def authenticate(self, req):
credential_type = utils.detect_credential_type(req)
if credential_type == "passwordCredentials":
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = self.identity_service.authenticate(
auth_with_credentials)
return utils.send_result(200, req, result)
elif credential_type == "token":
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = self.identity_service.\
authenticate_with_unscoped_token(unscoped)
return utils.send_result(200, req, result)
elif credential_type == "OS-KSEC2:ec2Credentials":
return self._authenticate_ec2(req)
elif credential_type == "OS-KSS3:s3Credentials":
return self._authenticate_s3(req)
elif credential_type in ["ec2Credentials", "OS-KSEC2-ec2Credentials"]:
logger.warning('Received EC2 credentials in %s format. Processing '
'may fail. Update the client code sending this '
'format' % credential_type)
return self._authenticate_ec2(req)
else:
raise fault.BadRequestFault("Invalid credentials %s" %
credential_type)
def get_services(self, req):
service_name = req.GET["name"] if "name" in req.GET else None
if service_name:
tenant = self.identity_service.get_service_by_name(
utils.get_auth_token(req), service_name)
return utils.send_result(200, req, tenant)
else:
marker, limit, url = self.get_marker_limit_and_url(req)
services = self.identity_service.get_services(
utils.get_auth_token(req), marker, limit, url)
return utils.send_result(200, req, services)
def get_roles(self, req):
role_name = req.GET["name"] if "name" in req.GET else None
if role_name:
tenant = config.SERVICE.get_role_by_name(
utils.get_auth_token(req), role_name)
return utils.send_result(200, req, tenant)
else:
marker, limit, url = get_marker_limit_and_url(req)
roles = config.SERVICE.get_roles(
utils.get_auth_token(req), marker, limit, url)
return utils.send_result(200, req, roles)
def get_users(self, req):
user_name = req.GET["name"] if "name" in req.GET else None
if user_name:
tenant = self.identity_service.get_user_by_name(
utils.get_auth_token(req), user_name)
return utils.send_result(200, req, tenant)
else:
marker, limit, url = self.get_marker_limit_and_url(req)
users = self.identity_service.get_users(utils.get_auth_token(req),
marker, limit, url)
return utils.send_result(200, req, users)
def __get_all_roles(self, req):
service_id = req.GET["serviceId"] if "serviceId" in req.GET else None
marker, limit, url = self.get_marker_limit_and_url(req)
if service_id:
roles = self.identity_service.get_roles_by_service(
utils.get_auth_token(req), marker, limit, url, service_id)
return utils.send_result(200, req, roles)
else:
roles = self.identity_service.get_roles(utils.get_auth_token(req),
marker, limit, url)
return utils.send_result(200, req, roles)
def get_tenants(self, req):
tenant_name = req.GET["name"] if "name" in req.GET else None
if tenant_name:
tenant = self.identity_service.get_tenant_by_name(utils.get_auth_token(req), tenant_name)
return utils.send_result(200, req, tenant)
else:
marker, limit, url = self.get_marker_limit_and_url(req)
tenants = self.identity_service.get_tenants(
utils.get_auth_token(req), marker, limit, url, self.is_service_operation
)
return utils.send_result(200, req, tenants)
def __get_all_roles(self, req):
service_id = req.GET["serviceId"] if "serviceId" in req.GET else None
marker, limit, url = self.get_marker_limit_and_url(req)
if service_id:
roles = self.identity_service.get_roles_by_service(
utils.get_auth_token(req), marker, limit, url,
service_id)
return utils.send_result(200, req, roles)
else:
roles = self.identity_service.get_roles(
utils.get_auth_token(req), marker, limit, url)
return utils.send_result(200, req, roles)
def get_tenants(self, req):
tenant_name = req.GET["name"] if "name" in req.GET else None
if tenant_name:
tenant = self.identity_service.get_tenant_by_name(
utils.get_auth_token(req), tenant_name)
return utils.send_result(200, req, tenant)
else:
marker, limit, url = self.get_marker_limit_and_url(req)
tenants = self.identity_service.get_tenants(
utils.get_auth_token(req), marker, limit, url,
self.is_service_operation)
return utils.send_result(200, req, tenants)
def __call__(self, env, start_response):
""" Handle incoming request. Transform. And send downstream. """
request = Request(env)
if 'KEYSTONE_API_VERSION' in env and \
env['KEYSTONE_API_VERSION'] == '2.0':
