def assertValidProjectTrustScopedTokenResponse(self, r, *args, **kwargs):
token = self.assertValidProjectScopedTokenResponse(r, *args, **kwargs)
trust = token.get('OS-TRUST:trust')
self.assertIsNotNone(trust)
self.assertIsNotNone(trust.get('id'))
self.assertTrue(isinstance(trust.get('impersonation'), bool))
self.assertIsNotNone(trust.get('trustor_user'))
self.assertIsNotNone(trust.get('trustee_user'))
self.assertIsNotNone(trust['trustor_user'].get('id'))
self.assertIsNotNone(trust['trustee_user'].get('id'))
def assertValidProjectTrustScopedTokenResponse(self, r, *args, **kwargs):
token = self.assertValidProjectScopedTokenResponse(r, *args, **kwargs)
trust = token.get('OS-TRUST:trust')
self.assertIsNotNone(trust)
self.assertIsNotNone(trust.get('id'))
self.assertTrue(isinstance(trust.get('impersonation'), bool))
self.assertIsNotNone(trust.get('trustor_user'))
self.assertIsNotNone(trust.get('trustee_user'))
self.assertIsNotNone(trust['trustor_user'].get('id'))
self.assertIsNotNone(trust['trustee_user'].get('id'))
def get_token(self, token_id):
token_key = keys.token(token_id)
value = self.readonly.get(token_key)
if value:
token = jsonutils.loads(value)
if token.get('expires', None) is not None:
token['expires'] = dateutil.parser.parse(token['expires'])
if token['expires'] > timeutils.utcnow():
return token
else:
return token
raise exception.TokenNotFound(token_id=token_id)
def _consumer_matches(self, consumer_id, token_ref_dict):
if consumer_id is None:
return True
else:
if 'token_data' in token_ref_dict:
token_data = token_ref_dict.get('token_data')
if 'token' in token_data:
token = token_data.get('token')
oauth = token.get('OS-OAUTH1')
if oauth and oauth.get('consumer_id') == consumer_id:
return True
return False
def _consumer_matches(self, consumer_id, token_ref_dict):
if consumer_id is None:
return True
else:
if 'token_data' in token_ref_dict:
token_data = token_ref_dict.get('token_data')
if 'token' in token_data:
token = token_data.get('token')
oauth = token.get('OS-OAUTH1')
if oauth and oauth.get('consumer_id') == consumer_id:
return True
return False
def assertValidTokenResponse(self, r, user=None):
self.assertTrue(r.headers.get('X-Subject-Token'))
token = r.result['token']
self.assertIsNotNone(token.get('expires_at'))
expires_at = self.assertValidISO8601ExtendedFormatDatetime(
token['expires_at'])
self.assertIsNotNone(token.get('issued_at'))
issued_at = self.assertValidISO8601ExtendedFormatDatetime(
token['issued_at'])
self.assertTrue(issued_at < expires_at)
self.assertIn('user', token)
self.assertIn('id', token['user'])
self.assertIn('name', token['user'])
self.assertIn('domain', token['user'])
self.assertIn('id', token['user']['domain'])
if user is not None:
self.assertEqual(user['id'], token['user']['id'])
self.assertEqual(user['name'], token['user']['name'])
self.assertEqual(user['domain_id'], token['user']['domain']['id'])
return token
def assertValidTokenResponse(self, r, user=None):
self.assertTrue(r.headers.get('X-Subject-Token'))
token = r.result['token']
self.assertIsNotNone(token.get('expires_at'))
expires_at = self.assertValidISO8601ExtendedFormatDatetime(
token['expires_at'])
self.assertIsNotNone(token.get('issued_at'))
issued_at = self.assertValidISO8601ExtendedFormatDatetime(
token['issued_at'])
self.assertTrue(issued_at < expires_at)
self.assertIn('user', token)
self.assertIn('id', token['user'])
self.assertIn('name', token['user'])
self.assertIn('domain', token['user'])
self.assertIn('id', token['user']['domain'])
if user is not None:
self.assertEqual(user['id'], token['user']['id'])
self.assertEqual(user['name'], token['user']['name'])
self.assertEqual(user['domain_id'], token['user']['domain']['id'])
return token
def revoke_token(self, token_id):
token = self.token_api.get_token(token_id)
if self.revoke_api:
version = self.get_token_version(token)
if version == provider.V3:
user_id = token['user']['id']
expires_at = token['expires']
token_data = token['token_data']['token']
project_id = token_data.get('project', {}).get('id')
domain_id = token_data.get('domain', {}).get('id')
elif version == provider.V2:
user_id = token['user_id']
expires_at = token['expires']
project_id = (token.get('tenant') or {}).get('id')
domain_id = None # A V2 token can't be scoped to a domain.
self.revoke_api.revoke_by_expiration(user_id, expires_at,
project_id=project_id,
domain_id=domain_id)
if CONF.token.revoke_by_id:
self.token_api.delete_token(token_id=token_id)
def revoke_token(self, token_id):
token = self.token_api.get_token(token_id)
if self.revoke_api:
version = self.get_token_version(token)
if version == provider.V3:
user_id = token['user']['id']
expires_at = token['expires']
token_data = token['token_data']['token']
project_id = token_data.get('project', {}).get('id')
domain_id = token_data.get('domain', {}).get('id')
elif version == provider.V2:
user_id = token['user_id']
expires_at = token['expires']
project_id = (token.get('tenant') or {}).get('id')
domain_id = None # A V2 token can't be scoped to a domain.
self.revoke_api.revoke_by_expiration(user_id,
expires_at,
project_id=project_id,
domain_id=domain_id)
if CONF.token.revoke_by_id:
self.token_api.delete_token(token_id=token_id)
