From 43604520de242b46d8d6bdab1fada84bac57b4dc Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: 2011年9月20日 15:17:03 -0700 Subject: [PATCH] remove keystone --- etc/nova/api-paste.ini | 30 ------------------------- nova/api/auth.py | 31 -------------------------- nova/api/ec2/__init__.py | 48 ---------------------------------------- 3 files changed, 109 deletions(-) diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index cd24efb13ba5..8555f6ce5180 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -22,15 +22,11 @@ use = egg:Paste#urlmap pipeline = logrequest ec2noauth cloudrequest authorizer ec2executor # NOTE(vish): use the following pipeline for deprecated auth #pipeline = logrequest authenticate cloudrequest authorizer ec2executor -# NOTE(vish): use the following pipeline for keystone -# pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor [pipeline:ec2admin] pipeline = logrequest ec2noauth adminrequest authorizer ec2executor # NOTE(vish): use the following pipeline for deprecated auth #pipeline = logrequest authenticate adminrequest authorizer ec2executor -# NOTE(vish): use the following pipeline for keystone -#pipeline = logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor [pipeline:ec2metadata] pipeline = logrequest ec2md @@ -44,9 +40,6 @@ paste.filter_factory = nova.api.ec2:RequestLogging.factory [filter:ec2lockout] paste.filter_factory = nova.api.ec2:Lockout.factory -[filter:totoken] -paste.filter_factory = nova.api.ec2:ToToken.factory - [filter:ec2noauth] paste.filter_factory = nova.api.ec2:NoAuth.factory @@ -87,15 +80,11 @@ use = egg:Paste#urlmap pipeline = faultwrap noauth ratelimit osapiapp10 # NOTE(vish): use the following pipeline for deprecated auth # pipeline = faultwrap auth ratelimit osapiapp10 -# NOTE(vish): use the following pipeline for keystone -#pipeline = faultwrap authtoken keystonecontext ratelimit osapiapp10 [pipeline:openstackapi11] pipeline = faultwrap noauth ratelimit extensions osapiapp11 # NOTE(vish): use the following pipeline for deprecated auth # pipeline = faultwrap auth ratelimit extensions osapiapp11 -# NOTE(vish): use the following pipeline for keystone -# pipeline = faultwrap authtoken keystonecontext ratelimit extensions osapiapp11 [filter:faultwrap] paste.filter_factory = nova.api.openstack:FaultWrapper.factory @@ -123,22 +112,3 @@ pipeline = faultwrap osversionapp [app:osversionapp] paste.app_factory = nova.api.openstack.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = nova.api.auth:KeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystone.middleware.auth_token:filter_factory -service_protocol = http -service_host = 127.0.0.1 -service_port = 808 -auth_host = 127.0.0.1 -auth_port = 5001 -auth_protocol = http -auth_uri = http://127.0.0.1:5000/ -admin_token = 999888777666 - diff --git a/nova/api/auth.py b/nova/api/auth.py index cd0d38b3f864..a94f28739223 100644 --- a/nova/api/auth.py +++ b/nova/api/auth.py @@ -43,34 +43,3 @@ class InjectContext(wsgi.Middleware): def __call__(self, req): req.environ['nova.context'] = self.context return self.application - - -class KeystoneContext(wsgi.Middleware): - """Make a request context from keystone headers""" - - @webob.dec.wsgify(RequestClass=wsgi.Request) - def __call__(self, req): - try: - user_id = req.headers['X_USER'] - except KeyError: - return webob.exc.HTTPUnauthorized() - # get the roles - roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')] - project_id = req.headers['X_TENANT'] - # Get the auth token - auth_token = req.headers.get('X_AUTH_TOKEN', - req.headers.get('X_STORAGE_TOKEN')) - - # Build a context, including the auth_token... - remote_address = getattr(req, 'remote_address', '127.0.0.1') - remote_address = req.remote_addr - if FLAGS.use_forwarded_for: - remote_address = req.headers.get('X-Forwarded-For', remote_address) - ctx = context.RequestContext(user_id, - project_id, - roles=roles, - auth_token=auth_token, - remote_address=remote_address) - - req.environ['nova.context'] = ctx - return self.application diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py index 3b217e62e5ea..57097fdf476d 100644 --- a/nova/api/ec2/__init__.py +++ b/nova/api/ec2/__init__.py @@ -142,54 +142,6 @@ class Lockout(wsgi.Middleware): return res -class ToToken(wsgi.Middleware): - """Authenticate an EC2 request with keystone and convert to token.""" - - @webob.dec.wsgify(RequestClass=wsgi.Request) - def __call__(self, req): - # Read request signature and access id. - try: - signature = req.params['Signature'] - access = req.params['AWSAccessKeyId'] - except KeyError: - raise webob.exc.HTTPBadRequest() - - # Make a copy of args for authentication and signature verification. - auth_params = dict(req.params) - # Not part of authentication args - auth_params.pop('Signature') - - # Authenticate the request. - creds = {'ec2Credentials': {'access': access, - 'signature': signature, - 'host': req.host, - 'verb': req.method, - 'path': req.path, - 'params': auth_params, - }} - creds_json = utils.dumps(creds) - headers = {'Content-Type': 'application/json'} - o = urlparse(FLAGS.keystone_ec2_url) - if o.scheme == "http": - conn = httplib.HTTPConnection(o.netloc) - else: - conn = httplib.HTTPSConnection(o.netloc) - conn.request('POST', o.path, body=creds_json, headers=headers) - response = conn.getresponse().read() - conn.close() - - # NOTE(vish): We could save a call to keystone by - # having keystone return token, tenant, - # user, and roles from this call. - result = utils.loads(response) - # TODO(vish): check for errors - - token_id = result['auth']['token']['id'] - # Authenticated! - req.headers['X-Auth-Token'] = token_id - return self.application - - class NoAuth(wsgi.Middleware): """Add user:project as 'nova.context' to WSGI environ."""

AltStyle によって変換されたページ (->オリジナル) /