Replace KeyStoneCreds params with X-Auth headers.

Username/password are now in X-Auth-User, X-Auth-Key
10 years ago · 7381f16c2b
parent 8c1931b682
commit 7381f16c2b
4 changed files with 11 additions and 12 deletions
--- a/heat/api/aws/ec2token.py
+++ b/heat/api/aws/ec2token.py
@ -44,7 +44,7 @@ class EC2Token(wsgi.Middleware):
    @webob.dec.wsgify(RequestClass=wsgi.Request)
    def __call__(self, req):
        # Read request signature and access id.
-        # If we find KeyStoneCreds in the params we ignore a key error
+        # If we find X-Auth-User in the headers we ignore a key error
        # here so that we can use both authentication methods.
        # Returning here just means the user didn't supply AWS
        # authentication and we'll let the app try native keystone next.
@ -53,7 +53,7 @@ class EC2Token(wsgi.Middleware):
            signature = req.params['Signature']
        except KeyError:
            logger.info("No AWS Signature found.")
-            if 'KeyStoneCreds' in req.params:
+            if 'X-Auth-User' in req.headers:
                return self.application
            else:
                raise exception.HeatIncompleteSignatureError()
@ -62,7 +62,7 @@ class EC2Token(wsgi.Middleware):
            access = req.params['AWSAccessKeyId']
        except KeyError:
            logger.info("No AWSAccessKeyId found.")
-            if 'KeyStoneCreds' in req.params:
+            if 'X-Auth-User' in req.headers:
                return self.application
            else:
                raise exception.HeatMissingAuthenticationTokenError()
--- a/heat/client.py
+++ b/heat/client.py
@ -39,14 +39,15 @@ class V1Client(base_client.BaseClient):
        params['Version'] = '2010-05-15'
        params['SignatureVersion'] = '2'
        params['SignatureMethod'] = 'HmacSHA256'
-        params['KeyStoneCreds'] = json.dumps(self.creds)

    def stack_request(self, action, method, **kwargs):
        params = self._extract_params(kwargs, SUPPORTED_PARAMS)
        self._insert_common_parameters(params)
        params['Action'] = action
+        headers = {'X-Auth-User': self.creds['username'],
+                   'X-Auth-Key': self.creds['password']}

-        res = self.do_request(method, "/", params=params)
+        res = self.do_request(method, "/", params=params, headers=headers)
        doc = etree.fromstring(res.read())
        return etree.tostring(doc, pretty_print=True)

--- a/heat/cloudformation.py
+++ b/heat/cloudformation.py
@ -16,6 +16,6 @@
 SUPPORTED_PARAMS = ('StackName', 'TemplateBody', 'TemplateUrl',
                    'NotificationARNs', 'Parameters', 'Version',
                    'SignatureVersion', 'Timestamp', 'AWSAccessKeyId',
-                    'Signature', 'KeyStoneCreds', 'TimeoutInMinutes',
+                    'Signature', 'TimeoutInMinutes',
                    'LogicalResourceId', 'PhysicalResourceId', 'NextToken',
 )
--- a/heat/common/context.py
+++ b/heat/common/context.py
@ -166,14 +166,12 @@ class ContextMiddleware(wsgi.Middleware):
            aws_creds = None
            aws_auth_uri = None

-            if headers.get('X-Auth-EC2-Creds') is not None:
+            if headers.get('X-Auth-User') is not None:
+                username = headers.get('X-Auth-User')
+                password = headers.get('X-Auth-Key')
+            elif headers.get('X-Auth-EC2-Creds') is not None:
                aws_creds = headers.get('X-Auth-EC2-Creds')
                aws_auth_uri = headers.get('X-Auth-EC2-Url')
-            else:
-                if 'KeyStoneCreds' in req.params:
-                    creds = json.loads(req.params['KeyStoneCreds'])
-                    username = creds['username']
-                    password = creds['password']

            token = headers.get('X-Auth-Token')
            service_user = headers.get('X-Admin-User')