summaryrefslogtreecommitdiffstats
path: root/test/unit/common
diff options
context:
space:
mode:
Diffstat (limited to 'test/unit/common')
-rw-r--r--test/unit/common/middleware/swiftkerbauth/test_kerbauth.py142
-rw-r--r--test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py11
2 files changed, 145 insertions, 8 deletions
diff --git a/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py b/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py
index 642c4d6..537b8d3 100644
--- a/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py
+++ b/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py
@@ -18,9 +18,9 @@ import errno
import unittest
from time import time
from mock import patch, Mock
-from gluster.swift.common.middleware.swiftkerbauth import kerbauth as auth
from test.unit import FakeMemcache
from swift.common.swob import Request, Response
+from gluster.swift.common.middleware.swiftkerbauth import kerbauth as auth
EXT_AUTHENTICATION_URL = "127.0.0.1"
REDIRECT_STATUS = 303 # HTTPSeeOther
@@ -80,7 +80,8 @@ class TestKerbAuth(unittest.TestCase):
patch_filter_factory()
def setUp(self):
- self.test_auth = auth.filter_factory({})(FakeApp())
+ self.test_auth = \
+ auth.filter_factory({'auth_method': 'active'})(FakeApp())
self.test_auth_passive = \
auth.filter_factory({'auth_method': 'passive'})(FakeApp())
@@ -105,6 +106,10 @@ class TestKerbAuth(unittest.TestCase):
app = FakeApp()
ath = auth.filter_factory({})(app)
self.assertEquals(ath.reseller_prefix, 'AUTH_')
+ ath = auth.filter_factory({'reseller_prefix': 'TEST'})(app)
+ self.assertEquals(ath.reseller_prefix, 'TEST_')
+ ath = auth.filter_factory({'reseller_prefix': 'TEST_'})(app)
+ self.assertEquals(ath.reseller_prefix, 'TEST_')
def test_auth_prefix_init(self):
app = FakeApp()
@@ -130,6 +135,19 @@ class TestKerbAuth(unittest.TestCase):
self.assertEquals(req.environ['swift.authorize'],
self.test_auth.denied_response)
+ def test_passive_top_level_deny(self):
+ req = self._make_request('/')
+ resp = req.get_response(self.test_auth_passive)
+ self.assertEquals(resp.status_int, 401)
+ self.assertEquals(req.environ['swift.authorize'],
+ self.test_auth_passive.denied_response)
+
+ def test_passive_deny_invalid_token(self):
+ req = self._make_request('/v1/AUTH_account',
+ headers={'X-Auth-Token': 'AUTH_t'})
+ resp = req.get_response(self.test_auth_passive)
+ self.assertEquals(resp.status_int, 401)
+
def test_override_asked_for_and_allowed(self):
self.test_auth = \
auth.filter_factory({'allow_overrides': 'true'})(FakeApp())
@@ -249,6 +267,126 @@ class TestKerbAuth(unittest.TestCase):
resp = self.test_auth.handle_get_token(req)
self.assertEquals(resp.status_int, 404)
+ def test_passive_handle_get_token_no_user_or_key(self):
+ #No user and key
+ req = self._make_request('/auth/v1.0')
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, REDIRECT_STATUS)
+ #User given but no key
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'test:user'})
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+
+ def test_passive_handle_get_token_account_in_req_path(self):
+ req = self._make_request('/v1/test/auth',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ _mock_run_kinit = Mock(return_value=0)
+ _mock_get_groups = Mock(return_value="user,auth_test")
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username',
+ _mock_get_groups):
+ resp = self.test_auth_passive.handle_get_token(req)
+ _mock_run_kinit.assert_called_once_with('user', 'password')
+ self.assertEquals(_mock_get_groups.call_count, 2)
+ self.assertEquals(resp.status_int, 200)
+ self.assertTrue(resp.headers['X-Auth-Token'] is not None)
+ self.assertTrue(resp.headers['X-Storage-Token'] is not None)
+ self.assertTrue(resp.headers['X-Storage-Url'] is not None)
+
+ def test_passive_handle_get_token_user_invalid_or_no__account(self):
+ #X-Auth-User not in acc:user format
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'user'})
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+ req = self._make_request('/v1/test/auth',
+ headers={'X-Auth-User': 'user'})
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+ # Account name mismatch
+ req = self._make_request('/v1/test/auth',
+ headers={'X-Auth-User': 'wrongacc:user'})
