Revision 25a04cdd
b/astakosclient/astakosclient/__init__.py | ||
---|---|---|
123 | 123 |
|
124 | 124 |
# ---------------------------------- |
125 | 125 |
@retry |
126 |
def _call_astakos(self, token, request_path, |
|
127 |
headers=None, body=None, method="GET"):
|
|
126 |
def _call_astakos(self, token, request_path, headers=None,
|
|
127 |
body=None, method="GET", log_body=True):
|
|
128 | 128 |
"""Make the actual call to Astakos Service""" |
129 | 129 |
if token is not None: |
130 | 130 |
hashed_token = hashlib.sha1() |
... | ... | |
134 | 134 |
using_token = "without using token" |
135 | 135 |
self.logger.debug( |
136 | 136 |
"Make a %s request to %s %s with headers %s and body %s" |
137 |
% (method, request_path, using_token, headers, body)) |
|
137 |
% (method, request_path, using_token, headers, |
|
138 |
body if log_body else "(not logged)")) |
|
138 | 139 |
|
139 | 140 |
# Check Input |
140 | 141 |
if headers is None: |
... | ... | |
362 | 363 |
WARNING: This api call encodes the user's token inside the url. |
363 | 364 |
It's thoughs security unsafe to use it (both astakosclient and |
364 | 365 |
nginx tend to log requested urls). |
365 |
Avoid the use of get_endpoints method and use *** instead. |
|
366 |
Avoid the use of get_endpoints method and use |
|
367 |
get_user_info_with_endpoints instead. |
|
366 | 368 |
|
367 | 369 |
""" |
368 | 370 |
params = {} |
... | ... | |
377 | 379 |
return self._call_astakos(token, path) |
378 | 380 |
|
379 | 381 |
# ---------------------------------- |
382 |
# do a POST to ``API_TOKENS`` |
|
383 |
def get_user_info_with_endpoints(self, token, uuid=None): |
|
384 |
""" Fallback call for authenticate |
|
385 |
|
|
386 |
Keyword arguments: |
|
387 |
token -- user's token (string) |
|
388 |
uuid -- user's uniq id |
|
389 |
|
|
390 |
It returns back the token as well as information about the token |
|
391 |
holder and the services he/she can acess (in json format). |
|
392 |
In case of error raise an AstakosClientException. |
|
393 |
|
|
394 |
""" |
|
395 |
req_path = copy(API_TOKENS) |
|
396 |
req_headers = {'content-type': 'application/json'} |
|
397 |
body = {'auth': {'token': {'id': token}}} |
|
398 |
if uuid is not None: |
|
399 |
body['auth']['tenantName'] = uuid |
|
400 |
req_body = parse_request(body, self.logger) |
|
401 |
return self._call_astakos(token, req_path, req_headers, |
|
402 |
req_body, "POST", False) |
|
403 |
|
|
404 |
# ---------------------------------- |
|
380 | 405 |
# do a GET to ``API_QUOTAS`` |
381 | 406 |
def get_quotas(self, token): |
382 | 407 |
"""Get user's quotas |
b/astakosclient/astakosclient/tests.py | ||
---|---|---|
291 | 291 |
# Check input |
292 | 292 |
if conn.__class__.__name__ != "HTTPSConnection": |
293 | 293 |
return _request_status_302(conn, method, url, **kwargs) |
294 |
if method != "GET": |
|
295 |
return _request_status_400(conn, method, url, **kwargs) |
|
296 | 294 |
|
297 | 295 |
token_head = kwargs['headers'].get('X-Auth-Token') |
298 |
url_split = url[len(astakosclient.API_TOKENS):].split('/') |
|
299 |
token_url = url_split[1] |
|
300 |
if token_head != token_url: |
|
301 |
return _request_status_403(conn, method, url, **kwargs) |
|
302 |
if token_url != token_1: |
|
303 |
return _request_status_401(conn, method, url, **kwargs) |
|
296 |
if url == astakosclient.API_TOKENS: |
|
297 |
if method != "POST": |
|
298 |
return _request_status_400(conn, method, url, **kwargs) |
|
299 |
body = simplejson.loads(kwargs['body']) |
|
300 |
token = body['auth']['token']['id'] |
|
301 |
if token != token_1: |
|
302 |
return _request_status_401(conn, method, url, **kwargs) |
|
303 |
# Return |
|
304 |
return ("", simplejson.dumps(user_info_endpoints), 200) |
