1. Advisor
  2. keystonemiddleware
  3. functions
  4. keystonemiddleware.auth_token
View all keystonemiddleware analysis

How to use the keystonemiddleware.auth_token function in keystonemiddleware

To help you get started, we’ve selected a few keystonemiddleware examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github openstack / zun / zun / api / middleware / auth_token.py View on Github external
# License for the specific language governing permissions and limitations
# under the License.

import re

from keystonemiddleware import auth_token
from oslo_log import log

from zun.common import exception
from zun.common.i18n import _
from zun.common import utils

LOG = log.getLogger(__name__)


class AuthTokenMiddleware(auth_token.AuthProtocol):
    """A wrapper on Keystone auth_token middleware.

    Does not perform verification of authentication tokens
    for public routes in the API.

    """

    def __init__(self, app, conf, public_api_routes=None):
        if public_api_routes is None:
            public_api_routes = []
        route_pattern_tpl = r'%s(\.json)?$'

        try:
            self.public_api_routes = [re.compile(route_pattern_tpl % route_tpl)
                                      for route_tpl in public_api_routes]
        except re.error as e:
github openstack / nova / nova / api / openstack / placement / auth.py View on Github external
    @webob.dec.wsgify
    def __call__(self, req):
        req_id = req.environ.get(request_id.ENV_REQUEST_ID)

        ctx = RequestContext.from_environ(
            req.environ, request_id=req_id)

        if ctx.user_id is None and req.environ['PATH_INFO'] != '/':
            LOG.debug("Neither X_USER_ID nor X_USER found in request")
            return webob.exc.HTTPUnauthorized()

        req.environ['placement.context'] = ctx
        return self.application


class PlacementAuthProtocol(auth_token.AuthProtocol):
    """A wrapper on Keystone auth_token middleware.

    Does not perform verification of authentication tokens
    for root in the API.

    """
    def __init__(self, app, conf):
        self._placement_app = app
        super(PlacementAuthProtocol, self).__init__(app, conf)

    def __call__(self, environ, start_response):
        if environ['PATH_INFO'] == '/':
            return self._placement_app(environ, start_response)

        return super(PlacementAuthProtocol, self).__call__(
            environ, start_response)
github openstack / magnum / magnum / api / middleware / auth_token.py View on Github external
# License for the specific language governing permissions and limitations
# under the License.

import re

from keystonemiddleware import auth_token
from oslo_log import log

from magnum.common import exception
from magnum.common import utils
from magnum.i18n import _

LOG = log.getLogger(__name__)


class AuthTokenMiddleware(auth_token.AuthProtocol):
    """A wrapper on Keystone auth_token middleware.

    Does not perform verification of authentication tokens
    for public routes in the API.

    """
    def __init__(self, app, conf, public_api_routes=None):
        if public_api_routes is None:
            public_api_routes = []
        route_pattern_tpl = r'%s(\.json)?$'

        try:
            self.public_api_routes = [re.compile(route_pattern_tpl % route_tpl)
                                      for route_tpl in public_api_routes]
        except re.error as e:
            msg = _('Cannot compile public API routes: %s') % e
github openstack / blazar / blazar / api / v2 / app.py View on Github external
if extra_hooks:
        app_hooks.extend(extra_hooks)

    app = pecan.make_app(
        pecan_config.app.root,
        debug=CONF.debug,
        hooks=app_hooks,
        wrap_app=middleware.ParsableErrorMiddleware,
        guess_content_type_from_ext=False
    )

    # WSGI middleware for Keystone auth
    # NOTE(sbauza): ACLs are always active unless for unittesting where
    #               enable_acl could be set to False
    if pecan_config.app.enable_acl:
        app = auth_token.AuthProtocol(app, {})

    return app
github openstack / solum / solum / api / auth.py View on Github external
return app


class AuthHelper(object):
    """Helper methods for Auth."""

    def __init__(self):
        endpoints_pattern = '|'.join(pe for pe in PUBLIC_ENDPOINTS)
        self._public_endpoints_regexp = re.compile(endpoints_pattern)

    def is_endpoint_public(self, path):
        return self._public_endpoints_regexp.match(path)


class AuthProtocolWrapper(auth_token.AuthProtocol):
    """A wrapper on Keystone auth_token AuthProtocol.

