Load authenticate token from HTTP header
In this patch set, loading authenticate token from HTTP header and pass it to ironicclient. Change-Id: Ib12f6b5e88b32b6d580241229bd9c195979687da
This commit is contained in:
parent
43f3a71588
commit
9c44b89967
|
@ -64,14 +64,15 @@ def _validate_ipmi_credentials(node, new_ipmi_credentials):
|
|||
return new_username, new_password
|
||||
|
||||
|
||||
def introspect(uuid, new_ipmi_credentials=None):
|
||||
def introspect(uuid, new_ipmi_credentials=None, token=None):
|
||||
"""Initiate hardware properties introspection for a given node.
|
||||
|
||||
:param uuid: node uuid
|
||||
:param new_ipmi_credentials: tuple (new username, new password) or None
|
||||
:param token: authentication token
|
||||
:raises: Error
|
||||
"""
|
||||
ironic = utils.get_client()
|
||||
ironic = utils.get_client(token)
|
||||
|
||||
try:
|
||||
node = ironic.node.get(uuid)
|
||||
|
|
|
@ -94,7 +94,8 @@ def api_introspection(uuid):
|
|||
new_ipmi_credentials = None
|
||||
|
||||
introspect.introspect(uuid,
|
||||
new_ipmi_credentials=new_ipmi_credentials)
|
||||
new_ipmi_credentials=new_ipmi_credentials,
|
||||
token=flask.request.headers.get('X-Auth-Token'))
|
||||
return '', 202
|
||||
else:
|
||||
node_info = node_cache.get_node(uuid)
|
||||
|
|
|
@ -51,7 +51,8 @@ class TestApi(test_base.BaseTest):
|
|||
res = self.app.post('/v1/introspection/%s' % self.uuid)
|
||||
self.assertEqual(202, res.status_code)
|
||||
introspect_mock.assert_called_once_with(self.uuid,
|
||||
new_ipmi_credentials=None)
|
||||
new_ipmi_credentials=None,
|
||||
token=None)
|
||||
|
||||
@mock.patch.object(introspect, 'introspect', autospec=True)
|
||||
def test_introspect_set_ipmi_credentials(self, introspect_mock):
|
||||
|
@ -60,7 +61,8 @@ class TestApi(test_base.BaseTest):
|
|||
self.assertEqual(202, res.status_code)
|
||||
introspect_mock.assert_called_once_with(
|
||||
self.uuid,
|
||||
new_ipmi_credentials=('user', 'password'))
|
||||
new_ipmi_credentials=('user', 'password'),
|
||||
token=None)
|
||||
|
||||
@mock.patch.object(introspect, 'introspect', autospec=True)
|
||||
def test_introspect_set_ipmi_credentials_no_user(self, introspect_mock):
|
||||
|
@ -69,7 +71,8 @@ class TestApi(test_base.BaseTest):
|
|||
self.assertEqual(202, res.status_code)
|
||||
introspect_mock.assert_called_once_with(
|
||||
self.uuid,
|
||||
new_ipmi_credentials=(None, 'password'))
|
||||
new_ipmi_credentials=(None, 'password'),
|
||||
token=None)
|
||||
|
||||
@mock.patch.object(introspect, 'introspect', autospec=True)
|
||||
def test_intospect_failed(self, introspect_mock):
|
||||
|
@ -81,7 +84,8 @@ class TestApi(test_base.BaseTest):
|
|||
json.loads(res.data.decode('utf-8'))['error']['message'])
|
||||
introspect_mock.assert_called_once_with(
|
||||
self.uuid,
|
||||
new_ipmi_credentials=None)
|
||||
new_ipmi_credentials=None,
|
||||
token=None)
|
||||
|
||||
@mock.patch.object(utils, 'check_auth', autospec=True)
|
||||
@mock.patch.object(introspect, 'introspect', autospec=True)
|
||||
|
|
|
@ -14,7 +14,9 @@
|
|||
import unittest
|
||||
|
||||
import eventlet
|
||||
from ironicclient import client
|
||||
from ironicclient import exceptions
|
||||
import keystoneclient.v2_0.client as keystone_client
