Merge "Use keystoneauth"
This commit is contained in:
commit
a52eb9860c
|
@ -169,8 +169,8 @@ keystone.token_info
|
||||||
well as basic information about the project and user.
|
well as basic information about the project and user.
|
||||||
|
|
||||||
keystone.token_auth
|
keystone.token_auth
|
||||||
A keystoneclient auth plugin that may be used with a
|
A keystoneauth1 auth plugin that may be used with a
|
||||||
:py:class:`keystoneclient.session.Session`. This plugin will load the
|
:py:class:`keystoneauth1.session.Session`. This plugin will load the
|
||||||
authentication data provided to auth_token middleware.
|
authentication data provided to auth_token middleware.
|
||||||
|
|
||||||
|
|
||||||
|
@ -210,13 +210,14 @@ import binascii
|
||||||
import datetime
|
import datetime
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from keystoneclient import access
|
from keystoneauth1 import access
|
||||||
from keystoneclient import adapter
|
from keystoneauth1 import adapter
|
||||||
from keystoneclient import auth
|
from keystoneauth1 import discover
|
||||||
|
from keystoneauth1 import exceptions as ksa_exceptions
|
||||||
|
from keystoneauth1 import loading
|
||||||
|
from keystoneauth1.loading import session as session_loading
|
||||||
from keystoneclient.common import cms
|
from keystoneclient.common import cms
|
||||||
from keystoneclient import discover
|
|
||||||
from keystoneclient import exceptions as ksc_exceptions
|
from keystoneclient import exceptions as ksc_exceptions
|
||||||
from keystoneclient import session
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_serialization import jsonutils
|
from oslo_serialization import jsonutils
|
||||||
import pkg_resources
|
import pkg_resources
|
||||||
|
@ -368,7 +369,7 @@ _OPTS = [
|
||||||
' only while migrating from a less secure algorithm to a more'
|
' only while migrating from a less secure algorithm to a more'
|
||||||
' secure one. Once all the old tokens are expired this option'
|
' secure one. Once all the old tokens are expired this option'
|
||||||
' should be set to a single value for better performance.'),
|
' should be set to a single value for better performance.'),
|
||||||
]
|
] + _auth.OPTS
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
CONF.register_opts(_OPTS, group=_base.AUTHTOKEN_GROUP)
|
CONF.register_opts(_OPTS, group=_base.AUTHTOKEN_GROUP)
|
||||||
|
@ -398,7 +399,7 @@ def _conf_values_type_convert(conf):
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
opt_types = {}
|
opt_types = {}
|
||||||
for o in (_OPTS + _auth.AuthTokenPlugin.get_options()):
|
for o in _OPTS:
|
||||||
type_dest = (getattr(o, 'type', str), o.dest)
|
type_dest = (getattr(o, 'type', str), o.dest)
|
||||||
opt_types[o.dest] = type_dest
|
opt_types[o.dest] = type_dest
|
||||||
# Also add the deprecated name with the same type and dest.
|
# Also add the deprecated name with the same type and dest.
|
||||||
|
@ -506,7 +507,7 @@ class _BaseAuthProtocol(object):
|
||||||
"""Perform the validation steps on the token.
|
"""Perform the validation steps on the token.
|
||||||
|
|
||||||
:param auth_ref: The token data
|
:param auth_ref: The token data
|
||||||
:type auth_ref: keystoneclient.access.AccessInfo
|
:type auth_ref: keystoneauth1.access.AccessInfo
|
||||||
|
|
||||||
:raises exc.InvalidToken: if token is rejected
|
:raises exc.InvalidToken: if token is rejected
|
||||||
"""
|
"""
|
||||||
|
@ -519,7 +520,7 @@ class _BaseAuthProtocol(object):
|
||||||
data = self._fetch_token(token)
|
data = self._fetch_token(token)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return data, access.AccessInfo.factory(body=data, auth_token=token)
|
return data, access.create(body=data, auth_token=token)
|
||||||
except Exception:
|
except Exception:
|
||||||
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
|
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
|
||||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||||
|
@ -561,21 +562,11 @@ class _BaseAuthProtocol(object):
|
||||||
if self._enforce_token_bind == _BIND_MODE.DISABLED:
|
if self._enforce_token_bind == _BIND_MODE.DISABLED:
|
||||||
return
|
return
|
||||||
|
|
||||||
try:
|
|
||||||
if auth_ref.version == 'v2.0':
|
|
||||||
bind = auth_ref['token']['bind']
|
|
||||||
elif auth_ref.version == 'v3':
|
|
||||||
bind = auth_ref['bind']
|
|
||||||
else:
|
|
||||||
self._invalid_user_token()
|
|
||||||
except KeyError:
|
|
||||||
bind = {}
|
|
||||||
|
|
||||||
# permissive and strict modes don't require there to be a bind
|
# permissive and strict modes don't require there to be a bind
|
||||||
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
|
permissive = self._enforce_token_bind in (_BIND_MODE.PERMISSIVE,
|
||||||
_BIND_MODE.STRICT)
|
_BIND_MODE.STRICT)
|
||||||
|
|
||||||
if not bind:
|
if not auth_ref.bind:
|
||||||
if permissive:
|
if permissive:
|
||||||
# no bind provided and none required
|
# no bind provided and none required
|
||||||
return
|
return
|
||||||
|
@ -589,12 +580,12 @@ class _BaseAuthProtocol(object):
|
||||||
else:
|
else:
|
||||||
name = self._enforce_token_bind
|
name = self._enforce_token_bind
|
||||||
|
|
||||||
if name and name not in bind:
|
if name and name not in auth_ref.bind:
|
||||||
self.log.info(_LI('Named bind mode %s not in bind information'),
|
self.log.info(_LI('Named bind mode %s not in bind information'),
|
||||||
name)
|
name)
|
||||||
self._invalid_user_token()
|
self._invalid_user_token()
|
||||||
|
|
||||||
for bind_type, identifier in six.iteritems(bind):
|
for bind_type, identifier in six.iteritems(auth_ref.bind):
|
||||||
if bind_type == _BIND_MODE.KERBEROS:
|
if bind_type == _BIND_MODE.KERBEROS:
|
||||||
if req.auth_type != 'negotiate':
|
if req.auth_type != 'negotiate':
|
||||||
self.log.info(_LI('Kerberos credentials required and '
|
self.log.info(_LI('Kerberos credentials required and '
|
||||||
|
@ -658,8 +649,8 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||||
|
|
||||||
self._local_oslo_config.register_opts(
|
self._local_oslo_config.register_opts(
|
||||||
_OPTS, group=_base.AUTHTOKEN_GROUP)
|
_OPTS, group=_base.AUTHTOKEN_GROUP)
|
||||||
auth.register_conf_options(self._local_oslo_config,
|
loading.register_auth_conf_options(self._local_oslo_config,
|
||||||
group=_base.AUTHTOKEN_GROUP)
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
super(AuthProtocol, self).__init__(
|
super(AuthProtocol, self).__init__(
|
||||||
app,
|
app,
|
||||||
|
@ -851,8 +842,8 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||||
|
|
||||||
self._token_cache.store(token_hashes[0], data)
|
self._token_cache.store(token_hashes[0], data)
|
||||||
|
|
||||||
except (ksc_exceptions.ConnectionRefused,
|
except (ksa_exceptions.ConnectFailure,
|
||||||
ksc_exceptions.RequestTimeout,
|
ksa_exceptions.RequestTimeout,
|
||||||
ksm_exceptions.RevocationListError,
|
ksm_exceptions.RevocationListError,
|
||||||
ksm_exceptions.ServiceError) as e:
|
ksm_exceptions.ServiceError) as e:
|
||||||
self.log.critical(_LC('Unable to validate token: %s'), e)
|
self.log.critical(_LC('Unable to validate token: %s'), e)
