keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

ec2tokens.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 # This file handles all flask-restful resources for /v3/ec2tokens
14 
15 import flask
16 import http.client
17 from keystoneclient.contrib.ec2 import utils as ec2_utils
18 from oslo_serialization import jsonutils
19 
20 from keystone.api._shared import EC2_S3_Resource
21 from keystone.api._shared import json_home_relations
22 from keystone.common import render_token
23 from keystone.common import utils
24 from keystone import exception
25 from keystone.i18n import _
26 from keystone.server import flask as ks_flask
27 
28 
29 CRED_TYPE_EC2 = 'ec2'
30 
31 
32 class EC2TokensResource(EC2_S3_Resource.ResourceBase):
33  @staticmethod
34  def _check_signature(creds_ref, credentials):
35  signer = ec2_utils.Ec2Signer(creds_ref['secret'])
36  signature = signer.generate(credentials)
37  # NOTE(davechecn): credentials.get('signature') is not guaranteed to
38  # exist, we need to check it explicitly.
39  if credentials.get('signature'):
40  if utils.auth_str_equal(credentials['signature'], signature):
41  return True
42  # NOTE(vish): Some client libraries don't use the port when
43  # signing requests, so try again without the port.
44  elif ':' in credentials['host']:
45  hostname, _port = credentials.split(':')
46  credentials['host'] = hostname
47  # NOTE(davechen): we need to reinitialize 'signer' to avoid
48  # contaminated status of signature, this is similar with
49  # other programming language libraries, JAVA for example.
50  signer = ec2_utils.Ec2Signer(creds_ref['secret'])
51  signature = signer.generate(credentials)
52  if utils.auth_str_equal(
53  credentials['signature'], signature):
54  return True
55  raise exception.Unauthorized(_('Invalid EC2 signature.'))
56  # Raise the exception when credentials.get('signature') is None
57  else:
59  _('EC2 signature not supplied.'))
60 
61  @ks_flask.unenforced_api
62  def post(self):
63  """Authenticate ec2 token.
64 
65  POST /v3/ec2tokens
66  """
67  token = self.handle_authenticate()
68  token_reference = render_token.render_token_response_from_model(token)
69  resp_body = jsonutils.dumps(token_reference)
70  response = flask.make_response(resp_body, http.client.OK)
71  response.headers['X-Subject-Token'] = token.id
72  response.headers['Content-Type'] = 'application/json'
73  return response
74 
75 
76 class EC2TokensAPI(ks_flask.APIBase):
77  _name = 'ec2tokens'
78  _import_name = __name__
79  resources = []
80  resource_mapping = [
81  ks_flask.construct_resource_map(
82  resource=EC2TokensResource,
83  url='/ec2tokens',
84  resource_kwargs={},
85  rel='ec2tokens',
86  resource_relation_func=(
87  json_home_relations.os_ec2_resource_rel_func))
88  ]
89 
90 
91 APIs = (EC2TokensAPI,)
keystone.exception.Unauthorized
Definition: exception.py:283
keystone.api.ec2tokens.EC2TokensResource._check_signature
def _check_signature(creds_ref, credentials)
Definition: ec2tokens.py:34
keystone.api.ec2tokens.EC2TokensResource.post
def post(self)
Definition: ec2tokens.py:62
keystone.api.ec2tokens.EC2TokensResource
Definition: ec2tokens.py:32
keystone.api.ec2tokens.EC2TokensAPI
Definition: ec2tokens.py:76
keystone.server
Definition: __init__.py:1
keystone.i18n._
_
Definition: i18n.py:29
keystone.common
Definition: __init__.py:1
keystone.i18n
Definition: i18n.py:1
keystone.api._shared
Definition: __init__.py:1