Skip to content

Commit 35c4f18

Browse files
Add system scope response to auth endpoint (#17790)
* Added system.json file * Updated fixtures * Fixed tests * Format style
1 parent dc7acd0 commit 35c4f18

File tree

11 files changed

+243
-86
lines changed

11 files changed

+243
-86
lines changed

openstack_controller/tests/conftest.py

Lines changed: 27 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -200,30 +200,42 @@ def call(method, url, file='response', headers=None, params=None):
200200

201201

202202
@pytest.fixture
203-
def session_auth(request, mock_responses):
203+
def openstack_v3_password(request, mock_responses):
204204
param = request.param if hasattr(request, 'param') and request.param is not None else {}
205205
catalog = param.get('catalog')
206+
password_project_id = None
207+
password_system_scope = None
206208

207209
def get_access(session):
208-
project_id = session.return_value.project_id if session.return_value.project_id else 'unscoped'
210+
project_id = password_project_id if password_project_id else 'system' if password_system_scope else 'unscoped'
209211
token = mock_responses('POST', '/identity/v3/auth/tokens', project_id)['token']
210212
return mock.MagicMock(
211213
service_catalog=mock.MagicMock(catalog=catalog if catalog is not None else token.get('catalog', [])),
212214
project_id=token.get('project', {}).get('id'),
213-
role_names=[role.get('name') for role in token.get('roles', [])],
214215
)
215216

216-
return mock.MagicMock(get_access=mock.MagicMock(side_effect=get_access))
217+
def password(
218+
auth_url, username, password, user_domain_name, system_scope=None, project_id=None, project_domain_name=None
219+
):
220+
nonlocal password_system_scope, password_project_id
221+
password_system_scope = system_scope
222+
password_project_id = project_id
223+
return mock.MagicMock(
224+
get_access=mock.MagicMock(side_effect=get_access),
225+
)
226+
227+
with mock.patch('keystoneauth1.identity.v3.Password', side_effect=password) as mock_password:
228+
yield mock_password
217229

218230

219231
@pytest.fixture
220-
def openstack_session(session_auth, microversion_headers):
232+
def openstack_session(openstack_v3_password, microversion_headers):
221233
def session(auth, session):
222234
microversion_headers[0] = session.headers.get('X-OpenStack-Nova-API-Version')
223235
microversion_headers[1] = session.headers.get('X-OpenStack-Ironic-API-Version')
224236
return mock.MagicMock(
225-
return_value=mock.MagicMock(project_id=auth.project_id),
226-
auth=session_auth,
237+
project_id=auth.project_id,
238+
auth=auth,
227239
)
228240

