def authenticate(self, req): credential_type = utils.detect_credential_type(req) if credential_type == "passwordCredentials": auth_with_credentials = utils.get_normalized_request_content( auth.AuthWithPasswordCredentials, req) result = self.identity_service.authenticate( auth_with_credentials) return utils.send_result(200, req, result) elif credential_type == "token": unscoped = utils.get_normalized_request_content( auth.AuthWithUnscopedToken, req) result = self.identity_service.\ authenticate_with_unscoped_token(unscoped) return utils.send_result(200, req, result) elif credential_type == "OS-KSEC2:ec2Credentials": return self._authenticate_ec2(req) elif credential_type == "OS-KSS3:s3Credentials": return self._authenticate_s3(req) elif credential_type in ["ec2Credentials", "OS-KSEC2-ec2Credentials"]: logger.warning('Received EC2 credentials in %s format. Processing ' 'may fail. Update the client code sending this ' 'format' % credential_type) return self._authenticate_ec2(req) else: raise fault.BadRequestFault("Invalid credentials %s" % credential_type)
def get_services(self, req): service_name = req.GET["name"] if "name" in req.GET else None if service_name: tenant = self.identity_service.get_service_by_name( utils.get_auth_token(req), service_name) return utils.send_result(200, req, tenant) else: marker, limit, url = self.get_marker_limit_and_url(req) services = self.identity_service.get_services( utils.get_auth_token(req), marker, limit, url) return utils.send_result(200, req, services)
def get_roles(self, req): role_name = req.GET["name"] if "name" in req.GET else None if role_name: tenant = config.SERVICE.get_role_by_name( utils.get_auth_token(req), role_name) return utils.send_result(200, req, tenant) else: marker, limit, url = get_marker_limit_and_url(req) roles = config.SERVICE.get_roles( utils.get_auth_token(req), marker, limit, url) return utils.send_result(200, req, roles)
def get_users(self, req): user_name = req.GET["name"] if "name" in req.GET else None if user_name: tenant = self.identity_service.get_user_by_name( utils.get_auth_token(req), user_name) return utils.send_result(200, req, tenant) else: marker, limit, url = self.get_marker_limit_and_url(req) users = self.identity_service.get_users(utils.get_auth_token(req), marker, limit, url) return utils.send_result(200, req, users)
def __get_all_roles(self, req): service_id = req.GET["serviceId"] if "serviceId" in req.GET else None marker, limit, url = self.get_marker_limit_and_url(req) if service_id: roles = self.identity_service.get_roles_by_service( utils.get_auth_token(req), marker, limit, url, service_id) return utils.send_result(200, req, roles) else: roles = self.identity_service.get_roles(utils.get_auth_token(req), marker, limit, url) return utils.send_result(200, req, roles)
def get_tenants(self, req): tenant_name = req.GET["name"] if "name" in req.GET else None if tenant_name: tenant = self.identity_service.get_tenant_by_name(utils.get_auth_token(req), tenant_name) return utils.send_result(200, req, tenant) else: marker, limit, url = self.get_marker_limit_and_url(req) tenants = self.identity_service.get_tenants( utils.get_auth_token(req), marker, limit, url, self.is_service_operation ) return utils.send_result(200, req, tenants)
def __get_all_roles(self, req): service_id = req.GET["serviceId"] if "serviceId" in req.GET else None marker, limit, url = self.get_marker_limit_and_url(req) if service_id: roles = self.identity_service.get_roles_by_service( utils.get_auth_token(req), marker, limit, url, service_id) return utils.send_result(200, req, roles) else: roles = self.identity_service.get_roles( utils.get_auth_token(req), marker, limit, url) return utils.send_result(200, req, roles)
