Merge "Add middleware for external requests"

etc/murano/murano-paste.ini

@@ -38,3 +38,6 @@ paste.filter_factory = oslo_middleware.request_id:RequestId.factory
 
 [filter:ssl]
 paste.filter_factory = murano.api.middleware.ssl:SSLMiddleware.factory
+
+[filter:ext_context]
+paste.filter_factory = murano.api.middleware.ext_context:ExternalContextMiddleware.factory

murano/api/middleware/context.py

@@ -31,6 +31,7 @@ CONF = cfg.CONF
 
 class ContextMiddleware(wsgi.Middleware):
     def process_request(self, req):
+
         """Convert authentication information into a request context
 
         Generate a murano.context.RequestContext object from the available
@@ -39,7 +40,6 @@ class ContextMiddleware(wsgi.Middleware):
 
         :param req: wsgi request object that will be given the context object
         """
-
         roles = [r.strip() for r in req.headers.get('X-Roles').split(',')]
         kwargs = {
             'user': req.headers.get('X-User-Id'),

murano/api/middleware/ext_context.py

@@ -0,0 +1,63 @@
+#    Copyright (c) 2015 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import base64
+
+from keystoneclient import exceptions
+from keystoneclient.v3 import client
+from oslo_config import cfg
+from oslo_log import log
+from webob import exc
+
+from murano.common.i18n import _
+from murano.common import wsgi
+
+CONF = cfg.CONF
+LOG = log.getLogger(__name__)
+
+
+class ExternalContextMiddleware(wsgi.Middleware):
+    def get_keystone_token(self, user, password):
+        keystone = client.Client(username=user,
+                                 password=password,
+                                 auth_url=CONF.cfapi.auth_url.replace(
+                                     'v2.0', 'v3'))
+        return keystone.auth_token
+
+    def process_request(self, req):
+
+        """Get keystone token for external request
+
+        This middleware is used for external requests. It get credentials from
+        request and try to get keystone token for futher authorization.
+
+        :param req: wsgi request object that will be given the context object
+        """
+
+        credentials = base64.b64decode(
+            req.headers['Authorization'].split(' ')[1])
+        user, password = credentials.split(':', 2)
+        try:
+            req.headers['X-Auth-Token'] = self.get_keystone_token(user,
+                                                                  password)
+        except exceptions.Unauthorized:
+            msg = _("Your credentials are wrong. Please try again")
+            LOG.warning(msg)
+            raise exc.HTTPUnauthorized(explanation=msg)
+
+    @classmethod
+    def factory(cls, global_conf, **local_conf):
+        def filter(app):
+            return cls(app)
+        return filter