kotovalexarian-likes-github/fog--fog
1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00
Code Releases Activity

[openstack] Make sure that Identity v3 authentication uses a v3 endpoint

Browse source 
Also, some IDv3 test refactoring - extract strings to constants and allow OS_AUTH_SERVICE env var
to set the openstack_service_type option (e.g. to identityv3).
This commit is contained in:
Darren Hague 2015-09-28 16:36:56 +01:00
parent 874f465126
commit bb5b280962
5 changed files with 117 additions and 284 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/fog/openstack/core.rb
View file

@ -297,7 +297,7 @@ module Fog
token, body = retrieve_tokens_v3 options, connection_options
service = get_service_v3(body, service_type, service_name, openstack_region)
service = get_service_v3(body, service_type, service_name, openstack_region, options)
options[:unscoped_token] = token
@ -359,7 +359,7 @@ module Fog
raise Fog::Errors::NotFound.new("Multiple regions available choose one of these '#{regions.join(',')}'")
end
identity_service = get_service_v3(body, identity_service_type, nil, nil, :endpoint_path_matches => /\/v3/) if identity_service_type
identity_service = get_service_v3(body, identity_service_type, nil, nil, :openstack_endpoint_path_matches => /\/v3/) if identity_service_type
management_url = service['endpoints'].find { |e| e['interface']==endpoint_type }['url']
identity_url = identity_service['endpoints'].find { |e| e['interface']=='public' }['url'] if identity_service
@ -532,7 +532,7 @@ module Fog
# Filter the found services by region (if specified) and whether the endpoint path matches the given regex (e.g. /\/v3/)
services.find do |s|
s['endpoints'].any? { |ep| endpoint_region?(ep, region) && endpoint_path_match?(ep, options[:endpoint_path_matches])}
s['endpoints'].any? { |ep| endpoint_region?(ep, region) && endpoint_path_match?(ep, options[:openstack_endpoint_path_matches])}
end if services
end

1
lib/fog/openstack/identity_v3.rb
View file

@ -160,6 +160,7 @@ module Fog
@openstack_endpoint_type = options[:openstack_endpoint_type] || 'adminURL'
@openstack_endpoint_path_matches = options[:openstack_endpoint_path_matches] ||= /\/v3/
authenticate
@persistent = options[:persistent] || false

187
spec/fog/openstack/identity_v3/idv3_other_region.yml
View file

@ -1,187 +0,0 @@
---
http_interactions:
- request:
method: post
uri: http://devstack.openstack.stack:5000/v3/auth/tokens
body:
encoding: UTF-8
string: ! '{"auth":{"identity":{"methods":["password"],"password":{"user":{"password":"password","id":"aa9f25defa6d4cafb48466df83106065"}}}}}'
headers:
User-Agent:
- fog/1.31.0 fog-core/1.31.1
Content-Type:
- application/json
response:
status:
code: 201
message: ''
headers:
Date:
- Tue, 23 Jun 2015 15:09:15 GMT
Server:
- Apache/2.4.7 (Ubuntu)
X-Subject-Token:
- 9f7df72efb3749ed8eb12699d16f56cc
Vary:
- X-Auth-Token
X-Openstack-Request-Id:
- req-77ed8c5d-de40-42ea-b7ac-013eedf72558
Content-Length:
- '297'
Content-Type:
- application/json
body:
encoding: US-ASCII
string: ! '{"token": {"methods": ["password"], "expires_at": "2015-06-23T16:09:15.097008Z",
"extras": {}, "user": {"domain": {"id": "default", "name": "Default"}, "id":
"aa9f25defa6d4cafb48466df83106065", "name": "admin"}, "audit_ids": ["K9N-CugNRDSarC82lwYYHQ"],
"issued_at": "2015-06-23T15:09:15.097078Z"}}'
http_version:
recorded_at: Tue, 23 Jun 2015 15:09:15 GMT
- request:
method: get
uri: http://devstack.openstack.stack:5000/v3/users/aa9f25defa6d4cafb48466df83106065/projects
body:
encoding: US-ASCII
string: ''
headers:
User-Agent:
- fog/1.31.0 fog-core/1.31.1
Content-Type:
- application/json
Accept:
- application/json
