Merge "Use AccessInfo in UserAuthPlugin instead of custom"

3 files changed, 17 insertions, 181 deletions

diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index aefcf83..28ad2a2 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -582,14 +582,13 @@ class AuthProtocol(BaseAuthProtocol):
                     content_type='application/json')
 
         if request.user_token_valid:
-            user_auth_ref = request.token_auth._user_auth_ref
-            request.set_user_headers(user_auth_ref)
+            request.set_user_headers(request.token_auth.user)
 
             if self._include_service_catalog:
-                request.set_service_catalog_headers(user_auth_ref)
+                request.set_service_catalog_headers(request.token_auth.user)
 
         if request.service_token and request.service_token_valid:
-            request.set_service_headers(request.token_auth._serv_auth_ref)
+            request.set_service_headers(request.token_auth.service)
 
         if self.log.isEnabledFor(logging.DEBUG):
             self.log.debug('Received request from %s',
diff --git a/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware/auth_token/_user_plugin.py
index c513ab9..ccddfc5 100644
--- a/keystonemiddleware/auth_token/_user_plugin.py
+++ b/keystonemiddleware/auth_token/_user_plugin.py
@@ -13,140 +13,11 @@
 from keystoneauth1.identity import base as base_identity
 
 
-class _TokenData(object):
-    """An abstraction to show auth_token consumers some of the token contents.
-
-    This is a simplified and cleaned up keystoneclient.access.AccessInfo object
-    with which services relying on auth_token middleware can find details of
-    the current token.
-    """
-
-    def __init__(self, auth_ref):
-        self._stored_auth_ref = auth_ref
-
-    @property
-    def _is_v2(self):
-        return self._stored_auth_ref.version == 'v2.0'
-
-    @property
-    def auth_token(self):
-        """The token data used to authenticate requests.
-
-        :returns: token data.
-        :rtype: str
-        """
-        return self._stored_auth_ref.auth_token
-
-    @property
-    def user_id(self):
-        """The user id associated with the authentication request.
-
-        :rtype: str
-        """
-        return self._stored_auth_ref.user_id
-
-    @property
-    def user_domain_id(self):
-        """The domain ID of the user associated with the authentication.
-
-        Returns the domain id of the user associated with the authentication
-        request.
-
-        :returns: str
-        """
-        # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id
-        # because it can't know that value. We want to return None instead.
-        if self._is_v2:
-            return None
-
-        return self._stored_auth_ref.user_domain_id
-
-    @property
-    def project_id(self):
-        """The project ID associated with the authentication.
-
-        :rtype: str
-        """
-        return self._stored_auth_ref.project_id
-
-    @property
-    def project_domain_id(self):
-        """The ID of the project associated with the authentication.
-
-        The domain id of the project associated with the authentication
-        request.
-
-        :rtype: str
-        """
-        # NOTE(jamielennox): v2 AccessInfo returns 'default' for domain_id
-        # because it can't know that value. We want to return None instead.
-        if self._is_v2:
-            return None
-
-        return self._stored_auth_ref.project_domain_id
-
-    @property
-    def domain_id(self):
-        """The domain ID the authentication is scoped to.
-
-        :rtype: str
-        """
-        return self._stored_auth_ref.domain_id
-
-    @property
-    def trust_id(self):
-        """Return the trust id associated with the authentication request..
-
-        :rtype: str
-        """
-        return self._stored_auth_ref.trust_id
-
-    @property
-    def trustor_user_id(self):
-        """The trustor id associated with the authentication request.
-
-        :rtype: str
-        """
-        return self._stored_auth_ref.trustor_user_id
-
-    @property
-    def trustee_user_id(self):
-        """The trustee id associated with the authentication request.
-
-        :rtype: str
-        """
-        return self._stored_auth_ref.trustee_user_id
-
-    @property
-    def role_ids(self):
-        """Role ids of the user associated with the authentication request.
-
-        :rtype: set(str)
-        """
-        return frozenset(self._stored_auth_ref.role_ids or [])
-
-    @property
-    def role_names(self):
-        """Role names of the user associated with the authentication request.
-
-        :rtype: set(str)
-        """
-        return frozenset(self._stored_auth_ref.role_names or [])
-
-    @property
-    def is_admin_project(self):
-        """Return true if the current project scope is the admin project.
-
-        :rtype: bool
-        """
-        return self._stored_auth_ref.is_admin_project
-
-    @property
-    def _log_format(self):
-        roles = ','.join(self.role_names)
-        return 'user_id %s, project_id %s, roles %s' % (self.user_id,
-                                                        self.project_id,
-                                                        roles)
+def _log_format(auth_ref):
+    roles = ','.join(auth_ref.role_names)
+    return 'user_id %s, project_id %s, roles %s' % (auth_ref.user_id,
+                                                    auth_ref.project_id,
+                                                    roles)
 
