summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorakhil <akhil.jain@india.nec.com>2018-07-20 15:42:25 +0530
committerakhil <akhil.jain@india.nec.com>2018-08-07 22:22:15 +0530
commitabb315961ed185be581f3f2059d2b2f4b182a371 (patch)
tree69f5004fe81f061e82a742aef40449f4bd2fcb62
parent20d655774440595d06675fc1ccff34b3f3a4321c (diff)
Enable keystone authentication with webhook notification
This commit adds functionality of sending webhook notifications to various projects that require keystone authentications. For which user need to set auth credentials in conf under keystone header. By default it is disabled, which can be enabled in conf. Change-Id: I3e773af8c3ebe0cf1d57e8fa1351b1e725a9cfa0 Partially-Implements: blueprint add-monasca-push-driver Story: 2003105 Task: 23220
Notes
Notes (review): Code-Review+2: Witold Bedyk <witold.bedyk@est.fujitsu.com> Workflow+1: Witold Bedyk <witold.bedyk@est.fujitsu.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 09 Aug 2018 08:55:31 +0000 Reviewed-on: https://review.openstack.org/584303 Project: openstack/monasca-notification Branch: refs/heads/master
-rw-r--r--monasca_notification/common/utils.py33
-rw-r--r--monasca_notification/conf/__init__.py3
-rw-r--r--monasca_notification/conf/keystone.py52
-rw-r--r--monasca_notification/plugins/webhook_notifier.py8
-rw-r--r--notification.yaml12
-rw-r--r--requirements.txt1
6 files changed, 108 insertions, 1 deletions
diff --git a/monasca_notification/common/utils.py b/monasca_notification/common/utils.py
index cf84203..67c9b61 100644
--- a/monasca_notification/common/utils.py
+++ b/monasca_notification/common/utils.py
@@ -15,8 +15,11 @@
15# limitations under the License. 15# limitations under the License.
16import monascastatsd 16import monascastatsd
17 17
18from keystoneauth1 import exceptions as kaexception
19from keystoneauth1 import loading as kaloading
18from oslo_config import cfg 20from oslo_config import cfg
19from oslo_log import log 21from oslo_log import log
22import six
20 23
21from monasca_notification.common.repositories import exceptions 24from monasca_notification.common.repositories import exceptions
22from monasca_notification.notification import Notification 25from monasca_notification.notification import Notification
@@ -133,3 +136,33 @@ class OfflineConnection(monascastatsd.Connection):
133 136
134 def _send_to_server(self, packet): 137 def _send_to_server(self, packet):
135 pass 138 pass
139
140
141def get_keystone_session():
142
143 auth_details = {}
144 auth_details['auth_url'] = CONF.keystone.auth_url
145 auth_details['username'] = CONF.keystone.username
146 auth_details['password'] = CONF.keystone.password
147 auth_details['project_name'] = CONF.keystone.project_name
148 auth_details['user_domain_name'] = CONF.keystone.user_domain_name
149 auth_details['project_domain_name'] = CONF.keystone.project_domain_name
150 loader = kaloading.get_plugin_loader('password')
151 auth_plugin = loader.load_from_options(**auth_details)
152 session = kaloading.session.Session().load_from_options(
153 auth=auth_plugin)
154 return session
155
156
157def get_auth_token():
158 error_message = 'Keystone request failed: {}'
159 try:
160 session = get_keystone_session()
161 auth_token = session.get_token()
162 return auth_token
163 except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
164 LOG.exception(error_message.format(six.text_type(e)))
165 raise
166 except Exception as e:
167 LOG.exception(error_message.format(six.text_type(e)))
168 raise
diff --git a/monasca_notification/conf/__init__.py b/monasca_notification/conf/__init__.py
index b20e5b2..9dc80aa 100644
--- a/monasca_notification/conf/__init__.py
+++ b/monasca_notification/conf/__init__.py
@@ -22,6 +22,7 @@ from oslo_utils import importutils
22from monasca_notification.conf import cli 22from monasca_notification.conf import cli
23from monasca_notification.conf import database 23from monasca_notification.conf import database
24from monasca_notification.conf import kafka 24from monasca_notification.conf import kafka
25from monasca_notification.conf import keystone
25from monasca_notification.conf import notifiers 26from monasca_notification.conf import notifiers
26from monasca_notification.conf import processors 27from monasca_notification.conf import processors
27from monasca_notification.conf import queues 28from monasca_notification.conf import queues
@@ -36,6 +37,7 @@ CONF_OPTS = [
36 cli, 37 cli,
37 database, 38 database,
38 kafka, 39 kafka,
40 keystone,
39 notifiers, 41 notifiers,
40 processors, 42 processors,
41 queues, 43 queues,
@@ -144,6 +146,7 @@ def load_from_yaml(yaml_config, conf=None):
144 ], 146 ],
145 'queues': [lambda d: _plain_override(g='queues', **d)], 147 'queues': [lambda d: _plain_override(g='queues', **d)],
146 'kafka': [lambda d: _plain_override(g='kafka', **d)], 148 'kafka': [lambda d: _plain_override(g='kafka', **d)],
149 'keystone': [lambda d: _plain_override(g='keystone', **d)],
147 'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)], 150 'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
148 'notification_types': [lambda d: _load_plugin_settings(**d)], 151 'notification_types': [lambda d: _load_plugin_settings(**d)],
149 'logging': [_configure_and_warn_the_logging] 152 'logging': [_configure_and_warn_the_logging]
diff --git a/monasca_notification/conf/keystone.py b/monasca_notification/conf/keystone.py
new file mode 100644
index 0000000..b05fe5d
--- /dev/null
+++ b/monasca_notification/conf/keystone.py
@@ -0,0 +1,52 @@
1# Copyright 2017 FUJITSU LIMITED
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15from oslo_config import cfg
16
17keystone_group = cfg.OptGroup('keystone',
18 title='Keystone Options',
19 help='Options under this group allow to configure '
20 'valid connection via Keystone'
21 'authentication.')
