diff options
| author | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-01 13:11:47 -0500 |
|---|---|---|
| committer | Yogeshwar Srikrishnan <yoga80@yahoo.com> | 2011-06-01 13:11:47 -0500 |
| commit | 908ededed96b54760188a010e6bd44b7325cf68c (patch) | |
| tree | 42a8350004c576d54cd2b32d85226877233b03cf | |
| parent | 1294a7470771074e97a0d1ce68c79a8795501ed6 (diff) | |
Changes to also return role references as a part of user when get token call is made for a specific tenant.
| -rw-r--r-- | keystone/db/sqlalchemy/api.py | 5 | ||||
| -rw-r--r-- | keystone/logic/service.py | 8 | ||||
| -rw-r--r-- | keystone/logic/types/auth.py | 10 | ||||
| -rw-r--r-- | keystone/logic/types/role.py | 12 | ||||
| -rw-r--r-- | test/unit/test_common.py | 8 | ||||
| -rw-r--r-- | test/unit/test_token.py | 48 |
6 files changed, 83 insertions, 8 deletions
diff --git a/keystone/db/sqlalchemy/api.py b/keystone/db/sqlalchemy/api.py index 6676c101..cdd3e948 100644 --- a/keystone/db/sqlalchemy/api.py +++ b/keystone/db/sqlalchemy/api.py @@ -129,6 +129,11 @@ def role_ref_get_all_global_roles(user_id,session=None): if not session: session = get_session() return session.query(models.UserRoleAssociation).filter_by(user_id=user_id).filter("tenant_id is null").all() + +def role_ref_get_all_tenant_roles(user_id, tenant_id, session=None): + if not session: + session = get_session() + return session.query(models.UserRoleAssociation).filter_by(user_id=user_id).filter_by(tenant_id = tenant_id).all() def role_ref_get(id, session=None): if not session: diff --git a/keystone/logic/service.py b/keystone/logic/service.py index d503257c..86d66449 100644 --- a/keystone/logic/service.py +++ b/keystone/logic/service.py @@ -838,7 +838,13 @@ class IdentityService(object): gs.append(auth.Group(dgroup.id)) user = auth.User(duser.id, dtoken.tenant_id, gs) """ - user = auth.User(duser.id, duser.tenant_id, None) + ts=[] + if dtoken.tenant_id: + droleRefs = db_api.role_ref_get_all_tenant_roles(duser.id, dtoken.tenant_id) + for droleRef in droleRefs: + ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, + droleRef.tenant_id)) + user = auth.User(duser.id, duser.tenant_id, None, roles.RoleRefs(ts, [])) return auth.AuthData(token, user) def __validate_token(self, token_id, admin=True): diff --git a/keystone/logic/types/auth.py b/keystone/logic/types/auth.py index 63dde05c..187f5cd6 100644 --- a/keystone/logic/types/auth.py +++ b/keystone/logic/types/auth.py @@ -19,7 +19,7 @@ import json from lxml import etree import keystone.logic.types.fault as fault - +import keystone.logic.types.role as roles class PasswordCredentials(object): """Credentials based on username, password, and (optional) tenant_id. @@ -109,10 +109,11 @@ class Groups(object): class User(object): "A user." - def __init__(self, username, tenant_id, groups): + def __init__(self, username, tenant_id, groups , role_refs = None): self.username = username self.tenant_id = tenant_id self.groups = groups + self.role_refs = role_refs class AuthData(object): @@ -141,6 +142,8 @@ class AuthData(object): groups.append(g) user.append(groups) """ + if self.user.role_refs != None: + user.append(self.user.role_refs.to_dom()) dom.append(token) dom.append(user) return etree.tostring(dom) @@ -154,6 +157,9 @@ class AuthData(object): user = {} user["username"] = self.user.username user["tenantId"] = self.user.tenant_id + if self.user.role_refs != None: + user["roleRefs"] = self.user.role_refs.to_json_values() + """group = [] for g in self.user.groups.values: grp = {} diff --git a/keystone/logic/types/role.py b/keystone/logic/types/role.py index a88b9faf..2774ad36 100644 --- a/keystone/logic/types/role.py +++ b/keystone/logic/types/role.py @@ -189,6 +189,10 @@ class RoleRefs(object): self.links = links def to_xml(self): + dom = self.to_dom() + return etree.tostring(dom) + + def to_dom(self): dom = etree.Element("roleRefs") dom.set(u"xmlns", "http://docs.openstack.org/identity/api/v2.0") @@ -198,10 +202,14 @@ class RoleRefs(object): for t in self.links: dom.append(t.to_dom()) - return etree.tostring(dom) + return dom + def to_json(self): values = [t.to_dict()["roleRef"] for t in self.values] links = [t.to_dict()["links"] for t in self.links] return json.dumps({"roleRefs": {"values": values, "links": links}}) -