def get_tenants(self, req): tenant_name = req.GET["name"] if "name" in req.GET else None if tenant_name: tenant = self.identity_service.get_tenant_by_name( utils.get_auth_token(req), tenant_name) return utils.send_result(200, req, tenant) else: marker, limit, url = self.get_marker_limit_and_url(req) tenants = self.identity_service.get_tenants( utils.get_auth_token(req), marker, limit, url, self.is_service_operation) return utils.send_result(200, req, tenants)
def __call__(self, env, start_response): """ Handle incoming request. Transform. And send downstream. """ request = Request(env) if 'KEYSTONE_API_VERSION' in env and \ env['KEYSTONE_API_VERSION'] == '2.0': if request.path.startswith("/tokens"): is_d5_request = False if request.method == "POST": try: auth_with_credentials = \ utils.get_normalized_request_content( D5AuthWithPasswordCredentials, request) # Convert request body to Diablo syntax if request.content_type == "application/xml": request.body = auth_with_credentials.to_xml() else: request.body = auth_with_credentials.to_json() is_d5_request = True except: pass if is_d5_request: response = request.get_response(self.app) #Handle failures. if not str(response.status).startswith('20'): return response(env, start_response) auth_data = utils.get_normalized_request_content( D5toDiabloAuthData, response) resp = utils.send_result(response.status_int, request, auth_data) return resp(env, start_response) else: # Pass through return self.app(env, start_response) elif request.method == "GET": if request.path.endswith("/endpoints"): # Pass through return self.app(env, start_response) else: response = request.get_response(self.app) #Handle failures. if not str(response.status).startswith('20'): return response(env, start_response) validate_data = utils.get_normalized_request_content( D5ValidateData, response) resp = utils.send_result(response.status_int, request, validate_data) return resp(env, start_response) # All other calls pass to downstream WSGI component return self.app(env, start_response)
def delete_token(self, req, token_id): if CONF.disable_tokens_in_url: fault.ServiceUnavailableFault() else: return utils.send_result(204, req, self.identity_service.revoke_token( utils.get_auth_token(req), token_id))
def check_token(self, req, token_id): """Validates the token, but only returns a status code (HEAD)""" if CONF.disable_tokens_in_url: fault.ServiceUnavailableFault() else: self._validate_token(req, token_id) return utils.send_result(200, req)
def validate_token(self, req, token_id): belongs_to = req.GET.get("belongsTo", None) rval = config.SERVICE.validate_token( utils.get_auth_token(req), token_id, belongs_to) return utils.send_result(200, req, rval)
def add_endpoint_template(self, req): endpoint_template = utils.get_normalized_request_content( EndpointTemplate, req) return utils.send_result( 201, req, config.SERVICE.add_endpoint_template(utils.get_auth_token(req), endpoint_template))
def modify_endpoint_template(self, req, endpoint_template_id): endpoint_template = utils.\ get_normalized_request_content(EndpointTemplate, req) return utils.send_result(201, req, config.SERVICE.modify_endpoint_template(\ utils.get_auth_token(req), endpoint_template_id, endpoint_template))
def get_billunit(self, req, biller_date): billunit = config.SERVICE.get_bill_unit(biller_date) LOG.info( 'keystone controller biller py get_billunit billunit id:%d vcpu:%d ram:%d vdisk: %d date: %s changed_on: %s enabled:%d' % (billunit.id, billunit.vcpu, billunit.ram, billunit.vdisk, billunit.date, billunit.changed_on, billunit.enabled)) return utils.send_result(200, req, billunit)
def modify_endpoint_template(self, req, endpoint_template_id): endpoint_template = utils.\ get_normalized_request_content(EndpointTemplate, req) return utils.send_result(201, req, self.identity_service.modify_endpoint_template(\ utils.get_auth_token(req), endpoint_template_id, endpoint_template))
def add_endpoint_template(self, req): endpoint_template = utils.get_normalized_request_content( EndpointTemplate, req) return utils.send_result( 201, req, self.identity_service.add_endpoint_template( utils.get_auth_token(req), endpoint_template))
