openstack
/
keystonemiddleware
Code Issues Proposed changes

Specify that unknown arguments can be passed to fetch_token 

To allow flags to be added to fetch_token we need to ensure that any
implementations understand that new information can be passed via the
fetch_token function and that they should ignore this information if
they don't know how to handle it.

This just codifies this information for the equivalent keystone change.

Note that the default implementation of fetch_token in AuthProtocol has
not been updated as it should know of all flags that could be passed to
it.

Implements bp: allow-expired
Change-Id: I7312beb7cdd9527d959d6b7a94c6bfc6bf3c5952
This commit is contained in:
Jamie Lennox 2016-09-29 09:30:27 +10:00
parent b8024ff8c6
commit 9dc439185f
3 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
keystonemiddleware/auth_token/__init__.py
View File

@ -216,6 +216,7 @@ import binascii
import copy
import datetime
import logging
import warnings
from keystoneauth1 import access
from keystoneauth1 import adapter
@ -306,6 +307,14 @@ class BaseAuthProtocol(object):
perform.
"""
# NOTE(jamielennox): Default to True and remove in Pike.
kwargs_to_fetch_token = False
"""A compatibility flag to allow passing **kwargs to fetch_token().
This is basically to allow compatibility with keystone's override. We will
assume all subclasses are ok with this being True in the Pike release.
"""
def __init__(self,
app,
log=_LOG,
@ -383,9 +392,16 @@ class BaseAuthProtocol(object):
if auth_ref.will_expire_soon(stale_duration=0):
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
def _do_fetch_token(self, token):
def _do_fetch_token(self, token, **kwargs):
"""Helper method to fetch a token and convert it into an AccessInfo."""
data = self.fetch_token(token)
if self.kwargs_to_fetch_token:
data = self.fetch_token(token, **kwargs)
else:
m = _('Implementations of auth_token must set '
'kwargs_to_fetch_token this will be the required and '
'assumed in Pike.')
warnings.warn(m)
data = self.fetch_token(token)
try:
return data, access.create(body=data, auth_token=token)
@ -393,7 +409,7 @@ class BaseAuthProtocol(object):
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
def fetch_token(self, token):
def fetch_token(self, token, **kwargs):
"""Fetch the token data based on the value in the header.
Retrieve the data associated with the token value that was in the
@ -401,6 +417,10 @@ class BaseAuthProtocol(object):
whatever is required.
:param str token: The token present in the request header.
:param dict kwargs: Additional keyword arguments may be passed through
here to support new features. If an implementation
is not aware of how to use these arguments it
should ignore them.
:raises exc.InvalidToken: if token is invalid.
@ -487,6 +507,8 @@ class AuthProtocol(BaseAuthProtocol):
_SIGNING_CERT_FILE_NAME = 'signing_cert.pem'
_SIGNING_CA_FILE_NAME = 'cacert.pem'
kwargs_to_fetch_token = True
def __init__(self, app, conf):
log = logging.getLogger(conf.get('log_name', __name__))
log.info(_LI('Starting Keystone auth_token middleware'))

2
keystonemiddleware/fixture.py
View File

@ -89,7 +89,7 @@ class AuthTokenFixture(fixtures.Fixture):
self._token_data[token_id] = token_data
return token_id
def fetch_token(self, token):
def fetch_token(self, token, **kwargs):
"""Low level replacement of fetch_token for AuthProtocol."""
token_data = self._token_data.get(token, {})
if token_data:

4
keystonemiddleware/tests/unit/auth_token/test_base_middleware.py
View File

@ -32,11 +32,13 @@ class FakeApp(object):
class FetchingMiddleware(auth_token.BaseAuthProtocol):
kwargs_to_fetch_token = True
def __init__(self, app, token_dict={}, **kwargs):
super(FetchingMiddleware, self).__init__(app, **kwargs)
self.token_dict = token_dict
def fetch_token(self, token):
def fetch_token(self, token, **kwargs):
try:
return self.token_dict[token]
except KeyError: