def authenticate(self, req):
credential_type = utils.detect_credential_type(req)
if credential_type == "passwordCredentials":
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = self.identity_service.authenticate(
auth_with_credentials)
return utils.send_result(200, req, result)
elif credential_type == "token":
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = self.identity_service.\
authenticate_with_unscoped_token(unscoped)
return utils.send_result(200, req, result)
elif credential_type == "OS-KSEC2:ec2Credentials":
return self._authenticate_ec2(req)
elif credential_type == "OS-KSS3:s3Credentials":
return self._authenticate_s3(req)
elif credential_type in ["ec2Credentials", "OS-KSEC2-ec2Credentials"]:
logger.warning('Received EC2 credentials in %s format. Processing '
'may fail. Update the client code sending this '
'format' % credential_type)
return self._authenticate_ec2(req)
else:
raise fault.BadRequestFault("Invalid credentials %s" %
credential_type)
def authenticate(self, req):
try:
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = config.SERVICE.authenticate(auth_with_credentials)
except fault.BadRequestFault:
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = config.SERVICE.authenticate_with_unscoped_token(unscoped)
return utils.send_result(200, req, result)
def __call__(self, env, start_response):
""" Handle incoming request. Transform. And send downstream. """
request = Request(env)
if 'KEYSTONE_API_VERSION' in env and \
env['KEYSTONE_API_VERSION'] == '2.0':
if request.path.startswith("/tokens"):
is_d5_request = False
if request.method == "POST":
try:
auth_with_credentials = \
utils.get_normalized_request_content(
D5AuthWithPasswordCredentials, request)
# Convert request body to Diablo syntax
if request.content_type == "application/xml":
request.body = auth_with_credentials.to_xml()
else:
request.body = auth_with_credentials.to_json()
is_d5_request = True
except:
pass
if is_d5_request:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
auth_data = utils.get_normalized_request_content(
D5toDiabloAuthData, response)
resp = utils.send_result(response.status_int, request,
auth_data)
return resp(env, start_response)
else:
# Pass through
return self.app(env, start_response)
elif request.method == "GET":
if request.path.endswith("/endpoints"):
# Pass through
return self.app(env, start_response)
else:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
validate_data = utils.get_normalized_request_content(
D5ValidateData, response)
resp = utils.send_result(response.status_int, request,
validate_data)
return resp(env, start_response)
# All other calls pass to downstream WSGI component
return self.app(env, start_response)
def __call__(self, env, start_response):
""" Handle incoming request. Transform. And send downstream. """
request = Request(env)
if 'KEYSTONE_API_VERSION' in env and \
env['KEYSTONE_API_VERSION'] == '2.0':
if request.path.startswith("/tokens"):
is_d5_request = False
if request.method == "POST":
try:
auth_with_credentials = \
utils.get_normalized_request_content(
D5AuthWithPasswordCredentials, request)
# Convert request body to Diablo syntax
if request.content_type == "application/xml":
request.body = auth_with_credentials.to_xml()
else:
request.body = auth_with_credentials.to_json()
is_d5_request = True
except:
pass
if is_d5_request:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
auth_data = utils.get_normalized_request_content(
D5toDiabloAuthData, response)
resp = utils.send_result(response.status_int, request,
auth_data)
return resp(env, start_response)
else:
# Pass through
return self.app(env, start_response)
elif request.method == "GET":
if request.path.endswith("/endpoints"):
# Pass through
return self.app(env, start_response)
else:
response = request.get_response(self.app)
#Handle failures.
