Replace KeyStoneCreds params with X-Auth headers.
Username/password are now in X-Auth-User, X-Auth-Key
This commit is contained in:
parent
8c1931b682
commit
7381f16c2b
|
@ -44,7 +44,7 @@ class EC2Token(wsgi.Middleware):
|
||||||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||||
def __call__(self, req):
|
def __call__(self, req):
|
||||||
# Read request signature and access id.
|
# Read request signature and access id.
|
||||||
# If we find KeyStoneCreds in the params we ignore a key error
|
# If we find X-Auth-User in the headers we ignore a key error
|
||||||
# here so that we can use both authentication methods.
|
# here so that we can use both authentication methods.
|
||||||
# Returning here just means the user didn't supply AWS
|
# Returning here just means the user didn't supply AWS
|
||||||
# authentication and we'll let the app try native keystone next.
|
# authentication and we'll let the app try native keystone next.
|
||||||
|
@ -53,7 +53,7 @@ class EC2Token(wsgi.Middleware):
|
||||||
signature = req.params['Signature']
|
signature = req.params['Signature']
|
||||||
except KeyError:
|
except KeyError:
|
||||||
logger.info("No AWS Signature found.")
|
logger.info("No AWS Signature found.")
|
||||||
if 'KeyStoneCreds' in req.params:
|
if 'X-Auth-User' in req.headers:
|
||||||
return self.application
|
return self.application
|
||||||
else:
|
else:
|
||||||
raise exception.HeatIncompleteSignatureError()
|
raise exception.HeatIncompleteSignatureError()
|
||||||
|
@ -62,7 +62,7 @@ class EC2Token(wsgi.Middleware):
|
||||||
access = req.params['AWSAccessKeyId']
|
access = req.params['AWSAccessKeyId']
|
||||||
except KeyError:
|
except KeyError:
|
||||||
logger.info("No AWSAccessKeyId found.")
|
logger.info("No AWSAccessKeyId found.")
|
||||||
if 'KeyStoneCreds' in req.params:
|
if 'X-Auth-User' in req.headers:
|
||||||
return self.application
|
return self.application
|
||||||
else:
|
else:
|
||||||
raise exception.HeatMissingAuthenticationTokenError()
|
raise exception.HeatMissingAuthenticationTokenError()
|
||||||
|
|
|
@ -39,14 +39,15 @@ class V1Client(base_client.BaseClient):
|
||||||
params['Version'] = '2010-05-15'
|
params['Version'] = '2010-05-15'
|
||||||
params['SignatureVersion'] = '2'
|
params['SignatureVersion'] = '2'
|
||||||
params['SignatureMethod'] = 'HmacSHA256'
|
params['SignatureMethod'] = 'HmacSHA256'
|
||||||
params['KeyStoneCreds'] = json.dumps(self.creds)
|
|
||||||
|
|
||||||
def stack_request(self, action, method, **kwargs):
|
def stack_request(self, action, method, **kwargs):
|
||||||
params = self._extract_params(kwargs, SUPPORTED_PARAMS)
|
params = self._extract_params(kwargs, SUPPORTED_PARAMS)
|
||||||
self._insert_common_parameters(params)
|
self._insert_common_parameters(params)
|
||||||
params['Action'] = action
|
params['Action'] = action
|
||||||
|
headers = {'X-Auth-User': self.creds['username'],
|
||||||
|
'X-Auth-Key': self.creds['password']}
|
||||||
|
|
||||||
res = self.do_request(method, "/", params=params)
|
res = self.do_request(method, "/", params=params, headers=headers)
|
||||||
doc = etree.fromstring(res.read())
|
doc = etree.fromstring(res.read())
|
||||||
return etree.tostring(doc, pretty_print=True)
|
return etree.tostring(doc, pretty_print=True)
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,6 @@
|
||||||
SUPPORTED_PARAMS = ('StackName', 'TemplateBody', 'TemplateUrl',
|
SUPPORTED_PARAMS = ('StackName', 'TemplateBody', 'TemplateUrl',
|
||||||
'NotificationARNs', 'Parameters', 'Version',
|
'NotificationARNs', 'Parameters', 'Version',
|
||||||
'SignatureVersion', 'Timestamp', 'AWSAccessKeyId',
|
'SignatureVersion', 'Timestamp', 'AWSAccessKeyId',
|
||||||
'Signature', 'KeyStoneCreds', 'TimeoutInMinutes',
|
'Signature', 'TimeoutInMinutes',
|
||||||
'LogicalResourceId', 'PhysicalResourceId', 'NextToken',
|
'LogicalResourceId', 'PhysicalResourceId', 'NextToken',
|
||||||
)
|
)
|
||||||
|
|
|
@ -166,14 +166,12 @@ class ContextMiddleware(wsgi.Middleware):
|
||||||
aws_creds = None
|
aws_creds = None
|
||||||
aws_auth_uri = None
|
aws_auth_uri = None
|
||||||
|
|
||||||
if headers.get('X-Auth-EC2-Creds') is not None:
|
if headers.get('X-Auth-User') is not None:
|
||||||
|
username = headers.get('X-Auth-User')
|
||||||
|
password = headers.get('X-Auth-Key')
|
||||||
|
elif headers.get('X-Auth-EC2-Creds') is not None:
|
||||||
aws_creds = headers.get('X-Auth-EC2-Creds')
|
aws_creds = headers.get('X-Auth-EC2-Creds')
|
||||||
aws_auth_uri = headers.get('X-Auth-EC2-Url')
|
aws_auth_uri = headers.get('X-Auth-EC2-Url')
|
||||||
else:
|
|
||||||
if 'KeyStoneCreds' in req.params:
|
|
||||||
creds = json.loads(req.params['KeyStoneCreds'])
|
|
||||||
username = creds['username']
|
|
||||||
password = creds['password']
|
|
||||||
|
|
||||||
token = headers.get('X-Auth-Token')
|
token = headers.get('X-Auth-Token')
|
||||||
service_user = headers.get('X-Admin-User')
|
service_user = headers.get('X-Admin-User')
|
||||||
|
|
Loading…
Reference in New Issue