diff options
| author |   asteroide <thomas.duval@orange.com> | 2016-05-10 17:10:46 +0200 |
|---|---|---|
| committer | asteroide <thomas.duval@orange.com> | 2016-05-10 17:10:46 +0200 |
| commit | 92fbee760147aef61ceb7e01a1931056c60e08a0 (patch) | |
| tree | e5b2839e12c91844366e742fd892028678252423 | |
| parent | 8d291f5a3de6fdffea6144b4c0f5ed44411285f5 (diff) | |
Add the ability to retrieve a scoped token with roles associated to that project.
Change-Id: I942ed63ff0a343b786016ad494f0f32b78465c28
| -rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 248aea34..b93fc8ae 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -833,11 +833,20 @@ class Logs(controller.V3Controller): return self.moonlog_api.get_logs(user_id, options) +@dependency.requires('identity_api', "token_provider_api", "resource_api") class MoonAuth(controller.V3Controller): def __init__(self): super(MoonAuth, self).__init__() + def _get_project(self, uuid="", name=""): + projects = self.resource_api.list_projects() + for project in projects: + if uuid and uuid == project['id']: + return project + elif name and name == project['name']: + return project + def get_token(self, context, **kw): data_auth = { "auth": { @@ -858,6 +867,21 @@ class MoonAuth(controller.V3Controller): } } + message = {} + if "project" in kw: + project = self._get_project(name=kw['project']) + if project: + data_auth["auth"]["scope"] = dict() + data_auth["auth"]["scope"]['project'] = dict() + data_auth["auth"]["scope"]['project']['id'] = project['id'] + else: + message = { + "error": { + "message": "Unable to find project {}".format(kw['project']), + "code": 200, + "title": "UnScopedToken" + }} + req = requests.post("http://localhost:5000/v3/auth/tokens", json=data_auth, headers={"Content-Type": "application/json"} @@ -865,7 +889,16 @@ class MoonAuth(controller.V3Controller): if req.status_code not in (200, 201): LOG.error(req.text) else: - TOKEN = req.headers['X-Subject-Token'] - return {"token": TOKEN, 'message': ""} - return {"token": None, 'message': req.text} + _token = req.headers['X-Subject-Token'] + _data = req.json() + _result = { + "token": _token, + 'message': message + } + try: + _result["roles"] = map(lambda x: x['name'], _data["token"]["roles"]) + except KeyError: + pass + return _result + return {"token": None, 'message': req.json()} |