A bit more cleanup to remove melange code, and making the auth code work again.
This commit is contained in:
parent
475927f35d
commit
1f920650e6
@ -16,8 +16,6 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
#TODO(jkoelker) Convert this to an entry_point
|
|
||||||
|
|
||||||
import gettext
|
import gettext
|
||||||
import optparse
|
import optparse
|
||||||
import os
|
import os
|
||||||
@ -35,12 +33,9 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
|||||||
if os.path.exists(os.path.join(possible_topdir, 'reddwarf', '__init__.py')):
|
if os.path.exists(os.path.join(possible_topdir, 'reddwarf', '__init__.py')):
|
||||||
sys.path.insert(0, possible_topdir)
|
sys.path.insert(0, possible_topdir)
|
||||||
|
|
||||||
#from melange import ipv4
|
|
||||||
#from melange import mac
|
|
||||||
from reddwarf import version
|
from reddwarf import version
|
||||||
from reddwarf.common import config
|
from reddwarf.common import config
|
||||||
from reddwarf.common import wsgi
|
from reddwarf.common import wsgi
|
||||||
#from melange.db import db_api
|
|
||||||
|
|
||||||
|
|
||||||
def create_options(parser):
|
def create_options(parser):
|
||||||
@ -65,7 +60,6 @@ if __name__ == '__main__':
|
|||||||
(options, args) = config.parse_options(oparser)
|
(options, args) = config.parse_options(oparser)
|
||||||
try:
|
try:
|
||||||
conf, app = config.Config.load_paste_app('reddwarf', options, args)
|
conf, app = config.Config.load_paste_app('reddwarf', options, args)
|
||||||
# db_api.configure_db(conf, ipv4.plugin(), mac.plugin())
|
|
||||||
server = wsgi.Server()
|
server = wsgi.Server()
|
||||||
server.start(app, options.get('port', conf['bind_port']),
|
server.start(app, options.get('port', conf['bind_port']),
|
||||||
conf['bind_host'])
|
conf['bind_host'])
|
||||||
|
@ -14,9 +14,9 @@ bind_port = 8779
|
|||||||
# SQLAlchemy connection string for the reference implementation
|
# SQLAlchemy connection string for the reference implementation
|
||||||
# registry server. Any valid SQLAlchemy connection string is fine.
|
# registry server. Any valid SQLAlchemy connection string is fine.
|
||||||
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
||||||
#sql_connection = sqlite:///melange_test.sqlite
|
sql_connection = sqlite:///reddwarf_test.sqlite
|
||||||
# sql_connection = mysql://root:root@localhost/melange
|
# sql_connection = mysql://root:root@localhost/reddwarf
|
||||||
#sql_connection = postgresql://melange:melange@localhost/melange
|
#sql_connection = postgresql://reddwarf:reddwarf@localhost/reddwarf
|
||||||
|
|
||||||
# Period in seconds after which SQLAlchemy should reestablish its connection
|
# Period in seconds after which SQLAlchemy should reestablish its connection
|
||||||
# to the database.
|
# to the database.
|
||||||
@ -28,7 +28,7 @@ bind_port = 8779
|
|||||||
sql_idle_timeout = 3600
|
sql_idle_timeout = 3600
|
||||||
|
|
||||||
#DB Api Implementation
|
#DB Api Implementation
|
||||||
#db_api_implementation = "reddwarf.db.sqlalchemy.api"
|
db_api_implementation = "reddwarf.db.sqlalchemy.api"
|
||||||
|
|
||||||
# Path to the extensions
|
# Path to the extensions
|
||||||
api_extensions_path = reddwarf/extensions
|
api_extensions_path = reddwarf/extensions
|
||||||
@ -52,7 +52,7 @@ use = call:reddwarf.common.wsgi:versioned_urlmap
|
|||||||
paste.app_factory = reddwarf.versions:app_factory
|
paste.app_factory = reddwarf.versions:app_factory
|
||||||
|
|
||||||
[pipeline:reddwarfapi]
|
[pipeline:reddwarfapi]
|
||||||
pipeline = reddwarfapp
|
pipeline = tokenauth authorization reddwarfapp
|
||||||
#pipeline = debug extensions reddwarfapp
|
#pipeline = debug extensions reddwarfapp
|
||||||
|
|
||||||
#[filter:extensions]
|
#[filter:extensions]
|
||||||
@ -62,14 +62,16 @@ pipeline = reddwarfapp
|
|||||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||||
service_protocol = http
|
service_protocol = http
|
||||||
service_host = 127.0.0.1
|
service_host = 127.0.0.1
|
||||||
service_port = 808
|
service_port = 5000
|
||||||
auth_host = 127.0.0.1
|
auth_host = 127.0.0.1
|
||||||
auth_port = 5001
|
auth_port = 35357
|
||||||
auth_protocol = http
|
auth_protocol = http
|
||||||
|
auth_uri = http://127.0.0.1:5000/
|
||||||
admin_token = be19c524ddc92109a224
|
admin_token = be19c524ddc92109a224
|
||||||
|
|
||||||
#[filter:authorization]
|
|
||||||
#paste.filter_factory = reddwarf.common.auth:AuthorizationMiddleware.factory
|
[filter:authorization]
|
||||||
|
paste.filter_factory = reddwarf.common.auth:AuthorizationMiddleware.factory
|
||||||
|
|
||||||
[app:reddwarfapp]
|
[app:reddwarfapp]
