Remove service _user, _password, _tenant from context
These are not currently used anywhere in heat-engine, and I'm not comfortable with the service password going over the (controller) network. If heat-engine needs access to these in the future then they can always be configured in heat-engine.conf, or the operation can be performed in the api and the results put into the context. Change-Id: I81aab6b5a2c9aa7d6412531f70108857cbfa637b
This commit is contained in:
Steve Baker
parent
419a3d953e
commit
a25804014b
@ -29,9 +29,6 @@ class AuthProtocol(auth_token.AuthProtocol):
|
||||
def _build_user_headers(self, token_info):
|
||||
rval = super(AuthProtocol, self)._build_user_headers(token_info)
|
||||
rval['X-Auth-Url'] = self.auth_uri
|
||||
rval['X-Admin-User'] = self.admin_user
|
||||
rval['X-Admin-Pass'] = self.admin_password
|
||||
rval['X-Admin-Tenant-Name'] = self.admin_tenant_name
|
||||
return rval
|
||||
|
||||
|
||||
|
||||
@ -34,9 +34,7 @@ class RequestContext(object):
|
||||
"""
|
||||
|
||||
def __init__(self, auth_token=None, username=None, password=None,
|
||||
aws_creds=None, aws_auth_uri=None,
|
||||
service_user=None, service_password=None,
|
||||
service_tenant=None, tenant=None,
|
||||
aws_creds=None, aws_auth_uri=None, tenant=None,
|
||||
tenant_id=None, auth_url=None, roles=None, is_admin=False,
|
||||
read_only=False, show_deleted=False,
|
||||
owner_is_tenant=True, overwrite=True, **kwargs):
|
||||
@ -53,9 +51,6 @@ class RequestContext(object):
|
||||
self.password = password
|
||||
self.aws_creds = aws_creds
|
||||
self.aws_auth_uri = aws_auth_uri
|
||||
self.service_user = service_user
|
||||
self.service_password = service_password
|
||||
self.service_tenant = service_tenant
|
||||
self.tenant = tenant
|
||||
self.tenant_id = tenant_id
|
||||
self.auth_url = auth_url
|
||||
@ -83,9 +78,6 @@ class RequestContext(object):
|
||||
'password': self.password,
|
||||
'aws_creds': self.aws_creds,
|
||||
'aws_auth_uri': self.aws_auth_uri,
|
||||
'service_user': self.service_user,
|
||||
'service_password': self.service_password,
|
||||
'service_tenant': self.service_tenant,
|
||||
'tenant': self.tenant,
|
||||
'tenant_id': self.tenant_id,
|
||||
'auth_url': self.auth_url,
|
||||
@ -180,9 +172,6 @@ class ContextMiddleware(wsgi.Middleware):
|
||||
aws_auth_uri = headers.get('X-Auth-EC2-Url')
|
||||
|
||||
token = headers.get('X-Auth-Token')
|
||||
service_user = headers.get('X-Admin-User')
|
||||
service_password = headers.get('X-Admin-Pass')
|
||||
service_tenant = headers.get('X-Admin-Tenant-Name')
|
||||
tenant = headers.get('X-Tenant-Name')
|
||||
tenant_id = headers.get('X-Tenant-Id')
|
||||
auth_url = headers.get('X-Auth-Url')
|
||||
@ -199,9 +188,6 @@ class ContextMiddleware(wsgi.Middleware):
|
||||
aws_auth_uri=aws_auth_uri,
|
||||
username=username,
|
||||
password=password,
|
||||
service_user=service_user,
|
||||
service_password=service_password,
|
||||
service_tenant=service_tenant,
|
||||
auth_url=auth_url, roles=roles,
|
||||
is_admin=True)
|
||||
|
||||
|
||||
@ -207,7 +207,6 @@ def user_creds_create(context):
|
||||
user_creds_ref = models.UserCreds()
|
||||
user_creds_ref.update(values)
|
||||
user_creds_ref.password = crypt.encrypt(values['password'])
|
||||
user_creds_ref.service_password = crypt.encrypt(values['service_password'])
|
||||
user_creds_ref.aws_creds = crypt.encrypt(values['aws_creds'])
|
||||
user_creds_ref.save(_session(context))
|
||||
return user_creds_ref
|
||||
@ -219,7 +218,6 @@ def user_creds_get(user_creds_id):
|
||||
# or it can be committed back to the DB in decrypted form
|
||||
result = dict(db_result)
|
||||
result['password'] = crypt.decrypt(result['password'])
|
||||
result['service_password'] = crypt.decrypt(result['service_password'])
|
||||
result['aws_creds'] = crypt.decrypt(result['aws_creds'])
|
||||
return result
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user