if request.path.startswith("/tokens"):
is_d5_request = False
if request.method == "POST":
try:
auth_with_credentials = \
utils.get_normalized_request_content(
D5AuthWithPasswordCredentials, request)
# Convert request body to Diablo syntax
if request.content_type == "application/xml":
request.body = auth_with_credentials.to_xml()
else:
request.body = auth_with_credentials.to_json()
is_d5_request = True
except:
pass
if is_d5_request:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
auth_data = utils.get_normalized_request_content(
D5toDiabloAuthData, response)
resp = utils.send_result(response.status_int, request,
auth_data)
return resp(env, start_response)
else:
# Pass through
return self.app(env, start_response)
elif request.method == "GET":
if request.path.endswith("/endpoints"):
# Pass through
return self.app(env, start_response)
else:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
validate_data = utils.get_normalized_request_content(
D5ValidateData, response)
resp = utils.send_result(response.status_int, request,
validate_data)
return resp(env, start_response)
# All other calls pass to downstream WSGI component
return self.app(env, start_response)
def __call__(self, env, start_response):
""" Handle incoming request. Transform. And send downstream. """
request = Request(env)
if 'KEYSTONE_API_VERSION' in env and \
env['KEYSTONE_API_VERSION'] == '2.0':
if request.path.startswith("/tokens"):
is_d5_request = False
if request.method == "POST":
try:
auth_with_credentials = \
utils.get_normalized_request_content(
D5AuthWithPasswordCredentials, request)
# Convert request body to Diablo syntax
if request.content_type == "application/xml":
request.body = auth_with_credentials.to_xml()
else:
request.body = auth_with_credentials.to_json()
is_d5_request = True
except:
pass
if is_d5_request:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
auth_data = utils.get_normalized_request_content(
D5toDiabloAuthData, response)
resp = utils.send_result(response.status_int, request,
auth_data)
return resp(env, start_response)
else:
# Pass through
return self.app(env, start_response)
elif request.method == "GET":
if request.path.endswith("/endpoints"):
# Pass through
return self.app(env, start_response)
else:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
validate_data = utils.get_normalized_request_content(
D5ValidateData, response)
resp = utils.send_result(response.status_int, request,
validate_data)
return resp(env, start_response)
# All other calls pass to downstream WSGI component
return self.app(env, start_response)
def delete_token(self, req, token_id):
if CONF.disable_tokens_in_url:
fault.ServiceUnavailableFault()
else:
return utils.send_result(204, req,
self.identity_service.revoke_token(
utils.get_auth_token(req), token_id))
def check_token(self, req, token_id):
"""Validates the token, but only returns a status code (HEAD)"""
if CONF.disable_tokens_in_url:
fault.ServiceUnavailableFault()
else:
self._validate_token(req, token_id)
return utils.send_result(200, req)
def validate_token(self, req, token_id):
belongs_to = req.GET.get("belongsTo", None)
rval = config.SERVICE.validate_token(
utils.get_auth_token(req), token_id, belongs_to)
return utils.send_result(200, req, rval)
def add_endpoint_template(self, req):
endpoint_template = utils.get_normalized_request_content(
EndpointTemplate, req)
return utils.send_result(
201, req,
config.SERVICE.add_endpoint_template(utils.get_auth_token(req),
endpoint_template))
def modify_endpoint_template(self, req, endpoint_template_id):
endpoint_template = utils.\
get_normalized_request_content(EndpointTemplate, req)
return utils.send_result(201, req,
config.SERVICE.modify_endpoint_template(\
utils.get_auth_token(req),
endpoint_template_id, endpoint_template))
def get_billunit(self, req, biller_date):
billunit = config.SERVICE.get_bill_unit(biller_date)
LOG.info(
'keystone controller biller py get_billunit billunit id:%d vcpu:%d ram:%d vdisk: %d date: %s changed_on: %s enabled:%d'
% (billunit.id, billunit.vcpu, billunit.ram, billunit.vdisk,
billunit.date, billunit.changed_on, billunit.enabled))
return utils.send_result(200, req, billunit)
def modify_endpoint_template(self, req, endpoint_template_id):
endpoint_template = utils.\
get_normalized_request_content(EndpointTemplate, req)
