Merge "Enable keystone authentication with webhook notification"
This commit is contained in:
commit
b50673381f
|
@ -15,8 +15,11 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
import monascastatsd
|
import monascastatsd
|
||||||
|
|
||||||
|
from keystoneauth1 import exceptions as kaexception
|
||||||
|
from keystoneauth1 import loading as kaloading
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
|
import six
|
||||||
|
|
||||||
from monasca_notification.common.repositories import exceptions
|
from monasca_notification.common.repositories import exceptions
|
||||||
from monasca_notification.notification import Notification
|
from monasca_notification.notification import Notification
|
||||||
|
@ -133,3 +136,33 @@ class OfflineConnection(monascastatsd.Connection):
|
||||||
|
|
||||||
def _send_to_server(self, packet):
|
def _send_to_server(self, packet):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def get_keystone_session():
|
||||||
|
|
||||||
|
auth_details = {}
|
||||||
|
auth_details['auth_url'] = CONF.keystone.auth_url
|
||||||
|
auth_details['username'] = CONF.keystone.username
|
||||||
|
auth_details['password'] = CONF.keystone.password
|
||||||
|
auth_details['project_name'] = CONF.keystone.project_name
|
||||||
|
auth_details['user_domain_name'] = CONF.keystone.user_domain_name
|
||||||
|
auth_details['project_domain_name'] = CONF.keystone.project_domain_name
|
||||||
|
loader = kaloading.get_plugin_loader('password')
|
||||||
|
auth_plugin = loader.load_from_options(**auth_details)
|
||||||
|
session = kaloading.session.Session().load_from_options(
|
||||||
|
auth=auth_plugin)
|
||||||
|
return session
|
||||||
|
|
||||||
|
|
||||||
|
def get_auth_token():
|
||||||
|
error_message = 'Keystone request failed: {}'
|
||||||
|
try:
|
||||||
|
session = get_keystone_session()
|
||||||
|
auth_token = session.get_token()
|
||||||
|
return auth_token
|
||||||
|
except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
|
||||||
|
LOG.exception(error_message.format(six.text_type(e)))
|
||||||
|
raise
|
||||||
|
except Exception as e:
|
||||||
|
LOG.exception(error_message.format(six.text_type(e)))
|
||||||
|
raise
|
||||||
|
|
|
@ -22,6 +22,7 @@ from oslo_utils import importutils
|
||||||
from monasca_notification.conf import cli
|
from monasca_notification.conf import cli
|
||||||
from monasca_notification.conf import database
|
from monasca_notification.conf import database
|
||||||
from monasca_notification.conf import kafka
|
from monasca_notification.conf import kafka
|
||||||
|
from monasca_notification.conf import keystone
|
||||||
from monasca_notification.conf import notifiers
|
from monasca_notification.conf import notifiers
|
||||||
from monasca_notification.conf import processors
|
from monasca_notification.conf import processors
|
||||||
from monasca_notification.conf import queues
|
from monasca_notification.conf import queues
|
||||||
|
@ -36,6 +37,7 @@ CONF_OPTS = [
|
||||||
cli,
|
cli,
|
||||||
database,
|
database,
|
||||||
kafka,
|
kafka,
|
||||||
|
keystone,
|
||||||
notifiers,
|
notifiers,
|
||||||
processors,
|
processors,
|
||||||
queues,
|
queues,
|
||||||
|
@ -144,6 +146,7 @@ def load_from_yaml(yaml_config, conf=None):
|
||||||
],
|
],
|
||||||
'queues': [lambda d: _plain_override(g='queues', **d)],
|
'queues': [lambda d: _plain_override(g='queues', **d)],
|
||||||
'kafka': [lambda d: _plain_override(g='kafka', **d)],
|
'kafka': [lambda d: _plain_override(g='kafka', **d)],
|
||||||
|
'keystone': [lambda d: _plain_override(g='keystone', **d)],
|
||||||
'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
|
'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
|
||||||
'notification_types': [lambda d: _load_plugin_settings(**d)],
|
'notification_types': [lambda d: _load_plugin_settings(**d)],
|
||||||
'logging': [_configure_and_warn_the_logging]
|
'logging': [_configure_and_warn_the_logging]
|
||||||
|
|
|
@ -0,0 +1,52 @@
|
||||||
|
# Copyright 2017 FUJITSU LIMITED
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
|
||||||
|
keystone_group = cfg.OptGroup('keystone',
|
||||||
|
title='Keystone Options',
|
||||||
|
help='Options under this group allow to configure '
|
||||||
|
'valid connection via Keystone'
|
||||||
|
'authentication.')
