Files
python-mistralclient/mistralclient/auth/keystone.py
Winson Chan 55d55bcdf1 Abstract authentication function
Abstract authentication function so plugins for other authentication
backends can be implemented in cases where keystone is not used. Currently,
mistral is hard coded to support keystone and keycloak.

Change-Id: If6ff35e91c3d35c2741332c7e739bb92b1234c54
Implements: blueprint mistral-abstract-auth
2016-09-22 01:00:37 +00:00

127 lines
4.3 KiB
Python

# Copyright 2016 - Nokia Networks
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from mistralclient import auth
def _get_keystone_client(auth_url):
if 'v2.0' in auth_url:
from keystoneclient.v2_0 import client
else:
from keystoneclient.v3 import client
return client
class KeystoneAuthHandler(auth.AuthHandler):
def authenticate(self, req):
"""Performs authentication via Keystone.
:param req: Request dict containing list of parameters required
for Keystone authentication.
"""
if not isinstance(req, dict):
raise TypeError('The input "req" is not typeof dict.')
auth_url = req.get('auth_url')
mistral_url = req.get('mistral_url')
endpoint_type = req.get('endpoint_type', 'publicURL')
service_type = req.get('service_type', 'workflow2')
username = req.get('username')
user_id = req.get('user_id')
api_key = req.get('api_key')
auth_token = req.get('auth_token')
project_name = req.get('project_name')
project_id = req.get('project_id')
cacert = req.get('cacert')
insecure = req.get('insecure', False)
target_username = req.get('target_username')
target_api_key = req.get('target_api_key')
target_project_name = req.get('target_project_name')
target_auth_url = req.get('target_auth_url')
target_project_id = req.get('target_project_id')
target_auth_token = req.get('target_auth_token')
target_user_id = req.get('target_user_id')
target_cacert = req.get('target_cacert')
target_insecure = req.get('target_insecure')
if project_name and project_id:
raise RuntimeError(
'Only project name or project id should be set'
)
if username and user_id:
raise RuntimeError(
'Only user name or user id should be set'
)
if auth_url:
keystone_client = _get_keystone_client(auth_url)
keystone = keystone_client.Client(
username=username,
user_id=user_id,
password=api_key,
token=auth_token,
tenant_id=project_id,
tenant_name=project_name,
auth_url=auth_url,
endpoint=auth_url,
cacert=cacert,
insecure=insecure
)
keystone.authenticate()
auth_token = keystone.auth_token
user_id = keystone.user_id
project_id = keystone.project_id
if target_auth_url:
target_keystone_client = _get_keystone_client(target_auth_url)
target_keystone = target_keystone_client.Client(
username=target_username,
user_id=target_user_id,
password=target_api_key,
token=target_auth_token,
tenant_id=target_project_id,
tenant_name=target_project_name,
auth_url=target_auth_url,
endpoint=target_auth_url,
cacert=target_cacert,
insecure=target_insecure
)
target_keystone.authenticate()
if not mistral_url:
try:
mistral_url = keystone.service_catalog.url_for(
service_type=service_type,
endpoint_type=endpoint_type
)
except Exception:
mistral_url = None
return {
'mistral_url': mistral_url,
'token': auth_token,
'project_id': target_project_id if target_auth_url else project_id,
'user_id': target_user_id if target_auth_url else user_id,
'target_auth_token': target_auth_token,
'target_auth_url': target_auth_url
}