Pass configure_via_auth down to auth plugin
Pass down the configure_via_auth value to the auth plugin to say whether or not it should look in the service catalog for the glance registry endpoint. This stops authentication by glance registry client from needlessly looking for an "image" service endpoint when the user may not have it in their service catalog. Fixes bug 1187888 Change-Id: I1c4a726ff0d6a345a27446500135f4f27cea5e39
This commit is contained in:
parent
c043f30b97
commit
d17e87ff7f
|
@ -76,9 +76,10 @@ class NoAuthStrategy(BaseStrategy):
|
|||
class KeystoneStrategy(BaseStrategy):
|
||||
MAX_REDIRECTS = 10
|
||||
|
||||
def __init__(self, creds, insecure=False):
|
||||
def __init__(self, creds, insecure=False, configure_via_auth=True):
|
||||
self.creds = creds
|
||||
self.insecure = insecure
|
||||
self.configure_via_auth = configure_via_auth
|
||||
super(KeystoneStrategy, self).__init__()
|
||||
|
||||
def check_auth_params(self):
|
||||
|
@ -170,7 +171,8 @@ class KeystoneStrategy(BaseStrategy):
|
|||
|
||||
if resp.status in (200, 204):
|
||||
try:
|
||||
self.management_url = _management_url(self, resp)
|
||||
if self.configure_via_auth:
|
||||
self.management_url = _management_url(self, resp)
|
||||
self.auth_token = resp['x-auth-token']
|
||||
except KeyError:
|
||||
raise exception.AuthorizationFailure()
|
||||
|
@ -209,8 +211,10 @@ class KeystoneStrategy(BaseStrategy):
|
|||
if resp.status == 200:
|
||||
resp_auth = json.loads(resp_body)['access']
|
||||
creds_region = self.creds.get('region')
|
||||
self.management_url = get_endpoint(resp_auth['serviceCatalog'],
|
||||
endpoint_region=creds_region)
|
||||
if self.configure_via_auth:
|
||||
endpoint = get_endpoint(resp_auth['serviceCatalog'],
|
||||
endpoint_region=creds_region)
|
||||
self.management_url = endpoint
|
||||
self.auth_token = resp_auth['token']['id']
|
||||
elif resp.status == 305:
|
||||
raise exception.RedirectException(resp['location'])
|
||||
|
@ -241,11 +245,13 @@ class KeystoneStrategy(BaseStrategy):
|
|||
return resp, resp_body
|
||||
|
||||
|
||||
def get_plugin_from_strategy(strategy, creds=None, insecure=False):
|
||||
def get_plugin_from_strategy(strategy, creds=None, insecure=False,
|
||||
configure_via_auth=True):
|
||||
if strategy == 'noauth':
|
||||
return NoAuthStrategy()
|
||||
elif strategy == 'keystone':
|
||||
return KeystoneStrategy(creds, insecure)
|
||||
return KeystoneStrategy(creds, insecure,
|
||||
configure_via_auth=configure_via_auth)
|
||||
else:
|
||||
raise Exception(_("Unknown auth strategy '%s'") % strategy)
|
||||
|
||||
|
|
|
@ -328,7 +328,8 @@ class BaseClient(object):
|
|||
Returns an instantiated authentication plugin.
|
||||
"""
|
||||
strategy = creds.get('strategy', 'noauth')
|
||||
plugin = auth.get_plugin_from_strategy(strategy, creds, insecure)
|
||||
plugin = auth.get_plugin_from_strategy(strategy, creds, insecure,
|
||||
self.configure_via_auth)
|
||||
return plugin
|
||||
|
||||
def get_connection_type(self):
|
||||
|
|
|
@ -19,6 +19,7 @@ import StringIO
|
|||
import mox
|
||||
import testtools
|
||||
|
||||
from glance.common import auth
|
||||
from glance.common import client
|
||||
from glance.tests import utils
|
||||
|
||||
|
@ -39,6 +40,21 @@ class TestClient(testtools.TestCase):
|
|||
super(TestClient, self).tearDown()
|
||||
self.mock.UnsetStubs()
|
||||
|
||||
def test_make_auth_plugin(self):
|
||||
creds = {'strategy': 'keystone'}
|
||||
insecure = False
|
||||
configure_via_auth = True
|
||||
|
||||
self.mock.StubOutWithMock(auth, 'get_plugin_from_strategy')
|
||||
auth.get_plugin_from_strategy('keystone', creds, insecure,
|
||||
configure_via_auth)
|
||||
|
||||
self.mock.ReplayAll()
|
||||
|
||||
self.client.make_auth_plugin(creds, insecure)
|
||||
|
||||
self.mock.VerifyAll()
|
||||
|
||||
def test_http_encoding_headers(self):
|
||||
httplib.HTTPConnection.request(
|
||||
mox.IgnoreArg(),
|
||||
|
|
|
@ -123,6 +123,17 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
|
|||
self.stubs = stubout.StubOutForTesting()
|
||||
self.addCleanup(self.stubs.UnsetAll)
|
||||
|
||||
def test_get_plugin_from_strategy_keystone(self):
|
||||
strategy = auth.get_plugin_from_strategy('keystone')
|
||||
self.assertTrue(isinstance(strategy, auth.KeystoneStrategy))
|
||||
self.assertTrue(strategy.configure_via_auth)
|
||||
|
||||
def test_get_plugin_from_strategy_keystone_configure_via_auth_false(self):
|
||||
strategy = auth.get_plugin_from_strategy('keystone',
|
||||
configure_via_auth=False)
|
||||
self.assertTrue(isinstance(strategy, auth.KeystoneStrategy))
|
||||
self.assertFalse(strategy.configure_via_auth)
|
||||
|
||||
def test_required_creds(self):
|
||||
"""
|
||||
Test that plugin created without required
|
||||
|
@ -236,6 +247,7 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
|
|||
resp.status = 401
|
||||
else:
|
||||
resp.status = 200
|
||||
resp.headers.update({"x-image-management-url": "example.com"})
|
||||
|
||||
return FakeResponse(resp), ""
|
||||
|
||||
|
@ -295,6 +307,13 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
|
|||
for creds in good_creds:
|
||||
plugin = auth.KeystoneStrategy(creds)
|
||||
self.assertTrue(plugin.authenticate() is None)
|
||||
self.assertEqual(plugin.management_url, "example.com")
|
||||
|
||||
# Assert it does not update management_url via auth response
|
||||
for creds in good_creds:
|
||||
plugin = auth.KeystoneStrategy(creds, configure_via_auth=False)
|
||||
self.assertTrue(plugin.authenticate() is None)
|
||||
self.assertTrue(plugin.management_url is None)
|
||||
|
||||
def test_v2_auth(self):
|
||||
"""Test v2 auth code paths"""
|
||||
|
@ -521,6 +540,14 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
|
|||
except exception.NoServiceEndpoint:
|
||||
pass
|
||||
|
||||
try:
|
||||
plugin = auth.KeystoneStrategy(good_creds,
|
||||
configure_via_auth=False)
|
||||
plugin.authenticate()
|
||||
except exception.NoServiceEndpoint:
|
||||
self.fail("NoServiceEndpoint was raised when authenticate "
|
||||
"should not check for endpoint.")
|
||||
|
||||
|
||||
class TestEndpoints(utils.BaseTestCase):
|
||||
|
||||
|
|
Loading…
Reference in New Issue