openstack
/
keystone
Code Issues Proposed changes

Legacy auth fix and doc, wadl, and xsd updates 

Change-Id: I3b18b5e4f49f583dccbc283b1ba5f7200b071d0a
This commit is contained in:
Ziad Sawalha 2011-08-11 19:18:13 -05:00
parent ffdd0cd245
commit 932683ab3e
3 changed files with 127 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
keystone/content/identity.wadl
View File

@ -30,7 +30,11 @@
<resource id="tokens" path="tokens">
<method href="#authenticate" />
<resource id="tokenId" path="{tokenId}">
<param name="X-Auth-Token" style="header" type="xsd:string" required="true"/>
<param name="X-Auth-Token" style="header" type="xsd:string" required="true">
<doc>
You need an admin token to execute this operation. The token must be valid...
</doc>
</param>
<param name="tokenId" style="template" type="xsd:string"/>
<method href="#validateToken"/>
<method href="#revokeToken"/>
@ -250,6 +254,37 @@
</response>
</method>
<method name="HEAD" id="checkToken">
<request>
</request>
<response status="200 203">
<representation mediaType="application/xml" element="identity:auth"/>
<representation mediaType="application/json"/>
</response>
<response status="401">
<representation mediaType="application/xml" element="identity:unauthorized"/>
</response>
<response status="403">
<representation mediaType="application/xml" element="identity:forbidden"/>
<representation mediaType="application/xml" element="identity:userDisabled"/>
</response>
<response status="400">
<representation mediaType="application/xml" element="identity:badRequest"/>
</response>
<response status="404">
<representation mediaType="application/xml" element="identity:itemNotFound"/>
</response>
<response status="500">
<representation mediaType="application/xml" element="identity:identityFault"/>
</response>
<response status="503">
<representation mediaType="application/xml" element="identity:serviceUnavailable"/>
</response>
<response status="400 401 403 404 500 503">
<representation mediaType="application/json"/>
</response>
</method>
<method name="DELETE" id="revokeToken">
<response status="204"/>
<response status="401">
@ -370,6 +405,29 @@
</response>
</method>
<method name="HEAD" id="checkTenant">
<response status="200 203">
</response>
<response status="401">
</response>
<response status="403">
</response>
<response status="400">
</response>
<response status="404">
<representation mediaType="application/xml" element="identity:itemNotFound"/>
</response>
<response status="500">
<representation mediaType="application/xml" element="identity:identityFault"/>
</response>
<response status="503">
<representation mediaType="application/xml" element="identity:serviceUnavailable"/>
</response>
<response status="400 401 403 404 500 503">
<representation mediaType="application/json"/>
</response>
</method>
<method name="PUT" id="updateTenant">
<request>
<representation mediaType="application/xml" element="identity:tenant"/>
@ -522,6 +580,34 @@
</response>
</method>
<method name="HEAD" id="checkUser">
<response status="200 203">
<representation mediaType="application/xml" element="identity:user"/>
<representation mediaType="application/json"/>
</response>
<response status="401">
<representation mediaType="application/xml" element="identity:unauthorized"/>
</response>
<response status="403">
<representation mediaType="application/xml" element="identity:forbidden"/>
</response>
<response status="400">
<representation mediaType="application/xml" element="identity:badRequest"/>
</response>
<response status="404">
<representation mediaType="application/xml" element="identity:itemNotFound"/>
</response>
<response status="500">
<representation mediaType="application/xml" element="identity:identityFault"/>
</response>
<response status="503">
<representation mediaType="application/xml" element="identity:serviceUnavailable"/>
</response>
<response status="400 401 403 404 500 503">
<representation mediaType="application/json"/>
</response>
</method>
<method name="PUT" id="updateUser">
<request>
<representation mediaType="application/xml" element="identity:tenant"/>

41
keystone/content/xsd/token.xsd
View File

@ -12,6 +12,34 @@
<!-- Elements -->
<element name="passwordCredentials" type="identity:PasswordCredentials"/>
<element name="auth" type="identity:AuthData"/>
<element name="token" type="identity:Token">
<annotation>
<documentation xml:lang="EN" xmlns="http://www.w3.org/1999/xhtml">
<p>
A token is an arbitrary bit of text that is used to access
resources. Each token has a scope which describes which
resources are accessible with it. A token may be
revoked at anytime and is valid for a finite duration.
</p>
<p>
While Keystone supports token-based authentication in this release,
the intention is for it to support additional protocols in the
future. The desire is for it to be an integration service, and not
a full-fledged identity store and management solution.
</p>
</documentation>
<xsd:appinfo>
<xsdxt:samples>
         <xsdxt:sample>
           <xsdxt:code type="application/xml" href="../samples/token.xml" />
         </xsdxt:sample>
         <xsdxt:sample>
           <xsdxt:code type="application/json" href="../samples/token.json" />
         </xsdxt:sample>
       </xsdxt:samples>
</xsd:appinfo>
</annotation>
</element>
<!-- Complex Types -->
<complexType name="Credentials" abstract="true" />
@ -124,8 +152,9 @@
xml:lang="EN"
xmlns="http://www.w3.org/1999/xhtml">
<p>
The airport code of the region where the endpoint
lives.
The name of the region where the endpoint
lives. Example: airport codes; LHR (UK),
STL (Saint Louis)
</p>
</xsd:documentation>
</annotation>
@ -147,8 +176,9 @@
xml:lang="EN"
xmlns="http://www.w3.org/1999/xhtml">
<p>
A service URL, accessible only within the
Rackspace Cloud.
A service URL, accessible only locally within that
cloud (generally over a high bandwidth, low latency,
free of charge link).
</p>
</xsd:documentation>
</annotation>
@ -159,7 +189,8 @@
xml:lang="EN"
xmlns="http://www.w3.org/1999/xhtml">
<p>
A service URL used for administration. This may expose
An Admin URL (used for administration using privileged
calls). This may expose
additional functionality not found in the public and
internal URL.
</p>

13
keystone/frontends/legacy_token_auth.py
View File

@ -53,22 +53,17 @@ class AuthProtocol(object):
print "Starting the %s component" % PROTOCOL_NAME
self.conf = conf
self.app = app
self.start_response = None
self.env = None
self.request = None
# Handle 1.0 and 1.1 calls via middleware.
# Right now I am treating every call of 1.0 and 1.1 as call
# to authenticate
def __call__(self, env, start_response):
""" Handle incoming request. Transform. And send downstream. """
self.start_response = start_response
self.env = env
self.request = Request(env)
request = Request(env)
if env['KEYSTONE_API_VERSION'] in ['1.0', '1.1']:
params = {"passwordCredentials":
{"username": utils.get_auth_user(self.request),
"password": utils.get_auth_key(self.request)}}
{"username": utils.get_auth_user(request),
"password": utils.get_auth_key(request)}}
#Make request to keystone
new_request = Request.blank('/tokens')
new_request.method = 'POST'
@ -85,7 +80,7 @@ class AuthProtocol(object):
return resp(env, start_response)
else:
# Other calls pass to downstream WSGI component
return self.app(self.env, self.start_response)
return self.app(env, start_response)
def __transform_headers(self, content):
"""Transform Keystone auth to legacy headers"""