Merge "Move d-o-a auth library to keystoneauth"
This commit is contained in:
commit
900a8db378
@ -20,7 +20,7 @@ import pytz
|
||||
from django.conf import settings
|
||||
from django.utils.module_loading import import_string # noqa
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from keystoneclient import exceptions as keystone_exceptions
|
||||
from keystoneauth1 import exceptions as keystone_exceptions
|
||||
|
||||
from openstack_auth import exceptions
|
||||
from openstack_auth import user as auth_user
|
||||
@ -110,7 +110,7 @@ class KeystoneBackend(object):
|
||||
|
||||
try:
|
||||
unscoped_auth_ref = unscoped_auth.get_access(session)
|
||||
except keystone_exceptions.ConnectionRefused as exc:
|
||||
except keystone_exceptions.ConnectFailure as exc:
|
||||
LOG.error(str(exc))
|
||||
msg = _('Unable to establish connection to keystone endpoint.')
|
||||
raise exceptions.KeystoneAuthException(msg)
|
||||
@ -224,7 +224,8 @@ class KeystoneBackend(object):
|
||||
user = auth_user.create_user_from_token(
|
||||
request,
|
||||
auth_user.Token(scoped_auth_ref, unscoped_token=unscoped_token),
|
||||
scoped_auth_ref.service_catalog.url_for(endpoint_type=interface))
|
||||
scoped_auth_ref.service_catalog.url_for(service_type='identity',
|
||||
interface=interface))
|
||||
|
||||
if request is not None:
|
||||
request.session['unscoped_token'] = unscoped_token
|
||||
|
@ -13,7 +13,7 @@
|
||||
import abc
|
||||
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from keystoneclient import exceptions as keystone_exceptions
|
||||
from keystoneauth1 import exceptions as keystone_exceptions
|
||||
from keystoneclient.v2_0 import client as v2_client
|
||||
from keystoneclient.v3 import client as v3_client
|
||||
import six
|
||||
|
@ -12,8 +12,8 @@
|
||||
|
||||
import logging
|
||||
|
||||
from keystoneclient.auth.identity import v2 as v2_auth
|
||||
from keystoneclient.auth.identity import v3 as v3_auth
|
||||
from keystoneauth1.identity import v2 as v2_auth
|
||||
from keystoneauth1.identity import v3 as v3_auth
|
||||
|
||||
from openstack_auth.plugin import base
|
||||
from openstack_auth import utils
|
||||
|
@ -10,8 +10,8 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystoneclient.auth.identity import v2 as v2_auth
|
||||
from keystoneclient.auth.identity import v3 as v3_auth
|
||||
from keystoneauth1.identity import v2 as v2_auth
|
||||
from keystoneauth1.identity import v3 as v3_auth
|
||||
|
||||
from openstack_auth.plugin import base
|
||||
from openstack_auth import utils
|
||||
|
@ -15,8 +15,8 @@ import datetime
|
||||
import uuid
|
||||
|
||||
from django.utils import datetime_safe
|
||||
from keystoneclient import access
|
||||
from keystoneclient import service_catalog
|
||||
from keystoneauth1.access import access
|
||||
from keystoneauth1.access import service_catalog
|
||||
from keystoneclient.v2_0 import roles
|
||||
from keystoneclient.v2_0 import tenants
|
||||
from keystoneclient.v2_0 import users
|
||||
@ -116,7 +116,7 @@ def generate_test_data():
|
||||
}
|
||||
}
|
||||
|
||||
test_data.scoped_access_info = access.AccessInfo.factory(
|
||||
test_data.scoped_access_info = access.create(
|
||||
resp=None,
|
||||
body=scoped_token_dict)
|
||||
|
||||
@ -132,19 +132,12 @@ def generate_test_data():
|
||||
'serviceCatalog': [keystone_service]
|
||||
}
|
||||
}
|
||||
test_data.unscoped_access_info = access.AccessInfo.factory(
|
||||
test_data.unscoped_access_info = access.create(
|
||||
resp=None,
|
||||
body=unscoped_token_dict)
|
||||
|
||||
# Service Catalog
|
||||
test_data.service_catalog = service_catalog.ServiceCatalog.factory({
|
||||
'serviceCatalog': [keystone_service, nova_service],
|
||||
'token': {
|
||||
