diff options
author | Guang Yee <guang.yee@hp.com> | 2013-02-25 12:46:16 -0800 |
---|---|---|
committer | Guang Yee <guang.yee@hp.com> | 2013-02-26 09:22:09 -0800 |
commit | 250e6716bd91f9cc3412c92e5341557e59837e1e (patch) | |
tree | 45aaadc5f93c9852b8de78a782e074d02c4e9da1 /keystone/auth | |
parent | f3d2a462209a9f2dd3faa1c5ca271f304eaa16d5 (diff) | |
download | keystone-250e6716bd91f9cc3412c92e5341557e59837e1e.tar.gz keystone-250e6716bd91f9cc3412c92e5341557e59837e1e.tar.xz keystone-250e6716bd91f9cc3412c92e5341557e59837e1e.zip |
bug 1131840: fix auth and token data for XML translation
Change-Id: I4408b3e6e0752ca75bc36399f5148890820e9a89
Diffstat (limited to 'keystone/auth')
-rw-r--r-- | keystone/auth/controllers.py | 26 | ||||
-rw-r--r-- | keystone/auth/core.py | 28 | ||||
-rw-r--r-- | keystone/auth/methods/token.py | 14 | ||||
-rw-r--r-- | keystone/auth/token_factory.py | 14 |
4 files changed, 42 insertions, 40 deletions
diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py index d2eaa234..3760aa3a 100644 --- a/keystone/auth/controllers.py +++ b/keystone/auth/controllers.py @@ -187,15 +187,15 @@ class AuthInfo(object): def _validate_auth_methods(self): # make sure auth methods are provided - if 'methods' not in self.auth['authentication']: + if 'methods' not in self.auth['identity']: raise exception.ValidationError(attribute='methods', - target='authentication') + target='identity') # make sure all the method data/payload are provided for method_name in self.get_method_names(): - if method_name not in self.auth['authentication']: + if method_name not in self.auth['identity']: raise exception.ValidationError(attribute=method_name, - target='authentication') + target='identity') # make sure auth method is supported for method_name in self.get_method_names(): @@ -213,12 +213,12 @@ class AuthInfo(object): self._validate_and_normalize_scope_data() def get_method_names(self): - """ Returns the authentication method names. + """ Returns the identity method names. :returns: list of auth method names """ - return self.auth['authentication']['methods'] + return self.auth['identity']['methods'] def get_method_data(self, method): """ Get the auth method payload. @@ -226,10 +226,10 @@ class AuthInfo(object): :returns: auth method payload """ - if method not in self.auth['authentication']['methods']: + if method not in self.auth['identity']['methods']: raise exception.ValidationError(attribute=method_name, - target='authentication') - return self.auth['authentication'][method] + target='identity') + return self.auth['identity'][method] def get_scope(self): """ Get scope information. @@ -257,13 +257,9 @@ class Auth(controller.V3Controller): super(Auth, self).__init__(*args, **kw) self.token_controllers_ref = token.controllers.Auth() - def authenticate_for_token(self, context, authentication, scope=None): + def authenticate_for_token(self, context, auth=None): """ Authenticate user and issue a token. """ try: - auth = None - auth = {'authentication': authentication} - if scope: - auth['scope'] = scope auth_info = AuthInfo(context, auth=auth) auth_context = {'extras': {}, 'method_names': []} self.authenticate(context, auth_info, auth_context) @@ -306,7 +302,7 @@ class Auth(controller.V3Controller): # requiring domain_id to do user lookup now. Try to get # the user_id from auth_info for now, assuming external auth # has check to make sure user is the same as the one specify - # in "authentication". + # in "identity". if 'password' in auth_info.get_method_names(): user_info = auth_info.get_method_data('password') user_ref = auth_info.lookup_user(user_info['user']) diff --git a/keystone/auth/core.py b/keystone/auth/core.py index 40f7d040..da70c43c 100644 --- a/keystone/auth/core.py +++ b/keystone/auth/core.py @@ -49,21 +49,23 @@ class AuthMethodHandler(object): "extras": {}} Plugins are invoked in the order in which they are specified in the - "methods" attribute of the "authentication" request body. + "methods" attribute of the "identity" object. For example, with the following authentication request, - {"authentication": { - "methods": ["custom-plugin", "password", "token"], - "token": { - "id": "sdfafasdfsfasfasdfds" - }, - "custom-plugin": { - "custom-data": "sdfdfsfsfsdfsf" - }, - "password": { - "user": { - "id": "s23sfad1", - "password": "secrete" + {"auth": { + "identity": { + "methods": ["custom-plugin", "password", "token"], + "token": { + "id": "sdfafasdfsfasfasdfds" + }, + "custom-plugin": { + "custom-data": "sdfdfsfsfsdfsf" + }, + "password": { + "user": { + "id": "s23sfad1", + "password": "secrete" + } } } }} diff --git a/keystone/auth/methods/token.py b/keystone/auth/methods/token.py index 72006130..05c5385d 100644 --- a/keystone/auth/methods/token.py +++ b/keystone/auth/methods/token.py @@ -38,12 +38,14 @@ class Token(auth.AuthMethodHandler): target=METHOD_NAME) token_id = auth_payload['id'] token_ref = self.token_api.get_token(context, token_id) - user_context.setdefault('user_id', - token_ref['token_data']['user']['id']) - user_context.setdefault('expires', - token_ref['expires']) - user_context['extras'].update(token_ref['token_data']['extras']) - user_context['method_names'] += token_ref['token_data']['methods'] + user_context.setdefault( + 'user_id', token_ref['token_data']['token']['user']['id']) + user_context.setdefault( + 'expires', token_ref['token_data']['token']['expires']) + user_context['extras'].update( + token_ref['token_data']['token']['extras']) + user_context['method_names'].extend( + token_ref['token_data']['token']['methods']) except AssertionError as e: LOG.error(e) raise exception.Unauthorized(e) diff --git a/keystone/auth/token_factory.py b/keystone/auth/token_factory.py index 03d4ed74..4b1bf637 100644 --- a/keystone/auth/token_factory.py +++ b/keystone/auth/token_factory.py @@ -144,7 +144,7 @@ class TokenDataHelper(object): self._populate_service_catalog(token_data, user_id, domain_id, project_id) self._populate_token(token_data, expires) - return token_data + return {'token': token_data} def recreate_token_data(context, token_data=None, expires=None, @@ -161,6 +161,8 @@ def recreate_token_data(context, token_data=None, expires=None, methods = ['password', 'token'] extras = {} if token_data: + # peel the outer layer so its easier to operate + token_data = token_data['token'] domain_id = (token_data['domain']['id'] if 'domain' in token_data else None) project_id = (token_data['project']['id'] if 'project' in token_data @@ -207,20 +209,20 @@ def create_token(context, auth_context, auth_info): CONF.signing.token_format) token_api = token_module.Manager() try: - expiry = token_data['expires'] + expiry = token_data['token']['expires'] if isinstance(expiry, basestring): expiry = timeutils.parse_isotime(expiry) role_ids = [] - if 'project' in token_data: + if 'project' in token_data['token']: # project-scoped token, fill in the v2 token data # all we care are the role IDs - role_ids = [role['id'] for role in token_data['roles']] + role_ids = [role['id'] for role in token_data['token']['roles']] metadata_ref = {'roles': role_ids} data = dict(key=token_id, id=token_id, expires=expiry, - user=token_data['user'], - tenant=token_data.get('project'), + user=token_data['token']['user'], + tenant=token_data['token'].get('project'), metadata=metadata_ref, token_data=token_data) token_api.create_token(context, token_id, data) |