|
304 | 305 |
|
305 |
# Return |
|
306 |
return ("", simplejson.dumps(endpoints), 200) |
|
306 |
else: |
|
307 |
if method != "GET": |
|
308 |
return _request_status_400(conn, method, url, **kwargs) |
|
309 |
url_split = url[len(astakosclient.API_TOKENS):].split('/') |
|
310 |
token_url = url_split[1] |
|
311 |
if token_head != token_url: |
|
312 |
return _request_status_403(conn, method, url, **kwargs) |
|
313 |
if token_url != token_1: |
|
314 |
return _request_status_401(conn, method, url, **kwargs) |
|
315 |
# Return |
|
316 |
return ("", simplejson.dumps(endpoints), 200) |
|
307 | 317 |
|
308 | 318 |
|
309 | 319 |
# ---------------------------- |
... | ... | |
419 | 429 |
{"href": "/astakos/api/tokens/0000/endpoints?marker=4&limit=10000", |
420 | 430 |
"rel": "next"}]} |
421 | 431 |
|
432 |
user_info_endpoints = \ |
|
433 |
{'serviceCatalog': [ |
|
434 |
{'endpoints': [{ |
|
435 |
'SNF:uiURL': 'https://node1.example.com/ui/', |
|
436 |
'adminURL': 'https://node1.example.com/v1', |
|
437 |
'internalUrl': 'https://node1.example.com/v1', |
|
438 |
'publicURL': 'https://node1.example.com/v1', |
|
439 |
'region': 'cyclades'}], |
|
440 |
'name': 'cyclades', |
|
441 |
'type': 'compute'}, |
|
442 |
{'endpoints': [{ |
|
443 |
'SNF:uiURL': 'https://node2.example.com/ui/', |
|
444 |
'adminURL': 'https://node2.example.com/v1', |
|
445 |
'internalUrl': 'https://node2.example.com/v1', |
|
446 |
'publicURL': 'https://node2.example.com/v1', |
|
447 |
'region': 'pithos'}], |
|
448 |
'name': 'pithos', |
|
449 |
'type': 'storage'}], |
|
450 |
'token': { |
|
451 |
'expires': '2013-06-19T15:23:59.975572+00:00', |
|
452 |
'id': token_1, |
|
453 |
'tenant': { |
|
454 |
'id': user_1, |
|
455 |
'name': 'Firstname Lastname'}}, |
|
456 |
'user': { |
|
457 |
'id': user_1, |
|
458 |
'name': 'Firstname Lastname', |
|
459 |
'roles': [{'id': 1, 'name': 'default'}], |
|
460 |
'roles_links': []}} |
|
461 |
|
|
422 | 462 |
quotas = { |
423 | 463 |
"system": { |
424 | 464 |
"cyclades.ram": { |
... | ... | |
1162 | 1202 |
else: |
1163 | 1203 |
self.fail("Should have raised Unauthorized Exception") |
1164 | 1204 |
|
1205 |
# ---------------------------------- |
|
1206 |
def test_get_user_info_with_endpoints(self): |
|
1207 |
"""Test function call of get_user_info_with_endpoints""" |
|
1208 |
global token_1, user_info_endpoints |
|
1209 |
_mock_request([_request_ok]) |
|
1210 |
try: |
|
1211 |
client = AstakosClient("https://example.com") |
|
1212 |
response = client.get_user_info_with_endpoints(token_1) |
|
1213 |
except Exception as err: |
|
1214 |
self.fail("Shouldn't raise Exception %s" % err) |
|
1215 |
self.assertEqual(response, user_info_endpoints) |
|
1216 |
|
|
1165 | 1217 |
|
1166 | 1218 |
# ---------------------------- |
1167 | 1219 |
# Run tests |
b/astakosclient/docs/index.rst | ||
---|---|---|
140 | 140 |
|
141 | 141 |
.. warning:: *get_endpoints* api call encodes the user's token inside |
142 | 142 |
the url. It's security unsafe to use it (both astakosclient |
143 |
and nginx tend to log requested urls). |
|
143 |
and nginx tend to log requested urls). Use |
|
144 |
get_user_info_with_endpoints instead. |
|
145 |
|
|
146 |
**get_user_info_with_endpoints(**\ token, uuid=None\ **)** |
|
147 |
Fallback call which receives the user token or the user uuid/token |
|
148 |
and returns back the token as well as information about the token |
|
149 |
holder and the services he/seh can access. |
|
150 |
In case of error raise an AstakosClientException exception. |
|
144 | 151 |
|
145 | 152 |
**get_quotas(**\ token\ **)** |
146 | 153 |
Given a user's authentication token return user's |
Also available in: Unified diff