|
||||||
|
@ -975,17 +966,33 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||||
# !!! - UNDER NO CIRCUMSTANCES COPY ANY OF THIS CODE - !!!
|
# !!! - UNDER NO CIRCUMSTANCES COPY ANY OF THIS CODE - !!!
|
||||||
|
|
||||||
group = self._conf_get('auth_section') or _base.AUTHTOKEN_GROUP
|
group = self._conf_get('auth_section') or _base.AUTHTOKEN_GROUP
|
||||||
plugin_name = self._conf_get('auth_plugin', group=group)
|
|
||||||
|
# NOTE(jamielennox): auth_plugin was deprecated to auth_type. _conf_get
|
||||||
|
# doesn't handle that deprecation in the case of conf dict options so
|
||||||
|
# we have to manually check the value
|
||||||
|
plugin_name = (self._conf_get('auth_type', group=group)
|
||||||
|
or self._conf.get('auth_plugin'))
|
||||||
|
|
||||||
|
if not plugin_name:
|
||||||
|
return _auth.AuthTokenPlugin(
|
||||||
|
log=self.log,
|
||||||
|
auth_admin_prefix=self._conf_get('auth_admin_prefix',
|
||||||
|
group=group),
|
||||||
|
auth_host=self._conf_get('auth_host', group=group),
|
||||||
|
auth_port=self._conf_get('auth_port', group=group),
|
||||||
|
auth_protocol=self._conf_get('auth_protocol', group=group),
|
||||||
|
identity_uri=self._conf_get('identity_uri', group=group),
|
||||||
|
admin_token=self._conf_get('admin_token', group=group),
|
||||||
|
admin_user=self._conf_get('admin_user', group=group),
|
||||||
|
admin_password=self._conf_get('admin_password', group=group),
|
||||||
|
admin_tenant_name=self._conf_get('admin_tenant_name',
|
||||||
|
group=group)
|
||||||
|
)
|
||||||
|
|
||||||
|
plugin_loader = loading.get_plugin_loader(plugin_name)
|
||||||
|
plugin_opts = [o._to_oslo_opt() for o in plugin_loader.get_options()]
|
||||||
plugin_kwargs = dict()
|
plugin_kwargs = dict()
|
||||||
|
|
||||||
if plugin_name:
|
|
||||||
plugin_class = auth.get_plugin_class(plugin_name)
|
|
||||||
else:
|
|
||||||
plugin_class = _auth.AuthTokenPlugin
|
|
||||||
# logger object is a required parameter of the default plugin
|
|
||||||
plugin_kwargs['log'] = self.log
|
|
||||||
|
|
||||||
plugin_opts = plugin_class.get_options()
|
|
||||||
(self._local_oslo_config or CONF).register_opts(plugin_opts,
|
(self._local_oslo_config or CONF).register_opts(plugin_opts,
|
||||||
group=group)
|
group=group)
|
||||||
|
|
||||||
|
@ -995,7 +1002,7 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||||
val = opt.type(val)
|
val = opt.type(val)
|
||||||
plugin_kwargs[opt.dest] = val
|
plugin_kwargs[opt.dest] = val
|
||||||
|
|
||||||
return plugin_class.load_from_options(**plugin_kwargs)
|
return plugin_loader.load_from_options(**plugin_kwargs)
|
||||||
|
|
||||||
def _determine_project(self):
|
def _determine_project(self):
|
||||||
"""Determine a project name from all available config sources.
|
"""Determine a project name from all available config sources.
|
||||||
|
@ -1041,14 +1048,14 @@ class AuthProtocol(_BaseAuthProtocol):
|
||||||
# same as calling Session.load_from_conf_options(CONF, GROUP)
|
# same as calling Session.load_from_conf_options(CONF, GROUP)
|
||||||
# however we can't do that because we have to use _conf_get to
|
# however we can't do that because we have to use _conf_get to
|
||||||
# support the paste.ini options.
|
# support the paste.ini options.
|
||||||
sess = session.Session.construct(dict(
|
sess = session_loading.Session().load_from_options(
|
||||||
cert=self._conf_get('certfile'),
|
cert=self._conf_get('certfile'),
|
||||||
key=self._conf_get('keyfile'),
|
key=self._conf_get('keyfile'),
|
||||||
cacert=self._conf_get('cafile'),
|
cacert=self._conf_get('cafile'),
|
||||||
insecure=self._conf_get('insecure'),
|
insecure=self._conf_get('insecure'),
|
||||||
timeout=self._conf_get('http_connect_timeout'),
|
timeout=self._conf_get('http_connect_timeout'),
|
||||||
user_agent=self._build_useragent_string()
|
user_agent=self._build_useragent_string()
|
||||||
))
|
)
|
||||||
|
|
||||||
auth_plugin = self._get_auth_plugin()
|
auth_plugin = self._get_auth_plugin()
|
||||||
|
|
||||||
|
|
|
@ -12,10 +12,11 @@
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from keystoneclient import auth
|
from keystoneauth1 import discover
|
||||||
from keystoneclient.auth.identity import v2
|
from keystoneauth1.identity import v2
|
||||||
from keystoneclient.auth import token_endpoint
|
from keystoneauth1 import loading
|
||||||
from keystoneclient import discover
|
from keystoneauth1 import plugin
|
||||||
|
from keystoneauth1 import token_endpoint
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
from keystonemiddleware.auth_token import _base
|
from keystonemiddleware.auth_token import _base
|
||||||
|
@ -25,7 +26,7 @@ from keystonemiddleware.i18n import _, _LW
|
||||||
_LOG = logging.getLogger(__name__)
|
_LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class AuthTokenPlugin(auth.BaseAuthPlugin):
|
class AuthTokenPlugin(plugin.BaseAuthPlugin):
|
||||||
|
|
||||||
def __init__(self, auth_host, auth_port, auth_protocol, auth_admin_prefix,
|
def __init__(self, auth_host, auth_port, auth_protocol, auth_admin_prefix,
|
||||||
admin_user, admin_password, admin_tenant_name, admin_token,
|
admin_user, admin_password, admin_tenant_name, admin_token,
|
||||||
|
@ -104,7 +105,7 @@ class AuthTokenPlugin(auth.BaseAuthPlugin):
|
||||||
service or None if not available.
