def validate_token(self, request, token_id):
"""
Creates a new session for the given tenant_id and token_id
and always returns response code 200.
Docs: http://developer.openstack.org/api-ref-identity-admin-v2.html#admin-validateToken # noqa
"""
request.setResponseCode(200)
session = None
# Attempt to get the session based on tenant_id+token if the optional
# tenant_id is provided; if tenant_id is not provided, then just look
# it up based on the token.
tenant_id = request.args.get(b'belongsTo')
if tenant_id is not None:
tenant_id = tenant_id[0].decode("utf-8")
session = self.core.sessions.session_for_tenant_id(
tenant_id, token_id)
else:
session = self.core.sessions.session_for_token(
token_id
)
response = get_token(
session.tenant_id,
response_token=session.token,
response_user_id=session.user_id,
response_user_name=session.username,
)
if session.impersonator_session_for_token(token_id) is not None:
impersonator_session = session.impersonator_session_for_token(token_id)
response["access"]["RAX-AUTH:impersonator"] = impersonator_user_role(
impersonator_session.user_id,
impersonator_session.username)
if token_id in get_presets["identity"]["token_fail_to_auth"]:
request.setResponseCode(401)
return json.dumps({'itemNotFound':
{'code': 401, 'message': 'Invalid auth token'}})
imp_token = get_presets["identity"]["maas_admin_roles"]
racker_token = get_presets["identity"]["racker_token"]
if token_id in imp_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "123",
"name": "monitoring:service-admin"},
{"id": "234",
"name": "object-store:admin"}]}
if token_id in racker_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "9",
"name": "Racker"}]}
if tenant_id in get_presets["identity"]["observer_role"]:
response["access"]["user"]["roles"] = [
{"id": "observer",
"description": "Global Observer Role.",
"name": "observer"}]
if tenant_id in get_presets["identity"]["creator_role"]:
response["access"]["user"]["roles"] = [
{"id": "creator",
"description": "Global Creator Role.",
"name": "creator"}]
if tenant_id in get_presets["identity"]["admin_role"]:
response["access"]["user"]["roles"] = [
{"id": "admin",
"description": "Global Admin Role.",
"name": "admin"},
{"id": "observer",
"description": "Global Observer Role.",
"name": "observer"}]
# Canned responses to be removed ...
if token_id in get_presets["identity"]["non_dedicated_observer"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id": "12",
"name": "OneTwo",
"roles": [{"id": "1",
"name": "monitoring:observer",
"description": "Monitoring Observer"}]
}
if token_id in get_presets["identity"]["non_dedicated_admin"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id": "34",
"name": "ThreeFour",
"roles": [{"id": "1",
"name": "monitoring:admin",
"description": "Monitoring Admin"},
{"id": "2",
"name": "admin",
"description": "Admin"}]
}
if token_id in get_presets["identity"]["non_dedicated_impersonator"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id": "34",
"name": "ThreeFour",
"roles": [{"id": "1",
"name": "identity:nobody",
"description": "Nobody"}]
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "1",
"name": "monitoring:service-admin"},
{"id": "2",
"name": "object-store:admin"}]
}
if token_id in get_presets["identity"]["non_dedicated_racker"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id": "34",
"name": "ThreeFour",
"roles": [{"id": "1",
"name": "identity:nobody",
"description": "Nobody"}]
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "1",
"name": "Racker"}]
}
if token_id in get_presets["identity"]["dedicated_full_device_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id": "12",
"name": "HybridOneTwo",
"roles": [{"id": "1",
"name": "monitoring:observer",
"tenantId": "hybrid:123456"}],
"RAX-AUTH:contactId": "12"
}
if token_id in get_presets["identity"]["dedicated_account_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id": "34",
"name": "HybridThreeFour",
"roles": [{"id": "1",
"name": "monitoring:creator",
"description": "Monitoring Creator"},
