def _lookup_project(self, project_info):
project_id = project_info.get('id')
project_name = project_info.get('name')
try:
if project_name:
if (CONF.resource.project_name_url_safe == 'strict'
and utils.is_not_url_safe(project_name)):
msg = _('Project name cannot contain reserved characters.')
LOG.warning(msg)
raise exception.Unauthorized(message=msg)
if 'domain' not in project_info:
raise exception.ValidationError(attribute='domain',
target='project')
domain_ref = self._lookup_domain(project_info['domain'])
project_ref = PROVIDERS.resource_api.get_project_by_name(
project_name, domain_ref['id'])
else:
project_ref = PROVIDERS.resource_api.get_project(project_id)
# NOTE(morganfainberg): The _lookup_domain method will raise
# exception.Unauthorized if the domain isn't found or is
# disabled.
self._lookup_domain({'id': project_ref['domain_id']})
except exception.ProjectNotFound as e:
LOG.warning(six.text_type(e))
raise exception.Unauthorized(e)
self._assert_project_is_enabled(project_ref)
return project_ref
def _get_project_id_from_auth(self, auth):
"""Extract tenant information from auth dict.
Returns a valid tenant_id if it exists, or None if not specified.
"""
tenant_id = auth.get('tenantId')
if tenant_id and len(tenant_id) > CONF.max_param_size:
raise exception.ValidationSizeError(attribute='tenantId',
size=CONF.max_param_size)
tenant_name = auth.get('tenantName')
if tenant_name and len(tenant_name) > CONF.max_param_size:
raise exception.ValidationSizeError(attribute='tenantName',
size=CONF.max_param_size)
if tenant_name:
if (CONF.resource.project_name_url_safe == 'strict' and
utils.is_not_url_safe(tenant_name)):
msg = _('Tenant name cannot contain reserved characters.')
raise exception.Unauthorized(message=msg)
try:
tenant_ref = self.resource_api.get_project_by_name(
tenant_name, CONF.identity.default_domain_id)
tenant_id = tenant_ref['id']
except exception.ProjectNotFound as e:
raise exception.Unauthorized(e)
return tenant_id
def _get_project_id_from_auth(self, auth):
"""Extract tenant information from auth dict.
Returns a valid tenant_id if it exists, or None if not specified.
"""
tenant_id = auth.get('tenantId')
if tenant_id and len(tenant_id) > CONF.max_param_size:
raise exception.ValidationSizeError(attribute='tenantId',
size=CONF.max_param_size)
tenant_name = auth.get('tenantName')
if tenant_name and len(tenant_name) > CONF.max_param_size:
raise exception.ValidationSizeError(attribute='tenantName',
size=CONF.max_param_size)
if tenant_name:
if (CONF.resource.project_name_url_safe == 'strict'
and utils.is_not_url_safe(tenant_name)):
msg = _('Tenant name cannot contain reserved characters.')
raise exception.Unauthorized(message=msg)
try:
tenant_ref = self.resource_api.get_project_by_name(
tenant_name, CONF.identity.default_domain_id)
tenant_id = tenant_ref['id']
except exception.ProjectNotFound as e:
raise exception.Unauthorized(e)
return tenant_id
def _lookup_project(self, project_info):
project_id = project_info.get('id')
project_name = project_info.get('name')
try:
if project_name:
if (CONF.resource.project_name_url_safe == 'strict' and
utils.is_not_url_safe(project_name)):
msg = _('Project name cannot contain reserved characters.')
LOG.warning(msg)
raise exception.Unauthorized(message=msg)
if 'domain' not in project_info:
raise exception.ValidationError(attribute='domain',
target='project')
domain_ref = self._lookup_domain(project_info['domain'])
project_ref = self.resource_api.get_project_by_name(
project_name, domain_ref['id'])
else:
project_ref = self.resource_api.get_project(project_id)
# NOTE(morganfainberg): The _lookup_domain method will raise
# exception.Unauthorized if the domain isn't found or is
# disabled.
self._lookup_domain({'id': project_ref['domain_id']})
except exception.ProjectNotFound as e:
LOG.warning(six.text_type(e))
raise exception.Unauthorized(e)
self._assert_project_is_enabled(project_ref)
return project_ref
def _get_project_id_from_auth(self, auth):
"""Extract and normalize project information from auth dict.
:param auth: Dictionary representing the authentication request.
:returns: A string representing the project in the authentication
request. If project scope isn't present in the request None
is returned.
"""
project_id = auth.get('tenantId')
project_name = auth.get('tenantName')
if project_id:
if len(project_id) > CONF.max_param_size:
raise exception.ValidationSizeError(
attribute='tenantId', size=CONF.max_param_size
)
elif project_name:
if len(project_name) > CONF.max_param_size:
raise exception.ValidationSizeError(
attribute='tenantName', size=CONF.max_param_size
)
if (CONF.resource.project_name_url_safe == 'strict' and
utils.is_not_url_safe(project_name)):
msg = _('Tenant name cannot contain reserved characters.')
raise exception.Unauthorized(message=msg)
try:
project_id = self.resource_api.get_project_by_name(
project_name, CONF.identity.default_domain_id
)['id']
except exception.ProjectNotFound as e:
raise exception.Unauthorized(e)
else:
project_id = None
return project_id
def _get_project_id_from_auth(self, auth):
"""Extract and normalize project information from auth dict.
