def request(self, url, method, **kwargs):
endpoint_filter = kwargs.setdefault('endpoint_filter', {})
self._set_endpoint_filter_kwargs(endpoint_filter)
if self.endpoint_override:
kwargs.setdefault('endpoint_override', self.endpoint_override)
if self.auth:
kwargs.setdefault('auth', self.auth)
if self.user_agent:
kwargs.setdefault('user_agent', self.user_agent)
if self.connect_retries is not None:
kwargs.setdefault('connect_retries', self.connect_retries)
if self.logger:
kwargs.setdefault('logger', self.logger)
if isinstance(self.session, Session):
if self.user_agent:
span_service_name = self.user_agent
else:
span_service_name = "unknown user_agent"
if self.service_type:
span_name = self.service_type
else:
span_name = "unknown sevice_type"
span_host = tomograph.getHost()
ser_name = "%s[%s]" % (span_service_name, span_name)
tomograph.start_http_h(ser_name, span_name, kwargs["headers"], span_host, 0)
tomograph.add_trace_info_header(kwargs["headers"])
ret = self.session.request(url, method, **kwargs)
tomograph.stop(span_name)
return ret
else:
return self.session.request(url, method, **kwargs)
def request(self, url, method, **kwargs):
endpoint_filter = kwargs.setdefault('endpoint_filter', {})
self._set_endpoint_filter_kwargs(endpoint_filter)
if self.endpoint_override:
kwargs.setdefault('endpoint_override', self.endpoint_override)
if self.auth:
kwargs.setdefault('auth', self.auth)
if self.user_agent:
kwargs.setdefault('user_agent', self.user_agent)
if self.connect_retries is not None:
kwargs.setdefault('connect_retries', self.connect_retries)
if self.logger:
kwargs.setdefault('logger', self.logger)
if isinstance(self.session, Session):
if self.user_agent:
span_service_name = self.user_agent
else:
span_service_name = "unknown user_agent"
if self.service_type:
span_name = self.service_type
else:
span_name = "unknown sevice_type"
span_host = tomograph.getHost()
ser_name = "%s[%s]" % (span_service_name, span_name)
tomograph.start_http_h(ser_name, span_name, kwargs["headers"],
span_host, 0)
tomograph.add_trace_info_header(kwargs["headers"])
ret = self.session.request(url, method, **kwargs)
tomograph.stop(span_name)
return ret
else:
return self.session.request(url, method, **kwargs)
def process_request(self, request):
"""Process request.
Evaluate the headers in a request and attempt to authenticate the
request against the identity server. If authenticated then additional
headers are added to the request for use by applications. If not
authenticated the request will be rejected or marked unauthenticated
depending on configuration.
"""
# pdb.set_trace()
tomograph.start_http(
"keystonemiddleware.auth_token.AuthProtocol[process_request]",
"process_request", request)
tomograph.add_trace_info_header(request.headers)
self._token_cache.initialize(request.environ)
resp = super(AuthProtocol, self).process_request(request)
tomograph.stop("process_request")
if resp:
return resp
if not request.user_token:
# if no user token is present then that's an invalid request
request.user_token_valid = False
# NOTE(jamielennox): The service status is allowed to be missing if a
# service token is not passed. If the service status is missing that's
# a valid request. We should find a better way to expose this from the
# request object.
user_status = request.user_token and request.user_token_valid
service_status = request.headers.get('X-Service-Identity-Status',
'Confirmed')
if not (user_status and service_status == 'Confirmed'):
if self._delay_auth_decision:
self.log.info(_LI('Deferring reject downstream'))
else:
self.log.info(_LI('Rejecting request'))
self._reject_request()
if request.user_token_valid:
request.set_user_headers(request.token_auth._user_auth_ref,
self._include_service_catalog)
if request.service_token and request.service_token_valid:
request.set_service_headers(request.token_auth._serv_auth_ref)
if self.log.isEnabledFor(logging.DEBUG):
self.log.debug('Received request from %s',
request.token_auth._log_format)
def process_request(self, request):
"""Process request.
Evaluate the headers in a request and attempt to authenticate the
request against the identity server. If authenticated then additional
headers are added to the request for use by applications. If not
authenticated the request will be rejected or marked unauthenticated
depending on configuration.
