def __init__(self, id=None, token=None, user=None, tenant_id=None,
service_catalog=None, tenant_name=None, roles=None,
authorized_tenants=None, endpoint=None, enabled=False,
services_region=None, user_domain_id=None,
user_domain_name=None, domain_id=None, domain_name=None,
project_id=None, project_name=None,
is_federated=False, unscoped_token=None):
self.id = id
self.pk = id
self.token = token
self.username = user
self.user_domain_id = user_domain_id
self.user_domain_name = user_domain_name
self.domain_id = domain_id
self.domain_name = domain_name
self.project_id = project_id or tenant_id
self.project_name = project_name or tenant_name
self.service_catalog = service_catalog
self._services_region = (
services_region
or utils.default_services_region(service_catalog)
)
self.roles = roles or []
self.endpoint = endpoint
self.enabled = enabled
self._authorized_tenants = authorized_tenants
self.is_federated = is_federated
# Unscoped token is used for listing user's project that works
# for both federated and keystone user.
self.unscoped_token = unscoped_token
# List of variables to be deprecated.
self.tenant_id = self.project_id
self.tenant_name = self.project_name
def create_user_from_token(request, token, endpoint, services_region=None):
# if the region is provided, use that, otherwise use the preferred region
svc_region = services_region or \
utils.default_services_region(token.serviceCatalog, request)
return User(
id=token.user['id'],
token=token,
user=token.user['name'],
password_expires_at=token.user['password_expires_at'],
user_domain_id=token.user_domain_id,
# We need to consider already logged-in users with an old
# version of Token without user_domain_name.
user_domain_name=getattr(token, 'user_domain_name', None),
project_id=token.project['id'],
project_name=token.project['name'],
domain_id=token.domain['id'],
domain_name=token.domain['name'],
enabled=True,
service_catalog=token.serviceCatalog,
roles=token.roles,
endpoint=endpoint,
services_region=svc_region,
is_federated=getattr(token, 'is_federated', False),
unscoped_token=getattr(token, 'unscoped_token',
request.session.get('unscoped_token')))
def create_user_from_token(request, token, endpoint, services_region=None):
# if the region is provided, use that, otherwise use the preferred region
default_service_regions = getattr(settings, 'DEFAULT_SERVICE_REGIONS', {})
default_service_region = default_service_regions.get(endpoint)
svc_region = services_region or \
utils.default_services_region(token.serviceCatalog, request,
selected_region=default_service_region)
return User(id=token.user['id'],
token=token,
user=token.user['name'],
password_expires_at=token.user['password_expires_at'],
user_domain_id=token.user_domain_id,
# We need to consider already logged-in users with an old
# version of Token without user_domain_name.
user_domain_name=getattr(token, 'user_domain_name', None),
project_id=token.project['id'],
project_name=token.project['name'],
domain_id=token.domain['id'],
domain_name=token.domain['name'],
enabled=True,
service_catalog=token.serviceCatalog,
roles=token.roles,
endpoint=endpoint,
services_region=svc_region,
is_federated=getattr(token, 'is_federated', False),
unscoped_token=getattr(token, 'unscoped_token',
request.session.get('unscoped_token')))
def __init__(self,
id=None,
token=None,
user=None,
tenant_id=None,
service_catalog=None,
tenant_name=None,
roles=None,
authorized_tenants=None,
endpoint=None,
enabled=False,
services_region=None,
user_domain_id=None,
user_domain_name=None,
domain_id=None,
domain_name=None,
project_id=None,
project_name=None,
is_federated=False,
unscoped_token=None,
password=None,
password_expires_at=None,
system_scoped=False):
self.id = id
self.pk = id
self.token = token
self.keystone_user_id = id
self.username = user
self.user_domain_id = user_domain_id
self.user_domain_name = user_domain_name
self.domain_id = domain_id
self.domain_name = domain_name
self.project_id = project_id or tenant_id
self.project_name = project_name or tenant_name
self.system_scoped = system_scoped
self.service_catalog = service_catalog
self._services_region = (
services_region or utils.default_services_region(service_catalog))
self.roles = roles or []
self.endpoint = endpoint
self.enabled = enabled
self._authorized_tenants = authorized_tenants
self.is_federated = is_federated
self.password_expires_at = password_expires_at
self._is_system_user = None
# Unscoped token is used for listing user's project that works
# for both federated and keystone user.
self.unscoped_token = unscoped_token
# List of variables to be deprecated.
self.tenant_id = self.project_id
self.tenant_name = self.project_name
# Required by AbstractBaseUser
self.password = None
def test_default_services_region_precedence(self):
request = client.RequestFactory().get('fake')
# Cookie is valid, so should be region source
request.COOKIES['services_region'] = "RegionTwo"
default_region = utils.default_services_region(
FAKE_CATALOG, request=request, ks_endpoint='http://example.com')
self.assertEqual("RegionTwo", default_region)
# Cookie is invalid, so ks_endpoint is source
request.COOKIES['services_region'] = "Not_valid_region"
default_region = utils.default_services_region(
FAKE_CATALOG, request=request, ks_endpoint='http://example.com')
self.assertEqual("RegionThree", default_region)
# endpoint and cookie are invalid, so source is "*" key
default_region = utils.default_services_region(
FAKE_CATALOG, request=request, ks_endpoint='not_a_match')
self.assertEqual("RegionFour", default_region)
def create_user_from_token(request, token, endpoint, services_region=None):
# if the region is provided, use that, otherwise use the preferred region
svc_region = services_region or \
utils.default_services_region(token.serviceCatalog, request)
return User(id=token.user['id'],
token=token,
user=token.user['name'],
user_domain_id=token.user_domain_id,
# We need to consider already logged-in users with an old
# version of Token without user_domain_name.
user_domain_name=getattr(token, 'user_domain_name', None),
project_id=token.project['id'],
project_name=token.project['name'],
domain_id=token.domain['id'],
domain_name=token.domain['name'],
enabled=True,
service_catalog=token.serviceCatalog,
roles=token.roles,
endpoint=endpoint,
services_region=svc_region)
def create_user_from_token(request, token, endpoint, services_region=None):
# if the region is provided, use that, otherwise use the preferred region
svc_region = services_region or utils.default_services_region(token.serviceCatalog, request)
return User(
id=token.user["id"],
token=token,
user=token.user["name"],
user_domain_id=token.user_domain_id,
# We need to consider already logged-in users with an old
# version of Token without user_domain_name.
user_domain_name=getattr(token, "user_domain_name", None),
project_id=token.project["id"],
project_name=token.project["name"],
domain_id=token.domain["id"],
domain_name=token.domain["name"],
enabled=True,
service_catalog=token.serviceCatalog,
roles=token.roles,
endpoint=endpoint,
services_region=svc_region,
is_federated=getattr(token, "is_federated", False),
unscoped_token=getattr(token, "unscoped_token", request.session.get("unscoped_token")),
)
def test_default_services_region_fallback(self):
# Test that first region found in catalog is returned
default_region = utils.default_services_region(FAKE_CATALOG)
self.assertEqual("RegionOne", default_region)