X-Auth-Token:
- 9f7df72efb3749ed8eb12699d16f56cc
response:
status:
code: 200
message: ''
headers:
Date:
- Tue, 23 Jun 2015 15:09:15 GMT
Server:
- Apache/2.4.7 (Ubuntu)
Vary:
- X-Auth-Token
X-Openstack-Request-Id:
- req-99d9e960-accc-4943-b647-f0454eb9f9ba
Content-Length:
- '617'
Content-Type:
- application/json
body:
encoding: US-ASCII
string: ! '{"links": {"self": "http://devstack.openstack.stack:5000/v3/users/aa9f25defa6d4cafb48466df83106065/projects",
"previous": null, "next": null}, "projects": [{"description": null, "links":
{"self": "http://devstack.openstack.stack:5000/v3/projects/123ac695d4db400a9001b91bb3b8aa46"},
"enabled": true, "id": "123ac695d4db400a9001b91bb3b8aa46", "parent_id": null,
"domain_id": "default", "name": "admin"}, {"description": null, "links": {"self":
"http://devstack.openstack.stack:5000/v3/projects/3ed7ee0512b641d3bb1fe17fc86d8bff"},
"enabled": true, "id": "3ed7ee0512b641d3bb1fe17fc86d8bff", "parent_id": null,
"domain_id": "default", "name": "demo"}]}'
http_version:
recorded_at: Tue, 23 Jun 2015 15:09:15 GMT
- request:
method: post
uri: http://devstack.openstack.stack:5000/v3/auth/tokens
body:
encoding: UTF-8
string: ! '{"auth":{"identity":{"methods":["token"],"token":{"id":"9f7df72efb3749ed8eb12699d16f56cc"}},"scope":{"project":{"name":"admin","domain":{"id":"default"}}}}}'
headers:
User-Agent:
- fog/1.31.0 fog-core/1.31.1
Content-Type:
- application/json
response:
status:
code: 201
message: ''
headers:
Date:
- Tue, 23 Jun 2015 15:09:15 GMT
Server:
- Apache/2.4.7 (Ubuntu)
X-Subject-Token:
- 6974d4e66dbb47e9a4ca379c14f706f4
Vary:
- X-Auth-Token
X-Openstack-Request-Id:
- req-7111935d-8900-4dff-ba6f-f1f691cb6b48
Content-Length:
- '5909'
Content-Type:
- application/json
body:
encoding: US-ASCII
string: ! '{"token": {"methods": ["token", "password"], "roles": [{"id": "6ead57f8ae124996af8b0beb72ff1007",
"name": "admin"}], "expires_at": "2015-06-23T16:09:15.097008Z", "project":
{"domain": {"id": "default", "name": "Default"}, "id": "123ac695d4db400a9001b91bb3b8aa46",
"name": "admin"}, "catalog": [{"endpoints": [{"region_id": "RegionOne", "url":
"http://devstack.openstack.stack:9292", "region": "RegionOne", "interface": "public",
"id": "6e82c8912d3f49a09df51035681d564c"}, {"region_id": "RegionOne", "url":
"http://devstack.openstack.stack:9292", "region": "RegionOne", "interface": "admin",
"id": "7e44d321ae80457abc3728fa1e6feb32"}, {"region_id": "RegionOne", "url":
"http://devstack.openstack.stack:9292", "region": "RegionOne", "interface": "internal",
"id": "c9a090a4597040849c03bc13588167f6"}], "type": "image", "id": "0d56500210a24c38a3702b6825e24164",
"name": "glance"}, {"endpoints": [{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8776/v2/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "internal", "id": "261aaf6239bb49a4a1cfa87c19859138"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8776/v2/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "admin", "id": "437d282e0bb94622aaacc4d194c069a9"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8776/v2/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "public", "id": "5e78bf7bae7c4ff5b9720b2c2e4da743"}],
"type": "volumev2", "id": "2b92e79c45254516932c633229cd0e8b", "name": "cinderv2"},
{"endpoints": [{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8773/",
"region": "RegionOne", "interface": "admin", "id": "1ce26a6fffd0424bac135b9c68055b6e"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8773/", "region":
"RegionOne", "interface": "public", "id": "98db699b9ffa4dffb027d78163aad8cc"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8773/", "region":
