Replace KeyStoneCreds params with X-Auth headers.
Username/password are now in X-Auth-User, X-Auth-Key
This commit is contained in:
parent
8c1931b682
commit
7381f16c2b
|
@ -44,7 +44,7 @@ class EC2Token(wsgi.Middleware):
|
|||
@webob.dec.wsgify(RequestClass=wsgi.Request)
|
||||
def __call__(self, req):
|
||||
# Read request signature and access id.
|
||||
# If we find KeyStoneCreds in the params we ignore a key error
|
||||
# If we find X-Auth-User in the headers we ignore a key error
|
||||
# here so that we can use both authentication methods.
|
||||
# Returning here just means the user didn't supply AWS
|
||||
# authentication and we'll let the app try native keystone next.
|
||||
|
@ -53,7 +53,7 @@ class EC2Token(wsgi.Middleware):
|
|||
signature = req.params['Signature']
|
||||
except KeyError:
|
||||
logger.info("No AWS Signature found.")
|
||||
if 'KeyStoneCreds' in req.params:
|
||||
if 'X-Auth-User' in req.headers:
|
||||
return self.application
|
||||
else:
|
||||
raise exception.HeatIncompleteSignatureError()
|
||||
|
@ -62,7 +62,7 @@ class EC2Token(wsgi.Middleware):
|
|||
access = req.params['AWSAccessKeyId']
|
||||
except KeyError:
|
||||
logger.info("No AWSAccessKeyId found.")
|
||||
if 'KeyStoneCreds' in req.params:
|
||||
if 'X-Auth-User' in req.headers:
|
||||
return self.application
|
||||
else:
|
||||
raise exception.HeatMissingAuthenticationTokenError()
|
||||
|
|
|
@ -39,14 +39,15 @@ class V1Client(base_client.BaseClient):
|
|||
params['Version'] = '2010-05-15'
|
||||
params['SignatureVersion'] = '2'
|
||||
params['SignatureMethod'] = 'HmacSHA256'
|
||||
params['KeyStoneCreds'] = json.dumps(self.creds)
|
||||
|
||||
def stack_request(self, action, method, **kwargs):
|
||||
params = self._extract_params(kwargs, SUPPORTED_PARAMS)
|
||||
self._insert_common_parameters(params)
|
||||
params['Action'] = action
|
||||
headers = {'X-Auth-User': self.creds['username'],
|
||||
'X-Auth-Key': self.creds['password']}
|
||||
|
||||
res = self.do_request(method, "/", params=params)
|
||||
res = self.do_request(method, "/", params=params, headers=headers)
|
||||
doc = etree.fromstring(res.read())
|
||||
return etree.tostring(doc, pretty_print=True)
|
||||
|
||||
|
|
|
@ -16,6 +16,6 @@
|
|||
SUPPORTED_PARAMS = ('StackName', 'TemplateBody', 'TemplateUrl',
|
||||
'NotificationARNs', 'Parameters', 'Version',
|
||||
'SignatureVersion', 'Timestamp', 'AWSAccessKeyId',
|
||||
'Signature', 'KeyStoneCreds', 'TimeoutInMinutes',
|
||||
'Signature', 'TimeoutInMinutes',
|
||||
'LogicalResourceId', 'PhysicalResourceId', 'NextToken',
|
||||
)
|
||||
|
|
|
@ -166,14 +166,12 @@ class ContextMiddleware(wsgi.Middleware):
|
|||
aws_creds = None
|
||||
aws_auth_uri = None
|
||||
|
||||
if headers.get('X-Auth-EC2-Creds') is not None:
|
||||
if headers.get('X-Auth-User') is not None:
|
||||
username = headers.get('X-Auth-User')
|
||||
password = headers.get('X-Auth-Key')
|
||||
elif headers.get('X-Auth-EC2-Creds') is not None:
|
||||
aws_creds = headers.get('X-Auth-EC2-Creds')
|
||||
aws_auth_uri = headers.get('X-Auth-EC2-Url')
|
||||
else:
|
||||
if 'KeyStoneCreds' in req.params:
|
||||
creds = json.loads(req.params['KeyStoneCreds'])
|
||||
username = creds['username']
|
||||
password = creds['password']
|
||||
|
||||
token = headers.get('X-Auth-Token')
|
||||
service_user = headers.get('X-Admin-User')
|
||||
|
|
Loading…
Reference in New Issue