if not str(response.status).startswith('20'):
return response(env, start_response)
validate_data = utils.get_normalized_request_content(
D5ValidateData, response)
resp = utils.send_result(response.status_int, request,
validate_data)
return resp(env, start_response)
# All other calls pass to downstream WSGI component
return self.app(env, start_response)
def add_endpoint_template(self, req):
endpoint_template = utils.get_normalized_request_content(
EndpointTemplate, req)
return utils.send_result(
201, req,
config.SERVICE.add_endpoint_template(utils.get_auth_token(req),
endpoint_template))
def add_endpoint_template(self, req):
endpoint_template = utils.get_normalized_request_content(
EndpointTemplate, req)
return utils.send_result(
201, req,
self.identity_service.add_endpoint_template(
utils.get_auth_token(req), endpoint_template))
def authenticate_ec2(self, req):
self.request = req
creds = utils.get_normalized_request_content(
auth.Ec2Credentials, req)
return utils.send_result(200, req,
config.SERVICE.authenticate_ec2(creds))
def get_token_by(self, req):
try:
cred = utils.get_normalized_request_content(token_by.TokenBy, req)
if cred.by_type == 'email':
return self.get_token_by_email(req, cred.key)
elif cred.by_type == 'eppn':
return self.get_token_by_eppn(req, cred.key)
except KeyError:
raise fault.UnauthorizedFault("bad request email or eppn")
def authenticate(self, req):
try:
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = config.SERVICE.authenticate(auth_with_credentials)
except fault.BadRequestFault as e1:
try:
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = config.SERVICE.authenticate_with_unscoped_token(
unscoped)
except fault.BadRequestFault as e2:
if e1.msg == e2.msg:
raise e1
else:
raise fault.BadRequestFault(e1.msg + ' or ' + e2.msg)
return utils.send_result(200, req, result)
def authenticate(self, req):
try:
auth_with_credentials = utils.get_normalized_request_content(
auth.AuthWithPasswordCredentials, req)
result = self.identity_service.authenticate(auth_with_credentials)
except fault.BadRequestFault as e1:
try:
unscoped = utils.get_normalized_request_content(
auth.AuthWithUnscopedToken, req)
result = self.identity_service.\
authenticate_with_unscoped_token(unscoped)
except fault.BadRequestFault as e2:
if e1.msg == e2.msg:
raise e1
else:
raise fault.BadRequestFault(e1.msg + ' or ' + e2.msg)
return utils.send_result(200, req, result)
def get_token_by(self, req):
try:
cred = utils.get_normalized_request_content(
token_by.TokenBy, req)
if cred.by_type == 'email':
return self.get_token_by_email(req, cred.key)
elif cred.by_type == 'eppn':
return self.get_token_by_eppn(req, cred.key)
except KeyError:
raise fault.UnauthorizedFault("bad request email or eppn")
def create_billunit(self, req):
LOG.info(
'Before get_normalization Creating creat_billunit (self, req,) controller.biller.py'
)
u = utils.get_normalized_request_content(Bill_Unit, req)
LOG.info(
'Creating creat_billunit (self, req,) controller.biller.py :date: %s |enable:%s cpu:%s'
% (u.date, u.enabled, u.vcpu))
return utils.send_result(
201, req,
config.SERVICE.create_bill_unit(utils.get_auth_token(req), u))
def create_user_bill(self, req):
LOG.info(
'Before get_normalization Creating creat_instance_bill (self, req,) controller.biller.py'
)
u = utils.get_normalized_request_content(User_Bill, req)
LOG.info(
'Creating creat_instacne (self, req,) controller.biller.py id :%s : name: %s |enable:%s cpu:%s'
% (u.id, u.tenant_id, u.enabled, u.total_vcpu))
return utils.send_result(
201, req,
config.SERVICE.create_user_bill(utils.get_auth_token(req), u))
def create_tenant(self, req):
tenant = utils.get_normalized_request_content(tenants.Tenant, req)
return utils.send_result(201, req,
service.create_tenant(utils.get_auth_token(req), tenant))
def update_tenant(self, req, tenant_id):
tenant = utils.get_normalized_request_content(Tenant, req)
rval = self.identity_service.update_tenant(utils.get_auth_token(req),
tenant_id, tenant)
return utils.send_result(200, req, rval)
def create_service(self, req):
service = utils.get_normalized_request_content(Service, req)