"RegionOne", "interface": "internal", "id": "ece52860cf1e4eb6a8fed05c47a30147"}],
"type": "ec2", "id": "3364a7b95c664bf89a7a8db081576364", "name": "ec2"}, {"endpoints":
[{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8776/v1/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "admin", "id": "4442fbd064844a7bbe6a792507d4b8e3"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8776/v1/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "internal", "id": "4b4178fd2e3d4f329600cc4ceaaa7e3a"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8776/v1/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "public", "id": "90977723dba04ea9a2a184c99565ccff"}],
"type": "volume", "id": "511b94ce0482484ea09028091dd5e9a5", "name": "cinder"},
{"endpoints": [{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8774/v2/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "internal", "id": "81c51855280345e9a6c322ca986d4e4b"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8774/v2/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "admin", "id": "a0310a37cf6144a6a967cbae9a7959ba"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8774/v2/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "public", "id": "f6d38c03b9c04a9e924aaa288ce014b8"}],
"type": "compute", "id": "5b7028751ed045d79467c7845ecb8c58", "name": "nova"},
{"endpoints": [{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8774/v2.1/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "internal", "id": "2f17e155b0aa47838394e6c4f6fe30e0"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8774/v2.1/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "public", "id": "9d2555fd27dd44e5acfb5e56127d974b"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:8774/v2.1/123ac695d4db400a9001b91bb3b8aa46",
"region": "RegionOne", "interface": "admin", "id": "e8bdd9403fbb4efa8d77bfd4f6a5e34a"}],
"type": "computev21", "id": "97e665cbada043718180c5a6316df76a", "name": "novav21"},
{"endpoints": [{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:35357/v3",
"region": "RegionOne", "interface": "admin", "id": "185eda94de9340e58245062f75d7f80e"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:5000/v3", "region":
"RegionOne", "interface": "internal", "id": "9abd6797844d455f875af9537325cba4"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:5000/v3", "region":
"RegionOne", "interface": "public", "id": "d3b31f24e4ea40699f731e29e625c187"}],
"type": "identity", "id": "b577d8f7c7074d04a1165fcca638b600", "name": "keystone_v3x"},
{"endpoints": [{"region_id": "europe", "url": "http://devstack.openstack.stack:35357/v3",
"region": "europe", "interface": "admin", "id": "32bb2c6aea944ea6b4956eb24142d2e2"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:5000/v3", "region":
"RegionOne", "interface": "public", "id": "480ea71dc8cf4c959df1c6304be87056"},
{"region_id": "europe", "url": "http://devstack.openstack.stack:5000/v3", "region":
"europe", "interface": "public", "id": "600638643d22494fad4f30e3b22ae124"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:5000/v3", "region":
"RegionOne", "interface": "internal", "id": "8a254651925e4a3e9505c863a00c017e"},
{"region_id": "europe", "url": "http://devstack.openstack.stack:5000/v3", "region":
"europe", "interface": "internal", "id": "b93da6aaba654d8cb451ff8378d7d2a5"},
{"region_id": "RegionOne", "url": "http://devstack.openstack.stack:35357/v3", "region":
"RegionOne", "interface": "admin", "id": "d5f8e0da0f3345529a5fb324d735d4a3"}],
"type": "identity_v3", "id": "cd9002bbadfe495d81b5ee4c50768009", "name": "keystone_v3"}],
"extras": {}, "user": {"domain": {"id": "default", "name": "Default"}, "id":
