openstack/heat
Code Issues Proposed changes

Allow authentication to Nova with a Keystone token

Browse Source 
Change-Id: I3ca90169559cc167ff51db5fe47ceec8c917f04b
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This commit is contained in:
Zane Bitter 2012-10-09 12:06:44 +02:00
parent 5f7ccf6129
commit 3e603825a8
1 changed files with 39 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
heat/engine/auth.py
View File

@ -69,29 +69,25 @@ def authenticate(con, service_type='orchestration', service_name='heat'):
username in the context so we can use it to key in the database. username in the context so we can use it to key in the database.
""" """
if con.password is not None: args = {
try: 'project_id': con.tenant,
# Workaround for issues with python-keyring, need no_cache=True 'auth_url': con.auth_url,
# ref https://bugs.launchpad.net/python-novaclient/+bug/1020238 'service_type': service_type,
# TODO(shardy): May be able to remove when the bug above is fixed 'service_name': service_name,
nova = client.Client(username=con.username, }
api_key=con.password,
project_id=con.tenant, if con.auth_token is not None:
auth_url=con.auth_url, credentials = {
service_type=service_type, 'username': con.service_user,
service_name=service_name, 'api_key': con.service_password,
no_cache=True) 'proxy_token': con.auth_token,
except TypeError: 'proxy_tenant_id': con.tenant_id,
# for compatibility with essex, which doesn't have no_cache=True }
# TODO(shardy): remove when we no longer support essex elif con.password is not None:
nova = client.Client(username=con.username, credentials = {
api_key=con.password, 'username': con.username,
project_id=con.tenant, 'api_key': con.password,
auth_url=con.auth_url, }
service_type=service_type,
service_name=service_name)
nova.authenticate()
return nova
else: else:
# We'll have to do AWS style auth which is more complex. # We'll have to do AWS style auth which is more complex.
# First step is to get a token from the AWS creds. # First step is to get a token from the AWS creds.
@ -122,25 +118,23 @@ def authenticate(con, service_type='orchestration', service_name='heat'):
logger.info("AWS authentication failure.") logger.info("AWS authentication failure.")
raise exception.AuthorizationFailure() raise exception.AuthorizationFailure()
credentials = {
'username': con.service_user,
'api_key': con.service_password,
'proxy_token': token_id,
'proxy_tenant_id': con.tenant_id,
}
args.update(credentials)
try: try:
# Workaround for issues with python-keyring, need no_cache=True # Workaround for issues with python-keyring, need no_cache=True
# ref https://bugs.launchpad.net/python-novaclient/+bug/1020238 # ref https://bugs.launchpad.net/python-novaclient/+bug/1020238
# TODO(shardy): May be able to remove when the bug above is fixed # TODO(shardy): May be able to remove when the bug above is fixed
nova = client.Client(con.service_user, con.service_password, nova = client.Client(no_cache=True, **args)
con.tenant, con.auth_url,
proxy_token=token_id,
proxy_tenant_id=con.tenant_id,
service_type=service_type,
service_name=service_name,
no_cache=True)
except TypeError: except TypeError:
# for compatibility with essex, which doesn't have no_cache=True # for compatibility with essex, which doesn't have no_cache=True
# TODO(shardy): remove when we no longer support essex # TODO(shardy): remove when we no longer support essex
nova = client.Client(con.service_user, con.service_password, nova = client.Client(**args)
con.tenant, con.auth_url,
proxy_token=token_id,
proxy_tenant_id=con.tenant_id,
service_type=service_type,
service_name=service_name)
nova.authenticate() nova.authenticate()
return nova return nova