aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2016-04-25 11:25:28 +0200
committerasteroide <thomas.duval@orange.com>2016-04-25 11:25:28 +0200
commit8d291f5a3de6fdffea6144b4c0f5ed44411285f5 (patch)
treef9edcf68d61cbe2cf0eb9807403964cdbf9d3730
parent8c6291c915bd9f806600642b188f2bbb5fc716bc (diff)
Add the /moon/auth/tokens API
Change-Id: I4c0dd7c0e3f4dcae8d122c466cf93ac28d7c37f6
-rw-r--r--keystone-moon/doc/source/extensions/moon/moon_api.rst137
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py40
-rw-r--r--keystone-moon/keystone/contrib/moon/routers.py8
-rw-r--r--keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py48
4 files changed, 173 insertions, 60 deletions
diff --git a/keystone-moon/doc/source/extensions/moon/moon_api.rst b/keystone-moon/doc/source/extensions/moon/moon_api.rst
index f2546d4d..6925d6b1 100644
--- a/keystone-moon/doc/source/extensions/moon/moon_api.rst
+++ b/keystone-moon/doc/source/extensions/moon/moon_api.rst
@@ -3,12 +3,12 @@ Moon API
Here are Moon API with some examples of posted data and returned data.
-All requests must be prefexied by /v3/OS-MOON.
+All requests must be prefexied by /moon/v3/OS-MOON.
Authz
-----
-**GET /authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}**
+**GET /moon/authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}**
Authorization API.
.. code-block:: json
@@ -24,7 +24,7 @@ Intra-Extension API
Configuration
~~~~~~~~~~~~~
-**GET /configuration/templates**
+**GET /moon/configuration/templates**
List all policy templates.
@@ -38,7 +38,7 @@ Configuration
}
-**GET /configuration/aggregation_algorithms**
+**GET /moon/configuration/aggregation_algorithms**
List all aggregation algorithms.
@@ -52,7 +52,7 @@ Configuration
}
-**GET /configuration/sub_meta_rule_algorithms**
+**GET /moon/configuration/sub_meta_rule_algorithms**
List all sub meta rule algorithms.
@@ -69,7 +69,7 @@ Configuration
Tenants
~~~~~~~
-**GET /tenants**
+**GET /moon/tenants**
List all tenants.
@@ -85,7 +85,7 @@ Tenants
}
-**POST /tenants**
+**POST /moon/tenants**
Add a tenant.
@@ -107,7 +107,7 @@ Tenants
}
-**POST /tenants/{tenant_id}**
+**POST /moon/tenants/{tenant_id}**
Show information of one tenant.
@@ -123,7 +123,7 @@ Tenants
}
-**POST /tenants/{tenant_id}**
+**POST /moon/tenants/{tenant_id}**
Modify a tenant.
@@ -145,7 +145,7 @@ Tenants
}
-**DELETE /tenants/{tenant_id}**
+**DELETE /moon/tenants/{tenant_id}**
Delete a tenant.
@@ -157,7 +157,7 @@ Tenants
Intra-Extension
~~~~~~~~~~~~~~~
-**GET /intra_extensions/init**
+**GET /moon/intra_extensions/init**
Initialize the root Intra_Extension (if needed).
@@ -166,7 +166,7 @@ Intra-Extension
return = {}
-**GET /intra_extensions**
+**GET /moon/intra_extensions**
List all Intra_Extensions.
@@ -180,7 +180,7 @@ Intra-Extension
}
-**POST /intra_extensions**
+**POST /moon/intra_extensions**
Create a new Intra_Extension.
@@ -195,7 +195,7 @@ Intra-Extension
return = {}
-**GET /intra_extensions/{intra_extension_id}/**
+**GET /moon/intra_extensions/{intra_extension_id}/**
Show details about one Intra_Extension.
@@ -210,7 +210,7 @@ Intra-Extension
}
-**DELETE /intra_extensions/{intra_extension_id}/**
+**DELETE /moon/intra_extensions/{intra_extension_id}/**
Delete an Intra_Extension.
@@ -222,7 +222,7 @@ Intra-Extension
Intra-Extension Subjects
~~~~~~~~~~~~~~~~~~~~~~~~
-**GET /intra_extensions/{intra_extension_id}/subjects**
+**GET /moon/intra_extensions/{intra_extension_id}/subjects**
List all subjects.