|
service or None if not available.
|
||||||
:rtype: string
|
:rtype: string
|
||||||
"""
|
"""
|
||||||
if interface == auth.AUTH_INTERFACE:
|
if interface == plugin.AUTH_INTERFACE:
|
||||||
return self._identity_uri
|
return self._identity_uri
|
||||||
|
|
||||||
if not version:
|
if not version:
|
||||||
|
@ -114,7 +115,7 @@ class AuthTokenPlugin(auth.BaseAuthPlugin):
|
||||||
|
|
||||||
if not self._discover:
|
if not self._discover:
|
||||||
self._discover = discover.Discover(session,
|
self._discover = discover.Discover(session,
|
||||||
auth_url=self._identity_uri,
|
url=self._identity_uri,
|
||||||
authenticated=False)
|
authenticated=False)
|
||||||
|
|
||||||
if not self._discover.url_for(version):
|
if not self._discover.url_for(version):
|
||||||
|
@ -142,53 +143,48 @@ class AuthTokenPlugin(auth.BaseAuthPlugin):
|
||||||
def invalidate(self):
|
def invalidate(self):
|
||||||
return self._plugin.invalidate()
|
return self._plugin.invalidate()
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def get_options(cls):
|
|
||||||
options = super(AuthTokenPlugin, cls).get_options()
|
|
||||||
|
|
||||||
options.extend([
|
OPTS = [
|
||||||
cfg.StrOpt('auth_admin_prefix',
|
cfg.StrOpt('auth_admin_prefix',
|
||||||
default='',
|
default='',
|
||||||
help='Prefix to prepend at the beginning of the path. '
|
help='Prefix to prepend at the beginning of the path. '
|
||||||
'Deprecated, use identity_uri.'),
|
'Deprecated, use identity_uri.'),
|
||||||
cfg.StrOpt('auth_host',
|
cfg.StrOpt('auth_host',
|
||||||
default='127.0.0.1',
|
default='127.0.0.1',
|
||||||
help='Host providing the admin Identity API endpoint. '
|
help='Host providing the admin Identity API endpoint. '
|
||||||
'Deprecated, use identity_uri.'),
|
'Deprecated, use identity_uri.'),
|
||||||
cfg.IntOpt('auth_port',
|
cfg.IntOpt('auth_port',
|
||||||
default=35357,
|
default=35357,
|
||||||
help='Port of the admin Identity API endpoint. '
|
help='Port of the admin Identity API endpoint. '
|
||||||
'Deprecated, use identity_uri.'),
|
'Deprecated, use identity_uri.'),
|
||||||
cfg.StrOpt('auth_protocol',
|
cfg.StrOpt('auth_protocol',
|
||||||
default='https',
|
default='https',
|
||||||
help='Protocol of the admin Identity API endpoint '
|
help='Protocol of the admin Identity API endpoint '
|
||||||
'(http or https). Deprecated, use identity_uri.'),
|
'(http or https). Deprecated, use identity_uri.'),
|
||||||
cfg.StrOpt('identity_uri',
|
cfg.StrOpt('identity_uri',
|
||||||
default=None,
|
default=None,
|
||||||
help='Complete admin Identity API endpoint. This '
|
help='Complete admin Identity API endpoint. This '
|
||||||
'should specify the unversioned root endpoint '
|
'should specify the unversioned root endpoint '
|
||||||
'e.g. https://localhost:35357/'),
|
'e.g. https://localhost:35357/'),
|
||||||
cfg.StrOpt('admin_token',
|
cfg.StrOpt('admin_token',
|
||||||
secret=True,
|
secret=True,
|
||||||
help='This option is deprecated and may be removed in '
|
help='This option is deprecated and may be removed in '
|
||||||
'a future release. Single shared secret with the '
|
'a future release. Single shared secret with the '
|
||||||
'Keystone configuration used for bootstrapping a '
|
'Keystone configuration used for bootstrapping a '
|
||||||
'Keystone installation, or otherwise bypassing '
|
'Keystone installation, or otherwise bypassing '
|
||||||
'the normal authentication process. This option '
|
'the normal authentication process. This option '
|
||||||
'should not be used, use `admin_user` and '
|
'should not be used, use `admin_user` and '
|
||||||
'`admin_password` instead.'),
|
'`admin_password` instead.'),
|
||||||
cfg.StrOpt('admin_user',
|
cfg.StrOpt('admin_user',
|
||||||
help='Service username.'),
|
help='Service username.'),
|
||||||
cfg.StrOpt('admin_password',
|
cfg.StrOpt('admin_password',
|
||||||
secret=True,
|
secret=True,
|
||||||
help='Service user password.'),
|
help='Service user password.'),
|
||||||
cfg.StrOpt('admin_tenant_name',
|
cfg.StrOpt('admin_tenant_name',
|
||||||
default='admin',
|
default='admin',
|
||||||
help='Service tenant name.'),
|
help='Service tenant name.'),
|
||||||
])
|
]
|
||||||
|
|
||||||
return options
|
|
||||||
|
|
||||||
|
|
||||||
auth.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
|
loading.register_auth_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
|
||||||
AuthTokenPlugin.register_conf_options(cfg.CONF, _base.AUTHTOKEN_GROUP)
|
cfg.CONF.register_opts(OPTS, group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
|
@ -12,8 +12,9 @@
|
||||||
|
|
||||||
import functools
|
import functools
|
||||||
|
|
||||||
from keystoneclient import auth
|
from keystoneauth1 import discover
|
||||||
from keystoneclient import discover
|
from keystoneauth1 import exceptions as ksa_exceptions
|
||||||
|
from keystoneauth1 import plugin
|
||||||
from keystoneclient import exceptions as ksc_exceptions
|
from keystoneclient import exceptions as ksc_exceptions
|
||||||
from keystoneclient.v2_0 import client as v2_client
|
from keystoneclient.v2_0 import client as v2_client
|
||||||
from keystoneclient.v3 import client as v3_client
|
from keystoneclient.v3 import client as v3_client
|
||||||
|
@ -29,7 +30,7 @@ def _convert_fetch_cert_exception(fetch_cert):
|
||||||
def wrapper(self):
|
def wrapper(self):
|
||||||
try:
|
try:
|
||||||
text = fetch_cert(self)
|
text = fetch_cert(self)
|
||||||
except ksc_exceptions.HTTPError as e:
|
except ksa_exceptions.HttpError as e:
|
||||||
