diff options
| author | Jenkins <jenkins@review.openstack.org> | 2015-08-18 17:09:43 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2015-08-18 17:09:43 +0000 |
| commit | 29bb3be3aa69ae119c65d37cb328c38ecdee8d5e (patch) | |
| tree | e14412b3ac45f7d7dfdbad4ee436f5b4a6985563 /heat | |
| parent | e67abd3ad790c9b4da9f9714c2badd4bd39cb054 (diff) | |
| parent | b36f4da1925f7be9e0eadb057753241450135364 (diff) | |
| download | heat-29bb3be3aa69ae119c65d37cb328c38ecdee8d5e.tar.gz | |
Merge "Revert failing tests and use v3 for ec2 tokens"
Diffstat (limited to 'heat')
| -rw-r--r-- | heat/api/aws/ec2token.py | 19 | ||||
| -rw-r--r-- | heat/tests/api/aws/test_api_ec2token.py | 41 |
2 files changed, 29 insertions, 31 deletions
diff --git a/heat/api/aws/ec2token.py b/heat/api/aws/ec2token.py index ace6b00dc..79562cb14 100644 --- a/heat/api/aws/ec2token.py +++ b/heat/api/aws/ec2token.py @@ -77,7 +77,7 @@ class EC2Token(wsgi.Middleware): def _conf_get_auth_uri(self): auth_uri = self._conf_get('auth_uri') if auth_uri: - return auth_uri + return auth_uri.replace('v2.0', 'v3') else: # First we check the [clients_keystone] section, and if it is not # set we look in [keystone_authtoken] @@ -89,7 +89,9 @@ class EC2Token(wsgi.Middleware): # Import auth_token to have keystone_authtoken settings setup. # We can use the auth_uri from the keystone_authtoken section importutils.import_module('keystonemiddleware.auth_token') - return cfg.CONF.keystone_authtoken['auth_uri'] + auth_uri = cfg.CONF.keystone_authtoken['auth_uri'] + if auth_uri: + return auth_uri.replace('v2.0', 'v3') @staticmethod def _conf_get_keystone_ec2_uri(auth_uri): @@ -226,10 +228,11 @@ class EC2Token(wsgi.Middleware): cert=self.ssl_options['cert']) result = response.json() try: - token_id = result['access']['token']['id'] - tenant = result['access']['token']['tenant']['name'] - tenant_id = result['access']['token']['tenant']['id'] - LOG.info(_LI("AWS authentication successful.")) + token_id = response.headers['X-Subject-Token'] + tenant = result['token']['project']['name'] + tenant_id = result['token']['project']['id'] + roles = [role['name'] + for role in result['token'].get('roles', [])] except (AttributeError, KeyError): LOG.info(_LI("AWS authentication failure.")) # Try to extract the reason for failure so we can return the @@ -245,6 +248,8 @@ class EC2Token(wsgi.Middleware): raise exception.HeatSignatureError() else: raise exception.HeatAccessDeniedError() + else: + LOG.info(_LI("AWS authentication successful.")) # Authenticated! ec2_creds = {'ec2Credentials': {'access': access, @@ -255,8 +260,6 @@ class EC2Token(wsgi.Middleware): req.headers['X-Tenant-Id'] = tenant_id req.headers['X-Auth-URL'] = auth_uri - metadata = result['access'].get('metadata', {}) - roles = metadata.get('roles', []) req.headers['X-Roles'] = ','.join(roles) return self.application diff --git a/heat/tests/api/aws/test_api_ec2token.py b/heat/tests/api/aws/test_api_ec2token.py index 9a5d0f7cf..ffcda3d3d 100644 --- a/heat/tests/api/aws/test_api_ec2token.py +++ b/heat/tests/api/aws/test_api_ec2token.py @@ -228,7 +228,7 @@ class Ec2TokenTest(common.HeatTestCase): self.assertEqual('xyz', ec2.