{"id": "2",
"name": "creator",
"description": "Creator"}],
"RAX-AUTH:contactId": "34"
}
if token_id in get_presets["identity"]["dedicated_limited_device_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id": "56",
"name": "HybridFiveSix",
"roles": [{"id": "1",
"name": "monitoring:observer",
"description": "Monitoring Observer"},
{"id": "2",
"name": "observer",
"description": "Observer"}],
"RAX-AUTH:contactId": "56"
}
if token_id in get_presets["identity"]["dedicated_racker"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id": "12",
"name": "HybridOneTwo",
"roles": [{"id": "1",
"name": "identity:nobody",
"description": "Nobody"}],
"RAX-AUTH:contactId": "12"
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "1",
"name": "Racker"}]
}
if token_id in get_presets["identity"]["dedicated_impersonator"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id": "34",
"name": "HybridThreeFour",
"roles": [{"id": "1",
"name": "identity:nobody",
"description": "Nobody"}],
"RAX-AUTH:contactId": "34"
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "1",
"name": "monitoring:service-admin"}]
}
if token_id in get_presets["identity"]["dedicated_non_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id": "78",
"name": "HybridSevenEight",
"roles": [{"id": "1",
"name": "identity:user-admin",
"description": "User admin"}],
"RAX-AUTH:contactId": "78"
}
if token_id in get_presets["identity"]["dedicated_quasi_user_impersonator"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id": "90",
"name": "HybridNineZero",
"roles": [{"id": "1",
"name": "identity:user-admin",
"description": "Admin"},
{"id": "3",
"name": "hybridRole",
"description": "Hybrid Admin",
"tenantId": "hybrid:123456"}]
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "1",
"name": "monitoring:service-admin"}]
}
return json.dumps(response)
def validate_token(self, request, token_id):
"""
Creates a new session for the given tenant_id and token_id
and always returns response code 200.
Docs: http://developer.openstack.org/api-ref-identity-v2.html#admin-tokens
"""
request.setResponseCode(200)
tenant_id = request.args.get('belongsTo')
if tenant_id is not None:
tenant_id = tenant_id[0]
session = self.core.sessions.session_for_tenant_id(tenant_id, token_id)
response = get_token(
session.tenant_id,
response_token=session.token,
response_user_id=session.user_id,
response_user_name=session.username,
)
if session.impersonator_session_for_token(token_id) is not None:
impersonator_session = session.impersonator_session_for_token(token_id)
response["access"]["RAX-AUTH:impersonator"] = impersonator_user_role(
impersonator_session.user_id,
impersonator_session.username)
if token_id in get_presets["identity"]["token_fail_to_auth"]:
request.setResponseCode(401)
return json.dumps({'itemNotFound':
{'code': 401, 'message': 'Invalid auth token'}})
imp_token = get_presets["identity"]["maas_admin_roles"]
racker_token = get_presets["identity"]["racker_token"]
if token_id in imp_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "123",
"name": "monitoring:service-admin"},
{"id": "234",
"name": "object-store:admin"}]}
if token_id in racker_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "9",
"name": "Racker"}]}
if tenant_id in get_presets["identity"]["observer_role"]:
response["access"]["user"]["roles"] = [
{"id": "observer",
"description": "Global Observer Role.",
"name": "observer"}]
if tenant_id in get_presets["identity"]["creator_role"]:
response["access"]["user"]["roles"] = [
{"id": "creator",
"description": "Global Creator Role.",
"name": "creator"}]
if tenant_id in get_presets["identity"]["admin_role"]:
response["access"]["user"]["roles"] = [
{"id": "admin",
"description": "Global Admin Role.",
"name": "admin"},
{"id": "observer",
"description": "Global Observer Role.",
"name": "observer"}]
return json.dumps(response)
def validate_token(self, request, token_id):
"""
Creates a new session for the given tenant_id and token_id
and always returns response code 200.