229241
with mock.patch('keystoneauth1.session.Session', side_effect=session) as mock_session:
@@ -1018,11 +1030,14 @@ def post(url, *args, **kwargs):
10181030
return http_error[url]
10191031
if url == '/identity/v3/auth/tokens':
10201032
data = kwargs['json']
1021-
scope = data.get('auth', {}).get('scope', 'unscoped')
1022-
if isinstance(scope, dict):
1023-
scope = scope.get('project', {}).get('id')
1024-
json_data = mock_http_call(method, url, scope, headers=kwargs.get('headers'))
1025-
headers = {'X-Subject-Token': f'token_{scope}'}
1033+
file = data.get('auth', {}).get('scope', 'unscoped')
1034+
if isinstance(file, dict):
1035+
if 'system' in file:
1036+
file = 'system'
1037+
else:
1038+
file = file.get('project', {}).get('id')
1039+
json_data = mock_http_call(method, url, file, headers=kwargs.get('headers'))
1040+
headers = {'X-Subject-Token': f'token_{file}'}
10261041
else:
10271042
json_data = mock_http_call(method, url)
10281043
if replace and url in replace:
Lines changed: 142 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,142 @@
1+
{
2+
"token": {
3+
"methods": [
4+
"password"
5+
],
6+
"user": {
7+
"domain": {
8+
"id": "default",
9+
"name": "Default"
10+
},
11+
"id": "7f88df947ceb4897a49c0b7ceee6f34a",
12+
"name": "admin",
13+
"password_expires_at": null
14+
},
15+
"audit_ids": [
16+
"iUTq4RXXTb6BbUvd9jnPIQ"
17+
],
18+
"expires_at": "2024-06-06T09:21:08.000000Z",
19+
"issued_at": "2024-06-06T08:21:08.000000Z",
20+
"roles": [
21+
{
22+
"id": "e827e9cc6a6b42c8be8301624b5a8f69",
23+
"name": "admin"
24+
},
25+
{
26+
"id": "38b90b833cf646709c3ae675a1c42839",
27+
"name": "member"
28+
},
29+
{
30+
"id": "6b29573632584bf08245bff4a7316bd1",
31+
"name": "reader"
32+
}
33+
],
34+
"system": {
35+
"all": true
36+
},
37+
"catalog": [
38+
{
39+
"endpoints": [],
40+
"id": "1505541a289c4b2299377b8c182a1380",
41+
"type": "block-storage",
42+
"name": "cinder"
43+
},
44+
{
45+
"endpoints": [
46+
{
47+
"id": "40c3ec5ef78d41bf84567ce6556c919c",
48+
"interface": "public",
49+
"region_id": "RegionOne",
50+
"url": "http://10.164.0.15/placement",
51+
"region": "RegionOne"
52+
}
53+
],
54+
"id": "5239361cab4b45c3af5140b1b38ca8d8",
55+
"type": "placement",
56+
"name": "placement"
57+
},
58+
{
59+
"endpoints": [
60+
{
61+
"id": "bdef52ccccea4a4d9ad92fef26093fd0",
62+
"interface": "public",
63+
"region_id": "RegionOne",
64+
"url": "http://127.0.0.1:8080/identity",
65+
"region": "RegionOne"
66+
}
67+
],
68+
"id": "62e0c75c643844cf86431b7550b5a899",
69+
"type": "identity",
70+
"name": "keystone"
71+
},
72+
{
73+
"endpoints": [
74+
{
75+
"id": "ab89d60d58ea4142bf3ce19b00d1e191",
76+
"interface": "public",
77+
"region_id": "RegionOne",
78+
"url": "http://127.0.0.1:9696/networking",
79+
"region": "RegionOne"
80+
}
81+
],
82+
"id": "88b17bd5c9424347ad927621e0569e08",
83+
"type": "network",
84+
"name": "neutron"
85+
},
86+
{
87+
"endpoints": [
88+
{
89+
"id": "f0f391c849b9406bbc0ccebd5ea67df2",
90+
"interface": "public",
91+
"region_id": "RegionOne",
92+
"url": "http://127.0.0.1:8774/compute/v2.1",
93+
"region": "RegionOne"
94+
}
95+
],
96+
"id": "a17d707525614d61abe039c4a7de5248",
97+
"type": "compute",
98+
"name": "nova"
99+
},
100+
{
101+
"endpoints": [],
102+
"id": "ac03850889fc4eb7a44f692359840bd3",
103+
"type": "volumev3",
104+
"name": "cinderv3"
105+
},
106+
{
107+
"endpoints": [
108+
{
109+
"id": "7e6cdeb2744345b7953d7b356245afec",
110+
"interface": "admin",
111+
"region_id": "RegionOne",
112+
"url": "http://10.164.0.15:8080",
113+
"region": "RegionOne"
114+
}
115+
],
116+
"id": "b69b0ea024814da3849d2b8c7e2dcc6e",
117+
"type": "object-store",
118+
"name": "swift"
119+
},
120+
{
121+
"endpoints": [
122+
{
123+
"id": "2b8584df00b4430ebb4ac40b1b8e01b4",
124+
"interface": "public",
125+
"region_id": "RegionOne",
126+
"url": "http://127.0.0.1:9292/image",
127+
"region": "RegionOne"
128+
}
129+
],
130+
"id": "bc4c445268784a7a80da5fb8ce722bd5",
131+
"type": "image",
132+
"name": "glance"
133+
},
134+
{
135+
"endpoints": [],
136+
"id": "e6ac9200b3e4427ba50abf74c95bb2e4",
137+
"type": "compute_legacy",
138+
"name": "nova_legacy"
139+
}
140+
]
141+
}
142+
}

openstack_controller/tests/test_unit_cinder.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ def test_disable_block_storage_components_metrics(aggregator, dd_run_check, inst
9191

