diff --git a/otter/auth.py b/otter/auth.py index 720b9a8d3..125cc6d13 100644 --- a/otter/auth.py +++ b/otter/auth.py @@ -262,10 +262,21 @@ def authenticate_tenant(self, tenant_id, log=None): """ auth = partial(self._auth_me, log=log) - d = user_for_tenant(self._admin_url, - self._identity_admin_user, - self._identity_admin_password, - tenant_id, log=log) + def set_token(token_val): + if log: + log.msg("RAHU3180: token_value is : (val)%s" %{'val': token_val}) +# token = token_val + return token_val + + d = authenticate_user(self._url, + self._identity_admin_user, + self._identity_admin_password, + log=log) + d.addCallback(extract_token) + d.addCallback(set_token) + d.addCallback(lambda token: user_for_tenant(self._admin_url, + token, + log=log)) def impersonate(user): iud = impersonate_user(self._admin_url, @@ -275,7 +286,8 @@ def impersonate(user): return iud d.addCallback(lambda user: retry_on_unauth(partial(impersonate, user), auth)) - + if log: + log.msg("RAHU-self-token: %(token)s"%{'token': self._token}) def endpoints(token): scd = endpoints_for_token(self._admin_url, self._token, token, log=log) @@ -371,7 +383,7 @@ def endpoints_for_token(auth_endpoint, identity_admin_token, user_token, return d -def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None): +def user_for_tenant(auth_endpoint, token, log=None): """ Use a super secret API to get the special actual username for a tenant id. @@ -383,17 +395,16 @@ def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None): :return: Username of the magical identity:user-admin user for the tenantid. """ d = treq.get( - append_segments(auth_endpoint.replace('v2.0', 'v1.1'), 'mosso', str(tenant_id)), - auth=(username, password), + append_segments(auth_endpoint, 'users'), + headers=headers(token), allow_redirects=False, log=log) - d.addCallback(check_success, [301]) - d.addErrback(wrap_upstream_error, 'identity', 'mosso', auth_endpoint) + d.addCallback(check_success, [200, 203]) + d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint) d.addCallback(treq.json_content) - d.addCallback(lambda user: user['user']['id']) + d.addCallback(lambda user: user['users'][0]['username']) return d - def authenticate_user(auth_endpoint, username, password, tenant_id=None, log=None, pool=None): """ diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py index e80dbfe5c..9b6f1bbae 100644 --- a/otter/test/test_auth.py +++ b/otter/test/test_auth.py @@ -36,7 +36,7 @@ ) from otter.effect_dispatcher import get_simple_dispatcher from otter.test.utils import SameJSON, iMock, mock_log, patch -from otter.util.http import APIError, UpstreamError +from otter.util.http import APIError, UpstreamError, headers expected_headers = {'accept': ['application/json'], @@ -299,18 +299,18 @@ def test_user_for_tenant(self): the list of users for a given tenant. """ response = mock.Mock(code=200) - response_body = {'user': {'id': 'ausername'}} + response_body = {'users': [{'username': 'username'}]} self.treq.json_content.return_value = succeed(response_body) self.treq.get.return_value = succeed(response) - d = user_for_tenant('http://identity/v2.0', 'username', 'password', - 111111, log=self.log) + d = user_for_tenant('http://identity/v2.0', 'auth-token', + log=self.log) - self.assertEqual(self.successResultOf(d), 'ausername') + self.assertEqual(self.successResultOf(d), 'username') self.treq.get.assert_called_once_with( - 'http://identity/v1.1/mosso/111111', - auth=('username', 'password'), + 'http://identity/v2.0/users', + headers=headers('auth-token'), allow_redirects=False, log=self.log) def test_user_for_tenant_propagates_errors(self): @@ -321,8 +321,7 @@ def test_user_for_tenant_propagates_errors(self): self.treq.content.return_value = succeed('error_body') self.treq.get.return_value = succeed(response) - d = user_for_tenant('http://identity/v2.0', 'username', 'password', - 111111) + d = user_for_tenant('http://identity/v2.0', 'username', 'auth-token') failure = self.failureResultOf(d) self.assertTrue(failure.check(UpstreamError)) @@ -508,16 +507,16 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self): endpoint. """ self.successResultOf(self.ia.authenticate_tenant(111111)) - self.user_for_tenant.assert_called_once_with(self.admin_url, self.user, - self.password, 111111, + self.user_for_tenant.assert_called_once_with(self.admin_url, + 'auth-token', log=None) self.user_for_tenant.reset_mock() self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log)) - self.user_for_tenant.assert_called_once_with(self.admin_url, self.user, - self.password, 111111, + self.user_for_tenant.assert_called_once_with(self.admin_url, + 'auth-token', log=self.log) def test_authenticate_tenant_impersonates_first_user(self): @@ -550,10 +549,10 @@ def test_authenticate_tenant_retries_impersonates_first_user(self): self.impersonate_user.assert_has_calls( [mock.call(self.admin_url, None, 'test_user', log=self.log), mock.call(self.admin_url, 'auth-token', 'test_user', log=self.log)]) - self.authenticate_user.assert_called_once_with(self.url, self.user, + self.authenticate_user.assert_called_with(self.url, self.user, self.password, log=self.log) - self.log.msg.assert_called_once_with('Getting new identity admin token') + self.log.msg.assert_called_with('RAHU-self-token: auth-token') def test_authenticate_tenant_gets_endpoints_for_the_impersonation_token(self): """ @@ -577,10 +576,10 @@ def test_authenticate_tenant_retries_getting_endpoints_for_the_impersonation_tok self.endpoints_for_token.assert_has_calls( [mock.call(self.admin_url, None, 'impersonation_token', log=self.log), mock.call(self.admin_url, 'auth-token', 'impersonation_token', log=self.log)]) - self.authenticate_user.assert_called_once_with(self.url, self.user, + self.authenticate_user.assert_called_with(self.url, self.user, self.password, log=self.log) - self.log.msg.assert_called_once_with('Getting new identity admin token') + self.log.msg.assert_called_with('Getting new identity admin token') def test_authenticate_tenant_returns_impersonation_token_and_endpoint_list(self): """ @@ -988,3 +987,4 @@ def test_cache_ttl_defaults(self): r = mock.Mock() a = generate_authenticator(r, self.config) self.assertEqual(a._ttl, 300) + diff --git a/requirements/mimic.txt b/requirements/mimic.txt index 0910a53c0..c34c23b83 100644 --- a/requirements/mimic.txt +++ b/requirements/mimic.txt @@ -1 +1,2 @@ -git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e +#git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e +git+ssh://github.com/rackerlabs/autoscale-mimic.git@autoscale-546