 a9d1e3d219
			
		
	
	a9d1e3d219
	
	
	
		
			
			Keystoneclient has always provided a TokenEndpoint plugin. Unfortunately it uses a different option name for url, so subclass the original and replace the options. Change-Id: I7e16b31ceb9f75f1c1f6bfb224d8f8f353d06150
		
			
				
	
	
		
			108 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			108 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 | |
| #   not use this file except in compliance with the License. You may obtain
 | |
| #   a copy of the License at
 | |
| #
 | |
| #        http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| #   Unless required by applicable law or agreed to in writing, software
 | |
| #   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 | |
| #   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 | |
| #   License for the specific language governing permissions and limitations
 | |
| #   under the License.
 | |
| #
 | |
| 
 | |
| """Authentication Plugin Library"""
 | |
| 
 | |
| import logging
 | |
| 
 | |
| from oslo_config import cfg
 | |
| from six.moves.urllib import parse as urlparse
 | |
| 
 | |
| from keystoneclient.auth.identity.generic import password as ksc_password
 | |
| from keystoneclient.auth import token_endpoint
 | |
| 
 | |
| LOG = logging.getLogger(__name__)
 | |
| 
 | |
| 
 | |
| class TokenEndpoint(token_endpoint.Token):
 | |
|     """Auth plugin to handle traditional token/endpoint usage
 | |
| 
 | |
|     Implements the methods required to handle token authentication
 | |
|     with a user-specified token and service endpoint; no Identity calls
 | |
|     are made for re-scoping, service catalog lookups or the like.
 | |
| 
 | |
|     The purpose of this plugin is to get rid of the special-case paths
 | |
|     in the code to handle this authentication format. Its primary use
 | |
|     is for bootstrapping the Keystone database.
 | |
|     """
 | |
| 
 | |
|     def __init__(self, url, token, **kwargs):
 | |
|         """A plugin for static authentication with an existing token
 | |
| 
 | |
|         :param string url: Service endpoint
 | |
|         :param string token: Existing token
 | |
|         """
 | |
|         super(TokenEndpoint, self).__init__(endpoint=url,
 | |
|                                             token=token)
 | |
| 
 | |
|     def get_auth_ref(self, session, **kwargs):
 | |
|         # Stub this method for compatibility
 | |
|         return None
 | |
| 
 | |
|     @classmethod
 | |
|     def get_options(self):
 | |
|         options = super(TokenEndpoint, self).get_options()
 | |
| 
 | |
|         options.extend([
 | |
|             # Maintain name 'url' for compatibility
 | |
|             cfg.StrOpt('url',
 | |
|                        help='Specific service endpoint to use'),
 | |
|             cfg.StrOpt('token',
 | |
|                        secret=True,
 | |
|                        help='Authentication token to use'),
 | |
|         ])
 | |
| 
 | |
|         return options
 | |
| 
 | |
| 
 | |
| class OSCGenericPassword(ksc_password.Password):
 | |
|     """Auth plugin hack to work around broken Keystone configurations
 | |
| 
 | |
|     The default Keystone configuration uses http://localhost:xxxx in
 | |
|     admin_endpoint and public_endpoint and are returned in the links.href
 | |
|     attribute by the version routes.  Deployments that do not set these
 | |
|     are unusable with newer keystoneclient version discovery.
 | |
| 
 | |
|     """
 | |
| 
 | |
|     def create_plugin(self, session, version, url, raw_status=None):
 | |
|         """Handle default Keystone endpoint configuration
 | |
| 
 | |
|         Build the actual API endpoint from the scheme, host and port of the
 | |
|         original auth URL and the rest from the returned version URL.
 | |
|         """
 | |
| 
 | |
|         ver_u = urlparse.urlparse(url)
 | |
| 
 | |
|         # Only hack this if it is the default setting
 | |
|         if ver_u.netloc.startswith('localhost'):
 | |
|             auth_u = urlparse.urlparse(self.auth_url)
 | |
|             # from original auth_url: scheme, netloc
 | |
|             # from api_url: path, query (basically, the rest)
 | |
|             url = urlparse.urlunparse((
 | |
|                 auth_u.scheme,
 | |
|                 auth_u.netloc,
 | |
|                 ver_u.path,
 | |
|                 ver_u.params,
 | |
|                 ver_u.query,
 | |
|                 ver_u.fragment,
 | |
|             ))
 | |
|             LOG.debug('Version URL updated: %s' % url)
 | |
| 
 | |
|         return super(OSCGenericPassword, self).create_plugin(
 | |
|             session=session,
 | |
|             version=version,
 | |
|             url=url,
 | |
|             raw_status=raw_status,
 | |
|         )
 |