openstack/deb-keystone
Code Issues Proposed changes

add cadf notifications for oauth

Browse Source 
Adds support for cadf notifications for create/update/delete of
consumers, request tokens and access tokens.

Change-Id: Iaa8e148cde3af881c8b573ab9d27bf366134c865
This commit is contained in:
Steve Martinelli
2015-02-25 04:03:33 -05:00
parent fb838489a4
commit 969f72b692
4 changed files with 170 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
keystone/contrib/oauth1/controllers.py
View File

@@ -59,7 +59,8 @@ class ConsumerCrudV3(controller.V3Controller):
@controller.protected()
def create_consumer(self, context, consumer):
ref = self._assign_unique_id(self._normalize_dict(consumer))
consumer_ref = self.oauth_api.create_consumer(ref)
initiator = notifications._get_request_audit_info(context)
consumer_ref = self.oauth_api.create_consumer(ref, initiator)
return ConsumerCrudV3.wrap_member(context, consumer_ref)
@controller.protected()
@@ -67,7 +68,8 @@ class ConsumerCrudV3(controller.V3Controller):
self._require_matching_id(consumer_id, consumer)
ref = self._normalize_dict(consumer)
self._validate_consumer_ref(ref)
ref = self.oauth_api.update_consumer(consumer_id, ref)
initiator = notifications._get_request_audit_info(context)
ref = self.oauth_api.update_consumer(consumer_id, ref, initiator)
return ConsumerCrudV3.wrap_member(context, ref)
@controller.protected()
@@ -89,7 +91,8 @@ class ConsumerCrudV3(controller.V3Controller):
payload = {'user_id': user_token_ref.user_id,
'consumer_id': consumer_id}
_emit_user_oauth_consumer_token_invalidate(payload)
self.oauth_api.delete_consumer(consumer_id)
initiator = notifications._get_request_audit_info(context)
self.oauth_api.delete_consumer(consumer_id, initiator)
def _validate_consumer_ref(self, consumer):
if 'secret' in consumer:
@@ -138,8 +141,9 @@ class AccessTokenCrudV3(controller.V3Controller):
consumer_id = access_token['consumer_id']
payload = {'user_id': user_id, 'consumer_id': consumer_id}
_emit_user_oauth_consumer_token_invalidate(payload)
initiator = notifications._get_request_audit_info(context)
return self.oauth_api.delete_access_token(
user_id, access_token_id)
user_id, access_token_id, initiator)
@staticmethod
def _get_user_id(entity):
@@ -245,9 +249,11 @@ class OAuthControllerV3(controller.V3Controller):
raise exception.Unauthorized(message=msg)
request_token_duration = CONF.oauth1.request_token_duration
initiator = notifications._get_request_audit_info(context)
token_ref = self.oauth_api.create_request_token(consumer_id,
requested_project_id,
request_token_duration)
request_token_duration,
initiator)
result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s'
% {'key': token_ref['id'],
@@ -324,8 +330,10 @@ class OAuthControllerV3(controller.V3Controller):
raise exception.Unauthorized(message=msg)
access_token_duration = CONF.oauth1.access_token_duration
initiator = notifications._get_request_audit_info(context)
token_ref = self.oauth_api.create_access_token(request_token_id,
access_token_duration)
access_token_duration,
initiator)
result = ('oauth_token=%(key)s&oauth_token_secret=%(secret)s'
% {'key': token_ref['id'],

47
keystone/contrib/oauth1/core.py
View File

@@ -158,32 +158,41 @@ class Manager(manager.Manager):
def __init__(self):
super(Manager, self).__init__(CONF.oauth1.driver)
@notifications.created(_CONSUMER)
def create_consumer(self, consumer_ref):
return self.driver.create_consumer(consumer_ref)
def create_consumer(self, consumer_ref, initiator=None):
ret = self.driver.create_consumer(consumer_ref)
notifications.Audit.created(self._CONSUMER, ret['id'], initiator)
return ret
@notifications.updated(_CONSUMER)
def update_consumer(self, consumer_id, consumer_ref):
return self.driver.update_consumer(consumer_id, consumer_ref)
def update_consumer(self, consumer_id, consumer_ref, initiator=None):
ret = self.driver.update_consumer(consumer_id, consumer_ref)
notifications.Audit.updated(self._CONSUMER, consumer_id, initiator)
return ret
@notifications.deleted(_CONSUMER)
def delete_consumer(self, consumer_id):
return self.driver.delete_consumer(consumer_id)
def delete_consumer(self, consumer_id, initiator=None):
ret = self.driver.delete_consumer(consumer_id)
notifications.Audit.deleted(self._CONSUMER, consumer_id, initiator)
return ret
@notifications.created(_ACCESS_TOKEN)
def create_access_token(self, request_id, access_token_duration):
return self.driver.create_access_token(request_id,
access_token_duration)
def create_access_token(self, request_id, access_token_duration,
initiator=None):
ret = self.driver.create_access_token(request_id,
access_token_duration)
notifications.Audit.created(self._ACCESS_TOKEN, ret['id'], initiator)
return ret
@notifications.deleted(_ACCESS_TOKEN, resource_id_arg_index=2)
def delete_access_token(self, user_id, access_token_id):
return self.driver.delete_access_token(user_id, access_token_id)
def delete_access_token(self, user_id, access_token_id, initiator=None):
ret = self.driver.delete_access_token(user_id, access_token_id)
notifications.Audit.deleted(self._ACCESS_TOKEN, access_token_id,
initiator)
return ret
@notifications.created(_REQUEST_TOKEN, resource_id_arg_index=2)
def create_request_token(self, consumer_id, requested_project,
request_token_duration):
return self.driver.create_request_token(
request_token_duration, initiator=None):
ret = self.driver.create_request_token(
consumer_id, requested_project, request_token_duration)
notifications.Audit.created(self._REQUEST_TOKEN, ret['id'],
initiator)
return ret
@six.add_metaclass(abc.ABCMeta)