Fix authentication from the auth_ref
1) Populate token_info in the AuthInformationHook 2) don't re-authenticate if we have auth_ref 3) set the token.id from the context for v2 tokens Change-Id: Ice017dc42292c3fb5ddc062d064485389e082a63
This commit is contained in:
Angus Salkeld
@@ -109,9 +109,11 @@ class AuthInformationHook(hooks.PecanHook):
|
||||
importutils.import_module('keystoneclient.middleware.auth_token')
|
||||
auth_url = cfg.CONF.keystone_authtoken.auth_uri
|
||||
|
||||
auth_token_info = state.request.environ.get('keystone.token_info')
|
||||
identity_status = headers.get('X-Identity-Status')
|
||||
if identity_status == 'Confirmed':
|
||||
ctx = context.RequestContext(auth_token=recv_auth_token,
|
||||
auth_token_info=auth_token_info,
|
||||
user=user_id,
|
||||
tenant=project_id,
|
||||
domain=domain,
|
||||
|
||||
@@ -107,6 +107,7 @@ class KeystoneClientV3(object):
|
||||
kwargs['auth_ref'] = copy.deepcopy(
|
||||
self.context.auth_token_info['access'])
|
||||
kwargs['auth_ref']['version'] = 'v2.0'
|
||||
kwargs['auth_ref']['token']['id'] = self.context.auth_token
|
||||
elif 'token' in self.context.auth_token_info:
|
||||
kwargs['auth_ref'] = copy.deepcopy(
|
||||
self.context.auth_token_info['token'])
|
||||
@@ -123,7 +124,8 @@ class KeystoneClientV3(object):
|
||||
"trust or auth_token!"))
|
||||
raise exception.AuthorizationFailure()
|
||||
client = kc_v3.Client(**kwargs)
|
||||
client.authenticate()
|
||||
if 'auth_ref' not in kwargs:
|
||||
client.authenticate()
|
||||
# If we are authenticating with a trust set the context auth_token
|
||||
# with the trust scoped token
|
||||
if 'trust_id' in kwargs:
|
||||
|
||||
@@ -73,3 +73,15 @@ class TestAuth(base.BaseTestCase):
|
||||
fakes.fakeAuthTokenHeaders['X-Project-Domain-Id'])
|
||||
self.assertEqual(ctx.user_domain,
|
||||
fakes.fakeAuthTokenHeaders['X-User-Domain-Id'])
|
||||
self.assertIsNone(ctx.auth_token_info)
|
||||
|
||||
def test_auth_hook_before_method_auth_info(self, mock_cls):
|
||||
state = mock.Mock(request=fakes.FakePecanRequest())
|
||||
state.request.environ['keystone.token_info'] = 'assert_this'
|
||||
hook = auth.AuthInformationHook()
|
||||
hook.before(state)
|
||||
ctx = state.request.security_context
|
||||
self.assertIsInstance(ctx, context.RequestContext)
|
||||
self.assertEqual(fakes.fakeAuthTokenHeaders['X-Auth-Token'],
|
||||
ctx.auth_token)
|
||||
self.assertEqual('assert_this', ctx.auth_token_info)
|
||||
|
||||
@@ -50,6 +50,7 @@ class ClientsTest(base.BaseTestCase):
|
||||
def test_clients_glance_noauth(self):
|
||||
con = mock.MagicMock()
|
||||
con.auth_token = None
|
||||
con.auth_token_info = None
|
||||
con.tenant = "b363706f891f48019483f8bd6503c54d"
|
||||
obj = clients.OpenStackClients(con)
|
||||
obj._glance = None
|
||||
@@ -92,6 +93,7 @@ class ClientsTest(base.BaseTestCase):
|
||||
def test_clients_heat_noauth(self):
|
||||
con = mock.MagicMock()
|
||||
con.auth_token = None
|
||||
con.auth_token_info = None
|
||||
con.tenant = "b363706f891f48019483f8bd6503c54b"
|
||||
auth_url = mock.PropertyMock(name="auth_url",
|
||||
return_value="keystone_url")
|
||||
@@ -135,6 +137,7 @@ class ClientsTest(base.BaseTestCase):
|
||||
def test_clients_swift_noauth(self):
|
||||
con = mock.MagicMock()
|
||||
con.auth_token = None
|
||||
con.auth_token_info = None
|
||||
con.tenant = "b363706f891f48019483f8bd6503c54b"
|
||||
auth_url = mock.PropertyMock(name="auth_url",
|
||||
return_value="keystone_url")
|
||||
@@ -180,6 +183,7 @@ class ClientsTest(base.BaseTestCase):
|
||||
def test_clients_neutron_noauth(self):
|
||||
con = mock.MagicMock()
|
||||
con.auth_token = None
|
||||
con.auth_token_info = None
|
||||
con.tenant = "b363706f891f48019483f8bd6503c54b"
|
||||
auth_url = mock.PropertyMock(name="auth_url",
|
||||
return_value="keystone_url")
|
||||
|
||||
@@ -71,17 +71,18 @@ class KeystoneClientTest(base.BaseTestCase):
|
||||
|
||||
def test_init_trust_token_access(self, mock_ks):
|
||||
"""Test creating the client, token auth."""
|
||||
self.ctx.tenant = None
|
||||
self.ctx.tenant = 'abcd1234'
|
||||
self.ctx.trust_id = None
|
||||
self.ctx.auth_token_info = {'access': {}}
|
||||
self.ctx.auth_token_info = {'access': {'token': {'id': 'placeholder'}}}
|
||||
|
||||
solum_ks_client = solum_keystoneclient.KeystoneClientV3(self.ctx)
|
||||
solum_ks_client.client
|
||||
self.assertIsNotNone(solum_ks_client._client)
|
||||
mock_ks.assert_called_once_with(auth_ref={'version': 'v2.0'},
|
||||
mock_ks.assert_called_once_with(auth_ref={'version': 'v2.0',
|
||||
'token': {
|
||||
'id': 'abcd1234'}},
|
||||
endpoint='http://server.test:5000/v3',
|
||||
auth_url='http://server.test:5000/v3')
|
||||
mock_ks.return_value.authenticate.assert_called_once_with()
|
||||
|
||||
def test_init_trust_token_token(self, mock_ks):
|
||||
self.ctx.tenant = None
|
||||
@@ -95,7 +96,6 @@ class KeystoneClientTest(base.BaseTestCase):
|
||||
'version': 'v3'},
|
||||
endpoint='http://server.test:5000/v3',
|
||||
auth_url='http://server.test:5000/v3')
|
||||
mock_ks.return_value.authenticate.assert_called_once_with()
|
||||
|
||||
def test_init_trust_token_none(self, mock_ks):
|
||||
self.ctx.tenant = None
|
||||
|
||||
@@ -41,6 +41,7 @@ class FakePecanRequest(mock.Mock):
|
||||
self.params = {}
|
||||
self.path = '/v1/services'
|
||||
self.headers = fakeAuthTokenHeaders
|
||||
self.environ = {}
|
||||
|
||||
def __setitem__(self, index, value):
|
||||
setattr(self, index, value)
|
||||
|
||||
Reference in New Issue
Block a user