diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2015-02-19 17:03:07 +1100 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2015-02-26 10:01:15 +1100 |
commit | d69d74f38f004b68be1b706c6a1dea582378b683 (patch) | |
tree | 3d4d843cde24159e400c07fc52d80ac45d9833f4 | |
parent | 1272e7ca045657cd9526e63b8a30fd577a6e6d34 (diff) | |
download | keystonemiddleware-d69d74f38f004b68be1b706c6a1dea582378b683.tar.gz |
Move UserAuthPlugin into its own file
Move the UserAuthPlugin and helper classes into their own file.
Change-Id: Idd782aa9940fedd1d294b167769496937ab6749b
Implements: bp refactor-extract-module
-rw-r--r-- | keystonemiddleware/auth_token/__init__.py | 162 | ||||
-rw-r--r-- | keystonemiddleware/auth_token/_user_plugin.py | 169 |
2 files changed, 172 insertions, 159 deletions
diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py index 09445f7..3a74739 100644 --- a/keystonemiddleware/auth_token/__init__.py +++ b/keystonemiddleware/auth_token/__init__.py @@ -177,7 +177,6 @@ import logging from keystoneclient import access from keystoneclient import adapter from keystoneclient import auth -from keystoneclient.auth.identity import base as base_identity from keystoneclient.common import cms from keystoneclient import discover from keystoneclient import exceptions @@ -194,6 +193,7 @@ from keystonemiddleware.auth_token import _exceptions as exc from keystonemiddleware.auth_token import _identity from keystonemiddleware.auth_token import _revocations from keystonemiddleware.auth_token import _signing_dir +from keystonemiddleware.auth_token import _user_plugin from keystonemiddleware.auth_token import _utils from keystonemiddleware.i18n import _, _LC, _LE, _LI, _LW @@ -477,162 +477,6 @@ def _conf_values_type_convert(conf): return opts -class _TokenData(object): - """An abstraction to show auth_token consumers some of the token contents. - - This is a simplified and cleaned up keystoneclient.access.AccessInfo object - with which services relying on auth_token middleware can find details of - the current token. - """ - - def __init__(self, auth_ref): - self._stored_auth_ref = auth_ref - - @property - def _is_v2(self): - return self._stored_auth_ref.version == 'v2.0' - - @property - def auth_token(self): - """The token data used to authenticate requests. - - :returns: token data. - :rtype: str - """ - return self._stored_auth_ref.auth_token - - @property - def user_id(self): - """The user id associated with the authentication request. - - :rtype: str - """ - return self._stored_auth_ref.user_id - - @property - def user_domain_id(self): - """Returns the domain id of the user associated with the authentication - request. - - :returns: str - """ - # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id - # because it can't know that value. We want to return None instead. - if self._is_v2: - return None - - return self._stored_auth_ref.user_domain_id - - @property - def project_id(self): - """The project ID associated with the authentication. - - :rtype: str - """ - return self._stored_auth_ref.project_id - - @property - def project_domain_id(self): - """The domain id of the project associated with the authentication - request. - - :rtype: str - """ - # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id - # because it can't know that value. We want to return None instead. - if self._is_v2: - return None - - return self._stored_auth_ref.project_domain_id - - @property - def trust_id(self): - """Returns the trust id associated with the authentication request.. - - :rtype: str - """ - return self._stored_auth_ref.trust_id - - @property - def role_ids(self): - """Role ids of the user associated with the authentication request. - - :rtype: set(str) - """ - return frozenset(self._stored_auth_ref.role_ids or []) - - @property - def role_names(self): - """Role names of the user associated with the authentication request. - - :rtype: set(str) - """ - return frozenset(self._stored_auth_ref.role_names or []) - - -class _UserAuthPlugin(base_identity.BaseIdentityPlugin): - """The incoming authentication credentials. - - A plugin that represents the incoming user credentials. This can be - consumed by applications. - - This object is not expected to be constructed directly by users. It is - created and passed by auth_token middleware and then can be used as the - authentication plugin when communicating via a session. - """ - - def __init__(self, user_auth_ref, serv_auth_ref): - super(_UserAuthPlugin, self).__init__(reauthenticate=False) - self._user_auth_ref = user_auth_ref - self._serv_auth_ref = serv_auth_ref - self._user_data = None - self._serv_data = None - - @property - def has_user_token(self): - """Did this authentication request contained a user auth token.""" - return self._user_auth_ref is not None - - @property - def user(self): - """Authentication information about the user token. - - Will return None if a user token was not passed with this request. - """ - if not self.has_user_token: - return None - - if not self._user_data: - self._user_data = _TokenData(self._user_auth_ref) - - return self._user_data - - @property - def has_service_token(self): - """Did this authentication request contained a service token.""" - return self._serv_auth_ref is not None - - @property - def service(self): - """Authentication information about the service token. - - Will return None if a user token was not