def _wrap(*args, **kwargs):
if X_AUTH_TOKEN_HEADER not in request.headers:
# Unauthorized
logger_api.error("No token in header")
abort(httplib.UNAUTHORIZED)
else:
logger_api.info("Checking token: {}...".format(request.headers[X_AUTH_TOKEN_HEADER]))
try:
token = validate_token(access_token=request.headers[X_AUTH_TOKEN_HEADER])
except Exception as excep:
# The exception could be a json message for the application
# or text message for the keystone client components.
try:
data = json.loads(excep.message)
abort(data['error']['code'], excep.message)
except ValueError:
message = {
"error": {
"message": error_message(excep.message),
"code": httplib.BAD_REQUEST
}
}
abort(httplib.BAD_REQUEST, message)
kwargs['token'] = token
return func(*args, **kwargs)
def _wrap(*args, **kwargs):
if X_AUTH_TOKEN_HEADER not in request.headers:
# Unauthorized
logger_api.error("No token in header")
abort(httplib.UNAUTHORIZED)
else:
logger_api.info("Checking token: {}...".format(
request.headers[X_AUTH_TOKEN_HEADER]))
try:
token = validate_token(
access_token=request.headers[X_AUTH_TOKEN_HEADER])
except Exception as excep:
# The exception could be a json message for the application
# or text message for the keystone client components.
try:
data = json.loads(excep.message)
abort(data['error']['code'], excep.message)
except ValueError:
message = {
"error": {
"message": error_message(excep.message),
"code": httplib.BAD_REQUEST
}
}
abort(httplib.BAD_REQUEST, message)
kwargs['token'] = token
return func(*args, **kwargs)
def get_auth_token(self, username, password, tenant_id, **kwargs):
"""
Init the variables related to authorization, needed to execute tests.
:param username: The admin user name.
:param password: The admin passwrod.
:param tenant_id: The id of the tenant.
:param kwargs: Any other (key,value) parameters passed to the method.
:return: The auth token retrieved.
"""
if AuthorizationManager.auth_token is None:
# Get new auth token
cred_kwargs = {
'auth_url': self.identity_url,
'username': username,
'password': password
}
# Currently, both v2 and v3 Identity API versions are supported
if self.api_version == AUTH_API_V2:
cred_kwargs['tenant_name'] = kwargs.get('tenant_name')
elif self.api_version == AUTH_API_V3:
cred_kwargs['user_domain_name'] = kwargs.get(
'user_domain_name')
# Instantiate a Password object
try:
identity_package = 'keystoneclient.auth.identity.%s' % self.api_version.replace(
'.0', '')
identity_module = __import__(identity_package,
fromlist=['Password'])
password_class = getattr(identity_module, 'Password')
logger_api.debug("Authentication with %s", password_class)
credentials = password_class(**cred_kwargs)
except (ImportError, AttributeError) as e:
raise e
# Get auth token
logger_api.debug("Getting auth token for tenant '%s'...",
tenant_id)
try:
auth_sess = self.session.Session(
auth=credentials, timeout=DEFAULT_REQUEST_TIMEOUT)
AuthorizationManager.auth_token = auth_sess.get_token()
logger_api.debug("Admin token generated:" + self.auth_token)
except (KeystoneClientException, KeystoneConnectionRefused) as e:
logger_api.error("No auth token (%s)", e.message)
raise e
return AuthorizationManager.auth_token
def get_auth_token(self, username, password, tenant_id, **kwargs):
"""
Init the variables related to authorization, needed to execute tests.
:param username: The admin user name.
:param password: The admin passwrod.
:param tenant_id: The id of the tenant.
:param kwargs: Any other (key,value) parameters passed to the method.
:return: The auth token retrieved.
"""
if AuthorizationManager.auth_token is None:
# Get new auth token
cred_kwargs = {
'auth_url': self.identity_url,
'username': username,
'password': password
}
# Currently, both v2 and v3 Identity API versions are supported
if self.api_version == AUTH_API_V2:
cred_kwargs['tenant_name'] = kwargs.get('tenant_name')
elif self.api_version == AUTH_API_V3:
cred_kwargs['user_domain_name'] = kwargs.get('user_domain_name')
# Instantiate a Password object
try:
identity_package = 'keystoneclient.auth.identity.%s' % self.api_version.replace('.0', '')
identity_module = __import__(identity_package, fromlist=['Password'])
password_class = getattr(identity_module, 'Password')
logger_api.debug("Authentication with %s", password_class)
credentials = password_class(**cred_kwargs)
except (ImportError, AttributeError) as e:
raise e
# Get auth token
logger_api.debug("Getting auth token for tenant '%s'...", tenant_id)
try:
auth_sess = self.session.Session(auth=credentials, timeout=DEFAULT_REQUEST_TIMEOUT)
AuthorizationManager.auth_token = auth_sess.get_token()
logger_api.debug("Admin token generated:" + self.auth_token)
except (KeystoneClientException, KeystoneConnectionRefused) as e:
logger_api.error("No auth token (%s)", e.message)
raise e
return AuthorizationManager.auth_token
def check_token(self, admin_token, token):
"""
Checks if a token is valid against a url using an admin token.
:param admin_token: The admin token to check the token.
:param token: The token to be validated.
:return: The result of the validation or error if something was wrong.
"""
logger_api.info("Starting Authentication of token %s ", token)
try:
if not token:
raise Unauthorized("Token is empty")
auth_result = self.get_info_token(admin_token, token)
# Here we should check that the tenant id is the id of the project that we want to check
return auth_result
except Unauthorized as unauth:
logger_api.error(unauth)
raise unauth
except InternalServerError as internalError:
logger_api.error("%s", internalError.message)
raise AuthorizationFailure(
"Token could not have enough permissions to access tenant")
except Exception as ex:
logger_api.error("%s", ex.message)
raise ex
def check_token(self, admin_token, token):
"""
Checks if a token is valid against a url using an admin token.
:param admin_token: The admin token to check the token.
:param token: The token to be validated.
:return: The result of the validation or error if something was wrong.
"""
logger_api.info("Starting Authentication of token %s ", token)
try:
if not token:
raise Unauthorized("Token is empty")
auth_result = self.get_info_token(admin_token, token)
# Here we should check that the tenant id is the id of the project that we want to check
return auth_result
except Unauthorized as unauth:
logger_api.error(unauth)
raise unauth
except InternalServerError as internalError:
logger_api.error("%s", internalError.message)
raise AuthorizationFailure("Token could not have enough permissions to access tenant")
except Exception as ex:
logger_api.error("%s", ex.message)
raise ex
