# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os.path
from keystone.catalog.backends import kvs
from keystone.catalog import core
from keystone.common import logging
from keystone import config
LOG = logging.getLogger(__name__)
CONF = config.CONF
config.register_str('template_file',
default='default_catalog.templates',
group='catalog')
def parse_templates(template_lines):
o = {}
for line in template_lines:
if ' = ' not in line:
continue
k, v = line.strip().split(' = ')
if not k.startswith('catalog.'):
continue
parts = k.split('.')
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone import config
from keystone.common import logging
from keystone.catalog.backends import kvs
LOG = logging.getLogger('keystone.catalog.backends.templated')
CONF = config.CONF
config.register_str('template_file', group='catalog')
def parse_templates(template_lines):
o = {}
for line in template_lines:
if ' = ' not in line:
continue
k, v = line.strip().split(' = ')
if not k.startswith('catalog.'):
continue
parts = k.split('.')
region = parts[1]
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os.path
from keystone import config
from keystone.common import logging
from keystone.catalog.backends import kvs
LOG = logging.getLogger(__name__)
CONF = config.CONF
config.register_str('template_file',
default='default_catalog.templates',
group='catalog')
def parse_templates(template_lines):
o = {}
for line in template_lines:
if ' = ' not in line:
continue
k, v = line.strip().split(' = ')
if not k.startswith('catalog.'):
continue
parts = k.split('.')
# under the License.
from __future__ import absolute_import
import copy
import memcache
from keystone.common import utils
from keystone import config
from keystone import exception
from keystone.openstack.common import jsonutils
from keystone import token
CONF = config.CONF
config.register_str('servers', group='memcache', default='localhost:11211')
class Token(token.Driver):
revocation_key = 'revocation-list'
def __init__(self, client=None):
self._memcache_client = client
@property
def client(self):
return self._memcache_client or self._get_memcache_client()
def _get_memcache_client(self):
memcache_servers = CONF.memcache.servers.split(',')
self._memcache_client = memcache.Client(memcache_servers, debug=0)
# for RFC 2307 we need a lookup
if self.group_tree_dn:
conn = self.get_connection()
groups = conn.search_s(self.group_tree_dn,
ldap.SCOPE_ONELEVEL,
"(memberUid=%s)" % user_ldap[1]["uid"][0])
return [g[1]["cn"][0] for g in groups]
return []
#for attr_name in UserApi.attribute_mapping:
# config.register_str(
# "%s_%s_attribute" % (UserApi.options_name, attr_name),
# group="ldap")
# name of systenant
config.register_str("systenant", group="ldap", default="systenant")
# root of the tree containing all group records
config.register_str("group_tree_dn", group="ldap")
class PasswordOnlyIdentity(backends_sql.Identity):
"""A dead simple Identity driver to check the password against
LDAP and do everythign else with the SQL backend"""
def __init__(self):
super(PasswordOnlyIdentity, self).__init__()
self.LDAP_URL = CONF.ldap.url
self.LDAP_USER = CONF.ldap.user
self.LDAP_PASSWORD = CONF.ldap.password
self.suffix = CONF.ldap.suffix
self.systenant = getattr(CONF.ldap, "systenant", "systenant")
# vim: tabstop=4 shiftwidth=4 softtabstop=4
from keystone.identity.backends import sql
from keystone import exception
from keystone import config
import ldap
import uuid
import logging
CONF = config.CONF
LOG = logging.getLogger(__name__)
config.register_str('url', group='ldap_auth', default='ldap://localhost')
config.register_str('ldap_postfix', group='ldap_auth', default='@yourcompany.com')
config.register_str('email_postfix', group='ldap_auth', default='@yourcompany.com')
config.register_str('default_project', group='ldap_auth', default='default')
config.register_str('member_role', group='ldap_auth', default='Member')
class Identity(sql.Identity):
def _check_ldap_password(self, username, password):
