Reuse existing token from RequestContext
When castellan trying to recreate trust-scoped token
from RequestContext keystone throw exception
because it's not allowed.
Starting from this commit castellan trying to
reuse existing token constructed from RequestContext
if get_auth_plugin() is available.
Change-Id: I10a12b9a2a7f796eca37dd20a280d3a4015a6903
Closes-Bug: #1827047
Depends-On: https://review.opendev.org/#/c/664558/
(cherry picked from commit 5d93676338
)
This commit is contained in:
parent
313b401106
commit
193b4a2cc3
|
@ -175,13 +175,16 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
|||
# this will be kept for oslo.context compatibility until
|
||||
# projects begin to use utils.credential_factory
|
||||
elif context.__class__.__name__ is 'RequestContext':
|
||||
return identity.Token(
|
||||
auth_url=self.conf.barbican.auth_endpoint,
|
||||
token=context.auth_token,
|
||||
project_id=context.project_id,
|
||||
project_name=context.project_name,
|
||||
project_domain_id=context.project_domain_id,
|
||||
project_domain_name=context.project_domain_name)
|
||||
if getattr(context, 'get_auth_plugin', None):
|
||||
return context.get_auth_plugin()
|
||||
else:
|
||||
return identity.Token(
|
||||
auth_url=self.conf.barbican.auth_endpoint,
|
||||
token=context.auth_token,
|
||||
project_id=context.project_id,
|
||||
project_name=context.project_name,
|
||||
project_domain_id=context.project_domain_id,
|
||||
project_domain_name=context.project_domain_name)
|
||||
else:
|
||||
msg = _("context must be of type KeystonePassword, "
|
||||
"KeystoneToken, or RequestContext.")
|
||||
|
@ -192,6 +195,10 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
|||
barbican = self.conf.barbican
|
||||
if barbican.barbican_endpoint:
|
||||
return barbican.barbican_endpoint
|
||||
elif getattr(auth, 'service_catalog', None):
|
||||
endpoint_data = auth.service_catalog.endpoint_data_for(
|
||||
service_type='key-manager')
|
||||
return endpoint_data.url
|
||||
else:
|
||||
service_parameters = {'service_type': 'key-manager',
|
||||
'service_name': 'barbican',
|
||||
|
@ -199,9 +206,14 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
|||
return auth.get_endpoint(sess, **service_parameters)
|
||||
|
||||
def _create_base_url(self, auth, sess, endpoint):
|
||||
api_version = None
|
||||
if self.conf.barbican.barbican_api_version:
|
||||
api_version = self.conf.barbican.barbican_api_version
|
||||
else:
|
||||
elif getattr(auth, 'service_catalog', None):
|
||||
endpoint_data = auth.service_catalog.endpoint_data_for(
|
||||
service_type='key-manager')
|
||||
api_version = endpoint_data.api_version
|
||||
elif getattr(auth, 'get_discovery', None):
|
||||
discovery = auth.get_discovery(sess, url=endpoint)
|
||||
raw_data = discovery.raw_version_data()
|
||||
if len(raw_data) == 0:
|
||||
|
|
|
@ -94,6 +94,54 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
|||
endpoint)
|
||||
self.assertEqual(endpoint + "/" + version, base_url)
|
||||
|
||||
def test_base_url_service_catalog(self):
|
||||
endpoint_data = mock.Mock()
|
||||
endpoint_data.api_version = 'v321'
|
||||
|
||||
auth = mock.Mock(spec=['service_catalog'])
|
||||
auth.service_catalog.endpoint_data_for.return_value = endpoint_data
|
||||
|
||||
endpoint = "http://localhost/key_manager"
|
||||
|
||||
base_url = self.key_mgr._create_base_url(auth,
|
||||
mock.Mock(),
|
||||
endpoint)
|
||||
self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
|
||||
auth.service_catalog.endpoint_data_for.assert_called_once_with(
|
||||
service_type='key-manager')
|
||||
|
||||
def test_base_url_raise_exception(self):
|
||||
auth = mock.Mock(spec=['get_discovery'])
|
||||
sess = mock.Mock()
|
||||
discovery = mock.Mock()
|
||||
discovery.raw_version_data = mock.Mock(return_value=[])
|
||||
auth.get_discovery = mock.Mock(return_value=discovery)
|
||||
|
||||
endpoint = "http://localhost/key_manager"
|
||||
|
||||
self.assertRaises(exception.KeyManagerError,
|
||||
self.key_mgr._create_base_url,
|
||||
auth, sess, endpoint)
|
||||
auth.get_discovery.asser_called_once_with(sess, url=endpoint)
|
||||
self.assertEqual(1, discovery.raw_version_data.call_count)
|
||||
|
||||
def test_base_url_get_discovery(self):
|
||||
version = 'v100500'
|
||||
auth = mock.Mock(spec=['get_discovery'])
|
||||
sess = mock.Mock()
|
||||
discovery = mock.Mock()
|
||||
auth.get_discovery = mock.Mock(return_value=discovery)
|
||||
discovery.raw_version_data = mock.Mock(return_value=[{'id': version}])
|
||||
|
||||
endpoint = "http://localhost/key_manager"
|
||||
|
||||
base_url = self.key_mgr._create_base_url(auth,
|
||||
mock.Mock(),
|
||||
endpoint)
|
||||
self.assertEqual(endpoint + "/" + version, base_url)
|
||||
auth.get_discovery.asser_called_once_with(sess, url=endpoint)
|
||||
self.assertEqual(1, discovery.raw_version_data.call_count)
|
||||
|
||||
def test_create_key(self):
|
||||
# Create order_ref_url and assign return value
|
||||
order_ref_url = ("http://localhost:9311/v1/orders/"
|
||||
|
|
Loading…
Reference in New Issue