From: Steve Baker Date: Tue, 6 Nov 2012 23:59:56 +0000 (+1300) Subject: Replace KeyStoneCreds params with X-Auth headers. X-Git-Tag: 2014.1~1235 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=7381f16c2ba558dcf8295fb4152f262d548babe4;p=openstack-build%2Fheat-build.git Replace KeyStoneCreds params with X-Auth headers. Username/password are now in X-Auth-User, X-Auth-Key --- diff --git a/heat/api/aws/ec2token.py b/heat/api/aws/ec2token.py index 4c4c0bff..bab3fb06 100644 --- a/heat/api/aws/ec2token.py +++ b/heat/api/aws/ec2token.py @@ -44,7 +44,7 @@ class EC2Token(wsgi.Middleware): @webob.dec.wsgify(RequestClass=wsgi.Request) def __call__(self, req): # Read request signature and access id. - # If we find KeyStoneCreds in the params we ignore a key error + # If we find X-Auth-User in the headers we ignore a key error # here so that we can use both authentication methods. # Returning here just means the user didn't supply AWS # authentication and we'll let the app try native keystone next. @@ -53,7 +53,7 @@ class EC2Token(wsgi.Middleware): signature = req.params['Signature'] except KeyError: logger.info("No AWS Signature found.") - if 'KeyStoneCreds' in req.params: + if 'X-Auth-User' in req.headers: return self.application else: raise exception.HeatIncompleteSignatureError() @@ -62,7 +62,7 @@ class EC2Token(wsgi.Middleware): access = req.params['AWSAccessKeyId'] except KeyError: logger.info("No AWSAccessKeyId found.") - if 'KeyStoneCreds' in req.params: + if 'X-Auth-User' in req.headers: return self.application else: raise exception.HeatMissingAuthenticationTokenError() diff --git a/heat/client.py b/heat/client.py index e16a71bf..ea25cdf1 100644 --- a/heat/client.py +++ b/heat/client.py @@ -39,14 +39,15 @@ class V1Client(base_client.BaseClient): params['Version'] = '2010-05-15' params['SignatureVersion'] = '2' params['SignatureMethod'] = 'HmacSHA256' - params['KeyStoneCreds'] = json.dumps(self.creds) def stack_request(self, action, method, **kwargs): params = self._extract_params(kwargs, SUPPORTED_PARAMS) self._insert_common_parameters(params) params['Action'] = action + headers = {'X-Auth-User': self.creds['username'], + 'X-Auth-Key': self.creds['password']} - res = self.do_request(method, "/", params=params) + res = self.do_request(method, "/", params=params, headers=headers) doc = etree.fromstring(res.read()) return etree.tostring(doc, pretty_print=True) diff --git a/heat/cloudformation.py b/heat/cloudformation.py index 648770d6..fd0dbfcb 100644 --- a/heat/cloudformation.py +++ b/heat/cloudformation.py @@ -16,6 +16,6 @@ SUPPORTED_PARAMS = ('StackName', 'TemplateBody', 'TemplateUrl', 'NotificationARNs', 'Parameters', 'Version', 'SignatureVersion', 'Timestamp', 'AWSAccessKeyId', - 'Signature', 'KeyStoneCreds', 'TimeoutInMinutes', + 'Signature', 'TimeoutInMinutes', 'LogicalResourceId', 'PhysicalResourceId', 'NextToken', ) diff --git a/heat/common/context.py b/heat/common/context.py index efe46f1a..ac0ff67d 100644 --- a/heat/common/context.py +++ b/heat/common/context.py @@ -166,14 +166,12 @@ class ContextMiddleware(wsgi.Middleware): aws_creds = None aws_auth_uri = None - if headers.get('X-Auth-EC2-Creds') is not None: + if headers.get('X-Auth-User') is not None: + username = headers.get('X-Auth-User') + password = headers.get('X-Auth-Key') + elif headers.get('X-Auth-EC2-Creds') is not None: aws_creds = headers.get('X-Auth-EC2-Creds') aws_auth_uri = headers.get('X-Auth-EC2-Url') - else: - if 'KeyStoneCreds' in req.params: - creds = json.loads(req.params['KeyStoneCreds']) - username = creds['username'] - password = creds['password'] token = headers.get('X-Auth-Token') service_user = headers.get('X-Admin-User')