From 01ac047e9e7aee53132a4922bfb3c00e9597a2ce Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Fri, 27 Mar 2015 14:03:20 +1100 Subject: [PATCH] Expose audit_id via AccessInfo The audit_id is now a standard part of the v2 and v3 tokens. Expose it via AccessInfo so that it is usable for services and middleware. Change-Id: I14ddcfee5434084ad9da73c384e6f456602fdd2b Closes-Bug: #1437129 --- keystoneclient/access.py | 57 ++++++++++++++++++++++++++++++++++++ keystoneclient/fixture/v2.py | 31 +++++++++++++++++++- keystoneclient/fixture/v3.py | 30 ++++++++++++++++++- 3 files changed, 116 insertions(+), 2 deletions(-) diff --git a/keystoneclient/access.py b/keystoneclient/access.py index 8217de8..009b72e 100644 --- a/keystoneclient/access.py +++ b/keystoneclient/access.py @@ -400,6 +400,35 @@ class AccessInfo(dict): """ raise NotImplementedError() + @property + def audit_id(self): + """Return the audit ID if present. + + :returns: str or None. + """ + raise NotImplementedError() + + @property + def audit_chain_id(self): + """Return the audit chain ID if present. + + In the event that a token was rescoped then this ID will be the + :py:attr:`audit_id` of the initial token. Returns None if no value + present. + + :returns: str or None. + """ + raise NotImplementedError() + + @property + def initial_audit_id(self): + """The audit ID of the initially requested token. + + This is the :py:attr:`audit_chain_id` if present or the + :py:attr:`audit_id`. + """ + return self.audit_chain_id or self.audit_id + class AccessInfoV2(AccessInfo): """An object for encapsulating a raw v2 auth token from identity @@ -592,6 +621,20 @@ class AccessInfoV2(AccessInfo): def is_federated(self): return False + @property + def audit_id(self): + try: + return self['token'].get('audit_ids', [])[0] + except IndexError: + return None + + @property + def audit_chain_id(self): + try: + return self['token'].get('audit_ids', [])[1] + except IndexError: + return None + class AccessInfoV3(AccessInfo): """An object for encapsulating a raw v3 auth token from identity @@ -760,3 +803,17 @@ class AccessInfoV3(AccessInfo): @property def oauth_consumer_id(self): return self.get('OS-OAUTH1', {}).get('consumer_id') + + @property + def audit_id(self): + try: + return self.get('audit_ids', [])[0] + except IndexError: + return None + + @property + def audit_chain_id(self): + try: + return self.get('audit_ids', [])[1] + except IndexError: + return None diff --git a/keystoneclient/fixture/v2.py b/keystoneclient/fixture/v2.py index cd4207b..3d6898b 100644 --- a/keystoneclient/fixture/v2.py +++ b/keystoneclient/fixture/v2.py @@ -43,12 +43,14 @@ class Token(dict): def __init__(self, token_id=None, expires=None, issued=None, tenant_id=None, tenant_name=None, user_id=None, - user_name=None, trust_id=None, trustee_user_id=None): + user_name=None, trust_id=None, trustee_user_id=None, + audit_id=None, audit_chain_id=None): super(Token, self).__init__() self.token_id = token_id or uuid.uuid4().hex self.user_id = user_id or uuid.uuid4().hex self.user_name = user_name or uuid.uuid4().hex + self.audit_id = audit_id or uuid.uuid4().hex if not issued: issued = timeutils.utcnow() - datetime.timedelta(minutes=2) @@ -76,6 +78,9 @@ class Token(dict): self.set_trust(id=trust_id, trustee_user_id=trustee_user_id or user_id) + if audit_chain_id: + self.audit_chain_id = audit_chain_id + @property def root(self): return self.setdefault('access', {}) @@ -180,6 +185,30 @@ class Token(dict): def trustee_user_id(self, value): self.root.setdefault('trust', {})['trustee_user_id'] = value + @property + def audit_id(self): + try: + return self._token.get('audit_ids', [])[0] + except IndexError: + return None + + @audit_id.setter + def audit_id(self, value): + audit_chain_id = self.audit_chain_id + lval = [value] if audit_chain_id else [value, audit_chain_id] + self._token['audit_ids'] = lval + + @property + def audit_chain_id(self): + try: + return self._token.get('audit_ids', [])[1] + except IndexError: + return None + + @audit_chain_id.setter + def audit_chain_id(self, value): + self._token['audit_ids'] = [self.audit_id, value] + def validate(self): scoped = 'tenant' in self.token catalog = self.root.get('serviceCatalog') diff --git a/keystoneclient/fixture/v3.py b/keystoneclient/fixture/v3.py index 4f3d1f1..646e46d 100644 --- a/keystoneclient/fixture/v3.py +++ b/keystoneclient/fixture/v3.py @@ -62,13 +62,14 @@ class Token(dict): project_domain_name=None, domain_id=None, domain_name=None, trust_id=None, trust_impersonation=None, trustee_user_id=None, trustor_user_id=None, oauth_access_token_id=None, - oauth_consumer_id=None): + oauth_consumer_id=None, audit_id=None, audit_chain_id=None): super(Token, self).__init__() self.user_id = user_id or uuid.uuid4().hex self.user_name = user_name or uuid.uuid4().hex self.user_domain_id = user_domain_id or uuid.uuid4().hex self.user_domain_name = user_domain_name or uuid.uuid4().hex + self.audit_id = audit_id or uuid.uuid4().hex if not methods: methods = ['password'] @@ -113,6 +114,9 @@ class Token(dict): self.set_oauth(access_token_id=oauth_access_token_id, consumer_id=oauth_consumer_id) + if audit_chain_id: + self.audit_chain_id = audit_chain_id + @property def root(self): return self.setdefault('token', {}) @@ -295,6 +299,30 @@ class Token(dict): def oauth_consumer_id(self, value): self.root.setdefault('OS-OAUTH1', {})['consumer_id'] = value + @property + def audit_id(self): + try: + return self.root.get('audit_ids', [])[0] + except IndexError: + return None + + @audit_id.setter + def audit_id(self, value): + audit_chain_id = self.audit_chain_id + lval = [value] if audit_chain_id else [value, audit_chain_id] + self.root['audit_ids'] = lval + + @property + def audit_chain_id(self): + try: + return self.root.get('audit_ids', [])[1] + except IndexError: + return None + + @audit_chain_id.setter + def audit_chain_id(self, value): + self.root['audit_ids'] = [self.audit_id, value] + def validate(self): project = self.root.get('project') domain = self.root.get('domain')