Changes to support auth catalog as per new format.
Change-Id: I20a58540463b1667678449c08b4ae425df73d2ab
This commit is contained in:
parent
92c78f1cc9
commit
62ff502cca
@ -90,6 +90,9 @@ def register_models(options):
|
||||
"""Register Models and create properties"""
|
||||
global _ENGINE
|
||||
assert _ENGINE
|
||||
# Need to decide.Not This is missing
|
||||
# and prevents foreign key reference checks.
|
||||
# _ENGINE.execute('pragma foreign_keys=on')
|
||||
supported_alchemy_models = ast.literal_eval(
|
||||
options["backend_entities"])
|
||||
supported_alchemy_tables = []
|
||||
|
@ -58,7 +58,7 @@ class EndpointTemplateAPI(BaseEndpointTemplateAPI):
|
||||
if not session:
|
||||
session = get_session()
|
||||
return session.query(models.EndpointTemplates).\
|
||||
filter_by(service=service_id).all()
|
||||
filter_by(service_id=service_id).all()
|
||||
|
||||
def get_page(self, marker, limit, session=None):
|
||||
if not session:
|
||||
|
@ -166,7 +166,7 @@ class EndpointTemplates(Base, KeystoneBase):
|
||||
__api__ = 'endpoint_template'
|
||||
id = Column(Integer, primary_key=True)
|
||||
region = Column(String(255))
|
||||
service = Column(String(255))
|
||||
service_id = Column(Integer, ForeignKey('services.id'))
|
||||
public_url = Column(String(2000))
|
||||
admin_url = Column(String(2000))
|
||||
internal_url = Column(String(2000))
|
||||
|
@ -94,9 +94,9 @@ class AuthProtocol(object):
|
||||
service_mappings = ast.literal_eval(
|
||||
self.conf["service-header-mappings"])
|
||||
for service in services:
|
||||
service_name = service
|
||||
service_name = service["name"]
|
||||
service_urls = ''
|
||||
for endpoint in services[service_name]:
|
||||
for endpoint in service["endpoints"]:
|
||||
if len(service_urls) > 0:
|
||||
service_urls += ','
|
||||
service_urls += endpoint["publicURL"]
|
||||
|
@ -683,15 +683,18 @@ class IdentityService(object):
|
||||
if not isinstance(endpoint_template, EndpointTemplate):
|
||||
raise fault.BadRequestFault("Expecting a EndpointTemplate")
|
||||
|
||||
#Check if the passed service exist.
|
||||
if endpoint_template.service == None or \
|
||||
len(endpoint_template.service.strip()) == 0:
|
||||
raise fault.BadRequestFault(
|
||||
"Expecting serviceId.")
|
||||
if endpoint_template.service != None and\
|
||||
len(endpoint_template.service.strip()) > 0 and\
|
||||
api.SERVICE.get(endpoint_template.service) == None:
|
||||
raise fault.BadRequestFault(
|
||||
"A service with that id doesnt exist.")
|
||||
"A service with that id doesn't exist.")
|
||||
dendpoint_template = models.EndpointTemplates()
|
||||
dendpoint_template.region = endpoint_template.region
|
||||
dendpoint_template.service = endpoint_template.service
|
||||
dendpoint_template.service_id = endpoint_template.service
|
||||
dendpoint_template.public_url = endpoint_template.public_url
|
||||
dendpoint_template.admin_url = endpoint_template.admin_url
|
||||
dendpoint_template.internal_url = endpoint_template.internal_url
|
||||
@ -719,7 +722,7 @@ class IdentityService(object):
|
||||
raise fault.BadRequestFault(
|
||||
"A service with that id doesn't exist.")
