From 8d291f5a3de6fdffea6144b4c0f5ed44411285f5 Mon Sep 17 00:00:00 2001 From: asteroide Date: Mon, 25 Apr 2016 11:25:28 +0200 Subject: Add the /moon/auth/tokens API Change-Id: I4c0dd7c0e3f4dcae8d122c466cf93ac28d7c37f6 --- .../doc/source/extensions/moon/moon_api.rst | 137 ++++++++++++--------- keystone-moon/keystone/contrib/moon/controllers.py | 40 +++++- keystone-moon/keystone/contrib/moon/routers.py | 8 ++ .../tests/moon/func/test_func_moon_auth.py | 48 ++++++++ 4 files changed, 173 insertions(+), 60 deletions(-) create mode 100644 keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py (limited to 'keystone-moon') diff --git a/keystone-moon/doc/source/extensions/moon/moon_api.rst b/keystone-moon/doc/source/extensions/moon/moon_api.rst index f2546d4d..6925d6b1 100644 --- a/keystone-moon/doc/source/extensions/moon/moon_api.rst +++ b/keystone-moon/doc/source/extensions/moon/moon_api.rst @@ -3,12 +3,12 @@ Moon API Here are Moon API with some examples of posted data and returned data. -All requests must be prefexied by /v3/OS-MOON. +All requests must be prefexied by /moon/v3/OS-MOON. Authz ----- -**GET /authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}** +**GET /moon/authz/{tenant_id}/{subject_k_id}/{object_name}/{action_name}** Authorization API. .. code-block:: json @@ -24,7 +24,7 @@ Intra-Extension API Configuration ~~~~~~~~~~~~~ -**GET /configuration/templates** +**GET /moon/configuration/templates** List all policy templates. @@ -38,7 +38,7 @@ Configuration } -**GET /configuration/aggregation_algorithms** +**GET /moon/configuration/aggregation_algorithms** List all aggregation algorithms. @@ -52,7 +52,7 @@ Configuration } -**GET /configuration/sub_meta_rule_algorithms** +**GET /moon/configuration/sub_meta_rule_algorithms** List all sub meta rule algorithms. @@ -69,7 +69,7 @@ Configuration Tenants ~~~~~~~ -**GET /tenants** +**GET /moon/tenants** List all tenants. @@ -85,7 +85,7 @@ Tenants } -**POST /tenants** +**POST /moon/tenants** Add a tenant. @@ -107,7 +107,7 @@ Tenants } -**POST /tenants/{tenant_id}** +**POST /moon/tenants/{tenant_id}** Show information of one tenant. @@ -123,7 +123,7 @@ Tenants } -**POST /tenants/{tenant_id}** +**POST /moon/tenants/{tenant_id}** Modify a tenant. @@ -145,7 +145,7 @@ Tenants } -**DELETE /tenants/{tenant_id}** +**DELETE /moon/tenants/{tenant_id}** Delete a tenant. @@ -157,7 +157,7 @@ Tenants Intra-Extension ~~~~~~~~~~~~~~~ -**GET /intra_extensions/init** +**GET /moon/intra_extensions/init** Initialize the root Intra_Extension (if needed). @@ -166,7 +166,7 @@ Intra-Extension return = {} -**GET /intra_extensions** +**GET /moon/intra_extensions** List all Intra_Extensions. @@ -180,7 +180,7 @@ Intra-Extension } -**POST /intra_extensions** +**POST /moon/intra_extensions** Create a new Intra_Extension. @@ -195,7 +195,7 @@ Intra-Extension return = {} -**GET /intra_extensions/{intra_extension_id}/** +**GET /moon/intra_extensions/{intra_extension_id}/** Show details about one Intra_Extension. @@ -210,7 +210,7 @@ Intra-Extension } -**DELETE /intra_extensions/{intra_extension_id}/** +**DELETE /moon/intra_extensions/{intra_extension_id}/** Delete an Intra_Extension. @@ -222,7 +222,7 @@ Intra-Extension Intra-Extension Subjects ~~~~~~~~~~~~~~~~~~~~~~~~ -**GET /intra_extensions/{intra_extension_id}/subjects** +**GET /moon/intra_extensions/{intra_extension_id}/subjects** List all subjects. @@ -236,7 +236,7 @@ Intra-Extension Subjects } -**POST /intra_extensions/{intra_extension_id}/subjects** +**POST /moon/intra_extensions/{intra_extension_id}/subjects** List all subjects. @@ -256,7 +256,7 @@ Intra-Extension Subjects } -**DELETE /intra_extensions/{intra_extension_id}/subjects/{subject_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/subjects/{subject_id}** Delete a subject. @@ -265,7 +265,7 @@ Intra-Extension Subjects return = {} -**GET /intra_extensions/{intra_extension_id}/subject_categories** +**GET /moon/intra_extensions/{intra_extension_id}/subject_categories** List all subject categories. @@ -279,7 +279,7 @@ Intra-Extension Subjects } -**POST /intra_extensions/{intra_extension_id}/subject_categories** +**POST /moon/intra_extensions/{intra_extension_id}/subject_categories** Add a new subject category. @@ -297,7 +297,7 @@ Intra-Extension Subjects } -**DELETE /intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/subject_categories/{subject_category_id}** Delete a subject category. @@ -306,7 +306,7 @@ Intra-Extension Subjects return = {} -**GET /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}** +**GET /moon/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}** List all subject scopes for a specific subject category. @@ -320,7 +320,7 @@ Intra-Extension Subjects } -**POST /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}** +**POST /moon/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}** Add a new subject scope for a specific subject category. @@ -338,7 +338,7 @@ Intra-Extension Subjects } -**DELETE /intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}** Delete a subject scope. @@ -347,7 +347,7 @@ Intra-Extension Subjects return = {} -**GET /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}** +**GET /moon/intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}** List all subject assignments for a subject and for a subject category. @@ -358,7 +358,7 @@ Intra-Extension Subjects ] -**POST /intra_extensions/{intra_extension_id}/subject_assignments** +**POST /moon/intra_extensions/{intra_extension_id}/subject_assignments** Add an assignment. @@ -374,7 +374,7 @@ Intra-Extension Subjects ] -**DELETE /intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}** Delete a subject assignment. @@ -386,7 +386,7 @@ Intra-Extension Subjects Intra-Extension Objects ~~~~~~~~~~~~~~~~~~~~~~~ -**GET /intra_extensions/{intra_extension_id}/objects** +**GET /moon/intra_extensions/{intra_extension_id}/objects** List all objects. @@ -400,7 +400,7 @@ Intra-Extension Objects } -**POST /intra_extensions/{intra_extension_id}/objects** +**POST /moon/intra_extensions/{intra_extension_id}/objects** List all objects. @@ -418,7 +418,7 @@ Intra-Extension Objects } -**DELETE /intra_extensions/{intra_extension_id}/objects/{object_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/objects/{object_id}** Delete a object. @@ -427,7 +427,7 @@ Intra-Extension Objects return = {} -**GET /intra_extensions/{intra_extension_id}/object_categories** +**GET /moon/intra_extensions/{intra_extension_id}/object_categories** List all object categories. @@ -441,7 +441,7 @@ Intra-Extension Objects } -**POST /intra_extensions/{intra_extension_id}/object_categories** +**POST /moon/intra_extensions/{intra_extension_id}/object_categories** Add a new object category. @@ -459,7 +459,7 @@ Intra-Extension Objects } -**DELETE /intra_extensions/{intra_extension_id}/object_categories/{object_category_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/object_categories/{object_category_id}** Delete a object category. @@ -468,7 +468,7 @@ Intra-Extension Objects return = {} -**GET /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}** +**GET /moon/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}** List all object scopes for a specific object category. @@ -482,7 +482,7 @@ Intra-Extension Objects } -**POST /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}** +**POST /moon/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}** Add a new object scope for a specific object category. @@ -500,7 +500,7 @@ Intra-Extension Objects } -**DELETE /intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}** Delete a object scope. @@ -509,7 +509,7 @@ Intra-Extension Objects return = {} -**GET /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}** +**GET /moon/intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}** List all object assignments for a object and for a object category. @@ -520,7 +520,7 @@ Intra-Extension Objects ] -**POST /intra_extensions/{intra_extension_id}/object_assignments** +**POST /moon/intra_extensions/{intra_extension_id}/object_assignments** Add an assignment. @@ -536,7 +536,7 @@ Intra-Extension Objects ] -**DELETE /intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}/{object_scope_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/object_assignments/{object_id}/{object_category_id}/{object_scope_id}** Delete