Replace KeyStoneCreds params with X-Auth headers.

Username/password are now in X-Auth-User, X-Auth-Key
changes/40/15540/1
Steve Baker 10 years ago
parent 8c1931b682
commit 7381f16c2b

@ -44,7 +44,7 @@ class EC2Token(wsgi.Middleware):
@webob.dec.wsgify(RequestClass=wsgi.Request)
def __call__(self, req):
# Read request signature and access id.
# If we find KeyStoneCreds in the params we ignore a key error
# If we find X-Auth-User in the headers we ignore a key error
# here so that we can use both authentication methods.
# Returning here just means the user didn't supply AWS
# authentication and we'll let the app try native keystone next.
@ -53,7 +53,7 @@ class EC2Token(wsgi.Middleware):
signature = req.params['Signature']
except KeyError:
logger.info("No AWS Signature found.")
if 'KeyStoneCreds' in req.params:
if 'X-Auth-User' in req.headers:
return self.application
else:
raise exception.HeatIncompleteSignatureError()
@ -62,7 +62,7 @@ class EC2Token(wsgi.Middleware):
access = req.params['AWSAccessKeyId']
except KeyError:
logger.info("No AWSAccessKeyId found.")
if 'KeyStoneCreds' in req.params:
if 'X-Auth-User' in req.headers:
return self.application
else:
raise exception.HeatMissingAuthenticationTokenError()

@ -39,14 +39,15 @@ class V1Client(base_client.BaseClient):
params['Version'] = '2010-05-15'
params['SignatureVersion'] = '2'
params['SignatureMethod'] = 'HmacSHA256'
params['KeyStoneCreds'] = json.dumps(self.creds)
def stack_request(self, action, method, **kwargs):
params = self._extract_params(kwargs, SUPPORTED_PARAMS)
self._insert_common_parameters(params)
params['Action'] = action
headers = {'X-Auth-User': self.creds['username'],
'X-Auth-Key': self.creds['password']}
res = self.do_request(method, "/", params=params)
res = self.do_request(method, "/", params=params, headers=headers)
doc = etree.fromstring(res.read())
return etree.tostring(doc, pretty_print=True)

@ -16,6 +16,6 @@
SUPPORTED_PARAMS = ('StackName', 'TemplateBody', 'TemplateUrl',
'NotificationARNs', 'Parameters', 'Version',
'SignatureVersion', 'Timestamp', 'AWSAccessKeyId',
'Signature', 'KeyStoneCreds', 'TimeoutInMinutes',
'Signature', 'TimeoutInMinutes',
'LogicalResourceId', 'PhysicalResourceId', 'NextToken',
)

@ -166,14 +166,12 @@ class ContextMiddleware(wsgi.Middleware):
aws_creds = None
aws_auth_uri = None
if headers.get('X-Auth-EC2-Creds') is not None:
if headers.get('X-Auth-User') is not None:
username = headers.get('X-Auth-User')
password = headers.get('X-Auth-Key')
elif headers.get('X-Auth-EC2-Creds') is not None:
aws_creds = headers.get('X-Auth-EC2-Creds')
aws_auth_uri = headers.get('X-Auth-EC2-Url')
else:
if 'KeyStoneCreds' in req.params:
creds = json.loads(req.params['KeyStoneCreds'])
username = creds['username']
password = creds['password']
token = headers.get('X-Auth-Token')
service_user = headers.get('X-Admin-User')

Loading…
Cancel
Save