|
||||
dendpoint_template.region = endpoint_template.region
|
||||
dendpoint_template.service = endpoint_template.service
|
||||
dendpoint_template.service_id = endpoint_template.service
|
||||
dendpoint_template.public_url = endpoint_template.public_url
|
||||
dendpoint_template.admin_url = endpoint_template.admin_url
|
||||
dendpoint_template.internal_url = endpoint_template.internal_url
|
||||
@ -730,7 +733,7 @@ class IdentityService(object):
|
||||
return EndpointTemplate(
|
||||
dendpoint_template.id,
|
||||
dendpoint_template.region,
|
||||
dendpoint_template.service,
|
||||
dendpoint_template.service_id,
|
||||
dendpoint_template.public_url,
|
||||
dendpoint_template.admin_url,
|
||||
dendpoint_template.internal_url,
|
||||
@ -760,7 +763,7 @@ class IdentityService(object):
|
||||
ts.append(EndpointTemplate(
|
||||
dendpoint_template.id,
|
||||
dendpoint_template.region,
|
||||
dendpoint_template.service,
|
||||
dendpoint_template.service_id,
|
||||
dendpoint_template.public_url,
|
||||
dendpoint_template.admin_url,
|
||||
dendpoint_template.internal_url,
|
||||
@ -786,7 +789,7 @@ class IdentityService(object):
|
||||
return EndpointTemplate(
|
||||
dendpoint_template.id,
|
||||
dendpoint_template.region,
|
||||
dendpoint_template.service,
|
||||
dendpoint_template.service_id,
|
||||
dendpoint_template.public_url,
|
||||
dendpoint_template.admin_url,
|
||||
dendpoint_template.internal_url,
|
||||
|
@ -17,6 +17,7 @@ import json
|
||||
from lxml import etree
|
||||
|
||||
from keystone.logic.types import fault
|
||||
import keystone.backends.api as db_api
|
||||
|
||||
|
||||
class AuthWithPasswordCredentials(object):
|
||||
@ -235,8 +236,12 @@ class AuthData(object):
|
||||
if self.base_urls != None:
|
||||
service_catalog = etree.Element("serviceCatalog")
|
||||
for key, key_base_urls in self.d.items():
|
||||
dservice = db_api.SERVICE.get(key)
|
||||
if not dservice:
|
||||
raise fault.ItemNotFoundFault(
|
||||
"The service could not be found")
|
||||
service = etree.Element("service",
|
||||
name=key)
|
||||
name=dservice.name, type=dservice.type)
|
||||
for base_url in key_base_urls:
|
||||
endpoint = etree.Element("endpoint")
|
||||
if base_url.region:
|
||||
@ -254,9 +259,9 @@ class AuthData(object):
|
||||
|
||||
def __convert_baseurls_to_dict(self):
|
||||
for base_url in self.base_urls:
|
||||
if base_url.service not in self.d:
|
||||
self.d[base_url.service] = list()
|
||||
self.d[base_url.service].append(base_url)
|
||||
if base_url.service_id not in self.d:
|
||||
self.d[base_url.service_id] = list()
|
||||
self.d[base_url.service_id].append(base_url)
|
||||
|
||||
def to_json(self):
|
||||
token = {}
|
||||
@ -265,8 +270,9 @@ class AuthData(object):
|
||||
auth = {}
|
||||
auth["token"] = token
|
||||
if self.base_urls != None:
|
||||
service_catalog = {}
|
||||
service_catalog = []
|
||||
for key, key_base_urls in self.d.items():
|
||||
service = {}
|
||||
endpoints = []
|
||||
for base_url in key_base_urls:
|
||||
endpoint = {}
|
||||
@ -280,7 +286,14 @@ class AuthData(object):
|
||||
str(self.token.tenant_id)) \
|
||||
if self.token.tenant_id else base_url_item
|
||||
endpoints.append(endpoint)
|
||||
service_catalog[key] = endpoints
|
||||
dservice = db_api.SERVICE.get(key)
|