return utils.send_result(201, req,
config.SERVICE.modify_endpoint_template(\
utils.get_auth_token(req),
endpoint_template_id, endpoint_template))
def modify_endpoint_template(self, req, endpoint_template_id):
endpoint_template = utils.\
get_normalized_request_content(EndpointTemplate, req)
return utils.send_result(201, req,
self.identity_service.modify_endpoint_template(\
utils.get_auth_token(req),
endpoint_template_id, endpoint_template))
def add_endpoint_template(self, req):
endpoint_template = utils.get_normalized_request_content(
EndpointTemplate, req)
return utils.send_result(
201, req,
self.identity_service.add_endpoint_template(
utils.get_auth_token(req), endpoint_template))
def authenticate_ec2(self, req):
self.request = req
creds = utils.get_normalized_request_content(
auth.Ec2Credentials, req)
return utils.send_result(200, req,
config.SERVICE.authenticate_ec2(creds))
def modify_endpoint_template(self, req, endpoint_template_id):
endpoint_template = utils.\
get_normalized_request_content(EndpointTemplate, req)
return utils.send_result(201, req,
self.identity_service.modify_endpoint_template(\
utils.get_auth_token(req),
endpoint_template_id, endpoint_template))
def validate_token(self, req, token_id):
belongs_to = None
if "belongsTo" in req.GET:
belongs_to = req.GET["belongsTo"]
rval = service.validate_token(utils.get_auth_token(req), token_id, belongs_to)
return utils.send_result(200, req, rval)
def test_send_result_json(self):
self.request.headers["Accept"] = "application/json"
response = utils.send_result(200, self.request, self.auth_data);
self.assertTrue(response.headers['content-type'] == "application/json; charset=UTF-8")
dict = json.loads(response.unicode_body)
self.assertTrue(dict['auth']['user']['username'], 'username');
self.assertTrue(dict['auth']['user']['tenantId'], '12345');
self.assertTrue(dict['auth']['token']['id'], '2231312');
self.assertTrue(dict['auth']['token']['expires'], date.today());
def endpoints(self, req, token_id):
if CONF.disable_tokens_in_url:
fault.ServiceUnavailableFault()
else:
marker, limit, url = self.get_marker_limit_and_url(req)
return utils.send_result(200, req,
self.identity_service.get_endpoints_for_token(
utils.get_auth_token(req),
token_id, marker, limit, url))
def test_send_result_json(self):
self.request.headers["Accept"] = "application/json"
response = utils.send_result(200, self.request, self.auth_data)
self.assertTrue(response.headers["content-type"] == "application/json; charset=UTF-8")
dict = json.loads(response.unicode_body)
self.assertTrue(dict["auth"]["user"]["id"], "id")
self.assertTrue(dict["auth"]["user"]["username"], "username")
self.assertTrue(dict["auth"]["user"]["tenantId"], "12345")
self.assertTrue(dict["auth"]["token"]["id"], "2231312")
self.assertTrue(dict["auth"]["token"]["expires"], datetime.date.today())
def get_endpoint_templates(self, req):
marker, limit, url = self.get_marker_limit_and_url(req)
service_id = req.GET["serviceId"] if "serviceId" in req.GET else None
if service_id:
endpoint_templates = self.identity_service.\
get_endpoint_templates_by_service(
utils.get_auth_token(req), service_id, marker, limit, url)
else:
endpoint_templates = self.identity_service.get_endpoint_templates(
utils.get_auth_token(req), marker, limit, url)
return utils.send_result(200, req, endpoint_templates)
def get_endpoint_templates(self, req):
marker, limit, url = self.get_marker_limit_and_url(req)
service_id = req.GET["serviceId"] if "serviceId" in req.GET else None
if service_id:
endpoint_templates = self.identity_service.\
get_endpoint_templates_by_service(
utils.get_auth_token(req), service_id, marker, limit, url)
else:
endpoint_templates = self.identity_service.get_endpoint_templates(
utils.get_auth_token(req), marker, limit, url)
return utils.send_result(200, req, endpoint_templates)
def create_user_bill(self, req):
LOG.info(
'Before get_normalization Creating creat_instance_bill (self, req,) controller.biller.py'
)
u = utils.get_normalized_request_content(User_Bill, req)
LOG.info(
'Creating creat_instacne (self, req,) controller.biller.py id :%s : name: %s |enable:%s cpu:%s'
% (u.id, u.tenant_id, u.enabled, u.total_vcpu))
return utils.send_result(
201, req,
config.SERVICE.create_user_bill(utils.get_auth_token(req), u))
def create_billunit(self, req):
LOG.info(
