Python TokenlessAuthHelper Examples

Programming Language: Python

Namespace/Package Name: keystone.common.tokenless_auth

Method/Function: TokenlessAuthHelper

Examples at hotexamples.com: 3

Python TokenlessAuthHelper - 3 examples found. These are the top rated real world Python examples of keystone.common.tokenless_auth.TokenlessAuthHelper extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: test_middleware.py Project: TonyChengTW/OpenStack_Liberty_Control

 def test_create_idp_id_attri_not_found_fail(self):
     env = {}
     env[uuid.uuid4().hex] = self.client_issuer
     auth = tokenless_auth.TokenlessAuthHelper(env)
     expected_msg = ('Could not determine Identity Provider ID. The '
                     'configuration option %s was not found in the '
                     'request environment.' %
                     CONF.tokenless_auth.issuer_attribute)
     # Check the content of the exception message as well
     self.assertRaisesRegexp(exception.TokenlessAuthConfigError,
                             expected_msg, auth._build_idp_id)

Example #2

Show file

File: auth.py Project: syl20bnr/keystone

    def _build_tokenless_auth_context(self, request):
        """Build the authentication context.

        The context is built from the attributes provided in the env,
        such as certificate and scope attributes.
        """
        tokenless_helper = tokenless_auth.TokenlessAuthHelper(request.environ)

        (domain_id, project_id, trust_ref, unscoped) = (
            tokenless_helper.get_scope())
        user_ref = tokenless_helper.get_mapped_user(
            project_id,
            domain_id)

        # NOTE(gyee): if it is an ephemeral user, the
        # given X.509 SSL client cert does not need to map to
        # an existing user.
        if user_ref['type'] == utils.UserType.EPHEMERAL:
            auth_context = {}
            auth_context['group_ids'] = user_ref['group_ids']
            auth_context[federation_constants.IDENTITY_PROVIDER] = (
                user_ref[federation_constants.IDENTITY_PROVIDER])
            auth_context[federation_constants.PROTOCOL] = (
                user_ref[federation_constants.PROTOCOL])
            if domain_id and project_id:
                msg = _('Scoping to both domain and project is not allowed')
                raise ValueError(msg)
            if domain_id:
                auth_context['domain_id'] = domain_id
            if project_id:
                auth_context['project_id'] = project_id
            auth_context['roles'] = user_ref['roles']
        else:
            # it's the local user, so token data is needed.
            token_helper = common.V3TokenDataHelper()
            token_data = token_helper.get_token_data(
                user_id=user_ref['id'],
                method_names=[CONF.tokenless_auth.protocol],
                domain_id=domain_id,
                project_id=project_id)

            auth_context = {'user_id': user_ref['id']}
            auth_context['is_delegated_auth'] = False
            if domain_id:
                auth_context['domain_id'] = domain_id
            if project_id:
                auth_context['project_id'] = project_id
            auth_context['roles'] = [role['name'] for role
                                     in token_data['token']['roles']]
        return auth_context

Example #3

Show file

File: test_middleware.py Project: TonyChengTW/OpenStack_Liberty_Control

 def test_create_idp_id_success(self):
     env = {}
     env['SSL_CLIENT_I_DN'] = self.client_issuer
     auth = tokenless_auth.TokenlessAuthHelper(env)
     idp_id = auth._build_idp_id()
     self.assertEqual(self.idp_id, idp_id)