Enable keystone authentication with webhook notification
This commit adds functionality of sending webhook notifications to various projects that require keystone authentications. For which user need to set auth credentials in conf under keystone header. By default it is disabled, which can be enabled in conf. Change-Id: I3e773af8c3ebe0cf1d57e8fa1351b1e725a9cfa0 Partially-Implements: blueprint add-monasca-push-driver Story: 2003105 Task: 23220
This commit is contained in:
parent
20d6557744
commit
abb315961e
@ -15,8 +15,11 @@
|
||||
# limitations under the License.
|
||||
import monascastatsd
|
||||
|
||||
from keystoneauth1 import exceptions as kaexception
|
||||
from keystoneauth1 import loading as kaloading
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
import six
|
||||
|
||||
from monasca_notification.common.repositories import exceptions
|
||||
from monasca_notification.notification import Notification
|
||||
@ -133,3 +136,33 @@ class OfflineConnection(monascastatsd.Connection):
|
||||
|
||||
def _send_to_server(self, packet):
|
||||
pass
|
||||
|
||||
|
||||
def get_keystone_session():
|
||||
|
||||
auth_details = {}
|
||||
auth_details['auth_url'] = CONF.keystone.auth_url
|
||||
auth_details['username'] = CONF.keystone.username
|
||||
auth_details['password'] = CONF.keystone.password
|
||||
auth_details['project_name'] = CONF.keystone.project_name
|
||||
auth_details['user_domain_name'] = CONF.keystone.user_domain_name
|
||||
auth_details['project_domain_name'] = CONF.keystone.project_domain_name
|
||||
loader = kaloading.get_plugin_loader('password')
|
||||
auth_plugin = loader.load_from_options(**auth_details)
|
||||
session = kaloading.session.Session().load_from_options(
|
||||
auth=auth_plugin)
|
||||
return session
|
||||
|
||||
|
||||
def get_auth_token():
|
||||
error_message = 'Keystone request failed: {}'
|
||||
try:
|
||||
session = get_keystone_session()
|
||||
auth_token = session.get_token()
|
||||
return auth_token
|
||||
except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
|
||||
LOG.exception(error_message.format(six.text_type(e)))
|
||||
raise
|
||||
except Exception as e:
|
||||
LOG.exception(error_message.format(six.text_type(e)))
|
||||
raise
|
||||
|
@ -22,6 +22,7 @@ from oslo_utils import importutils
|
||||
from monasca_notification.conf import cli
|
||||
from monasca_notification.conf import database
|
||||
from monasca_notification.conf import kafka
|
||||
from monasca_notification.conf import keystone
|
||||
from monasca_notification.conf import notifiers
|
||||
from monasca_notification.conf import processors
|
||||
from monasca_notification.conf import queues
|
||||
@ -36,6 +37,7 @@ CONF_OPTS = [
|
||||
cli,
|
||||
database,
|
||||
kafka,
|
||||
keystone,
|
||||
notifiers,
|
||||
processors,
|
||||
queues,
|
||||
@ -144,6 +146,7 @@ def load_from_yaml(yaml_config, conf=None):
|
||||
],
|
||||
'queues': [lambda d: _plain_override(g='queues', **d)],
|
||||
'kafka': [lambda d: _plain_override(g='kafka', **d)],
|
||||
'keystone': [lambda d: _plain_override(g='keystone', **d)],
|
||||
'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
|
||||
'notification_types': [lambda d: _load_plugin_settings(**d)],
|
||||
'logging': [_configure_and_warn_the_logging]
|
||||
|
52
monasca_notification/conf/keystone.py
Normal file
52
monasca_notification/conf/keystone.py
Normal file
@ -0,0 +1,52 @@
|
||||
# Copyright 2017 FUJITSU LIMITED
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
keystone_group = cfg.OptGroup('keystone',
|
||||
title='Keystone Options',
|
||||
help='Options under this group allow to configure '
|
||||
'valid connection via Keystone'
|
||||
'authentication.')
|
||||
|
||||
keystone_opts = [
|
||||
cfg.BoolOpt(name='auth_required', default='False',
|
||||
help='This option enable or disable authentication using '
|
||||
'keystone'),
|
||||
cfg.StrOpt(name='auth_url', default='http://127.0.0.1/identity/v3',
|
||||
help='URL of identity service'),
|
||||
cfg.StrOpt(name='username', default='admin',
|
||||
help='Username'),
|
||||
cfg.StrOpt(name='password', default='password',
|
||||
help='Password of identity service'),
|
||||
cfg.StrOpt(name='project_name', default='admin',
|
||||
help='Name of project'),
|
||||
cfg.StrOpt(name='user_domain_name', default='default',
|
||||
help='User domain name'),
|
||||
cfg.StrOpt(name='project_domain_name', default='default',
|
||||
help='Project domain name'),
|
||||
cfg.StrOpt(name='auth_type', default='password',
|
||||
help='Type of authentication')
|
||||
]
|
||||
|
||||
|
||||
def register_opts(conf):
|
||||
conf.register_group(keystone_group)
|
||||
conf.register_opts(keystone_opts, group=keystone_group)
|
||||
|
||||
|
||||
def list_opts():
|
||||
return {
|
||||
keystone_group: keystone_opts
|
||||
}
|
@ -20,6 +20,7 @@ import ujson as json
|
||||
from debtcollector import removals
|
||||
from oslo_config import cfg
|
||||
|
||||
from monasca_notification.common import utils
|
||||
from monasca_notification.plugins import abstract_notifier
|
||||
|
||||
CONF = cfg.CONF
|
||||
@ -73,6 +74,13 @@ class WebhookNotifier(abstract_notifier.AbstractNotifier):
|
||||
|
||||
headers = {'content-type': 'application/json'}
|
||||
|
||||
# Checks if keystone authentication is enabled and adds authentication
|
||||
# token to the request headers
|
||||
if CONF.keystone.auth_required:
|
||||
auth_token = utils.get_auth_token()
|
||||
headers = {'content-type': 'application/json',
|
||||
'X-Auth-Token': auth_token}
|
||||
|
||||
url = notification.address
|
||||
|
||||
try:
|
||||
|
@ -127,3 +127,13 @@ logging: # Used in logging.dictConfig
|
||||
statsd:
|
||||
host: 'localhost'
|
||||
port: 8125
|
||||
|
||||
keystone:
|
||||
auth_required: False
|
||||
auth_url: 'http://127.0.0.1/identity/v3'
|
||||
username: 'admin'
|
||||
password: 'password'
|
||||
project_name: 'admin'
|
||||
user_domain_name: 'default'
|
||||
project_domain_name: 'default'
|
||||
auth_type: 'password'
|
||||
|
@ -3,6 +3,7 @@
|
||||
# process, which may cause wedges in the gate later.
|
||||
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
||||
debtcollector>=1.2.0 # Apache-2.0
|
||||
keystoneauth1>=3.4.0 # Apache-2.0
|
||||
monasca-statsd>=1.4.0 # Apache-2.0
|
||||
requests>=2.14.2 # Apache-2.0
|
||||
PyYAML>=3.12 # MIT
|
||||
|
Loading…
Reference in New Issue
Block a user