'id': scoped_token_dict['access']['token']['id'],
|
||||
'expires': scoped_token_dict['access']['token']['expires'],
|
||||
'user_id': user_dict['id'],
|
||||
'tenant_id': tenant_dict_1['id']
|
||||
}
|
||||
})
|
||||
test_data.service_catalog = service_catalog.ServiceCatalogV2(
|
||||
[keystone_service, nova_service])
|
||||
|
||||
return test_data
|
||||
|
@ -15,8 +15,8 @@ import datetime
|
||||
import uuid
|
||||
|
||||
from django.utils import datetime_safe
|
||||
from keystoneclient import access
|
||||
from keystoneclient import service_catalog
|
||||
from keystoneauth1.access import access
|
||||
from keystoneauth1.access import service_catalog
|
||||
from keystoneclient.v3 import domains
|
||||
from keystoneclient.v3 import projects
|
||||
from keystoneclient.v3 import roles
|
||||
@ -211,7 +211,7 @@ def generate_test_data():
|
||||
}
|
||||
}
|
||||
|
||||
test_data.scoped_access_info = access.AccessInfo.factory(
|
||||
test_data.scoped_access_info = access.create(
|
||||
resp=auth_response,
|
||||
body=scoped_token_dict
|
||||
)
|
||||
@ -236,7 +236,7 @@ def generate_test_data():
|
||||
'catalog': [keystone_service, nova_service]
|
||||
}
|
||||
}
|
||||
test_data.domain_scoped_access_info = access.AccessInfo.factory(
|
||||
test_data.domain_scoped_access_info = access.create(
|
||||
resp=auth_response,
|
||||
body=domain_token_dict
|
||||
)
|
||||
@ -257,17 +257,14 @@ def generate_test_data():
|
||||
}
|
||||
}
|
||||
|
||||
test_data.unscoped_access_info = access.AccessInfo.factory(
|
||||
test_data.unscoped_access_info = access.create(
|
||||
resp=auth_response,
|
||||
body=unscoped_token_dict
|
||||
)
|
||||
|
||||
# Service Catalog
|
||||
test_data.service_catalog = service_catalog.ServiceCatalog.factory({
|
||||
'methods': ['password'],
|
||||
'user': {},
|
||||
'catalog': [keystone_service, nova_service],
|
||||
}, token=auth_token)
|
||||
test_data.service_catalog = service_catalog.ServiceCatalogV3(
|
||||
[keystone_service, nova_service])
|
||||
|
||||
# federated user
|
||||
federated_scoped_token_dict = {
|
||||
@ -303,7 +300,7 @@ def generate_test_data():
|
||||
}
|
||||
}
|
||||
|
||||
test_data.federated_scoped_access_info = access.AccessInfo.factory(
|
||||
test_data.federated_scoped_access_info = access.create(
|
||||
resp=auth_response,
|
||||
body=federated_scoped_token_dict
|
||||
)
|
||||
@ -332,7 +329,7 @@ def generate_test_data():
|
||||
}
|
||||
}
|
||||
|
||||
test_data.federated_unscoped_access_info = access.AccessInfo.factory(
|
||||
test_data.federated_unscoped_access_info = access.create(
|
||||
resp=auth_response,
|
||||
body=federated_unscoped_token_dict
|
||||
)
|
||||
|
@ -18,11 +18,11 @@ from django.contrib import auth
|
||||
from django.core.urlresolvers import reverse
|
||||
from django import http
|
||||
from django import test
|
||||
from keystoneclient.auth.identity import v2 as auth_v2
|
||||
from keystoneclient.auth.identity import v3 as auth_v3
|
||||
from keystoneclient.auth import token_endpoint
|
||||
from keystoneclient import exceptions as keystone_exceptions
|
||||
from keystoneclient import session
|
||||
from keystoneauth1 import exceptions as keystone_exceptions
|
||||
from keystoneauth1.identity import v2 as v2_auth
|
||||
from keystoneauth1.identity import v3 as v3_auth
|
||||
from keystoneauth1 import session
|
||||
from keystoneauth1 import token_endpoint
|
||||
from keystoneclient.v2_0 import client as client_v2
|
||||
from keystoneclient.v3 import client as client_v3
|
||||
import mock
|
||||
@ -100,7 +100,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
def setUp(self):
|
||||
super(OpenStackAuthTestsV2, self).setUp()
|
||||
|
||||
if self.interface:
|
||||
if getattr(self, 'interface', None):
|
