diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2015-03-30 10:28:29 +1100 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2015-03-30 10:28:29 +1100 |
commit | ea7eab90f6d4ca36cb5c389ae10377b2ca9d7ca5 (patch) | |
tree | 6192f55628277fd90bfd6977a3fd2f711148239d | |
parent | cd8abf94cf4c50995fc70034b4560b36328e75b6 (diff) | |
download | django_openstack_auth-ea7eab90f6d4ca36cb5c389ae10377b2ca9d7ca5.tar.gz |
Make list_projects a method of auth plugin
Federation plugins and possibly others in the future need the ability to
customize how they retrieve projects from the keystone server. By making
it a method of the plugin it can be overridden by these plugins.
Change-Id: Ide2fd4edc7eb2d61fe95166ec9cbce9c2753c616
-rw-r--r-- | openstack_auth/backend.py | 18 | ||||
-rw-r--r-- | openstack_auth/plugin/base.py | 42 |
2 files changed, 45 insertions, 15 deletions
diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py index 8fb0d40..cc97c0a 100644 --- a/openstack_auth/backend.py +++ b/openstack_auth/backend.py @@ -119,21 +119,9 @@ class KeystoneBackend(object): # Check expiry for our unscoped auth ref. self.check_auth_expiry(unscoped_auth_ref) - unscoped_client = keystone_client_class(session=session, - auth=unscoped_auth) - - # We list all the user's projects - try: - if utils.get_keystone_version() >= 3: - projects = unscoped_client.projects.list( - user=unscoped_auth_ref.user_id) - else: - projects = unscoped_client.tenants.list() - except (keystone_exceptions.ClientException, - keystone_exceptions.AuthorizationFailure) as exc: - msg = _('Unable to retrieve authorized projects.') - raise exceptions.KeystoneAuthException(msg) - + projects = plugin.list_projects(session, + unscoped_auth, + unscoped_auth_ref) # Attempt to scope only to enabled projects projects = [project for project in projects if project.enabled] diff --git a/openstack_auth/plugin/base.py b/openstack_auth/plugin/base.py index 83eae09..bd0b200 100644 --- a/openstack_auth/plugin/base.py +++ b/openstack_auth/plugin/base.py @@ -12,8 +12,12 @@ import abc +from keystoneclient import exceptions as keystone_exceptions +from keystoneclient.v2_0 import client as v2_client +from keystoneclient.v3 import client as v3_client import six +from openstack_auth import exceptions from openstack_auth import utils __all__ = ['BasePlugin'] @@ -49,3 +53,41 @@ class BasePlugin(object): def keystone_version(self): """The Identity API version as specified in the settings file.""" return utils.get_keystone_version() + + def list_projects(self, session, auth_plugin, auth_ref=None): + """List the projects that are accessible to this plugin. + + Query the keystone server for all projects that this authentication + token can be rescoped to. + + This function is overrideable by plugins if they use a non-standard + mechanism to determine projects. + + :param session: A session object for communication: + :type session: keystoneclient.session.Session + :param auth_plugin: The auth plugin returned by :py:meth:`get_plugin`. + :type auth_plugin: keystoneclient.auth.BaseAuthPlugin + :param auth_ref: The current authentication data. This is optional as + future auth plugins may not have auth_ref data and all + the required information should be available via the + auth_plugin. + :type auth_ref: keystoneclient.access.AccessInfo` or None. + + :raises: exceptions.KeystoneAuthException on lookup failure. + + :returns: A list of projects. This currently accepts returning both v2 + or v3 keystoneclient projects objects. + """ + try: + if self.keystone_version >= 3: + client = v3_client.Client(session=session, auth=auth_plugin) + return client.projects.list(user=auth_ref.user_id) + + else: + client = v2_client.Client(session=session, auth=auth_plugin) + return client.tenants.list() + + except (keystone_exceptions.ClientException, + keystone_exceptions.AuthorizationFailure): + msg = _('Unable to retrieve authorized projects.') + raise exceptions.KeystoneAuthException(msg) |