From 3e55be029c50eaf8567e7ca27b69a82363c00a4c Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Fri, 22 Mar 2013 12:47:27 -0400 Subject: [PATCH] Rename trust extension (bug 1158980) Change trust extension from RH-TRUST to OS-TRUST so that the namespace being used is for OpenStack, as opposed to a contributing company. This is also more consistent with namespacing used in other OpenStack APIs. Some additional discussion about this is in this thread: http://lists.openstack.org/pipermail/openstack-dev/2013-March/006876.html Change-Id: I0fd869abe0f527c899808a4dde19dbd1fb6f32cd --- keystone/auth/controllers.py | 8 ++-- keystone/auth/token_factory.py | 2 +- keystone/trust/routers.py | 14 +++---- tests/test_auth.py | 4 +- tests/test_v3.py | 6 +-- tests/test_v3_auth.py | 72 +++++++++++++++++----------------- 6 files changed, 53 insertions(+), 53 deletions(-) diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py index 1ab9de03ed..113655db4a 100644 --- a/keystone/auth/controllers.py +++ b/keystone/auth/controllers.py @@ -171,9 +171,9 @@ class AuthInfo(object): return if sum(['project' in self.auth['scope'], 'domain' in self.auth['scope'], - 'RH-TRUST:trust' in self.auth['scope']]) != 1: + 'OS-TRUST:trust' in self.auth['scope']]) != 1: raise exception.ValidationError( - attribute='project, domain, or RH-TRUST:trust', + attribute='project, domain, or OS-TRUST:trust', target='scope') if 'project' in self.auth['scope']: @@ -182,11 +182,11 @@ class AuthInfo(object): elif 'domain' in self.auth['scope']: domain_ref = self._lookup_domain(self.auth['scope']['domain']) self._scope_data = (domain_ref['id'], None, None) - elif 'RH-TRUST:trust' in self.auth['scope']: + elif 'OS-TRUST:trust' in self.auth['scope']: if not CONF.trust.enabled: raise exception.Forbidden('Trusts are disabled.') trust_ref = self._lookup_trust( - self.auth['scope']['RH-TRUST:trust']) + self.auth['scope']['OS-TRUST:trust']) #TODO ayoung when trusts support domain, Fill in domain data here if 'project_id' in trust_ref: project_ref = self._lookup_project( diff --git a/keystone/auth/token_factory.py b/keystone/auth/token_factory.py index 430c442a1d..909aa48a6d 100644 --- a/keystone/auth/token_factory.py +++ b/keystone/auth/token_factory.py @@ -114,7 +114,7 @@ class TokenDataHelper(object): raise exception.Forbidden() if trust['impersonation']: user_ref = trustor_user_ref - token_data['RH-TRUST:trust'] = ( + token_data['OS-TRUST:trust'] = ( { 'id': trust['id'], 'trustor_user': {'id': trust['trustor_user_id']}, diff --git a/keystone/trust/routers.py b/keystone/trust/routers.py index 9f9ce3e54f..f4870d0e99 100644 --- a/keystone/trust/routers.py +++ b/keystone/trust/routers.py @@ -22,37 +22,37 @@ from keystone.common import router def append_v3_routers(mapper, routers): trust_controller = controllers.TrustV3() - mapper.connect('/RH-TRUST/trusts', + mapper.connect('/OS-TRUST/trusts', controller=trust_controller, action='create_trust', conditions=dict(method=['POST'])) - mapper.connect('/RH-TRUST/trusts', + mapper.connect('/OS-TRUST/trusts', controller=trust_controller, action='list_trusts', conditions=dict(method=['GET'])) - mapper.connect('/RH-TRUST/trusts/{trust_id}', + mapper.connect('/OS-TRUST/trusts/{trust_id}', controller=trust_controller, action='delete_trust', conditions=dict(method=['DELETE'])) - mapper.connect('/RH-TRUST/trusts/{trust_id}', + mapper.connect('/OS-TRUST/trusts/{trust_id}', controller=trust_controller, action='get_trust', conditions=dict(method=['GET'])) - mapper.connect('/RH-TRUST/trusts/{trust_id}/roles', + mapper.connect('/OS-TRUST/trusts/{trust_id}/roles', controller=trust_controller, action='list_roles_for_trust', conditions=dict(method=['GET'])) - mapper.connect('/RH-TRUST/trusts/{trust_id}/roles/{role_id}', + mapper.connect('/OS-TRUST/trusts/{trust_id}/roles/{role_id}', controller=trust_controller, action='check_role_for_trust', conditions=dict(method=['HEAD'])) - mapper.connect('/RH-TRUST/trusts/{trust_id}/roles/{role_id}', + mapper.connect('/OS-TRUST/trusts/{trust_id}/roles/{role_id}', controller=trust_controller, action='get_role_for_trust', conditions=dict(method=['GET'])) diff --git a/tests/test_auth.py b/tests/test_auth.py index 4887e0126f..8f957dc3a4 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -633,7 +633,7 @@ class AuthWithTrust(AuthTest): "methods": ["token"], "token": {"id": token}}, "scope": { - "RH-TRUST:trust": {"id": self.new_trust['id']}}} + "OS-TRUST:trust": {"id": self.new_trust['id']}}} token_auth_response = (self.auth_v3_controller.authenticate_for_token ({}, v3_req_with_trust)) return token_auth_response @@ -644,7 +644,7 @@ class AuthWithTrust(AuthTest): trust_token_user = auth_response.json['token']['user'] self.assertEquals(trust_token_user['id'], self.trustor['id']) - trust_token_trust = auth_response.json['token']['RH-TRUST:trust'] + trust_token_trust = auth_response.json['token']['OS-TRUST:trust'] self.assertEquals(trust_token_trust['id'], self.new_trust['id']) self.assertEquals(trust_token_trust['trustor_user']['id'], self.trustor['id']) diff --git a/tests/test_v3.py b/tests/test_v3.py index 04bdb3c7a0..38e88079e4 100644 --- a/tests/test_v3.py +++ b/tests/test_v3.py @@ -460,7 +460,7 @@ class RestfulTestCase(test_content_types.RestfulTestCase): def assertValidProjectTrustScopedTokenResponse(self, r, *args, **kwargs): token = self.assertValidProjectScopedTokenResponse(r, *args, **kwargs) - trust = token.get('RH-TRUST:trust') + trust = token.get('OS-TRUST:trust') self.assertIsNotNone(trust) self.assertIsNotNone(trust.get('id')) self.assertTrue(isinstance(trust.get('impersonation'), bool)) @@ -816,8 +816,8 @@ class RestfulTestCase(test_content_types.RestfulTestCase): else: scope_data['domain']['name'] = domain_name if trust_id: - scope_data['RH-TRUST:trust'] = {} - scope_data['RH-TRUST:trust']['id'] = trust_id + scope_data['OS-TRUST:trust'] = {} + scope_data['OS-TRUST:trust']['id'] = trust_id return scope_data def build_password_auth(self, user_id=None, username=None, diff --git a/tests/test_v3_auth.py b/tests/test_v3_auth.py index 535d3c90b6..a292af2b48 100644 --- a/tests/test_v3_auth.py +++ b/tests/test_v3_auth.py @@ -1015,8 +1015,8 @@ class TestTrustOptional(test_v3.RestfulTestCase): super(TestTrustOptional, self).setUp(*args, **kwargs) def test_trusts_404(self): - self.get('/RH-TRUST/trusts', body={'trust': {}}, expected_status=404) - self.post('/RH-TRUST/trusts', body={'trust': {}}, expected_status=404) + self.get('/OS-TRUST/trusts', body={'trust': {}}, expected_status=404) + self.post('/OS-TRUST/trusts', body={'trust': {}}, expected_status=404) def test_auth_with_scope_in_trust_403(self): auth_data = self.build_authentication_request( @@ -1039,14 +1039,14 @@ class TestTrustAuth(TestAuthInfo): def test_create_trust_400(self): raise nose.exc.SkipTest('Blocked by bug 1133435') - self.post('/RH-TRUST/trusts', body={'trust': {}}, expected_status=400) + self.post('/OS-TRUST/trusts', body={'trust': {}}, expected_status=400) def test_create_unscoped_trust(self): ref = self.new_trust_ref( trustor_user_id=self.user_id, trustee_user_id=self.trustee_user_id) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) self.assertValidTrustResponse(r, ref) def test_trust_crud(self): @@ -1056,48 +1056,48 @@ class TestTrustAuth(TestAuthInfo): project_id=self.project_id, role_ids=[self.role_id]) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) r = self.get( - '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, expected_status=200) self.assertValidTrustResponse(r, ref) # validate roles on the trust r = self.get( - '/RH-TRUST/trusts/%(trust_id)s/roles' % { + '/OS-TRUST/trusts/%(trust_id)s/roles' % { 'trust_id': trust['id']}, expected_status=200) roles = self.assertValidRoleListResponse(r, self.role) self.assertIn(self.role['id'], [x['id'] for x in roles]) self.head( - '/RH-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { + '/OS-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { 'trust_id': trust['id'], 'role_id': self.role['id']}, expected_status=204) r = self.get( - '/RH-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { + '/OS-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { 'trust_id': trust['id'], 'role_id': self.role['id']}, expected_status=200) self.assertValidRoleResponse(r, self.role) - r = self.get('/RH-TRUST/trusts', expected_status=200) + r = self.get('/OS-TRUST/trusts', expected_status=200) self.assertValidTrustListResponse(r, trust) # trusts are immutable self.patch( - '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, body={'trust': ref}, expected_status=404) self.delete( - '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, expected_status=204) self.get( - '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/OS-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, expected_status=404) def test_create_trust_trustee_404(self): @@ -1105,14 +1105,14 @@ class TestTrustAuth(TestAuthInfo): trustor_user_id=self.user_id, trustee_user_id=uuid.uuid4().hex) del