Move constants out of federation.core

Create a separate module for federation constants. This way other
modules will be able to use the contants without worrying about
circular imports or having to import all the federation code.

Change-Id: I0da9f5dc8f0fbf03a868c1b84951f4e32f016825
This commit is contained in:
Brant Knudson 2015-07-10 15:01:38 -05:00
parent da44307e30
commit b6ddd954f2
11 changed files with 59 additions and 39 deletions

View File

@ -28,7 +28,7 @@ from keystone.common import dependency
from keystone.common import utils
from keystone.common import wsgi
from keystone import config
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _, _LI, _LW
from keystone.resource import controllers as resource_controllers
@ -412,7 +412,7 @@ class Auth(controller.V3Controller):
return
# Skip scoping when unscoped federated token is being issued
if federation.IDENTITY_PROVIDER in auth_context:
if federation_constants.IDENTITY_PROVIDER in auth_context:
return
# Do not scope if request is for explicitly unscoped token

View File

@ -19,7 +19,7 @@ from six.moves.urllib import parse
from keystone import auth
from keystone.auth import plugins as auth_plugins
from keystone.common import dependency
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone.contrib.federation import utils
from keystone import exception
from keystone.i18n import _
@ -100,8 +100,8 @@ def handle_scoped_token(context, auth_payload, auth_context, token_ref,
auth_context['user_id'] = user_id
auth_context['group_ids'] = group_ids
auth_context[federation.IDENTITY_PROVIDER] = identity_provider
auth_context[federation.PROTOCOL] = protocol
auth_context[federation_constants.IDENTITY_PROVIDER] = identity_provider
auth_context[federation_constants.PROTOCOL] = protocol
def handle_unscoped_token(context, auth_payload, auth_context,
@ -114,8 +114,9 @@ def handle_unscoped_token(context, auth_payload, auth_context,
identity_provider, protocol):
auth_context['user_id'] = user['id']
auth_context['group_ids'] = mapped_properties['group_ids']
auth_context[federation.IDENTITY_PROVIDER] = identity_provider
auth_context[federation.PROTOCOL] = protocol
auth_context[federation_constants.IDENTITY_PROVIDER] = (
identity_provider)
auth_context[federation_constants.PROTOCOL] = protocol
def build_local_user_context(auth_context, mapped_properties):
user_info = auth_plugins.UserAuthInfo.create(mapped_properties,

View File

@ -0,0 +1,16 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
FEDERATION = 'OS-FEDERATION'
IDENTITY_PROVIDER = 'OS-FEDERATION:identity_provider'
FEDERATED_DOMAIN_KEYWORD = 'Federated'
PROTOCOL = 'OS-FEDERATION:protocol'

View File

@ -41,11 +41,6 @@ EXTENSION_DATA = {
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
FEDERATION = 'OS-FEDERATION'
IDENTITY_PROVIDER = 'OS-FEDERATION:identity_provider'
PROTOCOL = 'OS-FEDERATION:protocol'
FEDERATED_DOMAIN_KEYWORD = 'Federated'
@dependency.provider('federation_api')
class Manager(manager.Manager):

View File

@ -21,7 +21,7 @@ from oslo_log import log
from oslo_utils import timeutils
import six
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _, _LW
@ -529,7 +529,7 @@ class RuleProcessor(object):
if user_type == UserType.EPHEMERAL:
user['domain'] = {
'id': (CONF.federation.federated_domain_name or
federation.FEDERATED_DOMAIN_KEYWORD)
federation_constants.FEDERATED_DOMAIN_KEYWORD)
}
# initialize the group_ids as a set to eliminate duplicates

View File

@ -17,7 +17,7 @@ from oslo_config import cfg
from oslo_utils import timeutils
import six
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _
@ -296,7 +296,8 @@ class KeystoneToken(dict):
@property
def is_federated_user(self):
try:
return self.version is V3 and federation.FEDERATION in self['user']
return (self.version is V3 and
federation_constants.FEDERATION in self['user'])
except KeyError:
raise exception.UnexpectedError()
@ -305,7 +306,7 @@ class KeystoneToken(dict):
if self.is_federated_user:
if self.version is V3:
try:
groups = self['user'][federation.FEDERATION].get(
groups = self['user'][federation_constants.FEDERATION].get(
'groups', [])
return [g['id'] for g in groups]
except KeyError:
@ -316,12 +317,15 @@ class KeystoneToken(dict):
def federation_idp_id(self):
if self.version is not V3 or not self.is_federated_user:
return None
return self['user'][federation.FEDERATION]['identity_provider']['id']
return (
self['user'][federation_constants.FEDERATION]
['identity_provider']['id'])
@property
def federation_protocol_id(self):
if self.version is V3 and self.is_federated_user:
return self['user'][federation.FEDERATION]['protocol']['id']
return (self['user'][federation_constants.FEDERATION]['protocol']
['id'])
return None
@property

View File

@ -23,7 +23,7 @@ from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _, _LE, _LW
from keystone import notifications
@ -138,8 +138,9 @@ class Manager(manager.Manager):
"""
# NOTE(marek-denis): We cannot create this attribute in the __init__ as
# config values are always initialized to default value.
federated_domain = (CONF.federation.federated_domain_name or
federation.FEDERATED_DOMAIN_KEYWORD).lower()
federated_domain = (
CONF.federation.federated_domain_name or
federation_constants.FEDERATED_DOMAIN_KEYWORD).lower()
if (domain.get('name') and domain['name'].lower() == federated_domain):
raise AssertionError(_('Domain cannot be named %s')
% federated_domain)

