openstack
/
keystonemiddleware
Code Issues Proposed changes

Merge "Use AccessInfo in UserAuthPlugin instead of custom"

This commit is contained in:
Jenkins 2016-08-18 16:16:15 +00:00 committed by Gerrit Code Review
parent 1686c4f5a4 d0716d25e4
commit 5947879e94
3 changed files with 17 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
keystonemiddleware/auth_token/__init__.py
View File

@ -582,14 +582,13 @@ class AuthProtocol(BaseAuthProtocol):
content_type='application/json')
if request.user_token_valid:
user_auth_ref = request.token_auth._user_auth_ref
request.set_user_headers(user_auth_ref)
request.set_user_headers(request.token_auth.user)
if self._include_service_catalog:
request.set_service_catalog_headers(user_auth_ref)
request.set_service_catalog_headers(request.token_auth.user)
if request.service_token and request.service_token_valid:
request.set_service_headers(request.token_auth._serv_auth_ref)
request.set_service_headers(request.token_auth.service)
if self.log.isEnabledFor(logging.DEBUG):
self.log.debug('Received request from %s',

187
keystonemiddleware/auth_token/_user_plugin.py
View File

@ -13,140 +13,11 @@
from keystoneauth1.identity import base as base_identity
class _TokenData(object):
"""An abstraction to show auth_token consumers some of the token contents.
This is a simplified and cleaned up keystoneclient.access.AccessInfo object
with which services relying on auth_token middleware can find details of
the current token.
"""
def __init__(self, auth_ref):
self._stored_auth_ref = auth_ref
@property
def _is_v2(self):
return self._stored_auth_ref.version == 'v2.0'
@property
def auth_token(self):
"""The token data used to authenticate requests.
:returns: token data.
:rtype: str
"""
return self._stored_auth_ref.auth_token
@property
def user_id(self):
"""The user id associated with the authentication request.
:rtype: str
"""
return self._stored_auth_ref.user_id
@property
def user_domain_id(self):
"""The domain ID of the user associated with the authentication.
Returns the domain id of the user associated with the authentication
request.
:returns: str
"""
# NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id
# because it can't know that value. We want to return None instead.
if self._is_v2:
return None
return self._stored_auth_ref.user_domain_id
@property
def project_id(self):
"""The project ID associated with the authentication.
:rtype: str
"""
return self._stored_auth_ref.project_id
@property
def project_domain_id(self):
"""The ID of the project associated with the authentication.
The domain id of the project associated with the authentication
request.
:rtype: str
"""
# NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id
# because it can't know that value. We want to return None instead.
if self._is_v2:
return None
return self._stored_auth_ref.project_domain_id
@property
def domain_id(self):
"""The domain ID the authentication is scoped to.
:rtype: str
"""
return self._stored_auth_ref.domain_id
@property
def trust_id(self):
"""Return the trust id associated with the authentication request..
:rtype: str
"""
return self._stored_auth_ref.trust_id
@property
def trustor_user_id(self):
"""The trustor id associated with the authentication request.
:rtype: str
"""
return self._stored_auth_ref.trustor_user_id
@property
def trustee_user_id(self):
"""The trustee id associated with the authentication request.
:rtype: str
"""
return self._stored_auth_ref.trustee_user_id
@property
def role_ids(self):
"""Role ids of the user associated with the authentication request.
:rtype: set(str)
"""
return frozenset(self._stored_auth_ref.role_ids or [])
@property
def role_names(self):
"""Role names of the user associated with the authentication request.
:rtype: set(str)
"""
return frozenset(self._stored_auth_ref.role_names or [])
@property
def is_admin_project(self):
"""Return true if the current project scope is the admin project.
:rtype: bool
"""
return self._stored_auth_ref.is_admin_project
@property
def _log_format(self):
roles = ','.join(self.role_names)
return 'user_id %s, project_id %s, roles %s' % (self.user_id,
self.project_id,
roles)
def _log_format(auth_ref):
roles = ','.join(auth_ref.role_names)
return 'user_id %s, project_id %s, roles %s' % (auth_ref.user_id,
auth_ref.project_id,
roles)
class UserAuthPlugin(base_identity.BaseIdentityPlugin):
@ -163,67 +34,33 @@ class UserAuthPlugin(base_identity.BaseIdentityPlugin):
def __init__(self, user_auth_ref, serv_auth_ref):
super(UserAuthPlugin, self).__init__(reauthenticate=False)
# NOTE(jamielennox): _user_auth_ref and _serv_auth_ref are private
# because this object ends up in the environ that is passed to the
# service, however they are used within auth_token middleware.
self._user_auth_ref = user_auth_ref
self._serv_auth_ref = serv_auth_ref
self._user_data = None
self._serv_data = None
self.user = user_auth_ref
self.service = serv_auth_ref
@property
def has_user_token(self):
"""Did this authentication request contained a user auth token."""
return self._user_auth_ref is not None
@property
def user(self):
"""Authentication information about the user token.
Will return None if a user token was not passed with this request.
"""
if not self.has_user_token:
return None
if not self._user_data:
self._user_data = _TokenData(self._user_auth_ref)
return self._user_data
return self.user is not None
@property
def has_service_token(self):
"""Did this authentication request contained a service token."""
return self._serv_auth_ref is not None
@property
def service(self):
"""Authentication information about the service token.
Will return None if a user token was not passed with this request.
"""
if not self.has_service_token:
return None
if not self._serv_data:
self._serv_data = _TokenData(self._serv_auth_ref)
return self._serv_data
return self.service is not None
def get_auth_ref(self, session, **kwargs):
# NOTE(jamielennox): We will always use the auth_ref that was
# calculated by the middleware. reauthenticate=False in __init__ should
# ensure that this function is only called on the first access.
return self._user_auth_ref
return self.user
@property
def _log_format(self):
msg = []
if self.has_user_token:
msg.append('user: %s' % self.user._log_format)
msg.append('user: %s' % _log_format(self.user))
if self.has_service_token:
msg.append('service: %s' % self.service._log_format)
msg.append('service: %s' % _log_format(self.service))
return ' '.join(msg)

4
keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py
View File

@ -109,7 +109,7 @@ class V2UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
self.requests_mock.post(url, json=self.service_token)
def get_role_names(self, token):
return set(x['name'] for x in token['access']['user'].get('roles', []))
return [x['name'] for x in token['access']['user'].get('roles', [])]
def get_token(self):
token = fixture.V2Token()
@ -174,7 +174,7 @@ class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
json=self.service_token)
def get_role_names(self, token):
return set(x['name'] for x in token['token'].get('roles', []))
return [x['name'] for x in token['token'].get('roles', [])]
def get_token(self, project=True):
token_id = uuid.uuid4().hex