From 03128e172e0242eba396e8487bdd8d6b0da52db3 Mon Sep 17 00:00:00 2001 From: Chetan Risbud Date: Thu, 23 Jan 2014 12:42:53 +0530 Subject: Rebase swiftkerbauth imported code with upstream Few changes have been merged to upstream swiftkerbauth repo. This commit brings it down to gluster-swift repo. Bringing below changes to gluster-swift repo in one go. http://review.gluster.org/#/c/6296/ http://review.gluster.org/#/c/6370/ http://review.gluster.org/#/c/6595/ http://review.gluster.org/#/c/6713/ http://review.gluster.org/#/c/6732/ Change-Id: I10dc12d75ec63fca313339fbc71e4f18071af552 Signed-off-by: Chetan Risbud Reviewed-on: http://review.gluster.org/6764 Reviewed-by: Prashanth Pai --- .../middleware/swiftkerbauth/test_kerbauth.py | 142 ++++++++++++++++++++- .../swiftkerbauth/test_kerbauth_utils.py | 11 +- 2 files changed, 145 insertions(+), 8 deletions(-) (limited to 'test/unit/common') diff --git a/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py b/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py index 642c4d6..537b8d3 100644 --- a/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py +++ b/test/unit/common/middleware/swiftkerbauth/test_kerbauth.py @@ -18,9 +18,9 @@ import errno import unittest from time import time from mock import patch, Mock -from gluster.swift.common.middleware.swiftkerbauth import kerbauth as auth from test.unit import FakeMemcache from swift.common.swob import Request, Response +from gluster.swift.common.middleware.swiftkerbauth import kerbauth as auth EXT_AUTHENTICATION_URL = "127.0.0.1" REDIRECT_STATUS = 303 # HTTPSeeOther @@ -80,7 +80,8 @@ class TestKerbAuth(unittest.TestCase): patch_filter_factory() def setUp(self): - self.test_auth = auth.filter_factory({})(FakeApp()) + self.test_auth = \ + auth.filter_factory({'auth_method': 'active'})(FakeApp()) self.test_auth_passive = \ auth.filter_factory({'auth_method': 'passive'})(FakeApp()) @@ -105,6 +106,10 @@ class TestKerbAuth(unittest.TestCase): app = FakeApp() ath = auth.filter_factory({})(app) self.assertEquals(ath.reseller_prefix, 'AUTH_') + ath = auth.filter_factory({'reseller_prefix': 'TEST'})(app) + self.assertEquals(ath.reseller_prefix, 'TEST_') + ath = auth.filter_factory({'reseller_prefix': 'TEST_'})(app) + self.assertEquals(ath.reseller_prefix, 'TEST_') def test_auth_prefix_init(self): app = FakeApp() @@ -130,6 +135,19 @@ class TestKerbAuth(unittest.TestCase): self.assertEquals(req.environ['swift.authorize'], self.test_auth.denied_response) + def test_passive_top_level_deny(self): + req = self._make_request('/') + resp = req.get_response(self.test_auth_passive) + self.assertEquals(resp.status_int, 401) + self.assertEquals(req.environ['swift.authorize'], + self.test_auth_passive.denied_response) + + def test_passive_deny_invalid_token(self): + req = self._make_request('/v1/AUTH_account', + headers={'X-Auth-Token': 'AUTH_t'}) + resp = req.get_response(self.test_auth_passive) + self.assertEquals(resp.status_int, 401) + def test_override_asked_for_and_allowed(self): self.test_auth = \ auth.filter_factory({'allow_overrides': 'true'})(FakeApp()) @@ -249,6 +267,126 @@ class TestKerbAuth(unittest.TestCase): resp = self.test_auth.handle_get_token(req) self.assertEquals(resp.status_int, 404) + def test_passive_handle_get_token_no_user_or_key(self): + #No user and key + req = self._make_request('/auth/v1.0') + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, REDIRECT_STATUS) + #User given but no key + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'test:user'}) + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + + def test_passive_handle_get_token_account_in_req_path(self): + req = self._make_request('/v1/test/auth', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + _mock_run_kinit = Mock(return_value=0) + _mock_get_groups = Mock(return_value="user,auth_test") + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username', + _mock_get_groups): + resp = self.test_auth_passive.handle_get_token(req) + _mock_run_kinit.assert_called_once_with('user', 'password') + self.assertEquals(_mock_get_groups.call_count, 2) + self.assertEquals(resp.status_int, 200) + self.assertTrue(resp.headers['X-Auth-Token'] is not None) + self.assertTrue(resp.headers['X-Storage-Token'] is not None) + self.assertTrue(resp.headers['X-Storage-Url'] is not None) + + def test_passive_handle_get_token_user_invalid_or_no__account(self): + #X-Auth-User not in acc:user format + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'user'}) + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + req = self._make_request('/v1/test/auth', + headers={'X-Auth-User': 'user'}) + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + # Account name mismatch + req = self._make_request('/v1/test/auth', + headers={'X-Auth-User': 'wrongacc:user'}) + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + + def test_passive_handle_get_token_no_kinit(self): + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + _mock_run_kinit = Mock(side_effect=OSError(errno.ENOENT, + os.strerror(errno.ENOENT))) + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 500) + self.assertTrue("kinit command not found" in resp.body) + _mock_run_kinit.assert_called_once_with('user', 'password') + + def test_passive_handle_get_token_kinit_fail(self): + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + _mock_run_kinit = Mock(return_value=1) + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + _mock_run_kinit.assert_called_once_with('user', 'password') + + def test_passive_handle_get_token_kinit_success_token_not_present(self): + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + _mock_run_kinit = Mock(return_value=0) + _mock_get_groups = Mock(return_value="user,auth_test") + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username', + _mock_get_groups): + resp = self.test_auth_passive.handle_get_token(req) + _mock_run_kinit.assert_called_once_with('user', 'password') + self.assertEquals(_mock_get_groups.call_count, 2) + self.assertEquals(resp.status_int, 200) + self.assertTrue(resp.headers['X-Auth-Token'] is not None) + self.assertTrue(resp.headers['X-Storage-Token'] is not None) + self.assertTrue(resp.headers['X-Storage-Url'] is not None) + + def test_passive_handle_get_token_kinit_realm_and_memcache(self): + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + req.environ['swift.cache'] = None + _auth_passive = \ + auth.filter_factory({'auth_method': 'passive', + 'realm_name': 'EXAMPLE.COM'})(FakeApp()) + _mock_run_kinit = Mock(return_value=0) + _mock_get_groups = Mock(return_value="user,auth_test") + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username', + _mock_get_groups): + try: + _auth_passive.handle_get_token(req) + except Exception as e: + self.assertTrue(e.args[0].startswith("Memcache " + "required")) + else: + self.fail("Expected Exception - Memcache required") + _mock_run_kinit.assert_called_once_with('user@EXAMPLE.COM', 'password') + _mock_get_groups.assert_called_once_with('user') + + def test_passive_handle_get_token_user_in_any__account(self): + req = self._make_request('/auth/v1.0', + headers={'X-Auth-User': 'test:user', + 'X-Auth-Key': 'password'}) + _mock_run_kinit = Mock(return_value=0) + _mock_get_groups = Mock(return_value="user,auth_blah") + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.run_kinit', _mock_run_kinit): + with patch('gluster.swift.common.middleware.swiftkerbauth.kerbauth.get_groups_from_username', + _mock_get_groups): + resp = self.test_auth_passive.handle_get_token(req) + self.assertEquals(resp.status_int, 401) + _mock_run_kinit.assert_called_once_with('user', 'password') + _mock_get_groups.assert_called_once_with('user') + def test_handle(self): req = self._make_request('/auth/v1.0') resp = req.get_response(self.test_auth) diff --git a/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py b/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py index c5da168..2a4e90b 100644 --- a/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py +++ b/test/unit/common/middleware/swiftkerbauth/test_kerbauth_utils.py @@ -17,7 +17,6 @@ import unittest import re from time import time from test.unit import FakeMemcache -from gluster.swift.common.middleware.swiftkerbauth import kerbauth as auth from gluster.swift.common.middleware.swiftkerbauth import kerbauth_utils as ku @@ -63,15 +62,15 @@ class TestKerbUtils(unittest.TestCase): def test_generate_token(self): token = ku.generate_token() matches = re.match('AUTH_tk[a-f0-9]{32}', token) - self.assertNotEqual(matches, None) + self.assertTrue(matches is not None) - def test_get_groups(self): - groups = ku.get_groups("root") + def test_get_groups_from_username(self): + groups = ku.get_groups_from_username("root") self.assertTrue("root" in groups) - def test_get_groups_err(self): + def test_get_groups_from_username_err(self): try: - ku.get_groups("Zroot") + ku.get_groups_from_username("Zroot") except RuntimeError as err: self.assertTrue(err.args[0].startswith("Failure running id -G")) else: -- cgit