def _validate_and_normalize_auth_data(self, auth_payload): if 'user' not in auth_payload: raise exception.ValidationError(attribute='user', target=self.METHOD_NAME) user_info = auth_payload['user'] user_id = user_info.get('id') user_name = user_info.get('name') domain_ref = {} if not user_id and not user_name: raise exception.ValidationError(attribute='id or name', target='user') try: if user_name: if 'domain' not in user_info: raise exception.ValidationError(attribute='domain', target='user') domain_ref = self._lookup_domain(user_info['domain']) user_ref = PROVIDERS.identity_api.get_user_by_name( user_name, domain_ref['id']) else: user_ref = PROVIDERS.identity_api.get_user(user_id) domain_ref = PROVIDERS.resource_api.get_domain( user_ref['domain_id']) self._assert_domain_is_enabled(domain_ref) except exception.UserNotFound as e: LOG.warning(six.text_type(e)) # We need to special case USER NOT FOUND here for CADF # notifications as the normal path for notification(s) come from # `identity_api.authenticate` and we are a bit before dropping into # that method. audit_reason = reason.Reason(str(e), str(e.code)) audit_initiator = notifications.build_audit_initiator() # build an appropriate audit initiator with relevant information # for the failed request. This will catch invalid user_name and # invalid user_id. if user_name: audit_initiator.user_name = user_name else: audit_initiator.user_id = user_id audit_initiator.domain_id = domain_ref.get('id') audit_initiator.domain_name = domain_ref.get('name') notifications._send_audit_notification( action=_NOTIFY_OP, initiator=audit_initiator, outcome=taxonomy.OUTCOME_FAILURE, target=resource.Resource(typeURI=taxonomy.ACCOUNT_USER), event_type=_NOTIFY_EVENT, reason=audit_reason) raise exception.Unauthorized(e) self._assert_user_is_enabled(user_ref) self.user_ref = user_ref self.user_id = user_ref['id'] self.domain_id = domain_ref['id']
def test_opt_out_authenticate_event(self): """Test that authenticate events are successfully opted out.""" resource_type = EXP_RESOURCE_TYPE action = CREATED_OPERATION + "." + resource_type initiator = mock target = mock outcome = "success" event_type = "identity.authenticate" meter_name = "%s.%s" % (event_type, outcome) conf = self.useFixture(config_fixture.Config(CONF)) conf.config(notification_opt_out=meter_name) with mock.patch.object(notifications._get_notifier(), "_notify") as mocked: notifications._send_audit_notification(action, initiator, outcome, target, event_type) mocked.assert_not_called()
def test_send_audit_notification_with_opt_out(self): """Test the private method _send_audit_notification with opt-out. Test that _send_audit_notification does not notify when a valid notification_opt_out configuration is provided. """ resource_type = EXP_RESOURCE_TYPE action = CREATED_OPERATION + "." + resource_type initiator = mock target = mock outcome = "success" event_type = "identity.%s.created" % resource_type conf = self.useFixture(config_fixture.Config(CONF)) conf.config(notification_opt_out=event_type) with mock.patch.object(notifications._get_notifier(), "_notify") as mocked: notifications._send_audit_notification(action, initiator, outcome, target, event_type) mocked.assert_not_called()