39
39
from keystone import catalog
40
from keystone.common import manager
41
from keystone.common import utils
42
from keystone.common import wsgi
40
43
from keystone import config
41
44
from keystone import exception
42
45
from keystone import identity
43
46
from keystone import policy
44
47
from keystone import service
45
48
from keystone import token
46
from keystone.common import manager
47
from keystone.common import utils
48
from keystone.common import wsgi
67
67
def add_routes(self, mapper):
68
68
ec2_controller = Ec2Controller()
70
mapper.connect('/ec2tokens',
71
controller=ec2_controller,
72
action='authenticate',
73
conditions=dict(method=['POST']))
72
controller=ec2_controller,
73
action='authenticate',
74
conditions=dict(method=['POST']))
76
mapper.connect('/users/{user_id}/credentials/OS-EC2',
77
controller=ec2_controller,
78
action='create_credential',
79
conditions=dict(method=['POST']))
80
mapper.connect('/users/{user_id}/credentials/OS-EC2',
81
controller=ec2_controller,
82
action='get_credentials',
83
conditions=dict(method=['GET']))
84
mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
85
controller=ec2_controller,
86
action='get_credential',
87
conditions=dict(method=['GET']))
88
mapper.connect('/users/{user_id}/credentials/OS-EC2/{credential_id}',
89
controller=ec2_controller,
90
action='delete_credential',
91
conditions=dict(method=['DELETE']))
78
'/users/{user_id}/credentials/OS-EC2',
79
controller=ec2_controller,
80
action='create_credential',
81
conditions=dict(method=['POST']))
83
'/users/{user_id}/credentials/OS-EC2',
84
controller=ec2_controller,
85
action='get_credentials',
86
conditions=dict(method=['GET']))
88
'/users/{user_id}/credentials/OS-EC2/{credential_id}',
89
controller=ec2_controller,
90
action='get_credential',
91
conditions=dict(method=['GET']))
93
'/users/{user_id}/credentials/OS-EC2/{credential_id}',
94
controller=ec2_controller,
95
action='delete_credential',
96
conditions=dict(method=['DELETE']))
94
99
class Ec2Controller(wsgi.Application):
117
122
raise exception.Unauthorized(message='EC2 signature not supplied.')
119
def authenticate(self, context, credentials=None,
120
ec2Credentials=None):
124
def authenticate(self, context, credentials=None, ec2Credentials=None):
121
125
"""Validate a signed EC2 request and provide a token.
123
127
Other services (such as Nova) use this **admin** call to determine
155
159
# TODO(termie): this is copied from TokenController.authenticate
156
160
token_id = uuid.uuid4().hex
157
161
tenant_ref = self.identity_api.get_tenant(
159
tenant_id=creds_ref['tenant_id'])
163
tenant_id=creds_ref['tenant_id'])
160
164
user_ref = self.identity_api.get_user(
162
user_id=creds_ref['user_id'])
166
user_id=creds_ref['user_id'])
163
167
metadata_ref = self.identity_api.get_metadata(
165
user_id=user_ref['id'],
166
tenant_id=tenant_ref['id'])
169
user_id=user_ref['id'],
170
tenant_id=tenant_ref['id'])
167
171
catalog_ref = self.catalog_api.get_catalog(
169
user_id=user_ref['id'],
170
tenant_id=tenant_ref['id'],
171
metadata=metadata_ref)
173
user_id=user_ref['id'],
174
tenant_id=tenant_ref['id'],
175
metadata=metadata_ref)
173
177
token_ref = self.token_api.create_token(
174
context, token_id, dict(id=token_id,
177
metadata=metadata_ref))
178
context, token_id, dict(id=token_id,
181
metadata=metadata_ref))
179
183
# TODO(termie): optimize this call at some point and put it into the
180
184
# the return for metadata
189
193
# would be better to expect a full return
190
194
token_controller = service.TokenController()
191
195
return token_controller._format_authenticate(
192
token_ref, roles_ref, catalog_ref)
196
token_ref, roles_ref, catalog_ref)
194
198
def create_credential(self, context, user_id, tenant_id):
195
199
"""Create a secret/access pair for use with ec2 style auth.
287
token_ref = self.token_api.get_token(context=context,
288
token_id=context['token_id'])
291
token_ref = self.token_api.get_token(
293
token_id=context['token_id'])
289
294
except exception.TokenNotFound:
290
295
raise exception.Unauthorized()
291
296
token_user_id = token_ref['user'].get('id')