def test_context_to_dict(self): ctx = context.RequestContext('_token_', '_user_', '_tenant_', '_domain_', '_user_domain_', '_project_domain_', False, False, '_request_id_', '_user_name_', ['admin', 'member'], 'fake_auth_url', trust_id='fake_trust_id') ctx_dict = ctx.to_dict() self.assertEqual(ctx_dict['auth_token'], '_token_') self.assertEqual(ctx_dict['user'], '_user_') self.assertEqual(ctx_dict['tenant'], '_tenant_') self.assertEqual(ctx_dict['domain'], '_domain_') self.assertEqual(ctx_dict['user_domain'], '_user_domain_') self.assertEqual(ctx_dict['project_domain'], '_project_domain_') self.assertEqual(ctx_dict['is_admin'], False) self.assertEqual(ctx_dict['read_only'], False) self.assertEqual(ctx_dict['show_deleted'], False) self.assertEqual(ctx_dict['auth_token'], '_token_') self.assertEqual(ctx_dict['instance_uuid'], None) self.assertEqual(ctx_dict['user_name'], '_user_name_') self.assertEqual(ctx_dict['roles'], ['admin', 'member']) self.assertEqual(ctx_dict['auth_url'], 'fake_auth_url') self.assertEqual(ctx_dict['trust_id'], 'fake_trust_id')
def before(self, state): if not CONF.get('enable_authentication'): return # Skip authentication for public endpoints if AUTH.is_endpoint_public(state.request.path): return headers = state.request.headers user_id = headers.get('X-User-Id') roles = self._get_roles(state.request) project_id = headers.get('X-Project-Id') user_name = headers.get('X-User-Name', '') tenant_name = headers.get('X-Project') domain = headers.get('X-Domain-Name') project_domain_id = headers.get('X-Project-Domain-Id', '') user_domain_id = headers.get('X-User-Domain-Id', '') password = headers.get('X-Password', '') recv_auth_token = headers.get('X-Auth-Token', headers.get('X-Storage-Token')) auth_token_info = state.request.environ.get('keystone.token_info') ctx = context.RequestContext(auth_token=recv_auth_token, auth_token_info=auth_token_info, user=user_id, tenant=project_id, domain=domain, user_domain=user_domain_id, project_domain=project_domain_id, user_name=user_name, roles=roles, password=password, tenant_name=tenant_name) state.request.security_context = ctx
def test_global_admin_false(self): self.CONF.config(solum_admin_tenant_id='fake_tenant_id') ctx = context.RequestContext(auth_token='_token_', user='******', tenant='_tenant_id_', domain='_domain_', user_domain='_user_domain_', project_domain='_project_domain_', is_admin=False, read_only=False, request_id='_request_id_', user_name='_user_name_', roles=['admin', 'member'], auth_url='fake_auth_url', auth_token_info='_auth_token_info_', trust_id='fake_trust_id') ctx_dict = ctx.to_dict() self.assertEqual(ctx_dict['auth_token'], '_token_') self.assertEqual(ctx_dict['user'], '_user_') self.assertEqual(ctx_dict['tenant'], '_tenant_id_') self.assertEqual(ctx_dict['domain'], '_domain_') self.assertEqual(ctx_dict['user_domain'], '_user_domain_') self.assertEqual(ctx_dict['project_domain'], '_project_domain_') self.assertEqual(ctx_dict['is_admin'], False) self.assertEqual(ctx_dict['read_only'], False) self.assertEqual(ctx_dict['show_deleted'], False) self.assertEqual(ctx_dict['auth_token'], '_token_') self.assertEqual(ctx_dict['resource_uuid'], None) self.assertEqual(ctx_dict['user_name'], '_user_name_') self.assertEqual(ctx_dict['roles'], ['admin', 'member']) self.assertEqual(ctx_dict['auth_url'], 'fake_auth_url') self.assertEqual(ctx_dict['trust_id'], 'fake_trust_id')
def before(self, state): if not CONF.get('enable_authentication'): return # Skip authentication for public endpoints if AUTH.is_endpoint_public(state.request.path): return headers = state.request.headers user_id = headers.get('X-User-Id') if user_id is None: LOG.debug("X-User-Id header was not found in the request") raise Exception('Not authorized') roles = self._get_roles(state.request) project_id = headers.get('X-Project-Id') user_name = headers.get('X-User-Name', '') tenant_name = headers.get('X-Project') domain = headers.get('X-Domain-Name') project_domain_id = headers.get('X-Project-Domain-Id', '') user_domain_id = headers.get('X-User-Domain-Id', '') password = headers.get('X-Password', '') # Get the auth token try: recv_auth_token = headers.get('X-Auth-Token', headers.get( 'X-Storage-Token')) except ValueError: LOG.debug("No auth token found in the request.") raise Exception('Not authorized') auth_url = headers.get('X-Auth-Url') if auth_url is None: importutils.import_module('keystonemiddleware.auth_token') auth_url = cfg.CONF.keystone_authtoken.auth_uri auth_token_info = state.request.environ.get('keystone.token_info') identity_status = headers.get('X-Identity-Status') if identity_status == 'Confirmed': ctx = context.RequestContext(auth_token=recv_auth_token, auth_token_info=auth_token_info, user=user_id, tenant=project_id, domain=domain, user_domain=user_domain_id, project_domain=project_domain_id, user_name=user_name, roles=roles, auth_url=auth_url, password=password, tenant_name=tenant_name) state.request.security_context = ctx else: LOG.debug("The provided identity is not confirmed.") raise Exception('Not authorized. Identity not confirmed.') return
