Merge "Add get_ksa_client() helper"

2021-03-02 19:41:57 +00:00 · 2021-03-02 19:41:57 +00:00 · 144cdf90be
commit 144cdf90be
parent bf838242ac 782ff60cbf
2 changed files with 45 additions and 0 deletions
--- a/glance/context.py
+++ b/glance/context.py
@ -15,10 +15,31 @@

 import copy

+from keystoneauth1 import session
+from keystoneauth1 import token_endpoint
+from oslo_config import cfg
 from oslo_context import context

 from glance.api import policy

+CONF = cfg.CONF
+
+
+def get_ksa_client(context):
+    """Returns a keystoneauth Adapter using token from context.
+
+    This will return a simple keystoneauth adapter that can be used to
+    make requests against a remote service using the token provided
+    (and already authenticated) from the user and stored in a
+    RequestContext.
+
+    :param context: User request context
+    :returns: keystoneauth1 Adapter object
+    """
+    auth = token_endpoint.Token(CONF.keystone_authtoken.identity_uri,
+                                context.auth_token)
+    return session.Session(auth=auth)
+

 class RequestContext(context.RequestContext):
    """Stores information about the security context.
--- a/glance/tests/unit/test_context.py
+++ b/glance/tests/unit/test_context.py
@ -14,12 +14,17 @@
 #    under the License.

 # NOTE(jokke): simplified transition to py3, behaves like py2 xrange
+from unittest import mock
+
+from oslo_config import cfg
 from six.moves import range

 from glance import context
 from glance.tests.unit import utils as unit_utils
 from glance.tests import utils

+CONF = cfg.CONF
+

 def _fake_image(owner, is_public):
    return {
@ -200,3 +205,22 @@ class TestContext(utils.BaseTestCase):
                         sorted(admin.roles))
        self.assertEqual(['foo'], admin.service_catalog)
        self.assertTrue(admin.is_admin)
+
+    @mock.patch('keystoneauth1.token_endpoint.Token')
+    @mock.patch('keystoneauth1.session.Session')
+    def test_get_ksa_client(self, mock_session, mock_token):
+        # Make sure we can get a keystoneauth1 client from our context
+        # with the token auth as expected.
+        ctx = context.RequestContext(auth_token='token')
+        # NOTE(danms): The auth config group and options are
+        # dynamically registered.  Tickling enough of the relevant
+        # code to make that happen would significantly inflate the
+        # amount of code here for no real gain, so we just mock the
+        # CONF object.
+        CONF.register_group(cfg.OptGroup('keystone_authtoken'))
+        with mock.patch.object(CONF, 'keystone_authtoken') as ksat:
+            ksat.identity_uri = 'http://keystone'
+            client = context.get_ksa_client(ctx)
+        self.assertEqual(mock_session.return_value, client)
+        mock_session.assert_called_once_with(auth=mock_token.return_value)
+        mock_token.assert_called_once_with('http://keystone', 'token')