diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2013-03-21 11:45:03 -0500 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2013-03-21 13:44:15 -0500 |
| commit | 63b8a82b31fbfa09b539d0a56cdcc942fe2b9ebd (patch) | |
| tree | 26c163451431d2d71b250892eb681bfa05f3c8d9 | |
| parent | 4b8cab7b3753ba3de9f93175636858555d575be6 (diff) | |
| download | keystone-63b8a82b31fbfa09b539d0a56cdcc942fe2b9ebd.tar.gz keystone-63b8a82b31fbfa09b539d0a56cdcc942fe2b9ebd.tar.xz keystone-63b8a82b31fbfa09b539d0a56cdcc942fe2b9ebd.zip | |
Move trusts to extension
Change-Id: I32b32fc5df8d8483ae8e99067f0655c13c6f520b
| -rw-r--r-- | keystone/auth/controllers.py | 9 | ||||
| -rw-r--r-- | keystone/auth/token_factory.py | 2 | ||||
| -rw-r--r-- | keystone/trust/routers.py | 14 | ||||
| -rw-r--r-- | tests/test_auth.py | 4 | ||||
| -rw-r--r-- | tests/test_v3.py | 19 | ||||
| -rw-r--r-- | tests/test_v3_auth.py | 72 |
6 files changed, 61 insertions, 59 deletions
diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py index 66ff6230..1ab9de03 100644 --- a/keystone/auth/controllers.py +++ b/keystone/auth/controllers.py @@ -171,9 +171,9 @@ class AuthInfo(object): return if sum(['project' in self.auth['scope'], 'domain' in self.auth['scope'], - 'trust' in self.auth['scope']]) != 1: + 'RH-TRUST:trust' in self.auth['scope']]) != 1: raise exception.ValidationError( - attribute='project, domain, or trust', + attribute='project, domain, or RH-TRUST:trust', target='scope') if 'project' in self.auth['scope']: @@ -182,10 +182,11 @@ class AuthInfo(object): elif 'domain' in self.auth['scope']: domain_ref = self._lookup_domain(self.auth['scope']['domain']) self._scope_data = (domain_ref['id'], None, None) - elif 'trust' in self.auth['scope']: + elif 'RH-TRUST:trust' in self.auth['scope']: if not CONF.trust.enabled: raise exception.Forbidden('Trusts are disabled.') - trust_ref = self._lookup_trust(self.auth['scope']['trust']) + trust_ref = self._lookup_trust( + self.auth['scope']['RH-TRUST:trust']) #TODO ayoung when trusts support domain, Fill in domain data here if 'project_id' in trust_ref: project_ref = self._lookup_project( diff --git a/keystone/auth/token_factory.py b/keystone/auth/token_factory.py index c16d88dd..430c442a 100644 --- a/keystone/auth/token_factory.py +++ b/keystone/auth/token_factory.py @@ -114,7 +114,7 @@ class TokenDataHelper(object): raise exception.Forbidden() if trust['impersonation']: user_ref = trustor_user_ref - token_data['trust'] = ( + token_data['RH-TRUST:trust'] = ( { 'id': trust['id'], 'trustor_user': {'id': trust['trustor_user_id']}, diff --git a/keystone/trust/routers.py b/keystone/trust/routers.py index b1378628..9f9ce3e5 100644 --- a/keystone/trust/routers.py +++ b/keystone/trust/routers.py @@ -22,37 +22,37 @@ from keystone.common import router def append_v3_routers(mapper, routers): trust_controller = controllers.TrustV3() - mapper.connect('/trusts', + mapper.connect('/RH-TRUST/trusts', controller=trust_controller, action='create_trust', conditions=dict(method=['POST'])) - mapper.connect('/trusts', + mapper.connect('/RH-TRUST/trusts', controller=trust_controller, action='list_trusts', conditions=dict(method=['GET'])) - mapper.connect('/trusts/{trust_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}', controller=trust_controller, action='delete_trust', conditions=dict(method=['DELETE'])) - mapper.connect('/trusts/{trust_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}', controller=trust_controller, action='get_trust', conditions=dict(method=['GET'])) - mapper.connect('/trusts/{trust_id}/roles', + mapper.connect('/RH-TRUST/trusts/{trust_id}/roles', controller=trust_controller, action='list_roles_for_trust', conditions=dict(method=['GET'])) - mapper.connect('/trusts/{trust_id}/roles/{role_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}/roles/{role_id}', controller=trust_controller, action='check_role_for_trust', conditions=dict(method=['HEAD'])) - mapper.connect('/trusts/{trust_id}/roles/{role_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}/roles/{role_id}', controller=trust_controller, action='get_role_for_trust', conditions=dict(method=['GET'])) diff --git a/tests/test_auth.py b/tests/test_auth.py index e8c919f4..4887e012 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -633,7 +633,7 @@ class AuthWithTrust(AuthTest): "methods": ["token"], "token": {"id": token}}, "scope": { - "trust": {"id": self.new_trust['id']}}} + "RH-TRUST:trust": {"id": self.new_trust['id']}}} token_auth_response = (self.auth_v3_controller.authenticate_for_token ({}, v3_req_with_trust)) return token_auth_response @@ -644,7 +644,7 @@ class AuthWithTrust(AuthTest): trust_token_user = auth_response.json['token']['user'] self.assertEquals(trust_token_user['id'], self.trustor['id']) - trust_token_trust = auth_response.json['token']['trust'] + trust_token_trust = auth_response.json['token']['RH-TRUST:trust'] self.assertEquals(trust_token_trust['id'], self.new_trust['id']) self.assertEquals(trust_token_trust['trustor_user']['id'], self.trustor['id']) diff --git a/tests/test_v3.py b/tests/test_v3.py index f8bdd8ec..04bdb3c7 100644 --- a/tests/test_v3.py +++ b/tests/test_v3.py @@ -460,13 +460,14 @@ class RestfulTestCase(test_content_types.RestfulTestCase): def assertValidProjectTrustScopedTokenResponse(self, r, *args, **kwargs): token = self.assertValidProjectScopedTokenResponse(r, *args, **kwargs) - self.assertIsNotNone(token.get('trust')) - self.assertIsNotNone(token['trust'].get('id')) - self.assertTrue(isinstance(token['trust'].get('impersonation'), bool)) - self.assertIsNotNone(token['trust'].get('trustor_user')) - self.assertIsNotNone(token['trust'].get('trustee_user')) - self.assertIsNotNone(token['trust']['trustor_user'].get('id')) - self.assertIsNotNone(token['trust']['trustee_user'].get('id')) + trust = token.get('RH-TRUST:trust') + self.assertIsNotNone(trust) + self.assertIsNotNone(trust.get('id')) + self.assertTrue(isinstance(trust.get('impersonation'), bool)) + self.assertIsNotNone(trust.get('trustor_user')) + self.assertIsNotNone(trust.get('trustee_user')) + self.assertIsNotNone(trust['trustor_user'].get('id')) + self.assertIsNotNone(trust['trustee_user'].get('id')) def assertValidDomainScopedTokenResponse(self, r, *args, **kwargs): token = self.assertValidScopedTokenResponse(r, *args, **kwargs) @@ -815,8 +816,8 @@ class RestfulTestCase(test_content_types.RestfulTestCase): else: scope_data['domain']['name'] = domain_name if trust_id: - scope_data['trust'] = {} - scope_data['trust']['id'] = trust_id + scope_data['RH-TRUST:trust'] = {} + scope_data['RH-TRUST:trust']['id'] = trust_id return scope_data def build_password_auth(self, user_id=None, username=None, diff --git a/tests/test_v3_auth.py b/tests/test_v3_auth.py index 993e3a5e..535d3c90 100644 --- a/tests/test_v3_auth.py +++ b/tests/test_v3_auth.py @@ -1015,8 +1015,8 @@ class TestTrustOptional(test_v3.RestfulTestCase): super(TestTrustOptional, self).setUp(*args, **kwargs) def test_trusts_404(self): - self.get('/trusts', body={'trust': {}}, expected_status=404) - self.post('/trusts', body={'trust': {}}, expected_status=404) + self.get('/RH-TRUST/trusts', body={'trust': {}}, expected_status=404) + self.post('/RH-TRUST/trusts', body={'trust': {}}, expected_status=404) def