Docs: http://developer.openstack.org/api-ref-identity-v2.html#admin-tokens
"""
request.setResponseCode(200)
tenant_id = request.args.get("belongsTo")
if tenant_id is not None:
tenant_id = tenant_id[0]
session = self.core.sessions.session_for_tenant_id(tenant_id, token_id)
response = get_token(
session.tenant_id,
response_token=session.token,
response_user_id=session.user_id,
response_user_name=session.username,
)
if session.impersonator_session_for_token(token_id) is not None:
impersonator_session = session.impersonator_session_for_token(token_id)
response["access"]["RAX-AUTH:impersonator"] = impersonator_user_role(
impersonator_session.user_id, impersonator_session.username
)
if token_id in get_presets["identity"]["token_fail_to_auth"]:
request.setResponseCode(401)
return json.dumps({"itemNotFound": {"code": 401, "message": "Invalid auth token"}})
imp_token = get_presets["identity"]["maas_admin_roles"]
racker_token = get_presets["identity"]["racker_token"]
if token_id in imp_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [
{"id": "123", "name": "monitoring:service-admin"},
{"id": "234", "name": "object-store:admin"},
],
}
if token_id in racker_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{"id": "9", "name": "Racker"}],
}
if tenant_id in get_presets["identity"]["observer_role"]:
response["access"]["user"]["roles"] = [
{"id": "observer", "description": "Global Observer Role.", "name": "observer"}
]
if tenant_id in get_presets["identity"]["creator_role"]:
response["access"]["user"]["roles"] = [
{"id": "creator", "description": "Global Creator Role.", "name": "creator"}
]
if tenant_id in get_presets["identity"]["admin_role"]:
response["access"]["user"]["roles"] = [
{"id": "admin", "description": "Global Admin Role.", "name": "admin"},
{"id": "observer", "description": "Global Observer Role.", "name": "observer"},
]
if token_id in get_presets["identity"]["non_dedicated_observer"]:
response["access"]["token"]["tenant"] = {"id": "135790", "name": "135790"}
response["access"]["user"] = {
"name": "OneTwo",
"roles": [{"id": "1", "name": "monitoring:observer", "description": "Monitoring Observer"}],
}
if token_id in get_presets["identity"]["non_dedicated_admin"]:
response["access"]["token"]["tenant"] = {"id": "135790", "name": "135790"}
response["access"]["user"] = {
"name": "ThreeFour",
"roles": [
{"id": "1", "name": "monitoring:admin", "description": "Monitoring Admin"},
{"id": "2", "name": "admin", "description": "Admin"},
],
}
if token_id in get_presets["identity"]["dedicated_full_device_permission_holder"]:
response["access"]["token"]["tenant"] = {"id": "hybrid:123456", "name": "hybrid:123456"}
response["access"]["user"] = {
"id": "12",
"name": "HybridOneTwo",
"roles": [
{"id": "1", "name": "monitoring:observer", "description": "Monitoring Observer"},
{"id": "3", "name": "hybridRole", "description": "Hybrid Admin", "tenantId": "hybrid:123456"},
],
"RAX-AUTH:contactId": "12",
}
if token_id in get_presets["identity"]["dedicated_account_permission_holder"]:
response["access"]["token"]["tenant"] = {"id": "hybrid:123456", "name": "hybrid:123456"}
response["access"]["user"] = {
"id": "34",
"name": "HybridThreeFour",
"roles": [
{"id": "1", "name": "monitoring:creator", "description": "Monitoring Creator"},
{"id": "2", "name": "creator", "description": "Creator"},
],
"RAX-AUTH:contactId": "34",
}
if token_id in get_presets["identity"]["dedicated_limited_device_permission_holder"]:
response["access"]["token"]["tenant"] = {"id": "hybrid:123456", "name": "hybrid:123456"}
response["access"]["user"] = {
"id": "56",
"name": "HybridFiveSix",
"roles": [
{"id": "1", "name": "monitoring:observer", "description": "Monitoring Observer"},
{"id": "2", "name": "observer", "description": "Observer"},
],
"RAX-AUTH:contactId": "56",
}
if token_id in get_presets["identity"]["dedicated_other_account_observer"]:
response["access"]["token"]["tenant"] = {"id": "hybrid:654321", "name": "hybrid:654321"}
response["access"]["user"] = {
"id": "78",
"name": "HybridSevenEight",
"roles": [
{"id": "1", "name": "monitoring:observer", "description": "Observer"},
{"id": "2", "name": "observer", "description": "Observer"},
],
"RAX-AUTH:contactId": "78",
}
if token_id in get_presets["identity"]["dedicated_other_account_admin"]:
response["access"]["token"]["tenant"] = {"id": "hybrid:654321", "name": "hybrid:654321"}
response["access"]["user"] = {
"id": "90",
"name": "HybridNineZero",
"roles": [
{"id": "1", "name": "monitoring:admin", "description": "Admin"},
{"id": "2", "name": "admin", "description": "Admin"},
],
"RAX-AUTH:contactId": "90",
}
return json.dumps(response)
def validate_token(self, request, token_id):
"""
Creates a new session for the given tenant_id and token_id
and always returns response code 200.