return utils.send_result(
201, req,
config.SERVICE.create_service(utils.get_auth_token(req), service))
def add_endpoint_to_tenant(self, req, tenant_id):
endpoint = utils.get_normalized_request_content(EndpointTemplate, req)
return utils.send_result(201, req,
config.SERVICE.create_endpoint_for_tenant(
utils.get_auth_token(req), tenant_id, endpoint, get_url(req)))
def create_role(self, req):
role = utils.get_normalized_request_content(Role, req)
return utils.send_result(201, req,
config.SERVICE.create_role(utils.get_auth_token(req), role))
def create_role(self, req):
role = utils.get_normalized_request_content(roles.Role, req)
return utils.send_result(201, req,
service.create_role(utils.get_auth_token(req),
role))
def authenticate_s3(self, req):
creds = utils.get_normalized_request_content(auth.S3Credentials, req)
return utils.send_result(200, req,
config.SERVICE.authenticate_s3(creds))
def authenticate_ec2(self, req):
creds = utils.get_normalized_request_content(auth.Ec2Credentials, req)
return utils.send_result(200, req,
self.identity_service.authenticate_ec2(creds))
def update_tenant(self, req, tenant_id):
tenant = utils.get_normalized_request_content(Tenant, req)
rval = config.SERVICE.update_tenant(utils.get_auth_token(req),
tenant_id, tenant)
return utils.send_result(200, req, rval)
def create_tenant(self, req):
tenant = utils.get_normalized_request_content(Tenant, req)
return utils.send_result(
201, req,
config.SERVICE.create_tenant(utils.get_auth_token(req), tenant))
def create_user(self, req):
user = utils.get_normalized_request_content(users.User, req)
return utils.send_result(201, req,
service.create_user(utils.get_auth_token(req), \
user))
def create_group(self, req):
group = utils.get_normalized_request_content(tenants.GlobalGroup, req)
return utils.send_result(201, req,
service.create_global_group(utils.get_auth_token(req),
group))
def update_password_credential(self, req, user_id):
credential = utils.get_normalized_request_content(
PasswordCredentials, req)
credential = self.identity_service.update_password_credentials(
utils.get_auth_token(req), user_id, credential)
return utils.send_result(200, req, credential)
def create_user(self, req):
u = utils.get_normalized_request_content(User, req)
return utils.send_result(
201, req,
self.identity_service.create_user(utils.get_auth_token(req), u))
def authenticate(self, req):
creds = utils.get_normalized_request_content(
auth.PasswordCredentials, req)
return utils.send_result(200, req, config.SERVICE.authenticate(creds))
def create_role(self, req):
role = utils.get_normalized_request_content(Role, req)
return utils.send_result(
201, req,
config.SERVICE.create_role(utils.get_auth_token(req), role))
def set_user_enabled(self, req, user_id):
user = utils.get_normalized_request_content(User_Update, req)
rval = self.identity_service.enable_disable_user(
utils.get_auth_token(req), user_id, user)
return utils.send_result(200, req, rval)
def update_group(self, req, group_id):
group = utils.get_normalized_request_content(GlobalGroup, req)
rval = config.SERVICE.update_global_group(
utils.get_auth_token(req), group_id, group)
return utils.send_result(200, req, rval)
def add_endpoint_to_tenant(self, req, tenant_id):
endpoint = utils.get_normalized_request_content(EndpointTemplate, req)
return utils.send_result(
201, req,
self.identity_service.create_endpoint_for_tenant(
utils.get_auth_token(req), tenant_id, endpoint))
def create_user(self, req):
u = utils.get_normalized_request_content(User, req)
return utils.send_result(201, req, self.identity_service.create_user(
utils.get_auth_token(req), u))
def update_password_credential(self, req, user_id):
credential = utils.get_normalized_request_content(
PasswordCredentials, req)
credential = self.identity_service.update_password_credentials(
utils.get_auth_token(req), user_id, credential)
return utils.send_result(200, req, credential)
def create_tenant(self, req):
tenant = utils.get_normalized_request_content(Tenant, req)
return utils.send_result(201, req, config.SERVICE.create_tenant(utils.get_auth_token(req), tenant))
