github.com/gophercloud/gophercloud@v1.11.0/internal/acceptance/openstack/identity/v3/oauth1_test.go (about) 1 //go:build acceptance 2 // +build acceptance 3 4 package v3 5 6 import ( 7 "testing" 8 9 "github.com/gophercloud/gophercloud" 10 "github.com/gophercloud/gophercloud/internal/acceptance/clients" 11 "github.com/gophercloud/gophercloud/internal/acceptance/tools" 12 "github.com/gophercloud/gophercloud/openstack" 13 "github.com/gophercloud/gophercloud/openstack/identity/v3/extensions/oauth1" 14 "github.com/gophercloud/gophercloud/openstack/identity/v3/tokens" 15 th "github.com/gophercloud/gophercloud/testhelper" 16 ) 17 18 func TestOAuth1CRUD(t *testing.T) { 19 client, err := clients.NewIdentityV3Client() 20 th.AssertNoErr(t, err) 21 22 ao, err := openstack.AuthOptionsFromEnv() 23 th.AssertNoErr(t, err) 24 25 authOptions := tokens.AuthOptions{ 26 Username: ao.Username, 27 Password: ao.Password, 28 DomainName: ao.DomainName, 29 DomainID: ao.DomainID, 30 // We need a scope to get the token roles list 31 Scope: tokens.Scope{ 32 ProjectID: ao.TenantID, 33 ProjectName: ao.TenantName, 34 DomainID: ao.DomainID, 35 DomainName: ao.DomainName, 36 }, 37 } 38 tokenRes := tokens.Create(client, &authOptions) 39 token, err := tokenRes.Extract() 40 th.AssertNoErr(t, err) 41 tools.PrintResource(t, token) 42 43 user, err := tokenRes.ExtractUser() 44 th.AssertNoErr(t, err) 45 tools.PrintResource(t, user) 46 47 roles, err := tokenRes.ExtractRoles() 48 th.AssertNoErr(t, err) 49 tools.PrintResource(t, roles) 50 51 project, err := tokenRes.ExtractProject() 52 th.AssertNoErr(t, err) 53 tools.PrintResource(t, project) 54 55 // Create a consumer 56 createConsumerOpts := oauth1.CreateConsumerOpts{ 57 Description: "My test consumer", 58 } 59 // NOTE: secret is available only in create response 60 consumer, err := oauth1.CreateConsumer(client, createConsumerOpts).Extract() 61 th.AssertNoErr(t, err) 62 63 // Delete a consumer 64 defer oauth1.DeleteConsumer(client, consumer.ID) 65 tools.PrintResource(t, consumer) 66 67 th.AssertEquals(t, consumer.Description, createConsumerOpts.Description) 68 69 // Update a consumer 70 updateConsumerOpts := oauth1.UpdateConsumerOpts{ 71 Description: "", 72 } 73 updatedConsumer, err := oauth1.UpdateConsumer(client, consumer.ID, updateConsumerOpts).Extract() 74 th.AssertNoErr(t, err) 75 tools.PrintResource(t, updatedConsumer) 76 th.AssertEquals(t, updatedConsumer.ID, consumer.ID) 77 th.AssertEquals(t, updatedConsumer.Description, updateConsumerOpts.Description) 78 79 // Get a consumer 80 getConsumer, err := oauth1.GetConsumer(client, consumer.ID).Extract() 81 th.AssertNoErr(t, err) 82 tools.PrintResource(t, getConsumer) 83 th.AssertEquals(t, getConsumer.ID, consumer.ID) 84 th.AssertEquals(t, getConsumer.Description, updateConsumerOpts.Description) 85 86 // List consumers 87 consumersPages, err := oauth1.ListConsumers(client).AllPages() 88 th.AssertNoErr(t, err) 89 consumers, err := oauth1.ExtractConsumers(consumersPages) 90 th.AssertNoErr(t, err) 91 th.AssertEquals(t, consumers[0].ID, updatedConsumer.ID) 92 th.AssertEquals(t, consumers[0].Description, updatedConsumer.Description) 93 94 // test HMACSHA1 and PLAINTEXT signature methods 95 for _, method := range []oauth1.SignatureMethod{oauth1.HMACSHA1, oauth1.PLAINTEXT} { 96 oauth1MethodTest(t, client, consumer, method, user, project, roles, ao.IdentityEndpoint) 97 } 98 } 99 100 func oauth1MethodTest(t *testing.T, client *gophercloud.ServiceClient, consumer *oauth1.Consumer, method oauth1.SignatureMethod, user *tokens.User, project *tokens.Project, roles []tokens.Role, identityEndpoint string) { 101 // Request a token 102 requestTokenOpts := oauth1.RequestTokenOpts{ 103 OAuthConsumerKey: consumer.ID, 104 OAuthConsumerSecret: consumer.Secret, 105 OAuthSignatureMethod: method, 106 RequestedProjectID: project.ID, 107 } 108 requestToken, err := oauth1.RequestToken(client, requestTokenOpts).Extract() 109 th.AssertNoErr(t, err) 