1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# TODO(morganfainberg): Remove this file and extension in the "O" release as
# it is only used in support of the PKI/PKIz token providers.
import functools
from oslo_config import cfg
import webob
from keystone.common import controller
from keystone.common import dependency
from keystone.common import extension
from keystone.common import json_home
from keystone.common import wsgi
from keystone import exception
CONF = cfg.CONF
EXTENSION_DATA = {
'name': 'OpenStack Simple Certificate API',
'namespace': 'http://docs.openstack.org/identity/api/ext/'
'OS-SIMPLE-CERT/v1.0',
'alias': 'OS-SIMPLE-CERT',
'updated': '2014-01-20T12:00:0-00:00',
'description': 'OpenStack simple certificate retrieval extension',
'links': [
{
'rel': 'describedby',
'type': 'text/html',
'href': 'http://developer.openstack.org/'
'api-ref-identity-v2-ext.html',
}
]}
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
build_resource_relation = functools.partial(
json_home.build_v3_extension_resource_relation,
extension_name='OS-SIMPLE-CERT', extension_version='1.0')
class Routers(wsgi.RoutersBase):
def _construct_url(self, suffix):
return "/OS-SIMPLE-CERT/%s" % suffix
def append_v3_routers(self, mapper, routers):
controller = SimpleCert()
self._add_resource(
mapper, controller,
path=self._construct_url('ca'),
get_action='get_ca_certificate',
rel=build_resource_relation(resource_name='ca_certificate'))
self._add_resource(
mapper, controller,
path=self._construct_url('certificates'),
get_action='list_certificates',
rel=build_resource_relation(resource_name='certificates'))
@dependency.requires('token_provider_api')
class SimpleCert(controller.V3Controller):
def _get_certificate(self, name):
try:
with open(name, 'r') as f:
body = f.read()
except IOError:
raise exception.CertificateFilesUnavailable()
# NOTE(jamielennox): We construct the webob Response ourselves here so
# that we don't pass through the JSON encoding process.
headers = [('Content-Type', 'application/x-pem-file')]
return webob.Response(body=body, headerlist=headers, status="200 OK")
def get_ca_certificate(self, context):
return self._get_certificate(CONF.signing.ca_certs)
def list_certificates(self, context):
return self._get_certificate(CONF.signing.certfile)
|
