Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge "Enhance security of discovery server"
- Loading branch information
Showing
9 changed files
with
363 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# | ||
# Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. | ||
# | ||
# | ||
# authentication/authorization functionality for discovery server | ||
# | ||
|
||
try: | ||
from keystoneclient.middleware import auth_token | ||
except ImportError: | ||
from keystonemiddleware import auth_token | ||
except Exception: | ||
pass | ||
|
||
class AuthServiceKeystone(object): | ||
|
||
def __init__(self, conf): | ||
self._conf_info = conf | ||
# end __init__ | ||
|
||
# gets called from keystone middleware after token check | ||
def token_valid(self, env, start_response): | ||
status = env.get('HTTP_X_IDENTITY_STATUS') | ||
return True if status != 'Invalid' else False | ||
|
||
def validate_user_token(self, request): | ||
# following config forces keystone middleware to always return the result | ||
# back in HTTP_X_IDENTITY_STATUS env variable | ||
conf_info = self._conf_info.copy() | ||
conf_info['delay_auth_decision'] = True | ||
|
||
auth_middleware = auth_token.AuthProtocol(self.token_valid, conf_info) | ||
return auth_middleware(request.headers.environ, None) | ||
|
||
def is_admin(self, request): | ||
if not self.validate_user_token(request): | ||
return False | ||
roles = request.headers.environ.get('HTTP_X_ROLE', '').split(",") | ||
return 'admin' in [x.lower() for x in roles] | ||
# end class AuthServiceKeystone |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,3 +15,4 @@ vnc_api | |
discoveryclient | ||
sandesh | ||
sandesh-common | ||
keystonemiddleware |
Oops, something went wrong.