def get_credentials(context, tenant, conf=None):
# TODO(ssudake21): Add caching support
# 1. Cache keystone endpoint
# 2. Cache recently used AWS credentials
try:
if context is None or tenant is None:
raise glance_ex.AuthorizationFailure()
sc = service_catalog.ServiceCatalogV2(context.service_catalog)
region_name = conf.keystone_credentials.region_name
credsmgr_endpoint = sc.url_for(service_type='credsmgr',
region_name=region_name)
token = context.auth_token
credsmgr_client = Client(credsmgr_endpoint, token=token)
resp, body = credsmgr_client.credentials.credentials_get('aws', tenant)
except (EndpointNotFound, credsmgr_ex.HTTPBadGateway,
credsmgr_ex.HTTPNotFound):
if conf is not None:
return get_credentials_from_conf(conf)
raise AwsCredentialsNotFound()
return body
def _v1_auth(self, token_url):
creds = self.creds
headers = {}
headers['X-Auth-User'] = creds['username']
headers['X-Auth-Key'] = creds['password']
tenant = creds.get('tenant')
if tenant:
headers['X-Auth-Tenant'] = tenant
resp, resp_body = self._do_request(token_url, 'GET', headers=headers)
def _management_url(self, resp):
for url_header in ('x-image-management-url',
'x-server-management-url',
'x-glance'):
try:
return resp[url_header]
except KeyError as e:
not_found = e
raise not_found
if resp.status in (200, 204):
try:
if self.configure_via_auth:
self.management_url = _management_url(self, resp)
self.auth_token = resp['x-auth-token']
except KeyError:
raise exceptions.AuthorizationFailure()
elif resp.status == 305:
raise exceptions.AuthorizationRedirect(uri=resp['location'])
elif resp.status == 400:
raise exceptions.AuthBadRequest(url=token_url)
elif resp.status == 401:
raise exceptions.NotAuthenticated()
elif resp.status == 404:
raise exceptions.AuthUrlNotFound(url=token_url)
else:
raise Exception(_('Unexpected response: %s') % resp.status)