 
 class UserAuthPlugin(base_identity.BaseIdentityPlugin):
@@ -163,67 +34,33 @@ class UserAuthPlugin(base_identity.BaseIdentityPlugin):
     def __init__(self, user_auth_ref, serv_auth_ref):
         super(UserAuthPlugin, self).__init__(reauthenticate=False)
 
-        # NOTE(jamielennox): _user_auth_ref and _serv_auth_ref are private
-        # because this object ends up in the environ that is passed to the
-        # service, however they are used within auth_token middleware.
-        self._user_auth_ref = user_auth_ref
-        self._serv_auth_ref = serv_auth_ref
-
-        self._user_data = None
-        self._serv_data = None
+        self.user = user_auth_ref
+        self.service = serv_auth_ref
 
     @property
     def has_user_token(self):
         """Did this authentication request contained a user auth token."""
-        return self._user_auth_ref is not None
-
-    @property
-    def user(self):
-        """Authentication information about the user token.
-
-        Will return None if a user token was not passed with this request.
-        """
-        if not self.has_user_token:
-            return None
-
-        if not self._user_data:
-            self._user_data = _TokenData(self._user_auth_ref)
-
-        return self._user_data
+        return self.user is not None
 
     @property
     def has_service_token(self):
         """Did this authentication request contained a service token."""
-        return self._serv_auth_ref is not None
-
-    @property
-    def service(self):
-        """Authentication information about the service token.
-
-        Will return None if a user token was not passed with this request.
-        """
-        if not self.has_service_token:
-            return None
-
-        if not self._serv_data:
-            self._serv_data = _TokenData(self._serv_auth_ref)
-
-        return self._serv_data
+        return self.service is not None
 
     def get_auth_ref(self, session, **kwargs):
         # NOTE(jamielennox): We will always use the auth_ref that was
         # calculated by the middleware. reauthenticate=False in __init__ should
         # ensure that this function is only called on the first access.
-        return self._user_auth_ref
+        return self.user
 
     @property
     def _log_format(self):
         msg = []
 
         if self.has_user_token:
-            msg.append('user: %s' % self.user._log_format)
+            msg.append('user: %s' % _log_format(self.user))
 
         if self.has_service_token:
-            msg.append('service: %s' % self.service._log_format)
+            msg.append('service: %s' % _log_format(self.service))
 
         return ' '.join(msg)
diff --git a/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py b/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py
index 10fa4f6..6acfe3f 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py
@@ -109,7 +109,7 @@ class V2UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
         self.requests_mock.post(url, json=self.service_token)
 
     def get_role_names(self, token):
-        return set(x['name'] for x in token['access']['user'].get('roles', []))
+        return [x['name'] for x in token['access']['user'].get('roles', [])]
 
     def get_token(self):
         token = fixture.V2Token()
@@ -174,7 +174,7 @@ class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase):
             json=self.service_token)
 
     def get_role_names(self, token):
-        return set(x['name'] for x in token['token'].get('roles', []))
+        return [x['name'] for x in token['token'].get('roles', [])]
 
     def get_token(self, project=True):
         token_id = uuid.uuid4().hex