@@ -236,7 +236,7 @@ Intra-Extension Subjects
}
-**POST /intra_extensions/{intra_extension_id}/subjects**
+**POST /moon/intra_extensions/{intra_extension_id}/subjects**
List all subjects.
@@ -256,7 +256,7 @@ Intra-Extension Subjects
}
-**DELETE /intra_extensions/{intra_extension_id}/subjects/{subject_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/subjects/{subject_id}**
Delete a subject.
@@ -265,7 +265,7 @@ Intra-Extension Subjects
return = {}
-**GET /intra_extensions/{intra_extension_id}/subject_categories**
+**GET /moon/intra_extensions/{intra_extension_id}/subject_categories**
List all subject categories.
@@ -279,7 +279,7 @@ Intra-Extension Subjects
}
-**POST /intra_extensions/{intra_extension_id}/subject_categories**
+**POST /moon/intra_extensions/{intra_extension_id}/subject_categories**
Add a new subject category.
@@ -297,7 +297,7 @@ Intra-Extension Subjects
}
-**DELETE /intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}**
Delete a subject category.
@@ -306,7 +306,7 @@ Intra-Extension Subjects
return = {}
-**GET /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}**
List all subject scopes for a specific subject category.
@@ -320,7 +320,7 @@ Intra-Extension Subjects
}
-**POST /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}**
+**POST /moon/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}**
Add a new subject scope for a specific subject category.
@@ -338,7 +338,7 @@ Intra-Extension Subjects
}
-**DELETE /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}**
Delete a subject scope.
@@ -347,7 +347,7 @@ Intra-Extension Subjects
return = {}
-**GET /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}**
List all subject assignments for a subject and for a subject category.
@@ -358,7 +358,7 @@ Intra-Extension Subjects
]
-**POST /intra_extensions/{intra_extension_id}/subject_assignments**
+**POST /moon/intra_extensions/{intra_extension_id}/subject_assignments**
Add an assignment.
@@ -374,7 +374,7 @@ Intra-Extension Subjects
]
-**DELETE /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}**
Delete a subject assignment.
@@ -386,7 +386,7 @@ Intra-Extension Subjects
Intra-Extension Objects
~~~~~~~~~~~~~~~~~~~~~~~
-**GET /intra_extensions/{intra_extension_id}/objects**
+**GET /moon/intra_extensions/{intra_extension_id}/objects**
List all objects.
@@ -400,7 +400,7 @@ Intra-Extension Objects
}
-**POST /intra_extensions/{intra_extension_id}/objects**
+**POST /moon/intra_extensions/{intra_extension_id}/objects**
List all objects.
@@ -418,7 +418,7 @@ Intra-Extension Objects
}
-**DELETE /intra_extensions/{intra_extension_id}/objects/{object_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/objects/{object_id}**
Delete a object.
@@ -427,7 +427,7 @@ Intra-Extension Objects
return = {}
-**GET /intra_extensions/{intra_extension_id}/object_categories**
+**GET /moon/intra_extensions/{intra_extension_id}/object_categories**
List all object categories.
@@ -441,7 +441,7 @@ Intra-Extension Objects
}
-**POST /intra_extensions/{intra_extension_id}/object_categories**
+**POST /moon/intra_extensions/{intra_extension_id}/object_categories**
Add a new object category.
@@ -459,7 +459,7 @@ Intra-Extension Objects
}
-**DELETE /intra_extensions/{intra_extension_id}/object_categories/{object_category_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/object_categories/{object_category_id}**
Delete a object category.
@@ -468,7 +468,7 @@ Intra-Extension Objects
return = {}
-**GET /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}**
List all object scopes for a specific object category.
@@ -482,7 +482,7 @@ Intra-Extension Objects
}
-**POST /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}**
+**POST /moon/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}**
Add a new object scope for a specific object category.
@@ -500,7 +500,7 @@ Intra-Extension Objects
}
-**DELETE /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}**
Delete a object scope.
@@ -509,7 +509,7 @@ Intra-Extension Objects
return = {}
-**GET /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}**
List all object assignments for a object and for a object category.
@@ -520,7 +520,7 @@ Intra-Extension Objects
]
-**POST /intra_extensions/{intra_extension_id}/object_assignments**
+**POST /moon/intra_extensions/{intra_extension_id}/object_assignments**
Add an assignment.
