This patch factors out an authenticate() function for use by both
the heat service authentication and the resource authentication.
This fixes the AWS auth method for creating resources - issue #153.
Change-Id: I134e993263ae6ba4890f56bfbe6a6a3205b7f921
Signed-off-by: Ian Main <imain@redhat.com>
Resolve functions in templates by making a copy of the data rather than
modifying the original. This means that e.g. a resource resolving functions
in its own template data does not result in changes to the data held by the
Stack.
This patch also refactors all of the template resolution methods to operate
using a common parsing algorithm to move through the tree.
Finally, the resources have been worked to load data as it is needed,
rather than requiring external code to put them into the correct state
before using them.
Change-Id: I79eafaefc9ced07b652fac7162aa2edbfa7f547a
Signed-off-by: Zane Bitter <zbitter@redhat.com>
With the new release of pep8 we have some different requirements.
This patch fixes them all.
Change-Id: Ief16becba47007460f8b125907b055aa51de999e
Signed-off-by: Ian Main <imain@redhat.com>
This patch updates the authentication system set up in heat:
- We now authenticate against the 'heat' service at the entry
point to each api call in the engine.
- We are now using the 'Context' class to contain the authentication
information as intended.
- The two context classes are unified and we now use the same one
for both WSGI and RPC. This is the intended design as the
context is loaded by the WSGI middleware and then passed into the
RPC methods.
- We are now doing token authentication in the API that works with
both native keystone and AWS style authentication. That token is
then passed on to the engine for further authentication for various
endpoints.
Note that the heat-api-paste.ini file requires updating in order for
this to work on your system. Admin user and password must be set
properly in the authtoken section in order to perform token based
authentication.
I suspect there will be a few bugs in here yet. This is just part of
the authentication/identification changes we need to make but I wanted
to get this in so we could continue to work with a boto based client.
Change-Id: Ib635ecd3088304e8d51d8e1fc31a8b1bf751caf3
Signed-off-by: Ian Main <imain@redhat.com>
Ian Main
Zane Bitter
Chris Alfonso
Steven Dake
Angus Salkeld