"aa9f25defa6d4cafb48466df83106065", "name": "admin"}, "audit_ids": ["1yvNE0UcSCWjedTDCBbDsA",
"K9N-CugNRDSarC82lwYYHQ"], "issued_at": "2015-06-23T15:09:15.359531Z"}}'
http_version:
recorded_at: Tue, 23 Jun 2015 15:09:15 GMT
recorded_with: VCR 2.9.3

188
spec/fog/openstack/identity_v3_spec.rb
View file

@ -11,19 +11,32 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
include_context 'OpenStack specs with VCR'
before :all do
VCR_USER_ID='a18abc2039d6493aa7239a42033cc7c9'
VCR_USER_NAME='admin'
VCR_PASSWORD='devstack'
VCR_DOMAIN_ID='default'
VCR_DOMAIN_NAME='Default'
VCR_PROJECT_NAME='admin'
VCR_REGION='RegionOne'
setup_vcr_and_service(
:vcr_directory => 'spec/fog/openstack/identity_v3',
:service_class => Fog::Identity::OpenStack::V3
:vcr_directory => 'spec/fog/openstack/identity_v3',
:service_class => Fog::Identity::OpenStack::V3,
:username => VCR_USER_NAME,
:password => VCR_PASSWORD,
:project_name => VCR_PROJECT_NAME,
:domain_name => VCR_DOMAIN_NAME,
:region_name => VCR_REGION
)
end
it 'authenticates with password, userid and domain_id' do
VCR.use_cassette('authv3_a') do
Fog::Identity::OpenStack::V3.new(
:openstack_domain_id => ENV['OS_USER_DOMAIN_ID'] || 'default',
:openstack_api_key => ENV['OS_PASSWORD'] || 'password',
:openstack_userid => ENV['OS_USER_ID'] || 'aa9f25defa6d4cafb48466df83106065',
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_domain_id => ENV['OS_USER_DOMAIN_ID'] || VCR_DOMAIN_ID,
:openstack_api_key => ENV['OS_PASSWORD'] || VCR_PASSWORD,
:openstack_userid => ENV['OS_USER_ID'] || VCR_USER_ID,
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION,
:openstack_auth_url => "#{@os_auth_url}/auth/tokens")
end
end
@ -31,10 +44,10 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
it 'authenticates with password, username and domain_id' do
VCR.use_cassette('authv3_b') do
Fog::Identity::OpenStack::V3.new(
:openstack_domain_id => ENV['OS_USER_DOMAIN_ID'] || 'default',
:openstack_api_key => ENV['OS_PASSWORD'] || 'password',
:openstack_username => ENV['OS_USERNAME'] || 'admin',
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_domain_id => ENV['OS_USER_DOMAIN_ID'] || VCR_DOMAIN_ID,
:openstack_api_key => ENV['OS_PASSWORD'] || VCR_PASSWORD,
:openstack_username => ENV['OS_USERNAME'] || VCR_USER_NAME,
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION,
:openstack_auth_url => "#{@os_auth_url}/auth/tokens")
end
end
@ -42,10 +55,10 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
it 'authenticates with password, username and domain_name' do
VCR.use_cassette('authv3_c') do
Fog::Identity::OpenStack::V3.new(
:openstack_user_domain => ENV['OS_USER_DOMAIN_NAME'] || 'Default',
:openstack_api_key => ENV['OS_PASSWORD'] || 'password',
:openstack_username => ENV['OS_USERNAME'] || 'admin',
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_user_domain => ENV['OS_USER_DOMAIN_NAME'] || VCR_DOMAIN_NAME,
:openstack_api_key => ENV['OS_PASSWORD'] || VCR_PASSWORD,
:openstack_username => ENV['OS_USERNAME'] || VCR_USER_NAME,
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION,
:openstack_auth_url => "#{@os_auth_url}/auth/tokens")
end
end
@ -60,8 +73,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
@fog = Fog::Identity::OpenStack::V3.new({
:openstack_region => ENV['OS_REGION_OTHER']||'europe',
:openstack_auth_url => "#{@os_auth_url}/auth/tokens",
:openstack_userid => ENV['OS_USER_ID'] || 'aa9f25defa6d4cafb48466df83106065',
:openstack_api_key => ENV['OS_PASSWORD'] || "password"
:openstack_userid => ENV['OS_USER_ID'] || VCR_USER_ID,
:openstack_api_key => ENV['OS_PASSWORD'] || VCR_PASSWORD
})
expect(@fog).to_not be_nil
end unless endpoints_in_region.empty?
