diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py index aefcf832..28ad2a28 100644 --- a/keystonemiddleware/auth_token/__init__.py +++ b/keystonemiddleware/auth_token/__init__.py @@ -582,14 +582,13 @@ class AuthProtocol(BaseAuthProtocol): content_type='application/json') if request.user_token_valid: - user_auth_ref = request.token_auth._user_auth_ref - request.set_user_headers(user_auth_ref) + request.set_user_headers(request.token_auth.user) if self._include_service_catalog: - request.set_service_catalog_headers(user_auth_ref) + request.set_service_catalog_headers(request.token_auth.user) if request.service_token and request.service_token_valid: - request.set_service_headers(request.token_auth._serv_auth_ref) + request.set_service_headers(request.token_auth.service) if self.log.isEnabledFor(logging.DEBUG): self.log.debug('Received request from %s', diff --git a/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware/auth_token/_user_plugin.py index c513ab9a..ccddfc5f 100644 --- a/keystonemiddleware/auth_token/_user_plugin.py +++ b/keystonemiddleware/auth_token/_user_plugin.py @@ -13,140 +13,11 @@ from keystoneauth1.identity import base as base_identity -class _TokenData(object): - """An abstraction to show auth_token consumers some of the token contents. - - This is a simplified and cleaned up keystoneclient.access.AccessInfo object - with which services relying on auth_token middleware can find details of - the current token. - """ - - def __init__(self, auth_ref): - self._stored_auth_ref = auth_ref - - @property - def _is_v2(self): - return self._stored_auth_ref.version == 'v2.0' - - @property - def auth_token(self): - """The token data used to authenticate requests. - - :returns: token data. - :rtype: str - """ - return self._stored_auth_ref.auth_token - - @property - def user_id(self): - """The user id associated with the authentication request. - - :rtype: str - """ - return self._stored_auth_ref.user_id - - @property - def user_domain_id(self): - """The domain ID of the user associated with the authentication. - - Returns the domain id of the user associated with the authentication - request. - - :returns: str - """ - # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id - # because it can't know that value. We want to return None instead. - if self._is_v2: - return None - - return self._stored_auth_ref.user_domain_id - - @property - def project_id(self): - """The project ID associated with the authentication. - - :rtype: str - """ - return self._stored_auth_ref.project_id - - @property - def project_domain_id(self): - """The ID of the project associated with the authentication. - - The domain id of the project associated with the authentication - request. - - :rtype: str - """ - # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id - # because it can't know that value. We want to return None instead. - if self._is_v2: - return None - - return self._stored_auth_ref.project_domain_id - - @property - def domain_id(self): - """The domain ID the authentication is scoped to. - - :rtype: str - """ - return self._stored_auth_ref.domain_id - - @property - def trust_id(self): - """Return the trust id associated with the authentication request.. - - :rtype: str - """ - return self._stored_auth_ref.trust_id - - @property - def trustor_user_id(self): - """The trustor id associated with the authentication request. - - :rtype: str - """ - return self._stored_auth_ref.trustor_user_id - - @property - def trustee_user_id(self): - """The trustee id associated with the authentication request. - - :rtype: str - """ - return self._stored_auth_ref.trustee_user_id - - @property - def role_ids(self): - """Role ids of the user associated with the authentication request. - - :rtype: set(str) - """ - return frozenset(self._stored_auth_ref.role_ids or []) - - @property - def role_names(self): - """Role names of the user associated with the authentication request. - - :rtype: set(str) - """ - return frozenset(self._stored_auth_ref.role_names or []) - - @property - def is_admin_project(self): - """Return true if the current project scope is the admin project. - - :rtype: bool - """ - return self._stored_auth_ref.is_admin_project - - @property - def _log_format(self): - roles = ','.join(self.role_names) - return 'user_id %s, project_id %s, roles %s' % (self.user_id, - self.project_id, - roles) +def _log_format(auth_ref): + roles = ','.join(auth_ref.role_names) + return 'user_id %s, project_id %s, roles %s' % (auth_ref.user_id, + auth_ref.project_id, + roles) class UserAuthPlugin(base_identity.BaseIdentityPlugin): @@ -163,67 +34,33 @@ class UserAuthPlugin(base_identity.BaseIdentityPlugin): def __init__(self, user_auth_ref, serv_auth_ref): super(UserAuthPlugin, self).__init__(reauthenticate=False) - # NOTE(jamielennox): _user_auth_ref and _serv_auth_ref are private - # because this object ends up in the environ that is passed to the - # service, however they are used within auth_token middleware. - self._user_auth_ref = user_auth_ref - self._serv_auth_ref = serv_auth_ref - - self._user_data = None - self._serv_data = None + self.user = user_auth_ref + self.service = serv_auth_ref @property def has_user_token(self): """Did this authentication request contained a user auth token.""" - return self._user_auth_ref is not None - - @property - def user(self): - """Authentication information about the user token. - - Will return None if a user token was not passed with this request. - """ - if not self.has_user_token: - return None - - if not self._user_data: - self._user_data = _TokenData(self._user_auth_ref) - - return self._user_data + return self.user is not None @property def has_service_token(self): """Did this authentication request contained a service token.""" - return self._serv_auth_ref is not None - - @property - def service(self): - """Authentication information about the service token. - - Will return None if a user token was not passed with this request. - """ - if not self.has_service_token: - return None - - if not self._serv_data: - self._serv_data = _TokenData(self._serv_auth_ref) - - return self._serv_data + return self.service is not None def get_auth_ref(self, session, **kwargs): # NOTE(jamielennox): We will always use the auth_ref that was # calculated by the middleware. reauthenticate=False in __init__ should # ensure that this function is only called on the first access. - return self._user_auth_ref + return self.user @property def _log_format(self): msg = [] if self.has_user_token: - msg.append('user: %s' % self.user._log_format) + msg.append('user: %s' % _log_format(self.user)) if self.has_service_token: - msg.append('service: %s' % self.service._log_format) + msg.append('service: %s' % _log_format(self.service)) return ' '.join(msg) diff --git a/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py b/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py index 10fa4f64..6acfe3f9 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py +++ b/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py @@ -109,7 +109,7 @@ class V2UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase): self.requests_mock.post(url, json=self.service_token) def get_role_names(self, token): - return set(x['name'] for x in token['access']['user'].get('roles', [])) + return [x['name'] for x in token['access']['user'].get('roles', [])] def get_token(self): token = fixture.V2Token() @@ -174,7 +174,7 @@ class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase): json=self.service_token) def get_role_names(self, token): - return set(x['name'] for x in token['token'].get('roles', [])) + return [x['name'] for x in token['token'].get('roles', [])] def get_token(self, project=True): token_id = uuid.uuid4().hex