diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-03-31 17:16:57 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-03-31 17:16:57 +0000 |
commit | 4e8b06452216fe9e74d589f063290754546ef8b9 (patch) | |
tree | bbf7ea79f8dd1f21222ad4969ababc1c25dda49b | |
parent | 272c11064890cd0ba4258300ac1acc1c6467b80d (diff) | |
parent | ea7eab90f6d4ca36cb5c389ae10377b2ca9d7ca5 (diff) | |
download | django_openstack_auth-4e8b06452216fe9e74d589f063290754546ef8b9.tar.gz |
Merge "Make list_projects a method of auth plugin"
-rw-r--r-- | openstack_auth/backend.py | 18 | ||||
-rw-r--r-- | openstack_auth/plugin/base.py | 42 |
2 files changed, 45 insertions, 15 deletions
diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py index 03db3d9..f2d08fa 100644 --- a/openstack_auth/backend.py +++ b/openstack_auth/backend.py @@ -120,21 +120,9 @@ class KeystoneBackend(object): # Check expiry for our unscoped auth ref. self.check_auth_expiry(unscoped_auth_ref) - unscoped_client = keystone_client_class(session=session, - auth=unscoped_auth) - - # We list all the user's projects - try: - if utils.get_keystone_version() >= 3: - projects = unscoped_client.projects.list( - user=unscoped_auth_ref.user_id) - else: - projects = unscoped_client.tenants.list() - except (keystone_exceptions.ClientException, - keystone_exceptions.AuthorizationFailure) as exc: - msg = _('Unable to retrieve authorized projects.') - raise exceptions.KeystoneAuthException(msg) - + projects = plugin.list_projects(session, + unscoped_auth, + unscoped_auth_ref) # Attempt to scope only to enabled projects projects = [project for project in projects if project.enabled] diff --git a/openstack_auth/plugin/base.py b/openstack_auth/plugin/base.py index 83eae09..bd0b200 100644 --- a/openstack_auth/plugin/base.py +++ b/openstack_auth/plugin/base.py @@ -12,8 +12,12 @@ import abc +from keystoneclient import exceptions as keystone_exceptions +from keystoneclient.v2_0 import client as v2_client +from keystoneclient.v3 import client as v3_client import six +from openstack_auth import exceptions from openstack_auth import utils __all__ = ['BasePlugin'] @@ -49,3 +53,41 @@ class BasePlugin(object): def keystone_version(self): """The Identity API version as specified in the settings file.""" return utils.get_keystone_version() + + def list_projects(self, session, auth_plugin, auth_ref=None): + """List the projects that are accessible to this plugin. + + Query the keystone server for all projects that this authentication + token can be rescoped to. + + This function is overrideable by plugins if they use a non-standard + mechanism to determine projects. + + :param session: A session object for communication: + :type session: keystoneclient.session.Session + :param auth_plugin: The auth plugin returned by :py:meth:`get_plugin`. + :type auth_plugin: keystoneclient.auth.BaseAuthPlugin + :param auth_ref: The current authentication data. This is optional as + future auth plugins may not have auth_ref data and all + the required information should be available via the + auth_plugin. + :type auth_ref: keystoneclient.access.AccessInfo` or None. + + :raises: exceptions.KeystoneAuthException on lookup failure. + + :returns: A list of projects. This currently accepts returning both v2 + or v3 keystoneclient projects objects. + """ + try: + if self.keystone_version >= 3: + client = v3_client.Client(session=session, auth=auth_plugin) + return client.projects.list(user=auth_ref.user_id) + + else: + client = v2_client.Client(session=session, auth=auth_plugin) + return client.tenants.list() + + except (keystone_exceptions.ClientException, + keystone_exceptions.AuthorizationFailure): + msg = _('Unable to retrieve authorized projects.') + raise exceptions.KeystoneAuthException(msg) |