506800208a
The Oslo libraries have moved all of their code out of the 'oslo' namespace package into per-library packages. The namespace package was retained during kilo for backwards compatibility, but will be removed by the liberty-2 milestone. This change removes the use of the namespace package, replacing it with the new package names. The patches in the libraries will be put on hold until application patches have landed, or L2, whichever comes first. At that point, new versions of the libraries without namespace packages will be released as a major version update. Please merge this patch, or an equivalent, before L2 to avoid problems with those library releases. Blueprint: remove-namespace-packages https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages Change-Id: I73addc2c144c76c60f046e83c97e3b6ffe09d879
98 lines
2.5 KiB
Python
98 lines
2.5 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
# Copyright 2013 - Mirantis, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from oslo_config import cfg
|
|
|
|
from mistral import context as auth_ctx
|
|
from mistral.utils.openstack import keystone
|
|
|
|
|
|
CONF = cfg.CONF
|
|
|
|
# Make sure to import 'auth_enable' option before using it.
|
|
# TODO(rakhmerov): Try to find a better solution.
|
|
CONF.import_opt('auth_enable', 'mistral.config', group='pecan')
|
|
|
|
|
|
DEFAULT_PROJECT_ID = "<default-project>"
|
|
|
|
|
|
def get_project_id():
|
|
if CONF.pecan.auth_enable and auth_ctx.has_ctx():
|
|
return auth_ctx.ctx().project_id
|
|
else:
|
|
return DEFAULT_PROJECT_ID
|
|
|
|
|
|
def create_trust():
|
|
client = keystone.client()
|
|
|
|
ctx = auth_ctx.ctx()
|
|
|
|
trustee_id = keystone.client_for_admin(
|
|
CONF.keystone_authtoken.admin_tenant_name).user_id
|
|
|
|
return client.trusts.create(
|
|
trustor_user=client.user_id,
|
|
trustee_user=trustee_id,
|
|
impersonation=True,
|
|
role_names=ctx.roles,
|
|
project=ctx.project_id
|
|
)
|
|
|
|
|
|
def create_context(trust_id, project_id):
|
|
"""Creates Mistral security context.
|
|
|
|
:param trust_id: Trust Id.
|
|
:param project_id: Project Id.
|
|
:return: Mistral security context.
|
|
"""
|
|
if not trust_id:
|
|
return
|
|
|
|
if CONF.pecan.auth_enable:
|
|
client = keystone.client_for_trusts(trust_id)
|
|
|
|
return auth_ctx.MistralContext(
|
|
user_id=client.user_id,
|
|
project_id=project_id,
|
|
auth_token=client.auth_token,
|
|
is_trust_scoped=True,
|
|
)
|
|
|
|
return auth_ctx.MistralContext(
|
|
user_id=None,
|
|
project_id=None,
|
|
auth_token=None,
|
|
is_admin=True
|
|
)
|
|
|
|
|
|
def delete_trust(workbook):
|
|
if not workbook.trust_id:
|
|
return
|
|
|
|
keystone_client = keystone.client_for_trusts(workbook.trust_id)
|
|
keystone_client.trusts.delete(workbook.trust_id)
|
|
|
|
|
|
def add_trust_id(secure_object_values):
|
|
if cfg.CONF.pecan.auth_enable:
|
|
secure_object_values.update({
|
|
'trust_id': create_trust().id
|
|
})
|