aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/contrib/s3
diff options
context:
space:
mode:
authorWuKong <rebirthmonkey@gmail.com>2015-06-30 18:47:29 +0200
committerWuKong <rebirthmonkey@gmail.com>2015-06-30 18:47:29 +0200
commitb8c756ecdd7cced1db4300935484e8c83701c82e (patch)
tree87e51107d82b217ede145de9d9d59e2100725bd7 /keystone-moon/keystone/contrib/s3
parentc304c773bae68fb854ed9eab8fb35c4ef17cf136 (diff)
migrate moon code from github to opnfv
Change-Id: Ice53e368fd1114d56a75271aa9f2e598e3eba604 Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/contrib/s3')
-rw-r--r--keystone-moon/keystone/contrib/s3/__init__.py15
-rw-r--r--keystone-moon/keystone/contrib/s3/core.py73
2 files changed, 88 insertions, 0 deletions
diff --git a/keystone-moon/keystone/contrib/s3/__init__.py b/keystone-moon/keystone/contrib/s3/__init__.py
new file mode 100644
index 00000000..eec77c72
--- /dev/null
+++ b/keystone-moon/keystone/contrib/s3/__init__.py
@@ -0,0 +1,15 @@
+# Copyright 2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystone.contrib.s3.core import * # noqa
diff --git a/keystone-moon/keystone/contrib/s3/core.py b/keystone-moon/keystone/contrib/s3/core.py
new file mode 100644
index 00000000..34095bf4
--- /dev/null
+++ b/keystone-moon/keystone/contrib/s3/core.py
@@ -0,0 +1,73 @@
+# Copyright 2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""Main entry point into the S3 Credentials service.
+
+This service provides S3 token validation for services configured with the
+s3_token middleware to authorize S3 requests.
+
+This service uses the same credentials used by EC2. Refer to the documentation
+for the EC2 module for how to generate the required credentials.
+"""
+
+import base64
+import hashlib
+import hmac
+
+from keystone.common import extension
+from keystone.common import json_home
+from keystone.common import utils
+from keystone.common import wsgi
+from keystone.contrib.ec2 import controllers
+from keystone import exception
+
+EXTENSION_DATA = {
+ 'name': 'OpenStack S3 API',
+ 'namespace': 'http://docs.openstack.org/identity/api/ext/'
+ 's3tokens/v1.0',
+ 'alias': 's3tokens',
+ 'updated': '2013-07-07T12:00:0-00:00',
+ 'description': 'OpenStack S3 API.',
+ 'links': [
+ {
+ 'rel': 'describedby',
+ # TODO(ayoung): needs a description
+ 'type': 'text/html',
+ 'href': 'https://github.com/openstack/identity-api',
+ }
+ ]}
+extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
+
+
+class S3Extension(wsgi.V3ExtensionRouter):
+ def add_routes(self, mapper):
+ controller = S3Controller()
+ # validation
+ self._add_resource(
+ mapper, controller,
+ path='/s3tokens',
+ post_action='authenticate',
+ rel=json_home.build_v3_extension_resource_relation(
+ 's3tokens', '1.0', 's3tokens'))
+
+
+class S3Controller(controllers.Ec2Controller):
+ def check_signature(self, creds_ref, credentials):
+ msg = base64.urlsafe_b64decode(str(credentials['token']))
+ key = str(creds_ref['secret'])
+ signed = base64.encodestring(
+ hmac.new(key, msg, hashlib.sha1).digest()).strip()
+
+ if not utils.auth_str_equal(credentials['signature'], signed):
+ raise exception.Unauthorized('Credential signature mismatch')