Add auth_token_info to request context

The auth_token (and other) middleware adds a keystone.token_info value to the request environment after validating the token. We can pass this value via the request context which allow us to avoid always re-requesting another token in the keystoneclient instance in heat-engine. Change-Id: Icac0e73fbddd5011fb41bd644036ba489189c405 Partial-Bug: #1317293
2014-06-02 21:52:56 +01:00 · 2014-06-02 21:52:56 +01:00 · dee6ad112b
parent b1197da2ad
commit dee6ad112b
2 changed files with 59 additions and 14 deletions
--- a/heat/common/context.py
+++ b/heat/common/context.py
@ -37,7 +37,7 @@ class RequestContext(context.RequestContext):
                 tenant_id=None, auth_url=None, roles=None, is_admin=None,
                 read_only=False, show_deleted=False,
                 overwrite=True, trust_id=None, trustor_user_id=None,
-                 request_id=None, **kwargs):
+                 request_id=None, auth_token_info=None, **kwargs):
        """
        :param overwrite: Set to False to ensure that the greenthread local
            copy of the index is not overwritten.
@ -57,6 +57,7 @@ class RequestContext(context.RequestContext):
        self.password = password
        self.aws_creds = aws_creds
        self.tenant_id = tenant_id
+        self.auth_token_info = auth_token_info
        self.auth_url = auth_url
        self.roles = roles or []
        if overwrite or not hasattr(local.store, 'context'):
@ -90,6 +91,7 @@ class RequestContext(context.RequestContext):
                'tenant_id': self.tenant_id,
                'trust_id': self.trust_id,
                'trustor_user_id': self.trustor_user_id,
+                'auth_token_info': self.auth_token_info,
                'auth_url': self.auth_url,
                'roles': self.roles,
                'is_admin': self.is_admin,
@ -128,6 +130,7 @@ class ContextMiddleware(wsgi.Middleware):
        construct an appropriate context from it.
        """
        headers = req.headers
+        environ = req.environ

        try:
            username = None
@ -148,6 +151,7 @@ class ContextMiddleware(wsgi.Middleware):
            roles = headers.get('X-Roles')
            if roles is not None:
                roles = roles.split(',')
+            token_info = environ.get('keystone.token_info')

        except Exception:
            raise exception.NotAuthenticated()
@ -158,7 +162,9 @@ class ContextMiddleware(wsgi.Middleware):
                                        username=username,
                                        user_id=user_id,
                                        password=password,
-                                        auth_url=auth_url, roles=roles)
+                                        auth_url=auth_url,
+                                        roles=roles,
+                                        auth_token_info=token_info)


 def ContextMiddleware_filter_factory(global_conf, **local_conf):
--- a/heat/tests/test_common_context.py
+++ b/heat/tests/test_common_context.py
@ -30,6 +30,7 @@ class TestRequestContext(HeatTestCase):
        self.ctx = {'username': 'mick',
                    'trustor_user_id': None,
                    'auth_token': '123',
+                    'auth_token_info': {'123info': 'woop'},
                    'is_admin': False,
                    'user': 'mick',
                    'password': 'foo',
@ -45,17 +46,19 @@ class TestRequestContext(HeatTestCase):
        super(TestRequestContext, self).setUp()

    def test_request_context_init(self):
-        ctx = context.RequestContext(auth_token=self.ctx.get('auth_token'),
-                                     username=self.ctx.get('username'),
-                                     password=self.ctx.get('password'),
-                                     aws_creds=self.ctx.get('aws_creds'),
-                                     tenant=self.ctx.get('tenant'),
-                                     tenant_id=self.ctx.get('tenant_id'),
-                                     user_id=self.ctx.get('user_id'),
-                                     auth_url=self.ctx.get('auth_url'),
-                                     roles=self.ctx.get('roles'),
-                                     show_deleted=self.ctx.get('show_deleted'),
-                                     is_admin=self.ctx.get('is_admin'))
+        ctx = context.RequestContext(
+            auth_token=self.ctx.get('auth_token'),
+            username=self.ctx.get('username'),
+            password=self.ctx.get('password'),
+            aws_creds=self.ctx.get('aws_creds'),
+            tenant=self.ctx.get('tenant'),
+            tenant_id=self.ctx.get('tenant_id'),
+            user_id=self.ctx.get('user_id'),
+            auth_url=self.ctx.get('auth_url'),
+            roles=self.ctx.get('roles'),
+            show_deleted=self.ctx.get('show_deleted'),
+            is_admin=self.ctx.get('is_admin'),
+            auth_token_info=self.ctx.get('auth_token_info'))
        ctx_dict = ctx.to_dict()
        del(ctx_dict['request_id'])
        self.assertEqual(self.ctx, ctx_dict)
@ -105,10 +108,12 @@ class RequestContextMiddlewareTest(HeatTestCase):
    scenarios = [(
        'empty_headers',
        dict(
+            environ=None,
            headers={},
            expected_exception=None,
            context_dict={
                'auth_token': None,
+                'auth_token_info': None,
                'auth_url': None,
                'aws_creds': None,
                'is_admin': False,
@ -126,6 +131,7 @@ class RequestContextMiddlewareTest(HeatTestCase):
    ), (
        'username_password',
        dict(
+            environ=None,
            headers={
                'X-Auth-User': 'my_username',
                'X-Auth-Key': 'my_password',
@ -157,6 +163,7 @@ class RequestContextMiddlewareTest(HeatTestCase):
    ), (
        'aws_creds',
        dict(
+            environ=None,
            headers={
                'X-Auth-EC2-Creds': '{"ec2Credentials": {}}',
                'X-User-Id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
@ -183,9 +190,40 @@ class RequestContextMiddlewareTest(HeatTestCase):
                'user_id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
                'username': None
            })
+    ), (
+        'token_creds',
+        dict(
+            environ={'keystone.token_info': {'info': 123}},
+            headers={
+                'X-User-Id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
+                'X-Auth-Token': 'atoken2',
+                'X-Tenant-Name': 'my_tenant2',
+                'X-Tenant-Id': 'bb9108c8-62d0-4d92-898c-d644a6af20e9',
+                'X-Auth-Url': 'http://192.0.2.1:5000/v1',
+                'X-Roles': 'role1,role2,role3',
+            },
+            expected_exception=None,
+            context_dict={
+                'auth_token': 'atoken2',
+                'auth_token_info': {'info': 123},
+                'auth_url': 'http://192.0.2.1:5000/v1',
+                'aws_creds': None,
+                'is_admin': False,
+                'password': None,
+                'roles': ['role1', 'role2', 'role3'],
+                'show_deleted': False,
+                'tenant': 'my_tenant2',
+                'tenant_id': 'bb9108c8-62d0-4d92-898c-d644a6af20e9',
+                'trust_id': None,
+                'trustor_user_id': None,
+                'user': None,
+                'user_id': '7a87ff18-31c6-45ce-a186-ec7987f488c3',
+                'username': None
+            })
    ), (
        'malformed_roles',
        dict(
+            environ=None,
            headers={
                'X-Roles': [],
            },
@ -208,7 +246,8 @@ class RequestContextMiddlewareTest(HeatTestCase):
    def test_context_middleware(self):

        middleware = context.ContextMiddleware(None, None)
-        request = webob.Request.blank('/stacks', headers=self.headers)
+        request = webob.Request.blank('/stacks', headers=self.headers,
+                                      environ=self.environ)
        if self.expected_exception:
            self.assertRaises(
                self.expected_exception, middleware.process_request, request)