`OpenStack Identity v2 Admin Validate Token
<http://developer.openstack.org/api-ref-identity-admin-v2.html#admin-validateToken>`_
"""
request.setResponseCode(200)
session = None
# Attempt to get the session based on tenant_id+token if the optional
# tenant_id is provided; if tenant_id is not provided, then just look
# it up based on the token.
tenant_id = request.args.get(b'belongsTo')
if tenant_id is not None:
tenant_id = tenant_id[0].decode("utf-8")
session = self.core.sessions.session_for_tenant_id(
tenant_id, token_id)
else:
session = self.core.sessions.session_for_token(token_id)
response = get_token(
session.tenant_id,
response_token=session.token,
response_user_id=session.user_id,
response_user_name=session.username,
)
if session.impersonator_session_for_token(token_id) is not None:
impersonator_session = session.impersonator_session_for_token(
token_id)
response["access"][
"RAX-AUTH:impersonator"] = impersonator_user_role(
impersonator_session.user_id,
impersonator_session.username)
if token_id in get_presets["identity"]["token_fail_to_auth"]:
# This is returning a 401 Unauthorized message but in a 404 not_found
# JSON data format. Is there a reason for this? An old OpenStack bug?
request.setResponseCode(401)
return json.dumps({
'itemNotFound': {
'code': 401,
'message': 'Invalid auth token'
}
})
imp_token = get_presets["identity"]["maas_admin_roles"]
racker_token = get_presets["identity"]["racker_token"]
if token_id in imp_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id":
response["access"]["user"]["id"],
"name":
response["access"]["user"]["name"],
"roles": [{
"id": "123",
"name": "monitoring:service-admin"
}, {
"id": "234",
"name": "object-store:admin"
}]
}
if token_id in racker_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{
"id": "9",
"name": "Racker"
}]
}
if tenant_id in get_presets["identity"]["observer_role"]:
response["access"]["user"]["roles"] = [{
"id": "observer",
"description": "Global Observer Role.",
"name": "observer"
}]
if tenant_id in get_presets["identity"]["creator_role"]:
response["access"]["user"]["roles"] = [{
"id": "creator",
"description": "Global Creator Role.",
"name": "creator"
}]
if tenant_id in get_presets["identity"]["admin_role"]:
response["access"]["user"]["roles"] = [{
"id": "admin",
"description": "Global Admin Role.",
"name": "admin"
}, {
"id": "observer",
"description": "Global Observer Role.",
"name": "observer"
}]
# Canned responses to be removed ...
if token_id in get_presets["identity"]["non_dedicated_observer"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id":
"12",
"name":
"OneTwo",
"roles": [{
"id": "1",
"name": "monitoring:observer",
"description": "Monitoring Observer"
}]
}
if token_id in get_presets["identity"]["non_dedicated_admin"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id":
"34",
"name":
"ThreeFour",
"roles": [{
"id": "1",
"name": "monitoring:admin",
"description": "Monitoring Admin"
}, {
"id": "2",
"name": "admin",
"description": "Admin"
}]
}
if token_id in get_presets["identity"]["non_dedicated_impersonator"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id":
"34",
"name":
"ThreeFour",
"roles": [{
"id": "1",
"name": "identity:nobody",
"description": "Nobody"
}]
}
response["access"]["RAX-AUTH:impersonator"] = {
"id":
response["access"]["user"]["id"],
"name":
response["access"]["user"]["name"],
"roles": [{
"id": "1",
"name": "monitoring:service-admin"
}, {
"id": "2",
"name": "object-store:admin"
}]
}
if token_id in get_presets["identity"]["non_dedicated_racker"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"id":
"34",
"name":
"ThreeFour",
"roles": [{
"id": "1",
"name": "identity:nobody",
"description": "Nobody"
}]
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{
"id": "1",
"name": "Racker"
}]
}
if token_id in get_presets["identity"][
"dedicated_full_device_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"12",
"name":
"HybridOneTwo",
"roles": [{
"id": "1",
"name": "monitoring:observer",
"tenantId": "hybrid:123456"
}],
"RAX-AUTH:contactId":
"12"
}
if token_id in get_presets["identity"][
"dedicated_account_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"34",
"name":
"HybridThreeFour",
"roles": [{
"id": "1",