    Does not perform verification of authentication tokens for pub routes in
    the API. Public routes are those defined by PUBLIC_ENDPOINTS

    """

    def __call__(self, env, start_response):
        path = env.get('PATH_INFO')
        if AUTH.is_endpoint_public(path):
            return self._app(env, start_response)
        return super(AuthProtocolWrapper, self).__call__(env, start_response)


class ContextHook(hooks.PecanHook):
github openstack / mistral / mistral / api / access_control.py View on Github external
def setup(app):
    if cfg.CONF.pecan.auth_enable and cfg.CONF.auth_type == 'keystone':
        conf = dict(cfg.CONF.keystone_authtoken)

        # Change auth decisions of requests to the app itself.
        conf.update({'delay_auth_decision': True})

        # NOTE(rakhmerov): Policy enforcement works only if Keystone
        # authentication is enabled. No support for other authentication
        # types at this point.
        _ensure_enforcer_initialization()

        return auth_token.AuthProtocol(app, conf)
    else:
        return app
github openstack / trove / trove / common / cfg.py View on Github external
def list_opts():
    keystone_middleware_opts = auth_token.list_opts()
    keystone_loading_opts = [(
        'keystone_authtoken', loading.get_auth_plugin_conf_options('password')
    )]

    trove_opts = [
        (None, path_opts + versions_opts + common_opts),
        ('database', database_opts),
        (mysql_group, mysql_opts),
        (mariadb_group, mariadb_opts),
        (network_group, network_opts),
        (service_credentials_group, service_credentials_opts),
    ]

    return keystone_middleware_opts + keystone_loading_opts + trove_opts
github openstack / octavia / octavia / common / keystone.py View on Github external
self._session = ks_loading.load_session_from_conf_options(
                cfg.CONF, self.section, auth=self.get_auth())

        return self._session

    def get_auth(self):
        if not self._auth:
            self._auth = ks_loading.load_auth_from_conf_options(
                cfg.CONF, self.section)
        return self._auth

    def get_service_user_id(self):
        return self.get_auth().get_user_id(self.get_session())


class SkippingAuthProtocol(auth_token.AuthProtocol):
    """SkippingAuthProtocol to reach special endpoints

    Bypasses keystone authentication for special request paths, such
    as the api version discovery path.

    Note:
        SkippingAuthProtocol is lean customization
        of :py:class:`keystonemiddleware.auth_token.AuthProtocol`
        that disables keystone communication if the request path
        is in the _NOAUTH_PATHS list.

    """

    def process_request(self, request):
        path = request.path
        if path in _NOAUTH_PATHS:
github openstack / watcher / watcher / api / middleware / auth_token.py View on Github external
# limitations under the License.

import re

from oslo_log import log

from keystonemiddleware import auth_token

from watcher._i18n import _
from watcher.common import exception
from watcher.common import utils

LOG = log.getLogger(__name__)


class AuthTokenMiddleware(auth_token.AuthProtocol):
    """A wrapper on Keystone auth_token middleware.

    Does not perform verification of authentication tokens
    for public routes in the API.

    """
    def __init__(self, app, conf, public_api_routes=()):
        route_pattern_tpl = r'%s(\.json|\.xml)?$'

        try:
            self.public_api_routes = [re.compile(route_pattern_tpl % route_tpl)
                                      for route_tpl in public_api_routes]
        except re.error as e:
            LOG.exception(e)
            raise exception.ConfigInvalid(
                error_msg=_('Cannot compile public API routes'))
github openstack / cyborg / cyborg / api / middleware / auth_token.py View on Github external
#    under the License.

import re

from keystonemiddleware import auth_token
from oslo_log import log

from cyborg.common import exception
from cyborg.common.i18n import _
from cyborg.common import utils


LOG = log.getLogger(__name__)


class AuthTokenMiddleware(auth_token.AuthProtocol):
    """A wrapper on Keystone auth_token middleware.

    Does not perform verification of authentication tokens
    for public routes in the API.

    """
    def __init__(self, app, conf, public_api_routes=None):
        public_api_routes = public_api_routes or []
        self.app = app
        route_pattern_tpl = r'%s(\.json)?$'

        try:
            self.public_api_routes = [re.compile(route_pattern_tpl % route_tpl)
                                      for route_tpl in public_api_routes]
        except re.error as e:
            msg = _('Cannot compile public API routes: %s') % e

keystonemiddleware

Middleware for OpenStack Identity

GitHub
Apache-2.0
Latest version published 2 months ago

Package Health Score

85 / 100
Full package analysis

Popular keystonemiddleware functions

Similar packages