"""
# pdb.set_trace()
tomograph.start_http("keystonemiddleware.auth_token.AuthProtocol[process_request]", "process_request", request)
tomograph.add_trace_info_header(request.headers)
self._token_cache.initialize(request.environ)
resp = super(AuthProtocol, self).process_request(request)
tomograph.stop("process_request")
if resp:
return resp
if not request.user_token:
# if no user token is present then that's an invalid request
request.user_token_valid = False
# NOTE(jamielennox): The service status is allowed to be missing if a
# service token is not passed. If the service status is missing that's
# a valid request. We should find a better way to expose this from the
# request object.
user_status = request.user_token and request.user_token_valid
service_status = request.headers.get("X-Service-Identity-Status", "Confirmed")
if not (user_status and service_status == "Confirmed"):
if self._delay_auth_decision:
self.log.info(_LI("Deferring reject downstream"))
else:
self.log.info(_LI("Rejecting request"))
self._reject_request()
if request.user_token_valid:
request.set_user_headers(request.token_auth._user_auth_ref, self._include_service_catalog)
if request.service_token and request.service_token_valid:
request.set_service_headers(request.token_auth._serv_auth_ref)
if self.log.isEnabledFor(logging.DEBUG):
self.log.debug("Received request from %s", request.token_auth._log_format)
def __init__(self, endpoint, **kwargs):
self.endpoint = endpoint
self.identity_headers = kwargs.get('identity_headers')
self.auth_token = kwargs.get('token')
if self.identity_headers:
if self.identity_headers.get('X-Auth-Token'):
self.auth_token = self.identity_headers.get('X-Auth-Token')
del self.identity_headers['X-Auth-Token']
self.session = requests.Session()
self.session.headers["User-Agent"] = USER_AGENT
if self.auth_token:
self.session.headers["X-Auth-Token"] = self.auth_token
self.timeout = float(kwargs.get('timeout', 600))
if self.endpoint.startswith("https"):
compression = kwargs.get('ssl_compression', True)
if compression is False:
# Note: This is not seen by default. (python must be
# run with -Wd)
warnings.warn(
'The "ssl_compression" argument has been '
'deprecated.', DeprecationWarning)
if kwargs.get('insecure', False) is True:
self.session.verify = False
else:
if kwargs.get('cacert', None) is not '':
self.session.verify = kwargs.get('cacert', True)
self.session.cert = (kwargs.get('cert_file'),
kwargs.get('key_file'))
span_host = tomograph.getHost()
span_name = "HTTPClient"
ser_name = "%s[%s]" % (USER_AGENT, span_name)
tomograph.start_http_h(ser_name, span_name, self.session.headers,
span_host, 0)
tomograph.add_trace_info_header(self.session.headers)
tomograph.stop(span_name)
def __init__(self, endpoint, **kwargs):
self.endpoint = endpoint
self.identity_headers = kwargs.get("identity_headers")
self.auth_token = kwargs.get("token")
if self.identity_headers:
if self.identity_headers.get("X-Auth-Token"):
self.auth_token = self.identity_headers.get("X-Auth-Token")
del self.identity_headers["X-Auth-Token"]
self.session = requests.Session()
self.session.headers["User-Agent"] = USER_AGENT
if self.auth_token:
self.session.headers["X-Auth-Token"] = self.auth_token
self.timeout = float(kwargs.get("timeout", 600))
if self.endpoint.startswith("https"):
compression = kwargs.get("ssl_compression", True)
if compression is False:
# Note: This is not seen by default. (python must be
# run with -Wd)
warnings.warn('The "ssl_compression" argument has been ' "deprecated.", DeprecationWarning)
if kwargs.get("insecure", False) is True:
self.session.verify = False
else:
if kwargs.get("cacert", None) is not "":
self.session.verify = kwargs.get("cacert", True)
self.session.cert = (kwargs.get("cert_file"), kwargs.get("key_file"))
span_host = tomograph.getHost()
span_name = "HTTPClient"
ser_name = "%s[%s]" % (USER_AGENT, span_name)
tomograph.start_http_h(ser_name, span_name, self.session.headers, span_host, 0)
tomograph.add_trace_info_header(self.session.headers)
tomograph.stop(span_name)