def update_tenant(self, req, tenant_id):
tenant = utils.get_normalized_request_content(Tenant, req)
rval = config.SERVICE.update_tenant(utils.get_auth_token(req), tenant_id, tenant)
return utils.send_result(200, req, rval)
def authenticate_ec2(self, req):
creds = utils.get_normalized_request_content(auth.Ec2Credentials, req)
return utils.send_result(200, req,
self.identity_service.authenticate_ec2(creds))
def create_user(self, req):
u = utils.get_normalized_request_content(User, req)
return utils.send_result(
201, req, config.SERVICE.create_user(utils.get_auth_token(req), u))
def create_tenant(self, req):
tenant = utils.get_normalized_request_content(Tenant, req)
return utils.send_result(201, req,
self.identity_service.create_tenant(utils.get_auth_token(req),
tenant))
def update_user_tenant(self, req, user_id):
user = utils.get_normalized_request_content(User_Update, req)
rval = config.SERVICE.set_user_tenant(utils.get_auth_token(req),
user_id, user)
return utils.send_result(200, req, rval)
def authenticate(self, req):
self.request = req
creds = utils.get_normalized_request_content(auth.PasswordCredentials,
req)
return utils.send_result(200, req, service.authenticate(creds))
def create_service(self, req):
service = utils.get_normalized_request_content(Service, req)
return utils.send_result(201, req,
self.identity_service.create_service(utils.get_auth_token(req),
service))
def update_tenant(self, req, tenant_id):
tenant = utils.get_normalized_request_content(tenants.Tenant, req)
rval = service.update_tenant(utils.get_auth_token(req), tenant_id,
tenant)
return utils.send_result(200, req, rval)
def create_user(self, req):
u = utils.get_normalized_request_content(User, req)
return utils.send_result(201, req, config.SERVICE.create_user(
utils.get_auth_token(req), u))
def update_user_tenant(self, req, user_id):
user = utils.get_normalized_request_content(users.User_Update, req)
rval = service.set_user_tenant(utils.get_auth_token(req), user_id,
user)
return utils.send_result(200, req, rval)
def set_user_password(self, req, user_id):
user = utils.get_normalized_request_content(User_Update, req)
rval = config.SERVICE.set_user_password(utils.get_auth_token(req),
user_id, user)
return utils.send_result(200, req, rval)
def update_group(self, req, group_id):
group = utils.get_normalized_request_content(tenants.GlobalGroup, req)
rval = service.update_global_group(utils.get_auth_token(req),
group_id, group)
return utils.send_result(200, req, rval)
def add_endpoint_to_tenant(self, req, tenant_id):
endpoint = utils.get_normalized_request_content(EndpointTemplate, req)
return utils.send_result(
201, req,
config.SERVICE.create_endpoint_for_tenant(
utils.get_auth_token(req), tenant_id, endpoint, get_url(req)))
def add_baseurls_to_tenant(self, req, tenant_id):
baseurl = utils.get_normalized_request_content(baseURLs.BaseURL, req)
return utils.send_result(201, req,
service.create_baseurl_ref_to_tenant(
utils.get_auth_token(req),
tenant_id, baseurl, get_url(req)))
def create_role(self, req):
role = utils.get_normalized_request_content(Role, req)
return utils.send_result(
201, req,
self.identity_service.create_role(utils.get_auth_token(req), role))
def update_user_tenant(self, req, user_id):
user = utils.get_normalized_request_content(User_Update, req)
rval = self.identity_service.set_user_tenant(utils.get_auth_token(req),
user_id, user)
return utils.send_result(200, req, rval)
def add_endpoint_template(self, req):
endpoint_template = utils.get_normalized_request_content(
EndpointTemplate, req)
return utils.send_result(201, req,
config.SERVICE.add_endpoint_template(utils.get_auth_token(req),
endpoint_template))
def create_role_ref(self, req, user_id):
roleRef = utils.get_normalized_request_content(RoleRef, req)
return utils.send_result(201, req, config.SERVICE.create_role_ref(
utils.get_auth_token(req), user_id, roleRef))
def create_role_ref(self, req, user_id):
roleRef = utils.get_normalized_request_content(RoleRef, req)
return utils.send_result(
201, req,
config.SERVICE.create_role_ref(utils.get_auth_token(req), user_id,
roleRef))