raise ksc_exceptions.CertificateConfigError(e.details)
|
raise ksc_exceptions.CertificateConfigError(e.details)
|
||||||
return text
|
return text
|
||||||
|
|
||||||
|
@ -145,7 +146,7 @@ class IdentityServer(object):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def auth_uri(self):
|
def auth_uri(self):
|
||||||
auth_uri = self._adapter.get_endpoint(interface=auth.AUTH_INTERFACE)
|
auth_uri = self._adapter.get_endpoint(interface=plugin.AUTH_INTERFACE)
|
||||||
|
|
||||||
# NOTE(jamielennox): This weird stripping of the prefix hack is
|
# NOTE(jamielennox): This weird stripping of the prefix hack is
|
||||||
# only relevant to the legacy case. We urljoin '/' to get just the
|
# only relevant to the legacy case. We urljoin '/' to get just the
|
||||||
|
@ -204,18 +205,18 @@ class IdentityServer(object):
|
||||||
user authentication when an indeterminate
|
user authentication when an indeterminate
|
||||||
response is received. Optional.
|
response is received. Optional.
|
||||||
:returns: access info received from identity server on success
|
:returns: access info received from identity server on success
|
||||||
:rtype: :py:class:`keystoneclient.access.AccessInfo`
|
:rtype: :py:class:`keystoneauth1.access.AccessInfo`
|
||||||
:raises exc.InvalidToken: if token is rejected
|
:raises exc.InvalidToken: if token is rejected
|
||||||
:raises exc.ServiceError: if unable to authenticate token
|
:raises exc.ServiceError: if unable to authenticate token
|
||||||
|
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
auth_ref = self._request_strategy.verify_token(user_token)
|
auth_ref = self._request_strategy.verify_token(user_token)
|
||||||
except ksc_exceptions.NotFound as e:
|
except ksa_exceptions.NotFound as e:
|
||||||
self._LOG.warning(_LW('Authorization failed for token'))
|
self._LOG.warning(_LW('Authorization failed for token'))
|
||||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||||
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))
|
||||||
except ksc_exceptions.Unauthorized as e:
|
except ksa_exceptions.Unauthorized as e:
|
||||||
self._LOG.info(_LI('Identity server rejected authorization'))
|
self._LOG.info(_LI('Identity server rejected authorization'))
|
||||||
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
self._LOG.warning(_LW('Identity response: %s'), e.response.text)
|
||||||
if retry:
|
if retry:
|
||||||
|
@ -224,7 +225,7 @@ class IdentityServer(object):
|
||||||
msg = _('Identity server rejected authorization necessary to '
|
msg = _('Identity server rejected authorization necessary to '
|
||||||
'fetch token data')
|
'fetch token data')
|
||||||
raise ksm_exceptions.ServiceError(msg)
|
raise ksm_exceptions.ServiceError(msg)
|
||||||
except ksc_exceptions.HttpError as e:
|
except ksa_exceptions.HttpError as e:
|
||||||
self._LOG.error(
|
self._LOG.error(
|
||||||
_LE('Bad response code while validating token: %s'),
|
_LE('Bad response code while validating token: %s'),
|
||||||
e.http_status)
|
e.http_status)
|
||||||
|
@ -237,7 +238,7 @@ class IdentityServer(object):
|
||||||
def fetch_revocation_list(self):
|
def fetch_revocation_list(self):
|
||||||
try:
|
try:
|
||||||
data = self._request_strategy.fetch_revocation_list()
|
data = self._request_strategy.fetch_revocation_list()
|
||||||
except ksc_exceptions.HTTPError as e:
|
except ksa_exceptions.HttpError as e:
|
||||||
msg = _('Failed to fetch token revocation list: %d')
|
msg = _('Failed to fetch token revocation list: %d')
|
||||||
raise ksm_exceptions.RevocationListError(msg % e.http_status)
|
raise ksm_exceptions.RevocationListError(msg % e.http_status)
|
||||||
if 'signed' not in data:
|
if 'signed' not in data:
|
||||||
|
|
|
@ -165,13 +165,13 @@ class _AuthTokenRequest(webob.Request):
|
||||||
doc info at start of __init__ file for details of headers to be defined
|
doc info at start of __init__ file for details of headers to be defined
|
||||||
|
|
||||||
:param auth_ref: The token data
|
:param auth_ref: The token data
|
||||||
:type auth_ref: keystoneclient.access.AccessInfo
|
:type auth_ref: keystoneauth.access.AccessInfo
|
||||||
"""
|
"""
|
||||||
if not auth_ref.has_service_catalog():
|
if not auth_ref.has_service_catalog():
|
||||||
self.headers.pop(self._SERVICE_CATALOG_HEADER, None)
|
self.headers.pop(self._SERVICE_CATALOG_HEADER, None)
|
||||||
return
|
return
|
||||||
|
|
||||||
catalog = auth_ref.service_catalog.get_data()
|
catalog = auth_ref.service_catalog.catalog
|
||||||
if auth_ref.version == 'v3':
|
if auth_ref.version == 'v3':
|
||||||
catalog = _v3_to_v2_catalog(catalog)
|
catalog = _v3_to_v2_catalog(catalog)
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
from keystoneclient.auth.identity import base as base_identity
|
from keystoneauth1.identity import base as base_identity
|
||||||
|
|
||||||
|
|
||||||
class _TokenData(object):
|
class _TokenData(object):
|
||||||
|
|
|
@ -18,17 +18,15 @@ __all__ = (
|
||||||
|
|
||||||
import copy
|
import copy
|
||||||
|
|
||||||
from keystoneclient import auth
|
from keystoneauth1 import loading
|
||||||
|
|
||||||
import keystonemiddleware.auth_token
|
import keystonemiddleware.auth_token
|
||||||
from keystonemiddleware.auth_token import _auth
|
|
||||||
from keystonemiddleware.auth_token import _base
|
from keystonemiddleware.auth_token import _base
|
||||||
|
|
||||||
auth_token_opts = [
|
auth_token_opts = [
|
||||||
(_base.AUTHTOKEN_GROUP,
|
(_base.AUTHTOKEN_GROUP,
|
||||||
keystonemiddleware.auth_token._OPTS +
|
