openstack/python-mistralclient
Code Issues Proposed changes
Files
09fdd04a27f242aa6b98131add57c31333ee730b
python-mistralclient/mistralclient/auth/keystone.py
Juan Antonio Osorio Robles 83b3d0d39c Accept keystone session in client 
This already has auth configured, and allows us to re-use the session
even with other clients. Currently this is not used by the CLI; however
this is useful when instantiating the mistral client from a python
script or from another service.

Change-Id: I4fccb4117db11c966ac3f17ec6d2a53c657378e8
2017-03-20 17:19:19 +02:00

147 lines
5.3 KiB
Python
Raw Blame History

# Copyright 2016 - Nokia Networks
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from keystoneclient import client
from mistralclient import auth
from oslo_serialization import jsonutils
import mistralclient.api.httpclient as api
class KeystoneAuthHandler(auth.AuthHandler):
def authenticate(self, req, session=None):
"""Performs authentication via Keystone.
:param req: Request dict containing list of parameters required
for Keystone authentication.
"""
if not isinstance(req, dict):
raise TypeError('The input "req" is not typeof dict.')
session = session
mistral_url = req.get('mistral_url')
endpoint_type = req.get('endpoint_type', 'publicURL')
service_type = req.get('service_type', 'workflow2')
auth_url = req.get('auth_url')
username = req.get('username')
user_id = req.get('user_id')
api_key = req.get('api_key')
auth_token = req.get('auth_token')
project_name = req.get('project_name')
project_id = req.get('project_id')
region_name = req.get('region_name')
user_domain_name = req.get('user_domain_name', 'Default')
project_domain_name = req.get('project_domain_name', 'Default')
cacert = req.get('cacert')
insecure = req.get('insecure', False)
target_auth_url = req.get('target_auth_url')
target_username = req.get('target_username')
target_user_id = req.get('target_user_id')
target_api_key = req.get('target_api_key')
target_auth_token = req.get('target_auth_token')
target_project_name = req.get('target_project_name')
target_project_id = req.get('target_project_id')
target_region_name = req.get('target_region_name')
target_user_domain_name = req.get('target_user_domain_name', 'Default')
target_project_domain_name = req.get(
'target_project_domain_name',
'Default'
)
target_cacert = req.get('target_cacert')
target_insecure = req.get('target_insecure')
if project_name and project_id:
raise RuntimeError(
'Only project name or project id should be set'
)
if username and user_id:
raise RuntimeError(
'Only user name or user id should be set'
)
auth_response = {}
if session:
keystone = client.Client(session=session)
elif auth_url:
keystone = client.Client(
username=username,
user_id=user_id,
password=api_key,
token=auth_token,
tenant_id=project_id,
tenant_name=project_name,
auth_url=auth_url,
cacert=cacert,
insecure=insecure,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name
)
keystone.authenticate()
auth_response.update({
api.AUTH_TOKEN: keystone.auth_token,
api.PROJECT_ID: keystone.project_id,
api.USER_ID: keystone.user_id,
})
if session or auth_url:
if not mistral_url:
try:
mistral_url = keystone.service_catalog.url_for(
service_type=service_type,
endpoint_type=endpoint_type,
region_name=region_name
)
except Exception:
mistral_url = None
auth_response['mistral_url'] = mistral_url
if target_auth_url:
target_keystone = client.Client(
username=target_username,
user_id=target_user_id,
password=target_api_key,
token=target_auth_token,
tenant_id=target_project_id,
tenant_name=target_project_name,
project_id=target_project_id,
project_name=target_project_name,
auth_url=target_auth_url,
cacert=target_cacert,
insecure=target_insecure,
region_name=target_region_name,
user_domain_name=target_user_domain_name,
project_domain_name=target_project_domain_name
)
target_keystone.authenticate()
auth_response.update({
api.TARGET_AUTH_TOKEN: target_keystone.auth_token,
api.TARGET_PROJECT_ID: target_keystone.project_id,
api.TARGET_USER_ID: target_keystone.user_id,
api.TARGET_AUTH_URI: target_auth_url,
api.TARGET_SERVICE_CATALOG: jsonutils.dumps(
target_keystone.auth_ref
)
})
return auth_response
View Git Blame Copy Permalink