From eaa366c960a085f374005e8a7a3d20a39b8758eb Mon Sep 17 00:00:00 2001 From: Ondrej Vasko Date: Sat, 6 Apr 2024 22:14:57 +0200 Subject: [PATCH] Replicate auth initialization for FS and OS Signed-off-by: Ondrej Vasko --- README.md | 2 +- docs/installation-using-cli.md | 8 +- docs/installation-using-helm.md | 6 +- src/cinder/block_store_test.go | 32 ++----- src/cinder/clouds.yaml | 2 +- src/manila/clouds.yaml | 2 +- src/manila/fs_store_test.go | 38 +++----- src/swift/clouds.yaml | 12 +++ src/swift/object_store_test.go | 160 ++++++++++++++++++++++++++++++++ 9 files changed, 205 insertions(+), 57 deletions(-) create mode 100644 src/swift/clouds.yaml diff --git a/README.md b/README.md index a7a0e67..61da73e 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,7 @@ Recommended way of using this plugin with restic is to use authentication with e ```bash # test and build code -go test -v ./... +go test -v -count 1 ./... go mod tidy go build diff --git a/docs/installation-using-cli.md b/docs/installation-using-cli.md index 9e87f85..2ae0c1c 100644 --- a/docs/installation-using-cli.md +++ b/docs/installation-using-cli.md @@ -52,7 +52,7 @@ spec: cloud: "" # optional Region: # in case multiple regions exist in a single cloud, select which region - # will be used for backups. + # will be used for cinder volume backups. region: "" # optional snapshot method: # * "snapshot" is a default cinder snapshot method @@ -98,12 +98,12 @@ spec: provider: community.openstack.org/openstack-manila config: # optional Cloud: - # in case clouds.yaml is used as authentication method, cloud allows - # user to select which cloud from the clouds.yaml to use for volume backups + # in case clouds.yaml is used as authentication method, cloud allows user + # to select which cloud from the clouds.yaml to use for manila share backups cloud: "" # optional Region: # in case multiple regions exist in a single cloud, select which region - # will be used for backups. + # will be used for manila share backups. region: "" # optional snapshot method: # * "snapshot" is a default manila snapshot method diff --git a/docs/installation-using-helm.md b/docs/installation-using-helm.md index c39cf61..8e7638b 100644 --- a/docs/installation-using-helm.md +++ b/docs/installation-using-helm.md @@ -70,12 +70,12 @@ configuration: provider: community.openstack.org/openstack-manila config: # optional Cloud: - # in case clouds.yaml is used as authentication method, cloud allows - # user to select which cloud from the clouds.yaml to use for volume backups + # in case clouds.yaml is used as authentication method, cloud allows user + # to select which cloud from the clouds.yaml to use for manila share backups cloud: "" # optional Region: # in case multiple regions exist in a single cloud, select which region - # will be used for backups. + # will be used for manila share backups. region: "" # optional snapshot method: # * "snapshot" is a default manila snapshot method diff --git a/src/cinder/block_store_test.go b/src/cinder/block_store_test.go index 0ceeac9..210dbb5 100644 --- a/src/cinder/block_store_test.go +++ b/src/cinder/block_store_test.go @@ -36,8 +36,8 @@ const tokenResp = `{ "url": "http://localhost:35357" } ], - "id": "854d03ceed4611ee82b09cb6d0fbac9d", - "type": "identity", + "id": "854d03ceed4611ee82b09cb6d0fbac9d", + "type": "identity", "name": "keystone" }, { @@ -106,10 +106,10 @@ const tokenResp = `{ "project": { "domain": { "id": "8789d1", - "name": "example.com" + "name": "domain" }, - "id": "263fa9", - "name": "project-y" + "id": "04982538-f42b-11ee-a412-9cb6d0fbac9d", + "name": "project" }, "roles": [ { @@ -121,25 +121,13 @@ const tokenResp = `{ "name": "member" } ], - "service_providers": [ - { - "auth_url":"https://example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth", - "id": "sp1", - "sp_url": "https://example.com:5000/Shibboleth.sso/SAML2/ECP" - }, - { - "auth_url":"https://other.example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth", - "id": "sp2", - "sp_url": "https://other.example.com:5000/Shibboleth.sso/SAML2/ECP" - } - ], "user": { "domain": { "id": "8789d1", - "name": "example.com" + "name": "domain" }, - "id": "0ca8f6", - "name": "Jane", + "id": "cf78e694-f42a-11ee-bfcc-9cb6d0fbac9d", + "name": "user", "password_expires_at": "2026-11-06T15:32:17.000000" } } @@ -148,9 +136,9 @@ const tokenResp = `{ // TestInit performs standard block store initialization // which includes creation of auth client, authentication and // creation of block storage client. -// In this test we use simple clouds.yaml and don't override +// In this test we use simple clouds.yaml and not override // any option. -func TestInit(t *testing.T) { +func TestSimpleBlockStorageInit(t *testing.T) { // Basic structs log := logrus.New() config := map[string]string{ diff --git a/src/cinder/clouds.yaml b/src/cinder/clouds.yaml index 8fb20b4..276da2e 100644 --- a/src/cinder/clouds.yaml +++ b/src/cinder/clouds.yaml @@ -2,7 +2,7 @@ clouds: myCloud: auth: - user_domain_name: users + user_domain_name: domain auth_url: http://127.0.0.1:32498/v3 username: user password: pass diff --git a/src/manila/clouds.yaml b/src/manila/clouds.yaml index 8fb20b4..c84a351 100644 --- a/src/manila/clouds.yaml +++ b/src/manila/clouds.yaml @@ -3,7 +3,7 @@ clouds: myCloud: auth: user_domain_name: users - auth_url: http://127.0.0.1:32498/v3 + auth_url: http://127.0.0.1:32499/v3 username: user password: pass project_name: project diff --git a/src/manila/fs_store_test.go b/src/manila/fs_store_test.go index 13966b0..afded02 100644 --- a/src/manila/fs_store_test.go +++ b/src/manila/fs_store_test.go @@ -36,8 +36,8 @@ const tokenResp = `{ "url": "http://localhost:35357" } ], - "id": "854d03ceed4611ee82b09cb6d0fbac9d", - "type": "identity", + "id": "854d03ceed4611ee82b09cb6d0fbac9d", + "type": "identity", "name": "keystone" }, { @@ -106,10 +106,10 @@ const tokenResp = `{ "project": { "domain": { "id": "8789d1", - "name": "example.com" + "name": "domain" }, - "id": "263fa9", - "name": "project-y" + "id": "04982538-f42b-11ee-a412-9cb6d0fbac9d", + "name": "project" }, "roles": [ { @@ -121,36 +121,24 @@ const tokenResp = `{ "name": "member" } ], - "service_providers": [ - { - "auth_url":"https://example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth", - "id": "sp1", - "sp_url": "https://example.com:5000/Shibboleth.sso/SAML2/ECP" - }, - { - "auth_url":"https://other.example.com:5000/v3/OS-FEDERATION/identity_providers/acme/protocols/saml2/auth", - "id": "sp2", - "sp_url": "https://other.example.com:5000/Shibboleth.sso/SAML2/ECP" - } - ], "user": { "domain": { "id": "8789d1", - "name": "example.com" + "name": "domain" }, - "id": "0ca8f6", - "name": "Jane", + "id": "cf78e694-f42a-11ee-bfcc-9cb6d0fbac9d", + "name": "user", "password_expires_at": "2026-11-06T15:32:17.000000" } } }` -// TestInit performs standard block store initialization +// TestInit performs standard file share store initialization // which includes creation of auth client, authentication and -// creation of block storage client. -// In this test we use simple clouds.yaml and don't override +// creation of shared filesystem client. +// In this test we use simple clouds.yaml and not override // any option. -func TestInit(t *testing.T) { +func TestSimpleSharedFilesystemInit(t *testing.T) { // Basic structs log := logrus.New() config := map[string]string{ @@ -161,7 +149,7 @@ func TestInit(t *testing.T) { // Create fake provider client for authentication, // prepare handler for authentication and redirect // provider endpoint to fake client. - th.SetupPersistentPortHTTP(t, 32498) + th.SetupPersistentPortHTTP(t, 32499) defer th.TeardownHTTP() fakeClient.ServiceClient() fs.provider = fakeClient.ServiceClient().ProviderClient diff --git a/src/swift/clouds.yaml b/src/swift/clouds.yaml new file mode 100644 index 0000000..1799266 --- /dev/null +++ b/src/swift/clouds.yaml @@ -0,0 +1,12 @@ +# This file is only to perform unit test with clouds.yaml for which the path cannot be changed +clouds: + myCloud: + auth: + user_domain_name: users + auth_url: http://127.0.0.1:32500/v3 + username: user + password: pass + project_name: project + project_domain_name: domain + # region_name: myRegion + identity_api_version: 3 diff --git a/src/swift/object_store_test.go b/src/swift/object_store_test.go