def test_context_to_dict(self):
ctx = context.RequestContext('_token_',
'_user_',
'_tenant_',
'_domain_',
'_user_domain_',
'_project_domain_',
False,
False,
'_request_id_',
'_user_name_', ['admin', 'member'],
'fake_auth_url',
trust_id='fake_trust_id')
ctx_dict = ctx.to_dict()
self.assertEqual(ctx_dict['auth_token'], '_token_')
self.assertEqual(ctx_dict['user'], '_user_')
self.assertEqual(ctx_dict['tenant'], '_tenant_')
self.assertEqual(ctx_dict['domain'], '_domain_')
self.assertEqual(ctx_dict['user_domain'], '_user_domain_')
self.assertEqual(ctx_dict['project_domain'], '_project_domain_')
self.assertEqual(ctx_dict['is_admin'], False)
self.assertEqual(ctx_dict['read_only'], False)
self.assertEqual(ctx_dict['show_deleted'], False)
self.assertEqual(ctx_dict['auth_token'], '_token_')
self.assertEqual(ctx_dict['instance_uuid'], None)
self.assertEqual(ctx_dict['user_name'], '_user_name_')
self.assertEqual(ctx_dict['roles'], ['admin', 'member'])
self.assertEqual(ctx_dict['auth_url'], 'fake_auth_url')
self.assertEqual(ctx_dict['trust_id'], 'fake_trust_id')
def before(self, state):
if not CONF.get('enable_authentication'):
return
# Skip authentication for public endpoints
if AUTH.is_endpoint_public(state.request.path):
return
headers = state.request.headers
user_id = headers.get('X-User-Id')
roles = self._get_roles(state.request)
project_id = headers.get('X-Project-Id')
user_name = headers.get('X-User-Name', '')
tenant_name = headers.get('X-Project')
domain = headers.get('X-Domain-Name')
project_domain_id = headers.get('X-Project-Domain-Id', '')
user_domain_id = headers.get('X-User-Domain-Id', '')
password = headers.get('X-Password', '')
recv_auth_token = headers.get('X-Auth-Token',
headers.get('X-Storage-Token'))
auth_token_info = state.request.environ.get('keystone.token_info')
ctx = context.RequestContext(auth_token=recv_auth_token,
auth_token_info=auth_token_info,
user=user_id,
tenant=project_id,
domain=domain,
user_domain=user_domain_id,
project_domain=project_domain_id,
user_name=user_name,
roles=roles,
password=password,
tenant_name=tenant_name)
state.request.security_context = ctx
def test_global_admin_false(self):
self.CONF.config(solum_admin_tenant_id='fake_tenant_id')
ctx = context.RequestContext(auth_token='_token_',
user='******',
tenant='_tenant_id_',
domain='_domain_',
user_domain='_user_domain_',
project_domain='_project_domain_',
is_admin=False,
read_only=False,
request_id='_request_id_',
user_name='_user_name_',
roles=['admin', 'member'],
auth_url='fake_auth_url',
auth_token_info='_auth_token_info_',
trust_id='fake_trust_id')
ctx_dict = ctx.to_dict()
self.assertEqual(ctx_dict['auth_token'], '_token_')
self.assertEqual(ctx_dict['user'], '_user_')
self.assertEqual(ctx_dict['tenant'], '_tenant_id_')
self.assertEqual(ctx_dict['domain'], '_domain_')
self.assertEqual(ctx_dict['user_domain'], '_user_domain_')
self.assertEqual(ctx_dict['project_domain'], '_project_domain_')
self.assertEqual(ctx_dict['is_admin'], False)
self.assertEqual(ctx_dict['read_only'], False)
self.assertEqual(ctx_dict['show_deleted'], False)
self.assertEqual(ctx_dict['auth_token'], '_token_')
self.assertEqual(ctx_dict['resource_uuid'], None)
self.assertEqual(ctx_dict['user_name'], '_user_name_')
self.assertEqual(ctx_dict['roles'], ['admin', 'member'])
self.assertEqual(ctx_dict['auth_url'], 'fake_auth_url')
self.assertEqual(ctx_dict['trust_id'], 'fake_trust_id')
def before(self, state):
if not CONF.get('enable_authentication'):
return
# Skip authentication for public endpoints
if AUTH.is_endpoint_public(state.request.path):
return
headers = state.request.headers
user_id = headers.get('X-User-Id')
if user_id is None:
LOG.debug("X-User-Id header was not found in the request")
raise Exception('Not authorized')
roles = self._get_roles(state.request)
project_id = headers.get('X-Project-Id')
user_name = headers.get('X-User-Name', '')
tenant_name = headers.get('X-Project')
domain = headers.get('X-Domain-Name')
project_domain_id = headers.get('X-Project-Domain-Id', '')
user_domain_id = headers.get('X-User-Domain-Id', '')
password = headers.get('X-Password', '')
# Get the auth token
try:
recv_auth_token = headers.get('X-Auth-Token',
headers.get(
'X-Storage-Token'))
except ValueError:
LOG.debug("No auth token found in the request.")
