[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pulp-list] user model added

On 07/08/2010 06:52 PM, Mike McCune wrote:
On 07/08/2010 03:45 PM, Mike McCune wrote:
Added only the model + base API.

Also included certificate.py for parsing certs. the API includes
ability to do:

def test_user_with_certificate(self):
# read in the test cert and extract the UID for the subject
# so we can compare after the user is created that it matches
test_cert = os.path.abspath(os.path.dirname(__file__)) +
idcert = Certificate()
subject = idcert.subject()
cert_uid = subject['UID']

# Read the cert into a string off disk and create a
# user with said certificate. We should get back a user with an
# id that matches the UID in the cert.
certfile = open(test_cert)
certstring = certfile.read()
user = self.uapi.create('cert-test', certificate=certstring)

# Check that they match
self.assertEquals(user['id'], cert_uid)

I'm not even entirely sure this is what we want todo but it should get
the ball rolling,

after a bit of thought and discussion with Jeff, the above is totally
wrong wrt how and what I'm doing with the UID field. The above is the
UID for the *Consumer* and not the admin user.

We need to parse the identity cert and associate the subject['UID']
field with our Consumer, not our User object.

So, essentially we should consider moving the above logic over to
Consumer's create() call to take in a cert string and possibly extract
the UID and store that as the ID for the consumer.

FWIW.. we have 2 means on authentication on candlepin. Certs get you a consumer, and an owner context by default. The role is consumer. Username/passwords get you users, with a possible owner context. The latter can be supplid by basic auth which is checked only if there is no cert.

With the above logic, and test can be hit from the browser directly if need be.

-- bk

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]