Add auth_token_info to request context
The auth_token (and other) middleware adds a keystone.token_info value to the request environment after validating the token. We can pass this value via the request context which allow us to avoid always re-requesting another token in the keystoneclient instance in heat-engine. Change-Id: Icac0e73fbddd5011fb41bd644036ba489189c405 Partial-Bug: #1317293
This commit is contained in:
parent
b1197da2ad
commit
dee6ad112b
|
@ -37,7 +37,7 @@ class RequestContext(context.RequestContext):
|
|||
tenant_id=None, auth_url=None, roles=None, is_admin=None,
|
||||
read_only=False, show_deleted=False,
|
||||
overwrite=True, trust_id=None, trustor_user_id=None,
|
||||
request_id=None, **kwargs):
|
||||
request_id=None, auth_token_info=None, **kwargs):
|
||||
"""
|
||||
:param overwrite: Set to False to ensure that the greenthread local
|
||||
copy of the index is not overwritten.
|
||||
|
@ -57,6 +57,7 @@ class RequestContext(context.RequestContext):
|
|||
self.password = password
|
||||
self.aws_creds = aws_creds
|
||||
self.tenant_id = tenant_id
|
||||
self.auth_token_info = auth_token_info
|
||||
self.auth_url = auth_url
|
||||
self.roles = roles or []
|
||||
if overwrite or not hasattr(local.store, 'context'):
|
||||
|
@ -90,6 +91,7 @@ class RequestContext(context.RequestContext):
|
|||
'tenant_id': self.tenant_id,
|
||||
'trust_id': self.trust_id,
|
||||
'trustor_user_id': self.trustor_user_id,
|
||||
'auth_token_info': self.auth_token_info,
|
||||
'auth_url': self.auth_url,
|
||||
'roles': self.roles,
|
||||
'is_admin': self.is_admin,
|
||||
|
@ -128,6 +130,7 @@ class ContextMiddleware(wsgi.Middleware):
|
|||
construct an appropriate context from it.
|
||||
"""
|
||||
headers = req.headers
|
||||
environ = req.environ
|
||||
|
||||
try:
|
||||
username = None
|
||||
|
@ -148,6 +151,7 @@ class ContextMiddleware(wsgi.Middleware):
|
|||
roles = headers.get('X-Roles')
|
||||
if roles is not None:
|
||||
roles = roles.split(',')
|
||||
token_info = environ.get('keystone.token_info')
|
||||
|
||||
except Exception:
|
||||
raise exception.NotAuthenticated()
|
||||
|
@ -158,7 +162,9 @@ class ContextMiddleware(wsgi.Middleware):
|
|||
username=username,
|
||||
user_id=user_id,
|
||||
password=password,
|
||||
auth_url=auth_url, roles=roles)
|
||||
auth_url=auth_url,
|
||||
roles=roles,
|
||||
auth_token_info=token_info)
|
||||
|
||||
|
||||
def ContextMiddleware_filter_factory(global_conf, **local_conf):
|
||||
|
|
|
@ -30,6 +30,7 @@ class TestRequestContext(HeatTestCase):
|
|||
self.ctx = {'username': 'mick',
|
||||
'trustor_user_id': None,
|
||||
'auth_token': '123',
|
||||
'auth_token_info': {'123info': 'woop'},
|
||||
'is_admin': False,
|
||||
'user': 'mick',
|
||||
'password': 'foo',
|
||||
|
@ -45,17 +46,19 @@ class TestRequestContext(HeatTestCase):
|
|||
super(TestRequestContext, self).setUp()
|
||||
|
||||
def test_request_context_init(self):
|
||||
ctx = context.RequestContext(auth_token=self.ctx.get('auth_token'),
|
||||
username=self.ctx.get('username'),
|
||||
password=self.ctx.get('password'),
|
||||
aws_creds=self.ctx.get('aws_creds'),
|
||||
tenant=self.ctx.get('tenant'),
|
||||
tenant_id=self.ctx.get('tenant_id'),
|
||||
user_id=self.ctx.get('user_id'),
|
||||
auth_url=self.ctx.get('auth_url'),
|
||||
roles=self.ctx.get('roles'),
|
||||
show_deleted=self.ctx.get('show_deleted'),
|
||||
is_admin=self.ctx.get('is_admin'))
