openstack/heat
Code Issues Proposed changes

Use the AccessInfoPlugin from keystoneclient

Browse Source 
The AccessInfoPlugin that is mentioned in the comments is now available
from keystoneclient. We should use that instead of our own copy.

Change-Id: I52f0f7eceae541dd931ff8554149d2bd90200a5e
This commit is contained in:
Jamie Lennox
2015-04-28 12:24:32 +10:00
parent d7cadf02c9
commit 3be96f7cbe
2 changed files with 9 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
heat/common/context.py
View File

@@ -12,7 +12,7 @@
# under the License. # under the License.
from keystoneclient import access from keystoneclient import access
from keystoneclient.auth.identity import base from keystoneclient.auth.identity import access as access_plugin
from keystoneclient.auth.identity import v3 from keystoneclient.auth.identity import v3
from keystoneclient.auth import token_endpoint from keystoneclient.auth import token_endpoint
from oslo_config import cfg from oslo_config import cfg
@@ -33,41 +33,6 @@ from heat.engine import clients
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
# FIXME(jamielennox): I copied this out of a review that is proposed against
# keystoneclient which can be used when available.
# https://review.openstack.org/#/c/143338/
class _AccessInfoPlugin(base.BaseIdentityPlugin):
"""A plugin that turns an existing AccessInfo object into a usable plugin.
In certain circumstances you already have an auth_ref/AccessInfo object
that you just want to reuse. This could have been from a cache, in
auth_token middleware or other.
Turn that existing object into a simple identity plugin. This plugin cannot
be refreshed as the AccessInfo object does not contain any authorizing
information.
:param auth_ref: the existing AccessInfo object.
:type auth_ref: keystoneclient.access.AccessInfo
:param auth_url: the url where this AccessInfo was retrieved from. Required
if using the AUTH_INTERFACE with get_endpoint. (optional)
"""
def __init__(self, auth_url, auth_ref):
super(_AccessInfoPlugin, self).__init__(auth_url=auth_url,
reauthenticate=False)
self.auth_ref = auth_ref
def get_auth_ref(self, session, **kwargs):
return self.auth_ref
def invalidate(self):
# NOTE(jamielennox): Don't allow the default invalidation to occur
# because on next authentication request we will only get the same
# auth_ref object again.
return False
class RequestContext(context.RequestContext): class RequestContext(context.RequestContext):
""" """
Stores information about the security context under which the user Stores information about the security context under which the user
@@ -180,7 +145,9 @@ class RequestContext(context.RequestContext):
if self.auth_token_info: if self.auth_token_info:
auth_ref = access.AccessInfo.factory(body=self.auth_token_info, auth_ref = access.AccessInfo.factory(body=self.auth_token_info,
auth_token=self.auth_token) auth_token=self.auth_token)
return _AccessInfoPlugin(self._keystone_v3_endpoint, auth_ref) return access_plugin.AccessInfoPlugin(
auth_url=self._keystone_v3_endpoint,
auth_ref=auth_ref)
if self.auth_token: if self.auth_token:
# FIXME(jamielennox): This is broken but consistent. If you # FIXME(jamielennox): This is broken but consistent. If you

9
heat/tests/test_heatclient.py
View File

@@ -15,6 +15,7 @@ import json
import uuid import uuid
from keystoneclient import access as ks_access from keystoneclient import access as ks_access
from keystoneclient.auth.identity import access as ks_auth_access
from keystoneclient.auth.identity import v3 as ks_auth_v3 from keystoneclient.auth.identity import v3 as ks_auth_v3
from keystoneclient.auth import token_endpoint as ks_token_endpoint from keystoneclient.auth import token_endpoint as ks_token_endpoint
import keystoneclient.exceptions as kc_exception import keystoneclient.exceptions as kc_exception
@@ -26,7 +27,6 @@ from oslo_config import cfg
import six import six
from heat.common import config from heat.common import config
from heat.common import context
from heat.common import exception from heat.common import exception
from heat.common import heat_keystoneclient from heat.common import heat_keystoneclient
from heat.tests import common from heat.tests import common
@@ -50,7 +50,7 @@ class KeystoneClientTest(common.HeatTestCase):
self.m.StubOutWithMock(kc_v3, "Client") self.m.StubOutWithMock(kc_v3, "Client")
self.m.StubOutWithMock(ks_auth_v3, 'Password') self.m.StubOutWithMock(ks_auth_v3, 'Password')
self.m.StubOutWithMock(ks_token_endpoint, 'Token') self.m.StubOutWithMock(ks_token_endpoint, 'Token')
self.m.StubOutWithMock(context, '_AccessInfoPlugin') self.m.StubOutWithMock(ks_auth_access, 'AccessInfoPlugin')
dummy_url = 'http://server.test:5000/v2.0' dummy_url = 'http://server.test:5000/v2.0'
cfg.CONF.set_override('auth_uri', dummy_url, cfg.CONF.set_override('auth_uri', dummy_url,
@@ -115,8 +115,9 @@ class KeystoneClientTest(common.HeatTestCase):
p = ks_token_endpoint.Token(token='abcd1234', p = ks_token_endpoint.Token(token='abcd1234',
endpoint='http://server.test:5000/v3') endpoint='http://server.test:5000/v3')
elif method == 'auth_ref': elif method == 'auth_ref':
p = context._AccessInfoPlugin('http://server.test:5000/v3', p = ks_auth_access.AccessInfoPlugin(
mox.IsA(ks_access.AccessInfo)) auth_url='http://server.test:5000/v3',
auth_ref=mox.IsA(ks_access.AccessInfo))
elif method == 'password': elif method == 'password':
p = ks_auth_v3.Password(auth_url='http://server.test:5000/v3', p = ks_auth_v3.Password(auth_url='http://server.test:5000/v3',