"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/api/_shared/authentication.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

authentication.py  (keystone-16.0.1):authentication.py  (keystone-17.0.0)
skipping to change at line 22 skipping to change at line 22
# Shared code for Authentication flows. This module is where actual auth # Shared code for Authentication flows. This module is where actual auth
# happens. The code here is shared between Federation and Auth. # happens. The code here is shared between Federation and Auth.
# TODO(morgan): Deprecate all auth flows in /v3/OS-FEDERATION, merge this code # TODO(morgan): Deprecate all auth flows in /v3/OS-FEDERATION, merge this code
# into keystone.api.auth. For now this is the best place for the code to # into keystone.api.auth. For now this is the best place for the code to
# exist. # exist.
import flask import flask
from oslo_log import log from oslo_log import log
import six
from keystone.auth import core from keystone.auth import core
from keystone.common import provider_api from keystone.common import provider_api
from keystone import exception from keystone import exception
from keystone.federation import constants from keystone.federation import constants
from keystone.i18n import _ from keystone.i18n import _
from keystone.receipt import handlers as receipt_handlers from keystone.receipt import handlers as receipt_handlers
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs PROVIDERS = provider_api.ProviderAPIs
skipping to change at line 56 skipping to change at line 55
return return
# Do not scope if request is for explicitly unscoped token # Do not scope if request is for explicitly unscoped token
if unscoped is not None: if unscoped is not None:
return return
# fill in default_project_id if it is available # fill in default_project_id if it is available
try: try:
user_ref = PROVIDERS.identity_api.get_user(auth_context['user_id']) user_ref = PROVIDERS.identity_api.get_user(auth_context['user_id'])
except exception.UserNotFound as e: except exception.UserNotFound as e:
LOG.warning(six.text_type(e)) LOG.warning(e)
raise exception.Unauthorized(e) raise exception.Unauthorized(e)
default_project_id = user_ref.get('default_project_id') default_project_id = user_ref.get('default_project_id')
if not default_project_id: if not default_project_id:
# User has no default project. He shall get an unscoped token. # User has no default project. He shall get an unscoped token.
return return
# make sure user's default project is legit before scoping to it # make sure user's default project is legit before scoping to it
try: try:
default_project_ref = PROVIDERS.resource_api.get_project( default_project_ref = PROVIDERS.resource_api.get_project(
skipping to change at line 234 skipping to change at line 233
auth_context=auth_context, trust_id=trust_id, auth_context=auth_context, trust_id=trust_id,
app_cred_id=app_cred_id, parent_audit_id=token_audit_id) app_cred_id=app_cred_id, parent_audit_id=token_audit_id)
# NOTE(wanghong): We consume a trust use only when we are using # NOTE(wanghong): We consume a trust use only when we are using
# trusts and have successfully issued a token. # trusts and have successfully issued a token.
if trust: if trust:
PROVIDERS.trust_api.consume_use(token.trust_id) PROVIDERS.trust_api.consume_use(token.trust_id)
return token return token
except exception.TrustNotFound as e: except exception.TrustNotFound as e:
LOG.warning(six.text_type(e)) LOG.warning(e)
raise exception.Unauthorized(e) raise exception.Unauthorized(e)
def federated_authenticate_for_token(identity_provider, protocol_id): def federated_authenticate_for_token(identity_provider, protocol_id):
auth = { auth = {
'identity': { 'identity': {
'methods': [protocol_id], 'methods': [protocol_id],
protocol_id: { protocol_id: {
'identity_provider': identity_provider, 'identity_provider': identity_provider,
'protocol': protocol_id 'protocol': protocol_id
} }
 End of changes. 3 change blocks. 
3 lines changed or deleted 2 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)