diff options
author | Morgan Fainberg <morgan.fainberg@gmail.com> | 2014-09-11 15:28:16 -0700 |
---|---|---|
committer | Morgan Fainberg <morgan.fainberg@gmail.com> | 2014-09-11 15:28:16 -0700 |
commit | a391713b6216ad13a1aa6e1e9fbf947923fed433 (patch) | |
tree | ca7ae991b81921f72f383d586fe9457cf08dd225 | |
parent | 7c2bee76936461043671adc6d100f20775c4212f (diff) | |
download | keystone-a391713b6216ad13a1aa6e1e9fbf947923fed433.tar.gz |
Remove extraenous instantiations of managers
There were cases where a number of the API managers were being
instantiated more than one time. This could cause a number of
odd edge cases where the managers would have different
configurations and/or different dependency injection results.
The managers should now be properly instantiated only once
unless explicitly required (e.g. testing the token provider
manager raises an exception in badly configured states).
Conflicts:
keystone/auth/plugins/token.py
Closes-Bug: #1294994
Change-Id: I1babb065065cb5b06899f59568020a1c38f1156c
(cherry-picked from commit 0a1cb0e20247a3c7856b409452b01ad6db8069f0)
-rw-r--r-- | keystone/auth/plugins/token.py | 12 | ||||
-rw-r--r-- | keystone/tests/test_auth.py | 4 | ||||
-rw-r--r-- | keystone/tests/test_auth_plugin.py | 5 | ||||
-rw-r--r-- | keystone/tests/test_sql_upgrade.py | 9 | ||||
-rw-r--r-- | keystone/tests/test_token_provider.py | 32 | ||||
-rw-r--r-- | keystone/token/providers/common.py | 7 |
6 files changed, 25 insertions, 44 deletions
diff --git a/keystone/auth/plugins/token.py b/keystone/auth/plugins/token.py index 6c39b6c7b..a12f3d741 100644 --- a/keystone/auth/plugins/token.py +++ b/keystone/auth/plugins/token.py @@ -13,32 +13,30 @@ # under the License. from keystone import auth +from keystone.common import dependency from keystone.common import wsgi from keystone import exception from keystone.openstack.common import log from keystone.openstack.common import timeutils -from keystone.token import provider LOG = log.getLogger(__name__) +@dependency.requires('token_provider_api') class Token(auth.AuthMethodHandler): method = 'token' - def __init__(self): - self.provider = provider.Manager() - def authenticate(self, context, auth_payload, user_context): try: if 'id' not in auth_payload: raise exception.ValidationError(attribute='id', target=self.method) token_id = auth_payload['id'] - response = self.provider.validate_token(token_id) - #for V3 tokens, the essential data is under the 'token' value. - #For V2, the comparable data was nested under 'access' + response = self.token_provider_api.validate_token(token_id) + # For V3 tokens, the essential data is under the 'token' value. + # For V2, the comparable data was nested under 'access'. token_ref = response.get('token', response.get('access')) #Do not allow tokens used for delegation to diff --git a/keystone/tests/test_auth.py b/keystone/tests/test_auth.py index 4d9d9daea..4c2459b07 100644 --- a/keystone/tests/test_auth.py +++ b/keystone/tests/test_auth.py @@ -73,9 +73,6 @@ class AuthTest(tests.TestCase): self.load_backends() self.load_fixtures(default_fixtures) - # need to register the token provider first because auth controller - # depends on it - token.provider.Manager() self.context_with_remote_user = {'environment': {'REMOTE_USER': 'FOO', 'AUTH_TYPE': 'Negotiate'}} @@ -645,7 +642,6 @@ class AuthWithTrust(AuthTest): def setUp(self): super(AuthWithTrust, self).setUp() - trust.Manager() self.trust_controller = trust.controllers.TrustV3() self.auth_v3_controller = auth.controllers.Auth() self.trustor = self.user_foo diff --git a/keystone/tests/test_auth_plugin.py b/keystone/tests/test_auth_plugin.py index 98040f73a..698210c82 100644 --- a/keystone/tests/test_auth_plugin.py +++ b/keystone/tests/test_auth_plugin.py @@ -18,7 +18,6 @@ from keystone import auth from keystone.common import config from keystone import exception from keystone import tests -from keystone import token # for testing purposes only @@ -59,10 +58,6 @@ class TestAuthPlugin(tests.SQLDriverOverrides, tests.TestCase): super(TestAuthPlugin, self).setUp() self.load_backends() - # need to register the token provider first because auth controller - # depends on it - token.provider.Manager() - self.api = auth.controllers.Auth() def config_files(self): diff --git a/keystone/tests/test_sql_upgrade.py