openstack/heat
Code Issues Proposed changes

Allow authentication to Nova with a Keystone token

Browse Source 
Change-Id: I3ca90169559cc167ff51db5fe47ceec8c917f04b
Signed-off-by: Zane Bitter <zbitter@redhat.com>
This commit is contained in:
Zane Bitter 2012-10-09 12:06:44 +02:00
parent 5f7ccf6129
commit 3e603825a8
1 changed files with 39 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
heat/engine/auth.py
View File

@ -69,29 +69,25 @@ def authenticate(con, service_type='orchestration', service_name='heat'):
username in the context so we can use it to key in the database. username in the context so we can use it to key in the database.
""" """
if con.password is not None: args = {
try: 'project_id': con.tenant,
# Workaround for issues with python-keyring, need no_cache=True 'auth_url': con.auth_url,
# ref https://bugs.launchpad.net/python-novaclient/+bug/1020238 'service_type': service_type,
# TODO(shardy): May be able to remove when the bug above is fixed 'service_name': service_name,
nova = client.Client(username=con.username, }
api_key=con.password,
project_id=con.tenant, if con.auth_token is not None:
auth_url=con.auth_url, credentials = {
service_type=service_type, 'username': con.service_user,
service_name=service_name, 'api_key': con.service_password,
no_cache=True) 'proxy_token': con.auth_token,
except TypeError: 'proxy_tenant_id': con.tenant_id,
# for compatibility with essex, which doesn't have no_cache=True }
# TODO(shardy): remove when we no longer support essex elif con.password is not None:
nova = client.Client(username=con.username, credentials = {
api_key=con.password, 'username': con.username,
project_id=con.tenant, 'api_key': con.password,
auth_url=con.auth_url, }
service_type=service_type,
service_name=service_name)
nova.authenticate()
return nova
else: else:
# We'll have to do AWS style auth which is more complex. # We'll have to do AWS style auth which is more complex.
# First step is to get a token from the AWS creds. # First step is to get a token from the AWS creds.
@ -122,25 +118,23 @@ def authenticate(con, service_type='orchestration', service_name='heat'):
logger.info("AWS authentication failure.") logger.info("AWS authentication failure.")
raise exception.AuthorizationFailure() raise exception.AuthorizationFailure()
try: credentials = {
# Workaround for issues with python-keyring, need no_cache=True 'username': con.service_user,
# ref https://bugs.launchpad.net/python-novaclient/+bug/1020238 'api_key': con.service_password,
# TODO(shardy): May be able to remove when the bug above is fixed 'proxy_token': token_id,
nova = client.Client(con.service_user, con.service_password, 'proxy_tenant_id': con.tenant_id,
con.tenant, con.auth_url, }
proxy_token=token_id,
proxy_tenant_id=con.tenant_id, args.update(credentials)
service_type=service_type, try:
service_name=service_name, # Workaround for issues with python-keyring, need no_cache=True
no_cache=True) # ref https://bugs.launchpad.net/python-novaclient/+bug/1020238
except TypeError: # TODO(shardy): May be able to remove when the bug above is fixed
# for compatibility with essex, which doesn't have no_cache=True nova = client.Client(no_cache=True, **args)
# TODO(shardy): remove when we no longer support essex except TypeError:
nova = client.Client(con.service_user, con.service_password, # for compatibility with essex, which doesn't have no_cache=True
con.tenant, con.auth_url, # TODO(shardy): remove when we no longer support essex
proxy_token=token_id, nova = client.Client(**args)
proxy_tenant_id=con.tenant_id,
service_type=service_type, nova.authenticate()
service_name=service_name) return nova
nova.authenticate()
return nova