@ -71,15 +84,15 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
VCR.use_cassette('authv3_unscoped_reauth') do
id_v3 = Fog::Identity::OpenStack::V3.new(
:openstack_api_key => ENV['OS_PASSWORD'] || 'password',
:openstack_userid => ENV['OS_USER_ID'] || 'aa9f25defa6d4cafb48466df83106065',
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_api_key => ENV['OS_PASSWORD'] || VCR_PASSWORD,
:openstack_userid => ENV['OS_USER_ID'] || VCR_USER_ID,
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION,
:openstack_auth_url => "#{@os_auth_url}/auth/tokens")
auth_params = {:provider => "openstack",
:openstack_auth_token => id_v3.credentials[:openstack_auth_token],
:openstack_auth_url => "#{@os_auth_url}/auth/tokens",
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne'}
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION}
@fog2 = Fog::Identity::OpenStack::V3.new(auth_params)
expect(@fog2).to_not be_nil
@ -92,11 +105,11 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
it 'authenticates with project scope' do
VCR.use_cassette('authv3_project') do
Fog::Identity::OpenStack::V3.new(
:openstack_project_name => ENV['OS_PROJECT_NAME'] || 'admin',
:openstack_domain_name => ENV['OS_USER_DOMAIN_NAME'] || 'Default',
:openstack_api_key => ENV['OS_PASSWORD'] || 'password',
:openstack_username => ENV['OS_USERNAME'] || 'admin',
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_project_name => ENV['OS_PROJECT_NAME'] || VCR_PROJECT_NAME,
:openstack_domain_name => ENV['OS_USER_DOMAIN_NAME'] || VCR_DOMAIN_NAME,
:openstack_api_key => ENV['OS_PASSWORD'] || VCR_PASSWORD,
:openstack_username => ENV['OS_USERNAME'] || VCR_USER_NAME,
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION,
:openstack_auth_url => "#{@os_auth_url}/auth/tokens")
end
end
@ -105,18 +118,18 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
VCR.use_cassette('authv3_unscoped') do
id_v3 = Fog::Identity::OpenStack::V3.new(
:openstack_api_key => ENV['OS_PASSWORD'] || 'password',
:openstack_userid => ENV['OS_USER_ID']||'aa9f25defa6d4cafb48466df83106065',
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_api_key => ENV['OS_PASSWORD'] || VCR_PASSWORD,
:openstack_userid => ENV['OS_USER_ID']||VCR_USER_ID,
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION,
:openstack_auth_url => "#{@os_auth_url}/auth/tokens")
# Exchange it for a project-scoped token
auth = Fog::Identity::OpenStack::V3.new(
:openstack_project_name => ENV['OS_PROJECT_NAME'] || 'admin',
:openstack_domain_name => ENV['OS_USER_DOMAIN_NAME'] || 'Default',
:openstack_tenant => ENV['OS_USERNAME'] || 'admin',
:openstack_project_name => ENV['OS_PROJECT_NAME'] || VCR_PROJECT_NAME,
:openstack_domain_name => ENV['OS_USER_DOMAIN_NAME'] || VCR_DOMAIN_NAME,
:openstack_tenant => ENV['OS_USERNAME'] || VCR_USER_NAME,
:openstack_auth_token => id_v3.credentials[:openstack_auth_token],
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_region => ENV['OS_REGION_NAME'] || VCR_REGION,
:openstack_auth_url => "#{@os_auth_url}/auth/tokens")
token = auth.credentials[:openstack_auth_token]
@ -135,7 +148,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
expect { nonexistent_user = @service.users.find_by_id 'u-random-blah' }.to raise_error(Fog::Identity::OpenStack::NotFound)
admin_user = @service.users.find_by_name ENV['OS_USERNAME'] || 'admin'
admin_user = @service.users.find_by_name ENV['OS_USERNAME'] || VCR_USER_NAME
expect(admin_user.length).to be 1
users = @service.users
@ -167,8 +180,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
# Create a user called foobar
foobar_user = @service.users.create(:name => 'foobar',
:email => 'foobar@example.com',
:password => 's3cret!')
:email => 'foobar@example.com',
:password => 's3cret!')