||||
override = self.settings(OPENSTACK_ENDPOINT_TYPE=self.interface)
|
||||
override.enable()
|
||||
self.addCleanup(override.disable)
|
||||
@ -116,8 +116,8 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0"
|
||||
|
||||
self.mox.StubOutClassWithMocks(token_endpoint, 'Token')
|
||||
self.mox.StubOutClassWithMocks(auth_v2, 'Token')
|
||||
self.mox.StubOutClassWithMocks(auth_v2, 'Password')
|
||||
self.mox.StubOutClassWithMocks(v2_auth, 'Token')
|
||||
self.mox.StubOutClassWithMocks(v2_auth, 'Password')
|
||||
self.mox.StubOutClassWithMocks(client_v2, 'Client')
|
||||
|
||||
def _mock_unscoped_list_tenants(self, client, tenants):
|
||||
@ -152,7 +152,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
if not url:
|
||||
url = settings.OPENSTACK_KEYSTONE_URL
|
||||
|
||||
return auth_v2.Password(auth_url=url,
|
||||
return v2_auth.Password(auth_url=url,
|
||||
password=password,
|
||||
username=username)
|
||||
|
||||
@ -163,7 +163,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
if not url:
|
||||
url = settings.OPENSTACK_KEYSTONE_URL
|
||||
|
||||
return auth_v2.Token(auth_url=url,
|
||||
return v2_auth.Token(auth_url=url,
|
||||
token=token,
|
||||
tenant_id=project_id,
|
||||
reauthenticate=False)
|
||||
@ -332,7 +332,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
scoped = self.data.scoped_access_info
|
||||
sc = self.data.service_catalog
|
||||
et = getattr(settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL')
|
||||
endpoint = sc.url_for(endpoint_type=et)
|
||||
endpoint = sc.url_for(service_type='identity', interface=et)
|
||||
|
||||
form_data = self.get_form_data(user)
|
||||
|
||||
@ -354,7 +354,7 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
|
||||
|
||||
url = reverse('switch_tenants', args=[tenant.id])
|
||||
|
||||
scoped['token']['tenant']['id'] = self.data.tenant_two.id
|
||||
scoped._token['tenant']['id'] = self.data.tenant_two.id
|
||||
|
||||
if next:
|
||||
form_data.update({auth.REDIRECT_FIELD_NAME: next})
|
||||
@ -492,7 +492,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
if not url:
|
||||
url = settings.OPENSTACK_KEYSTONE_URL
|
||||
|
||||
return auth_v3.Password(auth_url=url,
|
||||
return v3_auth.Password(auth_url=url,
|
||||
password=password,
|
||||
username=username,
|
||||
user_domain_name=DEFAULT_DOMAIN,
|
||||
@ -507,12 +507,12 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
url = settings.OPENSTACK_KEYSTONE_URL
|
||||
|
||||
if domain_name:
|
||||
return auth_v3.Token(auth_url=url,
|
||||
return v3_auth.Token(auth_url=url,
|
||||
token=token,
|
||||
domain_name=domain_name,
|
||||
reauthenticate=False)
|
||||
else:
|
||||
return auth_v3.Token(auth_url=url,
|
||||
return v3_auth.Token(auth_url=url,
|
||||
token=token,
|
||||
project_id=project_id,
|
||||
reauthenticate=False)
|
||||
@ -535,8 +535,8 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3"
|
||||
|
||||
self.mox.StubOutClassWithMocks(token_endpoint, 'Token')
|
||||
self.mox.StubOutClassWithMocks(auth_v3, 'Token')
|
||||
self.mox.StubOutClassWithMocks(auth_v3, 'Password')
|
||||
self.mox.StubOutClassWithMocks(v3_auth, 'Token')
|
||||
self.mox.StubOutClassWithMocks(v3_auth, 'Password')
|
||||
self.mox.StubOutClassWithMocks(client_v3, 'Client')
|
||||
|
||||
def test_login(self):
|
||||
@ -696,7 +696,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
self._mock_scoped_client_for_tenant(
|
||||
scoped,
|
||||
project.id,
|
||||
url=sc.url_for(endpoint_type=et),
|
||||
url=sc.url_for(service_type='identity', interface=et),
|
||||
client=False)
|
||||
|
||||
self.mox.ReplayAll()
|
||||
@ -711,7 +711,7 @@ class OpenStackAuthTestsV3(OpenStackAuthTestsMixin, test.TestCase):
|
||||
|
||||
url = reverse('switch_tenants', args=[project.id])
