Move constants out of federation.core
Create a separate module for federation constants. This way other modules will be able to use the contants without worrying about circular imports or having to import all the federation code. Change-Id: I0da9f5dc8f0fbf03a868c1b84951f4e32f016825
This commit is contained in:
parent
da44307e30
commit
b6ddd954f2
@ -28,7 +28,7 @@ from keystone.common import dependency
|
||||
from keystone.common import utils
|
||||
from keystone.common import wsgi
|
||||
from keystone import config
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone import exception
|
||||
from keystone.i18n import _, _LI, _LW
|
||||
from keystone.resource import controllers as resource_controllers
|
||||
@ -412,7 +412,7 @@ class Auth(controller.V3Controller):
|
||||
return
|
||||
|
||||
# Skip scoping when unscoped federated token is being issued
|
||||
if federation.IDENTITY_PROVIDER in auth_context:
|
||||
if federation_constants.IDENTITY_PROVIDER in auth_context:
|
||||
return
|
||||
|
||||
# Do not scope if request is for explicitly unscoped token
|
||||
|
@ -19,7 +19,7 @@ from six.moves.urllib import parse
|
||||
from keystone import auth
|
||||
from keystone.auth import plugins as auth_plugins
|
||||
from keystone.common import dependency
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone.contrib.federation import utils
|
||||
from keystone import exception
|
||||
from keystone.i18n import _
|
||||
@ -100,8 +100,8 @@ def handle_scoped_token(context, auth_payload, auth_context, token_ref,
|
||||
|
||||
auth_context['user_id'] = user_id
|
||||
auth_context['group_ids'] = group_ids
|
||||
auth_context[federation.IDENTITY_PROVIDER] = identity_provider
|
||||
auth_context[federation.PROTOCOL] = protocol
|
||||
auth_context[federation_constants.IDENTITY_PROVIDER] = identity_provider
|
||||
auth_context[federation_constants.PROTOCOL] = protocol
|
||||
|
||||
|
||||
def handle_unscoped_token(context, auth_payload, auth_context,
|
||||
@ -114,8 +114,9 @@ def handle_unscoped_token(context, auth_payload, auth_context,
|
||||
identity_provider, protocol):
|
||||
auth_context['user_id'] = user['id']
|
||||
auth_context['group_ids'] = mapped_properties['group_ids']
|
||||
auth_context[federation.IDENTITY_PROVIDER] = identity_provider
|
||||
auth_context[federation.PROTOCOL] = protocol
|
||||
auth_context[federation_constants.IDENTITY_PROVIDER] = (
|
||||
identity_provider)
|
||||
auth_context[federation_constants.PROTOCOL] = protocol
|
||||
|
||||
def build_local_user_context(auth_context, mapped_properties):
|
||||
user_info = auth_plugins.UserAuthInfo.create(mapped_properties,
|
||||
|
16
keystone/contrib/federation/constants.py
Normal file
16
keystone/contrib/federation/constants.py
Normal file
@ -0,0 +1,16 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
FEDERATION = 'OS-FEDERATION'
|
||||
IDENTITY_PROVIDER = 'OS-FEDERATION:identity_provider'
|
||||
FEDERATED_DOMAIN_KEYWORD = 'Federated'
|
||||
PROTOCOL = 'OS-FEDERATION:protocol'
|
@ -41,11 +41,6 @@ EXTENSION_DATA = {
|
||||
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
|
||||
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
|
||||
|
||||
FEDERATION = 'OS-FEDERATION'
|
||||
IDENTITY_PROVIDER = 'OS-FEDERATION:identity_provider'
|
||||
PROTOCOL = 'OS-FEDERATION:protocol'
|
||||
FEDERATED_DOMAIN_KEYWORD = 'Federated'
|
||||
|
||||
|
||||
@dependency.provider('federation_api')
|
||||
class Manager(manager.Manager):
|
||||
|
@ -21,7 +21,7 @@ from oslo_log import log
|
||||
from oslo_utils import timeutils
|
||||
import six
|
||||
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone import exception
|
||||
from keystone.i18n import _, _LW
|
||||
|
||||
@ -529,7 +529,7 @@ class RuleProcessor(object):
|
||||
if user_type == UserType.EPHEMERAL:
|
||||
user['domain'] = {
|
||||
'id': (CONF.federation.federated_domain_name or
|
||||
federation.FEDERATED_DOMAIN_KEYWORD)
|
||||
federation_constants.FEDERATED_DOMAIN_KEYWORD)
|
||||
}
|
||||
|
||||
# initialize the group_ids as a set to eliminate duplicates
|
||||
|
@ -17,7 +17,7 @@ from oslo_config import cfg
|
||||
from oslo_utils import timeutils
|
||||
import six
|
||||
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone import exception