foobar_id = foobar_user.id
expect(@service.users.find_by_name('foobar').length).to be 1
@ -186,8 +199,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
# Try to create the user again
expect { @service.users.create(:name => 'baz',
:email => 'foobar@example.com',
:password => 's3cret!') }.to raise_error(Excon::Errors::Conflict)
:email => 'foobar@example.com',
:password => 's3cret!') }.to raise_error(Excon::Errors::Conflict)
# Delete the user
baz_user.destroy
@ -227,13 +240,13 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
#foobar_user1 = @service.users.find_by_name('foobar1').first
#foobar_user1.destroy if foobar_user1
foobar_user1 = @service.users.create(:name => 'foobar1',
:email => 'foobar1@example.com',
:password => 's3cret!1')
:email => 'foobar1@example.com',
:password => 's3cret!1')
#foobar_user2 = @service.users.find_by_name('foobar2').first
#foobar_user2.destroy if foobar_user2
foobar_user2 = @service.users.create(:name => 'foobar2',
:email => 'foobar2@example.com',
:password => 's3cret!2')
:email => 'foobar2@example.com',
:password => 's3cret!2')
expect(foobar_user1.groups.length).to be 0
expect(baz_group.users.length).to be 0
@ -271,10 +284,10 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
it "gets a token, checks it and then revokes it" do
VCR.use_cassette('idv3_token') do
auth = {:auth => {:identity => {:methods => %w{password},
:password => {:user => {:id => ENV['OS_USER_ID']||'aa9f25defa6d4cafb48466df83106065',
:password => ENV['OS_PASSWORD']||'password'}}},
:scope => {:project => {:domain => {:name => ENV['OS_USER_DOMAIN_NAME']||'Default'},
:name => ENV['OS_PROJECT_NAME']||'admin'}}}}
:password => {:user => {:id => ENV['OS_USER_ID']||VCR_USER_ID,
:password => ENV['OS_PASSWORD']||VCR_PASSWORD}}},
:scope => {:project => {:domain => {:name => ENV['OS_USER_DOMAIN_NAME']||VCR_DOMAIN_NAME},
:name => ENV['OS_PROJECT_NAME']||VCR_PROJECT_NAME}}}}
token = @service.tokens.authenticate(auth)
expect(token).to_not be_nil
@ -297,9 +310,9 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
begin
foobar_user = @service.users.create(:name => 'foobar_385',
:email => 'foobar_demo@example.com',
:domain_id => ENV['OS_USER_DOMAIN_ID'] || 'default',
:password => 's3cret!')
:email => 'foobar_demo@example.com',
:domain_id => ENV['OS_USER_DOMAIN_ID'] || VCR_DOMAIN_ID,
:password => 's3cret!')
foobar_role = @service.roles.create(:name => 'foobar_role390')
foobar_user.grant_role(foobar_role.id)
@ -308,20 +321,20 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
:openstack_domain_id => foobar_user.domain_id,
:openstack_api_key => 's3cret!',
:openstack_username => 'foobar_385',
:openstack_region => ENV['OS_REGION_NAME']||'europe',
:openstack_region => ENV['OS_REGION_NAME']||VCR_REGION,
:openstack_auth_url => auth_url)
# Test - check the token validity by using it to create a new Fog::Identity::OpenStack::V3 instance
token_check = Fog::Identity::OpenStack::V3.new(
:openstack_auth_token => nonadmin_v3.auth_token,
:openstack_region => ENV['OS_REGION_NAME']||'europe',
:openstack_region => ENV['OS_REGION_NAME']||VCR_REGION,
:openstack_auth_url => auth_url)
expect(token_check).to_not be_nil
expect { Fog::Identity::OpenStack::V3.new(
:openstack_auth_token => 'blahblahblah',
:openstack_region => ENV['OS_REGION_NAME']||'europe',
:openstack_region => ENV['OS_REGION_NAME']||VCR_REGION,
:openstack_auth_url => auth_url) }.to raise_error(Excon::Errors::NotFound)
ensure
# Clean up
@ -345,7 +358,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
expect(domains_all).to_not be_nil
expect(domains_all.length).to_not be 0
default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||VCR_DOMAIN_ID
expect(default_domain).to_not be_nil
expect { @service.domains.find_by_id 'atlantis' }.to raise_error(Fog::Identity::OpenStack::NotFound)
@ -395,8 +408,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
VCR.use_cassette('idv3_domain_roles_mutation') do
begin
foobar_user = @service.users.create(:name => 'foobar_role_user',
:email => 'foobar@example.com',
:password => 's3cret!')
:email => 'foobar@example.com',
:password => 's3cret!')
