Allow specifying a region name to auth_token
The keystone that is used to validate tokens is determined from the service catalog. If you have multiple identity entries in your service catalog then you need to specify the region to use. Add a region_name option. Change-Id: I512dbcdc7031f476d691b7ce09b7c6411900ea9e Closes-Bug: #1405717
This commit is contained in:
parent
ba68a74e65
commit
2bba182751
|
@ -270,6 +270,8 @@ _OPTS = [
|
|||
help='A PEM encoded Certificate Authority to use when '
|
||||
'verifying HTTPs connections. Defaults to system CAs.'),
|
||||
cfg.BoolOpt('insecure', default=False, help='Verify HTTPS connections.'),
|
||||
cfg.StrOpt('region_name', default=None,
|
||||
help='The region in which the identity server can be found.'),
|
||||
cfg.StrOpt('signing_dir',
|
||||
help='Directory used to cache files related to PKI tokens.'),
|
||||
cfg.ListOpt('memcached_servers',
|
||||
|
@ -1031,6 +1033,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
|||
auth=auth_plugin,
|
||||
service_type='identity',
|
||||
interface='admin',
|
||||
region_name=self._conf_get('region_name'),
|
||||
connect_retries=self._conf_get('http_request_max_retries'))
|
||||
|
||||
auth_version = self._conf_get('auth_version')
|
||||
|
|
|
@ -643,6 +643,64 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
|||
self.assertRaises(exc.ConfigurationError,
|
||||
auth_token.AuthProtocol, self.fake_app, conf)
|
||||
|
||||
def test_auth_region_name(self):
|
||||
token = fixture.V3Token()
|
||||
|
||||
auth_url = 'http://keystone-auth.example.com:5000'
|
||||
east_url = 'http://keystone-east.example.com:5000'
|
||||
west_url = 'http://keystone-west.example.com:5000'
|
||||
|
||||
auth_versions = fixture.DiscoveryList(href=auth_url)
|
||||
east_versions = fixture.DiscoveryList(href=east_url)
|
||||
west_versions = fixture.DiscoveryList(href=west_url)
|
||||
|
||||
s = token.add_service('identity')
|
||||
s.add_endpoint(interface='admin', url=east_url, region='east')
|
||||
s.add_endpoint(interface='admin', url=west_url, region='west')
|
||||
|
||||
self.requests_mock.get(auth_url, json=auth_versions)
|
||||
self.requests_mock.get(east_url, json=east_versions)
|
||||
self.requests_mock.get(west_url, json=west_versions)
|
||||
|
||||
self.requests_mock.post(
|
||||
'%s/v3/auth/tokens' % auth_url,
|
||||
headers={'X-Subject-Token': uuid.uuid4().hex},
|
||||
json=token)
|
||||
|
||||
east_mock = self.requests_mock.get(
|
||||
'%s/v3/auth/tokens' % east_url,
|
||||
headers={'X-Subject-Token': uuid.uuid4().hex},
|
||||
json=fixture.V3Token())
|
||||
|
||||
west_mock = self.requests_mock.get(
|
||||
'%s/v3/auth/tokens' % west_url,
|
||||
headers={'X-Subject-Token': uuid.uuid4().hex},
|
||||
json=fixture.V3Token())
|
||||
|
||||
conf = {'auth_uri': auth_url,
|
||||
'auth_url': auth_url + '/v3',
|
||||
'auth_plugin': 'v3password',
|
||||
'username': 'user',
|
||||
'password': 'pass'}
|
||||
|
||||
self.assertEqual(0, east_mock.call_count)
|
||||
self.assertEqual(0, west_mock.call_count)
|
||||
|
||||
east_app = self.create_simple_middleware(conf=dict(region_name='east',
|
||||
**conf))
|
||||
self.call(east_app, headers={'X-Auth-Token': uuid.uuid4().hex})
|
||||
|
||||
self.assertEqual(1, east_mock.call_count)
|
||||
self.assertEqual(0, west_mock.call_count)
|
||||
|
||||
west_app = self.create_simple_middleware(conf=dict(region_name='west',
|
||||
**conf))
|
||||
|
||||
self.call(west_app, headers={'X-Auth-Token': uuid.uuid4().hex})
|
||||
|
||||
self.assertEqual(1, east_mock.call_count)
|
||||
self.assertEqual(1, west_mock.call_count)
|
||||
|
||||
|
||||
class CommonAuthTokenMiddlewareTest(object):
|
||||
"""These tests are run once using v2 tokens and again using v3 tokens."""
|
||||
|
|
|
@ -46,6 +46,7 @@ class OptsTestCase(utils.TestCase):
|
|||
'certfile',
|
||||
'keyfile',
|
||||
'cafile',
|
||||
'region_name',
|
||||
'insecure',
|
||||
'signing_dir',
|
||||
'memcached_servers',
|
||||
|
|
Loading…
Reference in New Issue