Merge "Replace httplib.HTTPSConnection in ec2_token"

This commit is contained in:
Jenkins 2014-03-17 22:01:19 +00:00 committed by Gerrit Code Review
commit d6f995be48
2 changed files with 42 additions and 14 deletions
etc
keystone/middleware

@ -309,6 +309,22 @@
# URL to get token from ec2 request. (string value)
#keystone_ec2_url=http://localhost:5000/v2.0/ec2tokens
# Required if EC2 server requires client certificate. (string
# value)
#keystone_ec2_keyfile=<None>
# Client certificate key filename. Required if EC2 server
# requires client certificate. (string value)
#keystone_ec2_certfile=<None>
# A PEM encoded certificate authority to use when verifying
# HTTPS connections. Defaults to the system CAs. (string
# value)
#keystone_ec2_cafile=<None>
# Disable SSL certificate verification. (boolean value)
#keystone_ec2_insecure=false
#
# Options defined in keystone.openstack.common.eventlet_backdoor

@ -20,9 +20,8 @@ Starting point for routing EC2 requests.
"""
from eventlet.green import httplib
from oslo.config import cfg
from six.moves import urllib
import requests
import webob.dec
import webob.exc
@ -34,6 +33,16 @@ keystone_ec2_opts = [
cfg.StrOpt('keystone_ec2_url',
default='http://localhost:5000/v2.0/ec2tokens',
help='URL to get token from ec2 request.'),
cfg.StrOpt('keystone_ec2_keyfile', help='Required if EC2 server requires '
'client certificate.'),
cfg.StrOpt('keystone_ec2_certfile', help='Client certificate key '
'filename. Required if EC2 server requires client '
'certificate.'),
cfg.StrOpt('keystone_ec2_cafile', help='A PEM encoded certificate '
'authority to use when verifying HTTPS connections. Defaults '
'to the system CAs.'),
cfg.BoolOpt('keystone_ec2_insecure', default=False, help='Disable SSL '
'certificate verification.'),
]
CONF = config.CONF
@ -71,23 +80,26 @@ class EC2Token(wsgi.Middleware):
creds_json = jsonutils.dumps(creds)
headers = {'Content-Type': 'application/json'}
# Disable 'has no x member' pylint error
# for httplib and urlparse
# pylint: disable-msg=E1101
o = urllib.parse.urlparse(CONF.keystone_ec2_url)
if o.scheme == 'http':
conn = httplib.HTTPConnection(o.netloc)
else:
conn = httplib.HTTPSConnection(o.netloc)
conn.request('POST', o.path, body=creds_json, headers=headers)
response = conn.getresponse().read()
conn.close()
verify = True
if CONF.keystone_ec2_insecure:
verify = False
elif CONF.keystone_ec2_cafile:
verify = CONF.keystone_ec2_cafile
cert = None
if CONF.keystone_ec2_certfile and CONF.keystone_ec2_keyfile:
cert = (CONF.keystone_ec2_certfile, CONF.keystone_ec2_keyfile)
elif CONF.keystone_ec2_certfile:
cert = CONF.keystone_ec2_certfile
response = requests.post(CONF.keystone_ec2_url, data=creds_json,
headers=headers, verify=verify, cert=cert)
# NOTE(vish): We could save a call to keystone by
# having keystone return token, tenant,
# user, and roles from this call.
result = jsonutils.loads(response)
result = response.json()
try:
token_id = result['access']['token']['id']
except (AttributeError, KeyError):