def before(self, state): if not CONF.get('enable_authentication'): return # Do not proceed for triggers as they use non authenticated service regexp = re.compile('^/v[0-9]+/public/') if regexp.match(state.request.path): return headers = state.request.headers user_id = headers.get('X-User-Id') if user_id is None: LOG.debug("X-User-Id header was not found in the request") raise Exception('Not authorized') roles = self._get_roles(state.request) project_id = headers.get('X-Project-Id') user_name = headers.get('X-User-Name', '') domain = headers.get('X-Domain-Name') project_domain_id = headers.get('X-Project-Domain-Id', '') user_domain_id = headers.get('X-User-Domain-Id', '') # Get the auth token try: recv_auth_token = headers.get('X-Auth-Token', headers.get('X-Storage-Token')) except ValueError: LOG.debug("No auth token found in the request.") raise Exception('Not authorized') auth_url = headers.get('X-Auth-Url') if auth_url is None: importutils.import_module('keystoneclient.middleware.auth_token') auth_url = cfg.CONF.keystone_authtoken.auth_uri auth_token_info = state.request.environ.get('keystone.token_info') identity_status = headers.get('X-Identity-Status') if identity_status == 'Confirmed': ctx = context.RequestContext(auth_token=recv_auth_token, auth_token_info=auth_token_info, user=user_id, tenant=project_id, domain=domain, user_domain=user_domain_id, project_domain=project_domain_id, user_name=user_name, roles=roles, auth_url=auth_url) state.request.security_context = ctx else: LOG.debug("The provided identity is not confirmed.") raise Exception('Not authorized. Identity not confirmed.') return
import solum from solum.common import context from solum.common import trace_data from solum.tests import base solum.TLS.trace = trace_data.TraceData() # Just putting highly recognizable values in context CONTEXT = context.RequestContext('_auth_token_', '_user_', '_tenant_', '_domain_', '_user_domain_', '_project_domain_', False, False, '_request_id_', '_user_name_', '_roles_', '_auth_url_', auth_token_info='_auth_token_info_') class TestTraceData(base.BaseTestCase): """Tests the TraceData class.""" def test_auto_clear(self): """auto_clear success and then a failure case.""" solum.TLS.trace.auto_clear = True solum.TLS.trace.auto_clear = False try:
def _context_from_trust_id(self, trust_id): cntx = context.RequestContext(trust_id=trust_id) self._clients = clients.OpenStackClients(cntx) return self._clients.keystone().context
import solum from solum.common import context from solum.common import trace_data from solum.tests import base solum.TLS.trace = trace_data.TraceData() # Just putting highly recognizable values in context CONTEXT = context.RequestContext(auth_token='_auth_token_', user='******', tenant='_tenant_', domain='_domain_', user_domain='_user_domain_', project_domain='_project_domain_', is_admin=False, read_only=False, request_id='_request_id_', user_name='_user_name_', roles='_roles_', auth_url='_auth_url_', auth_token_info='_auth_token_info_') class TestTraceData(base.BaseTestCase): """Tests the TraceData class.""" def test_auto_clear(self): """auto_clear success and then a failure case.""" solum.TLS.trace.auto_clear = True solum.TLS.trace.auto_clear = False try:
def dummy_context(user='******', tenant_id='fake_project_id', user_name='usr_name'): return context.RequestContext(user=user, tenant=tenant_id, user_name=user_name)
def create_delegation_context(assembly_obj, ctx=None): """Create a delegated security context.""" if cfg.CONF.get('keystone_version') == '3': cntx = context.RequestContext(trust_id=assembly_obj.trust_id) kc = clients.OpenStackClients(cntx).keystone() return kc.context
#!/usr/bin/env python # Copyright 2014 - Rackspace Hosting # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import sys from oslo_config import cfg from solum.common import context from solum.openstack.common import log as logging from solum.worker import api LOG = logging.getLogger(__name__) if __name__ == '__main__': conf_files = ['--config-file=/etc/solum/solum.conf'] cfg.CONF(conf_files, project='solum') message = ' '.join(sys.argv[1:]) api.API(context=context.RequestContext()).echo(message)
def dummy_context(user='******', tenant_id='test_tenant_id'): return context.RequestContext(user=user, tenant=tenant_id)