keystone : Use Ec2Signer utility class from keystoneclient
The Ec2Signer class has been moved to python-keystoneclient, so we can remove the internal implementation and import the keystoneclient version blueprint ec2signer-to-keystoneclient Change-Id: I19d8575ab8b972467ce280a6197ae762da1ce790
This commit is contained in:
parent
ac2fb0f861
commit
39f12606a2
|
@ -18,14 +18,11 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import base64
|
|
||||||
import hashlib
|
import hashlib
|
||||||
import hmac
|
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
import subprocess
|
import subprocess
|
||||||
import time
|
import time
|
||||||
import urllib
|
|
||||||
|
|
||||||
import passlib.hash
|
import passlib.hash
|
||||||
|
|
||||||
|
@ -70,83 +67,6 @@ class SmarterEncoder(json.JSONEncoder):
|
||||||
return super(SmarterEncoder, self).default(obj)
|
return super(SmarterEncoder, self).default(obj)
|
||||||
|
|
||||||
|
|
||||||
class Ec2Signer(object):
|
|
||||||
"""Hacked up code from boto/connection.py"""
|
|
||||||
|
|
||||||
def __init__(self, secret_key):
|
|
||||||
secret_key = secret_key.encode()
|
|
||||||
self.hmac = hmac.new(secret_key, digestmod=hashlib.sha1)
|
|
||||||
if hashlib.sha256:
|
|
||||||
self.hmac_256 = hmac.new(secret_key, digestmod=hashlib.sha256)
|
|
||||||
|
|
||||||
def generate(self, credentials):
|
|
||||||
"""Generate auth string according to what SignatureVersion is given."""
|
|
||||||
if credentials['params']['SignatureVersion'] == '0':
|
|
||||||
return self._calc_signature_0(credentials['params'])
|
|
||||||
if credentials['params']['SignatureVersion'] == '1':
|
|
||||||
return self._calc_signature_1(credentials['params'])
|
|
||||||
if credentials['params']['SignatureVersion'] == '2':
|
|
||||||
return self._calc_signature_2(credentials['params'],
|
|
||||||
credentials['verb'],
|
|
||||||
credentials['host'],
|
|
||||||
credentials['path'])
|
|
||||||
raise Exception(_('Unknown Signature Version: %s') %
|
|
||||||
credentials['params']['SignatureVersion'])
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def _get_utf8_value(value):
|
|
||||||
"""Get the UTF8-encoded version of a value."""
|
|
||||||
if not isinstance(value, str) and not isinstance(value, unicode):
|
|
||||||
value = str(value)
|
|
||||||
if isinstance(value, unicode):
|
|
||||||
return value.encode('utf-8')
|
|
||||||
else:
|
|
||||||
return value
|
|
||||||
|
|
||||||
def _calc_signature_0(self, params):
|
|
||||||
"""Generate AWS signature version 0 string."""
|
|
||||||
s = params['Action'] + params['Timestamp']
|
|
||||||
self.hmac.update(s)
|
|
||||||
return base64.b64encode(self.hmac.digest())
|
|
||||||
|
|
||||||
def _calc_signature_1(self, params):
|
|
||||||
"""Generate AWS signature version 1 string."""
|
|
||||||
keys = params.keys()
|
|
||||||
keys.sort(cmp=lambda x, y: cmp(x.lower(), y.lower()))
|
|
||||||
for key in keys:
|
|
||||||
self.hmac.update(key)
|
|
||||||
val = self._get_utf8_value(params[key])
|
|
||||||
self.hmac.update(val)
|
|
||||||
return base64.b64encode(self.hmac.digest())
|
|
||||||
|
|
||||||
def _calc_signature_2(self, params, verb, server_string, path):
|
|
||||||
"""Generate AWS signature version 2 string."""
|
|
||||||
LOG.debug(_('using _calc_signature_2'))
|
|
||||||
string_to_sign = '%s\n%s\n%s\n' % (verb, server_string, path)
|
|
||||||
if self.hmac_256:
|
|
||||||
current_hmac = self.hmac_256
|
|
||||||
params['SignatureMethod'] = 'HmacSHA256'
|
|
||||||
else:
|
|
||||||
current_hmac = self.hmac
|
|
||||||
params['SignatureMethod'] = 'HmacSHA1'
|
|
||||||
keys = params.keys()
|
|
||||||
keys.sort()
|
|
||||||
pairs = []
|
|
||||||
for key in keys:
|
|
||||||
val = self._get_utf8_value(params[key])
|
|
||||||
val = urllib.quote(val, safe='-_~')
|
|
||||||
pairs.append(urllib.quote(key, safe='') + '=' + val)
|
|
||||||
qs = '&'.join(pairs)
|
|
||||||
LOG.debug(_('query string: %s'), qs)
|
|
||||||
string_to_sign += qs
|
|
||||||
LOG.debug(_('string_to_sign: %s'), string_to_sign)
|
|
||||||
current_hmac.update(string_to_sign)
|
|
||||||
b64 = base64.b64encode(current_hmac.digest())
|
|
||||||
LOG.debug(_('len(b64)=%d'), len(b64))
|
|
||||||
LOG.debug(_('base64 encoded digest: %s'), b64)
|
|
||||||
return b64
|
|
||||||
|
|
||||||
|
|
||||||
def trunc_password(password):
|
def trunc_password(password):
|
||||||
"""Truncate passwords to the MAX_PASSWORD_LENGTH."""
|
"""Truncate passwords to the MAX_PASSWORD_LENGTH."""
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -36,6 +36,8 @@ glance to list images needed to perform the requested task.
|
||||||
|
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
|
from keystoneclient.contrib.ec2 import utils as ec2_utils
|
||||||
|
|
||||||
from keystone.common import controller
|
from keystone.common import controller
|
||||||
from keystone.common import dependency
|
from keystone.common import dependency
|
||||||
from keystone.common import manager
|
from keystone.common import manager
|
||||||
|
@ -98,7 +100,7 @@ class Ec2Extension(wsgi.ExtensionRouter):
|
||||||
@dependency.requires('catalog_api', 'ec2_api')
|
@dependency.requires('catalog_api', 'ec2_api')
|
||||||
class Ec2Controller(controller.V2Controller):
|
class Ec2Controller(controller.V2Controller):
|
||||||
def check_signature(self, creds_ref, credentials):
|
def check_signature(self, creds_ref, credentials):
|
||||||
signer = utils.Ec2Signer(creds_ref['secret'])
|
signer = ec2_utils.Ec2Signer(creds_ref['secret'])
|
||||||
signature = signer.generate(credentials)
|
signature = signer.generate(credentials)
|
||||||
if utils.auth_str_equal(credentials['signature'], signature):
|
if utils.auth_str_equal(credentials['signature'], signature):
|
||||||
return
|
return
|
||||||
|
|
|
@ -11,5 +11,5 @@ sqlalchemy-migrate>=0.7.2
|
||||||
passlib
|
passlib
|
||||||
lxml
|
lxml
|
||||||
iso8601>=0.1.4
|
iso8601>=0.1.4
|
||||||
python-keystoneclient>=0.2,<0.3
|
python-keystoneclient>=0.2.1,<0.3
|
||||||
http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b4.tar.gz#egg=oslo-config
|
http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b4.tar.gz#egg=oslo-config
|
||||||
|
|
Loading…
Reference in New Issue