diff --git a/keystonemiddleware/auth_token.py b/keystonemiddleware/auth_token.py index 593518b2..cd79eeee 100644 --- a/keystonemiddleware/auth_token.py +++ b/keystonemiddleware/auth_token.py @@ -154,18 +154,18 @@ import stat import tempfile import time +from keystoneclient import access +from keystoneclient.common import cms +from keystoneclient import exceptions import netaddr from oslo.config import cfg import six from six.moves import urllib -from keystoneclient import access -from keystoneclient.common import cms -from keystoneclient import exceptions -from keystoneclient.middleware import memcache_crypt -from keystoneclient.openstack.common import jsonutils -from keystoneclient.openstack.common import memorycache -from keystoneclient.openstack.common import timeutils +from keystonemiddleware import memcache_crypt +from keystonemiddleware.openstack.common import jsonutils +from keystonemiddleware.openstack.common import memorycache +from keystonemiddleware.openstack.common import timeutils # alternative middleware configuration in the main application's @@ -1567,7 +1567,7 @@ def app_factory(global_conf, **local_conf): if __name__ == '__main__': """Run this module directly to start a protected echo service:: - $ python -m keystoneclient.middleware.auth_token + $ python -m keystonemiddleware.auth_token When the ``auth_token`` module authenticates a request, the echo service will respond with all the environment variables presented to it by this diff --git a/keystonemiddleware/ec2_token.py b/keystonemiddleware/ec2_token.py index 9d40ef84..bb9b8c73 100644 --- a/keystonemiddleware/ec2_token.py +++ b/keystonemiddleware/ec2_token.py @@ -25,33 +25,36 @@ import requests import webob.dec import webob.exc -from keystone.common import config -from keystone.common import wsgi -from keystone.openstack.common import jsonutils +from keystonemiddleware.openstack.common import jsonutils keystone_ec2_opts = [ - cfg.StrOpt('keystone_ec2_url', + cfg.StrOpt('url', default='http://localhost:5000/v2.0/ec2tokens', help='URL to get token from ec2 request.'), - cfg.StrOpt('keystone_ec2_keyfile', help='Required if EC2 server requires ' - 'client certificate.'), - cfg.StrOpt('keystone_ec2_certfile', help='Client certificate key ' - 'filename. Required if EC2 server requires client ' - 'certificate.'), - cfg.StrOpt('keystone_ec2_cafile', help='A PEM encoded certificate ' - 'authority to use when verifying HTTPS connections. Defaults ' - 'to the system CAs.'), - cfg.BoolOpt('keystone_ec2_insecure', default=False, help='Disable SSL ' - 'certificate verification.'), + cfg.StrOpt('keyfile', + help='Required if EC2 server requires client certificate.'), + cfg.StrOpt('certfile', + help='Client certificate key filename. Required if EC2 server ' + 'requires client certificate.'), + cfg.StrOpt('cafile', + help='A PEM encoded certificate authority to use when ' + 'verifying HTTPS connections. Defaults to the system ' + 'CAs.'), + cfg.BoolOpt('insecure', default=False, + help='Disable SSL certificate verification.'), ] -CONF = config.CONF -CONF.register_opts(keystone_ec2_opts) +CONF = cfg.CONF +CONF.register_opts(keystone_ec2_opts, group='keystone_ec2_token') -class EC2Token(wsgi.Middleware): +class EC2Token(object): """Authenticate an EC2 request with keystone and convert to token.""" + def __init__(self, application): + super(EC2Token, self).