|
||||||
|
|
||||||
|
keystone_opts = [
|
||||||
|
cfg.BoolOpt(name='auth_required', default='False',
|
||||||
|
help='This option enable or disable authentication using '
|
||||||
|
'keystone'),
|
||||||
|
cfg.StrOpt(name='auth_url', default='http://127.0.0.1/identity/v3',
|
||||||
|
help='URL of identity service'),
|
||||||
|
cfg.StrOpt(name='username', default='admin',
|
||||||
|
help='Username'),
|
||||||
|
cfg.StrOpt(name='password', default='password',
|
||||||
|
help='Password of identity service'),
|
||||||
|
cfg.StrOpt(name='project_name', default='admin',
|
||||||
|
help='Name of project'),
|
||||||
|
cfg.StrOpt(name='user_domain_name', default='default',
|
||||||
|
help='User domain name'),
|
||||||
|
cfg.StrOpt(name='project_domain_name', default='default',
|
||||||
|
help='Project domain name'),
|
||||||
|
cfg.StrOpt(name='auth_type', default='password',
|
||||||
|
help='Type of authentication')
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def register_opts(conf):
|
||||||
|
conf.register_group(keystone_group)
|
||||||
|
conf.register_opts(keystone_opts, group=keystone_group)
|
||||||
|
|
||||||
|
|
||||||
|
def list_opts():
|
||||||
|
return {
|
||||||
|
keystone_group: keystone_opts
|
||||||
|
}
|
|
@ -20,6 +20,7 @@ import ujson as json
|
||||||
from debtcollector import removals
|
from debtcollector import removals
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
|
||||||
|
from monasca_notification.common import utils
|
||||||
from monasca_notification.plugins import abstract_notifier
|
from monasca_notification.plugins import abstract_notifier
|
||||||
|
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
@ -73,6 +74,13 @@ class WebhookNotifier(abstract_notifier.AbstractNotifier):
|
||||||
|
|
||||||
headers = {'content-type': 'application/json'}
|
headers = {'content-type': 'application/json'}
|
||||||
|
|
||||||
|
# Checks if keystone authentication is enabled and adds authentication
|
||||||
|
# token to the request headers
|
||||||
|
if CONF.keystone.auth_required:
|
||||||
|
auth_token = utils.get_auth_token()
|
||||||
|
headers = {'content-type': 'application/json',
|
||||||
|
'X-Auth-Token': auth_token}
|
||||||
|
|
||||||
url = notification.address
|
url = notification.address
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -126,4 +126,14 @@ logging: # Used in logging.dictConfig
|
||||||
level: DEBUG
|
level: DEBUG
|
||||||
statsd:
|
statsd:
|
||||||
host: 'localhost'
|
host: 'localhost'
|
||||||
port: 8125
|
port: 8125
|
||||||
|
|
||||||
|
keystone:
|
||||||
|
auth_required: False
|
||||||
|
auth_url: 'http://127.0.0.1/identity/v3'
|
||||||
|
username: 'admin'
|
||||||
|
password: 'password'
|
||||||
|
project_name: 'admin'
|
||||||
|
user_domain_name: 'default'
|
||||||
|
project_domain_name: 'default'
|
||||||
|
auth_type: 'password'
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
# process, which may cause wedges in the gate later.
|
# process, which may cause wedges in the gate later.
|
||||||
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
||||||
debtcollector>=1.2.0 # Apache-2.0
|
debtcollector>=1.2.0 # Apache-2.0
|
||||||
|
keystoneauth1>=3.4.0 # Apache-2.0
|
||||||
monasca-statsd>=1.4.0 # Apache-2.0
|
monasca-statsd>=1.4.0 # Apache-2.0
|
||||||
requests>=2.14.2 # Apache-2.0
|
requests>=2.14.2 # Apache-2.0
|
||||||
PyYAML>=3.12 # MIT
|
PyYAML>=3.12 # MIT
|
||||||
|
|
Loading…
Reference in New Issue