# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import abc import logging from oslo.config import cfg import six from keystoneclient import access from keystoneclient.auth.identity import base from keystoneclient import exceptions from keystoneclient import utils _logger = logging.getLogger(__name__) @six.add_metaclass(abc.ABCMeta) class Auth(base.BaseIdentityPlugin): @classmethod def get_options(cls): options = super(Auth, cls).get_options() options.extend([ cfg.StrOpt('tenant-id', help='Tenant ID'), cfg.StrOpt('tenant-name', help='Tenant Name'), cfg.StrOpt('trust-id', help='Trust ID'), ]) return options @utils.positional() def __init__(self, auth_url, trust_id=None, tenant_id=None, tenant_name=None): """Construct an Identity V2 Authentication Plugin. :param string auth_url: Identity service endpoint for authorization. :param string trust_id: Trust ID for trust scoping. :param string tenant_id: Tenant ID for project scoping. :param string tenant_name: Tenant name for project scoping. """ super(Auth, self).__init__(auth_url=auth_url) self.trust_id = trust_id self.tenant_id = tenant_id self.tenant_name = tenant_name def get_auth_ref(self, session, **kwargs): headers = {'Accept': 'application/json'} url = self.auth_url.rstrip('/') + '/tokens' params = {'auth': self.get_auth_data(headers)} if self.tenant_id: params['auth']['tenantId'] = self.tenant_id elif self.tenant_name: params['auth']['tenantName'] = self.tenant_name if self.trust_id: params['auth']['trust_id'] = self.trust_id _logger.debug('Making authentication request to %s', url) resp = session.post(url, json=params, headers=headers, authenticated=False, log=False) try: resp_data = resp.json()['access'] except (KeyError, ValueError): raise exceptions.InvalidResponse(response=resp) return access.AccessInfoV2(**resp_data) @abc.abstractmethod def get_auth_data(self, headers=None): """Return the authentication section of an auth plugin. :param dict headers: The headers that will be sent with the auth request if a plugin needs to add to them. :return dict: A dict of authentication data for the auth type. """ class Password(Auth): def __init__(self, auth_url, username, password, **kwargs): """A plugin for authenticating with a username and password. :param string auth_url: Identity service endpoint for authorization. :param string username: Username for authentication. :param string password: Password for authentication. """ super(Password, self).__init__(auth_url, **kwargs) self.username = username self.password = password def get_auth_data(self, headers=None): return {'passwordCredentials': {'username': self.username, 'password': self.password}} @classmethod def get_options(cls): options = super(Password, cls).get_options() options.extend([ cfg.StrOpt('user-name', dest='username', deprecated_name='username', help='Username to login with'), cfg.StrOpt('password', help='Password to use'), ]) return options class Token(Auth): def __init__(self, auth_url, token, **kwargs): """A plugin for authenticating with an existing token. :param string auth_url: Identity service endpoint for authorization. :param string token: Existing token for authentication. """ super(Token, self).__init__(auth_url, **kwargs) self.token = token def get_auth_data(self, headers=None): if headers is not None: headers['X-Auth-Token'] = self.token return {'token': {'id': self.token}} @classmethod def get_options(cls): options = super(Token, cls).get_options() options.extend([ cfg.StrOpt('token', help='Token'), ]) return options