diff options
author | Jamie Lennox <jamielennox@gmail.com> | 2016-09-29 10:47:28 +1000 |
---|---|---|
committer | Steve Martinelli <s.martinelli@gmail.com> | 2016-11-29 21:23:28 +0000 |
commit | 9f5493747a404adc92960785848016a85c5a4acb (patch) | |
tree | 0a970bfb6107c59c1bdb724f8108a5c932df7f4c | |
parent | 0f7b2436155ad3f37284ffc42ae482c93331a59a (diff) | |
download | python-keystoneclient-9f5493747a404adc92960785848016a85c5a4acb.tar.gz |
Pass allow_expired to token validate
Allow passing the allow_expired flag to v3 token validation to support
extended service to service communication.
Implements bp: allow-expired
Change-Id: Ia1763fedc1838ad3c58c7f8f98f00b7eaad55a5c
-rw-r--r-- | keystoneclient/tests/unit/v3/test_tokens.py | 13 | ||||
-rw-r--r-- | keystoneclient/v3/tokens.py | 22 | ||||
-rw-r--r-- | releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml | 5 |
3 files changed, 36 insertions, 4 deletions
diff --git a/keystoneclient/tests/unit/v3/test_tokens.py b/keystoneclient/tests/unit/v3/test_tokens.py index 0208f53..89b65f8 100644 --- a/keystoneclient/tests/unit/v3/test_tokens.py +++ b/keystoneclient/tests/unit/v3/test_tokens.py @@ -145,6 +145,19 @@ class TokenTests(utils.ClientTestCase, testresources.ResourcedTestCase): self.assertQueryStringIs('nocatalog') self.assertFalse(access_info.has_service_catalog()) + def test_validate_token_allow_expired(self): + token_id = uuid.uuid4().hex + token_ref = self.examples.TOKEN_RESPONSES[ + self.examples.v3_UUID_TOKEN_UNSCOPED] + self.stub_url('GET', ['auth', 'tokens'], + headers={'X-Subject-Token': token_id, }, json=token_ref) + + self.client.tokens.validate(token_id) + self.assertQueryStringIs() + + self.client.tokens.validate(token_id, allow_expired=True) + self.assertQueryStringIs('allow_expired=1') + def load_tests(loader, tests, pattern): return testresources.OptimisingTestSuite(tests) diff --git a/keystoneclient/v3/tokens.py b/keystoneclient/v3/tokens.py index 380ab8f..77f6045 100644 --- a/keystoneclient/v3/tokens.py +++ b/keystoneclient/v3/tokens.py @@ -61,37 +61,51 @@ class TokenManager(object): return body @positional.method(1) - def get_token_data(self, token, include_catalog=True): + def get_token_data(self, token, include_catalog=True, allow_expired=False): """Fetch the data about a token from the identity server. :param str token: The ID of the token to be fetched. :param bool include_catalog: Whether the service catalog should be included in the response. + :param allow_expired: If True the token will be validated and returned + if it has already expired. :rtype: dict """ headers = {'X-Subject-Token': token} + flags = [] url = '/auth/tokens' + if not include_catalog: - url += '?nocatalog' + flags.append('nocatalog') + if allow_expired: + flags.append('allow_expired=1') + + if flags: + url = '%s?%s' % (url, '&'.join(flags)) resp, body = self._client.get(url, headers=headers) return body @positional.method(1) - def validate(self, token, include_catalog=True): + def validate(self, token, include_catalog=True, allow_expired=False): """Validate a token. :param token: The token to be validated. :type token: str or :class:`keystoneclient.access.AccessInfo` :param include_catalog: If False, the response is requested to not include the catalog. + :param allow_expired: If True the token will be validated and returned + if it has already expired. + :type allow_expired: bool :rtype: :class:`keystoneclient.access.AccessInfoV3` """ token_id = _calc_id(token) - body = self.get_token_data(token_id, include_catalog=include_catalog) + body = self.get_token_data(token_id, + include_catalog=include_catalog, + allow_expired=allow_expired) return access.AccessInfo.factory(auth_token=token_id, body=body) diff --git a/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml b/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml new file mode 100644 index 0000000..6a3f6ca --- /dev/null +++ b/releasenotes/notes/Add-allow-expired-flag-to-validate-25b8914f4deb359b.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added a ``allow_expired`` argument to ``validate`` and ``get_token_data`` + in `keystoneclient.v3.tokens`. Setting this to ``True``, allos for a token + validation query to fetch expired tokens. |