|
||||
from keystonemiddleware import auth_token
|
||||
from oslo_config import cfg
|
||||
|
||||
|
@ -34,6 +36,30 @@ class TestCheckAuth(base.BaseTest):
|
|||
super(TestCheckAuth, self).setUp()
|
||||
CONF.set_override('auth_strategy', 'keystone')
|
||||
|
||||
@mock.patch.object(client, 'get_client')
|
||||
@mock.patch.object(keystone_client, 'Client')
|
||||
def test_get_client_with_auth_token(self, mock_keystone_client,
|
||||
mock_client):
|
||||
fake_token = 'token'
|
||||
fake_ironic_url = 'http://127.0.0.1:6385'
|
||||
mock_keystone_client().service_catalog.url_for.return_value = (
|
||||
fake_ironic_url)
|
||||
utils.get_client(fake_token)
|
||||
args = {'os_auth_token': fake_token,
|
||||
'ironic_url': fake_ironic_url}
|
||||
mock_client.assert_called_once_with(1, **args)
|
||||
|
||||
@mock.patch.object(client, 'get_client')
|
||||
def test_get_client_without_auth_token(self, mock_client):
|
||||
utils.get_client(None)
|
||||
args = {'os_password': CONF.ironic.os_password,
|
||||
'os_username': CONF.ironic.os_username,
|
||||
'os_auth_url': CONF.ironic.os_auth_url,
|
||||
'os_tenant_name': CONF.ironic.os_tenant_name,
|
||||
'os_endpoint_type': CONF.ironic.os_endpoint_type,
|
||||
'os_service_type': CONF.ironic.os_service_type}
|
||||
mock_client.assert_called_once_with(1, **args)
|
||||
|
||||
@mock.patch.object(auth_token, 'AuthProtocol')
|
||||
def test_middleware(self, mock_auth):
|
||||
CONF.set_override('admin_user', 'admin', 'keystone_authtoken')
|
||||
|
|
|
@ -18,6 +18,7 @@ import socket
|
|||
import eventlet
|
||||
from ironicclient import client
|
||||
from ironicclient import exceptions
|
||||
import keystoneclient.v2_0.client as keystone_client
|
||||
from keystonemiddleware import auth_token
|
||||
from oslo_config import cfg
|
||||
import six
|
||||
|
@ -60,19 +61,30 @@ def spawn_n(*args, **kwargs):
|
|||
return GREEN_POOL.spawn_n(*args, **kwargs)
|
||||
|
||||
|
||||
def get_client(): # pragma: no cover
|
||||
def get_client(token=None): # pragma: no cover
|
||||
"""Get Ironic client instance."""
|
||||
# NOTE: To support standalone ironic without keystone
|
||||
if CONF.ironic.auth_strategy == 'noauth':
|
||||
args = {'os_auth_token': 'noauth',
|
||||
'ironic_url': CONF.ironic.ironic_url}
|
||||
else:
|
||||
elif token is None:
|
||||
args = {'os_password': CONF.ironic.os_password,
|
||||
'os_username': CONF.ironic.os_username,
|
||||
'os_auth_url': CONF.ironic.os_auth_url,
|
||||
'os_tenant_name': CONF.ironic.os_tenant_name,
|
||||
'os_service_type': CONF.ironic.os_service_type,
|
||||
'os_endpoint_type': CONF.ironic.os_endpoint_type}
|
||||
else:
|
||||
keystone_creds = {'password': CONF.ironic.os_password,
|
||||
'username': CONF.ironic.os_username,
|
||||
'auth_url': CONF.ironic.os_auth_url,
|
||||
'tenant_name': CONF.ironic.os_tenant_name}
|
||||
keystone = keystone_client.Client(**keystone_creds)
|
||||
ironic_url = keystone.service_catalog.url_for(
|
||||
service_type=CONF.ironic.os_service_type,
|
||||
endpoint_type=CONF.ironic.os_endpoint_type)
|
||||
args = {'os_auth_token': token,
|
||||
'ironic_url': ironic_url}
|
||||
return client.get_client(1, **args)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue