aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2017-07-26 14:30:23 +0200
committerasteroide <thomas.duval@orange.com>2017-07-26 14:30:23 +0200
commit35ed9ac45deee8ebbf90ea1a47ac311279a12db3 (patch)
tree30738ce8058fc772bc1b8c8ec12fd3576c651364
parent2e22163fa55155796bde4c4491b675a1b31135e5 (diff)
Add authentication features for interface
Change-Id: I722a92784ca0f0dd0f02be9f27ed1bb1e52483be
-rw-r--r--moonv4/moon_utilities/Changelog7
-rw-r--r--moonv4/moon_utilities/moon_utilities/__init__.py2
-rw-r--r--moonv4/moon_utilities/moon_utilities/auth.py76
3 files changed, 83 insertions, 2 deletions
diff --git a/moonv4/moon_utilities/Changelog b/moonv4/moon_utilities/Changelog
index 4857e826..e39a8b53 100644
--- a/moonv4/moon_utilities/Changelog
+++ b/moonv4/moon_utilities/Changelog
@@ -29,4 +29,9 @@ CHANGES
1.1.1
-----
-- Add a missing requirements \ No newline at end of file
+- Add a missing requirements
+
+1.2.0
+-----
+- Add authentication features for interface
+
diff --git a/moonv4/moon_utilities/moon_utilities/__init__.py b/moonv4/moon_utilities/moon_utilities/__init__.py
index 6d434ce7..2c7f8f5c 100644
--- a/moonv4/moon_utilities/moon_utilities/__init__.py
+++ b/moonv4/moon_utilities/moon_utilities/__init__.py
@@ -3,4 +3,4 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.1.1"
+__version__ = "1.2.0"
diff --git a/moonv4/moon_utilities/moon_utilities/auth.py b/moonv4/moon_utilities/moon_utilities/auth.py
new file mode 100644
index 00000000..10dda3ed
--- /dev/null
+++ b/moonv4/moon_utilities/moon_utilities/auth.py
@@ -0,0 +1,76 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import requests
+import time
+from functools import wraps
+from flask import request
+from oslo_log import log as logging
+from moon_utilities import exceptions, configuration
+
+
+LOG = logging.getLogger(__name__)
+KEYSTONE_CONFIG = configuration.get_configuration("openstack/keystone")["openstack/keystone"]
+TOKENS = {}
+
+
+def check_token(token, url=None):
+ _verify = False
+ if KEYSTONE_CONFIG['certificate']:
+ _verify = KEYSTONE_CONFIG['certificate']
+ try:
+ os.environ.pop("http_proxy")
+ os.environ.pop("https_proxy")
+ except KeyError:
+ pass
+ if not url:
+ url = KEYSTONE_CONFIG['url']
+ headers = {
+ "Content-Type": "application/json",
+ 'X-Subject-Token': token,
+ 'X-Auth-Token': token,
+ }
+ if KEYSTONE_CONFIG['check_token'].lower() in ("false", "no", "n"):
+ # TODO (asteroide): must send the admin id
+ return "admin" if not token else token
+ if KEYSTONE_CONFIG['check_token'].lower() in ("yes", "y", "true"):
+ if token in TOKENS:
+ delta = time.mktime(TOKENS[token]["expires_at"]) - time.mktime(time.gmtime())
+ if delta > 0:
+ return TOKENS[token]["user"]
+ raise exceptions.KeystoneError
+ else:
+ req = requests.get("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+ if req.status_code in (200, 201):
+ # Note (asteroide): the time stamps is not in ISO 8601, so it is necessary to delete
+ # characters after the dot
+ token_time = req.json().get("token").get("expires_at").split(".")
+ TOKENS[token] = dict()
+ TOKENS[token]["expires_at"] = time.strptime(token_time[0], "%Y-%m-%dT%H:%M:%S")
+ TOKENS[token]["user"] = req.json().get("token").get("user").get("id")
+ return TOKENS[token]["user"]
+ LOG.error("{} - {}".format(req.status_code, req.text))
+ raise exceptions.KeystoneError
+ elif KEYSTONE_CONFIG['check_token'].lower() == "strict":
+ req = requests.head("{}/auth/tokens".format(url), headers=headers, verify=_verify)
+ if req.status_code in (200, 201):
+ return token
+ LOG.error("{} - {}".format(req.status_code, req.text))
+ raise exceptions.KeystoneError
+ raise exceptions.KeystoneError
+
+
+def check_auth(function):
+ @wraps(function)
+ def wrapper(*args, **kwargs):
+ token = request.headers.get('X-Auth-Token')
+ token = check_token(token)
+ if not token:
+ raise exceptions.AuthException
+ user_id = kwargs.pop("user_id", token)
+ result = function(*args, **kwargs, user_id=user_id)
+ return result
+ return wrapper