oauth using optional dependencies

Bug 1223524 Change-Id: Ic0d53fd1d5b3b7a587d33dc230e9ff200782ad4f
2013-09-16 15:20:39 -04:00 · 2013-09-16 15:20:39 -04:00 · acd70e5641
parent 5e04343ff5
commit acd70e5641
4 changed files with 22 additions and 5 deletions
--- a/keystone/contrib/oauth1/routers.py
+++ b/keystone/contrib/oauth1/routers.py
@ -15,6 +15,7 @@
 # under the License.

 from keystone.common import wsgi
+from keystone.contrib import oauth1
 from keystone.contrib.oauth1 import controllers


@ -51,6 +52,9 @@ class OAuth1Extension(wsgi.ExtensionRouter):
    """

    def add_routes(self, mapper):
+        # This is needed for dependency injection,
+        # it loads the OAuth driver which registers it as a dependency.
+        oauth1.Manager()
        consumer_controller = controllers.ConsumerCrudV3()
        access_token_controller = controllers.AccessTokenCrudV3()
        access_token_roles_controller = controllers.AccessTokenRolesV3()
--- a/keystone/service.py
+++ b/keystone/service.py
@ -25,7 +25,6 @@ from keystone.common import dependency
 from keystone.common import wsgi
 from keystone import config
 from keystone.contrib import endpoint_filter
-from keystone.contrib import oauth1
 from keystone import controllers
 from keystone import credential
 from keystone import identity
@ -54,7 +53,6 @@ DRIVERS = dict(
    credentials_api=credential.Manager(),
    endpoint_filter_api=endpoint_filter.Manager(),
    identity_api=_IDENTITY_API,
-    oauth1_api=oauth1.Manager(),
    policy_api=policy.Manager(),
    token_api=token.Manager(),
    trust_api=trust.Manager(),
--- a/keystone/tests/test_token_provider.py
+++ b/keystone/tests/test_token_provider.py
@ -19,8 +19,10 @@ import datetime
 from keystone import exception
 from keystone.openstack.common import timeutils
 from keystone import tests
+from keystone.tests import default_fixtures
 from keystone import token

+
 FUTURE_DELTA = datetime.timedelta(seconds=86400)
 CURRENT_DATE = timeutils.utcnow()

@ -811,3 +813,12 @@ class TestTokenProvider(tests.TestCase):
        self.assertEqual(
            None,
            self.token_provider_api._is_valid_token(SAMPLE_V3_TOKEN_VALID))
+
+    def test_uuid_provider_no_oauth_fails_oauth(self):
+        self.load_fixtures(default_fixtures)
+        self.opt_in_group('token', provider=token.provider.UUID_PROVIDER)
+        driver = token.provider.Manager().driver
+        driver.oauth_api = None
+        self.assertRaises(exception.Forbidden,
+                          driver.issue_v3_token,
+                          self.user_foo['id'], ['oauth1'])
--- a/keystone/token/providers/uuid.py
+++ b/keystone/token/providers/uuid.py
@ -328,7 +328,8 @@ class V3TokenDataHelper(object):
        return {'token': token_data}


-@dependency.requires('token_api', 'identity_api', 'catalog_api', 'oauth_api')
+@dependency.optional('oauth_api')
+@dependency.requires('token_api', 'identity_api', 'catalog_api')
 class Provider(token.provider.Provider):
    def __init__(self, *args, **kwargs):
        super(Provider, self).__init__(*args, **kwargs)
@ -398,8 +399,11 @@ class Provider(token.provider.Provider):

        access_token = None
        if 'oauth1' in method_names:
-            access_token_id = auth_context['access_token_id']
-            access_token = self.oauth_api.get_access_token(access_token_id)
+            if self.oauth_api:
+                access_token_id = auth_context['access_token_id']
+                access_token = self.oauth_api.get_access_token(access_token_id)
+            else:
+                raise exception.Forbidden(_('Oauth is disabled.'))

        token_data = self.v3_token_data_helper.get_token_data(
            user_id,