test_auth_with_scope_in_trust_403(self): auth_data = self.build_authentication_request( @@ -1039,14 +1039,14 @@ class TestTrustAuth(TestAuthInfo): def test_create_trust_400(self): raise nose.exc.SkipTest('Blocked by bug 1133435') - self.post('/trusts', body={'trust': {}}, expected_status=400) + self.post('/RH-TRUST/trusts', body={'trust': {}}, expected_status=400) def test_create_unscoped_trust(self): ref = self.new_trust_ref( trustor_user_id=self.user_id, trustee_user_id=self.trustee_user_id) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) self.assertValidTrustResponse(r, ref) def test_trust_crud(self): @@ -1056,48 +1056,48 @@ class TestTrustAuth(TestAuthInfo): project_id=self.project_id, role_ids=[self.role_id]) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) r = self.get( - '/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, expected_status=200) self.assertValidTrustResponse(r, ref) # validate roles on the trust r = self.get( - '/trusts/%(trust_id)s/roles' % { + '/RH-TRUST/trusts/%(trust_id)s/roles' % { 'trust_id': trust['id']}, expected_status=200) roles = self.assertValidRoleListResponse(r, self.role) self.assertIn(self.role['id'], [x['id'] for x in roles]) self.head( - '/trusts/%(trust_id)s/roles/%(role_id)s' % { + '/RH-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { 'trust_id': trust['id'], 'role_id': self.role['id']}, expected_status=204) r = self.get( - '/trusts/%(trust_id)s/roles/%(role_id)s' % { + '/RH-TRUST/trusts/%(trust_id)s/roles/%(role_id)s' % { 'trust_id': trust['id'], 'role_id': self.role['id']}, expected_status=200) self.assertValidRoleResponse(r, self.role) - r = self.get('/trusts', expected_status=200) + r = self.get('/RH-TRUST/trusts', expected_status=200) self.assertValidTrustListResponse(r, trust) # trusts are immutable self.patch( - '/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, body={'trust': ref}, expected_status=404) self.delete( - '/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, expected_status=204) self.get( - '/trusts/%(trust_id)s' % {'trust_id': trust['id']}, + '/RH-TRUST/trusts/%(trust_id)s' % {'trust_id': trust['id']}, expected_status=404) def test_create_trust_trustee_404(self): @@ -1105,14 +1105,14 @@ class TestTrustAuth(TestAuthInfo): trustor_user_id=self.user_id, trustee_user_id=uuid.uuid4().hex) del ref['id'] - self.post('/trusts', body={'trust': ref}, expected_status=404) + self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_trust_trustor_trustee_backwards(self): ref = self.new_trust_ref( trustor_user_id=self.trustee_user_id, trustee_user_id=self.user_id) del ref['id'] - self.post('/trusts', body={'trust': ref}, expected_status=403) + self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=403) def test_create_trust_project_404(self): ref = self.new_trust_ref( @@ -1121,7 +1121,7 @@ class TestTrustAuth(TestAuthInfo): project_id=uuid.uuid4().hex, role_ids=[self.role_id]) del ref['id'] - self.post('/trusts', body={'trust': ref}, expected_status=404) + self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_trust_role_id_404(self): ref = self.new_trust_ref( @@ -1130,7 +1130,7 @@ class TestTrustAuth(TestAuthInfo): project_id=self.project_id, role_ids=[uuid.uuid4().hex]) del ref['id'] - self.post('/trusts', body={'trust': ref}, expected_status=404) + self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_trust_role_name_404(self): ref = self.new_trust_ref( @@ -1139,7 +1139,7 @@ class