46
46
'Number of minutes to lockout if triggered.')
47
47
flags.DEFINE_integer('lockout_window', 15,
48
48
'Number of minutes for lockout window.')
49
flags.DEFINE_string('keystone_ec2_url',
50
'http://localhost:5000/v2.0/ec2tokens',
51
'URL to get token from ec2 request.')
52
49
flags.DECLARE('use_forwarded_for', 'nova.api.auth')
145
class ToToken(wsgi.Middleware):
146
"""Authenticate an EC2 request with keystone and convert to token."""
148
@webob.dec.wsgify(RequestClass=wsgi.Request)
149
def __call__(self, req):
150
# Read request signature and access id.
152
signature = req.params['Signature']
153
access = req.params['AWSAccessKeyId']
155
raise webob.exc.HTTPBadRequest()
157
# Make a copy of args for authentication and signature verification.
158
auth_params = dict(req.params)
159
# Not part of authentication args
160
auth_params.pop('Signature')
162
# Authenticate the request.
163
creds = {'ec2Credentials': {'access': access,
164
'signature': signature,
168
'params': auth_params,
170
creds_json = utils.dumps(creds)
171
headers = {'Content-Type': 'application/json'}
172
o = urlparse(FLAGS.keystone_ec2_url)
173
if o.scheme == "http":
174
conn = httplib.HTTPConnection(o.netloc)
176
conn = httplib.HTTPSConnection(o.netloc)
177
conn.request('POST', o.path, body=creds_json, headers=headers)
178
response = conn.getresponse().read()
181
# NOTE(vish): We could save a call to keystone by
182
# having keystone return token, tenant,
183
# user, and roles from this call.
184
result = utils.loads(response)
185
# TODO(vish): check for errors
187
token_id = result['auth']['token']['id']
189
req.headers['X-Auth-Token'] = token_id
190
return self.application
193
142
class NoAuth(wsgi.Middleware):
194
143
"""Add user:project as 'nova.context' to WSGI environ."""