Merge "Use the AccessInfoPlugin from keystoneclient"
This commit is contained in:
commit
558a71adf4
@ -12,7 +12,7 @@
|
||||
# under the License.
|
||||
|
||||
from keystoneclient import access
|
||||
from keystoneclient.auth.identity import base
|
||||
from keystoneclient.auth.identity import access as access_plugin
|
||||
from keystoneclient.auth.identity import v3
|
||||
from keystoneclient.auth import token_endpoint
|
||||
from oslo_config import cfg
|
||||
@ -33,41 +33,6 @@ from heat.engine import clients
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
# FIXME(jamielennox): I copied this out of a review that is proposed against
|
||||
# keystoneclient which can be used when available.
|
||||
# https://review.openstack.org/#/c/143338/
|
||||
class _AccessInfoPlugin(base.BaseIdentityPlugin):
|
||||
"""A plugin that turns an existing AccessInfo object into a usable plugin.
|
||||
|
||||
In certain circumstances you already have an auth_ref/AccessInfo object
|
||||
that you just want to reuse. This could have been from a cache, in
|
||||
auth_token middleware or other.
|
||||
|
||||
Turn that existing object into a simple identity plugin. This plugin cannot
|
||||
be refreshed as the AccessInfo object does not contain any authorizing
|
||||
information.
|
||||
|
||||
:param auth_ref: the existing AccessInfo object.
|
||||
:type auth_ref: keystoneclient.access.AccessInfo
|
||||
:param auth_url: the url where this AccessInfo was retrieved from. Required
|
||||
if using the AUTH_INTERFACE with get_endpoint. (optional)
|
||||
"""
|
||||
|
||||
def __init__(self, auth_url, auth_ref):
|
||||
super(_AccessInfoPlugin, self).__init__(auth_url=auth_url,
|
||||
reauthenticate=False)
|
||||
self.auth_ref = auth_ref
|
||||
|
||||
def get_auth_ref(self, session, **kwargs):
|
||||
return self.auth_ref
|
||||
|
||||
def invalidate(self):
|
||||
# NOTE(jamielennox): Don't allow the default invalidation to occur
|
||||
# because on next authentication request we will only get the same
|
||||
# auth_ref object again.
|
||||
return False
|
||||
|
||||
|
||||
class RequestContext(context.RequestContext):
|
||||
"""
|
||||
Stores information about the security context under which the user
|
||||
@ -180,7 +145,9 @@ class RequestContext(context.RequestContext):
|
||||
if self.auth_token_info:
|
||||
auth_ref = access.AccessInfo.factory(body=self.auth_token_info,
|
||||
auth_token=self.auth_token)
|
||||
return _AccessInfoPlugin(self._keystone_v3_endpoint, auth_ref)
|
||||
return access_plugin.AccessInfoPlugin(
|
||||
auth_url=self._keystone_v3_endpoint,
|
||||
auth_ref=auth_ref)
|
||||
|
||||
if self.auth_token:
|
||||
# FIXME(jamielennox): This is broken but consistent. If you
|
||||
|
@ -15,6 +15,7 @@ import json
|
||||
import uuid
|
||||
|
||||
from keystoneclient import access as ks_access
|
||||
from keystoneclient.auth.identity import access as ks_auth_access
|
||||
from keystoneclient.auth.identity import v3 as ks_auth_v3
|
||||
from keystoneclient.auth import token_endpoint as ks_token_endpoint
|
||||
import keystoneclient.exceptions as kc_exception
|
||||
@ -26,7 +27,6 @@ from oslo_config import cfg
|
||||
import six
|
||||
|
||||
from heat.common import config
|
||||
from heat.common import context
|
||||
from heat.common import exception
|
||||
from heat.common import heat_keystoneclient
|
||||
from heat.tests import common
|
||||
@ -50,7 +50,7 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
self.m.StubOutWithMock(kc_v3, "Client")
|
||||
self.m.StubOutWithMock(ks_auth_v3, 'Password')
|
||||
self.m.StubOutWithMock(ks_token_endpoint, 'Token')
|
||||
self.m.StubOutWithMock(context, '_AccessInfoPlugin')
|
||||
self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin')
|
||||
|
||||
dummy_url = 'http://server.test:5000/v2.0'
|
||||
cfg.CONF.set_override('auth_uri', dummy_url,
|
||||
@ -117,8 +117,9 @@ class KeystoneClientTest(common.HeatTestCase):
|
||||
p = ks_token_endpoint.Token(token='abcd1234',
|
||||
endpoint='http://server.test:5000/v3')
|
||||
elif method == 'auth_ref':
|
||||
p = context._AccessInfoPlugin('http://server.test:5000/v3',
|
||||
mox.IsA(ks_access.AccessInfo))
|
||||
p = ks_auth_access.AccessInfoPlugin(
|
||||
auth_url='http://server.test:5000/v3',
|
||||
auth_ref=mox.IsA(ks_access.AccessInfo))
|
||||
|
||||
elif method == 'password':
|
||||
p = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',
|
||||
|
Loading…
Reference in New Issue
Block a user