示例#1
0
    def __call__(self, env, start_response):
        """Authenticate incoming request."""
        username = env.get('HTTP_X_AUTH_USER')
        password = env.get('HTTP_X_AUTH_KEY')
        # Determine tenant id from path.
        # tenant = env.get('PATH_INFO').split('/')[1]
        # FIXME tenant is user
        tenant = username
        auth_url = env.get('HTTP_X_AUTH_URL')
        if not tenant:
            return self._reject_request(env, start_response, auth_url)
        try:
            ctx = context.RequestContext(
                username=username,
                password=password,
                tenant=tenant,
                auth_url=auth_url,
                is_admin=False
            )
            auth_ref = ctx.auth_plugin.get_access(self.session)
        except (keystone_exceptions.Unauthorized,
                keystone_exceptions.Forbidden,
                keystone_exceptions.NotFound,
                keystone_exceptions.AuthorizationFailure):
            LOG.error(_LE("Context build failed"))
            return self._reject_request(env, start_response, auth_url)
        env.update(self._build_user_headers(auth_ref))

        return self.app(env, start_response)
示例#2
0
 def __init__(self, url=CONF.clients_docker.url):
     self._url = url
     self.container = None
     try:
         self.dc = DC(base_url=self._url)
     except DockerException as e:
         LOG.error(_LE("Docker client error: %s") % e)
         raise e
示例#3
0
    def _create_auth_plugin(self):
        if self.trust_id:
            importutils.import_module('keystonemiddleware.auth_token')
            username = CONF.keystone_authtoken.admin_user
            password = CONF.keystone_authtoken.admin_password

            return v3.Password(username=username,
                               password=password,
                               user_domain_id='default',
                               auth_url=self._keystone_v3_endpoint,
                               trust_id=self.trust_id)

        if self.auth_token_info:
            auth_ref = access.AccessInfo.factory(body=self.auth_token_info,
                                                 auth_token=self.auth_token)
            return access_plugin.AccessInfoPlugin(
                auth_url=self._keystone_v3_endpoint,
                auth_ref=auth_ref)

        if self.auth_token:
            # FIXME(jamielennox): This is broken but consistent. If you
            # only have a token but don't load a service catalog then
            # url_for wont work. Stub with the keystone endpoint so at
            # least it might be right.
            return token_endpoint.Token(
                endpoint=self._keystone_v3_endpoint,
                token=self.auth_token
            )

        if self.password:
            return v3.Password(
                username=self.username,
                password=self.password,
                project_name=self.tenant,
                project_id=self.tenant_id,
                user_domain_id='default',
                project_domain_id='default',
                auth_url=self._keystone_v3_endpoint
            )
        LOG.error(
            _LE("Keystone v3 API connection failed, no password "
                "trust or auth_token!")
        )
        raise exception.AuthorizationFailure()