110 tools.PrintResource(t, requestToken) 111 112 // Authorize token 113 authorizeTokenOpts := oauth1.AuthorizeTokenOpts{ 114 Roles: []oauth1.Role{ 115 // test role by ID 116 {ID: roles[0].ID}, 117 }, 118 } 119 if len(roles) > 1 { 120 // test role by name 121 authorizeTokenOpts.Roles = append(authorizeTokenOpts.Roles, oauth1.Role{Name: roles[1].Name}) 122 } 123 authToken, err := oauth1.AuthorizeToken(client, requestToken.OAuthToken, authorizeTokenOpts).Extract() 124 th.AssertNoErr(t, err) 125 tools.PrintResource(t, authToken) 126 127 // Create access token 128 accessTokenOpts := oauth1.CreateAccessTokenOpts{ 129 OAuthConsumerKey: consumer.ID, 130 OAuthConsumerSecret: consumer.Secret, 131 OAuthToken: requestToken.OAuthToken, 132 OAuthTokenSecret: requestToken.OAuthTokenSecret, 133 OAuthVerifier: authToken.OAuthVerifier, 134 OAuthSignatureMethod: method, 135 } 136 137 accessToken, err := oauth1.CreateAccessToken(client, accessTokenOpts).Extract() 138 th.AssertNoErr(t, err) 139 defer oauth1.RevokeAccessToken(client, user.ID, accessToken.OAuthToken) 140 141 tools.PrintResource(t, accessToken) 142 143 // Get access token 144 getAccessToken, err := oauth1.GetAccessToken(client, user.ID, accessToken.OAuthToken).Extract() 145 th.AssertNoErr(t, err) 146 147 tools.PrintResource(t, getAccessToken) 148 149 th.AssertEquals(t, getAccessToken.ID, accessToken.OAuthToken) 150 th.AssertEquals(t, getAccessToken.ConsumerID, consumer.ID) 151 th.AssertEquals(t, getAccessToken.AuthorizingUserID, user.ID) 152 th.AssertEquals(t, getAccessToken.ProjectID, project.ID) 153 154 // List access tokens 155 accessTokensPages, err := oauth1.ListAccessTokens(client, user.ID).AllPages() 156 th.AssertNoErr(t, err) 157 158 accessTokens, err := oauth1.ExtractAccessTokens(accessTokensPages) 159 th.AssertNoErr(t, err) 160 161 tools.PrintResource(t, accessTokens) 162 th.AssertDeepEquals(t, accessTokens[0], *getAccessToken) 163 164 // List access token roles 165 accessTokenRolesPages, err := oauth1.ListAccessTokenRoles(client, user.ID, accessToken.OAuthToken).AllPages() 166 th.AssertNoErr(t, err) 167 168 accessTokenRoles, err := oauth1.ExtractAccessTokenRoles(accessTokenRolesPages) 169 th.AssertNoErr(t, err) 170 171 tools.PrintResource(t, accessTokenRoles) 172 173 for _, atr := range accessTokenRoles { 174 var found bool 175 for _, role := range roles { 176 if atr.ID == role.ID { 177 found = true 178 } 179 } 180 th.AssertEquals(t, found, true) 181 } 182 183 // Get access token role 184 getAccessTokenRole, err := oauth1.GetAccessTokenRole(client, user.ID, accessToken.OAuthToken, roles[0].ID).Extract() 185 th.AssertNoErr(t, err) 186 tools.PrintResource(t, getAccessTokenRole) 187 188 var found bool 189 for _, atr := range accessTokenRoles { 190 if atr.ID == getAccessTokenRole.ID { 191 found = true 192 } 193 } 194 th.AssertEquals(t, found, true) 195 196 // Test auth using OAuth1 197 newClient, err := clients.NewIdentityV3UnauthenticatedClient() 198 th.AssertNoErr(t, err) 199 200 // Opts to auth using an oauth1 credential 201 authOptions := &oauth1.AuthOptions{ 202 OAuthConsumerKey: consumer.ID, 203 OAuthConsumerSecret: consumer.Secret, 204 OAuthToken: accessToken.OAuthToken, 205 OAuthTokenSecret: accessToken.OAuthTokenSecret, 206 OAuthSignatureMethod: method, 207 } 208 err = openstack.AuthenticateV3(newClient.ProviderClient, authOptions, gophercloud.EndpointOpts{}) 209 th.AssertNoErr(t, err) 210 211 // Test OAuth1 token extract 212 var token struct { 213 tokens.Token 214 oauth1.TokenExt 215 } 216 tokenRes := tokens.Get(newClient, newClient.ProviderClient.TokenID) 217 err = tokenRes.ExtractInto(&token) 218 th.AssertNoErr(t, err) 219 oauth1Roles, err := tokenRes.ExtractRoles() 220 th.AssertNoErr(t, err) 221 tools.PrintResource(t, token) 222 tools.PrintResource(t, oauth1Roles) 223 th.AssertEquals(t, token.OAuth1.ConsumerID, consumer.ID) 224 th.AssertEquals(t, token.OAuth1.AccessTokenID, accessToken.OAuthToken) 225 }