Skip to content

Commit dfd73f5

Browse files
authored
Merge pull request #27 from stackhpc/upstream/yoga-2023-07-31
Synchronise yoga with upstream
2 parents 90a43f5 + 98ccf28 commit dfd73f5

6 files changed

Lines changed: 32 additions & 171 deletions

File tree

.zuul.d/project.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
- horizon-cross-jobs
66
- horizon-nodejs14-jobs
77
- horizon-non-primary-django-jobs
8-
- openstack-lower-constraints-jobs
98
- openstack-python3-yoga-jobs
109
- periodic-stable-jobs
1110
- publish-openstack-docs-pti

lower-constraints.txt

Lines changed: 0 additions & 155 deletions
This file was deleted.

openstack_auth/backend.py

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -111,22 +111,27 @@ def authenticate(self, request, auth_url=None, **kwargs):
111111

112112
plugin, unscoped_auth = self._get_auth_backend(auth_url, **kwargs)
113113

114+
client_ip = utils.get_client_ip(request)
115+
session = utils.get_session(original_ip=client_ip)
116+
114117
# the recent project id a user might have set in a cookie
115118
recent_project = None
116119
if request:
117120
# Grab recent_project found in the cookie, try to scope
118121
# to the last project used.
119122
recent_project = request.COOKIES.get('recent_project')
120-
unscoped_auth_ref = plugin.get_access_info(unscoped_auth)
123+
unscoped_auth_ref = plugin.get_access_info(unscoped_auth,
124+
session=session)
121125

122126
# Check expiry for our unscoped auth ref.
123127
self._check_auth_expiry(unscoped_auth_ref)
124128

125129
domain_name = kwargs.get('user_domain_name', None)
126130
domain_auth, domain_auth_ref = plugin.get_domain_scoped_auth(
127-
unscoped_auth, unscoped_auth_ref, domain_name)
131+
unscoped_auth, unscoped_auth_ref, domain_name, session=session)
128132
scoped_auth, scoped_auth_ref = plugin.get_project_scoped_auth(
129-
unscoped_auth, unscoped_auth_ref, recent_project=recent_project)
133+
unscoped_auth, unscoped_auth_ref, recent_project=recent_project,
134+
session=session)
130135

131136
# Abort if there are no projects for this user and a valid domain
132137
# token has not been obtained
@@ -207,7 +212,6 @@ def authenticate(self, request, auth_url=None, **kwargs):
207212
request.session.set_expiry(session_time)
208213

209214
keystone_client_class = utils.get_keystone_client().Client
210-
session = utils.get_session()
211215
scoped_client = keystone_client_class(session=session,
212216
auth=scoped_auth)
213217

openstack_auth/plugin/base.py

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -99,17 +99,19 @@ def list_domains(self, session, auth_plugin, auth_ref=None):
9999
msg = _('Unable to retrieve authorized domains.')
100100
raise exceptions.KeystoneRetrieveDomainsException(msg)
101101

102-
def get_access_info(self, keystone_auth):
102+
def get_access_info(self, keystone_auth, session=None):
103103
"""Get the access info from an unscoped auth
104104
105105
This function provides the base functionality that the
106106
plugins will use to authenticate and get the access info object.
107107
108108
:param keystone_auth: keystoneauth1 identity plugin
109+
:param session: keystoneauth1 session to use otherwise gets one
109110
:raises: exceptions.KeystoneAuthException on auth failure
110111
:returns: keystoneclient.access.AccessInfo
111112
"""
112-
session = utils.get_session()
113+
if session is None:
114+
session = utils.get_session()
113115

114116
try:
115117
unscoped_auth_ref = keystone_auth.get_access(session)
@@ -140,7 +142,7 @@ def get_access_info(self, keystone_auth):
140142
return unscoped_auth_ref
141143

