stackforge/swiftpolicy
Code Issues Proposed changes

Adds setup.py

Browse Source
This commit is contained in:
Matthieu Huin
2014-05-26 15:44:24 +02:00
parent d938e0fb91
commit b9ef587737
4 changed files with 48 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
setup.py Normal file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/python
# Copyright 2014 OpenStack, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from setuptools import setup
import swiftpolicy
setup(name='swiftpolicy',
version=swiftpolicy.version,
description='Swift Policy Middleware',
author='CloudWatt',
author_email='nassim.babaci@cloudwatt.com',
url='https://git.corp.cloudwatt.com/nassim.babaci/swiftpolicy',
packages=['swiftpolicy'],
requires=['swift(>=1.7)'],
entry_points={'paste.filter_factory':
['swiftpolicy=swiftpolicy.swiftpolicy:filter_factory']})

9
swiftpolicy/__init__.py
View File

@@ -12,6 +12,11 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
from keystoneauth import filter_factory from swiftpolicy import filter_factory
__all__ = [filter_factory] __all__ = [filter_factory, 'version_info', 'version']
#: Version information ``(major, minor, revision)``.
version_info = (1, 0, 0)
#: Version string ``'major.minor.revision'``.
version = '.'.join(map(str, version_info))

2
swiftpolicy/enforcer.py
View File

@@ -16,7 +16,6 @@ from policy import register
from policy import Enforcer from policy import Enforcer
from policy import Check from policy import Check
from policy import Rules from policy import Rules
from string import Template
def get_enforcer(operators_roles, reseller_role, is_admin, logger, policy_file=None): def get_enforcer(operators_roles, reseller_role, is_admin, logger, policy_file=None):
@@ -76,6 +75,7 @@ class FileBasedEnforcer(Enforcer):
policy = self._get_policy() policy = self._get_policy()
try: try:
rules = Rules.load_json(policy, self.default_rule) rules = Rules.load_json(policy, self.default_rule)
#TODO error is not used
except ValueError as error: except ValueError as error:
raise raise
self.set_rules(rules) self.set_rules(rules)

20
swiftpolicy/keystoneauth.py → swiftpolicy/swiftpolicy.py
View File

@@ -20,19 +20,19 @@ from swift.common.utils import register_swift_info
from enforcer import get_enforcer from enforcer import get_enforcer
class KeystoneAuth(object): class SwiftPolicy(object):
"""Swift middleware to Keystone authorization system. """Swift middleware to Keystone authorization system.
In Swift's proxy-server.conf add this middleware to your pipeline:: In Swift's proxy-server.conf add this middleware to your pipeline::
[pipeline:main] [pipeline:main]
pipeline = catch_errors cache authtoken keystoneauth proxy-server pipeline = catch_errors cache authtoken swiftpolicy proxy-server
Make sure you have the authtoken middleware before the Make sure you have the authtoken middleware before the
keystoneauth middleware. swiftpolicy middleware.
The authtoken middleware will take care of validating the user and The authtoken middleware will take care of validating the user and
keystoneauth will authorize access. swiftpolicy will authorize access.
The authtoken middleware is shipped directly with keystone it The authtoken middleware is shipped directly with keystone it
does not have any other dependences than itself so you can either does not have any other dependences than itself so you can either
@@ -53,8 +53,8 @@ class KeystoneAuth(object):
And add a swift authorization filter section, such as:: And add a swift authorization filter section, such as::
[filter:keystoneauth] [filter:swiftpolicy]
use = egg:swift#keystoneauth use = egg:swift#swiftpolicy
operator_roles = admin, swiftoperator operator_roles = admin, swiftoperator
This maps tenants to account in Swift. This maps tenants to account in Swift.
@@ -66,7 +66,7 @@ class KeystoneAuth(object):
If you need to have a different reseller_prefix to be able to If you need to have a different reseller_prefix to be able to
mix different auth servers you can configure the option mix different auth servers you can configure the option
``reseller_prefix`` in your keystoneauth entry like this:: ``reseller_prefix`` in your swiftpolicy entry like this::
reseller_prefix = NEWAUTH reseller_prefix = NEWAUTH
@@ -76,7 +76,7 @@ class KeystoneAuth(object):
def __init__(self, app, conf): def __init__(self, app, conf):
self.app = app self.app = app
self.conf = conf self.conf = conf
self.logger = swift_utils.get_logger(conf, log_route='keystoneauth') self.logger = swift_utils.get_logger(conf, log_route='swiftpolicy')
self.reseller_prefix = conf.get('reseller_prefix', 'AUTH_').strip() self.reseller_prefix = conf.get('reseller_prefix', 'AUTH_').strip()
if self.reseller_prefix and self.reseller_prefix[-1] != '_': if self.reseller_prefix and self.reseller_prefix[-1] != '_':
self.reseller_prefix += '_' self.reseller_prefix += '_'
@@ -264,8 +264,8 @@ def filter_factory(global_conf, **local_conf):
"""Returns a WSGI filter app for use with paste.deploy.""" """Returns a WSGI filter app for use with paste.deploy."""
conf = global_conf.copy() conf = global_conf.copy()
conf.update(local_conf) conf.update(local_conf)
register_swift_info('keystoneauth') register_swift_info('swiftpolicy')
def auth_filter(app): def auth_filter(app):
return KeystoneAuth(app, conf) return SwiftPolicy(app, conf)
return auth_filter return auth_filter