Legacy auth fix and doc, wadl, and xsd updates
Change-Id: I3b18b5e4f49f583dccbc283b1ba5f7200b071d0a
This commit is contained in:
parent
ffdd0cd245
commit
932683ab3e
@ -30,7 +30,11 @@
|
||||
<resource id="tokens" path="tokens">
|
||||
<method href="#authenticate" />
|
||||
<resource id="tokenId" path="{tokenId}">
|
||||
<param name="X-Auth-Token" style="header" type="xsd:string" required="true"/>
|
||||
<param name="X-Auth-Token" style="header" type="xsd:string" required="true">
|
||||
<doc>
|
||||
You need an admin token to execute this operation. The token must be valid...
|
||||
</doc>
|
||||
</param>
|
||||
<param name="tokenId" style="template" type="xsd:string"/>
|
||||
<method href="#validateToken"/>
|
||||
<method href="#revokeToken"/>
|
||||
@ -250,6 +254,37 @@
|
||||
</response>
|
||||
</method>
|
||||
|
||||
<method name="HEAD" id="checkToken">
|
||||
<request>
|
||||
</request>
|
||||
<response status="200 203">
|
||||
<representation mediaType="application/xml" element="identity:auth"/>
|
||||
<representation mediaType="application/json"/>
|
||||
</response>
|
||||
<response status="401">
|
||||
<representation mediaType="application/xml" element="identity:unauthorized"/>
|
||||
</response>
|
||||
<response status="403">
|
||||
<representation mediaType="application/xml" element="identity:forbidden"/>
|
||||
<representation mediaType="application/xml" element="identity:userDisabled"/>
|
||||
</response>
|
||||
<response status="400">
|
||||
<representation mediaType="application/xml" element="identity:badRequest"/>
|
||||
</response>
|
||||
<response status="404">
|
||||
<representation mediaType="application/xml" element="identity:itemNotFound"/>
|
||||
</response>
|
||||
<response status="500">
|
||||
<representation mediaType="application/xml" element="identity:identityFault"/>
|
||||
</response>
|
||||
<response status="503">
|
||||
<representation mediaType="application/xml" element="identity:serviceUnavailable"/>
|
||||
</response>
|
||||
<response status="400 401 403 404 500 503">
|
||||
<representation mediaType="application/json"/>
|
||||
</response>
|
||||
</method>
|
||||
|
||||
<method name="DELETE" id="revokeToken">
|
||||
<response status="204"/>
|
||||
<response status="401">
|
||||
@ -370,6 +405,29 @@
|
||||
</response>
|
||||
</method>
|
||||
|
||||
<method name="HEAD" id="checkTenant">
|
||||
<response status="200 203">
|
||||
</response>
|
||||
<response status="401">
|
||||
</response>
|
||||
<response status="403">
|
||||
</response>
|
||||
<response status="400">
|
||||
</response>
|
||||
<response status="404">
|
||||
<representation mediaType="application/xml" element="identity:itemNotFound"/>
|
||||
</response>
|
||||
<response status="500">
|
||||
<representation mediaType="application/xml" element="identity:identityFault"/>
|
||||
</response>
|
||||
<response status="503">
|
||||
<representation mediaType="application/xml" element="identity:serviceUnavailable"/>
|
||||
</response>
|
||||
<response status="400 401 403 404 500 503">
|
||||
<representation mediaType="application/json"/>
|
||||
</response>
|
||||
</method>
|
||||
|
||||
<method name="PUT" id="updateTenant">
|
||||
<request>
|
||||
<representation mediaType="application/xml" element="identity:tenant"/>
|
||||
@ -522,6 +580,34 @@
|
||||
</response>
|
||||
</method>
|
||||
|
||||
<method name="HEAD" id="checkUser">
|
||||
<response status="200 203">
|
||||
<representation mediaType="application/xml" element="identity:user"/>
|
||||
<representation mediaType="application/json"/>
|
||||
</response>
|
||||
<response status="401">
|
||||
<representation mediaType="application/xml" element="identity:unauthorized"/>
|
||||
</response>
|
||||
<response status="403">
|
||||
<representation mediaType="application/xml" element="identity:forbidden"/>
|
||||
</response>
|
||||
<response status="400">
|
||||
<representation mediaType="application/xml" element="identity:badRequest"/>
|
||||
</response>
|
||||
<response status="404">
|
||||
<representation mediaType="application/xml" element="identity:itemNotFound"/>
|
||||
</response>
|
||||
<response status="500">
|
||||
<representation mediaType="application/xml" element="identity:identityFault"/>
|
||||
</response>
|
||||
<response status="503">
|
||||
<representation mediaType="application/xml" element="identity:serviceUnavailable"/>
|
||||
</response>
|
||||
<response status="400 401 403 404 500 503">
|
||||
<representation mediaType="application/json"/>
|
||||
</response>
|
||||
</method>
|
||||
|
||||
<method name="PUT" id="updateUser">
|
||||
<request>
|
||||
<representation mediaType="application/xml" element="identity:tenant"/>
|
||||
|
@ -12,6 +12,34 @@
|
||||
<!-- Elements -->
|
||||
<element name="passwordCredentials" type="identity:PasswordCredentials"/>
|
||||
<element name="auth" type="identity:AuthData"/>
|
||||
<element name="token" type="identity:Token">
|
||||
<annotation>
|
||||
<documentation xml:lang="EN" xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>
|
||||
A token is an arbitrary bit of text that is used to access
|
||||
resources. Each token has a scope which describes which
|
||||
resources are accessible with it. A token may be
|
||||
revoked at anytime and is valid for a finite duration.
