Merge "Enable keystone authentication with webhook notification"
This commit is contained in:
commit
b50673381f
|
@ -15,8 +15,11 @@
|
|||
# limitations under the License.
|
||||
import monascastatsd
|
||||
|
||||
from keystoneauth1 import exceptions as kaexception
|
||||
from keystoneauth1 import loading as kaloading
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
import six
|
||||
|
||||
from monasca_notification.common.repositories import exceptions
|
||||
from monasca_notification.notification import Notification
|
||||
|
@ -133,3 +136,33 @@ class OfflineConnection(monascastatsd.Connection):
|
|||
|
||||
def _send_to_server(self, packet):
|
||||
pass
|
||||
|
||||
|
||||
def get_keystone_session():
|
||||
|
||||
auth_details = {}
|
||||
auth_details['auth_url'] = CONF.keystone.auth_url
|
||||
auth_details['username'] = CONF.keystone.username
|
||||
auth_details['password'] = CONF.keystone.password
|
||||
auth_details['project_name'] = CONF.keystone.project_name
|
||||
auth_details['user_domain_name'] = CONF.keystone.user_domain_name
|
||||
auth_details['project_domain_name'] = CONF.keystone.project_domain_name
|
||||
loader = kaloading.get_plugin_loader('password')
|
||||
auth_plugin = loader.load_from_options(**auth_details)
|
||||
session = kaloading.session.Session().load_from_options(
|
||||
auth=auth_plugin)
|
||||
return session
|
||||
|
||||
|
||||
def get_auth_token():
|
||||
error_message = 'Keystone request failed: {}'
|
||||
try:
|
||||
session = get_keystone_session()
|
||||
auth_token = session.get_token()
|
||||
return auth_token
|
||||
except (kaexception.Unauthorized, kaexception.DiscoveryFailure) as e:
|
||||
LOG.exception(error_message.format(six.text_type(e)))
|
||||
raise
|
||||
except Exception as e:
|
||||
LOG.exception(error_message.format(six.text_type(e)))
|
||||
raise
|
||||
|
|
|
@ -22,6 +22,7 @@ from oslo_utils import importutils
|
|||
from monasca_notification.conf import cli
|
||||
from monasca_notification.conf import database
|
||||
from monasca_notification.conf import kafka
|
||||
from monasca_notification.conf import keystone
|
||||
from monasca_notification.conf import notifiers
|
||||
from monasca_notification.conf import processors
|
||||
from monasca_notification.conf import queues
|
||||
|
@ -36,6 +37,7 @@ CONF_OPTS = [
|
|||
cli,
|
||||
database,
|
||||
kafka,
|
||||
keystone,
|
||||
notifiers,
|
||||
processors,
|
||||
queues,
|
||||
|
@ -144,6 +146,7 @@ def load_from_yaml(yaml_config, conf=None):
|
|||
],
|
||||
'queues': [lambda d: _plain_override(g='queues', **d)],
|
||||
'kafka': [lambda d: _plain_override(g='kafka', **d)],
|
||||
'keystone': [lambda d: _plain_override(g='keystone', **d)],
|
||||
'zookeeper': [lambda d: _plain_override(g='zookeeper', **d)],
|
||||
'notification_types': [lambda d: _load_plugin_settings(**d)],
|
||||
'logging': [_configure_and_warn_the_logging]
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
# Copyright 2017 FUJITSU LIMITED
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
keystone_group = cfg.OptGroup('keystone',
|
||||
title='Keystone Options',
|
||||
help='Options under this group allow to configure '
|
||||
'valid connection via Keystone'
|
||||
'authentication.')
|
||||
|
||||
keystone_opts = [
|
||||
cfg.BoolOpt(name='auth_required', default='False',
|
||||
help='This option enable or disable authentication using '
|
||||
'keystone'),
|
||||
cfg.StrOpt(name='auth_url', default='http://127.0.0.1/identity/v3',
|
||||
help='URL of identity service'),
|
||||
cfg.StrOpt(name='username', default='admin',
|
||||
help='Username'),
|
||||
cfg.StrOpt(name='password', default='password',
|
||||
help='Password of identity service'),
|
||||
cfg.StrOpt(name='project_name', default='admin',
|
||||
help='Name of project'),
|
||||
cfg.StrOpt(name='user_domain_name', default='default',
|
||||
help='User domain name'),
|
||||
cfg.StrOpt(name='project_domain_name', default='default',
|
||||
help='Project domain name'),
|
||||
cfg.StrOpt(name='auth_type', default='password',
|
||||
help='Type of authentication')
|
||||
]
|
||||
|
||||
|
||||
def register_opts(conf):
|
||||
conf.register_group(keystone_group)
|
||||
conf.register_opts(keystone_opts, group=keystone_group)
|
||||
|
||||
|
||||
def list_opts():
|
||||
return {
|
||||
keystone_group: keystone_opts
|
||||
}
|
|
@ -20,6 +20,7 @@ import ujson as json
|
|||
from debtcollector import removals
|
||||
from oslo_config import cfg
|
||||
|
||||
from monasca_notification.common import utils
|
||||
from monasca_notification.plugins import abstract_notifier
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
@ -73,6 +74,13 @@ class WebhookNotifier(abstract_notifier.AbstractNotifier):
|
|||
|
||||
headers = {'content-type': 'application/json'}
|
||||
|
||||
# Checks if keystone authentication is enabled and adds authentication
|
||||
# token to the request headers
|
||||
if CONF.keystone.auth_required:
|
||||
auth_token = utils.get_auth_token()
|
||||
headers = {'content-type': 'application/json',
|
||||
'X-Auth-Token': auth_token}
|
||||
|
||||
url = notification.address
|
||||
|
||||
try:
|
||||
|
|
|
@ -126,4 +126,14 @@ logging: # Used in logging.dictConfig
|
|||
level: DEBUG
|
||||
statsd:
|
||||
host: 'localhost'
|
||||
port: 8125
|
||||
port: 8125
|
||||
|
||||
keystone:
|
||||
auth_required: False
|
||||
auth_url: 'http://127.0.0.1/identity/v3'
|
||||
username: 'admin'
|
||||
password: 'password'
|
||||
project_name: 'admin'
|
||||
user_domain_name: 'default'
|
||||
project_domain_name: 'default'
|
||||
auth_type: 'password'
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
# process, which may cause wedges in the gate later.
|
||||
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
||||
debtcollector>=1.2.0 # Apache-2.0
|
||||
keystoneauth1>=3.4.0 # Apache-2.0
|
||||
monasca-statsd>=1.4.0 # Apache-2.0
|
||||
requests>=2.14.2 # Apache-2.0
|
||||
PyYAML>=3.12 # MIT
|
||||
|
|
Loading…
Reference in New Issue