From 4343ce524af461132f7d4e1684ea478e9b2c8c3e Mon Sep 17 00:00:00 2001 From: Alvaro Lopez Garcia Date: Fri, 27 May 2016 10:53:00 +0200 Subject: [PATCH] Let Oidc* auth plugins accept scope parameters as kwargs The OidcPassword and OidcAauthCode auth plugins should accept scope parameters like the project, otherwise it would be impossible to get a scoped token, making python-openstackclient fail. Closes-Bug: #1582774 Change-Id: I960d67b4529afbc83eff0da945677b2fd83973e1 --- keystoneauth1/identity/v3/oidc.py | 10 ++++++---- .../notes/bug-1582774-49af731b6dfc6f2f.yaml | 4 ++++ .../tests/unit/identity/test_identity_v3_oidc.py | 6 +++++- 3 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 keystoneauth1/releasenotes/notes/bug-1582774-49af731b6dfc6f2f.yaml diff --git a/keystoneauth1/identity/v3/oidc.py b/keystoneauth1/identity/v3/oidc.py index a980db10..2f37c8e3 100644 --- a/keystoneauth1/identity/v3/oidc.py +++ b/keystoneauth1/identity/v3/oidc.py @@ -127,7 +127,7 @@ class OidcPassword(_OidcBase): def __init__(self, auth_url, identity_provider, protocol, client_id, client_secret, access_token_endpoint, grant_type='password', access_token_type='access_token', - username=None, password=None, scope='profile'): + username=None, password=None, scope='profile', **kwargs): """The OpenID Password plugin expects the following. :param username: Username used to authenticate @@ -149,7 +149,8 @@ class OidcPassword(_OidcBase): client_secret=client_secret, access_token_endpoint=access_token_endpoint, grant_type=grant_type, - access_token_type=access_token_type) + access_token_type=access_token_type, + **kwargs) self.username = username self.password = password self.scope = scope @@ -193,7 +194,7 @@ class OidcAuthorizationCode(_OidcBase): client_id, client_secret, access_token_endpoint, grant_type='authorization_code', access_token_type='access_token', - redirect_uri=None, code=None): + redirect_uri=None, code=None, **kwargs): """The OpenID Authorization Code plugin expects the following. :param redirect_uri: OpenID Connect Client Redirect URL @@ -211,7 +212,8 @@ class OidcAuthorizationCode(_OidcBase): client_secret=client_secret, access_token_endpoint=access_token_endpoint, grant_type=grant_type, - access_token_type=access_token_type) + access_token_type=access_token_type, + **kwargs) self.redirect_uri = redirect_uri self.code = code diff --git a/keystoneauth1/releasenotes/notes/bug-1582774-49af731b6dfc6f2f.yaml b/keystoneauth1/releasenotes/notes/bug-1582774-49af731b6dfc6f2f.yaml new file mode 100644 index 00000000..d58ca631 --- /dev/null +++ b/keystoneauth1/releasenotes/notes/bug-1582774-49af731b6dfc6f2f.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - Fix passing scope parameters in Oidc* auth plugins. + [Bug `1582774 `_] diff --git a/keystoneauth1/tests/unit/identity/test_identity_v3_oidc.py b/keystoneauth1/tests/unit/identity/test_identity_v3_oidc.py index 1cd79813..cfaf0432 100644 --- a/keystoneauth1/tests/unit/identity/test_identity_v3_oidc.py +++ b/keystoneauth1/tests/unit/identity/test_identity_v3_oidc.py @@ -33,6 +33,7 @@ class AuthenticateOIDCTests(utils.TestCase): self.IDENTITY_PROVIDER = 'bluepages' self.PROTOCOL = 'oidc' self.USER_NAME = 'oidc_user@example.com' + self.PROJECT_NAME = 'foo project' self.PASSWORD = uuid.uuid4().hex self.CLIENT_ID = uuid.uuid4().hex self.CLIENT_SECRET = uuid.uuid4().hex @@ -51,6 +52,7 @@ class AuthenticateOIDCTests(utils.TestCase): client_id=self.CLIENT_ID, client_secret=self.CLIENT_SECRET, access_token_endpoint=self.ACCESS_TOKEN_ENDPOINT, + project_name=self.PROJECT_NAME, username=self.USER_NAME, password=self.PASSWORD) @@ -62,13 +64,15 @@ class AuthenticateOIDCTests(utils.TestCase): client_secret=self.CLIENT_SECRET, access_token_endpoint=self.ACCESS_TOKEN_ENDPOINT, redirect_uri=self.REDIRECT_URL, + project_name=self.PROJECT_NAME, code=self.CODE) self.oidc_token = oidc.OidcAccessToken( self.AUTH_URL, self.IDENTITY_PROVIDER, self.PROTOCOL, - access_token=self.ACCESS_TOKEN) + access_token=self.ACCESS_TOKEN, + project_name=self.PROJECT_NAME) class OIDCPasswordTests(AuthenticateOIDCTests):