keystonemiddleware.auth_token._OPTS +
|
||||||
_auth.AuthTokenPlugin.get_options() +
|
loading.get_auth_common_conf_options())
|
||||||
auth.get_common_conf_options())
|
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
import logging
|
import logging
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from keystoneclient import auth
|
from keystoneauth1 import fixture
|
||||||
from keystoneclient import fixture
|
from keystoneauth1 import plugin as ksa_plugin
|
||||||
from keystoneclient import session
|
from keystoneauth1 import session
|
||||||
from requests_mock.contrib import fixture as rm_fixture
|
from requests_mock.contrib import fixture as rm_fixture
|
||||||
import six
|
import six
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@ class DefaultAuthPluginTests(utils.BaseTestCase):
|
||||||
if not log:
|
if not log:
|
||||||
log = self.logger
|
log = self.logger
|
||||||
|
|
||||||
return _auth.AuthTokenPlugin.load_from_options(
|
return _auth.AuthTokenPlugin(
|
||||||
auth_host=auth_host,
|
auth_host=auth_host,
|
||||||
auth_port=auth_port,
|
auth_port=auth_port,
|
||||||
auth_protocol=auth_protocol,
|
auth_protocol=auth_protocol,
|
||||||
|
@ -65,9 +65,9 @@ class DefaultAuthPluginTests(utils.BaseTestCase):
|
||||||
auth_port=auth_port,
|
auth_port=auth_port,
|
||||||
auth_admin_prefix=auth_admin_prefix)
|
auth_admin_prefix=auth_admin_prefix)
|
||||||
|
|
||||||
self.assertEqual(expected,
|
endpoint = plugin.get_endpoint(self.session,
|
||||||
plugin.get_endpoint(self.session,
|
interface=ksa_plugin.AUTH_INTERFACE)
|
||||||
interface=auth.AUTH_INTERFACE))
|
self.assertEqual(expected, endpoint)
|
||||||
|
|
||||||
def test_identity_uri_overrides_fragments(self):
|
def test_identity_uri_overrides_fragments(self):
|
||||||
identity_uri = 'http://testhost:8888/admin'
|
identity_uri = 'http://testhost:8888/admin'
|
||||||
|
@ -76,9 +76,9 @@ class DefaultAuthPluginTests(utils.BaseTestCase):
|
||||||
auth_port=9999,
|
auth_port=9999,
|
||||||
auth_protocol='ftp')
|
auth_protocol='ftp')
|
||||||
|
|
||||||
self.assertEqual(identity_uri,
|
endpoint = plugin.get_endpoint(self.session,
|
||||||
plugin.get_endpoint(self.session,
|
interface=ksa_plugin.AUTH_INTERFACE)
|
||||||
interface=auth.AUTH_INTERFACE))
|
self.assertEqual(identity_uri, endpoint)
|
||||||
|
|
||||||
def test_with_admin_token(self):
|
def test_with_admin_token(self):
|
||||||
token = uuid.uuid4().hex
|
token = uuid.uuid4().hex
|
||||||
|
|
|
@ -23,11 +23,12 @@ import time
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
import fixtures
|
import fixtures
|
||||||
from keystoneclient import auth
|
from keystoneauth1 import exceptions as ksa_exceptions
|
||||||
|
from keystoneauth1 import fixture
|
||||||
|
from keystoneauth1 import loading
|
||||||
|
from keystoneauth1 import session
|
||||||
from keystoneclient.common import cms
|
from keystoneclient.common import cms
|
||||||
from keystoneclient import exceptions as ksc_exceptions
|
from keystoneclient import exceptions as ksc_exceptions
|
||||||
from keystoneclient import fixture
|
|
||||||
from keystoneclient import session
|
|
||||||
import mock
|
import mock
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_serialization import jsonutils
|
from oslo_serialization import jsonutils
|
||||||
|
@ -549,24 +550,29 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||||
headers={'X-Subject-Token': uuid.uuid4().hex},
|
headers={'X-Subject-Token': uuid.uuid4().hex},
|
||||||
json=fixture.V3Token())
|
json=fixture.V3Token())
|
||||||
|
|
||||||
conf = {'auth_uri': auth_url,
|
loading.register_auth_conf_options(self.cfg.conf,
|
||||||
'auth_url': auth_url + '/v3',
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
'auth_plugin': 'v3password',
|
|
||||||
'username': 'user',
|
opts = loading.get_auth_plugin_conf_options('v3password')
|
||||||
'password': 'pass'}
|
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
|
self.cfg.config(auth_url=auth_url + '/v3',
|
||||||
|
auth_type='v3password',
|
||||||
|
username='user',
|
||||||
|
password='pass',
|
||||||
|
user_domain_id=uuid.uuid4().hex,
|
||||||
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
self.assertEqual(0, east_mock.call_count)
|
self.assertEqual(0, east_mock.call_count)
|
||||||
self.assertEqual(0, west_mock.call_count)
|
self.assertEqual(0, west_mock.call_count)
|
||||||
|
|
||||||
east_app = self.create_simple_middleware(conf=dict(region_name='east',
|
east_app = self.create_simple_middleware(conf=dict(region_name='east'))
|
||||||
**conf))
|
|
||||||
self.call(east_app, headers={'X-Auth-Token': uuid.uuid4().hex})
|
self.call(east_app, headers={'X-Auth-Token': uuid.uuid4().hex})
|
||||||
|
|
||||||
self.assertEqual(1, east_mock.call_count)
|
self.assertEqual(1, east_mock.call_count)
|
||||||
self.assertEqual(0, west_mock.call_count)
|
self.assertEqual(0, west_mock.call_count)
|
||||||
|
|
||||||
west_app = self.create_simple_middleware(conf=dict(region_name='west',
|
west_app = self.create_simple_middleware(conf=dict(region_name='west'))
|
||||||
**conf))
|
|
||||||
|
|
||||||
self.call(west_app, headers={'X-Auth-Token': uuid.uuid4().hex})
|
self.call(west_app, headers={'X-Auth-Token': uuid.uuid4().hex})
|
||||||
|
|
||||||
|
@ -1412,7 +1418,7 @@ class V3CertDownloadMiddlewareTest(V2CertDownloadMiddlewareTest):
|
||||||
|
|
||||||
|
|
||||||
def network_error_response(request, context):
|
def network_error_response(request, context):
|
||||||
raise ksc_exceptions.ConnectionRefused("Network connection refused.")
|
raise ksa_exceptions.ConnectFailure("Network connection refused.")
|
||||||
|
|
||||||
|
|
||||||
class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||||
|
@ -1682,7 +1688,7 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||||
|
|
||||||
if token_id == ERROR_TOKEN:
|
if token_id == ERROR_TOKEN:
|
||||||
msg = "Network connection refused."
|
msg = "Network connection refused."
|
||||||
raise ksc_exceptions.ConnectionRefused(msg)
|
raise ksa_exceptions.ConnectFailure(msg)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
response = self.examples.JSON_TOKEN_RESPONSES[token_id]
|
response = self.examples.JSON_TOKEN_RESPONSES[token_id]
|
||||||
|
@ -2251,16 +2257,17 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
|
||||||
def test_loading_password_plugin(self):
|
def test_loading_password_plugin(self):
|
||||||
# the password options aren't set on config until loading time, but we
|
# the password options aren't set on config until loading time, but we
|
||||||
# need them set so we can override the values for testing, so force it
|
# need them set so we can override the values for testing, so force it
|
||||||
opts = auth.get_plugin_options('password')
|
opts = loading.get_auth_plugin_conf_options('password')
|
||||||
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
|
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
project_id = uuid.uuid4().hex
|
project_id = uuid.uuid4().hex
|
||||||
|
|
||||||
# Register the authentication options
|
# Register the authentication options
|
||||||
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
|
loading.register_auth_conf_options(self.cfg.conf,
|
||||||
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
# configure the authentication options
|
# configure the authentication options
|
||||||
self.cfg.config(auth_plugin='password',
|
self.cfg.config(auth_type='password',
|
||||||
username='testuser',
|
username='testuser',
|
||||||
password='testpass',
|
password='testpass',
|
||||||
auth_url=self.AUTH_URL,
|
auth_url=self.AUTH_URL,
|
||||||
|
@ -2279,27 +2286,30 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
|
||||||
return app._identity_server._adapter.auth
|
return app._identity_server._adapter.auth
|
||||||
|
|
||||||
def test_invalid_plugin_fails_to_initialize(self):
|
def test_invalid_plugin_fails_to_initialize(self):
|
||||||
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
|
loading.register_auth_conf_options(self.cfg.conf,
|
||||||
self.cfg.config(auth_plugin=uuid.uuid4().hex,
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
self.cfg.config(auth_type=uuid.uuid4().hex,
|
||||||
group=_base.AUTHTOKEN_GROUP)
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
self.assertRaises(
|
self.assertRaises(
|
||||||
ksc_exceptions.NoMatchingPlugin,
|
ksa_exceptions.NoMatchingPlugin,
|
||||||
self.create_simple_middleware)
|
self.create_simple_middleware)
|
||||||
|
|
||||||
def test_plugin_loading_mixed_opts(self):
|
def test_plugin_loading_mixed_opts(self):
|
||||||
# some options via override and some via conf
|
# some options via override and some via conf
|
||||||
opts = auth.get_plugin_options('password')
|
opts = loading.get_auth_plugin_conf_options('password')
|
||||||
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
|
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
username = 'testuser'
|
username = 'testuser'
|
||||||
password = 'testpass'
|
password = 'testpass'
|
||||||
|
|
||||||
# Register the authentication options
|
# Register the authentication options
|
||||||
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
|
loading.register_auth_conf_options(self.cfg.conf,
|
||||||
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
# configure the authentication options
|
# configure the authentication options
|
||||||
self.cfg.config(auth_plugin='password',
|
self.cfg.config(auth_type='password',
|
||||||
|
auth_url='http://keystone.test:5000',
|
||||||
password=password,
|
password=password,
|
||||||
project_id=self.project_id,
|
project_id=self.project_id,
|
||||||
user_domain_id='userdomainid',
|
user_domain_id='userdomainid',
|
||||||
|
@ -2326,22 +2336,24 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
|
||||||
username = 'testuser'
|
username = 'testuser'
|
||||||
password = 'testpass'
|
password = 'testpass'
|
||||||
|
|
||||||
auth.register_conf_options(self.cfg.conf, group=section)
|
loading.register_auth_conf_options(self.cfg.conf, group=section)
|
||||||
opts = auth.get_plugin_options('password')
|
opts = loading.get_auth_plugin_conf_options('password')
|
||||||
self.cfg.register_opts(opts, group=section)
|
self.cfg.register_opts(opts, group=section)
|
||||||
|
|
||||||
# Register the authentication options
|
# Register the authentication options
|
||||||
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
|
loading.register_auth_conf_options(self.cfg.conf,
|
||||||
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
# configure the authentication options
|
# configure the authentication options
|
||||||
self.cfg.config(auth_section=section, group=_base.AUTHTOKEN_GROUP)
|
self.cfg.config(auth_section=section, group=_base.AUTHTOKEN_GROUP)
|
||||||
self.cfg.config(auth_plugin='password',
|
self.cfg.config(auth_type='password',
|
||||||
|
auth_url=self.AUTH_URL,
|
||||||
password=password,
|
password=password,
|
||||||
project_id=self.project_id,
|
project_id=self.project_id,
|
||||||
user_domain_id='userdomainid',
|
user_domain_id='userdomainid',
|
||||||
group=section)
|
group=section)
|
||||||
|
|
||||||
conf = {'username': username, 'auth_url': self.AUTH_URL}
|
conf = {'username': username}
|
||||||
|
|
||||||
body = uuid.uuid4().hex
|
body = uuid.uuid4().hex
|
||||||
app = self.create_simple_middleware(body=body, conf=conf)
|
app = self.create_simple_middleware(body=body, conf=conf)
|
||||||
|
@ -2368,16 +2380,17 @@ class TestAuthPluginUserAgentGeneration(BaseAuthTokenMiddlewareTest):
|
||||||
self.section = uuid.uuid4().hex
|
self.section = uuid.uuid4().hex
|
||||||
self.user_domain_id = uuid.uuid4().hex
|
self.user_domain_id = uuid.uuid4().hex
|
||||||
|
|
||||||
auth.register_conf_options(self.cfg.conf, group=self.section)
|
loading.register_auth_conf_options(self.cfg.conf, group=self.section)
|
||||||
opts = auth.get_plugin_options('password')
|
opts = loading.get_auth_plugin_conf_options('password')
|
||||||
self.cfg.register_opts(opts, group=self.section)
|
self.cfg.register_opts(opts, group=self.section)
|
||||||
|
|
||||||
# Register the authentication options
|
# Register the authentication options
|
||||||
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
|
loading.register_auth_conf_options(self.cfg.conf,
|
||||||
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
# configure the authentication options
|
# configure the authentication options
|
||||||
self.cfg.config(auth_section=self.section, group=_base.AUTHTOKEN_GROUP)
|
self.cfg.config(auth_section=self.section, group=_base.AUTHTOKEN_GROUP)
|
||||||
self.cfg.config(auth_plugin='password',
|
self.cfg.config(auth_type='password',
|
||||||
password=self.password,
|
password=self.password,
|
||||||
project_id=self.project_id,
|
project_id=self.project_id,
|
||||||
user_domain_id=self.user_domain_id,
|
user_domain_id=self.user_domain_id,
|
||||||
|
@ -2431,14 +2444,15 @@ class TestAuthPluginUserAgentGeneration(BaseAuthTokenMiddlewareTest):
|
||||||
class TestAuthPluginLocalOsloConfig(BaseAuthTokenMiddlewareTest):
|
class TestAuthPluginLocalOsloConfig(BaseAuthTokenMiddlewareTest):
|
||||||
def test_project_in_local_oslo_configuration(self):
|
def test_project_in_local_oslo_configuration(self):
|
||||||
options = {
|
options = {
|
||||||
'auth_plugin': 'password',
|
'auth_type': 'password',
|
||||||
'auth_uri': uuid.uuid4().hex,
|
'auth_uri': uuid.uuid4().hex,
|
||||||
'password': uuid.uuid4().hex,
|
'password': uuid.uuid4().hex,
|
||||||
}
|
}
|
||||||
|
|
||||||
content = ("[keystone_authtoken]\n"
|
content = ("[keystone_authtoken]\n"
|
||||||
"auth_plugin=%(auth_plugin)s\n"
|
"auth_type=%(auth_type)s\n"
|
||||||
"auth_uri=%(auth_uri)s\n"
|
"auth_uri=%(auth_uri)s\n"
|
||||||
|
"auth_url=%(auth_uri)s\n"
|
||||||
"password=%(password)s\n" % options)
|
"password=%(password)s\n" % options)
|
||||||
conf_file_fixture = self.useFixture(
|
conf_file_fixture = self.useFixture(
|
||||||
createfile.CreateFileWithContent("my_app", content))
|
createfile.CreateFileWithContent("my_app", content))
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
import datetime
|
import datetime
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from keystoneclient import fixture
|
from keystoneauth1 import fixture
|
||||||
import mock
|
import mock
|
||||||
import six
|
import six
|
||||||
import testtools
|
import testtools
|
||||||
|
|
|
@ -13,8 +13,8 @@
|
||||||
import itertools
|
import itertools
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from keystoneclient import access
|
from keystoneauth1 import access
|
||||||
from keystoneclient import fixture
|
from keystoneauth1 import fixture
|
||||||
|
|
||||||
from keystonemiddleware.auth_token import _request
|
from keystonemiddleware.auth_token import _request
|
||||||
from keystonemiddleware.tests.unit import utils
|
from keystonemiddleware.tests.unit import utils
|
||||||
|
@ -139,7 +139,7 @@ class RequestObjectTests(utils.TestCase):
|
||||||
token.set_project_scope()
|
token.set_project_scope()
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
|
|
||||||
auth_ref = access.AccessInfo.factory(token_id=token_id, body=token)
|
auth_ref = access.create(auth_token=token_id, body=token)
|
||||||
self.request.set_user_headers(auth_ref)
|
self.request.set_user_headers(auth_ref)
|
||||||
|
|
||||||
self._test_v3_headers(token, '')
|
self._test_v3_headers(token, '')
|
||||||
|
@ -149,7 +149,7 @@ class RequestObjectTests(utils.TestCase):
|
||||||
token.set_project_scope()
|
token.set_project_scope()
|
||||||
token_id = uuid.uuid4().hex
|
token_id = uuid.uuid4().hex
|
||||||
|
|
||||||
auth_ref = access.AccessInfo.factory(token_id=token_id, body=token)
|
auth_ref = access.create(auth_token=token_id, body=token)
|
||||||
self.request.set_service_headers(auth_ref)
|
self.request.set_service_headers(auth_ref)
|
||||||
|
|
||||||
self._test_v3_headers(token, '-Service')
|
self._test_v3_headers(token, '-Service')
|
||||||
|
@ -199,7 +199,7 @@ class RequestObjectTests(utils.TestCase):
|
||||||
|
|
||||||
def test_token_without_catalog(self):
|
def test_token_without_catalog(self):
|
||||||
token = fixture.V3Token()
|
token = fixture.V3Token()
|
||||||
auth_ref = access.AccessInfo.factory(body=token)
|
auth_ref = access.create(body=token)
|
||||||
self.request.set_service_catalog_headers(auth_ref)
|
self.request.set_service_catalog_headers(auth_ref)
|
||||||
self.assertNotIn('X-Service-Catalog', self.request.headers)
|
self.assertNotIn('X-Service-Catalog', self.request.headers)
|
||||||
|
|
||||||
|
@ -222,8 +222,8 @@ class CatalogConversionTests(utils.TestCase):
|
||||||
internal=self.INTERNAL_URL,
|
internal=self.INTERNAL_URL,
|
||||||
region=self.REGION_ONE)
|
region=self.REGION_ONE)
|
||||||
|
|
||||||
auth_ref = access.AccessInfo.factory(body=token)
|
auth_ref = access.create(body=token)
