"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/tests/unit/test_contrib_s3_core.py" (13 May 2020, 6095 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "test_contrib_s3_core.py": 16.0.1_vs_17.0.0.

    1 # Copyright 2012 OpenStack Foundation
    2 #
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 import base64
   16 import hashlib
   17 import hmac
   18 import uuid
   19 
   20 import http.client
   21 
   22 from keystone.api import s3tokens
   23 from keystone.common import provider_api
   24 from keystone import exception
   25 from keystone.tests import unit
   26 from keystone.tests.unit import test_v3
   27 
   28 PROVIDERS = provider_api.ProviderAPIs
   29 
   30 
   31 class S3ContribCore(test_v3.RestfulTestCase):
   32     def setUp(self):
   33         super(S3ContribCore, self).setUp()
   34 
   35         self.load_backends()
   36 
   37         self.cred_blob, self.credential = unit.new_ec2_credential(
   38             self.user['id'], self.project_id)
   39         PROVIDERS.credential_api.create_credential(
   40             self.credential['id'], self.credential)
   41 
   42     def test_good_response(self):
   43         sts = 'string to sign'  # opaque string from swift3
   44         sig = hmac.new(self.cred_blob['secret'].encode('ascii'),
   45                        sts.encode('ascii'), hashlib.sha1).digest()
   46         resp = self.post(
   47             '/s3tokens',
   48             body={'credentials': {
   49                 'access': self.cred_blob['access'],
   50                 'signature': base64.b64encode(sig).strip(),
   51                 'token': base64.b64encode(sts.encode('ascii')).strip(),
   52             }},
   53             expected_status=http.client.OK)
   54         self.assertValidProjectScopedTokenResponse(resp, self.user,
   55                                                    forbid_token_id=True)
   56 
   57     def test_bad_request(self):
   58         self.post(
   59             '/s3tokens',
   60             body={},
   61             expected_status=http.client.BAD_REQUEST)
   62 
   63         self.post(
   64             '/s3tokens',
   65             body="not json",
   66             expected_status=http.client.BAD_REQUEST)
   67 
   68         self.post(
   69             '/s3tokens',
   70             expected_status=http.client.BAD_REQUEST)
   71 
   72     def test_bad_response(self):
   73         self.post(
   74             '/s3tokens',
   75             body={'credentials': {
   76                 'access': self.cred_blob['access'],
   77                 'signature': base64.b64encode(b'totally not the sig').strip(),
   78                 'token': base64.b64encode(b'string to sign').strip(),
   79             }},
   80             expected_status=http.client.UNAUTHORIZED)
   81 
   82     def test_good_signature_v1(self):
   83         creds_ref = {'secret':
   84                      u'b121dd41cdcc42fe9f70e572e84295aa'}
   85         credentials = {'token':
   86                        'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
   87                        'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
   88                        'iAyMTo0MTo0MSBHTVQKL2NvbnRfczMvdXBsb2FkZWRfZnJ'
   89                        'vbV9zMy50eHQ=',
   90                        'signature': 'IL4QLcLVaYgylF9iHj6Wb8BGZsw='}
   91 
   92         self.assertIsNone(s3tokens.S3Resource._check_signature(
   93             creds_ref, credentials))
   94 
   95     def test_bad_signature_v1(self):
   96         creds_ref = {'secret':
   97                      u'b121dd41cdcc42fe9f70e572e84295aa'}
   98         credentials = {'token':
   99                        'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
  100                        'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
  101                        'iAyMTo0MTo0MSBHTVQKL2NvbnRfczMvdXBsb2FkZWRfZnJ'
  102                        'vbV9zMy50eHQ=',
  103                        'signature': uuid.uuid4().hex}
  104 
  105         self.assertRaises(exception.Unauthorized,
  106                           s3tokens.S3Resource._check_signature,
  107                           creds_ref, credentials)
  108 
  109     def test_good_signature_v4(self):
  110         creds_ref = {'secret':
  111                      u'e7a7a2240136494986991a6598d9fb9f'}
  112         credentials = {'token':
  113                        'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
  114                        'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
  115                        'MTU1ODBlZWI5YTE2NzM1MWJkOTNlODZjM2I2ZjA0YTkyOGY1'
  116                        'YzU1MjBhMzkzNWE0NTM1NDBhMDk1NjRiNQ==',
  117                        'signature':
  118                        '730ba8f58df6ffeadd78f402e990b2910d60'
  119                        'bc5c2aec63619734f096a4dd77be'}
  120 
  121         self.assertIsNone(s3tokens.S3Resource._check_signature(
  122             creds_ref, credentials))
  123 
  124     def test_bad_signature_v4(self):
  125         creds_ref = {'secret':
  126                      u'e7a7a2240136494986991a6598d9fb9f'}
  127         credentials = {'token':
  128                        'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
  129                        'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
  130                        'MTU1ODBlZWI5YTE2NzM1MWJkOTNlODZjM2I2ZjA0YTkyOGY1'
  131                        'YzU1MjBhMzkzNWE0NTM1NDBhMDk1NjRiNQ==',
  132                        'signature': uuid.uuid4().hex}
  133 
  134         self.assertRaises(exception.Unauthorized,
  135                           s3tokens.S3Resource._check_signature,
  136                           creds_ref, credentials)
  137 
  138     def test_bad_token_v4(self):
  139         creds_ref = {'secret':
  140                      u'e7a7a2240136494986991a6598d9fb9f'}
  141         # token has invalid format of first part
  142         credentials = {'token':
  143                        'QVdTNC1BQUEKWApYClg=',
  144                        'signature': ''}
  145         self.assertRaises(exception.Unauthorized,
  146                           s3tokens.S3Resource._check_signature,
  147                           creds_ref, credentials)
  148 
  149         # token has invalid format of scope
  150         credentials = {'token':
  151                        'QVdTNC1ITUFDLVNIQTI1NgpYCi8vczMvYXdzTl9yZXF1ZXN0Clg=',
  152                        'signature': ''}
  153         self.assertRaises(exception.Unauthorized,
  154                           s3tokens.S3Resource._check_signature,
  155                           creds_ref, credentials)