API : add token support.
New setup requirement (python-keystoneclient). New config options (api_acl and api_acl_auth_url.
This commit is contained in:
parent
53d14a439b
commit
b66a2c535b
|
@ -14,5 +14,5 @@ if __name__ == '__main__':
|
||||||
|
|
||||||
log.setup(config.CONF['api_log'], logging.WARNING, logging.DEBUG)
|
log.setup(config.CONF['api_log'], logging.WARNING, logging.DEBUG)
|
||||||
|
|
||||||
root = app.make_app(enable_acl=False)
|
root = app.make_app(enable_acl=config.CONF['acl_enabled'])
|
||||||
root.run(host='0.0.0.0', port=config.CONF['api_port'])
|
root.run(host='0.0.0.0', port=config.CONF['api_port'])
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
# Kwapi config file
|
# Kwapi config file
|
||||||
|
|
||||||
|
# ACL
|
||||||
|
acl_enabled = true
|
||||||
|
acl_auth_url = http://10.0.0.2:5000/v2.0
|
||||||
|
|
||||||
# Communication
|
# Communication
|
||||||
api_port = 5000
|
api_port = 5000
|
||||||
collector_socket = /tmp/kwapi-collector
|
collector_socket = /tmp/kwapi-collector
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
"""Set up the ACL to access the API."""
|
||||||
|
|
||||||
|
import flask
|
||||||
|
from keystoneclient.v2_0.client import Client
|
||||||
|
|
||||||
|
from kwapi import config
|
||||||
|
|
||||||
|
def install(app):
|
||||||
|
"""Installs ACL check on application."""
|
||||||
|
app.before_request(check)
|
||||||
|
return app
|
||||||
|
|
||||||
|
def check():
|
||||||
|
"""Checks application access."""
|
||||||
|
headers = flask.request.headers
|
||||||
|
try:
|
||||||
|
client = Client(token=headers.get('X-Auth-Token'), auth_url=config.CONF['acl_auth_url'])
|
||||||
|
except:
|
||||||
|
return "Access denied", 401
|
||||||
|
else:
|
||||||
|
if not client.authenticate():
|
||||||
|
return "Access denied", 401
|
|
@ -10,9 +10,9 @@ import flask.helpers
|
||||||
from kwapi import config
|
from kwapi import config
|
||||||
from collector import Collector
|
from collector import Collector
|
||||||
import v1
|
import v1
|
||||||
#import acl
|
import acl
|
||||||
|
|
||||||
def make_app(enable_acl=True):
|
def make_app(enable_acl):
|
||||||
"""Instantiates Flask app, attaches collector database, installs acl."""
|
"""Instantiates Flask app, attaches collector database, installs acl."""
|
||||||
logging.info('Starting API')
|
logging.info('Starting API')
|
||||||
app = flask.Flask('kwapi.api')
|
app = flask.Flask('kwapi.api')
|
||||||
|
@ -27,6 +27,6 @@ def make_app(enable_acl=True):
|
||||||
|
|
||||||
# Install the middleware wrapper
|
# Install the middleware wrapper
|
||||||
if enable_acl:
|
if enable_acl:
|
||||||
return acl.install(app, cfg.CONF)
|
return acl.install(app)
|
||||||
|
|
||||||
return app
|
return app
|
||||||
|
|
|
@ -52,6 +52,8 @@ def get_config(config_file):
|
||||||
|
|
||||||
# Config file format specifications
|
# Config file format specifications
|
||||||
cfg = """
|
cfg = """
|
||||||
|
acl_enabled = boolean
|
||||||
|
acl_auth_url = string
|
||||||
api_log = string
|
api_log = string
|
||||||
api_port = integer
|
api_port = integer
|
||||||
collector_socket = string
|
collector_socket = string
|
||||||
|
|
2
setup.py
2
setup.py
|
@ -36,6 +36,6 @@ setup(
|
||||||
|
|
||||||
data_files=[('/etc/kwapi', ['etc/kwapi/kwapi.conf'])],
|
data_files=[('/etc/kwapi', ['etc/kwapi/kwapi.conf'])],
|
||||||
|
|
||||||
install_requires=['flask', 'configobj', 'pyserial', 'requests']
|
install_requires=['configobj', 'flask', 'pyserial', 'python-keystoneclient', 'requests']
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in New Issue