url = CONF.ldap_auth.url
conn = ldap.initialize(url)
conn.protocol_version = ldap.VERSION3
try:
conn.simple_bind_s(username + CONF.ldap_auth.ldap_postfix, password)
return True
except ldap.INVALID_CREDENTIALS:
LOG.debug('ldap.INVALID_CREDENTIALS for %s', username)
raise AssertionError('Invalid user / password')
except ldap.SERVER_DOWN:
LOG.debug('ldap.SERVER_DOWN %s', url)
raise AssertionError('Invalid user / password')
for x in user_ldap[1]["memberOf"]]
except (IndexError, KeyError):
return []
# for RFC 2307 we need a lookup
if self.group_tree_dn:
conn = self.get_connection()
groups = conn.search_s(self.group_tree_dn,
ldap.SCOPE_ONELEVEL,
"(memberUid=%s)" % user_ldap[1]["uid"][0])
return [g[1]["cn"][0] for g in groups]
return []
for attr_name in UserApi.attribute_mapping:
config.register_str(
"%s_%s_attribute" % (UserApi.options_name, attr_name),
group="ldap")
# name of systenant
config.register_str("systenant", group="ldap", default="systenant")
# root of the tree containing all group records
config.register_str("group_tree_dn", group="ldap")
class Identity(backends_sql.Identity):
def __init__(self):
super(Identity, self).__init__()
self.LDAP_URL = CONF.ldap.url
self.LDAP_USER = CONF.ldap.user
self.LDAP_PASSWORD = CONF.ldap.password
self.suffix = CONF.ldap.suffix
self.systenant = getattr(CONF.ldap, "systenant", "systenant")
from keystone import token
from keystone.openstack.common import importutils
LOG = logging.getLogger(__name__)
CONF = config.CONF
# registry of authentication methods
AUTH_METHODS = {}
# register method drivers
for method_name in CONF.auth.methods:
try:
config.register_str(method_name, group='auth')
except Exception as e:
# don't care about duplicate error
LOG.warn(e)
def load_auth_method(method_name):
if method_name not in CONF.auth.methods:
raise exception.AuthMethodNotSupported()
driver = CONF.auth.get(method_name)
return importutils.import_object(driver)
def get_auth_method(method_name):
global AUTH_METHODS
if method_name not in AUTH_METHODS:
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone import config
from keystone.common import logging
from keystone.catalog.backends import kvs
LOG = logging.getLogger(__name__)
CONF = config.CONF
config.register_str('template_file', group='catalog')
def parse_templates(template_lines):
o = {}
for line in template_lines:
if ' = ' not in line:
continue
k, v = line.strip().split(' = ')
if not k.startswith('catalog.'):
continue
parts = k.split('.')
region = parts[1]
# License for the specific language governing permissions and limitations
# under the License.
from __future__ import absolute_import
import copy
import memcache
from keystone.common import utils
from keystone import config
from keystone import exception
from keystone.openstack.common import jsonutils
from keystone import token
CONF = config.CONF
config.register_str('servers', group='memcache', default='localhost:11211')
class Token(token.Driver):
revocation_key = 'revocation-list'
def __init__(self, client=None):
self._memcache_client = client
@property
def client(self):
return self._memcache_client or self._get_memcache_client()
def _get_memcache_client(self):
memcache_servers = CONF.memcache.servers.split(',')
self._memcache_client = memcache.Client(memcache_servers, debug=0)
# under the License.
from __future__ import absolute_import
import copy
import memcache
from keystone.common import utils
from keystone import config
from keystone import exception
from keystone.openstack.common import jsonutils
from keystone import token
CONF = config.CONF
config.register_str("servers", group="memcache", default="localhost:11211")
class Token(token.Driver):
revocation_key = "revocation-list"
def __init__(self, client=None):
self._memcache_client = client
@property
def client(self):
return self._memcache_client or self._get_memcache_client()
def _get_memcache_client(self):
memcache_servers = CONF.memcache.servers.split(",")
self._memcache_client = memcache.Client(memcache_servers, debug=0)