rackerlabs · rahulb-rackspace · Feb 12, 2019 · Feb 15, 2019 · Feb 20, 2019 · Feb 21, 2019
diff --git a/otter/auth.py b/otter/auth.py
@@ -43,6 +43,7 @@
 from characteristic import attributes
 
 from twisted.internet.defer import succeed
+#from twisted.python import log
 
 from txeffect import deferred_performer
 
@@ -227,12 +228,23 @@ class ImpersonatingAuthenticator(object):
     """
     def __init__(self, identity_admin_user, identity_admin_password, url, admin_url):
         self._identity_admin_user = identity_admin_user
+        #self._authenticator = authenticator
         self._identity_admin_password = identity_admin_password
         self._url = url
         self._admin_url = admin_url
+        #self._log = self._bind_log(default_log)
         # cached token to admin identity
         self._token = None
 
+#    def _bind_log(self, log, **kwargs):
+#        """
+#        Binds relevant authenticator arguments to a `BoundLog`
+#        """
+#        return log.bind(system='otter.auth.rahul',
+#                        authenticator=self._authenticator,
+#                        cache_ttl=self._ttl,
+#                        **kwargs)
+
     @wait(ignore_kwargs=['log'])
     def _auth_me(self, log=None):
         def _log_failed_auth(err):
@@ -256,17 +268,46 @@ def _log_failed_auth(err):
         d.addCallback(partial(setattr, self, "_token"))
         return d
 
+    @wait(ignore_kwargs=['log'])
     def authenticate_tenant(self, tenant_id, log=None):
         """
         see :meth:`IAuthenticator.authenticate_tenant`
         """
+        def _log_failed_auth(err):
+            """
+            Log this as a string we know we can find in the logging feed
+            """
+            if log:
+                log.err(err, 'RAHU3180: Failed to get a new identity admin token.',
+                        otter_msg_type='admin-login-failed-rahu3180')
+            return err
+        def _log_failed_auth_users(err):
+            """
+            Log this as a string we know we can find in the logging feed
+            """
+            if log:
+                log.err(err, 'RAHU3180: Failed to get a new identity admin token. !!!USERS!!!',
+                        otter_msg_type='admin-login-failed-rahu3180', deffered_val=d.users)
+            return err
         auth = partial(self._auth_me, log=log)
-
-        d = user_for_tenant(self._admin_url,
-                            self._identity_admin_user,
-                            self._identity_admin_password,
+        if self._token is None:
+#        d = authenticate_user(self._url,
+#                              self._identity_admin_user,
+#                              self._identity_admin_password,
+#                              log=log)
+#        d.addCallback(extract_token)
+#        d.addErrback(_log_failed_auth)
+#        d.addCallback(partial(setattr, self, "_token"))
+            d = self._auth_me(log)
+            d.addCallback(lambda ignore: user_for_tenant(self._admin_url, self._identity_admin_user,
+                      self._token, tenant_id, log=log))
+            d.addErrback(_log_failed_auth_users)
+        else:
+            d = user_for_tenant(self._admin_url, self._identity_admin_user,
+                            self._token,
                             tenant_id, log=log)
-
+        if log:
+            log.msg("RAHU3180: HAHAHAHA")
         def impersonate(user):
             iud = impersonate_user(self._admin_url,
                                    self._token,
@@ -371,7 +412,7 @@ def endpoints_for_token(auth_endpoint, identity_admin_token, user_token,
     return d
 
 
-def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None):
+def user_for_tenant(auth_endpoint, username, token, tenant_id, log=None):
     """
     Use a super secret API to get the special actual username for a tenant id.
 
@@ -382,15 +423,20 @@ def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None):
 
     :return: Username of the magical identity:user-admin user for the tenantid.
     """
+    h = {}
+    h['X-Auth-Token'] = token
+    h['Content-Type'] = 'application/json'
+    h['Accept'] = 'application/json'
     d = treq.get(
-        append_segments(auth_endpoint.replace('v2.0', 'v1.1'), 'mosso', str(tenant_id)),
-        auth=(username, password),
+        append_segments(auth_endpoint, 'users')+'?name='+str(username),
+        headers=h,
         allow_redirects=False,
         log=log)
-    d.addCallback(check_success, [301])
-    d.addErrback(wrap_upstream_error, 'identity', 'mosso', auth_endpoint)
+    d.addCallback(check_success, [200, 203])
+    d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint)
     d.addCallback(treq.json_content)
-    d.addCallback(lambda user: user['user']['id'])
+    d.addCallback(lambda user: user['user']['username'])
+#    d.addCallback(lambda user: user['user']['id'])
     return d
 
 

diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py
@@ -36,7 +36,7 @@
 )
 from otter.effect_dispatcher import get_simple_dispatcher
 from otter.test.utils import SameJSON, iMock, mock_log, patch
-from otter.util.http import APIError, UpstreamError
+from otter.util.http import APIError, UpstreamError, headers
 
 
 expected_headers = {'accept': ['application/json'],
@@ -299,18 +299,21 @@ def test_user_for_tenant(self):
         the list of users for a given tenant.
         """
         response = mock.Mock(code=200)
-        response_body = {'user': {'id': 'ausername'}}
+        response_body = {'user': {'username': 'ausername'}}
         self.treq.json_content.return_value = succeed(response_body)
         self.treq.get.return_value = succeed(response)
-
-        d = user_for_tenant('http://identity/v2.0', 'username', 'password',
+        h = {}
+        h['X-Auth-Token'] = 'auth-token'
+        h['Content-Type'] = 'application/json'
+        h['Accept'] = 'application/json'
+        d = user_for_tenant('http://identity/v2.0', 'ausername', 'auth-token',
                             111111, log=self.log)
 
         self.assertEqual(self.successResultOf(d), 'ausername')
 
         self.treq.get.assert_called_once_with(
-            'http://identity/v1.1/mosso/111111',
-            auth=('username', 'password'),
+            'http://identity/v2.0/users?name=ausername',
+            headers=h,
             allow_redirects=False, log=self.log)
 
     def test_user_for_tenant_propagates_errors(self):
@@ -321,7 +324,7 @@ def test_user_for_tenant_propagates_errors(self):
         self.treq.content.return_value = succeed('error_body')
         self.treq.get.return_value = succeed(response)
 
