Expose audit_id via AccessInfo

The audit_id is now a standard part of the v2 and v3 tokens. Expose it via AccessInfo so that it is usable for services and middleware. Change-Id: I14ddcfee5434084ad9da73c384e6f456602fdd2b Closes-Bug: #1437129
2015-03-27 14:03:20 +11:00
parent b0dd0ce80d
commit 01ac047e9e
3 changed files with 116 additions and 2 deletions
--- a/keystoneclient/access.py
+++ b/keystoneclient/access.py
@@ -400,6 +400,35 @@ class AccessInfo(dict):
        """
        raise NotImplementedError()

+    @property
+    def audit_id(self):
+        """Return the audit ID if present.
+
+        :returns: str or None.
+        """
+        raise NotImplementedError()
+
+    @property
+    def audit_chain_id(self):
+        """Return the audit chain ID if present.
+
+        In the event that a token was rescoped then this ID will be the
+        :py:attr:`audit_id` of the initial token. Returns None if no value
+        present.
+
+        :returns: str or None.
+        """
+        raise NotImplementedError()
+
+    @property
+    def initial_audit_id(self):
+        """The audit ID of the initially requested token.
+
+        This is the :py:attr:`audit_chain_id` if present or the
+        :py:attr:`audit_id`.
+        """
+        return self.audit_chain_id or self.audit_id
+

 class AccessInfoV2(AccessInfo):
    """An object for encapsulating a raw v2 auth token from identity
@@ -592,6 +621,20 @@ class AccessInfoV2(AccessInfo):
    def is_federated(self):
        return False

+    @property
+    def audit_id(self):
+        try:
+            return self['token'].get('audit_ids', [])[0]
+        except IndexError:
+            return None
+
+    @property
+    def audit_chain_id(self):
+        try:
+            return self['token'].get('audit_ids', [])[1]
+        except IndexError:
+            return None
+

 class AccessInfoV3(AccessInfo):
    """An object for encapsulating a raw v3 auth token from identity
@@ -760,3 +803,17 @@ class AccessInfoV3(AccessInfo):
    @property
    def oauth_consumer_id(self):
        return self.get('OS-OAUTH1', {}).get('consumer_id')
+
+    @property
+    def audit_id(self):
+        try:
+            return self.get('audit_ids', [])[0]
+        except IndexError:
+            return None
+
+    @property
+    def audit_chain_id(self):
+        try:
+            return self.get('audit_ids', [])[1]
+        except IndexError:
+            return None
--- a/keystoneclient/fixture/v2.py
+++ b/keystoneclient/fixture/v2.py
@@ -43,12 +43,14 @@ class Token(dict):

    def __init__(self, token_id=None, expires=None, issued=None,
                 tenant_id=None, tenant_name=None, user_id=None,
-                 user_name=None, trust_id=None, trustee_user_id=None):
+                 user_name=None, trust_id=None, trustee_user_id=None,
+                 audit_id=None, audit_chain_id=None):
        super(Token, self).__init__()

        self.token_id = token_id or uuid.uuid4().hex
        self.user_id = user_id or uuid.uuid4().hex
        self.user_name = user_name or uuid.uuid4().hex
+        self.audit_id = audit_id or uuid.uuid4().hex

        if not issued:
            issued = timeutils.utcnow() - datetime.timedelta(minutes=2)
@@ -76,6 +78,9 @@ class Token(dict):
            self.set_trust(id=trust_id,
                           trustee_user_id=trustee_user_id or user_id)

+        if audit_chain_id:
+            self.audit_chain_id = audit_chain_id
+
    @property
    def root(self):
        return self.setdefault('access', {})
@@ -180,6 +185,30 @@ class Token(dict):
    def trustee_user_id(self, value):
        self.root.setdefault('trust', {})['trustee_user_id'] = value

+    @property
+    def audit_id(self):
+        try:
+            return self._token.get('audit_ids', [])[0]
+        except IndexError:
+            return None
+
+    @audit_id.setter
+    def audit_id(self, value):
+        audit_chain_id = self.audit_chain_id
+        lval = [value] if audit_chain_id else [value, audit_chain_id]
+        self._token['audit_ids'] = lval
+
+    @property
+    def audit_chain_id(self):
+        try:
+            return self._token.get('audit_ids', [])[1]
+        except IndexError:
+            return None
+
+    @audit_chain_id.setter
+    def audit_chain_id(self, value):
+        self._token['audit_ids'] = [self.audit_id, value]
+
    def validate(self):
        scoped = 'tenant' in self.token
        catalog = self.root.get('serviceCatalog')
--- a/keystoneclient/fixture/v3.py
+++ b/keystoneclient/fixture/v3.py
@@ -62,13 +62,14 @@ class Token(dict):
                 project_domain_name=None, domain_id=None, domain_name=None,
                 trust_id=None, trust_impersonation=None, trustee_user_id=None,
                 trustor_user_id=None, oauth_access_token_id=None,
-                 oauth_consumer_id=None):
+                 oauth_consumer_id=None, audit_id=None, audit_chain_id=None):
        super(Token, self).__init__()

        self.user_id = user_id or uuid.uuid4().hex
        self.user_name = user_name or uuid.uuid4().hex
        self.user_domain_id = user_domain_id or uuid.uuid4().hex
        self.user_domain_name = user_domain_name or uuid.uuid4().hex
+        self.audit_id = audit_id or uuid.uuid4().hex

        if not methods:
            methods = ['password']
@@ -113,6 +114,9 @@ class Token(dict):
            self.set_oauth(access_token_id=oauth_access_token_id,
                           consumer_id=oauth_consumer_id)

+        if audit_chain_id:
+            self.audit_chain_id = audit_chain_id
+
    @property
    def root(self):
        return self.setdefault('token', {})
@@ -295,6 +299,30 @@ class Token(dict):
    def oauth_consumer_id(self, value):
        self.root.setdefault('OS-OAUTH1', {})['consumer_id'] = value

+    @property
+    def audit_id(self):
+        try:
+            return self.root.get('audit_ids', [])[0]
+        except IndexError:
+            return None
+
+    @audit_id.setter
+    def audit_id(self, value):
+        audit_chain_id = self.audit_chain_id
+        lval = [value] if audit_chain_id else [value, audit_chain_id]
+        self.root['audit_ids'] = lval
+
+    @property
+    def audit_chain_id(self):
+        try:
+            return self.root.get('audit_ids', [])[1]
+        except IndexError:
+            return None
+
+    @audit_chain_id.setter
+    def audit_chain_id(self, value):
+        self.root['audit_ids'] = [self.audit_id, value]
+
    def validate(self):
        project = self.root.get('project')
        domain = self.root.get('domain')