:param auth: Dictionary representing the authentication request.
:returns: A string representing the project in the authentication
request. If project scope isn't present in the request None
is returned.
"""
project_id = auth.get('tenantId')
project_name = auth.get('tenantName')
if project_id:
if len(project_id) > CONF.max_param_size:
raise exception.ValidationSizeError(
attribute='tenantId', size=CONF.max_param_size
)
elif project_name:
if len(project_name) > CONF.max_param_size:
raise exception.ValidationSizeError(
attribute='tenantName', size=CONF.max_param_size
)
if (CONF.resource.project_name_url_safe == 'strict' and
utils.is_not_url_safe(project_name)):
msg = _('Tenant name cannot contain reserved characters.')
raise exception.Unauthorized(message=msg)
try:
project_id = self.resource_api.get_project_by_name(
project_name, CONF.identity.default_domain_id
)['id']
except exception.ProjectNotFound as e:
raise exception.Unauthorized(e)
else:
project_id = None
return project_id
def _lookup_domain(self, domain_info):
if isinstance(domain_info, dict) is False:
raise exception.ValidationError(attribute='dict',
target='domain')
domain_id = domain_info.get('id')
domain_name = domain_info.get('name')
domain_ref = None
if not domain_id and not domain_name:
raise exception.ValidationError(attribute='id or name',
target='domain')
try:
if domain_name:
if (CONF.resource.domain_name_url_safe == 'strict' and
utils.is_not_url_safe(domain_name)):
msg = _('Domain name cannot contain reserved characters.')
raise exception.Unauthorized(message=msg)
domain_ref = self.resource_api.get_domain_by_name(
domain_name)
else:
domain_ref = self.resource_api.get_domain(domain_id)
except exception.DomainNotFound as e:
LOG.exception(six.text_type(e))
raise exception.Unauthorized(e)
self._assert_domain_is_enabled(domain_ref)
return domain_ref
def _lookup_domain(self, domain_info):
if isinstance(domain_info, dict) is False:
raise exception.ValidationError(attribute='dict',
target='domain')
domain_id = domain_info.get('id')
domain_name = domain_info.get('name')
domain_ref = None
if not domain_id and not domain_name:
raise exception.ValidationError(attribute='id or name',
target='domain')
try:
if domain_name:
if (CONF.resource.domain_name_url_safe == 'strict' and
utils.is_not_url_safe(domain_name)):
msg = _('Domain name cannot contain reserved characters.')
raise exception.Unauthorized(message=msg)
domain_ref = self.resource_api.get_domain_by_name(
domain_name)
else:
domain_ref = self.resource_api.get_domain(domain_id)
except exception.DomainNotFound as e:
LOG.warning(six.text_type(e))
raise exception.Unauthorized(e)
self._assert_domain_is_enabled(domain_ref)
return domain_ref
def _lookup_domain(self, domain_info):
domain_id = domain_info.get('id')
domain_name = domain_info.get('name')
try:
if domain_name:
if (CONF.resource.domain_name_url_safe == 'strict'
and utils.is_not_url_safe(domain_name)):
msg = _('Domain name cannot contain reserved characters.')
LOG.warning(msg)
raise exception.Unauthorized(message=msg)
domain_ref = self.resource_api.get_domain_by_name(domain_name)
else:
domain_ref = self.resource_api.get_domain(domain_id)
except exception.DomainNotFound as e:
LOG.warning(six.text_type(e))
raise exception.Unauthorized(e)
self._assert_domain_is_enabled(domain_ref)
return domain_ref
def _lookup_domain(self, domain_info):
domain_id = domain_info.get('id')
domain_name = domain_info.get('name')
try:
if domain_name:
if (CONF.resource.domain_name_url_safe == 'strict' and
utils.is_not_url_safe(domain_name)):
msg = _('Domain name cannot contain reserved characters.')
LOG.warning(msg)
raise exception.Unauthorized(message=msg)
domain_ref = self.resource_api.get_domain_by_name(
domain_name)
else:
domain_ref = self.resource_api.get_domain(domain_id)
except exception.DomainNotFound as e:
LOG.warning(six.text_type(e))
raise exception.Unauthorized(e)
self._assert_domain_is_enabled(domain_ref)
return domain_ref
def test_url_safe_with_unicode_check(self):
base_str = u'i am \xe7afe'
self.assertFalse(common_utils.is_not_url_safe(base_str))
for i in common_utils.URL_RESERVED_CHARS:
self.assertTrue(common_utils.is_not_url_safe(base_str + i))
def test_url_safe_with_unicode_check(self):
base_str = u'i am \xe7afe'
self.assertFalse(common_utils.is_not_url_safe(base_str))
for i in common_utils.URL_RESERVED_CHARS:
self.assertTrue(common_utils.is_not_url_safe(base_str + i))