Implementation of opt-out from catalog data during token validation.
The additional query parameter nocatalog in GET /v3/auth/tokens allows the requestor to receive a token response omitting the catalog data. This makes the token response sensibly smaller in case the catalog is large due to the vaste deployment environment and available services. e.g. GET /v3/auth/tokens?nocatalog blueprint token-valid-catalog-opt-out Change-Id: I272b1282acc0f04565d88c51b87dc7e30b141b7c
This commit is contained in:
parent
94f965b29a
commit
d28b84a9a1
|
@ -367,7 +367,11 @@ class Auth(controller.V3Controller):
|
|||
@controller.protected()
|
||||
def validate_token(self, context):
|
||||
token_id = context.get('subject_token_id')
|
||||
token_data = self.token_provider_api.validate_v3_token(token_id)
|
||||
include_catalog = 'nocatalog' not in context['query_string']
|
||||
token_data = self.token_provider_api.validate_v3_token(
|
||||
token_id)
|
||||
if not include_catalog and 'catalog' in token_data['token']:
|
||||
del token_data['token']['catalog']
|
||||
return render_token_data_response(token_id, token_data)
|
||||
|
||||
@controller.protected()
|
||||
|
|
|
@ -320,6 +320,16 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase):
|
|||
r = self.get('/auth/tokens', headers=self.headers)
|
||||
self.assertValidUnscopedTokenResponse(r)
|
||||
|
||||
def test_validate_token_nocatalog(self):
|
||||
auth_data = self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
password=self.user['password'],
|
||||
project_id=self.project['id'])
|
||||
resp = self.post('/auth/tokens', body=auth_data)
|
||||
headers = {'X-Subject-Token': resp.headers.get('X-Subject-Token')}
|
||||
r = self.get('/auth/tokens?nocatalog', headers=headers)
|
||||
self.assertValidProjectScopedTokenResponse(r, require_catalog=False)
|
||||
|
||||
def test_revoke_token(self):
|
||||
headers = {'X-Subject-Token': self.get_scoped_token()}
|
||||
self.delete('/auth/tokens', headers=headers, expected_status=204)
|
||||
|
|
|
@ -317,8 +317,6 @@ class Provider(object):
|
|||
|
||||
:param token_id: identity of the token
|
||||
:type token_id: string
|
||||
:param belongs_to: project_id token belongs to
|
||||
:type belongs_to: string
|
||||
:returns: token data
|
||||
:raises: keystone.exception.TokenNotFound
|
||||
"""
|
||||
|
|
Loading…
Reference in New Issue