Merge "Add middleware for external requests"

This commit is contained in:
Jenkins 2015-11-12 14:07:40 +00:00 committed by Gerrit Code Review
commit 5b9fcc2e3e
3 changed files with 67 additions and 1 deletions

View File

@ -38,3 +38,6 @@ paste.filter_factory = oslo_middleware.request_id:RequestId.factory
[filter:ssl] [filter:ssl]
paste.filter_factory = murano.api.middleware.ssl:SSLMiddleware.factory paste.filter_factory = murano.api.middleware.ssl:SSLMiddleware.factory
[filter:ext_context]
paste.filter_factory = murano.api.middleware.ext_context:ExternalContextMiddleware.factory

View File

@ -31,6 +31,7 @@ CONF = cfg.CONF
class ContextMiddleware(wsgi.Middleware): class ContextMiddleware(wsgi.Middleware):
def process_request(self, req): def process_request(self, req):
"""Convert authentication information into a request context """Convert authentication information into a request context
Generate a murano.context.RequestContext object from the available Generate a murano.context.RequestContext object from the available
@ -39,7 +40,6 @@ class ContextMiddleware(wsgi.Middleware):
:param req: wsgi request object that will be given the context object :param req: wsgi request object that will be given the context object
""" """
roles = [r.strip() for r in req.headers.get('X-Roles').split(',')] roles = [r.strip() for r in req.headers.get('X-Roles').split(',')]
kwargs = { kwargs = {
'user': req.headers.get('X-User-Id'), 'user': req.headers.get('X-User-Id'),

View File

@ -0,0 +1,63 @@
# Copyright (c) 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
from keystoneclient import exceptions
from keystoneclient.v3 import client
from oslo_config import cfg
from oslo_log import log
from webob import exc
from murano.common.i18n import _
from murano.common import wsgi
CONF = cfg.CONF
LOG = log.getLogger(__name__)
class ExternalContextMiddleware(wsgi.Middleware):
def get_keystone_token(self, user, password):
keystone = client.Client(username=user,
password=password,
auth_url=CONF.cfapi.auth_url.replace(
'v2.0', 'v3'))
return keystone.auth_token
def process_request(self, req):
"""Get keystone token for external request
This middleware is used for external requests. It get credentials from
request and try to get keystone token for futher authorization.
:param req: wsgi request object that will be given the context object
"""
credentials = base64.b64decode(
req.headers['Authorization'].split(' ')[1])
user, password = credentials.split(':', 2)
try:
req.headers['X-Auth-Token'] = self.get_keystone_token(user,
password)
except exceptions.Unauthorized:
msg = _("Your credentials are wrong. Please try again")
LOG.warning(msg)
raise exc.HTTPUnauthorized(explanation=msg)
@classmethod
def factory(cls, global_conf, **local_conf):
def filter(app):
return cls(app)
return filter