def __init__(self, context, auth_payload): self.identity_api = identity.Manager() self.context = context self.user_id = None self.password = None self.user_ref = None self._validate_and_normalize_auth_data(auth_payload)
def initialize_drivers(): DRIVERS['catalog_api'] = catalog.Manager() DRIVERS['identity_api'] = identity.Manager() DRIVERS['policy_api'] = policy.Manager() DRIVERS['token_api'] = token.Manager() DRIVERS['trust_api'] = trust.Manager() return DRIVERS
def setUp(self): super(SqlTests, self).setUp() self.config([ test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_sql.conf') ]) # initialize managers and override drivers self.catalog_man = catalog.Manager() self.identity_man = identity.Manager() self.token_man = token.Manager() self.trust_man = trust.Manager() self.policy_man = policy.Manager() # create tables and keep an engine reference for cleanup. # this must be done after the models are loaded by the managers. self.engine = self.get_engine() sql.ModelBase.metadata.create_all(bind=self.engine) # create shortcut references to each driver self.catalog_api = self.catalog_man.driver self.identity_api = self.identity_man.driver self.token_api = self.token_man.driver self.policy_api = self.policy_man.driver self.trust_api = self.trust_man.driver # populate the engine with tables & fixtures self.load_fixtures(default_fixtures) #defaulted by the data load self.user_foo['enabled'] = True
def setUp(self): super(KvsIdentity, self).setUp() identity.CONF.identity.driver = \ 'keystone.identity.backends.kvs.Identity' self.identity_man = identity.Manager() self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures)
def setUp(self): super(SqlTests, self).setUp() self.config([ test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_sql.conf') ]) # initialize managers and override drivers self.catalog_man = catalog.Manager() self.identity_man = identity.Manager() self.token_man = token.Manager() self.trust_man = trust.Manager() self.policy_man = policy.Manager() # create shortcut references to each driver self.catalog_api = self.catalog_man.driver self.identity_api = self.identity_man.driver self.token_api = self.token_man.driver self.policy_api = self.policy_man.driver self.trust_api = self.trust_man.driver # populate the engine with tables & fixtures self.load_fixtures(default_fixtures) #defaulted by the data load self.user_foo['enabled'] = True
def setUp(self): super(LDAPIdentity, self).setUp() self._set_config() self.clear_database() self.identity_man = identity.Manager() self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures)
def load_backends(include_oauth1=False): # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so # the identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict( assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), endpoint_filter_api=endpoint_filter.Manager(), identity_api=_IDENTITY_API, policy_api=policy.Manager(), token_api=token.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) if include_oauth1: from keystone.contrib import oauth1 DRIVERS['oauth1_api'] = oauth1.Manager() dependency.resolve_future_dependencies() return DRIVERS
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) # Ensure that the identity driver is created before the assignment manager # and that the assignment driver is created before the resource manager. # The default resource driver depends on assignment, which in turn # depends on identity - hence we need to ensure the chain is available. _IDENTITY_API = identity.Manager() _ASSIGNMENT_API = assignment.Manager() DRIVERS = dict(assignment_api=_ASSIGNMENT_API, catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def load_backends(): # Configure and build the cache cache.configure_cache_region(cache.REGION) # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so # the identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict(assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), endpoint_filter_api=endpoint_filter.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, policy_api=policy.Manager(), token_api=token.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def __init__(self): self.catalog_api = catalog.Manager() self.identity_api = identity.Manager() self.token_api = token.Manager() self.policy_api = policy.Manager() self.ec2_api = Manager() super(Ec2Controller, self).__init__()
def __init__(self, app, **config): # initialization vector self._iv = '\0' * 16 self.default_tenant = CONF.auto_population.default_project self.default_role = CONF.auto_population.default_role self.identity_api = identity.Manager() self.assignment_api = assignment.Manager() self.default_domain_id = CONF.identity.default_domain_id super(AutoPopulation, self).__init__(app)
