self.auth_host = conf.get('auth_host', "127.0.0.1")
self.auth_port = int(conf.get('auth_port', 35357))
auth_protocol = conf.get('auth_protocol', 'http')
- self._request_uri = '%s://%s:%s' % (auth_protocol, self.auth_host, # TODO: ??? for auth or authz
+ self._conf["_request_uri"] = '%s://%s:%s' % (auth_protocol, self.auth_host, # TODO: ??? for auth or authz
self.auth_port)
# SSL
key_file = conf.get('keyfile')
if insecure:
- self._verify = False
+ self._conf["_verify"] = False
elif cert_file and key_file:
- self._verify = (cert_file, key_file)
+ self._conf["_verify"] = (cert_file, key_file)
elif cert_file:
- self._verify = cert_file
+ self._conf["_verify"] = cert_file
else:
- self._verify = None
+ self._conf["_verify"] = None
# Moon registered mgrs
self.local_registered_mgr_dict = dict() # TODO: load from the sql backend
+ from keystonemiddleware.moon_mgrs.authz_mgr.authz_mgr import AuthzMgr
+ self.local_registered_mgr_dict["authz_mgr"] = AuthzMgr(self._conf)
def __set_token(self):
data = self.get_url("/v3/auth/tokens", post_data=self.post_data)
self.__set_token()
for _mgr in self.local_registered_mgr_dict: # TODO: update from the sql backend
- self.local_registered_mgr_dict[_mgr]['response_content'] = \
+ self.local_registered_mgr_dict[_mgr].response_content = \
json.loads(self.local_registered_mgr_dict[_mgr].treat_request(self.x_subject_token, agent_data).content)
self.__unset_token()
aggregate_result = 1
for _mgr in self.local_registered_mgr_dict:
- if not self.local_registered_mgr_dict[_mgr]['response_content']:
+ if not self.local_registered_mgr_dict[_mgr].response_content:
aggregate_result = 0
if aggregate_result:
authz_mgr_fh = logging.FileHandler(CONF.moon_authz_mgr["authz_mgr_logfile"])
self._LOG.setLevel(logging.DEBUG)
self._LOG.addHandler(authz_mgr_fh)
+ self._conf = conf
+ self.response_content = ""
def _deny_request(self, code):
error_table = {
resp.body = error_msg
return resp
-
def treat_request(self, auth_token, agent_data):
if not agent_data['resource_id']:
agent_data['resource_id'] = "servers"
headers = {'X-Auth-Token': auth_token}
self._LOG.debug('X-Auth-Token={}'.format(auth_token))
try:
- _url ='{}/v3/OS-MOON/authz/{}/{}/{}/{}'.format(
- self._request_uri,
+ _url = '{}/moon/authz/{}/{}/{}/{}'.format(
+ self._conf["_request_uri"],
agent_data['tenant_id'],
agent_data['user_id'],
agent_data['resource_id'],
self._LOG.info(_url)
response = requests.get(_url,
headers=headers,
- verify=self._verify)
+ verify=self._conf["_verify"])
except requests.exceptions.RequestException as e:
self._LOG.error(_LI('HTTP connection exception: %s'), e)
resp = self._deny_request('InvalidURI')
elif response.status_code == 200:
answer = json.loads(response.content)
- self._LOG.debug("action_id={}/{}".format(agent_data['OS_component'] , agent_data['action_id']))
+ self._LOG.debug("action_id={}/{}".format(agent_data['OS_component'], agent_data['action_id']))
self._LOG.debug(answer)
if "authz" in answer and answer["authz"]:
return response
Code Review / moon.git / commitdiff