# User has no roles initially
expect(foobar_user.roles.length).to be 0
@ -423,7 +436,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
foobar_user.revoke_role(foobar_role.id)
expect(foobar_user.check_role(foobar_role.id)).to be false
ensure
foobar_user = @service.users.find_by_name('u-foobar_role_user').first unless foobar_user
foobar_user = @service.users.find_by_name('foobar_role_user').first unless foobar_user
foobar_user.destroy if foobar_user
foobar_role = @service.roles.all.select { |role| role.name == 'foobar_role' }.first unless foobar_role
foobar_role.destroy if foobar_role
@ -441,14 +454,14 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
# Create a group in this domain
foobar_group = @service.groups.create(:name => 'g-foobar',
:description => "Group of Foobar users",
:domain_id => foobar_domain.id)
:description => "Group of Foobar users",
:domain_id => foobar_domain.id)
# Create a user in the domain
foobar_user = @service.users.create(:name => 'u-foobar_foobar',
:email => 'foobar@example.com',
:password => 's3cret!',
:domain_id => foobar_domain.id)
:email => 'foobar@example.com',
:password => 's3cret!',
:domain_id => foobar_domain.id)
# User has no roles initially
expect(foobar_user.roles.length).to be 0
@ -535,14 +548,19 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
baz_role = @service.roles.find_by_id foobar_id
expect(baz_role).to_not be_nil
expect(baz_role.name).to eq 'baz23'
ensure
# Delete the role
baz_role.destroy if baz_role
baz_role.destroy
baz_role = nil
# Check that the deletion worked
expect { @service.roles.find_by_id foobar_id }.to raise_error(Fog::Identity::OpenStack::NotFound) if foobar_id
['foobar23', 'baz23'].each do |role_name|
expect(@service.roles.all(:name => role_name).length).to be 0
end
ensure
# Delete the roles
foobar_by_name = @service.roles.all(:name => 'foobar23').first
foobar_by_name.destroy if foobar_by_name
baz_by_name = @service.roles.all(:name => 'baz23').first
baz_by_name.destroy if baz_by_name
end
end
end
@ -567,7 +585,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
it "CRUD projects" do
VCR.use_cassette('idv3_project_crud') do
default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||VCR_DOMAIN_ID
begin
# Create a project called foobar - should not work without domain id?
@ -602,7 +620,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
it "CRUD & list hierarchical projects" do
VCR.use_cassette('idv3_project_hier_crud_list') do
default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||'default'
default_domain = @service.domains.find_by_id ENV['OS_USER_DOMAIN_ID']||VCR_DOMAIN_ID
begin
# Create a project called foobar
@ -650,7 +668,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
foobar_kids = @service.projects.find_by_id(foobar_id, :subtree_as_list).subtree
expect(foobar_kids.length).to eq 3
expect([foobar_kids[0].id,foobar_kids[1].id,foobar_kids[2].id].sort
).to eq [baz_id, boo_id, booboo_id].sort
).to eq [baz_id, boo_id, booboo_id].sort
# Create a another sub-project of boo called fooboo and check that it appears in the parent's subtree
fooboo_project = @service.projects.create(:name => 'p-fooboo67', :parent_id => boo_id)
@ -714,19 +732,19 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
# Create a user
foobar_user = @service.users.create(:name => 'u-foobar69',
:email => 'foobar@example.com',
:password => 's3cret!')
:email => 'foobar@example.com',
:password => 's3cret!')
# Create a group and add the user to it
foobar_group = @service.groups.create(:name => 'g-foobar69',
:description => "Group of Foobar users")
:description => "Group of Foobar users")
foobar_group.add_user foobar_user.id
# User has no projects initially
expect(foobar_user.projects.length).to be 0
expect(@service.role_assignments.all(:user_id => foobar_user.id,
:project_id => foobar_project.id,
:effective => true).length).to be 0
:project_id => foobar_project.id,
:effective => true).length).to be 0
expect(foobar_project.user_roles(foobar_user.id).length).to be 0
# Grant role to the user in the new project - this assigns the project to the user
@ -744,8 +762,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
expect(foobar_project.group_roles(foobar_group.id).length).to be 0
expect(@service.role_assignments.all(:user_id => foobar_user.id,
:project_id => foobar_project.id,
:effective => true).length).to be 0
:project_id => foobar_project.id,
:effective => true).length).to be 0
# Grant role to the group in the new project - this assigns the project to the group
foobar_project.grant_role_to_group(baz_role.id, foobar_group.id)
@ -754,8 +772,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
# Now we check that a user has the role in that project
assignments = @service.role_assignments.all(:user_id => foobar_user.id,
:project_id => foobar_project.id,
:effective => true)
:project_id => foobar_project.id,
:effective => true)
expect(assignments.length).to be 1
expect(assignments.first.role['id']).to eq baz_role.id
expect(assignments.first.user['id']).to eq foobar_user.id
@ -859,10 +877,10 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
begin
# Create a endpoint called foobar
foobar_endpoint = @service.endpoints.create(:service_id => service.id,
:interface => 'internal',
:name => 'foobar',
:url => 'http://example.com/foobar',
:enabled => false)
:interface => 'internal',
:name => 'foobar',
:url => 'http://example.com/foobar',
:enabled => false)
foobar_id = foobar_endpoint.id
expect(@service.endpoints.all(:interface => 'internal').select { |endpoint| endpoint.name == 'foobar' }.length).to be 1
@ -907,8 +925,8 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
begin
# Create a user
foobar_user = @service.users.create(:name => 'u-foobar_cred',
:email => 'foobar@example.com',
:password => 's3cret!')
