Source code for heat.common.auth_plugin

#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import json

from keystoneauth1 import loading as ks_loading
from oslo_log import log as logging

from heat.common import exception

LOG = logging.getLogger(__name__)


[docs] def parse_auth_credential_to_dict(cred): """Parse credential to dict""" def validate(cred): valid_keys = ['auth_type', 'auth'] for k in valid_keys: if k not in cred: raise ValueError('Missing key in auth information, the ' 'correct format contains %s.' % valid_keys) try: _cred = json.loads(cred) except ValueError as e: LOG.error('Failed to parse credential with error: %s' % e) raise ValueError('Failed to parse credential, please check your ' 'Stack Credential format.') validate(_cred) return _cred
[docs] def validate_auth_plugin(auth_plugin, keystone_session): """Validate if this auth_plugin is valid to use.""" try: auth_plugin.get_token(keystone_session) except Exception as e: # TODO(ricolin) Add heat document link for plugin information, # once we generated one. failure_reason = ("Failed to validate auth_plugin with error %s. " "Please make sure the credential you provide is " "correct. Also make sure the it is a valid Keystone " "auth plugin type and contain in your " "environment." % e) raise exception.AuthorizationFailure(failure_reason=failure_reason)
[docs] def get_keystone_plugin_loader(auth, keystone_session): cred = parse_auth_credential_to_dict(auth) auth_plugin = ks_loading.get_plugin_loader( cred.get('auth_type')).load_from_options( **cred.get('auth')) validate_auth_plugin(auth_plugin, keystone_session) return auth_plugin