summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-08-09 08:55:31 +0000
committerGerrit Code Review <review@openstack.org>2018-08-09 08:55:31 +0000
commitb50673381f421522757362ee6cec8a99967aef78 (patch)
tree29a04d5d0acfb187fe9869a4680b16ce6c7a7599
parent95037e92d67aa82e1622b75372092a15b6905664 (diff)
parentabb315961ed185be581f3f2059d2b2f4b182a371 (diff)
Merge "Enable keystone authentication with webhook notification"1.14.0
-rw-r--r--monasca_notification/common/utils.py33
-rw-r--r--monasca_notification/conf/__init__.py3
-rw-r--r--monasca_notification/conf/keystone.py52
-rw-r--r--monasca_notification/plugins/webhook_notifier.py8
-rw-r--r--notification.yaml12
-rw-r--r--requirements.txt1
6 files changed, 108 insertions, 1 deletions
diff --git a/monasca_notification/common/utils.py b/monasca_notification/common/utils.py
index cf84203..67c9b61 100644
--- a/monasca_notification/common/utils.py
+++ b/monasca_notification/common/utils.py
@@ -15,8 +15,11 @@
15# limitations under the License. 15# limitations under the License.
16import monascastatsd 16import monascastatsd
17 17
18from keystoneauth1 import exceptions as kaexception
19from keystoneauth1 import loading as kaloading
18from oslo_config import cfg 20from oslo_config import cfg
19from oslo_log import log 21from oslo_log import log
22import six
20 23
21from monasca_notification.common.repositories import exceptions 24from monasca_notification.common.repositories import exceptions
22from monasca_notification.notification import Notification 25from monasca_notification.notification import Notification
@@ -133,3 +136,33 @@ class OfflineConnection(monascastatsd.Connection):
133 136
134 def _send_to_server(self, packet): 137 def _send_to_server(self, packet):
135 pass 138 pass
139
140
141def get_keystone_session():
142
143 auth_details = {}
144 auth_details['auth_url'] = CONF.keystone.auth_url
145 auth_details['username'] = CONF.keystone.username
146 auth_details['password'] = CONF.keystone.password
147 auth_details['project_name'] = CONF.keystone.project_name
148 auth_details['user_domain_name'] = CONF.keystone.user_domain_name
149 auth_details['project_domain_name'] = CONF.keystone.project_domain_name
150 loader = kaloading.get_plugin_loader('password')
151 auth_plugin = loader.load_from_options(**auth_details)
152 session = kaloading.session.Session().load_from_options(
153 auth=auth_plugin)
154 return session
155
156
157def get_auth_token():
158 error_message = 'Keystone request failed: {}'
159 try:
160 session = get_keystone_session()
161 auth_token = session.get_token()
162 return auth_token
163 except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
164 LOG.exception(error_message.format(six.text_type(e)))
165 raise
166 except Exception as e:
167 LOG.exception(error_message.format(six.text_type(e)))
168 raise
diff --git a/monasca_notification/conf/__init__.py b/monasca_notification/conf/__init__.py
index b20e5b2..9dc80aa 100644
--- a/monasca_notification/conf/__init__.py
+++ b/monasca_notification/conf/__init__.py
@@ -22,6 +22,7 @@ from oslo_utils import importutils
22from monasca_notification.conf import cli 22from monasca_notification.conf import cli
23from monasca_notification.conf import database 23from monasca_notification.conf import database
24from monasca_notification.conf import kafka 24from monasca_notification.conf import kafka
25from monasca_notification.conf import keystone
25from monasca_notification.conf import notifiers 26from monasca_notification.conf import notifiers
26from monasca_notification.conf import processors 27from monasca_notification.conf import processors
27from monasca_notification.conf import queues 28from monasca_notification.conf import queues
@@ -36,6 +37,7 @@ CONF_OPTS = [
36 cli, 37 cli,
37 database, 38 database,
38 kafka, 39 kafka,
40 keystone,
39 notifiers, 41 notifiers,
40 processors, 42 processors,
41 queues, 43 queues,
@@ -144,6 +146,7 @@ def load_from_yaml(yaml_config, conf=None):
144 ], 146 ],
145 'queues': [lambda d: _plain_override(g='queues', **d)], 147 'queues': [lambda d: _plain_override(g='queues', **d)],
146 'kafka': [lambda d: _plain_override(g='kafka', **d)], 148 'kafka': [lambda d: _plain_override(g='kafka', **d)],
149 'keystone': [lambda d: _plain_override(g='keystone', **d)],
147 'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)], 150 'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
148 'notification_types': [lambda d: _load_plugin_settings(**d)], 151 'notification_types': [lambda d: _load_plugin_settings(**d)],
149 'logging': [_configure_and_warn_the_logging] 152 'logging': [_configure_and_warn_the_logging]
diff --git a/monasca_notification/conf/keystone.py b/monasca_notification/conf/keystone.py
new file mode 100644
index 0000000..b05fe5d
--- /dev/null
+++ b/monasca_notification/conf/keystone.py
@@ -0,0 +1,52 @@
1# Copyright 2017 FUJITSU LIMITED
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15from oslo_config import cfg
16
17keystone_group = cfg.OptGroup('keystone',
18 title='Keystone Options',
19 help='Options under this group allow to configure '
20 'valid connection via Keystone'
21 'authentication.')
