Create region with payload authentication

Change-Id: I237d1df49082801e24e4cc55b22074aed5809f19
2019-05-23 13:11:33 -07:00 · 2019-05-23 13:11:33 -07:00 · cda08c8d59
commit cda08c8d59
parent 265761babd
1 changed files with 26 additions and 4 deletions
--- a/orm/services/region_manager/rms/utils/authentication.py
+++ b/orm/services/region_manager/rms/utils/authentication.py
@ -1,3 +1,4 @@
 import json
 import logging
 from orm.common.client.keystone.keystone_utils import tokens
@ -23,14 +24,19 @@ def authorize(request, action, skip_auth=False):
    if not _is_authorization_enabled(conf) or skip_auth:
        return
-    auth_region = request.headers.get('X-Auth-Region')
+    use_payload_url =\
        action == 'region:create' or action == 'region:update'
    keystone_ep = None
    try:
        if use_payload_url:
            keystone_ep = _get_request_keystone_ep(request)
        if not keystone_ep:
            auth_region = request.headers.get('X-Auth-Region')
            keystone_ep = get_keystone_ep(auth_region)
    except Exception:
        # Failed to find Keystone EP - we'll set it to None instead of failing
        # because the rule might be to let everyone pass
        keystone_ep = None
    policy.authorize(action, request, conf, keystone_ep=keystone_ep)
@ -48,6 +54,22 @@ def get_token_conf(app_conf):
    user_domain_name = app_conf.authentication.user_domain_name
    project_domain_name = app_conf.authentication.project_domain_name
    conf = tokens.TokenConf(mech_id, mech_password, rms_url, tenant_name,
-                            keystone_version, user_domain_name, project_domain_name)
+                            keystone_version, user_domain_name,
                            project_domain_name)
    return conf
 def _get_request_keystone_ep(request):
    keystone_ep = None
    try:
        request_body = request.body if request.body else {}
        endpoints = json.loads(request_body).get('endpoints')
        endpoint_url = [endpoint.get('publicURL')
                        for endpoint in endpoints
                        if endpoint.get('type') == 'identity']
        keystone_ep = endpoint_url[0] if endpoint_url else None
    except Exception:
        keystone_ep = None
    return keystone_ep