Browse Source

Enable keystone authentication with webhook notification

This commit adds functionality of sending webhook notifications to
various projects that require keystone authentications. For which user
need to set auth credentials in conf under keystone header.
By default it is disabled, which can be enabled in conf.

Change-Id: I3e773af8c3ebe0cf1d57e8fa1351b1e725a9cfa0
Partially-Implements: blueprint add-monasca-push-driver
Story: 2003105
Task: 23220
akhil 9 months ago
parent
commit
abb315961e

+ 33
- 0
monasca_notification/common/utils.py View File

@@ -15,8 +15,11 @@
15 15
 # limitations under the License.
16 16
 import monascastatsd
17 17
 
18
+from keystoneauth1 import exceptions as kaexception
19
+from keystoneauth1 import loading as kaloading
18 20
 from oslo_config import cfg
19 21
 from oslo_log import log
22
+import six
20 23
 
21 24
 from monasca_notification.common.repositories import exceptions
22 25
 from monasca_notification.notification import Notification
@@ -133,3 +136,33 @@ class OfflineConnection(monascastatsd.Connection):
133 136
 
134 137
     def _send_to_server(self, packet):
135 138
         pass
139
+
140
+
141
+def get_keystone_session():
142
+
143
+    auth_details = {}
144
+    auth_details['auth_url'] = CONF.keystone.auth_url
145
+    auth_details['username'] = CONF.keystone.username
146
+    auth_details['password'] = CONF.keystone.password
147
+    auth_details['project_name'] = CONF.keystone.project_name
148
+    auth_details['user_domain_name'] = CONF.keystone.user_domain_name
149
+    auth_details['project_domain_name'] = CONF.keystone.project_domain_name
150
+    loader = kaloading.get_plugin_loader('password')
151
+    auth_plugin = loader.load_from_options(**auth_details)
152
+    session = kaloading.session.Session().load_from_options(
153
+        auth=auth_plugin)
154
+    return session
155
+
156
+
157
+def get_auth_token():
158
+    error_message = 'Keystone request failed: {}'
159
+    try:
160
+        session = get_keystone_session()
161
+        auth_token = session.get_token()
162
+        return auth_token
163
+    except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
164
+        LOG.exception(error_message.format(six.text_type(e)))
165
+        raise
166
+    except Exception as e:
167
+        LOG.exception(error_message.format(six.text_type(e)))
168
+        raise

+ 3
- 0
monasca_notification/conf/__init__.py View File

@@ -22,6 +22,7 @@ from oslo_utils import importutils
22 22
 from monasca_notification.conf import cli
23 23
 from monasca_notification.conf import database
24 24
 from monasca_notification.conf import kafka
25
+from monasca_notification.conf import keystone
25 26
 from monasca_notification.conf import notifiers
26 27
 from monasca_notification.conf import processors
27 28
 from monasca_notification.conf import queues
@@ -36,6 +37,7 @@ CONF_OPTS = [
36 37
     cli,
37 38
     database,
38 39
     kafka,
40
+    keystone,
39 41
     notifiers,
40 42
     processors,
41 43
     queues,
@@ -144,6 +146,7 @@ def load_from_yaml(yaml_config, conf=None):
144 146
         ],
145 147
         'queues': [lambda d: _plain_override(g='queues', **d)],
146 148
         'kafka': [lambda d: _plain_override(g='kafka', **d)],
149
+        'keystone': [lambda d: _plain_override(g='keystone', **d)],
147 150
         'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
148 151
         'notification_types': [lambda d: _load_plugin_settings(**d)],
149 152
         'logging': [_configure_and_warn_the_logging]

+ 52
- 0
monasca_notification/conf/keystone.py View File

@@ -0,0 +1,52 @@
1
+# Copyright 2017 FUJITSU LIMITED
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+# not use this file except in compliance with the License. You may obtain
5
+# a copy of the License at
6
+#
7
+#      http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+# License for the specific language governing permissions and limitations
13
+# under the License.
14
+
15
+from oslo_config import cfg
16
+
17
+keystone_group = cfg.OptGroup('keystone',
18
+                              title='Keystone Options',
19
+                              help='Options under this group allow to configure '
20
+                                   'valid connection via Keystone'
21
+                                   'authentication.')
22
+
23
+keystone_opts = [
24
+    cfg.BoolOpt(name='auth_required', default='False',
25
+                help='This option enable or disable authentication using '
26
+                     'keystone'),
27
+    cfg.StrOpt(name='auth_url', default='http://127.0.0.1/identity/v3',
28
+               help='URL of identity service'),
29
+    cfg.StrOpt(name='username', default='admin',
30
+               help='Username'),
31
+    cfg.StrOpt(name='password', default='password',
32
+               help='Password of identity service'),
33
+    cfg.StrOpt(name='project_name', default='admin',
34
+               help='Name of project'),
35
+    cfg.StrOpt(name='user_domain_name', default='default',
36
+               help='User domain name'),
37
+    cfg.StrOpt(name='project_domain_name', default='default',
38
+               help='Project domain name'),
39
+    cfg.StrOpt(name='auth_type', default='password',
40
+               help='Type of authentication')
41
+]
42
+
43
+
44
+def register_opts(conf):
45
+    conf.register_group(keystone_group)
46
+    conf.register_opts(keystone_opts, group=keystone_group)
47
+
48
+
49
+def list_opts():
50
+    return {
51
+        keystone_group: keystone_opts
52
+    }

+ 8
- 0
monasca_notification/plugins/webhook_notifier.py View File

@@ -20,6 +20,7 @@ import ujson as json
20 20
 from debtcollector import removals
21 21
 from oslo_config import cfg
22 22
 
23
+from monasca_notification.common import utils
23 24
 from monasca_notification.plugins import abstract_notifier
24 25
 
25 26
 CONF = cfg.CONF
@@ -73,6 +74,13 @@ class WebhookNotifier(abstract_notifier.AbstractNotifier):
73 74
 
74 75
         headers = {'content-type': 'application/json'}
75 76
 
77
+        # Checks if keystone authentication is enabled and adds authentication
78
+        # token to the request headers
79
+        if CONF.keystone.auth_required:
80
+            auth_token = utils.get_auth_token()
81
+            headers = {'content-type': 'application/json',
82
+                       'X-Auth-Token': auth_token}
83
+
76 84
         url = notification.address
77 85
 
78 86
         try:

+ 11
- 1
notification.yaml View File

@@ -126,4 +126,14 @@ logging: # Used in logging.dictConfig
126 126
         level: DEBUG
127 127
 statsd:
128 128
     host: 'localhost'
129
-    port: 8125
129
+    port: 8125
130
+
131
+keystone:
132
+    auth_required: False
133
+    auth_url: 'http://127.0.0.1/identity/v3'
134
+    username: 'admin'
135
+    password: 'password'
136
+    project_name: 'admin'
137
+    user_domain_name: 'default'
138
+    project_domain_name: 'default'
139
+    auth_type: 'password'

+ 1
- 0
requirements.txt View File

@@ -3,6 +3,7 @@
3 3
 # process, which may cause wedges in the gate later.
4 4
 pbr!=2.1.0,>=2.0.0 # Apache-2.0
5 5
 debtcollector>=1.2.0 # Apache-2.0
6
+keystoneauth1>=3.4.0 # Apache-2.0
6 7
 monasca-statsd>=1.4.0 # Apache-2.0
7 8
 requests>=2.14.2 # Apache-2.0
8 9
 PyYAML>=3.12 # MIT

Loading…
Cancel
Save