'Before get_normalization Creating creat_billunit (self, req,) controller.biller.py'
)
u = utils.get_normalized_request_content(Bill_Unit, req)
LOG.info(
'Creating creat_billunit (self, req,) controller.biller.py :date: %s |enable:%s cpu:%s'
% (u.date, u.enabled, u.vcpu))
return utils.send_result(
201, req,
config.SERVICE.create_bill_unit(utils.get_auth_token(req), u))
def authenticate(self, req):
try:
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = config.SERVICE.authenticate(auth_with_credentials)
except fault.BadRequestFault:
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = config.SERVICE.authenticate_with_unscoped_token(unscoped)
return utils.send_result(200, req, result)
def test_send_result_json(self):
self.request.headers["Accept"] = "application/json"
response = utils.send_result(200, self.request, self.auth_data)
self.assertTrue(response.headers['content-type'] ==
"application/json; charset=UTF-8")
dict = json.loads(response.unicode_body)
self.assertTrue(dict['access']['user']['id'], 'id')
self.assertTrue(dict['access']['user']['username'], 'username')
self.assertTrue(dict['access']['user']['tenantId'], '12345')
self.assertTrue(dict['access']['token']['id'], '2231312')
self.assertTrue(dict['access']['token']['expires'],
datetime.date.today())
def test_send_result_xml(self):
self.request.headers["Accept"] = "application/xml"
response = utils.send_result(200, self.request, self.auth_data);
self.assertTrue(response.headers['content-type'] == "application/xml; charset=UTF-8")
xml = etree.fromstring(response.unicode_body)
user = xml.find("{http://docs.openstack.org/identity/api/v2.0}user")
token = xml.find("{http://docs.openstack.org/identity/api/v2.0}token")
self.assertTrue(user.get("username"), "username")
self.assertTrue(user.get("tenantId"), '12345');
self.assertTrue(token.get("id"), '2231312');
self.assertTrue(token.get("expires"), date.today());
def test_send_result_xml(self):
self.request.headers["Accept"] = "application/xml"
response = utils.send_result(200, self.request, self.auth_data)
self.assertTrue(response.headers['content-type'] ==
"application/xml; charset=UTF-8")
xml = etree.fromstring(response.unicode_body)
user = xml.find("{http://docs.openstack.org/identity/api/v2.0}user")
token = xml.find("{http://docs.openstack.org/identity/api/v2.0}token")
self.assertTrue(user.get("username"), "username")
self.assertTrue(user.get("id"), "id")
self.assertTrue(user.get("tenantId"), '12345')
self.assertTrue(token.get("id"), '2231312')
self.assertTrue(token.get("expires"), datetime.date.today())
def get_tenant_users(self, req, tenant_id):
marker = None
if "marker" in req.GET:
marker = req.GET["marker"]
if "limit" in req.GET:
limit = req.GET["limit"]
else:
limit = 10
url = "%s://%s:%s%s" % (
req.environ["wsgi.url_scheme"],
req.environ.get("SERVER_NAME"),
req.environ.get("SERVER_PORT"),
req.environ["PATH_INFO"],
)
users = service.get_tenant_users(utils.get_auth_token(req), tenant_id, marker, limit, url)
return utils.send_result(200, req, users)
def authenticate(self, req):
try:
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = self.identity_service.authenticate(auth_with_credentials)
except fault.BadRequestFault as e1:
try:
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = self.identity_service.\
authenticate_with_unscoped_token(unscoped)
except fault.BadRequestFault as e2:
if e1.msg == e2.msg:
raise e1
else:
raise fault.BadRequestFault(e1.msg + ' or ' + e2.msg)
return utils.send_result(200, req, result)
def authenticate(self, req):
try:
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = config.SERVICE.authenticate(auth_with_credentials)
except fault.BadRequestFault as e1:
try:
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = config.SERVICE.authenticate_with_unscoped_token(
unscoped)
except fault.BadRequestFault as e2:
if e1.msg == e2.msg:
raise e1
else:
raise fault.BadRequestFault(e1.msg + ' or ' + e2.msg)
return utils.send_result(200, req, result)
def delete_user(self, req, user_id):
rval = self.identity_service.delete_user(utils.get_auth_token(req),
user_id)
return utils.send_result(204, req, rval)
def add_role_to_user(self, req, user_id, role_id, tenant_id=None):
self.identity_service.add_role_to_user(utils.get_auth_token(req),
user_id, role_id, tenant_id)
return utils.send_result(201, None)