22
23keystone_opts = [
24 cfg.BoolOpt(name='auth_required', default='False',
25 help='This option enable or disable authentication using '
26 'keystone'),
27 cfg.StrOpt(name='auth_url', default='http://127.0.0.1/identity/v3',
28 help='URL of identity service'),
29 cfg.StrOpt(name='username', default='admin',
30 help='Username'),
31 cfg.StrOpt(name='password', default='password',
32 help='Password of identity service'),
33 cfg.StrOpt(name='project_name', default='admin',
34 help='Name of project'),
35 cfg.StrOpt(name='user_domain_name', default='default',
36 help='User domain name'),
37 cfg.StrOpt(name='project_domain_name', default='default',
38 help='Project domain name'),
39 cfg.StrOpt(name='auth_type', default='password',
40 help='Type of authentication')
41]
42
43
44def register_opts(conf):
45 conf.register_group(keystone_group)
46 conf.register_opts(keystone_opts, group=keystone_group)
47
48
49def list_opts():
50 return {
51 keystone_group: keystone_opts
52 }
diff --git a/monasca_notification/plugins/webhook_notifier.py b/monasca_notification/plugins/webhook_notifier.py
index ac21040..7f22619 100644
--- a/monasca_notification/plugins/webhook_notifier.py
+++ b/monasca_notification/plugins/webhook_notifier.py
@@ -20,6 +20,7 @@ import ujson as json
20from debtcollector import removals 20from debtcollector import removals
21from oslo_config import cfg 21from oslo_config import cfg
22 22
23from monasca_notification.common import utils
23from monasca_notification.plugins import abstract_notifier 24from monasca_notification.plugins import abstract_notifier
24 25
25CONF = cfg.CONF 26CONF = cfg.CONF
@@ -73,6 +74,13 @@ class WebhookNotifier(abstract_notifier.AbstractNotifier):
73 74
74 headers = {'content-type': 'application/json'} 75 headers = {'content-type': 'application/json'}
75 76
77 # Checks if keystone authentication is enabled and adds authentication
78 # token to the request headers
79 if CONF.keystone.auth_required:
80 auth_token = utils.get_auth_token()
81 headers = {'content-type': 'application/json',
82 'X-Auth-Token': auth_token}
83
76 url = notification.address 84 url = notification.address
77 85
78 try: 86 try:
diff --git a/notification.yaml b/notification.yaml
index 10c6a6a..841fb5c 100644
--- a/notification.yaml
+++ b/notification.yaml
@@ -126,4 +126,14 @@ logging: # Used in logging.dictConfig
126 level: DEBUG 126 level: DEBUG
127statsd: 127statsd:
128 host: 'localhost' 128 host: 'localhost'
129 port: 8125 \ No newline at end of file 129 port: 8125
130
131keystone:
132 auth_required: False
133 auth_url: 'http://127.0.0.1/identity/v3'
134 username: 'admin'
135 password: 'password'
136 project_name: 'admin'
137 user_domain_name: 'default'
138 project_domain_name: 'default'
139 auth_type: 'password'
diff --git a/requirements.txt b/requirements.txt
index 0fc38a7..30904c4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,6 +3,7 @@
3# process, which may cause wedges in the gate later. 3# process, which may cause wedges in the gate later.
4pbr!=2.1.0,>=2.0.0 # Apache-2.0 4pbr!=2.1.0,>=2.0.0 # Apache-2.0
5debtcollector>=1.2.0 # Apache-2.0 5debtcollector>=1.2.0 # Apache-2.0
6keystoneauth1>=3.4.0 # Apache-2.0
6monasca-statsd>=1.4.0 # Apache-2.0 7monasca-statsd>=1.4.0 # Apache-2.0
7requests>=2.14.2 # Apache-2.0 8requests>=2.14.2 # Apache-2.0
8PyYAML>=3.12 # MIT 9PyYAML>=3.12 # MIT