Implemented token creation without catalog response.
Modified the token_factory to create token responses with or without the catalog entry. blueprint catalog-optional Change-Id: Icdc4400f08f4619a19e44129c78240800a3a1e75
This commit is contained in:
parent
f6d929db96
commit
53a03b53e7
|
@ -279,6 +279,8 @@ class Auth(controller.V3Controller):
|
|||
|
||||
def authenticate_for_token(self, context, auth=None):
|
||||
"""Authenticate user and issue a token."""
|
||||
include_catalog = 'nocatalog' not in context['query_string']
|
||||
|
||||
try:
|
||||
auth_info = AuthInfo(context, auth=auth)
|
||||
auth_context = {'extras': {}, 'method_names': []}
|
||||
|
@ -289,6 +291,7 @@ class Auth(controller.V3Controller):
|
|||
method_names += auth_context.get('method_names', [])
|
||||
# make sure the list is unique
|
||||
method_names = list(set(method_names))
|
||||
|
||||
(token_id, token_data) = self.token_provider_api.issue_token(
|
||||
user_id=auth_context['user_id'],
|
||||
method_names=method_names,
|
||||
|
@ -296,7 +299,8 @@ class Auth(controller.V3Controller):
|
|||
project_id=project_id,
|
||||
domain_id=domain_id,
|
||||
auth_context=auth_context,
|
||||
trust=trust)
|
||||
trust=trust,
|
||||
include_catalog=include_catalog)
|
||||
return render_token_data_response(token_id, token_data,
|
||||
created=True)
|
||||
except exception.TrustNotFound as e:
|
||||
|
|
|
@ -285,7 +285,7 @@ class V3TokenDataHelper(object):
|
|||
|
||||
def get_token_data(self, user_id, method_names, extras,
|
||||
domain_id=None, project_id=None, expires=None,
|
||||
trust=None, token=None):
|
||||
trust=None, token=None, include_catalog=True):
|
||||
token_data = {'methods': method_names,
|
||||
'extras': extras}
|
||||
|
||||
|
@ -302,8 +302,9 @@ class V3TokenDataHelper(object):
|
|||
self._populate_scope(token_data, domain_id, project_id)
|
||||
self._populate_user(token_data, user_id, domain_id, project_id, trust)
|
||||
self._populate_roles(token_data, user_id, domain_id, project_id, trust)
|
||||
self._populate_service_catalog(token_data, user_id, domain_id,
|
||||
project_id, trust)
|
||||
if include_catalog:
|
||||
self._populate_service_catalog(token_data, user_id, domain_id,
|
||||
project_id, trust)
|
||||
self._populate_token_dates(token_data, expires=expires, trust=trust)
|
||||
return {'token': token_data}
|
||||
|
||||
|
@ -367,6 +368,7 @@ class Provider(token.provider.Provider):
|
|||
auth_context = kwargs.get('auth_context')
|
||||
trust = kwargs.get('trust')
|
||||
metadata_ref = kwargs.get('metadata_ref')
|
||||
include_catalog = kwargs.get('include_catalog')
|
||||
# for V2, trust is stashed in metadata_ref
|
||||
if (CONF.trust.enabled and not trust and metadata_ref and
|
||||
'trust_id' in metadata_ref):
|
||||
|
@ -378,7 +380,8 @@ class Provider(token.provider.Provider):
|
|||
domain_id=domain_id,
|
||||
project_id=project_id,
|
||||
expires=expires_at,
|
||||
trust=trust)
|
||||
trust=trust,
|
||||
include_catalog=include_catalog)
|
||||
|
||||
token_id = self._get_token_id(token_data)
|
||||
try:
|
||||
|
|
|
@ -625,7 +625,7 @@ class AuthWithTrust(AuthTest):
|
|||
'project': {
|
||||
'id': self.tenant_baz['id']}}}
|
||||
auth_response = (self.auth_v3_controller.authenticate_for_token
|
||||
({}, v3_password_data))
|
||||
({'query_string': {}}, v3_password_data))
|
||||
token = auth_response.headers['X-Subject-Token']
|
||||
|
||||
v3_req_with_trust = {
|
||||
|
