Reuse existing token from RequestContext

When castellan trying to recreate trust-scoped token
from RequestContext keystone throw exception
because it's not allowed.
Starting from this commit castellan trying to
reuse existing token constructed from RequestContext
if get_auth_plugin() is available.

Change-Id: I10a12b9a2a7f796eca37dd20a280d3a4015a6903
Closes-Bug: #1827047
Depends-On: https://review.opendev.org/#/c/664558/
(cherry picked from commit 5d93676338)
This commit is contained in:
Vladislav Kuzmin 2019-06-04 17:09:58 +04:00 committed by Elod Illes
parent 313b401106
commit 193b4a2cc3
2 changed files with 68 additions and 8 deletions

View File

@ -175,13 +175,16 @@ class BarbicanKeyManager(key_manager.KeyManager):
# this will be kept for oslo.context compatibility until
# projects begin to use utils.credential_factory
elif context.__class__.__name__ is 'RequestContext':
return identity.Token(
auth_url=self.conf.barbican.auth_endpoint,
token=context.auth_token,
project_id=context.project_id,
project_name=context.project_name,
project_domain_id=context.project_domain_id,
project_domain_name=context.project_domain_name)
if getattr(context, 'get_auth_plugin', None):
return context.get_auth_plugin()
else:
return identity.Token(
auth_url=self.conf.barbican.auth_endpoint,
token=context.auth_token,
project_id=context.project_id,
project_name=context.project_name,
project_domain_id=context.project_domain_id,
project_domain_name=context.project_domain_name)
else:
msg = _("context must be of type KeystonePassword, "
"KeystoneToken, or RequestContext.")
@ -192,6 +195,10 @@ class BarbicanKeyManager(key_manager.KeyManager):
barbican = self.conf.barbican
if barbican.barbican_endpoint:
return barbican.barbican_endpoint
elif getattr(auth, 'service_catalog', None):
endpoint_data = auth.service_catalog.endpoint_data_for(
service_type='key-manager')
return endpoint_data.url
else:
service_parameters = {'service_type': 'key-manager',
'service_name': 'barbican',
@ -199,9 +206,14 @@ class BarbicanKeyManager(key_manager.KeyManager):
return auth.get_endpoint(sess, **service_parameters)
def _create_base_url(self, auth, sess, endpoint):
api_version = None
if self.conf.barbican.barbican_api_version:
api_version = self.conf.barbican.barbican_api_version
else:
elif getattr(auth, 'service_catalog', None):
endpoint_data = auth.service_catalog.endpoint_data_for(
service_type='key-manager')
api_version = endpoint_data.api_version
elif getattr(auth, 'get_discovery', None):
discovery = auth.get_discovery(sess, url=endpoint)
raw_data = discovery.raw_version_data()
if len(raw_data) == 0:

View File

@ -94,6 +94,54 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
endpoint)
self.assertEqual(endpoint + "/" + version, base_url)
def test_base_url_service_catalog(self):
endpoint_data = mock.Mock()
endpoint_data.api_version = 'v321'
auth = mock.Mock(spec=['service_catalog'])
auth.service_catalog.endpoint_data_for.return_value = endpoint_data
endpoint = "http://localhost/key_manager"
base_url = self.key_mgr._create_base_url(auth,
mock.Mock(),
endpoint)
self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
auth.service_catalog.endpoint_data_for.assert_called_once_with(
service_type='key-manager')
def test_base_url_raise_exception(self):
auth = mock.Mock(spec=['get_discovery'])
sess = mock.Mock()
discovery = mock.Mock()
discovery.raw_version_data = mock.Mock(return_value=[])
auth.get_discovery = mock.Mock(return_value=discovery)
endpoint = "http://localhost/key_manager"
self.assertRaises(exception.KeyManagerError,
self.key_mgr._create_base_url,
auth, sess, endpoint)
auth.get_discovery.asser_called_once_with(sess, url=endpoint)
self.assertEqual(1, discovery.raw_version_data.call_count)
def test_base_url_get_discovery(self):
version = 'v100500'
auth = mock.Mock(spec=['get_discovery'])
sess = mock.Mock()
discovery = mock.Mock()
auth.get_discovery = mock.Mock(return_value=discovery)
discovery.raw_version_data = mock.Mock(return_value=[{'id': version}])
endpoint = "http://localhost/key_manager"
base_url = self.key_mgr._create_base_url(auth,
mock.Mock(),
endpoint)
self.assertEqual(endpoint + "/" + version, base_url)
auth.get_discovery.asser_called_once_with(sess, url=endpoint)
self.assertEqual(1, discovery.raw_version_data.call_count)
def test_create_key(self):
# Create order_ref_url and assign return value
order_ref_url = ("http://localhost:9311/v1/orders/"