Add get_ksa_client() helper

This adds a method in glance.context that will give us a
keystoneauth1 client, authorized with the user's token, suitable for
calling directly to other services.

Related to blueprint distributed-image-import

Change-Id: I71ed8c80939b4cfab6a081c2f8cde63299fc7893
This commit is contained in:
Dan Smith 2021-01-13 15:16:33 -08:00
parent ed930ec512
commit 782ff60cbf
2 changed files with 45 additions and 0 deletions

View File

@ -15,10 +15,31 @@
import copy
from keystoneauth1 import session
from keystoneauth1 import token_endpoint
from oslo_config import cfg
from oslo_context import context
from glance.api import policy
CONF = cfg.CONF
def get_ksa_client(context):
"""Returns a keystoneauth Adapter using token from context.
This will return a simple keystoneauth adapter that can be used to
make requests against a remote service using the token provided
(and already authenticated) from the user and stored in a
RequestContext.
:param context: User request context
:returns: keystoneauth1 Adapter object
"""
auth = token_endpoint.Token(CONF.keystone_authtoken.identity_uri,
context.auth_token)
return session.Session(auth=auth)
class RequestContext(context.RequestContext):
"""Stores information about the security context.

View File

@ -14,12 +14,17 @@
# under the License.
# NOTE(jokke): simplified transition to py3, behaves like py2 xrange
from unittest import mock
from oslo_config import cfg
from six.moves import range
from glance import context
from glance.tests.unit import utils as unit_utils
from glance.tests import utils
CONF = cfg.CONF
def _fake_image(owner, is_public):
return {
@ -200,3 +205,22 @@ class TestContext(utils.BaseTestCase):
sorted(admin.roles))
self.assertEqual(['foo'], admin.service_catalog)
self.assertTrue(admin.is_admin)
@mock.patch('keystoneauth1.token_endpoint.Token')
@mock.patch('keystoneauth1.session.Session')
def test_get_ksa_client(self, mock_session, mock_token):
# Make sure we can get a keystoneauth1 client from our context
# with the token auth as expected.
ctx = context.RequestContext(auth_token='token')
# NOTE(danms): The auth config group and options are
# dynamically registered. Tickling enough of the relevant
# code to make that happen would significantly inflate the
# amount of code here for no real gain, so we just mock the
# CONF object.
CONF.register_group(cfg.OptGroup('keystone_authtoken'))
with mock.patch.object(CONF, 'keystone_authtoken') as ksat:
ksat.identity_uri = 'http://keystone'
client = context.get_ksa_client(ctx)
self.assertEqual(mock_session.return_value, client)
mock_session.assert_called_once_with(auth=mock_token.return_value)
mock_token.assert_called_once_with('http://keystone', 'token')