summaryrefslogtreecommitdiffstats
path: root/keystonemiddleware-moon
diff options
context:
space:
mode:
Diffstat (limited to 'keystonemiddleware-moon')
-rw-r--r--keystonemiddleware-moon/keystonemiddleware/moon_agent.py16
-rw-r--r--keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py11
2 files changed, 15 insertions, 12 deletions
diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_agent.py b/keystonemiddleware-moon/keystonemiddleware/moon_agent.py
index de11e3e5..b21d9dbe 100644
--- a/keystonemiddleware-moon/keystonemiddleware/moon_agent.py
+++ b/keystonemiddleware-moon/keystonemiddleware/moon_agent.py
@@ -95,7 +95,7 @@ class MoonAgentKeystoneMiddleware(object):
self.auth_host = conf.get('auth_host', "127.0.0.1")
self.auth_port = int(conf.get('auth_port', 35357))
auth_protocol = conf.get('auth_protocol', 'http')
- self._request_uri = '%s://%s:%s' % (auth_protocol, self.auth_host, # TODO: ??? for auth or authz
+ self._conf["_request_uri"] = '%s://%s:%s' % (auth_protocol, self.auth_host, # TODO: ??? for auth or authz
self.auth_port)
# SSL
@@ -104,16 +104,18 @@ class MoonAgentKeystoneMiddleware(object):
key_file = conf.get('keyfile')
if insecure:
- self._verify = False
+ self._conf["_verify"] = False
elif cert_file and key_file:
- self._verify = (cert_file, key_file)
+ self._conf["_verify"] = (cert_file, key_file)
elif cert_file:
- self._verify = cert_file
+ self._conf["_verify"] = cert_file
else:
- self._verify = None
+ self._conf["_verify"] = None
# Moon registered mgrs
self.local_registered_mgr_dict = dict() # TODO: load from the sql backend
+ from keystonemiddleware.moon_mgrs.authz_mgr.authz_mgr import AuthzMgr
+ self.local_registered_mgr_dict["authz_mgr"] = AuthzMgr(self._conf)
def __set_token(self):
data = self.get_url("/v3/auth/tokens", post_data=self.post_data)
@@ -283,13 +285,13 @@ class MoonAgentKeystoneMiddleware(object):
self.__set_token()
for _mgr in self.local_registered_mgr_dict: # TODO: update from the sql backend
- self.local_registered_mgr_dict[_mgr]['response_content'] = \
+ self.local_registered_mgr_dict[_mgr].response_content = \
json.loads(self.local_registered_mgr_dict[_mgr].treat_request(self.x_subject_token, agent_data).content)
self.__unset_token()
aggregate_result = 1
for _mgr in self.local_registered_mgr_dict:
- if not self.local_registered_mgr_dict[_mgr]['response_content']:
+ if not self.local_registered_mgr_dict[_mgr].response_content:
aggregate_result = 0
if aggregate_result:
diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py
index af519225..0d81a790 100644
--- a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py
+++ b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py
@@ -38,6 +38,8 @@ class AuthzMgr(object):
authz_mgr_fh = logging.FileHandler(CONF.moon_authz_mgr["authz_mgr_logfile"])
self._LOG.setLevel(logging.DEBUG)
self._LOG.addHandler(authz_mgr_fh)
+ self._conf = conf
+ self.response_content = ""
def _deny_request(self, code):
error_table = {
@@ -57,7 +59,6 @@ class AuthzMgr(object):
resp.body = error_msg
return resp
-
def treat_request(self, auth_token, agent_data):
if not agent_data['resource_id']:
agent_data['resource_id'] = "servers"
@@ -65,8 +66,8 @@ class AuthzMgr(object):
headers = {'X-Auth-Token': auth_token}
self._LOG.debug('X-Auth-Token={}'.format(auth_token))
try:
- _url ='{}/v3/OS-MOON/authz/{}/{}/{}/{}'.format(
- self._request_uri,
+ _url = '{}/moon/authz/{}/{}/{}/{}'.format(
+ self._conf["_request_uri"],
agent_data['tenant_id'],
agent_data['user_id'],
agent_data['resource_id'],
@@ -74,7 +75,7 @@ class AuthzMgr(object):
self._LOG.info(_url)
response = requests.get(_url,
headers=headers,
- verify=self._verify)
+ verify=self._conf["_verify"])
except requests.exceptions.RequestException as e:
self._LOG.error(_LI('HTTP connection exception: %s'), e)
resp = self._deny_request('InvalidURI')
@@ -93,7 +94,7 @@ class AuthzMgr(object):
elif response.status_code == 200:
answer = json.loads(response.content)
- self._LOG.debug("action_id={}/{}".format(agent_data['OS_component'] , agent_data['action_id']))
+ self._LOG.debug("action_id={}/{}".format(agent_data['OS_component'], agent_data['action_id']))
self._LOG.debug(answer)
if "authz" in answer and answer["authz"]:
return response