Merge "Replace httplib.HTTPSConnection in ec2_token"
This commit is contained in:
commit
d6f995be48
@ -309,6 +309,22 @@
|
||||
# URL to get token from ec2 request. (string value)
|
||||
#keystone_ec2_url=http://localhost:5000/v2.0/ec2tokens
|
||||
|
||||
# Required if EC2 server requires client certificate. (string
|
||||
# value)
|
||||
#keystone_ec2_keyfile=<None>
|
||||
|
||||
# Client certificate key filename. Required if EC2 server
|
||||
# requires client certificate. (string value)
|
||||
#keystone_ec2_certfile=<None>
|
||||
|
||||
# A PEM encoded certificate authority to use when verifying
|
||||
# HTTPS connections. Defaults to the system CAs. (string
|
||||
# value)
|
||||
#keystone_ec2_cafile=<None>
|
||||
|
||||
# Disable SSL certificate verification. (boolean value)
|
||||
#keystone_ec2_insecure=false
|
||||
|
||||
|
||||
#
|
||||
# Options defined in keystone.openstack.common.eventlet_backdoor
|
||||
|
@ -20,9 +20,8 @@ Starting point for routing EC2 requests.
|
||||
|
||||
"""
|
||||
|
||||
from eventlet.green import httplib
|
||||
from oslo.config import cfg
|
||||
from six.moves import urllib
|
||||
import requests
|
||||
import webob.dec
|
||||
import webob.exc
|
||||
|
||||
@ -34,6 +33,16 @@ keystone_ec2_opts = [
|
||||
cfg.StrOpt('keystone_ec2_url',
|
||||
default='http://localhost:5000/v2.0/ec2tokens',
|
||||
help='URL to get token from ec2 request.'),
|
||||
cfg.StrOpt('keystone_ec2_keyfile', help='Required if EC2 server requires '
|
||||
'client certificate.'),
|
||||
cfg.StrOpt('keystone_ec2_certfile', help='Client certificate key '
|
||||
'filename. Required if EC2 server requires client '
|
||||
'certificate.'),
|
||||
cfg.StrOpt('keystone_ec2_cafile', help='A PEM encoded certificate '
|
||||
'authority to use when verifying HTTPS connections. Defaults '
|
||||
'to the system CAs.'),
|
||||
cfg.BoolOpt('keystone_ec2_insecure', default=False, help='Disable SSL '
|
||||
'certificate verification.'),
|
||||
]
|
||||
|
||||
CONF = config.CONF
|
||||
@ -71,23 +80,26 @@ class EC2Token(wsgi.Middleware):
|
||||
creds_json = jsonutils.dumps(creds)
|
||||
headers = {'Content-Type': 'application/json'}
|
||||
|
||||
# Disable 'has no x member' pylint error
|
||||
# for httplib and urlparse
|
||||
# pylint: disable-msg=E1101
|
||||
o = urllib.parse.urlparse(CONF.keystone_ec2_url)
|
||||
if o.scheme == 'http':
|
||||
conn = httplib.HTTPConnection(o.netloc)
|
||||
else:
|
||||
conn = httplib.HTTPSConnection(o.netloc)
|
||||
conn.request('POST', o.path, body=creds_json, headers=headers)
|
||||
response = conn.getresponse().read()
|
||||
conn.close()
|
||||
verify = True
|
||||
if CONF.keystone_ec2_insecure:
|
||||
verify = False
|
||||
elif CONF.keystone_ec2_cafile:
|
||||
verify = CONF.keystone_ec2_cafile
|
||||
|
||||
cert = None
|
||||
if CONF.keystone_ec2_certfile and CONF.keystone_ec2_keyfile:
|
||||
cert = (CONF.keystone_ec2_certfile, CONF.keystone_ec2_keyfile)
|
||||
elif CONF.keystone_ec2_certfile:
|
||||
cert = CONF.keystone_ec2_certfile
|
||||
|
||||
response = requests.post(CONF.keystone_ec2_url, data=creds_json,
|
||||
headers=headers, verify=verify, cert=cert)
|
||||
|
||||
# NOTE(vish): We could save a call to keystone by
|
||||
# having keystone return token, tenant,
|
||||
# user, and roles from this call.
|
||||
|
||||
result = jsonutils.loads(response)
|
||||
result = response.json()
|
||||
try:
|
||||
token_id = result['access']['token']['id']
|
||||
except (AttributeError, KeyError):
|
||||
|
Loading…
x
Reference in New Issue
Block a user