def _wrap(*args, **kwargs): if X_AUTH_TOKEN_HEADER not in request.headers: # Unauthorized logger_api.error("No token in header") abort(httplib.UNAUTHORIZED) else: logger_api.info("Checking token: {}...".format(request.headers[X_AUTH_TOKEN_HEADER])) try: token = validate_token(access_token=request.headers[X_AUTH_TOKEN_HEADER]) except Exception as excep: # The exception could be a json message for the application # or text message for the keystone client components. try: data = json.loads(excep.message) abort(data['error']['code'], excep.message) except ValueError: message = { "error": { "message": error_message(excep.message), "code": httplib.BAD_REQUEST } } abort(httplib.BAD_REQUEST, message) kwargs['token'] = token return func(*args, **kwargs)
def _wrap(*args, **kwargs): if X_AUTH_TOKEN_HEADER not in request.headers: # Unauthorized logger_api.error("No token in header") abort(httplib.UNAUTHORIZED) else: logger_api.info("Checking token: {}...".format( request.headers[X_AUTH_TOKEN_HEADER])) try: token = validate_token( access_token=request.headers[X_AUTH_TOKEN_HEADER]) except Exception as excep: # The exception could be a json message for the application # or text message for the keystone client components. try: data = json.loads(excep.message) abort(data['error']['code'], excep.message) except ValueError: message = { "error": { "message": error_message(excep.message), "code": httplib.BAD_REQUEST } } abort(httplib.BAD_REQUEST, message) kwargs['token'] = token return func(*args, **kwargs)
def get_auth_token(self, username, password, tenant_id, **kwargs): """ Init the variables related to authorization, needed to execute tests. :param username: The admin user name. :param password: The admin passwrod. :param tenant_id: The id of the tenant. :param kwargs: Any other (key,value) parameters passed to the method. :return: The auth token retrieved. """ if AuthorizationManager.auth_token is None: # Get new auth token cred_kwargs = { 'auth_url': self.identity_url, 'username': username, 'password': password } # Currently, both v2 and v3 Identity API versions are supported if self.api_version == AUTH_API_V2: cred_kwargs['tenant_name'] = kwargs.get('tenant_name') elif self.api_version == AUTH_API_V3: cred_kwargs['user_domain_name'] = kwargs.get( 'user_domain_name') # Instantiate a Password object try: identity_package = 'keystoneclient.auth.identity.%s' % self.api_version.replace( '.0', '') identity_module = __import__(identity_package, fromlist=['Password']) password_class = getattr(identity_module, 'Password') logger_api.debug("Authentication with %s", password_class) credentials = password_class(**cred_kwargs) except (ImportError, AttributeError) as e: raise e # Get auth token logger_api.debug("Getting auth token for tenant '%s'...", tenant_id) try: auth_sess = self.session.Session( auth=credentials, timeout=DEFAULT_REQUEST_TIMEOUT) AuthorizationManager.auth_token = auth_sess.get_token() logger_api.debug("Admin token generated:" + self.auth_token) except (KeystoneClientException, KeystoneConnectionRefused) as e: logger_api.error("No auth token (%s)", e.message) raise e return AuthorizationManager.auth_token
def get_auth_token(self, username, password, tenant_id, **kwargs): """ Init the variables related to authorization, needed to execute tests. :param username: The admin user name. :param password: The admin passwrod. :param tenant_id: The id of the tenant. :param kwargs: Any other (key,value) parameters passed to the method. :return: The auth token retrieved. """ if AuthorizationManager.auth_token is None: # Get new auth token cred_kwargs = { 'auth_url': self.identity_url, 'username': username, 'password': password } # Currently, both v2 and v3 Identity API versions are supported if self.api_version == AUTH_API_V2: cred_kwargs['tenant_name'] = kwargs.get('tenant_name') elif self.api_version == AUTH_API_V3: cred_kwargs['user_domain_name'] = kwargs.get('user_domain_name') # Instantiate a Password object try: identity_package = 'keystoneclient.auth.identity.%s' % self.api_version.replace('.0', '') identity_module = __import__(identity_package, fromlist=['Password']) password_class = getattr(identity_module, 'Password') logger_api.debug("Authentication with %s", password_class) credentials = password_class(**cred_kwargs) except (ImportError, AttributeError) as e: raise e # Get auth token logger_api.debug("Getting auth token for tenant '%s'...", tenant_id) try: auth_sess = self.session.Session(auth=credentials, timeout=DEFAULT_REQUEST_TIMEOUT) AuthorizationManager.auth_token = auth_sess.get_token() logger_api.debug("Admin token generated:" + self.auth_token) except (KeystoneClientException, KeystoneConnectionRefused) as e: logger_api.error("No auth token (%s)", e.message) raise e return AuthorizationManager.auth_token
def check_token(self, admin_token, token): """ Checks if a token is valid against a url using an admin token. :param admin_token: The admin token to check the token. :param token: The token to be validated. :return: The result of the validation or error if something was wrong. """ logger_api.info("Starting Authentication of token %s ", token) try: if not token: raise Unauthorized("Token is empty") auth_result = self.get_info_token(admin_token, token) # Here we should check that the tenant id is the id of the project that we want to check return auth_result except Unauthorized as unauth: logger_api.error(unauth) raise unauth except InternalServerError as internalError: logger_api.error("%s", internalError.message) raise AuthorizationFailure( "Token could not have enough permissions to access tenant") except Exception as ex: logger_api.error("%s", ex.message) raise ex
def check_token(self, admin_token, token): """ Checks if a token is valid against a url using an admin token. :param admin_token: The admin token to check the token. :param token: The token to be validated. :return: The result of the validation or error if something was wrong. """ logger_api.info("Starting Authentication of token %s ", token) try: if not token: raise Unauthorized("Token is empty") auth_result = self.get_info_token(admin_token, token) # Here we should check that the tenant id is the id of the project that we want to check return auth_result except Unauthorized as unauth: logger_api.error(unauth) raise unauth except InternalServerError as internalError: logger_api.error("%s", internalError.message) raise AuthorizationFailure("Token could not have enough permissions to access tenant") except Exception as ex: logger_api.error("%s", ex.message) raise ex