__init__() + self.application = application + @webob.dec.wsgify() def __call__(self, req): # Read request signature and access id. @@ -81,18 +84,20 @@ class EC2Token(wsgi.Middleware): headers = {'Content-Type': 'application/json'} verify = True - if CONF.keystone_ec2_insecure: + if CONF.keystone_ec2_token.insecure: verify = False - elif CONF.keystone_ec2_cafile: - verify = CONF.keystone_ec2_cafile + elif CONF.keystone_ec2_token.cafile: + verify = CONF.keystone_ec2_token.cafile cert = None - if CONF.keystone_ec2_certfile and CONF.keystone_ec2_keyfile: - cert = (CONF.keystone_ec2_certfile, CONF.keystone_ec2_keyfile) - elif CONF.keystone_ec2_certfile: - cert = CONF.keystone_ec2_certfile + if (CONF.keystone_ec2_token.certfile and + CONF.keystone_ec2_token.keyfile): + cert = (CONF.keystone_ec2_certfile, + CONF.keystone_ec2_token.keyfile) + elif CONF.keystone_ec2_token.certfile: + cert = CONF.keystone_ec2_token.certfile - response = requests.post(CONF.keystone_ec2_url, data=creds_json, + response = requests.post(CONF.keystone_ec2_token.url, data=creds_json, headers=headers, verify=verify, cert=cert) # NOTE(vish): We could save a call to keystone by @@ -108,3 +113,19 @@ class EC2Token(wsgi.Middleware): # Authenticated! req.headers['X-Auth-Token'] = token_id return self.application + + +def filter_factory(global_conf, **local_conf): + """Returns a WSGI filter app for use with paste.deploy.""" + conf = global_conf.copy() + conf.update(local_conf) + + def auth_filter(app): + return EC2Token(app, conf) + return auth_filter + + +def app_factory(global_conf, **local_conf): + conf = global_conf.copy() + conf.update(local_conf) + return EC2Token(None, conf) diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py index 786da5cf..3a00abf1 100644 --- a/keystonemiddleware/s3_token.py +++ b/keystonemiddleware/s3_token.py @@ -38,7 +38,7 @@ import requests import six from six.moves import urllib -from keystoneclient.openstack.common import jsonutils +from keystonemiddleware.openstack.common import jsonutils PROTOCOL_NAME = 'S3 Token Authentication' diff --git a/keystonemiddleware/tests/client_fixtures.py b/keystonemiddleware/tests/client_fixtures.py index d58deb2b..338b0c63 100644 --- a/keystonemiddleware/tests/client_fixtures.py +++ b/keystonemiddleware/tests/client_fixtures.py @@ -15,13 +15,13 @@ import os import fixtures +from keystoneclient.common import cms +from keystoneclient import utils import six import testresources -from keystoneclient.common import cms -from keystoneclient.openstack.common import jsonutils -from keystoneclient.openstack.common import timeutils -from keystoneclient import utils +from keystonemiddleware.openstack.common import jsonutils +from keystonemiddleware.openstack.common import timeutils TESTDIR = os.path.dirname(os.path.abspath(__file__)) diff --git a/keystonemiddleware/tests/test_auth_token_middleware.py b/keystonemiddleware/tests/test_auth_token_middleware.py index cb045d00..b464b4c8 100644 --- a/keystonemiddleware/tests/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/test_auth_token_middleware.py @@ -25,22 +25,22 @@ import uuid import fixtures import httpretty import iso8601 +from keystoneclient import access +from keystoneclient.common import cms +from keystoneclient import exceptions +from keystoneclient import fixture import mock import testresources import testtools from testtools import matchers import webob -from keystoneclient import access -from keystoneclient.common import cms -from keystoneclient import exceptions -from keystoneclient import fixture -from keystoneclient.middleware import auth_token -from keystoneclient.openstack.common import jsonutils -from keystoneclient.openstack.common import memorycache -from keystoneclient.openstack.common import timeutils -from keystoneclient.tests import client_fixtures -from keystoneclient.tests import utils +from keystonemiddleware import auth_token +from keystonemiddleware.openstack.common import jsonutils +from keystonemiddleware.openstack.common import memorycache +from keystonemiddleware.openstack.common import timeutils +from keystonemiddleware.tests import client_fixtures +from keystonemiddleware.tests import utils EXPECTED_V2_DEFAULT_ENV_RESPONSE = { @@ -1018,14 +1018,14 @@ class CommonAuthTokenMiddlewareTest(object): token = self.token_dict['signed_token_scoped'] req.headers['X-Auth-Token'] = token req.environ.update(extra_environ) - timeutils_utcnow = 'keystoneclient.openstack.common.timeutils.utcnow' + utcnow = 'keystonemiddleware.openstack.common.timeutils.utcnow' now = datetime.datetime.utcnow() - with mock.patch(timeutils_utcnow) as mock_utcnow: + with mock.patch(utcnow) as mock_utcnow: mock_utcnow.return_value = now self.middleware(req.environ, self.start_fake_response) self.assertIsNotNone(self._get_cached_token(token)) expired = now + datetime.timedelta(seconds=token_cache_time) - with mock.patch(timeutils_utcnow) as mock_utcnow: + with mock.patch(utcnow) as mock_utcnow: mock_utcnow.return_value = expired self.assertIsNone(self._get_cached_token(token)) @@ -1811,7 +1811,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest): auth_token.confirm_token_not_expired, data) - @mock.patch('keystoneclient.openstack.common.timeutils.utcnow') + @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow') def test_v2_token_with_timezone_offset_not_expired(self, mock_utcnow): current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z') current_time = timeutils.normalize_time(current_time) @@ -1822,7 +1822,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest): actual_expires = auth_token.confirm_token_not_expired(data) self.assertEqual(actual_expires, expected_expires) - @mock.patch('keystoneclient.openstack.common.timeutils.utcnow') + @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow') def test_v2_token_with_timezone_offset_expired(self, mock_utcnow): current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z') current_time = timeutils.normalize_time(current_time) @@ -1846,7 +1846,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest): auth_token.confirm_token_not_expired, data) - @mock.patch('keystoneclient.openstack.common.timeutils.utcnow') + @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow') def test_v3_token_with_timezone_offset_not_expired(self, mock_utcnow): current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z') current_time = timeutils.normalize_time(current_time) @@ -1858,7 +1858,7 @@ class TokenExpirationTest(BaseAuthTokenMiddlewareTest): actual_expires = auth_token.confirm_token_not_expired(data) self.assertEqual(actual_expires, expected_expires) - @mock.patch('keystoneclient.openstack.common.timeutils.utcnow') + @mock.patch('keystonemiddleware.openstack.common.timeutils.utcnow') def test_v3_token_with_timezone_offset_expired(self, mock_utcnow): current_time = timeutils.parse_isotime('2000-01-01T00:01:10.000123Z') current_time = timeutils.normalize_time(current_time) diff --git a/keystonemiddleware/tests/test_memcache_crypt.py b/keystonemiddleware/tests/test_memcache_crypt.py index be07b24e..b4596d53 100644 --- a/keystonemiddleware/tests/test_memcache_crypt.py +++ b/keystonemiddleware/tests/test_memcache_crypt.py @@ -13,7 +13,7 @@ import six import testtools -from keystoneclient.middleware import memcache_crypt +from keystonemiddleware import memcache_crypt class MemcacheCryptPositiveTests(testtools.TestCase): diff --git a/keystonemiddleware/tests/test_s3_token_middleware.py b/keystonemiddleware/tests/test_s3_token_middleware.py index c3272cc3..1fbba35b 100644 --- a/keystonemiddleware/tests/test_s3_token_middleware.py +++ b/keystonemiddleware/tests/test_s3_token_middleware.py @@ -19,9 +19,9 @@ import six import testtools import webob -from keystoneclient.middleware import s3_token -from keystoneclient.openstack.common import jsonutils -from keystoneclient.tests import utils +from keystonemiddleware.openstack.common import jsonutils +from keystonemiddleware import s3_token +from keystonemiddleware.tests import utils GOOD_RESPONSE = {'access': {'token': {'id': 'TOKEN_ID', diff --git a/keystonemiddleware/tests/utils.py b/keystonemiddleware/tests/utils.py index 9285b385..2bdb6d39 100644 --- a/keystonemiddleware/tests/utils.py +++ b/keystonemiddleware/tests/utils.py @@ -24,7 +24,7 @@ from six.moves.urllib import parse as urlparse import testtools import uuid -from keystoneclient.openstack.common import jsonutils +from keystonemiddleware.openstack.common import jsonutils class TestCase(testtools.TestCase):