|
||||
from keystone.i18n import _
|
||||
|
||||
@ -296,7 +296,8 @@ class KeystoneToken(dict):
|
||||
@property
|
||||
def is_federated_user(self):
|
||||
try:
|
||||
return self.version is V3 and federation.FEDERATION in self['user']
|
||||
return (self.version is V3 and
|
||||
federation_constants.FEDERATION in self['user'])
|
||||
except KeyError:
|
||||
raise exception.UnexpectedError()
|
||||
|
||||
@ -305,7 +306,7 @@ class KeystoneToken(dict):
|
||||
if self.is_federated_user:
|
||||
if self.version is V3:
|
||||
try:
|
||||
groups = self['user'][federation.FEDERATION].get(
|
||||
groups = self['user'][federation_constants.FEDERATION].get(
|
||||
'groups', [])
|
||||
return [g['id'] for g in groups]
|
||||
except KeyError:
|
||||
@ -316,12 +317,15 @@ class KeystoneToken(dict):
|
||||
def federation_idp_id(self):
|
||||
if self.version is not V3 or not self.is_federated_user:
|
||||
return None
|
||||
return self['user'][federation.FEDERATION]['identity_provider']['id']
|
||||
return (
|
||||
self['user'][federation_constants.FEDERATION]
|
||||
['identity_provider']['id'])
|
||||
|
||||
@property
|
||||
def federation_protocol_id(self):
|
||||
if self.version is V3 and self.is_federated_user:
|
||||
return self['user'][federation.FEDERATION]['protocol']['id']
|
||||
return (self['user'][federation_constants.FEDERATION]['protocol']
|
||||
['id'])
|
||||
return None
|
||||
|
||||
@property
|
||||
|
@ -23,7 +23,7 @@ from keystone.common import cache
|
||||
from keystone.common import dependency
|
||||
from keystone.common import driver_hints
|
||||
from keystone.common import manager
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone import exception
|
||||
from keystone.i18n import _, _LE, _LW
|
||||
from keystone import notifications
|
||||
@ -138,8 +138,9 @@ class Manager(manager.Manager):
|
||||
"""
|
||||
# NOTE(marek-denis): We cannot create this attribute in the __init__ as
|
||||
# config values are always initialized to default value.
|
||||
federated_domain = (CONF.federation.federated_domain_name or
|
||||
federation.FEDERATED_DOMAIN_KEYWORD).lower()
|
||||
federated_domain = (
|
||||
CONF.federation.federated_domain_name or
|
||||
federation_constants.FEDERATED_DOMAIN_KEYWORD).lower()
|
||||
if (domain.get('name') and domain['name'].lower() == federated_domain):
|
||||
raise AssertionError(_('Domain cannot be named %s')
|
||||
% federated_domain)
|
||||
|
@ -32,7 +32,7 @@ if not xmldsig:
|
||||
|
||||
from keystone.auth import controllers as auth_controllers
|
||||
from keystone.auth.plugins import mapped
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone.contrib.federation import controllers as federation_controllers
|
||||
from keystone.contrib.federation import idp as keystone_idp
|
||||
from keystone.contrib.federation import utils as mapping_utils
|
||||
@ -1431,7 +1431,7 @@ class MappingRuleEngineTests(FederationTests):
|
||||
self.assertIn('domain', user)
|
||||
domain = user['domain']
|
||||
domain_name_or_id = domain.get('id') or domain.get('name')
|
||||
domain_ref = domain_id or federation.FEDERATED_DOMAIN_KEYWORD
|
||||
domain_ref = domain_id or federation_constants.FEDERATED_DOMAIN_KEYWORD
|
||||
self.assertEqual(domain_ref, domain_name_or_id)
|
||||
|
||||
def test_rule_engine_any_one_of_and_direct_mapping(self):
|
||||
|
@ -17,6 +17,7 @@ from oslo_config import cfg
|
||||
from oslo_utils import timeutils
|
||||
from six.moves import range
|
||||
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone import exception
|
||||
from keystone.models import token_model
|
||||
from keystone.tests.unit import core
|
||||
@ -128,7 +129,7 @@ class TestKeystoneTokenModel(core.TestCase):
|
||||
self.assertIsNone(token_data.federation_protocol_id)
|
||||
self.assertIsNone(token_data.federation_idp_id)
|
||||
|
||||
token_data['user'][token_model.federation.FEDERATION] = federation_data
|
||||
token_data['user'][federation_constants.FEDERATION] = federation_data
|
||||
|
||||
self.assertTrue(token_data.is_federated_user)
|
||||
self.assertEqual([x['id'] for x in federation_data['groups']],
|
||||
@ -150,7 +151,7 @@ class TestKeystoneTokenModel(core.TestCase):
|
||||
self.assertIsNone(token_data.federation_protocol_id)