@@ -536,7 +536,7 @@ Intra-Extension Objects
]
-**DELETE /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}/{object_scope_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}/{object_scope_id}**
Delete a object assignment.
@@ -548,7 +548,7 @@ Intra-Extension Objects
Intra-Extension Actions
~~~~~~~~~~~~~~~~~~~~~~~
-**GET /intra_extensions/{intra_extension_id}/actions**
+**GET /moon/intra_extensions/{intra_extension_id}/actions**
List all actions.
@@ -562,7 +562,7 @@ Intra-Extension Actions
}
-**POST /intra_extensions/{intra_extension_id}/actions**
+**POST /moon/intra_extensions/{intra_extension_id}/actions**
List all actions.
@@ -582,7 +582,7 @@ Intra-Extension Actions
}
-**DELETE /intra_extensions/{intra_extension_id}/actions/{action_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/actions/{action_id}**
Delete a action.
@@ -591,7 +591,7 @@ Intra-Extension Actions
return = {}
-**GET /intra_extensions/{intra_extension_id}/action_categories**
+**GET /moon/intra_extensions/{intra_extension_id}/action_categories**
List all action categories.
@@ -605,7 +605,7 @@ Intra-Extension Actions
}
-**POST /intra_extensions/{intra_extension_id}/action_categories**
+**POST /moon/intra_extensions/{intra_extension_id}/action_categories**
Add a new action category.
@@ -623,7 +623,7 @@ Intra-Extension Actions
}
-**DELETE /intra_extensions/{intra_extension_id}/action_categories/{action_category_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/action_categories/{action_category_id}**
Delete a action category.
@@ -632,7 +632,7 @@ Intra-Extension Actions
return = {}
-**GET /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}**
List all action scopes for a specific action category.
@@ -646,7 +646,7 @@ Intra-Extension Actions
}
-**POST /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}**
+**POST /moon/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}**
Add a new action scope for a specific action category.
@@ -664,7 +664,7 @@ Intra-Extension Actions
}
-**DELETE /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}**
Delete a action scope.
@@ -673,7 +673,7 @@ Intra-Extension Actions
return = {}
-**GET /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}**
List all action assignments for a action and for a action category.
@@ -684,7 +684,7 @@ Intra-Extension Actions
]
-**POST /intra_extensions/{intra_extension_id}/action_assignments**
+**POST /moon/intra_extensions/{intra_extension_id}/action_assignments**
Add an assignment.
@@ -700,7 +700,7 @@ Intra-Extension Actions
]
-**DELETE /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}/{action_scope_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}/{action_scope_id}**
Delete a action assignment.
@@ -712,7 +712,7 @@ Intra-Extension Actions
Intra-Extension Rules
~~~~~~~~~~~~~~~~~~~~~
-**GET /intra_extensions/{intra_extension_id}/aggregation_algorithm**
+**GET /moon/intra_extensions/{intra_extension_id}/aggregation_algorithm**
List aggregation algorithm for an intra extension.
@@ -726,7 +726,7 @@ Intra-Extension Rules
}
-**POST /intra_extensions/{intra_extension_id}/aggregation_algorithm**
+**POST /moon/intra_extensions/{intra_extension_id}/aggregation_algorithm**
Set the current aggregation algorithm for an intra extension.
@@ -744,7 +744,7 @@ Intra-Extension Rules
}
-**GET /intra_extensions/{intra_extension_id}/sub_meta_rules**
+**GET /moon/intra_extensions/{intra_extension_id}/sub_meta_rules**
Show the current sub meta rules.
@@ -766,7 +766,7 @@ Intra-Extension Rules
return = {}
-**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
Set the current sub meta rule.
@@ -782,7 +782,7 @@ Intra-Extension Rules
return = {}
-**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
+**GET /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
List all rules.
@@ -794,7 +794,7 @@ Intra-Extension Rules
}
-**POST /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
+**POST /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}**
Add a new rule.
@@ -809,7 +809,7 @@ Intra-Extension Rules
return = {}
-**DELETE /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}**
+**DELETE /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}**
Delete a rule.
@@ -821,7 +821,7 @@ Intra-Extension Rules
Logs
~~~~
-**GET /logs/{options}**
+**GET /moon/logs/{options}**
List all logs.
Options can be:
@@ -842,3 +842,22 @@ Logs
"2015-04-15-13:45:23 ..."
]
+Auth
+~~~~
+
+**POST /moon/auth/tokens**
+
+ Add a tenant.
+
+.. code-block:: json
+
+ post = {
+ "username": "name of the user to authenticate",
+ "password": "password of the user to authenticate"
+ }
+ return = {
+ "token": "NEW_TOKEN",
+ "message": "if authentication failed..."
+ }
+
+
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index 0abe31be..248aea34 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -4,12 +4,13 @@
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
from keystone.common import controller
-from keystone.common import dependency
from keystone import config
from keystone.models import token_model
from keystone.contrib.moon.exception import *
from oslo_log import log
from uuid import uuid4
+import requests
+
CONF = config.CONF
LOG = log.getLogger(__name__)
@@ -831,3 +832,40 @@ class Logs(controller.V3Controller):
options = kw.get('options', '')
return self.moonlog_api.get_logs(user_id, options)
+
+class MoonAuth(controller.V3Controller):
+
+ def __init__(self):
+ super(MoonAuth, self).__init__()
+
+ def get_token(self, context, **kw):
+ data_auth = {
+ "auth": {
+ "identity": {
+ "methods": [
+ "password"
+ ],
+ "password": {
+ "user": {
+ "domain": {
+ "id": "Default"
+ },
+ "name": kw['username'],
+ "password": kw['password']
+ }
+ }
+ }
+ }
+ }
+
+ req = requests.post("http://localhost:5000/v3/auth/tokens",
+ json=data_auth,
+ headers={"Content-Type": "application/json"}
+ )
+ if req.status_code not in (200, 201):
+ LOG.error(req.text)
+ else:
+ TOKEN = req.headers['X-Subject-Token']
+ return {"token": TOKEN, 'message': ""}
+ return {"token": None, 'message': req.text}
+
diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py
index fd821a49..c3bb7df0 100644
--- a/keystone-moon/keystone/contrib/moon/routers.py
+++ b/keystone-moon/keystone/contrib/moon/routers.py
@@ -36,6 +36,7 @@ class Routers(wsgi.ComposableRouter):
intra_ext_controller = controllers.IntraExtensions()
tenants_controller = controllers.Tenants()
logs_controller = controllers.Logs()
+ auth_controller = controllers.MoonAuth()
inter_ext_controller = controllers.InterExtensions()
# Configuration route
@@ -480,6 +481,13 @@ class Routers(wsgi.ComposableRouter):
action='get_logs',
conditions=dict(method=['GET']))
+ # Auth route
+ mapper.connect(
+ self.PATH_PREFIX+'/auth/tokens',
+ controller=auth_controller,
+ action='get_token',
+ conditions=dict(method=['POST']))
+
# InterExtensions route
# mapper.connect(
# controller=inter_ext_controller,
diff --git a/keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py b/keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py
new file mode 100644
index 00000000..56132609
--- /dev/null
+++ b/keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py
@@ -0,0 +1,48 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import unittest
+import json
+import requests
+
+
+class AuthTest(unittest.TestCase):
+
+ def setUp(self):
+ self.data_auth = {
+ "username": "",
+ "password": ""
+ }
+
+ def tearDown(self):
+ pass
+
+ def test_authz(self):
+ self.data_auth['username'] = 'admin'
+ self.data_auth['password'] = ''
+ req = requests.post("http://localhost:5000/moon/auth/tokens",
+ json=self.data_auth,
+ headers={"Content-Type": "application/json"}
+ )
+ self.assertIn(req.status_code, (200, 201))
+ result = req.json()
+ self.assertIn("token", result.keys())
+ self.assertEqual(result["token"], None)
+
+ self.data_auth['username'] = 'admin'
+ self.data_auth['password'] = 'nomoresecrete'
+ req = requests.post("http://localhost:5000/moon/auth/tokens",
+ json=self.data_auth,
+ headers={"Content-Type": "application/json"}
+ )
+ self.assertIn(req.status_code, (200, 201))
+ result = req.json()
+ self.assertIn("token", result.keys())
+ self.assertNotEqual(result["token"], None)
+
+if __name__ == "__main__":
+ unittest.main()
+
+