diff options
| author |   WuKong <rebirthmonkey@gmail.com> | 2017-12-23 21:49:35 +0100 |
|---|---|---|
| committer | WuKong <rebirthmonkey@gmail.com> | 2017-12-23 21:49:58 +0100 |
| commit | 1100c66ce03a059ebe7ece9734e799b49b3a5a9e (patch) | |
| tree | a057e7e7511f6675a9327b79e6919f07c5f89f07 /keystonemiddleware-moon/keystonemiddleware/moon_mgrs | |
| parent | 7a4dfdde6314476ae2a1a1c881ff1e3c430f790e (diff) | |
moonv4 cleanup
Change-Id: Icef927f3236d985ac13ff7376f6ce6314b2b39b0
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystonemiddleware-moon/keystonemiddleware/moon_mgrs')
4 files changed, 0 insertions, 107 deletions
diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/__init__.py b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/__init__.py deleted file mode 100644 index 10d80bc9..00000000 --- a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/__init__.py +++ /dev/null @@ -1 +0,0 @@ -__author__ = 'wukong' diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/abe_mgr/__init__.py b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/abe_mgr/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/abe_mgr/__init__.py +++ /dev/null diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/__init__.py b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/__init__.py +++ /dev/null diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py deleted file mode 100644 index 9a0a4009..00000000 --- a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py +++ /dev/null @@ -1,106 +0,0 @@ -import logging -import requests -import six -import webob -import json - -from keystone import exception -from keystonemiddleware.i18n import _, _LC, _LE, _LI, _LW -from oslo_config import cfg - - -_OPTS = [ - cfg.StrOpt('authz_login', - default="admin", - help='Name of the administrator who will connect to the Keystone Moon backends.'), - cfg.StrOpt('authz_password', - default="nomoresecrete", - help='Password of the administrator who will connect to the Keystone Moon backends.'), - cfg.StrOpt('logfile', - default="/tmp/moon_authz_mgr.log", # TODO: update in paste.init - help='File where logs goes.'), - ] - -_MOON_AUTHZ_MGR_GROUP = 'moon_authz_mgr' -CONF = cfg.CONF -CONF.register_opts(_OPTS, group=_MOON_AUTHZ_MGR_GROUP) -CONF.debug = True - - -class ServiceError(Exception): - pass - - -class AuthzMgr(object): - - def __init__(self, conf): - self.conf = conf - self._LOG = logging.getLogger(conf.get('log_name', __name__)) - authz_mgr_fh = logging.FileHandler(self.conf.get('logfile', "/tmp/keystonemiddleware.log")) - self._LOG.setLevel(logging.DEBUG) - self._LOG.addHandler(authz_mgr_fh) - self.response_content = "" - - def _deny_request(self, code): - error_table = { - 'AccessDenied': (401, 'Access denied'), - 'InvalidURI': (400, 'Could not parse the specified URI'), - 'NotFound': (404, 'URI not found'), - 'Error': (500, 'Server error'), - } - resp = webob.Response(content_type='text/xml') - resp.status = error_table[code][0] - error_msg = ('<?xml version="1.0" encoding="UTF-8"?>\r\n' - '<Error>\r\n <Code>%s</Code>\r\n ' - '<Message>%s</Message>\r\n</Error>\r\n' % - (code, error_table[code][1])) - if six.PY3: - error_msg = error_msg.encode() - resp.body = error_msg - return resp - - def treat_request(self, auth_token, agent_data): - if not agent_data['resource_id']: - agent_data['resource_id'] = "servers" - - headers = {'X-Auth-Token': auth_token} - self._LOG.debug('X-Auth-Token={}'.format(auth_token)) - try: - _url = '{}/moon/authz/{}/{}/{}/{}'.format( - self.conf["_request_uri"], - agent_data['tenant_id'], - agent_data['user_id'], - agent_data['resource_id'], - agent_data['action_id']) - self._LOG.info(_url) - response = requests.get(_url, - headers=headers, - verify=self.conf["_verify"]) - except requests.exceptions.RequestException as e: - self._LOG.error(_LI('HTTP connection exception: %s'), e) - resp = self._deny_request('InvalidURI') - raise ServiceError(resp) - - if response.status_code < 200 or response.status_code >= 300: - self._LOG.debug('Keystone reply error: status=%s reason=%s', - response.status_code, response.reason) - if response.status_code == 404: - resp = self._deny_request('NotFound') - elif response.status_code == 401: - resp = self._deny_request('AccessDenied') - else: - resp = self._deny_request('Error') - raise ServiceError(resp) - - elif response.status_code == 200: - answer = json.loads(response.content) - self._LOG.debug("action_id={}/{}".format(agent_data['OS_component'], agent_data['action_id'])) - self._LOG.debug(answer) - if "authz" in answer and answer["authz"]: - return response - self._LOG.error("You are not authorized to do that! ({})".format(unicode(answer["comment"]))) - raise exception.Unauthorized(message="You are not authorized to do that! ({})".format(unicode(answer["comment"]))) - else: - self._LOG.error("Unable to request Moon ({}: {})".format(response.status_code, response.reason)) - - return response |