Commit 50a4ba53 authored by Stavros Sachtouris's avatar Stavros Sachtouris

Adopt openstack-occi 1.1 authentication method

Basically, copy and paste from previous snf-occi implementation.
The gist is, if the client does not have a token, advise them to
obtain one from astavoms
parent da8f3076
......@@ -15,6 +15,8 @@
from ooi.wsgi import OCCIMiddleware
from ooi.api.helpers import OpenStackHelper
from soi.config import KEYSTONE_URL
from soi.synnefo import AstakosClient, AUTH_URL
def snf_index(cls, req):
......@@ -30,3 +32,47 @@ OpenStackHelper.index = snf_index
class SNFOCCIMiddleware(OCCIMiddleware):
"""Synnefo wrapper for OCCIMiddleware"""
def __call__(self, environ, response, *args, **kwargs):
"""Check request for essential AUTH-related headers, early"""
print environ
if 'HTTP_X_AUTH_TOKEN' not in environ:
print "No token provided, redirect to Astavoms"
status = '401 Not Authorized'
headers = [
('Content-Type', 'text/html'),
(
'Www-Authenticate',
'Keystone uri=\'{0}\''.format(KEYSTONE_URL))
]
response(status, headers)
print '401 - redirect to: {0}'.format(KEYSTONE_URL)
return [str(response)]
print 'Token provided'
snf_token = environ['HTTP_X_AUTH_TOKEN']
try:
snf_project = environ.get(
'HTTP_X_SNF_PROJECT', environ['HTTP_X_PROJECT_ID'])
print 'Project ID provided'
except KeyError:
print "No project header, ask Astakos for project ID"
snf_auth = AstakosClient(AUTH_URL, snf_token)
user_info = snf_auth.authenticate()
projects = user_info['access']['user']['projects']
user_uuid = user_info['access']['user']['id']
snf_project = user_uuid
for project in projects:
if project != user_uuid:
snf_project = project
print "Found a project - hope it suffices"
break
if snf_project == user_uuid:
print 'Fall back to user UUID as project ID'
environ['HTTP_X_PROJECT_ID'] = snf_project
return super(SNFOCCIMiddleware, self).__call__(
environ, response, *args, **kwargs)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment