Skip to content

Commit

Permalink
Merge pull request #27 from stackhpc/upstream/yoga-2023-07-31
Browse files Browse the repository at this point in the history 
Synchronise yoga with upstream
  • Loading branch information
@markgoddard
markgoddard authored Jul 31, 2023
2 parents 90a43f5 + 98ccf28 commit dfd73f5
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 171 deletions.
1 change: 0 additions & 1 deletion .zuul.d/project.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
- horizon-cross-jobs
- horizon-nodejs14-jobs
- horizon-non-primary-django-jobs
- openstack-lower-constraints-jobs
- openstack-python3-yoga-jobs
- periodic-stable-jobs
- publish-openstack-docs-pti
Expand Down
155 changes: 0 additions & 155 deletions lower-constraints.txt
View file

This file was deleted.

12 changes: 8 additions & 4 deletions openstack_auth/backend.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,22 +111,27 @@ def authenticate(self, request, auth_url=None, **kwargs):

plugin, unscoped_auth = self._get_auth_backend(auth_url, **kwargs)

client_ip = utils.get_client_ip(request)
session = utils.get_session(original_ip=client_ip)

# the recent project id a user might have set in a cookie
recent_project = None
if request:
# Grab recent_project found in the cookie, try to scope
# to the last project used.
recent_project = request.COOKIES.get('recent_project')
unscoped_auth_ref = plugin.get_access_info(unscoped_auth)
unscoped_auth_ref = plugin.get_access_info(unscoped_auth,
session=session)

# Check expiry for our unscoped auth ref.
self._check_auth_expiry(unscoped_auth_ref)

domain_name = kwargs.get('user_domain_name', None)
domain_auth, domain_auth_ref = plugin.get_domain_scoped_auth(
unscoped_auth, unscoped_auth_ref, domain_name)
unscoped_auth, unscoped_auth_ref, domain_name, session=session)
scoped_auth, scoped_auth_ref = plugin.get_project_scoped_auth(
unscoped_auth, unscoped_auth_ref, recent_project=recent_project)
unscoped_auth, unscoped_auth_ref, recent_project=recent_project,
session=session)

# Abort if there are no projects for this user and a valid domain
# token has not been obtained
Expand Down Expand Up @@ -207,7 +212,6 @@ def authenticate(self, request, auth_url=None, **kwargs):
request.session.set_expiry(session_time)

keystone_client_class = utils.get_keystone_client().Client
session = utils.get_session()
scoped_client = keystone_client_class(session=session,
auth=scoped_auth)

Expand Down
27 changes: 19 additions & 8 deletions openstack_auth/plugin/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,17 +99,19 @@ def list_domains(self, session, auth_plugin, auth_ref=None):
msg = _('Unable to retrieve authorized domains.')
raise exceptions.KeystoneRetrieveDomainsException(msg)

def get_access_info(self, keystone_auth):
def get_access_info(self, keystone_auth, session=None):
"""Get the access info from an unscoped auth
This function provides the base functionality that the
plugins will use to authenticate and get the access info object.
:param keystone_auth: keystoneauth1 identity plugin
:param session: keystoneauth1 session to use otherwise gets one
:raises: exceptions.KeystoneAuthException on auth failure
:returns: keystoneclient.access.AccessInfo
"""
session = utils.get_session()
if session is None:
session = utils.get_session()

try:
unscoped_auth_ref = keystone_auth.get_access(session)
Expand Down Expand Up @@ -140,7 +142,7 @@ def get_access_info(self, keystone_auth):
return unscoped_auth_ref

def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
recent_project=None):
recent_project=None, session=None):
"""Get the project scoped keystone auth and access info
This function returns a project scoped keystone token plugin
Expand All @@ -149,10 +151,13 @@ def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
:param unscoped_auth: keystone auth plugin
:param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
:param recent_project: project that we should try to scope to
:param session: keystoneauth1 session to use otherwise gets one
:return: keystone token auth plugin, AccessInfo object
"""
if session is None:
session = utils.get_session()

auth_url = unscoped_auth.auth_url
session = utils.get_session()

projects = self.list_projects(
session, unscoped_auth, unscoped_auth_ref)
Expand Down Expand Up @@ -187,7 +192,7 @@ def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
return scoped_auth, scoped_auth_ref

def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
domain_name=None):
domain_name=None, session=None):
"""Get the domain scoped keystone auth and access info
This function returns a domain scoped keystone token plugin
Expand All @@ -196,9 +201,12 @@ def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
:param unscoped_auth: keystone auth plugin
:param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
:param domain_name: domain that we should try to scope to
:param session: keystoneauth1 session to use otherwise gets one
:return: keystone token auth plugin, AccessInfo object
"""
session = utils.get_session()
if session is None:
session = utils.get_session()

auth_url = unscoped_auth.auth_url

if domain_name:
Expand Down Expand Up @@ -235,7 +243,7 @@ def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
return domain_auth, domain_auth_ref

def get_system_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
system_scope):
system_scope, session=None):
"""Get the system scoped keystone auth and access info
This function returns a system scoped keystone token plugin
Expand All @@ -244,9 +252,12 @@ def get_system_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
:param unscoped_auth: keystone auth plugin
:param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
:param system_scope: system that we should try to scope to
:param session: keystoneauth1 session to use otherwise gets one
:return: keystone token auth plugin, AccessInfo object
"""
session = utils.get_session()
if session is None:
session = utils.get_session()

auth_url = unscoped_auth.auth_url

system_auth = None
Expand Down
6 changes: 4 additions & 2 deletions openstack_auth/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,8 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
tenant_id, request.user.username)

endpoint, __ = utils.fix_auth_url_version_prefix(request.user.endpoint)
session = utils.get_session()
client_ip = utils.get_client_ip(request)
session = utils.get_session(original_ip=client_ip)
# Keystone can be configured to prevent exchanging a scoped token for
# another token. Always use the unscoped token for requesting a
# scoped token.
Expand Down Expand Up @@ -421,7 +422,8 @@ def switch_system_scope(request, redirect_field_name=auth.REDIRECT_FIELD_NAME):
LOG.debug('Switching to system scope for user "%s".', request.user.username)

endpoint, __ = utils.fix_auth_url_version_prefix(request.user.endpoint)
session = utils.get_session()
client_ip = utils.get_client_ip(request)
session = utils.get_session(original_ip=client_ip)
# Keystone can be configured to prevent exchanging a scoped token for
# another token. Always use the unscoped token for requesting a
# scoped token.
Expand Down
2 changes: 1 addition & 1 deletion openstack_dashboard/api/keystone.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ def keystoneclient(request, admin=False, force_scoped=False):
cacert = settings.OPENSTACK_SSL_CACERT
verify = verify and cacert
LOG.debug("Creating a new keystoneclient connection to %s.", endpoint)
remote_addr = request.environ.get('REMOTE_ADDR', '')
remote_addr = auth_utils.get_client_ip(request)
token_auth = token_endpoint.Token(endpoint=endpoint,
token=token_id)
keystone_session = session.Session(auth=token_auth,
Expand Down

0 comments on commit dfd73f5

Please sign in to comment.