Pass configure_via_auth down to auth plugin

Pass down the configure_via_auth value to the auth plugin to say whether or not it should look in the service catalog for the glance registry endpoint. This stops authentication by glance registry client from needlessly looking for an "image" service endpoint when the user may not have it in their service catalog. Fixes bug 1187888 Change-Id: I1c4a726ff0d6a345a27446500135f4f27cea5e39
2013-06-05 14:56:14 -04:00 · 2013-06-05 14:56:14 -04:00 · d17e87ff7f
parent c043f30b97
commit d17e87ff7f
4 changed files with 57 additions and 7 deletions
--- a/glance/common/auth.py
+++ b/glance/common/auth.py
@ -76,9 +76,10 @@ class NoAuthStrategy(BaseStrategy):
 class KeystoneStrategy(BaseStrategy):
    MAX_REDIRECTS = 10

-    def __init__(self, creds, insecure=False):
+    def __init__(self, creds, insecure=False, configure_via_auth=True):
        self.creds = creds
        self.insecure = insecure
+        self.configure_via_auth = configure_via_auth
        super(KeystoneStrategy, self).__init__()

    def check_auth_params(self):
@ -170,7 +171,8 @@ class KeystoneStrategy(BaseStrategy):

        if resp.status in (200, 204):
            try:
-                self.management_url = _management_url(self, resp)
+                if self.configure_via_auth:
+                    self.management_url = _management_url(self, resp)
                self.auth_token = resp['x-auth-token']
            except KeyError:
                raise exception.AuthorizationFailure()
@ -209,8 +211,10 @@ class KeystoneStrategy(BaseStrategy):
        if resp.status == 200:
            resp_auth = json.loads(resp_body)['access']
            creds_region = self.creds.get('region')
-            self.management_url = get_endpoint(resp_auth['serviceCatalog'],
-                                               endpoint_region=creds_region)
+            if self.configure_via_auth:
+                endpoint = get_endpoint(resp_auth['serviceCatalog'],
+                                        endpoint_region=creds_region)
+                self.management_url = endpoint
            self.auth_token = resp_auth['token']['id']
        elif resp.status == 305:
            raise exception.RedirectException(resp['location'])
@ -241,11 +245,13 @@ class KeystoneStrategy(BaseStrategy):
        return resp, resp_body


-def get_plugin_from_strategy(strategy, creds=None, insecure=False):
+def get_plugin_from_strategy(strategy, creds=None, insecure=False,
+                             configure_via_auth=True):
    if strategy == 'noauth':
        return NoAuthStrategy()
    elif strategy == 'keystone':
-        return KeystoneStrategy(creds, insecure)
+        return KeystoneStrategy(creds, insecure,
+                                configure_via_auth=configure_via_auth)
    else:
        raise Exception(_("Unknown auth strategy '%s'") % strategy)

--- a/glance/common/client.py
+++ b/glance/common/client.py
@ -328,7 +328,8 @@ class BaseClient(object):
        Returns an instantiated authentication plugin.
        """
        strategy = creds.get('strategy', 'noauth')
-        plugin = auth.get_plugin_from_strategy(strategy, creds, insecure)
+        plugin = auth.get_plugin_from_strategy(strategy, creds, insecure,
+                                               self.configure_via_auth)
        return plugin

    def get_connection_type(self):
--- a/glance/tests/unit/common/test_client.py
+++ b/glance/tests/unit/common/test_client.py
@ -19,6 +19,7 @@ import StringIO
 import mox
 import testtools

+from glance.common import auth
 from glance.common import client
 from glance.tests import utils

@ -39,6 +40,21 @@ class TestClient(testtools.TestCase):
        super(TestClient, self).tearDown()
        self.mock.UnsetStubs()

+    def test_make_auth_plugin(self):
+        creds = {'strategy': 'keystone'}
+        insecure = False
+        configure_via_auth = True
+
+        self.mock.StubOutWithMock(auth, 'get_plugin_from_strategy')
+        auth.get_plugin_from_strategy('keystone', creds, insecure,
+                                      configure_via_auth)
+
+        self.mock.ReplayAll()
+
+        self.client.make_auth_plugin(creds, insecure)
+
+        self.mock.VerifyAll()
+
    def test_http_encoding_headers(self):
        httplib.HTTPConnection.request(
            mox.IgnoreArg(),
--- a/glance/tests/unit/test_auth.py
+++ b/glance/tests/unit/test_auth.py
@ -123,6 +123,17 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
        self.stubs = stubout.StubOutForTesting()
        self.addCleanup(self.stubs.UnsetAll)

+    def test_get_plugin_from_strategy_keystone(self):
+        strategy = auth.get_plugin_from_strategy('keystone')
+        self.assertTrue(isinstance(strategy, auth.KeystoneStrategy))
+        self.assertTrue(strategy.configure_via_auth)
+
+    def test_get_plugin_from_strategy_keystone_configure_via_auth_false(self):
+        strategy = auth.get_plugin_from_strategy('keystone',
+                                                 configure_via_auth=False)
+        self.assertTrue(isinstance(strategy, auth.KeystoneStrategy))
+        self.assertFalse(strategy.configure_via_auth)
+
    def test_required_creds(self):
        """
        Test that plugin created without required
@ -236,6 +247,7 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
                resp.status = 401
            else:
                resp.status = 200
+                resp.headers.update({"x-image-management-url": "example.com"})

            return FakeResponse(resp), ""

@ -295,6 +307,13 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
        for creds in good_creds:
            plugin = auth.KeystoneStrategy(creds)
            self.assertTrue(plugin.authenticate() is None)
+            self.assertEqual(plugin.management_url, "example.com")
+
+        # Assert it does not update management_url via auth response
+        for creds in good_creds:
+            plugin = auth.KeystoneStrategy(creds, configure_via_auth=False)
+            self.assertTrue(plugin.authenticate() is None)
+            self.assertTrue(plugin.management_url is None)

    def test_v2_auth(self):
        """Test v2 auth code paths"""
@ -521,6 +540,14 @@ class TestKeystoneAuthPlugin(utils.BaseTestCase):
        except exception.NoServiceEndpoint:
            pass

+        try:
+            plugin = auth.KeystoneStrategy(good_creds,
+                                           configure_via_auth=False)
+            plugin.authenticate()
+        except exception.NoServiceEndpoint:
+            self.fail("NoServiceEndpoint was raised when authenticate "
+                      "should not check for endpoint.")
+

 class TestEndpoints(utils.BaseTestCase):