Allow insecure authentication
Pass through the value of OPENSTACK_SSL_NO_VERIFY from settings.py to
keystoneclient. This allows connecting to servers with self-signed or
otherwise invalid certificates for testing purposes. It extends commit 8759ad4804
This commit is contained in:
Łukasz Oleś
@@ -2,6 +2,7 @@ import hashlib
|
|||||||
import logging
|
import logging
|
||||||
|
|
||||||
from django.contrib.auth.models import AnonymousUser
|
from django.contrib.auth.models import AnonymousUser
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
from keystoneclient.v2_0 import client as keystone_client
|
from keystoneclient.v2_0 import client as keystone_client
|
||||||
from keystoneclient import exceptions as keystone_exceptions
|
from keystoneclient import exceptions as keystone_exceptions
|
||||||
@@ -118,13 +119,16 @@ class User(AnonymousUser):
|
|||||||
@property
|
@property
|
||||||
def authorized_tenants(self):
|
def authorized_tenants(self):
|
||||||
""" Returns a memoized list of tenants this user may access. """
|
""" Returns a memoized list of tenants this user may access. """
|
||||||
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
|
|
||||||
if self.is_authenticated() and self._authorized_tenants is None:
|
if self.is_authenticated() and self._authorized_tenants is None:
|
||||||
endpoint = self.endpoint
|
endpoint = self.endpoint
|
||||||
token = self.token
|
token = self.token
|
||||||
try:
|
try:
|
||||||
client = keystone_client.Client(username=self.username,
|
client = keystone_client.Client(username=self.username,
|
||||||
auth_url=endpoint,
|
auth_url=endpoint,
|
||||||
token=token.id)
|
token=token.id,
|
||||||
|
insecure=insecure)
|
||||||
self._authorized_tenants = client.tenants.list()
|
self._authorized_tenants = client.tenants.list()
|
||||||
except (keystone_exceptions.ClientException,
|
except (keystone_exceptions.ClientException,
|
||||||
keystone_exceptions.AuthorizationFailure):
|
keystone_exceptions.AuthorizationFailure):
|
||||||
|
|||||||
@@ -80,12 +80,14 @@ def logout(request):
|
|||||||
|
|
||||||
|
|
||||||
def delete_all_tokens(token_list):
|
def delete_all_tokens(token_list):
|
||||||
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
for token_tuple in token_list:
|
for token_tuple in token_list:
|
||||||
try:
|
try:
|
||||||
endpoint = token_tuple[0]
|
endpoint = token_tuple[0]
|
||||||
token = token_tuple[1]
|
token = token_tuple[1]
|
||||||
client = keystone_client.Client(endpoint=endpoint,
|
client = keystone_client.Client(endpoint=endpoint,
|
||||||
token=token)
|
token=token,
|
||||||
|
insecure=insecure)
|
||||||
client.tokens.delete(token=token)
|
client.tokens.delete(token=token)
|
||||||
except keystone_exceptions.ClientException as e:
|
except keystone_exceptions.ClientException as e:
|
||||||
LOG.info('Could not delete token')
|
LOG.info('Could not delete token')
|
||||||
@@ -96,8 +98,10 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
|
|||||||
""" Switches an authenticated user from one tenant to another. """
|
""" Switches an authenticated user from one tenant to another. """
|
||||||
LOG.debug('Switching to tenant %s for user "%s".'
|
LOG.debug('Switching to tenant %s for user "%s".'
|
||||||
% (tenant_id, request.user.username))
|
% (tenant_id, request.user.username))
|
||||||
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||||
endpoint = request.user.endpoint
|
endpoint = request.user.endpoint
|
||||||
client = keystone_client.Client(endpoint=endpoint)
|
client = keystone_client.Client(endpoint=endpoint,
|
||||||
|
insecure=insecure)
|
||||||
try:
|
try:
|
||||||
token = client.tokens.authenticate(tenant_id=tenant_id,
|
token = client.tokens.authenticate(tenant_id=tenant_id,
|
||||||
token=request.user.token.id)
|
token=request.user.token.id)
|
||||||
|
|||||||
Reference in New Issue
Block a user