|
||||
self.assertIsNone(token_data.federation_idp_id)
|
||||
|
||||
token_data['user'][token_model.federation.FEDERATION] = federation_data
|
||||
token_data['user'][federation_constants.FEDERATION] = federation_data
|
||||
|
||||
# Federated users should not exist in V2, the data should remain empty
|
||||
self.assertFalse(token_data.is_federated_user)
|
||||
|
@ -22,7 +22,7 @@ from six.moves.urllib import parse
|
||||
from keystone.common import controller as common_controller
|
||||
from keystone.common import dependency
|
||||
from keystone.common import utils
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone import exception
|
||||
from keystone.i18n import _, _LE
|
||||
from keystone import token
|
||||
@ -490,8 +490,8 @@ class BaseProvider(provider.Provider):
|
||||
return token_id, token_data
|
||||
|
||||
def _is_mapped_token(self, auth_context):
|
||||
return (federation.IDENTITY_PROVIDER in auth_context and
|
||||
federation.PROTOCOL in auth_context)
|
||||
return (federation_constants.IDENTITY_PROVIDER in auth_context and
|
||||
federation_constants.PROTOCOL in auth_context)
|
||||
|
||||
def issue_v3_token(self, user_id, method_names, expires_at=None,
|
||||
project_id=None, domain_id=None, auth_context=None,
|
||||
@ -538,18 +538,18 @@ class BaseProvider(provider.Provider):
|
||||
def _handle_mapped_tokens(self, auth_context, project_id, domain_id):
|
||||
def get_federated_domain():
|
||||
return (CONF.federation.federated_domain_name or
|
||||
federation.FEDERATED_DOMAIN_KEYWORD)
|
||||
federation_constants.FEDERATED_DOMAIN_KEYWORD)
|
||||
|
||||
federated_domain = get_federated_domain()
|
||||
user_id = auth_context['user_id']
|
||||
group_ids = auth_context['group_ids']
|
||||
idp = auth_context[federation.IDENTITY_PROVIDER]
|
||||
protocol = auth_context[federation.PROTOCOL]
|
||||
idp = auth_context[federation_constants.IDENTITY_PROVIDER]
|
||||
protocol = auth_context[federation_constants.PROTOCOL]
|
||||
token_data = {
|
||||
'user': {
|
||||
'id': user_id,
|
||||
'name': parse.unquote(user_id),
|
||||
federation.FEDERATION: {
|
||||
federation_constants.FEDERATION: {
|
||||
'identity_provider': {'id': idp},
|
||||
'protocol': {'id': protocol}
|
||||
},
|
||||
@ -565,7 +565,7 @@ class BaseProvider(provider.Provider):
|
||||
group_ids, project_id, domain_id, user_id)
|
||||
token_data.update({'roles': roles})
|
||||
else:
|
||||
token_data['user'][federation.FEDERATION].update({
|
||||
token_data['user'][federation_constants.FEDERATION].update({
|
||||
'groups': [{'id': x} for x in group_ids]
|
||||
})
|
||||
return token_data
|
||||
|
@ -14,7 +14,7 @@ from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
|
||||
from keystone.common import dependency
|
||||
from keystone.contrib import federation
|
||||
from keystone.contrib.federation import constants as federation_constants
|
||||
from keystone import exception
|
||||
from keystone.i18n import _
|
||||
from keystone.token import provider
|
||||
@ -101,11 +101,12 @@ class Provider(common.BaseProvider):
|
||||
|
||||
"""
|
||||
group_ids = token_data['token'].get('user', {}).get(
|
||||
federation.FEDERATION, {}).get('groups')
|
||||
federation_constants.FEDERATION, {}).get('groups')
|
||||
idp_id = token_data['token'].get('user', {}).get(
|
||||
federation.FEDERATION, {}).get('identity_provider', {}).get('id')
|
||||
federation_constants.FEDERATION, {}).get(
|
||||
'identity_provider', {}).get('id')
|
||||
protocol_id = token_data['token'].get('user', {}).get(
|
||||
federation.FEDERATION, {}).get('protocol', {}).get('id')
|
||||
federation_constants.FEDERATION, {}).get('protocol', {}).get('id')
|
||||
if not group_ids:
|
||||
group_ids = list()
|
||||
if group_ids:
|
||||
@ -130,7 +131,8 @@ class Provider(common.BaseProvider):
|
||||
federated_info = dict(groups=g_ids,
|
||||
identity_provider=dict(id=idp_id),
|
||||
protocol=dict(id=protocol_id))
|
||||
token_dict = {'user': {federation.FEDERATION: federated_info}}
|
||||
token_dict = {'user': {
|
||||
federation_constants.FEDERATION: federated_info}}
|
||||
token_dict['user']['id'] = user_id
|
||||
token_dict['user']['name'] = user_id
|
||||
return token_dict
|
||||
|
Loading…
x
Reference in New Issue
Block a user