"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/auth/plugins/core.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

core.py  (keystone-16.0.1):core.py  (keystone-17.0.0)
skipping to change at line 15 skipping to change at line 15
# a copy of the License at # a copy of the License at
# #
# http://www.apache.org/licenses/LICENSE-2.0 # http://www.apache.org/licenses/LICENSE-2.0
# #
# Unless required by applicable law or agreed to in writing, software # Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import sys
from oslo_log import log from oslo_log import log
from pycadf import cadftaxonomy as taxonomy from pycadf import cadftaxonomy as taxonomy
from pycadf import reason from pycadf import reason
from pycadf import resource from pycadf import resource
import six
from keystone.common import driver_hints from keystone.common import driver_hints
from keystone.common import provider_api from keystone.common import provider_api
import keystone.conf import keystone.conf
from keystone import exception from keystone import exception
from keystone import notifications from keystone import notifications
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs PROVIDERS = provider_api.ProviderAPIs
skipping to change at line 119 skipping to change at line 116
self.user_id = None self.user_id = None
self.user_ref = None self.user_ref = None
self.METHOD_NAME = None self.METHOD_NAME = None
def _assert_domain_is_enabled(self, domain_ref): def _assert_domain_is_enabled(self, domain_ref):
try: try:
PROVIDERS.resource_api.assert_domain_enabled( PROVIDERS.resource_api.assert_domain_enabled(
domain_id=domain_ref['id'], domain_id=domain_ref['id'],
domain=domain_ref) domain=domain_ref)
except AssertionError as e: except AssertionError as e:
LOG.warning(six.text_type(e)) LOG.warning(e)
six.reraise(exception.Unauthorized, exception.Unauthorized(e), raise exception.Unauthorized from e
sys.exc_info()[2])
def _assert_user_is_enabled(self, user_ref): def _assert_user_is_enabled(self, user_ref):
try: try:
PROVIDERS.identity_api.assert_user_enabled( PROVIDERS.identity_api.assert_user_enabled(
user_id=user_ref['id'], user_id=user_ref['id'],
user=user_ref) user=user_ref)
except AssertionError as e: except AssertionError as e:
LOG.warning(six.text_type(e)) LOG.warning(e)
six.reraise(exception.Unauthorized, exception.Unauthorized(e), raise exception.Unauthorized from e
sys.exc_info()[2])
def _lookup_domain(self, domain_info): def _lookup_domain(self, domain_info):
domain_id = domain_info.get('id') domain_id = domain_info.get('id')
domain_name = domain_info.get('name') domain_name = domain_info.get('name')
if not domain_id and not domain_name: if not domain_id and not domain_name:
raise exception.ValidationError(attribute='id or name', raise exception.ValidationError(attribute='id or name',
target='domain') target='domain')
try: try:
if domain_name: if domain_name:
domain_ref = PROVIDERS.resource_api.get_domain_by_name( domain_ref = PROVIDERS.resource_api.get_domain_by_name(
domain_name) domain_name)
else: else:
domain_ref = PROVIDERS.resource_api.get_domain(domain_id) domain_ref = PROVIDERS.resource_api.get_domain(domain_id)
except exception.DomainNotFound as e: except exception.DomainNotFound as e:
LOG.warning(six.text_type(e)) LOG.warning(e)
raise exception.Unauthorized(e) raise exception.Unauthorized(e)
self._assert_domain_is_enabled(domain_ref) self._assert_domain_is_enabled(domain_ref)
return domain_ref return domain_ref
def _validate_and_normalize_auth_data(self, auth_payload): def _validate_and_normalize_auth_data(self, auth_payload):
if 'user' not in auth_payload: if 'user' not in auth_payload:
raise exception.ValidationError(attribute='user', raise exception.ValidationError(attribute='user',
target=self.METHOD_NAME) target=self.METHOD_NAME)
user_info = auth_payload['user'] user_info = auth_payload['user']
user_id = user_info.get('id') user_id = user_info.get('id')
skipping to change at line 176 skipping to change at line 171
target='user') target='user')
domain_ref = self._lookup_domain(user_info['domain']) domain_ref = self._lookup_domain(user_info['domain'])
user_ref = PROVIDERS.identity_api.get_user_by_name( user_ref = PROVIDERS.identity_api.get_user_by_name(
user_name, domain_ref['id']) user_name, domain_ref['id'])
else: else:
user_ref = PROVIDERS.identity_api.get_user(user_id) user_ref = PROVIDERS.identity_api.get_user(user_id)
domain_ref = PROVIDERS.resource_api.get_domain( domain_ref = PROVIDERS.resource_api.get_domain(
user_ref['domain_id']) user_ref['domain_id'])
self._assert_domain_is_enabled(domain_ref) self._assert_domain_is_enabled(domain_ref)
except exception.UserNotFound as e: except exception.UserNotFound as e:
LOG.warning(six.text_type(e)) LOG.warning(e)
# We need to special case USER NOT FOUND here for CADF # We need to special case USER NOT FOUND here for CADF
# notifications as the normal path for notification(s) come from # notifications as the normal path for notification(s) come from
# `identity_api.authenticate` and we are a bit before dropping into # `identity_api.authenticate` and we are a bit before dropping into
# that method. # that method.
audit_reason = reason.Reason(str(e), str(e.code)) audit_reason = reason.Reason(str(e), str(e.code))
audit_initiator = notifications.build_audit_initiator() audit_initiator = notifications.build_audit_initiator()
# build an appropriate audit initiator with relevant information # build an appropriate audit initiator with relevant information
# for the failed request. This will catch invalid user_name and # for the failed request. This will catch invalid user_name and
# invalid user_id. # invalid user_id.
 End of changes. 6 change blocks. 
11 lines changed or deleted 6 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)