summaryrefslogtreecommitdiffstats
path: root/keystonemiddleware-moon
diff options
context:
space:
mode:
authorwukong <rebirthmonkey@gmail.com>2015-11-12 16:56:13 +0100
committerwukong <rebirthmonkey@gmail.com>2015-11-12 16:56:13 +0100
commit6294f9a3c01cc57ce855b31994ce7cc9c258a10d (patch)
treea18a4955f01883aa7d0f0a9d561890760da21307 /keystonemiddleware-moon
parent75bfd60c5ed4053e59cb506c4284b1cc3f442bbc (diff)
keystonemiddleware/authz.py clean up token
Change-Id: I066c4de1abbb635bb954df5423bb250a4f0f22cf Signed-off-by: wukong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystonemiddleware-moon')
-rw-r--r--keystonemiddleware-moon/keystonemiddleware/authz.py89
1 files changed, 6 insertions, 83 deletions
diff --git a/keystonemiddleware-moon/keystonemiddleware/authz.py b/keystonemiddleware-moon/keystonemiddleware/authz.py
index f5f19079..93c0a7da 100644
--- a/keystonemiddleware-moon/keystonemiddleware/authz.py
+++ b/keystonemiddleware-moon/keystonemiddleware/authz.py
@@ -68,33 +68,6 @@ class ServiceError(Exception):
class AuthZProtocol(object):
"""Middleware that handles authenticating client calls."""
- post = {
- "auth": {
- "identity": {
- "methods": [
- "password"
- ],
- "password": {
- "user": {
- "domain": {
- "id": "Default"
- },
- "name": "admin",
- "password": "nomoresecrete"
- }
- }
- },
- "scope": {
- "project": {
- "domain": {
- "id": "Default"
- },
- "name": "demo"
- }
- }
- }
- }
-
def __init__(self, app, conf):
self._LOG = logging.getLogger(conf.get('log_name', __name__))
# FIXME: events are duplicated in log file
@@ -126,52 +99,14 @@ class AuthZProtocol(object):
else:
self._verify = None
- def __set_token(self):
- data = self.get_url("/v3/auth/tokens", post_data=self.post)
- if "token" not in data:
- raise Exception("Authentication problem ({})".format(data))
- self.token = data["token"]
-
- def __unset_token(self):
- data = self.get_url("/v3/auth/tokens", method="DELETE", authtoken=True)
- if "content" in data and len(data["content"]) > 0:
- self._LOG.error("Error while unsetting token {}".format(data["content"]))
- self.token = None
-
- def get_url(self, url, post_data=None, delete_data=None, method="GET", authtoken=None):
- if post_data:
- method = "POST"
- if delete_data:
- method = "DELETE"
- self._LOG.debug("\033[32m{} {}\033[m".format(method, url))
+ def get_url(self, url):
conn = httplib.HTTPConnection(self.auth_host, self.auth_port)
headers = {
"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain,text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
}
- if authtoken:
- if self.x_subject_token:
- if method == "DELETE":
- headers["X-Subject-Token"] = self.x_subject_token
- headers["X-Auth-Token"] = self.x_subject_token
- else:
- headers["X-Auth-Token"] = self.x_subject_token
- if post_data:
- method = "POST"
- headers["Content-type"] = "application/json"
- post_data = json.dumps(post_data)
- conn.request(method, url, post_data, headers=headers)
- elif delete_data:
- method = "DELETE"
- conn.request(method, url, json.dumps(delete_data), headers=headers)
- else:
- conn.request(method, url, headers=headers)
+ conn.request('GET', url, headers=headers)
resp = conn.getresponse()
- headers = resp.getheaders()
- try:
- self.x_subject_token = dict(headers)["x-subject-token"]
- except KeyError:
- pass
content = resp.read()
conn.close()
try:
@@ -197,9 +132,7 @@ class AuthZProtocol(object):
resp.body = error_msg
return resp
- def _get_authz_from_moon(self, auth_token, tenant_id, subject_id, object_id, action_id):
- headers = {'X-Auth-Token': auth_token}
- self._LOG.debug('X-Auth-Token={}'.format(auth_token))
+ def _get_authz_from_moon(self, tenant_id, subject_id, object_id, action_id):
try:
_url ='{}/v3/OS-MOON/authz/{}/{}/{}/{}'.format(
self._request_uri,
@@ -208,9 +141,7 @@ class AuthZProtocol(object):
object_id,
action_id)
self._LOG.info(_url)
- response = requests.get(_url,
- headers=headers,
- verify=self._verify)
+ response = requests.get(_url,verify=self._verify)
except requests.exceptions.RequestException as e:
self._LOG.error(_LI('HTTP connection exception: %s'), e)
resp = self._deny_request('InvalidURI')
@@ -240,7 +171,7 @@ class AuthZProtocol(object):
def _get_action(self, env, component):
""" Find and return the action of the request
- Actually, find only Nova action (start, destroy, pause, unpause, ...)
+ Actually, find only Nova (start, destroy, pause, unpause, ...) and swift actions
:param env: the request
:return: the action or ""
@@ -315,12 +246,6 @@ class AuthZProtocol(object):
def __call__(self, env, start_response):
req = webob.Request(env)
- # token = req.headers.get('X-Auth-Token',
- # req.headers.get('X-Storage-Token'))
- # if not token:
- # self._LOG.error("No token")
- # return self._app(env, start_response)
-
subject_id = env.get("HTTP_X_USER_ID")
if not subject_id:
self._LOG.warning("No subject_id found for {}".format(env.get("PATH_INFO")))
@@ -337,9 +262,7 @@ class AuthZProtocol(object):
if not object_id:
object_id = "servers"
self._LOG.debug("object_id={}".format(object_id))
- self.__set_token()
- resp = self._get_authz_from_moon(self.x_subject_token, tenant_id, subject_id, object_id, action_id)
- self.__unset_token()
+ resp = self._get_authz_from_moon(tenant_id, subject_id, object_id, action_id)
if resp.status_code == 200:
answer = json.loads(resp.content)
self._LOG.debug("action_id={}/{}".format(component, action_id))