API : add token support.
New setup requirement (python-keystoneclient). New config options (api_acl and api_acl_auth_url.
This commit is contained in:
parent
53d14a439b
commit
b66a2c535b
|
@ -14,5 +14,5 @@ if __name__ == '__main__':
|
|||
|
||||
log.setup(config.CONF['api_log'], logging.WARNING, logging.DEBUG)
|
||||
|
||||
root = app.make_app(enable_acl=False)
|
||||
root = app.make_app(enable_acl=config.CONF['acl_enabled'])
|
||||
root.run(host='0.0.0.0', port=config.CONF['api_port'])
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
# Kwapi config file
|
||||
|
||||
# ACL
|
||||
acl_enabled = true
|
||||
acl_auth_url = http://10.0.0.2:5000/v2.0
|
||||
|
||||
# Communication
|
||||
api_port = 5000
|
||||
collector_socket = /tmp/kwapi-collector
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
"""Set up the ACL to access the API."""
|
||||
|
||||
import flask
|
||||
from keystoneclient.v2_0.client import Client
|
||||
|
||||
from kwapi import config
|
||||
|
||||
def install(app):
|
||||
"""Installs ACL check on application."""
|
||||
app.before_request(check)
|
||||
return app
|
||||
|
||||
def check():
|
||||
"""Checks application access."""
|
||||
headers = flask.request.headers
|
||||
try:
|
||||
client = Client(token=headers.get('X-Auth-Token'), auth_url=config.CONF['acl_auth_url'])
|
||||
except:
|
||||
return "Access denied", 401
|
||||
else:
|
||||
if not client.authenticate():
|
||||
return "Access denied", 401
|
|
@ -10,9 +10,9 @@ import flask.helpers
|
|||
from kwapi import config
|
||||
from collector import Collector
|
||||
import v1
|
||||
#import acl
|
||||
import acl
|
||||
|
||||
def make_app(enable_acl=True):
|
||||
def make_app(enable_acl):
|
||||
"""Instantiates Flask app, attaches collector database, installs acl."""
|
||||
logging.info('Starting API')
|
||||
app = flask.Flask('kwapi.api')
|
||||
|
@ -27,6 +27,6 @@ def make_app(enable_acl=True):
|
|||
|
||||
# Install the middleware wrapper
|
||||
if enable_acl:
|
||||
return acl.install(app, cfg.CONF)
|
||||
return acl.install(app)
|
||||
|
||||
return app
|
||||
|
|
|
@ -52,6 +52,8 @@ def get_config(config_file):
|
|||
|
||||
# Config file format specifications
|
||||
cfg = """
|
||||
acl_enabled = boolean
|
||||
acl_auth_url = string
|
||||
api_log = string
|
||||
api_port = integer
|
||||
collector_socket = string
|
||||
|
|
Loading…
Reference in New Issue