View File

@ -32,7 +32,7 @@ if not xmldsig:
from keystone.auth import controllers as auth_controllers
from keystone.auth.plugins import mapped
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone.contrib.federation import controllers as federation_controllers
from keystone.contrib.federation import idp as keystone_idp
from keystone.contrib.federation import utils as mapping_utils
@ -1431,7 +1431,7 @@ class MappingRuleEngineTests(FederationTests):
self.assertIn('domain', user)
domain = user['domain']
domain_name_or_id = domain.get('id') or domain.get('name')
domain_ref = domain_id or federation.FEDERATED_DOMAIN_KEYWORD
domain_ref = domain_id or federation_constants.FEDERATED_DOMAIN_KEYWORD
self.assertEqual(domain_ref, domain_name_or_id)
def test_rule_engine_any_one_of_and_direct_mapping(self):

View File

@ -17,6 +17,7 @@ from oslo_config import cfg
from oslo_utils import timeutils
from six.moves import range
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.models import token_model
from keystone.tests.unit import core
@ -128,7 +129,7 @@ class TestKeystoneTokenModel(core.TestCase):
self.assertIsNone(token_data.federation_protocol_id)
self.assertIsNone(token_data.federation_idp_id)
token_data['user'][token_model.federation.FEDERATION] = federation_data
token_data['user'][federation_constants.FEDERATION] = federation_data
self.assertTrue(token_data.is_federated_user)
self.assertEqual([x['id'] for x in federation_data['groups']],
@ -150,7 +151,7 @@ class TestKeystoneTokenModel(core.TestCase):
self.assertIsNone(token_data.federation_protocol_id)
self.assertIsNone(token_data.federation_idp_id)
token_data['user'][token_model.federation.FEDERATION] = federation_data
token_data['user'][federation_constants.FEDERATION] = federation_data
# Federated users should not exist in V2, the data should remain empty
self.assertFalse(token_data.is_federated_user)

View File

@ -22,7 +22,7 @@ from six.moves.urllib import parse
from keystone.common import controller as common_controller
from keystone.common import dependency
from keystone.common import utils
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _, _LE
from keystone import token
@ -490,8 +490,8 @@ class BaseProvider(provider.Provider):
return token_id, token_data
def _is_mapped_token(self, auth_context):
return (federation.IDENTITY_PROVIDER in auth_context and
federation.PROTOCOL in auth_context)
return (federation_constants.IDENTITY_PROVIDER in auth_context and
federation_constants.PROTOCOL in auth_context)
def issue_v3_token(self, user_id, method_names, expires_at=None,
project_id=None, domain_id=None, auth_context=None,
@ -538,18 +538,18 @@ class BaseProvider(provider.Provider):
def _handle_mapped_tokens(self, auth_context, project_id, domain_id):
def get_federated_domain():
return (CONF.federation.federated_domain_name or
federation.FEDERATED_DOMAIN_KEYWORD)
federation_constants.FEDERATED_DOMAIN_KEYWORD)
federated_domain = get_federated_domain()
user_id = auth_context['user_id']
group_ids = auth_context['group_ids']
idp = auth_context[federation.IDENTITY_PROVIDER]
protocol = auth_context[federation.PROTOCOL]
idp = auth_context[federation_constants.IDENTITY_PROVIDER]
protocol = auth_context[federation_constants.PROTOCOL]
token_data = {
'user': {
'id': user_id,
'name': parse.unquote(user_id),
federation.FEDERATION: {
federation_constants.FEDERATION: {
'identity_provider': {'id': idp},
'protocol': {'id': protocol}
},
@ -565,7 +565,7 @@ class BaseProvider(provider.Provider):
group_ids, project_id, domain_id, user_id)
token_data.update({'roles': roles})
else:
token_data['user'][federation.FEDERATION].update({
token_data['user'][federation_constants.FEDERATION].update({
'groups': [{'id': x} for x in group_ids]
})
return token_data

View File

@ -14,7 +14,7 @@ from oslo_config import cfg
from oslo_log import log
from keystone.common import dependency
from keystone.contrib import federation
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _
from keystone.token import provider
@ -101,11 +101,12 @@ class Provider(common.BaseProvider):
"""
group_ids = token_data['token'].get('user', {}).get(
federation.FEDERATION, {}).get('groups')
federation_constants.FEDERATION, {}).get('groups')
idp_id = token_data['token'].get('user', {}).get(
federation.FEDERATION, {}).get('identity_provider', {}).get('id')
federation_constants.FEDERATION, {}).get(
'identity_provider', {}).get('id')
protocol_id = token_data['token'].get('user', {}).get(
federation.FEDERATION, {}).get('protocol', {}).get('id')
federation_constants.FEDERATION, {}).get('protocol', {}).get('id')
if not group_ids:
group_ids = list()
if group_ids:
@ -130,7 +131,8 @@ class Provider(common.BaseProvider):
federated_info = dict(groups=g_ids,
identity_provider=dict(id=idp_id),
protocol=dict(id=protocol_id))
token_dict = {'user': {federation.FEDERATION: federated_info}}
token_dict = {'user': {
federation_constants.FEDERATION: federated_info}}
token_dict['user']['id'] = user_id
token_dict['user']['name'] = user_id
return token_dict