openstack/keystone
Code Issues Proposed changes
29280b1f68
keystone/keystone/auth/plugins/application_credential.py
Colleen Murphy 29280b1f68 Add application credential auth plugin 
Add an auth plugin for application credentials and update the common
auth utilities to understand an auth method of 'application_credential'
and validate and scope accordingly.

By default, application credentials should not be allowed to be used for
creating other application credentials or trusts. If a user creates an
application credential with flag `allow_application_credential_creation`
then that application should be allowed to be used for creating and
deleting other application credentials and trusts. Ensure a flag is set
in the token if this property is set to allow this behavior.

bp application-credentials

Change-Id: I15a03e79128a11314d06751b94343f22d533243a
2018-01-27 12:00:19 +01:00

43 lines
1.6 KiB
Python
Raw Blame History

# Copyright 2018 SUSE Linux GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.auth import plugins as auth_plugins
from keystone.auth.plugins import base
from keystone.common import provider_api
from keystone import exception
PROVIDERS = provider_api.ProviderAPIs
METHOD_NAME = 'application_credential'
class ApplicationCredential(base.AuthMethodHandler):
def authenticate(self, request, auth_payload):
"""Authenticate an application."""
response_data = {}
app_cred_info = auth_plugins.AppCredInfo.create(auth_payload,
METHOD_NAME)
try:
PROVIDERS.application_credential_api.authenticate(
request,
application_credential_id=app_cred_info.id,
secret=app_cred_info.secret)
except AssertionError as e:
raise exception.Unauthorized(e)
response_data['user_id'] = app_cred_info.user_id
return base.AuthHandlerResponse(status=True, response_body=None,
response_data=response_data)
View Git Blame Copy Permalink