def get_user(self, req, user_id):
user = self.identity_service.get_user(utils.get_auth_token(req),
user_id)
return utils.send_result(200, req, user)
def remove_baseurls_from_tenant(self, req, tenant_id, baseurls_ref_id):
rval = service.delete_baseurls_ref(utils.get_auth_token(req),
baseurls_ref_id)
return utils.send_result(204, req, rval)
def create_user(self, req):
u = utils.get_normalized_request_content(User, req)
return utils.send_result(
201, req,
self.identity_service.create_user(utils.get_auth_token(req), u))
def get_user_roles(self, req, user_id, tenant_id=None):
marker, limit, url = self.get_marker_limit_and_url(req)
roles = self.identity_service.get_user_roles(utils.get_auth_token(req),
marker, limit, url,
user_id, tenant_id)
return utils.send_result(200, req, roles)
def add_baseurls_to_tenant(self, req, tenant_id):
baseurl = utils.get_normalized_request_content(baseURLs.BaseURL, req)
return utils.send_result(201, req,
service.create_baseurl_ref_to_tenant(
utils.get_auth_token(req),
tenant_id, baseurl, get_url(req)))
def delete_tenant(self, req, tenant_id):
rval = self.identity_service.delete_tenant(utils.get_auth_token(req),
tenant_id)
return utils.send_result(204, req, rval)
def get_baseurl(self, req, baseURLId):
baseurl = service.get_baseurl(utils.get_auth_token(req), baseURLId)
return utils.send_result(200, req, baseurl)
def delete_role_ref(self, req, user_id, role_ref_id):
rval = config.SERVICE.delete_role_ref(utils.get_auth_token(req),
role_ref_id)
return utils.send_result(204, req, rval)
def get_role(self, req, role_id):
role = self.identity_service.get_role(utils.get_auth_token(req),
role_id)
return utils.send_result(200, req, role)
def create_role_ref(self, req, user_id):
roleRef = utils.get_normalized_request_content(RoleRef, req)
return utils.send_result(201, req, config.SERVICE.create_role_ref(
utils.get_auth_token(req), user_id, roleRef))
def create_role(self, req):
role = utils.get_normalized_request_content(Role, req)
return utils.send_result(201, req,
config.SERVICE.create_role(utils.get_auth_token(req), role))
def delete_role_from_user(self, req, user_id, role_id, tenant_id=None):
self.identity_service.remove_role_from_user(utils.get_auth_token(req),
user_id, role_id,
tenant_id)
return utils.send_result(204, req, None)
def update_user_tenant(self, req, user_id):
user = utils.get_normalized_request_content(User_Update, req)
rval = self.identity_service.set_user_tenant(utils.get_auth_token(req),
user_id, user)
return utils.send_result(200, req, rval)
def get_baseurls_for_tenant(self, req, tenant_id):
marker, limit, url = get_marker_limit_and_url(req)
baseURLRefs = service.get_tenant_baseURLs(utils.get_auth_token(req),
marker, limit, url, tenant_id)
return utils.send_result(200, req, baseURLRefs)
def get_tenant_users(self, req, tenant_id):
marker, limit, url = self.get_marker_limit_and_url(req)
role_id = req.GET["roleId"] if "roleId" in req.GET else None
users = self.identity_service.get_tenant_users(
utils.get_auth_token(req), tenant_id, role_id, marker, limit, url)
return utils.send_result(200, req, users)
def get_token_by_eppn(self, req, eppn):
auth = config.SERVICE.get_token_by_eppn(utils.get_auth_token(req),
eppn)
return utils.send_result(200, req, auth)
def get_role(self, req, role_id):
role = config.SERVICE.get_role(utils.get_auth_token(req), role_id)
return utils.send_result(200, req, role)
def create_tenant(self, req):
tenant = utils.get_normalized_request_content(Tenant, req)
return utils.send_result(201, req,
self.identity_service.create_tenant(utils.get_auth_token(req),
tenant))
def get_role_refs(self, req, user_id):
marker, limit, url = get_marker_limit_and_url(req)
roleRefs = config.SERVICE.get_user_roles(
utils.get_auth_token(req), marker, limit, url, user_id)
return utils.send_result(200, req, roleRefs)
def get_tenant(self, req, tenant_id):
tenant = self.identity_service.get_tenant(utils.get_auth_token(req),
tenant_id)
return utils.send_result(200, req, tenant)
def get_extensions_info(self, req):
return utils.send_result(200, req,
self.extension_reader.get_extensions())
def update_tenant(self, req, tenant_id):
tenant = utils.get_normalized_request_content(Tenant, req)
rval = self.identity_service.update_tenant(utils.get_auth_token(req),
tenant_id, tenant)
return utils.send_result(200, req, rval)