From 08eafcbb34336a490635e008bd71dfd07d0de1c9 Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Fri, 13 Nov 2015 16:06:16 +1100 Subject: [PATCH] Add domain and trust details to user plugin Expose the domain scope and trust scope details through the user plugin. These should be exposed for use by services, and hopefully to determine policy on. Change-Id: Ic4fcea0c36cfd21603a375be1bea2a05eef82045 --- keystonemiddleware/auth_token/_user_plugin.py | 24 ++++++++++++++ .../unit/auth_token/test_user_auth_plugin.py | 31 +++++++++++++++++-- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/keystonemiddleware/auth_token/_user_plugin.py b/keystonemiddleware/auth_token/_user_plugin.py index 93075c5c..2ef2b9d4 100644 --- a/keystonemiddleware/auth_token/_user_plugin.py +++ b/keystonemiddleware/auth_token/_user_plugin.py @@ -81,6 +81,14 @@ class _TokenData(object): return self._stored_auth_ref.project_domain_id + @property + def domain_id(self): + """The domain ID the authentication is scoped to. + + :rtype: str + """ + return self._stored_auth_ref.domain_id + @property def trust_id(self): """Returns the trust id associated with the authentication request.. @@ -89,6 +97,22 @@ class _TokenData(object): """ return self._stored_auth_ref.trust_id + @property + def trustor_user_id(self): + """The trustor id associated with the authentication request. + + :rtype: str + """ + return self._stored_auth_ref.trustor_user_id + + @property + def trustee_user_id(self): + """The trustee id associated with the authentication request. + + :rtype: str + """ + return self._stored_auth_ref.trustee_user_id + @property def role_ids(self): """Role ids of the user associated with the authentication request. diff --git a/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py b/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py index 648933f4..6bb22367 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py +++ b/keystonemiddleware/tests/unit/auth_token/test_user_auth_plugin.py @@ -133,6 +133,15 @@ class V2UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase): self.assertIsNone(token_data.user_domain_id) self.assertIsNone(token_data.project_domain_id) + def test_trust_scope(self): + token_id, token = self.get_token() + token.set_trust() + + plugin = self.get_plugin(token_id) + self.assertEqual(token.trust_id, plugin.user.trust_id) + self.assertEqual(token.trustee_user_id, plugin.user.trustee_user_id) + self.assertIsNone(plugin.user.trustor_user_id) + class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase): @@ -166,10 +175,11 @@ class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase): def get_role_names(self, token): return set(x['name'] for x in token['token'].get('roles', [])) - def get_token(self): + def get_token(self, project=True): token_id = uuid.uuid4().hex token = fixture.V3Token() - token.set_project_scope() + if project: + token.set_project_scope() token.add_role() request_headers = {'X-Auth-Token': self.service_token_id, @@ -191,3 +201,20 @@ class V3UserPluginTests(BaseUserPluginTests, base.BaseAuthTokenTestCase): self.assertEqual(token.user_domain_id, token_data.user_domain_id) self.assertEqual(token.project_id, token_data.project_id) self.assertEqual(token.project_domain_id, token_data.project_domain_id) + + def test_domain_scope(self): + token_id, token = self.get_token(project=False) + token.set_domain_scope() + + plugin = self.get_plugin(token_id) + self.assertEqual(token.domain_id, plugin.user.domain_id) + self.assertIsNone(plugin.user.project_id) + + def test_trust_scope(self): + token_id, token = self.get_token(project=False) + token.set_trust_scope() + + plugin = self.get_plugin(token_id) + self.assertEqual(token.trust_id, plugin.user.trust_id) + self.assertEqual(token.trustor_user_id, plugin.user.trustor_user_id) + self.assertEqual(token.trustee_user_id, plugin.user.trustee_user_id)