TestTrustAuth(TestAuthInfo): project_id=self.project_id, role_names=[uuid.uuid4().hex]) del ref['id'] - self.post('/trusts', body={'trust': ref}, expected_status=404) + self.post('/RH-TRUST/trusts', body={'trust': ref}, expected_status=404) def test_create_expired_trust(self): ref = self.new_trust_ref( @@ -1149,10 +1149,10 @@ class TestTrustAuth(TestAuthInfo): expires=dict(seconds=-1), role_ids=[self.role_id]) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) - self.get('/trusts/%(trust_id)s' % { + self.get('/RH-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=404) @@ -1172,7 +1172,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1209,7 +1209,7 @@ class TestTrustAuth(TestAuthInfo): r = self.post('/auth/tokens', body=auth_data) token = r.getheader('X-Subject-Token') - r = self.post('/trusts', body={'trust': ref}, token=token) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}, token=token) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1251,7 +1251,7 @@ class TestTrustAuth(TestAuthInfo): r = self.post('/auth/tokens', body=auth_data) token = r.getheader('X-Subject-Token') - r = self.post('/trusts', body={'trust': ref}, token=token) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}, token=token) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1292,7 +1292,7 @@ class TestTrustAuth(TestAuthInfo): r = self.post('/auth/tokens', body=auth_data) token = r.getheader('X-Subject-Token') - r = self.post('/trusts', body={'trust': ref}, token=token) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}, token=token) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1321,7 +1321,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1352,7 +1352,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1381,19 +1381,19 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) - self.delete('/trusts/%(trust_id)s' % { + self.delete('/RH-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=204) - self.get('/trusts/%(trust_id)s' % { + self.get('/RH-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=404) - self.get('/trusts/%(trust_id)s' % { + self.get('/RH-TRUST/trusts/%(trust_id)s' % { 'trust_id': trust['id']}, expected_status=404) @@ -1414,15 +1414,15 @@ class TestTrustAuth(TestAuthInfo): del ref['id'] for i in range(0, 3): - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r, ref) - r = self.get('/trusts?trustor_user_id=%s' % + r = self.get('/RH-TRUST/trusts?trustor_user_id=%s' % self.user_id, expected_status=200) trusts = r.body['trusts'] self.assertEqual(len(trusts), 3) - r = self.get('/trusts?trustee_user_id=%s' % + r = self.get('/RH-TRUST/trusts?trustee_user_id=%s' % self.user_id, expected_status=200) trusts = r.body['trusts'] self.assertEqual(len(trusts), 0) @@ -1437,7 +1437,7 @@ class TestTrustAuth(TestAuthInfo): role_ids=[self.role_id]) del ref['id'] - r = self.post('/trusts', body={'trust': ref}) + r = self.post('/RH-TRUST/trusts', body={'trust': ref}) trust = self.assertValidTrustResponse(r) auth_data = self.build_authentication_request( @@ -1449,7 +1449,7 @@ class TestTrustAuth(TestAuthInfo): self.assertValidProjectTrustScopedTokenResponse(r, self.user) trust_token = r.getheader('X-Subject-Token') - self.get('/trusts?trustor_user_id=%s' % + self.get('/RH-TRUST/trusts?trustor_user_id=%s' % self.user_id, expected_status=200, token=trust_token) @@ -1463,6 +1463,6 @@ class TestTrustAuth(TestAuthInfo): auth=auth_data, expected_status=200)) - self.get('/trusts?trustor_user_id=%s' % + self.get('/RH-TRUST/trusts?trustor_user_id=%s' % self.user_id, expected_status=401, token=trust_token) |