def setUp(self):
super(AuthWithTrust, self).setUp()
self.opt_in_group('trust', enabled=True)
trust.Manager()
self.trust_controller = trust.controllers.TrustV3()
self.auth_v3_controller = auth.controllers.Auth()
self.trustor = self.user_foo
self.trustee = self.user_two
self.assigned_roles = [self.role_member['id'], self.role_browser['id']]
for assigned_role in self.assigned_roles:
self.assignment_api.add_role_to_user_and_project(
self.trustor['id'], self.tenant_bar['id'], assigned_role)
self.sample_data = {
'trustor_user_id':
self.trustor['id'],
'trustee_user_id':
self.trustee['id'],
'project_id':
self.tenant_bar['id'],
'impersonation':
True,
'roles': [{
'id': self.role_browser['id']
}, {
'name': self.role_member['name']
}]
}
expires_at = timeutils.strtime(timeutils.utcnow() +
datetime.timedelta(minutes=10),
fmt=TIME_FORMAT)
self.create_trust(expires_at=expires_at)
def initialize_drivers():
DRIVERS['catalog_api'] = catalog.Manager()
DRIVERS['identity_api'] = identity.Manager()
DRIVERS['policy_api'] = policy.Manager()
DRIVERS['token_api'] = token.Manager()
DRIVERS['trust_api'] = trust.Manager()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def setUp(self):
super(SqlTests, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
# initialize managers and override drivers
self.catalog_man = catalog.Manager()
self.identity_man = identity.Manager()
self.token_man = token.Manager()
self.trust_man = trust.Manager()
self.policy_man = policy.Manager()
# create shortcut references to each driver
self.catalog_api = self.catalog_man.driver
self.identity_api = self.identity_man.driver
self.token_api = self.token_man.driver
self.policy_api = self.policy_man.driver
self.trust_api = self.trust_man.driver
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
#defaulted by the data load
self.user_foo['enabled'] = True
def setUp(self):
super(SqlTests, self).setUp()
self.config([
test.etcdir('keystone.conf.sample'),
test.testsdir('test_overrides.conf'),
test.testsdir('backend_sql.conf')
])
# initialize managers and override drivers
self.catalog_man = catalog.Manager()
self.identity_man = identity.Manager()
self.token_man = token.Manager()
self.trust_man = trust.Manager()
self.policy_man = policy.Manager()
# create tables and keep an engine reference for cleanup.
# this must be done after the models are loaded by the managers.
self.engine = self.get_engine()
sql.ModelBase.metadata.create_all(bind=self.engine)
# create shortcut references to each driver
self.catalog_api = self.catalog_man.driver
self.identity_api = self.identity_man.driver
self.token_api = self.token_man.driver
self.policy_api = self.policy_man.driver
self.trust_api = self.trust_man.driver
# populate the engine with tables & fixtures
self.load_fixtures(default_fixtures)
#defaulted by the data load
self.user_foo['enabled'] = True
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends(include_oauth1=False):
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
endpoint_filter_api=endpoint_filter.Manager(),
identity_api=_IDENTITY_API,
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
if include_oauth1:
from keystone.contrib import oauth1
DRIVERS['oauth1_api'] = oauth1.Manager()
dependency.resolve_future_dependencies()
return DRIVERS
def __init__(self, context, auth=None):
self.identity_api = identity.Manager()
self.trust_api = trust.Manager()
self.context = context
self.auth = auth
self._scope_data = (None, None, None)
# self._scope_data is (domain_id, project_id, trust_ref)
# project scope: (None, project_id, None)
# domain scope: (domain_id, None, None)
# trust scope: (None, None, trust_ref)
# unscoped: (None, None, None)
self._validate_and_normalize_auth_data()
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.apply_invalidation_patch(
region=catalog.COMPUTED_CATALOG_REGION,
region_name=catalog.COMPUTED_CATALOG_REGION.name)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.apply_invalidation_patch(
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
cache.configure_cache(region=revoke.REVOKE_REGION)
cache.apply_invalidation_patch(region=revoke.REVOKE_REGION,
region_name=revoke.REVOKE_REGION.name)
cache.configure_cache(region=token.provider.TOKENS_REGION)
cache.configure_cache(region=identity.ID_MAPPING_REGION)
cache.apply_invalidation_patch(region=identity.ID_MAPPING_REGION,
region_name=identity.ID_MAPPING_REGION.name)