\ No newline at end of file + + def to_json_values(self): + values = [t.to_dict()["roleRef"] for t in self.values] + return values
\ No newline at end of file diff --git a/test/unit/test_common.py b/test/unit/test_common.py index 11d6a33d..e77f7fc8 100644 --- a/test/unit/test_common.py +++ b/test/unit/test_common.py @@ -739,6 +739,14 @@ def create_role_ref_xml(user_id, role_id, tenant_id, auth_token): "X-Auth-Token": auth_token, "ACCEPT": "application/xml"}) return (resp, content) + +def delete_role_ref(user, role_ref_id, auth_token): + header = httplib2.Http(".cache") + url = '%susers/%s/roleRefs/%s' % (URL, user, role_ref_id) + resp, content = header.request(url, "DELETE", body='', + headers={"Content-Type": "application/json", + "X-Auth-Token": str(auth_token)}) + return (resp, content) def create_role_xml(role_id, auth_token): header = httplib2.Http(".cache") diff --git a/test/unit/test_token.py b/test/unit/test_token.py index bfef2be3..0754f777 100644 --- a/test/unit/test_token.py +++ b/test/unit/test_token.py @@ -21,14 +21,16 @@ import sys sys.path.append(os.path.abspath(os.path.join(os.path.abspath(__file__), '..', '..', '..', '..', 'keystone'))) import unittest - import test_common as utils - +import json +import keystone.logic.types.fault as fault +from lxml import etree class ValidateToken(unittest.TestCase): def setUp(self): self.tenant = utils.get_tenant() + self.user = 'joeuser' self.token = utils.get_token('joeuser', 'secrete', self.tenant, 'token') #self.user = utils.get_user() @@ -36,8 +38,19 @@ class ValidateToken(unittest.TestCase): self.auth_token = utils.get_auth_token() self.exp_auth_token = utils.get_exp_auth_token() #self.disabled_token = utils.get_disabled_token() + resp, content = utils.create_role_ref(self.user, 'Admin', self.tenant, str(self.auth_token)) + obj = json.loads(content) + if not "roleRef" in obj: + raise fault.BadRequestFault("Expecting RoleRef") + roleRef = obj["roleRef"] + if not "id" in roleRef: + self.role_ref_id = None + else: + self.role_ref_id = roleRef["id"] + def tearDown(self): + resp, content = utils.delete_role_ref(self.user, self.role_ref_id, self.auth_token) utils.delete_token(self.token, self.auth_token) def test_validate_token_true(self): @@ -53,6 +66,14 @@ class ValidateToken(unittest.TestCase): self.fail('Service Not Available') self.assertEqual(200, int(resp['status'])) self.assertEqual('application/json', utils.content_type(resp)) + #verify content + obj = json.loads(content) + if not "auth" in obj: + raise self.fail("Expecting Auth") + role_refs = obj["auth"]["user"]["roleRefs"] + role_ref = role_refs[0] + role_ref_id = role_ref["id"] + self.assertEqual(self.role_ref_id, role_ref_id) def test_validate_token_true_xml(self): header = httplib2.Http(".cache") @@ -67,7 +88,28 @@ class ValidateToken(unittest.TestCase): self.fail('Service Not Available') self.assertEqual(200, int(resp['status'])) self.assertEqual('application/xml', utils.content_type(resp)) - + #verify content + dom = etree.Element("root") + dom.append(etree.fromstring(content)) + auth = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "auth") + if auth == None: + self.fail("Expecting Auth") + + user = auth.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "user") + if user == None: + self.fail("Expecting User") + roleRefs = user.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "roleRefs") + if roleRefs == None: + self.fail("Expecting Role Refs") + roleRef = roleRefs.find("{http://docs.openstack.org/identity/api/v2.0}" \ + "roleRef") + if roleRef == None: + self.fail("Expecting Role Refs") + self.assertEqual(str(self.role_ref_id), roleRef.get("id")) + def test_validate_token_expired(self): header = httplib2.Http(".cache") url = '%stokens/%s?belongsTo=%s' % (utils.URL, self.exp_auth_token, |