Merge "Refactor auth_uri handling"

author: Jenkins <jenkins@review.openstack.org> 2015-02-10 19:55:27 +0000
committer: Gerrit Code Review <review@openstack.org> 2015-02-10 19:55:27 +0000
commit: fb306836b411546db385274996a8cdaf6154aaf7 (patch)
tree: 2f004009ec2c6285339b1e1501224fcb4a768358
parent: 1f670d13d2980202cb7a5b9092bc94019ef6d113 (diff)
parent: 5cfdb6f17f5b3e27abfa05478f04d4e9aea0b200 (diff)
download: keystonemiddleware-fb306836b411546db385274996a8cdaf6154aaf7.tar.gz
2 files changed, 26 insertions, 21 deletions
diff --git a/keystonemiddleware/auth_token.py b/keystonemiddleware/auth_token.py
index 6535002..03dc5dd 100644
--- a/keystonemiddleware/auth_token.py
+++ b/keystonemiddleware/auth_token.py
@@ -709,6 +709,18 @@ class AuthProtocol(object):
 
         self._identity_server = self._create_identity_server()
 
+        self._auth_uri = self._conf_get('auth_uri')
+        if not self._auth_uri:
+            self._LOG.warning(
+                _LW('Configuring auth_uri to point to the public identity '
+                    'endpoint is required; clients may not be able to '
+                    'authenticate against an admin endpoint'))
+
+            # FIXME(dolph): drop support for this fallback behavior as
+            # documented in bug 1207517.
+
+            self._auth_uri = self._identity_server.auth_uri
+
         # signing
         self._signing_dirname = self._conf_get('signing_dir')
         if self._signing_dirname is None:
@@ -889,7 +901,7 @@ class AuthProtocol(object):
 
     @property
     def _reject_auth_headers(self):
-        header_val = 'Keystone uri=\'%s\'' % self._identity_server.auth_uri
+        header_val = 'Keystone uri=\'%s\'' % self._auth_uri
         return [('WWW-Authenticate', header_val)]
 
     def _reject_request(self, env, start_response):
@@ -1362,7 +1374,6 @@ class AuthProtocol(object):
             self._LOG,
             adap,
             include_service_catalog=self._include_service_catalog,
-            auth_uri=self._conf_get('auth_uri'),
             requested_auth_version=auth_version)
 
     def _token_cache_factory(self):
@@ -1459,33 +1470,27 @@ class _IdentityServer(object):
 
     """
 
-    def __init__(self, log, adap, include_service_catalog=None, auth_uri=None,
+    def __init__(self, log, adap, include_service_catalog=None,
                  requested_auth_version=None):
         self._LOG = log
         self._adapter = adap
         self._include_service_catalog = include_service_catalog
         self._requested_auth_version = requested_auth_version
 
-        if auth_uri is None:
-            self._LOG.warning(
-                _LW('Configuring auth_uri to point to the public identity '
-                    'endpoint is required; clients may not be able to '
-                    'authenticate against an admin endpoint'))
-
-            # FIXME(dolph): drop support for this fallback behavior as
-            # documented in bug 1207517.
-            auth_uri = adap.get_endpoint(interface=auth.AUTH_INTERFACE)
+        # Built on-demand with self._request_strategy.
+        self._request_strategy_obj = None
 
-            # NOTE(jamielennox): This weird stripping of the prefix hack is
-            # only relevant to the legacy case. We urljoin '/' to get just the
-            # base URI as this is the original behaviour.
-            if isinstance(adap.auth, _AuthTokenPlugin):
-                auth_uri = urllib.parse.urljoin(auth_uri, '/').rstrip('/')
+    @property
+    def auth_uri(self):
+        auth_uri = self._adapter.get_endpoint(interface=auth.AUTH_INTERFACE)
 
-        self.auth_uri = auth_uri
+        # NOTE(jamielennox): This weird stripping of the prefix hack is
+        # only relevant to the legacy case. We urljoin '/' to get just the
+        # base URI as this is the original behaviour.
+        if isinstance(self._adapter.auth, _AuthTokenPlugin):
+            auth_uri = urllib.parse.urljoin(auth_uri, '/').rstrip('/')
 
-        # Built on-demand with self._request_strategy.
-        self._request_strategy_obj = None
+        return auth_uri
 
     @property
     def auth_version(self):
diff --git a/keystonemiddleware/tests/test_auth_token_middleware.py b/keystonemiddleware/tests/test_auth_token_middleware.py
index 67a0456..0927abe 100644
--- a/keystonemiddleware/tests/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/test_auth_token_middleware.py
@@ -663,7 +663,7 @@ class CommonAuthTokenMiddlewareTest(object):
         self.set_middleware(conf=conf)
         expected_auth_uri = 'http://[2001:2013:1:f101::1]:1234'
         self.assertEqual(expected_auth_uri,
-                         self.middleware._identity_server.auth_uri)
+                         self.middleware._auth_uri)
 
     def assert_valid_request_200(self, token, with_catalog=True):
         req = webob.Request.blank('/')
author	Jenkins <jenkins@review.openstack.org>	2015-02-10 19:55:27 +0000
committer	Gerrit Code Review <review@openstack.org>	2015-02-10 19:55:27 +0000
commit	fb306836b411546db385274996a8cdaf6154aaf7 (patch)
tree	2f004009ec2c6285339b1e1501224fcb4a768358
parent	1f670d13d2980202cb7a5b9092bc94019ef6d113 (diff)
parent	5cfdb6f17f5b3e27abfa05478f04d4e9aea0b200 (diff)
download	keystonemiddleware-fb306836b411546db385274996a8cdaf6154aaf7.tar.gz