ref['id'] - self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) + self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_trust_trustor_trustee_backwards(self): ref = self.new_trust_ref( trustor_user_id=self.trustee_user_id, trustee_user_id=self.user_id) del ref['id'] - self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=403) + self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=403) def test_create_trust_project_404(self): ref = self.new_trust_ref( @@ -1121,7 +1121,7 @@ class TestTrustAuth(TestAuthInfo): project_id=uuid.uuid4().hex, role_ids=[self.role_id]) del ref['id'] - self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) + self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_trust_role_id_404(self): ref = self.new_trust_ref( @@ -1130,7 +1130,7 @@ class TestTrustAuth(TestAuthInfo): project_id=self.project_id, role_ids=[uuid.uuid4().hex]) del ref['id'] - self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) + self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_trust_role_name_404(self): ref = self.new_trust_ref( @@ -1139,7 +1139,7 @@ class TestTrustAuth(TestAuthInfo): project_id=self.project_id, role_names=[uuid.uuid4().hex]) del ref['id'] - self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) + self.post('/OS-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_expired_trust(self): ref = self.new_trust_ref( @@ -1149,10 +1149,10 @@ class TestTrustAuth(TestAuthInfo): expires=dict(seconds=-1), role_ids=[self.role_id]) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) - self.get('/RH-TRUST/trusts/%(trust_id)s' % { + self.get('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=404) @@ -1172,7 +1172,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1209,7 +1209,7 @@ class TestTrustAuth(TestAuthInfo): r = self.post('/auth/tokens', body=auth_data) token = r.getheader('X-Subject-Token') - r = self.post('/RH-TRUST/trusts', body={'trust': ref}, token=token) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}, token=token) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1251,7 +1251,7 @@ class TestTrustAuth(TestAuthInfo): r = self.post('/auth/tokens', body=auth_data) token = r.getheader('X-Subject-Token') - r = self.post('/RH-TRUST/trusts', body={'trust': ref}, token=token) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}, token=token) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1292,7 +1292,7 @@ class TestTrustAuth(TestAuthInfo): r = self.post('/auth/tokens', body=auth_data) token = r.getheader('X-Subject-Token') - r = self.post('/RH-TRUST/trusts', body={'trust': ref}, token=token) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}, token=token) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1321,7 +1321,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1352,7 +1352,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1381,19 +1381,19 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) - self.delete('/RH-TRUST/trusts/%(trust_id)s' % { + self.delete('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=204) - self.get('/RH-TRUST/trusts/%(trust_id)s' % { + self.get('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=404) - self.get('/RH-TRUST/trusts/%(trust_id)s' % { + self.get('/OS-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=404) @@ -1414,15 +1414,15 @@ class TestTrustAuth(TestAuthInfo): del ref['id'] for i in range(0, 3): - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) - r = self.get('/RH-TRUST/trusts?trustor_user_id=%s' % + r = self.get('/OS-TRUST/trusts?trustor_user_id=%s' % self.user_id, expected_status=200) trusts = r.body['trusts'] self.assertEqual(len(trusts), 3) - r = self.get('/RH-TRUST/trusts?trustee_user_id=%s' % + r = self.get('/OS-TRUST/trusts?trustee_user_id=%s' % self.user_id, expected_status=200) trusts = r.body['trusts'] self.assertEqual(len(trusts), 0) @@ -1437,7 +1437,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/RH-TRUST/trusts', body={'trust': ref}) + r = self.post('/OS-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1449,7 +1449,7 @@ class TestTrustAuth(TestAuthInfo): self.assertValidProjectTrustScopedTokenResponse(r, self.user) trust_token = r.getheader('X-Subject-Token') - self.get('/RH-TRUST/trusts?trustor_user_id=%s' % + self.get('/OS-TRUST/trusts?trustor_user_id=%s' % self.user_id, expected_status=200, token=trust_token) @@ -1463,6 +1463,6 @@ class TestTrustAuth(TestAuthInfo): auth=auth_data, expected_status=200)) - self.get('/RH-TRUST/trusts?trustor_user_id=%s' % + self.get('/OS-TRUST/trusts?trustor_user_id=%s' % self.user_id, expected_status=401, token=trust_token)