diff options
author | Ruan HE <ruan.he@orange.com> | 2016-05-10 19:09:40 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.206> | 2016-05-10 19:09:40 +0000 |
commit | fe8cb3471df875e04a9eddf8aa0eb304f676c9ff (patch) | |
tree | 0894954484031a4172ba550c4812e5afe0538d1d /keystone-moon/keystone | |
parent | 97513870ba30f0dde6df698e4241cd596e3ba8c6 (diff) | |
parent | 92fbee760147aef61ceb7e01a1931056c60e08a0 (diff) |
Merge "Add the ability to retrieve a scoped token with roles associated to that project."
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 248aea34..b93fc8ae 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -833,11 +833,20 @@ class Logs(controller.V3Controller): return self.moonlog_api.get_logs(user_id, options) +@dependency.requires('identity_api', "token_provider_api", "resource_api") class MoonAuth(controller.V3Controller): def __init__(self): super(MoonAuth, self).__init__() + def _get_project(self, uuid="", name=""): + projects = self.resource_api.list_projects() + for project in projects: + if uuid and uuid == project['id']: + return project + elif name and name == project['name']: + return project + def get_token(self, context, **kw): data_auth = { "auth": { @@ -858,6 +867,21 @@ class MoonAuth(controller.V3Controller): } } + message = {} + if "project" in kw: + project = self._get_project(name=kw['project']) + if project: + data_auth["auth"]["scope"] = dict() + data_auth["auth"]["scope"]['project'] = dict() + data_auth["auth"]["scope"]['project']['id'] = project['id'] + else: + message = { + "error": { + "message": "Unable to find project {}".format(kw['project']), + "code": 200, + "title": "UnScopedToken" + }} + req = requests.post("http://localhost:5000/v3/auth/tokens", json=data_auth, headers={"Content-Type": "application/json"} @@ -865,7 +889,16 @@ class MoonAuth(controller.V3Controller): if req.status_code not in (200, 201): LOG.error(req.text) else: - TOKEN = req.headers['X-Subject-Token'] - return {"token": TOKEN, 'message': ""} - return {"token": None, 'message': req.text} + _token = req.headers['X-Subject-Token'] + _data = req.json() + _result = { + "token": _token, + 'message': message + } + try: + _result["roles"] = map(lambda x: x['name'], _data["token"]["roles"]) + except KeyError: + pass + return _result + return {"token": None, 'message': req.json()} |