__call__(dummy_req)) def _stub_http_connection(self, headers=None, params=None, response=None, - req_url='http://123:5000/v2.0/ec2tokens', + req_url='http://123:5000/v3/ec2tokens', verify=True, cert=None): headers = headers or {} @@ -236,6 +236,7 @@ class Ec2TokenTest(common.HeatTestCase): class DummyHTTPResponse(object): text = response + headers = {'X-Subject-Token': 123} def json(self): return json.loads(self.text) @@ -268,9 +269,8 @@ class Ec2TokenTest(common.HeatTestCase): 'HTTP_AUTHORIZATION': auth_str} dummy_req = self._dummy_GET_request(environ=req_env) - ok_resp = json.dumps({'access': {'token': { - 'id': 123, - 'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}}) + ok_resp = json.dumps({'token': { + 'project': {'name': 'tenant', 'id': 'abcd1234'}}}) self._stub_http_connection(headers={'Authorization': auth_str}, response=ok_resp) self.m.ReplayAll() @@ -293,12 +293,12 @@ class Ec2TokenTest(common.HeatTestCase): 'HTTP_AUTHORIZATION': auth_str} dummy_req = self._dummy_GET_request(environ=req_env) - ok_resp = json.dumps({'access': { + ok_resp = json.dumps({ 'token': { 'id': 123, - 'tenant': {'name': 'tenant', 'id': 'abcd1234'} - }, - 'metadata': {'roles': ['aa', 'bb', 'cc']}}}) + 'project': {'name': 'tenant', 'id': 'abcd1234'}, + 'roles': [{'name': 'aa'}, {'name': 'bb'}, {'name': 'cc'}]} + }) self._stub_http_connection(headers={'Authorization': auth_str}, response=ok_resp) self.m.ReplayAll() @@ -384,9 +384,8 @@ class Ec2TokenTest(common.HeatTestCase): 'PATH_INFO': '/v1'} dummy_req = self._dummy_GET_request(params, req_env) - ok_resp = json.dumps({'access': {'metadata': {}, 'token': { - 'id': 123, - 'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}}) + ok_resp = json.dumps({'token': { + 'project': {'name': 'tenant', 'id': 'abcd1234'}}}) self._stub_http_connection(response=ok_resp, params={'AWSAccessKeyId': 'foo'}) self.m.ReplayAll() @@ -407,9 +406,8 @@ class Ec2TokenTest(common.HeatTestCase): 'PATH_INFO': '/v1'} dummy_req = self._dummy_GET_request(params, req_env) - ok_resp = json.dumps({'access': {'metadata': {}, 'token': { - 'id': 123, - 'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}}) + ok_resp = json.dumps({'token': { + 'project': {'name': 'tenant', 'id': 'abcd1234'}}}) err_msg = "EC2 access key not found." err_resp = json.dumps({'error': {'message': err_msg}}) @@ -511,9 +509,8 @@ class Ec2TokenTest(common.HeatTestCase): 'PATH_INFO': '/v1'} dummy_req = self._dummy_GET_request(params, req_env) - ok_resp = json.dumps({'access': {'metadata': {}, 'token': { - 'id': 123, - 'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}}) + ok_resp = json.dumps({'token': { + 'project': {'name': 'tenant', 'id': 'abcd1234'}}}) self._stub_http_connection(response=ok_resp, params={'AWSAccessKeyId': 'foo'}) self.m.ReplayAll() @@ -533,9 +530,8 @@ class Ec2TokenTest(common.HeatTestCase): 'PATH_INFO': '/v1'} dummy_req = self._dummy_GET_request(params, req_env) - ok_resp = json.dumps({'access': {'metadata': {}, 'token': { - 'id': 123, - 'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}}) + ok_resp = json.dumps({'token': { + 'project': {'name': 'tenant', 'id': 'abcd1234'}}}) self._stub_http_connection(response=ok_resp, params={'AWSAccessKeyId': 'foo'}) self.m.ReplayAll() @@ -556,9 +552,8 @@ class Ec2TokenTest(common.HeatTestCase): 'PATH_INFO': '/v1'} dummy_req = self._dummy_GET_request(params, req_env) - ok_resp = json.dumps({'access': {'metadata': {}, 'token': { - 'id': 123, - 'tenant': {'name': 'tenant', 'id': 'abcd1234'}}}}) + ok_resp = json.dumps({'token': { + 'project': {'name': 'tenant', 'id': 'abcd1234'}}}) self._stub_http_connection(response=ok_resp, params={'AWSAccessKeyId': 'foo'}) self.m.ReplayAll() |