deb-mistral/mistral/services/security.py
Rinat Sabitov 0a8fd07a0e Fixed lack of context for triggers
If set auth_enable to false in Mistral config keystone would not be used. So
triggers would not get a trust_id. Without this id context is not assigned.

Change-Id: I6d7d99da08cd78c1db83afff6fb79d37816f99ff
Closes-Bug: #1473980
2015-08-19 13:32:59 +03:00

96 lines
2.5 KiB
Python

# -*- coding: utf-8 -*-
#
# Copyright 2013 - Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from oslo_config import cfg
from mistral import context as auth_ctx
from mistral.utils.openstack import keystone
CONF = cfg.CONF
# Make sure to import 'auth_enable' option before using it.
# TODO(rakhmerov): Try to find a better solution.
CONF.import_opt('auth_enable', 'mistral.config', group='pecan')
DEFAULT_PROJECT_ID = "<default-project>"
def get_project_id():
if CONF.pecan.auth_enable and auth_ctx.has_ctx():
return auth_ctx.ctx().project_id
else:
return DEFAULT_PROJECT_ID
def create_trust():
client = keystone.client()
ctx = auth_ctx.ctx()
trustee_id = keystone.client_for_admin(
CONF.keystone_authtoken.admin_tenant_name).user_id
return client.trusts.create(
trustor_user=client.user_id,
trustee_user=trustee_id,
impersonation=True,
role_names=ctx.roles,
project=ctx.project_id
)
def create_context(trust_id, project_id):
"""Creates Mistral security context.
:param trust_id: Trust Id.
:param project_id: Project Id.
:return: Mistral security context.
"""
if CONF.pecan.auth_enable:
client = keystone.client_for_trusts(trust_id)
return auth_ctx.MistralContext(
user_id=client.user_id,
project_id=project_id,
auth_token=client.auth_token,
is_trust_scoped=True,
)
return auth_ctx.MistralContext(
user_id=None,
project_id=None,
auth_token=None,
is_admin=True
)
def delete_trust(workbook):
if not workbook.trust_id:
return
keystone_client = keystone.client_for_trusts(workbook.trust_id)
keystone_client.trusts.delete(workbook.trust_id)
def add_trust_id(secure_object_values):
if cfg.CONF.pecan.auth_enable:
secure_object_values.update({
'trust_id': create_trust().id
})