def authenticate_ec2(self, req): self.request = req creds = utils.get_normalized_request_content( auth.Ec2Credentials, req) return utils.send_result(200, req, config.SERVICE.authenticate_ec2(creds))
def validate_token(self, req, token_id): belongs_to = None if "belongsTo" in req.GET: belongs_to = req.GET["belongsTo"] rval = service.validate_token(utils.get_auth_token(req), token_id, belongs_to) return utils.send_result(200, req, rval)
def test_send_result_json(self): self.request.headers["Accept"] = "application/json" response = utils.send_result(200, self.request, self.auth_data); self.assertTrue(response.headers['content-type'] == "application/json; charset=UTF-8") dict = json.loads(response.unicode_body) self.assertTrue(dict['auth']['user']['username'], 'username'); self.assertTrue(dict['auth']['user']['tenantId'], '12345'); self.assertTrue(dict['auth']['token']['id'], '2231312'); self.assertTrue(dict['auth']['token']['expires'], date.today());
def endpoints(self, req, token_id): if CONF.disable_tokens_in_url: fault.ServiceUnavailableFault() else: marker, limit, url = self.get_marker_limit_and_url(req) return utils.send_result(200, req, self.identity_service.get_endpoints_for_token( utils.get_auth_token(req), token_id, marker, limit, url))
def test_send_result_json(self): self.request.headers["Accept"] = "application/json" response = utils.send_result(200, self.request, self.auth_data) self.assertTrue(response.headers["content-type"] == "application/json; charset=UTF-8") dict = json.loads(response.unicode_body) self.assertTrue(dict["auth"]["user"]["id"], "id") self.assertTrue(dict["auth"]["user"]["username"], "username") self.assertTrue(dict["auth"]["user"]["tenantId"], "12345") self.assertTrue(dict["auth"]["token"]["id"], "2231312") self.assertTrue(dict["auth"]["token"]["expires"], datetime.date.today())
def get_endpoint_templates(self, req): marker, limit, url = self.get_marker_limit_and_url(req) service_id = req.GET["serviceId"] if "serviceId" in req.GET else None if service_id: endpoint_templates = self.identity_service.\ get_endpoint_templates_by_service( utils.get_auth_token(req), service_id, marker, limit, url) else: endpoint_templates = self.identity_service.get_endpoint_templates( utils.get_auth_token(req), marker, limit, url) return utils.send_result(200, req, endpoint_templates)
def create_user_bill(self, req): LOG.info( 'Before get_normalization Creating creat_instance_bill (self, req,) controller.biller.py' ) u = utils.get_normalized_request_content(User_Bill, req) LOG.info( 'Creating creat_instacne (self, req,) controller.biller.py id :%s : name: %s |enable:%s cpu:%s' % (u.id, u.tenant_id, u.enabled, u.total_vcpu)) return utils.send_result( 201, req, config.SERVICE.create_user_bill(utils.get_auth_token(req), u))
def create_billunit(self, req): LOG.info( 'Before get_normalization Creating creat_billunit (self, req,) controller.biller.py' ) u = utils.get_normalized_request_content(Bill_Unit, req) LOG.info( 'Creating creat_billunit (self, req,) controller.biller.py :date: %s |enable:%s cpu:%s' % (u.date, u.enabled, u.vcpu)) return utils.send_result( 201, req, config.SERVICE.create_bill_unit(utils.get_auth_token(req), u))
def authenticate(self, req): try: auth_with_credentials = utils.get_normalized_request_content( auth.AuthWithPasswordCredentials, req) result = config.SERVICE.authenticate(auth_with_credentials) except fault.BadRequestFault: unscoped = utils.get_normalized_request_content( auth.AuthWithUnscopedToken, req) result = config.SERVICE.authenticate_with_unscoped_token(unscoped) return utils.send_result(200, req, result)
