def _validate_and_normalize_auth_data(self, auth_payload):
if 'user' not in auth_payload:
raise exception.ValidationError(attribute='user',
target=self.METHOD_NAME)
user_info = auth_payload['user']
user_id = user_info.get('id')
user_name = user_info.get('name')
domain_ref = {}
if not user_id and not user_name:
raise exception.ValidationError(attribute='id or name',
target='user')
try:
if user_name:
if 'domain' not in user_info:
raise exception.ValidationError(attribute='domain',
target='user')
domain_ref = self._lookup_domain(user_info['domain'])
user_ref = PROVIDERS.identity_api.get_user_by_name(
user_name, domain_ref['id'])
else:
user_ref = PROVIDERS.identity_api.get_user(user_id)
domain_ref = PROVIDERS.resource_api.get_domain(
user_ref['domain_id'])
self._assert_domain_is_enabled(domain_ref)
except exception.UserNotFound as e:
LOG.warning(six.text_type(e))
# We need to special case USER NOT FOUND here for CADF
# notifications as the normal path for notification(s) come from
# `identity_api.authenticate` and we are a bit before dropping into
# that method.
audit_reason = reason.Reason(str(e), str(e.code))
audit_initiator = notifications.build_audit_initiator()
# build an appropriate audit initiator with relevant information
# for the failed request. This will catch invalid user_name and
# invalid user_id.
if user_name:
audit_initiator.user_name = user_name
else:
audit_initiator.user_id = user_id
audit_initiator.domain_id = domain_ref.get('id')
audit_initiator.domain_name = domain_ref.get('name')
notifications._send_audit_notification(
action=_NOTIFY_OP,
initiator=audit_initiator,
outcome=taxonomy.OUTCOME_FAILURE,
target=resource.Resource(typeURI=taxonomy.ACCOUNT_USER),
event_type=_NOTIFY_EVENT,
reason=audit_reason)
raise exception.Unauthorized(e)
self._assert_user_is_enabled(user_ref)
self.user_ref = user_ref
self.user_id = user_ref['id']
self.domain_id = domain_ref['id']
def _validate_and_normalize_auth_data(self, auth_payload):
if 'user' not in auth_payload:
raise exception.ValidationError(attribute='user',
target=self.METHOD_NAME)
user_info = auth_payload['user']
user_id = user_info.get('id')
user_name = user_info.get('name')
domain_ref = {}
if not user_id and not user_name:
raise exception.ValidationError(attribute='id or name',
target='user')
try:
if user_name:
if 'domain' not in user_info:
raise exception.ValidationError(attribute='domain',
target='user')
domain_ref = self._lookup_domain(user_info['domain'])
user_ref = PROVIDERS.identity_api.get_user_by_name(
user_name, domain_ref['id'])
else:
user_ref = PROVIDERS.identity_api.get_user(user_id)
domain_ref = PROVIDERS.resource_api.get_domain(
user_ref['domain_id'])
self._assert_domain_is_enabled(domain_ref)
except exception.UserNotFound as e:
LOG.warning(six.text_type(e))
# We need to special case USER NOT FOUND here for CADF
# notifications as the normal path for notification(s) come from
# `identity_api.authenticate` and we are a bit before dropping into
# that method.
audit_reason = reason.Reason(str(e), str(e.code))
audit_initiator = notifications.build_audit_initiator()
# build an appropriate audit initiator with relevant information
# for the failed request. This will catch invalid user_name and
# invalid user_id.
if user_name:
audit_initiator.user_name = user_name
else:
audit_initiator.user_id = user_id
audit_initiator.domain_id = domain_ref.get('id')
audit_initiator.domain_name = domain_ref.get('name')
notifications._send_audit_notification(
action=_NOTIFY_OP,
initiator=audit_initiator,
outcome=taxonomy.OUTCOME_FAILURE,
target=resource.Resource(typeURI=taxonomy.ACCOUNT_USER),
event_type=_NOTIFY_EVENT,
reason=audit_reason)
raise exception.Unauthorized(e)
self._assert_user_is_enabled(user_ref)
self.user_ref = user_ref
self.user_id = user_ref['id']
self.domain_id = domain_ref['id']
def test_opt_out_authenticate_event(self):
"""Test that authenticate events are successfully opted out."""
resource_type = EXP_RESOURCE_TYPE
action = CREATED_OPERATION + "." + resource_type
initiator = mock
target = mock
outcome = "success"
event_type = "identity.authenticate"
meter_name = "%s.%s" % (event_type, outcome)
conf = self.useFixture(config_fixture.Config(CONF))
conf.config(notification_opt_out=meter_name)
with mock.patch.object(notifications._get_notifier(), "_notify") as mocked:
notifications._send_audit_notification(action, initiator, outcome, target, event_type)
mocked.assert_not_called()
def test_send_audit_notification_with_opt_out(self):
"""Test the private method _send_audit_notification with opt-out.
Test that _send_audit_notification does not notify when a valid
notification_opt_out configuration is provided.
"""
resource_type = EXP_RESOURCE_TYPE
action = CREATED_OPERATION + "." + resource_type
initiator = mock
target = mock
outcome = "success"
event_type = "identity.%s.created" % resource_type
conf = self.useFixture(config_fixture.Config(CONF))
conf.config(notification_opt_out=event_type)
with mock.patch.object(notifications._get_notifier(), "_notify") as mocked:
notifications._send_audit_notification(action, initiator, outcome, target, event_type)
mocked.assert_not_called()
