From 73be8fe3ec13cbb02a8ed0c488fabfe87b37ad7b Mon Sep 17 00:00:00 2001 From: asteroide Date: Wed, 16 Dec 2015 16:15:22 +0100 Subject: Update and fix the new keystonemiddleware moon manager. Change-Id: I76c318c7b10e9cfc9b134d4cc29daf3e247cdb20 --- keystonemiddleware-moon/keystonemiddleware/moon_agent.py | 16 +++++++++------- .../keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py | 11 ++++++----- 2 files changed, 15 insertions(+), 12 deletions(-) (limited to 'keystonemiddleware-moon') diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_agent.py b/keystonemiddleware-moon/keystonemiddleware/moon_agent.py index de11e3e5..b21d9dbe 100644 --- a/keystonemiddleware-moon/keystonemiddleware/moon_agent.py +++ b/keystonemiddleware-moon/keystonemiddleware/moon_agent.py @@ -95,7 +95,7 @@ class MoonAgentKeystoneMiddleware(object): self.auth_host = conf.get('auth_host', "127.0.0.1") self.auth_port = int(conf.get('auth_port', 35357)) auth_protocol = conf.get('auth_protocol', 'http') - self._request_uri = '%s://%s:%s' % (auth_protocol, self.auth_host, # TODO: ??? for auth or authz + self._conf["_request_uri"] = '%s://%s:%s' % (auth_protocol, self.auth_host, # TODO: ??? for auth or authz self.auth_port) # SSL @@ -104,16 +104,18 @@ class MoonAgentKeystoneMiddleware(object): key_file = conf.get('keyfile') if insecure: - self._verify = False + self._conf["_verify"] = False elif cert_file and key_file: - self._verify = (cert_file, key_file) + self._conf["_verify"] = (cert_file, key_file) elif cert_file: - self._verify = cert_file + self._conf["_verify"] = cert_file else: - self._verify = None + self._conf["_verify"] = None # Moon registered mgrs self.local_registered_mgr_dict = dict() # TODO: load from the sql backend + from keystonemiddleware.moon_mgrs.authz_mgr.authz_mgr import AuthzMgr + self.local_registered_mgr_dict["authz_mgr"] = AuthzMgr(self._conf) def __set_token(self): data = self.get_url("/v3/auth/tokens", post_data=self.post_data) @@ -283,13 +285,13 @@ class MoonAgentKeystoneMiddleware(object): self.__set_token() for _mgr in self.local_registered_mgr_dict: # TODO: update from the sql backend - self.local_registered_mgr_dict[_mgr]['response_content'] = \ + self.local_registered_mgr_dict[_mgr].response_content = \ json.loads(self.local_registered_mgr_dict[_mgr].treat_request(self.x_subject_token, agent_data).content) self.__unset_token() aggregate_result = 1 for _mgr in self.local_registered_mgr_dict: - if not self.local_registered_mgr_dict[_mgr]['response_content']: + if not self.local_registered_mgr_dict[_mgr].response_content: aggregate_result = 0 if aggregate_result: diff --git a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py index af519225..0d81a790 100644 --- a/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py +++ b/keystonemiddleware-moon/keystonemiddleware/moon_mgrs/authz_mgr/authz_mgr.py @@ -38,6 +38,8 @@ class AuthzMgr(object): authz_mgr_fh = logging.FileHandler(CONF.moon_authz_mgr["authz_mgr_logfile"]) self._LOG.setLevel(logging.DEBUG) self._LOG.addHandler(authz_mgr_fh) + self._conf = conf + self.response_content = "" def _deny_request(self, code): error_table = { @@ -57,7 +59,6 @@ class AuthzMgr(object): resp.body = error_msg return resp - def treat_request(self, auth_token, agent_data): if not agent_data['resource_id']: agent_data['resource_id'] = "servers" @@ -65,8 +66,8 @@ class AuthzMgr(object): headers = {'X-Auth-Token': auth_token} self._LOG.debug('X-Auth-Token={}'.format(auth_token)) try: - _url ='{}/v3/OS-MOON/authz/{}/{}/{}/{}'.format( - self._request_uri, + _url = '{}/moon/authz/{}/{}/{}/{}'.format( + self._conf["_request_uri"], agent_data['tenant_id'], agent_data['user_id'], agent_data['resource_id'], @@ -74,7 +75,7 @@ class AuthzMgr(object): self._LOG.info(_url) response = requests.get(_url, headers=headers, - verify=self._verify) + verify=self._conf["_verify"]) except requests.exceptions.RequestException as e: self._LOG.error(_LI('HTTP connection exception: %s'), e) resp = self._deny_request('InvalidURI') @@ -93,7 +94,7 @@ class AuthzMgr(object): elif response.status_code == 200: answer = json.loads(response.content) - self._LOG.debug("action_id={}/{}".format(agent_data['OS_component'] , agent_data['action_id'])) + self._LOG.debug("action_id={}/{}".format(agent_data['OS_component'], agent_data['action_id'])) self._LOG.debug(answer) if "authz" in answer and answer["authz"]: return response -- cgit 1.2.3-korg