コード例 #1
0
ファイル: exception.py プロジェクト: openstack/marshal 
 def __init__(self, *args, **kwargs):
     self.invalid_property = kwargs.get('property')
     self.message = u._("Failed to validate JSON information: ")
     self.client_message = u._("Provided object does not match "
                               "schema '{schema}': "
                               "{reason}").format(*args, **kwargs)
     self.message = self.message + self.client_message
     super(InvalidObject, self).__init__(*args, **kwargs)
コード例 #2
0
ファイル: auth.py プロジェクト: openstack/marshal 
    def _get_token_from_keystone(self):
        """ Get token from Keystone"""
        token = None
        kms_endpoint = None

        payload = {
            "auth": {
                "identity": {
                    "methods": [
                        "password"
                    ],
                    "password": {
                        "user": {
                            "id": self.lic.user_id,
                            "password": self.lic.user_pass
                        }
                    }
                },
                "scope": {
                    "project": {
                        "id": self.lic.project_id,
                        "domain": {
                            "id": "default"
                        },
                        "name": self.lic.project_name
                    }
                }
            }
        }

        self.json_data = json.dumps(payload)
        hdrs = {
            'Accept': 'application/json',
            'Content-Type': 'application/json; charset=UTF-8'
        }
        pr = requests.post(self.lic.keystone_endpoint,
                           data=json.dumps(payload), headers=hdrs)
        if pr.status_code != 201:
            log_msg = _('Unable to get identity from Keystone.  Response Code\
                         was: '+str(pr.status_code))
            client_msg = _('Marshal was unable to authenticate.')
            raise exception.MarshalHTTPException(log_msg, client_msg,
                                                 pr.status_code)
        else:
            LOG.debug("Successfully authenticated against Keystone.")
        token = pr.headers['X-Subject-Token']
        pr_j = json.loads(pr.content)
        catalog = pr_j['token']['catalog']
        for endpoint in catalog:
            if endpoint.get('type') == 'kms':
                kms_endpoint = endpoint
                break

        return token, kms_endpoint
コード例 #3
0
ファイル: keyRunner.py プロジェクト: openstack/marshal 
    def _get_key_from_kms(self, accept=None):
        if self.kms_type is None or self.kms_type == "barbican":
            if accept:
                headers = {"Accept": accept, "X-Project-Id": self.project_id}
            else:
                headers = {"Accept": "application/json", "X-Project-Id": self.project_id}

            if self.token is not None:
                headers["X-Auth-Token"] = self.token
            key_manager_url = self.kms_endpoint + format(self.key_id)
        elif self.kms_type == "vault":
            if self.token is not None:
                headers = {"Accept": "application/json"}
                headers["X-Vault-Token"] = self.token
            key_manager_url = self.kms_endpoint

        LOG.debug("Calling KMS API at: %s", key_manager_url)

        content = None

        r = requests.get(key_manager_url, headers=headers)
        if r.status_code != 200:
            log_msg = _("Unable to get key from KMS.  Response Code was: " + str(r.status_code))
            client_msg = _("Unable to get key from KMS")
            raise exception.MarshalHTTPException(log_msg, client_msg, r.status_code)
        elif r.content is None or r.content == "" or r.content == "None":
            LOG.info("KMS returned a blank key!")
        else:
            LOG.info("Successfully retrieved key from KMS.")
            content = r.content
        if self.kms_type is None or self.kms_type == "barbican":
            key = content
        elif self.kms_type == "vault":
            try:
                gr_j = json.loads(content)
                key = gr_j["data"]["value"]
            except (ValueError, KeyError, TypeError):
                msg = _("Unable to parse JSON response from Key Manager")
                raise exception.PayloadDecodingError(msg)

        return key
コード例 #4
0
ファイル: config.py プロジェクト: openstack/marshal 
    cfg.StrOpt('kms_get_key_api', default=KMS_API,
               help=('Key management service key retrieval API')),
    cfg.StrOpt('kms_key_id', default=SECRET_ID,
               help=('Key management service key ID')),
    cfg.StrOpt('kms_project_id', default=TENANT_ID,
               help=('Key management service project/tenant ID')),
    cfg.StrOpt('keystone_endpoint', default=KEYSTONE_ENDPOINT,
               help=('Keystone endpoint for authentication'))
]

vol_crypt_opt_group = cfg.OptGroup(name=VOL_CRYPT_GRP_NAME,
                                   title='Volume Encryption Options')

vol_crypt_opts = [
    cfg.StrOpt('action', default='isLuks',
               help=u._('One of: set, unset, isLuks, open, close, format,\
                         status')),
    cfg.StrOpt('dev', default=None,
               help=u._('The target device.')),
    cfg.StrOpt('mn', default=None,
               help=u._('The managed name for the device.')),
    cfg.StrOpt('lf', default='license.json',
               help=u._('The key license file.')),
    # Direct keyfile input not supported at this time for security reasons.
    # cfg.StrOpt('kf', default=None,
    #           help=u._('The key file.')),
    cfg.IntOpt('ks', default=256,
               help=u._('Limits the key size to the specified number of bytes.\
                        ')),
    cfg.StrOpt('ci', default='aes-cbc-essiv:sha256',
               help=u._('Cipher. The encryption algorithm.'))
]