diff options
author | Steven Hardy <shardy@redhat.com> | 2013-12-20 17:35:29 +0000 |
---|---|---|
committer | Steven Hardy <shardy@redhat.com> | 2014-01-16 21:40:15 +0000 |
commit | a8b65f7c1ef23487d733b94248d5998c55b768ee (patch) | |
tree | 2dc6b840e737196cb4b7b1cef706c03afc41e56d | |
parent | e54a6a353c63edd389400e6f8181d165f8fe29ea (diff) | |
download | keystone-a8b65f7c1ef23487d733b94248d5998c55b768ee.tar.gz |
Refactor context trust_id check to wsgi.Application base class
Move the ec2 controller check for a trust_id in the token
specified in the request context, renaming it to match the
existing convention in the controller base classes.
This function can be used by both v2 and v3 controllers
hence putting it into the common Application base class.
Test coverage for this is provided via existing tests in
test_keystoneclient_sql.py
Change-Id: I6028a2cfa0e9e2e16acc99b5a0a027cd6cc42ada
Partial-Bug: #1259584
-rw-r--r-- | keystone/common/wsgi.py | 14 | ||||
-rw-r--r-- | keystone/contrib/ec2/controllers.py | 9 |
2 files changed, 15 insertions, 8 deletions
diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py index 6e2731123..f1c66919b 100644 --- a/keystone/common/wsgi.py +++ b/keystone/common/wsgi.py @@ -289,6 +289,20 @@ class Application(BaseApplication): msg = '%s field is required and cannot be empty' % attr raise exception.ValidationError(message=msg) + def _get_trust_id_for_request(self, context): + """Get the trust_id for a call. + + Retrieve the trust_id from the token + Returns None if token is is not trust scoped + """ + try: + token_ref = self.token_api.get_token(context['token_id']) + except exception.TokenNotFound: + LOG.warning(_('Invalid token in _get_trust_id_for_request')) + raise exception.Unauthorized() + + return token_ref.get('trust_id') + class Middleware(Application): """Base WSGI middleware. diff --git a/keystone/contrib/ec2/controllers.py b/keystone/contrib/ec2/controllers.py index 9ecc92618..966ac68fe 100644 --- a/keystone/contrib/ec2/controllers.py +++ b/keystone/contrib/ec2/controllers.py @@ -151,7 +151,7 @@ class Ec2Controller(controller.V2Controller): self._assert_valid_user_id(user_id) self._assert_valid_project_id(tenant_id) - trust_id = self._context_trust_id(context) + trust_id = self._get_trust_id_for_request(context) blob = {'access': uuid.uuid4().hex, 'secret': uuid.uuid4().hex, 'trust_id': trust_id} @@ -252,13 +252,6 @@ class Ec2Controller(controller.V2Controller): if token_ref['user'].get('id') != user_id: raise exception.Forbidden(_('Token belongs to another user')) - def _context_trust_id(self, context): - try: - token_ref = self.token_api.get_token(context['token_id']) - except exception.TokenNotFound as e: - raise exception.Unauthorized(e) - return token_ref.get('trust_id') - def _is_admin(self, context): """Wrap admin assertion error return statement. |