|
||||||
paste.app_factory = reddwarf.database.service:app_factory
|
paste.app_factory = reddwarf.database.service:app_factory
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||||
|
|
||||||
# Copyright 2010 United States Government as represented by the
|
# Copyright 2011 OpenStack LLC.
|
||||||
# Administrator of the National Aeronautics and Space Administration.
|
|
||||||
# All Rights Reserved.
|
# All Rights Reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
@ -15,7 +14,6 @@
|
|||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
:mod:`reddwarf` -- Cloud PaaS Database Platform
|
:mod:`reddwarf` -- Cloud PaaS Database Platform
|
||||||
===================================
|
===================================
|
||||||
@ -25,8 +23,3 @@
|
|||||||
:synopsis: Platform-As-A-Service Database Cloud
|
:synopsis: Platform-As-A-Service Database Cloud
|
||||||
.. moduleauthor:: Michael Basnight <mbasnight@gmail.com>
|
.. moduleauthor:: Michael Basnight <mbasnight@gmail.com>
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import gettext
|
|
||||||
|
|
||||||
|
|
||||||
gettext.install("reddwarf", unicode=1)
|
|
||||||
|
70
reddwarf/common/auth.py
Normal file
70
reddwarf/common/auth.py
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||||
|
|
||||||
|
# Copyright 2011 OpenStack LLC.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import httplib2
|
||||||
|
import logging
|
||||||
|
import re
|
||||||
|
import webob.exc
|
||||||
|
import wsgi
|
||||||
|
|
||||||
|
|
||||||
|
LOG = logging.getLogger("reddwarf.common.auth")
|
||||||
|
|
||||||
|
|
||||||
|
class AuthorizationMiddleware(wsgi.Middleware):
|
||||||
|
|
||||||
|
def __init__(self, application, auth_providers, **local_config):
|
||||||
|
self.auth_providers = auth_providers
|
||||||
|
LOG.debug("Auth middleware providers: %s" % auth_providers)
|
||||||
|
super(AuthorizationMiddleware, self).__init__(application,
|
||||||
|
**local_config)
|
||||||
|
|
||||||
|
def process_request(self, request):
|
||||||
|
roles = request.headers.get('X_ROLE', '').split(',')
|
||||||
|
LOG.debug("Processing auth request with roles: %s" % roles)
|
||||||
|
tenant_id = request.headers.get('X_TENANT', None)
|
||||||
|
LOG.debug("Processing auth request with tenant_id: %s" % tenant_id)
|
||||||
|
for provider in self.auth_providers:
|
||||||
|
provider.authorize(request, tenant_id, roles)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def factory(cls, global_config, **local_config):
|
||||||
|
def _factory(app):
|
||||||
|
LOG.debug("Created auth middleware with config: %s" % local_config)
|
||||||
|
return cls(app, [TenantBasedAuth()],
|
||||||
|
**local_config)
|
||||||
|
return _factory
|
||||||
|
|
||||||
|
|
||||||
|
class TenantBasedAuth(object):
|
||||||
|
|
||||||
|
# The paths differ from melange, so the regex must differ as well, reddwarf starts with a tenant_id
|
||||||
|
tenant_scoped_url = re.compile("/(?P<tenant_id>.*?)/.*")
|
||||||
|
|
||||||
|
def authorize(self, request, tenant_id, roles):
|
||||||
|
if 'admin' in [role.lower() for role in roles]:
|
||||||
|
LOG.debug("Authorized admin request: %s" % request)
|
||||||
|
return True
|
||||||
|
match_for_tenant = self.tenant_scoped_url.match(request.path_info)
|
||||||
|
if (match_for_tenant and
|
||||||
|
tenant_id == match_for_tenant.group('tenant_id')):
|
||||||
|
LOG.debug("Authorized tenant '%(tenant_id)s' request: "
|
||||||
|
"%(request)s" % locals())
|
||||||
|
return True
|
||||||
|
raise webob.exc.HTTPForbidden(_("User with tenant id %s cannot "
|
||||||
|
"access this resource") % tenant_id)
|
||||||
|
|
@ -1 +1,16 @@
|
|||||||
__author__ = 'mbasnight'
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||||
|
|
||||||
|
# Copyright 2011 OpenStack LLC.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
@ -1 +1,16 @@
|
|||||||
__author__ = 'mbasnight'
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||||
|
|
||||||
|
# Copyright 2011 OpenStack LLC.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
Loading…
Reference in New Issue
Block a user