def _getRBACClient(self):
"""Return the `RBACClient`.
This tries to use an already held client when initialized because the
cookiejar will be updated with the already authenticated macaroon.
"""
url = Config.objects.get_config('rbac_url')
if not url:
# RBAC is not enabled (or no longer enabled).
self.rbacClient = None
return None
auth_info = get_auth_info()
if (self.rbacClient is None or self.rbacClient._url != url
or self.rbacClient._auth_info != auth_info):
self.rbacClient = RBACClient(url, auth_info)
return self.rbacClient
def client(self):
"""Get thread-local client."""
# Get the current cleared status and reset it to False for the
# next request on this thread.
cleared = getattr(self._store, "cleared", False)
self._store.cleared = False
client = getattr(self._store, "client", None)
if client is None:
url = self._get_rbac_url()
if url:
client = self._client_class(url)
self._store.client = client
else:
self._store.client = NO_CLIENT
return client
# Check if this is a new request, a new check of the client needs
# to be performed.
if cleared:
# Check that the `rbac_url` and the credentials match.
url = self._get_rbac_url()
if url:
auth_info = get_auth_info()
if client is NO_CLIENT:
# Previously no client was created, create a new client
# now that RBAC is enabled.
client = self._client_class(url, auth_info)
self._store.client = client
elif client._url != url or client._auth_info != auth_info:
# URL or creds differ, re-create the client.
client = self._client_class(url, auth_info)
self._store.client = client
else:
# RBAC is now disabled.
client = None
self._store.client = NO_CLIENT
if client is NO_CLIENT:
return None
return client
def __init__(self, url: str = None, auth_info: AuthInfo = None):
if url is None:
url = Config.objects.get_config("rbac_url")
if auth_info is None:
auth_info = get_auth_info()
super().__init__(auth_info=auth_info, url=url)