|
||||||
catalog_data = auth_ref.service_catalog.get_data()
|
catalog_data = auth_ref.service_catalog.catalog
|
||||||
catalog = _request._v3_to_v2_catalog(catalog_data)
|
catalog = _request._v3_to_v2_catalog(catalog_data)
|
||||||
|
|
||||||
self.assertEqual(1, len(catalog))
|
self.assertEqual(1, len(catalog))
|
||||||
|
@ -246,8 +246,8 @@ class CatalogConversionTests(utils.TestCase):
|
||||||
s.add_endpoint('public', self.PUBLIC_URL, region=self.REGION_TWO)
|
s.add_endpoint('public', self.PUBLIC_URL, region=self.REGION_TWO)
|
||||||
s.add_endpoint('admin', self.ADMIN_URL, region=self.REGION_THREE)
|
s.add_endpoint('admin', self.ADMIN_URL, region=self.REGION_THREE)
|
||||||
|
|
||||||
auth_ref = access.AccessInfo.factory(body=token)
|
auth_ref = access.create(body=token)
|
||||||
catalog_data = auth_ref.service_catalog.get_data()
|
catalog_data = auth_ref.service_catalog.catalog
|
||||||
catalog = _request._v3_to_v2_catalog(catalog_data)
|
catalog = _request._v3_to_v2_catalog(catalog_data)
|
||||||
|
|
||||||
self.assertEqual(1, len(catalog))
|
self.assertEqual(1, len(catalog))
|
||||||
|
|
|
@ -12,8 +12,8 @@
|
||||||
|
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from keystoneclient import auth
|
from keystoneauth1 import fixture
|
||||||
from keystoneclient import fixture
|
from keystoneauth1 import loading
|
||||||
|
|
||||||
from keystonemiddleware.auth_token import _base
|
from keystonemiddleware.auth_token import _base
|
||||||
from keystonemiddleware.tests.unit.auth_token import base
|
from keystonemiddleware.tests.unit.auth_token import base
|
||||||
|
@ -26,18 +26,19 @@ AUTH_URL = 'https://keystone.auth.com:1234'
|
||||||
class BaseUserPluginTests(object):
|
class BaseUserPluginTests(object):
|
||||||
|
|
||||||
def configure_middleware(self,
|
def configure_middleware(self,
|
||||||
auth_plugin,
|
auth_type,
|
||||||
**kwargs):
|
**kwargs):
|
||||||
opts = auth.get_plugin_class(auth_plugin).get_options()
|
opts = loading.get_auth_plugin_conf_options(auth_type)
|
||||||
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
|
self.cfg.register_opts(opts, group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
# Since these tests cfg.config() themselves rather than waiting for
|
# Since these tests cfg.config() themselves rather than waiting for
|
||||||
# auth_token to do it on __init__ we need to register the base auth
|
# auth_token to do it on __init__ we need to register the base auth
|
||||||
# options (e.g., auth_plugin)
|
# options (e.g., auth_plugin)
|
||||||
auth.register_conf_options(self.cfg.conf, group=_base.AUTHTOKEN_GROUP)
|
loading.register_auth_conf_options(self.cfg.conf,
|
||||||
|
group=_base.AUTHTOKEN_GROUP)
|
||||||
|
|
||||||
self.cfg.config(group=_base.AUTHTOKEN_GROUP,
|
self.cfg.config(group=_base.AUTHTOKEN_GROUP,
|
||||||
auth_plugin=auth_plugin,
|
auth_type=auth_type,
|
||||||
**kwargs)
|
**kwargs)
|
||||||
|
|
||||||
def assertTokenDataEqual(self, token_id, token, token_data):
|
def assertTokenDataEqual(self, token_id, token, token_data):
|
||||||
|
@ -92,7 +93,7 @@ class V2UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
|
||||||
admin=BASE_URI,
|
admin=BASE_URI,
|
||||||
internal=BASE_URI)
|
internal=BASE_URI)
|
||||||
|
|
||||||
self.configure_middleware(auth_plugin='v2password',
|
self.configure_middleware(auth_type='v2password',
|
||||||
auth_url='%s/v2.0/' % AUTH_URL,
|
auth_url='%s/v2.0/' % AUTH_URL,
|
||||||
user_id=self.service_token.user_id,
|
user_id=self.service_token.user_id,
|
||||||
password=uuid.uuid4().hex,
|
password=uuid.uuid4().hex,
|
||||||
|
@ -155,7 +156,7 @@ class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
|
||||||
admin=BASE_URI,
|
admin=BASE_URI,
|
||||||
internal=BASE_URI)
|
internal=BASE_URI)
|
||||||
|
|
||||||
self.configure_middleware(auth_plugin='v3password',
|
self.configure_middleware(auth_type='v3password',
|
||||||
auth_url='%s/v3/' % AUTH_URL,
|
auth_url='%s/v3/' % AUTH_URL,
|
||||||
user_id=self.service_token.user_id,
|
user_id=self.service_token.user_id,
|
||||||
password=uuid.uuid4().hex,
|
password=uuid.uuid4().hex,
|
||||||
|
|
|
@ -15,8 +15,8 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
import fixtures
|
import fixtures
|
||||||
|
from keystoneauth1 import fixture
|
||||||
from keystoneclient.common import cms
|
from keystoneclient.common import cms
|
||||||
from keystoneclient import fixture
|
|
||||||
from keystoneclient import utils
|
from keystoneclient import utils
|
||||||
from oslo_serialization import jsonutils
|
from oslo_serialization import jsonutils
|
||||||
from oslo_utils import timeutils
|
from oslo_utils import timeutils
|
||||||
|
|
|
@ -64,7 +64,7 @@ class OptsTestCase(utils.TestCase):
|
||||||
'enforce_token_bind',
|
'enforce_token_bind',
|
||||||
'check_revocations_for_cached',
|
'check_revocations_for_cached',
|
||||||
'hash_algorithms',
|
'hash_algorithms',
|
||||||
'auth_plugin',
|
'auth_type',
|
||||||
'auth_section',
|
'auth_section',
|
||||||
]
|
]
|
||||||
opt_names = [o.name for (g, l) in result for o in l]
|
opt_names = [o.name for (g, l) in result for o in l]
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
# process, which may cause wedges in the gate later.
|
# process, which may cause wedges in the gate later.
|
||||||
|
|
||||||
Babel>=1.3
|
Babel>=1.3
|
||||||
|
keystoneauth1>=1.0.0
|
||||||
oslo.config>=2.7.0 # Apache-2.0
|
oslo.config>=2.7.0 # Apache-2.0
|
||||||
oslo.context>=0.2.0 # Apache-2.0
|
oslo.context>=0.2.0 # Apache-2.0
|
||||||
oslo.i18n>=1.5.0 # Apache-2.0
|
oslo.i18n>=1.5.0 # Apache-2.0
|
||||||
|
|
Loading…
Reference in New Issue