Merge "expose the user info url as a configuration"

2018-08-05 08:41:12 +00:00 · 2018-08-05 08:41:12 +00:00 · 7e131a0cc9
commit 7e131a0cc9
parent 454698ff54 8f1d9b2ff9
1 changed files with 9 additions and 2 deletions
--- a/vitrage/middleware/keycloak.py
+++ b/vitrage/middleware/keycloak.py
@ -27,7 +27,6 @@ from webob import exc

 LOG = logging.getLogger(__name__)

-OPENID_CONNECT_USERINFO = '%s/realms/%s/protocol/openid-connect/userinfo'

 KEYCLOAK_GROUP = 'keycloak'
 KEYCLOAK_OPTS = [
@ -42,6 +41,11 @@ KEYCLOAK_OPTS = [
    cfg.StrOpt('cafile',
               help='A PEM encoded Certificate Authority to use when verifying'
               ' HTTPs connections. Defaults to system CAs.'),
+    cfg.StrOpt(
+        'user_info_endpoint_url',
+        default='/realms/%s/protocol/openid-connect/userinfo',
+        help='Endpoint against which authorization will be performed'
+    ),
 ]


@ -57,6 +61,8 @@ class KeycloakAuth(base.ConfigurableMiddleware):
        self.keyfile = self._conf_get('keyfile', KEYCLOAK_GROUP)
        self.cafile = self._conf_get('cafile', KEYCLOAK_GROUP) or \
            self._get_system_ca_file()
+        self.user_info_endpoint_url = self._conf_get('user_info_endpoint_url',
+                                                     KEYCLOAK_GROUP)
        self.decoded = {}

    @property
@ -100,7 +106,8 @@ class KeycloakAuth(base.ConfigurableMiddleware):
            self._unauthorized(message)

    def call_keycloak(self):
-        endpoint = OPENID_CONNECT_USERINFO % (self.auth_url, self.realm_name)
+        endpoint = ('%s' + self.user_info_endpoint_url) % (self.auth_url,
+                                                           self.realm_name)
        headers = {'Authorization': 'Bearer %s' % self.token}
        verify = None
        if urllib.parse.urlparse(endpoint).scheme == "https":