"name": "monitoring:creator",
"description": "Monitoring Creator"
}, {
"id": "2",
"name": "creator",
"description": "Creator"
}],
"RAX-AUTH:contactId":
"34"
}
if token_id in get_presets["identity"][
"dedicated_limited_device_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"56",
"name":
"HybridFiveSix",
"roles": [{
"id": "1",
"name": "monitoring:observer",
"description": "Monitoring Observer"
}, {
"id": "2",
"name": "observer",
"description": "Observer"
}],
"RAX-AUTH:contactId":
"56"
}
if token_id in get_presets["identity"]["dedicated_racker"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"12",
"name":
"HybridOneTwo",
"roles": [{
"id": "1",
"name": "identity:nobody",
"description": "Nobody"
}],
"RAX-AUTH:contactId":
"12"
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{
"id": "1",
"name": "Racker"
}]
}
if token_id in get_presets["identity"]["dedicated_impersonator"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"34",
"name":
"HybridThreeFour",
"roles": [{
"id": "1",
"name": "identity:nobody",
"description": "Nobody"
}],
"RAX-AUTH:contactId":
"34"
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{
"id": "1",
"name": "monitoring:service-admin"
}]
}
if token_id in get_presets["identity"][
"dedicated_non_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"78",
"name":
"HybridSevenEight",
"roles": [{
"id": "1",
"name": "identity:user-admin",
"description": "User admin"
}],
"RAX-AUTH:contactId":
"78"
}
if token_id in get_presets["identity"][
"dedicated_quasi_user_impersonator"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"90",
"name":
"HybridNineZero",
"roles": [{
"id": "1",
"name": "identity:user-admin",
"description": "Admin"
}, {
"id": "3",
"name": "hybridRole",
"description": "Hybrid Admin",
"tenantId": "hybrid:123456"
}]
}
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{
"id": "1",
"name": "monitoring:service-admin"
}]
}
return json.dumps(response)
def validate_token(self, request, token_id):
"""
Creates a new session for the given tenant_id and token_id
and always returns response code 200.
Docs: http://developer.openstack.org/api-ref-identity-v2.html#admin-tokens
"""
request.setResponseCode(200)
tenant_id = request.args.get('belongsTo')
if tenant_id is not None:
tenant_id = tenant_id[0]
session = self.core.sessions.session_for_tenant_id(tenant_id, token_id)
response = get_token(
session.tenant_id,
response_token=session.token,
response_user_id=session.user_id,
response_user_name=session.username,
)
if session.impersonator_session_for_token(token_id) is not None:
impersonator_session = session.impersonator_session_for_token(
token_id)
response["access"][
"RAX-AUTH:impersonator"] = impersonator_user_role(
impersonator_session.user_id,
impersonator_session.username)
if token_id in get_presets["identity"]["token_fail_to_auth"]:
request.setResponseCode(401)
return json.dumps({
'itemNotFound': {
'code': 401,
'message': 'Invalid auth token'
}
})
imp_token = get_presets["identity"]["maas_admin_roles"]
racker_token = get_presets["identity"]["racker_token"]
if token_id in imp_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id":
response["access"]["user"]["id"],
"name":
response["access"]["user"]["name"],
"roles": [{
"id": "123",
"name": "monitoring:service-admin"
}, {
"id": "234",
"name": "object-store:admin"
}]
}
if token_id in racker_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{
"id": "9",
"name": "Racker"
}]
}
if tenant_id in get_presets["identity"]["observer_role"]:
response["access"]["user"]["roles"] = [{
"id": "observer",
"description": "Global Observer Role.",
"name": "observer"
}]
if tenant_id in get_presets["identity"]["creator_role"]:
response["access"]["user"]["roles"] = [{
"id": "creator",
"description": "Global Creator Role.",
"name": "creator"
}]
if tenant_id in get_presets["identity"]["admin_role"]:
response["access"]["user"]["roles"] = [{
"id": "admin",
"description": "Global Admin Role.",
"name": "admin"
}, {
"id": "observer",
"description": "Global Observer Role.",
"name": "observer"
}]
return json.dumps(response)
def validate_token(self, request, token_id):
"""
Creates a new session for the given tenant_id and token_id
and always returns response code 200.
