Basic AccessInfo plugin
Generally we want people to use the existing plugins to manage their authentication, however there are a number of existing services that know how to work with an AccessInfo object directly and either cache it or manipulate it manually. Provide a simple Identity plugin that just takes an existing AccessInfo and allows it to be used as an authentication plugin. Change-Id: I388283c03a0a8a3d1afe43138eebbe5e66ca9102
This commit is contained in:
parent
cef7775cda
commit
59cdbe8ed4
47
keystoneclient/auth/identity/access.py
Normal file
47
keystoneclient/auth/identity/access.py
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from keystoneclient.auth.identity import base
|
||||||
|
from keystoneclient import utils
|
||||||
|
|
||||||
|
|
||||||
|
class AccessInfoPlugin(base.BaseIdentityPlugin):
|
||||||
|
"""A plugin that turns an existing AccessInfo object into a usable plugin.
|
||||||
|
|
||||||
|
There are cases where reuse of an auth_ref or AccessInfo object is
|
||||||
|
warranted such as from a cache, from auth_token middleware, or another
|
||||||
|
source.
|
||||||
|
|
||||||
|
Turn the existing access info object into an identity plugin. This plugin
|
||||||
|
cannot be refreshed as the AccessInfo object does not contain any
|
||||||
|
authorizing information.
|
||||||
|
|
||||||
|
:param auth_ref: the existing AccessInfo object.
|
||||||
|
:type auth_ref: keystoneclient.access.AccessInfo
|
||||||
|
:param auth_url: the url where this AccessInfo was retrieved from. Required
|
||||||
|
if using the AUTH_INTERFACE with get_endpoint. (optional)
|
||||||
|
"""
|
||||||
|
|
||||||
|
@utils.positional()
|
||||||
|
def __init__(self, auth_ref, auth_url=None):
|
||||||
|
super(AccessInfoPlugin, self).__init__(auth_url=auth_url,
|
||||||
|
reauthenticate=False)
|
||||||
|
self.auth_ref = auth_ref
|
||||||
|
|
||||||
|
def get_auth_ref(self, session, **kwargs):
|
||||||
|
return self.auth_ref
|
||||||
|
|
||||||
|
def invalidate(self):
|
||||||
|
# NOTE(jamielennox): Don't allow the default invalidation to occur
|
||||||
|
# because on next authentication request we will only get the same
|
||||||
|
# auth_ref object again.
|
||||||
|
return False
|
61
keystoneclient/tests/auth/test_access.py
Normal file
61
keystoneclient/tests/auth/test_access.py
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import uuid
|
||||||
|
|
||||||
|
from keystoneclient import access
|
||||||
|
from keystoneclient import auth
|
||||||
|
from keystoneclient.auth.identity import access as access_plugin
|
||||||
|
from keystoneclient import fixture
|
||||||
|
from keystoneclient import session
|
||||||
|
from keystoneclient.tests import utils
|
||||||
|
|
||||||
|
|
||||||
|
class AccessInfoPluginTests(utils.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(AccessInfoPluginTests, self).setUp()
|
||||||
|
self.session = session.Session()
|
||||||
|
self.auth_token = uuid.uuid4().hex
|
||||||
|
|
||||||
|
def _plugin(self, **kwargs):
|
||||||
|
token = fixture.V3Token()
|
||||||
|
s = token.add_service('identity')
|
||||||
|
s.add_standard_endpoints(public=self.TEST_ROOT_URL)
|
||||||
|
|
||||||
|
auth_ref = access.AccessInfo.factory(body=token,
|
||||||
|
auth_token=self.auth_token)
|
||||||
|
return access_plugin.AccessInfoPlugin(auth_ref, **kwargs)
|
||||||
|
|
||||||
|
def test_auth_ref(self):
|
||||||
|
plugin = self._plugin()
|
||||||
|
self.assertEqual(self.TEST_ROOT_URL,
|
||||||
|
plugin.get_endpoint(self.session,
|
||||||
|
service_type='identity',
|
||||||
|
interface='public'))
|
||||||
|
self.assertEqual(self.auth_token, plugin.get_token(session))
|
||||||
|
|
||||||
|
def test_auth_url(self):
|
||||||
|
auth_url = 'http://keystone.test.url'
|
||||||
|
plugin = self._plugin(auth_url=auth_url)
|
||||||
|
|
||||||
|
self.assertEqual(auth_url,
|
||||||
|
plugin.get_endpoint(self.session,
|
||||||
|
interface=auth.AUTH_INTERFACE))
|
||||||
|
|
||||||
|
def test_invalidate(self):
|
||||||
|
plugin = self._plugin()
|
||||||
|
auth_ref = plugin.auth_ref
|
||||||
|
|
||||||
|
self.assertIsInstance(auth_ref, access.AccessInfo)
|
||||||
|
self.assertFalse(plugin.invalidate())
|
||||||
|
self.assertIs(auth_ref, plugin.auth_ref)
|
Loading…
Reference in New Issue
Block a user