Update middleware and tests for new package

Update the middleware code and the tests to run with the new
package name.
This commit is contained in:
Morgan Fainberg 2014-06-19 17:31:42 -07:00
parent d0ce533c8e
commit ef4e828528
8 changed files with 81 additions and 60 deletions

View File

@ -154,18 +154,18 @@ import stat
import tempfile
import time
from keystoneclient import access
from keystoneclient.common import cms
from keystoneclient import exceptions
import netaddr
from oslo.config import cfg
import six
from six.moves import urllib
from keystoneclient import access
from keystoneclient.common import cms
from keystoneclient import exceptions
from keystoneclient.middleware import memcache_crypt
from keystoneclient.openstack.common import jsonutils
from keystoneclient.openstack.common import memorycache
from keystoneclient.openstack.common import timeutils
from keystonemiddleware import memcache_crypt
from keystonemiddleware.openstack.common import jsonutils
from keystonemiddleware.openstack.common import memorycache
from keystonemiddleware.openstack.common import timeutils
# alternative middleware configuration in the main application's
@ -1567,7 +1567,7 @@ def app_factory(global_conf, **local_conf):
if __name__ == '__main__':
"""Run this module directly to start a protected echo service::
$ python -m keystoneclient.middleware.auth_token
$ python -m keystonemiddleware.auth_token
When the ``auth_token`` module authenticates a request, the echo service
will respond with all the environment variables presented to it by this

View File

@ -25,33 +25,36 @@ import requests
import webob.dec
import webob.exc
from keystone.common import config
from keystone.common import wsgi
from keystone.openstack.common import jsonutils
from keystonemiddleware.openstack.common import jsonutils
keystone_ec2_opts = [
cfg.StrOpt('keystone_ec2_url',
cfg.StrOpt('url',
default='http://localhost:5000/v2.0/ec2tokens',
help='URL to get token from ec2 request.'),
cfg.StrOpt('keystone_ec2_keyfile', help='Required if EC2 server requires '
'client certificate.'),
cfg.StrOpt('keystone_ec2_certfile', help='Client certificate key '
'filename. Required if EC2 server requires client '
'certificate.'),
cfg.StrOpt('keystone_ec2_cafile', help='A PEM encoded certificate '
'authority to use when verifying HTTPS connections. Defaults '
'to the system CAs.'),
cfg.BoolOpt('keystone_ec2_insecure', default=False, help='Disable SSL '
'certificate verification.'),
cfg.StrOpt('keyfile',
help='Required if EC2 server requires client certificate.'),
cfg.StrOpt('certfile',
help='Client certificate key filename. Required if EC2 server '
'requires client certificate.'),
cfg.StrOpt('cafile',
help='A PEM encoded certificate authority to use when '
'verifying HTTPS connections. Defaults to the system '
'CAs.'),
cfg.BoolOpt('insecure', default=False,
help='Disable SSL certificate verification.'),
]
CONF = config.CONF
CONF.register_opts(keystone_ec2_opts)
CONF = cfg.CONF
CONF.register_opts(keystone_ec2_opts, group='keystone_ec2_token')
class EC2Token(wsgi.Middleware):
class EC2Token(object):
"""Authenticate an EC2 request with keystone and convert to token."""
def __init__(self, application):
super(EC2Token, self).__init__()
self.application = application
@webob.dec.wsgify()
def __call__(self, req):
# Read request signature and access id.
@ -81,18 +84,20 @@ class EC2Token(wsgi.Middleware):
headers = {'Content-Type': 'application/json'}
verify = True
if CONF.keystone_ec2_insecure:
if CONF.keystone_ec2_token.insecure:
verify = False
elif CONF.keystone_ec2_cafile:
verify = CONF.keystone_ec2_cafile
elif CONF.keystone_ec2_token.cafile:
verify = CONF.keystone_ec2_token.cafile
cert = None
if CONF.keystone_ec2_certfile and CONF.keystone_ec2_keyfile:
cert = (CONF.keystone_ec2_certfile, CONF.keystone_ec2_keyfile)
elif CONF.keystone_ec2_certfile:
cert = CONF.keystone_ec2_certfile
if (CONF.keystone_ec2_token.certfile and
CONF.keystone_ec2_token.keyfile):
cert = (CONF.keystone_ec2_certfile,
CONF.keystone_ec2_token.keyfile)
elif CONF.keystone_ec2_token.certfile:
cert = CONF.keystone_ec2_token.certfile
response = requests.post(CONF.keystone_ec2_url, data=creds_json,
response = requests.post(CONF.keystone_ec2_token.url, data=creds_json,
headers=headers, verify=verify, cert=cert)
# NOTE(vish): We could save a call to keystone by
@ -108,3 +113,19 @@ class EC2Token(wsgi.Middleware):
# Authenticated!
req.headers['X-Auth-Token'] = token_id
return self.application
def filter_factory(global_conf, **local_conf):
"""Returns a WSGI filter app for use with paste.deploy."""
conf = global_conf.copy()
conf.update(local_conf)
def auth_filter(app):
return EC2Token(app, conf)
return auth_filter
def app_factory(global_conf, **local_conf):
conf = global_conf.copy()
conf.update(local_conf)
return EC2Token(None, conf)

