Commit 5d936763380b9d97df409de2d33b3e9b98d61a94 - python-castellan

Reuse existing token from RequestContext When castellan trying to recreate trust-scoped token from RequestContext keystone throw exception because it's not allowed. Starting from this commit castellan trying to reuse existing token constructed from RequestContext if get_auth_plugin() is available. Change-Id: I10a12b9a2a7f796eca37dd20a280d3a4015a6903 Closes-Bug: #1827047 Depends-On: https://review.opendev.org/#/c/664558/ Vladislav Kuzmin 4 years ago

2 changed file(s) with 68 addition(s) and 8 deletion(s). Raw diff Collapse all Expand all

+20

-8

castellan/key_manager/barbican_key_manager.py less more

174	174	# this will be kept for oslo.context compatibility until
175	175	# projects begin to use utils.credential_factory
176	176	elif context.__class__.__name__ is 'RequestContext':
177		return identity.Token(
178		auth_url=self.conf.barbican.auth_endpoint,
179		token=context.auth_token,
180		project_id=context.project_id,
181		project_name=context.project_name,
182		project_domain_id=context.project_domain_id,
183		project_domain_name=context.project_domain_name)
	177	if getattr(context, 'get_auth_plugin', None):
	178	return context.get_auth_plugin()
	179	else:
	180	return identity.Token(
	181	auth_url=self.conf.barbican.auth_endpoint,
	182	token=context.auth_token,
	183	project_id=context.project_id,
	184	project_name=context.project_name,
	185	project_domain_id=context.project_domain_id,
	186	project_domain_name=context.project_domain_name)
184	187	else:
185	188	msg = _("context must be of type KeystonePassword, "
186	189	"KeystoneToken, or RequestContext.")

191	194	barbican = self.conf.barbican
192	195	if barbican.barbican_endpoint:
193	196	return barbican.barbican_endpoint
	197	elif getattr(auth, 'service_catalog', None):
	198	endpoint_data = auth.service_catalog.endpoint_data_for(
	199	service_type='key-manager')
	200	return endpoint_data.url
194	201	else:
195	202	service_parameters = {'service_type': 'key-manager',
196	203	'service_name': 'barbican',

198	205	return auth.get_endpoint(sess, **service_parameters)
199	206
200	207	def _create_base_url(self, auth, sess, endpoint):
	208	api_version = None
201	209	if self.conf.barbican.barbican_api_version:
202	210	api_version = self.conf.barbican.barbican_api_version
203		else:
	211	elif getattr(auth, 'service_catalog', None):
	212	endpoint_data = auth.service_catalog.endpoint_data_for(
	213	service_type='key-manager')
	214	api_version = endpoint_data.api_version
	215	elif getattr(auth, 'get_discovery', None):
204	216	discovery = auth.get_discovery(sess, url=endpoint)
205	217	raw_data = discovery.raw_version_data()
206	218	if len(raw_data) == 0:

+48

-0

castellan/tests/unit/key_manager/test_barbican_key_manager.py less more

93	93	endpoint)
94	94	self.assertEqual(endpoint + "/" + version, base_url)
95	95
	96	def test_base_url_service_catalog(self):
	97	endpoint_data = mock.Mock()
	98	endpoint_data.api_version = 'v321'
	99
	100	auth = mock.Mock(spec=['service_catalog'])
	101	auth.service_catalog.endpoint_data_for.return_value = endpoint_data
	102
	103	endpoint = "http://localhost/key_manager"
	104
	105	base_url = self.key_mgr._create_base_url(auth,
	106	mock.Mock(),
	107	endpoint)
	108	self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
	109	auth.service_catalog.endpoint_data_for.assert_called_once_with(
	110	service_type='key-manager')
	111
	112	def test_base_url_raise_exception(self):
	113	auth = mock.Mock(spec=['get_discovery'])
	114	sess = mock.Mock()
	115	discovery = mock.Mock()
	116	discovery.raw_version_data = mock.Mock(return_value=[])
	117	auth.get_discovery = mock.Mock(return_value=discovery)
	118
	119	endpoint = "http://localhost/key_manager"
	120
	121	self.assertRaises(exception.KeyManagerError,
	122	self.key_mgr._create_base_url,
	123	auth, sess, endpoint)
	124	auth.get_discovery.asser_called_once_with(sess, url=endpoint)
	125	self.assertEqual(1, discovery.raw_version_data.call_count)
	126
	127	def test_base_url_get_discovery(self):
	128	version = 'v100500'
	129	auth = mock.Mock(spec=['get_discovery'])
	130	sess = mock.Mock()
	131	discovery = mock.Mock()
	132	auth.get_discovery = mock.Mock(return_value=discovery)
	133	discovery.raw_version_data = mock.Mock(return_value=[{'id': version}])
	134
	135	endpoint = "http://localhost/key_manager"
	136
	137	base_url = self.key_mgr._create_base_url(auth,
	138	mock.Mock(),
	139	endpoint)
	140	self.assertEqual(endpoint + "/" + version, base_url)
	141	auth.get_discovery.asser_called_once_with(sess, url=endpoint)
	142	self.assertEqual(1, discovery.raw_version_data.call_count)
	143
96	144	def test_create_key(self):
97	145	# Create order_ref_url and assign return value
98	146	order_ref_url = ("http://localhost:9311/v1/orders/"