def setUp(self): super(ImportLegacy, self).setUp() self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_sql.conf'), test.testsdir('backend_sql_disk.conf')]) test.setup_test_database() self.identity_man = identity.Manager() self.identity_api = identity_sql.Identity()
def get_domain_id(name): try: identity.Manager() assignment_manager = assignment.Manager() return assignment_manager.driver.get_domain_by_name(name)['id'] except KeyError: raise ValueError( _("Unknown domain '%(name)s' specified by " "--domain-name") % {'name': name})
def setUp(self): super(KvsTrust, self).setUp() identity.CONF.identity.driver = \ 'keystone.identity.backends.kvs.Identity' self.identity_man = identity.Manager() self.identity_api = self.identity_man.driver self.trust_api = trust_kvs.Trust(db={}) self.catalog_api = catalog_kvs.Catalog(db={}) self.load_fixtures(default_fixtures)
def setUp(self): super(MigrateNovaAuth, self).setUp() self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_sql.conf'), test.testsdir('backend_sql_disk.conf')]) sql_util.setup_test_database() self.identity_man = identity.Manager() self.identity_api = identity_sql.Identity() self.ec2_api = ec2_sql.Ec2()
def get_domain_id(name): try: identity.Manager() # init assignment manager to avoid KeyError in resource.core assignment.Manager() resource_manager = resource.Manager() return resource_manager.driver.get_domain_by_name(name)['id'] except KeyError: raise ValueError(_("Unknown domain '%(name)s' specified by " "--domain-name") % {'name': name})
def __init__(self, context, auth=None): self.identity_api = identity.Manager() self.trust_api = trust.Manager() self.context = context self.auth = auth self._scope_data = (None, None, None) # self._scope_data is (domain_id, project_id, trust_ref) # project scope: (None, project_id, None) # domain scope: (domain_id, None, None) # trust scope: (None, None, trust_ref) # unscoped: (None, None, None) self._validate_and_normalize_auth_data()
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) cache.apply_invalidation_patch( region=catalog.COMPUTED_CATALOG_REGION, region_name=catalog.COMPUTED_CATALOG_REGION.name) cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION) cache.apply_invalidation_patch( region=assignment.COMPUTED_ASSIGNMENTS_REGION, region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name) cache.configure_cache(region=revoke.REVOKE_REGION) cache.apply_invalidation_patch(region=revoke.REVOKE_REGION, region_name=revoke.REVOKE_REGION.name) cache.configure_cache(region=token.provider.TOKENS_REGION) cache.configure_cache(region=identity.ID_MAPPING_REGION) cache.apply_invalidation_patch(region=identity.ID_MAPPING_REGION, region_name=identity.ID_MAPPING_REGION.name) # Ensure that the identity driver is created before the assignment manager # and that the assignment driver is created before the resource manager. # The default resource driver depends on assignment, which in turn # depends on identity - hence we need to ensure the chain is available. # TODO(morganfainberg): In "O" release move _IDENTITY_API to be directly # instantiated in the DRIVERS dict once assignment driver being selected # based upon [identity]/driver is removed. _IDENTITY_API = identity.Manager() _ASSIGNMENT_API = assignment.Manager() DRIVERS = dict( assignment_api=_ASSIGNMENT_API, catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, shadow_users_api=identity.ShadowUsersManager(), oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def __init__(self, identity_api=None): if identity_api is None: from keystone import identity identity_api = identity.Manager(self) assignment_driver = CONF.assignment.driver if assignment_driver is None: assignment_driver = identity_api.default_assignment_driver() super(Manager, self).__init__(assignment_driver) self.driver.identity_api = identity_api self.identity_api = identity_api self.identity_api.assignment_api = self
def setUp(self): super(LDAPIdentityEnabledEmulation, self).setUp() self.config([test.etcdir('keystone.conf.sample'), test.testsdir('test_overrides.conf'), test.testsdir('backend_ldap.conf')]) CONF.ldap.user_enabled_emulation = True CONF.ldap.tenant_enabled_emulation = True self.clear_database() self.identity_man = identity.Manager() self.identity_api = self.identity_man.driver self.load_fixtures(default_fixtures) for obj in [self.tenant_bar, self.tenant_baz, self.user_foo, self.user_two, self.user_badguy]: obj.setdefault('enabled', True)
