openstack/keystonemiddleware
Code Issues Proposed changes

Merge "Add keystone v3 API to fetch revocation list"

Browse Source
This commit is contained in:
Jenkins 2015-05-12 15:32:42 +00:00 committed by Gerrit Code Review
commit de7a54efd3
2 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
keystonemiddleware/auth_token/_identity.py
View File

@ -35,6 +35,9 @@ class _RequestStrategy(object):
def fetch_cert_file(self, cert_type):
pass
def fetch_revocation_list(self):
pass
class _V2RequestStrategy(_RequestStrategy):
@ -55,6 +58,9 @@ class _V2RequestStrategy(_RequestStrategy):
elif cert_type == 'signing':
return self._client.certificates.get_signing_certificate()
def fetch_revocation_list(self):
return self._client.tokens.get_revoked()
class _V3RequestStrategy(_RequestStrategy):
@ -77,6 +83,9 @@ class _V3RequestStrategy(_RequestStrategy):
elif cert_type == 'signing':
return self._client.simple_cert.get_certificates()
def fetch_revocation_list(self):
return self._client.tokens.get_revoked()
_REQUEST_STRATEGIES = [_V3RequestStrategy, _V2RequestStrategy]
@ -101,8 +110,6 @@ class IdentityServer(object):
# Built on-demand with self._request_strategy.
self._request_strategy_obj = None
self._v2_client = v2_client.Client(session=self._adapter)
@property
def auth_uri(self):
auth_uri = self._adapter.get_endpoint(interface=auth.AUTH_INTERFACE)
@ -189,7 +196,7 @@ class IdentityServer(object):
def fetch_revocation_list(self):
try:
data = self._v2_client.tokens.get_revoked()
data = self._request_strategy.fetch_revocation_list()
except exceptions.HTTPError as e:
msg = _('Failed to fetch token revocation list: %d')
raise exc.RevocationListError(msg % e.http_status)

16
keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
View File

@ -974,8 +974,7 @@ class CommonAuthTokenMiddlewareTest(object):
in_memory_list)
def test_invalid_revocation_list_raises_error(self):
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI, json={})
self.requests_mock.get(self.revocation_url, json={})
self.assertRaises(exc.RevocationListError,
self.middleware._revocations._fetch)
@ -1559,7 +1558,8 @@ class v2AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.requests_mock.post('%s/v2.0/tokens' % BASE_URI,
text=FAKE_ADMIN_TOKEN)
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI,
self.revocation_url = '%s/v2.0/tokens/revoked' % BASE_URI
self.requests_mock.get(self.revocation_url,
text=self.examples.SIGNED_REVOCATION_LIST)
for token in (self.examples.UUID_TOKEN_DEFAULT,
@ -1768,8 +1768,8 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.requests_mock.post('%s/v2.0/tokens' % BASE_URI,
text=FAKE_ADMIN_TOKEN)
# TODO(jamielennox): there is no v3 revocation url yet, it uses v2
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI,
self.revocation_url = '%s/v3/auth/tokens/OS-PKI/revoked' % BASE_URI
self.requests_mock.get(self.revocation_url,
text=self.examples.SIGNED_REVOCATION_LIST)
self.requests_mock.get('%s/v3/auth/tokens' % BASE_URI,
@ -1862,8 +1862,7 @@ class v3AuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
self.token_dict['signed_token_scoped_pkiz'])
def test_fallback_to_online_validation_with_revocation_list_error(self):
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI,
status_code=404)
self.requests_mock.get(self.revocation_url, status_code=404)
self.assert_valid_request_200(self.token_dict['signed_token_scoped'])
self.assert_valid_request_200(
self.token_dict['signed_token_scoped_pkiz'])
@ -2494,8 +2493,7 @@ class v3CompositeAuthTests(BaseAuthTokenMiddlewareTest,
self.requests_mock.post('%s/v2.0/tokens' % BASE_URI,
text=FAKE_ADMIN_TOKEN)
# TODO(jamielennox): there is no v3 revocation url yet, it uses v2
self.requests_mock.get('%s/v2.0/tokens/revoked' % BASE_URI,
self.requests_mock.get('%s/v3/auth/tokens/OS-PKI/revoked' % BASE_URI,
text=self.examples.SIGNED_REVOCATION_LIST)
self.requests_mock.get('%s/v3/auth/tokens' % BASE_URI,