||||
if not dservice:
|
||||
raise fault.ItemNotFoundFault(
|
||||
"The service could not be found for" + str(key))
|
||||
service["name"] = dservice.name
|
||||
service["type"] = dservice.type
|
||||
service["endpoints"] = endpoints
|
||||
service_catalog.append(service)
|
||||
auth["serviceCatalog"] = service_catalog
|
||||
ret = {}
|
||||
ret["access"] = auth
|
||||
|
@ -114,7 +114,7 @@ class EndpointTemplate(object):
|
||||
if self.region:
|
||||
dom.set("region", self.region)
|
||||
if self.service:
|
||||
dom.set("serviceId", self.service)
|
||||
dom.set("serviceId", str(self.service))
|
||||
if self.public_url:
|
||||
dom.set("publicURL", self.public_url)
|
||||
if self.admin_url:
|
||||
|
@ -108,7 +108,7 @@ def add_endpoint_template(region, service, public_url, admin_url, internal_url,
|
||||
enabled, is_global):
|
||||
obj = db_models.EndpointTemplates()
|
||||
obj.region = region
|
||||
obj.service = service
|
||||
obj.service_id = service
|
||||
obj.public_url = public_url
|
||||
obj.admin_url = admin_url
|
||||
obj.internal_url = internal_url
|
||||
|
@ -66,7 +66,7 @@ class AuthenticationTest(common.FunctionalTestCase):
|
||||
|
||||
self.assertIsNotNone(r.getheader('x-auth-token'))
|
||||
for service in self.services.values():
|
||||
self.assertIsNotNone(r.getheader('x-' + service['id']))
|
||||
self.assertIsNotNone(r.getheader('x-' + service['name']))
|
||||
|
||||
def test_authorize_user_disabled(self):
|
||||
self.disable_user(self.user['id'])
|
||||
|
@ -22,46 +22,68 @@ DEFAULT_FIXTURE = [
|
||||
('role', 'grant', 'Admin', 'joeadmin', 'ANOTHER:TENANT'),
|
||||
('role', 'add', 'Member'),
|
||||
('role', 'grant', 'Member', 'joeuser', '1234'),
|
||||
# Add Services
|
||||
#1 Service Name:exampleservice Type:example type
|
||||
('service', 'add', 'exampleservice',
|
||||
'example type', 'example description'),
|
||||
#2 Service Name:swift Type:object-store
|
||||
('service', 'add', 'swift',
|
||||
'object-store', 'Swift-compatible service'),
|
||||
#3 Service Name:cdn Type:object-store
|
||||
('service', 'add', 'cdn',
|
||||
'object-store', 'Swift-compatible service'),
|
||||
#4 Service Name:nova Type:compute
|
||||
('service', 'add', 'nova',
|
||||
'compute', 'OpenStack Compute Service'),
|
||||
#5 Service Name:nova_compat Type:Compute
|
||||
('service', 'add', 'nova_compat',
|
||||
'compute', 'OpenStack Compute Service'),
|
||||
#6 Service Name:glance Type:image-service
|
||||
('service', 'add', 'glance',
|
||||
'image-service', 'OpenStack Compute Service'),
|
||||
#7 Service Name:glance Type:image-service
|
||||
('service', 'add', 'identity',
|
||||
'identity-service', 'OpenStack Compute Service'),
|
||||
# Keeping for compatibility for a while till dashboard catches up
|
||||
('endpointTemplates', 'add', 'RegionOne', 'swift',
|
||||
('endpointTemplates', 'add', 'RegionOne', '2',
|
||||
'http://swift.publicinternets.com/v1/AUTH_%tenant_id%',
|
||||
'http://swift.admin-nets.local:8080/',
|
||||
'http://127.0.0.1:8080/v1/AUTH_%tenant_id%', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'nova_compat',
|
||||
('endpointTemplates', 'add', 'RegionOne', '5',
|
||||
'http://nova.publicinternets.com/v1.0/',
|
||||
'http://127.0.0.1:8774/v1.0', 'http://localhost:8774/v1.0', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'nova',