View File

@ -38,7 +38,7 @@ import requests
import six
from six.moves import urllib
from keystoneclient.openstack.common import jsonutils
from keystonemiddleware.openstack.common import jsonutils
PROTOCOL_NAME = 'S3 Token Authentication'

View File

@ -15,13 +15,13 @@
import os
import fixtures
from keystoneclient.common import cms
from keystoneclient import utils
import six
import testresources
from keystoneclient.common import cms
from keystoneclient.openstack.common import jsonutils
from keystoneclient.openstack.common import timeutils
from keystoneclient import utils
from keystonemiddleware.openstack.common import jsonutils
from keystonemiddleware.openstack.common import timeutils
TESTDIR = os.path.dirname(os.path.abspath(__file__))

View File

@ -25,22 +25,22 @@ import uuid
import fixtures
import httpretty
import iso8601
from keystoneclient import access
from keystoneclient.common import cms
from keystoneclient import exceptions
from keystoneclient import fixture
import mock
import testresources
import testtools
from testtools import matchers
import webob
from keystoneclient import access
from keystoneclient.common import cms
from keystoneclient import exceptions
from keystoneclient import fixture
from keystoneclient.middleware import auth_token
from keystoneclient.openstack.common import jsonutils
from keystoneclient.openstack.common import memorycache
from keystoneclient.openstack.common import timeutils
from keystoneclient.tests import client_fixtures
from keystoneclient.tests import utils
from keystonemiddleware import auth_token
from keystonemiddleware.openstack.common import jsonutils
from keystonemiddleware.openstack.common import memorycache
from keystonemiddleware.openstack.common import timeutils
from keystonemiddleware.tests import client_fixtures
from keystonemiddleware.tests import utils
EXPECTED_V2_DEFAULT_ENV_RESPONSE = {
@ -1018,14 +1018,14 @@ class CommonAuthTokenMiddlewareTest(object):
token = self.token_dict['signed_token_scoped']
req.headers['X-Auth-Token'] = token
req.environ.update(extra_environ)
timeutils_utcnow = 'keystoneclient.openstack.common.timeutils.utcnow'
utcnow = 'keystonemiddleware.openstack.common.timeutils.utcnow'
now = datetime.datetime.utcnow()
with mock.patch(timeutils_utcnow) as mock_utcnow:
with mock.patch(utcnow) as mock_utcnow:
mock_utcnow.return_value = now
self.middleware(req.environ, self.start_fake_response)
self.assertIsNotNone(self._get_cached_token(token))
expired = now + datetime.timedelta(seconds=token_cache_time)
with mock.patch(timeutils_utcnow) as mock_utcnow:
with mock.patch(utcnow) as mock_utcnow:
mock_utcnow.return_value = expired
self.assertIsNone(self._get_cached_token(token))
@ -1811,7 +1811,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
auth_token.confirm_token_not_expired,
data)
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
def test_v2_token_with_timezone_offset_not_expired(self, mock_utcnow):
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
current_time = timeutils.normalize_time(current_time)
@ -1822,7 +1822,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
actual_expires = auth_token.confirm_token_not_expired(data)
self.assertEqual(actual_expires, expected_expires)
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
def test_v2_token_with_timezone_offset_expired(self, mock_utcnow):
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
current_time = timeutils.normalize_time(current_time)
@ -1846,7 +1846,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
auth_token.confirm_token_not_expired,
data)
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
def test_v3_token_with_timezone_offset_not_expired(self, mock_utcnow):
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
current_time = timeutils.normalize_time(current_time)
@ -1858,7 +1858,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest):
actual_expires = auth_token.confirm_token_not_expired(data)
self.assertEqual(actual_expires, expected_expires)
@mock.patch('keystoneclient.openstack.common.timeutils.utcnow')
@mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow')
def test_v3_token_with_timezone_offset_expired(self, mock_utcnow):
current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z')
current_time = timeutils.normalize_time(current_time)

View File

@ -13,7 +13,7 @@
import six
import testtools
from keystoneclient.middleware import memcache_crypt
from keystonemiddleware import memcache_crypt
class MemcacheCryptPositiveTests(testtools.TestCase):

View File

@ -19,9 +19,9 @@ import six
import testtools
import webob
from keystoneclient.middleware import s3_token
from keystoneclient.openstack.common import jsonutils
from keystoneclient.tests import utils
from keystonemiddleware.openstack.common import jsonutils
from keystonemiddleware import s3_token
from keystonemiddleware.tests import utils
GOOD_RESPONSE = {'access': {'token': {'id': 'TOKEN_ID',

View File

@ -24,7 +24,7 @@ from six.moves.urllib import parse as urlparse
import testtools
import uuid
from keystoneclient.openstack.common import jsonutils
from keystonemiddleware.openstack.common import jsonutils
class TestCase(testtools.TestCase):