def authenticate(self, method, identifier, tenant, cloud_name):
''' OpenStack authentication against keystone this should probably be
replaced to actually use the keystoneclient. Fetches the username pw
from the database, we would like to replace this with ldap. If can't
connect or there is an error return None'''
logger = logging.getLogger('tukey-auth')
username, password = auth_db.userInfo(method, identifier, cloud_name)
creds = {
"username": username,
"password": password
}
wrapped_creds = {
"auth":
{
"tenantName": tenant,
"passwordCredentials": creds
}
}
body = json.dumps(wrapped_creds)
headers = {
'Content-Length': len(body),
'Host': self.keystone_host + ':' + str(self.keystone_port),
'User-Agent': 'python-keystoneclient',
'Content-Type': 'application/json',
'Accept-Encoding': 'gzip, deflate'
}
conn = httplib.HTTPConnection(self.keystone_host, self.keystone_port)
try:
conn.request("POST", "/v2.0/tokens", body, headers)
res = conn.getresponse()
except:
logger.debug("Can't connect to %s %s", self.keystone_host,
self.keystone_port)
return None
logger.debug("status from contacting keystone: %s", res.status)
if res.status != 200:
return None
access = res.read()
conn.close()
access_obj = json.loads(access)
if "access" in access_obj and "serviceCatalog" in access_obj[
"access"] and "tenant" in access_obj["access"]["token"]:
tenant_id = access_obj["access"]["token"]["tenant"]["id"]
access_obj["access"][
"serviceCatalog"] = self._format_service_catalog(
self.url, tenant_id)
return access_obj
def authenticate(self, method, identifier, tenant, cloud_name):
self.username, _ = auth_db.userInfo(method, identifier, cloud_name)
if self.username == '':
return None
fake_id = cloud_name + '-' + self.username
self.tenant_name = fake_id
self.token_id = fake_id
self.tenant_id = fake_id
self.user_id = fake_id
self.expires = self._expiration()
return {"username": self.username}