def test_send_result_json(self): self.request.headers["Accept"] = "application/json" response = utils.send_result(200, self.request, self.auth_data) self.assertTrue(response.headers['content-type'] == "application/json; charset=UTF-8") dict = json.loads(response.unicode_body) self.assertTrue(dict['access']['user']['id'], 'id') self.assertTrue(dict['access']['user']['username'], 'username') self.assertTrue(dict['access']['user']['tenantId'], '12345') self.assertTrue(dict['access']['token']['id'], '2231312') self.assertTrue(dict['access']['token']['expires'], datetime.date.today())
def test_send_result_xml(self): self.request.headers["Accept"] = "application/xml" response = utils.send_result(200, self.request, self.auth_data); self.assertTrue(response.headers['content-type'] == "application/xml; charset=UTF-8") xml = etree.fromstring(response.unicode_body) user = xml.find("{http://docs.openstack.org/identity/api/v2.0}user") token = xml.find("{http://docs.openstack.org/identity/api/v2.0}token") self.assertTrue(user.get("username"), "username") self.assertTrue(user.get("tenantId"), '12345'); self.assertTrue(token.get("id"), '2231312'); self.assertTrue(token.get("expires"), date.today());
def test_send_result_xml(self): self.request.headers["Accept"] = "application/xml" response = utils.send_result(200, self.request, self.auth_data) self.assertTrue(response.headers['content-type'] == "application/xml; charset=UTF-8") xml = etree.fromstring(response.unicode_body) user = xml.find("{http://docs.openstack.org/identity/api/v2.0}user") token = xml.find("{http://docs.openstack.org/identity/api/v2.0}token") self.assertTrue(user.get("username"), "username") self.assertTrue(user.get("id"), "id") self.assertTrue(user.get("tenantId"), '12345') self.assertTrue(token.get("id"), '2231312') self.assertTrue(token.get("expires"), datetime.date.today())
def get_tenant_users(self, req, tenant_id): marker = None if "marker" in req.GET: marker = req.GET["marker"] if "limit" in req.GET: limit = req.GET["limit"] else: limit = 10 url = "%s://%s:%s%s" % ( req.environ["wsgi.url_scheme"], req.environ.get("SERVER_NAME"), req.environ.get("SERVER_PORT"), req.environ["PATH_INFO"], ) users = service.get_tenant_users(utils.get_auth_token(req), tenant_id, marker, limit, url) return utils.send_result(200, req, users)
def authenticate(self, req): try: auth_with_credentials = utils.get_normalized_request_content( auth.AuthWithPasswordCredentials, req) result = self.identity_service.authenticate(auth_with_credentials) except fault.BadRequestFault as e1: try: unscoped = utils.get_normalized_request_content( auth.AuthWithUnscopedToken, req) result = self.identity_service.\ authenticate_with_unscoped_token(unscoped) except fault.BadRequestFault as e2: if e1.msg == e2.msg: raise e1 else: raise fault.BadRequestFault(e1.msg + ' or ' + e2.msg) return utils.send_result(200, req, result)
def authenticate(self, req): try: auth_with_credentials = utils.get_normalized_request_content( auth.AuthWithPasswordCredentials, req) result = config.SERVICE.authenticate(auth_with_credentials) except fault.BadRequestFault as e1: try: unscoped = utils.get_normalized_request_content( auth.AuthWithUnscopedToken, req) result = config.SERVICE.authenticate_with_unscoped_token( unscoped) except fault.BadRequestFault as e2: if e1.msg == e2.msg: raise e1 else: raise fault.BadRequestFault(e1.msg + ' or ' + e2.msg) return utils.send_result(200, req, result)
def delete_user(self, req, user_id): rval = self.identity_service.delete_user(utils.get_auth_token(req), user_id) return utils.send_result(204, req, rval)
def add_role_to_user(self, req, user_id, role_id, tenant_id=None): self.identity_service.add_role_to_user(utils.get_auth_token(req), user_id, role_id, tenant_id) return utils.send_result(201, None)
def get_user(self, req, user_id): user = self.identity_service.get_user(utils.get_auth_token(req), user_id) return utils.send_result(200, req, user)
def remove_baseurls_from_tenant(self, req, tenant_id, baseurls_ref_id): rval = service.delete_baseurls_ref(utils.get_auth_token(req), baseurls_ref_id) return utils.send_result(204, req, rval)