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+
+ def test_passive_handle_get_token_no_kinit(self):
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ _mock_run_kinit = Mock(side_effect=OSError(errno.ENOENT,
+ os.strerror(errno.ENOENT)))
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 500)
+ self.assertTrue("kinit command not found" in resp.body)
+ _mock_run_kinit.assert_called_once_with('user', 'password')
+
+ def test_passive_handle_get_token_kinit_fail(self):
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ _mock_run_kinit = Mock(return_value=1)
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+ _mock_run_kinit.assert_called_once_with('user', 'password')
+
+ def test_passive_handle_get_token_kinit_success_token_not_present(self):
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ _mock_run_kinit = Mock(return_value=0)
+ _mock_get_groups = Mock(return_value="user,auth_test")
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username',
+ _mock_get_groups):
+ resp = self.test_auth_passive.handle_get_token(req)
+ _mock_run_kinit.assert_called_once_with('user', 'password')
+ self.assertEquals(_mock_get_groups.call_count, 2)
+ self.assertEquals(resp.status_int, 200)
+ self.assertTrue(resp.headers['X-Auth-Token'] is not None)
+ self.assertTrue(resp.headers['X-Storage-Token'] is not None)
+ self.assertTrue(resp.headers['X-Storage-Url'] is not None)
+
+ def test_passive_handle_get_token_kinit_realm_and_memcache(self):
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ req.environ['swift.cache'] = None
+ _auth_passive = \
+ auth.filter_factory({'auth_method': 'passive',
+ 'realm_name': 'EXAMPLE.COM'})(FakeApp())
+ _mock_run_kinit = Mock(return_value=0)
+ _mock_get_groups = Mock(return_value="user,auth_test")
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username',
+ _mock_get_groups):
+ try:
+ _auth_passive.handle_get_token(req)
+ except Exception as e:
+ self.assertTrue(e.args[0].startswith("Memcache "
+ "required"))
+ else:
+ self.fail("Expected Exception - Memcache required")
+ _mock_run_kinit.assert_called_once_with('user@EXAMPLE.COM', 'password')
+ _mock_get_groups.assert_called_once_with('user')
+
+ def test_passive_handle_get_token_user_in_any__account(self):
+ req = self._make_request('/auth/v1.0',
+ headers={'X-Auth-User': 'test:user',
+ 'X-Auth-Key': 'password'})
+ _mock_run_kinit = Mock(return_value=0)
+ _mock_get_groups = Mock(return_value="user,auth_blah")
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit):
+ with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username',
+ _mock_get_groups):
+ resp = self.test_auth_passive.handle_get_token(req)
+ self.assertEquals(resp.status_int, 401)
+ _mock_run_kinit.assert_called_once_with('user', 'password')
+ _mock_get_groups.assert_called_once_with('user')
+
def test_handle(self):
req = self._make_request('/auth/v1.0')
resp = req.get_response(self.test_auth)
diff --git a/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py b/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py
index c5da168..2a4e90b 100644
--- a/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py
+++ b/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py
@@ -17,7 +17,6 @@ import unittest
import re
from time import time
from test.unit import FakeMemcache
-from gluster.swift.common.middleware.swiftkerbauth import kerbauth as auth
from gluster.swift.common.middleware.swiftkerbauth import kerbauth_utils as ku
@@ -63,15 +62,15 @@ class TestKerbUtils(unittest.TestCase):
def test_generate_token(self):
token = ku.generate_token()
matches = re.match('AUTH_tk[a-f0-9]{32}', token)
- self.assertNotEqual(matches, None)
+ self.assertTrue(matches is not None)
- def test_get_groups(self):
- groups = ku.get_groups("root")
+ def test_get_groups_from_username(self):
+ groups = ku.get_groups_from_username("root")
self.assertTrue("root" in groups)
- def test_get_groups_err(self):
+ def test_get_groups_from_username_err(self):
try:
- ku.get_groups("Zroot")
+ ku.get_groups_from_username("Zroot")
except RuntimeError as err:
self.assertTrue(err.args[0].startswith("Failure running id -G"))
else:
generated by cgit (git 2.34.1) at 2025-11-04 11:25:33 +0000