index ae389ec..869d36e 100644 --- a/src/swift/object_store_test.go +++ b/src/swift/object_store_test.go @@ -13,6 +13,166 @@ import ( "github.com/stretchr/testify/assert" ) +const ID = "0123456789" +const tokenResp = `{ + "token": { + "audit_ids": ["VcxU2JYqT8OzfUVvrjEITQ", "qNUTIJntTzO1-XUk5STybw"], + "catalog": [ + { + "endpoints": [ + { + "id": "796186fced4611ee9e2c9cb6d0fbac9d", + "interface": "public", + "region": "RegionOne", + "url": "http://localhost:5000" + }, + { + "id": "7c2bb2cced4611ee90c09cb6d0fbac9d", + "interface": "internal", + "region": "RegionOne", + "url": "http://localhost:5000" + }, + { + "id": "8080e7b6ed4611ee88be9cb6d0fbac9d", + "interface": "admin", + "region": "RegionOne", + "url": "http://localhost:35357" + } + ], + "id": "854d03ceed4611ee82b09cb6d0fbac9d", + "type": "identity", + "name": "keystone" + }, + { + "endpoints": [ + { + "id": "5fb3e04cc47345079bcccfa5a78d4de6", + "interface": "internal", + "region_id": "myRegion", + "url": "http://localhost/v3/955f0136ed4611ee9f489cb6d0fbac9d", + "region": "myRegion" + }, + { + "id": "d48c520ef7b941c692100f24a1437864", + "interface": "public", + "region_id": "myRegion", + "url": "https://localhost/v3/955f0136ed4611ee9f489cb6d0fbac9d", + "region": "myRegion" + }, + { + "id": "da15876d31f24af3afc3a69cb918c45f", + "interface": "admin", + "region_id": "myRegion", + "url": "https://localhost/v3/955f0136ed4611ee9f489cb6d0fbac9d", + "region": "myRegion" + } + ], + "id": "439e9f0d9d224b88a9b01774a9948e5e", + "type": "object-store", + "name": "swift" + }, + { + "endpoints": [ + { + "id": "2bed9ab4ed4111eeb4229cb6d0fbac9d", + "interface": "internal", + "region_id": "secondRegion", + "url": "http://localhost2/v3/4c30519aed4111eeab909cb6d0fbac9d", + "region": "secondRegion" + }, + { + "id": "3bd7f8caed4111eeb77a9cb6d0fbac9d", + "interface": "public", + "region_id": "secondRegion", + "url": "https://localhost2/v3/4c30519aed4111eeab909cb6d0fbac9d", + "region": "secondRegion" + }, + { + "id": "46474c98ed4111eeb2839cb6d0fbac9d", + "interface": "admin", + "region_id": "secondRegion", + "url": "https://localhost2/v3/4c30519aed4111eeab909cb6d0fbac9d", + "region": "secondRegion" + } + ], + "id": "4c30519aed4111eeab909cb6d0fbac9d", + "type": "object-store", + "name": "swift" + } + ], + "expires_at": "2025-02-27T18:30:59.999999Z", + "is_domain": false, + "issued_at": "2025-02-27T16:30:59.999999Z", + "methods": [ + "password" + ], + "project": { + "domain": { + "id": "8789d1", + "name": "domain" + }, + "id": "04982538-f42b-11ee-a412-9cb6d0fbac9d", + "name": "project" + }, + "roles": [ + { + "id": "86e72a", + "name": "admin" + }, + { + "id": "e4f392", + "name": "member" + } + ], + "user": { + "domain": { + "id": "8789d1", + "name": "domain" + }, + "id": "cf78e694-f42a-11ee-bfcc-9cb6d0fbac9d", + "name": "user", + "password_expires_at": "2026-11-06T15:32:17.000000" + } + } +}` + +// TestInit performs standard object store initialization +// which includes creation of auth client, authentication and +// creation of object storage client. +// In this test we use simple clouds.yaml and not override +// any options. +func TestSimpleObjectStorageInit(t *testing.T) { + // Basic structs + log := logrus.New() + config := map[string]string{ + "cloud": "myCloud", + } + os := NewObjectStore(log) + + // Create fake provider client for authentication, + // prepare handler for authentication and redirect + // provider endpoint to fake client. + th.SetupPersistentPortHTTP(t, 32500) + defer th.TeardownHTTP() + fakeClient.ServiceClient() + os.provider = fakeClient.ServiceClient().ProviderClient + os.provider.IdentityEndpoint = th.Endpoint() + + th.Mux.HandleFunc("/v3/auth/tokens", + func(w http.ResponseWriter, r *http.Request) { + w.Header().Add("X-Subject-Token", ID) + + w.WriteHeader(http.StatusCreated) + fmt.Fprint(w, tokenResp) + }, + ) + + // Try to Init block storage. This involves authentication. + if err := os.Init(config); err != nil { + t.Error(err) + } +} + func handleGetObject(t *testing.T, container, object string, data []byte) { th.Mux.HandleFunc(fmt.Sprintf("/%s/%s", container, object), func(w http.ResponseWriter, r *http.Request) {