def check_permissions(app_conf, token_to_validate, lcp_id):
logger.debug("Check permissions...start")
try:
if _is_authorization_enabled(app_conf):
if token_to_validate is not None and lcp_id is not None and str(
token_to_validate).strip() != '' and str(
lcp_id).strip() != '':
token_conf = _get_token_conf(app_conf)
logger.debug(
"Authorization: validating token=[{}] on lcp_id=[{}]".
format(token_to_validate, lcp_id))
is_permitted = tokens.is_token_valid(token_to_validate, lcp_id,
token_conf)
logger.debug(
"Authorization: The token=[{}] on lcp_id=[{}] is [{}]".
format(token_to_validate, lcp_id,
"valid" if is_permitted else "invalid"))
else:
raise Exception(
"Token=[{}] and/or Region=[{}] are empty/none.".format(
token_to_validate, lcp_id))
else:
logger.debug(
"The authentication service is disabled. No authentication is needed."
)
is_permitted = True
except Exception as e:
msg = "Fail to validate request. due to {}.".format(e.message)
logger.error(msg)
logger.exception(e)
is_permitted = False
logger.debug("Check permissions...end")
return is_permitted
def check_permissions(token_to_validate, lcp_id):
logger.debug("Check permissions...start")
try:
if _is_authorization_enabled():
token_conf = _get_token_conf()
logger.debug(
"Authorization: validating token=[{}] on lcp_id=[{}]".format(
token_to_validate, lcp_id))
is_permitted = tokens.is_token_valid(token_to_validate, lcp_id,
token_conf)
logger.debug(
"Authorization: The token=[{}] on lcp_id=[{}] is [{}]".format(
token_to_validate, lcp_id,
"valid" if is_permitted else "invalid"))
else:
logger.debug(
"The authentication service is disabled. No authentication is needed."
)
is_permitted = True
except Exception as e:
msg = "Fail to validate request. due to {}.".format(e.message)
logger.error(msg)
logger.exception(e)
is_permitted = False
logger.debug("Check permissions...end")
return is_permitted
def test_is_token_valid_token_not_found(self, mock_get):
client_backup = tokens.v3_client.Client
tokens.v3_client.Client = mock.MagicMock(return_value=MyClient())
self.assertFalse(
tokens.is_token_valid('a', 'b',
tokens.TokenConf('a', 'b', 'c', 'd', '3')))
tokens.v3_client.Client = client_backup
def test_is_token_valid_sanity_role_required(self, mock_get, mock_client):
user = {'user': {'id': 'test_id', 'domain': {'id': 'test'}}}
mock_client.tokens.validate = mock.MagicMock(return_value=user)
self.assertTrue(
tokens.is_token_valid('a', 'b',
tokens.TokenConf('a', 'b', 'c', 'd', '3'),
'test', {'domain': 'test'}))
def test_is_token_valid_keystone_v2(self, mock_get):
client_backup = tokens.v2_client.Client
tokens.v2_client.Client = mock.MagicMock()
self.assertFalse(
tokens.is_token_valid('a', 'b',
tokens.TokenConf('a', 'b', 'c', 'd', '2.0'),
'test', {'tenant': 'test'}))
tokens.v2_client.Client = client_backup
def test_is_token_valid_sanity(self, mock_get, mock_client):
self.assertTrue(
tokens.is_token_valid('a', 'b',
tokens.TokenConf('a', 'b', 'c', 'd', '3')))