← Back to branch summary

~ubuntu-branches/ubuntu/quantal/keystone/quantal-security

« back to all changes in this revision

Viewing changes to keystone/contrib/ec2/core.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2012-06-22 12:27:50 UTC
  • mto: (35.1.1 quantal-proposed)
  • mto: This revision was merged to the branch mainline in revision 28.
  • Revision ID: package-import@ubuntu.com-20120622122750-4urdq17en1990apn
Tags: upstream-2012.2~f2~20120622.2353
ImportĀ upstreamĀ versionĀ 2012.2~f2~20120622.2353

Show diffs side-by-side

added added

removed removed

Lines of Context:
keystone/contrib/ec2/core.py
37
37
import uuid
38
38
 
39
39
from keystone import catalog
 
40
from keystone.common import manager
 
41
from keystone.common import utils
 
42
from keystone.common import wsgi
40
43
from keystone import config
41
44
from keystone import exception
42
45
from keystone import identity
43
46
from keystone import policy
44
47
from keystone import service
45
48
from keystone import token
46
 
from keystone.common import manager
47
 
from keystone.common import utils
48
 
from keystone.common import wsgi
49
49
 
50
50
 
51
51
CONF = config.CONF
67
67
    def add_routes(self, mapper):
68
68
        ec2_controller = Ec2Controller()
69
69
        # validation
70
 
        mapper.connect('/ec2tokens',
71
 
                       controller=ec2_controller,
72
 
                       action='authenticate',
73
 
                       conditions=dict(method=['POST']))
 
70
        mapper.connect(
 
71
            '/ec2tokens',
 
72
            controller=ec2_controller,
 
73
            action='authenticate',
 
74
            conditions=dict(method=['POST']))
74
75
 
75
76
        # crud
76
 
        mapper.connect('/users/{user_id}/credentials/OS-EC2',
77
 
                       controller=ec2_controller,
78
 
                       action='create_credential',
79
 
                       conditions=dict(method=['POST']))
80
 
        mapper.connect('/users/{user_id}/credentials/OS-EC2',
81
 
                       controller=ec2_controller,
82
 
                       action='get_credentials',
83
 
                       conditions=dict(method=['GET']))
84
 
        mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
85
 
                       controller=ec2_controller,
86
 
                       action='get_credential',
87
 
                       conditions=dict(method=['GET']))
88
 
        mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
89
 
                       controller=ec2_controller,
90
 
                       action='delete_credential',
91
 
                       conditions=dict(method=['DELETE']))
 
77
        mapper.connect(
 
78
            '/users/{user_id}/credentials/OS-EC2',
 
79
            controller=ec2_controller,
 
80
            action='create_credential',
 
81
            conditions=dict(method=['POST']))
 
82
        mapper.connect(
 
83
            '/users/{user_id}/credentials/OS-EC2',
 
84
            controller=ec2_controller,
 
85
            action='get_credentials',
 
86
            conditions=dict(method=['GET']))
 
87
        mapper.connect(
 
88
            '/users/{user_id}/credentials/OS-EC2/{credential_id}',
 
89
            controller=ec2_controller,
 
90
            action='get_credential',
 
91
            conditions=dict(method=['GET']))
 
92
        mapper.connect(
 
93
            '/users/{user_id}/credentials/OS-EC2/{credential_id}',
 
94
            controller=ec2_controller,
 
95
            action='delete_credential',
 
96
            conditions=dict(method=['DELETE']))
92
97
 
93
98
 
94
99
class Ec2Controller(wsgi.Application):
116
121
        else:
117
122
            raise exception.Unauthorized(message='EC2 signature not supplied.')
118
123
 
119
 
    def authenticate(self, context, credentials=None,
120
 
                         ec2Credentials=None):
 
124
    def authenticate(self, context, credentials=None, ec2Credentials=None):
121
125
        """Validate a signed EC2 request and provide a token.
122
126
 
123
127
        Other services (such as Nova) use this **admin** call to determine
155
159
        # TODO(termie): this is copied from TokenController.authenticate
156
160
        token_id = uuid.uuid4().hex
157
161
        tenant_ref = self.identity_api.get_tenant(
158
 
                context=context,
159
 
                tenant_id=creds_ref['tenant_id'])
 
162
            context=context,
 
163
            tenant_id=creds_ref['tenant_id'])
160
164
        user_ref = self.identity_api.get_user(
161
 
                context=context,
162
 
                user_id=creds_ref['user_id'])
 
165
            context=context,
 
166
            user_id=creds_ref['user_id'])
163
167
        metadata_ref = self.identity_api.get_metadata(
164
 
                context=context,
165
 
                user_id=user_ref['id'],
166
 
                tenant_id=tenant_ref['id'])
 
168
            context=context,
 
169
            user_id=user_ref['id'],
 
170
            tenant_id=tenant_ref['id'])
167
171
        catalog_ref = self.catalog_api.get_catalog(
168
 
                context=context,
169
 
                user_id=user_ref['id'],
170
 
                tenant_id=tenant_ref['id'],
171
 
                    metadata=metadata_ref)
 
172
            context=context,
 
173
            user_id=user_ref['id'],
 
174
            tenant_id=tenant_ref['id'],
 
175
            metadata=metadata_ref)
172
176
 
173
177
        token_ref = self.token_api.create_token(
174
 
                context, token_id, dict(id=token_id,
175
 
                                        user=user_ref,
176
 
                                        tenant=tenant_ref,
177
 
                                        metadata=metadata_ref))
 
178
            context, token_id, dict(id=token_id,
 
179
                                    user=user_ref,
 
180
                                    tenant=tenant_ref,
 
181
                                    metadata=metadata_ref))
178
182
 
179
183
        # TODO(termie): optimize this call at some point and put it into the
180
184
        #               the return for metadata
189
193
        #               would be better to expect a full return
190
194
        token_controller = service.TokenController()
191
195
        return token_controller._format_authenticate(
192
 
                token_ref, roles_ref, catalog_ref)
 
196
            token_ref, roles_ref, catalog_ref)
193
197
 
194
198
    def create_credential(self, context, user_id, tenant_id):
195
199
        """Create a secret/access pair for use with ec2 style auth.
284
288
 
285
289
        """
286
290
        try:
287
 
            token_ref = self.token_api.get_token(context=context,
288
 
                    token_id=context['token_id'])
 
291
            token_ref = self.token_api.get_token(
 
292
                context=context,
 
293
                token_id=context['token_id'])
289
294
        except exception.TokenNotFound:
290
295
            raise exception.Unauthorized()
291
296
        token_user_id = token_ref['user'].get('id')