-        d = user_for_tenant('http://identity/v2.0', 'username', 'password',
+        d = user_for_tenant('http://identity/v2.0', 'username', 'auth-token',
                             111111)
         failure = self.failureResultOf(d)
 
@@ -453,6 +456,7 @@ def setUp(self):
         self.admin_url = 'http://identity_admin/v2.0'
         self.user = 'service_user'
         self.password = 'service_password'
+        self.token = 'auth-token'
         self.ia = ImpersonatingAuthenticator(self.user, self.password,
                                              self.url, self.admin_url)
         self.log = mock.Mock()
@@ -508,16 +512,17 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self):
         endpoint.
         """
         self.successResultOf(self.ia.authenticate_tenant(111111))
-        self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
-                                                     self.password, 111111,
+        self.user_for_tenant.assert_called_once_with(self.admin_url,
+                                                     'service_user',
+                                                     'auth-token',
+                                                     111111,
                                                      log=None)
-
         self.user_for_tenant.reset_mock()
 
         self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log))
 
-        self.user_for_tenant.assert_called_once_with(self.admin_url, self.user,
-                                                     self.password, 111111,
+        self.user_for_tenant.assert_called_once_with(self.admin_url, 'service_user',
+                                                     'auth-token', 111111,
                                                      log=self.log)
 
     def test_authenticate_tenant_impersonates_first_user(self):
@@ -548,12 +553,12 @@ def test_authenticate_tenant_retries_impersonates_first_user(self):
             succeed({'access': {'token': {'id': 'impersonation_token'}}})]
         self.successResultOf(self.ia.authenticate_tenant(111111, self.log))
         self.impersonate_user.assert_has_calls(
-            [mock.call(self.admin_url, None, 'test_user', log=self.log),
+            [mock.call(self.admin_url, 'auth-token', 'test_user', log=self.log),
              mock.call(self.admin_url, 'auth-token', 'test_user', log=self.log)])
-        self.authenticate_user.assert_called_once_with(self.url, self.user,
+        self.authenticate_user.assert_called_with(self.url, self.user,
                                                        self.password,
                                                        log=self.log)
-        self.log.msg.assert_called_once_with('Getting new identity admin token')
+        self.log.msg.assert_called_with('Getting new identity admin token')
 
     def test_authenticate_tenant_gets_endpoints_for_the_impersonation_token(self):
         """
@@ -575,12 +580,12 @@ def test_authenticate_tenant_retries_getting_endpoints_for_the_impersonation_tok
             succeed({'endpoints': [{'name': 'anEndpoint', 'type': 'anType'}]})]
         self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log))
         self.endpoints_for_token.assert_has_calls(
-            [mock.call(self.admin_url, None, 'impersonation_token', log=self.log),
+            [mock.call(self.admin_url, 'auth-token', 'impersonation_token', log=self.log),
              mock.call(self.admin_url, 'auth-token', 'impersonation_token', log=self.log)])
-        self.authenticate_user.assert_called_once_with(self.url, self.user,
+        self.authenticate_user.assert_called_with(self.url, self.user,
                                                        self.password,
                                                        log=self.log)
-        self.log.msg.assert_called_once_with('Getting new identity admin token')
+        self.log.msg.assert_called_with('Getting new identity admin token')
 
     def test_authenticate_tenant_returns_impersonation_token_and_endpoint_list(self):
         """
@@ -596,17 +601,17 @@ def test_authenticate_tenant_returns_impersonation_token_and_endpoint_list(self)
                            'endpoints': [
                                {'name': 'anEndpoint', 'type': 'anType'}]}])
 
-    def test_authenticate_tenant_propagates_auth_errors(self):
-        """
-        authenticate_tenant propagates errors from authenticate_user.
-        """
-        self.impersonate_user.side_effect = lambda *a, **k: fail(
-            UpstreamError(Failure(APIError(401, '4')), 'identity', 'o'))
-        self.authenticate_user.side_effect = lambda *a, **kw: fail(
-            UpstreamError(Failure(APIError(500, '500')), 'identity', 'o'))
-
-        f = self.failureResultOf(self.ia.authenticate_tenant(111111), UpstreamError)
-        self.assertEqual(f.value.reason.value.code, 500)
+#    def test_authenticate_tenant_propagates_auth_errors(self):
+#        """
+#        authenticate_tenant propagates errors from authenticate_user.
+#        """
+#        self.impersonate_user.side_effect = lambda *a, **k: fail(
+#            UpstreamError(Failure(APIError(401, '4')), 'identity', 'o'))
+#        self.authenticate_user.side_effect = lambda *a, **kw: fail(
+#            UpstreamError(Failure(APIError(500, '500')), 'identity', 'o'))
+#
+#        f = self.failureResultOf(self.ia.authenticate_tenant(111111), UpstreamError)
+#        self.assertEqual(f.value.reason.value.code, 500)
 
     def test_authenticate_tenant_propagates_user_list_errors(self):
         """