b/keystone/tests/test_sql_upgrade.py index ddcab070d..bcee7e33f 100644 --- a/keystone/tests/test_sql_upgrade.py +++ b/keystone/tests/test_sql_upgrade.py @@ -43,7 +43,6 @@ from keystone.common.sql import migration_helpers from keystone.common import utils from keystone import config from keystone.contrib import federation -from keystone import credential from keystone import exception from keystone.openstack.common.db import exception as db_exception from keystone.openstack.common.db.sqlalchemy import migration @@ -1406,11 +1405,9 @@ class SqlUpgradeTests(SqlMigrateBase): id=expected_credential_id).one() self.assertEqual(cred.user_id, ec2_credential['user_id']) self.assertEqual(cred.project_id, ec2_credential['tenant_id']) - # test list credential using credential manager. - credential_api = credential.Manager() - self.assertNotEmpty(credential_api. - list_credentials( - user_id=ec2_credential['user_id'])) + credential_list = session.query(cred_table).filter_by( + user_id=ec2_credential['user_id']).all() + self.assertNotEmpty(credential_list) self.downgrade(32) session.commit() self.assertTableExists('ec2_credential') diff --git a/keystone/tests/test_token_provider.py b/keystone/tests/test_token_provider.py index 926c09dd4..a017f985c 100644 --- a/keystone/tests/test_token_provider.py +++ b/keystone/tests/test_token_provider.py @@ -729,22 +729,12 @@ class TestTokenProvider(tests.TestCase): self.config_fixture.config(group='signing', token_format='UUID') self.config_fixture.config(group='token', provider=token.provider.PKI_PROVIDER) - try: - token.provider.Manager() - raise Exception( - 'expecting ValueError on token provider misconfiguration') - except exception.UnexpectedError: - pass + self.assertRaises(exception.UnexpectedError, token.provider.Manager) self.config_fixture.config(group='signing', token_format='PKI') self.config_fixture.config(group='token', provider=token.provider.UUID_PROVIDER) - try: - token.provider.Manager() - raise Exception( - 'expecting ValueError on token provider misconfiguration') - except exception.UnexpectedError: - pass + self.assertRaises(exception.UnexpectedError, token.provider.Manager) # should be OK as token_format and provider aligns self.config_fixture.config(group='signing', token_format='PKI') @@ -828,14 +818,22 @@ class TestTokenProvider(tests.TestCase): None, self.token_provider_api._is_valid_token(create_v3_token())) - def test_uuid_provider_no_oauth_fails_oauth(self): - self.load_fixtures(default_fixtures) + +class TestTokenProviderOAuth1(tests.TestCase): + def setUp(self): + super(TestTokenProviderOAuth1, self).setUp() + self.load_backends() + + def config_overrides(self): + super(TestTokenProviderOAuth1, self).config_overrides() self.config_fixture.config(group='token', provider=token.provider.UUID_PROVIDER) - driver = token.provider.Manager().driver - driver.oauth_api = None + + def test_uuid_provider_no_oauth_fails_oauth(self): + self.load_fixtures(default_fixtures) + self.token_provider_api.driver.oauth_api = None self.assertRaises(exception.Forbidden, - driver.issue_v3_token, + self.token_provider_api.driver.issue_v3_token, self.user_foo['id'], ['oauth1']) diff --git a/keystone/token/providers/common.py b/keystone/token/providers/common.py index 8df228807..10b01aa18 100644 --- a/keystone/token/providers/common.py +++ b/keystone/token/providers/common.py @@ -25,7 +25,6 @@ from keystone import exception from keystone.openstack.common.gettextutils import _ from keystone import token from keystone.token import provider -from keystone import trust from keystone.openstack.common import log @@ -136,8 +135,8 @@ class V2TokenDataHelper(object): class V3TokenDataHelper(object): """Token data helper.""" def __init__(self): - if CONF.trust.enabled: - self.trust_api = trust.Manager() + # Keep __init__ around to ensure dependency injection works. + super(V3TokenDataHelper, self).__init__() def _get_filtered_domain(self, domain_id): domain_ref = self.assignment_api.get_domain(domain_id) @@ -364,8 +363,6 @@ class V3TokenDataHelper(object): class BaseProvider(provider.Provider): def __init__(self, *args, **kwargs): super(BaseProvider, self).__init__(*args, **kwargs) - if CONF.trust.enabled: - self.trust_api = trust.Manager() self.v3_token_data_helper = V3TokenDataHelper() self.v2_token_data_helper = V2TokenDataHelper() |