def __init__(self, app, **config): super(LdapAuthAuthentication, self).__init__(app) # initialization vector self._iv = '\0' * 16 self.identity_api = identity.Manager() self.ldap_config = {} #domain_ref = self.identity_api.get_domain( self.identity_api, DEFAULT_DOMAIN_ID) domain_ref = self.identity_api.get_domain(DEFAULT_DOMAIN_ID) self.default_domain = domain_ref['name'] self.common_ldap_config = CONF.ldap_pre_auth self.log_ldap_config(CONF) if self.common_ldap_config.tls_cacertfile is not None: if not os.path.isfile(self.common_ldap_config.tls_cacertfile): raise IOError("tls_cacertfile %s not found or is not a file" % self.common_ldap_config.tls_cacertfile) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.common_ldap_config.tls_cacertfile) if self.common_ldap_config.tls_cacertdir is not None: if not os.path.isdir(self.common_ldap_config.tls_cacertdir): raise IOError( "tls_cacertdir %s not found or is not a directory" % self.common_ldap_config.tls_cacertdir) ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, self.common_ldap_config.tls_cacertdir) if self.common_ldap_config.tls_req_cert is not None: if self.common_ldap_config.tls_req_cert in LDAP_TLS_CERTS: ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, LDAP_TLS_CERTS[self.common_ldap_config.tls_req_cert]) else: raise ValueError( 'Invalid LDAP TLS certs option: %s\nChoose one of: %s' % (self.common_ldap_config.tls_req_cert, LDAP_TLS_CERTS.keys())) self._validate_ldap_config(self.common_ldap_config) self.domain_specific_drivers_enabled = CONF.ldap_pre_auth.domain_specific_drivers_enabled if self.domain_specific_drivers_enabled: domain_config_dir = self.common_ldap_config.domain_config_dir if not os.path.isdir(domain_config_dir): raise ValueError( 'Domain config directory %s is not a valid path' % domain_config_dir) self._load_domain_config(domain_config_dir) self.non_ldap_users = CONF.ldap_pre_auth.non_ldap_users LOG.debug('Initialization complete')
def import_auth(data): identity_api = identity.Manager() assignment_api = assignment.Manager() tenant_map = _create_projects(assignment_api, data['tenants']) user_map = _create_users(identity_api, data['users']) _create_memberships(assignment_api, data['user_tenant_list'], user_map, tenant_map) role_map = _create_roles(assignment_api, data['roles']) _assign_roles(assignment_api, data['role_user_tenant_list'], role_map, user_map, tenant_map) ec2_api = ec2_sql.Ec2() ec2_creds = data['ec2_credentials'] _create_ec2_creds(ec2_api, assignment_api, ec2_creds, user_map)
def load_backends(self): """Load the backends needed for uploading domain configs. We only need the resource and domain_config managers, but there are some dependencies which mean we have to load the assignment and identity managers as well. The order of loading the backends is important, since the resource manager depends on the assignment manager, which in turn depends on the identity manager. """ identity.Manager() assignment.Manager() self.resource_manager = resource.Manager() self.domain_config_manager = resource.DomainConfigManager()
def __init__(self, app, **config): super(LdapAuthAuthentication, self).__init__(app) # initialization vector self._iv = '\0' * 16 self.ldap_url = CONF.ldap_pre_auth.url self.user_tree_dn = CONF.ldap_pre_auth.user_tree_dn self.user_attribute_name = CONF.ldap_pre_auth.user_attribute_name self.user = CONF.ldap_pre_auth.user self.password = CONF.ldap_pre_auth.password self.pass_through = CONF.ldap_pre_auth.pass_through self.identity_api = identity.Manager() self.tls_cacertfile = CONF.ldap_pre_auth.tls_cacertfile self.tls_cacertdir = CONF.ldap_pre_auth.tls_cacertdir self.tls_req_cert = CONF.ldap_pre_auth.tls_req_cert self.use_tls = CONF.ldap_pre_auth.use_tls self.user_id_attribute = CONF.ldap_pre_auth.user_id_attribute self.non_ldap_users = CONF.ldap_pre_auth.non_ldap_users using_ldaps = self.ldap_url.lower().startswith("ldaps") if self.use_tls and using_ldaps: raise AssertionError(_('Invalid TLS / LDAPS combination')) if self.tls_cacertfile is not None: if not os.path.isfile(self.tls_cacertfile): raise IOError("tls_cacertfile %s not found or is not a file" % self.tls_cacertfile) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.tls_cacertfile) if self.tls_cacertdir is not None: if not os.path.isdir(self.tls_cacertdir): raise IOError( "tls_cacertdir %s not found or is not a directory" % self.tls_cacertdir) ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, self.tls_cacertdir) if self.tls_req_cert is not None: if self.tls_req_cert in LDAP_TLS_CERTS: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, LDAP_TLS_CERTS[self.tls_req_cert]) else: raise ValueError( 'Invalid LDAP TLS certs option: %s\nChoose one of: %s' % (self.tls_req_cert, LDAP_TLS_CERTS.keys()))