|
||||
ctx = context.RequestContext(
|
||||
auth_token=self.ctx.get('auth_token'),
|
||||
username=self.ctx.get('username'),
|
||||
password=self.ctx.get('password'),
|
||||
aws_creds=self.ctx.get('aws_creds'),
|
||||
tenant=self.ctx.get('tenant'),
|
||||
tenant_id=self.ctx.get('tenant_id'),
|
||||
user_id=self.ctx.get('user_id'),
|
||||
auth_url=self.ctx.get('auth_url'),
|
||||
roles=self.ctx.get('roles'),
|
||||
show_deleted=self.ctx.get('show_deleted'),
|
||||
is_admin=self.ctx.get('is_admin'),
|
||||
auth_token_info=self.ctx.get('auth_token_info'))
|
||||
ctx_dict = ctx.to_dict()
|
||||
del(ctx_dict['request_id'])
|
||||
self.assertEqual(self.ctx, ctx_dict)
|
||||
|
@ -105,10 +108,12 @@ class RequestContextMiddlewareTest(HeatTestCase):
|
|||
scenarios = [(
|
||||
'empty_headers',
|
||||
dict(
|
||||
environ=None,
|
||||
headers={},
|
||||
expected_exception=None,
|
||||
context_dict={
|
||||
'auth_token': None,
|
||||
'auth_token_info': None,
|
||||
'auth_url': None,
|
||||
'aws_creds': None,
|
||||
'is_admin': False,
|
||||
|
@ -126,6 +131,7 @@ class RequestContextMiddlewareTest(HeatTestCase):
|
|||
), (
|
||||
'username_password',
|
||||
dict(
|
||||
environ=None,
|
||||
headers={
|
||||
'X-Auth-User': 'my_username',
|
||||
'X-Auth-Key': 'my_password',
|
||||
|
@ -157,6 +163,7 @@ class RequestContextMiddlewareTest(HeatTestCase):
|
|||
), (
|
||||
'aws_creds',
|
||||
dict(
|
||||
environ=None,
|
||||
headers={
|
||||
'X-Auth-EC2-Creds': '{"ec2Credentials": {}}',
|
||||
'X-User-Id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
|
||||
|
@ -183,9 +190,40 @@ class RequestContextMiddlewareTest(HeatTestCase):
|
|||
'user_id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
|
||||
'username': None
|
||||
})
|
||||
), (
|
||||
'token_creds',
|
||||
dict(
|
||||
environ={'keystone.token_info': {'info': 123}},
|
||||
headers={
|
||||
'X-User-Id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
|
||||
'X-Auth-Token': 'atoken2',
|
||||
'X-Tenant-Name': 'my_tenant2',
|
||||
'X-Tenant-Id': 'bb9108c8-62d0-4d92-898c-d644a6af20e9',
|
||||
'X-Auth-Url': 'http://192.0.2.1:5000/v1',
|
||||
'X-Roles': 'role1,role2,role3',
|
||||
},
|
||||
expected_exception=None,
|
||||
context_dict={
|
||||
'auth_token': 'atoken2',
|
||||
'auth_token_info': {'info': 123},
|
||||
'auth_url': 'http://192.0.2.1:5000/v1',
|
||||
'aws_creds': None,
|
||||
'is_admin': False,
|
||||
'password': None,
|
||||
'roles': ['role1', 'role2', 'role3'],
|
||||
'show_deleted': False,
|
||||
'tenant': 'my_tenant2',
|
||||
'tenant_id': 'bb9108c8-62d0-4d92-898c-d644a6af20e9',
|
||||
'trust_id': None,
|
||||
'trustor_user_id': None,
|
||||
'user': None,
|
||||
'user_id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
|
||||
'username': None
|
||||
})
|
||||
), (
|
||||
'malformed_roles',
|
||||
dict(
|
||||
environ=None,
|
||||
headers={
|
||||
'X-Roles': [],
|
||||
},
|
||||
|
@ -208,7 +246,8 @@ class RequestContextMiddlewareTest(HeatTestCase):
|
|||
def test_context_middleware(self):
|
||||
|
||||
middleware = context.ContextMiddleware(None, None)
|
||||
request = webob.Request.blank('/stacks', headers=self.headers)
|
||||
request = webob.Request.blank('/stacks', headers=self.headers,
|
||||
environ=self.environ)
|
||||
if self.expected_exception:
|
||||
self.assertRaises(
|
||||
self.expected_exception, middleware.process_request, request)
|
||||
|
|
Loading…
Reference in New Issue