openstack
/
keystonemiddleware
Code Issues Proposed changes

Allow specifying a region name to auth_token 

The keystone that is used to validate tokens is determined from the
service catalog. If you have multiple identity entries in your service
catalog then you need to specify the region to use.

Add a region_name option.

Change-Id: I512dbcdc7031f476d691b7ce09b7c6411900ea9e
Closes-Bug: #1405717
This commit is contained in:
Jamie Lennox 2015-08-25 15:30:40 +10:00
parent ba68a74e65
commit 2bba182751
3 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
keystonemiddleware/auth_token/__init__.py
View File

@ -270,6 +270,8 @@ _OPTS = [
help='A PEM encoded Certificate Authority to use when '
'verifying HTTPs connections. Defaults to system CAs.'),
cfg.BoolOpt('insecure', default=False, help='Verify HTTPS connections.'),
cfg.StrOpt('region_name', default=None,
help='The region in which the identity server can be found.'),
cfg.StrOpt('signing_dir',
help='Directory used to cache files related to PKI tokens.'),
cfg.ListOpt('memcached_servers',
@ -1031,6 +1033,7 @@ class AuthProtocol(_BaseAuthProtocol):
auth=auth_plugin,
service_type='identity',
interface='admin',
region_name=self._conf_get('region_name'),
connect_retries=self._conf_get('http_request_max_retries'))
auth_version = self._conf_get('auth_version')

58
keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
View File

@ -643,6 +643,64 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.assertRaises(exc.ConfigurationError,
auth_token.AuthProtocol, self.fake_app, conf)
def test_auth_region_name(self):
token = fixture.V3Token()
auth_url = 'http://keystone-auth.example.com:5000'
east_url = 'http://keystone-east.example.com:5000'
west_url = 'http://keystone-west.example.com:5000'
auth_versions = fixture.DiscoveryList(href=auth_url)
east_versions = fixture.DiscoveryList(href=east_url)
west_versions = fixture.DiscoveryList(href=west_url)
s = token.add_service('identity')
s.add_endpoint(interface='admin', url=east_url, region='east')
s.add_endpoint(interface='admin', url=west_url, region='west')
self.requests_mock.get(auth_url, json=auth_versions)
self.requests_mock.get(east_url, json=east_versions)
self.requests_mock.get(west_url, json=west_versions)
self.requests_mock.post(
'%s/v3/auth/tokens' % auth_url,
headers={'X-Subject-Token': uuid.uuid4().hex},
json=token)
east_mock = self.requests_mock.get(
'%s/v3/auth/tokens' % east_url,
headers={'X-Subject-Token': uuid.uuid4().hex},
json=fixture.V3Token())
west_mock = self.requests_mock.get(
'%s/v3/auth/tokens' % west_url,
headers={'X-Subject-Token': uuid.uuid4().hex},
json=fixture.V3Token())
conf = {'auth_uri': auth_url,
'auth_url': auth_url + '/v3',
'auth_plugin': 'v3password',
'username': 'user',
'password': 'pass'}
self.assertEqual(0, east_mock.call_count)
self.assertEqual(0, west_mock.call_count)
east_app = self.create_simple_middleware(conf=dict(region_name='east',
**conf))
self.call(east_app, headers={'X-Auth-Token': uuid.uuid4().hex})
self.assertEqual(1, east_mock.call_count)
self.assertEqual(0, west_mock.call_count)
west_app = self.create_simple_middleware(conf=dict(region_name='west',
**conf))
self.call(west_app, headers={'X-Auth-Token': uuid.uuid4().hex})
self.assertEqual(1, east_mock.call_count)
self.assertEqual(1, west_mock.call_count)
class CommonAuthTokenMiddlewareTest(object):
"""These tests are run once using v2 tokens and again using v3 tokens."""

1
keystonemiddleware/tests/unit/test_opts.py
View File

@ -46,6 +46,7 @@ class OptsTestCase(utils.TestCase):
'certfile',
'keyfile',
'cafile',
'region_name',
'insecure',
'signing_dir',
'memcached_servers',