Basic AccessInfo plugin

Generally we want people to use the existing plugins to manage their authentication, however there are a number of existing services that know how to work with an AccessInfo object directly and either cache it or manipulate it manually. Provide a simple Identity plugin that just takes an existing AccessInfo and allows it to be used as an authentication plugin. Change-Id: I388283c03a0a8a3d1afe43138eebbe5e66ca9102
2014-12-22 10:45:04 +10:00 · 2014-12-22 10:45:04 +10:00 · 59cdbe8ed4
parent cef7775cda
commit 59cdbe8ed4
2 changed files with 108 additions and 0 deletions
--- a/keystoneclient/auth/identity/access.py
+++ b/keystoneclient/auth/identity/access.py
@ -0,0 +1,47 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient.auth.identity import base
+from keystoneclient import utils
+
+
+class AccessInfoPlugin(base.BaseIdentityPlugin):
+    """A plugin that turns an existing AccessInfo object into a usable plugin.
+
+    There are cases where reuse of an auth_ref or AccessInfo object is
+    warranted such as from a cache, from auth_token middleware, or another
+    source.
+
+    Turn the existing access info object into an identity plugin. This plugin
+    cannot be refreshed as the AccessInfo object does not contain any
+    authorizing information.
+
+    :param auth_ref: the existing AccessInfo object.
+    :type auth_ref: keystoneclient.access.AccessInfo
+    :param auth_url: the url where this AccessInfo was retrieved from. Required
+                     if using the AUTH_INTERFACE with get_endpoint. (optional)
+    """
+
+    @utils.positional()
+    def __init__(self, auth_ref, auth_url=None):
+        super(AccessInfoPlugin, self).__init__(auth_url=auth_url,
+                                               reauthenticate=False)
+        self.auth_ref = auth_ref
+
+    def get_auth_ref(self, session, **kwargs):
+        return self.auth_ref
+
+    def invalidate(self):
+        # NOTE(jamielennox): Don't allow the default invalidation to occur
+        # because on next authentication request we will only get the same
+        # auth_ref object again.
+        return False
--- a/keystoneclient/tests/auth/test_access.py
+++ b/keystoneclient/tests/auth/test_access.py
@ -0,0 +1,61 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import uuid
+
+from keystoneclient import access
+from keystoneclient import auth
+from keystoneclient.auth.identity import access as access_plugin
+from keystoneclient import fixture
+from keystoneclient import session
+from keystoneclient.tests import utils
+
+
+class AccessInfoPluginTests(utils.TestCase):
+
+    def setUp(self):
+        super(AccessInfoPluginTests, self).setUp()
+        self.session = session.Session()
+        self.auth_token = uuid.uuid4().hex
+
+    def _plugin(self, **kwargs):
+        token = fixture.V3Token()
+        s = token.add_service('identity')
+        s.add_standard_endpoints(public=self.TEST_ROOT_URL)
+
+        auth_ref = access.AccessInfo.factory(body=token,
+                                             auth_token=self.auth_token)
+        return access_plugin.AccessInfoPlugin(auth_ref, **kwargs)
+
+    def test_auth_ref(self):
+        plugin = self._plugin()
+        self.assertEqual(self.TEST_ROOT_URL,
+                         plugin.get_endpoint(self.session,
+                                             service_type='identity',
+                                             interface='public'))
+        self.assertEqual(self.auth_token, plugin.get_token(session))
+
+    def test_auth_url(self):
+        auth_url = 'http://keystone.test.url'
+        plugin = self._plugin(auth_url=auth_url)
+
+        self.assertEqual(auth_url,
+                         plugin.get_endpoint(self.session,
+                                             interface=auth.AUTH_INTERFACE))
+
+    def test_invalidate(self):
+        plugin = self._plugin()
+        auth_ref = plugin.auth_ref
+
+        self.assertIsInstance(auth_ref, access.AccessInfo)
+        self.assertFalse(plugin.invalidate())
+        self.assertIs(auth_ref, plugin.auth_ref)