9292

9393
@pytest.mark.parametrize(
94-
('mock_http_post', 'session_auth', 'instance', 'api_type'),
94+
('mock_http_post', 'openstack_v3_password', 'instance', 'api_type'),
9595
[
9696
pytest.param(
9797
{
@@ -112,10 +112,10 @@ def test_disable_block_storage_components_metrics(aggregator, dd_run_check, inst
112112
id='api sdk',
113113
),
114114
],
115-
indirect=['mock_http_post', 'session_auth'],
115+
indirect=['mock_http_post', 'openstack_v3_password'],
116116
)
117117
@pytest.mark.usefixtures('mock_http_get', 'mock_http_post', 'openstack_connection')
118-
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, session_auth, api_type):
118+
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, openstack_connection, api_type):
119119
with caplog.at_level(logging.DEBUG):
120120
dd_run_check(check)
121121

@@ -140,7 +140,7 @@ def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post,
140140
args_list += list(args)
141141
assert args_list.count('http://127.0.0.1:8080/identity/v3/auth/tokens') == 4
142142
if api_type == ApiType.SDK:
143-
assert session_auth.get_access.call_count == 4
143+
assert openstack_connection.call_count == 4
144144
assert '`block-storage` component not found in catalog' in caplog.text
145145

146146

openstack_controller/tests/test_unit_glance.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ def test_disable_glance_images_metrics(aggregator, dd_run_check, instance, opens
8080

8181

8282
@pytest.mark.parametrize(
83-
('mock_http_post', 'session_auth', 'instance', 'api_type'),
83+
('mock_http_post', 'openstack_v3_password', 'instance', 'api_type'),
8484
[
8585
pytest.param(
8686
{'replace': {'/identity/v3/auth/tokens': lambda d: remove_service_from_catalog(d, ['image'])}},
@@ -97,10 +97,10 @@ def test_disable_glance_images_metrics(aggregator, dd_run_check, instance, opens
9797
id='api sdk',
9898
),
9999
],
100-
indirect=['mock_http_post', 'session_auth'],
100+
indirect=['mock_http_post', 'openstack_v3_password'],
101101
)
102-
@pytest.mark.usefixtures('mock_http_get', 'mock_http_post', 'openstack_connection')
103-
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, session_auth, api_type):
102+
@pytest.mark.usefixtures('mock_http_get', 'mock_http_post')
103+
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, openstack_connection, api_type):
104104
with caplog.at_level(logging.DEBUG):
105105
dd_run_check(check)
106106

@@ -125,7 +125,7 @@ def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post,
125125
args_list += list(args)
126126
assert args_list.count('http://127.0.0.1:8080/identity/v3/auth/tokens') == 4
127127
if api_type == ApiType.SDK:
128-
assert session_auth.get_access.call_count == 4
128+
assert openstack_connection.call_count == 4
129129
assert '`image` component not found in catalog' in caplog.text
130130

131131

@@ -161,7 +161,7 @@ def test_response_time_exception(aggregator, check, dd_run_check, mock_http_get)
161161
for call in mock_http_get.call_args_list:
162162
args, kwargs = call
163163
args_list += list(args)
164-
assert args_list.count('http://127.0.0.1:9292/image') == 2
164+
assert args_list.count('http://127.0.0.1:9292/image') == 3
165165