# Ensure that the identity driver is created before the assignment manager
# and that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment, which in turn
# depends on identity - hence we need to ensure the chain is available.
# TODO(morganfainberg): In "O" release move _IDENTITY_API to be directly
# instantiated in the DRIVERS dict once assignment driver being selected
# based upon [identity]/driver is removed.
_IDENTITY_API = identity.Manager()
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(
assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
shadow_users_api=identity.ShadowUsersManager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.apply_invalidation_patch(
region=catalog.COMPUTED_CATALOG_REGION,
region_name=catalog.COMPUTED_CATALOG_REGION.name)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.apply_invalidation_patch(
region=assignment.COMPUTED_ASSIGNMENTS_REGION,
region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name)
# Ensure that the assignment driver is created before the resource manager.
# The default resource driver depends on assignment.
_ASSIGNMENT_API = assignment.Manager()
DRIVERS = dict(assignment_api=_ASSIGNMENT_API,
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.controllers.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache()
cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION)
cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION)
cache.configure_cache(region=revoke.REVOKE_REGION)
cache.configure_cache(region=token.provider.TOKENS_REGION)
cache.configure_cache(region=identity.ID_MAPPING_REGION)
cache.configure_invalidation_region()
# NOTE(knikolla): The assignment manager must be instantiated before the
# resource manager. The current dictionary ordering ensures that.
DRIVERS = dict(assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
credential_provider_api=credential.provider.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=identity.Manager(),
shadow_users_api=identity.ShadowUsersManager(),
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager())
auth.core.load_auth_methods()
return DRIVERS
def load_backends():
# Configure and build the cache
cache.configure_cache_region(cache.REGION)
# Ensure that the identity driver is created before the assignment manager.
# The default assignment driver is determined by the identity driver, so
# the identity driver must be available to the assignment manager.
_IDENTITY_API = identity.Manager()
DRIVERS = dict(
assignment_api=assignment.Manager(),
catalog_api=catalog.Manager(),
credential_api=credential.Manager(),
domain_config_api=resource.DomainConfigManager(),
endpoint_filter_api=endpoint_filter.Manager(),
endpoint_policy_api=endpoint_policy.Manager(),
federation_api=federation.Manager(),
id_generator_api=identity.generator.Manager(),
id_mapping_api=identity.MappingManager(),
identity_api=_IDENTITY_API,
oauth_api=oauth1.Manager(),
policy_api=policy.Manager(),
resource_api=resource.Manager(),
revoke_api=revoke.Manager(),
role_api=assignment.RoleManager(),
token_api=token.persistence.Manager(),
trust_api=trust.Manager(),
token_provider_api=token.provider.Manager(),
# admin_api=moon.AdminManager(),
# authz_api=moon.AuthzManager()
)
auth.controllers.load_auth_methods()
return DRIVERS
def __init__(self, *args, **kwargs):
super(Provider, self).__init__(*args, **kwargs)
if CONF.trust.enabled:
self.trust_api = trust.Manager()
self.v3_token_data_helper = V3TokenDataHelper()
self.v2_token_data_helper = V2TokenDataHelper()
def __init__(self):
if CONF.trust.enabled:
self.trust_api = trust.Manager()
from keystone import identity
from keystone import policy
from keystone import routers
from keystone import token
from keystone import trust
CONF = config.CONF
LOG = logging.getLogger(__name__)
DRIVERS = dict(catalog_api=catalog.Manager(),
credentials_api=credential.Manager(),
ec2_api=ec2.Manager(),
identity_api=identity.Manager(),
policy_api=policy.Manager(),
token_api=token.Manager(),
trust_api=trust.Manager())
@logging.fail_gracefully
def public_app_factory(global_conf, **local_conf):
controllers.register_version('v2.0')
conf = global_conf.copy()
conf.update(local_conf)
return wsgi.ComposingRouter(routes.Mapper(), [
identity.routers.Public(),
token.routers.Router(),
routers.VersionV2('public'),
routers.Extension(False)
])
def __init__(self, context):
self.identity_api = identity.Manager()
self.catalog_api = catalog.Manager()
self.trust_api = trust.Manager()
self.context = context
