Update middleware and tests for new package
Update the middleware code and the tests to run with the new package name.
This commit is contained in:
parent
d0ce533c8e
commit
ef4e828528
@ -154,18 +154,18 @@ import stat
|
||||
import tempfile
|
||||
import time
|
||||
|
||||
from keystoneclient import access
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import exceptions
|
||||
import netaddr
|
||||
from oslo.config import cfg
|
||||
import six
|
||||
from six.moves import urllib
|
||||
|
||||
from keystoneclient import access
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient.middleware import memcache_crypt
|
||||
from keystoneclient.openstack.common import jsonutils
|
||||
from keystoneclient.openstack.common import memorycache
|
||||
from keystoneclient.openstack.common import timeutils
|
||||
from keystonemiddleware import memcache_crypt
|
||||
from keystonemiddleware.openstack.common import jsonutils
|
||||
from keystonemiddleware.openstack.common import memorycache
|
||||
from keystonemiddleware.openstack.common import timeutils
|
||||
|
||||
|
||||
# alternative middleware configuration in the main application's
|
||||
@ -1567,7 +1567,7 @@ def app_factory(global_conf, **local_conf):
|
||||
if __name__ == '__main__':
|
||||
"""Run this module directly to start a protected echo service::
|
||||
|
||||
$ python -m keystoneclient.middleware.auth_token
|
||||
$ python -m keystonemiddleware.auth_token
|
||||
|
||||
When the ``auth_token`` module authenticates a request, the echo service
|
||||
will respond with all the environment variables presented to it by this
|
||||
|
@ -25,33 +25,36 @@ import requests
|
||||
import webob.dec
|
||||
import webob.exc
|
||||
|
||||
from keystone.common import config
|
||||
from keystone.common import wsgi
|
||||
from keystone.openstack.common import jsonutils
|
||||
from keystonemiddleware.openstack.common import jsonutils
|
||||
|
||||
keystone_ec2_opts = [
|
||||
cfg.StrOpt('keystone_ec2_url',
|
||||
cfg.StrOpt('url',
|
||||
default='http://localhost:5000/v2.0/ec2tokens',
|
||||
help='URL to get token from ec2 request.'),
|
||||
cfg.StrOpt('keystone_ec2_keyfile', help='Required if EC2 server requires '
|
||||
'client certificate.'),
|
||||
cfg.StrOpt('keystone_ec2_certfile', help='Client certificate key '
|
||||
'filename. Required if EC2 server requires client '
|
||||
'certificate.'),
|
||||
cfg.StrOpt('keystone_ec2_cafile', help='A PEM encoded certificate '
|
||||
'authority to use when verifying HTTPS connections. Defaults '
|
||||
'to the system CAs.'),
|
||||
cfg.BoolOpt('keystone_ec2_insecure', default=False, help='Disable SSL '
|
||||
'certificate verification.'),
|
||||
cfg.StrOpt('keyfile',
|
||||
help='Required if EC2 server requires client certificate.'),
|
||||
cfg.StrOpt('certfile',
|
||||
help='Client certificate key filename. Required if EC2 server '
|
||||
'requires client certificate.'),
|
||||
cfg.StrOpt('cafile',
|
||||
help='A PEM encoded certificate authority to use when '
|
||||
'verifying HTTPS connections. Defaults to the system '
|
||||
'CAs.'),
|
||||
cfg.BoolOpt('insecure', default=False,
|
||||
help='Disable SSL certificate verification.'),
|
||||
]
|
||||
|
||||
CONF = config.CONF
|
||||
CONF.register_opts(keystone_ec2_opts)
|
||||
CONF = cfg.CONF
|
||||
CONF.register_opts(keystone_ec2_opts, group='keystone_ec2_token')
|
||||
|
||||
|
||||
class EC2Token(wsgi.Middleware):
|
||||
class EC2Token(object):
|
||||
"""Authenticate an EC2 request with keystone and convert to token."""
