drydock/drydock_provisioner/util.py
Scott Hussey 1c78477e95 YAPF catchup
Commit a bunch of formatting changes
caught by yapf during the last PS.

Change-Id: I8e3092c8a45fc2bde258b4a873bbfb32bec7ae1d
2017-12-15 15:33:14 -06:00

93 lines
3.0 KiB
Python

# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
"""Utility classes."""
from keystoneauth1 import session
from keystoneauth1.identity import v3
import drydock_provisioner.config as config
class KeystoneUtils(object):
"""Utility methods for using Keystone."""
@staticmethod
def get_session():
"""Get an initialized keystone session.
Authentication is based on the keystone_authtoken section of the config file.
"""
auth_info = dict()
for f in [
'auth_url', 'username', 'password', 'project_id',
'user_domain_name'
]:
auth_info[f] = getattr(config.config_mgr.conf.keystone_authtoken,
f)
auth = v3.Password(**auth_info)
return session.Session(auth=auth)
class NoAuthFilter(object):
"""PasteDeploy filter for NoAuth to be used in testing."""
def __init__(self, app, forged_roles):
self.app = app
self.forged_roles = forged_roles
def __call__(self, environ, start_response):
"""Forge headers to make unauthenticated requests look authenticated.
If the request has a X-AUTH-TOKEN header, assume it is a valid request and
noop. Otherwise forge Keystone middleware headers so the request looks valid
with the configured forged roles.
"""
if 'HTTP_X_AUTH_TOKEN' in environ:
return self.app(environ, start_response)
environ['HTTP_X_IDENTITY_STATUS'] = 'Confirmed'
for envvar in [
'USER_NAME', 'USER_ID', 'USER_DOMAIN_ID', 'PROJECT_ID',
'PROJECT_DOMAIN_NAME'
]:
varname = "HTTP_X_%s" % envvar
environ[varname] = 'noauth'
if self.forged_roles:
if 'admin' in self.forged_roles:
environ['HTTP_X_IS_ADMIN_PROJECT'] = 'True'
else:
environ['HTTP_X_IS_ADMIN_PROJECT'] = 'False'
environ['HTTP_X_ROLES'] = ','.join(self.forged_roles)
else:
environ['HTTP_X_IS_ADMIN_PROJECT'] = 'True'
environ['HTTP_X_ROLES'] = 'admin'
return self.app(environ, start_response)
def noauth_filter_factory(global_conf, forged_roles):
"""Create a NoAuth paste deploy filter
:param forged_roles: A space seperated list for roles to forge on requests
"""
forged_roles = forged_roles.split()
def filter(app):
return NoAuthFilter(app, forged_roles)
return filter