|
||||
|
||||
scoped['project']['id'] = self.data.project_two.id
|
||||
scoped._project['id'] = self.data.project_two.id
|
||||
|
||||
if next:
|
||||
form_data.update({auth.REDIRECT_FIELD_NAME: next})
|
||||
@ -800,7 +800,7 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin, test.TestCase):
|
||||
if not url:
|
||||
url = settings.OPENSTACK_KEYSTONE_URL
|
||||
|
||||
return auth_v3.Token(auth_url=url,
|
||||
return v3_auth.Token(auth_url=url,
|
||||
token=token,
|
||||
project_id=project_id,
|
||||
reauthenticate=False)
|
||||
@ -854,8 +854,8 @@ class OpenStackAuthTestsWebSSO(OpenStackAuthTestsMixin, test.TestCase):
|
||||
}
|
||||
|
||||
self.mox.StubOutClassWithMocks(token_endpoint, 'Token')
|
||||
self.mox.StubOutClassWithMocks(auth_v3, 'Token')
|
||||
self.mox.StubOutClassWithMocks(auth_v3, 'Password')
|
||||
self.mox.StubOutClassWithMocks(v3_auth, 'Token')
|
||||
self.mox.StubOutClassWithMocks(v3_auth, 'Password')
|
||||
self.mox.StubOutClassWithMocks(client_v3, 'Client')
|
||||
|
||||
def test_login_form(self):
|
||||
|
@ -17,8 +17,8 @@ import logging
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import models
|
||||
from django.db import models as db_models
|
||||
from keystoneauth1 import exceptions as keystone_exceptions
|
||||
from keystoneclient.common import cms as keystone_cms
|
||||
from keystoneclient import exceptions as keystone_exceptions
|
||||
import six
|
||||
|
||||
from openstack_auth import utils
|
||||
@ -113,13 +113,8 @@ class Token(object):
|
||||
|
||||
# Federation-related attributes
|
||||
self.is_federated = auth_ref.is_federated
|
||||
|
||||
if auth_ref.version == 'v2.0':
|
||||
self.roles = auth_ref['user'].get('roles', [])
|
||||
else:
|
||||
self.roles = auth_ref.get('roles', [])
|
||||
|
||||
self.serviceCatalog = auth_ref.service_catalog.get_data()
|
||||
self.roles = [{'name': role} for role in auth_ref.role_names]
|
||||
self.serviceCatalog = auth_ref.service_catalog.catalog
|
||||
|
||||
|
||||
class User(models.AbstractBaseUser, models.AnonymousUser):
|
||||
|
@ -19,10 +19,10 @@ from django.contrib import auth
|
||||
from django.contrib.auth import middleware
|
||||
from django.contrib.auth import models
|
||||
from django.utils import timezone
|
||||
from keystoneclient.auth.identity import v2 as v2_auth
|
||||
from keystoneclient.auth.identity import v3 as v3_auth
|
||||
from keystoneclient.auth import token_endpoint
|
||||
from keystoneclient import session
|
||||
from keystoneauth1.identity import v2 as v2_auth
|
||||
from keystoneauth1.identity import v3 as v3_auth
|
||||
from keystoneauth1 import session
|
||||
from keystoneauth1 import token_endpoint
|
||||
from keystoneclient.v2_0 import client as client_v2
|
||||
from keystoneclient.v3 import client as client_v3
|
||||
from six.moves.urllib import parse as urlparse
|
||||
|
@ -28,8 +28,8 @@ from django.views.decorators.cache import never_cache # noqa
|
||||
from django.views.decorators.csrf import csrf_exempt # noqa
|
||||
from django.views.decorators.csrf import csrf_protect # noqa
|
||||
from django.views.decorators.debug import sensitive_post_parameters # noqa
|
||||
from keystoneclient.auth import token_endpoint
|
||||
from keystoneclient import exceptions as keystone_exceptions
|
||||
from keystoneauth1 import exceptions as keystone_exceptions
|
||||
from keystoneauth1 import token_endpoint
|
||||
import six
|
||||
|
||||
from openstack_auth import exceptions
|
||||
|
@ -6,4 +6,5 @@ Django<1.9,>=1.8
|
||||
oslo.config>=2.7.0 # Apache-2.0
|
||||
oslo.policy>=0.5.0 # Apache-2.0
|
||||
python-keystoneclient!=1.8.0,>=1.6.0
|
||||
keystoneauth1>=2.1.0
|
||||
six>=1.9.0
|
||||
|
Loading…
Reference in New Issue
Block a user