int, REDIRECT_STATUS) #User given but no key req = self._make_request('/auth/v1.0', - headers={'X-Auth-User': 'blah'}) + headers={'X-Auth-User': 'test:user'}) + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + + def test_passive_handle_get_token_account_in_req_path(self): + req = self._make_request('/v1/test/auth', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + _mock_run_kinit = Mock(return_value=0) + _mock_get_groups = Mock(return_value="user,auth_test") + with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + with patch('swiftkerbauth.kerbauth.get_groups_from_username', + _mock_get_groups): + resp = self.test_auth_passive.handle_get_token(req) + _mock_run_kinit.assert_called_once_with('user', 'password') + self.assertEquals(_mock_get_groups.call_count, 2) + self.assertEquals(resp.status_int, 200) + self.assertIsNotNone(resp.headers['X-Auth-Token']) + self.assertIsNotNone(resp.headers['X-Storage-Token']) + self.assertIsNotNone(resp.headers['X-Storage-Url']) + + def test_passive_handle_get_token_user_invalid_or_no__account(self): + #X-Auth-User not in acc:user format + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'user'}) + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + req = self._make_request('/v1/test/auth', + headers={'X-Auth-User': 'user'}) + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + # Account name mismatch + req = self._make_request('/v1/test/auth', + headers={'X-Auth-User': 'wrongacc:user'}) resp = self.test_auth_passive.handle_get_token(req) self.assertEquals(resp.status_int, 401) def test_passive_handle_get_token_no_kinit(self): req = self._make_request('/auth/v1.0', - headers={'X-Auth-User': 'user', + headers={'X-Auth-User': 'test:user', 'X-Auth-Key': 'password'}) _mock_run_kinit = Mock(side_effect=OSError(errno.ENOENT, os.strerror(errno.ENOENT))) @@ -291,7 +325,7 @@ class TestAuth(unittest.TestCase): def test_passive_handle_get_token_kinit_fail(self): req = self._make_request('/auth/v1.0', - headers={'X-Auth-User': 'user', + headers={'X-Auth-User': 'test:user', 'X-Auth-Key': 'password'}) _mock_run_kinit = Mock(return_value=1) with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): @@ -301,38 +335,57 @@ class TestAuth(unittest.TestCase): def test_passive_handle_get_token_kinit_success_token_not_present(self): req = self._make_request('/auth/v1.0', - headers={'X-Auth-User': 'user', + headers={'X-Auth-User': 'test:user', 'X-Auth-Key': 'password'}) _mock_run_kinit = Mock(return_value=0) - _mock_get_groups = Mock(return_value="user,admins") + _mock_get_groups = Mock(return_value="user,auth_test") with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): with patch('swiftkerbauth.kerbauth.get_groups_from_username', _mock_get_groups): resp = self.test_auth_passive.handle_get_token(req) - _mock_run_kinit.assert_called_once_with('user', 'password') _mock_run_kinit.assert_called_once_with('user', 'password') - _mock_get_groups.assert_called_once_with('user') + self.assertEquals(_mock_get_groups.call_count, 2) self.assertEquals(resp.status_int, 200) self.assertIsNotNone(resp.headers['X-Auth-Token']) self.assertIsNotNone(resp.headers['X-Storage-Token']) + self.assertIsNotNone(resp.headers['X-Storage-Url']) def test_passive_handle_get_token_kinit_realm_and_memcache(self): req = self._make_request('/auth/v1.0', - headers={'X-Auth-User': 'user', + headers={'X-Auth-User': 'test:user', 'X-Auth-Key': 'password'}) req.environ['swift.cache'] = None _auth_passive = \ auth.filter_factory({'auth_method': 'passive', 'realm_name': 'EXAMPLE.COM'})(FakeApp()) _mock_run_kinit = Mock(return_value=0) + _mock_get_groups = Mock(return_value="user,auth_test") with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): - try: - _auth_passive.handle_get_token(req) - except Exception as e: - self.assertTrue(e.args[0].startswith("Memcache required")) - else: - self.fail("Expected Exception - Memcache required") + with patch('swiftkerbauth.kerbauth.get_groups_from_username', + _mock_get_groups): + try: + _auth_passive.handle_get_token(req) + except Exception as e: + self.assertTrue(e.args[0].startswith("Memcache " + "required")) + else: + self.fail("Expected Exception - Memcache required") _mock_run_kinit.assert_called_once_with('user@EXAMPLE.COM', 'password') + _mock_get_groups.assert_called_once_with('user') + + def test_passive_handle_get_token_user_in_any__account(self): + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + _mock_run_kinit = Mock(return_value=0) + _mock_get_groups = Mock(return_value="user,auth_blah") + with patch('swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + with patch('swiftkerbauth.kerbauth.get_groups_from_username', + _mock_get_groups): + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + _mock_run_kinit.assert_called_once_with('user', 'password') + _mock_get_groups.assert_called_once_with('user') def test_handle(self): req = self._make_request('/auth/v1.0') |