def __init__(self, app, **config): # initialization vector self._iv = '\0' * 16 self.identity_api = identity.Manager() self.assignment_api = assignment.Manager() super(AutoPopulation, self).__init__(app) self.autopop_config = {} #domain_ref = self.identity_api.get_domain( self.identity_api, DEFAULT_DOMAIN_ID) domain_ref = self.identity_api.get_domain(DEFAULT_DOMAIN_ID) self.default_domain = domain_ref['name'] self.common_autopop_config = CONF.auto_population self.log_ldap_config(CONF) self.domain_specific_drivers_enabled = CONF.ldap_pre_auth.domain_specific_drivers_enabled if self.domain_specific_drivers_enabled: domain_config_dir = CONF.ldap_pre_auth.domain_config_dir if not os.path.isdir(domain_config_dir): raise ValueError( 'Domain config directory %s is not a valid path' % domain_config_dir) self._load_domain_config( domain_config_dir) LOG.debug('Initialization complete')
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) cache.apply_invalidation_patch( region=catalog.COMPUTED_CATALOG_REGION, region_name=catalog.COMPUTED_CATALOG_REGION.name) cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION) cache.apply_invalidation_patch( region=assignment.COMPUTED_ASSIGNMENTS_REGION, region_name=assignment.COMPUTED_ASSIGNMENTS_REGION.name) # Ensure that the assignment driver is created before the resource manager. # The default resource driver depends on assignment. _ASSIGNMENT_API = assignment.Manager() DRIVERS = dict(assignment_api=_ASSIGNMENT_API, catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=identity.Manager(), oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.controllers.load_auth_methods() return DRIVERS
def load_backends(): # Configure and build the cache cache.configure_cache() cache.configure_cache(region=catalog.COMPUTED_CATALOG_REGION) cache.configure_cache(region=assignment.COMPUTED_ASSIGNMENTS_REGION) cache.configure_cache(region=revoke.REVOKE_REGION) cache.configure_cache(region=token.provider.TOKENS_REGION) cache.configure_cache(region=identity.ID_MAPPING_REGION) cache.configure_invalidation_region() # NOTE(knikolla): The assignment manager must be instantiated before the # resource manager. The current dictionary ordering ensures that. DRIVERS = dict(assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), credential_provider_api=credential.provider.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=identity.Manager(), shadow_users_api=identity.ShadowUsersManager(), oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager()) auth.core.load_auth_methods() return DRIVERS
def load_backends(): # Configure and build the cache cache.configure_cache_region(cache.REGION) # Ensure that the identity driver is created before the assignment manager. # The default assignment driver is determined by the identity driver, so # the identity driver must be available to the assignment manager. _IDENTITY_API = identity.Manager() DRIVERS = dict( assignment_api=assignment.Manager(), catalog_api=catalog.Manager(), credential_api=credential.Manager(), domain_config_api=resource.DomainConfigManager(), endpoint_filter_api=endpoint_filter.Manager(), endpoint_policy_api=endpoint_policy.Manager(), federation_api=federation.Manager(), id_generator_api=identity.generator.Manager(), id_mapping_api=identity.MappingManager(), identity_api=_IDENTITY_API, oauth_api=oauth1.Manager(), policy_api=policy.Manager(), resource_api=resource.Manager(), revoke_api=revoke.Manager(), role_api=assignment.RoleManager(), token_api=token.persistence.Manager(), trust_api=trust.Manager(), token_provider_api=token.provider.Manager(), # admin_api=moon.AdminManager(), # authz_api=moon.AuthzManager() ) auth.controllers.load_auth_methods() return DRIVERS
def __init__(self, *args, **kwargs): self.identity_api = identity.Manager() self.domain = CONF.identity.default_domain_id or "default" super(CASAuthMiddleware, self).__init__(*args, **kwargs)
from keystone.contrib import ec2 from keystone import controllers from keystone import credential from keystone import identity from keystone import policy from keystone import routers from keystone import token from keystone import trust CONF = config.CONF LOG = logging.getLogger(__name__) DRIVERS = dict(catalog_api=catalog.Manager(), credentials_api=credential.Manager(), ec2_api=ec2.Manager(), identity_api=identity.Manager(), policy_api=policy.Manager(), token_api=token.Manager(), trust_api=trust.Manager()) @logging.fail_gracefully def public_app_factory(global_conf, **local_conf): controllers.register_version('v2.0') conf = global_conf.copy() conf.update(local_conf) return wsgi.ComposingRouter(routes.Mapper(), [ identity.routers.Public(), token.routers.Router(), routers.VersionV2('public'), routers.Extension(False)