expose the user info url as a configuration

Change-Id: Ibb97e00e24e71c4436b178ce5e75be06c12f4413
2018-08-02 15:50:00 +03:00 · 2018-08-02 15:50:00 +03:00 · 8f1d9b2ff9
commit 8f1d9b2ff9
parent 4686377074
1 changed files with 9 additions and 2 deletions
--- a/vitrage/middleware/keycloak.py
+++ b/vitrage/middleware/keycloak.py
@ -27,7 +27,6 @@ from webob import exc
 LOG = logging.getLogger(__name__)
 OPENID_CONNECT_USERINFO = '%s/realms/%s/protocol/openid-connect/userinfo'
 KEYCLOAK_GROUP = 'keycloak'
 KEYCLOAK_OPTS = [
@ -42,6 +41,11 @@ KEYCLOAK_OPTS = [
    cfg.StrOpt('cafile',
               help='A PEM encoded Certificate Authority to use when verifying'
               ' HTTPs connections. Defaults to system CAs.'),
    cfg.StrOpt(
        'user_info_endpoint_url',
        default='/realms/%s/protocol/openid-connect/userinfo',
        help='Endpoint against which authorization will be performed'
    ),
 ]
@ -57,6 +61,8 @@ class KeycloakAuth(base.ConfigurableMiddleware):
        self.keyfile = self._conf_get('keyfile', KEYCLOAK_GROUP)
        self.cafile = self._conf_get('cafile', KEYCLOAK_GROUP) or \
            self._get_system_ca_file()
        self.user_info_endpoint_url = self._conf_get('user_info_endpoint_url',
                                                     KEYCLOAK_GROUP)
        self.decoded = {}
    @property
@ -100,7 +106,8 @@ class KeycloakAuth(base.ConfigurableMiddleware):
            self._unauthorized(message)
    def call_keycloak(self):
-        endpoint = OPENID_CONNECT_USERINFO % (self.auth_url, self.realm_name)
+        endpoint = ('%s' + self.user_info_endpoint_url) % (self.auth_url,
                                                           self.realm_name)
        headers = {'Authorization': 'Bearer %s' % self.token}
        verify = None
        if urllib.parse.urlparse(endpoint).scheme == "https":