Docs: http://developer.openstack.org/api-ref-identity-v2.html#admin-tokens
"""
request.setResponseCode(200)
tenant_id = request.args.get('belongsTo')
if tenant_id is not None:
tenant_id = tenant_id[0]
session = self.core.sessions.session_for_tenant_id(tenant_id, token_id)
response = get_token(
session.tenant_id,
response_token=session.token,
response_user_id=session.user_id,
response_user_name=session.username,
)
if session.impersonator_session_for_token(token_id) is not None:
impersonator_session = session.impersonator_session_for_token(
token_id)
response["access"][
"RAX-AUTH:impersonator"] = impersonator_user_role(
impersonator_session.user_id,
impersonator_session.username)
if token_id in get_presets["identity"]["token_fail_to_auth"]:
request.setResponseCode(401)
return json.dumps({
'itemNotFound': {
'code': 401,
'message': 'Invalid auth token'
}
})
imp_token = get_presets["identity"]["maas_admin_roles"]
racker_token = get_presets["identity"]["racker_token"]
if token_id in imp_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id":
response["access"]["user"]["id"],
"name":
response["access"]["user"]["name"],
"roles": [{
"id": "123",
"name": "monitoring:service-admin"
}, {
"id": "234",
"name": "object-store:admin"
}]
}
if token_id in racker_token:
response["access"]["RAX-AUTH:impersonator"] = {
"id": response["access"]["user"]["id"],
"name": response["access"]["user"]["name"],
"roles": [{
"id": "9",
"name": "Racker"
}]
}
if tenant_id in get_presets["identity"]["observer_role"]:
response["access"]["user"]["roles"] = [{
"id": "observer",
"description": "Global Observer Role.",
"name": "observer"
}]
if tenant_id in get_presets["identity"]["creator_role"]:
response["access"]["user"]["roles"] = [{
"id": "creator",
"description": "Global Creator Role.",
"name": "creator"
}]
if tenant_id in get_presets["identity"]["admin_role"]:
response["access"]["user"]["roles"] = [{
"id": "admin",
"description": "Global Admin Role.",
"name": "admin"
}, {
"id": "observer",
"description": "Global Observer Role.",
"name": "observer"
}]
if token_id in get_presets["identity"]["non_dedicated_observer"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"name":
"OneTwo",
"roles": [{
"id": "1",
"name": "monitoring:observer",
"description": "Monitoring Observer"
}]
}
if token_id in get_presets["identity"]["non_dedicated_admin"]:
response["access"]["token"]["tenant"] = {
"id": "135790",
"name": "135790",
}
response["access"]["user"] = {
"name":
"ThreeFour",
"roles": [{
"id": "1",
"name": "monitoring:admin",
"description": "Monitoring Admin"
}, {
"id": "2",
"name": "admin",
"description": "Admin"
}]
}
if token_id in get_presets["identity"][
"dedicated_full_device_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"12",
"name":
"HybridOneTwo",
"roles": [{
"id": "1",
"name": "monitoring:observer",
"description": "Monitoring Observer"
}, {
"id": "3",
"name": "hybridRole",
"description": "Hybrid Admin",
"tenantId": "hybrid:123456"
}],
"RAX-AUTH:contactId":
"12"
}
if token_id in get_presets["identity"][
"dedicated_account_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"34",
"name":
"HybridThreeFour",
"roles": [{
"id": "1",
"name": "monitoring:creator",
"description": "Monitoring Creator"
}, {
"id": "2",
"name": "creator",
"description": "Creator"
}],
"RAX-AUTH:contactId":
"34"
}
if token_id in get_presets["identity"][
"dedicated_limited_device_permission_holder"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:123456",
"name": "hybrid:123456",
}
response["access"]["user"] = {
"id":
"56",
"name":
"HybridFiveSix",
"roles": [{
"id": "1",
"name": "monitoring:observer",
"description": "Monitoring Observer"
}, {
"id": "2",
"name": "observer",
"description": "Observer"
}],
"RAX-AUTH:contactId":
"56"
}
if token_id in get_presets["identity"][
"dedicated_other_account_observer"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:654321",
"name": "hybrid:654321",
}
response["access"]["user"] = {
"id":
"78",
"name":
"HybridSevenEight",
"roles": [{
"id": "1",
"name": "monitoring:observer",
"description": "Observer"
}, {
"id": "2",
"name": "observer",
"description": "Observer"
}],
"RAX-AUTH:contactId":
"78"
}
if token_id in get_presets["identity"][
"dedicated_other_account_admin"]:
response["access"]["token"]["tenant"] = {
"id": "hybrid:654321",
"name": "hybrid:654321",
}
response["access"]["user"] = {
"id":
"90",
"name":
"HybridNineZero",
"roles": [{
"id": "1",
"name": "monitoring:admin",
"description": "Admin"
}, {
"id": "2",
"name": "admin",
"description": "Admin"
}],
"RAX-AUTH:contactId":
"90"
}
return json.dumps(response)
