openstack
/
ec2-api
Code Issues Proposed changes

Merge "Use keystone service for regular context initialization"

This commit is contained in:
Jenkins 2015-09-11 10:01:51 +00:00 committed by Gerrit Code Review
parent 42463c760c 0ce917136c
commit 9463b0623b
4 changed files with 27 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
ec2api/api/__init__.py
View File

@ -18,6 +18,9 @@ Starting point for routing EC2 requests.
import hashlib
import sys
from keystoneclient import access as keystone_access
from keystoneclient.auth.identity import access as keystone_identity_access
from keystoneclient import session as keystone_session
from oslo_config import cfg
from oslo_context import context as common_context
from oslo_log import log as logging
@ -226,42 +229,28 @@ class EC2KeystoneAuth(wsgi.Middleware):
msg = response.reason
return faults.ec2_error_response(request_id, "AuthFailure", msg,
status=status_code)
result = response.json()
try:
if 'token' in result:
# NOTE(andrey-mp): response from keystone v3
token_id = response.headers['x-subject-token']
user_id = result['token']['user']['id']
project_id = result['token']['project']['id']
user_name = result['token']['user'].get('name')
project_name = result['token']['project'].get('name')
catalog = result['token']['catalog']
else:
token_id = result['access']['token']['id']
user_id = result['access']['user']['id']
project_id = result['access']['token']['tenant']['id']
user_name = result['access']['user'].get('name')
project_name = result['access']['token']['tenant'].get('name')
catalog = result['access']['serviceCatalog']
except (AttributeError, KeyError):
auth_ref = keystone_access.AccessInfo.factory(resp=response,
body=response.json())
except (NotImplementedError, KeyError):
LOG.exception(_("Keystone failure"))
msg = _("Failure communicating with keystone")
return faults.ec2_error_response(request_id, "AuthFailure", msg,
status=400)
auth = keystone_identity_access.AccessInfoPlugin(auth_ref)
session = keystone_session.Session(auth=auth)
remote_address = req.remote_addr
if CONF.use_forwarded_for:
remote_address = req.headers.get('X-Forwarded-For',
remote_address)
ctxt = context.RequestContext(user_id, project_id,
ctxt = context.RequestContext(auth_ref.user_id, auth_ref.project_id,
request_id=request_id,
user_name=user_name,
project_name=project_name,
auth_token=token_id,
user_name=auth_ref.username,
project_name=auth_ref.project_name,
remote_address=remote_address,
service_catalog=catalog,
session=session,
api_version=req.params.get('Version'))
req.environ['ec2api.context'] = ctxt

3
ec2api/api/clients.py
View File

@ -147,7 +147,8 @@ def keystone(context):
token=context.auth_token,
project_id=context.project_id,
tenant_id=context.project_id,
auth_url=CONF.keystone_url)
auth_url=CONF.keystone_url,
session=context.session)
def nova_cert(context):

5
ec2api/tests/unit/test_clients.py
View File

@ -196,9 +196,10 @@ class ClientsTestCase(base.BaseTestCase):
def test_keystone(self, keystone_client_class):
context = mock.NonCallableMock(
auth_token='fake_token',
project_id='fake_project')
project_id='fake_project',
session=None)
res = clients.keystone(context)
self.assertEqual(keystone_client_class.return_value.return_value, res)
keystone_client_class.return_value.assert_called_with(
auth_url='keystone_url', token='fake_token',
auth_url='keystone_url', token='fake_token', session=None,
tenant_id='fake_project', project_id='fake_project')

10
ec2api/tests/unit/test_middleware.py
View File

@ -162,3 +162,13 @@ class KeystoneAuthTestCase(test_base.BaseTestCase):
mock_request.assert_called_with('POST',
CONF.keystone_url + '/ec2tokens',
data=mock.ANY, headers=mock.ANY)
fake_request = mock.NonCallableMock(status_code=200, headers={})
fake_request.json.return_value = {'token': {}}
mock_request.return_value = fake_request
resp = self.kauth(req)
self._validate_ec2_error(resp, 400, 'AuthFailure')
fake_request.json.return_value = {'access': {}}
resp = self.kauth(req)
self._validate_ec2_error(resp, 400, 'AuthFailure')