a object assignment. @@ -548,7 +548,7 @@ Intra-Extension Objects Intra-Extension Actions ~~~~~~~~~~~~~~~~~~~~~~~ -**GET /intra_extensions/{intra_extension_id}/actions** +**GET /moon/intra_extensions/{intra_extension_id}/actions** List all actions. @@ -562,7 +562,7 @@ Intra-Extension Actions } -**POST /intra_extensions/{intra_extension_id}/actions** +**POST /moon/intra_extensions/{intra_extension_id}/actions** List all actions. @@ -582,7 +582,7 @@ Intra-Extension Actions } -**DELETE /intra_extensions/{intra_extension_id}/actions/{action_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/actions/{action_id}** Delete a action. @@ -591,7 +591,7 @@ Intra-Extension Actions return = {} -**GET /intra_extensions/{intra_extension_id}/action_categories** +**GET /moon/intra_extensions/{intra_extension_id}/action_categories** List all action categories. @@ -605,7 +605,7 @@ Intra-Extension Actions } -**POST /intra_extensions/{intra_extension_id}/action_categories** +**POST /moon/intra_extensions/{intra_extension_id}/action_categories** Add a new action category. @@ -623,7 +623,7 @@ Intra-Extension Actions } -**DELETE /intra_extensions/{intra_extension_id}/action_categories/{action_category_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/action_categories/{action_category_id}** Delete a action category. @@ -632,7 +632,7 @@ Intra-Extension Actions return = {} -**GET /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}** +**GET /moon/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}** List all action scopes for a specific action category. @@ -646,7 +646,7 @@ Intra-Extension Actions } -**POST /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}** +**POST /moon/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}** Add a new action scope for a specific action category. @@ -664,7 +664,7 @@ Intra-Extension Actions } -**DELETE /intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}** Delete a action scope. @@ -673,7 +673,7 @@ Intra-Extension Actions return = {} -**GET /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}** +**GET /moon/intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}** List all action assignments for a action and for a action category. @@ -684,7 +684,7 @@ Intra-Extension Actions ] -**POST /intra_extensions/{intra_extension_id}/action_assignments** +**POST /moon/intra_extensions/{intra_extension_id}/action_assignments** Add an assignment. @@ -700,7 +700,7 @@ Intra-Extension Actions ] -**DELETE /intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}/{action_scope_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/action_assignments/{action_id}/{action_category_id}/{action_scope_id}** Delete a action assignment. @@ -712,7 +712,7 @@ Intra-Extension Actions Intra-Extension Rules ~~~~~~~~~~~~~~~~~~~~~ -**GET /intra_extensions/{intra_extension_id}/aggregation_algorithm** +**GET /moon/intra_extensions/{intra_extension_id}/aggregation_algorithm** List aggregation algorithm for an intra extension. @@ -726,7 +726,7 @@ Intra-Extension Rules } -**POST /intra_extensions/{intra_extension_id}/aggregation_algorithm** +**POST /moon/intra_extensions/{intra_extension_id}/aggregation_algorithm** Set the current aggregation algorithm for an intra extension. @@ -744,7 +744,7 @@ Intra-Extension Rules } -**GET /intra_extensions/{intra_extension_id}/sub_meta_rules** +**GET /moon/intra_extensions/{intra_extension_id}/sub_meta_rules** Show the current sub meta rules. @@ -766,7 +766,7 @@ Intra-Extension Rules return = {} -**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** +**GET /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** Set the current sub meta rule. @@ -782,7 +782,7 @@ Intra-Extension Rules return = {} -**GET /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** +**GET /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** List all rules. @@ -794,7 +794,7 @@ Intra-Extension Rules } -**POST /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** +**POST /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}** Add a new rule. @@ -809,7 +809,7 @@ Intra-Extension Rules return = {} -**DELETE /intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}** +**DELETE /moon/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}** Delete a rule. @@ -821,7 +821,7 @@ Intra-Extension Rules Logs ~~~~ -**GET /logs/{options}** +**GET /moon/logs/{options}** List all logs. Options can be: @@ -842,3 +842,22 @@ Logs "2015-04-15-13:45:23 ..." ] +Auth +~~~~ + +**POST /moon/auth/tokens** + + Add a tenant. + +.. code-block:: json + + post = { + "username": "name of the user to authenticate", + "password": "password of the user to authenticate" + } + return = { + "token": "NEW_TOKEN", + "message": "if authentication failed..." + } + + diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 0abe31be..248aea34 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -4,12 +4,13 @@ # or at 'http://www.apache.org/licenses/LICENSE-2.0'. from keystone.common import controller -from keystone.common import dependency from keystone import config from keystone.models import token_model from keystone.contrib.moon.exception import * from oslo_log import log from uuid import uuid4 +import requests + CONF = config.CONF LOG = log.getLogger(__name__) @@ -831,3 +832,40 @@ class Logs(controller.V3Controller): options = kw.get('options', '') return self.moonlog_api.get_logs(user_id, options) + +class MoonAuth(controller.V3Controller): + + def __init__(self): + super(MoonAuth, self).__init__() + + def get_token(self, context, **kw): + data_auth = { + "auth": { + "identity": { + "methods": [ + "password" + ], + "password": { + "user": { + "domain": { + "id": "Default" + }, + "name": kw['username'], + "password": kw['password'] + } + } + } + } + } + + req = requests.post("http://localhost:5000/v3/auth/tokens", + json=data_auth, + headers={"Content-Type": "application/json"} + ) + if req.status_code not in (200, 201): + LOG.error(req.text) + else: + TOKEN = req.headers['X-Subject-Token'] + return {"token": TOKEN, 'message': ""} + return {"token": None, 'message': req.text} + diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py index fd821a49..c3bb7df0 100644 --- a/keystone-moon/keystone/contrib/moon/routers.py +++ b/keystone-moon/keystone/contrib/moon/routers.py @@ -36,6 +36,7 @@ class Routers(wsgi.ComposableRouter): intra_ext_controller = controllers.IntraExtensions() tenants_controller = controllers.Tenants() logs_controller = controllers.Logs() + auth_controller = controllers.MoonAuth() inter_ext_controller = controllers.InterExtensions() # Configuration route @@ -480,6 +481,13 @@ class Routers(wsgi.ComposableRouter): action='get_logs', conditions=dict(method=['GET'])) + # Auth route + mapper.connect( + self.PATH_PREFIX+'/auth/tokens', + controller=auth_controller, + action='get_token', + conditions=dict(method=['POST'])) + # InterExtensions route # mapper.connect( # controller=inter_ext_controller, diff --git a/keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py b/keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py new file mode 100644 index 00000000..56132609 --- /dev/null +++ b/keystone-moon/keystone/tests/moon/func/test_func_moon_auth.py @@ -0,0 +1,48 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. + +import unittest +import json +import requests + + +class AuthTest(unittest.TestCase): + + def setUp(self): + self.data_auth = { + "username": "", + "password": "" + } + + def tearDown(self): + pass + + def test_authz(self): + self.data_auth['username'] = 'admin' + self.data_auth['password'] = '' + req = requests.post("http://localhost:5000/moon/auth/tokens", + json=self.data_auth, + headers={"Content-Type": "application/json"} + ) + self.assertIn(req.status_code, (200, 201)) + result = req.json() + self.assertIn("token", result.keys()) + self.assertEqual(result["token"], None) + + self.data_auth['username'] = 'admin' + self.data_auth['password'] = 'nomoresecrete' + req = requests.post("http://localhost:5000/moon/auth/tokens", + json=self.data_auth, + headers={"Content-Type": "application/json"} + ) + self.assertIn(req.status_code, (200, 201)) + result = req.json() + self.assertIn("token", result.keys()) + self.assertNotEqual(result["token"], None) + +if __name__ == "__main__": + unittest.main() + + -- cgit 1.2.3-korg