def assertValidProjectTrustScopedTokenResponse(self, r, *args, **kwargs): token = self.assertValidProjectScopedTokenResponse(r, *args, **kwargs) trust = token.get('OS-TRUST:trust') self.assertIsNotNone(trust) self.assertIsNotNone(trust.get('id')) self.assertTrue(isinstance(trust.get('impersonation'), bool)) self.assertIsNotNone(trust.get('trustor_user')) self.assertIsNotNone(trust.get('trustee_user')) self.assertIsNotNone(trust['trustor_user'].get('id')) self.assertIsNotNone(trust['trustee_user'].get('id'))
def get_token(self, token_id): token_key = keys.token(token_id) value = self.readonly.get(token_key) if value: token = jsonutils.loads(value) if token.get('expires', None) is not None: token['expires'] = dateutil.parser.parse(token['expires']) if token['expires'] > timeutils.utcnow(): return token else: return token raise exception.TokenNotFound(token_id=token_id)
def _consumer_matches(self, consumer_id, token_ref_dict): if consumer_id is None: return True else: if 'token_data' in token_ref_dict: token_data = token_ref_dict.get('token_data') if 'token' in token_data: token = token_data.get('token') oauth = token.get('OS-OAUTH1') if oauth and oauth.get('consumer_id') == consumer_id: return True return False
def assertValidTokenResponse(self, r, user=None): self.assertTrue(r.headers.get('X-Subject-Token')) token = r.result['token'] self.assertIsNotNone(token.get('expires_at')) expires_at = self.assertValidISO8601ExtendedFormatDatetime( token['expires_at']) self.assertIsNotNone(token.get('issued_at')) issued_at = self.assertValidISO8601ExtendedFormatDatetime( token['issued_at']) self.assertTrue(issued_at < expires_at) self.assertIn('user', token) self.assertIn('id', token['user']) self.assertIn('name', token['user']) self.assertIn('domain', token['user']) self.assertIn('id', token['user']['domain']) if user is not None: self.assertEqual(user['id'], token['user']['id']) self.assertEqual(user['name'], token['user']['name']) self.assertEqual(user['domain_id'], token['user']['domain']['id']) return token
def revoke_token(self, token_id): token = self.token_api.get_token(token_id) if self.revoke_api: version = self.get_token_version(token) if version == provider.V3: user_id = token['user']['id'] expires_at = token['expires'] token_data = token['token_data']['token'] project_id = token_data.get('project', {}).get('id') domain_id = token_data.get('domain', {}).get('id') elif version == provider.V2: user_id = token['user_id'] expires_at = token['expires'] project_id = (token.get('tenant') or {}).get('id') domain_id = None # A V2 token can't be scoped to a domain. self.revoke_api.revoke_by_expiration(user_id, expires_at, project_id=project_id, domain_id=domain_id) if CONF.token.revoke_by_id: self.token_api.delete_token(token_id=token_id)