|
||||
('endpointTemplates', 'add', 'RegionOne', '4',
|
||||
'http://nova.publicinternets.com/v1.1/', 'http://127.0.0.1:8774/v1.1',
|
||||
'http://localhost:8774/v1.1', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'glance',
|
||||
('endpointTemplates', 'add', 'RegionOne', '6',
|
||||
'http://glance.publicinternets.com/v1.1/%tenant_id%',
|
||||
'http://nova.admin-nets.local/v1.1/%tenant_id%',
|
||||
'http://127.0.0.1:9292/v1.1/%tenant_id%', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'cdn',
|
||||
('endpointTemplates', 'add', 'RegionOne', '3',
|
||||
'http://cdn.publicinternets.com/v1.1/%tenant_id%',
|
||||
'http://cdn.admin-nets.local/v1.1/%tenant_id%',
|
||||
'http://127.0.0.1:7777/v1.1/%tenant_id%', '1', '0'),
|
||||
# endpointTemplates
|
||||
('endpointTemplates', 'add', 'RegionOne', 'object_store',
|
||||
('endpointTemplates', 'add', 'RegionOne', '2',
|
||||
'http://swift.publicinternets.com/v1/AUTH_%tenant_id%',
|
||||
'http://swift.admin-nets.local:8080/',
|
||||
'http://127.0.0.1:8080/v1/AUTH_%tenant_id%', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'compute',
|
||||
('endpointTemplates', 'add', 'RegionOne', '4',
|
||||
'http://nova.publicinternets.com/v1.0/', 'http://127.0.0.1:8774/v1.0',
|
||||
'http://localhost:8774/v1.0', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'compute_v1',
|
||||
('endpointTemplates', 'add', 'RegionOne', '5',
|
||||
'http://nova.publicinternets.com/v1.1/', 'http://127.0.0.1:8774/v1.1',
|
||||
'http://localhost:8774/v1.1', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'image',
|
||||
('endpointTemplates', 'add', 'RegionOne', '6',
|
||||
'http://glance.publicinternets.com/v1.1/%tenant_id%',
|
||||
'http://nova.admin-nets.local/v1.1/%tenant_id%',
|
||||
'http://127.0.0.1:9292/v1.1/%tenant_id%', '1', '0'),
|
||||
('endpointTemplates', 'add', 'RegionOne', 'cdn',
|
||||
('endpointTemplates', 'add', 'RegionOne', '3',
|
||||
'http://cdn.publicinternets.com/v1.1/%tenant_id%',
|
||||
'http://cdn.admin-nets.local/v1.1/%tenant_id%',
|
||||
'http://127.0.0.1:7777/v1.1/%tenant_id%', '1', '0'),
|
||||
# Global endpointTemplate
|
||||
('endpointTemplates', 'add', 'RegionOne', 'identity',
|
||||
('endpointTemplates', 'add', 'RegionOne', '7',
|
||||
'http://keystone.publicinternets.com/v2.0',
|
||||
'http://127.0.0.1:5001/v2.0', 'http://127.0.0.1:5000/v2.0', '1', '1'),
|
||||
# Tokens
|
||||
@ -77,11 +99,8 @@ DEFAULT_FIXTURE = [
|
||||
('endpoint', 'add', '1234', '3'),
|
||||
('endpoint', 'add', '1234', '4'),
|
||||
('endpoint', 'add', '1234', '5'),
|
||||
# Add Services
|
||||
('service', 'add', 'exampleservice',
|
||||
'example type', 'example description'),
|
||||
# Add Credentials
|
||||
('credentials', 'add', 'admin', 'EC2', 'admin:admin', 'admin', 'admin'),
|
||||
('credentials', 'add', 'admin', 'EC2', 'admin:admin', 'admin', '1'),
|
||||
]
|
||||
|
||||
|
||||
|
@ -69,7 +69,7 @@ class EC2AuthnMethods(base.ServiceAPITest):
|
||||
|
||||
expected = {
|
||||
u'access': {
|
||||
u'serviceCatalog': {},
|
||||
u'serviceCatalog': [],
|
||||
u'token': {
|
||||
u'expires': self.expires.strftime("%Y-%m-%dT%H:%M:%S.%f"),
|
||||
u'id': self.auth_token_id,
|
||||
|
Loading…
Reference in New Issue
Block a user