22
23keystone_opts = [
24 cfg.BoolOpt(name='auth_required', default='False',
25 help='This option enable or disable authentication using '
26 'keystone'),
27 cfg.StrOpt(name='auth_url', default='http://127.0.0.1/identity/v3',
28 help='URL of identity service'),
29 cfg.StrOpt(name='username', default='admin',
30 help='Username'),
31 cfg.StrOpt(name='password', default='password',
32 help='Password of identity service'),
33 cfg.StrOpt(name='project_name', default='admin',
34 help='Name of project'),
35 cfg.StrOpt(name='user_domain_name', default='default',
36 help='User domain name'),
37 cfg.StrOpt(name='project_domain_name', default='default',
38 help='Project domain name'),
39 cfg.StrOpt(name='auth_type', default='password',
40 help='Type of authentication')
41]
42
43
44def register_opts(conf):
45 conf.register_group(keystone_group)
46 conf.register_opts(keystone_opts, group=keystone_group)
47
48
49def list_opts():
50 return {
51 keystone_group: keystone_opts
52 }
diff --git a/monasca_notification/plugins/webhook_notifier.py b/monasca_notification/plugins/webhook_notifier.py
index ac21040..7f22619 100644
--- a/monasca_notification/plugins/webhook_notifier.py
+++ b/monasca_notification/plugins/webhook_notifier.py
@@ -20,6 +20,7 @@ import ujson as json
20from debtcollector import removals 20from debtcollector import removals
21from oslo_config import cfg 21from oslo_config import cfg
22 22
23from monasca_notification.common import utils
23from monasca_notification.plugins import abstract_notifier 24from monasca_notification.plugins import abstract_notifier
24 25
25CONF = cfg.CONF 26CONF = cfg.CONF
@@ -73,6 +74,13 @@ class WebhookNotifier(abstract_notifier.AbstractNotifier):
73 74
74 headers = {'content-type': 'application/json'} 75 headers = {'content-type': 'application/json'}
75 76
77 # Checks if keystone authentication is enabled and adds authentication
78 # token to the request headers
79 if CONF.keystone.auth_required:
80 auth_token = utils.get_auth_token()
81 headers = {'content-type': 'application/json',
82 'X-Auth-Token': auth_token}
83
76 url = notification.address 84 url = notification.address
77 85
78 try: 86 try:
diff --git a/notification.yaml b/notification.yaml
index 10c6a6a..841fb5c 100644
--- a/notification.yaml
+++ b/notification.yaml
@@ -126,4 +126,14 @@ logging: # Used in logging.dictConfig
126 level: DEBUG 126 level: DEBUG
127statsd: 127statsd:
128 host: 'localhost' 128 host: 'localhost'
129 port: 8125 \ No newline at end of file 129 port: 8125
130
131keystone:
132 auth_required: False
133 auth_url: 'http://127.0.0.1/identity/v3'
134 username: 'admin'
135 password: 'password'
136 project_name: 'admin'
137 user_domain_name: 'default'
138 project_domain_name: 'default'
139 auth_type: 'password'
diff --git a/requirements.txt b/requirements.txt
index 0fc38a7..30904c4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,6 +3,7 @@
3# process, which may cause wedges in the gate later. 3# process, which may cause wedges in the gate later.
4pbr!=2.1.0,>=2.0.0 # Apache-2.0 4pbr!=2.1.0,>=2.0.0 # Apache-2.0
5debtcollector>=1.2.0 # Apache-2.0 5debtcollector>=1.2.0 # Apache-2.0
6keystoneauth1>=3.4.0 # Apache-2.0
6monasca-statsd>=1.4.0 # Apache-2.0 7monasca-statsd>=1.4.0 # Apache-2.0
7requests>=2.14.2 # Apache-2.0 8requests>=2.14.2 # Apache-2.0
8PyYAML>=3.12 # MIT 9PyYAML>=3.12 # MIT