Пример #1
0
 def __call__(self, env, start_response):
     """Authenticate incoming request."""
     username = env.get('HTTP_X_AUTH_USER')
     password = env.get('HTTP_X_AUTH_KEY')
     # Determine tenant id from path.
     # tenant = env.get('PATH_INFO').split('/')[1]
     # FIXME tenant is user
     tenant = username
     auth_url = env.get('HTTP_X_AUTH_URL')
     if not tenant:
         return self._reject_request(env, start_response, auth_url)
     try:
         ctx = context.RequestContext(
             username=username,
             password=password,
             tenant=tenant,
             auth_url=auth_url,
             is_admin=False
         )
         auth_ref = ctx.auth_plugin.get_access(self.session)
     except (keystone_exceptions.Unauthorized,
             keystone_exceptions.Forbidden,
             keystone_exceptions.NotFound,
             keystone_exceptions.AuthorizationFailure):
         LOG.error(_LE("Context build failed"))
         return self._reject_request(env, start_response, auth_url)
     env.update(self._build_user_headers(auth_ref))
     return self.app(env, start_response)
Пример #2
0
 def __init__(self, url=CONF.clients_docker.url):
     self._url = url
     self.container = None
     try:
         self.dc = DC(base_url=self._url)
     except DockerException as e:
         LOG.error(_LE("Docker client error: %s") % e)
         raise e
Пример #3
0
    def _create_auth_plugin(self):
        if self.trust_id:
            importutils.import_module('keystonemiddleware.auth_token')
            username = CONF.keystone_authtoken.admin_user
            password = CONF.keystone_authtoken.admin_password

            return v3.Password(username=username,
                               password=password,
                               user_domain_id='default',
                               auth_url=self._keystone_v3_endpoint,
                               trust_id=self.trust_id)

        if self.auth_token_info:
            auth_ref = access.AccessInfo.factory(body=self.auth_token_info,
                                                 auth_token=self.auth_token)
            return access_plugin.AccessInfoPlugin(
                auth_url=self._keystone_v3_endpoint,
                auth_ref=auth_ref)

        if self.auth_token:
            # FIXME(jamielennox): This is broken but consistent. If you
            # only have a token but don't load a service catalog then
            # url_for wont work. Stub with the keystone endpoint so at
            # least it might be right.
            return token_endpoint.Token(
                endpoint=self._keystone_v3_endpoint,
                token=self.auth_token
            )

        if self.password:
            return v3.Password(
                username=self.username,
                password=self.password,
                project_name=self.tenant,
                project_id=self.tenant_id,
                user_domain_id='default',
                project_domain_id='default',
                auth_url=self._keystone_v3_endpoint
            )
        LOG.error(
            _LE("Keystone v3 API connection failed, no password "
                "trust or auth_token!")
        )
        raise exception.AuthorizationFailure()