142144
def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
143-
recent_project=None):
145+
recent_project=None, session=None):
144146
"""Get the project scoped keystone auth and access info
145147
146148
This function returns a project scoped keystone token plugin
@@ -149,10 +151,13 @@ def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
149151
:param unscoped_auth: keystone auth plugin
150152
:param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
151153
:param recent_project: project that we should try to scope to
154+
:param session: keystoneauth1 session to use otherwise gets one
152155
:return: keystone token auth plugin, AccessInfo object
153156
"""
157+
if session is None:
158+
session = utils.get_session()
159+
154160
auth_url = unscoped_auth.auth_url
155-
session = utils.get_session()
156161

157162
projects = self.list_projects(
158163
session, unscoped_auth, unscoped_auth_ref)
@@ -187,7 +192,7 @@ def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
187192
return scoped_auth, scoped_auth_ref
188193

189194
def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
190-
domain_name=None):
195+
domain_name=None, session=None):
191196
"""Get the domain scoped keystone auth and access info
192197
193198
This function returns a domain scoped keystone token plugin
@@ -196,9 +201,12 @@ def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
196201
:param unscoped_auth: keystone auth plugin
197202
:param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
198203
:param domain_name: domain that we should try to scope to
204+
:param session: keystoneauth1 session to use otherwise gets one
199205
:return: keystone token auth plugin, AccessInfo object
200206
"""
201-
session = utils.get_session()
207+
if session is None:
208+
session = utils.get_session()
209+
202210
auth_url = unscoped_auth.auth_url
203211

204212
if domain_name:
@@ -235,7 +243,7 @@ def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
235243
return domain_auth, domain_auth_ref
236244

237245
def get_system_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
238-
system_scope):
246+
system_scope, session=None):
239247
"""Get the system scoped keystone auth and access info
240248
241249
This function returns a system scoped keystone token plugin
@@ -244,9 +252,12 @@ def get_system_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
244252
:param unscoped_auth: keystone auth plugin
245253
:param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
246254
:param system_scope: system that we should try to scope to
255+
:param session: keystoneauth1 session to use otherwise gets one
247256
:return: keystone token auth plugin, AccessInfo object
248257
"""
249-
session = utils.get_session()
258+
if session is None:
259+
session = utils.get_session()
260+
250261
auth_url = unscoped_auth.auth_url
251262

252263
system_auth = None

openstack_auth/views.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -267,7 +267,8 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
267267
tenant_id, request.user.username)
268268

269269
endpoint, __ = utils.fix_auth_url_version_prefix(request.user.endpoint)
270-
session = utils.get_session()
270+
client_ip = utils.get_client_ip(request)
271+
session = utils.get_session(original_ip=client_ip)
271272
# Keystone can be configured to prevent exchanging a scoped token for
272273
# another token. Always use the unscoped token for requesting a
273274
# scoped token.
@@ -421,7 +422,8 @@ def switch_system_scope(request, redirect_field_name=auth.REDIRECT_FIELD_NAME):
421422
LOG.debug('Switching to system scope for user "%s".', request.user.username)
422423

423424
endpoint, __ = utils.fix_auth_url_version_prefix(request.user.endpoint)
424-
session = utils.get_session()
425+
client_ip = utils.get_client_ip(request)
426+
session = utils.get_session(original_ip=client_ip)
425427
# Keystone can be configured to prevent exchanging a scoped token for
426428
# another token. Always use the unscoped token for requesting a
427429
# scoped token.

openstack_dashboard/api/keystone.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,7 @@ def keystoneclient(request, admin=False, force_scoped=False):
176176
cacert = settings.OPENSTACK_SSL_CACERT
177177
verify = verify and cacert
178178
LOG.debug("Creating a new keystoneclient connection to %s.", endpoint)
179-
remote_addr = request.environ.get('REMOTE_ADDR', '')
179+
remote_addr = auth_utils.get_client_ip(request)
180180
token_auth = token_endpoint.Token(endpoint=endpoint,
181181
token=token_id)
182182
keystone_session = session.Session(auth=token_auth,

0 commit comments

Comments
 (0)