aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2016-05-10 17:10:46 +0200
committerasteroide <thomas.duval@orange.com>2016-05-10 17:10:46 +0200
commit92fbee760147aef61ceb7e01a1931056c60e08a0 (patch)
treee5b2839e12c91844366e742fd892028678252423 /keystone-moon
parent8d291f5a3de6fdffea6144b4c0f5ed44411285f5 (diff)
Add the ability to retrieve a scoped token with roles associated to that project.
Change-Id: I942ed63ff0a343b786016ad494f0f32b78465c28
Diffstat (limited to 'keystone-moon')
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py39
1 files changed, 36 insertions, 3 deletions
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index 248aea34..b93fc8ae 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -833,11 +833,20 @@ class Logs(controller.V3Controller):
return self.moonlog_api.get_logs(user_id, options)
+@dependency.requires('identity_api', "token_provider_api", "resource_api")
class MoonAuth(controller.V3Controller):
def __init__(self):
super(MoonAuth, self).__init__()
+ def _get_project(self, uuid="", name=""):
+ projects = self.resource_api.list_projects()
+ for project in projects:
+ if uuid and uuid == project['id']:
+ return project
+ elif name and name == project['name']:
+ return project
+
def get_token(self, context, **kw):
data_auth = {
"auth": {
@@ -858,6 +867,21 @@ class MoonAuth(controller.V3Controller):
}
}
+ message = {}
+ if "project" in kw:
+ project = self._get_project(name=kw['project'])
+ if project:
+ data_auth["auth"]["scope"] = dict()
+ data_auth["auth"]["scope"]['project'] = dict()
+ data_auth["auth"]["scope"]['project']['id'] = project['id']
+ else:
+ message = {
+ "error": {
+ "message": "Unable to find project {}".format(kw['project']),
+ "code": 200,
+ "title": "UnScopedToken"
+ }}
+
req = requests.post("http://localhost:5000/v3/auth/tokens",
json=data_auth,
headers={"Content-Type": "application/json"}
@@ -865,7 +889,16 @@ class MoonAuth(controller.V3Controller):
if req.status_code not in (200, 201):
LOG.error(req.text)
else:
- TOKEN = req.headers['X-Subject-Token']
- return {"token": TOKEN, 'message': ""}
- return {"token": None, 'message': req.text}
+ _token = req.headers['X-Subject-Token']
+ _data = req.json()
+ _result = {
+ "token": _token,
+ 'message': message
+ }
+ try:
+ _result["roles"] = map(lambda x: x['name'], _data["token"]["roles"])
+ except KeyError:
+ pass
+ return _result
+ return {"token": None, 'message': req.json()}