Browse Source

Merge "Enable keystone authentication with webhook notification"

Zuul 8 months ago
parent
commit
b50673381f

+ 33
- 0
monasca_notification/common/utils.py View File

@@ -15,8 +15,11 @@
15 15
 # limitations under the License.
16 16
 import monascastatsd
17 17
 
18
+from keystoneauth1 import exceptions as kaexception
19
+from keystoneauth1 import loading as kaloading
18 20
 from oslo_config import cfg
19 21
 from oslo_log import log
22
+import six
20 23
 
21 24
 from monasca_notification.common.repositories import exceptions
22 25
 from monasca_notification.notification import Notification
@@ -133,3 +136,33 @@ class OfflineConnection(monascastatsd.Connection):
133 136
 
134 137
     def _send_to_server(self, packet):
135 138
         pass
139
+
140
+
141
+def get_keystone_session():
142
+
143
+    auth_details = {}
144
+    auth_details['auth_url'] = CONF.keystone.auth_url
145
+    auth_details['username'] = CONF.keystone.username
146
+    auth_details['password'] = CONF.keystone.password
147
+    auth_details['project_name'] = CONF.keystone.project_name
148
+    auth_details['user_domain_name'] = CONF.keystone.user_domain_name
149
+    auth_details['project_domain_name'] = CONF.keystone.project_domain_name
150
+    loader = kaloading.get_plugin_loader('password')
151
+    auth_plugin = loader.load_from_options(**auth_details)
152
+    session = kaloading.session.Session().load_from_options(
153
+        auth=auth_plugin)
154
+    return session
155
+
156
+
157
+def get_auth_token():
158
+    error_message = 'Keystone request failed: {}'
159
+    try:
160
+        session = get_keystone_session()
161
+        auth_token = session.get_token()
162
+        return auth_token
163
+    except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
164
+        LOG.exception(error_message.format(six.text_type(e)))
165
+        raise
166
+    except Exception as e:
167
+        LOG.exception(error_message.format(six.text_type(e)))
168
+        raise

+ 3
- 0
monasca_notification/conf/__init__.py View File

@@ -22,6 +22,7 @@ from oslo_utils import importutils
22 22
 from monasca_notification.conf import cli
23 23
 from monasca_notification.conf import database
24 24
 from monasca_notification.conf import kafka
25
+from monasca_notification.conf import keystone
25 26
 from monasca_notification.conf import notifiers
26 27
 from monasca_notification.conf import processors
27 28
 from monasca_notification.conf import queues
@@ -36,6 +37,7 @@ CONF_OPTS = [
36 37
     cli,
37 38
     database,
38 39
     kafka,
40
+    keystone,
39 41
     notifiers,
40 42
     processors,
41 43
     queues,
@@ -144,6 +146,7 @@ def load_from_yaml(yaml_config, conf=None):
144 146
         ],
145 147
         'queues': [lambda d: _plain_override(g='queues', **d)],
146 148
         'kafka': [lambda d: _plain_override(g='kafka', **d)],
149
+        'keystone': [lambda d: _plain_override(g='keystone', **d)],
147 150
         'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
148 151
         'notification_types': [lambda d: _load_plugin_settings(**d)],
149 152
         'logging': [_configure_and_warn_the_logging]

+ 52
- 0
monasca_notification/conf/keystone.py View File

@@ -0,0 +1,52 @@
1
+# Copyright 2017 FUJITSU LIMITED
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+# not use this file except in compliance with the License. You may obtain
5
+# a copy of the License at
6
+#
7
+#      http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+# License for the specific language governing permissions and limitations
13
+# under the License.
14
+
15
+from oslo_config import cfg
16
+
17
+keystone_group = cfg.OptGroup('keystone',
18
+                              title='Keystone Options',
19
+                              help='Options under this group allow to configure '
20
+                                   'valid connection via Keystone'
21
+                                   'authentication.')
22
+
23
+keystone_opts = [
24
+    cfg.BoolOpt(name='auth_required', default='False',
25
+                help='This option enable or disable authentication using '
26
+                     'keystone'),
27
+    cfg.StrOpt(name='auth_url', default='http://127.0.0.1/identity/v3',
28
+               help='URL of identity service'),
29
+    cfg.StrOpt(name='username', default='admin',
30
+               help='Username'),
31
+    cfg.StrOpt(name='password', default='password',
32
+               help='Password of identity service'),
33
+    cfg.StrOpt(name='project_name', default='admin',
34
+               help='Name of project'),
35
+    cfg.StrOpt(name='user_domain_name', default='default',
36
+               help='User domain name'),
37
+    cfg.StrOpt(name='project_domain_name', default='default',
38
+               help='Project domain name'),
39
+    cfg.StrOpt(name='auth_type', default='password',
40
+               help='Type of authentication')
41
+]
42
+
43
+
44
+def register_opts(conf):
45
+    conf.register_group(keystone_group)
46
+    conf.register_opts(keystone_opts, group=keystone_group)
47
+
48
+
49
+def list_opts():
50
+    return {
51
+        keystone_group: keystone_opts
52
+    }

+ 8
- 0
monasca_notification/plugins/webhook_notifier.py View File

@@ -20,6 +20,7 @@ import ujson as json
20 20
 from debtcollector import removals
21 21
 from oslo_config import cfg
22 22
 
23
+from monasca_notification.common import utils
23 24
 from monasca_notification.plugins import abstract_notifier
24 25
 
25 26
 CONF = cfg.CONF
@@ -73,6 +74,13 @@ class WebhookNotifier(abstract_notifier.AbstractNotifier):
73 74
 
74 75
         headers = {'content-type': 'application/json'}
75 76
 
77
+        # Checks if keystone authentication is enabled and adds authentication
78
+        # token to the request headers
79
+        if CONF.keystone.auth_required:
80
+            auth_token = utils.get_auth_token()
81
+            headers = {'content-type': 'application/json',
82
+                       'X-Auth-Token': auth_token}
83
+
76 84
         url = notification.address
77 85
 
78 86
         try:

+ 11
- 1
notification.yaml View File

@@ -126,4 +126,14 @@ logging: # Used in logging.dictConfig
126 126
         level: DEBUG
127 127
 statsd:
128 128
     host: 'localhost'
129
-    port: 8125
129
+    port: 8125
130
+
131
+keystone:
132
+    auth_required: False
133
+    auth_url: 'http://127.0.0.1/identity/v3'
134
+    username: 'admin'
135
+    password: 'password'
136
+    project_name: 'admin'
137
+    user_domain_name: 'default'
138
+    project_domain_name: 'default'
139
+    auth_type: 'password'

+ 1
- 0
requirements.txt View File

@@ -3,6 +3,7 @@
3 3
 # process, which may cause wedges in the gate later.
4 4
 pbr!=2.1.0,>=2.0.0 # Apache-2.0
5 5
 debtcollector>=1.2.0 # Apache-2.0
6
+keystoneauth1>=3.4.0 # Apache-2.0
6 7
 monasca-statsd>=1.4.0 # Apache-2.0
7 8
 requests>=2.14.2 # Apache-2.0
8 9
 PyYAML>=3.12 # MIT

Loading…
Cancel
Save