def _confirm_token_not_expired(self, data):
if not data:
raise InvalidUserToken('Token authorization failed')
if self._token_is_v2(data):
timestamp = data['access']['token']['expires']
elif self._token_is_v3(data):
timestamp = data['token']['expires_at']
else:
raise InvalidUserToken('Token authorization failed')
expires = timeutils.parse_isotime(timestamp).strftime('%s')
if time.time() >= float(expires):
self.LOG.debug('Token expired a %s', timestamp)
raise InvalidUserToken('Token authorization failed')
return expires
def _confirm_token_not_expired(self, data):
if not data:
raise InvalidUserToken('Token authorization failed')
if self._token_is_v2(data):
timestamp = data['access']['token']['expires']
elif self._token_is_v3(data):
timestamp = data['token']['expires_at']
else:
raise InvalidUserToken('Token authorization failed')
expires = timeutils.parse_isotime(timestamp).strftime('%s')
if time.time() >= float(expires):
self.LOG.debug('Token expired a %s', timestamp)
raise InvalidUserToken('Token authorization failed')
return expires
def _request_admin_token(self):
"""Retrieve new token as admin user from monitor.
:return token id upon success
:raises ServerError when unable to communicate with monitor
Irrespective of the auth version we are going to use for the
user token, for simplicity we always use a v2 admin token to
validate the user token.
"""
params = {
'auth': {
'passwordCredentials': {
'username': self.admin_user,
'password': self.admin_password,
},
'tenantName': self.admin_tenant_name,
}
}
response, data = self._json_request('POST',
'/v2.0/tokens',
body=params)
try:
token = data['access']['token']['id']
expiry = data['access']['token']['expires']
assert token
assert expiry
datetime_expiry = timeutils.parse_isotime(expiry)
return (token, timeutils.normalize_time(datetime_expiry))
except (AssertionError, KeyError):
self.LOG.warn(
"Unexpected response from monitor service: %s", data)
raise ServiceError('invalid json response')
except (ValueError):
self.LOG.warn(
"Unable to parse expiration time from token: %s", data)
raise ServiceError('invalid json response')
def _request_admin_token(self):
"""Retrieve new token as admin user from monitor.
:return token id upon success
:raises ServerError when unable to communicate with monitor
Irrespective of the auth version we are going to use for the
user token, for simplicity we always use a v2 admin token to
validate the user token.
"""
params = {
'auth': {
'passwordCredentials': {
'username': self.admin_user,
'password': self.admin_password,
},
'tenantName': self.admin_tenant_name,
}
}
response, data = self._json_request('POST',
'/v2.0/tokens',
body=params)
try:
token = data['access']['token']['id']
expiry = data['access']['token']['expires']
assert token
assert expiry
datetime_expiry = timeutils.parse_isotime(expiry)
return (token, timeutils.normalize_time(datetime_expiry))
except (AssertionError, KeyError):
self.LOG.warn("Unexpected response from monitor service: %s", data)
raise ServiceError('invalid json response')
except (ValueError):
self.LOG.warn("Unable to parse expiration time from token: %s",
data)
raise ServiceError('invalid json response')
