diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2014-10-30 15:12:05 +0100 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2015-01-23 10:41:07 +1000 |
commit | 496a0efc43c40fb030b62f3ed632ee50659a9b41 (patch) | |
tree | 1d2fce86dc5fbb5fc3b36c9ce643be2f332a752b | |
parent | eaab62aca5f570bd119b4c602db7845a017c958e (diff) | |
download | python-keystoneclient-496a0efc43c40fb030b62f3ed632ee50659a9b41.tar.gz |
Surface the user_id and project_id beyond the plugin
Having the user_id and project_id exposed in the plugin is a good first
step however we don't really expect the user to be interacting with the
plugins directly often - particularly as you need to pass session to the
methods.
Exposing get_user_id and get_project_id on the session and the adapter
in this way is very similar to the way we expose get_token and
get_endpoint on the session and adapter for use higher up.
Related-Bug: #1364724
Change-Id: If2f868c3ddc19133f18446e74f8e1b560a4798fa
-rw-r--r-- | keystoneclient/adapter.py | 34 | ||||
-rw-r--r-- | keystoneclient/session.py | 65 | ||||
-rw-r--r-- | keystoneclient/tests/test_session.py | 23 |
3 files changed, 103 insertions, 19 deletions
diff --git a/keystoneclient/adapter.py b/keystoneclient/adapter.py index ea0d342..e14ce7d 100644 --- a/keystoneclient/adapter.py +++ b/keystoneclient/adapter.py @@ -126,6 +126,40 @@ class Adapter(object): """Invalidate an authentication plugin.""" return self.session.invalidate(auth or self.auth) + def get_user_id(self, auth=None): + """Return the authenticated user_id as provided by the auth plugin. + + :param auth: The auth plugin to use for token. Overrides the plugin + on the session. (optional) + :type auth: keystoneclient.auth.base.BaseAuthPlugin + + :raises keystoneclient.exceptions.AuthorizationFailure: + if a new token fetch fails. + :raises keystoneclient.exceptions.MissingAuthPlugin: + if a plugin is not available. + + :returns: Current `user_id` or None if not supported by plugin. + :rtype: string + """ + return self.session.get_user_id(auth or self.auth) + + def get_project_id(self, auth=None): + """Return the authenticated project_id as provided by the auth plugin. + + :param auth: The auth plugin to use for token. Overrides the plugin + on the session. (optional) + :type auth: keystoneclient.auth.base.BaseAuthPlugin + + :raises keystoneclient.exceptions.AuthorizationFailure: + if a new token fetch fails. + :raises keystoneclient.exceptions.MissingAuthPlugin: + if a plugin is not available. + + :returns: Current `project_id` or None if not supported by plugin. + :rtype: string + """ + return self.session.get_project_id(auth or self.auth) + def get(self, url, **kwargs): return self.request(url, 'GET', **kwargs) diff --git a/keystoneclient/session.py b/keystoneclient/session.py index 1f606e4..0c3edbb 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -549,6 +549,16 @@ class Session(object): return cls(verify=verify, cert=cert, **kwargs) + def _auth_required(self, auth, msg): + if not auth: + auth = self.auth + + if not auth: + msg_fmt = _('An auth plugin is required to %s') + raise exceptions.MissingAuthPlugin(msg_fmt % msg) + + return auth + def get_token(self, auth=None): """Return a token as provided by the auth plugin. @@ -564,11 +574,7 @@ class Session(object): :returns: A valid token. :rtype: string """ - if not auth: - auth = self.auth - - if not auth: - raise exceptions.MissingAuthPlugin(_("Token Required")) + auth = self._auth_required(auth, 'fetch a token') try: return auth.get_token(self) @@ -589,14 +595,7 @@ class Session(object): :returns: An endpoint if available or None. :rtype: string """ - if not auth: - auth = self.auth - - if not auth: - raise exceptions.MissingAuthPlugin( - _('An auth plugin is required to determine the endpoint ' - 'URL.')) - + auth = self._auth_required(auth, 'determine endpoint URL') return auth.get_endpoint(self, **kwargs) def invalidate(self, auth=None): @@ -607,14 +606,42 @@ class Session(object): :type auth: :py:class:`keystoneclient.auth.base.BaseAuthPlugin` """ - if not auth: - auth = self.auth + auth = self._auth_required(auth, 'validate') + return auth.invalidate() - if not auth: - msg = _('Auth plugin not available to invalidate') - raise exceptions.MissingAuthPlugin(msg) + def get_user_id(self, auth=None): + """Return the authenticated user_id as provided by the auth plugin. - return auth.invalidate() + :param auth: The auth plugin to use for token. Overrides the plugin + on the session. (optional) + :type auth: keystoneclient.auth.base.BaseAuthPlugin + + :raises keystoneclient.exceptions.AuthorizationFailure: + if a new token fetch fails. + :raises keystoneclient.exceptions.MissingAuthPlugin: + if a plugin is not available. + + :returns string: Current user_id or None if not supported by plugin. + """ + auth = self._auth_required(auth, 'get user_id') + return auth.get_user_id(self) + + def get_project_id(self, auth=None): + """Return the authenticated project_id as provided by the auth plugin. + + :param auth: The auth plugin to use for token. Overrides the plugin + on the session. (optional) + :type auth: keystoneclient.auth.base.BaseAuthPlugin + + :raises keystoneclient.exceptions.AuthorizationFailure: + if a new token fetch fails. + :raises keystoneclient.exceptions.MissingAuthPlugin: + if a plugin is not available. + + :returns string: Current project_id or None if not supported by plugin. + """ + auth = self._auth_required(auth, 'get project_id') + return auth.get_project_id(self) @utils.positional.classmethod() def get_conf_options(cls, deprecated_opts=None): diff --git a/keystoneclient/tests/test_session.py b/keystoneclient/tests/test_session.py index 3cd7ae5..33dda08 100644 --- a/keystoneclient/tests/test_session.py +++ b/keystoneclient/tests/test_session.py @@ -321,6 +321,8 @@ class AuthPlugin(base.BaseAuthPlugin): """ TEST_TOKEN = 'aToken' + TEST_USER_ID = 'aUser' + TEST_PROJECT_ID = 'aProject' SERVICE_URLS = { 'identity': {'public': 'http://identity-public:1111/v2.0', @@ -348,6 +350,12 @@ class AuthPlugin(base.BaseAuthPlugin): def invalidate(self): return self._invalidate + def get_user_id(self, session): + return self.TEST_USER_ID + + def get_project_id(self, session): + return self.TEST_PROJECT_ID + class CalledAuthPlugin(base.BaseAuthPlugin): @@ -582,6 +590,13 @@ class SessionAuthTests(utils.TestCase): self.assertTrue(auth.get_token_called) self.assertFalse(auth.get_endpoint_called) + def test_user_and_project_id(self): + auth = AuthPlugin() + sess = client_session.Session(auth=auth) + + self.assertEqual(auth.TEST_USER_ID, sess.get_user_id()) + self.assertEqual(auth.TEST_PROJECT_ID, sess.get_project_id()) + class AdapterTest(utils.TestCase): @@ -737,6 +752,14 @@ class AdapterTest(utils.TestCase): self.assertThat(self.requests.request_history, matchers.HasLength(retries + 1)) + def test_user_and_project_id(self): + auth = AuthPlugin() + sess = client_session.Session() + adpt = adapter.Adapter(sess, auth=auth) + + self.assertEqual(auth.TEST_USER_ID, adpt.get_user_id()) + self.assertEqual(auth.TEST_PROJECT_ID, adpt.get_project_id()) + class ConfLoadingTests(utils.TestCase): |