Replace KeyStoneCreds params with X-Auth headers.

Username/password are now in X-Auth-User, X-Auth-Key

heat/api/aws/ec2token.py

@@ -44,7 +44,7 @@ class EC2Token(wsgi.Middleware):
     @webob.dec.wsgify(RequestClass=wsgi.Request)
     def __call__(self, req):
         # Read request signature and access id.
-        # If we find KeyStoneCreds in the params we ignore a key error
+        # If we find X-Auth-User in the headers we ignore a key error
         # here so that we can use both authentication methods.
         # Returning here just means the user didn't supply AWS
         # authentication and we'll let the app try native keystone next.
@@ -53,7 +53,7 @@ class EC2Token(wsgi.Middleware):
             signature = req.params['Signature']
         except KeyError:
             logger.info("No AWS Signature found.")
-            if 'KeyStoneCreds' in req.params:
+            if 'X-Auth-User' in req.headers:
                 return self.application
             else:
                 raise exception.HeatIncompleteSignatureError()
@@ -62,7 +62,7 @@ class EC2Token(wsgi.Middleware):
             access = req.params['AWSAccessKeyId']
         except KeyError:
             logger.info("No AWSAccessKeyId found.")
-            if 'KeyStoneCreds' in req.params:
+            if 'X-Auth-User' in req.headers:
                 return self.application
             else:
                 raise exception.HeatMissingAuthenticationTokenError()

heat/client.py

@@ -39,14 +39,15 @@ class V1Client(base_client.BaseClient):
         params['Version'] = '2010-05-15'
         params['SignatureVersion'] = '2'
         params['SignatureMethod'] = 'HmacSHA256'
-        params['KeyStoneCreds'] = json.dumps(self.creds)
 
     def stack_request(self, action, method, **kwargs):
         params = self._extract_params(kwargs, SUPPORTED_PARAMS)
         self._insert_common_parameters(params)
         params['Action'] = action
+        headers = {'X-Auth-User': self.creds['username'],
+                   'X-Auth-Key': self.creds['password']}
 
-        res = self.do_request(method, "/", params=params)
+        res = self.do_request(method, "/", params=params, headers=headers)
         doc = etree.fromstring(res.read())
         return etree.tostring(doc, pretty_print=True)
 

heat/cloudformation.py

@@ -16,6 +16,6 @@
 SUPPORTED_PARAMS = ('StackName', 'TemplateBody', 'TemplateUrl',
                     'NotificationARNs', 'Parameters', 'Version',
                     'SignatureVersion', 'Timestamp', 'AWSAccessKeyId',
-                    'Signature', 'KeyStoneCreds', 'TimeoutInMinutes',
+                    'Signature', 'TimeoutInMinutes',
                     'LogicalResourceId', 'PhysicalResourceId', 'NextToken',
 )

heat/common/context.py

@@ -166,14 +166,12 @@ class ContextMiddleware(wsgi.Middleware):
             aws_creds = None
             aws_auth_uri = None
 
-            if headers.get('X-Auth-EC2-Creds') is not None:
+            if headers.get('X-Auth-User') is not None:
+                username = headers.get('X-Auth-User')
+                password = headers.get('X-Auth-Key')
+            elif headers.get('X-Auth-EC2-Creds') is not None:
                 aws_creds = headers.get('X-Auth-EC2-Creds')
                 aws_auth_uri = headers.get('X-Auth-EC2-Url')
-            else:
-                if 'KeyStoneCreds' in req.params:
-                    creds = json.loads(req.params['KeyStoneCreds'])
-                    username = creds['username']
-                    password = creds['password']
 
             token = headers.get('X-Auth-Token')
             service_user = headers.get('X-Admin-User')