:email => 'foobar@example.com',
:password => 's3cret!')
project = @service.projects.all.first
access_key = '9c4e774a-f644-498f-90c4-970b3f817fc5'
@ -926,9 +944,9 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
# Create a credential
foo_credential = @service.os_credentials.create(:type => 'ec2',
:project_id => project.id,
:user_id => foobar_user.id,
:blob => blob_json)
:project_id => project.id,
:user_id => foobar_user.id,
:blob => blob_json)
credential_id = foo_credential.id
expect(@service.os_credentials.all.select { |credential| credential.type == 'ec2' }.length).to be 1
@ -988,7 +1006,7 @@ RSpec.describe Fog::Identity::OpenStack::V3 do
# Create a policy
foo_policy = @service.policies.create(:type => 'application/json',
:blob => blob)
:blob => blob)
policy_id = foo_policy.id
expect(@service.policies.all.select { |policy| policy.type == 'application/json' }.length).to be 1

19
spec/fog/openstack/shared_context.rb
View file

@ -76,19 +76,20 @@ RSpec.shared_context 'OpenStack specs with VCR' do
if @service_class == Fog::Identity::OpenStack::V3 || @os_auth_url.end_with?('/v3')
options = {
:openstack_auth_url => "#{@os_auth_url}/auth/tokens",
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_api_key => ENV['OS_PASSWORD'] || 'password',
:openstack_username => ENV['OS_USERNAME'] || 'admin',
:openstack_domain_name => ENV['OS_USER_DOMAIN_NAME'] || 'Default',
:openstack_project_name => ENV['OS_PROJECT_NAME'] || 'admin'
:openstack_region => ENV['OS_REGION_NAME'] || options[:region_name] || 'RegionOne',
:openstack_api_key => ENV['OS_PASSWORD'] || options[:password] || 'password',
:openstack_username => ENV['OS_USERNAME'] || options[:username] || 'admin',
:openstack_domain_name => ENV['OS_USER_DOMAIN_NAME']|| options[:domain_name] || 'Default',
:openstack_project_name => ENV['OS_PROJECT_NAME']|| options[:project_name] || 'admin'
}
options[:openstack_service_type] = [ENV['OS_AUTH_SERVICE']] if ENV['OS_AUTH_SERVICE']
else
options = {
:openstack_auth_url => "#{@os_auth_url}/tokens",
:openstack_region => ENV['OS_REGION_NAME'] || 'RegionOne',
:openstack_api_key => ENV['OS_PASSWORD'] || 'devstack',
:openstack_username => ENV['OS_USERNAME'] || 'admin',
:openstack_tenant => ENV['OS_PROJECT_NAME'] || 'admin'
:openstack_region => ENV['OS_REGION_NAME'] || options[:region_name] || 'RegionOne',
:openstack_api_key => ENV['OS_PASSWORD'] || options[:password] || 'devstack',
:openstack_username => ENV['OS_USERNAME'] || options[:username] || 'admin',
:openstack_tenant => ENV['OS_PROJECT_NAME'] || options[:project_name] || 'admin'
# FIXME: Identity V3 not properly supported by other services yet
# :openstack_user_domain => ENV['OS_USER_DOMAIN_NAME'] || 'Default',
# :openstack_project_domain => ENV['OS_PROJECT_DOMAIN_NAME'] || 'Default',