Reuse existing token from RequestContext
When castellan trying to recreate trust-scoped token from RequestContext keystone throw exception because it's not allowed. Starting from this commit castellan trying to reuse existing token constructed from RequestContext if get_auth_plugin() is available. Change-Id: I10a12b9a2a7f796eca37dd20a280d3a4015a6903 Closes-Bug: #1827047 Depends-On: https://review.opendev.org/#/c/664558/
This commit is contained in:
parent
3e5a18ca7c
commit
5d93676338
|
@ -175,13 +175,16 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
# this will be kept for oslo.context compatibility until
|
# this will be kept for oslo.context compatibility until
|
||||||
# projects begin to use utils.credential_factory
|
# projects begin to use utils.credential_factory
|
||||||
elif context.__class__.__name__ is 'RequestContext':
|
elif context.__class__.__name__ is 'RequestContext':
|
||||||
return identity.Token(
|
if getattr(context, 'get_auth_plugin', None):
|
||||||
auth_url=self.conf.barbican.auth_endpoint,
|
return context.get_auth_plugin()
|
||||||
token=context.auth_token,
|
else:
|
||||||
project_id=context.project_id,
|
return identity.Token(
|
||||||
project_name=context.project_name,
|
auth_url=self.conf.barbican.auth_endpoint,
|
||||||
project_domain_id=context.project_domain_id,
|
token=context.auth_token,
|
||||||
project_domain_name=context.project_domain_name)
|
project_id=context.project_id,
|
||||||
|
project_name=context.project_name,
|
||||||
|
project_domain_id=context.project_domain_id,
|
||||||
|
project_domain_name=context.project_domain_name)
|
||||||
else:
|
else:
|
||||||
msg = _("context must be of type KeystonePassword, "
|
msg = _("context must be of type KeystonePassword, "
|
||||||
"KeystoneToken, or RequestContext.")
|
"KeystoneToken, or RequestContext.")
|
||||||
|
@ -192,6 +195,10 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
barbican = self.conf.barbican
|
barbican = self.conf.barbican
|
||||||
if barbican.barbican_endpoint:
|
if barbican.barbican_endpoint:
|
||||||
return barbican.barbican_endpoint
|
return barbican.barbican_endpoint
|
||||||
|
elif getattr(auth, 'service_catalog', None):
|
||||||
|
endpoint_data = auth.service_catalog.endpoint_data_for(
|
||||||
|
service_type='key-manager')
|
||||||
|
return endpoint_data.url
|
||||||
else:
|
else:
|
||||||
service_parameters = {'service_type': 'key-manager',
|
service_parameters = {'service_type': 'key-manager',
|
||||||
'service_name': 'barbican',
|
'service_name': 'barbican',
|
||||||
|
@ -199,9 +206,14 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
||||||
return auth.get_endpoint(sess, **service_parameters)
|
return auth.get_endpoint(sess, **service_parameters)
|
||||||
|
|
||||||
def _create_base_url(self, auth, sess, endpoint):
|
def _create_base_url(self, auth, sess, endpoint):
|
||||||
|
api_version = None
|
||||||
if self.conf.barbican.barbican_api_version:
|
if self.conf.barbican.barbican_api_version:
|
||||||
api_version = self.conf.barbican.barbican_api_version
|
api_version = self.conf.barbican.barbican_api_version
|
||||||
else:
|
elif getattr(auth, 'service_catalog', None):
|
||||||
|
endpoint_data = auth.service_catalog.endpoint_data_for(
|
||||||
|
service_type='key-manager')
|
||||||
|
api_version = endpoint_data.api_version
|
||||||
|
elif getattr(auth, 'get_discovery', None):
|
||||||
discovery = auth.get_discovery(sess, url=endpoint)
|
discovery = auth.get_discovery(sess, url=endpoint)
|
||||||
raw_data = discovery.raw_version_data()
|
raw_data = discovery.raw_version_data()
|
||||||
if len(raw_data) == 0:
|
if len(raw_data) == 0:
|
||||||
|
|
|
@ -94,6 +94,54 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||||
endpoint)
|
endpoint)
|
||||||
self.assertEqual(endpoint + "/" + version, base_url)
|
self.assertEqual(endpoint + "/" + version, base_url)
|
||||||
|
|
||||||
|
def test_base_url_service_catalog(self):
|
||||||
|
endpoint_data = mock.Mock()
|
||||||
|
endpoint_data.api_version = 'v321'
|
||||||
|
|
||||||
|
auth = mock.Mock(spec=['service_catalog'])
|
||||||
|
auth.service_catalog.endpoint_data_for.return_value = endpoint_data
|
||||||
|
|
||||||
|
endpoint = "http://localhost/key_manager"
|
||||||
|
|
||||||
|
base_url = self.key_mgr._create_base_url(auth,
|
||||||
|
mock.Mock(),
|
||||||
|
endpoint)
|
||||||
|
self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
|
||||||
|
auth.service_catalog.endpoint_data_for.assert_called_once_with(
|
||||||
|
service_type='key-manager')
|
||||||
|
|
||||||
|
def test_base_url_raise_exception(self):
|
||||||
|
auth = mock.Mock(spec=['get_discovery'])
|
||||||
|
sess = mock.Mock()
|
||||||
|
discovery = mock.Mock()
|
||||||
|
discovery.raw_version_data = mock.Mock(return_value=[])
|
||||||
|
auth.get_discovery = mock.Mock(return_value=discovery)
|
||||||
|
|
||||||
|
endpoint = "http://localhost/key_manager"
|
||||||
|
|
||||||
|
self.assertRaises(exception.KeyManagerError,
|
||||||
|
self.key_mgr._create_base_url,
|
||||||
|
auth, sess, endpoint)
|
||||||
|
auth.get_discovery.asser_called_once_with(sess, url=endpoint)
|
||||||
|
self.assertEqual(1, discovery.raw_version_data.call_count)
|
||||||
|
|
||||||
|
def test_base_url_get_discovery(self):
|
||||||
|
version = 'v100500'
|
||||||
|
auth = mock.Mock(spec=['get_discovery'])
|
||||||
|
sess = mock.Mock()
|
||||||
|
discovery = mock.Mock()
|
||||||
|
auth.get_discovery = mock.Mock(return_value=discovery)
|
||||||
|
discovery.raw_version_data = mock.Mock(return_value=[{'id': version}])
|
||||||
|
|
||||||
|
endpoint = "http://localhost/key_manager"
|
||||||
|
|
||||||
|
base_url = self.key_mgr._create_base_url(auth,
|
||||||
|
mock.Mock(),
|
||||||
|
endpoint)
|
||||||
|
self.assertEqual(endpoint + "/" + version, base_url)
|
||||||
|
auth.get_discovery.asser_called_once_with(sess, url=endpoint)
|
||||||
|
self.assertEqual(1, discovery.raw_version_data.call_count)
|
||||||
|
|
||||||
def test_create_key(self):
|
def test_create_key(self):
|
||||||
# Create order_ref_url and assign return value
|
# Create order_ref_url and assign return value
|
||||||
order_ref_url = ("http://localhost:9311/v1/orders/"
|
order_ref_url = ("http://localhost:9311/v1/orders/"
|
||||||
|
|
Loading…
Reference in New Issue