|
||||
|
||||
def __init__(self, application):
|
||||
super(EC2Token, self).__init__()
|
||||
self.application = application
|
||||
|
||||
@webob.dec.wsgify()
|
||||
def __call__(self, req):
|
||||
# Read request signature and access id.
|
||||
@ -81,18 +84,20 @@ class EC2Token(wsgi.Middleware):
|
||||
headers = {'Content-Type': 'application/json'}
|
||||
|
||||
verify = True
|
||||
if CONF.keystone_ec2_insecure:
|
||||
if CONF.keystone_ec2_token.insecure:
|
||||
verify = False
|
||||
elif CONF.keystone_ec2_cafile:
|
||||
verify = CONF.keystone_ec2_cafile
|
||||
elif CONF.keystone_ec2_token.cafile:
|
||||
verify = CONF.keystone_ec2_token.cafile
|
||||
|
||||
cert = None
|
||||
if CONF.keystone_ec2_certfile and CONF.keystone_ec2_keyfile:
|
||||
cert = (CONF.keystone_ec2_certfile, CONF.keystone_ec2_keyfile)
|
||||
elif CONF.keystone_ec2_certfile:
|
||||
cert = CONF.keystone_ec2_certfile
|
||||
if (CONF.keystone_ec2_token.certfile and
|
||||
CONF.keystone_ec2_token.keyfile):
|
||||
cert = (CONF.keystone_ec2_certfile,
|
||||
CONF.keystone_ec2_token.keyfile)
|
||||
elif CONF.keystone_ec2_token.certfile:
|
||||
cert = CONF.keystone_ec2_token.certfile
|
||||
|
||||
response = requests.post(CONF.keystone_ec2_url, data=creds_json,
|
||||
response = requests.post(CONF.keystone_ec2_token.url, data=creds_json,
|
||||
headers=headers, verify=verify, cert=cert)
|
||||
|
||||
# NOTE(vish): We could save a call to keystone by
|
||||
@ -108,3 +113,19 @@ class EC2Token(wsgi.Middleware):
|
||||
# Authenticated!
|
||||
req.headers['X-Auth-Token'] = token_id
|
||||
return self.application
|
||||
|
||||
|
||||
def filter_factory(global_conf, **local_conf):
|
||||
"""Returns a WSGI filter app for use with paste.deploy."""
|
||||
conf = global_conf.copy()
|
||||
conf.update(local_conf)
|
||||
|
||||
def auth_filter(app):
|
||||
return EC2Token(app, conf)
|
||||
return auth_filter
|
||||
|
||||
|
||||
def app_factory(global_conf, **local_conf):
|
||||
conf = global_conf.copy()
|
||||
conf.update(local_conf)
|
||||
return EC2Token(None, conf)
|
||||
|
@ -38,7 +38,7 @@ import requests
|
||||
import six
|
||||
from six.moves import urllib
|
||||
|
||||
from keystoneclient.openstack.common import jsonutils
|
||||
from keystonemiddleware.openstack.common import jsonutils
|
||||
|
||||
|
||||
PROTOCOL_NAME = 'S3 Token Authentication'
|
||||
|
@ -15,13 +15,13 @@
|
||||
import os
|
||||
|
||||
import fixtures
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import utils
|
||||
import six
|
||||
import testresources
|
||||
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient.openstack.common import jsonutils
|
||||
from keystoneclient.openstack.common import timeutils
|
||||
from keystoneclient import utils
|
||||
from keystonemiddleware.openstack.common import jsonutils
|
||||
from keystonemiddleware.openstack.common import timeutils
|
||||
|
||||
|
||||
TESTDIR = os.path.dirname(os.path.abspath(__file__))
|
||||
|
@ -25,22 +25,22 @@ import uuid
|
||||
import fixtures
|
||||
import httpretty
|
||||
import iso8601
|
||||
from keystoneclient import access
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import fixture
|
||||
import mock
|
||||
import testresources
|
||||
import testtools
|
||||
from testtools import matchers
|
||||
import webob
|
||||
|
||||
from keystoneclient import access
|
||||
from keystoneclient.common import cms
|
||||
from keystoneclient import exceptions
|
||||
from keystoneclient import fixture
|
||||
from keystoneclient.middleware import auth_token
|
||||
from keystoneclient.openstack.common import jsonutils
|
||||
from keystoneclient.openstack.common import memorycache
|
||||
from keystoneclient.openstack.common import timeutils
|
||||
from keystoneclient.tests import client_fixtures
|
||||
from keystoneclient.tests import utils
|
||||
from keystonemiddleware import auth_token
|
||||
from keystonemiddleware.openstack.common import jsonutils
|
||||
from keystonemiddleware.openstack.common import memorycache
|
||||
from keystonemiddleware.openstack.common import timeutils
|
||||
from keystonemiddleware.tests import client_fixtures
|
||||
