def get_credentials(context, tenant, conf=None): # TODO(ssudake21): Add caching support # 1. Cache keystone endpoint # 2. Cache recently used AWS credentials try: if context is None or tenant is None: raise glance_ex.AuthorizationFailure() sc = service_catalog.ServiceCatalogV2(context.service_catalog) region_name = conf.keystone_credentials.region_name credsmgr_endpoint = sc.url_for(service_type='credsmgr', region_name=region_name) token = context.auth_token credsmgr_client = Client(credsmgr_endpoint, token=token) resp, body = credsmgr_client.credentials.credentials_get('aws', tenant) except (EndpointNotFound, credsmgr_ex.HTTPBadGateway, credsmgr_ex.HTTPNotFound): if conf is not None: return get_credentials_from_conf(conf) raise AwsCredentialsNotFound() return body
def _v1_auth(self, token_url): creds = self.creds headers = {} headers['X-Auth-User'] = creds['username'] headers['X-Auth-Key'] = creds['password'] tenant = creds.get('tenant') if tenant: headers['X-Auth-Tenant'] = tenant resp, resp_body = self._do_request(token_url, 'GET', headers=headers) def _management_url(self, resp): for url_header in ('x-image-management-url', 'x-server-management-url', 'x-glance'): try: return resp[url_header] except KeyError as e: not_found = e raise not_found if resp.status in (200, 204): try: if self.configure_via_auth: self.management_url = _management_url(self, resp) self.auth_token = resp['x-auth-token'] except KeyError: raise exceptions.AuthorizationFailure() elif resp.status == 305: raise exceptions.AuthorizationRedirect(uri=resp['location']) elif resp.status == 400: raise exceptions.AuthBadRequest(url=token_url) elif resp.status == 401: raise exceptions.NotAuthenticated() elif resp.status == 404: raise exceptions.AuthUrlNotFound(url=token_url) else: raise Exception(_('Unexpected response: %s') % resp.status)