diff options
author | Jenkins <jenkins@review.openstack.org> | 2015-02-10 19:55:27 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2015-02-10 19:55:27 +0000 |
commit | fb306836b411546db385274996a8cdaf6154aaf7 (patch) | |
tree | 2f004009ec2c6285339b1e1501224fcb4a768358 | |
parent | 1f670d13d2980202cb7a5b9092bc94019ef6d113 (diff) | |
parent | 5cfdb6f17f5b3e27abfa05478f04d4e9aea0b200 (diff) | |
download | keystonemiddleware-fb306836b411546db385274996a8cdaf6154aaf7.tar.gz |
Merge "Refactor auth_uri handling"
-rw-r--r-- | keystonemiddleware/auth_token.py | 45 | ||||
-rw-r--r-- | keystonemiddleware/tests/test_auth_token_middleware.py | 2 |
2 files changed, 26 insertions, 21 deletions
diff --git a/keystonemiddleware/auth_token.py b/keystonemiddleware/auth_token.py index 6535002..03dc5dd 100644 --- a/keystonemiddleware/auth_token.py +++ b/keystonemiddleware/auth_token.py @@ -709,6 +709,18 @@ class AuthProtocol(object): self._identity_server = self._create_identity_server() + self._auth_uri = self._conf_get('auth_uri') + if not self._auth_uri: + self._LOG.warning( + _LW('Configuring auth_uri to point to the public identity ' + 'endpoint is required; clients may not be able to ' + 'authenticate against an admin endpoint')) + + # FIXME(dolph): drop support for this fallback behavior as + # documented in bug 1207517. + + self._auth_uri = self._identity_server.auth_uri + # signing self._signing_dirname = self._conf_get('signing_dir') if self._signing_dirname is None: @@ -889,7 +901,7 @@ class AuthProtocol(object): @property def _reject_auth_headers(self): - header_val = 'Keystone uri=\'%s\'' % self._identity_server.auth_uri + header_val = 'Keystone uri=\'%s\'' % self._auth_uri return [('WWW-Authenticate', header_val)] def _reject_request(self, env, start_response): @@ -1362,7 +1374,6 @@ class AuthProtocol(object): self._LOG, adap, include_service_catalog=self._include_service_catalog, - auth_uri=self._conf_get('auth_uri'), requested_auth_version=auth_version) def _token_cache_factory(self): @@ -1459,33 +1470,27 @@ class _IdentityServer(object): """ - def __init__(self, log, adap, include_service_catalog=None, auth_uri=None, + def __init__(self, log, adap, include_service_catalog=None, requested_auth_version=None): self._LOG = log self._adapter = adap self._include_service_catalog = include_service_catalog self._requested_auth_version = requested_auth_version - if auth_uri is None: - self._LOG.warning( - _LW('Configuring auth_uri to point to the public identity ' - 'endpoint is required; clients may not be able to ' - 'authenticate against an admin endpoint')) - - # FIXME(dolph): drop support for this fallback behavior as - # documented in bug 1207517. - auth_uri = adap.get_endpoint(interface=auth.AUTH_INTERFACE) + # Built on-demand with self._request_strategy. + self._request_strategy_obj = None - # NOTE(jamielennox): This weird stripping of the prefix hack is - # only relevant to the legacy case. We urljoin '/' to get just the - # base URI as this is the original behaviour. - if isinstance(adap.auth, _AuthTokenPlugin): - auth_uri = urllib.parse.urljoin(auth_uri, '/').rstrip('/') + @property + def auth_uri(self): + auth_uri = self._adapter.get_endpoint(interface=auth.AUTH_INTERFACE) - self.auth_uri = auth_uri + # NOTE(jamielennox): This weird stripping of the prefix hack is + # only relevant to the legacy case. We urljoin '/' to get just the + # base URI as this is the original behaviour. + if isinstance(self._adapter.auth, _AuthTokenPlugin): + auth_uri = urllib.parse.urljoin(auth_uri, '/').rstrip('/') - # Built on-demand with self._request_strategy. - self._request_strategy_obj = None + return auth_uri @property def auth_version(self): diff --git a/keystonemiddleware/tests/test_auth_token_middleware.py b/keystonemiddleware/tests/test_auth_token_middleware.py index 67a0456..0927abe 100644 --- a/keystonemiddleware/tests/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/test_auth_token_middleware.py @@ -663,7 +663,7 @@ class CommonAuthTokenMiddlewareTest(object): self.set_middleware(conf=conf) expected_auth_uri = 'http://[2001:2013:1:f101::1]:1234' self.assertEqual(expected_auth_uri, - self.middleware._identity_server.auth_uri) + self.middleware._auth_uri) def assert_valid_request_200(self, token, with_catalog=True): req = webob.Request.blank('/') |