from keystonemiddleware.tests import utils
|
||||
|
||||
|
||||
EXPECTED_V2_DEFAULT_ENV_RESPONSE = {
|
||||
@ -1018,14 +1018,14 @@ class CommonAuthTokenMiddlewareTest(object):
|
||||
token = self.token_dict['signed_token_scoped']
|
||||
req.headers['X-Auth-Token'] = token
|
||||
req.environ.update(extra_environ)
|
||||
timeutils_utcnow = 'keystoneclient.openstack.common.timeutils.utcnow'
|
||||
utcnow = 'keystonemiddleware.openstack.common.timeutils.utcnow'
|
||||
now = datetime.datetime.utcnow()
|
||||
with mock.patch(timeutils_utcnow) as mock_utcnow:
|
||||
with mock.patch(utcnow) as mock_utcnow:
|
||||
mock_utcnow.return_value = now
|
||||
self.middleware(req.environ, self.start_fake_response)
|
||||
self.assertIsNotNone(self._get_cached_token(token))
|
||||
expired = now + datetime.timedelta(seconds=token_cache_time)
|
||||
with mock.patch(timeutils_utcnow) as mock_utcnow:
|
||||
with mock.patch(utcnow) as mock_utcnow:
|
||||
mock_utcnow.return_value = expired
|
||||
self.assertIsNone(self._get_cached_token(token))
|
||||
|
||||
@ -1811,7 +1811,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
|
||||
auth_token.confirm_token_not_expired,
|
||||
data)
|
||||
|
||||
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
|
||||
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
|
||||
def test_v2_token_with_timezone_offset_not_expired(self, mock_utcnow):
|
||||
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
|
||||
current_time = timeutils.normalize_time(current_time)
|
||||
@ -1822,7 +1822,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
|
||||
actual_expires = auth_token.confirm_token_not_expired(data)
|
||||
self.assertEqual(actual_expires, expected_expires)
|
||||
|
||||
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
|
||||
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
|
||||
def test_v2_token_with_timezone_offset_expired(self, mock_utcnow):
|
||||
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
|
||||
current_time = timeutils.normalize_time(current_time)
|
||||
@ -1846,7 +1846,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
|
||||
auth_token.confirm_token_not_expired,
|
||||
data)
|
||||
|
||||
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
|
||||
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
|
||||
def test_v3_token_with_timezone_offset_not_expired(self, mock_utcnow):
|
||||
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
|
||||
current_time = timeutils.normalize_time(current_time)
|
||||
@ -1858,7 +1858,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
|
||||
actual_expires = auth_token.confirm_token_not_expired(data)
|
||||
self.assertEqual(actual_expires, expected_expires)
|
||||
|
||||
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
|
||||
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
|
||||
def test_v3_token_with_timezone_offset_expired(self, mock_utcnow):
|
||||
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
|
||||
current_time = timeutils.normalize_time(current_time)
|
||||
|
@ -13,7 +13,7 @@
|
||||
import six
|
||||
import testtools
|
||||
|
||||
from keystoneclient.middleware import memcache_crypt
|
||||
from keystonemiddleware import memcache_crypt
|
||||
|
||||
|
||||
class MemcacheCryptPositiveTests(testtools.TestCase):
|
||||
|
@ -19,9 +19,9 @@ import six
|
||||
import testtools
|
||||
import webob
|
||||
|
||||
from keystoneclient.middleware import s3_token
|
||||
from keystoneclient.openstack.common import jsonutils
|
||||
from keystoneclient.tests import utils
|
||||
from keystonemiddleware.openstack.common import jsonutils
|
||||
from keystonemiddleware import s3_token
|
||||
from keystonemiddleware.tests import utils
|
||||
|
||||
|
||||
GOOD_RESPONSE = {'access': {'token': {'id': 'TOKEN_ID',
|
||||
|
@ -24,7 +24,7 @@ from six.moves.urllib import parse as urlparse
|
||||
import testtools
|
||||
import uuid
|
||||
|
||||
from keystoneclient.openstack.common import jsonutils
|
||||
from keystonemiddleware.openstack.common import jsonutils
|
||||
|
||||
|
||||
class TestCase(testtools.TestCase):
|
||||
|
Loading…
Reference in New Issue
Block a user