def create_user(self, req): u = utils.get_normalized_request_content(User, req) return utils.send_result( 201, req, self.identity_service.create_user(utils.get_auth_token(req), u))
def get_user_roles(self, req, user_id, tenant_id=None): marker, limit, url = self.get_marker_limit_and_url(req) roles = self.identity_service.get_user_roles(utils.get_auth_token(req), marker, limit, url, user_id, tenant_id) return utils.send_result(200, req, roles)
def add_baseurls_to_tenant(self, req, tenant_id): baseurl = utils.get_normalized_request_content(baseURLs.BaseURL, req) return utils.send_result(201, req, service.create_baseurl_ref_to_tenant( utils.get_auth_token(req), tenant_id, baseurl, get_url(req)))
def delete_tenant(self, req, tenant_id): rval = self.identity_service.delete_tenant(utils.get_auth_token(req), tenant_id) return utils.send_result(204, req, rval)
def get_baseurl(self, req, baseURLId): baseurl = service.get_baseurl(utils.get_auth_token(req), baseURLId) return utils.send_result(200, req, baseurl)
def delete_role_ref(self, req, user_id, role_ref_id): rval = config.SERVICE.delete_role_ref(utils.get_auth_token(req), role_ref_id) return utils.send_result(204, req, rval)
def get_role(self, req, role_id): role = self.identity_service.get_role(utils.get_auth_token(req), role_id) return utils.send_result(200, req, role)
def create_role_ref(self, req, user_id): roleRef = utils.get_normalized_request_content(RoleRef, req) return utils.send_result(201, req, config.SERVICE.create_role_ref( utils.get_auth_token(req), user_id, roleRef))
def create_role(self, req): role = utils.get_normalized_request_content(Role, req) return utils.send_result(201, req, config.SERVICE.create_role(utils.get_auth_token(req), role))
def delete_role_from_user(self, req, user_id, role_id, tenant_id=None): self.identity_service.remove_role_from_user(utils.get_auth_token(req), user_id, role_id, tenant_id) return utils.send_result(204, req, None)
def update_user_tenant(self, req, user_id): user = utils.get_normalized_request_content(User_Update, req) rval = self.identity_service.set_user_tenant(utils.get_auth_token(req), user_id, user) return utils.send_result(200, req, rval)
def get_baseurls_for_tenant(self, req, tenant_id): marker, limit, url = get_marker_limit_and_url(req) baseURLRefs = service.get_tenant_baseURLs(utils.get_auth_token(req), marker, limit, url, tenant_id) return utils.send_result(200, req, baseURLRefs)
def get_tenant_users(self, req, tenant_id): marker, limit, url = self.get_marker_limit_and_url(req) role_id = req.GET["roleId"] if "roleId" in req.GET else None users = self.identity_service.get_tenant_users( utils.get_auth_token(req), tenant_id, role_id, marker, limit, url) return utils.send_result(200, req, users)
def get_token_by_eppn(self, req, eppn): auth = config.SERVICE.get_token_by_eppn(utils.get_auth_token(req), eppn) return utils.send_result(200, req, auth)
def get_role(self, req, role_id): role = config.SERVICE.get_role(utils.get_auth_token(req), role_id) return utils.send_result(200, req, role)
def create_tenant(self, req): tenant = utils.get_normalized_request_content(Tenant, req) return utils.send_result(201, req, self.identity_service.create_tenant(utils.get_auth_token(req), tenant))
def get_role_refs(self, req, user_id): marker, limit, url = get_marker_limit_and_url(req) roleRefs = config.SERVICE.get_user_roles( utils.get_auth_token(req), marker, limit, url, user_id) return utils.send_result(200, req, roleRefs)
def get_tenant(self, req, tenant_id): tenant = self.identity_service.get_tenant(utils.get_auth_token(req), tenant_id) return utils.send_result(200, req, tenant)
def get_extensions_info(self, req): return utils.send_result(200, req, self.extension_reader.get_extensions())
def update_tenant(self, req, tenant_id): tenant = utils.get_normalized_request_content(Tenant, req) rval = self.identity_service.update_tenant(utils.get_auth_token(req), tenant_id, tenant) return utils.send_result(200, req, rval)