From 2492155bf9ca94a29130f21e356ce5940dee1e57 Mon Sep 17 00:00:00 2001 From: rahu3180 Date: Sat, 13 Apr 2019 01:42:24 -0700 Subject: [PATCH] otter uses an identity v1.1 API which will be depricated. Currently v1.1 API version is used to make query for main user for the tenant. Changing the API to get the user for tenant with V2.0 version API. JIRA => AS-546 URL => https://jira.rax.io/browse/AS-546 --- otter/auth.py | 27 +++++++++++++-------------- otter/test/test_auth.py | 32 ++++++++++++++++---------------- requirements/mimic.txt | 3 ++- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/otter/auth.py b/otter/auth.py index 720b9a8d3..2e9ca1277 100644 --- a/otter/auth.py +++ b/otter/auth.py @@ -261,12 +261,11 @@ def authenticate_tenant(self, tenant_id, log=None): see :meth:`IAuthenticator.authenticate_tenant` """ auth = partial(self._auth_me, log=log) - - d = user_for_tenant(self._admin_url, - self._identity_admin_user, - self._identity_admin_password, - tenant_id, log=log) - + d = auth() + d.addCallback(lambda ignore: user_for_tenant(self._admin_url, + self._token, + tenant_id, + log=log)) def impersonate(user): iud = impersonate_user(self._admin_url, self._token, @@ -371,26 +370,26 @@ def endpoints_for_token(auth_endpoint, identity_admin_token, user_token, return d -def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None): +def user_for_tenant(auth_endpoint, token, tenant_id, log=None): """ Use a super secret API to get the special actual username for a tenant id. :param str auth_endpoint: Identity Admin API endpoint. - :param str username: A service username. - :param str password: A service password. + :param str token: A service Token. :param tenant_id: The tenant ID we wish to find the user for. :return: Username of the magical identity:user-admin user for the tenantid. """ d = treq.get( - append_segments(auth_endpoint.replace('v2.0', 'v1.1'), 'mosso', str(tenant_id)), - auth=(username, password), + append_segments(auth_endpoint, 'users') + '?tenant_id=' + + str(tenant_id) + '&admin_only=true', + headers=headers(token), allow_redirects=False, log=log) - d.addCallback(check_success, [301]) - d.addErrback(wrap_upstream_error, 'identity', 'mosso', auth_endpoint) + d.addCallback(check_success, [200, 203]) + d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint) d.addCallback(treq.json_content) - d.addCallback(lambda user: user['user']['id']) + d.addCallback(lambda user: user['users'][0]['username']) return d diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py index e80dbfe5c..bf7071837 100644 --- a/otter/test/test_auth.py +++ b/otter/test/test_auth.py @@ -36,7 +36,7 @@ ) from otter.effect_dispatcher import get_simple_dispatcher from otter.test.utils import SameJSON, iMock, mock_log, patch -from otter.util.http import APIError, UpstreamError +from otter.util.http import APIError, UpstreamError, headers expected_headers = {'accept': ['application/json'], @@ -299,18 +299,18 @@ def test_user_for_tenant(self): the list of users for a given tenant. """ response = mock.Mock(code=200) - response_body = {'user': {'id': 'ausername'}} + response_body = {'users': [{'username': 'ausername'}]} self.treq.json_content.return_value = succeed(response_body) self.treq.get.return_value = succeed(response) - d = user_for_tenant('http://identity/v2.0', 'username', 'password', + d = user_for_tenant('http://identity/v2.0', 'auth-token', 111111, log=self.log) self.assertEqual(self.successResultOf(d), 'ausername') self.treq.get.assert_called_once_with( - 'http://identity/v1.1/mosso/111111', - auth=('username', 'password'), + 'http://identity/v2.0/users?tenant_id=111111&admin_only=true', + headers=headers('auth-token'), allow_redirects=False, log=self.log) def test_user_for_tenant_propagates_errors(self): @@ -321,7 +321,7 @@ def test_user_for_tenant_propagates_errors(self): self.treq.content.return_value = succeed('error_body') self.treq.get.return_value = succeed(response) - d = user_for_tenant('http://identity/v2.0', 'username', 'password', + d = user_for_tenant('http://identity/v2.0', 'auth-token', 111111) failure = self.failureResultOf(d) @@ -508,16 +508,16 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self): endpoint. """ self.successResultOf(self.ia.authenticate_tenant(111111)) - self.user_for_tenant.assert_called_once_with(self.admin_url, self.user, - self.password, 111111, + self.user_for_tenant.assert_called_once_with(self.admin_url, + 'auth-token', 111111, log=None) self.user_for_tenant.reset_mock() self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log)) - self.user_for_tenant.assert_called_once_with(self.admin_url, self.user, - self.password, 111111, + self.user_for_tenant.assert_called_once_with(self.admin_url, + 'auth-token', 111111, log=self.log) def test_authenticate_tenant_impersonates_first_user(self): @@ -548,12 +548,12 @@ def test_authenticate_tenant_retries_impersonates_first_user(self): succeed({'access': {'token': {'id': 'impersonation_token'}}})] self.successResultOf(self.ia.authenticate_tenant(111111, self.log)) self.impersonate_user.assert_has_calls( - [mock.call(self.admin_url, None, 'test_user', log=self.log), + [mock.call(self.admin_url, 'auth-token', 'test_user', log=self.log), mock.call(self.admin_url, 'auth-token', 'test_user', log=self.log)]) - self.authenticate_user.assert_called_once_with(self.url, self.user, + self.authenticate_user.assert_called_with(self.url, self.user, self.password, log=self.log) - self.log.msg.assert_called_once_with('Getting new identity admin token') + self.log.msg.assert_called_with('Getting new identity admin token') def test_authenticate_tenant_gets_endpoints_for_the_impersonation_token(self): """ @@ -575,12 +575,12 @@ def test_authenticate_tenant_retries_getting_endpoints_for_the_impersonation_tok succeed({'endpoints': [{'name': 'anEndpoint', 'type': 'anType'}]})] self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log)) self.endpoints_for_token.assert_has_calls( - [mock.call(self.admin_url, None, 'impersonation_token', log=self.log), + [mock.call(self.admin_url, 'auth-token', 'impersonation_token', log=self.log), mock.call(self.admin_url, 'auth-token', 'impersonation_token', log=self.log)]) - self.authenticate_user.assert_called_once_with(self.url, self.user, + self.authenticate_user.assert_called_with(self.url, self.user, self.password, log=self.log) - self.log.msg.assert_called_once_with('Getting new identity admin token') + self.log.msg.assert_called_with('Getting new identity admin token') def test_authenticate_tenant_returns_impersonation_token_and_endpoint_list(self): """ diff --git a/requirements/mimic.txt b/requirements/mimic.txt index 0910a53c0..c34c23b83 100644 --- a/requirements/mimic.txt +++ b/requirements/mimic.txt @@ -1 +1,2 @@ -git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e +#git+https://github.com/rackerlabs/mimic.git@594dd5c8e80b670fa2d0c42f5eec9645e14aa54e +git+ssh://github.com/rackerlabs/autoscale-mimic.git@autoscale-546