|
||||
</p>
|
||||
<p>
|
||||
While Keystone supports token-based authentication in this release,
|
||||
the intention is for it to support additional protocols in the
|
||||
future. The desire is for it to be an integration service, and not
|
||||
a full-fledged identity store and management solution.
|
||||
</p>
|
||||
</documentation>
|
||||
<xsd:appinfo>
|
||||
<xsdxt:samples>
|
||||
<xsdxt:sample>
|
||||
<xsdxt:code type="application/xml" href="../samples/token.xml" />
|
||||
</xsdxt:sample>
|
||||
<xsdxt:sample>
|
||||
<xsdxt:code type="application/json" href="../samples/token.json" />
|
||||
</xsdxt:sample>
|
||||
</xsdxt:samples>
|
||||
</xsd:appinfo>
|
||||
</annotation>
|
||||
</element>
|
||||
|
||||
<!-- Complex Types -->
|
||||
<complexType name="Credentials" abstract="true" />
|
||||
@ -124,8 +152,9 @@
|
||||
xml:lang="EN"
|
||||
xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>
|
||||
The airport code of the region where the endpoint
|
||||
lives.
|
||||
The name of the region where the endpoint
|
||||
lives. Example: airport codes; LHR (UK),
|
||||
STL (Saint Louis)
|
||||
</p>
|
||||
</xsd:documentation>
|
||||
</annotation>
|
||||
@ -147,8 +176,9 @@
|
||||
xml:lang="EN"
|
||||
xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>
|
||||
A service URL, accessible only within the
|
||||
Rackspace Cloud.
|
||||
A service URL, accessible only locally within that
|
||||
cloud (generally over a high bandwidth, low latency,
|
||||
free of charge link).
|
||||
</p>
|
||||
</xsd:documentation>
|
||||
</annotation>
|
||||
@ -159,7 +189,8 @@
|
||||
xml:lang="EN"
|
||||
xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>
|
||||
A service URL used for administration. This may expose
|
||||
An Admin URL (used for administration using privileged
|
||||
calls). This may expose
|
||||
additional functionality not found in the public and
|
||||
internal URL.
|
||||
</p>
|
||||
|
@ -53,22 +53,17 @@ class AuthProtocol(object):
|
||||
print "Starting the %s component" % PROTOCOL_NAME
|
||||
self.conf = conf
|
||||
self.app = app
|
||||
self.start_response = None
|
||||
self.env = None
|
||||
self.request = None
|
||||
|
||||
# Handle 1.0 and 1.1 calls via middleware.
|
||||
# Right now I am treating every call of 1.0 and 1.1 as call
|
||||
# to authenticate
|
||||
def __call__(self, env, start_response):
|
||||
""" Handle incoming request. Transform. And send downstream. """
|
||||
self.start_response = start_response
|
||||
self.env = env
|
||||
self.request = Request(env)
|
||||
request = Request(env)
|
||||
if env['KEYSTONE_API_VERSION'] in ['1.0', '1.1']:
|
||||
params = {"passwordCredentials":
|
||||
{"username": utils.get_auth_user(self.request),
|
||||
"password": utils.get_auth_key(self.request)}}
|
||||
{"username": utils.get_auth_user(request),
|
||||
"password": utils.get_auth_key(request)}}
|
||||
#Make request to keystone
|
||||
new_request = Request.blank('/tokens')
|
||||
new_request.method = 'POST'
|
||||
@ -85,7 +80,7 @@ class AuthProtocol(object):
|
||||
return resp(env, start_response)
|
||||
else:
|
||||
# Other calls pass to downstream WSGI component
|
||||
return self.app(self.env, self.start_response)
|
||||
return self.app(env, start_response)
|
||||
|
||||
def __transform_headers(self, content):
|
||||
"""Transform Keystone auth to legacy headers"""
|
||||
|
Loading…
Reference in New Issue
Block a user