passed with this request. - """ - if not self.has_service_token: - return None - - if not self._serv_data: - self._serv_data = _TokenData(self._serv_auth_ref) - - return self._serv_data - - def get_auth_ref(self, session, **kwargs): - # NOTE(jamielennox): We will always use the auth_ref that was - # calculated by the middleware. reauthenticate=False in __init__ should - # ensure that this function is only called on the first access. - return self._user_auth_ref - - class AuthProtocol(object): """Middleware that handles authenticating client calls.""" @@ -768,8 +612,8 @@ class AuthProtocol(object): _LI('Invalid service token - rejecting request')) return self._reject_request(env, start_response) - env['keystone.token_auth'] = _UserAuthPlugin(user_auth_ref, - serv_auth_ref) + env['keystone.token_auth'] = _user_plugin.UserAuthPlugin( + user_auth_ref, serv_auth_ref) except exc.ServiceError as e: self._LOG.critical(_LC('Unable to obtain admin token: %s'), e) diff --git a/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware/auth_token/_user_plugin.py new file mode 100644 index 0000000..12a8767 --- /dev/null +++ b/keystonemiddleware/auth_token/_user_plugin.py @@ -0,0 +1,169 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystoneclient.auth.identity import base as base_identity + + +class _TokenData(object): + """An abstraction to show auth_token consumers some of the token contents. + + This is a simplified and cleaned up keystoneclient.access.AccessInfo object + with which services relying on auth_token middleware can find details of + the current token. + """ + + def __init__(self, auth_ref): + self._stored_auth_ref = auth_ref + + @property + def _is_v2(self): + return self._stored_auth_ref.version == 'v2.0' + + @property + def auth_token(self): + """The token data used to authenticate requests. + + :returns: token data. + :rtype: str + """ + return self._stored_auth_ref.auth_token + + @property + def user_id(self): + """The user id associated with the authentication request. + + :rtype: str + """ + return self._stored_auth_ref.user_id + + @property + def user_domain_id(self): + """Returns the domain id of the user associated with the authentication + request. + + :returns: str + """ + # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id + # because it can't know that value. We want to return None instead. + if self._is_v2: + return None + + return self._stored_auth_ref.user_domain_id + + @property + def project_id(self): + """The project ID associated with the authentication. + + :rtype: str + """ + return self._stored_auth_ref.project_id + + @property + def project_domain_id(self): + """The domain id of the project associated with the authentication + request. + + :rtype: str + """ + # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id + # because it can't know that value. We want to return None instead. + if self._is_v2: + return None + + return self._stored_auth_ref.project_domain_id + + @property + def trust_id(self): + """Returns the trust id associated with the authentication request.. + + :rtype: str + """ + return self._stored_auth_ref.trust_id + + @property + def role_ids(self): + """Role ids of the user associated with the authentication request. + + :rtype: set(str) + """ + return frozenset(self._stored_auth_ref.role_ids or []) + + @property + def role_names(self): + """Role names of the user associated with the authentication request. + + :rtype: set(str) + """ + return frozenset(self._stored_auth_ref.role_names or []) + + +class UserAuthPlugin(base_identity.BaseIdentityPlugin): + """The incoming authentication credentials. + + A plugin that represents the incoming user credentials. This can be + consumed by applications. + + This object is not expected to be constructed directly by users. It is + created and passed by auth_token middleware and then can be used as the + authentication plugin when communicating via a session. + """ + + def __init__(self, user_auth_ref, serv_auth_ref): + super(UserAuthPlugin, self).__init__(reauthenticate=False) + self._user_auth_ref = user_auth_ref + self._serv_auth_ref = serv_auth_ref + self._user_data = None + self._serv_data = None + + @property + def has_user_token(self): + """Did this authentication request contained a user auth token.""" + return self._user_auth_ref is not None + + @property + def user(self): + """Authentication information about the user token. + + Will return None if a user token was not passed with this request. + """ + if not self.has_user_token: + return None + + if not self._user_data: + self._user_data = _TokenData(self._user_auth_ref) + + return self._user_data + + @property + def has_service_token(self): + """Did this authentication request contained a service token.""" + return self._serv_auth_ref is not None + + @property + def service(self): + """Authentication information about the service token. + + Will return None if a user token was not passed with this request. + """ + if not self.has_service_token: + return None + + if not self._serv_data: + self._serv_data = _TokenData(self._serv_auth_ref) + + return self._serv_data + + def get_auth_ref(self, session, **kwargs): + # NOTE(jamielennox): We will always use the auth_ref that was + # calculated by the middleware. reauthenticate=False in __init__ should + # ensure that this function is only called on the first access. + return self._user_auth_ref |