166166

167167
@pytest.mark.parametrize(
@@ -229,9 +229,9 @@ def test_images_exception(aggregator, check, dd_run_check, mock_http_get, connec
229229
for call in mock_http_get.call_args_list:
230230
args, _ = call
231231
args_list += list(args)
232-
assert args_list.count('http://127.0.0.1:9292/image/v2/images') == 2
232+
assert args_list.count('http://127.0.0.1:9292/image/v2/images') == 3
233233
if api_type == ApiType.SDK:
234-
assert connection_image.images.call_count == 2
234+
assert connection_image.images.call_count == 3
235235

236236

237237
@pytest.mark.parametrize(

openstack_controller/tests/test_unit_heat.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ def test_disable_heat_metrics(aggregator, dd_run_check, instance, openstack_cont
5151

5252

5353
@pytest.mark.parametrize(
54-
('mock_http_post', 'session_auth', 'instance', 'api_type'),
54+
('mock_http_post', 'openstack_v3_password', 'instance', 'api_type'),
5555
[
5656
pytest.param(
5757
{'replace': {'/identity/v3/auth/tokens': lambda d: remove_service_from_catalog(d, ['orchestration'])}},
@@ -68,10 +68,10 @@ def test_disable_heat_metrics(aggregator, dd_run_check, instance, openstack_cont
6868
id='api sdk',
6969
),
7070
],
71-
indirect=['mock_http_post', 'session_auth'],
71+
indirect=['mock_http_post', 'openstack_v3_password'],
7272
)
73-
@pytest.mark.usefixtures('mock_http_get', 'mock_http_post', 'openstack_connection')
74-
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, session_auth, api_type):
73+
@pytest.mark.usefixtures('mock_http_get', 'mock_http_post')
74+
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, openstack_connection, api_type):
7575
with caplog.at_level(logging.DEBUG):
7676
dd_run_check(check)
7777

@@ -96,7 +96,7 @@ def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post,
9696
args_list += list(args)
9797
assert args_list.count('http://127.0.0.1:8080/identity/v3/auth/tokens') == 4
9898
if api_type == ApiType.SDK:
99-
assert session_auth.get_access.call_count == 4
99+
assert openstack_connection.call_count == 4
100100
assert '`heat` component not found in catalog' in caplog.text
101101

102102

openstack_controller/tests/test_unit_ironic.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -624,7 +624,7 @@ def test_disable_ironic_conductor_metrics(aggregator, dd_run_check, instance, op
624624

625625

626626
@pytest.mark.parametrize(
627-
('mock_http_post', 'session_auth', 'instance', 'api_type'),
627+
('mock_http_post', 'openstack_v3_password', 'instance', 'api_type'),
628628
[
629629
pytest.param(
630630
{'replace': {'/identity/v3/auth/tokens': lambda d: remove_service_from_catalog(d, ['baremetal'])}},
@@ -641,10 +641,10 @@ def test_disable_ironic_conductor_metrics(aggregator, dd_run_check, instance, op
641641
id='api sdk',
642642
),
643643
],
644-
indirect=['mock_http_post', 'session_auth'],
644+
indirect=['mock_http_post', 'openstack_v3_password'],
645645
)
646-
@pytest.mark.usefixtures('mock_http_get', 'mock_http_post', 'openstack_connection')
647-
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, session_auth, api_type):
646+
@pytest.mark.usefixtures('mock_http_get', 'mock_http_post')
647+
def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post, openstack_connection, api_type):
648648
with caplog.at_level(logging.DEBUG):
649649
dd_run_check(check)
650650

@@ -669,7 +669,7 @@ def test_not_in_catalog(aggregator, check, dd_run_check, caplog, mock_http_post,
669669
args_list += list(args)
670670
assert args_list.count('http://127.0.0.1:8080/identity/v3/auth/tokens') == 4
671671
if api_type == ApiType.SDK:
672-
assert session_auth.get_access.call_count == 4
672+
assert openstack_connection.call_count == 4
673673
assert '`baremetal` component not found in catalog' in caplog.text
674674

675675

0 commit comments

Comments
 (0)