openstack/deb-python-keystonemiddleware
Code Issues Proposed changes

Merge "Add keystone v3 API to fetch revocation list"

Browse Source
This commit is contained in:
Jenkins
2015-05-12 15:32:42 +00:00
committed by Gerrit Code Review
parent 7940e100ad 194e00a630
commit de7a54efd3
2 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
keystonemiddleware/auth_token/_identity.py
View File

@@ -35,6 +35,9 @@ class _RequestStrategy(object):
def fetch_cert_file(self, cert_type): def fetch_cert_file(self, cert_type):
pass pass
def fetch_revocation_list(self):
pass
class _V2RequestStrategy(_RequestStrategy): class _V2RequestStrategy(_RequestStrategy):
@@ -55,6 +58,9 @@ class _V2RequestStrategy(_RequestStrategy):
elif cert_type == 'signing': elif cert_type == 'signing':
return self._client.certificates.get_signing_certificate() return self._client.certificates.get_signing_certificate()
def fetch_revocation_list(self):
return self._client.tokens.get_revoked()
class _V3RequestStrategy(_RequestStrategy): class _V3RequestStrategy(_RequestStrategy):
@@ -77,6 +83,9 @@ class _V3RequestStrategy(_RequestStrategy):
elif cert_type == 'signing': elif cert_type == 'signing':
return self._client.simple_cert.get_certificates() return self._client.simple_cert.get_certificates()
def fetch_revocation_list(self):
return self._client.tokens.get_revoked()
_REQUEST_STRATEGIES = [_V3RequestStrategy, _V2RequestStrategy] _REQUEST_STRATEGIES = [_V3RequestStrategy, _V2RequestStrategy]
@@ -101,8 +110,6 @@ class IdentityServer(object):
# Built on-demand with self._request_strategy. # Built on-demand with self._request_strategy.
self._request_strategy_obj = None self._request_strategy_obj = None
self._v2_client = v2_client.Client(session=self._adapter)
@property @property
def auth_uri(self): def auth_uri(self):
auth_uri = self._adapter.get_endpoint(interface=auth.AUTH_INTERFACE) auth_uri = self._adapter.get_endpoint(interface=auth.AUTH_INTERFACE)
@@ -189,7 +196,7 @@ class IdentityServer(object):
def fetch_revocation_list(self): def fetch_revocation_list(self):
try: try:
data = self._v2_client.tokens.get_revoked() data = self._request_strategy.fetch_revocation_list()
except exceptions.HTTPError as e: except exceptions.HTTPError as e:
msg = _('Failed to fetch token revocation list: %d') msg = _('Failed to fetch token revocation list: %d')
raise exc.RevocationListError(msg % e.http_status) raise exc.RevocationListError(msg % e.http_status)

16
keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
View File

@@ -974,8 +974,7 @@ class CommonAuthTokenMiddlewareTest(object):
in_memory_list) in_memory_list)
def test_invalid_revocation_list_raises_error(self): def test_invalid_revocation_list_raises_error(self):
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI, json={}) self.requests_mock.get(self.revocation_url, json={})
self.assertRaises(exc.RevocationListError, self.assertRaises(exc.RevocationListError,
self.middleware._revocations._fetch) self.middleware._revocations._fetch)
@@ -1559,7 +1558,8 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.requests_mock.post('%s/v2.0/tokens' % BASE_URI, self.requests_mock.post('%s/v2.0/tokens' % BASE_URI,
text=FAKE_ADMIN_TOKEN) text=FAKE_ADMIN_TOKEN)
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI, self.revocation_url = '%s/v2.0/tokens/revoked' % BASE_URI
self.requests_mock.get(self.revocation_url,
text=self.examples.SIGNED_REVOCATION_LIST) text=self.examples.SIGNED_REVOCATION_LIST)
for token in (self.examples.UUID_TOKEN_DEFAULT, for token in (self.examples.UUID_TOKEN_DEFAULT,
@@ -1768,8 +1768,8 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.requests_mock.post('%s/v2.0/tokens' % BASE_URI, self.requests_mock.post('%s/v2.0/tokens' % BASE_URI,
text=FAKE_ADMIN_TOKEN) text=FAKE_ADMIN_TOKEN)
# TODO(jamielennox): there is no v3 revocation url yet, it uses v2 self.revocation_url = '%s/v3/auth/tokens/OS-PKI/revoked' % BASE_URI
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI, self.requests_mock.get(self.revocation_url,
text=self.examples.SIGNED_REVOCATION_LIST) text=self.examples.SIGNED_REVOCATION_LIST)
self.requests_mock.get('%s/v3/auth/tokens' % BASE_URI, self.requests_mock.get('%s/v3/auth/tokens' % BASE_URI,
@@ -1862,8 +1862,7 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.token_dict['signed_token_scoped_pkiz']) self.token_dict['signed_token_scoped_pkiz'])
def test_fallback_to_online_validation_with_revocation_list_error(self): def test_fallback_to_online_validation_with_revocation_list_error(self):
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI, self.requests_mock.get(self.revocation_url, status_code=404)
status_code=404)
self.assert_valid_request_200(self.token_dict['signed_token_scoped']) self.assert_valid_request_200(self.token_dict['signed_token_scoped'])
self.assert_valid_request_200( self.assert_valid_request_200(
self.token_dict['signed_token_scoped_pkiz']) self.token_dict['signed_token_scoped_pkiz'])
@@ -2494,8 +2493,7 @@ class v3CompositeAuthTests(BaseAuthTokenMiddlewareTest,
self.requests_mock.post('%s/v2.0/tokens' % BASE_URI, self.requests_mock.post('%s/v2.0/tokens' % BASE_URI,
text=FAKE_ADMIN_TOKEN) text=FAKE_ADMIN_TOKEN)
# TODO(jamielennox): there is no v3 revocation url yet, it uses v2 self.requests_mock.get('%s/v3/auth/tokens/OS-PKI/revoked' % BASE_URI,
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI,
text=self.examples.SIGNED_REVOCATION_LIST) text=self.examples.SIGNED_REVOCATION_LIST)
self.requests_mock.get('%s/v3/auth/tokens' % BASE_URI, self.requests_mock.get('%s/v3/auth/tokens' % BASE_URI,