@ -635,7 +635,7 @@ class AuthWithTrust(AuthTest):
|
|||
"scope": {
|
||||
"OS-TRUST:trust": {"id": self.new_trust['id']}}}
|
||||
token_auth_response = (self.auth_v3_controller.authenticate_for_token
|
||||
({}, v3_req_with_trust))
|
||||
({'query_string': {}}, v3_req_with_trust))
|
||||
return token_auth_response
|
||||
|
||||
def test_create_v3_token_from_trust(self):
|
||||
|
@ -664,7 +664,7 @@ class AuthWithTrust(AuthTest):
|
|||
self.assertRaises(
|
||||
exception.Forbidden,
|
||||
self.auth_v3_controller.authenticate_for_token,
|
||||
{}, v3_token_data)
|
||||
{'query_string': {}}, v3_token_data)
|
||||
|
||||
def test_token_from_trust(self):
|
||||
auth_response = self.fetch_v2_token_from_trust()
|
||||
|
|
|
@ -451,9 +451,14 @@ class RestfulTestCase(test_content_types.RestfulTestCase):
|
|||
return token
|
||||
|
||||
def assertValidScopedTokenResponse(self, r, *args, **kwargs):
|
||||
require_catalog = kwargs.pop('require_catalog', True)
|
||||
token = self.assertValidTokenResponse(r, *args, **kwargs)
|
||||
|
||||
self.assertIn('catalog', token)
|
||||
if require_catalog:
|
||||
self.assertIn('catalog', token)
|
||||
else:
|
||||
self.assertNotIn('catalog', token)
|
||||
|
||||
self.assertIn('roles', token)
|
||||
self.assertTrue(token['roles'])
|
||||
for role in token['roles']:
|
||||
|
|
|
@ -845,6 +845,45 @@ class TestAuthJSON(test_v3.RestfulTestCase):
|
|||
self.assertValidProjectScopedTokenResponse(r)
|
||||
self.assertEqual(r.result['token']['project']['id'], project['id'])
|
||||
|
||||
def test_default_project_id_scoped_token_with_user_id_no_catalog(self):
|
||||
# create a second project to work with
|
||||
ref = self.new_project_ref(domain_id=self.domain_id)
|
||||
r = self.post('/projects', body={'project': ref})
|
||||
project = self.assertValidProjectResponse(r, ref)
|
||||
|
||||
# grant the user a role on the project
|
||||
self.put(
|
||||
'/projects/%(project_id)s/users/%(user_id)s/roles/%(role_id)s' % {
|
||||
'user_id': self.user['id'],
|
||||
'project_id': project['id'],
|
||||
'role_id': self.role['id']})
|
||||
|
||||
# set the user's preferred project
|
||||
body = {'user': {'default_project_id': project['id']}}
|
||||
r = self.patch('/users/%(user_id)s' % {
|
||||
'user_id': self.user['id']},
|
||||
body=body)
|
||||
self.assertValidUserResponse(r)
|
||||
|
||||
# attempt to authenticate without requesting a project
|
||||
auth_data = self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
password=self.user['password'])
|
||||
r = self.post('/auth/tokens?nocatalog', body=auth_data)
|
||||
self.assertValidProjectScopedTokenResponse(r, require_catalog=False)
|
||||
self.assertEqual(r.result['token']['project']['id'], project['id'])
|
||||
|
||||
def test_implicit_project_id_scoped_token_with_user_id_no_catalog(self):
|
||||
# attempt to authenticate without requesting a project
|
||||
auth_data = self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
password=self.user['password'],
|
||||
project_id=self.project['id'])
|
||||
r = self.post('/auth/tokens?nocatalog', body=auth_data)
|
||||
self.assertValidProjectScopedTokenResponse(r, require_catalog=False)
|
||||
self.assertEqual(r.result['token']['project']['id'],
|
||||
self.project['id'])
|
||||
|
||||
def test_default_project_id_scoped_token_with_user_id_401(self):
|
||||
# create a second project to work with
|
||||
ref = self.new_project_ref(domain_id=self.domain['id'])
|
||||
|
|
Loading…
Reference in New Issue