raise Exception('Not authorized')
auth_url = headers.get('X-Auth-Url')
if auth_url is None:
importutils.import_module('keystonemiddleware.auth_token')
auth_url = cfg.CONF.keystone_authtoken.auth_uri
auth_token_info = state.request.environ.get('keystone.token_info')
identity_status = headers.get('X-Identity-Status')
if identity_status == 'Confirmed':
ctx = context.RequestContext(auth_token=recv_auth_token,
auth_token_info=auth_token_info,
user=user_id,
tenant=project_id,
domain=domain,
user_domain=user_domain_id,
project_domain=project_domain_id,
user_name=user_name,
roles=roles,
auth_url=auth_url,
password=password,
tenant_name=tenant_name)
state.request.security_context = ctx
else:
LOG.debug("The provided identity is not confirmed.")
raise Exception('Not authorized. Identity not confirmed.')
return
def before(self, state):
if not CONF.get('enable_authentication'):
return
# Do not proceed for triggers as they use non authenticated service
regexp = re.compile('^/v[0-9]+/public/')
if regexp.match(state.request.path):
return
headers = state.request.headers
user_id = headers.get('X-User-Id')
if user_id is None:
LOG.debug("X-User-Id header was not found in the request")
raise Exception('Not authorized')
roles = self._get_roles(state.request)
project_id = headers.get('X-Project-Id')
user_name = headers.get('X-User-Name', '')
domain = headers.get('X-Domain-Name')
project_domain_id = headers.get('X-Project-Domain-Id', '')
user_domain_id = headers.get('X-User-Domain-Id', '')
# Get the auth token
try:
recv_auth_token = headers.get('X-Auth-Token',
headers.get('X-Storage-Token'))
except ValueError:
LOG.debug("No auth token found in the request.")
raise Exception('Not authorized')
auth_url = headers.get('X-Auth-Url')
if auth_url is None:
importutils.import_module('keystoneclient.middleware.auth_token')
auth_url = cfg.CONF.keystone_authtoken.auth_uri
auth_token_info = state.request.environ.get('keystone.token_info')
identity_status = headers.get('X-Identity-Status')
if identity_status == 'Confirmed':
ctx = context.RequestContext(auth_token=recv_auth_token,
auth_token_info=auth_token_info,
user=user_id,
tenant=project_id,
domain=domain,
user_domain=user_domain_id,
project_domain=project_domain_id,
user_name=user_name,
roles=roles,
auth_url=auth_url)
state.request.security_context = ctx
else:
LOG.debug("The provided identity is not confirmed.")
raise Exception('Not authorized. Identity not confirmed.')
return
import solum
from solum.common import context
from solum.common import trace_data
from solum.tests import base
solum.TLS.trace = trace_data.TraceData()
# Just putting highly recognizable values in context
CONTEXT = context.RequestContext('_auth_token_',
'_user_',
'_tenant_',
'_domain_',
'_user_domain_',
'_project_domain_',
False,
False,
'_request_id_',
'_user_name_',
'_roles_',
'_auth_url_',
auth_token_info='_auth_token_info_')
class TestTraceData(base.BaseTestCase):
"""Tests the TraceData class."""
def test_auto_clear(self):
"""auto_clear success and then a failure case."""
solum.TLS.trace.auto_clear = True
solum.TLS.trace.auto_clear = False
try:
def _context_from_trust_id(self, trust_id):
cntx = context.RequestContext(trust_id=trust_id)
self._clients = clients.OpenStackClients(cntx)
return self._clients.keystone().context
import solum
from solum.common import context
from solum.common import trace_data
from solum.tests import base
solum.TLS.trace = trace_data.TraceData()
# Just putting highly recognizable values in context
CONTEXT = context.RequestContext(auth_token='_auth_token_',
user='******',
tenant='_tenant_',
domain='_domain_',
user_domain='_user_domain_',
project_domain='_project_domain_',
is_admin=False,
read_only=False,
request_id='_request_id_',
user_name='_user_name_',
roles='_roles_',
auth_url='_auth_url_',
auth_token_info='_auth_token_info_')
class TestTraceData(base.BaseTestCase):
"""Tests the TraceData class."""
def test_auto_clear(self):
"""auto_clear success and then a failure case."""
solum.TLS.trace.auto_clear = True
solum.TLS.trace.auto_clear = False
try:
def dummy_context(user='******',
tenant_id='fake_project_id',
user_name='usr_name'):
return context.RequestContext(user=user,
tenant=tenant_id,
user_name=user_name)
def create_delegation_context(assembly_obj, ctx=None):
"""Create a delegated security context."""
if cfg.CONF.get('keystone_version') == '3':
cntx = context.RequestContext(trust_id=assembly_obj.trust_id)
kc = clients.OpenStackClients(cntx).keystone()
return kc.context
#!/usr/bin/env python
# Copyright 2014 - Rackspace Hosting
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import sys
from oslo_config import cfg
from solum.common import context
from solum.openstack.common import log as logging
from solum.worker import api
LOG = logging.getLogger(__name__)
if __name__ == '__main__':
conf_files = ['--config-file=/etc/solum/solum.conf']
cfg.CONF(conf_files, project='solum')
message = ' '.join(sys.argv[1:])
api.API(context=context.RequestContext()).echo(message)
def dummy_context(user='******', tenant_id='test_tenant_id'):
return context.RequestContext(user=user, tenant=tenant_id)
