"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/api/ec2tokens.py" (13 May 2020, 3511 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "ec2tokens.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 # not use this file except in compliance with the License. You may obtain
    3 # a copy of the License at
    4 #
    5 #      http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 # Unless required by applicable law or agreed to in writing, software
    8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 # License for the specific language governing permissions and limitations
   11 # under the License.
   12 
   13 # This file handles all flask-restful resources for /v3/ec2tokens
   14 
   15 import flask
   16 import http.client
   17 from keystoneclient.contrib.ec2 import utils as ec2_utils
   18 from oslo_serialization import jsonutils
   19 
   20 from keystone.api._shared import EC2_S3_Resource
   21 from keystone.api._shared import json_home_relations
   22 from keystone.common import render_token
   23 from keystone.common import utils
   24 from keystone import exception
   25 from keystone.i18n import _
   26 from keystone.server import flask as ks_flask
   27 
   28 
   29 CRED_TYPE_EC2 = 'ec2'
   30 
   31 
   32 class EC2TokensResource(EC2_S3_Resource.ResourceBase):
   33     @staticmethod
   34     def _check_signature(creds_ref, credentials):
   35         signer = ec2_utils.Ec2Signer(creds_ref['secret'])
   36         signature = signer.generate(credentials)
   37         # NOTE(davechecn): credentials.get('signature') is not guaranteed to
   38         # exist, we need to check it explicitly.
   39         if credentials.get('signature'):
   40             if utils.auth_str_equal(credentials['signature'], signature):
   41                 return True
   42             # NOTE(vish): Some client libraries don't use the port when
   43             # signing requests, so try again without the port.
   44             elif ':' in credentials['host']:
   45                 hostname, _port = credentials.split(':')
   46                 credentials['host'] = hostname
   47                 # NOTE(davechen): we need to reinitialize 'signer' to avoid
   48                 # contaminated status of signature, this is similar with
   49                 # other programming language libraries, JAVA for example.
   50                 signer = ec2_utils.Ec2Signer(creds_ref['secret'])
   51                 signature = signer.generate(credentials)
   52                 if utils.auth_str_equal(
   53                         credentials['signature'], signature):
   54                     return True
   55             raise exception.Unauthorized(_('Invalid EC2 signature.'))
   56         # Raise the exception when credentials.get('signature') is None
   57         else:
   58             raise exception.Unauthorized(
   59                 _('EC2 signature not supplied.'))
   60 
   61     @ks_flask.unenforced_api
   62     def post(self):
   63         """Authenticate ec2 token.
   64 
   65         POST /v3/ec2tokens
   66         """
   67         token = self.handle_authenticate()
   68         token_reference = render_token.render_token_response_from_model(token)
   69         resp_body = jsonutils.dumps(token_reference)
   70         response = flask.make_response(resp_body, http.client.OK)
   71         response.headers['X-Subject-Token'] = token.id
   72         response.headers['Content-Type'] = 'application/json'
   73         return response
   74 
   75 
   76 class EC2TokensAPI(ks_flask.APIBase):
   77     _name = 'ec2tokens'
   78     _import_name = __name__
   79     resources = []
   80     resource_mapping = [
   81         ks_flask.construct_resource_map(
   82             resource=EC2TokensResource,
   83             url='/ec2tokens',
   84             resource_kwargs={},
   85             rel='ec2tokens',
   86             resource_relation_func=(
   87                 json_home_relations.os_ec2_resource_rel_func))
   88     ]
   89 
   90 
   91 APIs = (EC2TokensAPI,)